Open HijackThis
Place a check against each of the following, making sure you get them all and not any others by mistake:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.sho...0217&id=5.20013
R3 - Default URLSearchHook is missing
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O20 - Winlogon Notify: vtstr - C:\WINNT\system32\vtstr.dll (file missing)
Close all programs leaving only HijackThis running.
Click on Fix Checked when finished and exit HijackThis.
***
Update Ewido to the latest definitions, don't scan yet.
***
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml
***
Run Ewido.
- Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
- If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.
- When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.
Reboot back to normal mode.
Post me a fresh HijackThis log and the Ewido log to check.