Ok Mike, thanks again for your help. I'm a bit of a computer noob and you saved me £40. I'm gonna go eat dinner now, very hungry.

Thanks

OK when you have the edit screen open, click the "Go Advanced" button below the screen, then look at the header beside the Smiley face for the paperclip then browse to the location of the file to send.

Mike

Yeh I sent it. It's on the previous page

Are we finished or do you want me to do anything else?

More than 40!

Just because it seems to be OK don't stop now. let me be sure for you!

But Combofix was loaded so now we run it again to confirm clean! Post new log!

Then do this and post log!

Download SDFix to Desktop.

http://www.bleepingcomputer.com/resources/link252.html

On Desktop run SDdFix It will run (install) then close.

Then reboot into Safe Mode

As the computer starts up, tap the F8 key several times.

On the Boot menu Choose Safe Mode.

Click thu all the prompts to get to desktop.

At Desktop
My Computer C: drive. Double-click to open.

Look for a folder called SD Fix. Double-click to enter SD Fix.

Double-click to RunThis.bat. Type Y to begin.

SD Fix does its job.

When prompted hit the enter key to restart the computer

Your computer will reboot.

On normal restart the Fixtool will run again and complete the removal process then say Finished,
Hit the Enter key to end the script and load your desktop icons.

Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
Attach the Report.txt file to your next post.

And we have those file names you posted if they are still there.

Mike

that link you gave gives me an error. its not working

OK fixed link! Try again!

Mike

the combofix is saying that norton could interfere. should i continue? how do i disable norton?

Just boot to Safe mode Networking and do it!

Mike

ok heres the combofix. i'll do the sdfix now

I will be running a errand for an hour or so, will check back soon.

You are doing a great job and we are almost finished!

Mike

heres the sdfix report. i'm gonna go to sleep now but if you want to contact me then heres my email: manupatel1993@yahoo.com

thanks a lot once again

We have arrived you are clean of Malware.

You did a great job!

But I do want 2 things before we shut down.
1. Evaluation of how the computer is doing, is the external drive OK, and are there other issues?
2. A final HJT log!

Mike

Sorry for the late reply, Ok, i'll do that

Hi again Mike, sorry for the late reply, i came back today and didnt get a chance to come back online.

The external hard drive is working fine again now. When the computer was infected it was taking a really long time to turn on, now its gone back to normal.

I took a log with HijackThis. I think thats what you meant by HJT, i'm not sure. If its not then i'll be happy to do that.

Once again sorry for the late reply and thank you very much for helping me out.

Great!

Then consider the following!

Thread closing-------------------------------------------------------------------

Some of these tools update so often they require downloading again later if needed. But keep and run MBAM and SAS to maintain.

Remove ComboFix
Start-Run
type
combofix /u
Hit enter or click OK.

Please download OTCleanIt http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe

Save to desktop.

This will remove all the tools we used to clean your computer.


Double-click OTCleanIt.exe. Click CleanUp. Yes to the "Begin cleanup Process?"

Approve all if prompted by Firewall. Approve Widows Defender or other guards or security programs while OTCleanIt attempting access to the Internet to allow all.

If prompted to Reboot click, Yes.
OTCleanit will delete itself when finished, If not delete it by yourself.

-------------------------------------------------------------------------------------
Run CCleaner again twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.

Run ATF-Cleaner http://majorgeeks.com/ATF_Cleaner_d4949.html Temp and Registry, repeatedly until no more found.

KCleaner ftp://ftp2.kcsoftwares.com/kcsoftwa/files/kcleaner.exe
Fantastic cleaner.
-------------------------------------------------------------------------------------
The issues can and are likely found is in System Restore so do the below

Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "After cleanup at TechSpot".

Then Start-Programs-Accessories-System Tools-Disk Cleanup
Click OK to accept C:
Select all Boxes
Then click More Options
Here click System Restore and OK to "Are you sure" and the OK to Run.

As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

It clears what is known as Shadow copies which are used by specialized back up programs.

This is if you have the Volume Shadow Copy running which is the default.
-------------------------------------------------------------------------------------

Every two weeks or so, run MBAM and SAS until clean.

They take a while, so leave scanning while you are sleeping working or watching TV. If not done under the gun they can be scheduled not to interfere with computer time.

If they find something they can not clean, then get back to us.

Additionally run CCleaner. ATF-Cleaner and KCleaner.
----------------------------------------------------------------------------------------
I have been using ThreatFire for more than a year, it just went from ver 3 to ver 4.

It was designed to be used with and to co-exist with other Virus scanners.

Additionally it uses a totally different process to protect. While conventional Virus scanners work from definitions ThreatFire works on recognizing Virus/Malware activity.

It's like looking at it with 2 sets of eyes and from a different angle.

It works like some Firewalls do to learn what is good/bad.

After install it will ask you about everything that could be a security issue. For example the first time you run IE or FireFox it will prompt you. You would answer to approve and remember the setting. From then on no more prompts about IE or FireFox unless the exe changes like in an update.

As it queries you about the prompt to help you determine to approve or not you can google it with one click.

http://www.threatfire.com/Download/
-------------------------------------------------------------------------------------
Look at http://www.javacoolsoftware.com/spywareblaster.html

Run SpyBot ocassionally and use the Immunize function.
http://www.safer-networking.org/en/download/

I highly reccomend Hostman: Hostman http://majorgeeks.com/HostsMan_d4592.html

Download install run and allow it to disable DNS Client and select all Host files and then Update and install all host files.

A Disk Scan (chkdsk) and Defrag are in order.

Mike