Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran ComboFix by mistake


  • This topic is locked This topic is locked
49 replies to this topic

#31 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:02:25 PM

Posted 19 September 2013 - 02:46 PM

Okay, let's go another route:

 

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
     

:folderfind 
*Themes*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

 


Best Regards,
oneof4.


BC AdBot (Login to Remove)

 


#32 jobo1943

jobo1943
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 19 September 2013 - 04:04 PM

Hi, I ran the systemlook for *Themes* and the text is:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 13:11 on 19/09/2013 by jab
Administrator - Elevation successful
 
========== folderfind ==========
 
Searching for "*Themes*"
C:\Program Files\Common Files\Microsoft Shared\THEMES14 d------ [19:03 14/08/2012]
C:\Program Files\Microsoft Office\Document Themes 14 d------ [17:10 30/10/2010]
C:\Program Files (x86)\Adobe\Adobe Help\Themes d------ [22:59 27/08/2011]
C:\Program Files (x86)\foobar2000\themes d------ [15:18 14/10/2011]
C:\Program Files (x86)\Microsoft Expression\Blend 3\AppThemes d------ [21:28 28/11/2009]
C:\Program Files (x86)\Microsoft Expression\Blend 3\SystemThemes d------ [21:28 28/11/2009]
C:\Program Files (x86)\Microsoft Expression\Encoder 3\SDK\Samples\SL3Diagnostic\Source\MediaPlayer\Themes d------ [21:31 28/11/2009]
C:\Program Files (x86)\Microsoft Expression\Encoder 3\Templates\en\Archetype\Source\MediaPlayer\Themes d------ [21:31 28/11/2009]
C:\Program Files (x86)\Microsoft Expression\Encoder 3\Templates\en\BlackGlass\Source\MediaPlayer\Themes d------ [21:31 28/11/2009]
C:\Program Files (x86)\Microsoft Expression\Encoder 3\Templates\en\Chrome\Source\MediaPlayer\Themes d------ [21:31 28/11/2009]
C:\Program Files (x86)\Microsoft Expression\Encoder 3\Templates\en\Clean\Source\MediaPlayer\Themes d------ [21:31 28/11/2009]
C:\Program Files (x86)\Microsoft Expression\Encoder 3\Templates\en\CorporateSilver\Source\MediaPlayer\Themes d------ [21:31 28/11/2009]
C:\Program Files (x86)\Microsoft Expression\Encoder 3\Templates\en\Expression\Source\MediaPlayer\Themes d------ [21:31 28/11/2009]
C:\Program Files (x86)\Microsoft Expression\Encoder 3\Templates\en\FrostedGallery\Source\MediaPlayer\Themes d------ [21:31 28/11/2009]
C:\Program Files (x86)\Microsoft Expression\Encoder 3\Templates\en\GoldenAudio\Source\MediaPlayer\Themes d------ [21:31 28/11/2009]
C:\Program Files (x86)\Microsoft Expression\Encoder 3\Templates\en\Graphing\Source\MediaPlayer\Themes d------ [21:31 28/11/2009]
C:\Program Files (x86)\Microsoft Expression\Encoder 3\Templates\en\Jukebox\Source\MediaPlayer\Themes d------ [21:31 28/11/2009]
C:\Program Files (x86)\Microsoft Expression\Encoder 3\Templates\en\Popup\Source\MediaPlayer\Themes d------ [21:31 28/11/2009]
C:\Program Files (x86)\Microsoft Expression\Encoder 3\Templates\en\QuikSilver\Source\MediaPlayer\Themes d------ [21:31 28/11/2009]
C:\Program Files (x86)\Microsoft Expression\Encoder 3\Templates\en\Reflection\Source\MediaPlayer\Themes d------ [21:31 28/11/2009]
C:\Program Files (x86)\Microsoft Expression\Encoder 3\Templates\en\SL3AudioOnly\Source\MediaPlayer\Themes d------ [21:31 28/11/2009]
C:\Program Files (x86)\Microsoft Expression\Encoder 3\Templates\en\SL3Gallery\Source\MediaPlayer\Themes d------ [21:31 28/11/2009]
C:\Program Files (x86)\Microsoft Expression\Encoder 3\Templates\en\SL3Standard\Source\MediaPlayer\Themes d------ [21:31 28/11/2009]
C:\ProgramData\WinZip\Themes d------ [06:52 07/05/2012]
C:\Users\All Users\WinZip\Themes d------ [06:52 07/05/2012]
C:\Users\jab\AppData\Local\Microsoft\Windows\Themes d------ [23:41 16/04/2010]
C:\Users\jab\AppData\Local\Temp\7ZipSfx.000\themes d-a---- [16:02 10/09/2013]
C:\Users\jab\AppData\Local\Temp\cis7a14e46\themes d------ [16:04 10/09/2013]
C:\Users\jab\AppData\Roaming\Microsoft\Templates\Document Themes d------ [16:49 22/02/2010]
C:\Users\jab\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Document Themes d------ [08:19 28/11/2009]
C:\Users\jab\AppData\Roaming\Microsoft\Templates\LiveContent\User\Document Themes d------ [08:19 28/11/2009]
C:\Users\jab\AppData\Roaming\Microsoft\Windows\Themes d------ [08:29 10/11/2009]
C:\Users\jab\Desktop\Utils\APPS BKP\MS Themes d------ [23:40 16/04/2010]
C:\Users\jab\Desktop\Utils\APPS BKP\foobar2000\themes d------ [15:16 14/10/2011]
C:\Users\jab\Videos\WEBSHARE\WWWROOT\_themes d------ [23:31 28/11/2009]
C:\Windows\Resources\Ease of Access Themes d------ [03:20 14/07/2009]
C:\Windows\Resources\Themes d------ [05:32 14/07/2009]
C:\Windows\winsxs\amd64_microsoft-windows-s..-soundthemes-garden_31bf3856ad364e35_6.1.7600.16385_none_f7a4bf1e15863e21 d------ [05:30 14/07/2009]
C:\Windows\winsxs\amd64_microsoft-windows-s..-soundthemes-quirky_31bf3856ad364e35_6.1.7600.16385_none_e55404efe49bb9cb d------ [05:30 14/07/2009]
C:\Windows\winsxs\amd64_microsoft-windows-s..-soundthemes-sonata_31bf3856ad364e35_6.1.7600.16385_none_201752c112c5078c d------ [05:30 14/07/2009]
C:\Windows\winsxs\amd64_microsoft-windows-s..dthemes-calligraphy_31bf3856ad364e35_6.1.7600.16385_none_c1407bc73caf8dfc d------ [05:30 14/07/2009]
C:\Windows\winsxs\amd64_microsoft-windows-s..l-soundthemes-delta_31bf3856ad364e35_6.1.7600.16385_none_fbf7e0678b64a4b8 d------ [05:30 14/07/2009]
C:\Windows\winsxs\amd64_microsoft-windows-s..ndthemes-characters_31bf3856ad364e35_6.1.7600.16385_none_08da32b0fdad9220 d------ [05:30 14/07/2009]
C:\Windows\winsxs\amd64_microsoft-windows-s..oundthemes-festival_31bf3856ad364e35_6.1.7600.16385_none_121f20b55f0bde68 d------ [05:30 14/07/2009]
C:\Windows\winsxs\amd64_microsoft-windows-s..oundthemes-heritage_31bf3856ad364e35_6.1.7600.16385_none_5872c0830d0c4747 d------ [05:30 14/07/2009]
C:\Windows\winsxs\amd64_microsoft-windows-s..soundthemes-savanna_31bf3856ad364e35_6.1.7600.16385_none_8501e89d0b011992 d------ [05:30 14/07/2009]
C:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-afternoon_31bf3856ad364e35_6.1.7600.16385_none_2a05e57d5ab3659e d------ [05:30 14/07/2009]
C:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-cityscape_31bf3856ad364e35_6.1.7600.16385_none_5b48f43248490503 d------ [05:30 14/07/2009]
C:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-landscape_31bf3856ad364e35_6.1.7600.16385_none_7a83a914edc3de49 d------ [05:30 14/07/2009]
C:\Windows\winsxs\amd64_microsoft-windows-shell-soundthemes-raga_31bf3856ad364e35_6.1.7600.16385_none_2fe300bf8e73cdbd d------ [05:30 14/07/2009]
C:\Windows\winsxs\amd64_microsoft-windows-themeservice.resources_31bf3856ad364e35_6.1.7600.16385_en-us_bd5d3f940c611446 d------ [05:37 14/07/2009]
C:\Windows\winsxs\amd64_microsoft-windows-themeservice_31bf3856ad364e35_6.1.7600.16385_none_05f77252e20d9cfd d------ [05:30 14/07/2009]
C:\Windows\winsxs\amd64_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.1.7600.16385_none_ab5096c4554b074f d------ [03:20 14/07/2009]
C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.1.7600.16385_none_f2fdcd9b69c73055 d------ [03:21 14/07/2009]
 
-= EOF =-

 

Thanks,

 

jobo



#33 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:02:25 PM

Posted 19 September 2013 - 08:07 PM

Okay, a couple of options:

 

  • If you have access to another Win7 computer, you can copy and paste the contents of the following folder into your computer's:

C:\Windows\Resources\Themes

 

 


Best Regards,
oneof4.


#34 jobo1943

jobo1943
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 20 September 2013 - 03:40 PM

Hi,

 

I am logged in as admin, turned off UAC and yet microsoft sill requires me to be a trusted installer when I try a paste. I was a Windows evangelist 25 years ago but they have lost track of user needs and convenience - they should get out of the OS business like IBM did - and watch US productivity soar.

 

Apologies for the frustration but it is ridiculous that they restrict in such byzantine ways.

 

Thanks in advance for any ideas,

 

jobo



#35 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:02:25 PM

Posted 20 September 2013 - 07:50 PM

Hey, :)

 

This may seem redundant, but please repeat the following:

 

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:dir
C:\Windows\Resources\Themes
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 


Best Regards,
oneof4.


#36 jobo1943

jobo1943
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 22 September 2013 - 08:12 PM

Hi,

 

This is the systemlook.txt file content:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 18:09 on 22/09/2013 by jab
Administrator - Elevation successful
 
========== dir ==========
 
C:\Windows\Resources\Themes - Parameters: "(none)"
 
---Files---
aero.theme --a---- 1897 bytes [20:57 10/06/2009] [20:57 10/06/2009]
architecture.theme --a---- 2376 bytes [21:45 13/07/2009] [20:57 10/06/2009]
characters.theme --a---- 2366 bytes [21:45 13/07/2009] [20:57 10/06/2009]
landscapes.theme --a---- 2360 bytes [21:45 13/07/2009] [20:57 10/06/2009]
nature.theme --a---- 2319 bytes [21:45 13/07/2009] [20:57 10/06/2009]
scenes.theme --a---- 2326 bytes [21:45 13/07/2009] [20:57 10/06/2009]
Think_theme.theme --a---- 5541 bytes [20:45 20/09/2013] [10:09 26/08/2009]
 
---Folders---
Aero d------ [05:32 14/07/2009]
 
-= EOF =-

 

I have control of the themes folder and have pasted in the themes folder contents from another Win 7 machine but still no ability to save the selection. I can run desktop personalization, I can select the theme I want and it shows it as selected but no change in the desktop!!!

 

Thanks for persevering,

 

jobo



#37 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:02:25 PM

Posted 22 September 2013 - 09:13 PM

Let's try a few things:

 

  1. Click Start, Control panel, Ease of Access, and then click Ease of Access Center.
  2. Under Explore all settings, click Make the computer easier to see.
  3. Make sure that the option to Remove background images not selected.
  4. Click OK twice, and then close the Ease of Access Center window.
  5. Try to change your Deasktop background.

 

If that doesn't work, then:

 

  1. Click Start, paste the following text into the search box, and then press Enter

    %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Themes\
  2. Right-click the TranscodedWallpaper.jpg file, and then click Rename.
  3. Change the file name to TranscodedWallpaper.old, and then click Yes when you are prompted.
  4. If slideshow.ini is listed, double-click this file. Slideshow.ini should open in Notepad. Select all the text in slideshow.ini if any exists, and then press Delete on the keyboard.
  5. On the File menu, click Save.
  6. Close Notepad.
  7. Close the Windows Explorer window, and then browse to the picture that will be set as the background image.
  8. Try to apply a background picture again.

 


Best Regards,
oneof4.


#38 jobo1943

jobo1943
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 23 September 2013 - 12:31 AM

Hi,

 

Remove Background Images was not selected in Ease of Access.

 

Inserted "%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Themes\" and renamed as directed but no desktop change after I retried. slideshow.ini was empty.

 

A mystery!!!!

 

Best,

 

jobo



#39 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:02:25 PM

Posted 23 September 2013 - 10:39 AM

Try creating a new user account (just as an experiment), and see if you are able to change backgrounds, themes, etc.


Best Regards,
oneof4.


#40 jobo1943

jobo1943
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 26 September 2013 - 01:17 PM

Hi,

 

Tried new user account and it would not let me even download a Theme from MS. It said the security settings needed changing. However when I switched users to my main user account the file was on my desktop. The desktop for the main user account still failed to select a changed desktop theme and the personalize window did not show it even though the new theme is in the themes folder under windows/resources.

thanks and best,

jobo



#41 jobo1943

jobo1943
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 27 September 2013 - 02:19 PM

Hi,

 

I have been playing with desktop personalization and notice that if I select a theme it appears in the preview window and if I save it, then it turns off sounds theme selection.

If I select a new sounds theme it then reverts the selected desktop (whatever I selected as a theme) to plain black solid color. Happens every time independent of the desktop theme or sound theme selected.

 

best,

 

jobo



#42 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:02:25 PM

Posted 27 September 2013 - 10:01 PM

Hi :)
 
Try this:
 
Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

p22001645.gif



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22001646.gif


Go to Step 4 and under "System Restore" click on Create button:

p22001644.gif


Go to Start Repairs tab and click Start button.

p22001166.gif


Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

p22001647.gif

Click on box next to the Restart System when Finished. Then click on Start.


Best Regards,
oneof4.


#43 jobo1943

jobo1943
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 30 September 2013 - 10:21 AM

i followed the instructions but the program hangs at step one of the repair process. I get a dos box with a failure notice for a registry service. Tweaking stopped at repair job 1/12 but it said it was still working and I left it for 17 hours with no change of state. If you wish I can rerun it and copy the failure notice. I disabled all virus/antitrojan software before running.

 

Best,

 

jobo



#44 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:02:25 PM

Posted 30 September 2013 - 07:41 PM

It may be worth a shot to try the Windows All-In-One a second time, but before you do that, please do the following:
 
Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Attached Files


Best Regards,
oneof4.


#45 jobo1943

jobo1943
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 01 October 2013 - 11:45 AM

Hi, 

 

This is the fixlog.txt file content:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-09-2013 02
Ran by jab at 2013-10-01 09:44:22 Run:2
Running from C:\Users\jab\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
S3 ALSysIO; \??\C:\Users\jab\AppData\Local\Temp\ALSysIO64.sys [x]
*****************
 
ALSysIO => Service deleted successfully.
 
==== End of Fixlog ====
 
Thanks,
 
jobo





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users