Avast blocked by group policy

I don’t know when this problem started but today when I opened avast it showed me this message.

I read some other similar threads and downloaded FRST and ran scan but I don’t know what to do next.I have attached the logs for review.

Can someone help please

  • Open notepad
  • Copy/paste the underneath code in it
  • Save the file as fixlist.txt in the same folder as where you have Farbar
  • Open Farbar
  • Click Fix
  • Reboot
  • Attach fixlog.txt to your next post

start
HKLM\...\Run: [] => [X]
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Norton AntiVirus <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
HKU\S-1-5-21-4267543570-606607268-2551215722-1000\...\Run: [uTorrent] => C:\Users\HP\AppData\Roaming\uTorrent\uTorrent.exe [1416016 2014-09-18] (BitTorrent Inc.)
HKU\S-1-5-21-4267543570-606607268-2551215722-1000\...\Run: [Ads Expert Browser] => C:\Users\HP\AppData\Roaming\AEB\Updater_aeb.exe [48640 2014-08-19] ()
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.default-search.net?sid=503&aid=101&itype=n&ver=13001&tm=391&src=hmp
URLSearchHook: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
URLSearchHook: HKCU - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=adk&from=adk&uid=HitachiXHTS725050A9A364_101126PCK404GLG17JHJX&ts=1372498807
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ieb&appid=393&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKLM - {756D1D40-E491-4E1D-9BC6-5B37CEDE646E} URL = http://www.arabyonline.com/search/?q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ieb&appid=393&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = http://www.default-search.net/search?sid=503&aid=101&itype=n&ver=13001&tm=391&src=ds&p={searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchisfun.info/?l=1&q={searchTerms}&pid=356&r=2013/09/06&hid=3225105022545183118&lg=EN&cc=SA&unqvl=33
SearchScopes: HKLM - {E627DC4B-8C04-4234-A2D4-1D634EE01C41} URL = http://fastestwebsearch.com/search?q={searchterms}
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.mystart.com/results.php?gen=ms&pr=manycam&id=manycamtb&v=5_3&ent=ch_5007&q={searchTerms}
SearchScopes: HKCU - {756D1D40-E491-4E1D-9BC6-5B37CEDE646E} URL = http://www.arabyonline.com/search/?q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ieb&appid=393&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = http://www.default-search.net/search?sid=503&aid=101&itype=n&ver=13001&tm=391&src=ds&p={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - {B58634C2-DCC4-49C9-86D2-DDD43936018B} URL = http://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^SA&apn_uid=272da08e-9ec6-46bc-976c-4a5c12dfe726&apn_sauid=A2B2408C-F81E-4860-915A-B46298B9BFF0
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-flv
SearchScopes: HKCU - {E627DC4B-8C04-4234-A2D4-1D634EE01C41} URL = http://fastestwebsearch.com/search?q={searchterms}
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=IDSSNAV&chn=retail&geo=US&ver=2013&locale=en_US&gct=sb&qsrc=2869
BHO: Total-1.8 -> {11111111-1111-1111-1111-110511331160} -> C:\Program Files\Total-1.8\Total-1.8-bho.dll (HQ-VPro)
BHO: Vonteera Class -> {437B9306-2FDE-4054-A3C9-6B49507C12D0} -> C:\Program Files\VonteeraAddon\Vonteera.dll (Vonteera)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll No File
Toolbar: HKLM - No Name - !{3775afd7-5921-4571-968f-85a631203d1c} -  No File
Toolbar: HKLM - No Name - !{872b5b88-9db5-4310-bdd0-ac189557e5f5} -  No File
Toolbar: HKLM - No Name - !{A13C2648-91D4-4bf3-BC6D-0079707C4389} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF SearchEngineOrder.1: default-search.net
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF Keyword.URL: hxxp://www.mystart.com/results.php?pr=manycam&id=manycamtb&v=5_3&ent=bs____campaignID___&q=
FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\dxrjlvhv.default\searchplugins\default-search.xml
FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\dxrjlvhv.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\dxrjlvhv.default\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mystarttb.xml
FF Extension: Wincore Mediabar - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\dxrjlvhv.default\Extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0} [2013-10-27]
CHR HKLM\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files\mystarttb\chrome-newtab-search.crx [2013-03-27]
R2 winzipersvc; C:\Program Files\WinZipper\winzipersvc.exe [424104 2013-08-24] (Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION
EmptyTemp:
CMD: ipconfig /flushdns
 CMD: netsh winsock reset all
 CMD: netsh int ipv4 reset
 CMD: netsh int ipv6 reset
 CMD: bitsadmin /reset /allusers
end

Thank you

I did the steps as you said and have attached the fixlog.

How is the system behaving now ?

System is running smoothly now…much better than before.Did a scan and some other problems were fixed automatically.

You might want Malwarebytes and Unchecky…

https://www.malwarebytes.org/
http://unchecky.com/

Unchecky will help you A LOT. Attach a Malwarebytes scan. You had a lot of sh*t ware on that system.

Also, uTorrent… If you don’t use it, ditch it. It’s not worth the risk of becoming reinfected, not worth it even if you do use it.

Please run Farbar again and attach a new log to your post.
Let’s see if we missed something.

Eddy, I see you targeted Mayris Updater in your fixlist. You missed the other part of the adware (Process)

(Mayris Corporation, Panama) C:\Users\HP\AppData\Roaming\AEB\CheckWork.exe

I am having the same problem. I’ve attached the FarBar Files