Hi guys,
My avast program won’t run anymore, it says it’s blocked by group policy.
I’m usually quite good at sorting issues with my computer myself and finding fixes but this one has left me clueless!!
Please please, any help anyone can give me would be great!!
Kelly
Hmm are you on a network ?
Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Select both shortcut and additions at the bottom
[*]Press Scan button.
https://dl.dropboxusercontent.com/u/73555776/frst.JPG
[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please attach all 3 logs generated.
Hi,
Thanks, the logs opened in notepad so I hope you can view them ok.
Download the attached Fixlist.txt to the same location as FRST
Run FRST and press Fix
On completion a log will be generated please post that
After the boot Avast should now be working
Sorted!! Thank you!! xx
Any further problems before I tidy up ?
I am having the same problem - avast is blocked by group policy - and ran Farbar. I attached the files. What do I do next?
Mike
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
HKLM-x32\...\Run: [ShopAtHomeWatcher] => C:\Users\Bonnie\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [129208 2014-06-30] (ShopAtHome.com) HKLM-x32\...\Run: [ShopAtHomeUpdater] => C:\Users\Bonnie\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe [199864 2014-06-30] (ShopAtHome.com) HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\Symantec Shared <====== ATTENTION HKU\S-1-5-21-3699218749-3858212246-94171829-1003\...\Run: [UcojImuha] => regsvr32.exe "C:\ProgramData\UcojImuha.dat" HKU\S-1-5-21-3699218749-3858212246-94171829-1003\...\Run: [ShopAtHomeWatcher] => C:\Users\Bonnie\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [129208 2014-06-30] (ShopAtHome.com) HKU\S-1-5-21-3699218749-3858212246-94171829-1003\...\Run: [ShopAtHomeUpdater] => C:\Users\Bonnie\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe [199864 2014-06-30] (ShopAtHome.com) HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/ URLSearchHook: ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKCU - DefaultScope {1930FF51-94A8-4BCA-B9A4-D9E4B129B6CB} URL = http://www.search.ask.com/web?tpid=ORJ-V7-SAT&o=APN11460&pf=V7&p2=%5EBE6%5EOSJ000%5EYY%5EUS&gct=&itbv=12.10.6.53&apn_uid=B3B11D19-03B8-4686-A51B-D8D75082ADC6&apn_ptnrs=BE6&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_11.0.9600.17207&doi=2014-07-25&trgb=IE&q={searchTerms}&psv= SearchScopes: HKCU - {1930FF51-94A8-4BCA-B9A4-D9E4B129B6CB} URL = http://www.search.ask.com/web?tpid=ORJ-V7-SAT&o=APN11460&pf=V7&p2=%5EBE6%5EOSJ000%5EYY%5EUS&gct=&itbv=12.10.6.53&apn_uid=B3B11D19-03B8-4686-A51B-D8D75082ADC6&apn_ptnrs=BE6&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_11.0.9600.17207&doi=2014-07-25&trgb=IE&q={searchTerms}&psv= SearchScopes: HKCU - {5834A217-A594-45F9-861D-7F1DB8C1C8ED} URL = http://isearch.shopathome.com?user_id={A3183C03-40C5-41F1-81D9-7E0D8EE4D7C7}&q={searchTerms} BHO: No Name -> {4F524A2D-5637-2D53-4154-7A786E7484D7} -> No File BHO: No Name -> {4F524A2D-5637-4300-76A7-7A786E7484D7} -> No File BHO-x32: TBSB07898 Class -> {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -> C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll () Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM-x32 - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll () Toolbar: HKCU - No Name - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - No File Toolbar: HKCU - No Name - {4F524A2D-5637-4300-76A7-7A786E7484D7} - No File Toolbar: HKCU - No Name - {4F524A2D-5637-2D53-4154-7A786E7484D7} - No File FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator - C:\Users\Bonnie\AppData\Roaming\Catalina – Print Savings\npBcsKtTcIO.dll (Catalina Marketing Corporation) CHR Extension: (Coupons.com Toolbar) - C:\Users\Bonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf [2014-06-05] R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177136 2014-04-28] (Coupons.com Inc.) 2014-07-28 18:50 - 2014-07-28 18:50 - 02119632 _____ (Valassis) C:\Users\Bonnie\Downloads\P@H_prodcand-43qrjQ1N.exe 2014-07-28 18:49 - 2014-07-28 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopAtHome.com Helper 2014-07-28 18:46 - 2014-07-28 18:46 - 02119632 _____ (Valassis) C:\Users\Bonnie\Downloads\P@H_prodcand-NX2F2DEO.exe 2014-07-28 19:04 - 2014-07-11 18:28 - 00000000 ____D () C:\Users\Bonnie\AppData\Roaming\ShopAtHome CMD: bitsadmin /reset /allusers CMD: DEL %TEMP%\*.* /F /S /Q CMD: RD /S /Q %TEMP% REBOOT:
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
I have the same problem. Could you please help me? Here are the files
I wonder why they only pick on Avast and McAfee
After the reboot Avast should work
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION HKU\S-1-5-21-257051856-3730921519-3780816642-1000\...\Run: [wvoafqhi] => regsvr32.exe "C:\ProgramData\wvoafqhi.dat" HKU\S-1-5-21-257051856-3730921519-3780816642-1000\...\MountPoints2: D - D:\wubi.exe SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
Thanks for the help, it seems to be working now.
Any further problems ?
I also have the same problem.
Forum won’t let me attach shortcuts file with the others or the posting is too large. The file is 1.29mb in size, too big to post on this forum. Max size of post is 1mb.
Never mind, I found it.
HKLM/SOFTWARE/Policies/Microsoft/Windows/safer/codeidentifiers/0
The keys below it are for AVG which I used to have installed and also Avast. Deleting the ‘0’ key which, in turn, deleted all the keys below it, allowed me to run Avast.
Now it only falls on the Avast programmers to find out what put those keys there or to disallow any keys that disable Avast or other AV or anti-malware programs to be entered there.
Let me know what problems remain
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
HKLM Group Policy restriction on software: B:\Documents and Settings\All Users\Application Data\AVG <====== ATTENTION HKLM Group Policy restriction on software: B:\Documents and Settings\All Users\Application Data\AVG <====== ATTENTION HKLM Group Policy restriction on software: B:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION HKLM Group Policy restriction on software: B:\Program Files\AVAST Software <====== ATTENTION URLSearchHook: HKLM-x32 - (No Name) - {88ac3cb6-596b-4217-964c-b6757ef9602d} - No File BHO: No Name -> {181F2C09-56DD-4F98-86D7-59BA2BC59B5A} -> No File BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File BHO-x32: No Name -> {181F2C09-56DD-4F98-86D7-59BA2BC59B5A} -> No File BHO-x32: No Name -> {1e50bbda-c15a-47d5-9853-d829ff890664} -> No File BHO-x32: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File BHO-x32: No Name -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> No File BHO-x32: No Name -> {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} -> No File BHO-x32: No Name -> {88ac3cb6-596b-4217-964c-b6757ef9602d} -> No File BHO-x32: No Name -> {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} -> No File BHO-x32: No Name -> {F1C81E40-2485-4DB6-8C9D-04BD596B281E} -> No File Toolbar: HKLM-x32 - No Name - {553891B7-A0D5-4526-BE18-D3CE461D6310} - No File Toolbar: HKLM-x32 - No Name - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - No File Toolbar: HKLM-x32 - No Name - {88ac3cb6-596b-4217-964c-b6757ef9602d} - No File Toolbar: HKLM-x32 - No Name - {828DC97A-2277-4E10-92A9-4907FA0922A9} - No File FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - B:\Program Files\IB Updater\Firefox FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - B:\Program Files\IB Updater\Firefox FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - B:\Program Files\IB Updater\Firefox FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - B:\Program Files\IB Updater\Firefox FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - B:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - B:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - B:\Program Files\IB Updater\source.crx [] CHR HKLM-x32\...\Chrome\Extension: [acfoobbgoakpihljnfedbcfaipcdlfhk] - B:\Users\Dale\AppData\Roaming\BabSolution\CR\bueno.crx [] CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - B:\Users\Dale\AppData\Local\Temp\ccex.crx [] CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - B:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-06-20] CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - B:\Program Files\IB Updater\source.crx [2013-06-20] CHR HKLM-x32\...\Chrome\Extension: [pmlghpafmmnmmkjdhacccolfgnkiboco] - B:\Program Files (x86)\1ClickDownload\oneclickdownloader11.crx [2014-07-04] 2014-10-22 01:21 - 2014-02-13 09:35 - 00000342 _____ () B:\Windows\Tasks\bench-sys.job 2014-10-22 00:40 - 2014-02-13 09:35 - 00000342 _____ () B:\Windows\Tasks\bench-S-1-5-21-1483909540-4107747572-2503045674-1001.job Task: {19F770E3-596F-4737-91D8-7FADDE73E41C} - System32\Tasks\{9B639DC6-04E3-46B3-8091-BFBB33CD81B6} => B:\Program Files (x86)\AVG\AVG2012\avgui.exe Task: {27AEBB5A-DD16-4775-BCFD-89F449DC0284} - System32\Tasks\bench-S-1-5-21-1483909540-4107747572-2503045674-1001 => B:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION Task: {3D86C94C-7317-4D5D-BB71-A5F0E2DC2A68} - System32\Tasks\{B928220C-70A9-4015-B05F-5143FA78EDB9} => B:\Program Files (x86)\AVG\AVG2012\avgui.exe Task: {4DA69576-5F84-416D-BCED-7DABC513EF1C} - System32\Tasks\Express FilesUpdate => B:\Program Files (x86)\ExpressFiles\EFUpdater.exe <==== ATTENTION Task: {70059C02-D53D-4EA0-8516-E3CC0592E854} - System32\Tasks\{C5C3D0FF-2AD6-462E-9140-F343DB70FF71} => B:\Program Files (x86)\AVG\AVG2012\avgui.exe Task: {900E16B4-3AEA-4B5F-9958-BF60611D231D} - System32\Tasks\pcreg => C:\Program Files\wrapper_inst\service.exe [2013-09-14] () <==== ATTENTION Task: {9FABCCF8-C924-49E9-B368-A16F67AA3BFF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1970835742GUI => B:\Users\Dale\AppData\Roaming\Telefónica\googleupd.exe <==== ATTENTION Task: {C26FD3FA-3AEA-4444-B431-FD0E8C9293D0} - System32\Tasks\bench-sys => B:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION Task: {E1187C35-82F5-49F1-A520-2A760A1A6A19} - System32\Tasks\{7EFECB4B-C8ED-421B-8F09-A294E67A45C5} => B:\Program Files (x86)\AVG\AVG2012\avgui.exe Task: B:\Windows\Tasks\bench-S-1-5-21-1483909540-4107747572-2503045674-1001.job => B:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION Task: B:\Windows\Tasks\bench-sys.job => B:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION B:\Program Files (x86)\AVG B:\Program Files\IB Updater B:\Program Files (x86)\Bench B:\Program Files (x86)\ExpressFiles C:\Program Files\wrapper_inst B:\Users\Dale\AppData\Roaming\Telefónica\googleupd.exe EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
I am also having this problem, I’ve been going crazy trying to fix it.
I have posted a fix for you in your own topic https://forum.avast.com/index.php?topic=158849.0
Essexboy,
I’m receiving the same message as these others when attempting to access Avast. I’ve attached the 3 .txt files you mentioned from the Farbar Recovery Scan tool. Could you please review and let me know the next step? Thanks…it’s much appreciated!
TK
Could everyone please start your own thread
troykirk your thread is here https://forum.avast.com/index.php?topic=158864.0
Essexboy, i´have the same problem too :-
Could you send me the text to fix?
Fix for eltonrcarvalho posted here https://forum.avast.com/index.php?topic=164938.new#new