Avast wont open 0 blocked by group policy

Hi

My Avast wont open - blocked by group policy. I have run Malware Bytes and SuperAntiSpyware - both found and removed files. Reboot but still wont open.

I have attached the FarBar & Mbam files.

Thanks in advance
Deb

Remover Notified.

Here is the file from AdwCleaner (noticed most people add that too)

Edit: Don’t bother, Essex is watching. He’ll instruct you

After the reboot Avast and MBAM should start

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

 HKLM\...\Run: [MSC] => "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered) 
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\ESET <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKU\S-1-5-18\...\CurrentVersion\Windows: [Load] ,slpmonx.exe <===== ATTENTION
SearchScopes: HKLM - {4FA84781-D7D3-4353-9903-1D431702593A} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {4FA84781-D7D3-4353-9903-1D431702593A} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {4FA84781-D7D3-4353-9903-1D431702593A} URL = 
SearchScopes: HKCU - {D22DE705-A545-4312-B397-BFAD24F5CE4D} URL = 
BHO-x32: Wisdom-soft toolbar -> {6dfc55bb-bfff-485a-9709-90c3fdf6db58} -> C:\Program Files (x86)\Wisdom-soft\tbWisd.dll (Conduit Ltd.)
URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll" No File
URLSearchHook: HKCU - Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files (x86)\Wisdom-soft\tbWisd.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {6DFC55BB-BFFF-485A-9709-90C3FDF6DB58} -  No File
Toolbar: HKCU - No Name - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -  No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 02 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
2014-10-31 11:52 - 2014-10-31 11:52 - 00000000 ____D () C:\Windows\TempC49F1C78-87E9-8EAF-C829-66E0BF062E6B-Signatures
2014-10-31 11:52 - 2014-10-31 11:52 - 00000000 ____D () C:\Windows\Temp6BB1C171-908B-A2B2-E942-D26A267D67CF-Signatures
2014-10-31 10:47 - 2014-10-31 10:47 - 00002990 _____ () C:\Windows\System32\Tasks\{F3093B7D-4715-4B2B-8CAE-36AE57DC261D}
2014-10-31 10:47 - 2014-10-31 10:47 - 00002990 _____ () C:\Windows\System32\Tasks\{7A3A085E-083D-4C3A-8D84-8CFDEC07D513}
2014-10-31 10:47 - 2014-10-31 10:47 - 00002990 _____ () C:\Windows\System32\Tasks\{7582DE5D-CDBE-42F8-BBDE-CEA891AF9972}
2014-10-31 10:47 - 2014-10-31 10:47 - 00002990 _____ () C:\Windows\System32\Tasks\{42D9C68C-F2C3-4C4C-95B1-142630831922}
2014-10-31 10:36 - 2014-10-31 10:36 - 00000000 ____D () C:\Windows\Temp95A9F6BD-42DB-8522-5F2E-471FEB5FF0D1-Signatures
2014-10-31 10:36 - 2014-10-31 10:36 - 00000000 ____D () C:\Windows\Temp737EC922-D595-AC50-8325-22E32CF9B772-Signatures
2014-10-31 10:16 - 2014-10-31 10:16 - 00000000 ____D () C:\Windows\Temp63B2495F-90AE-D147-3A54-D6F6BC63590C-Signatures
2014-10-31 10:16 - 2014-10-31 10:16 - 00000000 ____D () C:\Windows\Temp544BD17D-9BEE-F3D8-9649-9E2507548B62-Signatures
2014-10-31 03:00 - 2014-10-31 03:00 - 00000000 ____D () C:\Windows\TempD8B17C50-D144-C948-C1D1-169787318C42-Signatures
2014-10-31 03:00 - 2014-10-31 03:00 - 00000000 ____D () C:\Windows\Temp2955BDA8-6E96-6571-F910-C12A46BB6856-Signatures
2014-10-30 03:00 - 2014-10-31 11:43 - 00000000 ____D () C:\Windows\TempB9B55E89-2528-9C5C-2F34-BC7068470947-Signatures
2014-10-30 03:00 - 2014-10-30 03:00 - 00000000 ____D () C:\Windows\Temp2C07811D-C381-9B50-9987-51B26FCABE3A-Signatures
2014-10-29 03:00 - 2014-10-29 03:00 - 00000000 ____D () C:\Windows\TempEACFA39E-9769-28AE-7741-3BBE37635AD5-Signatures
2014-10-29 03:00 - 2014-10-29 03:00 - 00000000 ____D () C:\Windows\TempBFFD41B3-DFC3-FB0A-F600-563707F22185-Signatures
2014-10-28 03:00 - 2014-10-28 03:00 - 00000000 ____D () C:\Windows\Temp92C5FA63-849D-4C5E-410A-33443766D950-Signatures
2014-10-28 03:00 - 2014-10-28 03:00 - 00000000 ____D () C:\Windows\Temp904D5409-69EF-E759-A314-51F68B5DE771-Signatures
2014-10-27 08:13 - 2014-10-27 08:13 - 00000000 ____D () C:\Windows\TempD50B29EB-C530-12EC-6569-11FFC19E09C4-Signatures
2014-10-27 08:12 - 2014-10-27 08:13 - 00000000 ____D () C:\Windows\Temp16A857FD-6BE3-44FB-9142-015805AAAC83-Signatures
2014-10-24 03:00 - 2014-10-24 03:00 - 00000000 ____D () C:\Windows\TempDCAEDA14-C005-0A20-84AB-DA0C575A72FD-Signatures
2014-10-24 03:00 - 2014-10-24 03:00 - 00000000 ____D () C:\Windows\Temp49978C8A-7CA4-73B8-B577-55B601EA3A26-Signatures
2014-10-23 03:00 - 2014-10-23 03:00 - 00000000 ____D () C:\Windows\TempD261D448-2645-C08A-1A26-6AD612EACB27-Signatures
2014-10-23 03:00 - 2014-10-23 03:00 - 00000000 ____D () C:\Windows\Temp3C13575C-FCB5-E50D-1DE5-6895BE3B6E9B-Signatures
2014-10-22 03:00 - 2014-10-22 03:00 - 00000000 ____D () C:\Windows\Temp6B0F2933-F209-6668-3645-2DF6D499CA73-Signatures
2014-10-22 03:00 - 2014-10-22 03:00 - 00000000 ____D () C:\Windows\Temp3E2F9AD6-B624-AD1A-0151-9C0374B1D74C-Signatures
2014-10-21 03:00 - 2014-10-21 03:00 - 00000000 ____D () C:\Windows\Temp89FAF0C1-3C1A-FF08-FC34-29D4210719E6-Signatures
2014-10-21 03:00 - 2014-10-21 03:00 - 00000000 ____D () C:\Windows\Temp3694659D-5C58-FB07-4FC1-742531BDF98A-Signatures
2014-10-20 08:19 - 2014-10-20 08:19 - 00000000 ____D () C:\Windows\Temp96CC1DB6-2D61-A2BB-5D99-46B3AE2EEB0D-Signatures
2014-10-20 08:19 - 2014-10-20 08:19 - 00000000 ____D () C:\Windows\Temp2393201B-528E-3B33-9095-3440751B64D5-Signatures
2014-10-17 03:01 - 2014-10-17 03:01 - 00000000 ____D () C:\Windows\TempA88288EE-F720-FB60-39AA-01B6B8335953-Signatures
2014-10-17 03:00 - 2014-10-17 03:00 - 00000000 ____D () C:\Windows\Temp2C3688FF-9E7F-CDDC-461E-C843091E1827-Signatures
2014-10-16 03:06 - 2014-10-16 03:06 - 00000000 ____D () C:\Windows\TempD1D243C1-540F-17A3-002C-C7F399B1F2D4-Signatures
2014-10-16 03:06 - 2014-10-16 03:06 - 00000000 ____D () C:\Windows\TempC9980AB2-9A87-FC7F-5FA2-F5173696B133-Signatures
2014-10-15 03:00 - 2014-10-15 03:00 - 00000000 ____D () C:\Windows\TempF4255A2C-C1FE-D640-DD91-F336C5568D95-Signatures
2014-10-15 03:00 - 2014-10-15 03:00 - 00000000 ____D () C:\Windows\TempE8C8F598-F23D-8D42-E1C1-87AA7625E38D-Signatures
2014-10-14 09:40 - 2014-10-14 09:40 - 00000000 ____D () C:\Windows\Temp2BC656A5-7167-49D6-A3A6-7944A86BB6BF-Signatures
2014-10-10 03:00 - 2014-10-10 03:00 - 00000000 ____D () C:\Windows\TempBC13C9E1-6456-5264-D94C-19D0AC0EDE88-Signatures
2014-10-10 03:00 - 2014-10-10 03:00 - 00000000 ____D () C:\Windows\Temp513BAA94-9CAE-5FE9-A233-EF050D72CE0F-Signatures
2014-10-09 03:00 - 2014-10-09 03:00 - 00000000 ____D () C:\Windows\TempDD38847C-6FEF-4638-7265-48C1ECBCB41F-Signatures
2014-10-09 03:00 - 2014-10-09 03:00 - 00000000 ____D () C:\Windows\Temp686183DC-2284-CB6F-A315-2F1BCD00425B-Signatures
2014-10-08 03:00 - 2014-10-08 03:00 - 00000000 ____D () C:\Windows\TempA53142F6-4C0B-16FE-F757-0B68D37A8BAD-Signatures
2014-10-08 03:00 - 2014-10-08 03:00 - 00000000 ____D () C:\Windows\Temp3E79B12B-3561-B7EB-3684-55D9EE08E770-Signatures
2014-10-07 03:00 - 2014-10-07 03:00 - 00000000 ____D () C:\Windows\Temp1CBE7527-2316-914B-FBFF-B06A55BC9FFF-Signatures
2014-10-07 03:00 - 2014-10-07 03:00 - 00000000 ____D () C:\Windows\Temp18123716-CAAD-8048-D74A-A3006CEE7058-Signatures
2014-10-06 03:00 - 2014-10-06 03:00 - 00000000 ____D () C:\Windows\TempAEA3836A-864D-B2CE-5413-2F1F4054D5F2-Signatures
2014-10-06 03:00 - 2014-10-06 03:00 - 00000000 ____D () C:\Windows\Temp9CBAA187-F696-CE9F-4C5B-5DB48680751F-Signatures
2014-10-05 03:00 - 2014-10-05 03:00 - 00000000 ____D () C:\Windows\Temp81BAA06B-EBC2-A155-2DE8-210326E88738-Signatures
2014-10-05 03:00 - 2014-10-05 03:00 - 00000000 ____D () C:\Windows\Temp1656A6AD-69D4-7633-62AD-4E611923CB18-Signatures
2014-10-04 19:00 - 2014-10-04 19:00 - 00000000 ____D () C:\Windows\Temp07684FB3-6387-904B-D493-D85C4E137186-Signatures
2014-10-04 18:59 - 2014-10-04 18:59 - 00000000 ____D () C:\Windows\Temp10D63795-0D6D-8384-80D1-CA6F9AD11DB3-Signatures
2014-10-03 03:00 - 2014-10-03 03:00 - 00000000 ____D () C:\Windows\Temp9D7EFC6E-4DE9-2E14-46C1-305CD82F2654-Signatures
2014-10-03 03:00 - 2014-10-03 03:00 - 00000000 ____D () C:\Windows\Temp083CD4C9-8F98-C87F-E06C-9E8D373422D5-Signatures
2014-10-02 03:01 - 2014-10-02 03:01 - 00000000 ____D () C:\Windows\Temp08093073-60FC-F3CE-D59C-C4203C6B85A9-Signatures
2014-10-02 03:00 - 2014-10-02 03:00 - 00000000 ____D () C:\Windows\TempC4254133-8A1A-40A6-7785-B3E7E569F988-Signatures
2014-10-01 03:00 - 2014-10-01 03:00 - 00000000 ____D () C:\Windows\Temp8AC7AB05-A855-0428-8DB1-0B2A97CDA9E2-Signatures
2014-10-01 03:00 - 2014-10-01 03:00 - 00000000 ____D () C:\Windows\Temp2C87EFAF-0CC3-003A-0738-2D51D9503DB0-Signatures
C:\Users\Teri-Ann Begin2\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
C:\Program Files (x86)\Wisdom-soft
C:\Program Files\Microsoft Security Client\mssecex.exe
EmptyTemp: 
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

Here is fixlog - pc didnt reboot though

Reboot it yourself

Yeah - well now I can open avast!

It showed this screen (file attached) - sorry I am doing this remotely, it is the office PC and I had to go get kids from school.

I have the PC running a full scan now just to be safe :slight_smile:

Strange thing though - when I rebooted, the windows screen came up and the icons where slowing appearing - then the screen went blank for about 2-4 minutes (it was black with just the moue pointer which i could move).

I will see what the full scan returns!

Thank you soooooo much :-*
Deb (and a hug too!)

The black screen bit was whilst FRST was completing the fix before windows loaded

What problems remain ?

Justa small side note: Please install Windows updates, i can see youre running Internet Explorer 8 still i believe.

If there are updates missing please install these, it will fx a lot of potential security leaks.

So far it seems OK. The Avast scan ran, and there were no issues!

Unfortunately we have to stay on Windows 8 to run some Real estate software :frowning: They are hoping to upgrade soon, and will then update Windows.

Thanks for all the help.

Subject to no further problems :slight_smile:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Download and run Delfix

https://dl.dropboxusercontent.com/u/73555776/delfix.JPG

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:

Well now this is interesting…
This moring uUtlook would not open - We get a message `Outlook experienced a serious problem with the Advast Add-in addin (yep, it repeated that). … Do you want to disable this add-in ?

I clicked Yes, was the only way to get Outlook to Open. I wont clean up just yet - do I still have a problem?

Next step… Deb

No it is just a conflict with the Avast add on

So I can leave it turned off - and all will be well ?

Ok - I will do the cleanup today - and hope all goes well.

Again, thank you for all your help!
Deb

My pleasure :slight_smile:

Hi EssexBoy,

I washoping I was all good - but something must still be wrong. We tried to disable Java (using your instructions) but we get an “insufficient permissions, Please check if you have sufficient permissions to change system settings” error message. Can you help?

Deb

Can you confirm you were running from an admin account ?

Download Windows All In One Repair from Tweaking.com to your desktop
Install the programme and run
Select Step 5 : Back up your registry and create a system restore point

https://dl.dropboxusercontent.com/u/73555776/waiobackup.JPG

Then select the Repairs tab

https://dl.dropboxusercontent.com/u/73555776/waiorepairs.JPG

Select Open repairs

Select the following repair number items :

1
2
10

Click Start

https://dl.dropboxusercontent.com/u/73555776/waiorepair.JPG

Once it has completed then reboot the system

Yes, running as Admin :slight_smile:

Deb

Ok - I am out of town for a few day - will try this on Thursday when I am back in the office (dont want to stress out the not-so-techie admins)

:slight_smile:

Again thanks for your help, I really appreciate it
Deb