Yes, but you're still infected. Those two randomly-named .exe files that HJT found are just a couple of components of a larger malware infection, other pieces of which may still be active.

You...

That symptom could have a non-malicious cause, try this first:

* Open the Event Viewer utility in your Administrative Tools control panel and look through your System and Application logs for...

Glad I could help :)

It sounds as though you may be unfamiliar with the relationship between files and the filesystems on which they are created.

In your scenario, although technically it certainly is altered from...

That's not totally unusual, but at least now your system is clean, so we don't have to worry about further complications caused by the infections.

Let's have a look at your Event Logs and see if...

Hi top.tucnak- welcome to DaniWeb!

Please read my previous post (directly above yours) regarding our reasons for asking members to start their own new thread when they have a malware problem they...

Sorry- I should have had you check to make sure that the service was disabled before we attempted to delete it. HijackThis can't delete a service if it is running. This should do the trick:

1....

Good job- except for one leftover, your log is clean now :)

Having you manually search for the 4 files and two folders was just a double-check to verify that they were really deleted by the...

Thanks for the new log. I see signs of at least 4 different adware/spyware infections in that log, so it might take a few passes to get them all removed. Please be patient, and follow any...

You're welcome- glad we could help :)

Since the issue is now resolved, could you please ckick the "Mark as Solved" link at the top of this thread? Thanks.

So, the plot thickens... joy.
Let's take a closer look at what's going on in your system. We aren't going to change/fix anything in the following procedure; we're just going to see if any obvious...

Why- you celebrate, of course.... http://www.stevewolfonline.com/Downloads/DMR/Visuals/Smilies/party.gif

SmitfraudFix looks to have done its job, and your latest HijackThis log is clean. :)
...

Let's get AOL out of the picture for a few moments: Close down the AOL browser entirely, fire up Internet Explorer, and enter Yahoo through IE.
Do you experience the same problems as you do when...

We're not done yet- many of the infections were cleaned, and the symptom may have been removed, but pieces of the nastiest one (a Smitfraud/SpySheriff variant) are still active.

This is normal,...

Hi zhen87- welcome to DaniWeb :)

The HijackThis log you posted definitely shows that you have infections, but the version of HijackThis that you are using is extremely out-of-date and therefore...

"Nasties" may be responsible, but given your description, they wouldn't be my first suspicion. We can check out the possibility, though.

Before we head in that direction: Does this only happen...

Does this occur only when you are connected, or does it happen at other times as well.

gerbil is right- posting the full and exact error message that the blue screen gives you will help us,...

You posted your question in our virus/spyware forum; do you have any specific reasons to believe that such nasties are the root of the problem? If so, please tell us the details.

There are a few different infections which display bogus alert warnings, let's see if we can find out which variant you have.
Please do the following:

You will need to close/quit all web browser...

* The 2wire device is one of their integrated modem/router models, yes?

* If the 2wire has an Ethernet port, connect the Thinkpad to it with a CAT5 cable. That will at least help to determine if...

Thanks for that- your HJT log show the presence of a couple of active pieces of malware, as well as some leftovers from previous infections.

Before we begin the removal, please tell us what's...

In order for us to help you most quickly, please give us specifics when you mention infection alerts, error messages, etc.

Please post the names and locations of the infected files that Kaspersky...

Hijackthis is the most widely-used adware/spyware diagnosis tool I know of, and those of us who specialize in removing these nasties have been using it for years. Here's the deal:
You have an...

Your log does shows signs of a few different infections. It also indicates that you have quite a few optional (but non-malicious) items configured to run at Windows' startup, and these programs are...

Bleh! Yup- you've got Nasties.

A) A pictorial walk-through of the removal procedure for the "VirusBursters" infection can be found here (http://www.bleepingcomputer.com/forums/topic70074.html)....

Unfortunately, restoring the correct DNS server entries and/or switching web browsers may resolve the redirection problem, but it does nothing to remove the infection itself.

Once the bogus DNS...

The underlying problem has nothing to do with a browser conflict, and there is certainly no need to reinstall Firefox (and doing so won't fix the problem anyway).
What is happening is that the...

Your first error is due to a corruption/conflict with the monitor.exe component of the Acer eRecovery utility. I can't give you an exact fix, but either of these suggestions may make the error go...

Nope, you're cool here- this is the "Windows Security" forum, or at least that was its original name. We renamed it to "Viruses, Spyware, and other Nasties" some time ago, but obviously forgot to...

Smartbridge and some other applications are now commonly barfing such errors due to a conflict between the version of PSAPI.DLL that those applications installed and the newer version of PSAPI.DLL...

Let's start by identifying exactly what kind of "nasties" you have:

Our usual preliminary drill:

You will need to close/quit all web browser programs and disconnect from the Internet for some...

The problem may indeed be user error, or it could have been caused by some random system fault/corruption as well. If not even the default Windows groups (Main, Accessories, Games, etc.) appear under...

Um... noooo- Norton can't delete it because the dll is already loaded/running, and has protected itself in such a way that Norton can't terminate it, which is what Norton would need to do before it...

Ahhh- we like that! Glad we could help, Neil- great work on your part as well :)

Now that your logs are clean and the System32 box is gone, you'll want to re-enable SpyBot's Tea Timer again, as...

You will need to close/quit all web browser programs and disconnect from the Internet for some of the following, so you should print out the following instructions or save them into a text file with...

OK- Install the most current updates for Norton and run a full system scan with it. Have it fix everything it finds.

There is some hidden component of the PCShield infection which is recreating...

You're welcome- I'm glad we could help :)
Given that things are working now, there's no need to post the Event Viewer details as far as I can see.

However, if you want to make sure that there...

1. Hmm... when/why did you uninstall Norton Antivirus? It was present in your first log, but not your latest. :?:


2. I think SpyBot's "Tea Timer" function may have gotten in the way of the fixes...

Great- glad that worked for you. :)

There are a few different causes for the disassociation between .exe files and .lnk (shortcut) files, but there isn't any definitive answer to the problem....

nrp46e-

I haven't forgotten the main issue here, but I'm only on my lunch break right now and don't have time to post the next steps for you; I'll do that later today.