Jump to content

Recommended Posts

Hi people, thanks for the help.

Well, everthing was fine just a few days ago, when some programs ( four until now) stop working. The first one was  Razer Synapse (doesnt open), after Battle.net ( blizzard one, it opens but doesnt connect with internet), overwatch ( doesnt connect with internet) and geforce experience ( doesnt open). I already try to scan with windows 10 antivirus, eset online, malwarebyte 3.0 and the sfc /scannow ( it stops in 80% with "the operation cannot be executed"). I try to fix some HD (?) errors running the repair in disk :C, it found an error in disk C, repairs, but the error keep showing.

pc error.jpg

mb3.txt

Addition.txt

FRST.txt

Edited by David21
There a fourth program with the error.
Link to post
Share on other sites

  • Root Admin

The computer is having some issues. Licensing is failing, code integrity is also having an issue. I would recommend doing at least a full disk check and then try to determine why your Microsoft licensing is failing.

 

Application Errors:
==================
Error: (02/12/2017 09:04:56 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User:)
Description: License Activation Failed (slui.exe). Error Code:
Hr = 0x803F7001
Command line argument:
RuleId = 31e71c49-8da7-4a2f-ad92-45d98a1c79ba; Action = AutoActivate; AppId = 55c92734-d682-4d71-983e-d6ec3f16059f; SkuId = 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c; NotificationInterval = 1440; Trigger = UserLogon; SessionId = 1

Error: (02/12/2017 09:04:33 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User:)
Description: License Activation Failed (slui.exe). Error Code:
Hr = 0x8007139F
Command line argument:
RuleId = 31e71c49-8da7-4a2f-ad92-45d98a1c79ba; Action = AutoActivate; AppId = 55c92734-d682-4d71-983e-d6ec3f16059f; SkuId = 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c; NotificationInterval = 1440; Trigger = NetworkAvailable

Error: (02/12/2017 09:03:47 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User:)
Description: License Activation Failed (slui.exe). Error Code:
Hr = 0x8007139F
Command line argument:
RuleId = 31e71c49-8da7-4a2f-ad92-45d98a1c79ba; Action = AutoActivate; AppId = 55c92734-d682-4d71-983e-d6ec3f16059f; SkuId = 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c; NotificationInterval = 1440; Trigger = NetworkAvailable

Error: (02/12/2017 08:22:53 PM) (Source: Perflib) (EventID: 1008) (User:)
Description: Open Procedure failed for "BITS" service in DLL "C: \ Windows \ System32 \ bitsperf.dll". Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contain the error code.

Error: (02/12/2017 07:47:32 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User:)
Description: Event-ID 0

Error: (02/12/2017 07:47:32 PM) (Source: Microsoft Office 16) (EventID: 2011) (User:)
Description: Office Subscription licensing exception: Error Code: 0x803D000A; CorrelationId: {3366C57B-260B-4955-9EA7-02709F064CFA}

Error: (02/12/2017 07:18:50 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User:)
Description: License Activation Failed (slui.exe). Error Code:
Hr = 0x803F7001
Command line argument:
RuleId = 31e71c49-8da7-4a2f-ad92-45d98a1c79ba; Action = AutoActivate; AppId = 55c92734-d682-4d71-983e-d6ec3f16059f; SkuId = 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c; NotificationInterval = 1440; Trigger = UserLogon; SessionId = 1

Error: (02/12/2017 07:18:49 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User:)
Description: License Activation Failed (slui.exe). Error Code:
Hr = 0x803F7001
Command line argument:
RuleId = 31e71c49-8da7-4a2f-ad92-45d98a1c79ba; Action = AutoActivate; AppId = 55c92734-d682-4d71-983e-d6ec3f16059f; SkuId = 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c; NotificationInterval = 1440; Trigger = NetworkAvailable

Error: (02/12/2017 06:52:08 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User:)
Description: License Activation Failed (slui.exe). Error Code:
Hr = 0x803F7001
Command line argument:
RuleId = 31e71c49-8da7-4a2f-ad92-45d98a1c79ba; Action = AutoActivate; AppId = 55c92734-d682-4d71-983e-d6ec3f16059f; SkuId = 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c; NotificationInterval = 1440; Trigger = UserLogon; SessionId = 1

Error: (02/12/2017 06:51:49 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User:)
Description: License Activation Failed (slui.exe). Error Code:
Hr = 0x8007139F
Command line argument:
RuleId = 31e71c49-8da7-4a2f-ad92-45d98a1c79ba; Action = AutoActivate; AppId = 55c92734-d682-4d71-983e-d6ec3f16059f; SkuId = 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c; NotificationInterval = 1440; Trigger = NetworkAvailable


System Errors:
=============
Error: (02/12/2017 09:04:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 
And APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 
To the NT AUTHORITY \ SYSTEM SID (S-1-5-18) from the LocalHost address (running LRPC) that is running in the Application container Not Available SID (Not Available). This security permission can be modified with the Component Services administrative tool.

Error: (02/12/2017 09:04:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 
And APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 
To the user NT \ NETWORK SERVICE SID (S-1-5-20) from the LocalHost address (running LRPC) running on the Application container Not Available SID (Not Available). This security permission can be modified with the Component Services administrative tool.

Error: (02/12/2017 09:03:47 PM) (Source: DCOM) (EventID: 10016) (User: AUTHORITY

Erros de Sistema:
=============
Error: (02/12/2017 09:04:53 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 e APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 ao usuário AUTORIDADE NT\SISTEMA SID (S-1-5-18) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

Error: (02/12/2017 09:04:32 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 ao usuário AUTORIDADE NT\SERVIÇO DE REDE SID (S-1-5-20) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

Error: (02/12/2017 09:03:47 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 ao usuário AUTORIDADE NT\SERVIÇO DE REDE SID (S-1-5-20) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

Error: (02/12/2017 08:56:36 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: O serviço Instalador de Módulos do Windows não foi desligado corretamente após receber um controle de pré-desligamento.

Error: (02/12/2017 08:55:46 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 ao usuário AUTORIDADE NT\SISTEMA SID (S-1-5-18) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

Error: (02/12/2017 08:53:52 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: AUTORIDADE NT)
Description: C:\Device\HarddiskVolume22

Error: (02/12/2017 07:29:48 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 e APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 ao usuário AUTORIDADE NT\SISTEMA SID (S-1-5-18) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

Error: (02/12/2017 07:29:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço eapihdrv devido ao seguinte erro:
O carregamento deste driver foi bloqueado

Error: (02/12/2017 07:29:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço eapihdrv devido ao seguinte erro:
O carregamento deste driver foi bloqueado

Error: (02/12/2017 07:29:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço eapihdrv devido ao seguinte erro:
O carregamento deste driver foi bloqueado


CodeIntegrity:
===================================
  Date: 2017-02-04 11:11:25.465
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

 

 

 

 

Link to post
Share on other sites

  • Root Admin


Please click on the "Search the web and Windows" box.

win10search.jpg.ab49407705b2ffa8728339ae


Then type in CMD.EXE and when it shows on the start menu right click and select "Run as administrator"

 

cmd_prompt_run_as_administrator.jpg.252a

 

In the command prompt please type the following exactly.

CHKDSK  C:  /R

This will tell Windows to run a full disk check, however you'll get the following, telling you it cannot run because it's in use.

Press the Y key to tell it to run on the next restart of the computer.

 

Quote

Microsoft Windows [Version 10.0.10586]


(c) 2015 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>CHKDSK C: /R
The type of the file system is NTFS.
Cannot lock current drive.

Chkdsk cannot run because the volume is in use by another
process.  Would you like to schedule this volume to be
checked the next time the system restarts? (Y/N)

 

Then restart the computer and let it run.
Then find and copy the disk check entry from the Event Logs and paste back the results here.

How to Read Event Viewer Log for Chkdsk (Check Disk) in Windows 10

 

Link to post
Share on other sites

  • Root Admin

Well if Disk Check is crashing that's not a good sign. Could be a disk controller issue, or cable, or even the hard drive itself. Can you start into the Recovery Console and start a command prompt and try to run it from there?

Do you have access to another computer and the ability to pull your hard drive out and put it into another computer as a secondary drive and then run the disk check from the other computer on it?

 

Link to post
Share on other sites

  • Root Admin

I'd still highly recommend doing a detailed scan of the hardware for the drive. Seagate Tools and Western Digital Tools should be able to test most drives now days. They pretty much own all the hard drive business now.

Go to Seagate and Western Digital depending on what drive you have and use their tool to test the drive.Reinstalling Windows on a bad drive would be a waste of time.

 

 

Link to post
Share on other sites

  • 2 weeks later...

My drive is a TOSHIBA HDWD110. I cant find a specific tool for it, but using windows chckdsk in C: i got no errors...

Nome do Log:   Application
Fonte:         Chkdsk
Data:          01/03/2017 08:43:23
Identificação do Evento:26226
Categoria da Tarefa:Nenhum
Nível:         Informações
Palavras-chave:Clássico
Usuário:       N/D
Computador:    DESKTOP-32G110N
Descrição:
O Chkdsk foi executado em modo de exame em um instantâneo de volume.  

Verificando o sistema de arquivos em C:

Estágio 1: examinando a estrutura básica do sistema de arquivos...
                                                                                          350464 de registros de arquivos processados.                              
Verificação de arquivos concluída.
                                                                                          32750 registros de arquivos grandes processados.                      
                                                                                          0 registros de arquivos inválidos processados.                    

Estágio 2: examinando a ligação do nome do arquivo...
                                                                                          508640 de entradas de índice processadas.                                
Verificação de índices concluída.
                                                                                       
                                                                                       

Estágio 3: examinando os descritores de segurança...
Verificação de descritores de segurança concluída.
                                                                                          79089 arquivos de dados processados.                                  
O CHKDSK está verificando o diário de USN...
                                                                                          35475368 de bytes USN processados.                                          
Verificação do diário de USN concluída.

Não há problemas no sistema de arquivos.
Nenhuma ação necessária.

 972481256 KB de espaço total em disco.
 109205160 KB em 147374 arquivos.
    145636 KB em 79090 índices.
    491144 KB em uso pelo sistema.
     65536 KB ocupados pelo arquivo de log.
 862639316 KB disponíveis em disco.

      4096 bytes em cada unidade de alocação.
Total de  243120314 unidades de alocação no disco.
 215659829 unidades de alocação disponíveis em disco.

----------------------------------------------------------------------


Estágio 1: examinando a estrutura básica do sistema de arquivos...

Estágio 2: examinando a ligação do nome do arquivo...

Estágio 3: examinando os descritores de segurança...

Não há problemas no sistema de arquivos.
Nenhuma ação necessária.

XML de Evento:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Chkdsk" />
    <EventID Qualifiers="0">26226</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2017-03-01T11:43:23.980502600Z" />
    <EventRecordID>3490</EventRecordID>
    <Channel>Application</Channel>
    <Computer>DESKTOP-32G110N</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Verificando o sistema de arquivos em C:

Estágio 1: examinando a estrutura básica do sistema de arquivos...
                                                                                          350464 de registros de arquivos processados.                              
Verificação de arquivos concluída.
                                                                                          32750 registros de arquivos grandes processados.                      
                                                                                          0 registros de arquivos inválidos processados.                    

Estágio 2: examinando a ligação do nome do arquivo...
                                                                                          508640 de entradas de índice processadas.                                
Verificação de índices concluída.
                                                                                       
                                                                                       

Estágio 3: examinando os descritores de segurança...
Verificação de descritores de segurança concluída.
                                                                                          79089 arquivos de dados processados.                                  
O CHKDSK está verificando o diário de USN...
                                                                                          35475368 de bytes USN processados.                                          
Verificação do diário de USN concluída.

Não há problemas no sistema de arquivos.
Nenhuma ação necessária.

 972481256 KB de espaço total em disco.
 109205160 KB em 147374 arquivos.
    145636 KB em 79090 índices.
    491144 KB em uso pelo sistema.
     65536 KB ocupados pelo arquivo de log.
 862639316 KB disponíveis em disco.

      4096 bytes em cada unidade de alocação.
Total de  243120314 unidades de alocação no disco.
 215659829 unidades de alocação disponíveis em disco.

----------------------------------------------------------------------


Estágio 1: examinando a estrutura básica do sistema de arquivos...

Estágio 2: examinando a ligação do nome do arquivo...

Estágio 3: examinando os descritores de segurança...

Não há problemas no sistema de arquivos.
Nenhuma ação necessária.
</Data>
    <Binary>005905007D740300496107000000000050010000088F00000000000000000000</Binary>
  </EventData>
</Event>

Link to post
Share on other sites

  • Root Admin

Okay, that's good. Let me have you run the following now.

 

Please restart the computer first and then run the following steps and post back the logs when ready.

STEP 01
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 02

adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

STEP 03
Download Sophos Free Virus Removal Tool and save it to your desktop.
 

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View Log file (bottom left-hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found, please confirm that result.

STEP 04
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Link to post
Share on other sites

  • 3 weeks later...

Sorry for the long time to answer, ive been working a lot these weeks, again sorry and thanks you for your help. Lets go back to the problem:

 

Sophos Free Virus Removal T doesnt find any virus.  The only one result + was Adwcleaner ( found 1 and remove it), but Adwcleaner itself could not acess online updates because the main error ( some programs online features does not work/ cannot connect online).

JRT.txt

AdwCleaner[S0].txt

AdwCleaner[C0].txt

FRST.txt

Addition.txt

Link to post
Share on other sites

  • Root Admin

Please run the following. It will try to do a disk check for you. Let the disk check run until it either finishes or crashes. It could take many hours to complete.

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

 

fixlist.txt

Thanks

 

Link to post
Share on other sites

NVIDIA GeForce Experience.exe - wrong image

C:/WINDOWS/SYSTEM32/ncrypt.dll wasn't projected to be executed in Windows or has a error. Try install the program again using original midia or contact admin or the software support. Error status 0xc0000006.

Sorry, should have do it in english first time. Thx again.

Link to post
Share on other sites

  • Root Admin

Well, that's not looking good. Let me have you run the following and we'll double check for any rootkit activity.

 

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.

PC Winvids - How to run Kaspersky TDSSKiller

If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.

 

Link to post
Share on other sites

  • Root Admin

No these scans are to look for things, not expecting it to fix the error at this point.

Please run the following for me.

Please download Malwarebytes Anti-Rootkit from HERE
If needed there is a self help tutorial here: MBAR tutorial

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

Link to post
Share on other sites

  • Root Admin

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so. If it does not prompt you to reboot, go ahead and reboot anyways when it's done.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

Then after the restart. Run FRST again and post back both new logs.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.