Latest version of Avast, just doesn't open.

[essexboy]

OK it looks as though the malware has locked those keys

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
  
• Accept the disclaimer and allow to update if it asks

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.[/b]
  

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[REDACTED]

Okay, I ran the program. Here is what came up.

Also, the computer runs much better than it was before thanks to your help. The only thing is, it does not open avast still. Also the chrome installer seems to still be left over. It gives me the error I quoted in a previous post.

[essexboy]

OK lets now try a different way of removing the reg keys

Copy the following to a notepad file
Select save and set the file type to all files
Save it as IFEO.reg
Save it to the desktop, then right click the file and select run as administrator 
Accept the warnings and reboot

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options]

[-HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]

THEN

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
C:\Program Files\Google
C:\Users\Little Wonders\AppData\Local\Google
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

Could I then have a fresh FRST scan please

[REDACTED]

Attached is the fixlog for the second part. In the first step I wasn't able to right click and run as administrator, instead I just clicked on it and then it gave a window saying it added keys to the registry.

[REDACTED]

Scan logs.

[essexboy]

Nope that did not work either

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
  
• Accept the disclaimer and allow to update if it asks

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.[/b]
  

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[REDACTED]

I had the combofix already downloaded as per the previous posts. But here is the scan log.

[essexboy]

OK lets see if CF can kill it

1. Close any open browsers.
 
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 
 
3. Open notepad and copy/paste the text in the quotebox below into it:
 

File::
 c:\users\Little Wonders\AppData\Local\TempTaskUpdateDetectionEDE0E6CD-9309-4A7E-83AD-298C9D7C681C

Folder::
 c:\users\Little Wonders\AppData\Local\TempTaskUpdateDetectionEDE0E6CD-9309-4A7E-83AD-298C9D7C681C

Registry::
[-HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\avastSvc.exe]
[-HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\avastUI.exe]
[-HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\tapinstall.exe]
[-HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\VisthAux.exe]
[-HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastSvc.exe]
[-HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastUI.exe]
[-HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe]
[-HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthAux.exe]

 
Save this as CFScript.txt, in the same location as ComboFix.exe
 
 
 
 
Refering to the picture above, drag CFScript into ComboFix.exe
 
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[REDACTED]

Here is the latest.

[essexboy]

Could you fully uninstall Avast using the removal tool please

 Avast Uninstall Utility

NEXT

Run delfix but just select "Remove Disinfection tools"
This will remove FRST and Combofix quarantine folders

Download and run Delfix

Reboot once done

Then

Copy the following to a notepad file
Select save and set the file type to all files
Save it as IFEO.reg
Save it to the desktop, then right click the file and select run as administrator 
Accept the warnings and reboot

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options]

[-HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]

Finally

Could I have a fresh FRST scan
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  
• Select  additions at the bottom
• Press Scan button.
  
  
• It will produce a log called FRST.txt in the same directory the tool is run from. 
  
• Please attach both logs generated.

[REDACTED]

Updated attachments.

[essexboy]

That worked

Avast should install now

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-443951736-1583617210-2315430799-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Extension: No Name - C:\Users\Little Wonders\AppData\Roaming\Mozilla\Firefox\Profiles\fanljv6v.default\extensions\_qvxbkbnnuzqukzjj_i@frnhpojlbr_in.com [not found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2015-08-14 10:45 - 2015-08-17 11:48 - 00000246 _____ C:\Users\Little Wonders\Desktop\IFEO.reg
2015-08-13 13:58 - 2015-08-17 11:34 - 00000000 ____D C:\Qoobox
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

[REDACTED]

Here is the log. Ill try avast soon.

[REDACTED]

That surely did it. Thank you very much essexboy. I imagine you are a blessing to these forums.

[essexboy]

That were a bugger to kill, it seems as though the fix needed to be done in the right sequence...

Any further problems before I tidy up ?