Avast found a rootkit in my system and I am in need of help to remove it.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/8/2016
Scan Time: 7:26 PM
Logfile: Malware.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.04.08.06
Rootkit Database: v2016.04.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Tsubasa

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 403346
Time Elapsed: 23 min, 33 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.InstallCore, C:\Users\Tsubasa\AppData\Local\Temp\ICReinstall_YoutubeDownloader_Setup.exe, Quarantined, [d1955557861356e07fc7acbd2bd6d828],
PUP.Optional.InstallCore, C:\Users\Tsubasa\Downloads\YoutubeDownloader_Setup.exe, Quarantined, [79ed8d1ff1a8290d2d19d09937caf10f],

Physical Sectors: 0
(No malicious items detected)

(end)

Did you try the “Fix MBR” after the aswMBR scan?

http://public.avast.com/~gmerek/aswMBR1.png

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

[b]Coupon Printer for Windows

Open Broadcaster Software[/b]

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

SECOND >>>>

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[b] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/b]Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
  icon and select
  https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
    Please attach it to your reply.

Thank you for the reply.

If you want a good second opinion / scanner for rootkit, please do the following:

Download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_1.jpg

- Check the boxes beside [b]Verify Driver Digital Signature and Detect TDLFS[/b] file system, then click OK.

http://i1351.photobucket.com/albums/p785/dbreeze2/just%20stuff/TDSSKiller_options2015-01-10_zpse37afaba.png

- Click the [b]Start Scan[/b] button.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_3.jpg

- If a suspicious object is detected, the default action will be [b]Skip[/b], click on [b]Continue[/b].

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_4.jpg

- If malicious objects are found, they will show in the Scan results and offer three (3) options.
- Ensure [b]Cure[/b] is selected, then click [b]Continue[/b] => [b]Reboot now[/b] to finish the cleaning process.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_5.jpg

- Note: [b]If Cure is not available, please choose Skip instead, do not choose Delete[/b][b] unless instructed.[/b]

A report will be created in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste its contents on your next reply.

02:56:00.0669 0x0fb0 TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
02:56:02.0669 0x0fb0 ============================================================
02:56:02.0669 0x0fb0 Current date / time: 2016/04/09 02:56:02.0669
02:56:02.0669 0x0fb0 SystemInfo:
02:56:02.0669 0x0fb0
02:56:02.0778 0x0fb0 OS Version: 10.0.10586 ServicePack: 0.0
02:56:02.0778 0x0fb0 Product type: Workstation
02:56:02.0778 0x0fb0 ComputerName: TSUBASA-PC
02:56:02.0778 0x0fb0 UserName: Tsubasa
02:56:02.0778 0x0fb0 Windows directory: C:\WINDOWS
02:56:02.0778 0x0fb0 System windows directory: C:\WINDOWS
02:56:02.0778 0x0fb0 Running under WOW64
02:56:02.0778 0x0fb0 Processor architecture: Intel x64
02:56:02.0778 0x0fb0 Number of processors: 8
02:56:02.0778 0x0fb0 Page size: 0x1000
02:56:02.0778 0x0fb0 Boot type: Normal boot
02:56:02.0778 0x0fb0 ============================================================
02:56:02.0778 0x0fb0 BG loaded
02:56:06.0778 0x0fb0 System UUID: {494131B6-222D-832A-722D-B493D2A4D986}
02:56:11.0247 0x0fb0 Drive \Device\Harddisk0\DR0 - Size: 0xE8E1300000 ( 931.52 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‘K0’, Flags 0x00000040
02:56:11.0300 0x0fb0 ============================================================
02:56:11.0300 0x0fb0 \Device\Harddisk0\DR0:
02:56:11.0347 0x0fb0 MBR partitions:
02:56:11.0347 0x0fb0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x10D5000
02:56:11.0347 0x0fb0 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x10E9000, BlocksNum 0x73620000
02:56:11.0347 0x0fb0 ============================================================
02:56:11.0972 0x0fb0 C: ↔ \Device\Harddisk0\DR0\Partition2
02:56:11.0972 0x0fb0 ============================================================
02:56:11.0972 0x0fb0 Initialize success
02:56:11.0972 0x0fb0 ============================================================

I’m guessing that did the trick. Ran a scan and no detection of the rootkit. Thank you.

Glad to hear that!

Clean up of Malware Removal Tools
Now that we are through using these tools, let’s clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

• Download Delfix from here to your desktop and double click it to start the program
  • Ensure Remove disinfection tools is ticked
    Also tick:
  • Activate UAC
  • Create registry backup
  • Purge system restore
  • Reset system settings

http://i1351.photobucket.com/albums/p785/dbreeze2/just%20stuff/DelFixSelectall_zps0f04cec4.png

• Click Run
  • The program will run for a few moments and then notepad will open with a log. Note: Please save this log first before rebooting your system (if asked to); DelFix does not save the log as it is trying to remove all traces of our work on your system. Please attach the log in your next reply.
    You can delete any log files left on your desktop as these are no longer needed.