Windows Installer not working!!! Strange files in my CBS Log folder.

truth · Jan 17, 2013

I'm having a very hard time with my computer's installer it shows registered, working, and it's set to manual in the services panel. When I try and install updates or any software this what I get:Some updates were not installed
Code6B7 Windows Update encountered an unknown error.
Code 641 Windows Update encountered an unknown error.I researched the codes which lead me to do an sfc /scannow and here's the results of that:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>sfc /scannow

Beginning system scan. This process will take some time.

Another servicing or repair operation is currently running.
Wait for this to finish and run sfc again.

C:\Windows\system32>sfc scannow

Microsoft (R) Windows (R) Resource Checker Version 6.0
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

Scans the integrity of all protected system files and replaces incorrect version
s with
correct Microsoft versions.

SFC [/SCANNOW] [/VERIFYONLY] [/SCANFILE=<file>] [/VERIFYFILE=<file>]
[/OFFWINDIR=<offline windows directory> /OFFBOOTDIR=<offline boot directory>
]

/SCANNOW Scans integrity of all protected system files and repairs files
with
problems when possible.
/VERIFYONLY Scans integrity of all protected system files. No repair operati
on is
performed.
/SCANFILE Scans integrity of the referenced file, repairs file if problems
are
identified. Specify full path <file>
/VERIFYFILE Verifies the integrity of the file with full path <file>. No re
pair
operation is performed.
/OFFBOOTDIR For offline repair specify the location of the offline boot dire
ctory
/OFFWINDIR For offline repair specify the location of the offline windows d
irectory

e.g.

sfc /SCANNOW
sfc /VERIFYFILE=c:\windows\system32\kernel32.dll
sfc /SCANFILE=d:\windows\system32\kernel32.dll /OFFBOOTDIR=d:\ /OFFWINDI
R=d:\windows
sfc /VERIFYONLY

C:\Windows\system32>sfc /scannow

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 11% complete.
Windows Resource Protection found corrupt files but was unable to fix some of th
em.
Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example
C:\Windows\Logs\CBS\CBS.log

Now I go to my CBS folder and notice these war files:
CbsPersist_20121214065211.cab
CbsPersist_20121221194820.cab
CbsPersist_20130111053121.cab
CbsPersist_20130111110317.cab
CbsPersist_20130114040644.cab
Can someone Please help me with this I've done come to whits end on this.
Thanks
Truth

niemiro · Jan 17, 2013

@Everyone:

I have just been discussing with truth a few minutes ago. We are having a few problems uploading the CBS log files.

I will explain more later, but for now, please note that I have said that no CBS logfiles are required.

Richard

niemiro · Jan 17, 2013

Hello Truth :)

First, can you please open an Elevated Command Prompt: How to start an Elevated Command Prompt in Windows 7 and Vista

and type in:

net start MSIServer

and press enter. Please note down the message you received, if anything but "The Windows Installer service was started successfully.".

Next, type in:

reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\msiserver %userprofile%\Desktop\RegistryExport1.reg

Then, go to your Desktop, right click on RegistryExport1.reg, and go through Send to > Compressed (zipped) folder.

Upload the new RegistryExport1.zip file from your Desktop to your next post.

Finally, please copy the file (just the file this time, not the whole folder), C:\Windows\Logs\CBS\CBS.log, and paste it onto your Desktop. Does this work? If it does, please right click on it also > Send to > Compressed (zipped) folder, and upload the new CBS.zip file to your next reply also.

Also, those files (CbsPersist_20121214065211.cab, CbsPersist_20121221194820.cab, CbsPersist_20130111053121.cab, CbsPersist_20130111110317.cab, CbsPersist_20130114040644.cab) are fine, and completely normal. I didn't recognise them initially, but now I have seen their names, I can see that they are normal, and nothing to worry about.

Thank you!

Richard

truth · Jan 17, 2013

View attachment CBS.zip
View attachment RegistryExport1.zip
Here are the files as follows 3054-CBS and the 3055-Regexport I'm including the result of testing for the net start msiserver
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>net start msiserver
The requested service has already been started.

More help is available by typing NET HELPMSG 2182.

C:\Windows\system32>reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servi
ces\msiserver %userprofile%\Desktop\RegistryExport1.reg
The operation completed successfully.

C:\Windows\system32>
Thanks Guys!!!
Truth

tom982 · Jan 23, 2013

Hello Truth,

Richard is very busy at the moment, so I am taking over on this one for him, hope you don't mind!

I have attached a file to this post, msiserver.zip, can you download this and save it to your Desktop please?

Right-click on the file and click Extract All, then continue to extract the contents to your Desktop. A file, msiserver.reg should appear on your Desktop.b

Double-click on msiserver.reg, then accept the prompt asking whether you with to merge this with your registry.

SFC Scan

Click on the Start

button and in the search box, type Command Prompt
When you see Command Prompt on the list, right-click on it and select Run as administrator
When command prompt opens, copy and paste the following commands into it, press enter after each

sfc /scannow

Wait for this to finish before you continue

copy %windir%\logs\cbs\cbs.log %userprofile%\Desktop\cbs.txt
This will create a file, cbs.txt on your Desktop. Please attach this to your next post.

I would then like you to run the System Update Readiness Tool please. It can be downloaded from this location:

Download: System Update Readiness Tool for Windows 7 for x64-based Systems (KB947821) [November 2012] - Microsoft Download Center - Download Details

Save this to your Desktop. As it is quite a large file, it is best to save it to an easily accessible location should we need to run it more than once.

It may appear to hang at times, but please let it run uninterrupted. It should take roughly 10-15 minutes, but let me know if it still hasn't completed after an hour. When it finishes, could you copy this folder to your Desktop, zip it up and attach it to your next post please? Like you did for your previous post :)

C:\Windows\Logs\CBS

Thanks,

Tom

truth · Jan 23, 2013

I followed the instructions and it's still not working. I've attached the cbs log file and I'm going to run the surt tool again.

Thanks
TruthView attachment cbs.txt

tom982 · Jan 23, 2013

Hello truth,

Great, look forward to seeing the SURT log. I will review your CBS log now.

Tom

truth · Jan 27, 2013

I tried installing my Adobe master collection and it failed to load all programs accept acrobat reader. I attached the log maybe it could help...

Thanks
Truth
View attachment ErrorSummary_Adobe.zip

truth · Jan 28, 2013

I ran a scan using rogue killer and I'm including the report log from the scan also an image of the scan screen after the scan completed.View attachment RKreport[1]_S_01282013_02d0741.zip View attachment RKreport[2]_S_01282013_02d0749.zip

tom982 · Jan 28, 2013

Hi truth,

Umm, that's not good! You're infected with the ZeroAccess rootkit. Post in the Security Arena forum and someone will tend to you:

Security Arena

When you are clean again, we will give this another shot.

Tom

Search

Search

Windows Installer not working!!! Strange files in my CBS Log folder.

truth

Member

niemiro

Senior Administrator, Windows Update Expert

niemiro

Senior Administrator, Windows Update Expert

truth

Member

tom982

Emeritus

Attachments

truth

Member

tom982

Emeritus

truth

Member

truth

Member

tom982

Emeritus