Solved Windows update keeps failing

Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

rhoag

Thread Starter
Joined
Jun 2, 2005
Messages
154
Hi, rhoag.

Good job! Bravo! (y)
Since Defender detected it, no other action is needed. I saw the Forenza Horizon 4 in your installed Windows applications and was also surprised about the specific detection. Then I noticed the path of the detected item in D and it seems that you may also downloaded it from somewhere else. Have you payed for it?
Oh Boy.. I checked on the Forza Horizon 4 folder in D: and it listed a link to the DL at Reworkedgames.eu back in 2018. I vaguely remember now that at the time the game was just coming out with the PC version having been only Xbox before that and they offered a free intro dl of it... so I went for it. I always buy games on Steam, or Uplay or directly from the game company, but not that time. After Notre Dame in Paris burned I was given a free DL of Assassin's Creed Unity for donating to the restoration. The game is staged in Paris and was actually used to help in the restoration of the church. I don't believe in free hacked software or games, I made a mistake.

Now let's clean what AdwCleaner and Malwarebytes found, mostly Restoro remnants.

1. AdwCleaner (Clean mode)

To proceed, please do the following:
  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.
# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-06-29.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-04-2021
# Duration: 00:00:01
# OS: Windows 10 Home
# Cleaned: 18
# Failed: 0

***** [ Services ] *****
No malicious services cleaned.

***** [ Folders ] *****
Deleted C:\Users\doane\AppData\Roaming\IObit\Advanced SystemCare

***** [ Files ] *****
Deleted C:\Windows\restoro.ini

***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com
Deleted HKCU\Software\Local AppWizard-Generated Applications\Restoro
Deleted HKCU\Software\Restoro
Deleted HKLM\Software\Classes\CLSID\{AE198C69-7358-4856-9029-F4C0FAD524C1}
Deleted HKLM\Software\Classes\CLSID\{BA827421-E282-479E-AE60-34796877B8AE}
Deleted HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted HKLM\Software\Classes\Restoro.Engine
Deleted HKLM\Software\Classes\TypeLib\{C661BE9A-11D8-47DD-A980-6494B09F3AF3}
Deleted HKLM\Software\Restoro
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{C661BE9A-11D8-47DD-A980-6494B09F3AF3}

***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************
AdwCleaner[S00].txt - [3506 octets] - [04/08/2021 08:22:04]
AdwCleaner[S01].txt - [3567 octets] - [04/08/2021 14:15:01]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

2. Run Malwarebytes (Clean mode)
  • Double click the program's icon on your Desktop, as you did before.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is unchecked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.
Will do your step 3 after the computer restarts

3. Fresh FRST logs
  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

In your next reply, please post:
  1. The AdwCleaner[C0*].txt
  2. The Malwarebytes report
  3. The fresh FRST logs, Addition and FRST.
P.S. Please do not press the Reply button to quote parts of my posts into your reply. Just put points/numbers. It's easier for me to read what you write.
 

rhoag

Thread Starter
Joined
Jun 2, 2005
Messages
154

Your Step 3. Fresh FRST logs

  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.
Here are the two text files:
 

Attachments

rhoag

Thread Starter
Joined
Jun 2, 2005
Messages
154
I still can't update the 3.5 & 4.8 Net Framework, but at least we go rid of a lot of unwanted malware and I hope the Trojans as well?
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,395
Hi, rhoag.

I asked this before but I'm sure you didn't notice:

P.S. Please do not press the Reply button to quote parts of my posts into your reply. Just put points/numbers. It's easier for me to read what you write.

You didn't attach the Malwarebytes report and I would like to see it please. I hope you ran it before the new FRST scan, as I want fresh FRST logs after the Malwarebytes scan.

As for the updates issue, please wait. First we clean and then we deal with everything else.

1. Search for Norton
  • Copy and paste the following into the Search box: SearchAll: Norton
  • Click on the Search Files button.
  • When complete, FRST will generate a log, named Search.txt, in the same location it was run from.
  • Please copy and paste its contents into your reply.

2. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
AV: Norton Security Online (Enabled - Up to date) {1122B19A-E671-38EC-8EAC-87048FD4528D}
AV: Norton Security Online (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
FW: Norton Security Online (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
FW: Norton Security Online (Enabled) {291930BF-AC1E-39B4-A5F3-2E31710715F6}
CustomCLSID: HKU\S-1-5-21-2159283933-1585630817-402555402-1001_Classes\CLSID\{e1a7f602-67b7-44f7-ad19-439e41f06cd8}\localserver32 -> "C:\Program Files\Global Delight\Boom 3D\Boom3D.exe" -ToastActivated => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
SearchScopes: HKU\S-1-5-21-2159283933-1585630817-402555402-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://searchsafe.norton.com/search?q={searchTerms}&l=dis&prt=NGC&chn=1122&geo=US&ver=22.20.5.39&locale=US_en&guid=766617C2-8CAC-440B-88DA-B1049616EE6B&doi=2016-09-01&o=ds&hspart=symantec&hsimp=yhs-ext_onb&doa=2020-08-18&gct=kwd&qsrc=2869
Toolbar: HKU\S-1-5-21-2159283933-1585630817-402555402-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FirewallRules: [{C8954E9B-6679-41F6-81F4-D22081EBF299}] => (Allow) C:\Users\doane\AppData\Local\Temp\7zS896E.tmp\SymNRT.exe => No File
FirewallRules: [{3FAB3107-82D9-49BF-8F71-93F80C850127}] => (Allow) C:\Users\doane\AppData\Local\Temp\7zS896E.tmp\SymNRT.exe => No File
FirewallRules: [{832B25A8-367B-4E02-9C39-8AAD7DC64209}] => (Allow) C:\Users\doane\AppData\Local\Temp\7zS5899.tmp\SymNRT.exe => No File
FirewallRules: [{6B00653A-C1D0-41E3-86A5-30E8653EECEF}] => (Allow) C:\Users\doane\AppData\Local\Temp\7zS5899.tmp\SymNRT.exe => No File
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
2021-08-02 14:09 - 2021-08-02 14:09 - 000000743 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2021-08-02 10:07 - 2021-08-02 10:29 - 000000098 _____ C:\WINDOWS\system32\Restoro.rep
2021-08-01 21:22 - 2021-08-01 21:22 - 000000000 ____D C:\ProgramData\Norton
2021-08-04 14:18 - 2021-02-02 13:05 - 000000000 ____D C:\Users\doane\AppData\Roaming\IObit
D:\Documents\Computer Related\Media\Video Converters\Cnet free Any-Viceo-Converet\avc-free.exe
D:\Documents\Computer Related\Media\Video Converters\Cnet free Format Factory\FFSetup280.exe
D:\Documents\Computer Related\Media\Video Downloaders\Freemake\FreemakeVideoDownloaderSetup.exe
D:\Documents\Games\Forenza Horizon 4\Forza Horizon 4 Manager.rar
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

In your next reply please post:
  1. The Malwarebytes report
  2. The Search.txt
  3. The fixlog.txt
 

rhoag

Thread Starter
Joined
Jun 2, 2005
Messages
154
I apologize, I didn't see that request about not quoting you, it was helping me keep track of all of this. Here is the malwarebytes report, I ran it before the other one:
 

Attachments

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,395
Hi, rhoag.

That's the report before cleaning with Malwarebytes. Here I asked you to remove the detected items. Please do that if you didn't do it already.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,395
Thanks, rhoag.

It seems that I asked you a lot of things at a time. But you do a great job. (y)

The next step is a final cleaning step, an online scan to ensure that everything is clean. Then, we are going to deal with everything else.

ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.
 

rhoag

Thread Starter
Joined
Jun 2, 2005
Messages
154
Dr.M: Okay, it's running. Your directions have been pretty amazing, hence, the "Professor" acknowledgement... I really appreciate all of your help and knowledge; I'm learning a lot from you. If you are ever out this way I owe you a dinner at our favorite restaurant in town! Will get back when the scan is done.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,395
. If you are ever out this way I owe you a dinner at our favorite restaurant in town!
Wow! It sounds ... delicious! :p

Let's see the Eset outcome and then plan our next steps. :unsure:
 

rhoag

Thread Starter
Joined
Jun 2, 2005
Messages
154
Once we get this cleaned up do you recommend buying and keeping the Malewarebytes program (or?) running as protection when I also have the Windows Security system giving virus/firewall/etc. protection along with the Comcast Xfinity protection online supplying my cable service for the internet, wifi and TV?
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,395
Buying the Premium version of Malwarebytes or stay with the free one, is up to you. With the Premium version, you have real time protection. This feature doesn't exist in free version. Instead, you have to scan your computer every now and then by your self, depending on how often you use your computer. Malwarebytes and Windows Security work well together, and both can keep you safe.
 

rhoag

Thread Starter
Joined
Jun 2, 2005
Messages
154
Okay, Esetonline results:

8/5/2021 12:22:01 PM
Files scanned: 696141
Detected files: 4
Cleaned files: 4
Total scan time 02:07:16
Scan status: Finished


C:\FRST\Quarantine\D\Documents\Computer Related\Media\Video Downloaders\Freemake\FreemakeVideoDownloaderSetup.exe.xBAD a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application cleaned by deleting
D:\Documents\Computer Related\Graphics\PDF Forge creator\Installer free\PDFCreator-2_3_0-Setup.exe a variant of Win32/LuluSoftware.A potentially unwanted application,Win32/InstallMonetizer.AQ potentially unwanted application cleaned by deleting
D:\Documents\Computer Related\Problems\Restoro registry fix\Restoro.exe Win32/ReImageRepair.T potentially unwanted application cleaned by deleting
D:\Documents\Games\Grand Theft Auto V\Mods\Lingon Trainer\1025_GrandTheftAutoV\GrandTheftAutoV+24Tr-LNG_v1.0.1290.1.exe a variant of MSIL/GameHack.SZ potentially unsafe application cleaned by deleting
++++++++++++++++++++++++++++++

Programs/Files deleted by Esetonline:

FreemakeVideoDownloader - Very useful, what can I use instead?
PDF Forge creator - Don't know how I even got that, no problem.
Restoro - Good riddence!
GTA Trainer - This was a free mod for the game I bought on Steam, didn't know it was harmful?
 
Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top