Hi,

Just to let you know, do not be alarm on Gmer’s “RootKit” pop-ups at Gmer primary and 3rd party scan. These flaged drivers…well they belong to avast.
But I want to perform some additional checks + to delete some non-active value key that Gmer pointed out …
I shall use FRST’s Script for that.

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


Start
REG: reg delete "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" /v "{23170F69-40C1-278A-1000-000100020000}" /f
File: C:\Windows\system32\conhost.exe
End

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.