Malicious Infections... :o

Make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis (these steps must be followed):

Downloading, Installing, and Running HijackThis

 

I guess you don't understand it. Please follow the directions. HJT must be installed properly and logs must be attached as the directions tell you.

You also never ran step 1 of the READ ME FIRST cleaning section.

 

By the way, all of the Control Panel applets are files with the .CPL filetype and they are located in your C:\WINDOWS\system32 folder.

You should look there to see if there are duplicates that can be deleted.

 

No you did not! You skipped the first step:

The sticky I gave you for using HijackThis explains why it must be installed properly.

However, you HijackThis log really does not show any signs of infection. That does not necessarily mean you are perfecty clean. It just means the locations that HJT looks at show nothing. The only item in you log I wonder about is:

C:\Program Files\SMASHER\Smasher.exe
C:\Program Files\SMASHER\Smasher.exe
O4 - Global Startup: SMASHER.lnk = C:\Program Files\SMASHER\Smasher.exe

Did you look for and delete and additional .cpl files this time?
Do you still have multiple icons in Add/Remove programs?
What other issues do you currently have?

If you are still having issues you could try the two below scans. They sometime find things others miss:

Panda ActiveScan Save the log and attach later

Running Ewido Security Suite attach this log too.

 

I'm not sure what you mean by "IE is executed"? It is suppose to be executed when you run it. Or did you mean to say, something terminates or kills IE after you run it? If so, do you get any error messages.

 

All are valid! Explorer is always running! It is your system shell and runs at startup. Without it you would have no Desktop or icons or Start button.

 

Run the two I gave you at the end of message # 8 and post their logs.

 

That's because of all the cookies you need to empty your Norton protection of your Recycle bin. You could have ZIP the file too.

 

Did you empty the Norton Protect folder as I indicated?

Please post a new HJT log attachment. I do not think you have a trojan.

When IE terminates, do you get an error message? If so, what is the exact message. This sounds more like a corrupted DLL file than malware.

 

Have your run the below tools:

Microsoft Windows AntiSpyware

Spy Sweeper

It may be worth running them to see if they find anything. They do not require a connection to run. Also would be best to run them with browsers closed.

 

And where are you seeing this? What are you using to see the thread? Or are you just guessing?

One thing you need to do is use only on antivirus application. I see both Symantec and Kaspersky. Decide which one you want and uninstall the other. It sort of looks like Kaspersky may already be partially but not completely uninstalled.

Are you sure you trust Smasher?

Download Process Explorer

Unzip it and now run ProcessExplorer and lets configure some options first:
Click View and select Show Lower Pane. And where it says "Lower Pane View" make sure DLL's is checked. Now click on explorer.exe. Now also under the View menu choose "Select columns" and put a check mark on "Image Path". Now click on File and then Save As. And save the process list. Post it back here as an attachment.

Now repeat the above but this time have one (and only one) Internet Explorer browser open and select iexplore.exe instead of explorer.exe.

Post both process lists here as attachments.

 

There are no strange processes showing running under Windows Explorer.

You forgot to select iexplore.exe before getting the second process list from ProcessExplorer. Please try it again.

Also do the following.

Download WinPFind

Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind in the C:\ folder. Inside c:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard. Then save it to a file using notepad and upload the text file here as an attachment.

 

You should not be saving it as iexplorer.exe. That is the name of you Internet Explorer executable file. Just save it to a file like IEprocesses.txt or even jsut processlist.txt However, you did not have iexplore.exe selected when you saved the file. That is why there is no info in the bottom window for all the DLLs.

It was dangerous to name your explore one as you did (explorer.exe.txt). If you did this in the wrong folder and made a mistake with how you saved it, you could potentially overwrite the explorer.exe shell (normally it should not be possible because it is always running).

 

You're welcome! You should make sure you have checked out the steps in the below:

How to Protect yourself from malware!