[SOLVED] Win10-22H2 Security Update(KB5027215) installs to 90+% and "rolls back": System is a Win10-22H2-OSbuild 19045.2913

[Jay11]

@Gary R
First, when I did the restart Windows started up with an update process that completed 100%

Then after login ran Dism — 100% Sucess. CBS.log (zipped) attached.

Then...

Created fixlist.txt and saved to same folder as FRST... Opened FRST and selected FIX once — See Fixlog.txt content below:

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-06-2023
Ran by JK (30-06-2023 12:52:07) Run:5
Running from C:\Users\JK\Desktop
Loaded Profiles: JK
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-DirectoryServices-ADAM-Client-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.2913
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex\Microsoft-Windows-DirectoryServices-ADAM-Client-Package~31bf3856ad364e35~amd64~en-US~0.0.0.0
*****************

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-DirectoryServices-ADAM-Client-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.2913 => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex\Microsoft-Windows-DirectoryServices-ADAM-Client-Package~31bf3856ad364e35~amd64~en-US~0.0.0.0 => Error: No automatic fix found for this entry.

==== End of Fixlog 12:52:07 ====

 

[Gary R]

You didn't copy the fixlist I gave you correctly, and forgot to include the ExportKey: instruction at the beginning of the two lines of script I supplied. As a result FRST did not actually do anything (thankfully) which is lucky, as it could have removed those two keys.

At this point I don't think I need to see an export of those two keys, so no problem really.

Your latest CBS log looks clean, so please try updating ....

If successful, or if Windows Update shows you are up to date, please let me know.

Any problems please post the CBS.log created after your update attempt.

 

[Jay11]

@Gary R please excuse my presumption for asking in this thread...
Do you think it's a "good idea" to upgrade a laptop from Win10 to Win11 by bypassing the TMP & secure boot check?

 

[Gary R]

No, not a good idea at all.

Security on W11 is designed and implemented for a purpose, and it is unwise to try and bypass it.

W10 is supported till October 14, 2025, so there's no need to upgrade to W11, particularly if your machine is not fully compatible with that OS.

 

[Jay11]

@Gary R , OK, there were updates... See screenshot (1)




... At restart updates ran to 30%, then the system did a full restart and updates failed (couldn't complete... roll back) — See screenshot (2)




Attached please find CBS.log (zipped)

 

[Gary R]

Can you please post me a copy of your COMPONENTS hive ...

• Navigate to C:\Windows\System32\Config and locate the COMPONENTS file.
• Please copy this file to your desktop.
• Note: If you receive an error that this file is in-use, simply reboot your computer and try again.
• Right-click on this file on your desktop and select Send To...Compressed (zipped) folder. This will create a file named COMPONENTS.ZIP on your desktop.
• The file will likely be too large to upload here, if so please upload to a file sharing service.
• Examples of services to upload to are WeTransfer and TransferKit and SendFileOnline

Please post me the link to the file


Going to be out for the rest of the night, so tomorrow morning (my time GMT) will be the earliest I get to see it.

 

[Jay11]

@Gary R I hope you enjoy ur evening 100%

Attached is C:\Windows\System32\Config "COMPONENTS" file. I compressed it to MAX level so it reduced from 44 MB to just over 6 MB
There were "Components" log files as well, but I assumed you don't need 'em — Anyway, their dates are older than 30-Jun.

 

[Gary R]

Lot of things from your last CBS.log to check against your COMPONENTS hive, so it's likely to take quite a while, and I'm also going to be out most of today, so it may be some time before I get back to you. I'll try to make it ASAP.

 

[Gary R]

Need a little more information.

Please run a scan for me with FRST ...

• Launch FRST ....
• Note: Your antivirus program may report FRST incorrectly as an infection. If so, disable the real-time protection when running FRST.
• Right-click to run the tool as administrator. When the tool opens click Yes to disclaimer.
• Note: Ensure that the List BCD check box is checked at the bottom of the form within the Optional Scan area.
  
  
• Press the Scan button.
• Please wait for the tool to finish. It will produce two logfiles called FRST.txt and Addition.txt in the same directory the tool is run from (which should be the desktop)
• Attach the logfiles FRST.txt and Addition.txt in your next reply.

 

[Jay11]

@Gary R please find zip file containing both txt docs you requested.

 

[Gary R]

Can you please do the following for me ....

• Click Search button and type Command
• From the results, right click on the Command Prompt icon, and select Run as administrator
• A Command Window will open.
• Copy paste the commands below into it, one at a time, and after each hit Enter

reg query "HKEY_USERS" > "%userprofile%\desktop\ProfileList.txt"
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /s >> "%userprofile%\desktop\ProfileList.txt"

• A notepad document titled ProfileList.txt should be created on your Desktop.
• Please include it with your next post.

Next ....

• Press your WindowsKey+R to open a Run window
• Type/Copy .... diskmgmt.msc .... then click OK
• A Disk Management window should open.

Please take a screenshot of the Disk Management window, and include it with your next post.

 

[Jay11]

@Gary R Hi. Sorry was busy today.
Attached is "ProfileList.txt" file and screenshot image as requested.

 

[Gary R]

Please can you do the following ....

• Click on Windows Key + R to open a Run window
• In the Open: box type slmgr.vbs /sli then click OK
• A Windows Script Host window will open
• Please take a screenshot of that window and post it with your next reply.

 

[Jay11]

@Gary R Hi there,
Please find requested screenshot(s): 1-5 screenshots (png) zipped into a file.

 

[Gary R]

Sorry, there was typo in my previous post (hit the s key instead of the d key next to it), command should have been

slmgr.vbs /dli

Please try again, this time using the command above. This time you should only get one Windows Script Host window.

 

[Jay11]

@Gary R Ok, no problem. See below/attached...

 

[Gary R]

Thanks, that's what I expected to see. Just needed confirmation.

Got to consult with my colleagues, may take a while, but I'll get back to you as soon as I can.

 

[Gary R]

Your FRST logs show you have two AV suites protecting your system ... Windows Defender ... and ... Kaspersky. This will usually cause conflicts, and diminish rather than enhance the protection on your machine. Windows Defender is a perfectly functional AV, and as it's fully integrated into W10 will cause far fewer issues than a 3rd party AV.

"Optimiser" programs are a complete and utter waste of time, and usually cause far more problems than they ever resolve.

So please uninstall the following programs ....

Ashampoo WinOptimizer FREE
Kaspersky Secure Connection


... and then reboot your computer to finalise their removal.

Next ...

I notice that you have 3 different remote access programs installed on your machine ...

NoMachine
TeamViewer
AweSun

... any particular reason for having 3 ????

If not, then I strongly recommend you uninstall any you don't absolutely need.

Next ....

• Download the attached fixlist.txt and save it to the same location as FRST (must be in same folder or it won't process).
• NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
• Now press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
• Please post me the log

Finally ...

Please run a new scan with FRST (don't forget to check the List BCD box), and attach the new FRST.txt and Addition.txt logs created.

 

[Jay11]

@Gary R Hi there. OK, your point regarding Ashampoo WinOptimizer FREE and Kaspersky Secure Connection is noted. Programs uninstalled!

To be honest, last year I was testing alternatives to Teamviewer and I completely forgot I still had 'em installed... I've uninstalled all.

I did a restart... Also, after FRST ran it did and auto-restart as well? It also created a folder called "FRST-OlderVersion" and another FRST64.exe appeared on the Desktop?

Find attached as requested: Fixlog_5-Jul.txt and a zipped file of FRST.txt and Addition.txt

NB: There was an error message when FRST started up... See screenshot. I proceeded to run the scan anyway (List BCD ticked).

 

[Jay11]

@Gary R
I just opened my Thunderbird mail client app to check emails AND ALL my profile folders are gone.... MY EMAIL DATA FOLDERS WERE DELETED