Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Corrupted System File SFC Can't Fix

01 Aug 2014   #31
tjg79

Windows 7 Professional x64 SP1
 
 

I got an additional pop-up pertaining to my alleged fake Windows 7 while I running the SURT that could be an issue with the SURT. A screen shot is posted below.

Corrupted System File SFC Can't Fix-act-6.jpg




My System SpecsSystem Spec
.
01 Aug 2014   #32
tjg79

Windows 7 Professional x64 SP1
 
 

When I ran the SURT the first time with the "Victim of Software Counterfeiting" pop-up, my Windows desktop changed to a black theme. I cleared the "Victim of Software Counterfeiting" pop-up and then got an icon in my notification area that my time on activation had run out. I clicked that icon and the system indicated that the activation was successful. I rebooted and ran the SURT again this time without the "Victim of Software Counterfeiting" pop-up. The SURT loaded a hot fix without errors. I ran "sfc /scannow" and the issue was not resolved.

Attached is the CBS.log file (compressed).

Attachment 327744
My System SpecsSystem Spec
01 Aug 2014   #33
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Copy all of the commands in the code box and paste the whole bunch into an elevated command prompt window
Cmd Paste = Right click

All commands will execute, except perhaps that last one - just hit enter to make sure everything launched.

Code:
DIR C:\Windows\slui.exe /s
ICACLS C:\Windows\System32\slui.exe

REG QUERY HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S 
REG QUERY HKLM\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S 
REG QUERY HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S 

ICACLS C:\Windows\System32\sppsvc.exe
ICACLS C:\Windows\System32\en-US\sppsvc.exe.mui
DIR C:\windows\sppsvc.* /S
REG QUERY HKU
REG QUERY HKU\S-1-5-20
DIR %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform
ICACLS %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

Did you try the troubleshooting tab on the window in this pic?

Did SURT end or did it complete?
Look in Windows\Logs\CBS - is there a Checksur.log?

Post it if there is. Thanks.

I think you're running up against what Noel pointed out - slui corruption needs to be resolved first.

The output from the commands prompt will give more information to get to that point.

Noel is the best at this but he's working an issue on his own machine. Golden is also no slacker. It takes me longer to find the next step because I don't focus on these issues and my knowledge is really old. So it takes a while to fire up those dormant brain cells.

Thanks for your patience and some really good feedback.

Bill
.
My System SpecsSystem Spec
.

01 Aug 2014   #34
tjg79

Windows 7 Professional x64 SP1
 
 

Quote   Quote: Originally Posted by Slartybart View Post
Copy all of the commands in the code box and paste the whole bunch into an elevated command prompt window
Cmd Paste = Right click

All commands will execute, except perhaps that last one - just hit enter to make sure everything launched.

Code:
DIR C:\Windows\slui.exe /s
ICACLS C:\Windows\System32\slui.exe
 
REG QUERY HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S 
REG QUERY HKLM\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S 
REG QUERY HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S 
 
ICACLS C:\Windows\System32\sppsvc.exe
ICACLS C:\Windows\System32\en-US\sppsvc.exe.mui
DIR C:\windows\sppsvc.* /S
REG QUERY HKU
REG QUERY HKU\S-1-5-20
DIR %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform
ICACLS %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

Did you try the troubleshooting tab on the window in this pic?

Did SURT end or did it complete?
Look in Windows\Logs\CBS - is there a Checksur.log?

Post it if there is. Thanks.

I think you're running up against what Noel pointed out - slui corruption needs to be resolved first.

The output from the commands prompt will give more information to get to that point.

Noel is the best at this but he's working an issue on his own machine. Golden is also no slacker. It takes me longer to find the next step because I don't focus on these issues and my knowledge is really old. So it takes a while to fire up those dormant brain cells.

Thanks for your patience and some really good feedback.

Bill
.

I can't recall exactly, but I believe I clicked on the troubleshooting tab and it didn't offer anything substantial. I ended up calling the number which connected me to MGA and they in turn patched the call to MS Support after I explained what was going on.

Yes, the SURT completed without any errors. I've attached the additional logs files below.

I'm going to go through all the posts on this thread and answer all the questions and add some additional information.

Thanks for the support.

Regards

CheckSUR.zip

CheckSUR.persist.zip

DeepClean.zip


My System SpecsSystem Spec
01 Aug 2014   #35
tjg79

Windows 7 Professional x64 SP1
 
 

Quote   Quote: Originally Posted by Slartybart View Post
@Jack: I don't think Raid 5 would cause this type of issue. But it did occur to me that part of the allure to having raid was redundancy. I might come back to that.

@tgj: Please check that the Software Protection service is set to automatic (delay start)

Open an elevated command prompt and type the following

Code:
DIR C:\Windows\slui.exe /s
ICACLS C:\Windows\System32\slui.exe
 
REG QUERY HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S 
REG QUERY HKLM\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S 
REG QUERY HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S 
 
ICACLS C:\Windows\System32\sppsvc.exe
ICACLS C:\Windows\System32\en-US\sppsvc.exe.mui
DIR C:\windows\sppsvc.* /S
REG QUERY HKU
REG QUERY HKU\S-1-5-20
DIR %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform
ICACLS %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
Post the results of the commands - You can copy the commands and paste them in command prompt (right click the command prompt title bar, select edit, select paste). To copy the ouput, drag the mouse across all of the text and press enter, then paste the clipboard in your post.
[code]
--> paste the output between the code tags
[/code]
There might be more after I see the output .... still investigating how your system is now.

See if there is a restore point before 'MS' got on your system - don't do anything yet, just see if one is available.
Here is the result of those commands in the CMD prompt window:

Code:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.
C:\Windows\system32>DIR C:\Windows\slui.exe /s
 Volume in drive C is Windows 7 Pro x64
 Volume Serial Number is 983E-9BB2
 Directory of C:\Windows\System32
20-Nov-10  23:24           349,696 slui.exe
               1 File(s)        349,696 bytes
 Directory of C:\Windows\winsxs\amd64_microsoft-windows-security-spp-ux_31bf3856
ad364e35_6.1.7601.17514_none_b9e7a42ab571bbb9
20-Nov-10  23:24           349,696 slui.exe
               1 File(s)        349,696 bytes
     Total Files Listed:
               2 File(s)        699,392 bytes
               0 Dir(s)  145,069,395,968 bytes free
C:\Windows\system32>ICACLS C:\Windows\System32\slui.exe
C:\Windows\System32\slui.exe NT SERVICE\TrustedInstaller:(F)
                             BUILTIN\Administrators:(RX)
                             NT AUTHORITY\SYSTEM:(RX)
                             BUILTIN\Users:(RX)
Successfully processed 1 files; Failed processing 0 files
C:\Windows\system32>
C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE57495
7-4077-4AD6-8658-327C2C86C5AA} /S
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE574957-4077-4AD6-8658
-327C2C86C5AA}\1.0
    (Default)    REG_SZ    SPPUI 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE574957-4077-4AD6-8658
-327C2C86C5AA}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE574957-4077-4AD6-8658
-327C2C86C5AA}\1.0\0\win32
    (Default)    REG_EXPAND_SZ    %SystemRoot%\System32\slui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE574957-4077-4AD6-8658
-327C2C86C5AA}\1.0\FLAGS
    (Default)    REG_SZ    0
 
C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-
8658-327C2C86C5AA} /S
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5A
A}\1.0
    (Default)    REG_SZ    SPPUI 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5A
A}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5A
A}\1.0\0\win32
    (Default)    REG_EXPAND_SZ    %SystemRoot%\System32\slui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5A
A}\1.0\FLAGS
    (Default)    REG_SZ    0
 
C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE57495
7-4077-4AD6-8658-327C2C86C5AA} /S
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE574957-4077-4AD6-8658
-327C2C86C5AA}\1.0
    (Default)    REG_SZ    SPPUI 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE574957-4077-4AD6-8658
-327C2C86C5AA}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE574957-4077-4AD6-8658
-327C2C86C5AA}\1.0\0\win32
    (Default)    REG_EXPAND_SZ    %SystemRoot%\System32\slui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE574957-4077-4AD6-8658
-327C2C86C5AA}\1.0\FLAGS
    (Default)    REG_SZ    0
 
C:\Windows\system32>
C:\Windows\system32>ICACLS C:\Windows\System32\sppsvc.exe
C:\Windows\System32\sppsvc.exe NT SERVICE\TrustedInstaller:(F)
                               BUILTIN\Administrators:(RX)
                               NT AUTHORITY\SYSTEM:(RX)
                               BUILTIN\Users:(RX)
Successfully processed 1 files; Failed processing 0 files
C:\Windows\system32>ICACLS C:\Windows\System32\en-US\sppsvc.exe.mui
C:\Windows\System32\en-US\sppsvc.exe.mui NT SERVICE\TrustedInstaller:(F)
                                         BUILTIN\Administrators:(RX)
                                         NT AUTHORITY\SYSTEM:(RX)
                                         BUILTIN\Users:(RX)
Successfully processed 1 files; Failed processing 0 files
C:\Windows\system32>DIR C:\windows\sppsvc.* /S
 Volume in drive C is Windows 7 Pro x64
 Volume Serial Number is 983E-9BB2
 Directory of C:\windows\Prefetch
01-Aug-14  12:55            19,842 SPPSVC.EXE-B0F8131B.pf
               1 File(s)         19,842 bytes
 Directory of C:\windows\System32
20-Nov-10  23:23         3,524,608 sppsvc.exe
               1 File(s)      3,524,608 bytes
 Directory of C:\windows\System32\en-US
12-Apr-11  04:17            18,944 sppsvc.exe.mui
               1 File(s)         18,944 bytes
 Directory of C:\windows\winsxs\amd64_microsoft-windows-security-spp.resources_3
1bf3856ad364e35_6.1.7600.16385_en-us_f8bce8b9508ba1f6
12-Apr-11  04:17            18,944 sppsvc.exe.mui
               1 File(s)         18,944 bytes
 Directory of C:\windows\winsxs\amd64_microsoft-windows-security-spp_31bf3856ad3
64e35_6.1.7601.17514_none_78875ce737927d27
20-Nov-10  23:23         3,524,608 sppsvc.exe
               1 File(s)      3,524,608 bytes
     Total Files Listed:
               5 File(s)      7,106,946 bytes
               0 Dir(s)  145,069,371,392 bytes free
C:\Windows\system32>REG QUERY HKU
HKEY_USERS\.DEFAULT
HKEY_USERS\S-1-5-19
HKEY_USERS\S-1-5-20
HKEY_USERS\S-1-5-21-764048772-141219837-185285450-1000
HKEY_USERS\S-1-5-21-764048772-141219837-185285450-1000_Classes
HKEY_USERS\S-1-5-18
C:\Windows\system32>REG QUERY HKU\S-1-5-20
HKEY_USERS\S-1-5-20\AppEvents
HKEY_USERS\S-1-5-20\Console
HKEY_USERS\S-1-5-20\Control Panel
HKEY_USERS\S-1-5-20\Environment
HKEY_USERS\S-1-5-20\EUDC
HKEY_USERS\S-1-5-20\Keyboard Layout
HKEY_USERS\S-1-5-20\Network
HKEY_USERS\S-1-5-20\Printers
HKEY_USERS\S-1-5-20\Software
HKEY_USERS\S-1-5-20\System
C:\Windows\system32>DIR %windir%\ServiceProfiles\NetworkService\AppData\Roaming\
Microsoft\SoftwareProtectionPlatform
 Volume in drive C is Windows 7 Pro x64
 Volume Serial Number is 983E-9BB2
 Directory of C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsof
t\SoftwareProtectionPlatform
01-Aug-14  12:33    <DIR>          .
01-Aug-14  12:33    <DIR>          ..
14-Jul-09  00:46    <DIR>          Cache
31-Jul-14  10:00         7,520,374 tokens.bar
01-Aug-14  12:33         4,823,712 tokens.dat
               2 File(s)     12,344,086 bytes
               3 Dir(s)  145,069,371,392 bytes free
C:\Windows\system32>ICACLS %windir%\ServiceProfiles\NetworkService\AppData\Roami
ng\Microsoft\SoftwareProtectionPlatform\tokens.dat
After my fourth call with MS Support which left me with system file checker issues, I attempted to fix it by restoring my system to a restore point just before my contact with MS Support. The restore was successful, but it didn't resolve the system file checker issue.

After that I tried to read the CBS.log but got an access denied. That's when I came to this forum and posted my first thread related to that issue which I later resolved and then became aware of the corrupted slui.exe issue which is the reason I started this thread.

Original Thread:

System File Checker Errors - CBS.log


Do you see anything interesting in that CMD Prompt window output?

Regards
My System SpecsSystem Spec
01 Aug 2014   #36
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

It will take me a bit to check the output against expected norms.

The last command didn't seem to execute, could you run this in an elevated command prompt

ICACLS %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens. dat

and post the output?

Thanks.
My System SpecsSystem Spec
01 Aug 2014   #37
tjg79

Windows 7 Professional x64 SP1
 
 

Quote   Quote: Originally Posted by Slartybart View Post
It will take me a bit to check the output against expected norms.

The last command didn't seem to execute, could you run this in an elevated command prompt

ICACLS %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens. dat

and post the output?

Thanks.
Code:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.
C:\Windows\system32>ICACLS %windir%\ServiceProfiles\NetworkService\AppData\Roami
ng\Microsoft\SoftwareProtectionPlatform\tokens. dat
Invalid parameter "dat"
C:\Windows\system32>ICACLS %windir%\ServiceProfiles\NetworkService\AppData\Roami
ng\Microsoft\SoftwareProtectionPlatform\tokens.dat
C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProt
ectionPlatform\tokens.dat NT AUTHORITY\SYSTEM:(I)(F)
                          BUILTIN\Administrators:(I)(F)
                          NT AUTHORITY\NETWORK SERVICE:(I)(F)
Successfully processed 1 files; Failed processing 0 files
C:\Windows\system32>
My System SpecsSystem Spec
01 Aug 2014   #38
tjg79

Windows 7 Professional x64 SP1
 
 

Quote   Quote: Originally Posted by Slartybart View Post
I'm confused:
System File Checker Errors - CBS.log

Maybe you're looking at this the wrong way.

See if a quick malware scan shows up anything: herdProtect: Malware Detection
You don't need to analyze the output, please post a screen shot of the Scan results (if there are lots, just post the log in step 8.

Attached is the result of the Herdprotect scan:

Corrupted System File SFC Can't Fix-herdprotect-results.jpg

Is this an issue?


My System SpecsSystem Spec
01 Aug 2014   #39
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

mpdrm files seem ok, they are most likely part of ClamAV, a free AV application - do you have that installed?

A lot of Open Source programs get flagged, so you have to check.

Only a few of the lower tier engines flagged it. You can leave all 3 it in place.
My System SpecsSystem Spec
01 Aug 2014   #40
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Ok slui looks good, one down.

I reviewed the thread and I got a bit confused (easily done) - the order is out of sync a bit.

Please run another MGAdiag to bring me back in sync.
Windows Genuine and Activation Issue Posting Instructions

I don't think anything has miraculously changed, but I need to verify the status after the license store was recreated.
My System SpecsSystem Spec
Reply

 Corrupted System File SFC Can't Fix




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Corrupted CBS.log File
Hello good people, I had started a post in Drivers as my main issue was a disappearing Ralink WiFi Adapter and thought it too be a deeper issue. Here is that forum: http://www.sevenforums.com/network-sharing/306691-ralink-rt5390-wifi-adapter-continuously-uninstalling.html#post2548468. Thanks...
General Discussion
WLMP Corrupted File
So, I recorded some footage with Fraps, opened each file in WLMP and Saved Project. Tried to open it in Windows Live Movie Maker and it wouldn't work. These are quite valuable so if anyone can help I would really appreciate it: I have each file in a zip file: Clips.zip I deleted each...
Music, Pictures & Video
Damaged/Corrupted system file - worth reformatting?
Hi guys when I ran sfc scan recently it found a problem that can't be repaired (I've run the scan numerous times). upon checking sfc details, this appears to be the problem. Cannot repair member file "PINTLGB.IMD" of Microsoft-Windows-IME-Simplified-Chinese-Core, Version = 6.1.7601.17514, ...
General Discussion
Corrupted .zip file
I've just downloaded a .pdf email attachment (inside a .zip file). When I open it, a notification appears, saying that the attachment is corrupted. Does this mean that the email attachment contains a virus/malware? If it does not, how can I fix the attachment? Thanks!
General Discussion
Corrupted file system after CHKDSK
Hi, I need some help! I have an Acer Aspire 5734Z with Windows 7 Home Premium 64-bit installed and ever since I got my computer I've been having trouble starting Windows normally. Like many time before, a week ago my computer started again freezing at the Windows logo every time I put it on....
Performance & Maintenance
Missing/Corrupted hal.dll file.
Howdy all, I started up my computer around an hour ago and found the following message; "The file system32/hal.dll is missing or corrupt. Please re-install the file." So, at a loss as I'm not a Tech-person in any yway, I turned to the internet and found, after several XP posts, some to do...
Installation & Setup


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 02:37.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App