I put both the quick scan and the GMER scan in the same post, one on top of the other. I did save the file from GMER. I will attach as requested, but it is the same as the bottom half of the posted message.
If these are not correct, I will try again when the rootkit reappears.
Have you definitely clicked on the Scan button and waited for the scan to be finished (the Scan button Caption changed back from Stop to Scan) before saving the scan result?
I'm afraid we cannot help you providing us with full anti-rootkit GMER scan result further unless you describe in details what exactly have you done and which of the previously described steps cannot be performed (e.g. "nothing happens after clicking the Scan button during step 5 - the button description is not changed to Stop").
all right, I think I finally understand what you are asking. When I first run GMER, it loads certain info. I was thinking that was the scan. So, according to your instructions, I asked it to do a complete scan. It took much longer than I thought it would. So, here is the file of the GMER attached.
The file reappeared in the rootkit scan. So I followed the steps again and it is different than the file I sent earlier on the 18th. So, I am resending it and it clearly shows the krdpdre.sys 4 times. So I am confirming if this might still be a false positive.
My assumption is it is not as it never was on my computer until I encountered that screen advertising itself as AVG.
I was not able to find any e-mail sent from your e-mail address to firstname.lastname@example.org in our system. Have you located the krdpdre.sys file using GMER file manager? If so, please copy it and send it to email@example.com as described in the "How To Handle Suspicious False Positive Detection?" post for analysis.
From the provided output, it seems that the file may belong to some optical drive emulation software. It is also detected by GMER so it more than likely that it is not a false alarm but a file using rootkit techniques (such detection would be correct as I have already mentioned in post #150815). Please provide us with an msinfo output as asked by PokornyZ.