I need Help

[Ahmad_Al_Hajaya]

Hey Guys

I need help on my computer, there is a virus on it that's making me crazy, every time I plug in a flash card it turns very slow and when I open a folder on the PC or the flash card itself it keeps loading endlessly, after I remove the flash card it returns very normal

but from time to time when there is no flash card plugged an explorer window appears and says error drive (Drive letter) does not exists, what should I do.

I know That all of you guys on (nsane.down) are brilliants so please help me.

Os: Windows 7 ultimate 64-Bit

Anti virus: Kasper Sky Pure

P.s I've installed (pure) on a fresh installation of the windows

[Lite]

Please Download HijackThis! and Post a log here.

[Ahmad_Al_Hajaya]

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 1:53:13 AM, on 6/23/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Internet Download Manager\IDMan.exe

C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe

C:\Program Files (x86)\RocketDock\RocketDock.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe

C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

C:\Windows\PromptService.exe

C:\Program Files (x86)\PC Auto Shutdown\AutoShutdown.exe

C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe"

O4 - HKLM\..\Run: [PromptService] C:\Windows\PromptService.exe

O4 - HKLM\..\Run: [PromptService64] C:\Windows\PromptService64.exe

O4 - HKLM\..\Run: [PC Auto Shutdown] "C:\Program Files (x86)\PC Auto Shutdown\AutoShutdown.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [uSB Safely Remove] C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe /startup

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"

O4 - HKLM\..\Policies\Explorer\Run: [Mpk.exe] C:\Program Files (x86)\KGB\Mpk.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm

O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: ASO3DiskOptimizer - Systweak Inc., (www.systweak.com) - C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe

O23 - Service: Kaspersky PURE (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe

O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe

O23 - Service: Game Jackal Server (GJService) - Unknown owner - C:\Program Files (x86)\SlySoft\Game Jackal v4\Server.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PCAutoShutdown_Service - GoldSolution Software, Inc. - C:\Program Files (x86)\PC Auto Shutdown\ShutdownService.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Unknown owner - C:\Program Files (x86)\USB Safely Remove\USBSRService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 11673 bytes

[shought]

O4 - HKLM\..\Policies\Explorer\Run: [Mpk.exe] C:\Program Files (x86)\KGB\Mpk.exe

Seems to be part of a keylogger, check it out.

O4 - HKLM\..\Run: [PromptService] C:\Windows\PromptService.exe

What is this? Seems legit, but not sure.

Suggested cleaning (if there is anything to be cleaned):

- run online scan (TrendMicro HouseCall is one I'd recommend), clean, don't reboot.

- scan with your AV of choice (full disk scan), clean, don't reboot.

- scan with Trojan Remover (standard scan, not 'full disk scan'), clean, reboot.

- scan with your AV again.

- scan with Trojan Remover again.

- if you find anything, clean it, reboot again and scan once more to make sure everything is cleaned.

[Toshiro]

Open Hijackthis.. and let it run.

Check the folowing lines:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O4 - HKLM\..\Policies\Explorer\Run: [Mpk.exe] C:\Program Files (x86)\KGB\Mpk.exe << 95% sure this is the KGB Keylogger.

Hit the "Fix Checked" Button.

Lite, what do you think about the folowing line..:

F2 - REG:system.ini: UserInit=userinit.exe

Google says some are nasty.. kinda confused.. :unsure:

----

Do you have the problem with different USB sticks? Or just with one?

[Lite]

For one you have a keylogger.

You can delete these entries:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O4 - HKLM\..\Policies\Explorer\Run: [Mpk.exe] C:\Program Files (x86)\KGB\Mpk.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

After doing this restart your computer and see if the problem still exists. If so do download HitmanPro (from nsane.down) and run that.

Edit:

@Hani, i don't think thats a problem.

Edit #2:

@shought, that is not malware, but could actually be the source of the problem. Its from newsoftwares.net, one of there tools is a "USB Secure" tool. You might like to try to uninstall whatever tool you installed from this company.

[shought]

Pretty sure that userinit.exe can be safely removed (the entry, at least, so through HiJackThis!).

[Toshiro]

For one you have a keylogger.

You can delete these entries:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O4 - HKLM\..\Policies\Explorer\Run: [Mpk.exe] C:\Program Files (x86)\KGB\Mpk.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

After doing this restart your computer and see if the problem still exists. If so do download HitmanPro (from nsane.down) and run that.

Edit:

@Hani, i don't think thats a problem.

Edit #2:

@shought, that is not malware, but could actually be the source of the problem. Its from newsoftwares.net, one of there tools is a "USB Secure" tool. You might like to try to uninstall whatever tool you installed from this company.

LIte.. these (file missing) thingies.. were because HJT wasn't 100% compatible with W7.. or is that thingie fixed? Haven't heard anything about it. :\

@ your Edit 2..

Now you mention it.. USB Safely Remove could be involved in some way.

@ TS, Try uninstalling one of them (or both) and see if the problem is fixed ;)

[mara-]

Yeah, file missing is issue on Windows 7 for sure. I checked the location for file that it reports as missing but file is there.

Cheers ;)

[Ahmad_Al_Hajaya]

Hey

Thank you all for the help, But each one of you gave a different solution should I use them all or there is one solution that you all agree on.

I know about the keylogger

[Lite]

Do this (its an agreed solution):

Run HJT again and remove this entry:

O4 - HKLM\..\Policies\Explorer\Run: [Mpk.exe] C:\Program Files (x86)\KGB\Mpk.exe

Restart your computer. Try again to see if this problem exists.

If it still exists search for any software from, newsoftwares.net. You might like to try to uninstall whatever tool you installed from this company, to see if this fixes the problem. Again restart your computer before checking.

Finally if that doesn't help download and run HimanPro (from nsane.down) and clean infections it finds (if any).

Let us know how it goes ;)

[Ahmad_Al_Hajaya]

I've Deleted The Keylogger (Refog Keylogger).

The problem existed before I've installed any newsoftwares.net (Folder Protect).

Hitman Pro Log : <Log computer="AHMAD-PC" scan="Normal" version="3.5.5.98" date="2010-06-23T16:17:47" timeSpentInSecs="129" filesProcessed="19263"><Item type="Suspicious" score="46.0" status="None"><File path="C:\Program Files (x86)\Internet Download Manager\IDMan.exe" hash="F1FE9ACA602C4F3E2A8C2F53C1120210D8259523359DF02B2E1B2C011D1624DF" /><Startup><Key path="HKU\S-1-5-21-4195794375-2177633716-1220684756-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IDMan" /></Startup><References><File path="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Internet Download Manager.lnk" /><File path="C:\Users\Ahmad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Internet Download Manager.lnk" /></References></Item><Item type="Suspicious" score="37.0" status="None"><File path="C:\Program Files (x86)\Your Uninstaller 2010\urmain.exe" hash="D49E107E66186D96F510B983479ED9E0F3C4E74B5791F7C1C8D1992668E905E5" /><References><File path="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller 2010\Your Uninstaller!.lnk" /><File path="C:\Users\Ahmad\Desktop\Programs\Your Unin-staller!.lnk" /></References></Item></Log>

nothing of the solutions worked

Could Kaspersky KryptoStorage be the reason

[Lite]

I'd like a list of installed programs this could help diagnose the problem.

Do you have CCleaner/Belarc Advisor installed? These programs can give a list of installed software. (You can PM me the log if you prefer not to post here).

[HX1]

C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe

C:\Windows\PromptService.exe

C:\Program Files (x86)\PC Auto Shutdown\AutoShutdown.exe

C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [PromptService] C:\Windows\PromptService.exe

O4 - HKLM\..\Run: [PromptService64] C:\Windows\PromptService64.exe

O4 - HKLM\..\Run: [PC Auto Shutdown] "C:\Program Files (x86)\PC Auto Shutdown\AutoShutdown.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [uSB Safely Remove] C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe /startup

O4 - HKLM\..\Policies\Explorer\Run: [Mpk.exe] C:\Program Files (x86)\KGB\Mpk.exe

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: PCAutoShutdown_Service - GoldSolution Software, Inc. - C:\Program Files (x86)\PC Auto Shutdown\ShutdownService.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe

O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Unknown owner - C:\Program Files (x86)\USB Safely Remove\USBSRService.exe

So far I noticed that you have a total of 3 services installed or installed to defrag your computer. You should check your Task Scheduler and make sure that only one takes care of the maintenance on your PC and they are not all installed and configured to do the job. Technically, I have noticed that on some systems Auto-Defrag and maintenance will interfere with normal operation.. So I would suggest turing these features off and manually defragging when the time is right ( once a month or every week - preferably each week depending on your level of usage and installations )

Update Services are not needed if you take care of your system maintenance through Forums such as this one or other services such as Software Informer or Update Star.. which run on command and not as a service. These services take away from your system resources and connect to locations outside of your network. Response times..can greatly affect these applications, not to mention they are rarely useful. Tune-up Utilities should not need the extra service f it is not running an ALL TIME defrag.. Checking your USB Remove application as being current would be a good idea but I do not recommend even using this application as it is a redundant waste next to Windows 7 USB Device Management.. Natively Windows will do all you need to do..also if any problem exist with the application it could be the culprit of some of the problems you are experiencing.

Google Update Service and Updater comes with every piece of software released by Google.. and in each ad every instance I manually remove the application and disable to the service.. then clean my registry of any and all traces..( maybe use Your Uninstaller or something )..

Is the FacialBook uploader necessary?.. its an open line to whatever hack may..come along next..waste unless your constantly using it..

Do you use the Google Toolbar THAT much? Waste.. thats what we have the search bar for.. the rest of the services are easily reached.. ( plus it comes with the updater..

RealPlayer updater can also have these issues.. and how often does that update.. not to mention which even uses it anymore?.. another waste..

Acrobat IE Helper.. this can also slow the operation of your PC and browser down.. Constant vulnerabilities are always being reported.. I would suggest getting rid of Acrobat and going with Foxit Phantom or Reader.. much more efficient.. and there is a plugin as well..which doesn't interfere..

The F2 entry should not exist. Recently I had an entry there from another application which refused to remove itself from my system.. at which point I had to resort to removing it manually.. and shredding its counterparts.. This entry had to be removed as well.. Faster boot time as a result..

To be clear..these are suggestions on working out the problem just looking at your HiJack This report. I would also recommend that you clean/uninstall any useless applications ( anything you do not use and probably will not ).. then clean your registry, defrag your registry.. Then your drives.. and run a Disk Check on each one... I think that if you go through this process; you will find that some of these extra applications.. are actually the culprit.

IF you still have an issue.. I would do a search online for finding information on ridding your system of WORMS..( sometimes as simple as search and removing a few files.. ) These can actually use your PC to send mail in the background.. and can cause issues of the same kind. Doing a registry scan and clean with SpyBot could render some great results when it comes to these things.. However you have to be patient and set the program up first..

Anyway these are just suggestions.. But I would go for it being some bad apps.. not really an infection.. I think the proper maintenance and interaction would help..

EDIT: ALSO one more thing.. your running an FTP Server.. you should make sure you have proper permissions set for the server and IF.. you fear the server has a vulnerability.. Download and use the Free HOME Feed for Tenable Nessus.. There are other vulnerabilities that many miss and this will look for those.. system and sever specific to your configuration.. ( also must be patient with this one as well ).. But having those services available also opens the door to a whole other group of issues.. so covering the bases system wide is going to pay-off in the long run..

[Ahmad_Al_Hajaya]

Hey heath28m

Thank you for helping but none of the the suggestions has worked

[Lite]

I got your list of installed applications, thanks ;)

Have you tried with different flash drives?

I'd try uninstalling the following (one by one) and see if the problem still persists:

Kaspersky KryptoStorage

USB Safely Remove 4.3

All Nokia Software

[Ahmad_Al_Hajaya]

I will do it and tell you what happens

I also tried with more than 21 flash drives

[HX1]

Have you taken a look at your Event Viewer logs? Main thing being that you should look into your Errors to see what application ha caused any.. if present.. Then possibly investigate for a resolution to any issues. I know that in Vista, the USB drivers used to have a big issue.. Every eight seconds... it would log a drive as being present that was not.. and continue to try to read/write to that drive.. There were a couple of solutions..( one being to re-insert and Eject the drive that it was asking for its off-topic.. but as an example.. This error could be found there..

Also if none of these change have taken effect.. You are running as an Administrative Account? .. and did they hold? ( Find it with another scan..with HJT.. )..Anyway just a few suggestions..

[Ahmad_Al_Hajaya]

To all who tried to help

I thank you, and I hope you get what ever you want in life and nothing gets in your way.

The problem is solved.

And it was caused by kaspersky KryptoStorage.

Regards

Ahmad Hajaya

A Bedouin form the south

of jordan.

[jalaffa]

That's pretty cool to read :)

[Lite]

Thats nice to hear :)

You might want to report the issue to Kaspersky so they can fix it for future versions?

[Ahmad_Al_Hajaya]

That's a good idea

[Toshiro]

Good to hear it's fixed.

Also it's a good thing the keylogger got deleted.:P