How to permanently remove KB2952664, and maybe speed up your machine in the proceess

Topic

New Reply

Just got this fascinating email from Tom: Lately I’ve been focusing on are your articles pertaining to the different widows patches / monthly windows
[See the full post at: How to permanently remove KB2952664, and maybe speed up your machine in the proceess]

Reply | Quote

Replies

WOW!
It’s never been on my computers, but I have run into several from which I could not delete it.
I installed it on a test computer it had never been on, and I know it one of the things it did was to alter Task SchedulerMicrosoftWindowsApplication Experience task, which I believe sends data to MS repeatedly. Busy MS!
Will take a look this on three of the computers I remember having the problem.

Reply | Quote

Fascinating indeed. I tried to search for this update, and, unless I did something wrong, it’s not there. But my machine is abnormally slow despite the fact my install is still very young, and I’m convinced Windows’ “enhancements” are at fault.

Reply | Quote

Pardon my ignorance, but what is an “elevated” command prompt? Is there a difference between that and a plain-vanilla command prompt? Does its use require admin rights of some sort? Or will keying “command prompt” in the Start menu search box (Win-7 SP1) give me what I need?

Thanks for the post.

Reply | Quote

It seems that anytime the update was uninstalled, it automatically reinstalled itself almost instantly.

Tom, this is happening when you have older versions already installed and it appears that there are about 15 or more of them, I don’t know the exact number. When you uninstall the more recent one, the next most recent version will appear as installed and so on until you end uninstalling them all.
The DISM method is the ‘pro’/Sysadmin style one, Microsoft supported without doubt, but not for everyone who would likely be more comfortable using Programs and Features/Installed Updates.
Thanks for presenting it as a very good alternative and for reference as it can be used for any other bad behaving update or for updates partially installed which cause further problems in doing other updates etc.

Reply | Quote

I sincerely hope this works as advertised. KB 2952664 has been residing on one of my computers for months despite every attempt to remove it. It’s the only Win10 related update still on that machine and I want it gone, gone, gone.

Reply | Quote

Very good find on this, I went in to programs in the controlpanel and found 2952664 from February, I removed it. I will post more info after I reboot my machine, I did not find 3035583. Seems we all have to be careful with MS now unlike when W7 initially came out.

Reply | Quote

I found this trick a while ago. I had 5 instances installed.

However, dism would get to 98% then fail. On reboot, I then had another instance installed.

Gave up in the end. Don’t know enough to figure out why dism crashes.

Reply | Quote

Right-click on windowssystem32cmd.exe and select run as administrator.

Opens the equivalent of a terminal with Root access.

Reply | Quote

An “elevated” command prompt is a command prompt ran with Administrator privileges (right click on it and “Run as Administrator”).

1 user thanked author for this post.

AlanH

Reply | Quote

This method was effective here, where no other method had succeeded. There has been no adverse after effects, however, there has been no improvement in speed, either perceived, or in tests. Still, it’s nice to be rid of it once and for all. It got by me during a WU cycle, and was the only Win 10 update on my Win 7 machine.

Reply | Quote

i’m curious is it possible to remove just a KB3146449 update from KB3139929 somehow ?

Reply | Quote

I found over a dozen copies on my desktop computer. There were times when it was becoming sluggish, and I had done several scans for spyware without finding anything. After removing them and a reboot, it is running like new. I have created a batch file for easy access to check periodically. Many thanks for this.

Reply | Quote

And these instructions work for any of the other GWX patches as well.

Reply | Quote

What happens if you uninstall one by one every instance of KB2952664 from Programs and Features? It may be useful to restart after each uninstall even if the system does not ask for it. Does it still crash?

Reply | Quote

I was able to get rid of KB 2952664 permanently by following the command prompt method mentioned here by Tom. (To be fair, I discovered this method 2 days ago in a post by a certain Lars at ghacks.net, dated October 2015. I dont’t know why this successful trick has not yet become widely known.)
Anyway, that was the last Windows 10 update in my PC.

PS. Many hanks to you Woody, for your contribution in the computer world generally.

Reply | Quote

Nothing there – I’ve been reading Woody’s blog too long 🙂

Reply | Quote

Is there an easy way to search for this update? I didn’t see it on my list of updates, but may have missed it. I do not currently have any Windows 10 upgrade ad issues. I’ve got Windows 7, x64 system. Thanks!

Reply | Quote

the search bar, put in KB and the Number next to KB, if it doesnt find it, you dont have it.

Reply | Quote

Same system, can confirm B’s method won’t work. Follow the command prompt instructions in the article Jack.

Reply | Quote

Woody,

New instance of KB2952664 just now, upon reboot. You’ll remember my discovery last week of latent registry entries and the files in SoftwareDistribution. This is on my other Win 7 x64 Ult desktop. For certain, there is no 2952664 anywhere on that machine.

Optional, unchecked, unitalicized.

Looks like most recent affected file dates of 3-25-2016 (for x64).

Reply | Quote

In PS
get-hotfix -id KB2952664

You can search for multiple KBs by adding them with a comma. example
get-hotfix -id KB2952664,KB2882822,KB2902907

Reply | Quote

For what it’s worth, I had one instance of 2952664, and dism seemed to freeze at 98% for me, but I just left it alone and eventually (after 5-10 minutes, I think) it went to 100%.

Reply | Quote

Yep, we have three new optional patches. I’ll get this tweeted momentarily.

Reply | Quote

GWX Control Panel version 1.7.4.0 released 30 Mar.

Smooth ‘n easy download.

PP

Reply | Quote

I had an issue on a machine with multiple versions and realized i had to uninstall in reverse order. That worked to remove approx 8 versions.

Reply | Quote

I think TrustedInstaller.exe is doing its clean-up job in the background while dism stays at 98%. If someone who has noticed the same behaviour could check in Task Manager…

Reply | Quote

…and it’s great. deals with the ‘give me recommended updates the same way you receive important updates’ which previously wasn’t staying unchecked.

Reply | Quote

it’s odd i was able to remove all of those updates using my control panel…

Reply | Quote

Thanks Graham and Lucian for the answer. Been too long since I used DOS.

Reply | Quote

I have 10 instances installed. If I remove the latest one it works. Reboot and it’s gone.

If I then try to remove the next latest one, I get an Error 1726 – The remote procedure failed. Failure configuring windows updates. Reverting changes.

The computer reboots and I now have no updates at all showing as installed.

I have to do a restore to get the system working again.

Reply | Quote

Re: John’s post #9 above.

Google returns about 200 hits on;

“remove KB3146449 update from KB3139929”.

PP

Reply | Quote

Finally managed to get this to work. Did some dism cleanup routines and a sfc /scannow

Found I had to remove the OLDEST instance first and work down. The last one could not be removed with dism.

Removed the last one using Windows Updates – Installed and when I rebooted (offline) it was finally gone.

Did a WU check and hid it and another one from 2014 and all is sweet – at long last!

Reply | Quote

To anyone —

Because I know very little about interacting with the registry, I have 2 simple questions:

The instructions in the blogpost above say:
“First, from an elevated command prompt enter:
( dism /online /get-packages | findstr KB2952664 )
This pull up all KB2952664 packages.”

Q1. If I type that into an elevated command prompt, do I need to include the parentheses and the spaces that appear before and after the main string?

Q2. If I type that into an elevated command prompt, and press enter, does it only pull up a list of information, and alters nothing in the registry?

I would only want to see the information (to see if any versions of 2664 are on my computer). I don’t want to go on to do the second step described in the blogpost, which is deleting the instances of 2664 via this method (due to my inexperience with the registry).

Thank you!

Reply | Quote

This is what you want to type in, or you can copy and paste, without the the parentheses and the spaces that appear before and after the main string:

dism /online /get-packages | findstr KB2952664

This command will not make any changes to your registry, its strictly informational.

Reply | Quote

Hi, privacy advocate formerly know as “D.” (I support all of your thoughts that you’ve shared here regarding current privacy issues.)

A1. No

A2. Yes

This was new for me too. I’m so glad that I found this community — so many knowledgeable people with very useful tips.

Reply | Quote

@Tom and @Brady,

Thank you for the instructions! I’ll give this a try.

—–
@Brady,

Thank you for noticing, and for mentioning that you support, the thoughts that I’ve shared regarding privacy issues! 🙂

—–
P.S. I changed my username from the ubiquitous “D.” to the uncommon “Poohsticks” in the hopes that this would allow me more easily to search for the comments I leave on askwoody.com, so I could return to them later, to see if there had been any new replies to them.
The name-change experiment didn’t help much with the search function within Woody’s site, but it did help when searching the site from an external search engine.
P.P.S. Poohsticks is a game about throwing sticks into a stream from a bridge, from Winnie-the-Pooh. 🙂

Reply | Quote

I had hoped that the site redesign several months ago would make the on-site Search function work better, but it hasn’t. Must be a WordPress thing. Fortunately, Google works fine, as long as you append site:askwoody.com

Reply | Quote

Woody, it’s actually not a bad search function as far as blog-based search boxes go!
I have used it here quite a bit in the last 6 months and generally I can find what I’m looking for, although the results are shown in a clunky format.
But it couldn’t find “D.” entries in the comments areas, and I don’t blame it for that!

—–
Instead of moving over to Google, I thought I’d note that one might try the more privacy-minded Ixquick / Startpage search engines! 😉 😉

– For searches using Google via an intermediate search engine which does not store information about you or your searches and does not provide Google with any information about you,
folks can go to Startpage.com
(Note that Startpage states that Google has agreed that Startpage can do this, so using it is not “stealing” from Google.)

– For searches using a number of “other” search engines, other than Google
(they used to say that this search was based on Yahoo as the underlying search engine, but they don’t say that anymore, so maybe Yahoo asked them recently not to mention them by name)
via an intermediate search engine that doesn’t capture information about you or your searches,
folks can go to Ixquick.eu
(note the ending for that one is not “.com” but is rather “.eu” —
this is because ixquick.com was last week merged with the startpage.com search engine, but they kept the “.eu” ixquick as it was before).

Personally, I prefer the ixquick.eu results over the startpage.com results, just as I prefer yahoo results over google results. ixquick.eu and startpage.com results are often different enough to make it useful to do your search via both of them.

Reply | Quote

FYI, both ixquick and startpage have a number of settings you can adjust to your liking —

and you have the choice of saving your personal settings to either a cookie on your computer or recording it in a unique URL that you can bookmark (in case you don’t want to keep a cookie on your computer).

I save no cookies, so I love the convenience of having the bookmarked URL which automatically shows me the search results in the way that I’ve specified.

This shows the settings you can select from:
https://startpage.com/do/preferences?language=english&language_ui=english&nj=0&hmb=1&lmv=1

—
Also, ixquick and searchpage will allow you to do “proxy” searches, where they act like they are the ones doing the search and don’t involve your personal details or ip location at all — then they show you what the page looks like, as it is being shown to them.
I find this useful when I want to click on links that I don’t know if I should 100% trust or not.
Sometimes it will show me what a webpage looks like when it’s a webpage that my Peerblock settings would have fully blocked me from seeing, but those settings aren’t triggered when it is Ixquick/Startpage that is previewing the page first.

Here is their description of how that works: https://startpage.com/proxy/eng/help.html?hmb=1&lmv=1

Also here is some info on it: https://startpage.com/eng/protect-privacy-qa.html?&hmb=1&lmv=1#q13

Reply | Quote

Okay, I tried entering

dism /online /get-packages | findstr KB2952664

at an elevated command prompt (open-as-administrator),

and after thinking for a minute, it just offered me a new blank command prompt beneath the original one:
“C:Windowssystem32>”

I assume that means that I don’t have any KB29522664 packages on my computer (which I didn’t expect to have, so I’m glad).

Reply | Quote

Ah yes, I remember that poohsticks game. Good choice for a handle.

Reply | Quote

Thanks very much to Tom for this fix, and Woody for posting it. I ran this procedure on four Windows 7 machines that I administer, and only one was clear. This had been set up recently, after I was aware of the GWX debacle and knew to block the appropriate updates from the off.

I’ll just add that if you’re on a 32 bit machine, you’ll need to substitute x86 for amd64 in the above command lines. You’ll see x86 in the results from the first step anyway, so it should be clear even if you’re not sure how many bits your Windows has.

Has anyone tried, or is there any need to remove KB3035583 in the same way? I have several versions of that too, but I’d tend to leave it well alone unless it’s actively being evil.

Reply | Quote

Best to let KB 3035583 fester. Cut if off at the pass with GWX Control Panel.

Even if you kill it, Microsoft will bring it back. Guaranteed.

Reply | Quote

I declined yet another version of KB29522664 offered by Windows Update this morning. GWX Control Panel says I’m clear, and as long as I continue to be vigilant, I don’t expect to get any further infestations of KB3035583. I just have this irrational urge to tidy up…

Reply | Quote

Many thanks Tom and Woody for posting this. I have 3 Windows 7 machines and on the first one I checked out I had 4 instances of KB2952664 – versions 6.1.9.8, 6.1.10.5, 6.1.14.2 and 6.1.15.2.

Your command cleared out each instance.

I am now off to check the other two machines…

As the syntax of the command is exact (and some folks are not very tech savvy) I have reproduced your command line commands below – highlighting where the spaces are

dism^/online^/get-packages^|^findstr^KB2952664 (the ‘^’ character indicates ‘space’)

and similarly:

dism^/online^/remove-package^/PackageName:Package_for_KB2952664~31bf3856ad364e35~amd64~~6.1.1.3

No other spaces should be entered into the command string.

Hope this helps folks experiencing any difficulties.

Like Peter, I was also going to ask if I should use the same procedure to remove KB3035583.

Kind regards, Art

Reply | Quote

My work machine doesn’t have any instances of KB3035583 at all – probably down to the way update works on our corporate network.

Interestingly, I used dism to search for KB2952664 again on a previously cleared machine, and came up with four variants of version 6.1.17.5. I think this is a new version that I haven’t seen before. I most definitely didn’t opt for it to be installed, and I’m wondering where it came from. GWX Control Panel reports that I have 377.7KB in Windows 10 download folders which I didn’t have before – not a full update, obviously, but maybe a precursor for something? I have just installed other patches which all seemed innocuous.

I’m going to zap the KB2952664 packages, but keep the download folders and see what happens next.

Reply | Quote

I did more checking:

KB2952664 is in my update history. It was installed on a day when I wasn’t even here, so I suspect my IT department indiscriminately let some patches through on my behalf. How thoughtful of them. 🙂

The Win 10 download files are from when I ran the Media Creation Tool, so probably fair enough. (I wanted to ‘upgrade’ my laptop and then revert it, to make sure I qualify for free Win10 on that machine in the future.)

Reply | Quote

When I enter the command to remove the package (the first of two) I get the following:

Deployment Image Servicing and Management tool
Version: 6.1.7600.16385

Image Version: 6.1.7601.18489

Processing 1 of 1 –

… and it just sits there, for a long time, with no apparent result.

If I eventually close out that elevated command prompt and try again “from the top” it still shows the two packages being installed.. thus, the first one attempted for removal is still there.

Any thoughts?

Reply | Quote

Okay.. I got it to work. Maybe I’m missed something, but the difference seemed to be doing a cold-boot.

Thanks so much to Tom for the original info, and to you Woody, for passing it along!

Reply | Quote

Errrrm, According to GWX’s creator Josh Mayfield, KB2952664 is not screened by his program which I have had installed on my machine since June ’16 and I am still getting KB2952664 forced down my throat no matter what I do. Doing what is suggested in this article will get rid of previous copies of it on the machine but how to keep it out totally?

Reply | Quote

thank you so much been getting wierd freezes and black screens all the time for 3 days was trying to clear this file with no success

Reply | Quote

Another solution which I think would work is to use Disk Cleanup to remove superseded Windows updates. See https://support.microsoft.com/en-us/kb/2852386 for more information.

1 user thanked author for this post.

ch100

Reply | Quote

Awesome hack!!! I found seven (7) instances on my machine that I thought was so clean… now I’m looking for every known GWX KBfile to remove. Fortunately I started the process by removing the oldest (first version listed) first; some others here seem to have jumped the gun which caused additional issues. Just as “Tom” says do (include spaces as shown) and you too will have a KB2952664-free machine!!!

Reply | Quote

Script that uninstalls all installed versions of KB2952664, KB2976978, KB2977759

Reply | Quote

Roger wrote:

Pardon my ignorance, but what is an “elevated” command prompt? Is there a difference between that and a plain-vanilla command prompt? Does its use require admin rights of some sort? Or will keying “command prompt” in the Start menu search box (Win-7 SP1) give me what I need? Thanks for the post.

Yes, an elevated command prompt is different since it gives you full Administrator rights. To launch an elevated command prompt, right-click on your Command Prompt link and then click on “Run as administrator”.

Reply | Quote

Very interesting.  On my Windows 7 Pro SP1 machine, I accessed the elevated prompt and typed          dism /online /get-packages |findstr KB2952664

and it returned 9 entries.
Ther version numbers include      6.1.4.4,      6.1.16.0, and      6.1.20.1

However, I also looked into
Control Panel > Programs > Programs and Features >Installed Updates
and typed KB2952664 in the upper right corner search box .

Behold, it returns just ONE entry, and says that update was installed on 9/25/2014.
Furthermore, if I right click on it I am offered the option to uninstall.

Also if I use Everything.exe to find every filename with 2952664, it locates 36 files, some are in C:\servicing\Packages
and the rest are in C:\Windows\system32\catroot\{F750E6CE-38EE-11D1……..

So in the morning I am going to make a fresh backup of my hard drive (always a good idea).

Is there any chance of bricking my machine by doing

The right-click uninstall method is appealing because of its simplicity.  But I ask the more experienced users here – should I just go directly to Tom’s method and do the DISM command for each version, starting with the oldest?

Thanks to Woody and Tom and all the great contributors here.

Alpha

Reply | Quote

There are two more scripts, both of them fully automated, in this post. My script there calls wusa.exe many times to uninstall a given update, which ought to uninstall the multiple installed versions in the proper order. Abbodi86’s script in that post automates the method in this topic. I can’t guarantee that my script is safe, but it worked in my test of removing 5 installed versions of KB2952664.

1 user thanked author for this post.

ch100

Reply | Quote

If you don’t want to use a script, you can use the right-click uninstall method, reboot, and repeat until all versions of KB2952664 are uninstalled.

Reply | Quote

Well then, I did not use a script because I wanted to directly observe and learn what happens.  I repeated the method in Tom’s original email:

1. elevated command prompt
2. dism /online /get-packages         … to locate versions
3. dism /online /remove-package            ,… to remove oldest version
4. reboot, and then repeat steps 1-3 for each version of the package

I cannot discern any speedup of my computer, nevertheless I say hooray, there are no more instances of KB2952664 that appear in response to the dism/online/getpackages search

And, there is no mention of KB2952664 in Control Panel > Programs > Programs and Features > Installed Updates

BUT, when i use Everything.exe to look for every filename with KB2952664, there are still 12 entries.  Three versions each for
Package_for_KB2952664…
Package_1_forKB2952444…
Package_1_forKB2952444

They all end with the file extension   .CAT
and they are all in this folder:
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}

That folder is interesting, since it contains 5,636 files taking up 141 MB.  The oldest file (OEM4.cat) is dated March 2007 while the newest file is “Package_817_for_KB4015549~31bf3856ad364e35~amd64~~6.1.1.3” dated March 2017.

ANYWAY, my only question now:  is it a good idea to delete the .cat files with KB2952664 from this directory?  They only amount to about 130KB of disk space.

Thank you!

Reply | Quote

I think it’s best to not delete those. Perhaps others can chime in also.

2 users thanked author for this post.

ch100, AlphaCharlie

Reply | Quote

Dism++ can be used to do this with a graphical user interface, with its ability to remove selected Windows updates. As a test, I used Dism++ to remove all versions of KB2952664 that were installed on a test machine.

1 user thanked author for this post.

ch100

Reply | Quote

Uh, maybe not so fast…here’s a quote from a user who downloaded it, let it update itself, and then got an unwelcome surprise:

“WARNING! Downloaded it from chip.de, installed it in a VM. After I launched it, it told me that there is an update and asked me if I want to install it. When I confirmed, it installed the update — and Avast popped up, telling me that it prevented the .exe from starting since it is infected with a virus. Great tool… (And I’m talking about Avast.)”

That was posted on the GHacks.net Website on June 7th of this year as a comment to a review of DISM++ on the site. Granted, the package he(she) got from chip.de might’ve been infected, just waiting for the right time to spring into action, but there is a post above the one quoted above that makes reference to VirusTotal’s checksum of the program and how it has shown up in other “numerous adware/malware packages”. Also granted, the poster’s name was shown as Anonymous, so that has to be taken into account as well.

Reply | Quote