Rootkit removal

[Tarq57]

I actually don't know if the recovery disk will be drastic enough. Some part of the Windows reinstall must include a format, to wipe all files from the disk. I've never had a computer with OEM operating system installed; always had the Windows installation disk, so I don't know about using recovery partitions, sorry.

You might want to try some of the apps listed here.
I'd look at trying Rootkit revealer (by Sysinternals, one of the original anti-rootkits), Rootalyzer, by the makers of Spybot, and maybe F-secure's Blacklight.

Thing is, you will probably need advice before trying to remove what is found, as there are often hidden objects that are quite legitimate. It definitely is not safe to just delete anything found. (Even if you can.)

I'd also keep updatting MBAM, and run it again. It's pretty good on these (from what I read) if it can detect them.

[Thistledown]

I've been trying other devices but they aren't finding anything. Is it possible Avast is having a false alarm? If not I'll try the system recovery CD and if that doesn't work I'll just go ahead a wipe my computer and reinstall.

[Tarq57]

It's possible it's a FP. Worth checking, for sure.
When Avast detected it do you recall the file name and path?
The Avast rootkit scan runs 8 minutes after boot, you can't actually command it to run, you could try downloading GMER (which is the same one Avast uses) and get that to do a scan, report on what is found, please. Download it from the AndyManchester site I linked you to, earlier.
TM rootkit buster detected it as C:\\Windows\System32\gasfkyphtttxw.dll. (Are you certain there was an extra "\" between "C" and "Windows" in that name?)
Can you find the file, and if so, upload it to www.virustotal.org for a multiple online scan.

[DavidR]

You can actually command it to run.
- avast! Rootkit Scan - Windows Start, Run and copy and paste this command (including the quotes, assumes that you installed avast in the default location) "C:\Program Files\Alwil Software\Avast4\ashQuick.exe" "<RTK>SUPERQUICK" and click OK.

The rootkit scan also runs before the Standard or Thorough on-demand scans, so it is possible to initiate it outside of the 8 minutes after boot anti-rootkit scan.

####
Before doing that you can look in the C:\Program Files\Alwil Software\Avast4\DATA\Log\aswAr.log file, check this file using notepad and copy and past the info on the detection. This contains info on the last

[Thistledown]

GMER keeps crashing my computer. I'm tired of dealing with this so tomorrow I'm just going to use the recovery disk. If that doesn't work I'm torn between doing a complete reinstall and taking a sledge hammer to my laptop.

[Tarq57]

I'm inclined to think it is more likely to be the real deal (a rootkit or similar) than a FP, based on your reports of what won't run/computer crashes etc.
I hope the recovery disk does the job for you, but I think a full format will be required.

[Thistledown]

We'll see what happens. I'll post my results later.