sfc /scannow found corrupt files

Windows 7 Home Premium SP1 ran sfc /scannow.  Message Windows Resource Protection found corrupt files but was unable to fix some of them...attached is the log.

I ran this because Norton 360 came across  Trojan.zbot.  The computer was then painfully slow and would hang.  I did a system restore which seemed to resolve the issue.  I've been running many scans with no sign of it or anything else.  Considering doing ComboFix to be sure.

In regards to the sfc message - I ran a fix I came across a while ago - dism /online /cleanup-image /restorehealth - but I am getting error: 87.  I've tried researching it to no avail.  This has happened on a couple of other machines as well.

Any suggestions.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

John TsioumprisSoftware & Systems EngineerCommented:
Infection by a Trojan and corrupt files is not a good combination...
I would suggest to take a backup of your files and reinstall Windows from scratch
MagsOwnerAuthor Commented:
What about a repair install?
JohnBusiness Consultant (Owner)Commented:
First, DISM is not a Windows 7 tool - Windows 8 and above.
Second, SFC can always be run twice, because corruption will often be fixed in the second run.
Third, Repair Install is a good method but only if you are sure you have cleared out the malware and have no root kit viruses (TDS Killer to check).

If you cannot clear the malware completely, then (as above) back up and reinstall Windows.
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

John TsioumprisSoftware & Systems EngineerCommented:
personally i never do repair installs....i don't like the idea of repairing a corrupt system and getting a ton of leftovers and wrong registry settings...
If the setup is absolutely critical to you then yes you should try to fix it but if you have the time i reckon it would be best to format your system and start from scratch...
If you want a newly formatted system and you are afraid of loosing your hard to get settings there is always the option of taking a complete image of your system and do a P2V conversions so that your old system will continue to "live" until everything is set as it should....
MagsOwnerAuthor Commented:
Hi John

First - I have run DISM on several Windows 7 computers with great success.  The information I have received is that it works for Windows 7 and 8.
Second - I have run it twice...was going to try a third time
Third - Will run TDSSkiller...on my list.

For my information - I have done System Restores to resolve less damaging malware but I always find remnants.  Why is this?

From what I am hearing from you both is that since it was infected with a Trojan and even though I did a successful SR it may still have damage.  Am I understanding you correctly?  Is there really a absolute way to know that the Trojan is gone?  Norton 360 who found it a couple of days ago does not find it after the SR.

Thank you for your assistance.
MagsOwnerAuthor Commented:
John in running TDSSkiller are there any changes to the parameters?
JohnBusiness Consultant (Owner)Commented:
Here is the TDSKiller overview guide.


There are checkboxes in the GUI you can consider.

And, yes, I can confirm I have DISM running on my Windows 7 machine (Scanhealth benign mode). I had thought it was Windows 8, so thank you for the correction.
John TsioumprisSoftware & Systems EngineerCommented:
In these days Trojans/malware/viruses get harder and harder to detect....
A list for detection would go
HitMan Pro
Sophos Offline Antivirus
MagsOwnerAuthor Commented:
Thanks for the info on TDSSkiller John.

tsgiannis I have run MBAM and Hitman and asked about Combofix.  Haven't run Sophos in a while.

This is another client who would prefer not to do a clean install with all that they have loaded.

Is there a way a program such as Acronis can be used to reinstall programs, file and folders on to a clean install?
MagsOwnerAuthor Commented:
Ran TDSSKiller - 2 unsigned files - service: wltrysvc and File: C:\Program\Broadcom 802.11\WLTRAY.exe.  Both suspicious object, medium risk.  Skip, Copy to quarantine or delete?
JohnBusiness Consultant (Owner)Commented:
Something to keep in mind is that people who won't or cannot (no software) do a clean Windows install are the very people who screw up machines.
JohnBusiness Consultant (Owner)Commented:
Skip, Copy to quarantine or delete? Move to quarantine or delete but do not skip.
MagsOwnerAuthor Commented:

Lucky for me these are solid people...just have a lot of programs on their computer.  They have everything needed to reinstall all their software.  If a program like Acronis could do it, it would simply be less hassle.  I appreciate your input.
MagsOwnerAuthor Commented:
Need to leave for the afternoon...I'll keep you posted.
This could be the problem with System Restore.

I heartily disagree with tsgiannis' opinion about Repair Install.  You have run it for a different problem in another thread and were satisfied.  You have said "This is another client who would prefer not to do a clean install with all that they have loaded."
If the time comes that an OS install is needed, try a Repair install first.
MagsOwnerAuthor Commented:
Thanks jcimarron.  I will l look at that.

I ran ComboFix.  Then ran Sophos, Eset, Emsisoft and a specific scan through Norton for the Trojan.zbot...all clean.  A few more scans to run then I'll look at the updates then do a sfc.  If it fails I will try a repair install.
JohnBusiness Consultant (Owner)Commented:
A Repair Install can work (I have seen that happen). I am not convinced a Repair Install can overcome root kit malware (which you have). If you clean up all malware, then it should work. But keep your options open.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MagsOwnerAuthor Commented:
Will do.  Data backed up...

Thanks guys!
MagsOwnerAuthor Commented:
jcimarron I deleted possible problematic updates, restarting each time.  I still have the same issue with sfc & dism.

Ran more scans and believe it is as clean as I can get it.

Starting a repair install.
I've requested that this question be deleted for the following reason:

Not enough information to confirm an answer.
What happened when you ran the Repair Install?
MagsOwnerAuthor Commented:
I thought I spread points already and closed this??
JohnBusiness Consultant (Owner)Commented:
No, you have not yet closed this question.
It seems not.  No problem.  All's well that end's well

12 seconds after John Hurst.
MagsOwnerAuthor Commented:
Let me finish something and I will spread points and answer questions.
Thanks guys...could of sworn I already did this...sorry for the delay.
MagsOwnerAuthor Commented:
Repair Install worked...thanks guys!!
JohnBusiness Consultant (Owner)Commented:
@MagsMcKinley14 - Thanks for the update and I was happy to help.
You are welcome.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 7

From novice to tech pro — start learning today.