After the AVG is done and before posting the log, run these two scans in order and attach their logs in the same post.
Then run a fresh HijackThis scan and post that log also. Run HijackThis only AFTER everything else is done.
----------
Please download
Vundofix.exe to your desktop.
* Double-click
VundoFix.exe to run it.
* Put a check next to
Run VundoFix as a task.
* You will receive a message saying vundofix will close and re-open in a minute or less. Click
OK
* When VundoFix re-opens, click the
Scan for Vundo button.
* Once it's done scanning, click the
Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click
YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will shutdown your computer, click
OK.
* Turn your computer back on.
* Please post the contents of C:\
vundofix.txt and a new
HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.
Please let Vundo finish, sometimes it can take multiple passes
----------
Download
SDFix.exe and save it to your Desktop.
Double click
SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in
Safe Mode by doing the following:
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, the Advanced Options Menu should appear;
* Select the first option, to run Windows in Safe Mode, then press
Enter.
* Choose your usual account.
* Open the extracted SDFix folder and double click
RunThis.bat to start the script.
* Type
Y to begin the cleanup process.
* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the removal process then display
Finished, press any key to end the script and load your desktop icons.
*] Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as
Report.txt
(Report.txt will also be copied to Clipboard).
* Finally add the contents of the
Report.txt in your next post as an
Attachment with a new
HijackThis log