Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix problem


  • This topic is locked This topic is locked
11 replies to this topic

#1 joaomconde

joaomconde

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 21 March 2014 - 11:02 AM

Hi all. First of all i want to say that i take full responsibility for using combofix not knowing how devastating it could be (i did my reaserch AFERWARDS), so ill get to the point.

I used it in order to be able to play Hearthstone which, for some strange reason, i was unable to.

After some reaserch i saw a topic in which the user had a similar issue and after much effort, combofix managed to let him play the game, so i decided to try it myself. I was sucessfull, everything went OK except one or two things.

 

Some of my toshiba OEM software doesn't run when i start my computer, including an HDD protection software, the flashcards and my mouse configuration.

 

And that's why im here, I wanted to know if i can, easily, restore that software and, if it removed some other important software that im missing.

 

I also have noticed that some (mabe all) of the missing software is listed under ORFÃOS REMOVIDOS or, in english Removed orphans.

 

Thank you in advance and i hope you can help me. i will post my log, sorry if its in Portuguese, i can translate it though.

Attached Files



BC AdBot (Login to Remove)

 


m

#2 joaomconde

joaomconde
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 22 March 2014 - 10:49 AM

bump i guess?



#3 joaomconde

joaomconde
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 23 March 2014 - 05:09 PM

bump again?



#4 joaomconde

joaomconde
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 24 March 2014 - 08:16 AM

So i have done more reaserch and found out that combofix did not actually delete these files, it only changed some registry values that made those programs work.

 

I really need help changins the registry so that i can have some basic programs work again.. ill post pictures

 

In the picture, the first 2 entries can run without problems, on startup, the second ones simply can't. Im guessing it has something to do with registry values but im not sure.. Can anyone help?

 

http://puu.sh/7Hzhn.png



#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:39 PM

Posted 26 March 2014 - 11:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/528228 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#6 joaomconde

joaomconde
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 26 March 2014 - 10:49 PM

i stil need help...

 

My solution so far was changing the address of the non working programs, from %ProgramFiles%, to C:\Program Files

 

What i want to know is if i install new software, wich automatically uses %ProgramFiles%, instead of C:\Program Files, will it work normally.

 

thank you in advance



#7 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:07:39 PM

Posted 28 March 2014 - 07:28 PM

Hello joaomconde, and  :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

I am oneof4, and I am here to help you!

  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • At the top right-center of the topic you will see a button called Follow this topic. If you click on this, another page will open. Please choose Instantly for notification and then clicking on Follow this topic you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. :heart: Please be courteous and appreciative for the assistance provided!
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========
 

ComboFix should have created a restore point on your system prior to running, that may be the quickest and best solution.

 

Give that a try, and report back on how it goes.

 

==========


Best Regards,
oneof4.


#8 joaomconde

joaomconde
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 29 March 2014 - 08:30 AM

no available restore point. As i said i only figured something was wrong with my pc some days after i used combofix. at this point, i used revo uninstaller pro to uninstall some programs, the problem is that Revo creates system restore points and it has overwritten the one prior to combofix.

 

At this point i just want to know if i install new software, wich automatically uses %ProgramFiles%, instead of C:\Program Files, will it work normally.

 

thank you



#9 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:07:39 PM

Posted 29 March 2014 - 10:19 AM

Hello :)

 

Here is some info on your question:

 

The "% %" indicates an environment variable. Here is a list of system variables for Windows 7, for example. These paths are set by default when the operating system is loaded. So in the above example this is true:

%SystemRoot% C:\Windows (what is also included in this %SystemRoot% is C:\Windows\system32, a subfolder of C:\Windows containing some of the OS files. Important to understand for the below)

But, what if the user partitioned his hard drive into C: and D: and then installed the operating system on the D: drive? In that case, if you tried to delete %SystemRoot%\system32\blank.htm (remember the \system32 subfolder is included in the C:\Windows path) by changing it to C:\Windows\system32\blank.htm what would happen? You would get a nasty note in your results telling you the file was not found! So, in order to get around those environment variables (like D: environment for Windows rather than C:) you can simply include %SystemRoot% and the computer will automatically know whether it is really the C: drive or some other drive like D:. Kind of a catch all to capture any "variables".

 

Normally, %PROGRAMFILES% is the same thing as C:\Program Files, unless per the above, your OS is on a different partition with a different drive letter, then %PROGRAMFILES% would point to X:\Program Files (with "X" being the OS drive letter).

 

So, having said all of that, if your computer OS is on C:\ then it shouldn't matter.


Best Regards,
oneof4.


#10 joaomconde

joaomconde
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 29 March 2014 - 03:06 PM

My OS is on C drive, but as i mentioned before, the startup programs which were with %ProgramFiles%, instead of C:\Program Files didnt start at startup, so i had to manually change registry values. Im wondering if i will have more trouble in the future regarding this matter.. other than this i managed to get my computer to work as before.

 

thank you



#11 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:07:39 PM

Posted 29 March 2014 - 05:32 PM

You are most welcome! :)


Best Regards,
oneof4.


#12 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:07:39 PM

Posted 03 April 2014 - 05:29 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Best Regards,
oneof4.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users