Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Missing Programs after Combofix

  • This topic is locked This topic is locked
2 replies to this topic

#1 nikkirj


  • Members
  • 1 posts
  • Local time:07:12 AM

Posted 07 February 2012 - 12:41 PM

Hi! So, I had the windows xp antivirus 2012 virus and I downloaded SuperAnti Spyware and Malware Bytes to get rid of it, once I got rid of it I still had a problem with a redirect that no antivirus would pick up, I also had about 40 extra processes of svchost.exe and iexplore.exe and my computer was slow. So I thought I would just continue "borrowing" programs and following other people's advice from this site.. and I came across Combofix.. and well it fixed the other guys computer, so I ignore the warning and used it. Fortunately, it worked, all my extra processes and the files that I couldn't delete that I could see were infected were finally gone. Here's the problem: My start button/bar is minimized and won't come up at all, it's completely gone, as is everything on that start menu the worst being my internet connection. The only stuff I have access to is the little icons that were already on my desktop from before the Combofix fixing attempt. I am not able to restore anything from the recycle bin and I also noticed I can't click on something (like an icon or a program) and move it, like from desktop to a folder or a picture to the desktop... not sure if that is important but it's definitely annoying. So just let me know what you need me to post on here, I am assuming it's the Qoolog (or whatever the Combofix file made) but not being sure I wasn't going to just post all that info on here. Anyway, thank you for your help, it is incredibly appreciated (work is SO boring without the internet!!!) Have an amazing day and I look forward to hearing from you!!!

BC AdBot (Login to Remove)


#2 nasdaq


  • Malware Response Team
  • 40,246 posts
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:12 AM

Posted 07 February 2012 - 02:06 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

You may have to download these tools using a good computer.
Save the files to a CD and copy them to the desktop of the infected computer.
Run them from there.

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

If unable to run .exe file download and run this tool.

Download FixNCR.reg

Once that file is downloaded and saved on a removable devices, insert the removable device into the infected computer and open the folder the drive letter associated with it. You should now see the FixNCR.reg file that you had downloaded onto it. Double-click on the FixNCR.reg file to fix the Registry on your infected computer. You should now be able to run your normal executable programs and can proceed to the next step.

If you do not have any removable media or another clean computer that you can download the FixNCR.reg file onto, you can try and download it to your infected computer using another method. On the infected computer, right click on the Internet Explorer's icon, or any other browser's icon, and select Run As or Run as Administrator. If you are using Windows XP, you will be prompted to select a user and enter its password. It is suggested that you attempt to login as the Administrator user. For Windows 7 or Windows Vista, you will be prompted to enter your Administrator account password.

Once you enter the password, your browser will start and you can download the above FixNCR.reg file. When saving it, make sure you save it to a folder that can be accessed by your normal account. Remember, that you will be launching the browser as another user, so if you save it to a My Documents folder, it will not be your normal My Documents folder that it is downloaded into. Instead it will be the My Documents folder that belongs to the user you ran the browser as. Once the download has finished, close your browser and find the FixNCR.reg file that you downloaded. Now double-click on it and allow the data to be merged. You should now be able to run your normal executable programs and can proceed to the next step.

This will help me to restore of you Internet Connection if it's not too badly damaged.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

#3 nasdaq


  • Malware Response Team
  • 40,246 posts
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:12 AM

Posted 13 February 2012 - 11:22 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users