Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here
When you reboot you will see this although yours will say windows 7. Click repair my computer
notepad and press Enter.
The notepad opens. Under File menu select Open.
Select “Computer” and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
We can burn the recovery console to a disc if it is easier
To do that download the win 7 64 bit ISO
to the desktop
Download and install imgburn http://www.imgburn.com/
Once imgburn is installed double click the ISO file and imgburn will open to burn it to disc
Copy the FRST programme to your root C drive and then follow the previous instructions excep that frst will now be run from the C drive as opposed to a USB
Okay, and this will keep my operation system completely genuine? Because the last time I got rid of one of those files(only one of the ones in assembly) through using a boot-time scan from Avast it brought me to a black screen with “This is not Genuine” at the bottom corner once I had logged in but eventually brought me back to my desktop.
If this should occur then on the popup select activate windows by phone
This will then produce a series of letters/numbers and give you a freephone number to call
Call the freephone number
You will be asked for the letters/numbers
Follow the phone prompts and you will be reactivated
I did a rescan and Avast is still showing them. They are C:\Windows\assembly\GAC_32\Desktop.ini and C:\Windows\assembly\GAC_64\Desktop.ini. Those are the two rootkits that have been troubling me this whole time. There were also some other files it found in C:\Windows\Installer.… And Avast chested those but they do seem to be constantly reappearing, so my suspicion is that they are from the those rootkits.
OK they are remanants so it is just a matter of taking them out. I will be away for about a week, but this should stop the alerts
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from “Start with Windows”
Reboot and then run OTL
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Okay,I ran the boot time scan again and it caught the same two Rootkits in assembly. However, this time when I tried to move them to the chest it gave me an error like “unable to complete operation, disk is full” for both of the files.