Cannot remove rootkit

After running a full scan of my computer, avast found 60 some hidden rootkit files. Every time I try to move them to chest, they get a message saying “Error: The request is not supported(50).” I have searched for a way to deal with this, but I have found no solid answer as to what to do. So, how do I deal with these files?

Hi,

Can you post screenshot of detections or to post avast logs?

Please download Farbar Recovery Scan Tool and save it to your desktop.

[color=green]Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

http://i.imgur.com/OgQ9ZDD.png

Here is just a fraction of the results.

FRST.txt
http://www.mediafire.com/download/116lv1p613oy0fo/FRST.txt

Addition.txt
http://www.mediafire.com/download/3aj7uhhf3192zo0/Addition.txt

Edit: I just ran a scan that only consisted of a Full rootkit can, and it came up with nothing.

Detections are FP. I mean files in c:\windows\winsxs shouldn’t be malicious.
You may read.
http://blogs.technet.com/b/askcore/archive/2008/09/17/what-is-the-winsxs-directory-in-windows-2008-and-windows-vista-and-why-is-it-so-large.aspx

Run this FRSTScript. It will remove some leftovers that you have on board.

  1. Open notepad and copy/paste the text present inside the code box below.
    To do this highlight the contents of the box and right click on it. Paste this into the open notepad.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


START
REG: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "PlayNC Launcher" /f
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3220468
URLSearchHook: (No Name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} -  No File
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {2F480072-6197-4456-B84C-AD78BD9ACBA9} URL = http://websearch.ask.com/redirect?client=ie&tb=NCH2&o=APN10111&src=kw&q={searchTerms}&locale=&apn_ptnrs=^A5M&apn_dtid=^YYYYYY^YY^US&apn_uid=f32760cf-aa22-4425-b134-2bb3cb4212ca&apn_sauid=D5A31B01-64DA-4D42-93C4-F7CF065DA601
BHO-x32: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} -  No File
CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Alec\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx
C:\Program Files (x86)\uTorrentControl_v2
C:\Users\Alec\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx
Folder: C:\Users\Alec\AppData\Local\dxhr
Folder: C:\Users\Alec\AppData\Local\28050
CMD: ipconfig /flushdns
END

  1. Save notepad as fixlist.txt
    NOTE. It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

  2. Run FRST/FRST64 and press the Fix button just once and wait.
    If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Note: If the tool warned you about the outdated version please download and run the updated version.

Done. Thank you very much.

Can you please attach fixlog.txt log as instructed? :slight_smile:
Just to make sure all is done as it should be.

Oh, yeah, sorry.

http://www.mediafire.com/download/finun7d7l4hpyvk/Fixlog.txt

Ok, make shure you delete these two folders:

C:\Users\Alec\AppData\Local[b]dxhr[/b]
C:\Users\Alec\AppData\Local\28050\eidos[b]48bc7c4[/b]

That’s it. I will not run additional check for rootkit becouse I believe we will find nothing. Detected files by AV are legit.

Finished. Thank you for your time.