SteveECrane
Active member
Hello ... and good afternoon!
Over a month ago, my Windows 10 Pro laptop performed a Windows Update which, until then, I had previously postponed and then prevented. For some reason, this update previously screwed with my system (a Win10 installation I run almost solely as a Steinberg Cubase-based music DAW) when it first attempted to install late last year. At that time I rolled back all the changes and employed some hacks I obtained online in order to prevent Windows Update from automatically running and forcing me to install said update(s) - 'improvements' I did not need nor want. (Note: Music DAW's are highly-specialist environments which require fine-tuning to run optimally, especially in respect of driver versions, many of which can cause high DPC latency: graphics, Wi-Fi, Ethernet, power management settings, etc.).
Thankfully, all was fine until...
Somehow, around Christmastime, something must've altered to negate the hack I had applied because my system once again downloaded the aforementioned update (and some other stuff) in order to attempt another install. Due to family and health issues, I merely postponed the update for the maximum time available, namely 30 days ... and then promptly forgot about preventing it from taking place. My bad!
So...
I awoke one Monday around 3 weeks ago to find the updates had been applied ... and my system was entirely unusable as it was stuck in some OOBE loop. I subsequently spent 4 days nursing it back to some resemblance of health such that I could at least log on! However, there were no Restore points remaining to roll back the previous changes (I manually create them regularly before I make any significant changes but they were all now gone - ALL of them!) and the ones generated automatically were missing too, with the system restore function itself now turned off as well(!). None of the automatic Windows recovery options (or any involving my manual intervention) which ran after multiple re-boots would work either! Trust me, I exhausted everything!
Suspecting malware or an infection of some kind, I managed to run Malwarebytes but it found nothing. One critical thing I did notice, however, was that whenever ANY app or system function was performed - from clicking on menus to running system apps - a svchost.exe hosted CryptSvc process would hog circa 20% of the CPU resource for around 1-2 minutes before 'allowing' the required program to execute. Killing C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s CryptSvc using the SysInternals Task Manager replacement (Process Explorer) would immediately allow the underlying app to run, executing near-instantaneously.
This is how I've had to manage for almost 3 weeks. Recording and processing music is nightmarish!!!
Unfortunately, there is so much music-production software installed on this machine (including some legacy s/w I don't believe I have the installers for) that I could not afford the time to scrub it and start again - which would now be my first choice - as this is a 3-4 day exercise minimum and I utilise this laptop to teach with. [Note: I did have a full SSD back-up of the system drive with all the apps but I ended up employing it for more music production sample libraries I was bought for Christmas and never got around to replacing them and backing up. :-( Yeah, yeah, I know!!!). Ergo, I set about repairing the damage by initially running SFC /SCANNOW:
Windows Resource Protection found corrupt files but was unable to fix some of them.
For online repairs, details are included in the CBS log file located at
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
repairs, details are included in the log file provided by the /OFFLOGFILE flag.
On the basis of this, I then attempted to employ DISM /Online /Cleanup-Image /RestoreHealth ... but got nowhere:
Deployment Image Servicing and Management tool
Version: 10.0.19041.1
Image Version: 10.0.19041.1
[==========================100.0%==========================]
Error: 0x800f081f
The source files could not be found.
Use the "Source" option to specify the location of the files that are required to restore the feature. For more information on specifying a source location, see Configure a Windows Repair Source.
The DISM log file can be found at C:\WINDOWS\Logs\DISM\dism.log
Following these errors, in order to remedy what appeared to be a corrupted WinSXS file repository and required files residing elsewhere, I downloaded a suitable Win10 ISO from Microsoft and attempted to use the following DISM command: DISM /Online /Cleanup-Image /RestoreHealth /Source:ESD:D:\Source_Install_ESD\Install.esd:6 /LimitAccess which resulted in this:
Deployment Image Servicing and Management tool
Version: 10.0.19041.1
Image Version: 10.0.19041.1
[==========================100.0%==========================]
Error: 0x800f081f
The source files could not be found.
Use the "Source" option to specify the location of the files that are required to restore the feature. For more information on specifying a source location, see [URL='https://go.microsoft.com/fwlink/?LinkId=243077']Configure a Windows Repair Source[/URL].
The DISM log file can be found at C:\WINDOWS\Logs\DISM\dism.log
Note: The source file(s) DO exist - I'd verified them! Some online posts indicated that Win10 could not address an ESD directly (contradicting others!), so I attempted to create a WIM instead, having checked the Win10 ISO download with this DISM/Get-WimInfo /WimFile:D:\Source_Install_ESD\install.esd :
Index : 6
Name : Windows 10 Pro
Description : Windows 10 Pro
Size : 15,583,732,666 bytes
and then ran this DISM /export-image /SourceImageFile:D:\Source_Install_ESD\Install.esd /SourceIndex:6 /DestinationImageFile:D:\Source_Install_WIM\Install.wim /Compress:max /CheckIntegrity
which resulted in this:
Deployment Image Servicing and Management tool
Version: 10.0.19041.1
Exporting image
[======== 15.0% ]
Error: 605
The specified buffer contains ill-formed data.
The DISM log file can be found at C:\WINDOWS\Logs\DISM\dism.log
I double-checked the health of everything first using: DISM /Online /Cleanup-Image /CheckHealth and received:
Deployment Image Servicing and Management tool
Version: 10.0.19041.1
Image Version: 10.0.19041.1
The component store is repairable.
The operation completed successfully.
and this: DISM /online /cleanup-image /scanhealth resulted in:
Deployment Image Servicing and Management tool
Version: 10.0.19041.1
Image Version: 10.0.19041.1
[==========================100.0%==========================]
The component store is repairable.
The operation completed successfully.
I've also tried stopping Cryptographic Services and renaming Catroot to Catrootold to force a rebuild of that, as well as deleting the HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root entry forcing it to rebuild the Root Cert store.
I even tried re-installing a Win10 installation over the current one using the Win10 image I had downloaded ... but that failed too! Absolutely nothing has worked - I am still having to kill the CryptSvc process whenever I open a new app or starting a new process if I want either to complete in a reasonable timeframe!
Finally, MemTest86 reports no errors either ... hence I'm here!
So, attached is the results of the latest SysnativeFileCollectionApp.exe v5.0.1 utility suite. Any advice or approach gratefully received.
PS It seems the forum is taking the ": D" - without whitespace - and turning it into a Smily!!! I'm not sure how to prevent this...
Over a month ago, my Windows 10 Pro laptop performed a Windows Update which, until then, I had previously postponed and then prevented. For some reason, this update previously screwed with my system (a Win10 installation I run almost solely as a Steinberg Cubase-based music DAW) when it first attempted to install late last year. At that time I rolled back all the changes and employed some hacks I obtained online in order to prevent Windows Update from automatically running and forcing me to install said update(s) - 'improvements' I did not need nor want. (Note: Music DAW's are highly-specialist environments which require fine-tuning to run optimally, especially in respect of driver versions, many of which can cause high DPC latency: graphics, Wi-Fi, Ethernet, power management settings, etc.).
Thankfully, all was fine until...
Somehow, around Christmastime, something must've altered to negate the hack I had applied because my system once again downloaded the aforementioned update (and some other stuff) in order to attempt another install. Due to family and health issues, I merely postponed the update for the maximum time available, namely 30 days ... and then promptly forgot about preventing it from taking place. My bad!
So...
I awoke one Monday around 3 weeks ago to find the updates had been applied ... and my system was entirely unusable as it was stuck in some OOBE loop. I subsequently spent 4 days nursing it back to some resemblance of health such that I could at least log on! However, there were no Restore points remaining to roll back the previous changes (I manually create them regularly before I make any significant changes but they were all now gone - ALL of them!) and the ones generated automatically were missing too, with the system restore function itself now turned off as well(!). None of the automatic Windows recovery options (or any involving my manual intervention) which ran after multiple re-boots would work either! Trust me, I exhausted everything!
Suspecting malware or an infection of some kind, I managed to run Malwarebytes but it found nothing. One critical thing I did notice, however, was that whenever ANY app or system function was performed - from clicking on menus to running system apps - a svchost.exe hosted CryptSvc process would hog circa 20% of the CPU resource for around 1-2 minutes before 'allowing' the required program to execute. Killing C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s CryptSvc using the SysInternals Task Manager replacement (Process Explorer) would immediately allow the underlying app to run, executing near-instantaneously.
This is how I've had to manage for almost 3 weeks. Recording and processing music is nightmarish!!!
Unfortunately, there is so much music-production software installed on this machine (including some legacy s/w I don't believe I have the installers for) that I could not afford the time to scrub it and start again - which would now be my first choice - as this is a 3-4 day exercise minimum and I utilise this laptop to teach with. [Note: I did have a full SSD back-up of the system drive with all the apps but I ended up employing it for more music production sample libraries I was bought for Christmas and never got around to replacing them and backing up. :-( Yeah, yeah, I know!!!). Ergo, I set about repairing the damage by initially running SFC /SCANNOW:
Windows Resource Protection found corrupt files but was unable to fix some of them.
For online repairs, details are included in the CBS log file located at
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
repairs, details are included in the log file provided by the /OFFLOGFILE flag.
On the basis of this, I then attempted to employ DISM /Online /Cleanup-Image /RestoreHealth ... but got nowhere:
Deployment Image Servicing and Management tool
Version: 10.0.19041.1
Image Version: 10.0.19041.1
[==========================100.0%==========================]
Error: 0x800f081f
The source files could not be found.
Use the "Source" option to specify the location of the files that are required to restore the feature. For more information on specifying a source location, see Configure a Windows Repair Source.
The DISM log file can be found at C:\WINDOWS\Logs\DISM\dism.log
Following these errors, in order to remedy what appeared to be a corrupted WinSXS file repository and required files residing elsewhere, I downloaded a suitable Win10 ISO from Microsoft and attempted to use the following DISM command: DISM /Online /Cleanup-Image /RestoreHealth /Source:ESD:D:\Source_Install_ESD\Install.esd:6 /LimitAccess which resulted in this:
Deployment Image Servicing and Management tool
Version: 10.0.19041.1
Image Version: 10.0.19041.1
[==========================100.0%==========================]
Error: 0x800f081f
The source files could not be found.
Use the "Source" option to specify the location of the files that are required to restore the feature. For more information on specifying a source location, see [URL='https://go.microsoft.com/fwlink/?LinkId=243077']Configure a Windows Repair Source[/URL].
The DISM log file can be found at C:\WINDOWS\Logs\DISM\dism.log
Note: The source file(s) DO exist - I'd verified them! Some online posts indicated that Win10 could not address an ESD directly (contradicting others!), so I attempted to create a WIM instead, having checked the Win10 ISO download with this DISM/Get-WimInfo /WimFile:D:\Source_Install_ESD\install.esd :
Index : 6
Name : Windows 10 Pro
Description : Windows 10 Pro
Size : 15,583,732,666 bytes
and then ran this DISM /export-image /SourceImageFile:D:\Source_Install_ESD\Install.esd /SourceIndex:6 /DestinationImageFile:D:\Source_Install_WIM\Install.wim /Compress:max /CheckIntegrity
which resulted in this:
Deployment Image Servicing and Management tool
Version: 10.0.19041.1
Exporting image
[======== 15.0% ]
Error: 605
The specified buffer contains ill-formed data.
The DISM log file can be found at C:\WINDOWS\Logs\DISM\dism.log
I double-checked the health of everything first using: DISM /Online /Cleanup-Image /CheckHealth and received:
Deployment Image Servicing and Management tool
Version: 10.0.19041.1
Image Version: 10.0.19041.1
The component store is repairable.
The operation completed successfully.
and this: DISM /online /cleanup-image /scanhealth resulted in:
Deployment Image Servicing and Management tool
Version: 10.0.19041.1
Image Version: 10.0.19041.1
[==========================100.0%==========================]
The component store is repairable.
The operation completed successfully.
I've also tried stopping Cryptographic Services and renaming Catroot to Catrootold to force a rebuild of that, as well as deleting the HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root entry forcing it to rebuild the Root Cert store.
I even tried re-installing a Win10 installation over the current one using the Win10 image I had downloaded ... but that failed too! Absolutely nothing has worked - I am still having to kill the CryptSvc process whenever I open a new app or starting a new process if I want either to complete in a reasonable timeframe!
Finally, MemTest86 reports no errors either ... hence I'm here!
So, attached is the results of the latest SysnativeFileCollectionApp.exe v5.0.1 utility suite. Any advice or approach gratefully received.
PS It seems the forum is taking the ": D" - without whitespace - and turning it into a Smily!!! I'm not sure how to prevent this...
Last edited by a moderator:
