Avast Blocked by Group Policy - Please help

[REDACTED]

No apology necessary.  I am VERY grateful for your help in getting this resolved.  New logs to follow...

[essexboy]

Ta, the removal of that line would not have affected the programme in any way, just that the taskbar icon would not appear and would need to be reset

[REDACTED]

We uninstalled Spybot, rebooted, ran the fixlist, and it rebooted again.  The dialogs are still popping up on boot and here is the latest fixlog.txt

[essexboy]

That is intriguing as FRST is reporting the keys not found

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
  
• Accept the disclaimer and allow to update if it asks

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.[/b]
  

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[REDACTED]

I may not be able to get the latest instructions carried out for another 1-2 days.  I have not given up on your help and I will report back when I get a chance to run ComboFix.

[essexboy]

No problem

[REDACTED]

So we tried to disable Avast, but get an error that it is blocked by Group Policy again.  I tried to have her kill the Avast process in Task Manager, but got an error that it could not be stopped.

We then tried to run ComboFix.exe, but got a dialog error that Avast was running and to "please disable these scanners before clicking ok"....

The problem is that I can't disable the scanners and there is no apparent way to cancel ComboFix and the only option is to click the "ok" button or the "X" at the top of the dialog box.

I told my mother to just leave the computer alone until I get word back from you about what to do at this point.

Help!

Thank...

[essexboy]

OK could you run a fresh FRST scan for me please and I will try to locate the miscreant

[REDACTED]

Is it safe to hit "ok" on the warning screen that is still up from ComboFix?

[essexboy]

Yes Avast should not affect the running of combofix

[REDACTED]

Ran ComboFix.

Ran FRST.

The logs are attached.


Current Status:
The computer did not auto-reboot itself.  We tried to run Avast and Malwarebytes but both still get a "blocked by group policy" error.

I had her reboot the computer manually.

The five error dialogs are gone!  Yay.

She still couldn't run Avast or Malwarebytes; it still gives the group policy errors.

*sigh*

Sorry for all the trouble.  We had the group policy issue resolved at one point back there temporarily, but it got reverted upon a reboot somehow (probably Teatimer).


Please advise the next steps...

[essexboy]

OK lets now see if this sticks

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Download the attached fixlist.txt  to the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

[REDACTED]

Here is today's fixlog...


I'll get you an update on how the computer is running as soon as I hear from my mother.


UPDATE:

Both Avast and Malwarebytes run now.  There are no error messages upon booting.

We did try to update Malwarebytes and it gave an error that it "could not properly uninstall the prior version, please uninsatll it manuallY".  I'm not overly concerned about that and can deal with it later unless you think it still has something to do with the infection we are/were dealing with.

Thank you again for your help.

[essexboy]

There is an MBAM removal tool and instructions for such cases here https://forums.malwarebytes.org/index.php?/topic/122284-mbam-clean-removal-process/

If you could run MBAM when it is up and running again just to make sure I did not miss anything

[REDACTED]

The saga continues...

Downloaded MBAM removal tool

Disabled Avast

Ran MBAM removal tool

Rebooted

Downloaded MBAM

Tried to go disable Avast again before installing MBAM, but the tray icon was not there, so I tried to run Avast from the program icon on the Windows Menu, but get a "blocked by Group Policy" error once again.

Awaiting further recommendations...