Avast Blocked By Group Policy

[REDACTED]

Attached FRST files. I've seen others having the same problems. Can anyone help? Thank you!

[REDACTED]

Also, here's a report from Rogue Killer, plus a report from Farbar Service Scanner, if that helps!


Thanks again,


BRPW

[essexboy]

Avast should restart after the system has rebooted

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION 
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
2014-10-21 07:52 - 2014-10-21 07:52 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\ugbSgeP
2014-10-20 22:20 - 2014-10-20 22:20 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\nejavBP
2014-10-20 13:55 - 2014-10-20 13:55 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\nIWqBK
2014-10-19 13:32 - 2014-10-19 13:32 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\nAomSX
2014-10-19 08:03 - 2014-10-19 08:03 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\bNBKIeO
2014-10-18 08:04 - 2014-10-18 08:04 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\uGtSvZj
2014-10-17 15:43 - 2014-10-17 15:43 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\iXjYcqvat
2014-10-16 07:35 - 2014-10-16 07:35 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\dneFDqxQIF
2014-10-15 07:23 - 2014-10-15 07:23 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\GHiLzjbR
2014-10-14 09:55 - 2014-10-14 09:55 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\YBQIRTrl
2014-10-14 08:17 - 2014-10-14 08:17 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\nTsjAcmx
2014-10-13 11:35 - 2014-10-13 11:35 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\.mono
2014-10-13 07:10 - 2014-10-13 07:10 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\iWPDOLAO
2014-11-12 16:46 - 2014-03-06 09:50 - 00055051 _____ () C:\Users\Ben\AppData\Roaming\ADbG23sW.dat
2014-10-25 08:16 - 2012-12-23 15:11 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
C:\ProgramData\hash.dat
Hosts:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Scan.
  
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.
  

[REDACTED]

Avast should restart after the system has rebooted

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION 
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
2014-10-21 07:52 - 2014-10-21 07:52 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\ugbSgeP
2014-10-20 22:20 - 2014-10-20 22:20 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\nejavBP
2014-10-20 13:55 - 2014-10-20 13:55 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\nIWqBK
2014-10-19 13:32 - 2014-10-19 13:32 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\nAomSX
2014-10-19 08:03 - 2014-10-19 08:03 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\bNBKIeO
2014-10-18 08:04 - 2014-10-18 08:04 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\uGtSvZj
2014-10-17 15:43 - 2014-10-17 15:43 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\iXjYcqvat
2014-10-16 07:35 - 2014-10-16 07:35 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\dneFDqxQIF
2014-10-15 07:23 - 2014-10-15 07:23 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\GHiLzjbR
2014-10-14 09:55 - 2014-10-14 09:55 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\YBQIRTrl
2014-10-14 08:17 - 2014-10-14 08:17 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\nTsjAcmx
2014-10-13 11:35 - 2014-10-13 11:35 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\.mono
2014-10-13 07:10 - 2014-10-13 07:10 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\iWPDOLAO
2014-11-12 16:46 - 2014-03-06 09:50 - 00055051 _____ () C:\Users\Ben\AppData\Roaming\ADbG23sW.dat
2014-10-25 08:16 - 2012-12-23 15:11 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
C:\ProgramData\hash.dat
Hosts:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Scan.
  
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.
  

Here's the FRST log. Runnin Adwcleaner now; will report back.

[REDACTED]

Attached is AdwCleaner Log (popped up upon restart)


# AdwCleaner v4.101 - Report created 12/11/2014 at 18:32:34
# Updated 09/11/2014 by Xplode
# Database : 2014-11-12.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Ben - BRPW-DESKTOP-PC
# Running from : C:\Users\Ben\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Users\Ben\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Ben\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Ben\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Ben\AppData\Roaming\Strongvault
Folder Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
Folder Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : [x64] HKLM\SOFTWARE\Conduit
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Mozilla Firefox v30.0 (en-US)

[tifyayxx.default\prefs.js] - Line Deleted : user_pref("extensions.freecorder@freecorder.com.menuitems", "[{\"name\":\"Freecorder Menu Header\",\"img\":\"hxxp://freecorder.com/fc8/ui/buttons/menu_header.png\",\"width\":225,\"height\":65},{\"name[...]

-\\ Google Chrome v38.0.2125.111


*************************

AdwCleaner[R0].txt - [5086 octets] - [12/11/2014 18:31:02]
AdwCleaner[S0].txt - [4930 octets] - [12/11/2014 18:32:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4990 octets] ##########

[essexboy]

Is Avast now up and running ?

[REDACTED]

Is Avast now up and running ?

It is, but Action Center is also saying "No anti virus software found", plus I had to enable windows defender also. I've arranged a scheduled boot time scan via Avast.


Also tried to load Facebook and some other things and had the windows time out and get 'SSL errors', not  sure if that's related.


I also noticed a week or two ago what feels like GB's of missing space. Maybe 30GB?

[essexboy]

Could you run a fresh FRST scan for me please

[REDACTED]

Could you run a fresh FRST scan for me please

They're attached

Thanks for all the help so far by the way! Very much appreciated!

[essexboy]

You need to remove all of AVG http://www.avg.com/gb-en/utilities

Also could you right click the Avast icon and select Avast shield control
Select disable for 10 minutes
After a minute or two re-enable the shields and see if it is now recognised

[REDACTED]

You need to remove all of AVG http://www.avg.com/gb-en/utilities

Also could you right click the Avast icon and select Avast shield control
Select disable for 10 minutes
After a minute or two re-enable the shields and see if it is now recognised

Okay, here's what's happened.

Removed AVG, but I still have one aspect; a small popup box in the bottom right hand corner that says:

"Please click 'Relaunch Browsers' to apply your security settings.


I tried running AVG Remover(64bit) 2015 and AVG Identity Protection Remover. Still there.


However, Avast is now running and there's no Action Center flag.

[essexboy]

Can you right click the popup and select properties and let me know what the target is

[REDACTED]

Can you right click the popup and select properties and let me know what the target is

Couldn't click on it; screenshot attached (apologies that it's small. Two screens screenshot + paint doesn't provide a great shot...

[REDACTED]

I'm also having problems with Avast; I keep getting blocked malware warnings. Apparently Chrome.exe keeps blocking Malware. Once every hour or so; it's not regular. Sometimes I have two warnings in ten minutes and then nothing for two hours.

[essexboy]

That is an AVG popup, after this could you run a fresh FRST scan please 

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

HKU\S-1-5-21-3723616267-2571764502-2560082680-1000\...\Run: [AVG-Secure-Search-Update_1014avt] => C:\Users\Ben\AppData\Roaming\Avg_Update_1014avt\AVG-Secure-Search-Update_1014avt.exe [2774040 2014-09-23] ()
R4 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X]
R4 Avgrkx64; system32\DRIVERS\avgrkx64.sys [X]
R4 Avgtdia; system32\DRIVERS\avgtdia.sys [X]
2014-11-12 18:38 - 2014-11-12 20:20 - 00002906 _____ () C:\Windows\System32\Tasks\AVG-Secure-Search-Update_1014avt_RML
2014-11-12 18:38 - 2014-11-12 20:20 - 00000526 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_1014avt_RML.job
2014-11-12 18:19 - 2014-11-12 18:34 - 00000526 _____ () C:\Windows\Tasks\AVG_SYS_TASK_1014avt.job
2014-11-12 18:19 - 2014-11-12 18:34 - 00000392 _____ () C:\Windows\Tasks\AVG_SYS_TASK_1014avt_DELETE.job
2014-11-12 18:19 - 2014-11-12 18:19 - 00002894 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_1014avt_DELETE
2014-11-12 18:19 - 2014-11-12 18:19 - 00002820 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_1014avt
2014-11-12 18:19 - 2014-11-12 18:19 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Avg_Update_1014avt
2014-11-12 18:18 - 2014-11-12 18:19 - 00000000 ____D () C:\ProgramData\Avg_Update_1014avt
2014-11-12 18:17 - 2014-11-12 18:17 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\AVG2015
2014-11-12 18:15 - 2014-11-12 18:42 - 00000000 ___HD () C:\$AVG
2014-11-12 18:15 - 2014-11-12 18:42 - 00000000 ____D () C:\ProgramData\AVG2015
2014-11-12 18:13 - 2014-11-12 18:13 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-11-12 18:09 - 2014-11-12 18:45 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-12 18:09 - 2014-11-12 18:18 - 00000000 ____D () C:\Users\Ben\AppData\Local\Avg2015
2014-11-12 18:09 - 2014-11-12 18:09 - 04578024 _____ (AVG Technologies) C:\Users\Ben\Downloads\avg_avct_stb_all_2015_5315_ppc17.exe
2014-11-12 18:09 - 2014-11-12 18:09 - 00000000 ____D () C:\Users\Ben\AppData\Local\MFAData
Task: {7089EEAB-0B24-43EF-9E62-3D7B72797FBB} - System32\Tasks\AVG_SYS_TASK_1014avt_DELETE => C:\ProgramData\Avg_Update_1014avt\AVG-Secure-Search-Update_1014avt.exe [2014-09-23] ()
Task: {D8060C78-F619-4FAD-B7D6-6048D943B6FC} - System32\Tasks\AVG-Secure-Search-Update_1014avt_RML => C:\Users\Ben\AppData\Roaming\Avg_Update_1014avt\AVG-Secure-Search-Update_1014avt.exe [2014-09-23] ()
Task: {F0CBDC62-9A7A-4FD7-9C7B-C0CD3CDC086B} - System32\Tasks\AVG_SYS_TASK_1014avt => C:\ProgramData\Avg_Update_1014avt\AVG-Secure-Search-Update_1014avt.exe [2014-09-23] ()
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_1014avt_RML.job => C:\Users\Ben\AppData\Roaming\Avg_Update_1014avt\AVG-Secure-Search-Update_1014avt.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_1014avt.job => C:\ProgramData\Avg_Update_1014avt\AVG-Secure-Search-Update_1014avt.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_1014avt_DELETE.job => C:\ProgramData\Avg_Update_1014avt\AVG-Secure-Search-Update_1014avt.exe
C:\Users\Ben\AppData\Roaming\Avg_Update_1014avt
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that