Combofix messed up my computer:(

Hi,

Recently my computer was infected with "Trojan.Dropper.BCMiner", it was linked to "C:\Windows\Installer\{48dd6613-37f1-e110-816b-cfb1749ac810}\U�000008.@".

It has caused me alot of problems, and some expert told me to use combofix.

I followed the steps given carefully, no mistake made. The Trojan was gone and everything was fine.

Then i realised many of my computer's functionality went missing.

So far i only can name a few problems and i have not discover the whole impact of what Combofix has done to my computer.

These are what i have noticed:

1) My computer has no sound, i check my sound drivers and they are up to date.

2) All my photos and videos files are not accessible, it gives me some error box saying "Class not registered" while i click on photos and ''Windows Media Player cannot access the file. The file might be in use, you might not have access to the computer where the file is stored, or your proxy settings might not be correct'' when i try to open a video file. Are my files corrupted and unrecoverable?

3) From Firefox download window, i can no longer use the option of "Open Containing Folder", nothing happened when i click that.

4) Some control panel settings are not accessible: 1) under User Accounts, nothing happened when i click on ''Change User Account Control settings"
2) same thing for ''Device Manager" in Control Panel\All Control Panel Items\System
I am using administrator account by the way.

Hope someone out here can help me restore my computer to how it originally was, excluding the trojan. Thanks!

 

Hi, i have noticed that combofix also messed up my network connection. But the strange thing is me able to access the internet despite this issue. Combofix also messed up my system restore option, i have attached a screenshot of it.
Combofix log has also been attached. Thanks!

 

Hi,
i tried the OTM and this is the log.

All processes killed
========== FILES ==========
c:\windows\SysWow64\drivers\utmzndg2.sys moved successfully.
c:\windows\SysWow64\shoCA8B.tmp moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: See Toh
->Temp folder emptied: 345698721 bytes
->Temporary Internet Files folder emptied: 17948560 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 275171566 bytes
->Flash cache emptied: 4945 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 401408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 110170 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 253684565 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 49648108 bytes

Total Files Cleaned = 899.00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 07182012_095906

Files moved on Reboot...
C:\Users\See Toh\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File C:\Windows\temp\kls950E.tmp not found!

Registry entries deleted on Reboot...


By the way, do i use the system restore only as a last resort?

 

Ops, i made a mistake. I was thinking the message below are steps to restore my computer. I just done the scan, here is the log

 

Done both fix and scan. Here are the logs

 

1) My computer has no sound, i check my sound drivers and they are up to date.

2) All my photos and videos files are not accessible, it gives me some error box saying "Class not registered" while i click on photos and ''Windows Media Player cannot access the file. The file might be in use, you might not have access to the computer where the file is stored, or your proxy settings might not be correct'' when i try to open a video file. Are my files corrupted and unrecoverable?

3) From Firefox download window, i can no longer use the option of "Open Containing Folder", nothing happened when i click that.

4) Some control panel settings are not accessible: 1) under User Accounts, nothing happened when i click on ''Change User Account Control settings"
2) same thing for ''Device Manager" in Control Panel\All Control Panel Items\System
I am using administrator account by the way.

Only Point 3 was fixed.
Even the system restore and the network were not fixed.

Saddening

 

The person who made me use combofix told me to do this:
After that, re-register system dlls in Windows 7: http://forums.whatthetech.com/index.php?showtopic=112016

I don't even know if i should trust him anymore and the instructions in this link are so confusing.

 

any findings?

 

Sorry, i didn't know it is that late at your area. I will wait then.

 

There is this part in the link that states "You must uninstall all but one antivirus program."

I'm planning to keep my KasperSky Internet Security. Are Malwarebytes Anti-Malware, Spy-Bot Search & Destroy, SuperAntiSpyware even considered anti-virus software? Sometimes these programs managed to find more malicious softwares that KasperSky can't. Is it really wise?

I'm not trying to question your knowledge, but is the Malware Removal Guide really related to the problems combofix caused as i have mentioned earlier?

 

i forget to state that only Malwarebytes managed to find out about the trojan earlier before i did the combofix.

Hope to clarify everything before i proceed

 

This was the Qoobox quarantee file from Combofix, i forgot to post it earlier, hope it helps.

 

I thought at first i said my computer got infected, after i did combofix the infection was cure.

But combofix did damages like these mentioned:

1) My computer has no sound, i check my sound drivers and they are up to date.

2) All my photos and videos files are not accessible, it gives me some error box saying "Class not registered" while i click on photos and ''Windows Media Player cannot access the file. The file might be in use, you might not have access to the computer where the file is stored, or your proxy settings might not be correct'' when i try to open a video file. Are my files corrupted and unrecoverable?

3) Some control panel settings are not accessible:
-under User Accounts, nothing happened when i click on ''Change User Account Control settings"
-same thing for ''Device Manager" in Control Panel\All Control Panel Items\System
-i can't use system restore

4) It shows my network connection is not connected, but strangely i can access the internet

These problems weren't there before combofix was executed.

 

So what i'm hoping to achieve is to revert to how my computer originally was with my files working, computer sound working etc.
I'm thinking that Combofix quarantine some of the important system files, causing all those problems which i have listed.

 

Anyway, if i were to continue with the Malware Removal Guide. I'm still stuck at this part.

"You must uninstall all but one antivirus program."

I'm planning to keep my KasperSky Internet Security. Are Malwarebytes Anti-Malware, Spy-Bot Search & Destroy, SuperAntiSpyware even considered anti-virus software? Sometimes these programs managed to find more malicious softwares that KasperSky can't. Is it really wise to remove all and keep one?

 

Now i'm stucked at the part where i have to disable UAC.

because of the problems i have mentioned earlier:

3) Some control panel settings are not accessible:
-under User Accounts, nothing happened when i click on ''Change User Account Control settings"
-same thing for ''Device Manager" in Control Panel\All Control Panel Items\System
-i can't use system restore

But maybe i have already disabled UAC in the past, how do i double confirm?

 

I encountered a problem while running MGTools, do i click ok or cancel?
I have attached a screenshot.

 

I click cancel and nothing has happened.:confused

 

Screenshot

 

I tried using the MGtools again, and this time i click "OK" when the Process.dll error appeared. I managed to get the log, but i'm not sure if it's the complete log since there is this error while running it. I have attached the 4 log as requested.

Anyway, i tried to Re-register system DLLs just now. And the "no sound'' problem in my computer is resolved. So now it's just left with these 3 problems.

1) All my photos and videos files are not accessible, it gives me some error box saying "Class not registered" while i click on photos and ''Windows Media Player cannot access the file. The file might be in use, you might not have access to the computer where the file is stored, or your proxy settings might not be correct'', "Server execution failed"when i try to open a video file. Are my files corrupted and unrecoverable?

2) Some control panel settings are not accessible:
-under User Accounts, nothing happened when i click on ''Change User Account Control settings"
-same thing for ''Device Manager" in Control Panel\All Control Panel Items\System
-i can't use system restore

3) It shows my network connection is not connected, but strangely i can access the internet

 

what do i do next? o.o

 

This Part

If you are running Win 7, Vista, Windows XP or Windows ME, do the below:

Refer to the cleaning procedures pointed to by step 7 of the READ ME
for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.

For Windows 7

1. Click Start
2. Right click Computer > Properties > Choose Advanced System Settings option in left menu listing.
3. Click System Protection tab
4. Then highlight the drive you wish to turn off System Restore and click Configure (Image 1)
5. Then choose Turn off system protection (Image 2)
6. Click Apply > OK

I right-click computer and then properties, nothing happened. Exactly like those system problems i told you earlier.