DIRSD owner warning

SirCyber · Aug 19, 2014

I have a customers computer that has been operating very poorly. I have run a CBS scan and I have pages of the warning above, most relating to sddl references. The computer is an HP Envy laptop running Windows 8.1.
The reason I'm in these files is because I keep getting system crashes, resulting in DPC Watchdog violations. after running the scan I get
"Windows Resource Protection found corrupt files but was unable to fix some of them."
I have pages of the DIRSD warnings. is this normal? I have seen the error referencing everything from SYSWoW 64 folders to .NET Framework directories to audio and networking directories. I cannot get on the Internet, or plug in USB devices, while in normal mode. I cannot run certain scans in normal mode, even using "run as administrator" option. I would upload the CBS scan result but I need to compress it, the file is quite large.
I have done extensive research on the watchdog violations, most seem to point to driver issues. I have updated chipset, NIC, video, and audio drivers, and the computer still does the same thing. I'm at my whits end here.
If anyone can help, it would be much appreciated. I am backing up the computer to prepare for the possibility of having to repair or re-install Windows, I just wanted to know if anyone had any options for me before I just did that dump. As always, expert advice from the table is much welcome, and you guys are the best. Thanks.

Dauntae · Aug 19, 2014

I didn't get into the system as deep as you are but had one doing the same thing, restore points gone, connected to the network but would not get internet, they downloaded something nasty that multiple virus scans with different programs didn't pick up. I just backed up the files they wanted to save and did a fresh instal and all was well. Seems there are some nasty things out there lately.

Dauntae

SirCyber · Aug 19, 2014

Thank you for the reply, however I'm trying to find a way to fix this rather than resort to just doing a reinstall. If that is my only recourse, that's fine, but I would like to know for sure that I have exhausted all other means. I have found an example entry to share:

CSI 00000328 [DIRSD OWNER WARNING] Directory [ml:520{260},l:94{47}]"\??\C:\ProgramData\Microsoft\Network\Downloader" is not owned but specifies SDDL in component Microsoft-Windows-Bits-Client, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

This is an excellent entry for my purpose. The machine I'm working with is and Intel CPU and nVidea graphics card and I have seen nearly the same entry as the above one, complete with the AMD64 reference. Are these merely references to software that exists in Windows that doesn't have anything to tie to? This would be completely acceptable if there wasn't references to software as well, such as the .NET Framework. I'm just trying to understand.
Since SDDL references security, is this actually a security problem with the script? Or is this a script error? Are the neutral properties at the end the same as null for the script? Finally, bottom line, is there a way to, and if so how do I, fix this problem without the reinstall option? Thanks again

*source for example code and additional background information*
http://www.sysnative.com/forums/win...-resource-protection-found-corrupt-files.html

carnageX · Aug 19, 2014

Tried disk check and system file check?

chkdsk C: /f /r
sfc /scannow

SirCyber · Aug 19, 2014

sfc /scannow is how you get the CBS logfile. no I haven't done chdsk, though I don't know how that would cause these problems. I had also considered that the RAM could cause this, but have not removed any sticks yet. After everything I have read I find this highly unlikely as the cause of the problems.

carnageX · Aug 20, 2014

SirCyber said:
sfc /scannow is how you get the CBS logfile. no I haven't done chdsk, though I don't know how that would cause these problems. I had also considered that the RAM could cause this, but have not removed any sticks yet. After everything I have read I find this highly unlikely as the cause of the problems.

Well you're getting corrupted files, so it's possible that there are bad sectors or clusters on the drive. Simplest solutions first

.

SirCyber · Aug 20, 2014

Thanks for the input, running chdsk now for 2 hours and has been at 10% for 1 hr 30 min. if its at the same percentage in 3 more hours I'm claiming dead sectors/clusters and will attempt disc repairs. I'm still trying to wrap my head around how this would cause the issues, but there is no denying, when the HDD is the problem, nothing is going to work right. will update in a few hours.

carnageX · Aug 20, 2014

SirCyber said:
Thanks for the input, running chdsk now for 2 hours and has been at 10% for 1 hr 30 min. if its at the same percentage in 3 more hours I'm claiming dead sectors/clusters and will attempt disc repairs. I'm still trying to wrap my head around how this would cause the issues, but there is no denying, when the HDD is the problem, nothing is going to work right. will update in a few hours.

Might look like it's stuck but could still be running as well. I'd let it finish even if it's taking forever. Unless you think the drive is about to die and need to backup data.

What stage is is stuck on?

SirCyber · Aug 20, 2014

dealing with a windows 8 machine, so all I get is "Scanning and repairing C: 10% complete"

SirCyber · Aug 20, 2014

I didn't get to observe the scan finishing, but when I went to look at the computer it was back into windows login screen. I'll find the log later. now if it's not the HDD I'm back to square one

DIRSD owner warning

SirCyber

Daemon Poster

Dauntae

Fully Optimized

SirCyber

Daemon Poster

carnageX

Private Joker,

SirCyber

Daemon Poster

carnageX

Private Joker,

SirCyber

Daemon Poster

carnageX

Private Joker,

SirCyber

Daemon Poster

SirCyber

Daemon Poster

Similar threads