BSOD system in a loop

[Maurice Naggar]

NOTEs just to be clearer and to be sure that you and I do not lose track of some things.
This Windows system ( on this machine) has the Windows System Restore function "off" or not enabled. Which means that we cannot think of using a Restore operation to get a prior working Windows configuration. and then, that is why we need to be able to get into one of the safe modes in order to make some adjustments.

I thought the earliest fix run would have managed to enable the display of the Windows Boot Manager ( even if just for a few seconds).
This would be very handy.

Is your Dell machine a Dell XPS 15 ?

[1yellowbird]

I am not near my laptop at the present moment.  I saw your post from yesterday (page 2), I saw the boot manager but missed your comment to hit F8 (my bad).  From your earlier post, I was able to get to safe mode.  
I saw this post from Microsoft on how to do a clean boot (from safe mode) that has more functionality than save mode.

https://answers.microsoft.com/en-us/windows/forum/all/in-safe-mode-recovery/6d7be923-08aa-41c4-9000-809c53b3a62b

I plan to do a clean boot on Saturday when I get back.  Are you familiar with the clean boot?  Before I begin, I’ll check if you have a reply.

[1yellowbird]

My machine is a laptop Dell XPS 15 7590.

[AdvancedSetup]

Pardon the intrusion, @1yellowbird

Please start an elevated admin command prompt in either Safe Mode, Recovery Mode, or Normal Mode and copy and paste the following.

Then try to restart into Normal Mode and let me know if the computer still experiences a BSOD or not.

 

SC DELETE lmfilter 

Post back what that command says

 

I'm pretty sure this is due to a program that does not appear to be installed anymore called Folder Lock

S2 lmfilter; C:\WINDOWS\system32\drivers\lmfilter.sys [89488 2018-11-29] (FOSHAN CHENXING TECH,CO.,LTD -> )

The command above will remove that service.

Thanks

 

 

Edited May 6, 2022 by AdvancedSetup
Updated information

[Maurice Naggar]

Hello @1yellowbird, and thank you @AdvancedSetup

Do do as suggested above. and yes, when appropriate, we often suggest a "clean boot start" in cases such as yours. and since a normal start fails, we have to count on being able to get to one of the "Safe modes" in order to actually do that process of reducing un-necessary program loads. You have a Windows 11 so you may study this:
Perform a Clean Boot in Windows 11 to Troubleshoot Software Conflicts
https://www.elevenforum.com/t/perform-a-clean-boot-in-windows-11-to-troubleshoot-software-conflicts.2787/

Of the "safe" modes, The choice that I do need you to select is "Safe mode With Networking" so that there's internet capability & so you can, as needed, potentially download some other tools. I will guide you. 

• Be real sure to write down on notes the changes / adjustments that you make. So that later, when case is resolved, you can re-re-adjust things back to normal.

 

Edited May 6, 2022 by AdvancedSetup
Corrected font issue

[Maurice Naggar]

@1yellowbird I need to add a caution and also encouragement. Mainly to not rush anything on your own. Nor make changes or adjustments on your own without my guidance. If you run into a problem, Stop and ask first and wait. If something is not clear, ask first. On the plus side:

• The auto-starts that I had wanted to be removed, have been covered by the 2 fix runs that were done.
• The Windows System File Checker did not find issues. The Windows DISM tool did well.
• Looking over the fix runs, I do see that the capability for the display of Windows Boot Manager is in place.
• The Microsoft Defender antivirus seems to be in good shape & we will be able to use it to do scans as needed ( I will guide you).

[1yellowbird]

I put in the command.  It came back file not found.  cd.. C:\wondows\system32\drivers\  seaeched for im*.* file not found.  Still in safe mode.(shut down, restarted, came up with stop code. memory error see imfilter.sys went back to safe mode.

[Maurice Naggar]

The driver name is LMFILTER

Go slow. do you mean just plain "safe mode" ?

I keep hoping that you will get the system into :Safe mode with Networking" ....I want the system to be able to have internet capability

The reference to the driver may well be only in registry. I need you to please stop and allow me to guide you

Edited May 7, 2022 by Maurice Naggar

[Maurice Naggar]

You have FRST64 on the system. I believe at folder c:\windows 

Please do this special  search.

Find & then start FRST64

Type the following ( better yet, use COPY then Paste) into the search box exactly as shown  then press the Search Files button

SearchAll: LMFILTER

Please wait while the program searches for all entries relating to this , when done a search.txt log will be saved to the desktop. Please attach this log to your next reply.

Edited May 7, 2022 by Maurice Naggar
corrected typos

[AdvancedSetup]

The search is not an ( i eye) it is an ( l L el ) 

 

[Maurice Naggar]

@1yellowbird Kindly advise, Is the Searchall in progress ? https://forums.malwarebytes.com/topic/286166-bsod-system-in-a-loop/?do=findComment&comment=1514577

 

Edited May 7, 2022 by Maurice Naggar

[1yellowbird]

it worked!  I'm replying from my laptop in normal mode.  I restarted in normal mode 3 times with no problem.

Thanks to both AdvancedSetup and Maurice for all the help you provided.  And I always thought the problem was with imfilter.sys not lmfilter.sys 

Search.txt

[Maurice Naggar]

Cool. If the pc is now in normal mode, I need you to re-confirm that  and stick around please.  We have more to do.

[Maurice Naggar]

****next possible opportunity
turn ON System Restore
https://www.elevenforum.com/t/turn-on-or-off-system-protection-for-drives-in-windows-11.3598/
and Create one Restore point
https://www.elevenforum.com/t/create-system-restore-point-in-windows-11.3602/

More to do after that. Keep me advised 

Edited May 7, 2022 by Maurice Naggar

[Maurice Naggar]

In addition to turning on the System Restore { see preceding reply} here are the other additional measures to take.
[ 1 ]
I would highly suggest to insure that this pc is all up-to-date with security updates & cumulative upates on Windows. select the Windows Start  button, and then go to Settings  > Update & Security  > Windows Update . and click Check for Updates.
Have much patience.
[ 2 ]

 Do a quick scan with Microsoft Defender Antivirus 

Just want to do a visual check in Windows Security to see (visually) that Microsoft Defender is on , and to do a Custom scan.

From the Windows Start menu, select Settings, then select Update and Security.

Next, look at the left-side menu & select Windows Security

Next, In Windows Security section: Click on the grey button Open Windows Security

Now, click on the shield Virus and threat protection

Look to see that Microsoft Defender is shown & available for use.

On the next display, look at all the options.  Look down the list and see "Check for Updates" .

You should click on that to have the system check for updates for Windows Defender.  Watch & wait for that to complete.

Please also note that the Scan options (all) can be displayed by clicking on Scan options.   Click that & select QUICK scan 

[ 3 ]

Your machine has the FRSTENGLISH report tool on the Downloads folder. We will use that. Go to Downloads folder. RIGHT-click on FRSTENGLISH and select 

Run as Administrator

and tap ENTER. And reply YES to allow to proceed.  

•  When the tool opens click Yes to the disclaimer.  And be very sure to TICK the box for Addition.txt
• Press the Scan button.

• It will make a log (FRST.txt & Addition.txt) in the same directory the tool is run
• Have patience since the run may take something like 10 or so minutes  (less depending on your hardware speed)
• Close Notepad IF those show up on Notepad.
• Just please Attach the 2 files FRST.txt +Addition.txt  with your next reply.

[1yellowbird]

I turned on system restore and created the 1st restore point.  Here is the results of the scan with frst scan and a scan in defender.  Note:  running frstengish didn't give me the option to run as administrator.  I am the administrator with my username.

Addition.txt FRST.txt Search.txt

[Maurice Naggar]

Thank you. Will review. And I will have a new custom fix script for this machine.

[Maurice Naggar]

This custom script is for  1yellowbird  only / for this machine only.

Be very sure to Save any work-files you have open at this point. Close & Save any open edits, if any. Next, a custom script to do  checks & some  cleanups. This is really just housekeping with small cleanups.

We will use FRSTEnglish  on the Downloads  folder to run a custom script.    The system will be rebooted after the script has run.

This custom script has some specific things, plus some general aspect to help the system overall.  

NOTE-1:  This script will  run a scan using System File Checker to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. .  It will clear the cache files on Brave and Edge browsers.

• It will upload lmfilter.sys to Virustotal for analysis & then it will remove it
• It will cleanup one registry value that has a class value "lmfilter".
• It will remove FRST64 from the Windows folder   ( we do not want it there. Plus there is FRSTENGLISH at the Downloads folder.)
• It will attempt to update Microsoft Defender and do one new quick scan
• It will queue up a CHKDSK for the next time this machine is Restarted
• Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.

 

• If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.
• Please save the (attached file named) FIXLIST.txt   to the   Downloads   folder

Fixlist.txt        <<< - - - - -

Then, Start the Windows Explorer and then, go  to the Downloads   folder.

Start FRSTENGLISH    .  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

• IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

• on the FRST window:

Click the Fix button just once, and wait.

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. 
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

CHKDSK will run a disc check on next machine Restart.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity.

[1yellowbird]

 Attached is the fixlog.tx

Fixlog.txt

[Maurice Naggar]

Thank you. Run is good. LMFILTER.sys is removed. Interestingly, Virustotal shows that no A-V engine considers it as malicious.
I would recommend getting a report on the update status of some key apps.

• Download SecurityCheck by glax24 from here  https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
• and save the tool on the desktop.
• If Windows's  SmartScreen block that with a message-window, then
• Click on the MORE INFO spot and over-ride that and allow it to proceed.

                               This tool is safe.   Smartscreen is overly sensitive.

Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

Let me know

• If you'd like me to guide you to have the free latest Malwarebytes for Windows let me know.
• Let me know if you need anything else.
• On the next pass, I expect I will guide you to tools cleanup.

[1yellowbird]

Here is the log of Security Check and the search test run as administrator.

I'M THINKING OF USING McAfee Total Protection PC provided by Cox for this PC.  To provide basic antivirus protection, tracker remover, and secure apps.  What do you think.  

I'm a little leery  about loading and running malwarebytes at this time.  I'm still not over this experience.

 

Search.txt WindowsUpdate.log SecurityCheck.txt Search.txt

[AdvancedSetup]

38 minutes ago, 1yellowbird said:

I'M THINKING OF USING McAfee Total Protection PC provided by Cox for this PC.  To provide basic antivirus protection, tracker remover, and secure apps.

This update issue was due to a bad service image from a left over installation of a program that was no longer on your system. The logs do not indicate that it was due to Malwarebytes.

 

[1yellowbird]

I did an update of malwarebytes than ran into the problem.  I was able to load safe mode and removed antivirus in the program.  When I loaded the system in normal mode, I tried to uninstall malwarebytes.  Windows couldn't uninstall. Said go to the manufacture site.  I did.  Ran the program to uninstall malwarebytes (their website) it said successful uninstall.  Then I couldn't startup again in normal mode.  I know the uninstall program was malwarebytes.  Said I'd never install it again after what I went through.

[Maurice Naggar]

Hello. Thanks for the SecurityCheck report. As to the Windows update log, if you were wanting to get actual detail, one would have to run a powershell run to get actual data.
I am not familiar with McAfee Total protection. That aside, this Windows OS does have the Microsoft Defender antivirus up-to-date with all of its components, including its firewall on. The Fixlist script I had you run made sure to cover that. As to SecurityCheck there are several apps that need updating to latest release.
KeePassXC v.2.6.6  Warning! Download Update

Microsoft Silverlight v.5.1.50918.0  Warning! This software is no longer supported.  <<UNINSTALL

NVIDIA GeForce Experience 3.17.0.126 v.3.17.0.126  Warning! Download Update

Backup and Sync from Google v.3.57.4256.0809  Warning! This software is no longer supported. Please use Google Drive.

7-Zip 19.00 (x64) v.19.00 Warning! Download Update
Uninstall old version and install new one.

Picasa 3 v.3.9.141.259  Warning! This software is no longer supported.

VLC media player v.3.0.12  Warning! Download Update

Audacity 2.4.2 v.2.4.2  Warning! Download Update

GNU Privacy Guard v.2.3.4  Warning! Download Update

Gpg4win (4.0.0) v.4.0.0  Warning! Download Update

As to CCleaner, ever since Piriform sold it to another entity, most security colleagues have recommended to uninstall it. Instead, one can use the Windows built-in ""CLEANMGR"" applet (a.k.a. Disk Cleanup). That is used to remove a range of temporary files, including also old Windows setup-install work files.

We are at a point where we can cleanup the tools we used.
To remove the FRSTENGLISH tool & its work files, do this. Go to your Downloads folder. Do a RIGHT-click on FRSTENGLISH.exe & select RENAME & then change it to

UNINSTALL.exe

.
Then run that ( double click on it) to begin the cleanup process.

Delete mb-support-1.8.7.918 on Downloads folder
Delete SecurityCheck.exe

Any other download file I had you download, you may delete.
Consider using PatchMyPC, keep all your software up-to-date - https://patchmypc.com/home-updater#download

Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

The special USB-flash-thumb drive should be kept in a secure spot, just in case it may be needed in future. It is a handy recovery tool. And now of course, this system has the settings in place to enable and have the Windows Boot Manager display. A significant resource if needed.
I am pleased to have helped you along.

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you