A few days ago my PC seemed to get infected with the AVG Nation toolbar.
The AVG virus checker came installed with this relatively new PC and it seems to have behaved itself quite well since then.
Then a couple of days ago, turned on PC, desktop wallpaper gone, lots of desktop shortcuts gone, no connection on email (Outlook 2010) and the web browser (IE10) displayed a big "AVG NATION".
Lots of odd behaviour.
Managed to reconnect email to ISP but lost address book and old PST files.
Googled for "AVG Nation" and tried to follow the MalwareTips instructions to remove it:
tried to un-install it from Control Panel but it ran and ran for 30+ minutes apparently doing nothing.
Disabled IE add-ons, installed and ran Adwcleaner, downloaded and installed Junkware Removal Tool. It said it was installed to desktop but not there. Tried twice - suspect this is related to "permissions problem, see below.
Ran MalwareBytes - no threats but it fails to create a log file (see below)
Installed and ran HitmanPro. No threats, log below.
None of these showed many suspicious entries or files but cleaned things where advised.
Now AVG Nation appears to be gone from IE.
Occasionally when IE starts, get a pop-up dialogue asking about "use recommended security and compatibility settings". This is new.
Full scan using Microsoft Security Essentials - no threats detected.
Another full scan by Malwarebytes - No malicious items detected.
Full scan by Spybot Search & Destroy - found 2 "BrowseFox" adware entries. Removed using SpyBot. Re-ran, no threats.
Uninstalled AVG (the virus checker) using Control Panel. The Infospace "AVG Nation toolbar" still appears in Control Panel's list of programs.
BUT some odd file access problems remain - maybe someone can please help?
For example, all my Favorites have gone from IE. They are all in the expected folder:
C:\Users\Pete\Favorites
but in IE there's nothing. If I create a new favorite in IE it gets stored to
C:\Windows\SysWOW64\config\systemprofile\Favorites
Why is this?
In IE all the sites I had blocked from storing cookies have gone (tools, internet options, privacy, sites, managed websites).
All my desktop shortcuts are in the expected folder C:\Users\Pete\Desktop but this clearly isn't read when Windows starts.
When MalwareBytes completes it tries to create its text log file but it says "the specified path cannot be found". Notepad opens with a blank page.
If I try to associate a file extension with a particular application (say .txt with Notepad++) I can browse to and select the relevant exe but the option to "always use the selected program" is greyed out and it remains associated with the default MS-Notepad.
Help in MS-Word, Excel & PowerPoint all say "There is a problem with one or more installed help files. Please repair your Office installation".
If I set a different desktop theme, say Windows Classic, it gets set but is gone on the next restart. The background is just black (same set of shortcuts remain).
I guess there are other things although as far as I can tell all my files and folders appear to be present.
So on the face of it AVG Nation has gone bit there seems to be some loss of file or folder permissions or access. Can I/we confirm this and/or fix it?
For info:
Windows 7 Professional, 64bit, SP1, 16Gb RAM. Intel Core i5, 3.4GHz
Thanks
Pete
# AdwCleaner v3.018 - Report created 12/02/2014 at 21:41:57
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Pete - PETE-PC
# Running from : F:\AVGNation removal\adwcleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16750
*************************
AdwCleaner[R0].txt - [5886 octets] - [11/02/2014 20:23:43]
AdwCleaner[S0].txt - [6062 octets] - [11/02/2014 20:26:35]
AdwCleaner[R1].txt - [1064 octets] - [11/02/2014 20:30:29]
AdwCleaner[S1].txt - [1159 octets] - [11/02/2014 20:31:40]
AdwCleaner[R2].txt - [814 octets] - [12/02/2014 21:41:57]
########## EOF - \AdwCleaner\AdwCleaner[R2].txt - [873 octets] ##########
The AVG virus checker came installed with this relatively new PC and it seems to have behaved itself quite well since then.
Then a couple of days ago, turned on PC, desktop wallpaper gone, lots of desktop shortcuts gone, no connection on email (Outlook 2010) and the web browser (IE10) displayed a big "AVG NATION".
Lots of odd behaviour.
Managed to reconnect email to ISP but lost address book and old PST files.
Googled for "AVG Nation" and tried to follow the MalwareTips instructions to remove it:
tried to un-install it from Control Panel but it ran and ran for 30+ minutes apparently doing nothing.
Disabled IE add-ons, installed and ran Adwcleaner, downloaded and installed Junkware Removal Tool. It said it was installed to desktop but not there. Tried twice - suspect this is related to "permissions problem, see below.
Ran MalwareBytes - no threats but it fails to create a log file (see below)
Installed and ran HitmanPro. No threats, log below.
None of these showed many suspicious entries or files but cleaned things where advised.
Now AVG Nation appears to be gone from IE.
Occasionally when IE starts, get a pop-up dialogue asking about "use recommended security and compatibility settings". This is new.
Full scan using Microsoft Security Essentials - no threats detected.
Another full scan by Malwarebytes - No malicious items detected.
Full scan by Spybot Search & Destroy - found 2 "BrowseFox" adware entries. Removed using SpyBot. Re-ran, no threats.
Uninstalled AVG (the virus checker) using Control Panel. The Infospace "AVG Nation toolbar" still appears in Control Panel's list of programs.
BUT some odd file access problems remain - maybe someone can please help?
For example, all my Favorites have gone from IE. They are all in the expected folder:
C:\Users\Pete\Favorites
but in IE there's nothing. If I create a new favorite in IE it gets stored to
C:\Windows\SysWOW64\config\systemprofile\Favorites
Why is this?
In IE all the sites I had blocked from storing cookies have gone (tools, internet options, privacy, sites, managed websites).
All my desktop shortcuts are in the expected folder C:\Users\Pete\Desktop but this clearly isn't read when Windows starts.
When MalwareBytes completes it tries to create its text log file but it says "the specified path cannot be found". Notepad opens with a blank page.
If I try to associate a file extension with a particular application (say .txt with Notepad++) I can browse to and select the relevant exe but the option to "always use the selected program" is greyed out and it remains associated with the default MS-Notepad.
Help in MS-Word, Excel & PowerPoint all say "There is a problem with one or more installed help files. Please repair your Office installation".
If I set a different desktop theme, say Windows Classic, it gets set but is gone on the next restart. The background is just black (same set of shortcuts remain).
I guess there are other things although as far as I can tell all my files and folders appear to be present.
So on the face of it AVG Nation has gone bit there seems to be some loss of file or folder permissions or access. Can I/we confirm this and/or fix it?
For info:
Windows 7 Professional, 64bit, SP1, 16Gb RAM. Intel Core i5, 3.4GHz
Thanks
Pete
# AdwCleaner v3.018 - Report created 12/02/2014 at 21:41:57
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Pete - PETE-PC
# Running from : F:\AVGNation removal\adwcleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16750
*************************
AdwCleaner[R0].txt - [5886 octets] - [11/02/2014 20:23:43]
AdwCleaner[S0].txt - [6062 octets] - [11/02/2014 20:26:35]
AdwCleaner[R1].txt - [1064 octets] - [11/02/2014 20:30:29]
AdwCleaner[S1].txt - [1159 octets] - [11/02/2014 20:31:40]
AdwCleaner[R2].txt - [814 octets] - [12/02/2014 21:41:57]
########## EOF - \AdwCleaner\AdwCleaner[R2].txt - [873 octets] ##########
Code:
HitmanPro 3.7.9.212
www.hitmanpro.com
Computer name . . . . : PETE-PC
Windows . . . . . . . : 6.1.1.7601.X64/4
User name . . . . . . : Pete-PC\Pete
UAC . . . . . . . . . : Disabled
License . . . . . . . : Trial (29 days left)
Scan date . . . . . . : 2014-02-12 21:54:53
Scan mode . . . . . . : Normal
Scan duration . . . . : 3m 14s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 0
Objects scanned . . . : 1,444,763
Files scanned . . . . : 31,144
Remnants scanned . . : 337,245 files / 1,076,374 keys
.
