With the fake AV and all the downloaders gone from the HDD, and the registry keys wiped clean, I am left with this annoying rootkit that terminates any program that tries to scan any files.
For example, this rootkit removed the AVG Free version that was originally on the pc. So, I installed and ran MalwareBytes. It scans for a few seconds then is terminated. If you try to run it again, it says access denied. If you reboot, the executable is missing.
I tried to use ComboFix, but all it does is give the green line where it is unpacking and then does nothing. I look in C:/ComboFix folder and it is empty.
I scanned with SuperAntiSpyware, it found some things, removed them, then reboot. Upon reboot, the executable was also unusable again.
I downloaded and ran RootRepeal. It can scan the devices, drivers, and processes just fine. But once I try to scan the files, it is mysteriously terminated.
I am no rookie at this. I have been removing malware for well over 10 years and have never run into anything quite this annoying.
The only thing that RootRepeal tells me before it terminates is that hiberfil.sys is locked to the windows API.
Attached is a DDS scan (neat way to bypass a rootkit, make it look like a screensaver file) log.
Any help would be appreciated. Notice this is my first post. This has to be the first time I have not been able to find the answer to my question just by searching the forums here