[SOLVED] bootres.dll corrupt

Z

zerocool

Member
Joined
Apr 22, 2019
Posts
11
Heyo=)

Problem solving first, intros later;)

I am getting sfc scan errors... specifically: "bootres.dll"

CBSlog errors:
hash mismatch
and
source file in store is also corrupted

The pc is fine and clean. It boots and operates nominally...

I have tried a whole lot of fixes... too many to remember..lol..

The last fix was to extract the bootres.dll from the windows image and replace the "corrupt" one... - Still getting the same sfc error message we all know when scanning.. ;)

I then ran SFCFix and it too confirmed: CORRUPT: C:\Windows\winsxs\amd64_microsoft-windows-bootres_31bf3856ad364e35_6.1.7601.17514_none_9d42c69298905ee5\bootres.dll
(even though I know it is not corrupt;) )

Do you know what I can do to get rid of this message and have sfc /scannow function smoothly again without errors?

Thanks and happy easter;)
 
edit: please excuse the location of this post - I just now saw the "please post in the windows update" sticky thread...
I cannot seem to be able to delete my post or edit or move it... - Feel free to move it to wherever you see fit;)
Thanks=)

edit2: oh, I can edit the second post.. intriguing..! :P
 
Hi SD=)

Thanks for your welcome=) (and for the relocation of the post;) ) - Good that this place exists;)

I have posted all the relevant information from the Logs...
SFCFix relevant data = CORRUPT: C:\Windows\winsxs\amd64_microsoft-windows-bootres_31bf3856ad364e35_6.1.7601.17514_none_9d42c69298905ee5\bootres.dll
(I am uncomfortable installing the SURT/DISM Scan tool at ~600mb...)

Thanks for your help =)
 

Attachments

Hi,

Sorry I need the plain text logs files to work not RTF. I will post for SURT if needed, the download is around 300MB...

Please do the following:


Export the CBS folder
  1. Open the folder C:\Windows\Logs
  2. Right-click on the CBS folder, and select Copy
  3. Go back to your Desktop, right-click on it, and select Paste. You should now see a copy of the CBS folder appear on your Desktop called CBS
  4. Right-click on this new folder, and navigate through Send to, and select Compressed (zipped) folder
  5. A new file, also called CBS (CBS.zip), but this time with a different icon, will be created
    If zip file is too large to upload to the forum please share the file using a service like Dropbox, Google Drive, OneDrive or upload to SendSpace and just provide the link for the file here.
 
Hey bud=)

-> you can simply rename *.rtf to *.txt... ;)

also,

you do not need the whole cbslog -> you can simply extract the relevant parts..

for example : If you want all the information that has to do with sfc, you can enter the following command in the CMD window :

findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt

-> this will extract all sfc info from the cbs.log file and make a txt file on your desktop.

-> I uploaded the *.rtf file because , in comparison to the *.txt file, the formatting looks better and is very legible when opening the file in wordpad.

Hope this helps;)

Thanks for your help =)

p.s. everything in the cbs.log is clear - I attached all the errors in it to make it easier to read for you... ;)
 
Last edited:
zerocool said:
Hey bud=)

-> you can simply rename *.rtf to *.txt... ;)

also,

you do not need the whole cbslog -> you can simply extract the relevant parts..
Click to expand...

Who say so? Without access to the full log I don't have all the information I need to help you.
 
Hey bud=)

no need to get angry;)

Can you tell me what exactly it is that you are looking for in the log? (so that I can help myself in the future)
-> or do you just run the file through a program that someone coded=?

Please help me understand...)

Thanks for your help =)



edit: the reason why I ask is because I do not know the cbs.log file well enough to know that: If I post the file
-> will it leave my system vunerable to anybody that happens to see it?
-> is there anything in it that can identify my machine to third parties?
-> what harm can be done if I post the file?

I prefer to learn how to fish instead of being fed a fish if you know what I mean;)
 
Last edited:
zerocool said:
Hey bud=)

no need to get angry;)
Click to expand...

Not at all. When you ask for help you should follow the instructions, if you have doubts ask like you did now.

Can you tell me what exactly it is that you are looking for in the log? (so that I can help myself in the future)
-> or do you just run the file through a program that someone coded=?
Click to expand...

Usually Windows will put on the log the hash of the file it expects to find, you said that already replaced the file so I need to do extract checks to make sure we provide the correct file and that Windows isn't on a cycle requesting a different file every time...

edit: the reason why I ask is because I do not know the cbs.log file well enough to know that: If I post the file
-> will it leave my system vunerable to anybody that happens to see it?
-> is there anything in it that can identify my machine to third parties?
-> what harm can be done if I post the file?

I prefer to learn how to fish instead of being fed a fish if you know what I mean;)
Click to expand...

Most logs we request only contain information related to the installed Windows Updates, state of the updates, errors, etc. nothing on the logs can be used to identify you. If you search the web for something listed on the logs you will find similar logs generated in several different machines...

Besides the logs depending on the problem we face sometimes we also request some parts of the Windows Registry that are used by Windows to record everything related to Windows Updates work, the keys contain information about updates, versions installed, etc. its specific for you machine because it depends of the number of updates installed, its version, Windows edition, etc. again nothing private only data that can be found in almost every other Windows machine that is running the same Windows edition.

When the information we need may contain "personal data" like your Windows key, etc. the request is done using Private Messages an not in public.

Let me know if you have more questions.
 
That. was. an. awesome. reply.

coming from the field, you must understand my concern;) - Remember -> Be careful when following the masses, sometimes the "s" is sillent ;)

Thank you for clarifying that for me - and - giving me some info I understand and a more secure feeling about the whole situation.

I have PM'd you the password for the zip file.

Again, thank you very much for your help.

Greatly appreciated.
 

Attachments

zerocool said:
-> Be careful when following the masses, sometimes the "s" is sillent ;)

-> its actually the "m"... lol

also - seems I cannot edit posts anymore..? something is fishy...lol
Click to expand...

edit: hmm this post I can edit, but not my last one... I do not understand the logic here...
 
the edit button has now disappeared in the last post too...

Is there a "time-limit" to editing posts? how strange..lol

-p.s. I see now in the CBS.log
Found: hash
Expected:different hash

hmm, but how to tell sfc checker to exchange and use the hash key from the found instead of the expected.. lol..hmmm :P
 
Hi Zerocool,

While I do understand your concerns in regards to your privacy and personal information that may be visible to others, I think you should know that each and every Windows Update Analyst (the person assisting here) has gone through an extensive training where among other things particular attention was paid to ensuring private data always remains confidential.

Should a situation where we need a piece of personal information arise, this would be disclosed to you up front and you would not be asked to post that in the public section of our forum, but rather via Personal Message to your helper only.

When I asked for a complete CBS folder, I asked for it with a reason. Sfcdetails.txt (or .rtf) does not contain enough information for me as an analyst to create a fix for your machine.

CBS.log can get archived due to the size limitation and the full log is contained within the CBSPersist.log, which is contained within the CBS folder. Neither of the above-mentioned logs contain any personal information that could identify you as a person or provide any information about your machine (except the information we need, like system version, error codes and such, but nothing identifiable).

The fixes are being created using specialized utilities which are intended only for internal use and as such I cannot provide further information about the details of how they are being created.

Bear in mind that this is a public forum and we also run a Windows Update Academy, so the purpose of it is for everyone to learn, so please provide any future logs without password protection.

Thank you for your understanding.

Please let me know if you have additional questions for me.

P.S.: A post can only be edited 20 minutes after post, this is part of a measure against SPAM!
 
Hi SD=)

Please excuse the long wait for a reply - massive headache.. :/

Anywho,
Thanks for your in-depth explanation=)

The reason I am also asking these questions is because (maybe) it might be a security risk disclosing the hash values for system relevant files (especially boot sector files) - I hope that you understand my concern ;)

That being said - If you agree and believe that disclosing hash values for boot sector files could also be a (very small) security risk, and the fixes are user/system specific anyway -and not of use to anybody else - , it might be good practice to password protect the files;) - Let me know if you think this could be true;)

Please also excuse my uploads, I did not read the instructions properly. I totally missed the "folder" part and thought that you only wanted the log file =) (my mistake) ;)

Here is the folder you requested: (attached)

Thank you very much for your help=)



p.s. Thanks for the edit" info =) -> the best measure against spam is to properly educate the people so they have enough maturity and wisdom not to "hurt" others;)
 

Attachments

Last edited:
Hi,

zerocool said:
The reason I am also asking these questions is because (maybe) it might be a security risk disclosing the hash values for system relevant files (especially boot sector files) - I hope that you understand my concern ;)

That being said - If you agree and believe that disclosing hash values for boot sector files could also be a (very small) security risk, and the fixes are user/system specific anyway -and not of use to anybody else - , it might be good practice to password protect the files;) - Let me know if you think this could be true;)
Click to expand...

No security risk at all! if the file was specific for your computer only I probably could help you fix it! those are files provided by Microsoft for every machine in the world that is running Windows 7.

The warning we include saying the fixes are prepare specifically for the user machine is because the files and changes we do must match what the system is expecting if we install the wrong file version, etc. things could go south...


SFCFix Script

!!! WARNING !!! The following fix is only relevant for this system and no other, applying this fix on another computer will not work and most likely will cause problems...
  • Download SFCFix.exe (by Niemiro) and save it to the Desktop
  • Download the file SFCFIX.ZIP, attached below, and save this to your Desktop
  • On your Desktop, make sure you have the two files:
    myjIXnC.png
    SFCFix.exe and
    sfpcJCen14An3ndjNGCI7mByhjHJud.png
    SFCFIX.zip
  • Drag the file SFCFIX.zip onto the file SFCFix.exe and release it
  • The SFCFix tool will process the script
  • Upon completion, a log file SFCFix.txt should be created on your Desktop
  • Open the SFCFix.txt log and copy & paste the contents to your post
 

Attachments

Hi SD=)

I understand. Thank you for helping me.

I am sure that this post will be valuable to other people who might be a little "unsure" about the situation. It surely cleared things up for me at least;) Thank you again for your time an patience.

here is the extract from the sfcfix logfile:

SFCFix version 3.0.1.0 by niemiro.
Start time: 2019-04-25 09:58:54.321
Microsoft Windows 7 Service Pack 1 - amd64
Using .zip script file at C:\Users\Soundwave\Desktop\SFCFix.zip [0]




PowerCopy:: Successfully took permissions for file or folder C:\Windows\WinSxS\amd64_microsoft-windows-bootres_31bf3856ad364e35_6.1.7601.17514_none_9d42c69298905ee5\bootres.dll Successfully copied file C:\Users\Soundwave\AppData\Local\niemiro\Archive\WinSxS\amd64_microsoft-windows-bootres_31bf3856ad364e35_6.1.7601.17514_none_9d42c69298905ee5\bootres.dll to C:\Windows\WinSxS\amd64_microsoft-windows-bootres_31bf3856ad364e35_6.1.7601.17514_none_9d42c69298905ee5\bootres.dll. Successfully restored ownership for C:\Windows\WinSxS\amd64_microsoft-windows-bootres_31bf3856ad364e35_6.1.7601.17514_none_9d42c69298905ee5\bootres.dll Successfully restored permissions on C:\Windows\WinSxS\amd64_microsoft-windows-bootres_31bf3856ad364e35_6.1.7601.17514_none_9d42c69298905ee5\bootres.dll PowerCopy:: directive completed successfully. Successfully processed all directives. SFCFix version 3.0.1.0 by niemiro has completed. Currently storing 5 datablocks. Finish time: 2019-04-25 09:58:55.335 Script hash: KY5TNhKN9rWKNwCruzdhzsk6wwib/zlfX70HfYPiIoo= ----------------------EOF-----------------------

Thank you very much.
 
Hi,

Thanks for the log.

Please run sfc /scannow and let me know the result. I'm expecting "Windows Resource Protection found corrupt files and successfully repaired them."
 
Hi SD=)

I ran the sfc scan and got this result:

C:\Windows\system32>sfc /scannow Beginning system scan. This process will take some time. Beginning verification phase of system scan. Verification 100% complete. Windows Resource Protection found corrupt files and successfully repair them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log The system file repair changes will take effect after the next reboot.


After a reboot I ran it again and got his result:

C:\Windows\system32>sfc /scannow Beginning system scan. This process will take some time. Beginning verification phase of system scan. Verification 100% complete. Windows Resource Protection did not find any integrity violations.


Thank you very much for your help. You are really doing something beautiful here helping others.
(everybody, everywhere)

I really appreciate it.

I wish you a lot of success in life and in your undertakings.

Again, Thank you very much.
 
Hi,

I'm glad it worked. (y)


Thank You for your words.

Best regards.
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top