Jump to content

[ RESOLVED ] Windows Update KB5015882 Installation Failure, Error 0x8000ffff


Recommended Posts

As was the case with my issue with KB5015814 failing to install on my desktop (Dell XPS 8930 SE, Windows 11 Pro), the latest update failed as well during the "Installing" phase, never making it to the "Restart Your Computer."

My first thought was to disable Malwarebytes and disable it from starting with Windows.  I rebooted my computer and the update successfully installed.

With my laptop, also running Malwarebytes Premium and Bitdefender Total Security, the update installed flawlessly with Malwarebytes Premium active.

Windows Update does not like my desktop for some reason. :(

Have a great day.

Regards,
Phil

Link to post
Share on other sites

  • Root Admin

Good day, @garioch7

Can I get some logs from your Desktop?

 

 

To begin, please do the following so that we may take a closer look at your installation for troubleshooting:

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply

Thank you

 

Link to post
Share on other sites

  • Root Admin

You had an odd failure back in April. Not sure if it really affected the system or not.

>>>  [SetupUninstallOEMInf - oem105.inf]
>>>  Section start 2022/04/29 09:40:41.322
      cmd: C:\WINDOWS\system32\cleanmgr.exe /autocleanstoragesense /d C:
     inf: Flags: 0x00000000
!    inf: Cannot find INF 'oem105.inf' under driver store. Error = 0x00000003
!!!  inf: Error uninstalling OEM INF 'C:\WINDOWS\INF\oem105.inf'
!!!  inf: Error 3: The system cannot find the path specified.
<<<  Section end 2022/04/29 09:40:41.332
<<<  [Exit status: FAILURE(0x00000003)]

ààSÚ¢»È‹q K”q     ààßZVÌ£”O \™O     àà¼bVFK © K     ààwõ%ï? |¡?     ààßÁ"jƒ? "?     àà»:ôâ; o‘;     

 

 

Currently having quite a few issues. Probably need to do some general clean-up and check on stuff.

 

 

Application errors:
==================
Error: (07/22/2022 03:10:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.22000.832 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 5284

Start Time: 01d89df5e4090b6e

Termination Time: 6

Application Path: C:\Windows\explorer.exe

Report Id: 6f799df8-cda4-4a27-a224-513444b9571f

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (07/22/2022 12:16:40 PM) (Source: sesvc) (EventID: 0) (User: )
Description: Service cannot be started. System.Configuration.ConfigurationErrorsException: The 'system.serviceModel/services' configuration section cannot be created. The machine.config file is missing information. Verify that this configuration section is properly registered and that you have correctly spelled the section name. For Windows Communication Foundation sections, run ServiceModelReg.exe -i to fix this error.
   at System.ServiceModel.Configuration.ConfigurationHelpers.UnsafeGetAssociatedSection(ContextInformation evalContext, String sectionPath)
   at System.ServiceModel.Configuration.ServicesSection.UnsafeGetSection()
   at System.ServiceModel.Description.ConfigLoader.LookupService(String serviceConfigurationName)
   at System.ServiceModel.ServiceHostBase.ApplyConfiguration()
   at System.ServiceModel.ServiceHostBase.InitializeDescription(UriSchemeKeyedCollection baseAddresses)
   at System.ServiceModel.ServiceHost..ctor(Type serviceType, Uri[] baseAddresses)
   at w.a(String[] A_0)
   at System.ServiceProcess.ServiceBase.Se...

Error: (07/22/2022 12:16:09 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (07/22/2022 11:39:13 AM) (Source: sesvc) (EventID: 0) (User: )
Description: Service cannot be started. System.IO.FileNotFoundException: Could not load file or assembly 'System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' or one of its dependencies. The system cannot find the file specified.
File name: 'System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'
   at w.a(String[] A_0)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

WRN: Assembly binding logging is turned OFF.
To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.
Note: There is some performance penalty associated with assembly bind failure logging.
To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableLog].

Error: (07/22/2022 11:12:27 AM) (Source: sesvc) (EventID: 0) (User: )
Description: Service cannot be started. System.Configuration.ConfigurationErrorsException: The 'system.serviceModel/services' configuration section cannot be created. The machine.config file is missing information. Verify that this configuration section is properly registered and that you have correctly spelled the section name. For Windows Communication Foundation sections, run ServiceModelReg.exe -i to fix this error.
   at System.ServiceModel.Configuration.ConfigurationHelpers.UnsafeGetAssociatedSection(ContextInformation evalContext, String sectionPath)
   at System.ServiceModel.Configuration.ServicesSection.UnsafeGetSection()
   at System.ServiceModel.Description.ConfigLoader.LookupService(String serviceConfigurationName)
   at System.ServiceModel.ServiceHostBase.ApplyConfiguration()
   at System.ServiceModel.ServiceHostBase.InitializeDescription(UriSchemeKeyedCollection baseAddresses)
   at System.ServiceModel.ServiceHost..ctor(Type serviceType, Uri[] baseAddresses)
   at w.a(String[] A_0)
   at System.ServiceProcess.ServiceBase.Se...

Error: (07/21/2022 11:11:31 AM) (Source: sesvc) (EventID: 0) (User: )
Description: Service cannot be started. System.Configuration.ConfigurationErrorsException: The 'system.serviceModel/services' configuration section cannot be created. The machine.config file is missing information. Verify that this configuration section is properly registered and that you have correctly spelled the section name. For Windows Communication Foundation sections, run ServiceModelReg.exe -i to fix this error.
   at System.ServiceModel.Configuration.ConfigurationHelpers.UnsafeGetAssociatedSection(ContextInformation evalContext, String sectionPath)
   at System.ServiceModel.Configuration.ServicesSection.UnsafeGetSection()
   at System.ServiceModel.Description.ConfigLoader.LookupService(String serviceConfigurationName)
   at System.ServiceModel.ServiceHostBase.ApplyConfiguration()
   at System.ServiceModel.ServiceHostBase.InitializeDescription(UriSchemeKeyedCollection baseAddresses)
   at System.ServiceModel.ServiceHost..ctor(Type serviceType, Uri[] baseAddresses)
   at w.a(String[] A_0)
   at System.ServiceProcess.ServiceBase.Se...

Error: (07/21/2022 08:38:00 AM) (Source: sesvc) (EventID: 0) (User: )
Description: Service cannot be started. System.Configuration.ConfigurationErrorsException: The 'system.serviceModel/services' configuration section cannot be created. The machine.config file is missing information. Verify that this configuration section is properly registered and that you have correctly spelled the section name. For Windows Communication Foundation sections, run ServiceModelReg.exe -i to fix this error.
   at System.ServiceModel.Configuration.ConfigurationHelpers.UnsafeGetAssociatedSection(ContextInformation evalContext, String sectionPath)
   at System.ServiceModel.Configuration.ServicesSection.UnsafeGetSection()
   at System.ServiceModel.Description.ConfigLoader.LookupService(String serviceConfigurationName)
   at System.ServiceModel.ServiceHostBase.ApplyConfiguration()
   at System.ServiceModel.ServiceHostBase.InitializeDescription(UriSchemeKeyedCollection baseAddresses)
   at System.ServiceModel.ServiceHost..ctor(Type serviceType, Uri[] baseAddresses)
   at w.a(String[] A_0)
   at System.ServiceProcess.ServiceBase.Se...

Error: (07/20/2022 05:56:30 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.

 

I would recommend that you do a Clean Removal of Malwarebytes. Get Windows Defender working before you reinstall Malwarebytes. Let me know and I can give you a generic clean up script.

 

Can you please do the following?

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click the CLEAN button and follow the onscreen instructions but DO NOT reinstall Malwarebytes. Decline all offers to install something.
  • NOTE: Please have patience as it can take a while to remove and restart to complete

After the restart please do the following

  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply

Thank you

 

Link to post
Share on other sites

I don't remember the precise date in the spring, but I did have a Samsung 850 Pro 1 TB SSD (Drive I:) that was failing according to Hard Disk Sentinel.  It was sporadically failing to communicate.  I used the drive solely for system imaging with Macrium and Easeus.  Backup verifications were failing.  I removed the drive and the other two drives were renumbered by the system.  My Boot Drive went from Disk 2 to Disk 1.  Not sure if that would have anything to do with the error(s).

I am busy most of the day, but I will try to get your recommended actions done later this afternoon.  I really appreciate your assistance.

Thank you and have a great day.

Regards,
Phil

 

Edited by AdvancedSetup
Corrected font issue
Link to post
Share on other sites

Just in from mowing.  When I fired up my desktop, Windows Update informed me that KB5015732 (Preview Cumulative Update for Net Framework 3.5 and 4.8) was available.  I tried the update with MBP active and it succeeded.

I ran the Clean twice.  The computer did not reboot after the first time.  It just returned to the Advanced Settings screen.  So I exited the Support Tool, rebooted, and ran Clean again.  Same thing.  No auto-reboot or message that MBP was successfully uninstalled.

I did not activate Windows Defender.  My security solution is Bitdefender Total Security (BDTS).  Windows Defender is in passive mode performing periodic scanning.  I presume that instruction is just a part of your "canned" since the FRST logs would have shown you that BDTS is my anti-virus solution.  MBP was set not to register in the Windows Security Center.  I did not touch BDTS. It remained, and remains, active.

I have attached the latest logs.  Both yesterday and today, File Explorer and xplorer2 did not see the MBAM files on my Desktop.  I could see them on my Desktop, but they could not, even with the selection *.*  I cut the file directly from my Desktop, and pasted it to my Downloads folder and was thus able to attach the mbst-grab-results.zip file to this post and yesterday's post.

Once again, thank you for your assistance.

Regards,
Phil

mbst-grab-results.zip

Edited by AdvancedSetup
Corrected font issue
Link to post
Share on other sites

  • Root Admin

Thanks for the logs, Phil @garioch7

I'm going to list items of interest that I saw in the logs. It's your computer, so your choice. Just want to make you aware of items I find that may not really be needed or could use an update.

 

Your DNS server includes your local system and I'm guessing the other is your ISP. Not that you have to change it, but you might want to consider changing to one of the others listed below.

Your DNS Servers: 192.168.2.1 - 142.166.166.166

Please consider changing your default DNS Server settings. Please choose one provider only

DNS is what lets users connect to websites using domain names instead of IP addresses

  • Google Public DNS: IPv4   8.8.8.8 and 8.8.4.4   IPv6   2001:4860:4860::8888 and 2001:4860:4860::8844
  • Cloudflare: IPv4   1.1.1.1 and 1.0.0.1   IPv6   2606:4700:4700::1111 and 2606:4700:4700::1001
  • OpenDNS: IPv4   208.67.222.222 and 208.67.220.220  IPv6  2620:119:35::35 and 2620:119:53::53
  • DNSWATCH: IPv4   84.200.69.80 and 84.200.70.40   IPv6  2001:1608:10:25::1c04:b12f and 2001:1608:10:25::9249:d69b

The Ultimate Guide to Changing Your DNS Server
https://www.howtogeek.com/167533/the-ultimate-guide-to-changing-your-dns-server/

Here is a YouTube video on Changing DNS settings if needed

 

 

You have the following set to run on your system. I would recommend that you disable it.

HKLM\...\StartupApproved\Run32: => "PdxRegCl"

Application using this process: Paradox(R) Registry Key Cleaner

pdxregcl.exe is a process belonging to Paradox(R) Registry Key Cleaner from Corel Corporation.

 

A few recommended articles to read on registry cleaners:

Registry cleaners are not supported by Microsoft

"Microsoft cannot guarantee that problems resulting from the use of a registry cleaning utility can be solved. Issues caused by these utilities may not be repairable and lost data may not be recoverable"

 

In most cases regardless of which Registry Cleaning tool you use it's not going to outright break Windows from booting or running. Normally the damage done is rarely seen or even attributed to the cleaning. How it can sometimes manifest itself is with an application simply not behaving as it used to, a program feature that no longer launches. In some cases on a computer with detailed auditing enabled it can show errors that were not there prior to the cleaning, but again these are typically things that would be nearly impossible to know after the fact what caused it.

The bottom line is WHY are you cleaning the Registry? The system can typically read through the entire Registry in under a minute, but that is not how software reads, writes to the Registry. It makes a specific call to a location where it expects its configuration to be or where it needs to possibly interface with other COM objects to complete an operation and can typically make that read in milliseconds. Reading all the keys for my HKCU hive took 249 ms with a total of 21047 keys. So how is removing a dozen or a few dozen going to really help speed up my computer?

If you can show proof positive 100% that some value in the Registry is actually causing an issue then change or remove THAT entry. Not hundreds or dozens of entries because someone that has been programming for a few years now somehow feels they or their team know the Billions of possible values and every single one that is good or bad and can automate fixing it. Sorry but I call BS, no one knows every single entry and what it means let alone if its good or bad.

 

 

Your Windows Explorer faulted again, today. Considering that is the desktop as well as the file explorer that's an important program that should be running well at all times.

Application errors:
==================
Error: (07/23/2022 03:09:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.22000.832, time stamp: 0x8947d46c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x2fe8
Faulting application start time: 0x01d89ebedad683f5
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: unknown
Report Id: b1a26d49-bab9-4b3f-8578-c7b502be4dd5
Faulting package full name:
Faulting package-relative application ID:

 

 

The computer appears to be reasonably new

BIOS: Dell Inc. 1.1.23 03/21/2022
Motherboard: Dell Inc. 0T2HR0

 

Why are you running a very old driver from 2014? Do you actually use it? If you do, isn't there any newer driver?

HKLM\...\Run: [HP LaserJet Professional CM1410 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2014-04-28] (Hewlett-Packard Company -> Hewlett-Packard Company)

 

I have used PowerDVD in the past as well. I don't find that you need to run the base program every time the computer starts, but that is your choice. My recommendation would be to disable the auto-start.

HKLM\...\Run: [PowerDVD19Agent] => C:\Program Files\CyberLink\PowerDVD19\PowerDVD19Agent.exe [534848 2019-12-03] (CyberLink Corp. -> CyberLink Corp.)

HKLM-x32\...\Run: [PowerDVD19Agent] => C:\Program Files\CyberLink\PowerDVD19\PowerDVD19Agent.exe [534848 2019-12-03] (CyberLink Corp. -> CyberLink Corp.)

You're also running a WinZip File Association Helper every time the computer starts. Do you really need that?

HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436704 2020-09-25] (Corel Corporation -> WinZip Computing, S.L.)

 

Personally, I find that Logitech Download Helper to be a cancer on a computer, but again that's your choice. I remove it from all my computers.

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)

 

 

You're running an HP software updater program from 2013. I would bet my bottom dollar that you have not had a software update from that program in man years now, thus another waste of computer resources as I see it myself.

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)

Same here. This is from 2010 and even if it was still valid do you need to have it on auto=start?

HKLM-x32\...\Run: [ToolboxFX] => C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe [58936 2010-10-25] (Hewlett-Packard Company -> Hewlett-Packard Company)

Anything from Apple from 2013 has to be useless as well

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc. -> Apple Inc.)

Not actually even needed for Windows 10 or supported on it anymore. No reason to have an auto-start for this one either.

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) [File not signed]

I've been doing semi-professional photography with Nikon for over a decade now. I've not personally needed their software running all the time. It really only takes a couple minutes to go out and check that on your own. But again, that's up to you. If you find it useful, then by all means keep it installed.

The Nikon Message Center 2 software and service alerts you when updates are available for Nikon software and firmware.
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [612304 2019-11-18] (NIKON CORPORATION -> Nikon Corporation)

Do you really want or  need too auto-start this program too? All these programs when or if you need them will only take a couple seconds more to load when you do need them, vs. taking resources the entire time and not being used.

HKLM-x32\...\Run: [CLMLServer_For_P2G11] => C:\Program Files (x86)\CyberLink\Power2Go11\CLMLSvc_P2G11.exe [118552 2017-03-29] (CyberLink Corp. -> CyberLink)

I notice you're running the Search product EVERYTHING (very nice program) - do you still need the Corel Wordperfect search? If so, I think there may be a newer one.
HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Program Files (x86)\Corel\WordPerfect Office 2021\Programs\QFSCHD210.EXE [243352 2021-04-29] (Corel Corporation -> Corel Corporation)

I thought you were using Macrium Reflect for your imaging and backups? Why do you have this one auto-start running?

HKLM-x32\...\Run: [TrayProcess] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayProcess.exe [899720 2022-04-15] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)

 

Why do you have RESTRICTION in place for Windows Updates?

HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION

 

Excellent printer from back in the day, but is this still operational from 2008 ?

HKU\S-1-5-21-2220132696-1760687211-4290853940-1001\...\Run: [EPSON Artisan 50 Series] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIFFA.EXE [223232 2008-10-09] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)

 

Sandboxie is a great program. Not saying it is causing you any issues - just checking to make sure it is not potentially some type of conflict.

HKU\S-1-5-21-2220132696-1760687211-4290853940-1001\...\Run: [SandboxiePlus_AutoRun] => C:\Program Files\Sandboxie-Plus\SandMan.exe [1519608 2022-06-20] (Tonalio GmbH -> sandboxie-plus.com)

 

Not sure why you're running this from 2010 ? If this is needed, isn't there a newer driver?

HKLM\...\Windows x64\Print Processors\hpcpp103: C:\Windows\System32\spool\prtprocs\x64\hpcpp103.dll [323584 2010-10-13] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)

If all of these are known by you and you're okay running programs from over a decade ago then okay. Myself I recommend trying to locate stuff that is more Windows 10 and 11 compliant or newer if available.

HKLM\...\Print\Monitors\Corel PDF Creator Monitor: C:\Windows\system32\corelcreatorpm.dll [146432 2011-12-13] () [File not signed]
HKLM\...\Print\Monitors\Corel PDF Creator Port Monitor: C:\Windows\system32\gdoccreatorpm.dll [83968 2013-04-08] (Corel Corporation -> Global Graphics)
HKLM\...\Print\Monitors\HP Fax Port: C:\Windows\system32\hppfaxprintermon5.dll [27704 2014-04-28] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM\...\Print\Monitors\HP Standard TCP/IP Port: C:\Windows\system32\HpTcpMon.dll [331264 2009-09-16] (Hewlett Packard) [File not signed]

 

Please verify if this file exists or not. Farbar says it does not exit

Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)

 

You might want to consider downloading a new full installer for Google Chrome and run it. Your updater is getting a bit old.

GoogleUpdate.exe [155432 2019-10-23] (Google Inc -> Google LLC)

 

The Patch My PC runs as a standalone file. No installer, No advertisments. You might want to check it out and see if it fits the bill better than UCheck or not.

Patch My PC Home Updater
https://patchmypc.com/home-updater

No ADS in Patch My PC

image.png

 

Please check on the following file and see what's wrong and why Farbar could not read it.

Error Reading file: "C:\ProgramData\Galactic Static "

 

This file is in the root of your user profile and does not belong there:  C:\Users\gario\VHStoDVD8Patch_5Lang.exe

Not saying anything wrong here, but you should check it out. What are the folders System Hidden at this level?

SH () C:\Users\gario\AppData\Roaming\5.1.0.3

This one is Read Only and Hidden

RH () C:\Users\gario\AppData\Roaming\Grapher

 

Please let me know your thoughts on the items above and we can proceed and look at doing some other cleanup work once you've addressed the items above.

 

Thank you

 

 

 

 

 

 

 

 

Link to post
Share on other sites

I really appreciate the time that you have devoted to analyzing my desktop.

1. I have changed my DNS to Google.

2. PdxRegCl probably belonged to Corel Paradox, a database program that I uninstalled about six months after the desktop was purchased.  The program was no longer being maintained and it was buggy.  It was a part of the Corel WordPerfect Office Suite Pro.  There was no registry cleaner in that Suite.

I deleted that registry Value Name from my registry.  Unfortunately, I did so before I went to look for the file.  I cannot find it on my computer.  Would you check my log, and let me know where I can find the actual .exe file or its name?  If I run FRST now, the Run32 file associated with PdxRegCl won't be found.  I would like to remove the file as well.

I have not used a registry cleaner since 2014, well before the 2019-10-16 purchase date of this computer.  Like you, I advise everyone to stay away from Registry Cleaners.  I borked one of my old computers with a WISE program registry cleaner.

I think that the explorer.exe program fault occurred when I was trying the find the mbam-grab-results.zip file.  I had to cut that from my desktop and paste it into the Downloads folder.  File Explorer could not "see" that file.

I am busy today and your analysis is very thorough.  I plan to take time this coming week to go through each and every item that you have listed.  You have gone to a great deal of work.  I very much appreciate that.  Too often when we are helping people, they just abandon us and we have to conclude the topic as unresolved.  That is a waste of our time.

I will post regular updates this coming week as I work through your comprehensive suggestions and observations.

Thank you again, most sincerely.

Best Regards,
Phil

PS: Can I reinstall Malwarebytes Premium again; or, would you prefer that I wait until we have cleaned up my computer?

Edited by AdvancedSetup
Corrected font issue
Link to post
Share on other sites

Thank you for your emails.  I will not reinstall MBAM until directed.

There is no such Paradox folder under Program Files.  I have attached an "Everything" search snip.  I also checked using File Explorer and the folder is simply not there.

I have contractors coming to the house today, so I might not make any progress on your list today, but yesterday evening I surprisingly found an update (May 2022)at the HP site for my LaserJet Pro, which I purchased in 2010!  I will install it when I get a chance.

The Epson Artisan 50 printer was purchased in 2012.  I procured it for printing on blank, printable DVDs and BDs.  I was doing a lot of videography in those days and VHS to DVD conversions.  I will check for an update on the Epson site when I get a chance.

I don't print much any more, maybe 50 pages a year, so I have seen no reason to purchase a new printer.  The old ones do just fine for me.

Thank you again and I will be back in touch.

Best Regards,
Phil

Paradox.jpg

Edited by AdvancedSetup
Corrected font issue
Link to post
Share on other sites

Thank you for your post.  The contractors have been and gone.  I am having the bathroom remodeled by Bath Fitter, and their "test tub" was not a match.  To be continued.

I have installed the latest HP full driver package for my12-year-old HP LaserJet Pro CM1415fnw printer, which is my default printer.  All is good there.

I downloaded the latest driver package for my Epson Artisan 50 from the Epson website.  I keep all of my installation programs and drivers packages.  The "new" driver package file was "epson13417.exe."  The old driver package file had the same name and the same size.  I did an "fc" on both files, after renaming the new one, and "No differences encountered."  I conclude that I have the latest driver package for that 10-year-old printer.  I still use that printer and it performs flawlessly.  It is a great printer, not that I use it that much these days.

The Dell 8930 SE desktop was purchased on 2019-10-16.  It has had at least eight BIOS updates since I got it originally.  I go to the Dell preboot environment and use their BIOS Flash Utility to do the BIOS updates.  Dell SupportAssist, in particular, is known to brick computers doing BIOS updates, and I have little more confidence in Dell Update.  I removed both programs from my computer using Revo Uninstaller Pro in the last year.  I check the Dell website each week before imaging my two Dell computers and manually search for new drivers.

Looking at all of your suggestions, I decided the most efficient approach for me would be to prepare my own "fixlist" script rather than bungle about with Regedit.  I downloaded FRST64.exe and ran it.  I will go through my logs and remove what I determine should be removed.

For instance, I do like UCheck.  I have UCheck Premium and it finds and installs updates by itself once you tell it do so.  I have used it for four years now and I am completely satisfied.  There are no advertisements in the Premium version and the cost is very reasonable.  I am going to keep it, but I thank you for your suggestion.

I will look into those files that you questioned towards the end of your post, but my first priority now is to craft a fixlist script to remove the Run entries that you pointed out are not needed.  I concur.  If there is some program(s) I want to keep running, I will let you which one(s) and why.

As I have stated already, I am very, very grateful for your assistance.  I never thought to run FRST on my own computer because I knew it was not infected, it was performing normally (everyone experiences the occasional glitch), and it was has no issues that SFC or DISM could detect and rectify.  Those scans were all coming back normal.

I am quite happy to hold off reinstalling MBAM until we have completed our work here.  MBAM has only ever detected the occasional false positive over the many years that I have used it on both of my computers.  As you will know, I have three legitimate lifetime licenses, purchased directly from Malwarebytes when customers were notified that lifetime licenses were going to be discontinued.

Thank you again for sharing your time and expertise.  It is very much appreciated.

Best Regards,
Phil

Edited by AdvancedSetup
Corrected font issue
Link to post
Share on other sites

  • Root Admin

You may want to consider the EmptyTemp: directive on your own system too 😁

I have a pretty generic script that I use on many systems. Cleans up Chrome, Edge, files, etc. and removes ALL of the Temp folders and files that accumulate over time.

You're welcome to look it over or run it. So far I've not had a single person come back and say it broke anything.

fixlist.txt

Cheers

 

Link to post
Share on other sites

I am shutting down for the night.  I have created a fixlist script to deal with the Run entries and I will run it tomorrow.  Thank you for sharing your script for cleaning computers.  I will comment on that tomorrow as well.  I will use the EmptyTemp: directive, though I will also comment on that tomorrow.  I will share with you my "fixlog.txt" tomorrow after I run my "fixlist" script and I will investigate the files you have questioned at the end of your analysis post.  Hopefully we can finish our work tomorrow.

Have a great evening, Ron, and thanks again.

Best Regards,
Phil

Edited by AdvancedSetup
Corrected font issue
  • Like 2
Link to post
Share on other sites

My phone tells me it "wash floors" day.  Being single with a puppy, I have to look after everything in this old two-story house.  My time is seldom my own.

I have decided that I want to fully investigate the FRST logs that I ran yesterday to look for "orphans" and possible other junk that has accumulated on this computer since its purchase in October 2019.

I will try to get an hour after floor cleaning and before making supper to review my logs and add any appropriate items to my fixlist script.

I started with WordPerfect 4.2 back in 2009.  I have had every version since.  The worst thing that ever happened to WordPerfect was being purchased by Corel Corporation.  The product is not being actively supported and enhanced these days.  This is the first year (2022) there has not been a new version, but in the later years, the "enhancements" were mostly cosmetic.  The good programmers are gone.  I will leave the WordPerfect QuickFinder active.  It performs functions in the WordPerfect Office Suite, and for old times sake.

With respect to the HP and Corel programs that you mentioned, I did update the HP printer driver as you recommended and those ancient HP files are still appearing in my new FRST.txt file that was created after the HP printer driver package was updated.  As for the Corel PDF Creator files, as I have stated, Corel has not been actively updating WordPerfect Office in many a year.  I guess that they don't, or can't, fix what isn't broken.

Thank you for your patience.  It may be tomorrow before I post again.  Have a great day.

Best Regards,
Phil

Edited by AdvancedSetup
Corrected font issue
Link to post
Share on other sites

  • Root Admin
21 minutes ago, garioch7 said:

The worst thing that ever happened to WordPerfect was being purchased by Corel Corporation. 

Amen there. I'm with you. All of the Corel applications today appear to be shells for marketing toasters and popups for sales on the paid versions. So sad.

 

Link to post
Share on other sites

 

I am gratefully providing you with this update.  My floors are clean.  I got through your FRST.txt analysis after cleaning the floors.  My assessments of, and responses to, your outstanding questions are listed below.  Regrettably I will not have time today to analyze my Addition.txt file and finalize my fixlist script.

I do find the Nikon Message Centre software to be helpful.  I am prepared to absorb the resources required to keep it running and notify me when there are new Nikon software updates.  As you can see from my logs, my desktop is very capable, having been equipped to handle HD video editing which is very resource-intensive.

I turned off the auto-run of Sandboxie within the Sandboxie program and the icon is no longer appearing in my tray, so I did not include it in my fixlist.  We will see if it appears in the next set of FRST logs.

Chrome was uninstalled and reinstalled.

The folder "C:\ProgramData\Galactic Static" does appear on my computer.  It contains a 1 KB file called "Printers".  Active@Disk Editor crashed when I tried to have it open the file (never got to specifying the filename).   I downloaded Active@Disk Editor again and installed over the crashing version, and it works now.  The "Printers" file is 12 bytes of gibberish and dates from about a week to ten days after I purchased the computer.

I have no knowledge of "Galactic Static" and a Google search came up negative.  I have attached Active@Disk Editor report of the file contents.  I will be deleting the folder.  If it turns out I need it for some unknown reason, I will recover it from the FRST Quarantine.  I could also just recreate the file using Active@Disk Editor.

The two files that you referenced in the ...\Roaming folder: 5.1.03 might be related to xplorer2 which is my main file manager or it might possibly be related to Galactic Static though I doubt that because the file dates are years apart.

Grapher is probably related to Galactic Static.  I will remove Grapher via the fixlist script, but I am going to leave 5.1.0.3 because it might be related to xplorer2.

MbaeparserTask.exe does not exist on my computer.  Deleting the task.

I have saved your clean up "fixlist" script.  Thank you.  I will run it after you declare my computer is stable and reasonably clean.

I use System Ninja and Windows Cleanup weekly, so I don't think there is too much junk on my computer that is accumulating.  I also have a batch file that I run every week - credit to JohnC_21 over at Bleeping Computer.  Neither System Ninja nor Windows Cleanup deal with the innumerable temporary folders that Window 11 creates in the :\Windows\System32\config\systemprofile\AppData\Local\ folder.  I can send you the batch file zipped because I doubt that the Forum accepts .bat files as attachments.

I run both Easeus Todo Backup Home (ETBH) and Macrium Reflect as system imaging programs, alternating weekly.  Macrium is by far the better program for speed and performance, but the interface is a little overwhelming for newbie users.  One of my main priorities, as a computer support person here in the community, is to encourage people to perform regular backups, thus I use ETBH myself to ensure that I am fully conversant with the program (I hate the "eye candy" in the newest version).  I normally recommend ETBH to my clients who are not really knowledgeable and comfortable with complicated program UIs.

 Also, I do not like to put my trust in a single backup program.  I got burned a about 10 years ago when I was using Acronis.  They issued an update that borked both of my computers.  Ironically I had to boot from the Acronis Rescue disk to revert my computers.  That particular update removed a file that was essential to booting, but did not remove the registry loading point declaring it to be essential to boot.  It was quite a sensation at the time and cost Acronis a lot of customers, yours truly included.  I uninstalled Acronis and went to ETBH, and then a few years later found Macrium, which I like better.
 
 The VHStoDVD patch file I deleted from my user profile folder.  There was already a copy in the Honestech VHStoDVD folder, which is a now defunct program that I used for converting VHS tapes to .mpg files so that I could create DVDs.  I still have the last version that was released and it works great, but the Honestech company went belly up
 
Going back to that strange error you saw in April, I believe that was when I wiped out File History.  It was not working correctly and the Forums were full of unresolved complaints about its many bugs.  I was only using it as a redundant backup source.  I image weekly and copy all created or modified data files to my D: drive, so I really didn't need it, and I cannot abide software that doesn't work.  On top of that, I run SyncToy everyday on my boot drive which copies all new and modified files to my D: drive.

Unlike some, I prefer to have all of my progams and data on my boot drive.  It is a 1 TB drive and has lots of room.  The 2 TB "spinner" D: drive has copies of all of my data, plus images, which I also copy to an external hard drive, only connected to perform the copy operations.  Overkill, perhaps, but you can never have too many backups!
  
 My plan is to analyze my Additon.txt file tomorrow and finalize my fixlist script.  I will run it, provide you with the fixlog.txt and a new set of FRST scan logs.  I am guessing that you prefer the FRST logs to be attached, rather than copied into posts?  At BC, we prefer logs copied, but when in Rome, ...  Please let me know your preference.
 
 I am reminded every time I log into my computer that MBAM is not there.  My habit is always to initiate manual updates to BDTS, MBAM, and Windows Defender before I do anything else.  While I am not concerned, as the good Captain, you will appreciate that I am prudently concerned about a missing "deflector shield." :)
 
 I presume your support tool deactivated my lifetime license on this computer?  If not, I will go to my account and deactivate it so I can reinstall it when you so direct me.
 
 As I have stated previously, I very much appreciate your comprehensive and professional review of my FRST logs.  You may not recall but it was the MBAM Forums and you personally who recommended that I consider taking malware removal training back in 2014.  The rest, as they say, is history.
 
 Have a great day and I will post tomorrow, God willing and the devil not caring.
 
 Best Regards,
 Phil

Galactic Static_Printers_file.jpg

Edited by AdvancedSetup
Corrected font issue
Link to post
Share on other sites

  • Root Admin

Excellent reply and feedback.

Just a note that all of my comments are queries to prompt you to make an educated decision. Many of us computer techs often don't pay enough attention to our own systems and what is going on. They seem to work so we move along.

There is nothing wrong with running programs from many years ago if they're still working and do not pose a threat to the system. As I'm sure you're aware as well, not all "updates" are better than the previous versions.

Again, your educated knowledge needs to come into play as you've been doing, and decide what is best for you and how you run your SHIP image.png

 

We simply want to rule out anything that might be causing undue stress, faults, or other issues with other programs, or with Malwarebytes. Back in the good old XP days, I kept my Even Logs as clean as a whistle, but today on Windows 10, 11 it's a fool's paradise trying to keep the Event Logs clean.

Wow, talk about different times. Back in 2014, there were many malware removal forums and all sites were so busy it was taking customers many days or even a week to get a reply.

No rush, we have all the time in the world to work on your system as you have time.

Cheers

 

Link to post
Share on other sites

Thank you for your patience, Captain.

...\Roaming\Grapher appears in the new FRST.txt log.  I subsequently manually deleted it.  That file is gone now.

Not so lucky with the empty "C:\ProgramData\Galactic Static" folder.  Windows 11 keeps saying it is not found.  It does have an invisible character at the end of the folder name that I noted when I tried to rename it, but when I tried that it said the file was not found.  The properties show that I have been messing with it (Modified Date today).  I have tried using an Administrative Command Prompt and rmdir with wildcards, without, with spaces, without, etc.  In brief I have tried everything that I can think of, but you can't do anything with a folder that Windows 11 says does not exist, though the properties show it was created on 2019-10-27  12:25.  It is not taking up much space so it might not be worth the bother of trying to delete it.  If you have any suggestions, I am willing to try them.  I have run many "Chkdsk /f" on my drive C: over the years, so if it was a problem folder, CHKDSK would have fixed it by now, or should have, so I did not run it again.  As you will see in the fixlog.txt, FRST could not find that folder either.  I googled "what is the "C:\ProgramData\Galactic Static" folder?" and got no results.

I have attached a zip file that contains the fixlog.txt, and the new FRST scan logs.  Awaiting instructions, sir.

Thank you and have a great day.

Best Regards,
Phil

garioch7_new_logs.zip

Edited by AdvancedSetup
Corrected font issue
Link to post
Share on other sites

Tried to edit my post but it would not save.  I installed File Assassin and tried it, but File Assassin could not find the folder/file.

Link to post
Share on other sites

  • Root Admin

Good day @garioch7

Please uninstall File Assassin. It is not compatible with our main product anymore.

 

Might try going to Recovery Mode and using a command prompt to see if the folder exists or not.

"C:\ProgramData\Galactic Static" => not found

From the command prompt in recovery:

C:

CD ProgramData

DIR /A G*

See if it comes back with anything or not. If it does then you can try the following.

RD /S /Q "Galactic Static"   (or whatever the name shows as

 

Then, let's go ahead and reinstall Malwarebytes again and get it activated.

MB4 Offline Installer
https://downloads.malwarebytes.com/file/mb4_offline

We're having intermittent issues with updates for some customers. If you're not having the issue, great. If you are then you can use the following links if needed to update.

64-bit - https://malwarebytes.box.com/s/lx8dfe2xdysnwnyca3mdfwz4lmah99yr

32-bit - https://malwarebytes.box.com/s/swwntld4n2fr7x2apvoq8l3831lgmzd0

 

Then, restart the computer one more time after the install of Malwarebytes and let me know if you're still experiencing any issues with the program or not.

 

 

 

 

Link to post
Share on other sites

  • Root Admin

One of the things I like to do, even on my own computer from time to time is remove ALL file, folders from Temp. (Do not do if you're using SQL)

In a Farbar fixlist

C:\Users\gario\AppData\Local\Temp\*

Any files or folders that are used by programs will recreate after a reboot.

 

Link to post
Share on other sites

File Assassin uninstalled with Revo Uninstaller Pro.  Malwarebytes Premium (MBP) reinstalled.  Configured all of Bitdefender Total Security "Allowed" folders.  Turned off the Scheduled Scan.  Ran a scan - clean.  Disabled MBP from registering with the Windows Security Center.

In RE, there were no folders listed under X:\ProgramData.  Rebooted into Safe Mode Command Prompt.  The "Galactic Static" folder "seen" by the dir command.  Tried deleting it using your recommended command without a space, with a space, and with an ASCII 255 "blank."  All unsuccessful since the folder does not exist according to Windows 11 although it is displaying it in File Explorer and using the dir command in both Safe and Normal boot modes.

To me, eliminating the "Galactic Static" folder is not worth any more effort.  It takes virtually no space on my computer.  The "Printers" file that it contained has been deleted and buried, so it is just a recalcitrant empty nuisance folder that loves residing on my boot drive in the ProgramData folder. :ph34r:

I was one of those customers who had intermittent problems, for a couple of weeks before all of this started, with MBP reporting "server" issues when I initiated manual updates.  On the second or third try, the update would succeed.  Nothing wrong with my Internet so I assumed it was a problem on your end that you would resolve.

So far, so good.  MBP is responding normally and I like having my supplementary "deflector shield" up and running.  Thank you, Captain. 🙂

I have manually deleted the contents of the .../temp folder in the past, but now I rely on System Ninja.  It seems to do a great job and I run it every Friday along with Windows Cleanup.  As you can see from my fixlog.txt, FRST only found about 158 MB to delete.  System Ninja normally finds around 1 GB of junk to delete on Fridays, despite me clearing my Google and Edge caches daily.  I am not using SQL.

So where to now?  I presume that we have come to the end of our journey with respect to the topic.

Have a great day.  I do sincerely thank you for your professional and comprehensive analysis of my desktop computer.

Best Regards,
Phil

Edited by AdvancedSetup
Corrected font issue
Link to post
Share on other sites

  • Root Admin

Excellent so far. Though, I don't like to leave the pesky folder behind. I can understand you have more things on your plate than worrying about minor traces of junk left behind.

X:\ProgramData  in most cases would be the RE Windows, not your installed Windows drive. Normally that would be C:, D:, E:, etc.

But also, from Recovery Environment nothing should be able to stop you from removing a folder. You may need to take owenership first, etc. but again, I understand this is of little importance in the big picture.

Glad all is working well for you.

Hoping you have a great rest of your week.

Take care and stay safe out there.

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.