Hello,
Yesterday, thanks to MalwareTips community, I have solved an issue with Emsisoft Internet Security using Revo Pro: A major problem prevents the application startup
When I used Revo Pro I noticed that it cannot made a restoration point.
So I go to take a look and noticed that there is an error.
I tried to apply the following fix but without success: Problème restauration système - erreur 0x81000203 Windows 7/8
Can you help me ?
I will try my best to explain what I did. It's quite annoying and tiring
First of all, do this, if any of those 4 services are not running, you should set them to automatic and start. If step 8 is successful, you don't have to do the rest
Click Start, click Run, type Regedit, and then click OK.
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions
On the Edit menu, click Delete, and then click Yes to confirm that you want to delete the subkey.
Exit Registry Editor.
Click Start, click Run, type services.msc, and then click OK.
Right-click the following services one at a time. For each service, click Restart:
COM+ Event System
COM+ System Application
Microsoft Software Shadow Copy Provider
Volume Shadow Copy
Click Start, click Run, type cmd, and then click OK.
At the command prompt, type vssadmin list writers, and then press ENTER.
If the VSS writers are now listed, close the Command Prompt window. You do not have to complete the remaining steps.
If the VSS writers are not listed, type the following commands at the command prompt. Press ENTER after each command.
cd /d %windir%\system32
net stop vss
net stop swprv
regsvr32 ole32.dll
regsvr32 oleaut32.dll
regsvr32 /i eventcls.dll
regsvr32 vss_ps.dll
vssvc /register
regsvr32 /i swprv.dll
regsvr32 es.dll
regsvr32 stdprov.dll
regsvr32 vssui.dll
regsvr32 msxml.dll
regsvr32 msxml3.dll
regsvr32 msxml4.dll
Note The last command may not run successfully.
At the command prompt, type vssadmin list writers, and then press ENTER.
Confirm that the VSS writers are now listed.
In the end, it should be similar to this to continue
After that, do this, however, you may not be able to change it to "volsnap". Remember how I showed you to change the permissions of "Volume". Now you have to change the owner for all values under "Volume" using the same method (for example: {0695aa21-6522-11e6-b157-806e6f6e6963}#0000000000100000). I have 13 values so I had to change the owner 13 times . perhaps you have less
2. Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\STORAGE\Volume
3. For each key under 'Volume', checked for the value 'Service' and make sure it is set to volsnap. If 'Service' does not exist do the following:
a. Created a new String Value called: Service
b. Set the value to: volsnap
Finally, reboot to make it work. Without reboot, you still have the problem
I will try my best to explain what I did. It's quite annoying and tiring
First of all, do this, if any of those 4 services are not running, you should set them to automatic and start. If step 8 is successful, you don't have to do the rest
Click Start, click Run, type Regedit, and then click OK.
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions
On the Edit menu, click Delete, and then click Yes to confirm that you want to delete the subkey.
Exit Registry Editor.
Click Start, click Run, type services.msc, and then click OK.
Right-click the following services one at a time. For each service, click Restart:
COM+ Event System
COM+ System Application
Microsoft Software Shadow Copy Provider
Volume Shadow Copy
Click Start, click Run, type cmd, and then click OK.
At the command prompt, type vssadmin list writers, and then press ENTER.
If the VSS writers are now listed, close the Command Prompt window. You do not have to complete the remaining steps.
If the VSS writers are not listed, type the following commands at the command prompt. Press ENTER after each command.
cd /d %windir%\system32
net stop vss
net stop swprv
regsvr32 ole32.dll
regsvr32 oleaut32.dll
regsvr32 /i eventcls.dll
regsvr32 vss_ps.dll
vssvc /register
regsvr32 /i swprv.dll
regsvr32 es.dll
regsvr32 stdprov.dll
regsvr32 vssui.dll
regsvr32 msxml.dll
regsvr32 msxml3.dll
regsvr32 msxml4.dll
Note The last command may not run successfully.
At the command prompt, type vssadmin list writers, and then press ENTER.
Confirm that the VSS writers are now listed.
After that, do this, however, you may not be able to change it to "volsnap". Remember how I showed you to change the permissions of "Volume". Now you have to change the owner for all values under "Volume" using the same method (for example: {0695aa21-6522-11e6-b157-806e6f6e6963}#0000000000100000). I have 13 values so I had to changed the owner 13 times . perhaps you have less
2. Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\STORAGE\Volume
3. For each key under 'Volume', checked for the value 'Service' and make sure it is set to volsnap. If 'Service' does not exist do the following:
a. Created a new String Value called: Service
b. Set the value to: volsnap
Finally, reboot to make it work. Without reboot, you still have the problem
I will try my best to explain what I did. It's quite annoying and tiring
First of all, do this, if any of those 4 services are not running, you should set them to automatic and start. If step 8 is successful, you don't have to do the rest
Click Start, click Run, type Regedit, and then click OK.
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions
On the Edit menu, click Delete, and then click Yes to confirm that you want to delete the subkey.
Exit Registry Editor.
Click Start, click Run, type services.msc, and then click OK.
Right-click the following services one at a time. For each service, click Restart:
COM+ Event System
COM+ System Application
Microsoft Software Shadow Copy Provider
Volume Shadow Copy
Click Start, click Run, type cmd, and then click OK.
At the command prompt, type vssadmin list writers, and then press ENTER.
If the VSS writers are now listed, close the Command Prompt window. You do not have to complete the remaining steps.
If the VSS writers are not listed, type the following commands at the command prompt. Press ENTER after each command.
cd /d %windir%\system32
net stop vss
net stop swprv
regsvr32 ole32.dll
regsvr32 oleaut32.dll
regsvr32 /i eventcls.dll
regsvr32 vss_ps.dll
vssvc /register
regsvr32 /i swprv.dll
regsvr32 es.dll
regsvr32 stdprov.dll
regsvr32 vssui.dll
regsvr32 msxml.dll
regsvr32 msxml3.dll
regsvr32 msxml4.dll
Note The last command may not run successfully.
At the command prompt, type vssadmin list writers, and then press ENTER.
Confirm that the VSS writers are now listed.
In the end, it should be similar to this to continue
After that, do this, however, you may not be able to change it to "volsnap". Remember how I showed you to change the permissions of "Volume". Now you have to change the owner for all values under "Volume" using the same method (for example: {0695aa21-6522-11e6-b157-806e6f6e6963}#0000000000100000). I have 13 values so I had to change the owner 13 times . perhaps you have less
2. Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\STORAGE\Volume
3. For each key under 'Volume', checked for the value 'Service' and make sure it is set to volsnap. If 'Service' does not exist do the following:
a. Created a new String Value called: Service
b. Set the value to: volsnap
Finally, reboot to make it work. Without reboot, you still have the problem
In my case, I have 3 usb values under STORAGE, related to Garmin Connect. I've changed them as well, although I don't think it'd be necessary.
EDIT:
Just a note... I don't know the reason but the disk C: is showed on the bottom of the list. I have 2 SSD's and 1 HDD. C: and D: are SSD and E is the HDD. Here the system restore screen shows this way now:
I've tried that and clicking on it doesn't change anything... it doens't sort the drives. I've tried to change the hard drives cables but received a BSOD telling inaccessible boot device. I've asked a friend to take a look at his system.
Yes. A friend of mine has checked his system and in his case the drive letter order isn't respected as well. I think it's something controlled by W10 and it ins't an issue.
Hello alexandrebr,
this Problem Is since Windows 3.0 known.
There are several possible Causes, agree as in VSS.
I will try to help you.
First question:
How does it look sequence in your Bios out ?
Second question:
Was the sequence the hard drives in front of the solution With the shadow copy ?
example:
Disco 0 = Resevardo pelo Sistema/C
Disco 1=Jogos D
Disco 2= Backup E
Hello alexandrebr,
this Problem Is since Windows 3.0 known.
There are several possible Causes, agree as in VSS.
I will try to help you.
First question:
How does it look sequence in your Bios out ?
Second question:
Was the sequence the hard drives in front of the solution With the shadow copy ?
example:
Disco 0 = Resevardo pelo Sistema/C
Disco 1=Jogos D
Disco 2= Backup E
The Asrock Z77 Extreme4 UEFI shows according to the SATA Ports in which the drives are connected, just like the Disk Management (E:, D:, C: ). That's always been the sequence because W10 follows the physical connection, not the drive letter.
Towards your second question, sorry but I couldn't understand. Do you want to know if, before the system restore fix, the sequence was different? If so, I must say that W10 disk manager has always ordered the drives considering their physical ports. What calls my attention is the fact that system protection, although it follows MB connections in my system, seems to sort the drives randomly and my friend's system shows that.
Anyway, considering the W10 environment, I was hoping system protection would take the drive letters into account and show C:, D: and E: instead.
I will try my best to explain what I did. It's quite annoying and tiring
First of all, do this, if any of those 4 services are not running, you should set them to automatic and start. If step 8 is successful, you don't have to do the rest
Click Start, click Run, type Regedit, and then click OK.
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions
On the Edit menu, click Delete, and then click Yes to confirm that you want to delete the subkey.
Exit Registry Editor.
Click Start, click Run, type services.msc, and then click OK.
Right-click the following services one at a time. For each service, click Restart:
COM+ Event System
COM+ System Application
Microsoft Software Shadow Copy Provider
Volume Shadow Copy
Click Start, click Run, type cmd, and then click OK.
At the command prompt, type vssadmin list writers, and then press ENTER.
If the VSS writers are now listed, close the Command Prompt window. You do not have to complete the remaining steps.
If the VSS writers are not listed, type the following commands at the command prompt. Press ENTER after each command.
cd /d %windir%\system32
net stop vss
net stop swprv
regsvr32 ole32.dll
regsvr32 oleaut32.dll
regsvr32 /i eventcls.dll
regsvr32 vss_ps.dll
vssvc /register
regsvr32 /i swprv.dll
regsvr32 es.dll
regsvr32 stdprov.dll
regsvr32 vssui.dll
regsvr32 msxml.dll
regsvr32 msxml3.dll
regsvr32 msxml4.dll
Note The last command may not run successfully.
At the command prompt, type vssadmin list writers, and then press ENTER.
Confirm that the VSS writers are now listed.
In the end, it should be similar to this to continue
After that, do this, however, you may not be able to change it to "volsnap". Remember how I showed you to change the permissions of "Volume". Now you have to change the owner for all values under "Volume" using the same method (for example: {0695aa21-6522-11e6-b157-806e6f6e6963}#0000000000100000). I have 13 values so I had to change the owner 13 times . perhaps you have less
2. Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\STORAGE\Volume
3. For each key under 'Volume', checked for the value 'Service' and make sure it is set to volsnap. If 'Service' does not exist do the following:
a. Created a new String Value called: Service
b. Set the value to: volsnap
Finally, reboot to make it work. Without reboot, you still have the problem
Hello @Evjl's Rain
Thanks for your detailed explanations.
After a very busy week, today I have time to try this solution but I'm not able to do step 6/ because I cannot find what is the signification in French
I hope that anybody who know French can help me...
Thanks.
Hello @Evjl's Rain
Thanks for your detailed explanations.
After a very busy week, today I have time to try this solution but I'm not able to do step 6/ because I cannot find what is the signification in French
I hope that anybody who know French can help me...
Thanks. View attachment 118222
COM+ Event System => EventSystem => Système d’événement COM+
COM+ System Application => COMSysApp => Application système COM+
Microsoft Software Shadow Copy Provider => swprv => Fournisseur de cliché instantané de logiciel Microsoft
Volume Shadow Copy => VSS => Cliché instantané des volumes
