[SOLVED] Error 8007312; SFC /scannow and SfcFix Both Clean

[xilolee]

Thanks. Also, I stumbled upon this as I was Googling how to reverse registry changes by malware. If you get a chance, take a look and let me know your thoughts. I don't know how reliable they are as I've never heard of any of them before. 8 Tools to Restore Task Manager, Regedit, CMD and Folder Options After Being Disabled by a Virus • Raymond.CC

You can also add to that list:

• Wise Pc first aid - free for personal use (wisecleaner.com)
• RegSeeker - free for personal use (hoverdesk.net)
• kerish doctor - only paid - free trial for 15 days

 

[BrianDrab]

Please do the following.

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator. In your case it may already be open.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

[Mighty Joe]

Thanks. Also, I stumbled upon this as I was Googling how to reverse registry changes by malware. If you get a chance, take a look and let me know your thoughts. I don't know how reliable they are as I've never heard of any of them before. 8 Tools to Restore Task Manager, Regedit, CMD and Folder Options After Being Disabled by a Virus • Raymond.CC

You can also add to that list:

• Wise Pc first aid - free for personal use (wisecleaner.com)
• RegSeeker - free for personal use (hoverdesk.net)
• kerish doctor - only paid - free trial for 15 days

Thank you xilolee. Will keep these in mind.

 

[Mighty Joe]

Fix result of Farbar Recovery Scan Tool (x86) Version: 02-07-2016
Ran by Joe (2016-07-03 10:13:50) Run:13
Running from C:\Users\Joe\Desktop
Loaded Profiles: Joe & (Available Profiles: Joe)
Boot Mode: Normal

==============================================

fixlist content:
*****************
cmd: dir "C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs\x86_microsoft-windows-i..l-keyboard-00000454_31bf3856ad364e35_6.1.7600.16385_none_e86c9e10c4b0dcb5"
cmd: dir c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00000454_31bf3856ad364e35_6.1.7600.16385_none_e86c9e10c4b0dcb5
*****************


========= dir "C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs\x86_microsoft-windows-i..l-keyboard-00000454_31bf3856ad364e35_6.1.7600.16385_none_e86c9e10c4b0dcb5" =========

Volume in drive C has no label.
Volume Serial Number is 149B-5E56

Directory of C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs\x86_microsoft-windows-i..l-keyboard-00000454_31bf3856ad364e35_6.1.7600.16385_none_e86c9e10c4b0dcb5

06/18/2016 02:38 AM <DIR> .
06/18/2016 02:38 AM <DIR> ..
0 File(s) 0 bytes
2 Dir(s) 806,612,729,856 bytes free

========= End of CMD: =========


========= dir c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00000454_31bf3856ad364e35_6.1.7600.16385_none_e86c9e10c4b0dcb5 =========

Volume in drive C has no label.
Volume Serial Number is 149B-5E56

Directory of c:\windows\winsxs

File Not Found

========= End of CMD: =========


==== End of Fixlog 10:13:51 ====

 

[BrianDrab]

Please do the following. The resulting file will be a little large so go ahead and attach it.

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download fixlist.txt and save it to the Desktop.
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator. In your case it may already be open.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

[Mighty Joe]

Still fixing after about 25 minutes. FRST has never taken so long before but maybe it's because this is an especially big fix? Or is something preventing it from completing?

 

[BrianDrab]

It is a large fix. Copying over 3,000 directories. Maybe let it go a little longer before we decide to stop it.

 

[Mighty Joe]

Wow, that's huge. Still fixing after about 45 minutes but I guess let's keep it going. What's the longest it's taken from your experience?

 

[BrianDrab]

That seems a bit long. Is there a text file on the desktop named fixlog.txt that you can open to see what's in there?

 

[Mighty Joe]

I see a lot of "0 files copied" and "access denied."

 

[BrianDrab]

Are you able to make a copy of that text file and then zip/attach the copy to me?

 

[Mighty Joe]

Fixlog.txt - Google Drive

 

[BrianDrab]

According to the log it's about half done and is working as expected. After it's completed we should get another scan.


SFC Scan

1. Click on the Start
   
   button and in the search box, type Command Prompt
2. When you see Command Prompt on the list, right-click on it and select Run as administrator
3. When command prompt opens, copy and paste the following commands into it, press enter after each
   
   sfc /scannow
   
   Wait for this to finish before you continue
   
   copy %windir%\logs\cbs\cbs.log %userprofile%\Desktop\cbs.txt
4. This will create a file, cbs.txt on your Desktop. Please attach this to your next post.

Please Note:: if the file is too big to upload to your next post please upload via a service such as Dropbox or One Drive or SendSpace and just provide the link.

 

[BrianDrab]

Also, one way to ensure that the process is still running is to open up the log file and look at the last line. As long as the last line doesn't match the following then it's running.

=========  echo n | xcopy "C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs\x86_microsoft-windows-m..do-backcompat-tlb28_31bf3856ad364e35_6.1.7601.17514_none_ecc8167e5098bf91" c:\windows\winsxs\x86_microsoft-windows-m..do-backcompat-tlb28_31bf3856ad364e35_6.1.7601.17514_none_ecc8167e5098bf91\ =========

 

[Mighty Joe]

Thanks. I'll continue to keep an eye on it. Hopefully it will finish soon.

Btw, I'm poking around in my registry and looked under hkey_users. I've never had as many SIDs as I do now. What are the chances I've been/am hacked?

 

[BrianDrab]

Btw, I'm poking around in my registry and looked under hkey_users. I've never had as many SIDs as I do now. What are the chances I've been/am hacked?

I'd be interested to look at that at some point. From looking at your logs I doubt it though. If you suspect that someone as infiltrated your system, the only way to guarantee that it's not infected is to do a clean install but we'll cross that bridge later if we have to.

 

[BrianDrab]

I need to head out for awhile and will be back.

 

[Mighty Joe]

I am headed out for about an hour. If it's not done when I return I'll stop it.

 

[Mighty Joe]

Here you go. It completed:

Fixlog.txt - Google Drive

 

[BrianDrab]

Thanks. Don't forget the SFC scan.