[SOLVED] SFC & SFCFix.exe cannot fix all corrupt files; System Restore not working - Windows 7 Pro 64 bit

WARNING! The following fix is specific to the user's system in this thread only. No one else should follow these instructions, as it could damage your system.
  • Download the attachment SFCFixScript.txt and save it on your desktop.
  • Save any work you have open, and close all programs.
  • Drag the SFCFixScript.txt file over the SFCFix.exe executable and release it.
    1p8eDnI.gif
  • SFCFix will launch, let it complete.
  • Once done, a file will appear on your desktop, called SFCFix.txt.
  • Open the file, then copy and paste its content in your next reply.
 

Attachments

SFCFix version 3.0.2.1 by niemiro.
Start time: 2020-05-12 19:15:58.165
Microsoft Windows 7 Service Pack 1 - amd64
Using .txt script file at C:\Users\1st Church\Desktop\SFCFixScript.txt [0]




RegistryExport::
Successfully exported registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EventSystem.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EventSystem]
"DisplayName"="@comres.dll,-2450"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
00,65,00,00,00
"Description"="@comres.dll,-2451"
"ObjectName"="NT AUTHORITY\\LocalService"
"ErrorControl"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000020
"DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\
00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\
00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
00,00,00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,e8,03,00,00,01,00,00,00,88,13,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EventSystem\Parameters]
"ServiceDll"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnLoadOnStop"=dword:00000001

Datablocks: O:BAD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;CIIOID;GA;;;CO)
RegistryExport:: directive completed successfully.




Successfully processed all directives.
SFCFix version 3.0.2.1 by niemiro has completed.
Currently storing 25 datablocks.
Finish time: 2020-05-12 19:15:58.395
Script hash: JkuEiFxshdu4TQqdmqx3IbVvH0UecIoRhdD+L3Lw2Rk=
----------------------EOF-----------------------
 
That export looks good.
Follow the instructions below please.

WARNING! The following fix is specific to the user's system in this thread only. No one else should follow these instructions, as it could damage your system.
  • Download the attachment SFCFixScript.txt and save it on your desktop.
  • Save any work you have open, and close all programs.
  • Drag the SFCFixScript.txt file over the SFCFix.exe executable and release it.
    1p8eDnI.gif
  • SFCFix will launch, let it complete.
  • Once done, a file will appear on your desktop, called SFCFix.txt.
  • Open the file, then copy and paste its content in your next reply.
 

Attachments

SFCFix version 3.0.2.1 by niemiro.
Start time: 2020-05-13 08:01:16.764
Microsoft Windows 7 Service Pack 1 - amd64
Using .txt script file at C:\Users\1st Church\Desktop\SFCFixScript.txt [0]




RegistryExport::
Successfully exported registry key HKEY_LOCAL_MACHINE\Software\Microsoft\EventSystem.

[HKEY_LOCAL_MACHINE\Software\Microsoft\EventSystem]
"Configured"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\EventSystem\Eventlog]
"SuppressDuplicateDuration"=dword:00015180

[HKEY_LOCAL_MACHINE\Software\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses]

[HKEY_LOCAL_MACHINE\Software\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{BB07BACD-CD56-4e63-A8FF-CBF0355FB9F4}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}]
"Active"=dword:00000001
"AllowInprocActivation"=dword:00000000
"Description"="Subscribe to this event class to receive object change notifications."
"EventClassApplicationID"="{00000000-0000-0000-0000-000000000000}"
"EventClassID"="{BB07BACD-CD56-4e63-A8FF-CBF0355FB9F4}"
"EventClassName"="EventSystem.EventObjectChange2"
"EventClassPartitionID"="{00000000-0000-0000-0000-000000000000}"
"FireInParallel"=dword:ffffffff
"FiringInterfaceIID"="{7701A9C3-BD68-438f-83E0-67BF4F53A422}"
"OwnerSID"="S-1-5-18"
"PublisherID"="{BB07BACD-CD56-4e63-A8FF-CBF0355FB9F4}"
"TypeLib"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,65,\
00,73,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{D0565000-9DF4-11D1-A281-00C04FCA0AA7}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}]
"Active"=dword:00000001
"AllowInprocActivation"=dword:00000000
"Description"="Subscribe to this event class to receive object change notifications"
"EventClassApplicationID"="{00000000-0000-0000-0000-000000000000}"
"EventClassID"="{D0565000-9DF4-11D1-A281-00C04FCA0AA7}"
"EventClassName"="EventSystem.EventObjectChange"
"EventClassPartitionID"="{00000000-0000-0000-0000-000000000000}"
"FireInParallel"=dword:ffffffff
"FiringInterfaceIID"="{F4A07D70-2E25-11D1-9964-00C04FBBB345}"
"OwnerSID"="S-1-5-18"
"PublisherID"="{D0564C30-9DF4-11D1-A281-00C04FCA0AA7}"
"TypeLib"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,65,\
00,73,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{D5978620-5B9F-11D1-8DD2-00AA004ABD5E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}]
"Active"=dword:00000001
"EventClassID"="{D5978620-5B9F-11D1-8DD2-00AA004ABD5E}"
"EventClassName"="SENS Network Events"
"OwnerSID"="S-1-5-18"
"FiringInterfaceIID"="{D597BAB1-5B9F-11D1-8DD2-00AA004ABD5E}"
"AllowInprocActivation"=dword:ffffffff
"FireInParallel"=dword:00000000
"EventClassPartitionID"="{00000000-0000-0000-0000-000000000000}"
"EventClassApplicationID"="{00000000-0000-0000-0000-000000000000}"

[HKEY_LOCAL_MACHINE\Software\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{D5978630-5B9F-11D1-8DD2-00AA004ABD5E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}]
"Active"=dword:00000001
"EventClassID"="{D5978630-5B9F-11D1-8DD2-00AA004ABD5E}"
"EventClassName"="SENS Logon Events"
"OwnerSID"="S-1-5-18"
"FiringInterfaceIID"="{D597BAB3-5B9F-11D1-8DD2-00AA004ABD5E}"
"AllowInprocActivation"=dword:ffffffff
"FireInParallel"=dword:00000000
"EventClassPartitionID"="{00000000-0000-0000-0000-000000000000}"
"EventClassApplicationID"="{00000000-0000-0000-0000-000000000000}"
"SerialFiringTimeout"=dword:0002bf20

[HKEY_LOCAL_MACHINE\Software\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{D5978640-5B9F-11D1-8DD2-00AA004ABD5E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}]
"Active"=dword:00000001
"EventClassID"="{D5978640-5B9F-11D1-8DD2-00AA004ABD5E}"
"EventClassName"="SENS OnNow Events"
"OwnerSID"="S-1-5-18"
"FiringInterfaceIID"="{D597BAB2-5B9F-11D1-8DD2-00AA004ABD5E}"
"AllowInprocActivation"=dword:ffffffff
"FireInParallel"=dword:00000000
"EventClassPartitionID"="{00000000-0000-0000-0000-000000000000}"
"EventClassApplicationID"="{00000000-0000-0000-0000-000000000000}"

[HKEY_LOCAL_MACHINE\Software\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{D5978650-5B9F-11D1-8DD2-00AA004ABD5E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}]
"Active"=dword:00000001
"EventClassID"="{D5978650-5B9F-11D1-8DD2-00AA004ABD5E}"
"EventClassName"="SENS Logon2 Events"
"OwnerSID"="S-1-5-18"
"FiringInterfaceIID"="{D597BAB4-5B9F-11D1-8DD2-00AA004ABD5E}"
"AllowInprocActivation"=dword:ffffffff
"FireInParallel"=dword:00000000
"EventClassPartitionID"="{00000000-0000-0000-0000-000000000000}"
"EventClassApplicationID"="{00000000-0000-0000-0000-000000000000}"
"SerialFiringTimeout"=dword:0002bf20

[HKEY_LOCAL_MACHINE\Software\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{ECABB0C3-7F19-11D2-978E-0000F8757E2A}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}]
"Active"=dword:00000001
"AllowInprocActivation"=dword:ffffffff
"EventClassID"="{ECABB0C3-7F19-11D2-978E-0000F8757E2A}"
"EventClassName"="ComEvents.ComServiceEvents"
"FireInParallel"=dword:00000000
"EventClassPartitionID"="{00000000-0000-0000-0000-000000000000}"
"EventClassApplicationID"="{00000000-0000-0000-0000-000000000000}"
"OwnerSID"="S-1-5-18"
"Typelib"=hex(2):25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,00,5c,00,73,00,\
79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,00,6f,00,6d,00,73,00,76,\
00,63,00,73,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{ECABB0C6-7F19-11D2-978E-0000F8757E2A}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}]
"Active"=dword:00000001
"AllowInprocActivation"=dword:ffffffff
"EventClassID"="{ECABB0C6-7F19-11D2-978E-0000F8757E2A}"
"EventClassName"="ComEvents.ComSystemAppEventData"
"FireInParallel"=dword:00000000
"EventClassPartitionID"="{00000000-0000-0000-0000-000000000000}"
"EventClassApplicationID"="{00000000-0000-0000-0000-000000000000}"
"OwnerSID"="S-1-5-18"
"Typelib"=hex(2):25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,00,5c,00,73,00,\
79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,00,6f,00,6d,00,73,00,76,\
00,63,00,73,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{FAF53CC4-BD73-4E36-83F1-2B23F46E513E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}]
"Active"=dword:00000001
"EventClassID"="{FAF53CC4-BD73-4E36-83F1-2B23F46E513E}"
"EventClassName"="VssEvent"
"OwnerSID"="S-1-5-18"
"TypeLib"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,45,\
00,56,00,45,00,4e,00,54,00,43,00,4c,00,53,00,2e,00,44,00,4c,00,4c,00,00,00
"AllowInprocActivation"=dword:ffffffff
"FireInParallel"=dword:00000000
"EventClassPartitionID"="{00000000-0000-0000-0000-000000000000}"
"EventClassApplicationID"="{00000000-0000-0000-0000-000000000000}"

Datablocks: O:BAD:PAI(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;S-1-5-80-1772571935-1555666882-3369284645-1675012128-2386634627)(A;CI;KR;;;BU)
RegistryExport:: directive completed successfully.




Successfully processed all directives.
SFCFix version 3.0.2.1 by niemiro has completed.
Currently storing 25 datablocks.
Finish time: 2020-05-13 08:01:16.934
Script hash: MxJ9MQtZ3xI1xH1uj1BVqJUJ/5vzorBGxJMpQb7i/UM=
----------------------EOF-----------------------
 
Warning: This script was written specifically for this user, for use on that particular machine. Do not run this script on another machine.
  1. Download the attachment fixlist.txt and save it to your desktop.
  2. Right-click on FRST64.exe and select "Run as administrator".
  3. Press the Fix button.
  4. The tool will now process fixlist.txt.
  5. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  6. When finished, a log called Fixlog.txt will appear in the same directory the tool is run from.
  7. Post the logfile Fixlog.txt as attachment in your next reply.
 

Attachments

Peter, upon launching FRST64.exe it went into an endless loop of the program screen and an updating screen. I tried to end the program with Task Manager, that didn't work. I restarted the computer then ran FRST64.exe without any problem.
 

Attachments

Check system restore and report the result.
 
Same Error
 

Attachments

  • _System Restore Point Error - 2020-05-13 11_34 AM.JPG
    _System Restore Point Error - 2020-05-13 11_34 AM.JPG
    79 KB · Views: 2
Are you able to get a list of available system restore points ?
 
No.... there are no restore points
 

Attachments

  • _No Restore Points.JPG
    _No Restore Points.JPG
    132.1 KB · Views: 1
Run Windows Repairs
  1. Download
    51a76de01d28c-Icon_Windows_Repair_All_in_One.png
    Windows Repair (All-in-One) Portable to your desktop.
  2. Once the file is downloaded, right-click on the file on your desktop and choose Extract All...
  3. Keep the defaults and click the Extract button.
  4. A folder named tweaking.com_windows_repair_aio will be extracted to the desktop. Once the extraction is complete the folder will open.
  5. Inside this folder, there is a folder named Tweaking.com - Windows Repair. Open this folder as well.
  6. Note: Please make sure all of your programs are closed and anything you were working on is saved as we will be rebooting.
  7. Double-click on Repair_Windows.exe to open.
  8. When the program opens, click the Reboot to Safe Mode button at the bottom of the screen. Answer Yes to allow.
  9. Once rebooted into Safe Mode, open the program again. When the program opens, click the Repairs tab and click the Open Repairs button.
  10. A backup of your registry will be made. After a few moments you will have many options from which you can choose.
  11. Please click the Unselect All button and then click to enable only the following ones:

    01 - Reset Registry Permissions
    02 - Reset File Permissions
    03 - Reset Service Permissions
    04 - Register System Files
    10 - Remove policies Set By Infections
    18 - Repair Volume Shadow Copy Providers
  12. Ensure the Restart/Shutdown System check box is selected and click the Start Repairs button in the lower right of the screen. This may take some time to run so be patient.
  13. Once the fixes are complete you will be prompted to restart your machine. Answer Yes.
 
Peter, At step 7 a window opens saying its checking that the files needed to run are present. The progress bar moves all the way from left to right with no notifications. That window closes and nothing else happens. Tried this twice and once as run as administrator.
 
Restart the machine and try again.
 
Peter, I restarted the machine, same results - the verifying files window opens, runs, and nothing else happens. I downloaded the portable version from bleepingcomputer, same results. I downloaded the full version from bleepingcomputer - I was able to install it on the current account and the built in administrator account - when I ran it in either account - same verify files window runs then nothiing. After that when I restart the system there quickly appears two windows one after the other saying something like a program was not able to run or execute correctly.
 
Weird, the program is verifying its own files. Did you wait long enough, a few minutes ?
Maybe the bad drive is causing this.
Please perform a full system scan with your uptodate antivirus program also.
 
Peter, here's a list of what I've done....

1) ran Microsoft Security Essentials (although we didn't pay for ongoing Win 7 support this machine continues to be notified of and is able to install updates to Security Essentials - everything was up to date). It ran for 8 hours and reported the following 2 problems, both of which were removed: a) Browser Modifer:Win 32/Xeelyak, and, b) Program:Win 32/Vigram.A. When this was done I rebooted the PC.

2) Ran Malware Bytes which found no infections

3) Was unable to create restore point.

4) Tried many times and at different points along the way to run Windows Repair - from within a regular start and from within a Safe Mode start - running the program after it was installed on the hard drive and from a USB drive - the program would finish verifying it's files and nothing else would happen. At one point I left the machine like this overnight but Windows Repair didn't start up.

5) ran chkdsk /r - it found no errors

6) tried another utility "FixWin" to repair system restore - it reported that it ran. I restarted the system but was still not able to create a restore point - the error being the same VSS issue

7) ran sfc /scannow from an elevated command prompt - it reported no integrity violations

Tony
 
Warning: This script was written specifically for this user, for use on that particular machine. Do not run this script on another machine.
  1. Download the attachment fixlist.txt and save it to your desktop.
  2. Right-click on FRST64.exe and select "Run as administrator".
  3. Press the Fix button.
  4. The tool will now process fixlist.txt.
  5. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  6. When finished, a log called Fixlog.txt will appear in the same directory the tool is run from.
  7. Post the logfile Fixlog.txt as attachment in your next reply.
 

Attachments

I got some advice about the system restore issue and the outcome is your bad disc needs to be replaced.
 
Peter, thanks for all your help with this. We started by recovering some files that Windows scf and scffix.exe could not. You worked a long time trying to get System Recovery working as I try to stretch this Windows 7 machine beyond how long Microsoft wants it to run. There are many hands using this laptop, so I'm not sure when the problem started - we'll be extra diligent to back up all our files as we work week to week. Made a donation to sysnative with mention of the work you did for us - Thanks again.
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top