@jholland: freshly formatted computer, want to make it NASTIES-proof, please help.

Question

somjit{} 60 Junior Poster in Training

13 Years Ago

a few months ago, i was battered by sality, and was waiting for my friend's external hard disk to backup my data, and do a full format.
well, I've done all those things now, and have installed kaspersky 2011 internet security suite(the licensed commercial version).

Also, as per the instructions of PhilliePhan's read me before posting thread in virus, spyware and other nasties forum, I've downloaded atf, dds,GMER and MBAM, and i'll be running them after this post. hoping not ro see too much red in any of those scans :)

but, still, i want to make my computer as safe as possible, and i was wondering if installing any firewalls etc would help? I've read that having multiple security suites in one machine is really bad!!:S so consedering that i have all the above protections, should i install a firewall? if so, what should i install?

you guys saved me the last time, hopefully this time i wont be much of a trouble :)

thanks again;
somjit{}

windows-virus

3 Contributors
35 Replies
337 Views
1 Day Discussion Span
Latest Post 13 Years Ago Latest Post by somjit{}

rubberman 1,355 Nearly a Posting Virtuoso

13 Years Ago

Stop running MS operating systems, and install Linux. Your chance of getting viruses and/or other malware will drop about 99.995%...

jholland1964 650 Posting Expert

13 Years Ago

somjit, you certainly can post the logs here so we can be sure all is clean.
Your new kaspersky 2011 internet security suite is an excellent program and it contains an antivirus program, and a two way firewall so you certainly don't need another firewall. The absolute rule is ONE firewall should be running on a system.
You need to make sure the operating system is full updated, inluding all service packs and most recently offered updates.
Your Java should be fully up to date. Current version is update 6 version 26.
You need to be sure you have correct settings in your browser. I am not certain yet which one you are using but for Internet Explorer go to Tools, Internet Options.
On the General Tab click the Browsing History Settings Tab. Be sure there is a dot in Everytime I visit the web page. Set the disk space to use to around 250 MB. Choose the number of days you wish to keep in History. The number of days is of course your choice. I have mine set to 7.
Hit Ok on that and then go to the Privacy Tab.
Hit the Advanced Button. Make sure there is a dot in Accept 1st Party Cookies, BLOCK 3rd Party cookies and a check mark in Accept Session Cookies.
Hit Ok. and then close out Internet Options.

I strongly recommend that you download, install, update, enable all protection in SpywareBlaster from Javacool. A superb protection program and it does not run in the background but gives protection for the following:
ActiveX-based spyware, adware, dialers, browser hijackers, and other potentially unwanted programs. It can also block spyware/tracking cookies in IE, Mozilla Firefox, Netscape, and many other browsers, and restrict the actions of spyware/ad/tracking sites. I truly wouldn't run my computers without it installed and enabled.
Of course use MBA-M Free version at least once a week for a quick scan, if it finds something and removes it with the quick scan then immediately reboot, update the program and do a full scan. Remember ALWAYS update the program before each and every scan. MBA-M releases updates multiple times a day so updating before scanning is a MUST.
Another tool you might add is SUPERAntispyware. A good scanner tool, free version is sufficient but mamke sure you don't have the real time protection turned on, it will be by default, but it doesn't do anything but run in the free version.

I will watch for your logs.

Edited 13 Years Ago by jholland1964 because: n/a

jholland1964 650 Posting Expert

13 Years Ago

Your Windows is not up to date, you show only SP2 on there. Your Java is not up to date. Those two things alone will keep your computer at risk.

There would be absolutely no reason a newly formatted computer should have infections, unless either the reformat was done incorrectly in the first place, or backed up infected files have been placed back onto the reformatted computer, which of course is a possibility, or you are continuing to use the computer unsafely and using illegal files on it.

It appears that your copy of Windows may not be legal, judging by the infected files found by MBA-M.

If I recall correctly the original problem causing the reformat was related to the use of P2P file sharing. It appears that you still are not following safe, legal practices when using the computer. Until you do the computer will continue to become infected.

Did you pay for the Kaspersky program?

Please go here and then post back with the results.

http://www.microsoft.com/genuine/validate/DownloadValidationSupport.aspx?displaylang=en

Edited 13 Years Ago by jholland1964 because: n/a

jholland1964 650 Posting Expert

13 Years Ago

the guy who assembled my computer gave me the xp that i have. he even took what would be equivalent to 35 dollars for that..

I hate to tell you but in US dollars $35 is not even close to the cost of a legitimate, legal copy of Windows XP. The cost of a new, legal copy of XP is generally will average around $200 in US Dollars. Price depends on the version you purchase and also the store where it is purchased. Some will be higher than $200 and some will be a little lower than $200 but certainly never only $35.

So I would say, as we say in the US, the guy "ripped you off". He has likely sold you a stolen operating system, also called a "pirated" copy of XP.
This is shown by the files found and removed by MBA-M, notice what they say they were:
xp keygen\keygen.exe
xp keygen\update_xp_cd_key.exe
xp keygen\windowsxp product key viewer.exe

A keygen is a computer program that generates a false product licensing key, serial number, or some other registration information needed to activate a software application. In most countries, the use of keygens to activate software without purchasing a license is fraudulent. When you purchase the software, IN THE BOX, as you said you did with Kaspersky, you are purchasing that license. Each and every copy of the Windows Operating System, no matter what version you have, is issued it's own registration or license number, each copy has its OWN number, no other copy will have the same number.

Virtually every PAID computer program comes with a license key, your Kaspersky program came with it's own legal license key that you had to register with Kaspersky when you installed it. This tells the Kaspersky site when you go for updates that you do own a legal copy and you will receive the updates.

Your "computer guy" likely has is one or two legal copies of XP. He uses those for the installs and then uses a keygen to generate a new illegal license key instead of the one that came with his copy. He has to change the key because his can't be used on another machine. So he used the keygen to generate the new key, which is bad enough and illegal, but also the keygens he used all contained Trojans, which is VERY common, so he also infected your machine.
Besides being illegal, the use of pirated operating systems also will cause you to not be able to update the system, you can't update a pirated system, updates will not work because of course the Windows Update page checks to see if the system is legal and when it reads that illegal key, and the update page can tell if it is illegal, then updates will not be downloaded.

Continuing to use this pirated system will cause you nothing but headaches. You risk more infections for sure because you won't be able to get critical security updates for the operating system itself and also many other programs require that the operating system be legal before they will update. This is likely one reason you are having problems you have noted above...the software wont install, its showing "installation failure: failed to copy files".....

Edited 13 Years Ago by jholland1964 because: n/a

Salem commented: Bravo - well said!!!! +17

jholland1964 650 Posting Expert

13 Years Ago

I deleted that copy of win xp that i had,which showed the infections, and ran a scan again, and mbam showed no infections.
Not sure what you actually mean by that. You can't "delete" an operating system without a reformat of that drive. Meaning the drive is wiped clean. You have not had the time to reformat that drive since your last post. If you didn't format that "F" disk, then you do need to do that because the infection can still be contained in any other files on there.

i would get a genuine COPY of windows for $35 dollars
Copy can mean just the general term like a "copy" of a book. Nobody, except the author and the printing company, has the original of a book so each printed book is a LEGAL copy of the original. Your legitimately purchased Kaspersky program is a COPY of the original but it was packaged by the Kaspersky company so it is a legitimate genuine copy of the original. What HE did was copy the one HE purchased and sold THAT copy to you and likely others. If he paid $200 for it FROM Microsoft and then made copies and sold those to 6 people he got his money back and "ripped off" everyone he sold that to, plus also stole from Microsoft because THEY own the legal licensing rights to it.

Edited 13 Years Ago by jholland1964 because: n/a

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

somjit{} 60 Junior Poster in Training Featured Poster · Answer 1 · 2011-06-26T12:28:07+00:00

You need to be sure you have correct settings in your browser. I am not certain yet which one you are using but for Internet Explorer

i've set my default browser to firefox, i never really liked internet explorer that much, but iv followed what you told me to do, and set those options for internet explorer.

coming to the scans, although i thought nothing would show up on any of those scans, MBAMshowed 8 detections... a bit worrying :(

here are the logs..

GMER ROOTKIT SCAN 1

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-26 09:45:48
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0 WDC_WD50 rev.05.0
Running: 9p8gyqhd.exe; Driver: C:\DOCUME~1\Somjit\LOCALS~1\Temp\uwroiaod.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xAD75CED2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xAD75CF6A]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

---- EOF - GMER 1.0.15 ----

GMER ROOTKIT SCAN 2

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-26 10:32:41
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0 WDC_WD50 rev.05.0
Running: 9p8gyqhd.exe; Driver: C:\DOCUME~1\Somjit\LOCALS~1\Temp\uwroiaod.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xAD75D558]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xAD75DE5C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xAD75EC90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xAD75F1DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xAD75E138]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xAD75C3C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xAD75F0C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xAD75D146]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xAD75EF94]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xAD75D2EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xAD75F2FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xAD75DAE4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xAD75F02A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xAD7609E2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xAD75C9D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xAD75CD86]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xAD75E5BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xAD761BEE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xAD75CED2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xAD75CF6A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xAD75E3C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xAD760AD4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xAD75C3A4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xAD75C3B6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xAD76123C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xAD75D096]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xAD75F270]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xAD75DEDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xAD75C588]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xAD75F150]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xAD75D794]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xAD760FD6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xAD75F390]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xAD75D686]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xAD75D002]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xAD75CC3A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xAD761576]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xAD75C864]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xAD760E68]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xAD75CAF4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xAD75BDDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xAD75F6F4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xAD75F5BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xAD76077C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xAD75C156]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xAD761A90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xAD75BD76]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xAD75E9D6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xAD75DD00]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xAD76001C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xAD760C72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xAD7616C6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xAD75C6DE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xAD7617B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xAD7618F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xAD760906]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xAD75D930]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xAD75D890]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xAD76141A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xAD75DA1A]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

---- EOF - GMER 1.0.15 ----

now the MBAM LOG....

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6952

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

6/26/2011 11:20:50 AM
mbam-log-2011-06-26 (11-20-50).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 238650
Time elapsed: 17 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
f:\softwares\win xp sp2\XP_XTRAS\dvix codec\divx video bundle pro v5.03 retail\damn_divx502_kg.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
f:\softwares\win xp sp2\XP_XTRAS\xp keygen\keygen.exe (Malware.Tool) -> Quarantined and deleted successfully.
f:\softwares\win xp sp2\XP_XTRAS\xp keygen\update_xp_cd_key.exe (Backdoor.IRCbot) -> Quarantined and deleted successfully.
f:\softwares\win xp sp2\XP_XTRAS\xp keygen\windowsxp product key viewer.exe (Hacktool.KeySteal) -> Quarantined and deleted successfully.
c:\usp10.dll (Trojan.Agent) -> Quarantined and deleted successfully.

finally, the DDS logs....
DDS
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.5.0_22
Run by Somjit at 11:27:39 on 2011-06-26
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1791.1363 [GMT 5.5:30]
.
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
F:\adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_22\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Avro Keyboard\Avro Keyboard.exe
C:\Program Files\DAP\DAP.EXE
F:\adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uWindows: load=c:\tcwin45\pipeline\remind.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SBCONVERT Class: {3017fb3e-9a77-4396-88c5-0ec9548fb42f} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
BHO: SearchPredictObj Class: {389943b0-c3a2-4e69-82cb-8596a84cb3dc} - c:\progra~1\search~1\SEARCH~1.DLL
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_22\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - f:\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
BHO: Download Accelerator Plus Integration: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\speedb~1\toolbar\grabber.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - f:\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - f:\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Avro Keyboard] c:\program files\avro keyboard\Avro Keyboard.exe
uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Acrobat Assistant 8.0] "f:\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_22\bin\jusched.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\somjit\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\somjit\startm~1\programs\startup\passwo~1.lnk - c:\program files\password safe\pwsafe.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~2.lnk - f:\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2011\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - f:\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - f:\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - f:\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - f:\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - f:\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - f:\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - f:\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - f:\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab
TCP: Interfaces\{C8E7B9CF-A874-4812-8FE4-12EE5F311473} : NameServer = 203.147.88.2,203.147.91.2,10.10.0.1,4.2.2.2
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\somjit\application data\mozilla\firefox\profiles\8zoydbzn.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-9 132184]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-6-24 475736]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-7-1 352976]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2010-5-7 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-4-19 1684736]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-26 39984]
.
=============== Created Last 30 ================
.
2011-06-26 05:14:00 -------- d-----w- c:\documents and settings\somjit\application data\Malwarebytes
2011-06-26 05:13:50 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-26 05:13:50 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-26 05:13:47 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-26 05:13:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-25 09:03:12 -------- d-----w- c:\windows\Logs
2011-06-25 09:02:46 -------- d-----w- c:\program files\directX
2011-06-25 08:59:37 -------- d-----w- c:\documents and settings\somjit\local settings\application data\Temp
2011-06-25 08:52:21 -------- d-----w- c:\program files\CCleaner
2011-06-25 06:45:02 -------- d-----w- c:\program files\common files\SpeedBit
2011-06-25 06:45:01 84480 ----a-w- c:\windows\system32\EasyHook32.dll
2011-06-25 06:45:00 -------- d-----w- c:\program files\DAP
2011-06-25 06:44:57 -------- d-----w- c:\documents and settings\somjit\application data\Toolbar4
2011-06-25 06:44:56 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2011-06-25 06:44:56 -------- d-----w- c:\program files\SpeedBit Video Downloader
2011-06-25 06:44:56 -------- d-----w- c:\program files\SearchPredict
2011-06-25 06:44:56 -------- d-----w- c:\documents and settings\all users\application data\SpeedBit
2011-06-25 06:18:28 -------- d-----w- c:\documents and settings\somjit\local settings\application data\PasswordSafe
2011-06-25 06:18:17 -------- d-----w- c:\program files\Password Safe
2011-06-24 13:07:08 109240 ----a-w- c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll
2011-06-24 13:07:07 150200 ----a-w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
2011-06-24 06:49:45 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-06-24 06:49:45 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2011-06-24 06:49:09 -------- d-----w- c:\program files\Kaspersky Lab
2011-06-24 06:49:08 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab
2011-06-17 18:32:06 -------- d-----w- C:\ConvertTemp
2011-06-16 10:34:32 -------- d-----w- c:\documents and settings\somjit\application data\Samsung
2011-06-16 09:02:21 49265 ----a-w- c:\windows\system32\jpicpl32.cpl
2011-06-16 08:59:56 -------- d-----w- c:\documents and settings\somjit\local settings\application data\{32A3A4F2-B792-11D6-A78A-00B0D0150220}
2011-06-16 08:25:24 -------- d-----w- c:\program files\VirtualDJ
2011-06-15 05:16:56 -------- d-----w- c:\documents and settings\somjit\application data\Dev-Cpp
2011-06-15 05:16:41 -------- d-----w- C:\Dev-Cpp
2011-06-06 07:25:30 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-06-05 15:09:48 -------- d-----w- c:\documents and settings\somjit\application data\Stellarium
2011-06-05 15:09:39 -------- d-----w- c:\program files\Stellarium
2011-06-05 15:06:27 -------- d-----w- c:\program files\TheSage
2011-05-31 20:14:44 -------- d-----w- c:\documents and settings\somjit\local settings\application data\Google
2011-05-31 20:14:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-31 19:34:43 -------- d-----w- c:\documents and settings\somjit\local settings\application data\PackageAware
2011-05-30 10:59:29 -------- d-----w- c:\program files\Microsoft Games
2011-05-29 14:14:15 21648 ----a-w- c:\windows\system\CTL3DV2.DLL
2011-05-29 14:14:12 97072 ----a-w- c:\windows\system\BWCC0007.DLL
2011-05-29 14:14:12 96928 ----a-w- c:\windows\system\BWCC000C.DLL
2011-05-29 14:14:12 96912 ----a-w- c:\windows\system\BWCC0009.DLL
2011-05-29 14:14:12 164928 ----a-w- c:\windows\system\BWCC.DLL
2011-05-29 14:14:10 264800 ----a-w- c:\windows\system\BOCOLE.DLL
2011-05-29 14:14:09 58192 ----a-w- c:\windows\system\MHRUN300.DLL
2011-05-29 14:14:09 244192 ----a-w- c:\windows\system\MHCARDS.DLL
2011-05-29 14:14:07 81920 ----a-w- c:\windows\system\BIVBX11.DLL
2011-05-29 14:14:06 -------- d-----w- C:\ACROREAD
2011-05-29 14:14:03 -------- d-----w- C:\TCWIN45
.
==================== Find3M ====================
.
2011-06-16 09:17:11 0 ----a-w- C:\_@4F.tmp
2011-06-16 09:17:11 0 ----a-w- C:\_@4E.tmp
2011-06-16 09:17:10 0 ----a-w- C:\_@4D.tmp
2011-06-16 09:17:10 0 ----a-w- C:\_@4C.tmp
2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
.
============= FINISH: 11:28:04.20 ===============

ATTACH log...

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/19/2011 6:32:29 PM
System Uptime: 6/26/2011 11:22:34 AM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M2N68-AM Plus
Processor: AMD Athlon(tm) II X2 250 Processor | AM2 | 3013/200mhz
Processor: AMD Athlon(tm) II X2 250 Processor | AM2 | 3013/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 98 GiB total, 86.905 GiB free.
D: is FIXED (NTFS) - 78 GiB total, 74.225 GiB free.
E: is FIXED (NTFS) - 146 GiB total, 146.414 GiB free.
F: is FIXED (NTFS) - 143 GiB total, 52.321 GiB free.
G: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\4&25700A26&0&3020
Manufacturer: Realtek
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\4&25700A26&0&3020
Service: rtl8139
.
==== System Restore Points ===================
.
RP1: 4/19/2011 6:34:08 PM - System Checkpoint
RP2: 4/19/2011 6:38:08 PM - Installed Realtek High Definition Audio Driver
RP3: 4/19/2011 6:38:29 PM - Installed Windows XP KB888111WXPSP2.
RP4: 4/19/2011 6:45:00 PM - Installed Suite
RP5: 4/19/2011 6:51:18 PM - Installed Microsoft Office Enterprise 2007
RP6: 4/19/2011 6:54:08 PM - Printer Driver Send To Microsoft OneNote Driver Installed
RP7: 4/19/2011 7:01:27 PM - Installed Adobe Reader 9.3.
RP8: 4/19/2011 7:50:34 PM - Installed Windows Installer KB893803v2.
RP9: 4/19/2011 8:01:33 PM - Printer Driver Adobe PDF Converter Installed
RP10: 4/19/2011 8:16:05 PM - Installed Samsung PC Studio 3
RP11: 4/19/2011 8:17:18 PM - Installed Windows Media Format 9 Series Runtime Setup
RP12: 4/19/2011 8:19:15 PM - Installed Samsung PC Studio 3 USB Driver Installer
RP13: 5/15/2011 2:48:58 PM - System Checkpoint
RP14: 5/17/2011 7:23:06 PM - System Checkpoint
RP15: 5/20/2011 1:15:29 PM - System Checkpoint
RP16: 5/22/2011 2:19:38 PM - System Checkpoint
RP17: 5/29/2011 10:02:49 PM - System Checkpoint
RP18: 6/1/2011 1:44:57 AM - Installed Windows XP -- Software Updates KB952011.
RP19: 6/3/2011 2:13:32 PM - System Checkpoint
RP20: 6/4/2011 10:33:04 PM - System Checkpoint
RP21: 6/7/2011 6:30:41 AM - System Checkpoint
RP22: 6/9/2011 11:48:14 AM - System Checkpoint
RP23: 6/10/2011 5:31:35 PM - System Checkpoint
RP24: 6/12/2011 5:42:28 PM - System Checkpoint
RP25: 6/15/2011 11:20:16 AM - System Checkpoint
RP26: 6/16/2011 2:31:17 PM - Installed J2SE Development Kit 5.0 Update 22
RP27: 6/16/2011 2:32:13 PM - Installed J2SE Runtime Environment 5.0 Update 22
RP28: 6/17/2011 9:27:06 PM - System Checkpoint
RP29: 6/20/2011 7:35:54 PM - System Checkpoint
RP30: 6/22/2011 1:01:21 PM - Configured Power2Go
RP31: 6/22/2011 1:01:45 PM - Configured PowerStarter
RP32: 6/23/2011 5:42:48 PM - System Checkpoint
RP33: 6/24/2011 12:18:51 PM - Installed Kaspersky Internet Security 2011.
RP34: 6/24/2011 6:02:17 PM - Removed Adobe Reader 9.3.
RP35: 6/25/2011 2:24:52 PM - Removed Adobe Reader 9.4.5.
RP36: 6/25/2011 2:25:03 PM - Installed Adobe Reader X (10.1.0).
RP37: 6/25/2011 2:34:13 PM - Installed DirectX
.
==== Installed Programs ======================
.
Add or Remove Adobe Creative Suite 3 Design Premium
Adobe Acrobat 8 Professional
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Design Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader X (10.1.0)
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Avro Keyboard 5.1.0
CCleaner
Dev-C++ 5 beta 9 release (4.9.9.2)
Download Accelerator Plus (DAP)
High Definition Audio Driver Package - KB888111
iZotope Ozone Free 1.0 for Winamp
J2SE Development Kit 5.0 Update 22
J2SE Runtime Environment 5.0 Update 22
Kaspersky Internet Security 2011
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft Age of Empires II
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 5.0 (x86 en-US)
MSN
NS Virtual DJ 6.0 Full
NVIDIA Drivers
PDF Settings
Picasa 3
Realtek High Definition Audio Driver
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
SpeedBit Video Downloader
Stellarium 0.10.6.1
TheSage
VLC media player 1.0.1
WebFldrs XP
Winamp
Winamp Detector Plug-in
Winamp Essentials Pack
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Installer 3.1 (KB893803)
WinRAR 4.01 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
6/26/2011 10:59:47 AM, error: System Error [1003] - Error code 1000000a, parameter1 00000000, parameter2 00000002, parameter3 00000001, parameter4 804e5975.
6/24/2011 12:55:37 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
6/24/2011 12:19:38 PM, error: PSched [14107] - QoS [Adapter NDISWANIP]: The Packet Scheduler could not initialize the virtual miniport with NDIS.
6/22/2011 10:51:18 AM, error: nvgts [9] - The device, \Device\Scsi\nvgts1, did not respond within the timeout period.
.
==== End Of File ===========================

somjit{} 60 Junior Poster in Training Featured Poster · Answer 2 · 2011-06-26T12:32:35+00:00

I'll download the two anti-spyware softwares now... but i just thought i'd let you know, that the 1st time i ran MBAM scan, some error occured, and my computer restarted, but after that when i ran the scan, there wasn't any problem.

Your Java should be fully up to date. Current version is update 6 version 26.

i started learning java a few weeks back, and i got the jdk version 5. and jre 5 also came with it. you told me to install the latest jre, but will that have any effect on jdk-5 that i currently have on my computer??

somjit{} 60 Junior Poster in Training Featured Poster · Answer 3 · 2011-06-26T22:59:32+00:00

yes the kaspersky antivirus was a paid commercial cd-in-a-box thing. ok i'll go check here... and the original problem was a sality infection. i dont use any p2p stuff, just installed lime-wire once to see whats all the fuss about file sharing is.. i have a way slow network to download much of anything using such programs. :( I'm no criminal ma'am, i don't do illegal stuff :( the guy who assembled my computer gave me the xp that i have. he even took what would be equivalent to 35 dollars for that..

getting really tensed right now... :(

somjit{} 60 Junior Poster in Training Featured Poster · Answer 4 · 2011-06-26T23:04:00+00:00

and iv also installed the latest version of java.. but that was after the scans, so it didnt show up. the next post will have the log you requested...

somjit{} 60 Junior Poster in Training Featured Poster · Answer 5 · 2011-06-26T23:12:43+00:00

the software wont install, its showing "installation failure: failed to copy files".....

somjit{} 60 Junior Poster in Training Featured Poster · Answer 6 · 2011-06-27T00:45:02+00:00

(this i say to offer mental consoaltion to me more than anything else)
I deleted that copy of win xp that i had,which showed the infections, and ran a scan again, and mbam showed no infections.

and regarding being ripped off, well i know about keygens and stuff now, but when i bought this computer, i had no idea. i didnt even know what a genuine COPY of windows was supposed to mean. i gave more emphasis on the "genuine" part, than the "copy" part. that was more than 2 years ago. if i had known about all this then, would have just bought a laptop, comes with factory installed genuine versions of windows, and a lot less head-aches.....

somjit{} 60 Junior Poster in Training Featured Poster · Answer 7 · 2011-06-27T00:48:19+00:00

i would get a genuine COPY of windows for $35 dollars.. that was the deal the "computer guy" made. i was happy to oblige...

somjit{} 60 Junior Poster in Training Featured Poster · Answer 8 · 2011-06-27T00:57:12+00:00

the infection showed by the previous mbam log was on my F:\ drive, from the folder had a copy of the windows-xp cd that the computer guy had given me. i deleted that copy. and then ran a scan.

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 9 · 2011-06-27T01:12:20+00:00

If you don't want to format that F:\ drive then you need to fully scan that drive only, with multiple scanners, MBA-M, Kaspersky, ESET online scanner to be 100% certain there are no remaining infection "crumbs" on there.

You DO need to update Windows XP to SP3 and you do need to update the Java to version 6 update 26. Otherwise your system IS at risk.

somjit{} 60 Junior Poster in Training Featured Poster · Answer 10 · 2011-06-27T01:21:47+00:00

What HE did was copy the one HE purchased and sold THAT copy to you and likely others. If he paid $200 for it FROM Microsoft and then made copies and sold those to 6 people he got his money back and "ripped off" everyone he sold that to,

yeah, but i understood that after being "ripped off" ... i will have to buy a laptop next year, engineering's final year field-projects coming up... i'm gonna make these experiences count. i just hope my desktop stays with me at least till then... :(.
Buying a legitimate version of windows- that's another item added to my list of first-things-to-buy-when i get a job.....

somjit{} 60 Junior Poster in Training Featured Poster · Answer 11 · 2011-06-27T01:24:44+00:00

You DO need to update Windows XP to SP3 and you do need to update the Java to version 6 update 26. Otherwise your system IS at risk.

the java part is already done, but consedering my ripped off condition, any suggestions on how i can upgrade to SP3? :(

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 12 · 2011-06-27T01:28:22+00:00

Of course you can buy a "hand built" computer. Just make sure that the copy of windows IS a licensed product AND you get the actual disks for it. OR better yet, purchase your own and take it with you when you hirer somebody to build you a computer. OR, you can purchase excellent, high quality computers directly from manufacturers and these DO contain legitimate copies of the operating systems and you get the PAPER proof that they are if fact legitimate.
You can order a computer directly from any legitimate well known manufacturer and they WILL build it to your specifications. I have always done that and have always had very good luck with them. I also always purchased an extended warranty and they have truly been worth it for me with each and every computer I have owned.

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 13 · 2011-06-27T01:31:04+00:00

Are you saying the entire system is pirated? I thought it was just some copy he gave you but the original was legitimate.

somjit{} 60 Junior Poster in Training Featured Poster · Answer 14 · 2011-06-27T01:42:25+00:00

It appears that your copy of Windows may not be legal, judging by the infected files found by MBA-M.

i was referring to this copy that you mentioned in one of the earlier posts.

the original was legitimate.

do you mean the original copy from which this guy made other copies? yes that was legitimate. you also said so in your previuos post that he has one or two original copies, from which he sold to us.

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 15 · 2011-06-27T01:44:48+00:00

i was referring to this copy that you mentioned in one of the earlier posts.
do you mean the original copy from which this guy made other copies? yes that was legitimate. you just said so in your previuos post that he has one or two original copies, from which he sold to us.

I mean the actual Windows XP that is presently installed on your computer. Is THIS legitimate? I am not talking about that one on the F drive. I mean Windows XP that is presently installed on your "C" Drive.

Where did that come from? Did it come with the computer or did this "pirate" install it on there?

somjit{} 60 Junior Poster in Training Featured Poster · Answer 16 · 2011-06-27T01:47:27+00:00

that's what i paid for, 35 dollars for a copy of the original, that "works just like the original" as i was told...

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 17 · 2011-06-27T01:51:47+00:00

The only way to check if it is a legal copy of Windows XP is go here and validate it

http://windows.microsoft.com/en-US/windows/help/genuine/what-is-validation?os=winxp

If it is NOT a legal, valid copy of Windows XP then you will not be able to get any system updates. Sorry but that is just the way it works.

If that validation page finds that it is legal then the ONLY place to get those LEGAL updates is directly from Micorsoft Update pages, no place else. Anywhere else will likely infect the computer.

somjit{} 60 Junior Poster in Training Featured Poster · Answer 18 · 2011-06-27T01:55:55+00:00

this just keeps getting worse.... i'm not going to jail am I?? this whole year, i'v only gotten into more and more trouble with my computer!!! i just want some peace really....

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 19 · 2011-06-27T01:57:30+00:00

that's what i paid for, 35 dollars for a copy of the original, that "works just like the original" as i was told...
This is something you need to remember...$35 for something that is normally around $200 and it works just like the original...sounds too good to be true..

If it Sounds too good to be true then, 99.999% of the time, it IS too good to be true.

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 20 · 2011-06-27T01:59:37+00:00

this just keeps getting worse.... i'm not going to jail am I?? this whole year, i'v only gotten into more and more trouble with my computer!!! i just want some peace really....

Lord no, you aren't going to jail. HE cheated YOU. HE could go to jail if reported I am fairly certain but you are just an innocent buyer. You didn't ASK for a stolen operating system did you? Did you KNOW it was a pirated system when he put it on there?

Did this person actually build the computer for you?

somjit{} 60 Junior Poster in Training Featured Poster · Answer 21 · 2011-06-27T02:02:04+00:00

but, most guys here, and all of my friends included, get a pirated windows for FREE from the person they hire to assemble their machines. compared to that,35 dollars seemed a better option at that time. zero experience has its toll... and I'm feeling it now!! :( :(

somjit{} 60 Junior Poster in Training Featured Poster · Answer 22 · 2011-06-27T02:05:05+00:00

Lord no, you aren't going to jail.

THANK YOU FOR SAYING THAT!!

and yes, he built the computer for me. as i said, most people get a pirated version for free around here, HE charged me 1800 rupees ( around $ 35) for this GENUINE COPY that he gave me. so i thought it was good!!

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 23 · 2011-06-27T02:09:48+00:00

but, most guys here, and all of my friends included, get a pirated windows for FREE from the person they hire to assemble their machines. compared to that,35 dollars seemed a better option at that time. zero experience has its toll... and I'm feeling it now!! :( :(

Look, I have no idea how the laws work in your country, the majority of countries do have laws against piracy of software, especially operating systems. Piracy is piracy whether you get for free or pay $35 for it, it is piracy. Your particular "pirate" was just "more clever" than others you mentioned, he figured out a way to make money doing it. But you still have a pirated operating system and there is no way it can be updated. You will just have to do your best to watch what you do and where you go, keep everything else updated and that's all you can do.

somjit{} 60 Junior Poster in Training Featured Poster · Answer 24 · 2011-06-27T02:14:20+00:00

i understand each and every word. i will do that. and in the mean time, i ran MBAM scan on that F:\ drive. no infections found... im running kaspersky scan, going on at 82%, and no infections found till now.. the part with the infections already scanned. all i can do now is hope....