Virus or Malware

My avast firewall is “unable to start” and my connection acts very screwy, (downloads take forever, my connection to my game League of Legends gets all screwed up) even though my connection is fine. The computer also has run a lot slower lately. I updated avast, and renewed it, I ran a few boot scans, it seems to be running a little better but the connection problems persist.

https://forum.avast.com/index.php?topic=53253.0

Here’s Malawarebytes log and Farbar log, running rootkit scanner now

the rootkit report

We also need FRST.txt from Farbar.

ok, here it is :

Nothing overly dramatic on the system

I will reset some network data and then ask you to re-install Avast

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzu0EtDtA0FyEzy0D0Czz0FyByB0FyB0A0AtN0D0Tzu0SzytCtBtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDtDyD0DzzyDtB0FtG0CyB0F0FtG0E0B0C0AtG0FyB0FzytGyD0F0AyByDyCyB0DzyyDzy0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzzzyyDyCyEyDtDtGtC0AyDzytGzyyEyBzztG0AtD0BzytGyByCyB0A0EyCtD0E0A0E0F0B2Q&cr=903611235&ir= SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzu0EtDtA0FyEzy0D0Czz0FyByB0FyB0A0AtN0D0Tzu0SzytCtBtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDtDyD0DzzyDtB0FtG0CyB0F0FtG0E0B0C0AtG0FyB0FzytGyD0F0AyByDyCyB0DzyyDzy0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzzzyyDyCyEyDtDtGtC0AyDzytGzyyEyBzztG0AtD0BzytGyByCyB0A0EyCtD0E0A0E0F0B2Q&cr=903611235&ir= FF SelectedSearchEngine: WSE Rocket 2015-05-29 21:20 - 2015-02-03 15:49 - 00010240 _____ () C:\ProgramData\Z@!-5cb0464f-a4f9-467d-a066-0e8335d1395a.tmp 2015-05-29 21:20 - 2015-02-03 15:49 - 00009216 _____ () C:\ProgramData\Z@S!-1f17b79d-2d6a-4557-b46d-2a2dd8ffe443.tmp 2015-05-29 21:16 - 2015-02-03 15:49 - 00010240 _____ () C:\Users\MoonWeazle\AppData\Local\Z@!-1f176130-1499-4884-8403-468fbb572b4c.tmp 2015-05-29 21:16 - 2015-02-03 15:49 - 00010240 _____ () C:\ProgramData\Z@!-bb988a82-2f21-4925-b169-e7717152c30d.tmp 2015-05-29 21:16 - 2015-02-03 15:49 - 00009216 _____ () C:\Users\MoonWeazle\AppData\Local\Z@S!-1351ec09-8419-4929-b453-b17dace02df9.tmp 2015-05-29 21:13 - 2015-02-03 15:49 - 00010240 _____ () C:\Users\MoonWeazle\AppData\Local\Z@!-778aa71b-1780-476c-93bf-9c695c25266c.tmp 2015-05-29 21:16 - 2015-02-03 15:49 - 0010240 _____ () C:\Users\MoonWeazle\AppData\Local\Z@!-1f176130-1499-4884-8403-468fbb572b4c.tmp 2015-05-29 21:13 - 2015-02-03 15:49 - 0010240 _____ () C:\Users\MoonWeazle\AppData\Local\Z@!-778aa71b-1780-476c-93bf-9c695c25266c.tmp 2015-05-29 21:16 - 2015-02-03 15:49 - 0009216 _____ () C:\Users\MoonWeazle\AppData\Local\Z@S!-1351ec09-8419-4929-b453-b17dace02df9.tmp 2013-05-01 05:34 - 2012-09-07 07:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd 2013-05-01 05:34 - 2009-07-22 06:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe 2013-05-01 05:34 - 2012-09-07 07:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS 2015-05-29 21:20 - 2015-02-03 15:49 - 0010240 _____ () C:\ProgramData\Z@!-5cb0464f-a4f9-467d-a066-0e8335d1395a.tmp 2015-05-29 21:16 - 2015-02-03 15:49 - 0010240 _____ () C:\ProgramData\Z@!-bb988a82-2f21-4925-b169-e7717152c30d.tmp 2015-05-29 21:20 - 2015-02-03 15:49 - 0009216 _____ () C:\ProgramData\Z@S!-1f17b79d-2d6a-4557-b46d-2a2dd8ffe443.tmp Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Download Avast Uninstall Utility to your Desktop.
Download the correct version of Avast
Avast Free
Avast Pro
Avast Internet Security
Avast Premier
Disconnect from the net
Uninstall Avast via control panel

[]Run the uninstall tool and accept the reboot to safe mode
[
]Once complete reboot your system
[*]Reinstall Avast


I have it saved in the same spot as FRST.txt but it won’t let me “fix” :confused:

did you save it with name fixlist.txt at same location as FRST.exe

Here is fixlog! Thank you.

Now continue with essexboys instructions and he will be back with you soon

;D Awesome! Firewall is up and running, installed browser add on for security from avast (which never even prompted before!) yay. Thanks so much, greatly anticipating your next instructions!

All I need to know now is , are there any further problems ?

It still boots very slow, but the connection problem is gone, and it seems to run my programs better!
Thank you very much!

Boot speed can be a problem with 8.1 and there is a fix but it will take about an hour of your time to run it. I can give destructions if you wish

I don’t mind, it’s worth it for me.

Destruct away, Senpai!

OK here we go, read the instructions first and any questions just ask

Download the SDK web installer from here
Run the installer and select the following:

Leave the location to default

https://dl.dropbox.com/u/73555776/wdk%20location.JPG

Windows Performance Toolkit

https://dl.dropbox.com/u/73555776/Wintoolkitselect.JPG

You must reboot on completion of the install

After reboot set aside about 30 minutes when you will not need the computer

When ready start an elevated command prompt :

Go Start > All Programs > Accessories
Right click Command Prompt and select Run as Administrator

Then copy and paste the following command into the black box :

xbootmgr -trace boot -prepSystem -verboseReadyBoot

https://dl.dropbox.com/u/73555776/sdk%20command.JPG

Now your PC will be restarted 6 times. With a two minute pause before the tool runs after the desktop loads
After the second reboot the MS defragmentation program is running and is placing the files into an optimized layout, so that Windows will boot up faster
The last Reboots are training of readyBoot. After the training is finished, you’ll notice a huge improvement in startup.

Readyboot

The logical prefetching described above is used when the system has less than 512MB of memory. If the system has 700MB or more then an in-RAM cache is used to further optimize the boot process (it’s not clear from the book whether or not this ReadyBoot cache completely replaces the logical prefetching approach or just builds on it, my assumption is that both work together). After each boot the system generates a boot caching plan for the next boot using file trace information from up to the five previous boots which contains details of which files were accessed and where on the disk they were located. These traces are stored as .fx files in the