[SOLVED] Windows 10 (Version 21H1, OS Build 19043.1110) DISM Error 2, Windows Update Error

[DR M]

OK. Thank you.

At least the operating system looks genuine.

I'll point out once more the useless of cleaning a system with pirated/cracked programs installed. Your computer was infected because of that, and as a result you couldn't perform the necessary updates. I'm not here as Hercules Poirot to investigate which of your programs have no genuine license and it's not my business to force you to remove (or keep) any programs. It's up to you, however, to make a decision to uninstall all the cracked programs, clean the computer and fix all the corruptions/errors, making a fresh start. Trying to "cheat" me perhaps won't affect the procedure to clean your computer now, but soon or later it will get infected again.

The Eset log is full keygens and hack tools, as well as malware which entered the computer through these methods/tools.

FabFilter Total Bundle
Valhalla DSP Valhalla Shimmer
Adobe Illustrator 2020
Adobe Photoshop CS6
Adobe Premiere Pro 2020

Before, we found these:

BIAS AMP 2 Pack
BIAS FX 2 Desktop
BIAS FX Plugins Pack
BIAS Pedal Plugins Pack
REAPER

And the most important, you have KMSpico service, which is used to illegally bypass Microsoft's programs activation. You have Microsoft Office in your computer. Is this also pirated???

I am going to request you, once again, to completely uninstall all products for which you do not have a valid Product Key, including all "cracked" software. If you are willing to do that please rerun a FRST scan after removal and attach both reports (Addition and FRST) in your reply. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

 

[sandarpanmukherjee]

Hi. I did have a pirated copy of Office previously but now I got a licensed copy from work. All the mentioned programs detected by ESET are no longer on my PC. Only the downloaded keygens were there. Anyway both files now attached.

Can I run Windows Update now?

 

[DR M]

Hi.

I still see these:

FabFilter Total Bundle
Valhalla DSP Valhalla Shimmer

If you are going to uninstall them, I'll need fresh logs.

FYI: I'll be away for 3-4 hours, before I will be able to review the logs.

 

[sandarpanmukherjee]

I missed out Fabfilter which I have uninstalled now.

 

[sandarpanmukherjee]

Hi.

I still see these:

FabFilter Total Bundle
Valhalla DSP Valhalla Shimmer

If you are going to uninstall them, I'll need fresh logs.

FYI: I'll be away for 3-4 hours, before I will be able to review the logs.

No problem. Files attached.

 

[DR M]

Hi.

1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

• Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Start::
CreateRestorePoint:
CloseProcesses:
H:\Downloads\Overloud_TH3_Crack_Serial_Number_Full_Version_Free_Download.rar
H:\Downloads\Tally 7.2.Full.Ver-GaLLiLeO\Patch_v7.2.exe
H:\Downloads\SUPERIOR DRUMMER 2.0 64 BITS COMPLETE\ToonTrack.Superior.Drummer.VSTi.RTAS.v2.2.3.x86.x64.UPDATE.Incl.Keygen-AiR.rar
H:\Downloads\Guitar Pro 6.0.9 r9934\patch.exe
H:\Downloads\fifa15.update4.and.crackonly\fifa15.update4.and.crackonly\Crack\3dmgame.dll
HKU\S-1-5-21-2922945391-2041331830-2144407415-1000\...\StartupApproved\Run: => "DO9GETSBG2H36R0"
HKU\S-1-5-21-2922945391-2041331830-2144407415-1000\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Sandarpan.PC2\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2922945391-2041331830-2144407415-1000\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Sandarpan.PC2\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2922945391-2041331830-2144407415-1000\...\RunOnce: [Uninstall 22.131.0619.0001] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sandarpan.PC2\AppData\Local\Microsoft\OneDrive\22.131.0619.0001" (No File)
Task: {39E787FF-8875-4491-B955-DC0B2D498B35} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe /autoupdate /silent /autoclose /background (No File)
Task: {5DD92B1F-2132-4778-B287-5CE02A381239} - System32\Tasks\Opera scheduled Autoupdate 1549733943 => C:\Users\Sandarpan.PC2\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
S3 MpKsl35e07bd0; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4539DD04-7C08-462D-ACD0-D27006443D2B}\MpKslDrv.sys [X]
2022-07-24 19:47 - 2022-07-24 19:46 - 004146112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgremoverx.exe
2019-04-04 22:31 - 2020-05-19 13:05 - 000000074 _____ () C:\Users\Sandarpan.PC2\AppData\Roaming\.pedal.version
2018-12-15 10:11 - 2018-12-15 10:11 - 000000033 _____ () C:\Users\Sandarpan.PC2\AppData\Roaming\.pgbiasfx
2019-04-04 22:27 - 2019-04-04 22:27 - 000000033 _____ () C:\Users\Sandarpan.PC2\AppData\Roaming\.pgbiaspedal
2020-03-22 19:36 - 2020-03-22 19:36 - 000000132 _____ () C:\Users\Sandarpan.PC2\AppData\Roaming\Adobe BMP Format CS6 Prefs
2020-08-26 18:08 - 2020-08-26 18:08 - 000000132 _____ () C:\Users\Sandarpan.PC2\AppData\Roaming\Adobe PNG Format CS6 Prefs
EmptyTemp:
End::

1. Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
2. Press the Fix button once and wait.
3. FRST will process fixlist.txt
4. When finished, it will produce a log fixlog.txt on your Desktop.
5. Post the log in your next reply.

2. Check services

• Please download Farbar Service Scanner and save it on your Desktop.
• Right click on the tool icon and run it as administrator.
• Make sure all the options are checked.
• Click on the Scan button.
• It will create a log (FSS.txt) on your Desktop.
• Copy and paste the log's content to your next reply.

In your next reply please post:

1. The fixlog.txt
2. The FSS.txt

 

[sandarpanmukherjee]

Here's the FRST fixlog.txt.

The FSS.exe is getting flagged by Windows Defender as dangerous. Should I still run it?

 

[sandarpanmukherjee]

It says Unknown Publisher, so I ran it. Here are the contents of the FSS.txt:

Farbar Service Scanner Version: 21-07-2022
Ran by Sandarpan (administrator) on 28-07-2022 at 16:54:11
Running from "D:\Desktop"
Windows 10 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============


Firewall Disabled Policy:
==================


System Restore:
============


System Restore Policy:
========================


Windows Security:
============


Windows Update:
============


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\netbt.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\SecurityHealthService.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\usosvc.dll => File is digitally signed
C:\Windows\System32\WaaSMedicSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

[DR M]

OK.

Now the computer is clean, we can deal with the updates issue.

Please read here the log posting instructions, and follow steps 2, 3, 4, 5 to attach the requested logs for me.

 

[sandarpanmukherjee]

Here are the logs:

Thanks.

 

[DR M]

Hi.

Please check for updates and try to download/install them. Let me know about the result.

 

[sandarpanmukherjee]

Thanks. I'll do so. Windows is already detecting the updates available. By the way, is it safe to use the Windows 10 Update Assistant?

 

[DR M]

It's safe, but for now just check for updates and download/install them. I'll be waiting for the result.

 

[sandarpanmukherjee]

The detected updates got installed. The latest huuuge update was from 2 days ago if I am not wrong. But on restarting there are more updates.

 

[DR M]

So no problems now considering the updates?

 

[sandarpanmukherjee]

Nope. Everything seems fine.

 

[sandarpanmukherjee]

Will the Windows Update Assistant do anything more than regular updates? It says update to 21H2. Should I do it?

 

[DR M]

The Update Assistance will take you to the latest update (21H2), without needing to manually check, download and install the previous/interim updates. Since you checked that there is no issue now, you can go with any of the two ways. At the end, you will reach version 21H2.

NOTE: As soon as you finish updating, let me know to give you instructions for removing the tools we used and create a new restore point.

 

[sandarpanmukherjee]

The Update Assistance will take you to the latest update (21H2), without needing to manually check, download and install the previous/interim updates. Since you checked that there is no issue now, you can go with any of the two ways. At the end, you will reach version 21H2.

Actually I installed all the updates and am still at 21H1. No more updates pending.

 

[DR M]

Actually I installed all the updates and am still at 21H1. No more updates pending.

Your computer will notify you about 21H2, when it is ready.