[SOLVED] SFC corruption

Hello Klepton

Klepton said:

Unfortunately, both updates failed when I tried to install them.
Click to expand...

This is because the script failed due to some issues in your registry. We will need to figure out where it starts, so we will do a manual registry verification

Manual Registry Verification
1. Click the Start button.
2. Type regedit.exe in the search box.
3. Right-click on regedit.exe that shows up in the search results and select Run as administrator. Answer Yes to the UAC prompt if it appears
4. The registry will open showing two panes. The left side where we can navigate through a the right side which will show the values and data. In the middle is a vertical scroll bar.
5. Scroll all the way to the top of the screen. You will see some main keys shown which have either white or black triangles to the left of them. Click all of the black triangles to collapse the tree view. All the triangles will be white and it will look similar to the following.
Pic.JPG

6. Click the white triangle to the left of HKEY_LOCAL_MACHINE. The key will expand to show many subkeys.
7. Locate SOFTWARE and click the triangle to the left of this one to expand.
8. Scroll down to find Classes and do the same to expand.
9. Scroll down to find CLSID and repeat to expand.
10. Locate {CB2F6723-AB3A-11d2-9C40-00C04FA30A3E} by copying {CB2F6723-AB3A-11d2-9C40-00C04FA30A3E} and going to Edit > Find... and pasting it at Find What, and then clicking Find Next
11. When the key is found, click the triangle next to InprocServer32 to expand.
12. The click the mouse on the key that is named 4.0.30319.

Let me know how far you can get while doing this and if you get any errors. It's important to know exactly which step from above caused the error as well. Thanks.

-CKing
 
Hello CKing,
I followed the Manual Registry Verification instructions exactly as given and received a Error Opening Key pop-up window during step 10. which stated the following:

"{CB2F6723-AB3A-11d2-9C40-00C04FA30A3E} cannot be opened.
An error is preventing this key from being opened.
Details: The system cannot find the file specified."

However, I do see the subkey under HKEY_LOCAL_MACHINE->SOFTWARE->Classes->CLSID. It does not have a triangle to the left of it and I can't click on it. I see lots of other subkeys like this and if I try to click on them I get the same error as above.
 
Hello Klepton

To repair your SOFTWARE hive, we you to upload your SOFTWARE Hive in a PM because it contains sensitive information

Step#1 - Retrieve Software Hive
Note: The Software have has confidential and sensitive information in it so please send me a PM with a link to the hive so it's not in the public form.

  • Please download the Freeware RegBak from here: Acelogix Software - Download products
    You will find it at the bottom of the page that the link brings you to.
  • Go ahead and install this program and accept all the defaults. After the last install screen the program should open.
  • Click the New Backup button. Accept the defaults and simply click Start.
  • When it says Finished successfully, click the Close button.
  • This will bring you back to the main screen of the program. You will see one entry in this list with the date that you did it. Right-click on this line-item and select Explore Backup...
  • This will bring you into the folder where the backup was made. You should see a Users folder and a Windows folder along with a couple other files. Double-click on the Windows folder to open it. Then open the System32 folder and then config folder. You should see around 6 files in here, one of which is named SOFTWARE.
  • Copy this file to your Desktop.
  • Now right click on this file on your desktop and select Send to > Compressed (zipped) folder.
  • Then please upload the zip file(s) to your favourite file sharing website (it will be too big to upload here). Examples of services to upload to are Dropbox or One Drive or SendSpace and then just PM me your link.
  • You can close any open windows you have as well as the RegBack program now.

-CKing
 
Hello CKing,
Ok, I've run RegBak as instructed and have sent you the link to the SOFTWARE.zip file via a PM.
 
Hello Klepton

We were able to access the SOFTWARE hive and the key without any issue

So, we will boot your computer into Clean Boot and do the Manual Verification again to see if another program wasn't interfering

Boot into Clean Mode by going to this page and then scrolling down to Windows 7 and Windows Vista under How to perform a clean boot

Manual Registry Verification
1. Click the Start button.
2. Type regedit.exe in the search box.
3. Right-click on regedit.exe that shows up in the search results and select Run as administrator. Answer Yes to the UAC prompt if it appears
4. The registry will open showing two panes. The left side where we can navigate through a the right side which will show the values and data. In the middle is a vertical scroll bar.
5. Scroll all the way to the top of the screen if it isn't there already. You will see some main keys shown which have either white or black triangles to the left of them. Click all of the black triangles to collapse the tree view. All the triangles will be white and it will look similar to the way it did before.
Pic.JPG
6. Click the white triangle to the left of HKEY_LOCAL_MACHINE. The key will expand to show many subkeys.
7. Locate SOFTWARE and click the triangle to the left of this one to expand.
8. Scroll down to find Classes and do the same to expand.
9. Scroll down to find CLSID and repeat to expand.
10. Locate {CB2F6723-AB3A-11d2-9C40-00C04FA30A3E} and repeat to expand. An easy way to do this would be to click on the CLSID key and then select find from the edit menu and paste in the text to search for. Click Find Next.
11. When the key is found, click the triangle next to InprocServer32 to expand.
12. The click the mouse on the key that is named 4.0.30319.

Again, let me know how far you can get while doing this and if you get any errors.

After you have completed this, you could go back to Normal Boot by following the WIndows 7 and Windows Vista instructions on this page under How to reset the computer to start normally after clean boot troubleshooting

-CKing
 
Hello CKing,
Ok, I did a Clean Boot and followed the Manual Registry Verification instructions again. Unfortunately, I ran into the exact same error during the same step as previously.
 
Thanks!

Boot into Clean Mode again, and we will use Process Monitor trace to see what is interfering with the .NET framework

Capture Process Monitor Trace
1. Download and run Process Monitor. Leave this running while you perform the next steps.
2. Do the Manual Registry Verification again
CKing123 said:
Manual Registry Verification
1. Click the Start button.
2. Type regedit.exe in the search box.
3. Right-click on regedit.exe that shows up in the search results and select Run as administrator. Answer Yes to the UAC prompt if it appears
4. The registry will open showing two panes. The left side where we can navigate through a the right side which will show the values and data. In the middle is a vertical scroll bar.
5. Scroll all the way to the top of the screen if it isn't there already. You will see some main keys shown which have either white or black triangles to the left of them. Click all of the black triangles to collapse the tree view. All the triangles will be white and it will look similar to the way it did before.
6. Click the white triangle to the left of HKEY_LOCAL_MACHINE. The key will expand to show many subkeys.
7. Locate SOFTWARE and click the triangle to the left of this one to expand.
8. Scroll down to find Classes and do the same to expand.
9. Scroll down to find CLSID and repeat to expand.
10. Locate {CB2F6723-AB3A-11d2-9C40-00C04FA30A3E} and repeat to expand. An easy way to do this would be to click on the CLSID key and then select find from the edit menu and paste in the text to search for. Click Find Next.
11. When the key is found, click the triangle next to InprocServer32 to expand.
12. The click the mouse on the key that is named 4.0.30319.

Again, let me know how far you can get while doing this and if you get any errors.
Click to expand...
3. Stop Process Monitor. You can simply do this by clicking the magnifying glass on the toolbar as shown below.
11908d1430506241-windows-updates-fail-repeatedly-stop-jpg




4. Select the File menu...Save... and save the file to your desktop. This is likely the default location. The name (unless changed) will be LogFile.PML. This is fine.
5. Zip up and attach the LogFile.PML file as well as your CBS.log.

If you want, you can boot into Normal Boot again

-CKing
 
I was actually still on Clean Boot Mode from previously, but I went ahead and followed the instructions to how to perform a clean boot again.

I downloaded and ran the Process Monitor program. Then when I tried to expand the {CB2F6723-AB3A-11d2-9C40-00C04FA30A3E subkey I ran into the same error as the previous two times.

The files are too big to attach, even when compressed. Therefore, I uploaded them to my Dropbox account. The following are the links to the Logfile.PML and CBS.log files:

Dropbox - Logfile.zip
Dropbox - cbs.zip
 
Hello Klepton

Sorry for the delay

When will you be next online? Include the TimeZone as well

Here is the plan:

  1. We will be online on the same time
  2. We will have the Windows Update service turned off, and you will send the SOFTWARE hive again in PM
  3. I will modify it and send it back to you
  4. Then, we fix the SOFTWARE hive, and send it back to you
  5. We will have the SOFTWARE hive be replaced, followed by the manual verification again

Any questions? I will send you the instructions for all of these steps

-CKing
 
Hello CKing,
I can be online as soon as you are next online. I will be monitoring this in the meantime, so just let me know...
 
I will be offline for today in the next couple of hours, so it will have to be before 6pm CST Wednesday (tomorrow); before 6PM CST or after 8:30pm CST Thursday; or any time on Friday. Let me know when you can be online during those times.
 
I will be available on 8:30 CST (6:30 PST) on Thursday

On that day, we want to minimize changes to the SOFTWARE hive

Boot into Clean Boot (just to reduce the changes in SOFTWARE hive)

Then, we need to turn off the Windows Update service

Turning Off Windows Update service
1. Right-click on the Start
w8start.png
button and select Command Prompt (Admin)
2. When command prompt opens, Copy (Ctrl+C) and Paste (Right-click > Paste) the following command into it, then press Enter
Code: 
net stop wuauserv

This will keep the windows update service off while we work on fixing the SOFTWARE hive

-CKing
 
Ok, I am still in Clean Boot mode from previously. Also, I just stopped the Windows Update service in preparation for tomorrow.
 
Hello Klepton

To repair your SOFTWARE hive, we you to upload your SOFTWARE Hive in a PM again

Retrieve Software Hive
Note: The Software have has confidential and sensitive information in it so please send me a PM with a link to the hive so it's not in the public form.

  • Open RegBack again
  • Click the New Backup button. Accept the defaults and simply click Start.
  • When it says Finished successfully, click the Close button.
  • This will bring you back to the main screen of the program. You will see two entry in this list with the dates that you did it. Right-click on the latest date line-item and select Explore Backup...
  • This will bring you into the folder where the backup was made. You should see a Users folder and a Windows folder along with a couple other files. Double-click on the Windows folder to open it. Then open the System32 folder and then config folder. You should see around 6 files in here, one of which is named SOFTWARE.
  • Copy this file to your Desktop.
  • Now right click on this file on your desktop and select Send to > Compressed (zipped) folder.
  • Then please upload the zip file(s) to your favourite file sharing website (it will be too big to upload here). Examples of services to upload to are Dropbox or One Drive or SendSpace and then just PM me your link.
  • You can close any open windows you have as well as the RegBack program now.

-CKing
 
Time to repair the SOFTWARE hive

SOFTWARE Hive Replacement with RegBak
Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.


  1. Close all open programs and save all your work. You will need to reboot the machine during this process.
  2. Download the SOFTWARE.ZIP from the PM I sent you
  3. Right-click on SOFTWARE.ZIP and select Extract All... Ensure the "Show extracted files when complete" checkbox is checked and click the Extract button.
  4. The software hive will be extracted. You will see the file named SOFTWARE (no extension)
  5. Copy the SOFTWARE hive to where you previously saved a backup. It should be (C:\Windows\RegBak\PC-NAME\DATE\Windows\System32\Config)
  6. 2014-10-1818_56_49-config_zpscbb8aad0.png
  7. Overwrite the one that is currently there when prompted.
  8. Open RegBak by Click Start and selecting Registry Backup and Restore. Highlight the backup in the list (it should be the one date today), and press Restore. Click Start. RegBak will reboot your computer to complete the restore process.
Let me know if the hive was replaced or if there were any errors

-CKing
 
Ok, I followed the SOFTWARE Hive Replacement with RegBak instructions you provided and I didn't receive any errors.
 
Try the manual verification again

CKing123 said:
Hello Klepton

Manual Registry Verification
1. Click the Start button.
2. Type regedit.exe in the search box.
3. Right-click on regedit.exe that shows up in the search results and select Run as administrator. Answer Yes to the UAC prompt if it appears
4. The registry will open showing two panes. The left side where we can navigate through a the right side which will show the values and data. In the middle is a vertical scroll bar.
5. Scroll all the way to the top of the screen. You will see some main keys shown which have either white or black triangles to the left of them. Click all of the black triangles to collapse the tree view. All the triangles will be white and it will look similar to the following.

6. Click the white triangle to the left of HKEY_LOCAL_MACHINE. The key will expand to show many subkeys.
7. Locate SOFTWARE and click the triangle to the left of this one to expand.
8. Scroll down to find Classes and do the same to expand.
9. Scroll down to find CLSID and repeat to expand.
10. Locate {CB2F6723-AB3A-11d2-9C40-00C04FA30A3E} by copying {CB2F6723-AB3A-11d2-9C40-00C04FA30A3E} and going to Edit > Find... and pasting it at Find What, and then clicking Find Next
11. When the key is found, click the triangle next to InprocServer32 to expand.
12. The click the mouse on the key that is named 4.0.30319.

Let me know how far you can get while doing this and if you get any errors. It's important to know exactly which step from above caused the error as well. Thanks.

-CKing
Click to expand...

-CKing
 
Ok, now we're getting somewhere. I was able to successfully get through Step 12. with no errors. What do I do once I click on the 4.0.30319 key? What am I verifying and how?
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top