possible infection preventing AVG removal

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by mslady99, May 19, 2013.

  1. mslady99

    mslady99 Private E-2

    Good Afternoon and thank you for helping me:

    Here is my issue: I switched from AVG antivirus free home edition to Avast. When I uninstalled the AVG it did not remove the toolbar. I have disabled the toolbar but it seems as if it's still active. I have yahoo DSL for internet service with a yahoo toolbar. My internet explorer will sometimes default to avg instead of yahoo while surfing the internet.

    When I try to launch my AOL, I’ll get a message stating that AOL has detected a firewall and I’ll have to retry it a few times before it will connect.

    I checked my windows firewall settings and this is what I see. In the windows firewall_exceptions tab_programs and services: There is a box with this verbiage; "Windows firewall is blocking incoming network connections except for the programs and services selected below" these AVGs are in the list along with my other programs. Avast is not in the list. (Shouldn’t this say avast now?)

    AVG installer
    AVG installer
    Avgemc.exe
    Avgupd.exe

    When I look at internet options_general tab_change search default settings_search providers, I see this list:

    Aol search, Status tab: Default, Listing order tab: 1, Search Suggestions tab: not available
    Bing, Status tab: blank, Listing order tab: 2, Search suggestions tab: disabled
    Viewpoint search, Status tab: blank, Listing order tab: 3, Search suggestions tab: not available
    AVG secure search, Status tab: blank, Listing order tab: 4, Search suggestions tab: disabled

    Please help, I have attached the read me and run me logs just incase I am infected with something.

    I posted this in the software help section because I didn't really know where this would apply. It was suggested that I download the AVG removal tool from this site, which I did, and to repost this message in the malware removal section so that you can interpret the logs. I have the log for AVG removal tool as well. The attachments box is not allowing me to attach the logs again.
     
    mslady99, May 19, 2013
    #1
  2. mslady99

    mslady99 Private E-2

    My previous post in the software forum is titled "AVG NOT FULLY REMOVED". I don't know how to move the logs I've attached to this one.
     
    mslady99, May 19, 2013
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll (file missing)
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
    O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - E:\CDS300\__CDS2.dll (file missing)
    O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe (file missing)

    After clicking Fix, exit HJT.


    Please download OTM by Old Timer and save it to your Desktop.
    • Run it by double clicking on it (Note: if using Vista, Win7, or Win8, don't double click, use right click and select Run As Administrator).
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
      the code box
    Code:
    :Processes
explorer.exe
 
:Services
AVG Security Toolbar Service
 
:Files
C:\Documents and Settings\SHARESE\Local Settings\Temp\*.*
 
:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{DA88C70A-D543-4D92-A3D3-709D6A9AE84C}"
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\VWPT]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B70B7D72-B2A5-450B-B8A2-691703E3E978}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F8AD5AA5-D966-4667-9DAF-2561D68B2012}"=-
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"=-
:Commands
[purity]
[EmptyTemp]
[start explorer]

[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
      ) and choose Paste.
    • Now click the large [​IMG] button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.


    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:
    • the C:\_OTM\MovedFiles log
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, May 20, 2013
    #3
  4. mslady99

    mslady99 Private E-2

    Hello There,

    I have great news! the AVG toolbar is gone. Here is what's left: when I go to Windows firewall_exceptions_programs and services: these remaining AVG items are in the list of allowed programs and services. There are checkmarks in the boxes. Is this because I uset to have AVG?

    Avg Installer
    Avg Installer
    Avgemc.exe
    Avgnsx.exe
    Avgupd.exe

    Also when I ran the RougeKiller from the read me/run me instructions it placed file folder on my desktop called RK_Quarantine. What should I do with the folder? I did not open it.

    Here are the logs you requested.
     

    Attached Files:

    mslady99, May 21, 2013
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Your logs are good now.

    Yes that's normal.

    The below final instructions will take care of it and everything else we did.


    If you are not having any other problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    3. Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    5. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    8. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 6 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    chaslang, May 22, 2013
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds