avast blocked by group policy

Hi, i’ve just installed Avast pro and i’m getting the above error when I try and start it up…

I’ve run the Fabar Recovery Scan tool, logs attached.

Please help, Mcafee was killing my machine !

thanks

Webman

You should remove McAcrap before installing any other av.
http://www.ache.nl

I did !

Not sure why it’s still showing in the list !

Did you use the tool ?

Which tool ? I installed McFee from the control panel.

I ran the other tool and attached the 3 files to my initial post.

@confused :wink:

You need to run the uninstall tool for McAfee, that is why I gave you that link.

Sorry, I didn’t see the link. I’ve not got my computer with me at the mo, I’ll check it out when I get home later.

Thanks for all your help.

Take your time.
After removing McAfee, try to do a clean installation of avast.
https://forum.avast.com/index.php?topic=169255.msg1203279#msg1203279

If that fails, run Farbar again and attach the new logs.

You have the latest variant of poweliks. This is only the second time that I have seen this so it may take several runs as I will kill it by pieces

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKLM-x32\...\Run: [**3fdeaf54<*>] => mshta javascript:vog3nwYSB="Ygv5";R0X8=new%20ActiveXObject("WScript.Shell");WXZe4zlnY="NEB";UMw8z=R0X8.RegRead("HKLM\\software\\Wow6432Node\\b88f6968\\d7d3f891");vGYaHFm2e="Uz2";eval(UMw8z);HOZc14VTu= (the data entry has 5 more characters). <===== ATTENTION (Value Name with invalid characters) HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION HKLM\...\Policies\Explorer\Run: [61980944] => C:\ProgramData\msnvlgm.exe HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION HKU\S-1-5-21-366375899-1387106490-284134612-1001\...\Run: [**3fdeaf54<*>] => mshta javascript:yVT1laXCy="C1S";J14d=new%20ActiveXObject("WScript.Shell");YJv7AWh="7JVM";pr9xT=J14d.RegRead("HKCU\\software\\b88f6968\\d7d3f891");EL9o4fUHr="Tv9";eval(pr9xT);e1YkQOQz="Tf"; <===== ATTENTION (Value Name with invalid characters) HKU\S-1-5-21-366375899-1387106490-284134612-1001\...\Run: [**bc4486ce<*>] => mshta javascript:DYD1aob="yaV3V8";W8a=new%20ActiveXObject("WScript.Shell");bKGdj8ol="ezMu8VgPiH";Mf6n7U=W8a.RegRead("HKCU\\software\\b88f6968\\d7d3f891");dO7BoV7zGb="VcO8q0mdwY";eval(Mf6n7U);cP6GUIx2= (the data entry has 9 more characters). <===== ATTENTION (Value Name with invalid characters) HKU\S-1-5-21-366375899-1387106490-284134612-1001\...\Run: [Svc2dll] => C:\Users\Steve\AppData\Local\svcxdcl32.exe [110592 2015-07-13] (Pulizia) HKU\S-1-5-21-366375899-1387106490-284134612-1001\...\Run: [YaxmAfpa] => regsvr32.exe "C:\ProgramData\YaxmAfpa\KewowDilka.hss" 2015-07-13 21:52 - 2015-07-13 23:26 - 00000760 ____H C:\ProgramData\@system.temp 2015-07-13 21:52 - 2015-07-13 23:26 - 00000496 ____H C:\ProgramData\@system3.att 2015-07-13 21:51 - 2015-07-13 23:43 - 00000157 _____ C:\Users\Steve\AppData\Local\svcxdcl32.dat 2015-07-13 21:51 - 2015-07-13 23:39 - 00000000 ____D C:\Users\Steve\AppData\Roaming\ChromeUpdate 2015-07-13 21:51 - 2015-07-13 21:51 - 00000480 ____H C:\Users\Steve\AppData\Roaming\½???Ó??? 2015-07-13 21:50 - 2015-07-13 21:49 - 00110592 _____ (Pulizia) C:\Users\Steve\AppData\Local\svcxdcl32.exe 2015-07-13 21:49 - 2015-07-14 02:08 - 00000000 ___HD C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A} 2015-06-27 00:11 - 2015-06-27 00:12 - 01331823 _____ (Igor Pavlov) C:\Users\Steve\Downloads\7z1505-x64.exe CustomCLSID: HKU\S-1-5-21-366375899-1387106490-284134612-1001_Classes\CLSID\{F9E1BD9A-84B5-4D12-9195-0B3E7D86FD35}\InprocServer32 -> C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\FntCache.dll (sro rCptcfniaMotioroo) C:\ProgramData\msnvlgm.exe C:\Users\Steve\AppData\Local\svcxdcl32.exe C:\ProgramData\YaxmAfpa C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A} RemoveProxy: Reg: reg query "HKLM\software\Wow6432Node\b88f6968" Reg: reg query "HKCU\software\b88f6968" EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please run a fresh FRST scan so that I can track my progress