Combofix is a rootkit detector/cleaner. You should only download it from http://www.bleepingcomputer.com The organization that makes it is somewhat guarded about how it actually works and what it looks for, but it works best if you run it soon (several weeks) after infection is suspected. It can cause your computer to not boot if you actually have an infection because it just removes the suspect driver if it is infected. A lot of times, a virus/rootkit will replace legitimate system files with one “augmented” with their code. Although it has a virus in this file, your system will not run without it. Combofix does create restore points, but you will need the knowledge to revert to one of these restore points should the system not boot.
I’ve had a lot of luck with ComboFix where someone has a rootkit that is causing a virus to keep returning.
I run ComboFix periodically as a precaution (you’re not really supposed to use it this way) and also to look at the log it generates which can point to infections it cannot detect. As an example, it will tell you that logsp.dll file was installed and set to run on boot on June 6th 2015. A lot of times it’s up to you to research what the data mean and search for the dll and find out that it’s related to that Logitech mouse you installed in June.
