Avast is Blocked by group Policy

Please find attached files for your review.

I love the help and I appreciate the assistance. Thank you.

Is it possible if I might play a small proactive role in what gets ‘fixed’. Last time I was here, a number of programs including Minecraft, kids homeschooling programs and garys mod/steam didn’t work afterwards.

Thanks again

Looks like another problem.

New Error-
Axwin Frame Window: Explorer.exe-Unable to locate component
Application failed to start because mscvp71.dll was not found.
Re-installing the application may fix the problem.

It seems to me that at least these things should be fixed with Farbar:


HKLM Group Policy restriction on software: C:\Program Files\Windows Defender <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKU\S-1-5-21-1726294075-586653227-1620689966-1000\...\Run: [uTorrent] => C:\Users\Micah\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-09-28] (BitTorrent Inc.)
HKU\S-1-5-21-1726294075-586653227-1620689966-1000\...\MountPoints2: {5776fc0d-4502-11e0-984a-0022151058ee} - E:\steambackup.exe
HKU\S-1-5-21-1726294075-586653227-1620689966-1000\...\MountPoints2: {671f285c-663b-11e0-8d42-0022151058ee} - H:\LaunchU3.exe -a
HKU\S-1-5-21-1726294075-586653227-1620689966-1000\...\MountPoints2: {a40d1fee-5c7e-11dd-a3ae-0022151058ee} - E:\OblivionLauncher.exe
HKU\S-1-5-21-1726294075-586653227-1620689966-1000\...\MountPoints2: {bdfe5882-5c77-11dd-8fe1-0022151058ee} - E:\OblivionLauncher.exe
HKU\S-1-5-21-1726294075-586653227-1620689966-1000\...\MountPoints2: {cf59e979-a5cd-11e3-9828-0022151058ee} - F:\VZW_Software_upgrade_assistant.exe
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {A2DC3FEF-AB4D-442c-8517-34EC6E125C8D} URL = http://search.webwebweb.com/index.html?query={searchTerms}&lang={language}&zip=&town=&site=&country=&safe=[safe,off,strict]
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-atty
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll No File
Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
DPF: HKLM-x32 {01113300-3E00-11D2-8470-0060089874ED} http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
DPF: HKLM-x32 {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: HKLM-x32 {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: HKLM-x32 {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: HKLM-x32 {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab
DPF: HKLM-x32 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: HKLM-x32 {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} http://secure.gopetslive.com/dev/GoPetsWeb.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin-x32: @java.com/DTPlugin -> C:\Program Files (x86)\Java\jre6\bin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.6.0_16\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\Micah\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll No File
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Micah\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
CHR RestoreOnStartup: Default -> "hxxp://wol.jw.org/en/wol/h/r1/lp-e", "https://www.khanacademy.org/math/cc-fourth-grade-math/cc-4th-mult-div-topic"
CHR DefaultSearchURL: Default -> https://mail.google.com/mail/?extsrc=mailto&url=%s
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Users\Micah\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Google Update) - C:\Users\Micah\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File

Ok, how?

–edit-- Sunday evening I updated and ran malwarebytes, but this morning it failed to quarantine the virus because malwarebytes crashed.
So I used malwarebytes chameleon.

Attached is the latest log file

After repeated scans I come up with the same trojan.agent.ED
same location in appdata
same exe in msconfig startup

Restart computer, and it stays. I’d really like some help with this.

Another thing, it has happened often that after MB scan and the malware is detected, mb crashes.

–Attached please find the latest log–

  • Copy/paste the code in notepad and save the file as fixlist.txt
  • Save the file in the same folder as Farbar
  • Run Farbar and click fix

Ok, did that in safe mode because I was there already running a scan with malwarebytes(which found nothing this time)-- Waited for MB to finish before I ran the fix.

Fixlog attached

Restarting computer now.

Avast is currently updating.
Will be back once updates and scan are complete.

Reboot when done and let us know how the system is behaving.

Avast found 7 virus’s last night–the scan took all day.
Then it recommended a boot scan, that also took a fair bit of time.

The virus from what I can tell is gone. It no longer shows up in msconfig, Avast is updated and runs.

One problem, on my desktop near the bottom right hand side of my tool bar I see the following

Windows Vista ™
Build 6002
This copy of Windows is not genuine.

I purchased Windows Vista 64 from Newegg when I built this computer.
That message was only there after the boot scan. That leads me to believe it wasn’t anything that was removed with the fixlist. It may be from the damage the virus caused and subsequently Avast fixed—or Avast just goofed something. /shrug

Can someone tell me how to fix it?

Eddy, found this post https://forum.avast.com/index.php?topic=137866.0
Microsoft program says it’s genuine.
Tried running AdwCleaner Error “This application has failed to start because msansn1.dll was not found. Re-installing the application may fix the problem.”

Went back to find the steps I used last time, ran farbar, and Junk removal tool
all three logs attached.

Help
pretty please