[SOLVED] SFC - windows resource protection cannot perform the requested operation

T

torsrex

Member
Joined
Nov 28, 2013
Posts
7
Hey,
One day when I tried to turn on my computer, it refused to boot untill I manually renamed winload~1.exe to winload.exe and replaced the old one, which seemed to have gotten corrupt. I tried running an sfc scan from the recovery console, but that got stuck on "Windows resource protection cannot perform the requested operation". I figured I should try to run a scan after I'd gotten my computer to boot, but it still keeps getting stuck at 9% and gives me this error message. I've attached the CBS.log file and the sfcdetails.txt file in the attached zip-file.
I'm running windows 7 64 bit enterprise.
Thank you in advance.
 

Attachments

The last errors in the SFC log are informative....
Code: 
2013-11-28 16:51:55, Info                  CSI    00000046 [SR] Cannot repair member file [l:30{15}]"winload.exe.mui" of Microsoft-Windows-BootEnvironment-OS-Loader.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture = [l:10{5}]"nb-NO", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked
2013-11-28 16:51:55, Info                  CSI    00000047 [SR] Cannot repair member file [l:34{17}]"winresume.exe.mui" of Microsoft-Windows-BootEnvironment-OS-Loader.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture = [l:10{5}]"nb-NO", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked
2013-11-28 16:51:55, Info                  CSI    00000048 [SR] Cannot repair member file [l:22{11}]"winload.exe" of Microsoft-Windows-BootEnvironment-OS-Loader, Version = 6.1.7601.17556, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked
2013-11-28 16:51:55, Info                  CSI    00000049 [SR] Cannot repair member file [l:26{13}]"winresume.exe" of Microsoft-Windows-BootEnvironment-OS-Loader, Version = 6.1.7601.17556, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked

'cannot be checked' means that the system didn't have sufficient permissions to be able to read the files concerned - I suspect hard drive problems.

Click on Start > All Programs > AccessoriesRight-click on the Command Prompt entry
Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

At the Command prompt, type

CHKDSK C: /R

and hit the Enter key.

You will be told that the drive is locked, and the CHKDSK will run at he next boot - hit the Y key, press
Enter, and then reboot.

The CHKDSK will take a few hours depending on the size of the drive,
so be patient!
After the CHKDSK has run, Windows should boot normally (possibly
after a second auto-reboot) -


then run the SFC again.
 
Thank you very much for your reply. I tried running sfc after having ran chkdsk /r from an elevated command prompt, but it still gets stuck at the same error message. I've attached the new CBS.log file.
I'm not sure if it'll be useful, considering this is a Norwegian system, but here's the output from chkdsk:
Code: 
Kontrollerer filsystem på C:
Filsystemtypen er NTFS.
Volumnavnet er OSDisk.


En diskkontroll er planlagt.
Windows kontrollerer nå disken.                         


CHKDSK bekrefter filer (trinn 1 av 5)...
  350976 filoppforinger behandlet.                                          Filkontroll er fullfort.
  3487 store filoppforinger behandlet.                                      0 skadede filoppforinger behandlet.                                        2 EA-oppforinger behandlet.                                              93 reanalyseringsoppforinger behandlet.                             CHKDSK bekrefter indekser (trinn 2 av 5)...
  469840 indeksoppforinger behandlet.                                         Indekskontroll er fullfort.
  0 ikke-indekserte filer skannet.                                           0 ikke-indekserte filer gjenopprettet.                             CHKDSK bekrefter sikkerhetsbeskriveren (trinn 3 av 5)...
  350976 SDer/SIDer for fil behandlet.                                         Rydder opp i 102 ubrukte indeksoppforinger fra indeks $SII for filen 0x9.
Rydder opp i 102 ubrukte indeksoppforinger fra indeks $SDH for filen 0x9.
Rydder opp i 102 ubrukte sikkerhetsbeskrivelser.
Kontrollen av sikkerhetsbeskriveren er ferdig.
  59433 datafiler behandlet.                                            CHKDSK kontrollerer Usn-loggen...
  33860472 USN-byte behandlet.                                             Kontroll av Usn-logg er fullfort.
CHKDSK kontrollerer fildata (trinn 4 av 5)...
  350960 filer behandlet.                                                 Kontroll av fildata er ferdig.
CHKDSK kontrollerer ledig plass (trinn 5 av 5)...
  18001159 ledige klynger er behandlet.                                         Ferdig med kontroll av ledig plass.
Filsystemet er kontrollert. Ingen problemer ble funnet.


 312056831 kB total diskplass.
 239423416 kB i 280273 filer.
    167464 kB in 59434 indekser.
        16 kB i skadede sektorer.
    461299 kB brukes av systemet.
     65536 kB opptas av loggfilen.
  72004636 kB tilgjengelig på disk.


      4096 byte i hver tildelingsenhet.
  78014207 totale tildelingsenheter på disken.
  18001159 tildelingsenheter tilgjengelig på disken.


Intern informasjon:
00 5b 05 00 f6 2e 05 00 58 4f 09 00 00 00 00 00  .[......XO......
22 06 00 00 5d 00 00 00 00 00 00 00 00 00 00 00  "...]...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................


Kontrollen av disken er fullfort.
Vent mens maskinen startes på nytt.
 

Attachments

You have four 'bad sectors' (4kB each) showing in your hard drive - back up your data to external media before doing anything else.
There's a distinct possibility that the hard drive will fail soon!

The SFC still fails very early in the scan
Code: 
POQ 12 ends.
2013-11-29 18:32:08, Info                  CSI    00000043 [SR] Verify complete
2013-11-29 18:32:08, Info                  CSI    00000044 [SR] Verifying 100 (0x0000000000000064) components
2013-11-29 18:32:08, Info                  CSI    00000045 [SR] Beginning Verify and Repair transaction
2013-11-29 18:32:10, Info                  CSI    00000046 [SR] Cannot repair member file [l:30{15}]"winload.exe.mui" of Microsoft-Windows-BootEnvironment-OS-Loader.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture = [l:10{5}]"nb-NO", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked
2013-11-29 18:32:10, Info                  CSI    00000047 [SR] Cannot repair member file [l:34{17}]"winresume.exe.mui" of Microsoft-Windows-BootEnvironment-OS-Loader.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture = [l:10{5}]"nb-NO", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked
2013-11-29 18:32:10, Info                  CSI    00000048 [SR] Cannot repair member file [l:22{11}]"winload.exe" of Microsoft-Windows-BootEnvironment-OS-Loader, Version = 6.1.7601.17556, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked
2013-11-29 18:32:10, Info                  CSI    00000049 [SR] Cannot repair member file [l:26{13}]"winresume.exe" of Microsoft-Windows-BootEnvironment-OS-Loader, Version = 6.1.7601.17556, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked
2013-11-29 18:32:11, Info                  CSI    0000004a Ignoring duplicate ownership for directory [l:64{32}]"\??\C:\Windows\Branding\Shellbrd" in component Microsoft-Windows-Branding-Shell-Enterprise, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
2013-11-29 18:32:11, Info                  CSI    0000004b Ignoring duplicate ownership for directory [l:62{31}]"\??\C:\Windows\Branding\Basebrd" in component Microsoft-Windows-Branding-Base-Enterprise, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
2013-11-29 18:32:11, Error                 CSI    0000004c (F) STATUS_ACCESS_DENIED #976388# from Windows::Rtl::SystemImplementation::DirectFileSystemProvider::SysCreateFile(flags = (AllowFileNotFound), handle = {provider=NULL, handle=0}, da = (FILE_GENERIC_READ), oa = @0xf2cc50->OBJECT_ATTRIBUTES {s:48; rd:NULL; on:[131]"\SystemRoot\WinSxS\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb\winload.exe"; a:(OBJ_CASE_INSENSITIVE)}, iosb = @0xf2cd00, as = (null), fa = 0, sa = (FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE), cd = FILE_OPEN, co = (FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT), eab = NULL, eal = 0, disp = Invalid)
[gle=0xd0000022]
2013-11-29 18:32:11, Error                 CSI    [EMAIL="0000004d@2013/11/29:17:32:11.358"]0000004d@2013/11/29:17:32:11.358[/EMAIL] (F) d:\win7sp1_gdr\base\wcp\sil\merged\ntu\ntsystem.cpp(2057): Error STATUS_ACCESS_DENIED originated in function Windows::Rtl::SystemImplementation::DirectFileSystemProvider::SysCreateFile expression: (null)
[gle=0x80004005]
2013-11-29 18:32:12, Error                 CSI    0000004e (F) STATUS_ACCESS_DENIED #976387# from Windows::Rtl::SystemImplementation::CDirectory::OpenExistingFile(...)[gle=0xd0000022]
2013-11-29 18:32:12, Error                 CSI    0000004f (F) STATUS_ACCESS_DENIED #976386# from Windows::Rtl::SystemImplementation::CDirectory_IRtlDirectoryTearoff::OpenExistingFile(flags = (MissingFileIsOk), da = (FILE_GENERIC_READ), oa = @0xf2d280->SIL_OBJECT_ATTRIBUTES {s:40; on:"winload.exe"; a:(OBJ_CASE_INSENSITIVE)}, sa = (FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE), oo = (FILE_SYNCHRONOUS_IO_NONALERT|FILE_NON_DIRECTORY_FILE), file = NULL, disp = Invalid)
[gle=0xd0000022]
2013-11-29 18:32:12, Error                 CSI    00000050 (F) STATUS_ACCESS_DENIED #975718# from PrimitiveInstaller::CCoordinator::RepairComponent(Component = Microsoft-Windows-BootEnvironment-OS-Loader, Version = 6.1.7601.17556, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral)[gle=0xd0000022]

I think your best solution is to replace the hard drive and do a clean install into the new drive.
 
I'm currently backing up all of my important files to an external drive as I'm typing this, I'm glad I ran chkdsk and got to know this, before my harddrive failed and I'd lost all of my files!
Isn't there anything else I currently can do to fix those errors that doesn't mean reinstalling the system? Would I be able to continue using this system with these errors, till I'm able to get a new harddrive (won't be able to at least for the following month or two)?
 
We can see if repairing the known file errors, and see if they allow SFC to complete.
It's very difficult to know what the likelihood of the drive failing in a month or two are - it depends a lot on what caused the known failures in the first place.
If it's 'wear and tear' then the damage may take a long time to escalate to the point where it becomes annoying. On the other hand, if the problem was caused by, say, dropping the machine/drive, then it could fall to pieces tonight.

I'll post a fix for the known problems a little later, and we'll see how it goes.
 
I just realised - I don't have access to a Norwegian Win7 disk :(
This means that I can't supply two of the replacement files. Do you have either a Windows 7 install disk, or another PC handy to copy them from?

I've uploaded a file - tsxaa.zip - to my SkyDrive at Noel's SkyDrive

Please download and save it.


Right-click on the saved file and select Extract all...

Change the target to C:\ and click on Extract

Close all windows (it would be a good idea to print these instructions!)

Now reboot to the Repair Environment - as soon as the machine restarts, start tapping F8 - this should bring up the Advanced Boot Menu, at the top of which
should be the option 'Repair my Computer'

Pick that

You'll have to log in with your username and password.

Pick the option to use a Command Prompt

At the prompt type

DIR C:\tsxaa

hit the enter key - if you get a 'Not Found' error try

DIR D:\tsxaa

or

DIR E:\tsxaa

The drive letter in use when you find the folder will need to be substituted (for<drive>) into the following
command...

XCOPY <drive>:\tsxaa <drive>:\windows\winsxs /y /i /s /v /h

(e.g. XCOPY P:\wfire P:\windows\winsxs /y /i /s /v /h )

run the command (it should take almost no time)and when the prompt returns, type

EXIT

and hit the Enter key to exit Command Prompt - reboot to Normal Mode Windows.

Now run SFC /SCANNOW in an Elevated Command Prompt

then reboot and upload the new CBS.log file to your reply


Also run a new MGADiag report, and post the result.


 
Thank you very much for your assistance so far,
I do have another pc running win 7 64 bit ultimate and on monday I'll gain access to a win 7 64 bit enterprise disk.

I followed your instructions, but as I type the "xcopy" command, it lists "something\winload.efi" and "something\winload.exe" followed by "Access denied" on a new line.
I've attached the new CBS.log file and here's the output from MGADiag:

Code: 
Diagnostic Report (1.9.0027.0):-----------------------------------------
Windows Validation Data-->


Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-2VJC9-XBBR8-HVTHH
Windows Product Key Hash: k/l/EMDQdwK9OvdCkPtHG1YdosE=
Windows Product ID: 00392-918-5000002-85373
Windows Product ID Type: 1
Windows License Type: KMS Client
Windows OS version: 6.1.7601.2.00010100.1.0.004
ID: {3B63905D-CBB6-4A6A-BA85-7D0C30E529C6}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Enterprise
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130828-1532
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A


Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002


Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002


OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002


OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3


Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed


File Scan Data-->


Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{3B63905D-CBB6-4A6A-BA85-7D0C30E529C6}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.004</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-HVTHH</PKey><PID>00392-918-5000002-85373</PID><PIDType>1</PIDType><SID>S-1-5-21-3688673209-1298188048-503887243</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP ProBook 4330s</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>68SRR Ver. F.23</Version><SMBIOSVersion major="2" minor="6"/><Date>20120309000000.000000+000</Date></BIOS><HWID>B4EF0100018400FE</HWID><UserLCID>0414</UserLCID><SystemLCID>0414</SystemLCID><TimeZone>Vest-Europa (normaltid)(GMT+01:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  


Spsys.log Content: 0x80070002


Licensing Data-->
Versjon av Software Licensing-tjeneste: 6.1.7601.17514


Navn: Windows(R) 7, Enterprise edition
Beskrivelse: Windows Operating System - Windows(R) 7, VOLUME_KMSCLIENT channel
Aktiverings-ID: ae2ee509-1b34-41c0-acb7-6d4650168915
Program-ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Utvidet PID: 00392-00170-918-500000-03-2068-7601.0000-3252012
Installasjons-ID: 007215189031334375032701953782136743648643055986654331
Delvis produktnøkkel: HVTHH
Lisensstatus: Lisensiert
Volumaktiveringsutløp: 251040 minutt(er) (174 dag(er))
Antall gjenværende Windows-rearmeringer: 1
Klarert tid: 01.12.2013 03:44:21


Informasjon om klient med tjenesten Key Management (KMS)
    Klientmaskin-ID (CMID): bf095257-b40d-4b14-bec0-d6f597a1f8b7
    KMS-maskinnavn fra DNS: ped-15dc.hfk.vgs.no:1688
    Utvidet PID for KMS-maskin: 55041-00206-271-140282-03-1044-7601.0000-2952013
    Aktiveringsintervall: 120 minutter
    Fornyelsesintervall: 10080 minutter
    KMS-vertsbufring er aktivert


Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 9:6:2013 01:10
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:




HWID Data-->
HWID Hash Current: LAAAAAAAAgABAAEAAAABAAAAAgABAAEA6GGweCiteDQaiVAqZuj2evQYLnM=


OEM Activation 1.0 Data-->
N/A


OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information: 
  ACPI Table Name    OEMID Value    OEMTableID Value
  APIC            HPQOEM        167E    
  FACP            HPQOEM        167E    
  HPET            HPQOEM        167E    
  MCFG            HPQOEM        167E    
  ASF!            HPQOEM        167E    
  SSDT            HPQOEM        SataAhci
  SSDT            HPQOEM        SataAhci
  SLIC            HPQOEM        SLIC-MPC
  SSDT            HPQOEM        SataAhci
  SSDT            HPQOEM        SataAhci
 

Attachments

Reinstalled the system, and the sfc scan now doesn't give any errors. I'll hopefully be able to replace the disk really soon, as I do not trust it at the moment. Thank you very much for all the help you've provided NoeIDP.
 
This sound like permissions on the winsxs folder may be screwed :( - or you didn't run the commands from the Repair Environment?

The license here appears to be a Volume KMS license - you should check with your System Admin about access rights, as you may have limited rights to do anything at all.

Please run the following command, and post the results.


ICACLS C:\Windows\winsxs


also...
Please download and save the CheckSUR tool from Use System Update Readiness tool to fix package corruption errors
(you'll need to look in the details for Windows 7, downloading from the Microsoft Download Center)

Run it - The tool can take anywhere from 5 mins to a couple of hours to run (or 'Install') depending on how much it has to do, and may exit silently - it may appear to freeze for most of that time, but be patient.
The result is logged in the C:\Windows\Logs\CBS\CheckSUR.log file - and an archive …\checksur.persist.log file

Then zip the CheckSUR.log and upload it to your SkyDrive Public folder so I can take a look - post a link in your reply.
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top