[SOLVED] sfc /scannow failed to repair member file (Win 7)

T

thenubofit

Member
Joined
Jan 17, 2015
Posts
17
Hello,

I'm new to the forum so I hope I'm posting this in the correct area. Forgive and inform if otherwise.

My Acer 4830T laptop running Win 7 is working fine. But, after running sfc /scannow I found quite a few files that could not be repaired. In turn I have run the System Update Readiness Tool and SFCFix.exe which corrected some of the files but not all. SURT detects 20 corrupted files while CBS and SFCFix detect 19. The odd thing is, that all but the listed .dll files were files I deleted by me long ago (mostly sample media files provided by Win 7).

So I'm looking for assistance in cleaning up the remaining list. I am a retired IT guy (it's been awhile) and have no fear of editing the registry and such, but I'm a bit out of my realm with this problem. Any assistance would be appreciated.

I have attached the three relevant log files for perusal.

Thank you in advance.
 

Attachments

Hello again :)

There are quite a large number of corruptions here compared to your other machine.

Please dont start these instructions until 1 hour after I have posted them, internet in Australia is not the best and the file will take a while to upload.

SFCFix Script

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

  1. Download SFCFix.exe (by niemiro) and save this to your Desktop.
  2. Download SFCFix.zip, and save this to your Desktop. Ensure that this file is named SFCFix.zip - do not rename it.
  3. Save any open documents and close all open windows.
  4. On your Desktop, you should see two files: SFCFix.exe and SFCFix.zip.
  5. Drag the file SFCFix.zip onto the file SFCFix.exe and release it.
  6. SFCFix will now process the script.
  7. Upon completion, a file should be created on your Desktop: SFCFix.txt.
  8. Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this file into your next post for me to analyse please - put [CODE][/CODE] tags around the log to break up the text.


SFC /SCANNOW

  1. Click on the
    Win7Orb_zps4dae3b32.jpg
    button. Inside the search box type in CMD
  2. Right click on CMD => Choose Run as Administrator
  3. Inside the Command Prompt windows copy and paste the following command SFC /SCANNOW
  4. Please wait for this to Finish before continuing with the rest of the steps.

Convert CBS.log to CBS.txt

  1. Click on the
    Win7Orb_zps4dae3b32.jpg
    button => Inside the search box copy and paste the following command:
    Code: 
    cmd /c copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt"
  2. Press Enter
  3. Once this has completed please go to your Desktop and you will find CBS.txt => Please upload CBS.txt to this thread

Please Note:: if the file is too big to upload to you next post please upload via Dropbox or One Drive


Alex
 
Alex,

First off, thank you for your very knowledgeable help.

After running the "SFCfix", it appears, through my rather limited ability of analysis, that there is one file left in the CBS file that has not been repaired. From the the CBS.log: Cannot repair member file [l:58{29}]"win7_scenic-demoshort_raw.wtv"

Again this is a file that was deleted long ago, along with the other media sample files. I believe I used Wise Disk Cleaner to remove them. Something must have gone awry during the delete process. As for the msvcp60.dll file, I'm not sure what happened there. Especially since that particular dll is shown to be in no less than 6 locations on my hard disk when I search for it.

I'm assuming from what I've read in the SFCfix.txt file (below) that you took replacement copies of the missing files, gained ownership and permissions of them for my machine, restored them to there proper "C:\Windows\winsxs\amd64_microsoft-windows-..." folders, returned ownership, and then let "sfc" perform its magic in repairing the issue. Back in my day, i.e. Windows XP, it use to be much easier to replace system files without all the fuss, but for security reason I assume, much has changed.

If so, I'm also assuming that you will be doing the same for "win7_scenic-demoshort_raw.wtv". My guess is you'll be copying a replacement file to the "C:\Windows\winsxs\amd64_microsoft-windows-ehome-samplemedia_31bf3856ad364e35_6.1.7600.16385_none_b6b9b223710b3802" folder, and again letting "sfc" do its thing.

As a retired IT guy, just wondering if I'm on the right track.

The CBS.txt file can be found at: https://onedrive.live.com/redir?resid=BC47F232B24AC22E!115

The code for SFCfix.txt below:

Code: 
SFCFix version 2.4.1.0 by niemiro.
Start time: 2015-01-19 10:20:14.251
Using .zip script file at C:\Users\Markus\Desktop\SFCFix.zip [0]








PowerCopy::
Successfully took permissions for file or folder C:\Windows
Successfully took permissions for file or folder C:\Windows\winsxs\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd
Successfully took permissions for file or folder C:\Windows\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be
Successfully took permissions for file or folder C:\Windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b
Successfully took permissions for file or folder C:\Windows\winsxs\amd64_microsoft-windows-msvcp60_31bf3856ad364e35_6.1.7600.16385_none_9e968637cb108946
Successfully took permissions for file or folder C:\Windows\winsxs\amd64_microsoft-windows-ehome-samplemedia_31bf3856ad364e35_6.1.7600.16385_none_b6b9b223710b3802


Line blocked (SFCFix.txt): "C:\Users\Markus\AppData\Local\niemiro\Archive\SFCFix.txt" C:\Windows\SFCFix.txt.
Successfully copied file C:\Users\Markus\AppData\Local\niemiro\Archive\SFCFix.exe to C:\Windows\SFCFix.exe.
Successfully copied file C:\Users\Markus\AppData\Local\niemiro\Archive\winsxs\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd\desktop.ini to C:\Windows\winsxs\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd\desktop.ini.
Successfully copied file C:\Users\Markus\AppData\Local\niemiro\Archive\winsxs\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd\Wildlife.wmv to C:\Windows\winsxs\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd\Wildlife.wmv.
Successfully copied file C:\Users\Markus\AppData\Local\niemiro\Archive\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be\Chrysanthemum.jpg to C:\Windows\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be\Chrysanthemum.jpg.
Successfully copied file C:\Users\Markus\AppData\Local\niemiro\Archive\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be\Desert.jpg to C:\Windows\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be\Desert.jpg.
Successfully copied file C:\Users\Markus\AppData\Local\niemiro\Archive\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be\desktop.ini to C:\Windows\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be\desktop.ini.
Successfully copied file C:\Users\Markus\AppData\Local\niemiro\Archive\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be\Hydrangeas.jpg to C:\Windows\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be\Hydrangeas.jpg.
Successfully copied file C:\Users\Markus\AppData\Local\niemiro\Archive\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be\Jellyfish.jpg to C:\Windows\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be\Jellyfish.jpg.
Successfully copied file C:\Users\Markus\AppData\Local\niemiro\Archive\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be\Koala.jpg to C:\Windows\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be\Koala.jpg.
Successfully copied file C:\Users\Markus\AppData\Local\niemiro\Archive\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be\Lighthouse.jpg to C:\Windows\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be\Lighthouse.jpg.
Successfully copied file C:\Users\Markus\AppData\Local\niemiro\Archive\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be\Penguins.jpg to C:\Windows\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be\Penguins.jpg.
Successfully copied file C:\Users\Markus\AppData\Local\niemiro\Archive\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be\SampleRes.dll to C:\Windows\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be\SampleRes.dll.
Successfully copied file C:\Users\Markus\AppData\Local\niemiro\Archive\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be\Tulips.jpg to C:\Windows\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be\Tulips.jpg.
Successfully copied file C:\Users\Markus\AppData\Local\niemiro\Archive\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\desktop.ini to C:\Windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\desktop.ini.
Successfully copied file C:\Users\Markus\AppData\Local\niemiro\Archive\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Kalimba.mp3 to C:\Windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Kalimba.mp3.
Successfully copied file C:\Users\Markus\AppData\Local\niemiro\Archive\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3 to C:\Windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3.
Successfully copied file C:\Users\Markus\AppData\Local\niemiro\Archive\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3 to C:\Windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3.
Successfully copied file C:\Users\Markus\AppData\Local\niemiro\Archive\winsxs\amd64_microsoft-windows-msvcp60_31bf3856ad364e35_6.1.7600.16385_none_9e968637cb108946\msvcp60.dll to C:\Windows\winsxs\amd64_microsoft-windows-msvcp60_31bf3856ad364e35_6.1.7600.16385_none_9e968637cb108946\msvcp60.dll.
Successfully copied file C:\Users\Markus\AppData\Local\niemiro\Archive\winsxs\amd64_microsoft-windows-ehome-samplemedia_31bf3856ad364e35_6.1.7600.16385_none_b6b9b223710b3802\desktop.ini to C:\Windows\winsxs\amd64_microsoft-windows-ehome-samplemedia_31bf3856ad364e35_6.1.7600.16385_none_b6b9b223710b3802\desktop.ini.


Successfully restored ownership for C:\Windows
Successfully restored permissions on C:\Windows
Successfully restored ownership for C:\Windows\winsxs\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd
Successfully restored permissions on C:\Windows\winsxs\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd
Successfully restored ownership for C:\Windows\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be
Successfully restored permissions on C:\Windows\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be
Successfully restored ownership for C:\Windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b
Successfully restored permissions on C:\Windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b
Successfully restored ownership for C:\Windows\winsxs\amd64_microsoft-windows-msvcp60_31bf3856ad364e35_6.1.7600.16385_none_9e968637cb108946
Successfully restored permissions on C:\Windows\winsxs\amd64_microsoft-windows-msvcp60_31bf3856ad364e35_6.1.7600.16385_none_9e968637cb108946
Successfully restored ownership for C:\Windows\winsxs\amd64_microsoft-windows-ehome-samplemedia_31bf3856ad364e35_6.1.7600.16385_none_b6b9b223710b3802
Successfully restored permissions on C:\Windows\winsxs\amd64_microsoft-windows-ehome-samplemedia_31bf3856ad364e35_6.1.7600.16385_none_b6b9b223710b3802
PowerCopy:: directive completed successfully.








Successfully processed all directives.
SFCFix version 2.4.1.0 by niemiro has completed.
Currently storing 7 datablocks.
Finish time: 2015-01-19 10:21:00.291
Script hash: I1qx3WNGA7jxKZWguzQoJHr/q42AMYly+YGuohiZHgM=
----------------------EOF-----------------------


Again, thank you for your help,

Mark
 
Hello Mark,

After running the "SFCfix", it appears, through my rather limited ability of analysis, that there is one file left in the CBS file that has not been repaired. From the the CBS.log: Cannot repair member file [l:58{29}]"win7_scenic-demoshort_raw.wtv"
Click to expand...

Something went wrong when I zipped up the original zip file, this file is in there it is just not extracting as it should. But you are exactly right, this is the file that needs to be fixed now :)

Again this is a file that was deleted long ago, along with the other media sample files. I believe I used Wise Disk Cleaner to remove them
Click to expand...

This is always one of my first conclusions when I see the missing Movie samples and music samples, even if you dont use them, Windows likes having them there.

I'm assuming from what I've read in the SFCfix.txt file (below) that you took replacement copies of the missing files, gained ownership and permissions of them for my machine, restored them to there proper "C:\Windows\winsxs\amd64_microsoft-windows-..." folders, returned ownership, and then let "sfc" perform its magic in repairing the issue. Back in my day, i.e. Windows XP, it use to be much easier to replace system files without all the fuss, but for security reason I assume, much has changed.

If so, I'm also assuming that you will be doing the same for "win7_scenic-demoshort_raw.wtv". My guess is you'll be copying a replacement file to the "C:\Windows\winsxs\amd64_microsoft-windows-ehome-samplemedia_31bf3856ad364e35_6.1.7600.16385_none_b6b9b223710b3802" folder, and again letting "sfc" do its thing.

As a retired IT guy, just wondering if I'm on the right track.
Click to expand...

That is exactly right :)

SFCFIx is fantastic tool, the developer has spent many hours implementing processes in this tool make sure that every change made to permissions can be restored to default permissions afterwords.

I will send you another link, Please repeat the previous process with the new link.

Alex
 
Hello Alex,

I've rerun what you asked. Indeed SFCFix.txt reports that the file corruption of "win7_scenic-demoshort_raw.wtv" was fixed. I'm assuming the corruptions that CBS AND SFC, as well as the SURT are counting are the original ones that have been resolved. Enlighten me if I'm wrong :)

cbs_01-20-2015.txt file can be found at: https://onedrive.live.com/redir?resid=BC47F232B24AC22E!118

SFCFix.txt below:

Code: 
SFCFix version 2.4.1.0 by niemiro.
Start time: 2015-01-20 11:29:47.737
Not using a script file.








AutoAnalysis::
FIXED: Corruption at C:\Windows\winsxs\amd64_microsoft-windows-ehome-samplemedia_31bf3856ad364e35_6.1.7600.16385_none_b6b9b223710b3802\win7_scenic-demoshort_raw.wtv has been successfully repaired from C:\Users\Markus\Desktop\SFCFix\winsxs\amd64_microsoft-windows-ehome-samplemedia_31bf3856ad364e35_6.1.7600.16385_none_b6b9b223710b3802\win7_scenic-demoshort_raw.wtv.




CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Koala.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Jellyfish.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\desktop.ini
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Desert.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Lighthouse.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Tulips.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Chrysanthemum.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Hydrangeas.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Penguins.jpg




SUMMARY: Some corruptions could not be fixed automatically. Seek advice from helper or sysnative.com.
   CBS & SFC total detected corruption count:     19
   CBS & SFC total unimportant corruption count:  0
   CBS & SFC total fixed corruption count:        1
   SURT total detected corruption count:          20
   SURT total unimportant corruption count:       0
   SURT total fixed corruption count:             0
AutoAnalysis:: directive completed successfully.








Successfully processed all directives.
SFCFix version 2.4.1.0 by niemiro has completed.
Currently storing 7 datablocks.
Finish time: 2015-01-20 11:33:50.586
----------------------EOF-----------------------
 
Alex,

I decided to run "Check System Update Readiness", again. It came back with another missing .dll file, msvcrt.dll belonging in amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_2d4a27c7b8972454.

I was able to copy that file from another Win7 machine gain, take ownership and permissions of the file and folder, copy it to the folder and return ownership and permissions. I ran "Check System Update Readiness" again, and it came back clean. Both test results below.

First SURT test:

Code: 
Checking System Update Readiness.
Binary Version 6.1.7601.22471
Package Version 26.0
2015-01-20 22:40


Checking Windows Servicing Packages


Checking Package Manifests and Catalogs


Checking Package Watchlist


Checking Component Watchlist


Checking Packages


Checking Component Store
(f)	CSI Payload File Missing	0x00000000	msvcrt.dll	amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_2d4a27c7b8972454	


Summary:
Seconds executed: 721
 Found 1 errors
  CSI Payload File Missing Total count: 1

2nd SURT test:

Code: 
=================================
Checking System Update Readiness.
Binary Version 6.1.7601.22471
Package Version 26.0
2015-01-20 23:59


Checking Windows Servicing Packages


Checking Package Manifests and Catalogs


Checking Package Watchlist


Checking Component Watchlist


Checking Packages


Checking Component Store


Summary:
Seconds executed: 192
No errors detected


I also ran sfc.exe, and it reported no errors.

Again I ran the SFCFix.exe on its own (I did not drop any files onto it for execution) and it still reports .jpg files and a desktop.ini file corruption in wow64_microsoft-C:\Windows\winsxs\windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9.

I don't know if it is just reading old, but fixed corruptions from the CBS.log or not. SFCFix.txt below.

Also, I posted the latest CBS log called CBS-laptop-01-21-2015.log at: https://onedrive.live.com/redir?resid=BC47F232B24AC22E!119

Awaiting your instruction...

SFC Text:

Code: 
SFCFix version 2.4.1.0 by niemiro.
Start time: 2015-01-21 11:46:37.873
Not using a script file.


AutoAnalysis::
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Koala.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Jellyfish.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\desktop.ini
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Desert.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Lighthouse.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Tulips.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Chrysanthemum.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Hydrangeas.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Penguins.jpg




SUMMARY: Some corruptions could not be fixed automatically. Seek advice from helper or sysnative.com.
   CBS & SFC total detected corruption count:     19
   CBS & SFC total unimportant corruption count:  0
   CBS & SFC total fixed corruption count:        0
   SURT total detected corruption count:          0
   SURT total unimportant corruption count:       0
   SURT total fixed corruption count:             0
AutoAnalysis:: directive completed successfully.


Successfully processed all directives.
SFCFix version 2.4.1.0 by niemiro has completed.
Currently storing 7 datablocks.
Finish time: 2015-01-21 11:48:26.180
----------------------EOF-----------------------
 
This is something I have been meaning to ask the developer of SFCFix for some time, these should be fine to ignore.

But just to confirm.

SFCFix script

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

  1. Download SFCFix.exe (by niemiro) and save this to your Desktop.
  2. Go to your desktop and right click on the background -> Select New -> Text Document -> Name this file SFCFixScript.txt.
  3. Open up SFCFixScript.txt and copy all of the following text inside the code box below and paste it into SFCFixScript.txt.
    Code: 
    Trace::
wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9
  4. Click on File -> Save. Close out of SFCFixScript.txt.
  5. Save any open documents and close all open windows.
  6. On your Desktop, you should see two files: SFCFix.exe and SFCFixScript.txt.
  7. Drag the file SFCFixScript.txt onto the file SFCFix.exe and release it.
  8. SFCFix will now process the script.
  9. Upon completion, a file should be created on your Desktop: SFCFix.txt.
  10. Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this file into your next post for me to analyse please - put [CODE][/CODE] tags around the log to break up the text.
 
Alex,

It appears all is well. Code below. And we can mark another one solved.

On the error glitch:
I guess another way to test the theory that SFCfix.exe is reporting on old corruptions from the CBS file, would be to to run SFCFix.exe on it own again, and see if it still reports any errors. If so, I could clear the contents of the CBS file (I've done that before), execute sfc.exe to repopulate the CBS.log, then SFCfix.exe on it's own again and see if it still reports any errors (assuming that there are no errors in the CBS.lob at this point).

Let me know if you would like me to try that. It would shine a light on the problem, if it exists, and help niemro possibly fix the glitch.

Thanks for all your help Alex, I'm very impressed.

Mark




Code: 
SFCFix version 2.4.1.0 by niemiro.
Start time: 2015-01-23 11:09:38.006
Using .txt script file at C:\Users\Markus\Desktop\SFCFixScript.txt [0]








Trace::
Successfully traced component wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9.
    Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.Microsoft-Windows-Client-Features-Update
Trace:: directive completed successfully.








Successfully processed all directives.
SFCFix version 2.4.1.0 by niemiro has completed.
Currently storing 7 datablocks.
Finish time: 2015-01-23 11:09:39.816
Script hash: v3X71/L5BZ7aFWYhu12d8XISVgWcCYeIcOAWpjwpJ04=
----------------------EOF-----------------------
 
Your welcome for the help :)

Can you please go to C:\Windows\WinSxS\Manifests, do you have a manifest file called wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9, if yes, please upload it.

Please run the following commands from CMD as admin.

Code: 
reg load HKLM\COMPONENTS %windir%\System32\config\COMPONENTS
REG QUERY HKLM\COMPONENTS\DerivedData\Components\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9 >1&&notepad 1

Please post the contents of 1 back into this thread.

I am trying to determine now if these files are supposed to be on the system.

I guess another way to test the theory that SFCfix.exe is reporting on old corruptions from the CBS file, would be to to run SFCFix.exe on it own again, and see if it still reports any errors. If so, I could clear the contents of the CBS file (I've done that before), execute sfc.exe to repopulate the CBS.log, then SFCfix.exe on it's own again and see if it still reports any errors (assuming that there are no errors in the CBS.lob at this point).
Click to expand...

SFCFix will only look at the CBS logs from the past 7 days. we can give this a shot but I think this stop SFCFIx from not reporting the corruptions
 
Alex

The file ( wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9) had a .manifest extension. I uploaded it here for your perusal: https://onedrive.live.com/redir?resid=BC47F232B24AC22E!120

I ran the the command you gave me and it appears that this file is recognized by the registry, the code is below.

I'll run my tests for the SFXfix.exe and report back the results in the next entry of this thread.

Thanks as always,

Mark

Code: 
HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9
    identity    REG_BINARY    4D6963726F736F66742D57696E646F77732D50686F746F53616D706C65732C2043756C747572653D6E65757472616C2C2056657273696F6E3D362E312E373630302E31363338352C205075626C69634B6579546F6B656E3D333162663338353661643336346533352C2050726F636573736F724172636869746563747572653D776F7736342C2076657273696F6E53636F70653D4E6F6E537853
    S256H    REG_BINARY    9F66DD6987783E54935BCE045ED7A06F97E0D99B56FE6213BFE0B82E2BEC0451
    f!sampleres.dll    REG_BINARY    530061006D0070006C0065005200650073002E0064006C006C00
    c!microsoft-w..-deployment_31bf3856ad364e35_6.1.7601.17514_51e1eda45975a1ae    REG_BINARY
 
Alex,

I'm a little confused by the results of my test, but perhaps you can shed more light on the results.

What I did:

1) Ran sfc /scannow

Result:
SFC1-2015-01-24.jpg

2) Ran SFCFix.exe

Result:
Code: 
SFCFix version 2.4.1.0 by niemiro.
Start time: 2015-01-24 21:24:53.677
Not using a script file.


AutoAnalysis::
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Koala.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Jellyfish.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\desktop.ini
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Desert.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Lighthouse.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Tulips.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Chrysanthemum.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Hydrangeas.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Penguins.jpg




SUMMARY: Some corruptions could not be fixed automatically. Seek advice from helper or sysnative.com.
   CBS & SFC total detected corruption count:     19
   CBS & SFC total unimportant corruption count:  0
   CBS & SFC total fixed corruption count:        0
   SURT total detected corruption count:          0
   SURT total unimportant corruption count:       0
   SURT total fixed corruption count:             0
AutoAnalysis:: directive completed successfully.


Successfully processed all directives.
SFCFix version 2.4.1.0 by niemiro has completed.
Currently storing 7 datablocks.
Finish time: 2015-01-24 21:28:58.769
----------------------EOF-----------------------

3) Cleared the CBS log.

4) Ran SFCFix.exe again.

Result

Code: 
SFCFix version 2.4.1.0 by niemiro.
Start time: 2015-01-24 21:36:18.189
Not using a script file.


AutoAnalysis::
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Koala.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Jellyfish.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\desktop.ini
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Desert.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Lighthouse.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Tulips.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Chrysanthemum.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Hydrangeas.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Penguins.jpg




SUMMARY: Some corruptions could not be fixed automatically. Seek advice from helper or sysnative.com.
   CBS & SFC total detected corruption count:     27
   CBS & SFC total unimportant corruption count:  0
   CBS & SFC total fixed corruption count:        0
   SURT total detected corruption count:          0
   SURT total unimportant corruption count:       0
   SURT total fixed corruption count:             0
AutoAnalysis:: directive completed successfully.


Successfully processed all directives.
SFCFix version 2.4.1.0 by niemiro has completed.
Currently storing 7 datablocks.
Finish time: 2015-01-24 21:37:44.665
----------------------EOF-----------------------

Of of course this makes no sense to me. It is reporting a list of 9 corrupt files the first time and a corruption count of 19 files.
The second time, post cleared CBS.log, it reports the same list of 9 corrupt files, but now a corruption count of 27 files.

Here are the files it checks:

2015-01-24_214853.jpg


The CBS.log is empty, and the CheckSUR.log is clean(I checked). That leaves the CBS.persist.log. Could it be getting its corruption count from there?
With the CBS.log empty, why is the corruption count higher?
If you would like me to extract any of the CBS.persist.cabs (I have 6 let me know).

Mark
 
Hi Mark,

If it makes you feel any better, I am now lost as to why SFCFix is detecting these files as "Corrupt", these files should not exist on the machine (I will go into more detail in a second). For the record SFCFix also scans the persistent CBS and CheckSUR logs. IMO it is safe to ignore these corruptions detected by SFCFix as I dont believe these files should be on your system. I am discussing this with the developer of SFCFix.

Everything to do with the windows system files is linked in one way or another, this is how SFC checks to see which file is corrupt and which file is missing. As you seem rather interested in how this works I will do my best to try and explain it :).

To start of we will look at one of the other files we repaired earlier on:
C:\Windows\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be\Hydrangeas.jpg.

If you take a look at the component name above in red and add .manifest to the end -> run a search inside C:\Windows\WinSxS\Manifest\ for amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be.manifest you will see the manifest file that matches the same name as the WinSxS component-> open up this manifest file in notepad or notepad++ and you will see:
Code: 
<?xml version="1.0" encoding="UTF-8"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v3" manifestVersion="1.0" copyright="Copyright (c) Microsoft Corporation. All Rights Reserved.">
  <assemblyIdentity name="Microsoft-Windows-PhotoSamples" version="6.1.7600.16385" processorArchitecture="amd64" language="neutral" buildType="release" publicKeyToken="31bf3856ad364e35" versionScope="nonSxS" />
  <dependency discoverable="no" resourceType="Resources">
    <dependentAssembly>
      <assemblyIdentity name="Microsoft-Windows-PhotoSamples.Resources" version="6.1.7600.16385" processorArchitecture="amd64" language="*" buildType="release" publicKeyToken="31bf3856ad364e35" />
    </dependentAssembly>
  </dependency>
  <file name="[COLOR="#0000FF"]Chrysanthemum.jpg"[/COLOR] destinationPath="$(runtime.public)\Pictures\Sample Pictures\" sourceName="01Photo.jpg" sourcePath=".\" importPath="$(build.nttree)\Samples\" writeableType="systemData">
    <securityDescriptor name="#MutableFileDefaultSecurityDescriptor" />
    <asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2">
      <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
        <dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity" />
      </dsig:Transforms>
      <dsig:DigestMethod xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#sha256" />
      <dsig:DigestValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">lU99llArXF/i6YpQRbyn9em6EePb+SpcAhSmqkx/Igg=</dsig:DigestValue>
    </asmv2:hash>
  </file>
  <file name="[COLOR="#0000FF"]Desert.jpg[/COLOR]" destinationPath="$(runtime.public)\Pictures\Sample Pictures\" sourceName="02Photo.jpg" sourcePath=".\" importPath="$(build.nttree)\Samples\" writeableType="systemData">
    <securityDescriptor name="#MutableFileDefaultSecurityDescriptor" />
    <asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2">
      <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
        <dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity" />
      </dsig:Transforms>
      <dsig:DigestMethod xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#sha256" />
      <dsig:DigestValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">AQ9g0pJ6NdAjVJATbvn0lTt+5FMHN5S8rxU9IKZFROo=</dsig:DigestValue>
    </asmv2:hash>
  </file>
[COLOR="#FF0000"]  <file name="[COLOR="#0000FF"]Hydrangeas.jpg[/COLOR]" destinationPath="$(runtime.public)\Pictures\Sample Pictures\" sourceName="03Photo.jpg" sourcePath=".\" importPath="$(build.nttree)\Samples\" writeableType="systemData">
    <securityDescriptor name="#MutableFileDefaultSecurityDescriptor" />
    <asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2">
      <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
        <dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity" />
      </dsig:Transforms>
      <dsig:DigestMethod xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#sha256" />
      <dsig:DigestValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">O5L+3ggPmw7JAq/FiDEZG1uMy69nMjUv16i0RdHp8L0=</dsig:DigestValue>
    </asmv2:hash>
  </file>[/COLOR]
  <file name="[COLOR="#0000FF"]Jellyfish.jpg[/COLOR]" destinationPath="$(runtime.public)\Pictures\Sample Pictures\" sourceName="04Photo.jpg" sourcePath=".\" importPath="$(build.nttree)\Samples\" writeableType="systemData">
    <securityDescriptor name="#MutableFileDefaultSecurityDescriptor" />
    <asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2">
      <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
        <dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity" />
      </dsig:Transforms>
      <dsig:DigestMethod xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#sha256" />
      <dsig:DigestValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">bKDq+yBJbt8j/BSA6LVFOZ9ISmMGmDJL5lLtEPRfovw=</dsig:DigestValue>
    </asmv2:hash>
  </file>
  <file name="[COLOR="#0000FF"]Koala.jpg[/COLOR]" destinationPath="$(runtime.public)\Pictures\Sample Pictures\" sourceName="05Photo.jpg" sourcePath=".\" importPath="$(build.nttree)\Samples\" writeableType="systemData">
    <securityDescriptor name="#MutableFileDefaultSecurityDescriptor" />
    <asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2">
      <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
        <dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity" />
      </dsig:Transforms>
      <dsig:DigestMethod xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#sha256" />
      <dsig:DigestValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">hKTaDkxSxGms5uDGdKkUTNQ+smKMQByLVrQSQuK+SvE=</dsig:DigestValue>
    </asmv2:hash>
  </file>
  <file name="[COLOR="#0000FF"]Tulips.jpg[/COLOR]" destinationPath="$(runtime.public)\Pictures\Sample Pictures\" sourceName="06Photo.jpg" sourcePath=".\" importPath="$(build.nttree)\Samples\" writeableType="systemData">
    <securityDescriptor name="#MutableFileDefaultSecurityDescriptor" />
    <asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2">
      <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
        <dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity" />
      </dsig:Transforms>
      <dsig:DigestMethod xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#sha256" />
      <dsig:DigestValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">uTUvJWUmAhnbcvwfyJYROibIWGa2nFDTlwxNn1zOgwo=</dsig:DigestValue>
    </asmv2:hash>
  </file>
  <file name="[COLOR="#0000FF"]Lighthouse.jpg[/COLOR]" destinationPath="$(runtime.public)\Pictures\Sample Pictures\" sourceName="07Photo.jpg" sourcePath=".\" importPath="$(build.nttree)\Samples\" writeableType="systemData">
    <securityDescriptor name="#MutableFileDefaultSecurityDescriptor" />
    <asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2">
      <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
        <dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity" />
      </dsig:Transforms>
      <dsig:DigestMethod xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#sha256" />
      <dsig:DigestValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">/4Y3LOQ1GdZ1uNjSnJjpzL6QXUALoFfIVE+gAfpNjnM=</dsig:DigestValue>
    </asmv2:hash>
  </file>
  <file name="[COLOR="#0000FF"]Penguins.jpg[/COLOR]" destinationPath="$(runtime.public)\Pictures\Sample Pictures\" sourceName="08Photo.jpg" sourcePath=".\" importPath="$(build.nttree)\Samples\" writeableType="systemData">
    <securityDescriptor name="#MutableFileDefaultSecurityDescriptor" />
    <asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2">
      <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
        <dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity" />
      </dsig:Transforms>
      <dsig:DigestMethod xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#sha256" />
      <dsig:DigestValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">flvdAjts8h7+QqjskLwZk/yFOYDUtWRojlrC0oxkIjw=</dsig:DigestValue>
    </asmv2:hash>
  </file>
  <file name="[COLOR="#0000FF"]desktop.ini[/COLOR]" destinationPath="$(runtime.public)\Pictures\Sample Pictures\" sourceName="PhotoSamplesDesktop.ini" sourcePath=".\" importPath="$(build.nttree)\Samples\" writeableType="systemData" attributes="hidden system">
    <securityDescriptor name="#DefaultAdminSd" />
    <asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2">
      <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
        <dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity" />
      </dsig:Transforms>
      <dsig:DigestMethod xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#sha256" />
      <dsig:DigestValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">TZAfYXxMhfMWlHeiSOGXRkuOMYCYxgIhVTtZPMqQvX0=</dsig:DigestValue>
    </asmv2:hash>
  </file>
  <file name="[COLOR="#0000FF"]SampleRes.dll[/COLOR]" destinationPath="$(runtime.system32)\" sourceName="SampleRes.dll" sourcePath=".\" importPath="$(build.nttree)\">
    <securityDescriptor name="WRP_FILE_DEFAULT_SDDL" />
    <asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2">
      <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
        <dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity" />
      </dsig:Transforms>
      <dsig:DigestMethod xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#sha256" />
      <dsig:DigestValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">nDTOnWgojy0XvhH5RjJtTESBVZyuqUhllmdE/uVsIv0=</dsig:DigestValue>
    </asmv2:hash>
  </file>
  <trustInfo>
    <security>
      <accessControl>
        <securityDescriptorDefinitions>
          <securityDescriptorDefinition name="#DefaultAdminSd" sddl="O:BAG:SYD:(A;;GA;;;BA)(A;;GA;;;SY)(A;;GRGX;;;BU)S:" operationHint="replace" />
          <securityDescriptorDefinition name="#MutableFileDefaultSecurityDescriptor" sddl="O:SYG:SYD:AIS:" operationHint="replace" />
          <securityDescriptorDefinition name="WRP_FILE_DEFAULT_SDDL" sddl="O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464G:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:P(A;;FA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;GRGX;;;BA)(A;;GRGX;;;SY)(A;;GRGX;;;BU)S:(AU;FASA;0x000D0116;;;WD)" operationHint="replace" description="Default SDDL for Windows Resource Protected file" />
        </securityDescriptorDefinitions>
      </accessControl>
    </security>
  </trustInfo>
  <localization>
    <resources culture="en-US">
      <stringTable>
        <string id="description1" value="Photo Samples" />
        <string id="displayName0" value="Photo Samples" />
      </stringTable>
    </resources>
  </localization>
</assembly>

This will show you how the contents of folder C:\Windows\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be\ is supposed to look. The main thing I would like you to look at is <file name= lines (all highlighted in blue), this will show you which files are supposed to be inside this certain component folder (The component folder found inside WinSxS). This is how SFC knows which files should be inside a folder.

The registry command I asked you to run before will also query the COMPONENTS registry hive. Each content of components folders found inside WinSxS and the manifest file will also have a mention inside the COMPONENTS registry hive to the following path: HKLM\COMPONENTS\DerivedData\Components\

Lets take a look at what this COMPONENT looks looks like for amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be:

Code: 
HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\[COLOR="#FF0000"]amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be[/COLOR]
    identity    REG_BINARY    4D6963726F736F66742D57696E646F77732D50686F746F53616D706C65732C2043756C747572653D6E65757472616C2C2056657273696F6E3D362E312E373630302E31363338352C205075626C69634B6579546F6B656E3D333162663338353661643336346533352C2050726F636573736F724172636869746563747572653D616D6436342C2076657273696F6E53636F70653D4E6F6E537853
    S256H    REG_BINARY    98D80A36E9287BA25FA6090F499F5095E5BF19B880C5ACBF2448028EEEE995E9
    c!microsoft-w..-deployment_31bf3856ad364e35_6.1.7600.16385_4fb0d9dc5c871e14    REG_BINARY    
    f![COLOR="#0000FF"]koala.jpg[/COLOR]    REG_BINARY    4B006F0061006C0061002E006A0070006700
    f!j[COLOR="#0000FF"]ellyfish.jpg[/COLOR]    REG_BINARY    4A0065006C006C00790066006900730068002E006A0070006700
    f![COLOR="#0000FF"]sampleres.dll [/COLOR]   REG_BINARY    530061006D0070006C0065005200650073002E0064006C006C00
    f![COLOR="#0000FF"]desktop.ini[/COLOR]    REG_BINARY    6400650073006B0074006F0070002E0069006E006900
    f![COLOR="#0000FF"]desert.jpg[/COLOR]    REG_BINARY    4400650073006500720074002E006A0070006700
    f![COLOR="#0000FF"]lighthouse.jpg[/COLOR]    REG_BINARY    4C00690067006800740068006F007500730065002E006A0070006700
    f![COLOR="#0000FF"]tulips.jpg[/COLOR]    REG_BINARY    540075006C006900700073002E006A0070006700
    f![COLOR="#0000FF"]chrysanthemum.jpg[/COLOR]    REG_BINARY    4300680072007900730061006E007400680065006D0075006D002E006A0070006700
    f![COLOR="#0000FF"]hydrangeas.jpg [/COLOR]   REG_BINARY    480079006400720061006E0067006500610073002E006A0070006700
    f![COLOR="#0000FF"]penguins.jpg [/COLOR]   REG_BINARY    500065006E006700750069006E0073002E006A0070006700
    c!microsoft-w..-deployment_31bf3856ad364e35_6.1.7601.17514_51e1eda45975a1ae    REG_BINARY

Do you notice how the part in red is the same as the manifest name and the folder name found inside C:\Windows\WinSxS? Everything is linked :)

As you can see in the above contents a bunch of registry keys starting with f!, all these keys represent all the file's that is supposed to live inside the component folder found in C:\Windows\WinSxS. If you open up this component inside WinSxS you should see all the files in blue inside this file.

If we go back to the original file I mentioned:
C:\Windows\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be\Hydrangeas.jpg.

How do we know that Hydrangeas.jpg is supposed to be inside WinSxS\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be?

Our manifest file: amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be.manifest
Shows:
Code: 
  <file name="[COLOR="#0000FF"]Hydrangeas.jpg[/COLOR]" destinationPath="$(runtime.public)\Pictures\Sample Pictures\" sourceName="03Photo.jpg" sourcePath=".\" importPath="$(build.nttree)\Samples\" writeableType="systemData">
    <securityDescriptor name="#MutableFileDefaultSecurityDescriptor" />
    <asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2">
      <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
        <dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity" />
      </dsig:Transforms>
      <dsig:DigestMethod xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#sha256" />
      <dsig:DigestValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">O5L+3ggPmw7JAq/FiDEZG1uMy69nMjUv16i0RdHp8L0=</dsig:DigestValue>
    </asmv2:hash>
  </file>

The COMPONENTS registry hive: HKLM\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be
shows:
Code: 
HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be

f![COLOR="#0000FF"]hydrangeas.jpg [/COLOR]   REG_BINARY    480079006400720061006E0067006500610073002E006A0070006700

From this information it is safe to say that hydrangeas.jpg is supposed to live inside: WinSxS\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be



Now if we take a look at the manifest which you provided to me earlier (wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9.manifest)
Code: 
<?xml version="1.0" encoding="UTF-8"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v3" manifestVersion="1.0" copyright="Copyright (c) Microsoft Corporation. All Rights Reserved.">
  <assemblyIdentity name="Microsoft-Windows-PhotoSamples" version="6.1.7600.16385" processorArchitecture="wow64" language="neutral" buildType="release" publicKeyToken="31bf3856ad364e35" versionScope="nonSxS" />
  <dependency discoverable="no" resourceType="Resources">
    <dependentAssembly>
      <assemblyIdentity name="Microsoft-Windows-PhotoSamples.Resources" version="6.1.7600.16385" processorArchitecture="x86" language="*" buildType="release" publicKeyToken="31bf3856ad364e35" />
    </dependentAssembly>
  </dependency>
  <file name="[COLOR="#0000FF"]SampleRes.dll[/COLOR]" destinationPath="$(runtime.system32)\" sourceName="SampleRes.dll" sourcePath=".\" importPath="$(build.nttree)\">
    <securityDescriptor name="WRP_FILE_DEFAULT_SDDL" />
    <asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2">
      <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
        <dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity" />
      </dsig:Transforms>
      <dsig:DigestMethod xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#sha256" />
      <dsig:DigestValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">e9B3Vo7O8OFLpeFtvQi+ezX2VoxDJvyPxYrt7H1lpfI=</dsig:DigestValue>
    </asmv2:hash>
  </file>
  <trustInfo>
    <security>
      <accessControl>
        <securityDescriptorDefinitions>
          <securityDescriptorDefinition name="#DefaultAdminSd" sddl="O:BAG:SYD:(A;;GA;;;BA)(A;;GA;;;SY)(A;;GRGX;;;BU)" operationHint="replace" />
          <securityDescriptorDefinition name="WRP_FILE_DEFAULT_SDDL" sddl="O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464G:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:P(A;;FA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;GRGX;;;BA)(A;;GRGX;;;SY)(A;;GRGX;;;BU)S:(AU;FASA;0x000D0116;;;WD)" operationHint="replace" description="Default SDDL for Windows Resource Protected file" />
        </securityDescriptorDefinitions>
      </accessControl>
    </security>
  </trustInfo>
  <localization>
    <resources culture="en-US">
      <stringTable>
        <string id="description1" value="Photo Samples" />
        <string id="displayName0" value="Photo Samples" />
      </stringTable>
    </resources>
  </localization>
</assembly>

The only file that is supposed to be inside wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9 is SampleRes.dll. If any of the following files were supposed to be inside this component folder, you would see the file name and attributes inside this manifest file.
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Koala.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Jellyfish.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\desktop.ini
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Desert.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Lighthouse.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Tulips.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Chrysanthemum.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Hydrangeas.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\Penguins.jpg

To double check we had a look at the registry component:

Code: 
HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\[COLOR="#FF0000"]wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9[/COLOR]
    identity    REG_BINARY    4D6963726F736F66742D57696E646F77732D50686F746F53616D706C65732C2043756C747572653D6E65757472616C2C2056657273696F6E3D362E312E373630302E31363338352C205075626C69634B6579546F6B656E3D333162663338353661643336346533352C2050726F636573736F724172636869746563747572653D776F7736342C2076657273696F6E53636F70653D4E6F6E537853
    S256H    REG_BINARY    9F66DD6987783E54935BCE045ED7A06F97E0D99B56FE6213BFE0B82E2BEC0451
    f![COLOR="#0000FF"]sampleres.dll[/COLOR]    REG_BINARY    530061006D0070006C0065005200650073002E0064006C006C00

Only one file is listed here just like the manifest file. With this information I believe it is safe to say that the above jpg files are not supposed to be inside wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9.



I hope this helps, let me know if you would like me to elaborate on anything else.

Hope you found this as interesting as I do!

Alex
 
Last edited:
Alex.

Thank you for the detailed explanation, and yes I'm very interested in understanding what is happening and why. I'm wondering, when one does a delete of any or all of these files, is it then reflected in all the above mentioned files and the corresponding registry hives? Could it be that when the files were deleted, somehow the system was interrupted and never finished clearing out the appropriate files and the registry hives? Could it be that the resultant residue is what the system is seeing as corrupted files?

Lastly, since we know these files aren't actually on the system anymore, and assuming that these traces shouldn't be there at all, can we manually remove there traces from the related files and registry hives? It seems like SFCFix.exe should perhaps have an added algorithm that queries the user when it sees traces of files that no longer exist but are registered by these files and the registry hives: "Have these files been purposely been erased by the user?" If the answer is yes, it could then remove all residue from the system, if no it would try to replace the files, or ask the user to replace them and run SFC.exe again to make the appropriate corrections.

Perhaps I'm being to simplistic in the face of a rather complicated situation, but I think you understand my intentions.

I await your instructions for any further action.


Many thanks,

Mark
 
Thank you for the detailed explanation, and yes I'm very interested in understanding what is happening and why. I'm wondering, when one does a delete of any or all of these files, is it then reflected in all the above mentioned files and the corresponding registry hives?
Click to expand...

No, if you go in and delete some files the manifest file and the registry will remain the same. The only way they could be changed is by going in and manually editing these entries.

Could it be that when the files were deleted, somehow the system was interrupted and never finished clearing out the appropriate files and the registry hives? Could it be that the resultant residue is what the system is seeing as corrupted files?
Click to expand...

This could be the case, but in your situation I dont believe this happened. One reason as to why I think this has not happened here is by this value:
Code: 
HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9
    identity    REG_BINARY    4D6963726F736F66742D57696E646F77732D50686F746F53616D706C65732C2043756C747572653D6E65757472616C2C2056657273696F6E3D362E312E373630302E31363338352C205075626C69634B6579546F6B656E3D333162663338353661643336346533352C2050726F636573736F724172636869746563747572653D776F7736342C2076657273696F6E53636F70653D4E6F6E537853
    [COLOR="#FF0000"]S256H    REG_BINARY    9F66DD6987783E54935BCE045ED7A06F97E0D99B56FE6213BFE0B82E2BEC0451[/COLOR]
    f!sampleres.dll    REG_BINARY    530061006D0070006C0065005200650073002E0064006C006C00

The S256H is a SHA (Secure Hash Algorithm) generation of the manifest file wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9, this is how the SFC can detected if the manifest is corrupt or if something has been modified. There is a very good description on SHA encryption here: SHA-2 - Wikipedia, the free encyclopedia, as you can see from the examples inside this link if you make one tiny change to a sentence (in this case a line inside the manifest file) it will completely change the whole algorithm.

When I looked at the manifest file you gave me (wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9) the SHA256 value matches the one of S256H registry value.

Lastly, since we know these files aren't actually on the system anymore, and assuming that these traces shouldn't be there at all, can we manually remove there traces from the related files and registry hives? It seems like SFCFix.exe should perhaps have an added algorithm that queries the user when it sees traces of files that no longer exist but are registered by these files and the registry hives: "Have these files been purposely been erased by the user?" If the answer is yes, it could then remove all residue from the system, if no it would try to replace the files, or ask the user to replace them and run SFC.exe again to make the appropriate corrections.
Click to expand...

There are no traces to remove :), all of these wow64 files are not actually listed anywhere. The only place that is generating them is SFCFix. The only file that should be inside wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9 is sampleres.dll. According to the manifest file and registry extract.

Alex
 
Alex,

OK. and indeed sampleres.dll is there. So are we saying that SFCFix.exe is the problem, perhaps a bug in its code? Again, an experiment may be in order. Are we saying that if any Windows 7 system that deleted one of the original files that were in the samples folders would in turn cause SFCFix.exe to report a corruption?

More importantly, ddoes this qualify as one of those instances to just ignore the results? Seems to me that with all the power the SFCFix.exe has it should be able to navigate this peculiarity and realize its own mistake. I guess that is a question for niemro.


Mark
 
OK. and indeed sampleres.dll is there. So are we saying that SFCFix.exe is the problem, perhaps a bug in its code? Again, an experiment may be in order. Are we saying that if any Windows 7 system that deleted one of the original files that were in the samples folders would in turn cause SFCFix.exe to report a corruption?
Click to expand...

Yep this is a detection issues, niemiro is looking into it now.

yep if you delete one of those files, run SFC /SCANNOW then run SFCFix it should show as a 'CORRUPT' file.

More importantly, ddoes this qualify as one of those instances to just ignore the results? Seems to me that with all the power the SFCFix.exe has it should be able to navigate this peculiarity and realize its own mistake. I guess that is a question for niemro.
Click to expand...

niemiro explain this to me before why it is like this and it makes sense.

This is what a file missing looks like inside the CBS.log report
Code: 
2015-01-17 16:27:59, Info                  CSI    0000038f [SR] Cannot repair member file [l:24{12}]"[COLOR="#FF0000"]Penguins.jpg[/COLOR]" of [COLOR="#FF0000"]Microsoft-Windows-PhotoSamples[/COLOR], Version = [COLOR="#FF0000"]6.1.7600.16385[/COLOR], pA = [COLOR="#FF0000"]PROCESSOR_ARCHITECTURE_AMD64[/COLOR] (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2015-01-17 16:27:59, Info                  CSI    00000390 [SR] This component was referenced by [l:242{121}]"Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.Microsoft-Windows-Client-Features-Update"

SFCFix has to some how regenerate the full paths, the majority of it can be determined by the values in red above. But what about the parts in blue?

Code: 
CORRUPT: C:\Windows\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_[COLOR="#0000FF"]f36e0e659b8042be[/COLOR]\Penguins.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_[COLOR="#0000FF"]fdc2b8b7cfe104b9[/COLOR]\Penguins.jpg

There is no way to generate these by manually looking at the results from the CBS.log. This where SFCFix has to has to make a logical assumption as to what these files paths could be. Then it is up to the helper on the other to know the difference :).

Alex
 
Go The Power said:
OK. and indeed sampleres.dll is there. So are we saying that SFCFix.exe is the problem, perhaps a bug in its code? Again, an experiment may be in order. Are we saying that if any Windows 7 system that deleted one of the original files that were in the samples folders would in turn cause SFCFix.exe to report a corruption?
Click to expand...

Yep this is a detection issues, niemiro is looking into it now.

yep if you delete one of those files, run SFC /SCANNOW then run SFCFix it should show as a 'CORRUPT' file.

More importantly, ddoes this qualify as one of those instances to just ignore the results? Seems to me that with all the power the SFCFix.exe has it should be able to navigate this peculiarity and realize its own mistake. I guess that is a question for niemro.
Click to expand...

niemiro explain this to me before why it is like this and it makes sense.

This is what a file missing looks like inside the CBS.log report
Code: 
2015-01-17 16:27:59, Info                  CSI    0000038f [SR] Cannot repair member file [l:24{12}]"[COLOR=#FF0000]Penguins.jpg[/COLOR]" of [COLOR=#FF0000]Microsoft-Windows-PhotoSamples[/COLOR], Version = [COLOR=#FF0000]6.1.7600.16385[/COLOR], pA = [COLOR=#FF0000]PROCESSOR_ARCHITECTURE_AMD64[/COLOR] (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2015-01-17 16:27:59, Info                  CSI    00000390 [SR] This component was referenced by [l:242{121}]"Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.Microsoft-Windows-Client-Features-Update"

SFCFix has to some how regenerate the full paths, the majority of it can be determined by the values in red above. But what about the parts in blue?

Code: 
CORRUPT: C:\Windows\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_[COLOR=#0000FF]f36e0e659b8042be[/COLOR]\Penguins.jpg
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_[COLOR=#0000FF]fdc2b8b7cfe104b9[/COLOR]\Penguins.jpg

There is no way to generate these by manually looking at the results from the CBS.log. This where SFCFix has to has to make a logical assumption as to what these files paths could be. Then it is up to the helper on the other to know the difference :).

Alex
Click to expand...
 
Alex,

Sorry about the repeat post #17, just ignore.

I ran a test on my other Win7 machine. First I scanned the computer with SFC.exe. It came up clean.

View attachment 10649
Then I ran SFCFix.txt and it found the 7 corrupted files in the CheckSur.log that we had repaired in another thread.

Code: 
FCFix version 2.4.1.0 by niemiro.
Start time: 2015-01-28 10:56:33.134
Not using a script file.

AutoAnalysis::
SUMMARY: Some corruptions could not be fixed automatically. Seek advice from helper or sysnative.com.
   CBS & SFC total detected corruption count:     0
   CBS & SFC total unimportant corruption count:  0
   CBS & SFC total fixed corruption count:        0
   SURT total detected corruption count:          7
   SURT total unimportant corruption count:       0
   SURT total fixed corruption count:             0
AutoAnalysis:: directive completed successfully.

Successfully processed all directives.
SFCFix version 2.4.1.0 by niemiro has completed.
Currently storing 0 datablocks.
Finish time: 2015-01-28 10:57:00.185
----------------------EOF-----------------------

Then I deleted the sample file Kalimba.mp3 but did not remove it from the Recycle Bin.

Then I cleared the CheckSur.log.
I ran the Windows Update Readiness Tool to repopulate the Checksur.log. Clean, code below.

Code: 
Checking System Update Readiness.
Binary Version 6.1.7601.22471
Package Version 26.0
2015-01-28 11:33


Checking Windows Servicing Packages


Checking Package Manifests and Catalogs


Checking Package Watchlist


Checking Component Watchlist


Checking Packages


Checking Component Store


Summary:
Seconds executed: 840
 No errors detected
Customer Experience report successfully uploaded.  Thank you for participating.  For more information, see the Microsoft Customer Experience Improvement Program on the Microsoft web site.



Ran SFCFix.exe again. Also clean.

Code: 
SFCFix version 2.4.1.0 by niemiro.
Start time: 2015-01-28 11:55:51.586
Not using a script file.

AutoAnalysis::
SUMMARY: No corruptions were detected.
AutoAnalysis:: directive completed successfully.

Successfully processed all directives.
SFCFix version 2.4.1.0 by niemiro has completed.
Currently storing 0 datablocks.
Finish time: 2015-01-28 11:56:11.195
----------------------EOF-----------------------

So it does not hold that SFCFix.exe will find an error when one of the sample files gets deleted, unless leaving it in the Recycle Bin makes a difference. I would be glad to run it again after removing from the Recycle Bin if you think this makes a difference. Unless I'm missing something, niemro might be on a wild file chase :)

I still contend that something unusual happened when the sample files were deleted on my laptop computer.
 
niemro has released a new update, it looks like the update should not falsely detect these wow64 files anymore.

SFCFix looks for errors within the CBS log and CheckSur. If the file is not showing as missing/corrupt inside these logs SFCFix wont look at it.

CheckSur doesnt scan all system files, not log SFC /SCANNOW. Can you please run a scan with SFC /SCANNOW and check inside the cbs log, is it reporting a missing file?

Alex
 
Alex,

I ran sfc /scannow on my laptop again and it came up clean.

2015-01-29_131641.jpg


There were a ton of warnings of this nature:
2015-01-29 11:10:40, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-29 11:10:40, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-29 11:10:40, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]

Enlighten me....:)

But there were no missing files or cannot repair errors. See complete CBS log file (CBS01-29-2015.log) here: http://1drv.ms/1ChI4FX

Are we going to run the new version of SFCFix.exe on my computer?

Many thanks as always,

Mark
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top