[SOLVED] August Security Update failed to install

Because of large number of entries to remove, after an hour running, the Fix caused computer to overheat, so I had to terminate FRST.
Click to expand...
That's odd. Please check that all cooling fans are clean and running. Remove any dust on the cooling-ribs.


Warning: This script was written specifically for this user, for use on that particular machine. Do not run this script on another machine.
  1. Download the attachment fixlist.txt and save it to your desktop.
  2. Right-click on FRST64.exe and select "Run as administrator".
  3. Press the Fix button.
  4. The tool will now process fixlist.txt.
  5. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  6. When finished, a log called Fixlog.txt will appear in the same directory the tool is run from.
  7. Post the logfile Fixlog.txt as attachment in your next reply.
 

Attachments

Fans now clean, but weren't really that dirty, not really sure why processor got hot. Machine is a laptop, so could be that the air circulating under it was obstructed in some way. If I have to run another large fix I'll raise it up off the desk to ensure better air flow.

Fixlog attached ....
 

Attachments

Step 1:
WARNING! The following fix is specific to the user's system in this thread only. No one else should follow these instructions, as it could damage your system.
  • Download the file SFCFix.zip and save it on your desktop.
  • Save any work you have open, and close all programs.
  • Drag the SFCFix.zip file over the
    myjIXnC.png
    SFCFix.exe executable and release it.
    1p8eDnI.gif
  • SFCFix will launch, let it complete.
  • Once done, a file will appear on your desktop, called SFCFix.txt.
  • Open the file, then copy and paste its content in your next reply.

Step 2:
Restart the computer.
Check Windows Update again and report the result.
If it fails, attach the zipped cbs.log to your next reply.
 
Update failed on restart in similar way to last two attempts.

Logs attached below ...
 

Attachments

Step 1:
In message #3 you said "Removed some Flash remnants".
What exactly did you remove ?
If you used a tool or program, which one ?


Step 2:
Warning: This script was written specifically for this user, for use on that particular machine. Do not run this script on another machine.
  1. Download the attachment fixlist.txt and save it to your desktop.
  2. Right-click on FRST64.exe and select "Run as administrator".
  3. Press the Fix button.
  4. The tool will now process fixlist.txt.
  5. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  6. When finished, a log called Fixlog.txt will appear in the same directory the tool is run from.
  7. Post the logfile Fixlog.txt as attachment in your next reply.
 

Attachments

I removed 3 Registry Keys using FRST, fixlog below ....

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-08-2021
Ran by Gary R (13-08-2021 10:24:11) Run:73
Running from C:\Users\Gary R\Documents\Malware Removal Case Files\Tools\Farbar's Tools\FRST
Loaded Profiles: Gary R
Boot Mode: Normal
==============================================

fixlist content:
*****************
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_adobe-flash-for-windows_31bf3856ad364e35_0.0.0.0_none_ab9875376a174135]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_adobe-flash-for-windows-deployment_31bf3856ad364e35_none_3d4f8f77a5907321]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_adobe-flash-for-windows_31bf3856ad364e35_none_b4179b8118d18c9f]

*****************

"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_adobe-flash-for-windows_31bf3856ad364e35_0.0.0.0_none_ab9875376a174135" => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_adobe-flash-for-windows-deployment_31bf3856ad364e35_none_3d4f8f77a5907321 => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_adobe-flash-for-windows_31bf3856ad364e35_none_b4179b8118d18c9f => removed successfully

==== End of Fixlog 10:24:11 ====



Latest fixlog attached below ....
 

Attachments

I think those missing keys/values are now part of the remaining problem.
Please do following only, nothing else.

Warning: This script was written specifically for this user, for use on that particular machine. Do not run this script on another machine.
  1. Download the attachment fixlist.txt and save it to your desktop.
  2. Right-click on FRST64.exe and select "Run as administrator".
  3. Press the Fix button.
  4. The tool will now process fixlist.txt.
  5. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  6. When finished, a log called Fixlog.txt will appear in the same directory the tool is run from.
  7. Attach the file Fixlog.txt as attachment to your next reply.
  8. Attach also the file C:\Users\Gary R\Documents\Malware Removal Case Files\Tools\Farbar's Tools\FRST\<date>_<time>.zip to your next reply.
 

Attachments

Wouldn't surprise me a bit. I tell people all the time not to meddle with things they don't fully understand, and yet don't follow my own advise. My apologies for the extra work it has caused you.

FixLog attached below hive file too large, so filedropper link below ...

Edit: downloadlink removed
 

Attachments

Last edited by a moderator:
The following fix repairs the removed registry keys and values.

Step 1:
Warning: This script was written specifically for this user, for use on that particular machine. Do not run this script on another machine.
  1. Download the attachment fixlist.txt and save it to your desktop.
  2. Right-click on FRST64.exe and select "Run as administrator".
  3. Press the Fix button.
  4. The tool will now process fixlist.txt.
  5. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  6. When finished, a log called Fixlog.txt will appear in the same directory the tool is run from.
  7. Post the logfile Fixlog.txt as attachment in your next reply.

Step 2:
Restart the computer.
Check Windows Update again and report the result.
If it fails, attach the zipped cbs.log to your next reply.
 

Attachments

Registry fix failed, Frst reports it can't access the Registry ???

Fixlog below ....
 

Attachments

Note .... I've never seen an error of this type before, so have asked Farbar if he knows why it was generated.
 
I've been told ....

The Administrator account only have read access to the keys under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing

The owner of the keys is the Trusted Installer user, by default only Windows Update have write access to this keys.
Click to expand...
 
Warning: This script was written specifically for this user, for use on that particular machine. Do not run this script on another machine.

Download the attachment and extract it.
Open the extracted folder, double-click the file regfix.reg.
When prompted allow to change the registry settings.

Did that run successfully ?
 

Attachments

Afraid not, it failed with the message ....

Cannot import c:\users\gary r\desktop\regfix\regfix.reg The specified file is not a registry script. You can only import binary registry files from within the registry editor.

Question ? Should the StartRegedit: and EndRegit: commands be present in that regfix, and/or should you add "Windows Registry Editor Version 5.00" and place line spaces between the various keys as with a "normal" .reg import ?
 
Last edited:
Hmm, something went wrong creating the zip file.
Use the attached zipfile and report the result.
 

Attachments

Failed again, this time with the message ...

Cannot import C:\Users\Gary R\Desktop\regfix\regfix.reg Error accessing the Registry.

Basically same error that was reported earlier by FRST, and I would presume for the same reason. ie The owner of the keys is the Trusted Installer user, by default only Windows Update have write access to these keys.
 
Retrieve Software Hive
1. Navigate to C:\Windows\System32\Config and locate the SOFTWARE file.
2. Please copy this file to your desktop.
Note: If you receive an error that this file is in-use, try Option#2 below.
3. Right-click on this file on your desktop and select Send To...Compressed (zipped) folder. This will create a file named SOFTWARE.ZIP on your desktop.
4. Upload the zip file (SOFTWARE.zip) to your favourite file sharing website (it will be too big to upload here). Examples of services to upload to are FileDropper or One Drive or WeTransfer.
5. Note: Send the downloadlink in a private message as the SOFTWARE hive contains sensitive information!

Option#2 (only if you are unable to follow the previous instructions)

  • Please download the Freeware RegBak from here: Acelogix Software - Download products
    You will find it at the bottom of the page that the link brings you to.
  • Go ahead and install this program and accept all the defaults. After the last install screen the program should open.
  • Click the New Backup button. Accept the defaults and simply click Start.
  • When it says Finished successfully, click the Close button.
  • This will bring you back to the main screen of the program. You will see one entry in this list with the date that you did it. Right-click on this line-item and select Explore Backup...
  • This will bring you into the folder where the backup was made. You should see a Users folder and a Windows folder along with a couple other files. Double-click on the Windows folder to open it. Then open the System32 folder and then config folder. You should see around 6 files in here, one of which is named SOFTWARE.
  • Copy the SOFTWARE file to your Desktop. If the SOFTWARE file does not exist, please fetch it instead from C:\Windows\System32\config\SOFTWARE.
  • Now right-click on the SOFTWARE file that is on your desktop and select Send to > Compressed (zipped) folder.
  • Then please upload the zip file (SOFTWARE.zip) to your favourite file sharing website (it will be too big to upload here). Examples of services to upload to are FileDropper or One Drive or WeTransfer.
  • Note: Send the downloadlink in a private message as the SOFTWARE hive contains sensitive information!
  • You can close any open windows you have as well as the RegBak program now.
 
Have sent you a link to the Sofware file by PM.

Turning in for the night now, talk to you again tomorrow, or whenever convenient to you.
 
SOFTWARE Hive Replacement with RegBak
Warning: This fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good.

  1. Close all open programs and save all your work. You will need to reboot the machine during this process.
  2. Download the SOFTWARE.ZIP from the private message I sent you.
  3. Right-click on SOFTWARE.ZIP and select Extract All.... Ensure the "Show extracted files when complete" checkbox is checked and click the Extract button.
  4. The software hive will be extracted. You will see the file named SOFTWARE (no extension)
  5. Copy the SOFTWARE hive to where you previously saved a backup. It should be (C:\Windows\RegBak\PC-NAME\DATE\Windows\System32\Config)
    2014-10-1818_56_49-config_zpscbb8aad0.png
  6. Overwrite the one that is currently there when prompted.
  7. Open RegBak by click Start and selecting Registry Backup and Restore. Highlight the backup in the list (it should be the one date today), and press Restore. Click Start. RegBak will reboot your computer to complete the restore process.
Let me know if the hive was replaced or if there were any errors.
 
Haven't received a PM yet.
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top