New
#21
Did you uninstall/reinstall the KB or not??
Also have a look at the logs from Cleanrmgr, not heard of that one, see if you can spot anything to do with scripting windows update.
Back tomorrow .
Roy
Did you uninstall/reinstall the KB or not??
Also have a look at the logs from Cleanrmgr, not heard of that one, see if you can spot anything to do with scripting windows update.
Back tomorrow .
Roy
Uninstalled the KB from Command line, I'll try reinstall it now, cleanmgr is just the disk cleanup utility in Windows 7
Ah Strange problem, now that update won't reinstall anymore?
Hi Nightweb,
To busy looking at that one error code, MISSED the fact the Whole licencing store WASN'T there.....
need to recreate it, using the instructions in the screenshot.
Whole sections of coding just dont dissappear, please run your AV, and a scan with Malwarebytes Free.
(uncheck the trial option, and check enable rootkit detection in the dashboard settings.
Did you download a new prog just prior to these problems occuring??.
Roy
Evening Torchwood
First your commands
types "Net stop sppsvc" response was "
The Software Protection Service is not started.
More help is available by typing NET HELPMSG 3521."
I ran all your commands, 2 and 3 just returned a new line prompt, 4 returned "
The Software Protection service is starting.
The Software Protection service was started successfully"
the last one just popped up a windows activation windows saying "Activation was successful" no key needed, I assume this is because I have a factory installed Dell OEM version, going to reboot and repost now,
quick question on your post, (bit new to the internals of 7) which error code, what liencing store? would that be why I can uninstall updates but not install them? what whole sections of code? AV was run Friday night but I can rerun if you like (it normally takes a few hours) and will download Malwarebytes free now
Scanning with Malware Now
Wow that was a surprise, Malware that was unexpected, and even then way more than I thought I gotta keep Malware in my install Folder XD posting log now,
Sorry didn't see you wanted a new copy from MGADiagCode:Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 08/02/2016 Scan Time: 11:57 pm Logfile: Malware.txt Administrator: Yes Version: 2.2.0.1024 Malware Database: v2016.02.08.05 Rootkit Database: v2016.02.08.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: DELL-XPS Scan Type: Threat Scan Result: Completed Objects Scanned: 365898 Time Elapsed: 32 min, 5 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Deep Rootkit Scan: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 18 PUP.Optional.WorkApp, HKLM\SOFTWARE\CLASSES\TYPELIB\{CC6F4F54-6EF8-4E84-BDC6-ABC6F83100BE}, , [02432c32415871c5b1853ec857ad13ed], PUP.Optional.WorkApp, HKLM\SOFTWARE\CLASSES\INTERFACE\{042283F9-E8DA-4ADC-B49F-70931EC3024D}, , [02432c32415871c5b1853ec857ad13ed], PUP.Optional.WorkApp, HKLM\SOFTWARE\CLASSES\INTERFACE\{6A756B02-6462-41A2-B0E9-E555AEF30750}, , [02432c32415871c5b1853ec857ad13ed], PUP.Optional.WorkApp, HKLM\SOFTWARE\CLASSES\INTERFACE\{9BDBA1BF-FF06-4461-A4DC-DCEB3602B8FF}, , [02432c32415871c5b1853ec857ad13ed], PUP.Optional.WorkApp, HKLM\SOFTWARE\CLASSES\INTERFACE\{D953D360-ED90-4077-B28A-F4F8FABF8558}, , [02432c32415871c5b1853ec857ad13ed], PUP.Optional.WorkApp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{042283F9-E8DA-4ADC-B49F-70931EC3024D}, , [02432c32415871c5b1853ec857ad13ed], PUP.Optional.WorkApp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6A756B02-6462-41A2-B0E9-E555AEF30750}, , [02432c32415871c5b1853ec857ad13ed], PUP.Optional.WorkApp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9BDBA1BF-FF06-4461-A4DC-DCEB3602B8FF}, , [02432c32415871c5b1853ec857ad13ed], PUP.Optional.WorkApp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D953D360-ED90-4077-B28A-F4F8FABF8558}, , [02432c32415871c5b1853ec857ad13ed], PUP.Optional.WorkApp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{042283F9-E8DA-4ADC-B49F-70931EC3024D}, , [02432c32415871c5b1853ec857ad13ed], PUP.Optional.WorkApp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{6A756B02-6462-41A2-B0E9-E555AEF30750}, , [02432c32415871c5b1853ec857ad13ed], PUP.Optional.WorkApp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9BDBA1BF-FF06-4461-A4DC-DCEB3602B8FF}, , [02432c32415871c5b1853ec857ad13ed], PUP.Optional.WorkApp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D953D360-ED90-4077-B28A-F4F8FABF8558}, , [02432c32415871c5b1853ec857ad13ed], PUP.Optional.WorkApp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{CC6F4F54-6EF8-4E84-BDC6-ABC6F83100BE}, , [02432c32415871c5b1853ec857ad13ed], PUP.Optional.WorkApp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{CC6F4F54-6EF8-4E84-BDC6-ABC6F83100BE}, , [02432c32415871c5b1853ec857ad13ed], PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, , [d86de975d4c5bc7a4c92d567ba4a6898], PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{cf05acd1}, , [25201a4428715fd750fb83689e656a96], PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, , [1f26ef6f9cfdf640b32b06369c6822de], Registry Values: 2 PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [d86de975d4c5bc7a4c92d567ba4a6898] PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [1f26ef6f9cfdf640b32b06369c6822de] Registry Data: 0 (No malicious items detected) Folders: 3 PUP.Optional.MultiPlug.Gen, C:\ProgramData\2600980696983935261, , [430298c6b3e6fc3aa48b269b669dfc04], PUP.Optional.WorkApp, C:\Program Files (x86)\WaorKApp, , [02432c32415871c5b1853ec857ad13ed], PUP.Optional.BonanzaDeals, C:\Program Files (x86)\BonanzaDeals, , [370e8ad498013ef8bbabf4c74bb7e11f], Files: 9 PUP.Optional.ProxyHijacker.BCM, C:\Windows\Temp\00000628, , [81c485d9ddbce6504aa4bf8a7f8132ce], PUP.Optional.NextLive, C:\Users\DELL-XPS\AppData\Local\genienext\nengine.dll, , [88bdda845445f4426e5ae851b051748c], PUP.Optional.MultiPlug.Gen, C:\ProgramData\2600980696983935261\181a9daabec800e898570ceb135f0ade.ini, , [430298c6b3e6fc3aa48b269b669dfc04], PUP.Optional.MultiPlug.Gen, C:\ProgramData\2600980696983935261\19ea0b1f1ef7a25a98570ceb135f0ade.ini, , [430298c6b3e6fc3aa48b269b669dfc04], PUP.Optional.MultiPlug.Gen, C:\ProgramData\2600980696983935261\57e7ccf445b9a4a998570ceb135f0ade.ini, , [430298c6b3e6fc3aa48b269b669dfc04], PUP.Optional.MultiPlug.Gen, C:\ProgramData\2600980696983935261\e4ef55b4d53b5f3b98570ceb135f0ade.ini, , [430298c6b3e6fc3aa48b269b669dfc04], PUP.Optional.WorkApp, C:\Program Files (x86)\WaorKApp\aPg16dUZGS5LXp.tlb, , [02432c32415871c5b1853ec857ad13ed], PUP.Optional.WorkApp, C:\Program Files (x86)\WaorKApp\aPg16dUZGS5LXp.dat, , [02432c32415871c5b1853ec857ad13ed], PUP.Optional.BonanzaDeals, C:\Program Files (x86)\BonanzaDeals\uninst.exe, , [370e8ad498013ef8bbabf4c74bb7e11f], Physical Sectors: 0 (No malicious items detected) (end)
Code:Diagnostic Report (1.9.0027.0): ----------------------------------------- Windows Validation Data--> Validation Code: 0 Cached Online Validation Code: 0x0 Windows Product Key: *****-*****-M3DJT-4J3WC-733WD Windows Product Key Hash: xo+ajVSpae7/4VoZjS7m6JL0f3A= Windows Product ID: 00371-OEM-8992671-00524 Windows Product ID Type: 2 Windows License Type: OEM SLP Windows OS version: 6.1.7601.2.00010100.1.0.048 ID: {6B7DD81C-6C2E-419E-B09A-52D40335213E}(3) Is Admin: Yes TestCab: 0x0 LegitcheckControl ActiveX: N/A, hr = 0x80070002 Signed By: N/A, hr = 0x80070002 Product Name: Windows 7 Professional Architecture: 0x00000009 Build lab: 7601.win7sp1_gdr.151019-1254 TTS Error: Validation Diagnostic: Resolution Status: N/A Vista WgaER Data--> ThreatID(s): N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 Windows XP Notifications Data--> Cached Result: N/A, hr = 0x80070002 File Exists: No Version: N/A, hr = 0x80070002 WgaTray.exe Signed By: N/A, hr = 0x80070002 WgaLogon.dll Signed By: N/A, hr = 0x80070002 OGA Notifications Data--> Cached Result: N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 OGAExec.exe Signed By: N/A, hr = 0x80070002 OGAAddin.dll Signed By: N/A, hr = 0x80070002 OGA Data--> Office Status: 100 Genuine Microsoft Publisher 2002 - 100 Genuine Microsoft Office XP Professional with FrontPage - 100 Genuine OGA Version: N/A, 0x80070002 Signed By: N/A, hr = 0x80070002 Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005 Browser Data--> Proxy settings: N/A User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32) Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Download signed ActiveX controls: Prompt Download unsigned ActiveX controls: Disabled Run ActiveX controls and plug-ins: Allowed Initialize and script ActiveX controls not marked as safe: Disabled Allow scripting of Internet Explorer Webbrowser control: Disabled Active scripting: Allowed Script ActiveX controls marked as safe for scripting: Allowed File Scan Data--> File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003] File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003] File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003] File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003] Other data--> Office Details: <GenuineResults><MachineData><UGUID>{6B7DD81C-6C2E-419E-B09A-52D40335213E}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-733WD</PKey><PID>00371-OEM-8992671-00524</PID><PIDType>2</PIDType><SID>S-1-5-21-2833491091-2125282442-2741541524</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Studio XPS 7100</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A06</Version><SMBIOSVersion major="2" minor="6"/><Date>20100910000000.000000+000</Date></BIOS><HWID>B3DF3907018400F6</HWID><UserLCID>1809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>FX09 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90190409-6000-11D3-8CFE-0050048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Publisher 2002</Name><Ver>10</Ver><Val>BABFAAD4C4D61B0</Val><Hash>SEishkJimZrBR/u8NT774CIf0yg=</Hash><Pid>54197-640-0698487-16062</Pid><PidType>14</PidType></Product><Product GUID="{90280409-6000-11D3-8CFE-0050048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office XP Professional with FrontPage</Name><Ver>10</Ver><Val>864F0FCCC4CD73E</Val><Hash>1kvzJLKmvg8iBHYevkHHBK9NEkk=</Hash><Pid>54185-640-0521274-17180</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="10" Result="100"/><App Id="16" Version="10" Result="100"/><App Id="17" Version="10" Result="100"/><App Id="18" Version="10" Result="100"/><App Id="19" Version="10" Result="100"/><App Id="1A" Version="10" Result="100"/><App Id="1B" Version="10" Result="100"/></Applications></Office></Software></GenuineResults> Spsys.log Content: 0x80070002 Licensing Data--> C:\Windows\system32\slmgr.vbs(22, 1) Microsoft VBScript runtime error: ActiveX component can't create object: 'Scripting.Dictionary' Windows Activation Technologies--> HrOffline: 0x00000000 HrOnline: 0x00000000 HealthStatus: 0x0000000000000000 Event Time Stamp: 11:29:2015 16:34 ActiveX: Not Registered - 0x80040154 Admin Service: Not Registered - 0x80040154 HealthStatus Bitmask Output: HWID Data--> HWID Hash Current: NgAAAAIABAABAAEAAQACAAAAAQABAAEAHKJMer3j8OnY+1TcVPkQMyzJ3sDx5UTRctAM1QLQ OEM Activation 1.0 Data--> N/A OEM Activation 2.0 Data--> BIOS valid for OA 2.0: yes Windows marker version: 0x20001 OEMID and OEMTableID Consistent: yes BIOS Information: ACPI Table Name OEMID Value OEMTableID Value APIC DELL FX09 FACP DELL FX09 SRAT AMD FAM_F_10 HPET DELL OEMHPET MCFG DELL OEMMCFG SLIC DELL FX09 OSFR DELL FX09 OEMB DELL FX09 SSDT A M I POWERNOW
Last edited by Nightweb; 09 Feb 2016 at 04:00. Reason: Adding MGADIAG report
Hi Nightweb,
Didnt expect to see anything produced on 2,3 thats good.
Right lets reinstall the licence file
From an elevated command prompt run
cscript.exe %windir%\system32\slmgr.vbs /rilc
REBOOT
IF you dont recognise PUM/PUPs (potentionally unwanted progs/malware) Let malwarebytes remove them
I WOULD.
Then
Can you now run, from an elevated command mode
CHKDSK /R
And
SFC /SCANNOW
Reboot
then check if you can MANUALLY install KB 971033.
Then repost another MGAdiag.
About your questions
The error i was looking at was (22 1) just below Licensing Data-->
on a proper report you should have A LOT like this, top2 lines are yours, the missing chunk is what it should look like. See attachment
And yes No licensing store no updates
Roy
Hey Torchwood,
Hope a good evening, yeah I didn't recognise most of them so I let Malware removed them, thought least not viruses, I ran the command and attached report here I attached the log as it won't let me post it in my comment
gonna reboot now and report back in a few minutes, mind if I ask what the command did?
Hi Nightweb,
I used it to relicence the validation section, not just part of it to make doulbly sure, and as you can see they all reset correctly.
Those other 2 scans will take a while thou.
Back tomorrow.
Roy
Yes the Chkdsk for some reason is running a full surface scan on my C Drive, the SFC will properbly take no more than an hour but the chkdsk with take a while, I imagine that won't finish tonight, I'll let it finish then I will run SFC and post results after, also after finding the Pup/malware I ran a deepscan AV last night too, night ^^