Seeing a lot of errors in logs on Win8.1 Update 1

Discussion in 'Windows 8' started by doveman, Jul 25, 2014.

  1. doveman

    doveman MDL Member

    Apr 22, 2010
    208
    9
    10
    #1 doveman, Jul 25, 2014
    Last edited: Jul 25, 2014
    I'm seeing a lot of errors in the Application log, some of which refer to KMSpico but others which appear to be unrelated and in the System log, many of which refer to services stopping unexpectedly. I wonder if these can be related to me RDP'ing in to the box but although I'm using the termsrv.dll patch, at the moment I'm only connecting as the main user, which is logging that account out on the actual machine when I do, so no sharing going on there.

    Logs attached as .evtx files in the zip, if someone could take a look at them for me.

    EDIT: Oh yeah, I keep getting 'the stub received bad data' errors when running stuff as well and then it just works on the second try. These errors don't seem to appear in the logs.
     

    Attached Files:

  2. murphy78

    murphy78 MDL DISM Enthusiast

    Nov 18, 2012
    6,682
    10,142
    210
    Is there a question anywhere here?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. doveman

    doveman MDL Member

    Apr 22, 2010
    208
    9
    10
    Well, yeah. Could someone take a look at the logs for me and advise how to fix these errors?
     
  4. murphy78

    murphy78 MDL DISM Enthusiast

    Nov 18, 2012
    6,682
    10,142
    210
    Are you using a custom anti-virus program?
    Windows Defender with no/old/new updates?
    System architecture?
    Have you inquired on the KMSPico thread?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. doveman

    doveman MDL Member

    Apr 22, 2010
    208
    9
    10
    I'm using Avast and Defender, both updated automatically. Win 8.1 Update 1 x64.

    I did initially post on the KMSPico thread but considering the apparently unrelated errors, thought it might be more likely that something that it relies on is messed up and causing the errors in KMSPico and other programs.
     
  6. murphy78

    murphy78 MDL DISM Enthusiast

    Nov 18, 2012
    6,682
    10,142
    210
    Well, I'm not familiar with the particular method kmspico uses, but I do know that MTK uses the dll secohook injection method and most a/v programs seem to hate that as a rule.
    You should know that even if you use both defender and another a/v program, only the a/v program will have control over the scanning.
    A/V programs disable the defender functionality to prevent double-scanning system slowdown.

    I looked through the log a bit.
    There are some clues.

    First the non-important but related one:
    It mentions VirtualBox needing a re-install after upgrading Windows.
    Sometimes this is just a generic message they give out

    Which brings me to my point.
    Did you Upgrade Windows from a previous version?
    If so, did you allow online updates during setup?

    I highly recommend running admin prompt (winkey+x, then a)
    Then run: "SFC /SCANNOW"
    If you report errors then you need to re-install windows.

    If you don't report errors, try uninstalling Avira and see if it fixes your problem.
    My hunch, if your system does not have errors, is that Avira is blocking a crucial portion of the activation process.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. doveman

    doveman MDL Member

    Apr 22, 2010
    208
    9
    10
    Ah ok, I didn't know that so I'll disable Defender. I have excluded KMSpico's folder/files from Avast and Defender, so neither should be interfering with that.

    No, I did a fresh install. That message about Virtualbox is a bit confusing but I think it happened when I installed the latest version, which turns out not to work properly on Win 8.1 at the moment, so I had to uninstall it and install an older version (4.3.12 I think). So I don't think those messages are important.

    I've done that and it said it had repaired some files but I think it was just the termsrv.dll I patched, although the log is so cluttered it's not easy to be sure.

    OK, that's worth a try, thanks.
     
  8. murphy78

    murphy78 MDL DISM Enthusiast

    Nov 18, 2012
    6,682
    10,142
    210

    Well, I'm not sure if allowing the exe through the exclusion list is good enough.
    If kmspico is using the secohook it injects a system process.
    This is a big red-flag to anti-virus programs, and rightfully so.

    Like I said, though, I really don't know which method kmspico is using lately.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. doveman

    doveman MDL Member

    Apr 22, 2010
    208
    9
    10
    Heldigard has said "The service crash in Service_KMS is a way I use to finish the service and avoid running it all the time, if I find another way I will do it." but I don't think that explains all the errors that are occuring.

    I did read something about not having ownership of files causing errors with Kernelbase.dll but I can't imagine users are expected or meant to take ownership of all of C:\. I've disabled UAC completely via the registry now, as I couldn't get a particular program to launch via the Startup folder, even after using a workaround that was supposed to fix it but after disabling UAC and rebooting, it now launches automatically at startup as it should, so maybe it'll also help reduce the errors.