Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: sfc /scannow always find corrupt file and repaired it after 3~

09 Sep 2015   #11
SolidLove

windows 7 x64
 
 

I do disable my Internet Explorer through registry If I'm not mistaken. Few minutes googling will let you know how.
Maybe that's why the three IE files is there?


My System SpecsSystem Spec
.
09 Sep 2015   #12
NoelDP

Microsoft Community Contributor Award Recipient

Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
 
 

I think the first step is to stop the attempt to replace the files at every boot, which appears to be happening here...

This is the command to run when booted offline at a recovery command prompt

Reboot the computer, and tap the F8 key until you get the advanced boot menu up - one option should be 'Repair your computer'. Pick that one.

Log into your normal account.
You'll get a set of options - pick the Command Prompt one.
run the following command:

dism.exe /image:C:\ /cleanup-image /revertpendingactions

This is supposed to revert all pended updates, (note - you may need to change the driver letter to get it to work!)

once complete, boot back to normal mode Windows.
My System SpecsSystem Spec
09 Sep 2015   #13
NoelDP

Microsoft Community Contributor Award Recipient

Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
 
 

From the look of the windowsupdate.log file, it seems that
1) you have Windows Update turned off completely
2) your system is being restored at every boot.

It's the second one that worries me - as it probably indicates fairly massive corruption.

Let's have a look at the event logs...

Open Event Viewer
click on the Windows logs entry in the left pane to expand it.
Now click on the Application entry - wait while it loads.
Click on 'File' in the menu bar and select Save...
Save the file as Appevt.evtx
Repeat for the System log
then zip both, and upload them.
My System SpecsSystem Spec
.

09 Sep 2015   #14
SolidLove

windows 7 x64
 
 

Yeah I do turn off windows update completely.

I'm not yet do the recovery command prompt thing because I'm not sure what do yo mean by changing my drive letter,
is it changing the letter C in the command?
Is it changing my drive letter C after executing the command and boot normally? If so is it permanently from that point forward my system drive should not be letter C again?

Thanks for your help here is the evtx files app and system


Attached Files
File Type: rar Fix My Com.rar (3.28 MB, 1 views)
My System SpecsSystem Spec
09 Sep 2015   #15
NoelDP

Microsoft Community Contributor Award Recipient

Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
 
 

Hmm - you never mentioned that you are in fact also getting a non-genuine notification? (or, at least, you should be!)

Please post an MGADiag report...

I need to see a full copy of the report produced by the MGADiag tool
(download and save to desktop - http://go.microsoft.com/fwlink/?linkid=52012 )
Once saved, run the tool.
Click on the Continue button, which will produce the report.
To copy the report to your response, click on the Copy button in the tool (ignore any error messages at this point), and then paste (using either r-click/Paste, or Ctrl+V ) into your response.x

Please also state the Version and Edition of Windows quoted on your COA sticker (if you have one) on the case of your machine (or inside the battery compartment), but do NOT quote the Key on the sticker!
How to tell - Hardware
My System SpecsSystem Spec
09 Sep 2015   #16
SolidLove

windows 7 x64
 
 

First I'm sorry to be honest with you I have been trying to avoid saying this because I am afraid you or people will refuse to help me. I am really sorry for this.
I need you to understand that I live in country where 90% more of the computer here using that kind of windows OS well you know. It's basically not because we like something like this, but the economic is hard on most of the people here.
I don't think I have that sticker but I'm using windows 7 Ultimate 64bits.


Code:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-GJY49-VJBQ7-HYRR2
Windows Product Key Hash: W5/6nm6F2UPXrCkY5xUhXb/+21g=
Windows Product ID: 00426-OEM-8992662-00006
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {598CDBE5-ADE3-40FB-BBFE-EF100DBBBAF1}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.110408-1631
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{598CDBE5-ADE3-40FB-BBFE-EF100DBBBAF1}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-HYRR2</PKey><PID>00426-OEM-8992662-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-1459575376-3320744764-2411850529</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Aspire E1-451G</Model></SYSTEM><BIOS><Manufacturer>Insyde Corp.</Manufacturer><Version>V2.14</Version><SMBIOSVersion major="2" minor="7"/><Date>20130422000000.000000+000</Date></BIOS><HWID>DC363407018400F2</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>SE Asia Standard Time(GMT+07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600006-02-1033-7600.0000-2172013
Installation ID: 019384288016670160413061073025573851729156598441037160
Processor Certificate URL: SpcService Web Service
Machine Certificate URL: RacService Web Service
Use License URL: UseLicenseService Web Service
Product Key Certificate URL: PkcService Web Service
Partial Product Key: HYRR2
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 9/10/2015 6:47:54 AM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: OgAAAAEAAQABAAIAAQACAAAABgABAAEA6GGGSTUyngeKhrxljteN74qbIu4sdA6gcL7y3xqWBgiw3g==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information: 
  ACPI Table Name    OEMID Value    OEMTableID Value
  APIC            ACRSYS        ACRPRDCT
  FACP            ACRSYS        ACRPRDCT
  HPET            ACRSYS        ACRPRDCT
  BOOT            ACRSYS        ACRPRDCT
  MCFG            ACRSYS        ACRPRDCT
  WDAT            ACRSYS        ACRPRDCT
  UEFI            ACRSYS        ACRPRDCT
  ASF!            ACRSYS        ACRPRDCT
  WDRT            ACRSYS        ACRPRDCT
  FPDT            ACRSYS        ACRPRDCT
  SSDT            ACRSYS        ACRPRDCT
  SSDT            ACRSYS        ACRPRDCT
My System SpecsSystem Spec
10 Sep 2015   #17
NoelDP

Microsoft Community Contributor Award Recipient

Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
 
 

The install shows signs of having been hacked using RemoveWAT.

Best way to fix it now (since we don't know which version of RemoveWAT was used) is to run WATFix....

Download WATFix - make sure that you UNTICK the box for the 'download manager, and click on the link on the left of the page, not the big shiny button on the right (which is an ad for the download manager!!) - and use that - extract the .exe file, and run it, then reboot.

Post back with another MGADiag report, and we'll then see what we can do.
My System SpecsSystem Spec
10 Sep 2015   #18
SolidLove

windows 7 x64
 
 

From the searching using google.com, this what comes on the top
ww*.windows7activator.org/wat-fix.html

There is no box for download manager like you mentioned
Trying to download it from the text link on the article but my avast AV block it. Is it false positive?

Okay so I disabled my AV and download it anyway, but then it's kind of weird it's rar inside of rar I got to extract it 2 times to get the exe and tried to executing it with my internet off, but then I got an error that basically tell me I need internet connection. I don't want to take the risk. So please tell me is it the real thing and I do need internet connection to use it?
My System SpecsSystem Spec
10 Sep 2015   #19
NoelDP

Microsoft Community Contributor Award Recipient

Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
 
 

Sorry - the link got lost (so you may not have the proper file)... Download WAT Fix.zip
If the file being downloaded is named 'WAT Fix.zip' then yes, it's a false-positive.

The extracted .exe file should have an MDA5 hash of C478EDED04A9991CC55A34AE81037518
My System SpecsSystem Spec
10 Sep 2015   #20
SolidLove

windows 7 x64
 
 

Lucky me the file I downloaded must be another malware the MD5 dash is not the same.

Ok so I used the WAT fix you gave me.
But seems like I forgot disable AV while I run the program is it okay?
Should I run it once more with my AV service disabled?
Again thanks for your help.

The program auto restart after it finished so this report is after reboot.
but from the 2 report looks like only ID and trusted time the different.

Here is the MGDiag report:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-GJY49-VJBQ7-HYRR2
Windows Product Key Hash: W5/6nm6F2UPXrCkY5xUhXb/+21g=
Windows Product ID: 00426-OEM-8992662-00006
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {598CDBE5-ADE3-40FB-BBFE-EF100DBBBAF1}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.110408-1631
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{598CDBE5-ADE3-40FB-BBFE-EF100DBBBAF1}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-HYRR2</PKey><PID>00426-OEM-8992662-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-1459575376-3320744764-2411850529</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Aspire E1-451G</Model></SYSTEM><BIOS><Manufacturer>Insyde Corp.</Manufacturer><Version>V2.14</Version><SMBIOSVersion major="2" minor="7"/><Date>20130422000000.000000+000</Date></BIOS><HWID>DC363407018400F2</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>SE Asia Standard Time(GMT+07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600006-02-1033-7600.0000-2172013
Installation ID: 019384288016670160413061073025573851729156598441037160
Processor Certificate URL: SpcService Web Service
Machine Certificate URL: RacService Web Service
Use License URL: UseLicenseService Web Service
Product Key Certificate URL: PkcService Web Service
Partial Product Key: HYRR2
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 9/10/2015 4:10:51 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: OgAAAAEAAQABAAIAAQACAAAABgABAAEA6GGGSTUyngeKhrxljteN74qbIu4sdA6gcL7y3xqWBgiw3g==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ACRSYS ACRPRDCT
FACP ACRSYS ACRPRDCT
HPET ACRSYS ACRPRDCT
BOOT ACRSYS ACRPRDCT
MCFG ACRSYS ACRPRDCT
WDAT ACRSYS ACRPRDCT
UEFI ACRSYS ACRPRDCT
ASF! ACRSYS ACRPRDCT
WDRT ACRSYS ACRPRDCT
FPDT ACRSYS ACRPRDCT
SSDT ACRSYS ACRPRDCT
SSDT ACRSYS ACRPRDCT
My System SpecsSystem Spec
Reply

 sfc /scannow always find corrupt file and repaired it after 3~




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
SFC /scannow - Files can't be repaired
I ran sfc /scannow. Output produced a massive file. Used Findstr command, found on forum, to produce a useable text file. Seems there are four files, reported twice, that cannot be repaired. I have limited access to the machine as I have been supporting using web. Before I mess something up...
Performance & Maintenance
How do i find a file after a sfc scannow result
Done it last night and cant find where it saved Thanks
Performance & Maintenance
How do I fix a corrupt file in Windows 7 that Scannow can't.
I have tried all Windows updates, checked for viruses, done everything within my power, but nothing seems to work. Whenever I open anything that requires Windows Explorer, it that program crashes. I can watch videos online, but not in Windows Media Player, Real Player or Quick Time. I cannot...
Performance & Maintenance
Scannow errors that can't be repaired
I ran sfc /scannow today and there were some files that were erred and couldn't be repaired. Whenever I ran that before it always repaired so this is kind of new for me. The reason this is bothering me is I installed some folder icons that were custom and they installed OK and all, but I went to...
General Discussion
SFC/scannow found corrupt file CBS.log help
hi, i ran sfc/scannow and i found a corrupt file and cannot fix after the scan. heres the CBS.log, please help and thanks. Also ive been having a problem with my computer, its been shutting off randomly. but the computer fans keep running and the light stays on. the mouse and keyboard turn...
Performance & Maintenance
Startup issues - not repaired by sfc /scannow
Hello: Need help with startup issues that began suddenly on 3/16 - Dell XPS 8100. 3/16: Out of the blue (no prior shutdown or startup issues) could not boot. Eventually got into WRE which automatically (?) ran startup repair, but "could not fix". (I was too freaked to note the details.)...
Performance & Maintenance


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 02:51.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App