Dear,

I think I have a bad infection, I've been trying and struggling with it for the past 3 days. I was searching the forum and other forums, but couldn't find anything. Few topics where there with similarities, but then often the topic was stopped half way.

Each programme I open or each action I undertake I get at least 3 tot 4 proactive defense warnings from Kaspersky, which I never got before. If I click terminate, the computer gets stuck generally as one of the processes causing trouble is explorer.exe, thus that closes all windows and generally then freezes or eventually comes alive again after some time.

If I deny, then the message pops up a few more times and finally the programme which I was trying to open opens.

If I skip, I get generally memory error messages, like:
rundell32.exe - Application error
The instruction at "0x7c884f9c" referenced memory at "0x00000000". The memory could not be "written". Click OK to terminate the programme. Click on CANCEL to debug the programme.

The proactive defense warnings I get depend on the programme I'm trying to open, herewith some of them:
Process C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe (PID: 700) is attempting to invade process C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\qlbPres.exe (PID: 3588). This behaviour is typical of some malware.
Process C:\WINDOWS\Explorer.EXE (PID: 396) is attempting to invade process C:\WINDOWS\system32\notepad.exe (PID: 228). This behaviour is typical of some malware.
Process C:\WINDOWS\System32\svchost.exe (PID: 1320) is attempting to invade process C:\WINDOWS\system32\rundll32.exe (PID: 620). This behaviour is typical of some malware.

I did a Malwarebytes scan in safe mode, which detected about 17 infected items, which it removed. Unfortunately I also deleted the log. Now Malwarebytes and Spybot Search & Destroy show clean, but I'm sure that something somewhere must be left behind.

I did a DDS scan herewith the result.
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by User at 12:18:36 on 2011-08-17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.170 [GMT 5,5:30]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Conexant\Adsl\dslstat.exe
C:\Program Files\Conexant\Adsl\dslagent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PS Software\PsLink.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\psmon.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Documents and Settings\All Users\Application Data\Dialog Mobile Broadband\OnlineUpdate\ouc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\notepad.exe
D:\Program Files2\Dialog Mobile Broadband\Dialog Mobile Broadband.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ncr
uSearch Page =
uSearch Bar =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DWABrowserHlprObj Class: {2709d830-b643-4e72-9a1e-701cfffcf30c} - c:\windows\system32\dwabho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {A057A204-BACC-4D26-9A9E-3AF287E2699B} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [updatesoft.exe] c:\updatesoft.exe\updatesoft.exe
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\avp.exe"
mRun: [DSLSTATEXE] c:\program files\conexant\adsl\dslstat.exe icon
mRun: [DSLAGENTEXE] c:\program files\conexant\adsl\dslagent.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [updatesoft.exe] c:\updatesoft.exe\updatesoft.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ps-link.lnk - c:\program files\ps software\PsLink.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\SCIEPlgn.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://ips.poi.de/ips-opdata/layout/fnac/objects/jordan.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yuplapp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - hxxp://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E001C731-5E37-4538-A5CB-8168736A2360} - hxxp://quickscan.bitdefender.com/cab/ActiveQscan.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxp://mail.aitkenspence.lk/dwa7W.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FDB821F1-1290-4C95-AE1B-B368AEE99014} - mk:@MSITStore:d:\dominique\downloads\new_boards\new_boards.chm::/ddd.ax
TCP: Interfaces\{4CCC41BA-8726-46AB-93A2-9D68684D26F9} : NameServer = 123.231.0.167 123.231.0.181
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1.0fo\adialhk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-4-17 33408]
R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2007-7-18 112144]
R1 klif;Klif;c:\windows\system32\drivers\klif.sys [2007-10-5 201504]
R2 AVP;Kaspersky Anti-Virus 6.0;c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\avp.exe [2007-10-5 231952]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-2 54752]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\all users\application data\datacardservice\HWDeviceService.exe [2011-3-14 271712]
R3 BusRMUSB;Remote USB Bus;c:\windows\system32\drivers\BusRMUSB.sys [2011-8-8 44544]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-7-6 235392]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-7-6 73216]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-5-30 24344]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Dialog Mobile Broadband. RunOuc;Dialog Mobile Broadband. OUC;d:\program files2\dialog mobile broadband\updatedog\ouc.exe [2011-7-6 246112]
S2 gupdate1ca119f88537ac8;Google Update Service (gupdate1ca119f88537ac8);c:\program files\google\update\GoogleUpdate.exe [2009-7-31 133104]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-7-6 102784]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\user\locals~1\temp\onlinescanner\anti-virus\fsgk.sys --> c:\docume~1\user\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [?]
S3 fsbl;fsbl; [x]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-31 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-1 41272]
S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2011-8-8 17408]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
piffile="%1" %*"
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 14:22:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 14:22:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-06-21 02:44:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 12:21:04,17 ===============

The "attach" report is in attachment.

Please help!
Thanks in advance for the advise.
Best regards,
Ducje

Another sympthome which I noticed. Traces of the window of one programme are appearing, while consulting another programms. See an example in attachments.

Hi,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent


I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red). Post fresh dds logs when done.

Thanks for the advise, I had some additional findings. Find below also new DDS log.

My findings:
1. Removed U Torrent en made new log, see below.
2. I noticed that if I turn off Kaspersky that I get a whole heap of application errors. One after the other, Vrclsid.exe, Drwtsn32.exe, Acrord32.exe, Vrclsid.exe, QlbCtrl.exe, winlogon.exe and so on all these apllication errors in the style like what I described in my first post (memory could not be written or so).
3. In safe mode the problem is not there, but Kaspersky does not start in safe mode, but even if I start it no issues at all.
4. If I logon as a different user (user2, this is a simple user account, no administrator) the problem is not there, everything runs fine.
5. If I first logon as user2 and then log off and then log on as user (this one has administrator rights and this is the one having the issues) then the problem is not there.
6. I did also a superantispyware scan, nothing found other than cookies.
7. I did another spybot scan, noting found.
8. I did another Malwarebytes scan, following found, which I cleaned:
Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: () Good: ("%1" /S) -> Quarantined and deleted successfully.
Files Infected:
c:\documents and settings\Tanghe\local settings\application data\Google\Chrome\user data\Default\Cache\f_000012 (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

The DDS log:
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by User at 9:47:18 on 2011-08-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.345 [GMT 5,5:30]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
D:\Program Files2\SUPERAntispyware\SASCORE.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Documents and Settings\All Users\Application Data\Dialog Mobile Broadband\OnlineUpdate\ouc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Conexant\Adsl\dslstat.exe
C:\Program Files\Conexant\Adsl\dslagent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PS Software\PsLink.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\psmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ncr
uSearch Page =
uSearch Bar =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = 10.94.0.254:8080
mSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DWABrowserHlprObj Class: {2709d830-b643-4e72-9a1e-701cfffcf30c} - c:\windows\system32\dwabho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {A057A204-BACC-4D26-9A9E-3AF287E2699B} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [updatesoft.exe] c:\updatesoft.exe\updatesoft.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\avp.exe"
mRun: [DSLSTATEXE] c:\program files\conexant\adsl\dslstat.exe icon
mRun: [DSLAGENTEXE] c:\program files\conexant\adsl\dslagent.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [updatesoft.exe] c:\updatesoft.exe\updatesoft.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ps-link.lnk - c:\program files\ps software\PsLink.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\SCIEPlgn.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://ips.poi.de/ips-opdata/layout/fnac/objects/jordan.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yuplapp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - hxxp://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E001C731-5E37-4538-A5CB-8168736A2360} - hxxp://quickscan.bitdefender.com/cab/ActiveQscan.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxp://mail.aitkenspence.lk/dwa7W.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FDB821F1-1290-4C95-AE1B-B368AEE99014} - mk:@MSITStore:d:\dominique\downloads\new_boards\new_boards.chm::/ddd.ax
TCP: DhcpNameServer = 8.8.8.8 9.9.9.9
TCP: Interfaces\{7D1D3E2E-0C16-417F-ADA0-2AF8AD8BBB2D} : DhcpNameServer = 8.8.8.8 9.9.9.9
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - d:\program files2\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1.0fo\adialhk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files2\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-4-17 33408]
R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2007-7-18 112144]
R1 klif;Klif;c:\windows\system32\drivers\klif.sys [2007-10-5 201504]
R1 SASDIFSV;SASDIFSV;d:\program files2\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;d:\program files2\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R2 !SASCORE;SAS Core Service;d:\program files2\superantispyware\SASCore.exe [2011-8-12 116608]
R2 AVP;Kaspersky Anti-Virus 6.0;c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\avp.exe [2007-10-5 231952]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-2 54752]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\all users\application data\datacardservice\HWDeviceService.exe [2011-3-14 271712]
R3 BusRMUSB;Remote USB Bus;c:\windows\system32\drivers\BusRMUSB.sys [2011-8-8 44544]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-7-6 73216]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-5-30 24344]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Dialog Mobile Broadband. RunOuc;Dialog Mobile Broadband. OUC;d:\program files2\dialog mobile broadband\updatedog\ouc.exe [2011-7-6 246112]
S2 gupdate1ca119f88537ac8;Google Update Service (gupdate1ca119f88537ac8);c:\program files\google\update\GoogleUpdate.exe [2009-7-31 133104]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-7-6 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-7-6 235392]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\user\locals~1\temp\onlinescanner\anti-virus\fsgk.sys --> c:\docume~1\user\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [?]
S3 fsbl;fsbl; [x]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-31 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-1 41272]
S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2011-8-8 17408]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
piffile="%1" %*"
.
=============== Created Last 30 ================
.
2011-08-18 10:36:33 -------- d-----w- c:\documents and settings\user\application data\SUPERAntiSpyware.com
2011-08-18 10:35:41 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-08-13 03:29:20 -------- d-----w- c:\program files\Company
2011-08-12 03:23:40 -------- d-----w- c:\documents and settings\all users\application data\Premium
2011-08-12 03:23:35 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
2011-08-11 03:57:05 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-11 03:51:32 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-08 10:03:04 46592 ----a-r- c:\windows\system32\HP1100SMs.dll
2011-08-08 10:02:58 284160 ----a-w- c:\windows\system32\mvhlewsi.DLL
2011-08-08 10:02:49 1486848 ----a-w- c:\windows\system32\HP1100SM.EXE
2011-08-08 10:02:40 69632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HP1100PP.dll
2011-08-08 10:02:35 151552 ----a-w- c:\windows\system32\HP1100LM.DLL
2011-08-08 09:58:54 81920 ----a-r- c:\windows\system32\mvusbews.dll
2011-08-08 09:58:47 17408 ----a-r- c:\windows\system32\drivers\mvusbews.sys
2011-08-08 09:54:18 8704 ----a-w- c:\windows\rmubcntl.dll
2011-08-08 09:54:17 125440 ----a-w- c:\windows\PsMon.exe
2011-08-08 09:54:15 7680 ----a-w- c:\windows\cvnet05.dll
2011-08-08 09:54:10 44544 ----a-w- c:\windows\system32\drivers\BusRMUSB.sys
2011-08-08 09:54:06 -------- d-----w- c:\program files\PS Software
.
==================== Find3M ====================
.
2011-08-19 14:50:04 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-19 14:50:04 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 14:22:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 14:22:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-06-21 02:44:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 9:48:34,00 ===============

Hi,

Adobe Acrobat 5.0 is vulnerable and not supported anymore. It's recommended to uninstall it.

It's possible your Kaspersky settings are set too strict and that's why it throws alerts about legit operations too. Anyway, let's run ESET online scanner.

* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
Click Scan
Wait for the scan to finish. Post back the findings.

Hi,
Herewith my findings:

1. I prefer to keep Adobe Acrobat 5.0 as that is the only version that I have the writer. It is also accessible in the user2 account and it doesn't create any trouble there.

2. That the settings of Kaspersky are too strickt is also not possible. In user2 the settings are identically and it does not create any trouble there. Plus if I log on as user2 and log off and then log on as user the problem is also not there. The problem is only there if I log on as user directly. Plus if I log on as user directly and turn off Kaspersky I get one application error after the other.

3. I logged one more time directly as user (now I'm actually logging in as user2 and then logging off and logging on as user) and a series of proactive defence messages and application errors. Actually if I log on as user directly my pc is not operational because of all the proactive defence messages and application errors. Herewith a recapitualation of what happened:

I also noticed that it takes ages for Kaspersky to start (maybe 3 minutes, much longer than before). As soon as I logon I get a proactive defence message:
Process C:\WINDOWS\system32\svchost.exe (PID: 1604) is attempting to invade process C:\Program Files\HPQ\Shared\HpqToaster.exe (PID: 4180). This behaviour is typical of some malware.
I "deny" and the next message comes:
Process C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe (PID: 1252) is attempting to invade process C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\qlbPres.exe (PID: 4224). This behaviour is typical of some malware.
I "deny" and then the next:
Process C:\WINDOWS\system32\svchost.exe (PID: 1604) is attempting to invade process C:\WINDOWS\system32\wbem\wmiprvse.exe (PID: 4284). This behaviour is typical of some malware.
I deny again and then as soon as I try to open a programme the following comes (I tried to open notepad):
Process C:\WINDOWS\Explorer.EXE (PID: 880) is attempting to invade process C:\WINDOWS\system32\notepad.exe (PID: 4472). This behaviour is typical of some malware.
After denying a few times, notepad finally opens.
If if "terminate" it never opens, if I skip the application errors start.

An then again:
Process C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe (PID: 1252) is attempting to invade process C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\qlbPres.exe (PID: 4224). This behaviour is typical of some malware.

More:
Process C:\WINDOWS\system32\svchost.exe (PID: 1604) is attempting to invade process C:\WINDOWS\system32\wbem\wmiprvse.exe (PID: 4284). This behaviour is typical of some malware.
Process C:\WINDOWS\Explorer.EXE (PID: 880) is attempting to invade process C:\WINDOWS\system32\notepad.exe (PID: 4472). This behaviour is typical of some malware.

Then when I try to shut down, the following application errors:
hpqSTE08.exe
The instruction at "0x7c884f9c" referenced memory at "0x00000000". The memory could not be "written".
Click on OK to terminate the programme
Click on CANCEL to debug the program

Then the same application error for Drwtsn32.exe followed. Endless...

4. I'm running the eset scan now. But I feel that maybe something got dammaged because of the previous infection and removal.

Thanks,
Ducje

Did the scan and scan came out clear.

Hi,

Replies regarding your findings:
1. If you don't have to edit pdfs but only need to "print" files to pdf files then you can replace vulnerable Adobe Acrobat with free CutePDF (http://www.cutepdf.com/products/cutepdf/writer.asp) tool.

2. & 3. (and 4.) there isn't a rule for those related messages related. All those mentioned processes are legit ones. Clean ESET scan supports my opinion that those messages are not infection related. I recommend you ask help for Proactive Defense settings at Kaspersky forum (http://forum.kaspersky.com/index.php?).

Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.