It would appear from the HJT log that your AVG is out-of-date. Please update it ASAP.I strongly recommend that you remove
Ask from your computer because it;
•Promotes its toolbars on sites targeted to kids.
•Promotes its toolbars through ads that appear to be part of other companies' sites.
•Promotes its toolbars through other companies' spyware.
•Installs without any disclosure whatsoever and without any consent whatsoever.
•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.
See
Here for more info.
If you choose to follow my recommendation then please go to
Start > Control Panel > Add/Remove Programs and remove the following programs if present.
•
AskBarDis or anything related to Ask
Then please find and delete this folder in bold (if present):
C:\Program Files\
AskBarDis. or anything related to Ask.
****************************************************
Open
HijackThis and select
Open the Misc Tools section. Select
open process manager. select
C:\WINDOWS\system32\mshta.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
and click on
kill process.
Close
HJT************************
Please go to
Jotti's malware scan(If more than one file needs scanned they must be done separately and links posted for each one)* Copy the file path in the below Code box:
C:\WINDOWS\SYSTEM\RevHDD.exe
* At the upload site, click once inside the window next to
Browse.
* Press
Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click
Submit file* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
*
Important: Wait for all of the scanning engines to complete.
*
Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
***************************************
Open
HijackThis and select
Do a system scan onlyPlace a check mark next to the following entries: (if there)
O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll (file missing)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeImportant: Close all open windows except for
HijackThis and then click
Fix checked.Once completed, exit
HijackThis.**************************************
Add or Remove Programs1. Click on the Windows
Start button and click on the
Control Panel2. In the Control Panel window, double-click
Add or Remove Programs icon.
3. When the Add or Remove Programs window has fully populated, check for
Search Settings and
Application Updater and uninstall them.
****************************************
Download
Security Check by screen317 from one of the following links and save it to your desktop.
Link 1Link 2* Unzip
SecurityCheck.zip and a folder named
Security Check should appear.
* Open the
Security Check folder and double-click
Security Check.bat* Follow the on-screen instructions inside of the black box.
* A
Notepad document should open automatically called
checkup.txt* Post the contents of that document in your next reply.
Note: If a security program requests permission from
dig.exe to access the Internet, allow it to do so.
******************************************
Please download
ComboFix from
BleepingComputer.comAlternate link: GeeksToGo.comRename ComboFix.exe to commy.exe before you save it to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
A guide to do this can be found hereClick
Start>Run then copy paste the following command into the Run box & click
OK "%userprofile%\desktop\commy.exe" /stepdelAs part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console[/list]
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of
C:\ComboFix.txt in your next reply.
If you have problems with ComboFix usage, see
How to use ComboFix