Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Confirmed Yontoo and Possible Other Infection [Solved]


  • This topic is locked This topic is locked

#76
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
:lol: Thanks Velarie

I was trying with those 2 commands to get an edited version of the log you posted. The CBS log is a biggee but this means I have the SFC results. Happy joy. :yeah:

It will take approximately 2 years to look over these so please be patient :lol:

In all seriousness this is strange as both commands only produce a blank result when not run as Administrator, which I know you take note of. There was also the hiccup with the Eset scan. My next question is are you running from an Administrator account? The OTL scans from the beginning say you are : Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator. owner is an Admin account.

I will start looking at those logs maybe the answer lies within :ph34r:
  • 0

Advertisements


#77
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
There is only one account on the machine; mine. I took it over from the previous owner, but I only changed the name of the account and nothing else.
  • 0

#78
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
If there is a way I can filter the CBS results for you, let me know. I realize it is a ridiculous amount of data.
  • 0

#79
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Thanks Velarie, the logs are on my Desktop so hopefully this will reveal what's going on. There is something upsetting this system and I am on the case. :thumbsup:

Honestly Velarie the CBS logs are fine retrieving these would have been my next step anyway, but using a slightly different command

copy %windir%\logs\cbs\cbs.log %userprofile%\Desktop\sfcdetails.txt you can see if this works if you want.......just don't post the logs :help:

I know you have another thread open so you must be pretty busy here, there and everywhere.......but you are with an Expert so ooooh look at you!
  • 0

#80
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
"notepad c:\windows\logs\cbs\cbs.log." when I pasted this into CMD it didn't work for me unless I removed the quotations.

Next problem was that there was no reference to the SFC files in my log and there are no references to SFC in your log :wacko:

CMD COPY and PASTE ISSUE


  • I want you to copy the following using mouse only: copy %windir%\logs\cbs\cbs.log %userprofile%\Desktop\sfcdetails.txt
  • Open CMD as Admin then right click the Cmd Window Frame select Edit then Paste press Enter
  • SFCdetails.txt should be on your desktop.
  • If this doesn't work try again using the quotation

If no joy then we may be looking at a service Pack issue.
  • 0

#81
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
Yeah sorry bout the quotes. I should have bold-ed it. I followed instructions. Seemed to work fine, but log is 5MB. Do you want me to upload the whole thing?
  • 0

#82
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Yes please I'm afraid so. This is the only way to be sure what is going on :thumbsup:
  • 0

#83
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
sfcdetails.txt broken up to four files.

Attached Files


  • 0

#84
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
and 4th. Now that it is clean and booting right, Windows is prompting me to install a bunch of critical updates. Will be working on that.

Attached Files


  • 0

#85
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Thanks Velarie :thumbsup:

It sounds like Windows Updates haven't been run in a while. We have completed that step previously, but the previous owner may not have.

Do you remember having to actually select Install updates Automatically when we did so here?

Your reply said you adjusted settings for Windows Update. My bad, I should have picked up on this.

Some Updates are foundations if you like, for further updates to install. I would install updates and reboot if necessary. Then Search again for Updates until nothing found. I never install the optionals. Then do that for the next couple of days until you get say a 2 day run of nothing found. These updates are so important. It's all very well updating Adobe, AV's and Java but if the operating system is out of date then it could all come crumbling down. I know that sound drastic, but it makes sense to me. A weak foundation means crumbly walls.

Anyhoo. In 9 years I will have finished looking at the logs and will get back to you later on this evening or Tommorow :lol:
  • 0

Advertisements


#86
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
Roger that. I installed 18 critical updates yesterday. Oddly several of them carried an SP1 notation. I checked sys info and verified that I'm running SP2. Checked again a moment ago and it only reported 3 optional updates. I'll check it again tomorrow. Also made sure all my Adobe software is up to date.

I'll be waiting patiently. Laptop is running great, so anything else you find to fix is just gravy to me. ;)

Thanks for seeing this through.

Val
  • 0

#87
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi Velarie, here is some lovely Gravy for you. :)

CBS logs were interesting. The reason for the blank pages is that those entries I was looking for don't exist in the log, strange. The logs suggest that there are update issues. For example a bad update install.

The following tool should give us some answers to what is going on with your service packs.


1. Run CheckSUR
  • Use this link to install CheckSUR
  • Run the program and click O.K if prompted to install a Hotfix.
  • This will take some time to run. Once complete click Finish

  • Now I need the log :lol:
  • Click Start and in the search bar type cmd in the list that appears right click CMD and Run as Administrator
  • Using the same paste method I showed you copy and paste the following: copy %windir%\Logs\CBS\CheckSUR.persist.log %userprofile%\Desktop\checksur1.txt and press Enter
  • Same again for the following command: copy %windir%\Logs\CBS\CheckSUR.log %userprofile%\Desktop\checksur2.txt press Enter it should report 1 File copied
  • Check your Desktop and paste both logs to me: Checksur1 and Checksur2

2. OTL Custom Scan
  • After a Reboot Right click the OTL icon and select Run as Administrator.
  • There are 8 None boxes please check all 8.
  • Copy and paste the following into the Custom Scans\Fixes box without the word Quote.

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion

  • Now Click Run Scan
  • OTL will now scan your computer and produce a log file OTL.txt
  • Please post in your next reply

Things I want to see in your next post.
  • Checksur1
  • Checksur2
  • OTL.txt

  • 0

#88
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
Big hammers and lovely gravy. Too funny. See attached logs. ;)

Attached Files


  • 0

#89
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Thanking you :)

The good thing about the logs is that they are all, nice and clean. I am not so worried about the SFC results now as I think it is just a matter of pushing those Window Updates through. The previous owner may not have updated for a long time. The CBS logs show that some files were being flagged but the replacement files were even older so nothing was done.

I think I mentioned that I never install the optionals. Mine are always for a Microsoft mouse for buttons I don't use, IE10 which I haven't looked into enough to install. Have tried it and couldn't download Malwarebytes :) so bye IE10.

I will inform my instructor what I think and he will say yay or nay. I will then post another....um.....post :rolleyes:
  • 0

#90
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
I try to avoid using IE myself, but have been told to keep it updated since it is integrated into the OS. As a web designer I have a lot of clients that use it though and it's best I stay up to date so I can answer their questions and provide support. Thanks so much for all of your help, I have certainly learned a lot myself. I'll be awaiting my 'clean bill of health' and any comments you had about our previous discussions, particularly MBAM and any security precautions I should take knowing that I connect remotely to clients using Logmein.com.

You rock!

Thanks,
Val
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP