Hi, I had a look at yout HJT (hijackthis) log. It shows traces of vundo. Along with, yes count them 3 antivrus programs. One at a time is the norm. You are not more protected, rather, probably less protected than with just 1.
I don’t know how well this will work until you uninstall 2 of the antivirus programs.
So start by uninstalling 2 of them. Your choice.
Then, teatimer will have to be disabled, or it will interfer with any fixes we are going to do.
Open Spybot and make sure teatimer is disabled, we will re-enable afterwards. To do so do the following
Click mode
click Advanced mode
if you get a warning answer “yes”
click tools
click resident
uncheck resident “teatimer”
click allow change
Download and Unzip to your Desktop: http://www.techsupportforum.com/sectools/ResetTeaTimer.zip
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.
Reboot.
Open HJT, run a system scan only, check mark these lines if present
[b]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {445CCC1C-B639-4924-B785-BA1DAA48ED61} - (no file)
O2 - BHO: (no name) - {4FEB0D4C-F53C-470C-9640-1C4A5A262E26} - (no file)
O2 - BHO: (no name) - {783C1844-6785-40D0-9629-3F3B0D927E43} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8691F860-96E4-4FB3-8D35-531C0D1B0AC1} - (no file)
O2 - BHO: (no name) - {F1D04022-B193-4344-AA49-4C47FBB4C703} - (no file)
O2 - BHO: (no name) - {F637F016-4785-493B-932D-9359FC69AAA0} - C:\WINDOWS\system32\wvUnKEvT.dll (file missing)
O20 - Winlogon Notify: geBRjKdd - geBRjKdd.dll (file missing)
O20 - Winlogon Notify: perfnw32 - perfnw32.dll (file missing)
NOTE: [color=red]If you or an administrator DID NOt set these line with spybot, you can include them in the fix
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present[/b]
Close all other browsers/windows, click fix checked, close HJT.
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
Please download Malwarebytes’ Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Please post back with the malwarebytes results and a new HJT log. Please give us an update on your computer’s status.
Thanks.