Jump to content

Uninstallation causing boot failure


Recommended Posts

I have a Win7Pro system that when I uninstall Emsisoft from the system, it creates a non-bootable system with an error 0xc000000e. LUCKILY, I have an image backup that has allowed me to restore it. I've isolated the issue to ensure nothing else was causing it.

This system is a local townships computer, so I have to return it to get them back up and running ASAP.
Link to comment
Share on other sites

What version of EAM was installed on the computer that had this issue?

 

If you have issues with a system becoming unbootable after uninstalling EAM, please try booting into the Recovery Mode and open a Command Prompt (I would believe it is in the "Troubleshooting" category). Once you're there, run regedit, and try the following:

1. Click on "HKEY_LOCAL_MACHINE" to select it.
2. Click on 'File' and select "Load Hive".
3. Load the system registry hive from the offline installation of Windows. The path should be as follows (note that the C: drive should be the Recovery Environment, and the D: drive should be the offline installation of Windows):
-- D:\Windows\System32\config\SYSTEM
4. Give it a name that's easy to find ("Offline-System" for instance).
5. If it wasn't expanded automatically, then expand "HKEY_LOCAL_MACHINE" and select the offline system registry hive you loaded.
6. Navigate to the following subkey (when you get to 'Classes' you can click on one of the subkeys, and then type out "{4d" to quickly jump to the fist entry that begins with that characters, and then use the down arrow on the keyboard to scroll through them until you find one that has an entry in the list on the right for 'Class' that has a value of 'DiskDrive' like in the screenshot at the bottom of my e-mail):
-- ...\ControlSet001\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}
7. Once you have the correct subkey selected, look in the list on the right for 'UpperFilters' (it's on the bottom of the list in my screenshot).
8. If the value for UpperFilters contains "eppdisk" like in my screenshot, then please try double-clicking on UpperFilters, and remove the line that says "eppdisk". If it does not, then skip steps #8 and #9, and let me know what it says (also see note below instructions).
9. Click 'OK' to save your changes. Regedit will display a warning message, however this does not mean that anything went wrong (it always displays this warning when editing this registry value).
10. Click in the list on the left again, and tap the left arrow key until it collapses everything except "HKEY_LOCAL_MACHINE".
11. Click on your imported offline system registry hive to select it.
12. Click on 'File', and select "Unload Hive".
13. Close regedit.
14. Type 'exit' into the Command Prompt, and this should shut off the computer.
15. Try starting the computer normally.

Note: You can export the {4D36E967-E325-11CE-BFC1-08002BE10318} registry key while the offline system hive is still loaded and send me the saved five if you would like. Simply right-click on a registry key (these are in the list on the left) and select 'Export' from the menu, and be sure to save it somewhere on the D: drive (or on removable media if you have some available). Sending us the export of the registry key will help us to determine what's going on.

Regedit_Finding_UpperFilters_Screenshot.png

Link to comment
Share on other sites

Thanks GT500.

I had to return the system back to the Township office after restoring a working image for now. David, from Emsisoft, provided similar instructions to yours as well last night.

I intend on attempting this process again my next available time slot. I'll keep you posted.

Link to comment
Share on other sites

11 hours ago, csatech said:

I intend on attempting this process again my next available time slot. I'll keep you posted.

Understandable.

One recommendation I have is to export that registry key (HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}) before installing EAM (Emsisoft Anti-Malware) so that we can go back and see how it's changed after you install EAM, as well as after you uninstall EAM.

Link to comment
Share on other sites

The same thing happened this morning on another system at the same location. I removed the entry from the registry and the system booted. I then applied the same repair to the original system after uninstalling EAM and rebooted. Interestingly, EAM must have had an "update" in the wind, so to speak, because after rebooting, EAM was installed again. I uninstalled it again and checked the registry; the problem setting wasn't there. 

All's well! Thanks for all the help!

Hat's off to all!

Link to comment
Share on other sites

7 hours ago, csatech said:

I removed the entry from the registry and the system booted.

You removed the UpperFilters registry value? Or reset it to the way it was before EAM was installed? <- Never mind. Obviously you removed eppdisk from UpperFilters, as the system wouldn't boot without the UpperFilters value. ;)

Were you able to get a registry export of the key the value is in before fixing it? If we know what's happening, we can make sure it doesn't happen again.

Link to comment
Share on other sites

I misspoke in regard to EAM having an update "in the wind". It did, however, reinstall... but I realized that was my fault; it was still turned on in Kabuto. So when it synced it wasn't there and it reinstalled. 

Bottom line is that the problem was the eppdisk setting in the registry. the version of EAM installed had been 2017.2  As to having a copy/export of the registry for comparison, I do not.

I am however gun-shy at this point, and irregardless of the system, I'm checking the registry first before performing any uninstalls!

Thanks for the help!

Link to comment
Share on other sites

Hello GT500,

I run in the same shit problem today, but have seen more problems. 

In this days I run win 10 1803 updates from 1703 in the company on many computers.

One Notebook makes big problems with update to 1803, it stops with 0xC1900101 - 0x4000D in the second_boot phase , have test it 5 times. So looked in Microsoft Dokumentation and first try all driver updates, it seams to be a driver problem .... gpu,chip,wlan, ... nothing helps ... so 2 Days later have time to look into it i have debug the setupmem and what i see in that the a2service make the problem !

So I think unistall eam and all is good, but then BSOD on restart 0xc0000001 ...... first i think the boot uefi is broken have delete and repair it ... but the i think look in the forum here and bäm  this works ..

Have put the ssd on a second computer edit the reg File and delete "eppdisk" and all runs fine now  :-)) 

 

So some Screenshots an a reg export for you

 

regards

christian

imageproxy.php?img=&key=b42a2553258c1fc4imageproxy.php?img=&key=b42a2553258c1fc4

Foto 21.06.18, 15 11 22.jpg

Foto 26.06.18, 11 49 44.jpg

Foto 25.06.18, 16 57 06.jpg

all class.reg

export.reg

Link to comment
Share on other sites

I was able to fix this issue by doing it with this website : https://helpdesk.emsisoft.com/en-us/article/150-how-do-i-completely-uninstall-an-emsisoft-product

 

TLDR :

Run Computer in Safe Mode

Log on as Admin account

Stop services for emsisoft

Check Task manager for any applications with Emisoft

Remove application with advanced uninstaller pro

Link to comment
Share on other sites

5 hours ago, Ryan Foy said:

Remove application with advanced uninstaller pro

Do not use a third-party uninstall tool to remove Emsisoft Anti-Malware. Either use the uninstaller that comes with Emsisoft Anti-Malware, or use the copy of EmsiClean that is in the Emsisoft Anti-Malware folder. We use a disk filter driver that will not be removed properly by third-party uninstall utilities, and if the driver file is missing but the entry remains in UpperFilters in the registry to load it, then Windows will BSoD on startup.

Besides, it's dangerous to allow a tool to search the registry and delete anything that matches a certain string without first knowing what is being deleted and understanding whether or not it needs to be deleted.

 

11 hours ago, Zwergenmeister said:

So some Screenshots an a reg export for you

Thank you. I'll pass this on to QA.

Link to comment
Share on other sites

  • 3 weeks later...

I seem to have the same issue as the original poster. I uninstalled Emsisoft from control panel, it asked for a reboot and on startup I get stop 7b. I followed the instructions for editing the registry off line and I did have epp listed under disks however after removing it from the key and rebooting the error persists. Any help would be greatly appreciated as this client has been without their business computer for a day now all because I had to uninstall Emsisoft.

Link to comment
Share on other sites

Go back into the registry as directed earlier and double check that the entry isn't in again. I had made the mistake of forgetting to turn off the entry in Kabuto that wound up reinstalling Emsisoft immediately,. Also, check that the epp listing isn't in "ControlSet001 or 002 as well. I'm not sure if those are active keys, but I made sure the entries had been removed from there as well.

Link to comment
Share on other sites

2 hours ago, daniep said:

I seem to have the same issue as the original poster. I uninstalled Emsisoft from control panel, it asked for a reboot and on startup I get stop 7b. I followed the instructions for editing the registry off line and I did have epp listed under disks however after removing it from the key and rebooting the error persists. Any help would be greatly appreciated as this client has been without their business computer for a day now all because I had to uninstall Emsisoft.

Can you get us an export of the registry key in question?

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...