Solved Browser redirect + poor performance + error on exit explorer

[Bobbye]

Great! They were removed. Possibly the script didn't pick them up at first. What you did with the script becomes a part of the Combofix report. The deletions can be seen at the beginning of the log.

Okay, where do you stand now? What if anything is left of the original problems?
Use the file references I gave you in Post 22 to find and backup whatever you want in QuickBooks. When you have finished, reboot and run Combofix again- not the fix-the scan. I can see if any files are left from QuickBooks and set up their removals.

It would be a good idea to run the Eset online AV scan to make sure we haven't missed anything:
Run Eset NOD32 Online AntiVirus Scanner HERE

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the Active X control to install
• Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
• Click Scan
• Wait for the scan to finish
• Re-enable your Antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

 

[beogil]

Well, bad news. I thought we were on the home stretch, but it looks like eset found 5 threats.

I did backup the QB files, but I assume you will want to deal with the infections first.

combofix and eset logs attached.

Thanks!

 

[Bobbye]

Not to worry! 4 of the files are in System Volume> that's the restore points. I have you drop those at the end. Please don't use System restore though until it's clean. The other is in the Qoobox which is the Combofix quarantine folder. So the are not active in your system and will all be removed at the end.

So not only are you on the home stretch, but you are almost home! :haha:As soon as you give me the okay that you've gotten what you want from QuickBooks, I'll set up one more removal for any remaining QB files, then have you remove the cleaning tools and old restore points!

 

[beogil]

Excellent!

I have what I need from QB, and it is backed up. (Online, on seperate drive, and on disk).

I'm ready to finish up

Thanks!

 

[Bobbye]

Okay, I promised you one more removal. So delete the previous Combofix log on the desktop, then run Combofix once more. I'll gather the 'left over' QB entries and have you remove them. Shouldn't take long. We're almost through.

Then I'll have you remove the cleaning tools and old restore points.

Oh, remind me to tell you how much I appreciate your patience! I had 2 members today bumping threads up after less than 24 hours!

 

[beogil]

Thanks! I figured you would get back to me when you were ready... no point in rushing it, since I wasn't going anywhere

Attached is the latest combofix log.

 

[Bobbye]

Here you go Dad- I was waiting for the new Combofix log:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad and copy/paste the text in the code below into it:

File::
c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\Components\DownloadQB17\Patch\qbpatch2.exe
c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\qbbackup.sys
c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 
c:\progra~1\Intuit\QUICKB~2\QBDBMgrN.exe
c:\windows\Temp\Perflib_Perfdata_e0.dat
c:\windows\Temp\Perflib_Perfdata_94.dat
c:\windows\Temp\Perflib_Perfdata_550.dat

Folder::
c:\documents and settings\All Users\Application Data\TEMP

Registry::

Driver::
QuickBooksDB17

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please attach to your next reply.

Be sure to note the last entry in the Code box under Driver.

Let me just have a quick looks at the resulting report. If okay, we'll cleanup the tools!

 

[beogil]

Here is the combo-fix report with the removal of quickbooks. Did this actually uninstall the product too? I still have the shortcuts and it looks like QB is still installed. Did I miss a step?

Thanks!

 

[Bobbye]

What I put in the code box is mostly entries you wouldn't readily see. Here's the rest of the cleanup for you:

1. Do a right click> Delete on any remaining shortcuts: can be in QuickLaunch Toolbar, Desktop and Bookmark.
2. Go to Control Panel> Add/Remove Programs> uninstall any QB entries.
3. Use Windows Explorer (right click on Start> Explore)> go to My Computer> double click on C Drive> Programs> do a right click> delete if any program folders remain

Exit Windows Explorer

TFC (Temp File Cleaner)
Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
Remove all of the tools we used and the files and folders they created

Uninstall ComboFix and all Backups of the files it deleted

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

• Download OTCleanIt by OldTimer
• Save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.

The tool will delete itself once it finishes. If you are prompted to Reboot during the cleanup, select Yes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.

• Go to Start > All Programs > Accessories > System Tools
• Click "System Restore".
• Choose "Create a Restore Point" on the first screen then click "Next".
• Give the Restore Point a name> click "Create".
  
• Go back and follow the path to > System Tools.
  [*]Click "OK" to select the partition or drive you want.
  [*]Click the "More Options" Tab.
  [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Empty the Recycle Bin

You've done a great job! The system should be running a lot better. It's clean and a lot of unneeded processes are gone.
If I can be of further assistance, please let me know. .

 

[beogil]

Thanks Bobbye! You were awesome! I appreciate your help so much. Yes, everything is running faster. I also found time over the weekend to get a hardline run to the computer, so its MUCH faster.

No other issues. If something comes up, I'll let you know.

Thanks again.

 

[Bobbye]

You're very welcome! Glad to help out. Take care of that family- wishing you all the best.

I'll close this thread since the issue has been resolved.