[SOLVED] SFCFix problems

Kidkaos · Mar 26, 2016

Hey, I just got a malware attack after trying to download daemon tools(it was a fake and installed a bunch of maleware on my machine)
Here are the steps I have taken:
Scanned with Malware Bytes(Was on during the attack)
**edit** After scanning with Malware Bytes I rolled back to a restore point, (restored back to a couple days before the attack) before i knew this was a bad idea due to potentially infected restore points **edit**
Scanned with tdsskiller
Scanned with Esetsmart scan
Scanned with WebRoot Protection
Scanned with Windows MSRT
Scanned with Unhackme
Scanned with HitmanPro
(Yes i overkilled the scanning

)
After all the scans would come up clean after being ran 2x each i used sfc /scannow to repair my files(ran it 3 times with restarts in between)
Then I ran DSIM /Online /Cleanup-Image /RestoreHealth, restarted my computer and ran sfc /scannow once more(still had corruptions)
After this I ran diskcheck to make sure my C:/ drive was not broken and thankfully it was all good.

Even though most of the corruptions had been fixed, I still had some issues, so i ran SFCFix.exe and since I don't have access to an original windows 8.1 installation dvd it gave me a log file I could post and hopefully some of you kind people could help me :)

Below is the log file. Also if you have any tips to make sure all the malware is removed and my computer is clean once again, i would really appreciate and love to hear them <3 Thank you all in advance!

SFCFix version 3.0.0.0 by niemiro.
Start time: 2016-03-26 16:43:04.540
Microsoft Windows 8.1 Update 3 - amd64
Not using a script file.

AutoAnalysis::
CORRUPT: C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.3.9600.17793_none_086408f678984d30\Windows Journal.lnk
CORRUPT: C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.3.9600.17842_none_90da81a4dac50d54\utc.app.json
CORRUPT: C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.3.9600.17842_none_90da81a4dac50d54\telemetry.ASM-WindowsDefault.json

SUMMARY: Some corruptions could not be fixed automatically. Seek advice from helper or sysnative.com.
CBS & SFC total detected corruption count: 3
CBS & SFC total unimportant corruption count: 0
CBS & SFC total fixed corruption count: 0
SURT total detected corruption count: 0
SURT total unimportant corruption count: 0
SURT total fixed corruption count: 0
AutoAnalysis:: directive completed successfully.

Successfully processed all directives.
SFCFix version 3.0.0.0 by niemiro has completed.
Currently storing 0 datablocks.
Finish time: 2016-03-26 17:06:23.873
----------------------EOF-----------------------

BrianDrab · Mar 26, 2016

Hi and welcome to Sysnative. Two of your corruptions are a known issue with KB3022345. The update was replaced with KB3080149. Downloading and installing this update should resolve the issue for those two telemetry related files. More info can be found at the following link.

https://support.microsoft.com/en-us/kb/3080149

To fix your last corruption I need you to run the following so I can gather some info.

Step#1 - SFCFix Script
Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

Download SFCFix.exe (by niemiro) and save this to your Desktop. If you still have this on your desktop from downloading previously, you don't need to re-download.
Download the file below, SFCScript.txt, and save this to your Desktop.
Save any open documents and close all open windows.
On your Desktop, you should see two files: SFCFix.exe and SFCScript.txt.
Drag the file SFCScript.txt onto the file SFCFix.exe and release it.
SFCFix will now process the script.
Upon completion, a file should be created on your Desktop: SFCFix.txt.
Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this file into your next post for me to analyse please

Kidkaos · Mar 26, 2016

Thanks for the welcome :)
Also i tried downloading the update in microsofts download center and the link was broken for x64 versions of windows 8.1. Also here is the file you requested :).

SFCFix version 3.0.0.0 by niemiro.
Start time: 2016-03-26 17:39:10.111
Microsoft Windows 8.1 Update 3 - amd64
Using .txt script file at C:\Users\davib_000\Desktop\virus removal\SFCScript.txt [0]

Trace::
Successfully traced component amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.3.9600.17793_none_086408f678984d30.
Package_3_for_KB3046002~31bf3856ad364e35~amd64~~6.3.1.4.3046002-4_neutral_GDR4
Trace:: directive completed successfully.

Successfully processed all directives.
SFCFix version 3.0.0.0 by niemiro has completed.
Currently storing 0 datablocks.
Finish time: 2016-03-26 17:39:11.033
Script hash: mOJNk8/2o4a/PjuIx3quGyAuaGEMvO2vqnTgKCbWDnI=
----------------------EOF-----------------------

Kidkaos · Mar 26, 2016

Managed to update and the telemetry files have been resolved, all that's left is the final tabletpc journal file to fix

BrianDrab · Mar 26, 2016

This should fix the last one.

Step#1 - SFCFix Script
Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

Download SFCFix.exe (by niemiro) and save this to your Desktop. If you still have this on your desktop from downloading previously, you don't need to re-download.
Download the file below, SFCFix.zip, and save this to your Desktop. Ensure that this file is named SFCFix.zip - do not rename it.
Save any open documents and close all open windows.
On your Desktop, you should see two files: SFCFix.exe and SFCFix.zip.
Drag the file SFCFix.zip onto the file SFCFix.exe and release it.
SFCFix will now process the script.
Upon completion, a file should be created on your Desktop: SFCFix.txt.
Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this file into your next post for me to analyse please

Step#2 - SFC Scan
1. Right-click on the Start

button and select Command Prompt (Admin)
2. When command prompt opens, Copy (Ctrl+C) and Paste (Right-click > Paste) the following command into it, then press Enter
sfc /scannow

3. Once it finishes, copy and paste the following into the command-prompt window and press Enter.
copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt"

4. Once this has completed please go to your Desktop and you will find CBS.txt => Right-click on this file and choose Send To...Compressed (zipped folder). Please upload this zipped file CBS.zip to this thread

Please Note:: if the file is too big to upload to your next post please upload via a service such as Dropbox or One Drive or SendSpace and just provide the link.

Items for your next post
1. SFCFix.txt
2. CBS.txt

Kidkaos · Mar 26, 2016

Hey here are the results for the SFCFix it seems like everything is good, thanks a bunch for all the help!!!!!!!:

SFCFix version 3.0.0.0 by niemiro.
Start time: 2016-03-26 20:00:50.196
Microsoft Windows 8.1 Update 3 - amd64
Using .zip script file at C:\Users\davib_000\Desktop\virus removal\SFCFix.zip [0]

View attachment CBS.zip

PowerCopy::
Successfully took permissions for file or folder C:\Windows\Winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.3.9600.17793_none_086408f678984d30\windows journal.lnk

Successfully copied file C:\Users\davib_000\AppData\Local\niemiro\Archive\Winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.3.9600.17793_none_086408f678984d30\windows journal.lnk to C:\Windows\Winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.3.9600.17793_none_086408f678984d30\windows journal.lnk.

Successfully restored ownership for C:\Windows\Winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.3.9600.17793_none_086408f678984d30\windows journal.lnk
Successfully restored permissions on C:\Windows\Winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.3.9600.17793_none_086408f678984d30\windows journal.lnk
PowerCopy:: directive completed successfully.

Successfully processed all directives.
SFCFix version 3.0.0.0 by niemiro has completed.
Currently storing 1 datablocks.
Finish time: 2016-03-26 20:00:50.868
Script hash: E8mU7/67wr2gPbELmHTW1FrYnKlkC3RTWNEr7Oc2AYk=
----------------------EOF-----------------------

BrianDrab · Mar 26, 2016

Yup, it's resolved. Take care.

Search

Search

[SOLVED] SFCFix problems

Kidkaos

New member

BrianDrab

Emeritus

Attachments

Kidkaos

New member

Kidkaos

New member

BrianDrab

Emeritus

Attachments

Kidkaos

New member

BrianDrab

Emeritus