BSOD Randomnly can't fix with SFC

Status
Not open for further replies.
Thanks, why couldn't the MBAM removal tool load out of interest?

FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download the attached fixlist.txt and save it to the Desktop.
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
 

Attachments

x BlueRobot said:
Thanks, why couldn't the MBAM removal tool load out of interest?

FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download the attached fixlist.txt and save it to the Desktop.
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
Click to expand...
I tried to run FRST64 but it's freezing on creating restore point , i just see one green box and nothing more. What should i do ? Thank you
 
stogazull said:
I tried to run FRST64 but it's freezing on creating restore point , i just see one green box and nothing more. What should i do ? Thank you
Click to expand...
Update i open the fixlist file and remove the creating restore point value and FRST64 did run this time, that is the log . It could not create a restore point, i checked and i cant create restore point not even manually , is searching for drive without find one .
 

Attachments

Do you have System Restore enabled? Nevertheless, please run DISM again and then upload the CBS logs if it fails.
 
x BlueRobot said:
Do you have System Restore enabled? Nevertheless, please run DISM again and then upload the CBS logs if it fails.
Click to expand...
Hi , i run DISM again and this time it worked fine , after that run SFC and it found corrupted files and fixed them successfully. now i just receive message from antivirus that says it's off , please check the attached picture, i click on the message but i cant activate the antivirus, please check second picture. What should i do ? One more issue is that windows update it's not working , i have an update the KB5033372 but installing is at 0% since long time and i tried to install it manually as well but without success thank you
 

Attachments

  • 463602_0.jpg
    463602_0.jpg
    73.1 KB · Views: 2
  • 463603_0.jpg
    463603_0.jpg
    53.4 KB · Views: 2
Please open an elevated command prompt and then enter the following command:

Code: 
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /s >> %userprofile%\Desktop\policies.txt

Please attach the policies.txt file to your next post. In addition to that, please also provide the latest CBS logs as you've done before.
 
x BlueRobot said:
Please open an elevated command prompt and then enter the following command:

Code: 
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /s >> %userprofile%\Desktop\policies.txt

Please attach the policies.txt file to your next post. In addition to that, please also provide the latest CBS logs as you've done before.
Click to expand...
this are the files . Thank you
 

Attachments

This machine isn't connected to some domain is it or a corporate machine?

Could you please provide the latest copy of your COMPONENTS hive along with the SideBySide (SxS) subkey which must be saved as a .hiv file.

Retrieve Components Hive
1. Navigate to C:\Windows\System32\Config and locate the COMPONENTS file.
2. Please copy this file to your desktop.
Note: If you receive an error that this file is in-use, simply reboot your computer and try again.
3. Right-click on this file on your desktop and select Send To...Compressed (zipped) folder. This will create a file named COMPONENTS.ZIP on your desktop.
4. The file will likely be too large to upload here so please upload to a file sharing service. Examples of services to upload to are Dropbox or OneDrive or WeTransfer and then just provide the link in your reply.

Export SideBySide
  1. Click on the Start button and in the search box, type regedit
  2. When you see regedit on the list, right-click on it and select Run as administrator
  3. When regedit opens, using the left pane, navigate to the following registry key and select it by clicking on it once.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide
  4. Once selected, click File > Export....
  5. Change the Save as type: to Registry Hive Files (.)
  6. Name this file SxS (with no file extension) and save it to your Desktop.


Once done please upload this file via Dropbox or OneDrive or WeTransfer.
 
x BlueRobot said:
This machine isn't connected to some domain is it or a corporate machine?

Could you please provide the latest copy of your COMPONENTS hive along with the SideBySide (SxS) subkey which must be saved as a .hiv file.

Retrieve Components Hive
1. Navigate to C:\Windows\System32\Config and locate the COMPONENTS file.
2. Please copy this file to your desktop.
Note: If you receive an error that this file is in-use, simply reboot your computer and try again.
3. Right-click on this file on your desktop and select Send To...Compressed (zipped) folder. This will create a file named COMPONENTS.ZIP on your desktop.
4. The file will likely be too large to upload here so please upload to a file sharing service. Examples of services to upload to are Dropbox or OneDrive or WeTransfer and then just provide the link in your reply.

Export SideBySide
  1. Click on the Start button and in the search box, type regedit
  2. When you see regedit on the list, right-click on it and select Run as administrator
  3. When regedit opens, using the left pane, navigate to the following registry key and select it by clicking on it once.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide
  4. Once selected, click File > Export....
  5. Change the Save as type: to Registry Hive Files (.)
  6. Name this file SxS (with no file extension) and save it to your Desktop.


Once done please upload this file via Dropbox or OneDrive or WeTransfer.
Click to expand...
As far as i know is a private machine , it's not mine is from a friend that asked me to remove a trojan.
This are the log files Thank you

COMPONENTS.zip
SxS
 
Install Update with DISM

  1. Download the update MSU here: windows10.0-kb5033372-x64_822cb06e298fd32637584b623f2cdaa3468f42a1.msu
  2. Copy the .msu file to a convenient location (such as %userprofile%\Desktop).
  3. Click on the Start button and in the search box, type Command Prompt
  4. When you see Command Prompt on the list, right-click on it and select Run as administrator
  5. When command prompt opens, copy and paste the following commands into it, press enter after each

    cd %userprofile%\Desktop
    replace %userprofile%\Desktop with your path if different

    expand windows10.0-kb5033372-x64_822cb06e298fd32637584b623f2cdaa3468f42a1.msu -f:* %userprofile%\Desktop

    DISM /Online /Add-Package /PackagePath:%userprofile%\Desktop\windows10.0-kb5033372-x64.cab
  6. You should receive the message:
    The operation completed successfully.
    Make sure to allow the computer to restart if prompted.
  7. If you receive any other message:
    Post a screenshot of the Command Prompt window.
    Zip and attach the file %systemroot%\Logs\CBS\CBS.log

If it doesn't work, then we can look at addressing the problem in a different way.

stogazull said:
Maybe the trojan change things around ?!
Click to expand...
I doubt that, I should imagine that you still have remnants of MBAM on your system but you never explained why the removal tool wasn't able to loaded?
 
x BlueRobot said:
Install Update with DISM

  1. Download the update MSU here: windows10.0-kb5033372-x64_822cb06e298fd32637584b623f2cdaa3468f42a1.msu
  2. Copy the .msu file to a convenient location (such as %userprofile%\Desktop).
  3. Click on the Start button and in the search box, type Command Prompt
  4. When you see Command Prompt on the list, right-click on it and select Run as administrator
  5. When command prompt opens, copy and paste the following commands into it, press enter after each

    cd %userprofile%\Desktop
    replace %userprofile%\Desktop with your path if different

    expand windows10.0-kb5033372-x64_822cb06e298fd32637584b623f2cdaa3468f42a1.msu -f:* %userprofile%\Desktop

    DISM /Online /Add-Package /PackagePath:%userprofile%\Desktop\windows10.0-kb5033372-x64.cab
  6. You should receive the message:
    The operation completed successfully.
    Make sure to allow the computer to restart if prompted.
  7. If you receive any other message:
    Post a screenshot of the Command Prompt window.
    Zip and attach the file %systemroot%\Logs\CBS\CBS.log

If it doesn't work, then we can look at addressing the problem in a different way.


I doubt that, I should imagine that you still have remnants of MBAM on your system but you never explained why the removal tool wasn't able to loaded?
Click to expand...
I don't know why it didn't work, double clicked on it but nothing happened
 
x BlueRobot said:
Did you right-click and run the removal tool as an administrator? I would check that you have a version of .NET framework installed which is at least 4.0

You can check using: Determine which .NET Framework versions are installed - .NET Framework

Let me know how the update goes with DISM.
Click to expand...
before the dism repair the removal tool for Malwarebytes didnt work even with right click and run as admin i just tried again and this time worked and i run it and clean.
after i try to update with DISM but after 40 minutes still on the same state as you can see from my screen shot.
before that i had 3 more BSOD , i checked the framework version, you can see on the attachment files
 

Attachments

stogazull said:
before the dism repair the removal tool for Malwarebytes didnt work even with right click and run as admin i just tried again and this time worked and i run it and clean.
after i try to update with DISM but after 40 minutes still on the same state as you can see from my screen shot.
before that i had 3 more BSOD , i checked the framework version, you can see on the attachment files
Click to expand...
Update, i left it over night and DISM fail with this error , i post the screen shot and the new CBS log thank you
 

Attachments

  • CBS.zip
    CBS.zip
    25 MB · Views: 4
  • DISM2.jpg
    DISM2.jpg
    37.4 KB · Views: 2
i am using it and it did crashes already after i removed it 2 times :( i tried again DISM but no success, can't find source files...
 
This thread has now been locked, if you're having a similar issue then please create a thread of your own.
 
Status
Not open for further replies.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top