Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Confirmed Yontoo and Possible Other Infection [Solved]


  • This topic is locked This topic is locked

#61
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
This is strange as it should have been run from system32. This is the solution:

Use this command instead at the CMD prompt: findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >sfcdetails.txt

Close CMD then click Start and in the search box type sfcdetails.txt in the list right click sfcdetails and select Open File Location and get the log from wherever it was saved. Please tell me where the log was located, this will tell me how SFC was run :thumbsup:
  • 0

Advertisements


#62
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
Log was still empty. Was saved to "Computer/C/Users/owner/AppData/Roaming/Microsoft/Windows/Recent."
  • 0

#63
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
When I search for that file name, two options come up. One under Programs and one under Files. They go to different locations. Both logs are empty text documents. Second location is, "Computer/C/Windows/System32."
  • 0

#64
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
Just noticed that the one in the System32 folder is the real file. The one in AppData is just a shortcut.
  • 0

#65
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
This is most strange :blink: I will look into this more. CBS logs can only be opened through CMD. There may be another way from Event Viewer. SFC did fix some files so that is a good thing, I just wanted to know what they were :(

For now relax and wait for my next instalment for you, some time tommorow. I will get to the bottom of this your PC is giving me a challenge here and I accept, let the battle commence.......tomorrow :thumbsup:
  • 0

#66
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
LOL. Thank you kind sir. I await your next attack strategy. ;)
  • 0

#67
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
LOL. Thank you kind sir. I await your next attack strategy. ;)
  • 0

#68
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
A new day and a new fight :)

I am waiting for feedback from my instructor so will have something for you a little later on :thumbsup:
  • 0

#69
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Today I will use my big hammer to fix shutdown. I would like you to run SFC again and get a log to make sure all is O.K.

Please follow in the order given: I know you will :) step 1 is to double check all is set correctly. You shouldn't uncheck items you don't want started, let me know what those are and I will fix those for you.


1. Normal Settings
  • Click Start, type msconfig in the Start Search box, and then press ENTER.
  • Now select the Services Tab Check Hide all Microsoft Services then click enable all
  • Now select the General tab and select Normal Startup then click Apply and O.K and everything is now back to the way it was.
  • Restart for changes to take effect

2. System File Checker
  • Click Start and type cmd in the search box. In the list that appears right click CMD and Run as Administrator
  • At the prompt copy and paste the following: sfc /scannow and press Enter
  • Copy the following: findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt" and Paste at the CMD prompt and press Enter
  • Close CMD window by clicking the X or by typing Exit Now Reboot the machine.
  • On your Desktop should be an SFCdetails.txt copy and paste in your next reply.

3. Defragment the Hard-Drive
  • Click Start , then click Run... then type in CMD and click on OK.
  • At the Command Prompt C:\ > type the following:
  • CD C:\ and press the Enter key.
  • Now type in DEFRAG C: -F
  • An Analysis report will be displayed and then Windows will start the Deragmentation run automatically.
  • This may take some time, when completed the Command Prompt C:\ > will appear.
  • Type in EXIT and and press the Enter key to close the command window.

4. OTL Fix
Open OTL then Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

:COMMANDS
[CREATERESTOREPOINT]

:REG
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
"WaitToKillServiceTimeout"="8000"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
"ClearPageFileAtShutdown"=dword:00000000

:COMMANDS
[REBOOT]

  • Then click Run Fix
  • Click O.K if asked to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste the Fix Log in your next reply.


How is the Shutdown now?
  • 0

#70
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
So I wielded your big hammer. (Some pun intended.)

Went into msconfig and hid all Microsoft services. All non-Microsoft services were already enabled. Went to general tab and 'normal' startup was already selected. Rebooted anyway.

Ran sfc scan from command prompt and entered findstr command. At this point I didn't notice (or ignored) the instruction to reboot. I instead went right into disk defragmentation. After that was done running (started at 2% fragmentation and was 0% at the end) I rebooted. This reboot took over 5 minutes and I got a message that 3 updates were configured before it booted down. Naturally the sfcdetails.txt was empty, lol.

So after I rebooted I ran sfc scan again and entered the findstr command again. At this point I realized that I screwed up the first two times because I was using "/" instead of "\" in the string. So sorry. I put my dunce cap on and moved on. Again the scan reported that Windows repaired corrupted files successfully. Interestingly enough, after rebooting (and again it configured 3 updates before booting down and actually seemed to take longer) I checked the sfcdetails.txt file and again it was still empty!

Moved on and ran the OLT fix. You and your big hammer rock! (I should probably rephrase that, lol!) My shutdown time is under 30 seconds! I shutdown and booted back up a couple times in under 5 minutes just because I could.

So I'm considering this issue resolved. Thank you! ;)
  • 0

Advertisements


#71
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\\"WaitToKillServiceTimeout"|"8000" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\\"ClearPageFileAtShutdown"|dword:00000000 /E : value set successfully!
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 07082013_224237
  • 0

#72
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
:rofl: That was a funny read. I am pleased the shutdown fix worked. I retuned the wait time to kill services, the time is over generous in Windows 7 but is ridiculous in Vista. :)

I will give you another post tomorrow to clean, close and give you some advice on MBAM and other things. I will also research and ask my instructor about the SFC results. Sometimes it does repair files that don't really need reparing as they aren't system critical. I have one user at the moment who's Norwegian language pack is corrupt, he doesn't speak Norwegian but did visit there 40 years ago :laughing:

So it is looking rather good for tomorrows post :)

P.S. The Big Hammer it is for all my users from now on.
  • 0

#73
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello Velarie :)

I do need to see those SFC results I'm afraid. I don't want to pass you over as clean when there is something clearly wrong with the results. Here comes the interesting bit or the boring bit depending.

The SFC results are stored in a CBS log which can be really long, I looked at one recently and it was 25mb of text! The command I gave you looks for certain entries in that log that have [SR] in the line. If there are no [SR] entries then the page is blank :)

This is where the confusion comes in. Corrupt files have been fixed and should therefore be entered in the CBS log with an [SR] tag, so where are they I hear you ask? I don't know :lol: here comes the but......

BUT: I can retrieve the CBS log and edit out the lines I don't want to see, leaving, you guessed it the SFC details hooray. Even better is that I can use a .bat file so you don't have to mess about in CMD :D

That is what you are going to do - create a .bat file to retrieve the CBS.log.

Create a .BAT file
  • Open Notepad then copy and paste the following: findstr /c:"CSI" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\Nutlook.txt"
  • Now click File then Save As... Choose Desktop for the location
  • Click the drop down menu beside Save as type and select all files
  • In the File Name: box type: nutfix.bat and click Save and close notepad.
  • On the Desktop right click nutfix.bat and Run as Administrator
  • A log called Nutlook will appear on your Desktop, I'd like a looksee.
  • If you have trouble pasting the log, as it may be long, you can Browse and Attach the file instead.

  • 0

#74
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
And the saga continues . . .

So I tried to create your .bat file (paying special attention to syntax) and it still produced an empty log. Tried it a second time with the same result. Next I referred to my dear friend Google and found this command, "notepad c:\windows\logs\cbs\cbs.log." I ran it from the command prompt as admin and was finally able to produce a log for you to look at. Yea! I have attached it as a text doc.

Your move.

Attached Files


  • 0

#75
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
And part two and part three. I hope you can use this . . .

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP