SFCFIX : Some corruptions could not be fixed automatically

Please do following first.

Step 1:
Warning: This script was written specifically for this user, for use on that particular machine. Do not run this script on another machine.
  1. Download the attachment fixlist.txt and save it to your desktop.
  2. Right-click on FRST64.exe and select "Run as administrator".
  3. Press the Fix button.
  4. The tool will now process fixlist.txt.
  5. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  6. When finished, a log called Fixlog.txt will appear in the same directory the tool is run from.
  7. Attach the logfile Fixlog.txt to your next reply.

Step 2:
Restart the machine.
Perform the instructions in message #31 again.
 

Attachments

Ran the fixlist.txt, restarted. Ran the sfcfix (.txt below)




SFCFix version 3.0.2.1 by niemiro.
Start time: 2022-10-02 15:45:02.265
Microsoft Windows 8.1 Update 3 - amd64
Using .txt script file at C:\Users\Admin\Desktop\SFCFixScript.txt [3]



FileScan::
[0: 1] C:\Windows\WinSxS\amd64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_6.3.9600.17415_none_0b30df96304ee82e\sdiagnhost.exe
Expected: UNKNOWN Found: DVGVKuh3ceJlQR89WM5OPNKJSWnFWRLxqdUILyzqnA0=
Expected: 6.3.9600.17415 Found: Version number not available.
Successfully traced component amd64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_6.3.9600.17415_none_0b30df96304ee82e.
Package_873_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-2600_neutral_GDR4



[1: 1] C:\Windows\WinSxS\wow64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_6.3.9600.17415_none_158589e864afaa29\sdiagnhost.exe
Expected: UNKNOWN Found: XgtCaDuUIw2Ezid74EETbdSVZcc1lqOhRVIZnmJdxoY=
Expected: 6.3.9600.17415 Found: Version number not available.
Successfully traced component wow64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_6.3.9600.17415_none_158589e864afaa29.
Package_1610_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-4807_neutral_GDR4
FileScan:: directive completed successfully.




Successfully processed all directives.
SFCFix version 3.0.2.1 by niemiro has completed.
Currently storing 20 datablocks.
Finish time: 2022-10-02 15:45:12.949
Script hash: WmsdklPkWkc8pld34MsK0GqhpTKLFfHYYCjaido/J6k=
----------------------EOF-----------------------
 

Attachments

Step 1:
Warning: This script was written specifically for this user, for use on that particular machine. Do not run this script on another machine.
  1. Download the attachment fixlist.txt and save it to your desktop.
  2. Right-click on FRST64.exe and select "Run as administrator".
  3. Press the Fix button.
  4. The tool will now process fixlist.txt.
  5. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  6. When finished, a log called Fixlog.txt will appear in the same directory the tool is run from.
  7. Attach the logfile Fixlog.txt to your next reply.

Step 2:
Restart the machine.
Perform the instructions in message #31 again.
 

Attachments

Been through the process again. Desktop has restarted. SFCFix.txt is below. Fixlog is attached. In over 90 minutes there's not been any popups. This might however be due to what i've seen in the Event viewer.




2 new errors are appearing in event viewer but neither are causing popups to appear.

(from Setup log):
Windows update could not be uninstalled because of error 2359303 "" (Command line: "wusa /uninstall /KB:5014738")

(from System log):
Unable to start a DCOM Server: {8086EBD4-43E3-4B19-BEB3-F0EA4ECF319C}. The error:
"2"
Happened while starting this command:
C:\WINDOWS\System32\sdiagnhost.exe -Embedding


Neither errors seem to be causing any Windows issues however, except for the Troubleshooter which won't run (i know this will be linked to sdiagnhost).



SFCFix version 3.0.2.1 by niemiro.
Start time: 2022-10-02 21:44:43.990
Microsoft Windows 8.1 Update 3 - amd64
Using .txt script file at C:\Users\Admin\Desktop\SFCFixScript.txt [4]




FileScan::
[0: 2] C:\Windows\WinSxS\amd64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_6.3.9600.17415_none_0b30df96304ee82e\sdiagnhost.exe
Expected: UNKNOWN Found: DVGVKuh3ceJlQR89WM5OPNKJSWnFWRLxqdUILyzqnA0=
Expected: 6.3.9600.17415 Found: Version number not available.
Successfully traced component amd64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_6.3.9600.17415_none_0b30df96304ee82e.
Package_873_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-2600_neutral_GDR4

[C:\Windows\System32\sdiagnhost.exe]


[1: 2] C:\Windows\WinSxS\wow64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_6.3.9600.17415_none_158589e864afaa29\sdiagnhost.exe
Expected: UNKNOWN Found: XgtCaDuUIw2Ezid74EETbdSVZcc1lqOhRVIZnmJdxoY=
Expected: 6.3.9600.17415 Found: Version number not available.
Successfully traced component wow64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_6.3.9600.17415_none_158589e864afaa29.
Package_1610_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-4807_neutral_GDR4

[C:\Windows\SysWOW64\sdiagnhost.exe]
FileScan:: directive completed successfully.




Successfully processed all directives.
SFCFix version 3.0.2.1 by niemiro has completed.
Currently storing 20 datablocks.
Finish time: 2022-10-02 21:44:54.344
Script hash: WmsdklPkWkc8pld34MsK0GqhpTKLFfHYYCjaido/J6k=
----------------------EOF-----------------------
 

Attachments

WARNING! The following fix is specific to the user's system in this thread only. No one else should follow these instructions, as it could damage your system.
  • Download the attachment SFCFix.zip and save it on your desktop.
  • Save any work you have open, and close all programs.
  • Drag the SFCFix.zip file over the SFCFix.exe executable and release it.
    1p8eDnI.gif
  • SFCFix will launch, let it complete.
  • Once done, a file will appear on your desktop, called SFCFix.txt.
  • Open the file, then copy and paste its content in your next reply.
 

Attachments

Is it suggested i restart the system? I've not been prompted to.



SFCFix version 3.0.2.1 by niemiro.
Start time: 2022-10-04 22:39:31.346
Microsoft Windows 8.1 Update 3 - amd64
Using .zip script file at C:\Users\Admin\Desktop\SFCFix.zip [0]




PowerCopy::
Successfully took permissions for file or folder C:\WINDOWS\winsxs\Manifests

Successfully created directory tree \\?\C:\WINDOWS\winsxs\Manifests\wow64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_6.3.9600.17415_none_158589e864afaa29.
Successfully created directory tree \\?\C:\WINDOWS\winsxs\Manifests\amd64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_6.3.9600.17415_none_0b30df96304ee82e.

Successfully copied file C:\Users\Admin\AppData\Local\niemiro\Archive\wow64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_6.3.9600.17415_none_158589e864afaa29\sdiagnhost.exe to C:\WINDOWS\winsxs\Manifests\wow64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_6.3.9600.17415_none_158589e864afaa29\sdiagnhost.exe.
Successfully copied file C:\Users\Admin\AppData\Local\niemiro\Archive\amd64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_6.3.9600.17415_none_0b30df96304ee82e\sdiagnhost.exe to C:\WINDOWS\winsxs\Manifests\amd64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_6.3.9600.17415_none_0b30df96304ee82e\sdiagnhost.exe.

Successfully restored ownership for C:\WINDOWS\winsxs\Manifests
Successfully restored permissions on C:\WINDOWS\winsxs\Manifests
PowerCopy:: directive completed successfully.




Successfully processed all directives.
SFCFix version 3.0.2.1 by niemiro has completed.
Currently storing 21 datablocks.
Finish time: 2022-10-04 22:42:11.638
Script hash: 8knoDH/0bcsnU7wu7D2cE9hovcKDslKzsZnOwmAMX84=
----------------------EOF-----------------------
 
Go ahead and restart the machine.
Report if the issues in your message #64 are fixed or not.
 
Step 1:
Warning: This script was written specifically for this user, for use on that particular machine. Do not run this script on another machine.
  1. Download the attachment fixlist.txt and save it to your desktop.
  2. Right-click on FRST64.exe and select "Run as administrator".
  3. Press the Fix button.
  4. The tool will now process fixlist.txt.
  5. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  6. When finished, a log called Fixlog.txt will appear in the same directory the tool is run from.
  7. Attach the logfile Fixlog.txt to your next reply.

Step 2:
Restart the machine.
Run the command sfc /scannow in a elevated commandprompt and report the result.
If it fails attach the file cbs.log to your next reply.
 

Attachments

Fixlog is below. The SFC scan did fail again, i've attached the cbs log.


The windows error (Windows update could not be uninstalled because of error 2359303 "" (Command line: "wusa /uninstall /KB:5014738"), didn't appear in the Event Viewer on reboot (it had done for the previous few reboots).

But the sdiagnhost one did.
Unable to start a DCOM Server: {8086EBD4-43E3-4B19-BEB3-F0EA4ECF319C}. The error:
"2"
Happened while starting this command:
C:\WINDOWS\System32\sdiagnhost.exe -Embedding





Fix result of Farbar Recovery Scan Tool (x64) Version: 04-10-2022
Ran by Admin (06-10-2022 22:29:32) Run:6
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin
Boot Mode: Normal
==============================================

fixlist content:
*****************
CMD: REG LOAD HKLM\COMPONENTS C:\Windows\System32\config\COMPONENTS
DeleteValue: HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.3.9600.20564 (winblue_ltsb_escrow.220809-0737)\ComponentFamilies\amd64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_none_2821f4ae1a431e3e\v!6.3.9600.16384|UnstagedFiles
DeleteValue: HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.3.9600.20564 (winblue_ltsb_escrow.220809-0737)\ComponentFamilies\wow64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_none_32769f004ea3e039\v!6.3.9600.16384|UnstagedFiles
*****************


========= REG LOAD HKLM\COMPONENTS C:\Windows\System32\config\COMPONENTS =========

The operation completed successfully.


========= End of CMD: =========

"HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.3.9600.20564 (winblue_ltsb_escrow.220809-0737)\ComponentFamilies\amd64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_none_2821f4ae1a431e3e\v!6.3.9600.16384\\UnstagedFiles" => removed successfully
"HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.3.9600.20564 (winblue_ltsb_escrow.220809-0737)\ComponentFamilies\wow64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_none_32769f004ea3e039\v!6.3.9600.16384\\UnstagedFiles" => removed successfully

==== End of Fixlog 22:29:34 ====
 

Attachments

Had the desktop running for 12 hours now. A new error within Application (on event viewer) has appeared.



Code: 
Application: powershell.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
   at System.Linq.Enumerable+WhereArrayIterator`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].MoveNext()
   at System.Linq.Enumerable.Any[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Collections.Generic.IEnumerable`1<System.__Canon>)
   at System.Management.Automation.Language.Compiler.VisitPipeline(System.Management.Automation.Language.PipelineAst)
   at System.Management.Automation.Language.Compiler.CompileTrappableExpression(System.Collections.Generic.List`1<System.Linq.Expressions.Expression>, System.Management.Automation.Language.StatementAst)
   at System.Management.Automation.Language.Compiler.CompileStatementListWithTraps(System.Collections.ObjectModel.ReadOnlyCollection`1<System.Management.Automation.Language.StatementAst>, System.Collections.ObjectModel.ReadOnlyCollection`1<System.Management.Automation.Language.TrapStatementAst>, System.Collections.Generic.List`1<System.Linq.Expressions.Expression>, System.Collections.Generic.List`1<System.Linq.Expressions.ParameterExpression>)
   at System.Management.Automation.Language.Compiler.CompileSingleLambda(System.Collections.ObjectModel.ReadOnlyCollection`1<System.Management.Automation.Language.StatementAst>, System.Collections.ObjectModel.ReadOnlyCollection`1<System.Management.Automation.Language.TrapStatementAst>, System.String, System.Management.Automation.Language.IScriptExtent, System.Management.Automation.Language.IScriptExtent)
   at System.Management.Automation.Language.Compiler.CompileNamedBlock(System.Management.Automation.Language.NamedBlockAst, System.String)
   at System.Management.Automation.Language.Compiler.VisitScriptBlock(System.Management.Automation.Language.ScriptBlockAst)
   at System.Management.Automation.Language.Compiler.Compile(System.Management.Automation.CompiledScriptBlockData, Boolean)
   at System.Management.Automation.CompiledScriptBlockData.CompileUnoptimized()
   at System.Management.Automation.CompiledScriptBlockData.Compile(Boolean)
   at System.Management.Automation.DlrScriptCommandProcessor.Init()
   at System.Management.Automation.Runspaces.Command.CreateCommandProcessor(System.Management.Automation.ExecutionContext, System.Management.Automation.CommandFactory, Boolean, System.Management.Automation.CommandOrigin)
   at System.Management.Automation.Runspaces.LocalPipeline.CreatePipelineProcessor()
   at System.Management.Automation.Runspaces.LocalPipeline.InvokeHelper()
   at System.Management.Automation.Runspaces.LocalPipeline.InvokeThreadProc()
   at System.Management.Automation.Runspaces.PipelineThread.WorkerProc()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()


Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name=".NET Runtime" />
    <EventID Qualifiers="0">1026</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2022-10-07T00:17:29.000000000Z" />
    <EventRecordID>807721</EventRecordID>
    <Channel>Application</Channel>
    <Computer>Apps4-PC-4</Computer>
    <Security />
  </System>
  <EventData>
    <Data>Application: powershell.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
   at System.Linq.Enumerable+WhereArrayIterator`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].MoveNext()
   at System.Linq.Enumerable.Any[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Collections.Generic.IEnumerable`1&lt;System.__Canon&gt;)
   at System.Management.Automation.Language.Compiler.VisitPipeline(System.Management.Automation.Language.PipelineAst)
   at System.Management.Automation.Language.Compiler.CompileTrappableExpression(System.Collections.Generic.List`1&lt;System.Linq.Expressions.Expression&gt;, System.Management.Automation.Language.StatementAst)
   at System.Management.Automation.Language.Compiler.CompileStatementListWithTraps(System.Collections.ObjectModel.ReadOnlyCollection`1&lt;System.Management.Automation.Language.StatementAst&gt;, System.Collections.ObjectModel.ReadOnlyCollection`1&lt;System.Management.Automation.Language.TrapStatementAst&gt;, System.Collections.Generic.List`1&lt;System.Linq.Expressions.Expression&gt;, System.Collections.Generic.List`1&lt;System.Linq.Expressions.ParameterExpression&gt;)
   at System.Management.Automation.Language.Compiler.CompileSingleLambda(System.Collections.ObjectModel.ReadOnlyCollection`1&lt;System.Management.Automation.Language.StatementAst&gt;, System.Collections.ObjectModel.ReadOnlyCollection`1&lt;System.Management.Automation.Language.TrapStatementAst&gt;, System.String, System.Management.Automation.Language.IScriptExtent, System.Management.Automation.Language.IScriptExtent)
   at System.Management.Automation.Language.Compiler.CompileNamedBlock(System.Management.Automation.Language.NamedBlockAst, System.String)
   at System.Management.Automation.Language.Compiler.VisitScriptBlock(System.Management.Automation.Language.ScriptBlockAst)
   at System.Management.Automation.Language.Compiler.Compile(System.Management.Automation.CompiledScriptBlockData, Boolean)
   at System.Management.Automation.CompiledScriptBlockData.CompileUnoptimized()
   at System.Management.Automation.CompiledScriptBlockData.Compile(Boolean)
   at System.Management.Automation.DlrScriptCommandProcessor.Init()
   at System.Management.Automation.Runspaces.Command.CreateCommandProcessor(System.Management.Automation.ExecutionContext, System.Management.Automation.CommandFactory, Boolean, System.Management.Automation.CommandOrigin)
   at System.Management.Automation.Runspaces.LocalPipeline.CreatePipelineProcessor()
   at System.Management.Automation.Runspaces.LocalPipeline.InvokeHelper()
   at System.Management.Automation.Runspaces.LocalPipeline.InvokeThreadProc()
   at System.Management.Automation.Runspaces.PipelineThread.WorkerProc()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()

</Data>
  </EventData>
</Event>

Code: 
Faulting application name: powershell.exe, version: 6.3.9600.17415, time stamp: 0x54504e09
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007ffc28f28d04
Faulting process ID: 0x12b8
Faulting application start time: 0x01d8d9e21b662e6a
Faulting application path: C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe
Faulting module path: unknown
Report ID: 6dd67104-45d5-11ed-bffc-9c5c8e7b6a60
Faulting package full name:
Faulting package-relative application ID:
 
Download
51a5c8edc4692-icon1337952077.png
Farbar Service Scanner and save the file on your Desktop.

Right-click FSS and select "Run as administrator".
Put checkmarks at following items only:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update

Click Scan.
A log file called "FSS.TXT" will appear on your desktop when the scan is finished.
Attach this file to your next reply.
 
Farbar Service Scanner Version: 13-08-2022 01
Ran by Admin (administrator) on 07-10-2022 at 17:25:35
Running from "C:\Users\Admin\Downloads"
Windows 8.1 Enterprise (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============


Firewall Disabled Policy:
==================


System Restore:
============


System Restore Policy:
========================


Action Center:
============


Windows Update:
============


Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\netbt.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\dhcpcsvc.dll => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
Great. That log looks normal.

Warning: This script was written specifically for this user, for use on that particular machine. Do not run this script on another machine.
  1. Download the attachment fixlist.txt and save it to your desktop.
  2. Right-click on FRST64.exe and select "Run as administrator".
  3. Press the Fix button.
  4. The tool will now process fixlist.txt.
  5. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  6. When finished, a log called Fixlog.txt will appear in the same directory the tool is run from.
  7. Attach the logfile Fixlog.txt to your next reply.
 

Attachments

Attached below. Is it worth me restarting at this point?







Fix result of Farbar Recovery Scan Tool (x64) Version: 07-10-2022 01
Ran by Admin (08-10-2022 10:15:19) Run:7
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin
Boot Mode: Normal
==============================================

fixlist content:
*****************
File: C:\WINDOWS\System32\sdiagnhost.exe
CMD: reg query HKEY_CLASSES_ROOT\CLSID\{8086ebd4-43e3-4b19-beb3-f0ea4ecf319c} /s
CMD: reg query HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8086ebd4-43e3-4b19-beb3-f0ea4ecf319c} /s


*****************


========================= File: C:\WINDOWS\System32\sdiagnhost.exe ========================

C:\WINDOWS\System32\sdiagnhost.exe
File not signed
MD5: 0A25364F86106465E9E6A6D80DE0408B
Creation and modification date: 2014-11-21 09:55 - 2022-09-30 00:02
Size: 000000872
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======


========= reg query HKEY_CLASSES_ROOT\CLSID\{8086ebd4-43e3-4b19-beb3-f0ea4ecf319c} /s =========


HKEY_CLASSES_ROOT\CLSID\{8086ebd4-43e3-4b19-beb3-f0ea4ecf319c}
(Default) REG_SZ CScriptedDiagNativeHost

HKEY_CLASSES_ROOT\CLSID\{8086ebd4-43e3-4b19-beb3-f0ea4ecf319c}\LocalServer32
(Default) REG_EXPAND_SZ %SystemRoot%\System32\sdiagnhost.exe
ServerExecutable REG_EXPAND_SZ %SystemRoot%\System32\sdiagnhost.exe

HKEY_CLASSES_ROOT\CLSID\{8086ebd4-43e3-4b19-beb3-f0ea4ecf319c}\TypeLib
(Default) REG_SZ {686ba761-d755-4927-929f-94c8f67af1df}

HKEY_CLASSES_ROOT\CLSID\{8086ebd4-43e3-4b19-beb3-f0ea4ecf319c}\Version
(Default) REG_SZ 1.0


========= End of CMD: =========


========= reg query HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8086ebd4-43e3-4b19-beb3-f0ea4ecf319c} /s =========


HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8086ebd4-43e3-4b19-beb3-f0ea4ecf319c}
(Default) REG_SZ CScriptedDiagNativeHost

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8086ebd4-43e3-4b19-beb3-f0ea4ecf319c}\LocalServer32
(Default) REG_EXPAND_SZ %SystemRoot%\System32\sdiagnhost.exe
ServerExecutable REG_EXPAND_SZ %SystemRoot%\System32\sdiagnhost.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8086ebd4-43e3-4b19-beb3-f0ea4ecf319c}\TypeLib
(Default) REG_SZ {686ba761-d755-4927-929f-94c8f67af1df}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8086ebd4-43e3-4b19-beb3-f0ea4ecf319c}\Version
(Default) REG_SZ 1.0


========= End of CMD: =========


==== End of Fixlog 10:15:21 ====
 
Warning: This script was written specifically for this user, for use on that particular machine. Do not run this script on another machine.
  1. Download the attachment fixlist.txt and save it to your desktop.
  2. Right-click on FRST64.exe and select "Run as administrator".
  3. Press the Fix button.
  4. The tool will now process fixlist.txt.
  5. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  6. When finished, a log called Fixlog.txt will appear in the same directory the tool is run from.
  7. Attach the logfile Fixlog.txt to your next reply.
 

Attachments

Fix result of Farbar Recovery Scan Tool (x64) Version: 07-10-2022 01
Ran by Admin (08-10-2022 11:59:09) Run:8
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin
Boot Mode: Normal
==============================================

fixlist content:
*****************
CMD: fsutil hardlink list c:\windows\system32\sdiagnhost.exe

*****************


========= fsutil hardlink list c:\windows\system32\sdiagnhost.exe =========

\Windows\WinSxS\amd64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_6.3.9600.17415_none_0b30df96304ee82e\sdiagnhost.exe
\Windows\System32\sdiagnhost.exe

========= End of CMD: =========


==== End of Fixlog 11:59:10 ====
 
Step 1:
Warning: This script was written specifically for this user, for use on that particular machine. Do not run this script on another machine.
  1. Download the attachment fixlist.txt and save it to your desktop.
  2. Right-click on FRST64.exe and select "Run as administrator".
  3. Press the Fix button.
  4. The tool will now process fixlist.txt.
  5. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  6. When finished, a log called Fixlog.txt will appear in the same directory the tool is run from.
  7. Attach the logfile Fixlog.txt to your next reply.

Step 2:
Restart the machine.
Do you still get the error with sdiagnhost.exe ?
 

Attachments

You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top