Windows 8.1 failed to boot after an automatic update

[DRQ]

Are you sure this is worth your time? Your help is appreciated but I'm concerned this might not be the best use of your skills.
Avast was running and PC was connected to the network (and Internet) when 'FSS.exe' was run. The log file is attached as 'FSS_d20210907t2107.txt'

 

[DRQ]

I've done a bit of fiddling (sorry, trying to be helpful) and found an error message I don't think I've seen before.

I opened 'services.msc' and found the Windows Defender service. I clicked 'Start' and this time I received a 577 error message, as per '577_d20210907t2130.png'. (Last time I tried that it gave me a time out message).

 

[PeterJ]

I clicked 'Start' and this time I received a 577 error message, as per '577_d20210907t2130.png'.

Curious. Looking at some logs back that file and another one are dated 18 May 2021. All other files in that folder are much older, presumably other versions.
Lets try to replace them with the matching version numbers of Windows Defender files.

Backup the following files first, copy them to another location.
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\Windows Defender\MsMpEng.exe

Next, replace them with the 2 files attached.
Let me know if the replacement worked and if that fixes the issue.

 

[DRQ]

"You need permission to perform this action"
I don't know how to get the required permission. I'm logged in on an administrator account and tried using "Run as administrator" with 'explorer.exe' but that's not enough.
I've had a quick look on the web and I'll see if I can find some instructions that make enough sense to me but if you've got any tips then please let me know.

 

[DRQ]

Took ownership and added write permission, so have replaced the files. However when I try and start the "Windows Defender Service" I get a message "Windows could not start the Windows Defender Service on Local Computer. Error 216: 0xd8"
I didn't restart the computer, so I'll try that now.
Before restarting I thought I'd try running 'MSASCui.exe'. When I tried to start Defender from there I got a message saying it's an incompatible version and error code 0x800700d8.
I'll post some screenshots in a moment.
This is a 32 bit machine.

 

[DRQ]

When I tried to start "Windows Defender Service" from 'services.msc' there was the message as shown in 'error216_d20210908t2043.png'

When I ran 'MSASCui.exe' and clicked on "Start now" there was the message as shown in 'incompatible_version_d20210908t2047.png'

 

[DRQ]

I've put the original files back in place. I thought I'd try starting the "Windows Defender Service" through 'services.msc' again. And a different error message, but I think seen before. This time it says "Error 1067: The process terminated unexpectedly" which matches post #50, I think.
(I had taken Avast back off the computer between #82 and #84 because I read somewhere that the 577 message in #82 might be related to third party antivirus. I uninstalled Avast and ran the 'avastclear.exe' but I still got a 577 after that.)
I didn't know what was happening to start with and now I've seen many more different types of error message!

 

[PeterJ]

The previous attachment contains the 64bits version.
Attached the 32bits version of both files.
Use these to replace the files in the C:\Program Files\Windows Defender folder.
Please report the result.

 

[DRQ]

The file sizes are different, comparing what was on the machine to what you've provided.
When trying to start from 'services.msc' there is an error 577 "Windows cannot verify the digital signature for this file"
When trying to start from 'MSASCui.exe' there is a long pause and then "The service couldn't be started because the timeout period expired."
Similar, or identical, to previous attempts.

 

[PeterJ]

The file sizes are different, comparing what was on the machine to what you've provided.

Correct. The files you had were newer and probably with higher version numbers.

When trying to start from 'services.msc' there is an error 577 "Windows cannot verify the digital signature for this file"

Please perform the checks below.

Step 1:
Warning: This script was written specifically for this user, for use on that particular machine. Do not run this script on another machine.

1. Download the attachment fixlist.txt and save it to your desktop.
2. Right-click on FRST.exe and select "Run as administrator".
3. Press the Fix button.
4. The tool will now process fixlist.txt.
5. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
6. When finished, a log called Fixlog.txt will appear in the same directory the tool is run from.
7. Post the logfile Fixlog.txt as attachment in your next reply.

Step 2:
Export registry as hive

• Click on the Start button and in the search box, type regedit
• When you see regedit on the list, right-click on it and select Run as administrator.
• When regedit opens, using the left pane, navigate to the following registry key and select it by clicking on it once.
  
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners
  
• Once selected, click File > Export....
• Change the Save as type: to Registry Hive Files (*.*).
• Name this file Winners (with no file extension) and save it to your Desktop.
• Right-click on the saved file and choose Send To -> Compressed (zipped) Folder.
• Attach the .ZIP file to your next post.
• If the file is too large to upload here, please upload to WeTransfer and just provide the link here.

 

[DRQ]

Step 1
I followed the instructions and the resulting log file is attached as 'Fixlog_d20210912t1350.txt'

Step 2
I followed the instructions and the resulting zipped file is attached as '"winners.zip"'

Step 1b
I had a look at the 'Fixlog_d20210912t1350.txt' from Step 1 and think there might have been an oversight in the 'fixlist.txt' file provided. I think there are meant to be quotation marks due to the space in between "Windows" and "Defender". I modified the 'fixlist.txt' file and followed the instructions for Step 1 again and the resulting log file is attached as 'Fixlog_d20210912t1359.txt'

I'm not going to have access to the problem machine for the for about a week so please don't think I'm ignoring any comments or suggestions you post.

 

[PeterJ]

I had a look at the 'Fixlog_d20210912t1350.txt' from Step 1 and think there might have been an oversight in the 'fixlist.txt' file provided.

Good spot

I'm not going to have access to the problem machine for the for about a week so please don't think I'm ignoring any comments or suggestions you post.

No problem. We just wait for your next reply.

Provide the Components Hive
1. Navigate to C:\Windows\System32\Config and locate the COMPONENTS file.
2. Please copy this file to your desktop.
Note: If you receive an error that this file is in-use, simply reboot your computer and try again. Note: If you find that you need to reboot and are unable to because this is a server then try Option#2 below.
3. Right-click on this file on your desktop and select Send To...Compressed (zipped) folder. This will create a file named COMPONENTS.ZIP on your desktop.
4. The file will likely be too large to upload here so please upload to Filedropper or WeTransfer and just provide the link here.

---

Option#2 (only if you are unable to follow the previous instructions)

• Please download the Freeware RegBak from here: Acelogix Software - Download products
  You will find it at the bottom of the page that the link brings you to.
• Go ahead and install this program and accept all the defaults. After the last install screen the program should open.
• Click the New Backup button. Accept the defaults and simply click Start.
• When it says Finished successfully, click the Close button.
• This will bring you back to the main screen of the program. You will see one entry in this list with the date that you did it. Right-click on this line-item and select Explore Backup...
• This will bring you into the folder where the backup was made. You should see a Users folder and a Windows folder along with a couple other files. Double-click on the Windows folder to open it. Then open the System32 folder and then config folder. You should see around 6 files in here, one of which is named COMPONENTS.
• Copy the COMPONENTS file to your Desktop. If the COMPONENTS file does not exist, please fetch it instead from C:\Windows\System32\config\COMPONENTS.
• Now right-click on the COMPONENTS file that is on your desktop and select Send to > Compressed (zipped) folder.
• Then please upload the zip file (COMPONENTS.zip) to your favourite file sharing website (it will be too big to upload here). Examples of services to upload to are Filedropper or One Drive or WeTransfer and then just provide the link in your reply.
• You can close any open windows you have as well as the RegBak program now.

 

[DRQ]

Hi,
I think I managed to follow option #1. The zipped file should be at:
components.zip
If there are any problems then please let me know, I've not used wetransfer before.

 

[DRQ]

Hi,
I had a message that suggested that the WeTransfer was due to expire on 26th September. If I need to upload then please let me know.