Thank you for posting the file paths of what AVG rootkit removed. That is very helpful. I have edited out the Combofix and dll stuff in your previous post to keep it from being closed as your initial post did indeed conform to proper posting rules at BC. If you have any questions about this, don't hesitate to send me a PM.
and HiJack This
logs or parts thereof should not be posted outside the HijackThis
forums. Combofix is a powerful tool intended by its creator to be used under the direction of an expert
. It is NOT for private use
. You should NOT
use Combofix unless a Malware Removal Expert
has told you to. At Bleeping Computer, these experts do this ONLY in the HiJack This forum. Improper use of this tool can seriously damage your operating system and may even prevent it from starting again.
Please read Combofix's Disclaimer
At this point, I would like you to run a scan with SUPERAntiSpyware in Safe Mode
. You will, of course, install it in Normal Mode.
Download and install SUPERAntiSpyware free found here: SUPERAntiSpyware
Be sure to click on the download button to the left, not on the free trial download on the right.
Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes
· Under Configuration
, click the Preferences
· Click the Scanning Control
· Under Scanner Options
make sure the following are checked:
- Close browsers before scanning
- Scan for tracking cookies
- Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close
button to leave the control center screen.
Reboot into Safe Mode
· On the main screen, under Scan for Harmful Software
click Scan your computer
· On the left check C:\Fixed Drive
· On the right, under Complete Scan
, choose Perform Complete Scan
· Click Next
to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK
· Make sure everything in the white box has a check next to it, then click Next
· It will quarantine what it found and if it asks if you want to reboot, click Yes
Reboot into Normal Mode
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences
. Click the Statistics/Logs
o Under Scanner Logs
, double-click SUPERAntiSpyware Scan Log
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
Please post the log in your next reply.