@ whatttupG,
The OP is already working with a Certified Malware Removal Expert, the one I mentioned to you about, and completed the OTL logs that I requested from you. But thank you for your input.
Using app remover will get rid of AVG totally, using add remove will not and combofix will still fail to run
The infection is similar to one I had problems with a few years ago, but in discussion with sUBS he created a tool to help remove it. That was then incorporated into combofix (it was a test I was given whilst training ) ;D
Okay, I’ll do all of this at some point tonight. Just kinda getting myself organized and ready to do it when I have the most time. Thanks for your patience, by the way.
Okay! So! Finally did it all. And here’s the sorta gist of it:
Ran the fix.
Posting the thing that OTL opened on rebooting after the fix.
Posting the OTL Quick Scan log after rebooting and quick scanning.
Posting the ComboFix log.
However! ComboFix said it had found rootkit activity and needed to reboot. At which point, it closed, and kinda… just left my computer hanging there for a while. Like, no programs running, and showed no signs of rebooting at all. So I manually turned off my computer, and turned it back on… and it started running ComboFix again, and eventually finished. So I don’t know if I screwed up by turning it off manually or not, or if it should still have ran fine. Either way, will post everything for you to go over.
On that note, I noticed after running the fix that the Chinese-named things don’t appear in MSConfig anymore. Just curious as to what exactly that fix did. Did it just remove the appearance of those, or did it actually do something? Just curious on if they were actually something to be worried about/if this IS indeed a real infection to be worried about, or whatnot. Please, give me any and all details you can, it would be very appreciated! I just don’t want to feel worried or left in the dark. Also, tell me if you think me turning off the computer instead of leaving it alone when it said it had to reboot would have messed it up or not please, just so I know if I should redo it.
And there you have it, all things requested finally done at the moment.
Essexboy is the best person to answer this and he will be back on the forum in a while.
OTL removed the data from your registry and combofix did not report that it had found anything, this is probably due to the hang before it compiled the report. However, both logs look good. How is your system running ?
Im no expert but this looks like the doings of teh “ConIME” virus attack. If you catch it early enough you can see conime running in your startup menu. Do a search on this and you can get some details on how to fix it. I lost the link I had when I had to fix mine…sorry.
IME is part of the OS language pack, I have seen it removed before for no apparent reason as it is legitimate
Most of the time this is correct, however, when you dont have ANY language packs installed, nor any reason for it to be running…let alone in your start up MSCONFIG.MSC…you have a problem. Google it with the word virus and Im sure you will find the data relating this to BFGhost.
I am aware of that but 90% of the time it is a false positive. If you install windows you will get a prtial install of that section for when you wish to add languages
My system seems to be running okay. What did ComboFix actually… erm, wait a sec. You said that Combofix didn’t find anything? While I was scanning, it said that it had detected rootkit activity and had to reboot the system, but the log has nothing in it? That’s odd… shouldn’t it have logged whatever it had found, supposedly?
That is correct but it looks as though it hung before it produced the report
Could you look in Qoobox (combofix quarantine folder ) and let me know what files were quarantined
Here’s the file I found called ComboFix-Quarantined-Files… not sure if that’s what you were wanting me to look into (Because the Qoobox folder had a bunch of stuff). Also posting the pictures of the folders to show what’s in them. Thoughts?
Weel it reset the TCPIP for you
were there any files in the C folder ?
Pardon? I know I kinda sound stupid for asking, but what do you mean by "Weel it reset the TCPIP for you " (I assume you meant ‘will’).
Also, you mean just the plain regular C Folder? In my C folder, theres:
boot.bak (Bak file… not sure what THAT is. I assume it’s a backup of some form)
_OTL (Folder)
Documents and Settings (Folder)
NVIDIA (Folder)
Program Files (Folder)
Qoobox (Folder)
Windows (Folder)
ComboFix.txt (Text file)
My apologies thick fingers I meant well CF reset the tcpip
No for the c file I meant the one in the qoobox folder - there was a folder called registry and one called C
Oh! Sorry. It didn’t cross my mind, because I recall it was empty. Double checks Yup! Empty.
If I read that log properly, it quarantined TCPIP and something called catchme.txt or something? Not sure what those are or if there’s anything to worry about with those. So, in your opinion, is this a valid infection or just some weirdness with my system?
I must admit there are rare ocassions when combofix takes a dislike to a machine
What problems are you experiencing now ?
Noticeable problems? None, really. Out of all the logs and things I posted, were you able to actually notice anything that you would consider an ‘infection’, or ‘malicious’ ?
As I kind of noted, the only thing I ever considered close to possibly an infection were those weird Chinese programs in the MSConfig Startup. I never had popups, or severe lag, or odd programs actually opening (Never saw an executable running with the Chinese names… just saw them in the MSConfig) that I would ever have considered an ‘infection’ of my own opinion 
Tis why I came here. To clarify if it was a problem or anything to worry about in the least.
I guess the only thing that bugs me is how Combofix kinda froze when it said it was rebooting the computer, but!; when I restarted the computer (er, turned it back on), it seemed like it had restarted the scan in its entirety, so it might not really have found anything (Unless those things in the quarantine are actually to be worried about).
So, is this solved now for you…??
asyn