Avast doesn't remove these last few rookits

[REDACTED]

When I did a full scan Avast found over 500 infected files with rootkits. When I try to delete them all, Avast got stuck on a certain rootkit and doesn't finish deleting the rest. You can see where it got stuck in the attachment. The same thing happened three days ago and it makes me think the other ones were not really deleted when I rebooted.

[Asyn]

Attach your basic diagnostic logs. (MBAM, FRST and aswMBR)
Instructions: https://forum.avast.com/index.php?topic=53253.0

[REDACTED]

I attached the logs.

[Asyn]

OK, now you've to wait a bit...

[essexboy]

Unfortunately Avast is getting a bit paranoid there, as they are files that have the characteristics of rootkits but are not as such.  They are part of the Lenovo restore system.. Set Avast to ignore them

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKU\S-1-5-21-602162358-1757981266-1417001333-1003\...\Run: [Itibiti.exe] => C:\Program Files\Itibiti Soft Phone\Itibiti.exe
URLSearchHook: [S-1-5-21-602162358-1757981266-1417001333-1003] ATTENTION => Default URLSearchHook is missing
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
Toolbar: HKU\S-1-5-21-602162358-1757981266-1417001333-1003 -> No Name - {72702944-7C43-428D-96FA-BC4D8F5AE290} -  No File
R2 winzipersvc; C:\Program Files\WinZipper\winzipersvc.exe [647856 2015-08-13] (Taiwan Shui Mu Chih Ching Technology Limited) <==== ATTENTION
S2 iSafeService; no ImagePath
S1 iSafeKrnl; no ImagePath
S1 iSafeKrnlKit; no ImagePath
S1 iSafeKrnlMon; no ImagePath
S1 iSafeKrnlR3; no ImagePath
S1 sbaphd; system32\drivers\sbaphd.sys [X]
S2 sbapifs; system32\drivers\sbapifs.sys [X]
2015-11-07 01:48 - 2015-02-20 19:48 - 00000410 _____ C:\WINDOWS\Tasks\At1.job
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\T60\APPLIC~1\BINKIL~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Program Files\WinZipper
C:\Program Files\Itibiti Soft Phone
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Scan.
  
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S0].txt as well.
  

[REDACTED]

New logs attached.

[essexboy]

How is the computer now ?  You did have a little adware

[REDACTED]

Yeah it's fine. How do I set Avast to ignore those restore files?

[essexboy]

You can exclude the preboot folder from scanning