Download the attached fixlist to the same location as FRST
Start FRST and press Fix
After the reboot a log will open please attach that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
Download ComboFix from one of the following locations: Link 1 Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
Yes, aswMBR shows it once the scan is started… it still crashes at atapi.sys though. It usually takes a while after the reboot for Avast 2015 to show the pop-up window… and it just did
Please download MBRCheck.exe to your Desktop. Run the application.
If no infection is found, it will produce a report on the desktop. Post that report in your next reply.
If an infection is found, you will be presented with the following dialog:
[QUOTE]Enter ‘Y’ and hit ENTER for more options, or ‘N’ to exit:
[/quote]
Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
[QUOTE]Found non-standard or infected MBR.
Enter ‘Y’ and hit ENTER for more options, or ‘N’ to exit:
[/quote]
Enter Y and press Enter.
The following dialog will be presented:
[QUOTE]Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice:
[/quote]
Enter 2 and press Enter
The following dialog will be presented:
[QUOTE]Enter the physical disk number to fix (0-99, -1 to cancel):
[/quote]
Enter >>0<< and press Enter
The following dialog will be presented:
Enter >>3<< and press Enter
The following dialog will be presented:
[QUOTE]Do you want to fix the MBR code? Type ‘YES’ and hit ENTER to continue:
[/quote]
Type YES and press Enter (Must type the full word, YES). You will be inform if successfully wrote a new MBR code!
And last the following dialog will be presented:
[QUOTE]Done! Press ENTER to exit…
[/quote]
Press Enter. A report will be produced on the desktop. Post that report in your next reply.
That is Avast anti rootkit and has not been updated for at least a year
Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the “Scan” button to start scan