Cannot Kill ZeroAccess Rootkit

This problem has been upgraded from the "Am I infected?  What do I do?" forum.  My previous topic can be found here:  http://www.bleepingcomputer.com/forums/t/485904/possible-zeroaccess-rootkit-tried-multiple-antimalware-programs-to-no-avail/
I have run a plethora of antimalware programs with nothing to show for it.  I'm running an HP Windows 8 64-bit laptop (at work, so it can only be accessed from 8am-5pm PST), and I was out for two weeks.  When I got back, it was infected.  I had the computer for literally two hours before I left for my vacation - it was brand new; I pulled it out of the box myself.  It was fine when I left.  It appears the virus I have is especially smart and this computer is especially dumb.  The problems (initially) were pop-ups for insurancecomparison.org, ilivid downloads, and make-your-pc-faster (every five minutes with an open browser, every fifteen minutes or so without an open browser).  I've noticed that as of yesterday to open Google Chrome (default browser), I have to right-click the icon and select "New Window" or it won't open.  Also, I had an issue installing an "important" update via Windows Update yesterday.  I have all of the sensitive information stored on a flash drive and NOT on the computer itself (this is a therapist's office).  I am hesitant to do a full system wipe because the computer did not come with any sort of reboot media (no Windows 8 restore disc/flash drive).

My previous topic has copies of a tdsskiller scan log and aswMBR scan log from this morning (2/19); I ran ESETscanner, but it didn't find anything and didn't generate a report.  I ran MWB thorough scan and EmsisoftEmergencyKit in Safe Mode, but they didn't find anything.  I didn't have any pop-ups the entire time, though.  I will be happy to run any/all of these programs again and more.  Any help would be greatly appreciated!

I have tried tdsskiller, HitmanPro, GMER, EmsisoftEmergencyKit, RogueKiller, adwCleaner, ESETscanner, MWB (I installed Spybot S&D out of the box and switched to MWB when I noticed the virus), and Avast! Antivirus Free since I turned it on.

 

DDS.text here:

 

 

Hello and welcome to BleepingComputer. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear.
 
For x32 (x86) bit systems please download the Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems please download the Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

To enter System Recovery Options by using the Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

• Select Command Prompt.
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select Computer, find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64)  and press Enter.
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to the disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it in your reply.

Ugh, I'm an idiot.  OK, got it.  Also, I couldn't get the Advanced Boot Options to come up with F8, so I held down SHIFT and clicked "Restart" from the Power Menu.  It worked!

 

The computer will be unavailable from Thursday, Feb 21 to Monday, Feb 25.  I will be back in the office Feb 25.  Just letting you know - I can't remove it from the office.

Good evening RJswanee,

I will be away from Sunday until Tuesday.

Please download the attached fixlist.txt.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt). Please post it in your reply.

Just a side note: I am away until Tuesday.

Downloaded and noted.  Thank you.

Hello RJswanee,

 

Please post the new log.

Here it is - the fix was the GMER Scan tool, I believe.

Good morning RJswanee,

 

Please download Malwarebytes Anti-Rootkit here.

• Unzip the contents to a folder on the Desktop.
• Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as administrator for Vista and Windows 7).
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Please post the two logs produced.

Please note: This tool is still in BETA mode, so please ensure you have backed up any important files.

It said, "Congratulations!  No Malware found!"  I noticed I haven't had a pop-up all day.  I have no idea what happened.  When I left at 5pm yesterday, there were pop-ups.  I came into work this morning at 8am with no issues.  The only problem I've experienced today is the Avast! WebRep plug-in keeps crashing.

Hello RJswanee,

 

When I left at 5pm yesterday, there were pop-ups.

What sort of popups?

The pop-ups were for insurancecomparison.org, ilivid downloads, and make-your-pc-faster.  They haven't shown up since Monday night.  They were the tip-off that I hadn't rid the computer of the viruses.

Hey RJswanee,

 

Please download to the Desktop RogueKiller (by tigzy).

• Please quit all programs.
• Start RogueKiller.exe.
• Wait until Prescan has finished.
• Click on Scan.
• Click on Report and copy/paste the contents of the report in your next reply.

 

=====

 

Also, please download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
• Click on Search.
• A logfile will automatically open after the scan has finished.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

 

=====

 

Please provide both logs in your reply.