Earlier today my Avast protection was not on the toolbar and when I tried to click on the icon on my desktop I was informed I am Blocked by Group Policy. I am not on a network, I am the admin. There are two users, mine and the guest (which is never used).
I was also having issues getting errors telling me I didn’t have the .DLL to run the program and svchost errors.
I have taken a few steps to get this cleaned up. I ran the eset nod32 online scan which got rid of most of the problems but I still have the initial problem of not being able to run the virus protection. I will get the error telling “Blocked by group policy”.
If I try to run combo fix I get another similar error.
I have already downloaded Farbar earlier today. I attached the log.
A malware removal expert has been notified for you. Please do not make any further changes to your system as the expert will guide you along, and if you make any further changes between his log requests and running certain programs he asks for, these actions may well defeat what you both are trying to do. Please stay with the fixing process until the all clear is given.
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Comodo\COMODO Internet Security <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\PC Tools <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software\Avast <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
2014-08-05 14:57 - 2014-08-05 18:37 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-08-05 14:57 - 2014-08-05 14:57 - 00000000 ____D () C:\Users\Micah\AppData\Local\globalUpdate
2014-08-05 13:55 - 2014-08-05 18:29 - 00000000 ____D () C:\Users\Micah\AppData\Local\Free YouTube Downloader
C:\ProgramData\948jbnq.odd
C:\ProgramData\aav3e8.fee
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
I got the following error when I tried to run adwcleaner that I already had downloaded.
C:\Windows\SysWOW64\sqlite3.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support.
So, I deleted it. Re-downloaded it from the link you left, ran it and I got the same error.
I am thinking maybe this just might have something to do with the additional logs that I was supposed to attach.
I was unable to find them.
[]Right-mouse click JRT.exe and select “Run as Administrator” the tool will open and start scanning your system
[]please be patient as this can take a while to complete depending on your system’s specifications
[]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
[]post the contents of JRT.txt into your next message.
WARNING:Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disableJava in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
CryptoPrevent install this programme to lock down and prevent crypto ransome ware
Thanks for all the help. It looks like the computer was far more infected than I thought it was.
I now wonder if the bsod’s we got a couple weeks back might have had something to do with virus’s and not hardware problems like we first thought. We had to pull the battery and put back in just to get it to actually come on. The only thing that got the computer working then was a full hard drive file scan.
Just a couple things I would like to get your thoughts on,
We have to keep Java up. My kids are homeschooled and my wife uses at least 2-3 programs that are java based to supplement their education. Are there any programs that block Java that are similar to flashblock? Something that allows me to enable java at the touch of a button? That would be helpful as I don’t want to enable and disable constantly. I run on Chrome–refuse to run on anything slower–yes, firefox is much slower and IE…nope.
Firewalls. Are there any good ones that are light on system resources and allow me control over what is blocked and what isn’t? I used to use zonealarm but the last time I did, it was nearly autonomous. I play guild wars 2 (online mmo) and use p2p-- I don’t want something scanning every packet and causing any lack of performance in game or my download speed. The connection is already struggling (really, it’s a weak dsl line shared by the whole house!)
It might be useful. The article is 4 years old and nothing looks like that in Chrome now. But I think I found the spot under content settings where I can make it ‘ask when a site wants to use a plugin’.
