If your friend was getting a report from Avast about a rootkit I would run TDSSKiller to be on the safe side. That is an actual rootkit removal tool. GMER will give you notification of the rootkit and is very good at it but removal with TDSSKiller is easier.
Malwarebytes (which is NOT a rootkit scan unless you download the MBAR Rootkit tool) could be your next option if there is no rootkit/bootkit detected followed by an online scan using ESET online scanner.
Here are some links if you like:
Please download TDSSKiller
- Double click TDSSKiller.exe
- Press Start Scan but do nothing else as we are just looking for what is there.
- If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
- Google search any entries found to be sure that they are actually infections...once complete, run TDSSKiller again and select Cure for the entries found to be malicious.
- A copy of the log will be saved automatically to the root of the drive (typically C:\)
Please download Malwarebytes Anti-Malware to your desktop.
- Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan as shown below.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. Please save it to a convenient location if you would like the results reviewed.
The log can also be found here:
Windows 2000 & Windows XP:
C:\Documents and Settings\<USERNAME>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs
Windows Vista & Win7:
C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\M alwarebytes' Anti-Malware\Logs
ESET Online Scanner
Go here to run an online scannner from ESET.
Hope this helps.