Hi
My Avast wont open - blocked by group policy. I have run Malware Bytes and SuperAntiSpyware - both found and removed files. Reboot but still wont open.
I have attached the FarBar & Mbam files.
Thanks in advance
Deb
Hi
My Avast wont open - blocked by group policy. I have run Malware Bytes and SuperAntiSpyware - both found and removed files. Reboot but still wont open.
I have attached the FarBar & Mbam files.
Thanks in advance
Deb
Remover Notified.
Here is the file from AdwCleaner (noticed most people add that too)
Edit: Don’t bother, Essex is watching. He’ll instruct you
After the reboot Avast and MBAM should start
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
HKLM\...\Run: [MSC] => "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\ESET <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKU\S-1-5-18\...\CurrentVersion\Windows: [Load] ,slpmonx.exe <===== ATTENTION
SearchScopes: HKLM - {4FA84781-D7D3-4353-9903-1D431702593A} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {4FA84781-D7D3-4353-9903-1D431702593A} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {4FA84781-D7D3-4353-9903-1D431702593A} URL =
SearchScopes: HKCU - {D22DE705-A545-4312-B397-BFAD24F5CE4D} URL =
BHO-x32: Wisdom-soft toolbar -> {6dfc55bb-bfff-485a-9709-90c3fdf6db58} -> C:\Program Files (x86)\Wisdom-soft\tbWisd.dll (Conduit Ltd.)
URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll" No File
URLSearchHook: HKCU - Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files (x86)\Wisdom-soft\tbWisd.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU - No Name - {6DFC55BB-BFFF-485A-9709-90C3FDF6DB58} - No File
Toolbar: HKCU - No Name - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 02 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
2014-10-31 11:52 - 2014-10-31 11:52 - 00000000 ____D () C:\Windows\TempC49F1C78-87E9-8EAF-C829-66E0BF062E6B-Signatures
2014-10-31 11:52 - 2014-10-31 11:52 - 00000000 ____D () C:\Windows\Temp6BB1C171-908B-A2B2-E942-D26A267D67CF-Signatures
2014-10-31 10:47 - 2014-10-31 10:47 - 00002990 _____ () C:\Windows\System32\Tasks\{F3093B7D-4715-4B2B-8CAE-36AE57DC261D}
2014-10-31 10:47 - 2014-10-31 10:47 - 00002990 _____ () C:\Windows\System32\Tasks\{7A3A085E-083D-4C3A-8D84-8CFDEC07D513}
2014-10-31 10:47 - 2014-10-31 10:47 - 00002990 _____ () C:\Windows\System32\Tasks\{7582DE5D-CDBE-42F8-BBDE-CEA891AF9972}
2014-10-31 10:47 - 2014-10-31 10:47 - 00002990 _____ () C:\Windows\System32\Tasks\{42D9C68C-F2C3-4C4C-95B1-142630831922}
2014-10-31 10:36 - 2014-10-31 10:36 - 00000000 ____D () C:\Windows\Temp95A9F6BD-42DB-8522-5F2E-471FEB5FF0D1-Signatures
2014-10-31 10:36 - 2014-10-31 10:36 - 00000000 ____D () C:\Windows\Temp737EC922-D595-AC50-8325-22E32CF9B772-Signatures
2014-10-31 10:16 - 2014-10-31 10:16 - 00000000 ____D () C:\Windows\Temp63B2495F-90AE-D147-3A54-D6F6BC63590C-Signatures
2014-10-31 10:16 - 2014-10-31 10:16 - 00000000 ____D () C:\Windows\Temp544BD17D-9BEE-F3D8-9649-9E2507548B62-Signatures
2014-10-31 03:00 - 2014-10-31 03:00 - 00000000 ____D () C:\Windows\TempD8B17C50-D144-C948-C1D1-169787318C42-Signatures
2014-10-31 03:00 - 2014-10-31 03:00 - 00000000 ____D () C:\Windows\Temp2955BDA8-6E96-6571-F910-C12A46BB6856-Signatures
2014-10-30 03:00 - 2014-10-31 11:43 - 00000000 ____D () C:\Windows\TempB9B55E89-2528-9C5C-2F34-BC7068470947-Signatures
2014-10-30 03:00 - 2014-10-30 03:00 - 00000000 ____D () C:\Windows\Temp2C07811D-C381-9B50-9987-51B26FCABE3A-Signatures
2014-10-29 03:00 - 2014-10-29 03:00 - 00000000 ____D () C:\Windows\TempEACFA39E-9769-28AE-7741-3BBE37635AD5-Signatures
2014-10-29 03:00 - 2014-10-29 03:00 - 00000000 ____D () C:\Windows\TempBFFD41B3-DFC3-FB0A-F600-563707F22185-Signatures
2014-10-28 03:00 - 2014-10-28 03:00 - 00000000 ____D () C:\Windows\Temp92C5FA63-849D-4C5E-410A-33443766D950-Signatures
2014-10-28 03:00 - 2014-10-28 03:00 - 00000000 ____D () C:\Windows\Temp904D5409-69EF-E759-A314-51F68B5DE771-Signatures
2014-10-27 08:13 - 2014-10-27 08:13 - 00000000 ____D () C:\Windows\TempD50B29EB-C530-12EC-6569-11FFC19E09C4-Signatures
2014-10-27 08:12 - 2014-10-27 08:13 - 00000000 ____D () C:\Windows\Temp16A857FD-6BE3-44FB-9142-015805AAAC83-Signatures
2014-10-24 03:00 - 2014-10-24 03:00 - 00000000 ____D () C:\Windows\TempDCAEDA14-C005-0A20-84AB-DA0C575A72FD-Signatures
2014-10-24 03:00 - 2014-10-24 03:00 - 00000000 ____D () C:\Windows\Temp49978C8A-7CA4-73B8-B577-55B601EA3A26-Signatures
2014-10-23 03:00 - 2014-10-23 03:00 - 00000000 ____D () C:\Windows\TempD261D448-2645-C08A-1A26-6AD612EACB27-Signatures
2014-10-23 03:00 - 2014-10-23 03:00 - 00000000 ____D () C:\Windows\Temp3C13575C-FCB5-E50D-1DE5-6895BE3B6E9B-Signatures
2014-10-22 03:00 - 2014-10-22 03:00 - 00000000 ____D () C:\Windows\Temp6B0F2933-F209-6668-3645-2DF6D499CA73-Signatures
2014-10-22 03:00 - 2014-10-22 03:00 - 00000000 ____D () C:\Windows\Temp3E2F9AD6-B624-AD1A-0151-9C0374B1D74C-Signatures
2014-10-21 03:00 - 2014-10-21 03:00 - 00000000 ____D () C:\Windows\Temp89FAF0C1-3C1A-FF08-FC34-29D4210719E6-Signatures
2014-10-21 03:00 - 2014-10-21 03:00 - 00000000 ____D () C:\Windows\Temp3694659D-5C58-FB07-4FC1-742531BDF98A-Signatures
2014-10-20 08:19 - 2014-10-20 08:19 - 00000000 ____D () C:\Windows\Temp96CC1DB6-2D61-A2BB-5D99-46B3AE2EEB0D-Signatures
2014-10-20 08:19 - 2014-10-20 08:19 - 00000000 ____D () C:\Windows\Temp2393201B-528E-3B33-9095-3440751B64D5-Signatures
2014-10-17 03:01 - 2014-10-17 03:01 - 00000000 ____D () C:\Windows\TempA88288EE-F720-FB60-39AA-01B6B8335953-Signatures
2014-10-17 03:00 - 2014-10-17 03:00 - 00000000 ____D () C:\Windows\Temp2C3688FF-9E7F-CDDC-461E-C843091E1827-Signatures
2014-10-16 03:06 - 2014-10-16 03:06 - 00000000 ____D () C:\Windows\TempD1D243C1-540F-17A3-002C-C7F399B1F2D4-Signatures
2014-10-16 03:06 - 2014-10-16 03:06 - 00000000 ____D () C:\Windows\TempC9980AB2-9A87-FC7F-5FA2-F5173696B133-Signatures
2014-10-15 03:00 - 2014-10-15 03:00 - 00000000 ____D () C:\Windows\TempF4255A2C-C1FE-D640-DD91-F336C5568D95-Signatures
2014-10-15 03:00 - 2014-10-15 03:00 - 00000000 ____D () C:\Windows\TempE8C8F598-F23D-8D42-E1C1-87AA7625E38D-Signatures
2014-10-14 09:40 - 2014-10-14 09:40 - 00000000 ____D () C:\Windows\Temp2BC656A5-7167-49D6-A3A6-7944A86BB6BF-Signatures
2014-10-10 03:00 - 2014-10-10 03:00 - 00000000 ____D () C:\Windows\TempBC13C9E1-6456-5264-D94C-19D0AC0EDE88-Signatures
2014-10-10 03:00 - 2014-10-10 03:00 - 00000000 ____D () C:\Windows\Temp513BAA94-9CAE-5FE9-A233-EF050D72CE0F-Signatures
2014-10-09 03:00 - 2014-10-09 03:00 - 00000000 ____D () C:\Windows\TempDD38847C-6FEF-4638-7265-48C1ECBCB41F-Signatures
2014-10-09 03:00 - 2014-10-09 03:00 - 00000000 ____D () C:\Windows\Temp686183DC-2284-CB6F-A315-2F1BCD00425B-Signatures
2014-10-08 03:00 - 2014-10-08 03:00 - 00000000 ____D () C:\Windows\TempA53142F6-4C0B-16FE-F757-0B68D37A8BAD-Signatures
2014-10-08 03:00 - 2014-10-08 03:00 - 00000000 ____D () C:\Windows\Temp3E79B12B-3561-B7EB-3684-55D9EE08E770-Signatures
2014-10-07 03:00 - 2014-10-07 03:00 - 00000000 ____D () C:\Windows\Temp1CBE7527-2316-914B-FBFF-B06A55BC9FFF-Signatures
2014-10-07 03:00 - 2014-10-07 03:00 - 00000000 ____D () C:\Windows\Temp18123716-CAAD-8048-D74A-A3006CEE7058-Signatures
2014-10-06 03:00 - 2014-10-06 03:00 - 00000000 ____D () C:\Windows\TempAEA3836A-864D-B2CE-5413-2F1F4054D5F2-Signatures
2014-10-06 03:00 - 2014-10-06 03:00 - 00000000 ____D () C:\Windows\Temp9CBAA187-F696-CE9F-4C5B-5DB48680751F-Signatures
2014-10-05 03:00 - 2014-10-05 03:00 - 00000000 ____D () C:\Windows\Temp81BAA06B-EBC2-A155-2DE8-210326E88738-Signatures
2014-10-05 03:00 - 2014-10-05 03:00 - 00000000 ____D () C:\Windows\Temp1656A6AD-69D4-7633-62AD-4E611923CB18-Signatures
2014-10-04 19:00 - 2014-10-04 19:00 - 00000000 ____D () C:\Windows\Temp07684FB3-6387-904B-D493-D85C4E137186-Signatures
2014-10-04 18:59 - 2014-10-04 18:59 - 00000000 ____D () C:\Windows\Temp10D63795-0D6D-8384-80D1-CA6F9AD11DB3-Signatures
2014-10-03 03:00 - 2014-10-03 03:00 - 00000000 ____D () C:\Windows\Temp9D7EFC6E-4DE9-2E14-46C1-305CD82F2654-Signatures
2014-10-03 03:00 - 2014-10-03 03:00 - 00000000 ____D () C:\Windows\Temp083CD4C9-8F98-C87F-E06C-9E8D373422D5-Signatures
2014-10-02 03:01 - 2014-10-02 03:01 - 00000000 ____D () C:\Windows\Temp08093073-60FC-F3CE-D59C-C4203C6B85A9-Signatures
2014-10-02 03:00 - 2014-10-02 03:00 - 00000000 ____D () C:\Windows\TempC4254133-8A1A-40A6-7785-B3E7E569F988-Signatures
2014-10-01 03:00 - 2014-10-01 03:00 - 00000000 ____D () C:\Windows\Temp8AC7AB05-A855-0428-8DB1-0B2A97CDA9E2-Signatures
2014-10-01 03:00 - 2014-10-01 03:00 - 00000000 ____D () C:\Windows\Temp2C87EFAF-0CC3-003A-0738-2D51D9503DB0-Signatures
C:\Users\Teri-Ann Begin2\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
C:\Program Files (x86)\Wisdom-soft
C:\Program Files\Microsoft Security Client\mssecex.exe
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
Here is fixlog - pc didnt reboot though
Reboot it yourself
Yeah - well now I can open avast!
It showed this screen (file attached) - sorry I am doing this remotely, it is the office PC and I had to go get kids from school.
I have the PC running a full scan now just to be safe
Strange thing though - when I rebooted, the windows screen came up and the icons where slowing appearing - then the screen went blank for about 2-4 minutes (it was black with just the moue pointer which i could move).
I will see what the full scan returns!
Thank you soooooo much :-*
Deb (and a hug too!)
The black screen bit was whilst FRST was completing the fix before windows loaded
What problems remain ?
Justa small side note: Please install Windows updates, i can see youre running Internet Explorer 8 still i believe.
If there are updates missing please install these, it will fx a lot of potential security leaks.
So far it seems OK. The Avast scan ran, and there were no issues!
Unfortunately we have to stay on Windows 8 to run some Real estate software They are hoping to upgrade soon, and will then update Windows.
Thanks for all the help.
Subject to no further problems
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:
Download and run Delfix
https://dl.dropboxusercontent.com/u/73555776/delfix.JPG
: Keep Java Updated :
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
CryptoPrevent install this programme to lock down and prevent crypto ransome ware
https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG
Update and run weekly to keep your system clean
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe
Well now this is interesting…
This moring uUtlook would not open - We get a message `Outlook experienced a serious problem with the Advast Add-in addin (yep, it repeated that). … Do you want to disable this add-in ?
I clicked Yes, was the only way to get Outlook to Open. I wont clean up just yet - do I still have a problem?
Next step… Deb
No it is just a conflict with the Avast add on
So I can leave it turned off - and all will be well ?
Ok - I will do the cleanup today - and hope all goes well.
Again, thank you for all your help!
Deb
My pleasure
Hi EssexBoy,
I washoping I was all good - but something must still be wrong. We tried to disable Java (using your instructions) but we get an “insufficient permissions, Please check if you have sufficient permissions to change system settings” error message. Can you help?
Deb
Can you confirm you were running from an admin account ?
Download Windows All In One Repair from Tweaking.com to your desktop
Install the programme and run
Select Step 5 : Back up your registry and create a system restore point
https://dl.dropboxusercontent.com/u/73555776/waiobackup.JPG
Then select the Repairs tab
https://dl.dropboxusercontent.com/u/73555776/waiorepairs.JPG
Select Open repairs
Select the following repair number items :
1
2
10
Click Start
https://dl.dropboxusercontent.com/u/73555776/waiorepair.JPG
Once it has completed then reboot the system
Yes, running as Admin
Deb
Ok - I am out of town for a few day - will try this on Thursday when I am back in the office (dont want to stress out the not-so-techie admins)
Again thanks for your help, I really appreciate it
Deb