1 files changed, 508 insertions, 76 deletions
diff --git a/MAS/Separate-Files-Version/Activation_Troubleshoot.cmd b/MAS/Separate-Files-Version/Activation_Troubleshoot.cmd
index 4fcad36..e64325b 100644
--- a/MAS/Separate-Files-Version/Activation_Troubleshoot.cmd
+++ b/MAS/Separate-Files-Version/Activation_Troubleshoot.cmd
@@ -55,8 +55,7 @@ if not %errorlevel%==0 (
 echo:
 echo Error: This is not a correct file. It has LF line ending issue.
 echo:
-echo Press any key to exit...
-pause >nul
+ping 127.0.0.1 -n 6 > nul
 popd
 exit /b
 )
@@ -86,6 +85,7 @@ set cbs_log=%SystemRoot%\logs\cbs\cbs.log
 set "nceline=echo: &echo ==== ERROR ==== &echo:"
 set "eline=echo: &call :_color %Red% "==== ERROR ====" &echo:"
 set "line=_________________________________________________________________________________________________"
+if %~z0 GEQ 200000 (set "_exitmsg=Go back") else (set "_exitmsg=Exit")
 
 ::========================================================================================================================================
 
@@ -135,7 +135,7 @@ goto at_done
 
 ::  Elevate script as admin and pass arguments and preventing loop
 
-%nul% reg query HKU\S-1-5-19 || (
+>nul fltmc || (
 if not defined _elev %nul% %psc% "start cmd.exe -arg '/c \"!_PSarg:'=''!\"' -verb runas" && exit /b
 %nceline%
 echo This script require administrator privileges.
@@ -172,31 +172,41 @@ mode con cols=77 lines=30
 
 echo:
 echo:
-echo:
-echo:
 echo:       _______________________________________________________________
 echo:                                                   
-echo:             [1] ReadMe  
-echo:             ___________________________________________________      
+call :_color2 %_White% "             [1] " %_Green% "Help"
+echo:             ___________________________________________________
 echo:                                                                      
-echo:             [2] Dism RestoreHealth                                   
-echo:             [3] SFC Scannow                                          
-echo:                          
+echo:             [2] Dism RestoreHealth
+echo:             [3] SFC Scannow
+echo:
 echo:             [4] Rebuild Licensing Tokens
-echo:             [5] Clear Office vNext License
-echo:             ___________________________________________________      
+echo:             [5] Rebuild ClipSVC Licences
+echo:             [6] Clear Office vNext Licences
+echo:             ___________________________________________________
 echo:                                                                      
-echo:             [6] Solution: Office is not genuine banner
-echo:             [0] Exit                                                 
+echo:             [7] Rebuild WMI Repository
+echo:             [8] Fix: Issues Caused By Gaming Spoofers
+echo:             [9] Fix: Issues Caused By KB971033 In Windows 7
+echo:             [G] Fix: Office Is Not Genuine Banner
+echo:             [E] Export Event Viewer Logs
+echo:             ___________________________________________________
+echo:
+echo:             [0] %_exitmsg%
 echo:       _______________________________________________________________
 echo:          
 call :_color2 %_White% "            " %_Green% "Enter a menu option in the Keyboard :"
-choice /C:1234560 /N
+choice /C:123456789GE0 /N
 set _erl=%errorlevel%
 
-if %_erl%==7 exit /b
-if %_erl%==6 start https://massgrave.dev/office-license-is-not-genuine &goto at_menu
-if %_erl%==5 goto:clearvnext
+if %_erl%==12 exit /b
+if %_erl%==11 goto:exportevtlogs
+if %_erl%==10 start https://massgrave.dev/office-license-is-not-genuine &goto at_menu
+if %_erl%==9 goto:fixwindows7
+if %_erl%==8 goto:fixspoofer
+if %_erl%==7 goto:rewmi
+if %_erl%==6 goto:clearvnext
+if %_erl%==5 goto:reclipsvc
 if %_erl%==4 goto:retokens
 if %_erl%==3 goto:sfcscan
 if %_erl%==2 goto:dism_rest
@@ -242,7 +252,7 @@ call :_color2 %_White% "     - " %Gray% "Make sure the Windows update is properl
 echo:
 echo %line%
 echo:
-choice /C:29 /N /M ">    [9] Continue [2] Go back : "
+choice /C:09 /N /M ">    [9] Continue [0] Go back : "
 if %errorlevel%==1 goto at_menu
 
 cls
@@ -260,12 +270,6 @@ echo dism /online /cleanup-image /restorehealth /Logpath:"%SystemRoot%\Temp\RHea
 echo:
 dism /online /cleanup-image /restorehealth /Logpath:"%SystemRoot%\Temp\RHealth_DISM_%_time%.txt" /loglevel:4
 
-if not exist "!desktop!\" (
-echo:
-call :_color %Red% "Desktop location is not detected. Failed to copy logs on the dekstop."
-goto :at_back
-)
-
 if not exist "!desktop!\AT_Logs\" md "!desktop!\AT_Logs\" %nul%
 copy /y /b "%SystemRoot%\Temp\RHealth_DISM_%_time%.txt" "!desktop!\AT_Logs\RHealth_DISM_%_time%.txt" %nul%
 copy /y /b "%cbs_log%" "!desktop!\AT_Logs\RHealth_CBS_%_time%.txt" %nul%
@@ -295,7 +299,7 @@ echo      restarting the PC after each time to completely fix everything that it
 echo:   
 echo %line%
 echo:
-choice /C:29 /N /M ">    [9] Continue [2] Go back : "
+choice /C:09 /N /M ">    [9] Continue [0] Go back : "
 if %errorlevel%==1 goto at_menu
 
 cls
@@ -312,12 +316,6 @@ echo sfc /scannow
 echo:
 sfc /scannow
 
-if not exist "!desktop!\" (
-echo:
-call :_color %Red% "Desktop location is not detected. Failed to copy logs on the dekstop."
-goto :at_back
-)
-
 if not exist "!desktop!\AT_Logs\" md "!desktop!\AT_Logs\" %nul%
 
 copy /y /b "%cbs_log%" "!desktop!\AT_Logs\SFC_CBS_%_time%.txt" %nul%
@@ -346,15 +344,10 @@ echo          - KMS option activated Office but Office activation page is not sh
 echo:   
 echo %line%
 echo:
-choice /C:29 /N /M ">    [9] Continue [2] Go back : "
+choice /C:09 /N /M ">    [9] Continue [0] Go back : "
 if %errorlevel%==1 goto at_menu
 
 cls
-mode con cols=115 lines=32
-%nul% %psc% "&{$W=$Host.UI.RawUI.WindowSize;$B=$Host.UI.RawUI.BufferSize;$W.Height=31;$B.Height=200;$Host.UI.RawUI.WindowSize=$W;$Host.UI.RawUI.BufferSize=$B;}"
-
-
-
 echo:
 echo %line%
 echo:
@@ -362,16 +355,30 @@ call :_color %Magenta% "Clearing Office vNext License"
 echo:
 
 setlocal DisableDelayedExpansion
-set "_locl=%LocalAppData%\Microsoft\Office\Licenses"
+set "_Local=%LocalAppData%"
 setlocal EnableDelayedExpansion
-call :cleanfolder
-set "_locl=%ProgramData%\Microsoft\Office\Licenses"
-call :cleanfolder
+
+attrib -R "!ProgramData!\Microsoft\Office\Licenses" %nul%
+attrib -R "!_Local!\Microsoft\Office\Licenses" %nul%
+rd /s /q "!ProgramData!\Microsoft\Office\Licenses\" %nul%
+rd /s /q "!_Local!\Microsoft\Office\Licenses\" %nul%
+
+if exist "!ProgramData!\Microsoft\Office\Licenses\" (
+echo Failed To Delete - !ProgramData!\Microsoft\Office\Licenses\
+) else (
+echo Deleted Folder - !ProgramData!\Microsoft\Office\Licenses\
+)
+
+if exist "!_Local!\Microsoft\Office\Licenses\" (
+echo Failed To Delete - !_Local!\Microsoft\Office\Licenses\
+) else (
+echo Deleted Folder - !_Local!\Microsoft\Office\Licenses\
+)
 
 echo:
 for %%# in (
 HKCU\Software\Microsoft\Office\16.0\Common\Licensing
-HKCU\Software\Microsoft\Office\16.0\Common\Identity
+HKCU\Software\Microsoft\Office\16.0\Registration
 ) do (
 reg query %%# %nul% && (
 reg delete %%# /f %nul% && (
@@ -380,32 +387,12 @@ echo Deleted Registry - %%#
 echo Failed to Delete - %%#
 )
 ) || (
-echo Already Clean - %%#
+echo Deleted Registry - %%#
 )
 )
 
 goto :at_back
 
-:cleanfolder
-
-2>nul dir /b /a "!_locl!\*" | %nul% findstr "^" && (
-pushd "!_locl!\" && (
-del /S /F /Q "!_locl!\*"
-for /F "delims=" %%i in ('dir /b') do (
-RD /S /Q "%%i" %nul%
-if not exist "!_locl!\%%i\" (
-echo Deleted Folder - !_locl!\%%i
-) else (
-echo Failed To Delete - !_locl!\%%i
-)
-)
-popd
-)
-) || (
-echo Already Clean - !_locl!\
-)
-exit /b
-
 ::========================================================================================================================================
 
 :retokens
@@ -432,11 +419,12 @@ call :_color2 %_White% "      - " %Red% "Apply it only when it is necessary."
 echo:
 echo %line%
 echo:
-choice /C:29 /N /M ">    [9] Continue [2] Go back : "
+choice /C:09 /N /M ">    [9] Continue [0] Go back : "
 if %errorlevel%==1 goto at_menu
 
 
 cls
+:cleanspptoken
 echo:
 echo %line%
 echo:
@@ -496,7 +484,7 @@ sc qc osppsvc %nul% || (
 echo:
 call :_color %Magenta% "OSPP based Office is not installed"
 call :_color %Magenta% "Skipping rebuilding OSPP tokens"
-goto :cleanclipsvc
+goto :repairoffice
 )
 
 call :_color %Magenta% "Rebuilding OSPP Licensing Tokens"
@@ -545,12 +533,6 @@ call :_color %Green% "tokens.dat file was rebuilt successfully."
 
 ::========================================================================================================================================
 
-:cleanclipsvc
-
-:: This section is removed
-
-::========================================================================================================================================
-
 :repairoffice
 
 echo:
@@ -597,10 +579,11 @@ set _86=HKLM\SOFTWARE\Wow6432Node\Microsoft\Office
 %nul% reg query %_86%\ClickToRun /v InstallPath        && (set "c2r16_86=Office 16.0 C2R x86"      & set "c2r16repair86=%systemdrive%\Program Files\Microsoft Office 15\Client%arch%\OfficeClickToRun.exe")
 
 set uwp16=
-if %winbuild% GEQ 10240 reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\msoxmled.exe" %nul% && (
+if %winbuild% GEQ 10240 (
 dir /b "%ProgramFiles%\WindowsApps\Microsoft.Office.Desktop*" %nul% && set uwp16=Office 16.0 UWP
 dir /b "%ProgramW6432%\WindowsApps\Microsoft.Office.Desktop*" %nul% && set uwp16=Office 16.0 UWP
 dir /b "%ProgramFiles(x86)%\WindowsApps\Microsoft.Office.Desktop*" %nul% && set uwp16=Office 16.0 UWP
+%psc% "Get-AppxPackage -name "Microsoft.Office.Desktop"" | find /i "Office" 1>nul && set uwp16=Office 16.0 UWP
 )
 
 set /a counter=0
@@ -645,7 +628,7 @@ goto :repairend
 echo:
 ) else (
 echo:
-call :_color %_Yellow% "A Window will popup, in that Window you need to select Repair Option..."
+call :_color %_Yellow% "A Window will popup, in that Window you need to select [Quick] Repair Option..."
 call :_color %_Yellow% "Press any key to continue..."
 echo:
 pause >nul
@@ -691,6 +674,405 @@ echo %line%
 echo:
 echo:
 call :_color %Green% "Finished"
+goto :at_back
+
+::========================================================================================================================================
+
+:reclipsvc
+
+cls
+mode 98, 30
+title  Rebuild ClipSVC Licences
+
+if %winbuild% LSS 10240 (
+%eline%
+echo Unsupported OS version Detected.
+echo This command is supported only for Windows 10/11 and their Server equivalent..
+goto :at_back
+)
+
+echo:
+echo %line%
+echo:
+echo      Notes:
+echo:
+echo       - Rebuilding ClipSVC Licences helps in troubleshooting HWID-KMS38 activation issues.
+echo:
+echo       - Do not run this option unless you are having issues in HWID-KMS38 activation.
+echo:
+echo       - System restart is recommended after applying it.
+echo:
+echo %line%
+echo:
+choice /C:09 /N /M ">    [9] Continue [0] Go back : "
+if %errorlevel%==1 goto at_menu
+
+cls
+echo:
+
+echo Stopping ClipSVC service...
+call :_stopservice ClipSVC
+timeout /t 2 %nul%
+
+echo:
+echo Applying the command to Clean ClipSVC Licences...
+echo rundll32 clipc.dll,ClipCleanUpState
+
+rundll32 clipc.dll,ClipCleanUpState
+
+if %winbuild% LEQ 10240 (
+call :_color %Green% "[Successful]"
+) else (
+if exist "%ProgramData%\Microsoft\Windows\ClipSVC\tokens.dat" (
+call :_color %Red% "[Failed]"
+) else (
+call :_color %Green% "[Successful]"
+)
+)
+
+::  Below registry key (Volatile & Protected) gets created after the ClipSVC License cleanup command, and gets automatically deleted after 
+::  system restart. It needs to be deleted to activate the system without restart.
+
+set "RegKey=HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ClipSVC\Volatile\PersistedSystemState"
+set "_ident=HKU\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL"
+
+reg query "%RegKey%" %nul% && %nul% call :regownstart
+reg delete "%RegKey%" /f %nul% 
+
+echo:
+echo Deleting a Volatile ^& Protected Registry Key...
+echo [%RegKey%]
+reg query "%RegKey%" %nul% && (
+call :_color %Red% "[Failed]"
+echo Restart the system, that will delete this registry key automatically.
+) || (
+call :_color %Green% "[Successful]"
+)
+
+::   Clear HWID token related registry to fix activation incase if there is any corruption
+
+echo:
+echo Deleting a IdentityCRL Registry Key...
+echo [%_ident%]
+reg delete "%_ident%" /f %nul%
+reg query "%_ident%" %nul% && (
+call :_color %Red% "[Failed]"
+) || (
+call :_color %Green% "[Successful]"
+)
+
+echo:
+echo Restarting [ClipSVC wlidsvc LicenseManager sppsvc] services...
+for %%# in (ClipSVC wlidsvc LicenseManager sppsvc) do (net stop %%# /y %nul% & net start %%# /y %nul%)
+goto :at_back
+
+::========================================================================================================================================
+
+:fixspoofer
+
+cls
+mode con cols=115 lines=32
+%nul% %psc% "&{$W=$Host.UI.RawUI.WindowSize;$B=$Host.UI.RawUI.BufferSize;$W.Height=31;$B.Height=200;$Host.UI.RawUI.WindowSize=$W;$Host.UI.RawUI.BufferSize=$B;}"
+title  Fix: Issues Caused By Gaming Spoofers
+
+%psc% $ExecutionContext.SessionState.LanguageMode 2>nul | find /i "Full" 1>nul || (
+%eline%
+echo Powershell is not responding properly. Aborting."
+goto :at_back
+)
+
+echo:
+echo %line%
+echo:
+echo      Notes:
+echo:
+echo       - Gaming unban/spoofers/cleaners often cause Windows activation issues.
+echo:
+call :_color2 %_White% "      - " %Red% "Apply this fix ONLY if you have used these things."
+echo:
+echo       - This option will fix files and registry permissions and rebuild licensing tokens.
+echo:
+echo       - System restart is recommended after applying it.
+echo:
+echo %line%
+echo:
+choice /C:09 /N /M ">    [9] Continue [0] Go back : "
+if %errorlevel%==1 goto at_menu
+
+cls
+echo:
+echo Fixing registry and files permissions...
+call :fixpermissions %nul%
+goto :cleanspptoken
+
+:fixpermissions
+
+::  Thanks to skidaim for the fix
+
+takeown /F %windir%\System32\sppsvc.exe
+icacls %windir%\System32 /grant administrators:F /T
+icacls %windir%\System32\spp /grant administrators:F /T
+
+::  I know it's bad but people have messed up system32 permissions, that's why I don't recommend to run this unless users have messed up systems
+
+%psc% $acl = Get-Acl 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform'; $rule = New-Object System.Security.AccessControl.RegistryAccessRule ('NT Service\sppsvc','FullControl','ContainerInherit, ObjectInherit','None','Allow'); $acl.SetAccessRule($rule); Set-Acl -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -AclObject $acl
+%psc% $acl = Get-Acl 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP'; $rule = New-Object System.Security.AccessControl.RegistryAccessRule ('NT Service\sppsvc','FullControl','ContainerInherit, ObjectInherit','None','Allow'); $acl.SetAccessRule($rule); Set-Acl -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP' -AclObject $acl
+%psc% $acl = Get-Acl 'HKLM:\SYSTEM\CurrentControlSet\Services\SPPSVC'; $rule = New-Object System.Security.AccessControl.RegistryAccessRule ('NT Service\sppsvc','FullControl','ContainerInherit, ObjectInherit','None','Allow'); $acl.SetAccessRule($rule); Set-Acl -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\SPPSVC' -AclObject $acl
+%psc% $acl = Get-Acl 'HKLM:\SYSTEM\WPA'; $rule = New-Object System.Security.AccessControl.RegistryAccessRule ('NT Service\sppsvc','FullControl','ContainerInherit, ObjectInherit','None','Allow'); $acl.SetAccessRule($rule); Set-Acl -Path 'HKLM:\SYSTEM\WPA' -AclObject $acl
+%psc% $acl = Get-Acl '%windir%\System32'; $rule = New-Object System.Security.AccessControl.FileSystemAccessRule ('NT Service\sppsvc','FullControl','ContainerInherit, ObjectInherit','None','Allow'); $acl.SetAccessRule($rule); Set-Acl -Path '%windir%\System32' -AclObject $acl
+%psc% $acl = Get-Acl '%windir%\System32\spp'; $rule = New-Object System.Security.AccessControl.FileSystemAccessRule ('NT Service\sppsvc','FullControl','ContainerInherit, ObjectInherit','None','Allow'); $acl.SetAccessRule($rule); Set-Acl -Path '%windir%\System32\spp' -AclObject $acl
+exit /b
+
+::========================================================================================================================================
+
+:fixwindows7
+
+cls
+mode 98, 30
+title  Fix: Issues Caused By KB971033 In Windows 7
+
+if %winbuild% GEQ 9200 (
+%eline%
+echo Unsupported OS version Detected.
+echo This option is supported only for Windows 7 and it's Server equivalent.
+goto :at_back
+)
+
+echo:
+echo %line%
+echo:
+echo      Notes:
+echo:
+echo       - This option fixes issues caused by Update KB971033 in Windows 7.
+echo         https://support.microsoft.com/en-us/help/4487266
+echo:
+echo %line%
+echo:
+choice /C:01 /N /M ">    [1] Continue [0] Go back : "
+if %errorlevel%==1 goto at_menu
+
+cls
+echo:
+
+echo Checking Update KB971033...
+dism /online /get-packages | find /i "Microsoft-Windows-Security-WindowsActivationTechnologies-package~31bf3856ad364e35~amd64~~7.1.7600.16395" 1>nul && (
+echo [Found]
+echo Uninstalling it...
+) || (
+echo [Not Found]
+)
+
+wusa /uninstall /quiet /norestart /kb:971033
+
+echo:
+echo Applying Fixes...
+echo:
+
+net stop sppuinotify /y
+sc config sppuinotify start= disabled
+net stop sppsvc /y
+del %windir%\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 /ah
+del %windir%\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 /ah
+del %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+del %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\cache\cache.dat
+cscript //nologo %windir%\system32\slmgr.vbs /rilc %nul%
+sc config sppuinotify start= demand
+
+goto :at_back
+
+::========================================================================================================================================
+
+:rewmi
+
+cls
+mode 98, 30
+title  Rebuild WMI Repository
+
+::  https://techcommunity.microsoft.com/t5/ask-the-performance-team/wmi-repository-corruption-or-not/ba-p/375484
+
+if exist "%SystemRoot%\Servicing\Packages\Microsoft-Windows-Server*Edition~*.mum" (
+%eline%
+echo WMI rebuild is not recommended on Windows Server. Aborting...
+goto :at_back
+)
+
+echo:
+echo Initializing...
+
+set _wmic=0
+for %%# in (wmic.exe) do @if not "%%~$PATH:#"=="" set _wmic=1
+
+set error=
+if %_wmic% EQU 1 wmic path Win32_ComputerSystem get CreationClassName /value 2>nul | find /i "computersystem" 1>nul
+if %_wmic% EQU 0 %psc% "Get-CIMInstance -Class Win32_ComputerSystem | Select-Object -Property CreationClassName" 2>nul | find /i "computersystem" 1>nul
+if %errorlevel% NEQ 0 set error=1
+winmgmt /verifyrepository %nul%
+if %errorlevel% NEQ 0 set error=1
+
+cls
+echo:
+echo %line%
+echo:
+if defined error (
+echo      WMI Status - [Not Responding] %_wmic%
+) else (
+call :_color %_Green% "     WMI Status - [Working]"
+)
+echo:
+echo      Notes:
+echo:
+call :_color2 %_White% "      - " %Magenta% "WMI rebuild can cause some 3rd party apps to not work until reinstall."
+echo:       
+call :_color2 %_White% "      - " %Red% "Apply this fix ONLY if WMI is not working."
+echo:
+echo %line%
+echo:
+choice /C:09 /N /M ">    [9] Continue [0] Go back : "
+if %errorlevel%==1 goto at_menu
+
+::  Below fixes are taken from https://kb.acronis.com/content/62731
+
+cls
+echo:
+
+sc query Winmgmt %nul% || (
+%eline%
+echo Winmgmt service is not installed. Aborting...
+goto :at_back
+)
+
+echo Disabling Winmgmt service...
+sc config Winmgmt start= disabled %nul%
+if %errorlevel% EQU 0 (
+call :_color %Green% "[Successful]"
+) else (
+call :_color %Red% "[Failed] Aborting..."
+goto :wmifixend
+)
+
+echo:
+echo Stopping Winmgmt service...
+call :_stopservice Winmgmt
+call :_stopservice Winmgmt
+sc query Winmgmt | find /i "1  STOPPED" %nul% && (
+call :_color %Green% "[Successful]"
+) || (
+call :_color %Red% "[Failed] Aborting..."
+goto :wmifixend
+)
+
+echo:
+echo Deleting WMI repository...
+if exist "%windir%\System32\wbem\repository\" rmdir /s /q "%windir%\System32\wbem\repository\" %nul%
+if exist "%windir%\System32\wbem\repository\" (
+call :_color %Red% "[Failed]"
+) else (
+call :_color %Green% "[Successful]"
+)
+
+echo:
+echo Enabling Winmgmt service...
+sc config Winmgmt start= auto %nul%
+if %errorlevel% EQU 0 (
+call :_color %Green% "[Successful]"
+) else (
+call :_color %Red% "[Failed]"
+)
+
+echo:
+echo Checking WMI...
+if %_wmic% EQU 1 wmic path Win32_ComputerSystem get CreationClassName /value 2>nul | find /i "computersystem" 1>nul
+if %_wmic% EQU 0 %psc% "Get-CIMInstance -Class Win32_ComputerSystem | Select-Object -Property CreationClassName" 2>nul | find /i "computersystem" 1>nul
+if %errorlevel% NEQ 0 (
+call :_color %Red% "[Not Responding]"
+) else (
+call :_color %Green% "[Working]"
+)
+
+goto :at_back
+
+:wmifixend
+
+echo:
+echo Enabling Winmgmt service...
+sc config Winmgmt start= auto %nul%
+if %errorlevel% EQU 0 (
+call :_color %Green% "[Successful]"
+) else (
+call :_color %Red% "[Failed]"
+)
+
+goto :at_back
+
+::========================================================================================================================================
+
+:exportevtlogs
+
+cls
+mode con cols=125 lines=32
+%nul% %psc% "&{$W=$Host.UI.RawUI.WindowSize;$B=$Host.UI.RawUI.BufferSize;$W.Height=31;$B.Height=500;$Host.UI.RawUI.WindowSize=$W;$Host.UI.RawUI.BufferSize=$B;}"
+title  Export Event Viewer Logs
+
+set tdir=%SystemRoot%\Temp\_EventLogs
+if exist %tdir%\. rd /s /q %tdir%\ %nul%
+if exist %tdir%\ (
+%eline%
+echo Failed to delete below folder. Aborting...
+echo %tdir%\
+goto :at_back
+)
+
+md %tdir%\
+
+echo:
+echo Creating archive file of Event logs...
+
+set _time=
+for /f %%a in ('%psc% "Get-Date -format HH_mm_ss"') do set _time=%%a
+%nul% robocopy %SystemRoot%\System32\winevt\Logs\ %tdir%\
+
+::  https://stackoverflow.com/a/46268232
+
+set "ddf="%SystemRoot%\Temp\ddf""
+%nul% del /q /f %ddf%
+echo/.New Cabinet>%ddf%
+echo/.set Cabinet=ON>>%ddf%
+echo/.set CabinetFileCountThreshold=0;>>%ddf%
+echo/.set Compress=ON>>%ddf%
+echo/.set CompressionType=LZX>>%ddf%
+echo/.set CompressionLevel=7;>>%ddf%
+echo/.set CompressionMemory=21;>>%ddf%
+echo/.set FolderFileCountThreshold=0;>>%ddf%
+echo/.set FolderSizeThreshold=0;>>%ddf%
+echo/.set GenerateInf=OFF>>%ddf%
+echo/.set InfFileName=nul>>%ddf%
+echo/.set MaxCabinetSize=0;>>%ddf%
+echo/.set MaxDiskFileCount=0;>>%ddf%
+echo/.set MaxDiskSize=0;>>%ddf%
+echo/.set MaxErrors=1;>>%ddf%
+echo/.set RptFileName=nul>>%ddf%
+echo/.set UniqueFiles=ON>>%ddf%
+pushd "%tdir%\"
+for /f "tokens=* delims=" %%D in ('dir /a:-D/b/s "%tdir%\"') do (
+ echo/"%%~fD"  /inf=no;>>%ddf%
+)
+makecab /F %ddf% /D DiskDirectory1="" /D CabinetNameTemplate=%tdir%\Logs.cab
+del /q /f %ddf%
+popd
+
+if not exist "!desktop!\AT_Logs\" md "!desktop!\AT_Logs\" %nul%
+copy /y /b "%tdir%\Logs.cab" "!desktop!\AT_Logs\EventLogs_%_time%.cab" %nul%
+if exist %tdir%\. rd /s /q %tdir%\ %nul%
+
+echo:
+if exist "!desktop!\AT_Logs\EventLogs_%_time%.cab" (
+call :_color %Green% "[Successful]"
+echo EventLogs_%_time%.cab created inside AT_Logs folder on the dekstop.
+) else (
+call :_color %Red% "[Failed]"
+)
+
+goto :at_back
 
 ::========================================================================================================================================
 
@@ -708,7 +1090,7 @@ goto :at_menu
 :at_done
 
 echo:
-echo Press any key to exit...
+echo Press any key to %_exitmsg%...
 pause >nul
 exit /b
 
@@ -779,7 +1161,57 @@ del /S /F /Q "%%#*.dat"
 )
 exit /b
 
-::========================================================================================================================================\
+::========================================================================================================================================
+
+:regownstart
+
+setlocal
+set "TMP=%SystemRoot%\Temp"
+set "TEMP=%SystemRoot%\Temp"
+%psc% "$f=[io.file]::ReadAllText('!_batp!') -split ':regown\:.*';iex ($f[1]);"
+endlocal
+exit /b
+
+::  Below code takes ownership of a volatile registry key and deletes it
+::  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ClipSVC\Volatile\PersistedSystemState
+
+::  Thanks to Remko Weijnen for the code and thanks to abbodi1406 for the help
+::  remkoweijnen.nl/blog/2012/01/16/take-ownership-of-a-registry-key-in-powershell/
+
+:regown:
+$definition = @"
+using System;
+using System.Runtime.InteropServices;
+namespace Win32Api
+{
+    public class NtDll
+    {
+        [DllImport("ntdll.dll", EntryPoint="RtlAdjustPrivilege")]
+        public static extern int RtlAdjustPrivilege(int Privilege, bool Enable, bool CurrentThread, ref bool Enabled);
+    }
+}
+"@
+
+Add-Type -TypeDefinition $definition -PassThru | Out-Null
+[Win32Api.NtDll]::RtlAdjustPrivilege(9, $true, $false, [ref]$false) | Out-Null
+
+$SID = New-Object System.Security.Principal.SecurityIdentifier('S-1-5-32-544')
+$IDN = ($SID.Translate([System.Security.Principal.NTAccount])).Value
+$Admin = New-Object System.Security.Principal.NTAccount($IDN)
+
+$path = 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\ClipSVC\Volatile\PersistedSystemState'
+$key = [Microsoft.Win32.RegistryKey]::OpenBaseKey('LocalMachine', 'Registry64').OpenSubKey($path, 'ReadWriteSubTree', 'takeownership')
+
+$acl = $key.GetAccessControl()
+$acl.SetOwner($Admin)
+$key.SetAccessControl($acl)
+
+$rule = New-Object System.Security.AccessControl.RegistryAccessRule($Admin,"FullControl","Allow")
+$acl.SetAccessRule($rule)
+$key.SetAccessControl($acl)
+:regown:
+
+::========================================================================================================================================
 
 :_color