Combo Fix Woes (Also makes Nvidia Optimus Fail)

hugobosslives · Aug 19, 2012

So here's the story:

Few days ago I had a problem with Bullguard internet security where by the behavioural scanner was't working. Their support channel asked me to do a couple things including a run of Combofix in safe mode which I did last night and sent them the results.

However The program has deleted a number of files and more importantly (and probably related to the deletions) has made Nvidia optimus stop working.

My laptop is a Acer Aspire 5750G (i5-2410M, Intel HD3000 and Nvidia GT 540M with optimus to switch between the two GPUs).

Basically Bulguard support are being rubbish and I suspect they have no idea what they are talking about.

The deleted files seem to be in quarantine on my hard drive.

How do I go about undoing everything combofix has done as the files that it deleted are not malware and I obviously need them back. I also tried to run the restore program from here: http://www.bleepingcomputer.com/forums/topic290138.html
I got the error 0x00007558!! Aborting
so that doesn't work

Also combofix seems to have deleted my system restore points so I can't use that.

Any help would be much appreciated. I have attached the two log files which I thought may be of help.

I somehow need to undo everything combofix did.

Kestrel13! · Aug 20, 2012

I cannot honestly see that it's killed anything relating to Nvidia, but let's restore the lot and take it from there. I do not know why BullGuard TechSupport are advising you to run Combofix in this situation. Tsk, tsk.

Now we need to use ComboFix by sUBs

Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!

If it is not on your Desktop, the below will not work.

Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.

If ComboFix tells you it needs to update to a new version, make sure you allow it to update.

Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:
Code:
KILLALL::

DeQuarantine::
C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
C:\Qoobox\Quarantine\Registry_backups\BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}.reg.dat
C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat
C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
C:\Qoobox\Quarantine\catchme.log
C:\Qoobox\Quarantine\C\Users\Hugh\AppData\Roaming\dvdae\dvdae.lic.vir
C:\Qoobox\Quarantine\C\Users\Hugh\AppData\Roaming\dvdae\dvdae.config.vir
C:\Qoobox\Quarantine\C\Users\Hugh\AppData\Roaming\Dexpot\Hugh.dxi.vir
C:\Qoobox\Quarantine\C\Users\Hugh\AppData\Roaming\Dexpot\profile\Standard.dxp.vir
C:\Qoobox\Quarantine\C\Users\Public\Documents\NTIMMV9Acer.dll.vir
C:\Qoobox\Quarantine\C\ProgramData\FullRemove.exe.vir
C:\Qoobox\Quarantine\C\Program Files (x86)\TabBar\QTHookLib32.dll.vir
C:\Qoobox\Quarantine\C\Program Files (x86)\TabBar\QTHookLib64.dll.vir
C:\Qoobox\Quarantine\C\Program Files (x86)\TabBar\frost_aero\frost aero\toolbar .png.vir
C:\Qoobox\Quarantine\C\Program Files (x86)\TabBar\frost_aero\frost aero\tabbar.png.vir
C:\Qoobox\Quarantine\C\Install.exe.vir
C:\Qoobox\Quarantine\C\Windows\SysWOW64\URTTEMP\regtlib.exe.vir
QUIT::
Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe

At this point, you MUST EXIT ALL BROWSERS NOW before continuing!

You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.

Now use your mouse to drag CFscript.txt on top of ComboFix.exe

Follow the prompts.

When it finishes, a log will be produced named c:\combofix.txt

I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.

Attach the:

C:\DeQuarantine.txt and let me know if it made any difference at all.

hugobosslives · Aug 20, 2012

Hi. first of all thank you for replying. I am quite worried about this computer problem.

I did the script you said and it ask to download a newer version which I did do.

It seems to have put back the files. However it has not fixed the optimus issue. It will still not change to the nvidia gpu.

I have read a few other forums and everyone says that you should not use combofix if you have a laptop with nvidia optimus so I am really annoyed bullguard asked me to run the tool without informing me what it was.

I have attatched the DeQuarantine file. The combofix log file has not changed it is still the same date as when bullguard made me run it. So there is no point uploading it. as it is on the previous post.

Do you have anymore suggestions on how to make optimus work again or do undo everything this combofix has done as optimus is all i need to be happy

Also if you need any more file uploads such as the whole of C:/Qoobox please don't hesitate to ask.

Thank you and I await your response.

Kestrel13! · Aug 20, 2012

I suggest you post about this in the software forum, combofix did not remove nvidia related files though.

Log in or Sign up

Combo Fix Woes (Also makes Nvidia Optimus Fail)

hugobosslives Private E-2

Attached Files:

ComboFix-quarantined-files.txt

ComboFix.txt

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

hugobosslives Private E-2

Attached Files:

DeQuarantine.txt

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Log in or Sign up

Combo Fix Woes (Also makes Nvidia Optimus Fail)

hugobosslives Private E-2

Attached Files:

ComboFix-quarantined-files.txt

ComboFix.txt

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

hugobosslives Private E-2

Attached Files:

DeQuarantine.txt

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Useful Searches