[SOLVED] Windows Update - 13978 - For BrianDrab
- Thread starter xYagneshx
- Start date
BrianDrab
Emeritus
I'm reviewing now. Thank you.
BrianDrab
Emeritus
- General Instructions -
- Save ALL Tools to your Desktop-
All tools that I have you download should be placed on the desktop unless otherwise stated.
- Finally Before We Start-
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
OK, let's get started.
Step#1 - Warnings
The Dangers of P2P Programs
IMPORTANT: I noticed that you have a P2P (Peer to Peer) file sharing program on your computer. I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more than likely infected with trojans, malware, rootkits, etc.
You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.
Here are some information sources about the dangers of P2P programs:
FBI - Peer to Peer Scams
USA Today Artticle on P2P Programs
File Sharing Infects 500,000 Computers
I very much recommend you uninstall this program from your machine. If not, you will likely be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.
It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.
Please uninstall (or at the very least don't use while we fix your machine) the following Peer-to-Peer program(s): uTorrent
CCleaner
I see that you have CCleaner installed. This is indeed a good product but I wanted to caution you on running the registry cleaning functionality of the tool. Please avoid this as it can do more harm than good. Following are a couple informative links on why not to use them.
Answers to common security questions - Best Practices - Anti-Virus and Anti-Malware Software
miekiemoes' Blog: Registry Cleaners and System Tweaking Tools
Step#2 - Uninstalls
Please uninstall the following programs one at a time. Instructions for doing so are here.
If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. All of these programs are either outdated, malware/adware, have a bad reputation or are not recommended. If you absolutely must have one of them I suggest that you wait until you are declared clean before reinstalling.
Driver Booster 2.3 <---- (Optional however the vendor is untrustworthy and deemed a rogue within the Anti-Malware community as a whole.
Kaspersky Internet Security - Since we are having issues with this and BSOD please uninstall.
Speccy - It's a good program but currently causing issues. I would uninstall until we fix all issues. If you want to re-install after that, it's fine.
Step#3 - Install MSE
After you have uninstalled Kaspersky Internet Security, it's important that we also run the manual removal tool to ensure all remnants are gone. Otherwise we may still get the BSOD issues.
1. Download the tool from here and save to your desktop.
2. Go ahead and run the tool to ensure everything is removed.
3. Once this is done, please install Microsoft Security Essentials from here. We don't want to leave the machine unprotected.
Step#4 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
Step#5 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.
Step#6 - Fresh Set of Logs
1. Right click on FRST.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
Items for your next post
1. FRST Fix Log
2. AdwCleaner Log
3. Fresh FRST and Addition logs
- Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
- I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
- Any fixes provided by myself are for this log file only and should not be used on any other systems.
- Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
- It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
- You have 4 days to reply to each post or the topic will be closed.
- Please feel free to ask any questions, especially if you are having problems with my instructions.
- Save ALL Tools to your Desktop-
All tools that I have you download should be placed on the desktop unless otherwise stated.
- Finally Before We Start-
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
OK, let's get started.
Step#1 - Warnings
The Dangers of P2P Programs
IMPORTANT: I noticed that you have a P2P (Peer to Peer) file sharing program on your computer. I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more than likely infected with trojans, malware, rootkits, etc.
You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.
Here are some information sources about the dangers of P2P programs:
FBI - Peer to Peer Scams
USA Today Artticle on P2P Programs
File Sharing Infects 500,000 Computers
I very much recommend you uninstall this program from your machine. If not, you will likely be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.
It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.
Please uninstall (or at the very least don't use while we fix your machine) the following Peer-to-Peer program(s): uTorrent
CCleaner
I see that you have CCleaner installed. This is indeed a good product but I wanted to caution you on running the registry cleaning functionality of the tool. Please avoid this as it can do more harm than good. Following are a couple informative links on why not to use them.
Answers to common security questions - Best Practices - Anti-Virus and Anti-Malware Software
miekiemoes' Blog: Registry Cleaners and System Tweaking Tools
Step#2 - Uninstalls
Please uninstall the following programs one at a time. Instructions for doing so are here.
If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. All of these programs are either outdated, malware/adware, have a bad reputation or are not recommended. If you absolutely must have one of them I suggest that you wait until you are declared clean before reinstalling.
Driver Booster 2.3 <---- (Optional however the vendor is untrustworthy and deemed a rogue within the Anti-Malware community as a whole.
Kaspersky Internet Security - Since we are having issues with this and BSOD please uninstall.
Speccy - It's a good program but currently causing issues. I would uninstall until we fix all issues. If you want to re-install after that, it's fine.
Step#3 - Install MSE
After you have uninstalled Kaspersky Internet Security, it's important that we also run the manual removal tool to ensure all remnants are gone. Otherwise we may still get the BSOD issues.
1. Download the tool from here and save to your desktop.
2. Go ahead and run the tool to ensure everything is removed.
3. Once this is done, please install Microsoft Security Essentials from here. We don't want to leave the machine unprotected.
Step#4 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
Step#5 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.
Step#6 - Fresh Set of Logs
1. Right click on FRST.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
Items for your next post
1. FRST Fix Log
2. AdwCleaner Log
3. Fresh FRST and Addition logs
thanks for helping me so far before i try your instruction i want to make sure i get backup of virus logs
so here what i do so far
i tried to do normal boot
malwarebytes working it gives me log that can help what PUP programs it removed
View attachment Malwarebytes PUP log.txt
Kaspersky fail to start it service i tried to maul start it even regedit to create that key but all fail tried to search on their forums REINSTALL IS ONLY SOLUTION
so i used there getsysinfo by kaspersky to collect logs you can see that log online here HOPE IT HELPS
http://www.getsysteminfo.com/read.php?file=f85e49cec830c62f3b4ab44bb4f0d8c5&key=ABM2odQk
View attachment GetSystemInfo_DEVDATT-PC_Devdatt_2015_05_04_14_17_39.zip
Owner used that PUP Softwares with Revo uninstall so i got some usefull info from that folder too attached SS of PUP Softwares
Also here one tutorial that i found surfing arround maybe can apply as we able to install update ones
Windows Update - Fix a Repeatedly Offered Update - Windows 7 Help Forums
SO NOW
I WILL UNINSTALL WHAT YOU TELL AND WILL TRY FRT
and yes there is some problem in Specy's latest build i try to run in it two pcs and only run after then not run
not sure which uninstaller should i use so i think i will use REvo
WILL UPDATE HOW IT GOES SRY FOR LATE RESPONSE
so here what i do so far
i tried to do normal boot
malwarebytes working it gives me log that can help what PUP programs it removed
View attachment Malwarebytes PUP log.txt
Kaspersky fail to start it service i tried to maul start it even regedit to create that key but all fail tried to search on their forums REINSTALL IS ONLY SOLUTION
so i used there getsysinfo by kaspersky to collect logs you can see that log online here HOPE IT HELPS
http://www.getsysteminfo.com/read.php?file=f85e49cec830c62f3b4ab44bb4f0d8c5&key=ABM2odQk
View attachment GetSystemInfo_DEVDATT-PC_Devdatt_2015_05_04_14_17_39.zip
Owner used that PUP Softwares with Revo uninstall so i got some usefull info from that folder too attached SS of PUP Softwares
Also here one tutorial that i found surfing arround maybe can apply as we able to install update ones
Windows Update - Fix a Repeatedly Offered Update - Windows 7 Help Forums
SO NOW
I WILL UNINSTALL WHAT YOU TELL AND WILL TRY FRT
and yes there is some problem in Specy's latest build i try to run in it two pcs and only run after then not run
not sure which uninstaller should i use so i think i will use REvo
WILL UPDATE HOW IT GOES SRY FOR LATE RESPONSE
BrianDrab
Emeritus
Thanks for the information. Let me know how it goes. We still need to uninstall Kaspersky. Not sure if you were trying to avoid this or not.
I already uninstalled all softs you told+ malwarebytes
But currently Ms Av giving fail to update database tried to times to update it
Even real time protection is off
Just restarted pc trying again
after tried 4 times MSE did updated and i did quick scan no virus found
i just tried FRT with fix script it removed virus entries but
YOU NEVER TOLD ME THAT IT WILL DELETE MY BROWSING HISTORY
NVM now trying step 5
i already uninstalled chrome with revo will install it after end of this
i just tried FRT with fix script it removed virus entries but
YOU NEVER TOLD ME THAT IT WILL DELETE MY BROWSING HISTORY
NVM now trying step 5
i already uninstalled chrome with revo will install it after end of this
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-05-2015
Ran by Devdatt at 2015-05-04 20:46:27 Run:4
Running from C:\Users\Devdatt\Desktop
Loaded Profiles: Devdatt (Available profiles: Devdatt)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
CreateRestorePoint:
Task: {4DA4741D-325B-4DD8-8348-997C216C7C24} - \Binkiland tori No Task File <==== ATTENTION
Task: {944E2DF7-BFA8-4BB5-80CF-27B255FE2200} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe <==== ATTENTION
cmd: winmgmt /verifyrepository
file: C:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL
file: C:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF
file: C:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL
file: C:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF
CHR StartupUrls: Default -> "hxxp://binkiland.com/?f=7&a=bnk_md_15_06&cd=2XzuyEtN2Y1L1Qzu0D0EzzyD0D0EtCyDyD0EzzyB0DtD0BtDtN0D0Tzu0StCtCtAtDtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtDyCtB0DyCzyyEtG0DtByB0DtGzz0CyD0BtGtAtB0CyDtGtDtAtB0BtDyByE0B0A0B0E0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0A0D0BtDyC0EyEtGzzzyyEyCtGyE0CyDzytGzy0C0AtDtGtByC0CyC0AyBtByCtAtCtBtC2Q&cr=1314527656&ir="
cmd: C:\Windows\System32\WBEM\mofcomp C:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL
cmd: C:\Windows\System32\WBEM\mofcomp C:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF
cmd: C:\Windows\System32\WBEM\mofcomp C:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL
cmd: C:\Windows\System32\WBEM\mofcomp C:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF
Cmd: wevtutil cl application
Cmd: wevtutil cl system
Cmd: wevtutil cl security
EmptyTemp:
*****************
Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4DA4741D-325B-4DD8-8348-997C216C7C24}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DA4741D-325B-4DD8-8348-997C216C7C24}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Binkiland tori" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{944E2DF7-BFA8-4BB5-80CF-27B255FE2200}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{944E2DF7-BFA8-4BB5-80CF-27B255FE2200}" => Key deleted successfully.
C:\Windows\System32\Tasks\Reimage Reminder => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Reimage Reminder" => Key deleted successfully.
========= winmgmt /verifyrepository =========
WMI repository is consistent
========= End of CMD: =========
========================= file: C:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL ========================
"C:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL" not found.
====== End Of File: ======
========================= file: C:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF ========================
"C:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF" not found.
====== End Of File: ======
========================= file: C:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL ========================
"C:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL" not found.
====== End Of File: ======
========================= file: C:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF ========================
"C:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF" not found.
====== End Of File: ======
Chrome StartupUrls deleted successfully.
========= C:\Windows\System32\WBEM\mofcomp C:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL =========
Microsoft (R) MOF Compiler Version 6.2.9200.16398
Copyright (c) Microsoft Corp. 1997-2006. All rights reserved.
File 'C:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL' not found!
========= End of CMD: =========
========= C:\Windows\System32\WBEM\mofcomp C:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF =========
Microsoft (R) MOF Compiler Version 6.2.9200.16398
Copyright (c) Microsoft Corp. 1997-2006. All rights reserved.
File 'C:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF' not found!
========= End of CMD: =========
========= C:\Windows\System32\WBEM\mofcomp C:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL =========
Microsoft (R) MOF Compiler Version 6.2.9200.16398
Copyright (c) Microsoft Corp. 1997-2006. All rights reserved.
File 'C:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL' not found!
========= End of CMD: =========
========= C:\Windows\System32\WBEM\mofcomp C:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF =========
Microsoft (R) MOF Compiler Version 6.2.9200.16398
Copyright (c) Microsoft Corp. 1997-2006. All rights reserved.
File 'C:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF' not found!
========= End of CMD: =========
========= wevtutil cl application =========
========= End of CMD: =========
========= wevtutil cl system =========
========= End of CMD: =========
========= wevtutil cl security =========
========= End of CMD: =========
EmptyTemp: => Removed 2.7 GB temporary data.
The system needed a reboot.
==== End of Fixlog 20:49:06 ====Attachments
BrianDrab
Emeritus
YOU NEVER TOLD ME THAT IT WILL DELETE MY BROWSING HISTORY
NVM now trying step 5
i already uninstalled chrome with revo will install it after end of this
You are correct and I apologize. I've done this over 100 times and never had an issue but I see it can be important to some so I'll adjust my information accordingly going forward. We can take a look to see if there is a backup but before we do can you tell me why you uninstalled Chrome and then re-installed it?
YOU NEVER TOLD ME THAT IT WILL DELETE MY BROWSING HISTORY
NVM now trying step 5
i already uninstalled chrome with revo will install it after end of this
You are correct and I apologize. I've done this over 100 times and never had an issue but I see it can be important to some so I'll adjust my information accordingly going forward. We can take a look to see if there is a backup but before we do can you tell me why you uninstalled Chrome and then re-installed it?
i not reinstalled it yet will do after you approve system as clean
and i did tab.bz my all working tabs so no problem
+ chrome sync was ON so whenever owner [MY DAD
]will sing in again there will be no problem do you analysed logs ?
BrianDrab
Emeritus
Yes, everything looks good and we are clean here. I'll mark this solved and we can continue on the other thread. You should no longer get any blue screen issues.
Thanks.
Thanks.
BrianDrab
Emeritus
Time to clean up our tools.
1. Clean Up!
We need to remove all the tools that we used so that should you ever be re-infected, you will download updated versions which may have updated detection logic.
1. Download Delfix from here.
2. Ensure everything is checked.
3. Click Run.
Note: The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
1. Clean Up!
We need to remove all the tools that we used so that should you ever be re-infected, you will download updated versions which may have updated detection logic.
1. Download Delfix from here.
2. Ensure everything is checked.
3. Click Run.
Note: The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
# DelFix v1.010 - Logfile created 04/05/2015 at 23:09:32
# Updated 26/04/2015 by Xplode
# Username : Devdatt - DEVDATT-PC
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
~ Removing disinfection tools ...
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Devdatt\Desktop\Addition.txt
Deleted : C:\Users\Devdatt\Desktop\Fixlog.txt
Deleted : C:\Users\Devdatt\Desktop\FRST.exe
Deleted : C:\Users\Devdatt\Desktop\FRST.txt
Deleted : HKLM\SOFTWARE\AdwCleaner
~ Creating registry backup ... OK
########## - EOF - ##########
# Updated 26/04/2015 by Xplode
# Username : Devdatt - DEVDATT-PC
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
~ Removing disinfection tools ...
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Devdatt\Desktop\Addition.txt
Deleted : C:\Users\Devdatt\Desktop\Fixlog.txt
Deleted : C:\Users\Devdatt\Desktop\FRST.exe
Deleted : C:\Users\Devdatt\Desktop\FRST.txt
Deleted : HKLM\SOFTWARE\AdwCleaner
~ Creating registry backup ... OK
########## - EOF - ##########
Has Sysnative Forums helped you? Please consider donating to help us support the site!