system
April 30, 2015, 6:04pm
1
Hi,
A week ago i’ve come across this issue,avast didn’t work anymore:
“This program is blocked by group policy. For more information, please contact your system administrators”.
Furthermore, even my tuneup utilities was cut off.
Tried pandavirus,malwarebytes and frst, a trojan and several malware were detected,and they were purged all .
Now Avast can run but I can’t access to firewall settings and tuneup is still messed up.
Any help to fix this matter would be really appreciated.
Here my frst reports.
Could you let me know what problems there are after this
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Alwil Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKU\S-1-5-21-1629524539-907157445-2416487771-1000\...\MountPoints2: G - G:\StartUp.exe
HKU\S-1-5-21-1629524539-907157445-2416487771-1000\...\MountPoints2: H - H:\AutoRun.exe
HKU\S-1-5-21-1629524539-907157445-2416487771-1000\...\MountPoints2: {2fde8c8e-6c1b-11de-a35f-001a80186727} - G:\Launch.exe
HKU\S-1-5-21-1629524539-907157445-2416487771-1000\...\MountPoints2: {432ad50f-af7b-11de-8aa4-001a80186727} - RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\service.exe
HKU\S-1-5-21-1629524539-907157445-2416487771-1000\...\MountPoints2: {9d167641-c0bb-11df-9b58-001a80186727} - H:\WindowsUI\Autorun.exe
HKU\S-1-5-21-1629524539-907157445-2416487771-1000\...\MountPoints2: {dfe8e305-c0e1-11df-b98e-001a80186727} - H:\WindowsUI\Autorun.exe
HKU\S-1-5-21-1629524539-907157445-2416487771-1000\...\MountPoints2: {e4b1d9b7-9402-11e3-8fa5-001e101f36d9} - H:\AutoRun.exe
IFEO: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\app4r.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\bttray.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\drivershq.driverdetective.client.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\eprojmanager.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\googledesktop.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\googledesktopsetup.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\googletalk.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\mstore.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\nhancer.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\offdiag.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\ois.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\onenotem.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\photoshop elements 5.0.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\photoshopelementseditor.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\photoshopelementsorganizer.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\pptview.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\realconverter.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\realplay.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\realtrimmer.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\rnxproc.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\setup.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\shell.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\smtpservergui.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\uninst.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\vmserversettingsicon.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\vmsetup.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\windvd.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
URLSearchHook: HKU\S-1-5-21-1629524539-907157445-2416487771-1000 - (No Name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - No File
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> No File
Toolbar: HKLM - No Name - {bd0e4d83-654e-4213-965b-fcbe887061f4} - No File
Toolbar: HKU\S-1-5-21-1629524539-907157445-2416487771-1000 -> No Name - {BD0E4D83-654E-4213-965B-FCBE887061F4} - No File
Task: {38262F4F-611A-40C8-8F90-65A8DC085C1B} - System32\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757} => C:\Users\PIERMA~1\AppData\Local\Temp\b.exe <==== ATTENTION
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt , in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan .
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok .
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.
Thanks a lot essexboy!
Now everything is running as usual. Although tuneup was still giving the commonforms.bpl error,so i’ve had to reinstall it,and now it’s fine. You saved me a lot of concerns so thank you again mate!