Hi Turpal,
Please do not be alarm by Gmer's 'RootKit' flags as detections are avast! related. However, I am not fully satisfied by looking GMER log. Simply this requires additional ARK check.
FRST tools shows the active malware presence as well as configuration settings made by the malware. We shall use FRSTScript to kill the malware.
Afterwards, we shall deploy two powerful tool, one known as MBAR and other known as ComboFix.
Download attached
FixList.txt file and save it to the Desktop.
NOTE. It's important that both files,
FRST/FRST64 and
fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemRun
FRST/FRST64 and press the
Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
------ Next ------Please download
Malwarebytes AntiRootkit (MBAR) and save it to your desktop.
http://www.malwarebytes.org/products/mbar/Full instructions how to use MBAR
http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-rootkit Please note: This is a beta version so please be sure to read the disclaimer and note of it.- Unzip/unrar MBAR in a folder to your Desktop and MBAR should be run by itself...
If not, open the folder where the contents were unzipped to run mbar.exe and run it by duble-clicking
- Click on Next > then on Update button to download fresh definitions.
- When database updates click Next
- In the following window ensure "Targets" scan for Drivers; Sectors; System are ticked. Then select "Scan button"
- If an infection/s are found ensure "Create Restore Point" is checked, then select the "Cleanup Button" to remove threats.
Or if you are sure any entries should not be kept, just untick them. A list of infected files will be listed.
- The Clean up procedure will be Scheduled for process.
- When complete pop-up will show you. Select the Yes button and the system should re-boot to complete the cleaning process.
>> Please attach the two following logs from the mbar folder:
system-log.txtand
mbar-log-year-month-day (hour-minute-second).txt. ------ Next ------1. Please download
ComboFix by
sUBs from here and save it to your
Desktop.
If you are unsure how ComboFix works please read this guide carefully.
Note: ComboFix must be downloaded to your Desktop.--------------------------------------------------------------------
2. Temporarily disable your
AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
If you are unsure how to do this please read this or this Instruction.Instructions how to disable avast:- Right click on the avast! system tray icon () in the lower right corner of the screen and scroll up to avast! shield controls;
- In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note: Do not forget to turn back on this option after the cleaning by choosing avast! shield controls > Enable all shield options.--------------------------------------------------------------------
3. Run
ComboFix. Click on
I Agree!- ComboFix will display DISCLAIMER of warranty on software.
By clicking I Agree ComboFix shall continue.
- ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
-If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
- ComboFix will scan your computer in stages, total of 50 stages.
Do not mouse-click around while ComboFix is running.
Note:If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart your computer.
--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\
ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.