First-time poster needs help cleaning malware. The symptom that is most obvious is that Avast does not show up in the task bar. Avast reports that it is blocked by group policy. I am running Windows Vista Home Basic, SP2. I have read other posts on here, and it looks like this problem can be solved by the experts on this forum. I have scanned with Malwarebytes, and it reports no infection. I am attaching the FRST logs, as requested by the forum sticky-post. Please advise what my next step should be.

Hi there, first you must uninstall Chrome, you can re-install when we have finished

Avast should start after the FRST reboot

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKLM Group Policy restriction on software: C:\Program Files\AVAST Software\Avast <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\f-secure <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Common Files\PC Tools <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-3622629461-2611409596-3684935848-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-3622629461-2611409596-3684935848-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-3622629461-2611409596-3684935848-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyServer: [HKLM] => http=127.0.0.1:55387;https=127.0.0.1:55387 SearchScopes: HKLM -> DefaultScope value is missing. SearchScopes: HKU\S-1-5-21-3622629461-2611409596-3684935848-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3622629461-2611409596-3684935848-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3622629461-2611409596-3684935848-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 2014-12-27 12:49 - 2014-12-27 12:50 - 01920640 _____ (TODO: ) C:\Users\Owner\Downloads\Unconfirmed 257630.crdownload 2014-12-26 22:49 - 2015-01-14 10:43 - 00000000 ___HD () C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C} 2014-12-26 17:12 - 2015-01-15 02:12 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage Task: {8407284B-F39F-404F-8F39-52BF6330ABA9} - \BrowserSafeguard Update Task No Task File <==== ATTENTION Task: {063C3F5F-D41C-448E-98F5-BFE407794972} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3622629461-2611409596-3684935848-1000UA => C:\Users\Jimmy Watkin\AppData\Local\Google\Update\GoogleUpdate.exe Task: {78C7DA1B-8677-4FC1-B979-8276CD57DD70} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3622629461-2611409596-3684935848-1000Core => C:\Users\Jimmy Watkin\AppData\Local\Google\Update\GoogleUpdate.exe Task: {8C5AB09C-FAD0-4340-AC63-4598C32128FF} - System32\Tasks\Google Updater and Installer => C:\Users\Jimmy Watkin\AppData\Local\Google\Update\GoogleUpdate.exe C:\Users\Occupant\AppData\Local\Google\Chrome EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

Google Chrome did not appear in add / remove programs, and there was no other indication that Chrome was installed as a usable program. I believe the entries remained as remnants of a previous uninstall attempt. Therefore, I proceeded to run the fix tool. After reboot, Avast appears in the taskbar, as hoped. Here is the log you requested. I am about to run the other cleaner you mentioned and post that log.

I ran AdwCleaner. It detected four entries under scheduled tasks. Those entries were then cleaned. Upon reboot, the log seems to be clean. The log file is attached. Please advise what my next step should be.

How is the computer behaving now ?

It seems to be performing normally, with the possible exception of some hard drive “thrash”, meaning that the hard drive indicator light seems to be on too much. I don’t know if this is normal, indication of needing a defrag, or an indication of a problem with the hard drive. Sometimes the computer just seems to lock up for a minute with the HDD indicator steadily on.

Run a chkdsk first to check it out. Although this is for windows 7 it is exactly the same for vista

http://www.howtogeek.com/howto/windows-vista/guide-to-using-check-disk-in-windows-vista/

The chkdsk found multiple errors, including bad clusters. I assume the hard drive is failing. I attached the log, for what help it may be. If I should create a new thread for hard drive help, then I will – if help is available on these forums for that sort of problem. I consider the malware to be removed. And I consider the damage it caused to be repaired. So, I thank you heartily for sharing your expertise and your time in that regard. Since this is my first time on these forums, I would appreciate any other guidance you may share.

We can have a look at the hard drive if you wish… What type of hard drive is it

Go to Control Panel > Device manager
Open the hard drive type by clicking the + mark

WDC WD1200BEVS-60UST0 ATA DEVICE

Drive diagnostic tool:
http://support.wdc.com/product/download.asp?groupid=810&sid=3&lang=en

Initially do the quick test to see what the results are

◦QUICK TEST - performs SMART drive quick self-test to gather and verify the Data Lifeguard information contained on the drive.

Screenshot attached. Test did not complete / failed.

Test Option: QUICK TEST
Model Number: WDC WD1200BEVS-60UST0
Unit Serial Number: WD-WXCZ07015637
Firmware Number: 01.01A01
Capacity: 120.03 GB
SMART Status: PASS
Test Result: FAIL
Test Error Code: 06-Quick Test on drive 1 did not complete! Status code = 07 (Failed read test element), Failure Checkpoint = 65 (Error Log Test) SMART self-test did not complete on drive 1!
Test Time: 13:33:57, January 16, 2015

Test Option: QUICK TEST
Model Number: WDC WD1200BEVS-60UST0
Unit Serial Number: WD-WXCZ07015637
Firmware Number: 01.01A01
Capacity: 120.03 GB
SMART Status: PASS
Test Result: FAIL
Test Error Code: 06-Quick Test on drive 1 did not complete! Status code = 07 (Failed read test element), Failure Checkpoint = 65 (Error Log Test) SMART self-test did not complete on drive 1!
Test Time: 13:44:05, January 16, 2015

You are right in surmising the HDD was going

I would recommend that you back up all the important stuff now before it fails

I will back up the data. Here are the results of the extended scan. I am going to select the option to try to repair. At some point, I will replace the drive or the laptop. Thanks for your help.

Update: Unable to repair bad sectors

Test Option: EXTENDED TEST
Model Number: WDC WD1200BEVS-60UST0
Unit Serial Number: WD-WXCZ07015637
Firmware Number: 01.01A01
Capacity: 120.03 GB
SMART Status: PASS
Test Result: FAIL
Test Error Code: 08-Unable to repair bad sectors.
Test Time: 14:43:39, January 16, 2015

I would recommend backing up before you try the repair

The repair failed just seconds after I requested the repair. I consider my issues to be successfully resolved, and this thread may be closed. Thank you again for your help. Very nice work.

My pleasure