Maurice Naggar Posted May 5, 2022 ID:1514204 Share Posted May 5, 2022 NOTEs just to be clearer and to be sure that you and I do not lose track of some things. This Windows system ( on this machine) has the Windows System Restore function "off" or not enabled. Which means that we cannot think of using a Restore operation to get a prior working Windows configuration. and then, that is why we need to be able to get into one of the safe modes in order to make some adjustments. I thought the earliest fix run would have managed to enable the display of the Windows Boot Manager ( even if just for a few seconds). This would be very handy. Is your Dell machine a Dell XPS 15 ? Link to post Share on other sites More sharing options...
1yellowbird Posted May 6, 2022 Author ID:1514274 Share Posted May 6, 2022 I am not near my laptop at the present moment. I saw your post from yesterday (page 2), I saw the boot manager but missed your comment to hit F8 (my bad). From your earlier post, I was able to get to safe mode. I saw this post from Microsoft on how to do a clean boot (from safe mode) that has more functionality than save mode. https://answers.microsoft.com/en-us/windows/forum/all/in-safe-mode-recovery/6d7be923-08aa-41c4-9000-809c53b3a62b I plan to do a clean boot on Saturday when I get back. Are you familiar with the clean boot? Before I begin, I’ll check if you have a reply. Link to post Share on other sites More sharing options...
1yellowbird Posted May 6, 2022 Author ID:1514276 Share Posted May 6, 2022 My machine is a laptop Dell XPS 15 7590. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted May 6, 2022 Root Admin ID:1514290 Share Posted May 6, 2022 (edited) Pardon the intrusion, @1yellowbird Please start an elevated admin command prompt in either Safe Mode, Recovery Mode, or Normal Mode and copy and paste the following. Then try to restart into Normal Mode and let me know if the computer still experiences a BSOD or not. SC DELETE lmfilter Post back what that command says I'm pretty sure this is due to a program that does not appear to be installed anymore called Folder Lock S2 lmfilter; C:\WINDOWS\system32\drivers\lmfilter.sys [89488 2018-11-29] (FOSHAN CHENXING TECH,CO.,LTD -> ) The command above will remove that service. Thanks Edited May 6, 2022 by AdvancedSetup Updated information 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 6, 2022 ID:1514334 Share Posted May 6, 2022 (edited) Hello @1yellowbird, and thank you @AdvancedSetup Do do as suggested above. and yes, when appropriate, we often suggest a "clean boot start" in cases such as yours. and since a normal start fails, we have to count on being able to get to one of the "Safe modes" in order to actually do that process of reducing un-necessary program loads. You have a Windows 11 so you may study this:Perform a Clean Boot in Windows 11 to Troubleshoot Software Conflictshttps://www.elevenforum.com/t/perform-a-clean-boot-in-windows-11-to-troubleshoot-software-conflicts.2787/ Of the "safe" modes, The choice that I do need you to select is "Safe mode With Networking" so that there's internet capability & so you can, as needed, potentially download some other tools. I will guide you. Be real sure to write down on notes the changes / adjustments that you make. So that later, when case is resolved, you can re-re-adjust things back to normal. Edited May 6, 2022 by AdvancedSetup Corrected font issue Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 6, 2022 ID:1514340 Share Posted May 6, 2022 @1yellowbird I need to add a caution and also encouragement. Mainly to not rush anything on your own. Nor make changes or adjustments on your own without my guidance. If you run into a problem, Stop and ask first and wait. If something is not clear, ask first. On the plus side: The auto-starts that I had wanted to be removed, have been covered by the 2 fix runs that were done. The Windows System File Checker did not find issues. The Windows DISM tool did well. Looking over the fix runs, I do see that the capability for the display of Windows Boot Manager is in place. The Microsoft Defender antivirus seems to be in good shape & we will be able to use it to do scans as needed ( I will guide you). Link to post Share on other sites More sharing options...
1yellowbird Posted May 7, 2022 Author ID:1514570 Share Posted May 7, 2022 I put in the command. It came back file not found. cd.. C:\wondows\system32\drivers\ seaeched for im*.* file not found. Still in safe mode.(shut down, restarted, came up with stop code. memory error see imfilter.sys went back to safe mode. Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 7, 2022 ID:1514572 Share Posted May 7, 2022 (edited) The driver name is LMFILTER Go slow. do you mean just plain "safe mode" ? I keep hoping that you will get the system into :Safe mode with Networking" ....I want the system to be able to have internet capability The reference to the driver may well be only in registry. I need you to please stop and allow me to guide you Edited May 7, 2022 by Maurice Naggar Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 7, 2022 ID:1514577 Share Posted May 7, 2022 (edited) You have FRST64 on the system. I believe at folder c:\windows Please do this special search. Find & then start FRST64 Type the following ( better yet, use COPY then Paste) into the search box exactly as shown then press the Search Files button SearchAll: LMFILTER Please wait while the program searches for all entries relating to this , when done a search.txt log will be saved to the desktop. Please attach this log to your next reply. Edited May 7, 2022 by Maurice Naggar corrected typos Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted May 7, 2022 Root Admin ID:1514581 Share Posted May 7, 2022 The search is not an ( i eye) it is an ( l L el ) Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 7, 2022 ID:1514583 Share Posted May 7, 2022 (edited) @1yellowbird Kindly advise, Is the Searchall in progress ? https://forums.malwarebytes.com/topic/286166-bsod-system-in-a-loop/?do=findComment&comment=1514577 Edited May 7, 2022 by Maurice Naggar Link to post Share on other sites More sharing options...
1yellowbird Posted May 7, 2022 Author ID:1514585 Share Posted May 7, 2022 it worked! I'm replying from my laptop in normal mode. I restarted in normal mode 3 times with no problem. Thanks to both AdvancedSetup and Maurice for all the help you provided. And I always thought the problem was with imfilter.sys not lmfilter.sys Search.txt 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 7, 2022 ID:1514588 Share Posted May 7, 2022 Cool. If the pc is now in normal mode, I need you to re-confirm that and stick around please. We have more to do. Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 7, 2022 ID:1514590 Share Posted May 7, 2022 (edited) ****next possible opportunity turn ON System Restorehttps://www.elevenforum.com/t/turn-on-or-off-system-protection-for-drives-in-windows-11.3598/ and Create one Restore pointhttps://www.elevenforum.com/t/create-system-restore-point-in-windows-11.3602/ More to do after that. Keep me advised Edited May 7, 2022 by Maurice Naggar Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 7, 2022 ID:1514598 Share Posted May 7, 2022 In addition to turning on the System Restore { see preceding reply} here are the other additional measures to take.[ 1 ] I would highly suggest to insure that this pc is all up-to-date with security updates & cumulative upates on Windows. select the Windows Start button, and then go to Settings > Update & Security > Windows Update . and click Check for Updates. Have much patience.[ 2 ] Do a quick scan with Microsoft Defender Antivirus Just want to do a visual check in Windows Security to see (visually) that Microsoft Defender is on , and to do a Custom scan. From the Windows Start menu, select Settings, then select Update and Security. Next, look at the left-side menu & select Windows Security Next, In Windows Security section: Click on the grey button Open Windows Security Now, click on the shield Virus and threat protection Look to see that Microsoft Defender is shown & available for use. On the next display, look at all the options. Look down the list and see "Check for Updates" . You should click on that to have the system check for updates for Windows Defender. Watch & wait for that to complete. Please also note that the Scan options (all) can be displayed by clicking on Scan options. Click that & select QUICK scan [ 3 ] Your machine has the FRSTENGLISH report tool on the Downloads folder. We will use that. Go to Downloads folder. RIGHT-click on FRSTENGLISH and select Run as Administrator and tap ENTER. And reply YES to allow to proceed. When the tool opens click Yes to the disclaimer. And be very sure to TICK the box for Addition.txt Press the Scan button. It will make a log (FRST.txt & Addition.txt) in the same directory the tool is run Have patience since the run may take something like 10 or so minutes (less depending on your hardware speed) Close Notepad IF those show up on Notepad. Just please Attach the 2 files FRST.txt +Addition.txt with your next reply. Link to post Share on other sites More sharing options...
1yellowbird Posted May 7, 2022 Author ID:1514644 Share Posted May 7, 2022 I turned on system restore and created the 1st restore point. Here is the results of the scan with frst scan and a scan in defender. Note: running frstengish didn't give me the option to run as administrator. I am the administrator with my username. Addition.txt FRST.txt Search.txt 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 7, 2022 ID:1514648 Share Posted May 7, 2022 Thank you. Will review. And I will have a new custom fix script for this machine. Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted May 7, 2022 Solution ID:1514652 Share Posted May 7, 2022 This custom script is for 1yellowbird only / for this machine only. Be very sure to Save any work-files you have open at this point. Close & Save any open edits, if any. Next, a custom script to do checks & some cleanups. This is really just housekeping with small cleanups. We will use FRSTEnglish on the Downloads folder to run a custom script. The system will be rebooted after the script has run. This custom script has some specific things, plus some general aspect to help the system overall. NOTE-1: This script will run a scan using System File Checker to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. . It will clear the cache files on Brave and Edge browsers. It will upload lmfilter.sys to Virustotal for analysis & then it will remove it It will cleanup one registry value that has a class value "lmfilter". It will remove FRST64 from the Windows folder ( we do not want it there. Plus there is FRSTENGLISH at the Downloads folder.) It will attempt to update Microsoft Defender and do one new quick scan It will queue up a CHKDSK for the next time this machine is Restarted Please be sure to Close any open work files, documents, any apps you started yourself before starting this. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. Please save the (attached file named) FIXLIST.txt to the Downloads folder Fixlist.txt <<< - - - - - Then, Start the Windows Explorer and then, go to the Downloads folder. Start FRSTENGLISH . Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. CHKDSK will run a disc check on next machine Restart. Please attach the FIXLOG.txt with your next reply later, at your next opportunity. 1 Link to post Share on other sites More sharing options...
1yellowbird Posted May 7, 2022 Author ID:1514664 Share Posted May 7, 2022 Attached is the fixlog.tx Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 8, 2022 ID:1514668 Share Posted May 8, 2022 Thank you. Run is good. LMFILTER.sys is removed. Interestingly, Virustotal shows that no A-V engine considers it as malicious. I would recommend getting a report on the update status of some key apps. Download SecurityCheck by glax24 from here https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe and save the tool on the desktop. If Windows's SmartScreen block that with a message-window, then Click on the MORE INFO spot and over-ride that and allow it to proceed. This tool is safe. Smartscreen is overly sensitive. Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt Let me know If you'd like me to guide you to have the free latest Malwarebytes for Windows let me know. Let me know if you need anything else. On the next pass, I expect I will guide you to tools cleanup. 1 Link to post Share on other sites More sharing options...
1yellowbird Posted May 8, 2022 Author ID:1514673 Share Posted May 8, 2022 Here is the log of Security Check and the search test run as administrator. I'M THINKING OF USING McAfee Total Protection PC provided by Cox for this PC. To provide basic antivirus protection, tracker remover, and secure apps. What do you think. I'm a little leery about loading and running malwarebytes at this time. I'm still not over this experience. Search.txt WindowsUpdate.log SecurityCheck.txt Search.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted May 8, 2022 Root Admin ID:1514679 Share Posted May 8, 2022 38 minutes ago, 1yellowbird said: I'M THINKING OF USING McAfee Total Protection PC provided by Cox for this PC. To provide basic antivirus protection, tracker remover, and secure apps. This update issue was due to a bad service image from a left over installation of a program that was no longer on your system. The logs do not indicate that it was due to Malwarebytes. 1 Link to post Share on other sites More sharing options...
1yellowbird Posted May 8, 2022 Author ID:1514733 Share Posted May 8, 2022 I did an update of malwarebytes than ran into the problem. I was able to load safe mode and removed antivirus in the program. When I loaded the system in normal mode, I tried to uninstall malwarebytes. Windows couldn't uninstall. Said go to the manufacture site. I did. Ran the program to uninstall malwarebytes (their website) it said successful uninstall. Then I couldn't startup again in normal mode. I know the uninstall program was malwarebytes. Said I'd never install it again after what I went through. Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 8, 2022 ID:1514738 Share Posted May 8, 2022 Hello. Thanks for the SecurityCheck report. As to the Windows update log, if you were wanting to get actual detail, one would have to run a powershell run to get actual data. I am not familiar with McAfee Total protection. That aside, this Windows OS does have the Microsoft Defender antivirus up-to-date with all of its components, including its firewall on. The Fixlist script I had you run made sure to cover that. As to SecurityCheck there are several apps that need updating to latest release. KeePassXC v.2.6.6 Warning! Download Update Microsoft Silverlight v.5.1.50918.0 Warning! This software is no longer supported. <<UNINSTALL NVIDIA GeForce Experience 3.17.0.126 v.3.17.0.126 Warning! Download Update Backup and Sync from Google v.3.57.4256.0809 Warning! This software is no longer supported. Please use Google Drive. 7-Zip 19.00 (x64) v.19.00 Warning! Download UpdateUninstall old version and install new one. Picasa 3 v.3.9.141.259 Warning! This software is no longer supported. VLC media player v.3.0.12 Warning! Download Update Audacity 2.4.2 v.2.4.2 Warning! Download Update GNU Privacy Guard v.2.3.4 Warning! Download Update Gpg4win (4.0.0) v.4.0.0 Warning! Download Update As to CCleaner, ever since Piriform sold it to another entity, most security colleagues have recommended to uninstall it. Instead, one can use the Windows built-in ""CLEANMGR"" applet (a.k.a. Disk Cleanup). That is used to remove a range of temporary files, including also old Windows setup-install work files. We are at a point where we can cleanup the tools we used. To remove the FRSTENGLISH tool & its work files, do this. Go to your Downloads folder. Do a RIGHT-click on FRSTENGLISH.exe & select RENAME & then change it to UNINSTALL.exe . Then run that ( double click on it) to begin the cleanup process. Delete mb-support-1.8.7.918 on Downloads folder Delete SecurityCheck.exe Any other download file I had you download, you may delete. Consider using PatchMyPC, keep all your software up-to-date - https://patchmypc.com/home-updater#download Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware. The special USB-flash-thumb drive should be kept in a secure spot, just in case it may be needed in future. It is a handy recovery tool. And now of course, this system has the settings in place to enable and have the Windows Boot Manager display. A significant resource if needed. I am pleased to have helped you along. 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 8, 2022 ID:1514750 Share Posted May 8, 2022 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts