BleepingComputer.com: Sirefef.O on Windows 7 32 ultimate after many scans

Avast detected the output files as combofix was uninstalling as a threat... Is this normal?

Now combofix uninstall has.. stalled. I scrolled up to look at all the output files without realizing that it may stall as though it was being run.

What should I do? Should I end the task? Do i need to disable my antiviruses and firewall before uninstalling combofix?

Thanks,

Should I undo defogger's effects and delete that program as well, or is that separate? I was enjoying the lack of autoplay appearing at every boot..

Also, it looks like avast had quarantined that file we were discussing earlier C:\Windows\system32\drivers\torsfcom.sys so I don't know if you think I ought to do anything about that.

This post has been edited by guitarsavvy: 11 November 2011 - 03:12 PM

I restarted my computer because combofix froze during uninstallation. My computer rebooted with a blank background and all the icons on the desktop are blank with only text beneath them.

I ran the uninstaller again and it did not stall, although avast detected multiple issue during the uninstallation I told avast to open them normally. I restarted again after the combofix uninstaller visibly completed, the combofix window closed, and I had waited a few moments, but my desktop is still blank and the icons are all transparent with only text beneath them.

Looking into it further I found that any folder with thumbnails visible ("large icons" selected - I use this setting for images) has blank thumbnails.

When right clicking inside the folder, I select view -> "content" and it displays the content. Then selecting view -> "large icons" again displays the content. Navigating away and back to the folder (or even refreshing the folder or my desktop) will cause it to revert to the thumbnails to being transparent.

It is the same in the desktop background thumbnails menu, which is why my background is blank.

This is bad. I hope it can be fixed simply.

Please help. Thanks.


- I can send you a screen shot if I didn't explain the issue sufficiently, if you would like to see what I mean, or are unfamiliar with this issue as I am.

This post has been edited by guitarsavvy: 12 November 2011 - 03:24 AM

I tried restarting explorer.exe in the task manager and it did nothing. Furthermore if I click view -> "small icons," changing it from the default large icons, the icons are displayed. Then if I click view -> "large icons," I get a number of results. Sometimes the icons will enlarge but retain the pixely resolution of small icons. Other times only some of the icons will enlarge, but the grid spacing will all be even and larger, characteristic of the "large icons" setting.

Most importantly, once these steps have been taken, my cpu usage skyrockets from below 20% to full 100% or 99% and I need to close all instances of explorer.exe and recreate the task in order for the cpu to resume functioning regularly.


If you would like, I'm happy to use team viewer or www.join.me to show you what is going on.

Thanks.

This post has been edited by guitarsavvy: 12 November 2011 - 04:12 AM

Furthermore if I click view -> "small icons," changing it from the default large icons, the icons are displayed

Quote

Try this again. If the view is correct Shut down the computer. This should reset the registry.

Restart the computer.

How is it now?

It only changes that one folder that I modify. I shut down and rebooted to find the desktop with the same small visible icons, yet all the other icons in all the other folders were still invisible (unless I make them small).

Did you mean change universal settings of icons? I don't know how to do that. I only changed one folder at a time.

I ran a scan with avira after combofix uninstalled and I had 19 items that required quarantining.

Why did my computer run fine with combofix installed and now that I've uninstalled it I have an obscure problem that is different than any issues I've had before?

I read about my most recently discussed problem being an issue in the past when I searched the terms "combofix" and "background" in google. The bleeping computer forum came up.

In the future I strongly recommend that the individuals told to run combofix.exe are told that it must be uninstalled (when told to do so by the adviser) after the procedures are complete - and that until combofix.exe is uninstalled, the individual who has installed combofix.exe must not install or have active firewalls or anitvirus/antimalware programs installed.

If an individual has installed an active firewall or active antivirus/antimalware program before uninstalling combofix.exe then many aspects of the operating system will be modified until those programs are removed or deactivated and combofix is uninstalled again.

As it recommends during installation: similarly do not click on the combofix window during uninstallation. It froze when I scrolled up to look at the files.

Furthermore, when the combofix uninstaller window visibly completes and closes it is not necessarily uninstalled. - Another window will open that says clearly that combofix has successfully uninstalled with an "ok" prompt.

I believe I had to restart after that window had popped up in order to restore my settings, but I don't remember.

I hope this helps anybody who has this apparently common problem with excellent program "combofix" in the future.

Rebuild you Icon Cache.

http://www.sevenforums.com/tutorials/49819-icon-cache-rebuild.html

Thanks for the link.

I fixed the issue as I explained in my last post by uninstalling my antivirus programs and disabling my firewall before uninstalling combofix.exe again.

Should I still run the Rebuild Icon Cache program?

If all is well NO!.

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall

===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

Please let me know if I can close this topic.

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.