Blocked by Group Policy

[intro2pete]

Hi....

I saw another user ask about the same problem but the thread went dead... does anyone have knowledge of this issue?

I went through a lengthy procedure on BleepingComputer.com and they eventually gave up and sent me here....is anyone able to assist please? 

Here is my activity so far....

http://www.bleepingcomputer.com/forums/t/484365/avast-blocked-by-group-policy/

Thanks!

[intro2pete]

Has anyone got ANYTHING to add to this?  Seems to be an increasing problem.....any ideas, even if it's just to tell me there's no hope?!

Thanks!

[essexboy]

I notice that he concentrated on malware without running a check on permissions..  This programme may take an hour to run as it will reset all file and registry permissions
As I am on windows 8 at the moment it will not allow me to tick reset registry permissions .. Please ensure that one is checked

Download  Windows Repair (all in one)  from this site

Install the programme then run



Go to step 3 and allow it to run SFC



On the start repairs tab click start


Select the following  items and tick restart system when finished

[intro2pete]

I've done this.... Avast is still blocked though...... main log as follows - there are a few other hkey logs too, do you want to see these?:

Starting Repairs...
   Start (25/03/2013 12:33:38)

Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (25/03/2013 12:33:38)
   Running Repair Under Current User Account
   Done (25/03/2013 12:33:43)

Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (25/03/2013 12:33:43)
   Running Repair Under System Account
   Done (25/03/2013 12:36:42)

Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (25/03/2013 12:36:42)
   Running Repair Under System Account
   Done (25/03/2013 12:37:18)

Register System Files
   Start (25/03/2013 12:37:18)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/03/2013 12:38:35)

Repair WMI
   Start (25/03/2013 12:38:35)
   Running Repair Under Current User Account
The system cannot find the path specified.
Invalid Global Switch.

   Running Repair Under System Account
The system cannot find the path specified.
Invalid Global Switch.

   Done (25/03/2013 12:40:14)

Repair Windows Firewall
   Start (25/03/2013 12:40:14)
   Running Repair Under Current User Account
The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

   Running Repair Under System Account
The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

   Done (25/03/2013 12:40:47)

Repair Internet Explorer
   Start (25/03/2013 12:40:47)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/03/2013 12:41:06)

Repair MDAC/MS Jet
   Start (25/03/2013 12:41:07)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/03/2013 12:41:28)

Repair Hosts File
   Start (25/03/2013 12:41:28)
   Running Repair Under System Account
   Done (25/03/2013 12:41:30)

Remove Policies Set By Infections
   Start (25/03/2013 12:41:30)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/03/2013 12:41:35)

Repair Icons
   Start (25/03/2013 12:41:35)
   Running Repair Under System Account
Could Not Find C:\Users\Peter\AppData\Local\IconCache.db.bak
Could Not Find C:\Users\Peter\AppData\Local\IconCache.db
   Done (25/03/2013 12:41:37)

Repair Winsock & DNS Cache
   Start (25/03/2013 12:41:38)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/03/2013 12:41:53)

Repair Proxy Settings
   Start (25/03/2013 12:41:53)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/03/2013 12:41:57)

Repair Windows Updates
   Start (25/03/2013 12:41:57)
   Running Repair Under Current User Account
The Background Intelligent Transfer Service service is not started.

More help is available by typing NET HELPMSG 3521.

The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
   Running Repair Under System Account
The Cryptographic Services service is not started.

More help is available by typing NET HELPMSG 3521.

The Background Intelligent Transfer Service service is not started.

More help is available by typing NET HELPMSG 3521.

The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
   Done (25/03/2013 12:42:19)

Repair CD/DVD Missing/Not Working
   Start (25/03/2013 12:42:19)
   Done (25/03/2013 12:42:19)

Repair Volume Shadow Copy Service
   Start (25/03/2013 12:42:19)
   Running Repair Under Current User Account
The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

The Microsoft Software Shadow Copy Provider service is not started.

More help is available by typing NET HELPMSG 3521.

   Running Repair Under System Account
The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

The Microsoft Software Shadow Copy Provider service is not started.

More help is available by typing NET HELPMSG 3521.

   Done (25/03/2013 12:42:26)

Repair MSI (Windows Installer)
   Start (25/03/2013 12:42:26)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/03/2013 12:42:34)

Repair bat Association
   Start (25/03/2013 12:42:35)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/03/2013 12:42:39)

Repair cmd Association
   Start (25/03/2013 12:42:39)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/03/2013 12:42:44)

Repair com Association
   Start (25/03/2013 12:42:44)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/03/2013 12:42:49)

Repair Directory Association
   Start (25/03/2013 12:42:49)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/03/2013 12:42:53)

Repair Drive Association
   Start (25/03/2013 12:42:53)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/03/2013 12:42:58)

Repair exe Association
   Start (25/03/2013 12:42:58)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/03/2013 12:43:03)

Repair Folder Association
   Start (25/03/2013 12:43:03)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/03/2013 12:43:08)

Repair inf Association
   Start (25/03/2013 12:43:08)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/03/2013 12:43:13)

Repair lnk (Shortcuts) Association
   Start (25/03/2013 12:43:13)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/03/2013 12:43:17)

Repair msc Association
   Start (25/03/2013 12:43:17)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/03/2013 12:43:22)

Repair reg Association
   Start (25/03/2013 12:43:22)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/03/2013 12:43:27)

Repair scr Association
   Start (25/03/2013 12:43:27)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/03/2013 12:43:32)

Repair Windows Safe Mode
   Start (25/03/2013 12:43:32)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/03/2013 12:43:36)

Repair Print Spooler
   Start (25/03/2013 12:43:36)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/03/2013 12:43:49)

Restore Important Windows Services
   Start (25/03/2013 12:43:49)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/03/2013 12:43:54)

Set Windows Services To Default Startup
   Start (25/03/2013 12:43:54)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/03/2013 12:44:05)

Cleaning up empty logs...

All Selected Repairs Done.
   Done (25/03/2013 12:44:05)
   Total Repair Time: 00:10:27


...YOU MUST RESTART YOUR SYSTEM...
   Running Repair Under System Account

[essexboy]

OK permissions should now be reset

Lets reinstall Avast

Download aswClear to your Desktop.
Download the correct version of Avast 
http://files.avast.com/iavs5x/avast_free_antivirus_setup.exe
http://files.avast.com/iavs5x/avast_pro_antivirus_setup.exe
http://files.avast.com/iavs5x/avast_internet_security_setup.exe
Disconnect from the net
Uninstall Avast via control panel

• Boot to Safe Mode.
  
  • Restart the computer.
  • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
  • Use the arrow keys to select the Safe mode with Networking menu item
  • Press Enter.
• Run aswClear
• In the Select Product to Uninstall dropdown choose the version of Avast that is on your system.
  
  
• Press Uninstall
  
• Once complete reboot your system to Normal Mode
  
• Reinstall Avast

----------

THEN

Download OTL  to your Desktop
Secondary link

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

• Select All Users
  
• Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Post  both logs

[intro2pete]

OK, a couple of things....

It wasn't possible to uninstall Avast via control panel, but I thought that was the whole point of the download and safe mode technique?  Anyway, I followed that and it appeared to work.

When reinstalling Avast I got the same 'blocked by group policy' message before it finished, but then it did finishe and it said it installed....

I ran the scan as directed and only one text box came up and was saved....as follows:

[intro2pete]

Attachment....

[essexboy]

Is Avast functioning as expected ?

[intro2pete]

Nope - same old message.....

[essexboy]

Could you start an elevated command prompt

Go Start > All Programs > Accessories
Right click command prompt and select "Run as Administrator"
Then type or copy and paste the following command
Pressing enter on completion

secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose

Does Avast now install ?

[intro2pete]

Ran it, Avast would still not open.  So, I uninstalled avast again and reinstalled.  This time it reinstalled without 'blocked by group policy', but I DID get the error again when trying to open the program.

[essexboy]

Is it now running normally or are you still getting the blocked message ?

[intro2pete]

No.... when i try to open Avast I get the same message saying 'this program is blocked by group policy, contact system administrator'

[essexboy]

What is the version of Vista that you have home, professional or ultimate ?

[intro2pete]

Home Premium 32 bit