It is normal to have multiple iexplore.exe entries with Internet Explorer v8.
I have reviewed your logs and you did have malware. We need to make sure it has all been found and removed:
Please reopen HijackThis to 'do system scan only'
Put a Check by each of the following: NOTE: Do not click on Fix Checked until finished:
O2 - BHO: PimpFish Toolbar Opcode Handler - {29C88E20-4234-41B9-A9DB-982958C95FB1} - C:\Program Files\PimpFish\PimpFish.dll
O2 - BHO: FloatBar Class - {75B1A646-CDCE-4C06-B52F-84F4463B4FC8} - C:\Program Files\PimpFish\FloatBar.dll
O3 - Toolbar: PimpFish - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - C:\Program Files\PimpFish\PimpFish.dll
If you are actively using Maid Control for your email, leave the following. If not, check it:
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidctl_vsp.closetmaid.com_downloader.cab
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} - http://bah.centra.com/main/Install/en/US/CentraDownloader.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/27.38/uploader2.cab
Did you or another user on the system set up a VPN using the following? If Yes leave it. If not, check for removal:
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://secure.bah.com/dana-cached/setup/JuniperSetupSP1.cab
Close all Windows except HijackThis and click on
'Fix Checked
Boot into Safe Mode
[*] Restart your computer and start pressing the F8 key on your keyboard.
[*] Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
[1].Start> Run> type in
msconfig> enter> Selective Startup> Startup tab> Uncheck the following if present:
Pimp Fish entries
FloatBar entries
Closetmaid entries
MSWorks.exe
WINWORD.EXE
ALL HP entries including Digital Imaging.
Dell Photo Printer> dlbtbmgr.exe
All Java entries> jqs
All Adobe entries:> AcroIEHelper.dll
When through> Apply> OK
None of the above need to start on boot. They can be started manually when and if needed. So the resources they use can be applied for something else.
[2]Start> Run> type in
services.msc> right click on- Service: dlbt_device - Dell> Properties> Change the Startup type to Manual.
[3]Open Internet Explorer> Tools> Manage Add-ons> find each of the following> highlight> set to Disabled. Note: there are 2 sections for the add-ons box. check them both:
vsp/cmaidctl_vsp.closetmaid- if not using
CentraDownloader
Juniper entry if not using
[4]Reboot the computer into Normal Mode> NOTE: ignore the nag message and close after checking 'don't show this message again.' Stay in Selective Startup.
I suggest you uninstall PimpFish and it's toolbar
"PimpFish empowers you to save any material you see on any website, download faster, share stuff easily and get hold of those hard-to-get embedded video files. Grab, save and share movies, Flash and pictures ...: "
http://www.pimpfish.com/
Control Panel> Add/Remove Program> Uninstall Pimp Fish
After completing the above, please run a full system scan with your antivirus. Save the log and attach to next reply.
Please download ComboFix
HERE:
- With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
- Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
- Run Combo-Fix.exe and follow the prompts.
(Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
- Wait for the scan to be completed.
- If it requires a reboot, please do it.
• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)
Do not click on the ComoboFix window, as it may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Attach log for AV, report for Combofix. Rescan with HJT and include new log.