When I did a full scan Avast found over 500 infected files with rootkits. When I try to delete them all, Avast got stuck on a certain rootkit and doesn’t finish deleting the rest. You can see where it got stuck in the attachment. The same thing happened three days ago and it makes me think the other ones were not really deleted when I rebooted.

Attach your basic diagnostic logs. (MBAM, FRST and aswMBR)
Instructions: https://forum.avast.com/index.php?topic=53253.0

I attached the logs.

OK, now you’ve to wait a bit…

Unfortunately Avast is getting a bit paranoid there, as they are files that have the characteristics of rootkits but are not as such. They are part of the Lenovo restore system… Set Avast to ignore them

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKU\S-1-5-21-602162358-1757981266-1417001333-1003\...\Run: [Itibiti.exe] => C:\Program Files\Itibiti Soft Phone\Itibiti.exe URLSearchHook: [S-1-5-21-602162358-1757981266-1417001333-1003] ATTENTION => Default URLSearchHook is missing HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION Toolbar: HKU\S-1-5-21-602162358-1757981266-1417001333-1003 -> No Name - {72702944-7C43-428D-96FA-BC4D8F5AE290} - No File R2 winzipersvc; C:\Program Files\WinZipper\winzipersvc.exe [647856 2015-08-13] (Taiwan Shui Mu Chih Ching Technology Limited) <==== ATTENTION S2 iSafeService; no ImagePath S1 iSafeKrnl; no ImagePath S1 iSafeKrnlKit; no ImagePath S1 iSafeKrnlMon; no ImagePath S1 iSafeKrnlR3; no ImagePath S1 sbaphd; system32\drivers\sbaphd.sys [X] S2 sbapifs; system32\drivers\sbapifs.sys [X] 2015-11-07 01:48 - 2015-02-20 19:48 - 00000410 _____ C:\WINDOWS\Tasks\At1.job Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\T60\APPLIC~1\BINKIL~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION C:\Program Files\WinZipper C:\Program Files\Itibiti Soft Phone Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

New logs attached.

How is the computer now ? You did have a little adware

Yeah it’s fine. How do I set Avast to ignore those restore files?

You can exclude the preboot folder from scanning