Root kit hijacking Avast! installed on login

Hello. While I am a technician professionally, picking apart bugs is not my forte. On my home PC, something has gotten on it with the following characteristics:

  • After login, Avast! asks if I’m invoking an installer and asks for my password. Initially the bug has penetrated Avast!, only after updating the engine did this activity start.
  • It appears to be going through Chrome, which is not installed on my system but I see is a bundled piece of software with Avast!.
    – Chrome was running many times in Task Manager
    – Many Chrome installations appeared throughout my \Users(my name)\AppData directory
  • This something was trolling through my Delphi directory, infecting software I’ve written, through the Interbase module.

To clean up, in safe mode I deleted all those Chrome directories, uninstalled Delphi, run SpyBot, MalwareBytes and ComboFix (which doesn’t run correctly) and updated the Avast! engine. However, I still have this on login, something is trying to modify Avast!. I’ve run a full, deep scan overnight with Avast! and it found no root kits but I suspect one is there.

I hope that was all clear. I attached a screengrab of my current Avast! install’s About. Let me know if there are any logs or other information you need. I’ll check back daily.

Attach your basic logs. (MBAM, FRST and aswMBR…!!)
Instructions: https://forum.avast.com/index.php?topic=53253.0

Malwarebytes is not designed to be run in safe mode so should only be run in safemode if there is a problem running it
yes it will run but all drivers are not loaded

Here are the logs, including Avast!'s semi-log showing that I ran a scan and it came up clean, last night.

C:\users\mwjp\appdata\local\falloutNV’s detection, via aswMBR, has been removed. That dll was open with the registry service, so I had to reboot and remove it in safe mode. On restarting normally, Avast! Secure Line tried to open, which I do not have installed.

I do know that MalwareBytes likes to run in normal login, especially inside the context of the user having the problems, but it was necessary to run it in safe mode yesterday. I’ll run the full, normal scan overnight tonight; I need to finish my final today and if I can limp along with Word, I’ll be o.k. for now.

OK, now you’ve to wait a bit…

Do you have the main FRST.txt please

avast and Windows defender running at the same time is not a good idea.

What main FRST.txt? I included the only one that was generated.

In that case could you run FRST again and it will generate two text files FRST and additions please attach both

SpyBot is useless anymore.
http://www.pcmag.com/article2/0,2817,2412372,00.asp