Unable to install Kaspersky

Hello Friend,
I installed Kaspersky Internet Security but installation didnt complete. In Add/Remove programs Kaspersky is there but I am unable to scan and also there is no icon in my system tray.

Here is log file of hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:24 AM, on 2/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Nitin\Desktop\Hijack(GP)This.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Service Pack 3 Internet Explorer
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe Reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O20 - AppInit_DLLs: E:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,E:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,E:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,E:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 5174 bytes


How can I install any antivirus?

Can you tell me the solution?

Hello.
Is this the same machine as last time? you had Sality file infector and I asked that you format, did you do that?

Yes this is the same machine and I formatted it completely, deleting all partitions and then creating back again.....Hope that its not "sinowal" virus because "Task Manager" and "Registry editing" is working fine.
And this time I have run a .reg file to stop autorun.inf to save my PC from infected pen drive.
This problem started 4-5 days back, when I tried to open internet, my internet provider service was the home page of firefox (www.reliancebroadband.co.in).
But it didnt open, I tried a lot and then I called one technician, he opened "My Document" and wrote "220.224.142.229" in Address bar and enter, and suddenly my internet service provider's home page opened in firefox. I dont know how this method works, but he told me to format the PC and I want to know the problem.

After that when I checked my AV(bitdefender free edition for 1 year), it stopped updating itself, showing message something like this :
"Unable to establish connection with the server"....so I uninstalled it and then I tried to install Kaspersky Internet Security but its intallation didnt complete as it didnt ask me to choose options like:
1- Enter key
2-Trial for 1 month
and so on.
In add/remove programs kaspersky is there and in mouse right click it is also there but looking light in color than other options. I mean I cant use kaspersky to scan any folder or drive.

Now what should I do?

Good.
It's not Sality this time (sorry, I got the name wrong the first time), it's jus a DNS hijack.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
  O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

MBAM log :

Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 2

2/9/2009 10:22:08 PM
mbam-log-2009-02-09 (22-22-08).txt

Scan type: Quick Scan
Objects scanned: 48587
Time elapsed: 3 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msnsc (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\msnsc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Delete on reboot.


Let me check now if I am able to install Kaspersky.

Give it a try.

Oh, again the same thing, Kaspersky is not installing completely.

Now?

How about trying a different AV? avast! for example.

ok let me download it first.....but I saw previously that Avast doesnt allow yahoo chat.....means I cant see the messages from my friends in yahoo....

Tell me if avast gives any problem with yahoo messenger.

Hmm, Google search shows a few posts about Yahoo messenger and avast!

If not avast!, there is always avira.

yes I used it previously, it is fine......I will download it and install it then tell you if it works or not.

Yes Avira is installed and its icon is there in system tray and I can scan my computer now.

But it is not updating. Whenever I am trying to update it, after some time it is showing :
"Internet connection failed".

Can you give any suggestion for its updation?

Lets do a quick scan with this.

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 2 (Fix + Hosts)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 1.70GHz )
BIOS : Award Modular BIOS v6.0
USER : Administrator ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
C:\ (Local Disk) - NTFS - Total:10 Go (Free:5 Go)
D:\ (Local Disk) - NTFS - Total:10 Go (Free:10 Go)
E:\ (Local Disk) - NTFS - Total:17 Go (Free:11 Go)
F:\ (Local Disk) - NTFS - Total:49 Go (Free:8 Go)
G:\ (Local Disk) - NTFS - Total:49 Go (Free:28 Go)
H:\ (Local Disk) - NTFS - Total:49 Go (Free:49 Go)
I:\ (Local Disk) - NTFS - Total:0 Go (Free:0 Go)
L:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
X:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( Tue 02/10/2009| 0:50 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in APPLIC~1

[02/08/2009|01:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\ Adobe
[02/03/2009|02:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\ LingvoSoft
[02/08/2009|01:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\ Macromedia
[02/03/2009|02:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\ Microsoft
[02/03/2009|02:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\ Mozilla

[02/06/2009|12:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Adobe
[02/10/2009|12:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Avira
[02/08/2009|01:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ BitDefender
[02/08/2009|01:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Kaspersky Lab Setup Files
[02/09/2009|10:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Malwarebytes
[02/02/2009|01:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Microsoft
[02/04/2009|01:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Nero
[02/05/2009|10:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ QuickTime

[02/02/2009|01:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ Microsoft
[02/02/2009|01:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ Mozilla

[02/02/2009|01:52] C:\DOCUME~1\LOCALS~1\APPLIC~1\ Microsoft

[02/02/2009|01:52] C:\DOCUME~1\NETWOR~1\APPLIC~1\ Microsoft

[02/06/2009|12:25] C:\DOCUME~1\Nitin\APPLIC~1\ Adobe
[02/04/2009|01:31] C:\DOCUME~1\Nitin\APPLIC~1\ Ahead
[02/03/2009|12:57] C:\DOCUME~1\Nitin\APPLIC~1\ Cambridge
[02/06/2009|12:25] C:\DOCUME~1\Nitin\APPLIC~1\ com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[02/04/2009|09:51] C:\DOCUME~1\Nitin\APPLIC~1\ COWON
[02/03/2009|02:57] C:\DOCUME~1\Nitin\APPLIC~1\ Help
[02/03/2009|12:11] C:\DOCUME~1\Nitin\APPLIC~1\ LingvoSoft
[02/02/2009|11:47] C:\DOCUME~1\Nitin\APPLIC~1\ Macromedia
[02/09/2009|10:15] C:\DOCUME~1\Nitin\APPLIC~1\ Malwarebytes
[02/03/2009|06:03] C:\DOCUME~1\Nitin\APPLIC~1\ Media Player Classic
[02/04/2009|09:51] C:\DOCUME~1\Nitin\APPLIC~1\ Microsoft
[02/02/2009|02:02] C:\DOCUME~1\Nitin\APPLIC~1\ Mozilla
[02/03/2009|02:31] C:\DOCUME~1\Nitin\APPLIC~1\ Oxford
[02/05/2009|10:16] C:\DOCUME~1\Nitin\APPLIC~1\ Sun

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[02/10/2009 12:45 AM][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{CB5A5D22-7E7C-4D0A-BB14-5BB13B09618F}.job
[02/10/2009 12:13 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[01/13/2006 01:42 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[02/05/2009|11:26] C:\Program Files\ Adobe
[02/06/2009|02:40] C:\Program Files\ Common Files
[02/02/2009|01:44] C:\Program Files\ ComPlus Applications
[02/04/2009|09:51] C:\Program Files\ InstallShield Installation Information
[02/03/2009|06:06] C:\Program Files\ Intel
[02/06/2009|01:59] C:\Program Files\ Internet Explorer
[02/05/2009|10:18] C:\Program Files\ Java
[02/02/2009|01:57] C:\Program Files\ Microsoft ActiveSync
[02/02/2009|01:56] C:\Program Files\ Microsoft Office
[02/02/2009|01:46] C:\Program Files\ Movie Maker
[02/10/2009|12:51] C:\Program Files\ Mozilla Firefox
[02/02/2009|01:39] C:\Program Files\ MSN Messenger
[02/02/2009|01:46] C:\Program Files\ NetMeeting
[02/02/2009|01:47] C:\Program Files\ Online Services
[02/03/2009|12:56] C:\Program Files\ TEXTware
[02/02/2009|02:00] C:\Program Files\ Uninstall Information
[02/02/2009|01:44] C:\Program Files\ Unlocker
[02/02/2009|01:49] C:\Program Files\ Windows Media Player
[02/02/2009|01:39] C:\Program Files\ Windows NT
[02/02/2009|01:47] C:\Program Files\ WindowsUpdate
[02/03/2009|11:52] C:\Program Files\ WinRAR
[02/02/2009|11:46] C:\Program Files\ Yahoo!
[02/05/2009|10:37] C:\Program Files\ Zero G Registry

--------------------\\ Listing Folders in C:\Program Files\Common Files

[02/05/2009|11:10] C:\Program Files\Common Files\ Adobe
[02/06/2009|02:40] C:\Program Files\Common Files\ Adobe AIR
[02/04/2009|01:24] C:\Program Files\Common Files\ Ahead
[02/04/2009|09:51] C:\Program Files\Common Files\ COWON
[02/02/2009|01:57] C:\Program Files\Common Files\ DESIGNER
[02/04/2009|09:51] C:\Program Files\Common Files\ InstallShield
[02/05/2009|10:16] C:\Program Files\Common Files\ Java
[02/02/2009|01:57] C:\Program Files\Common Files\ Microsoft Shared
[02/02/2009|01:46] C:\Program Files\Common Files\ MSSoap
[02/02/2009|01:33] C:\Program Files\Common Files\ ODBC
[02/02/2009|04:03] C:\Program Files\Common Files\ Softwin
[02/02/2009|01:56] C:\Program Files\Common Files\ System

--------------------\\ Process

( 27 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 00:53:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
disk error: C:\WINDOWS\System32\
please note that you need administrator rights to perform deep scan

--------------------\\ Searching for other infections


No other infections found !

[F:16][D:1]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
[F:2][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies
[F:20][D:4]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Tue 02/10/2009| 0:46 - Option : [2]
2 - "C:\Lop SD\LopR_2.txt" - Tue 02/10/2009| 0:53 - Option : [2]

--------------------\\ Scan completed at 0:53:54


Above is that log what you asked.
What to do now?

What should I do now?

Is this account the admin account?

Yes previously I was working with another account but when I ran Lop S&D, it showed me that
"All files cannot scan, you need to log as Administrator", so i logged as admin and again ran Lop S&D and then gave you the details of Lop.
But I used hijack this and MalwareBytes with nitin account (not admin). Didnt they worked properly? Tell me if I have to run both hijack and Malware again with admin, I will do it.

Yes, the fix worked fine, but if the account isn't admin, it won't allow a deep scan like catchme.

Please tell me what should I do now?

Okay.
Not an infection causing this, so lets look elsewhere.
Press Start > Run, type in cmd and press enter.
When the command prompt opens, type in:
netsh winsock reset
Press enter.

Reboot normally.
Try updating Avira now.

I did the same as you told, but Avira is not updating now too. I am using XP SP3.

Anything more that I can do?

Last edited by coolnitin on 10th February 2009, 6:40 pm; edited 1 time in total

Lets have a look around the registry for that DNS hijacker.

Download the Registry Search Tool from HERE

Unzip to your Desktop and double click on regsrch.vbs
(if you have script protection, please allow this to run)

In the dialog that opens, enter the following:
85.255.112.39

Press 'OK'

The search will run for a while then alert you when it is finished.
Press 'OK' and copy the contents of the WordPad window and post in this thread.

I am using XP SP3. And after running that vbs file, it showed a message:

"Search completed in 19 seconds. No instances found for 85.255.112.39"
or something like that.
then i clicked OK button and nothing came in wordpad.

Strange.
Lets try a different command.
Open the cmd window again, but type in this command:

ipconfig /flushdns

Note the space between the g and /

I did that and message came:
Windows IP configuration
Successfully flushed the DNS resolver cache.

But Avira is not updating now too.

Okay, lets see if this makes any difference.

Please download the LSPfix from here: LSPFix
Unzip it to the Desktop (Important!!) and run it. Check the box that says "I know what I'm doing", and then click Finish to allow LSPfix to rebuild the LSP chain.

I did that exactly as mentioned, there were 3 files in "keep" portion:
1- mswsock.dll (Tcpip)
2- winrnr.dll (NTDS)
3- rsvpsp.dll (protocol handler)

and i click finish after checking the box of "I know what I'm doing" then it showed a message :

Repairs complete:
0 namespace provider entries removed
0 namespace provider entries renumbered
0 protocol provider entries removed
0 protocol provider entries renumbered

So I clicked OK button there, but again still having the same problem.

Should I put any file in "remove" section?

No, doing that will cause you to lose your internet access all together.
I'm out of ideas, so I'm gonna move this over to internet and networking forum.

Then where should I go now or will you provide further help here only?

I'll be watching over the topic still, but my colleagues may have other ideas I don't, I specialize more in malware removal than networking.

Thanks Belahzur, I dont have any such problems in formatting again but I want to solve this. So I need your suggestions.

And Belahzur if I want to learn something from you, then will you help me?
I mean the way you find out virus name and then tries to remove it. I want to learn this.

Can anyone tell me, now what should I do?

You say your formating the drive and clean installing windows, yet when i look at your HJT log after the event your still infected.......something doesnt add up here!

Your either really good at contracting malware or your format install's are done the wrong way.

If you want to format correctly refer here:

http://www.cpusolutions.com/mm8004744CPU/HTML/Guides/Installing%20Windows%20XP%20after%20a%20Clean%20Format.htm

If you still cant install KS correctly then you have a bad file version of the software, or bad burn to disc if this is where you are installing from. (try mounting the image with power ISO or similar and install from there).

Buying a genuine version instead of downing cracked copies may also help if this is the case!


Regards