Hi, I’ve gotten this virus on my laptop and have followed a post on here up until running and saving ‘Gmer’. The posts says the next step is written specifically for the individuals problem and if I were to use the example there I might do more damage so I’ve attached the Gmer log reports on here and it would be absolutely fantastic if someone could save me… it’s shortcutted my uni assessment due today SOS.
(I’ve actually copied and pasted it because I’ve lost the plot and I can’t figure out how to attach)

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-07-30 09:24:08
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 → \Device\00000027 Windows_8.1-0 rev.F.MBKD2M 64.00GB
Running: b2l1nz5g.exe; Driver: C:\Users\GEORGI~1\AppData\Local\Temp\agtcykod.sys

---- User code sections - GMER 2.1 ----

.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\sechost.dll!CredProfileLoadedEx 00007ff896934d58 8 bytes {JMP QWORD [RIP-0x14cb6]}
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\sechost.dll!CredProfileLoaded 00007ff896973d50 7 bytes {JMP QWORD [RIP-0x53cee]}
.text C:\Program Files (x86)\Parallels\Parallels Tools\Services\coherence.exe[1568] C:\Windows\system32\USER32.dll!EndPaint 00007ff896ed1070 8 bytes {JMP QWORD [RIP-0x10fce]}
.text C:\Program Files (x86)\Parallels\Parallels Tools\Services\coherence.exe[1568] C:\Windows\system32\USER32.dll!SetLayeredWindowAttributes 00007ff896ed1dd0 8 bytes {JMP QWORD [RIP-0x11cee]}
.text C:\Program Files (x86)\Parallels\Parallels Tools\Services\coherence.exe[1568] C:\Windows\system32\USER32.dll!ReleaseDC + 1 00007ff896ed5051 5 bytes {JMP QWORD [RIP-0x14fee]}
.text C:\Program Files (x86)\Parallels\Parallels Tools\Services\coherence.exe[1568] C:\Windows\system32\USER32.dll!SetProcessDPIAware + 1 00007ff896ed8321 5 bytes {JMP QWORD [RIP-0x1817e]}
.text C:\Program Files (x86)\Parallels\Parallels Tools\Services\coherence.exe[1568] C:\Windows\system32\USER32.dll!UpdateLayeredWindow 00007ff896f0c390 7 bytes {JMP QWORD [RIP-0x4c26e]}
.text C:\Program Files (x86)\Parallels\Parallels Tools\Services\coherence.exe[1568] C:\Windows\system32\USER32.dll!UpdateLayeredWindowIndirect 00007ff896f0c54c 7 bytes {JMP QWORD [RIP-0x4c3ea]}
.text C:\Program Files (x86)\Parallels\Parallels Tools\Services\coherence.exe[1584] C:\Windows\system32\USER32.dll!EndPaint 00007ff896ed1070 8 bytes {JMP QWORD [RIP-0x10fce]}
.text C:\Program Files (x86)\Parallels\Parallels Tools\Services\coherence.exe[1584] C:\Windows\system32\USER32.dll!SetLayeredWindowAttributes 00007ff896ed1dd0 8 bytes {JMP QWORD [RIP-0x11cee]}
.text C:\Program Files (x86)\Parallels\Parallels Tools\Services\coherence.exe[1584] C:\Windows\system32\USER32.dll!ReleaseDC + 1 00007ff896ed5051 5 bytes {JMP QWORD [RIP-0x14fee]}
.text C:\Program Files (x86)\Parallels\Parallels Tools\Services\coherence.exe[1584] C:\Windows\system32\USER32.dll!SetProcessDPIAware + 1 00007ff896ed8321 5 bytes {JMP QWORD [RIP-0x1817e]}
.text C:\Program Files (x86)\Parallels\Parallels Tools\Services\coherence.exe[1584] C:\Windows\system32\USER32.dll!UpdateLayeredWindow 00007ff896f0c390 7 bytes {JMP QWORD [RIP-0x4c26e]}
.text C:\Program Files (x86)\Parallels\Parallels Tools\Services\coherence.exe[1584] C:\Windows\system32\USER32.dll!UpdateLayeredWindowIndirect 00007ff896f0c54c 7 bytes {JMP QWORD [RIP-0x4c3ea]}
.text C:\Program Files (x86)\Parallels\Parallels Tools\Services\coherence.exe[1584] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007ff898f5169a 4 bytes [F5, 98, F8, 7F]
.text C:\Program Files (x86)\Parallels\Parallels Tools\Services\coherence.exe[1584] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007ff898f516a2 4 bytes [F5, 98, F8, 7F]
.text C:\Program Files (x86)\Parallels\Parallels Tools\Services\coherence.exe[1584] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118 00007ff898f5181a 4 bytes [F5, 98, F8, 7F]
.text C:\Program Files (x86)\Parallels\Parallels Tools\Services\coherence.exe[1584] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142 00007ff898f51832 4 bytes [F5, 98, F8, 7F]
.text C:\Program Files (x86)\Parallels\Parallels Tools\Services\prl_tools.exe[1704] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff898f5169a 4 bytes [F5, 98, F8, 7F]
.text C:\Program Files (x86)\Parallels\Parallels Tools\Services\prl_tools.exe[1704] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff898f516a2 4 bytes [F5, 98, F8, 7F]
.text C:\Program Files (x86)\Parallels\Parallels Tools\Services\prl_tools.exe[1704] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff898f5181a 4 bytes [F5, 98, F8, 7F]
.text C:\Program Files (x86)\Parallels\Parallels Tools\Services\prl_tools.exe[1704] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff898f51832 4 bytes [F5, 98, F8, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1864] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007ff898f5169a 4 bytes [F5, 98, F8, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1864] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007ff898f516a2 4 bytes [F5, 98, F8, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1864] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118 00007ff898f5181a 4 bytes [F5, 98, F8, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1864] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142 00007ff898f51832 4 bytes [F5, 98, F8, 7F]
.text C:\Program Files (x86)\Parallels\Parallels Tools\prl_cc.exe[2792] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff898f5169a 4 bytes [F5, 98, F8, 7F]
.text C:\Program Files (x86)\Parallels\Parallels Tools\prl_cc.exe[2792] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff898f516a2 4 bytes [F5, 98, F8, 7F]
.text C:\Program Files (x86)\Parallels\Parallels Tools\prl_cc.exe[2792] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff898f5181a 4 bytes [F5, 98, F8, 7F]
.text C:\Program Files (x86)\Parallels\Parallels Tools\prl_cc.exe[2792] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff898f51832 4 bytes [F5, 98, F8, 7F]

---- Threads - GMER 2.1 ----

Thread C:\Windows\system32\csrss.exe [468:484] fffff960009ba4d0
Thread C:\Windows\system32\svchost.exe [868:4072] 00007ff88f2d5340
Thread C:\Windows\system32\svchost.exe [868:1536] 00007ff88c1511b0

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0xEA 0xB4 0xAB 0xF9 …
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x2E 0xC2 0x8E 0x6A …
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0x14 0xDB 0xB2 0xF9 …
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0x44 0x84 0x93 0x6A …
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@en-GB 13
Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\PRL50005001_06_07DD_D5^D6D4B164413B615CA87D2A9B2B5139BA@Timestamp 0xFC 0xAF 0x26 0xFA …
Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 660
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ??\C:\ProgramData\DataMngr\stats.cfg???
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 3899992
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 1074162472
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 15
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 418293807
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 374
Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 483894fa-1124-4204-bb4b-8f33a01
Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe{895f2804-d27a-4939-990c-05d88d44f8b9}@LastProbeTime 1406676109
Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?Tue?, ?Jul ?29 ?14, 11:23:15 PM???
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 374
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 120
Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 14
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces{2CF9D29D-60DB-4D15-8971-2D0616D38DE8}@LeaseObtainedTime 1406674956
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces{2CF9D29D-60DB-4D15-8971-2D0616D38DE8}@T1 1406675856
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces{2CF9D29D-60DB-4D15-8971-2D0616D38DE8}@T2 1406676531
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces{2CF9D29D-60DB-4D15-8971-2D0616D38DE8}@LeaseTerminatesTime 1406676756
Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce@Report C:\AdwCleaner\AdwCleaner[S0].txt

---- EOF - GMER 2.1 ----

I figured it out…

The next step also: Farbar Recovery Scan Tool, FRST.txt

And the addition.

Also Malwarebytes log https://forum.avast.com/index.php?topic=53253.0

Removal team will be online tomorrow.

So there’s nothing I can do now?

When somone from the removal team is online and have looked at your logs, they will assist you

Please download Anti-VBSVBEx64.exe on your Desktop

[*]Double click to run the tool and wait until it finishes.
[*]It will make a log named Anti-VBSVBE.txt. Please attach it to your reply.

.

Please download MCShield from one of the following links:

MCShield -Official download link

[*]Double click on MCShield-Setup to install the application.
Next => I Agree => Next => Install … per installation click on Run! button.
[]Wait a few seconds to MCShield finish initial HDD scan…
[]Connect all your USB storage devices to the computer one at a time. Scanning will be done automatically.
[*]When all scanning is done, you need to post a logreport that MCShield has created.

Under Logs tab (in Control Center) for AllScans.txt log section click on Save button. AllScanst.txt report shall be located on your Desktop.

=> Post here AllScanst.txt

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.

Anit-VBS…

First USB

Oh sorry, scan with both usbs.

You have to save logs as ANSI.

Re-run FRST and click scan. Attach here log.