Blocked by group policy

Hi All,
My Avast wont launch says its blocked by group policy.
have posted FRST log below.

Thanks in advance

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(COMPANYVERS_NAME) C:\Program Files (x86)\MyWebFace_5a\bar\1.bin\5abarsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\SAgent4.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\MyWebFace_5a\bar\1.bin\5abrmon64.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
() C:\Program Files (x86)\Calibre2\calibre.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM.…\Run: [IntelTBRunOnce] => wscript.exe //b //nologo “C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs”
HKLM.…\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM.…\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM.…\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM.…\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM-x32.…\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-06-21] (Egis Technology Inc.)
HKLM-x32.…\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32.…\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32.…\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32.…\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32.…\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32.…\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32.…\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32.…\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32.…\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32.…\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32.…\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM-x32.…\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32.…\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32.…\Run: [CitrixReceiver] => “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk”
HKLM-x32.…\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32.…\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32.…\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32.…\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32.…\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes’ Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Symantec <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU.DEFAULT.…\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19.…\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20.…\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2996037247-2576826795-443951047-1001.…\Run: [Global Registration] => “C:\Program Files (x86)\Acer\Registration\GREG.exe” /boot
HKU\S-1-5-21-2996037247-2576826795-443951047-1001.…\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [718720 2011-07-22] (Microsoft Corporation)
HKU\S-1-5-21-2996037247-2576826795-443951047-1001.…\Run: [EPSONE59089 (Epson Stylus SX430)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_S20IC1.EXE /FU “C:\Users\A
\AppData\Local\Temp\E_SD00B.tmp” /EF “HKCU”
HKU\S-1-5-21-2996037247-2576826795-443951047-1001.…\Run: [EPSON SX430 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_S20IC1.EXE /FU “C:\Users\A\AppData\Local\Temp\E_S49FA.tmp” /EF “HKCU”
HKU\S-1-5-21-2996037247-2576826795-443951047-1001.…\MountPoints2: E - E:\autorun.exe
HKU\S-1-5-21-2996037247-2576826795-443951047-1001.…\MountPoints2: F - F:\RunGame.exe
HKU\S-1-5-21-2996037247-2576826795-443951047-1001.…\MountPoints2: {da8a4322-efee-11e0-a7db-806e6f6e6963} - D:\aoesetup.exe
HKU\S-1-5-21-2996037247-2576826795-443951047-1001.…409d6c4515e9\InprocServer32: [Default-shell32] C:$Recycle.Bin\S-1-5-21-2996037247-2576826795-443951047-1001$a95c1c61ae0fa0bf5991238fc6bef113\n. ATTENTION! ====> ZeroAccess?
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-03-30] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [193128 2011-03-30] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: 00avast → {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 → {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\A\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 → {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\A\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 → {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\A\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 → {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\A\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 → {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\A\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 → {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\A\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 → {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\A\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
SearchScopes: HKLM-x32 - {d3f22a84-2a84-49eb-91e6-5dadaaf0165d} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^GR^xdm024^S09396^gb&si=CLib9ciBuL0CFTCWtAodiFUAVA&ptb=36EB897F-DB84-480C-9F05-B4FD038C2411&ind=2014032911&n=780bb40f&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {d3f22a84-2a84-49eb-91e6-5dadaaf0165d} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^GR^xdm024^S09396^gb&si=CLib9ciBuL0CFTCWtAodiFUAVA&ptb=36EB897F-DB84-480C-9F05-B4FD038C2411&ind=2014032911&n=780bb40f&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {ECAE5815-756B-4DA0-B6E7-416B2E1E7001} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
BHO: SnagIt Toolbar Loader → {00C6482D-C502-44C8-8409-FCE54AD9C208} → C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
BHO: avast! Online Security → {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} → C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper → {72853161-30C5-4D22-B7F9-0BBC1D38A37E} → C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper → {9030D464-4C02-4ABF-8ECC-5164760863C6} → C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print → {9421DD08-935F-4701-A9CA-22DF90AC4EA6} → C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Office Document Cache Handler → {B4F3A835-0E21-4959-BA22-42B3008E02FF} → C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SnagIt Toolbar Loader → {00C6482D-C502-44C8-8409-FCE54AD9C208} → C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
BHO-x32: Adobe PDF Link Helper → {18DF081C-E8AD-4283-A596-FA578C2EBDC3} → C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper → {72853161-30C5-4D22-B7F9-0BBC1D38A37E} → C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: avast! Online Security → {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} → C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper → {9030D464-4C02-4ABF-8ECC-5164760863C6} → C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper → {AE7CD045-E861-484f-8273-0445EE161910} → C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler → {B4F3A835-0E21-4959-BA22-42B3008E02FF} → C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class → {F4971EE7-DAA0-4053-9964-665D8EE6A077} → C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:

FF ProfilePath: C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\3gllknm2.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
FF NetworkProxy: “gopher”, “”
FF NetworkProxy: “gopher_port”, 0
FF NetworkProxy: “share_proxy_settings”, true
FF NetworkProxy: “type”, 0
FF Plugin: @adobe.com/FlashPlayer → C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/JavaPlugin → C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE → disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 → C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer → C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 → C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican → C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 → C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin → C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE → disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 → c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 → C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 → C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 → C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 → C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 → C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 → C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 → C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 → C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 → C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 → C:\Users\A\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\3gllknm2.default\searchplugins\yahoo_ff.xml
FF Extension: Auto Hide IP - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\3gllknm2.default\Extensions\support@auto-hide-ip.com.xpi [2012-12-17]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-12-10]
FF HKLM-x32.…\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-08-26]

Chrome:

CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: “hxxp://www.google.com/”
CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Extension: (Google Docs) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-11]
CHR Extension: (Google Drive) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-11]
CHR Extension: (Google Search) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-11]
CHR Extension: (Google Wallet) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-11]
CHR Extension: (Gmail) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29178224 2007-02-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-07] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 StatusAgent4; C:\Windows\SysWOW64\SAgent4.exe [131072 2006-12-20] (SEIKO EPSON CORPORATION) [File not signed]
S3 wampapache; c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe [21504 2011-09-26] (Apache Software Foundation) [File not signed]
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.5.16\bin\mysqld.exe [9665536 2011-09-26] () [File not signed]
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-26] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-26] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-08-26] ()
U0 hemhr; C:\Windows\System32\drivers\lsfxbkc.sys [79064 2014-08-21] (Malwarebytes Corporation)
S2 Nsynas32; C:\Windows\SysWow64\Drivers\Nsynas32.sys [17784 2001-04-09] (Syncrosoft Hard- und Software GmbH) [File not signed]
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [867064 2013-05-19] (Duplex Secure Ltd.)
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2012-12-05] (Seiko Epson Corporation)
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-21 22:31 - 2014-08-21 22:31 - 00030660 _____ () C:\Users\A\Desktop\FRST.txt
2014-08-21 22:28 - 2014-08-21 22:29 - 02101760 _____ (Farbar) C:\Users\A\Desktop\FRST64.exe
2014-08-21 22:18 - 2014-08-21 22:20 - 00044995 _____ () C:\Users\A\Downloads\FRST.txt
2014-08-21 22:17 - 2014-08-21 22:19 - 02101760 _____ (Farbar) C:\Users\A\Downloads\FRST64.exe
2014-08-21 22:12 - 2014-08-21 22:12 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\lsfxbkc.sys
2014-08-21 21:54 - 2014-08-21 21:55 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-21 21:54 - 2014-08-21 21:54 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-21 21:54 - 2014-08-21 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-21 21:54 - 2014-08-21 21:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-21 21:54 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-21 21:54 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-21 21:54 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-21 21:39 - 2014-08-21 22:31 - 00000000 ____D () C:\FRST
2014-08-21 21:16 - 2014-08-21 21:16 - 00000000 ____D () C:\Users\A\AppData\Local\Adobe
2014-08-18 20:54 - 2014-08-18 20:54 - 00035670 _____ () C:\Users\A\Downloads\Cigarettes and Coffee.zip
2014-08-18 20:48 - 2014-08-18 20:48 - 00012238 _____ () C:\Users\A\Downloads\mopster.zip
2014-08-18 20:47 - 2014-08-18 20:47 - 00221311 _____ () C:\Users\A\Downloads\campton.zip
2014-08-18 20:47 - 2014-08-18 20:47 - 00014516 _____ () C:\Users\A\Downloads\SC_KSlab-Bold.zip
2014-08-18 20:45 - 2014-08-18 20:45 - 02657529 _____ () C:\Users\A\Downloads\focus.zip
2014-08-18 20:43 - 2014-08-18 20:43 - 00018273 _____ () C:\Users\A\Downloads\BARN.zip
2014-08-18 20:41 - 2014-08-18 20:41 - 00114494 _____ () C:\Users\A\Downloads\overpass.zip
2014-08-18 20:39 - 2014-08-18 20:39 - 00170228 _____ () C:\Users\A\Downloads\Derkon-Derkon-Hand.zip
2014-08-18 20:37 - 2014-08-18 20:37 - 00840291 _____ () C:\Users\A\Downloads\glober.zip
2014-08-18 20:36 - 2014-08-18 20:36 - 00006317 _____ () C:\Users\A\Downloads\quasith.zip
2014-08-18 20:33 - 2014-08-18 20:33 - 00831212 _____ () C:\Users\A\Downloads\30_Minutes_to_Mars.zip
2014-08-18 20:32 - 2014-08-18 20:32 - 00241444 _____ () C:\Users\A\Downloads\disclaimer.zip
2014-08-18 20:28 - 2014-08-18 20:28 - 00026724 _____ () C:\Users\A\Downloads\GRAVO_free_font.ttf
2014-08-17 09:20 - 2014-08-17 09:20 - 00000017 _____ () C:\Users\A\AppData\Local\resmon.resmoncfg
2014-08-17 09:18 - 2014-08-17 09:18 - 00003240 _____ () C:\Windows\System32\Tasks{3EA8A00C-33A0-4072-AA30-5B4239389FDA}
2014-08-10 14:20 - 2014-08-10 14:21 - 00000000 ____D () C:\Users\A\Documents\Photos
2014-07-31 21:50 - 2014-07-31 21:50 - 00005062 _____ () C:\Users\A\Downloads[katph.eu]wake.em.up.how.to.use.humor.other.professional.techniques.to.create.alarmingly.good.business.presentations.thomas.antion.epub.mobi.yeal.torrent

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-21 22:31 - 2014-08-21 22:31 - 00030660 _____ () C:\Users\A\Desktop\FRST.txt
2014-08-21 22:31 - 2014-08-21 21:39 - 00000000 ____D () C:\FRST
2014-08-21 22:30 - 2012-02-15 21:36 - 00000388 _____ () C:\Windows\Tasks\Acer Registration - Reminder Recall task.job
2014-08-21 22:29 - 2014-08-21 22:28 - 02101760 _____ (Farbar) C:\Users\A\Desktop\FRST64.exe
2014-08-21 22:20 - 2014-08-21 22:18 - 00044995 _____ () C:\Users\A\Downloads\FRST.txt
2014-08-21 22:19 - 2014-08-21 22:17 - 02101760 _____ (Farbar) C:\Users\A\Downloads\FRST64.exe
2014-08-21 22:12 - 2014-08-21 22:12 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\lsfxbkc.sys
2014-08-21 22:12 - 2012-06-16 13:23 - 00000000 ____D () C:\Users\A\Documents\Calibre Library
2014-08-21 22:03 - 2012-02-16 14:30 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-21 21:59 - 2013-01-04 08:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-21 21:55 - 2014-08-21 21:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-21 21:54 - 2014-08-21 21:54 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-21 21:54 - 2014-08-21 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-21 21:54 - 2014-08-21 21:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-21 21:54 - 2012-09-04 08:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-21 21:30 - 2012-02-15 21:16 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-21 21:16 - 2014-08-21 21:16 - 00000000 ____D () C:\Users\A\AppData\Local\Adobe
2014-08-21 21:06 - 2009-07-14 06:13 - 00805598 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-21 21:03 - 2009-07-14 05:51 - 00127137 _____ () C:\Windows\setupact.log
2014-08-21 20:55 - 2012-03-27 20:23 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{58E385A2-BFE2-486F-B14C-63325BC6FCDC}
2014-08-21 20:54 - 2009-07-14 05:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-21 20:54 - 2009-07-14 05:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-21 20:52 - 2013-01-04 08:22 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-21 20:52 - 2012-04-01 20:11 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-21 20:52 - 2011-08-12 08:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-21 20:50 - 2011-10-06 08:46 - 01322989 _____ () C:\Windows\WindowsUpdate.log
2014-08-21 20:48 - 2012-05-09 15:53 - 00000286 _____ () C:\Windows\TWAIN.LOG
2014-08-21 20:48 - 2012-05-09 15:53 - 00000156 _____ () C:\Windows\Twunk001.MTX
2014-08-21 20:48 - 2012-05-09 15:53 - 00000005 _____ () C:\Windows\Twain001.Mtx
2014-08-21 20:47 - 2012-02-16 14:30 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-21 20:46 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-20 21:02 - 2013-09-26 12:01 - 00000000 ____D () C:\Users\A\Documents\fay
2014-08-20 20:51 - 2012-07-25 20:33 - 00000000 ____D () C:\Users\A\Documents\Outlook Files
2014-08-20 17:44 - 2012-07-25 20:37 - 1950368768 _____ () C:\Users\A\Desktop\Personal.pst
2014-08-20 17:29 - 2009-07-14 05:45 - 03129944 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-18 23:00 - 2014-05-05 21:40 - 00000000 ____D () C:\Users\A\Desktop\FBT
2014-08-18 23:00 - 2012-02-15 21:10 - 00000000 ____D () C:\Users\A\AppData\Roaming\Adobe
2014-08-18 21:09 - 2012-02-15 21:02 - 00150112 _____ () C:\Users\A\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-18 20:54 - 2014-08-18 20:54 - 00035670 _____ () C:\Users\A\Downloads\Cigarettes and Coffee.zip
2014-08-18 20:48 - 2014-08-18 20:48 - 00012238 _____ () C:\Users\A\Downloads\mopster.zip
2014-08-18 20:47 - 2014-08-18 20:47 - 00221311 _____ () C:\Users\A\Downloads\campton.zip
2014-08-18 20:47 - 2014-08-18 20:47 - 00014516 _____ () C:\Users\A\Downloads\SC_KSlab-Bold.zip
2014-08-18 20:45 - 2014-08-18 20:45 - 02657529 _____ () C:\Users\A\Downloads\focus.zip
2014-08-18 20:43 - 2014-08-18 20:43 - 00018273 _____ () C:\Users\A\Downloads\BARN.zip
2014-08-18 20:41 - 2014-08-18 20:41 - 00114494 _____ () C:\Users\A\Downloads\overpass.zip
2014-08-18 20:39 - 2014-08-18 20:39 - 00170228 _____ () C:\Users\A\Downloads\Derkon-Derkon-Hand.zip
2014-08-18 20:37 - 2014-08-18 20:37 - 00840291 _____ () C:\Users\A\Downloads\glober.zip
2014-08-18 20:36 - 2014-08-18 20:36 - 00006317 _____ () C:\Users\A\Downloads\quasith.zip
2014-08-18 20:33 - 2014-08-18 20:33 - 00831212 _____ () C:\Users\A\Downloads\30_Minutes_to_Mars.zip
2014-08-18 20:32 - 2014-08-18 20:32 - 00241444 _____ () C:\Users\A\Downloads\disclaimer.zip
2014-08-18 20:28 - 2014-08-18 20:28 - 00026724 _____ () C:\Users\A\Downloads\GRAVO_free_font.ttf
2014-08-18 20:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-17 09:47 - 2012-07-13 20:27 - 00000000 ____D () C:\Users\A\AppData\Roaming\ConnectPortal
2014-08-17 09:20 - 2014-08-17 09:20 - 00000017 _____ () C:\Users\A\AppData\Local\resmon.resmoncfg
2014-08-17 09:18 - 2014-08-17 09:18 - 00003240 _____ () C:\Windows\System32\Tasks{3EA8A00C-33A0-4072-AA30-5B4239389FDA}
2014-08-15 23:16 - 2013-08-26 23:01 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-15 21:05 - 2014-04-11 09:00 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-13 17:26 - 2012-02-25 16:02 - 04805632 ___SH () C:\Users\A\Documents\Thumbs.db
2014-08-12 15:14 - 2012-02-16 17:51 - 00000000 ____D () C:\FAY
2014-08-10 14:21 - 2014-08-10 14:20 - 00000000 ____D () C:\Users\A\Documents\Photos
2014-08-04 20:30 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-01 20:36 - 2012-02-16 17:04 - 00000000 ____D () C:\Users\A\AppData\Roaming\Azureus
2014-07-31 22:30 - 2012-02-16 17:04 - 00000000 ____D () C:\Program Files (x86)\Vuze
2014-07-31 21:50 - 2014-07-31 21:50 - 00005062 _____ () C:\Users\A\Downloads[katph.eu]wake.em.up.how.to.use.humor.other.professional.techniques.to.create.alarmingly.good.business.presentations.thomas.antion.epub.mobi.yeal.torrent
ZeroAccess:
C:\Users\A\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

ZeroAccess:
C:$Recycle.Bin\S-1-5-21-2996037247-2576826795-443951047-1001$a95c1c61ae0fa0bf5991238fc6bef113

Files to move or delete:

C:\Users\A\CTX.DAT

Some content of TEMP:

C:\Users\A\AppData\Local\Temp\abwcuwniwjwirnlqvcb.exe
C:\Users\A\AppData\Local\Temp\arctic-loop.exe
C:\Users\A\AppData\Local\Temp\AutoRun.exe
C:\Users\A\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\A\AppData\Local\Temp\bassmod.dll
C:\Users\A\AppData\Local\Temp\CNC4LauncherUpdate.exe
C:\Users\A\AppData\Local\Temp\ctccSreader.exe
C:\Users\A\AppData\Local\Temp\dsHostCheckerSetup.exe
C:\Users\A\AppData\Local\Temp\dsNCInst64.exe
C:\Users\A\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\A\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\A\AppData\Local\Temp\gwunstal.exe
C:\Users\A\AppData\Local\Temp\H2OWISE.dll
C:\Users\A\AppData\Local\Temp\htmlayout.dll
C:\Users\A\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe
C:\Users\A\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\A\AppData\Local\Temp\install_flashplayer12x32ax_gtba_chra_dy_aaa_aih.exe
C:\Users\A\AppData\Local\Temp\IrsoDLL.dll
C:\Users\A\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\A\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\A\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\A\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\A\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\A\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\A\AppData\Local\Temp\neoNCSetup64.exe
C:\Users\A\AppData\Local\Temp\tbVuze.dll
C:\Users\A\AppData\Local\Temp\uninstall2698037.exe
C:\Users\A\AppData\Local\Temp\uninstall2698084.exe
C:\Users\A\AppData\Local\Temp\uninstall2698177.exe
C:\Users\A\AppData\Local\Temp\uninstall2698208.exe
C:\Users\A\AppData\Local\Temp_cynosure1406234427166172040.dll
C:\Users\A\AppData\Local\Temp_cynosure3800862476346600216.dll
C:\Users\A\AppData\Local\Temp_cynosure4782807625132268860.dll
C:\Users\A\AppData\Local\Temp_cynosure5179946924797773670.dll
C:\Users\A\AppData\Local\Temp_cynosure5301798766996680584.dll
C:\Users\A\AppData\Local\Temp_cynosure5528356329039947823.dll
C:\Users\A\AppData\Local\Temp_cynosure6133795409171498286.dll
C:\Users\A\AppData\Local\Temp_cynosure7661863148226630789.dll
C:\Users\A\AppData\Local\Temp_cynosure8695076745028569605.dll
C:\Users\A\AppData\Local\Temp_cynosure881222842660695687.dll
C:\Users\A\AppData\Local\Temp_cynosure8849180580406640453.dll
C:\Users\A\AppData\Local\Temp_cynosure8922711982153594377.dll
C:\Users\A\AppData\Local\Temp_cynosure956864051858223258.dll
C:\Users\A\AppData\Local\Temp_DeviceId1973228081265501871.dll
C:\Users\A\AppData\Local\Temp_DeviceId262967921146848232.dll
C:\Users\A\AppData\Local\Temp_DeviceId3294836850469798632.dll
C:\Users\A\AppData\Local\Temp_DeviceId448535056203632763.dll
C:\Users\A\AppData\Local\Temp_DeviceId5989105763384444820.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

LastRegBack: 2014-08-13 17:50

==================== End Of Log ============================

Hello, ignatiusflange.

Next time, do not copy-paste the logs as forum software does not allow it. Simply attach the logs using ‘Attachments and other options’ > ‘Attach’ button.

  1. Please download ComboFix by sUBs (
    http://www.mcshield.net/personal/magna86/Images/IconComboFix.png
    ) from here and save it to your Desktop.
    [i]If you are unsure how ComboFix works, read this guide.

  1. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
    If you are unsure how to do this please read this or this Instruction.

Instructions how to disable avast:
• Right click on the avast! system tray icon (
http://www.mcshield.net/pg/images/avast5.png
) in the lower right corner of the screen and scroll up to avast! shield controls;
• In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn back on this option after the cleaning by choosing avast! shield controls > Enable all shield options.


  1. Run ComboFix. Then, on disclaimer window, click I Agree! button.

[i][size=7pt]- ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
-If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.

  • ComboFix will scan your computer in stages, total of 50 stages.
    Do not mouse-click around while ComboFix is running.
  • If malware is detected, ComboFix will begin with its removal, and may need to restart Windows.
    Note:If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart your computer.
    [/i]

  1. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt)
    => Attach log report (ComboFix.txt) back to topic.

ComboFix shall also create addition log (typical location: C:\Qoobox\ComboFix-quarantined-files.txt)
=> Please attach that report (ComboFix-quarantined-files.txt) as well.

bump!

@ignatiusflange
Are you still with me? Your PC is heavily infected and system itself calls for desperate help …

Sorry magna I have not been able to get back on here. I can’t see avast running. I went into services and could see an avast one but get access denied when trying to stop it even though I am admin.
I therefore can’t run combo fix.
Should I try in safe mode?

Appreciate the help

Skip disabling AntiVirus for now. Just try to run ComboFix. When the tool warns you abaut active AntiVirus module, just press Ok and ignore that message.

We need to deploy ComboFix and probably later CFScript as well. We shall se …

Combofix log attached.

Excellent, we’re making some progress. Let’s continue with removal …

Re-run FRST tool …

[*]Double-click to run it. Make shure the box for ‘Addition’ option is checked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The tool should make another log (Addition.txt). Please attach it to your reply as well.

.

Please download Farbar Service Scanner and run it on the computer with the issue.
[*]Make sure all options are checked:
[*]Press “Scan”.
[*]It will create a log (FSS.txt) in the same directory the tool is run.
[*]Please copy and paste the log to your reply.

Attached

Now access to Programs and Feautres via Start > Control Panel and try to remove/uninstall the following adware:

AppSafe

If the program refuses the uninstallation, skip this and go to the next Step by running FRST’s script.

.

Next …

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Start REG: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AppSafe" /f File: C:\Users\Andrew\CTX.DAT

Hosts:
HKU\S-1-5-21-2996037247-2576826795-443951047-1001\Software\Classes\exefile: <===== ATTENTION!
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes’ Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Symantec <====== ATTENTION
SearchScopes: HKLM-x32 - {d3f22a84-2a84-49eb-91e6-5dadaaf0165d} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^GR^xdm024^S09396^gb&si=CLib9ciBuL0CFTCWtAodiFUAVA&ptb=36EB897F-DB84-480C-9F05-B4FD038C2411&ind=2014032911&n=780bb40f&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {d3f22a84-2a84-49eb-91e6-5dadaaf0165d} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^GR^xdm024^S09396^gb&si=CLib9ciBuL0CFTCWtAodiFUAVA&ptb=36EB897F-DB84-480C-9F05-B4FD038C2411&ind=2014032911&n=780bb40f&psa=&st=sb&searchfor={searchTerms}
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
U3 catchme; ??\C:\ComboFix\catchme.sys

EmptyTemp:
End

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

log attached. Avast now running!!!

ps appsafe uninstalled.

I see you are offline. i’m assuming all is good now.

Many thanks for your time and help. Much appreciated!

Now update the Malwarebytes AntiMalware and preform the Threat Scan and post here the resulting log. If needed, below are fully instructions how to install, set and preform the scan with MBAM.

Please download Malwarebytes Anti-Malware ver. 2.0 and install the application.

Double-click on mbam-setup.exe and follow the prompts to install the program. Upon installation, click Finish
Note: A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish…
On the first launch, you’ll get an “Update” notification. Click the ‘Update Now >>’ link or button to complete update.

• Configure the scanner. On the Settings tab, Detection and Protection adjust the following options:

  • subtab Detection Options, tick the box ‘Scan for rootkits’.
  • subtab Non-Malware Protection, for PUP detections, from ‘Warn user abaut detecion’ select ‘Threat detections as malware’.

• Preform the Scan. Click on the Scan tab, then click on Scan Now >> for Threat Scan.
If an update is available, click the ‘Update Now’ button, then continue to Scan.
Note: only with some infections, you may see this message box ‘Could not load DDA driver’
In this case, click ‘Yes’ to this message, to allow the driver to load after a restart.
Allow the computer to restart. Continue with the rest of these instructions.

When the scan is complete, click Apply Actions. Wait for the prompt to restart the computer to appear, then click on Yes.

• Post the logs. Click on the History tab > Application Logs. Double click on the Scan Log which shows the date and time of just performed scan.

  • Click Export button at the bottom, and then select the ‘Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type “mbam” (without quotes) for your scan log name and click Save.
  • A message box “Your file has been successfully exported” should appear, click Ok and close the windows.

Please attach the exported/saved log named as mbam.txt to your next reply.