Infected with PUM.Hijack.TaskManager, PUM.Hijack.Regedit, PUM.Disabled.SecurityCenter, Virus Sality, Malware.Packer.Gen

[TinyMolly]

Post Merged

We look for post with 0 replies, so when you reply to your own topic, we assume you're being helped.

Please be patient, someone will assist you as soon as possible.

Hi,

I've been infected with PUM.Hijack.TaskManager, PUM.Hijack.Regedit, PUM.Disabled.SecurityCenter, Virus Sality, and Malware.Packer.Gen. And seems like Malwarebytes can't get rid of it. I'm really annoyed by this. So here's hoping someone could help me out.

Here's my log after selecting "Remove Selected" option.:

Thanks.

--

Malwarebytes Anti-Malware (PRO) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.09.09.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 6.0.2900.5512

Justine :: PARAS-C8F976B34 [administrator]

Protection: Enabled

9/9/2012 5:41:34 PM

mbam-log-2012-09-09 (17-49-09).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 170036

Time elapsed: 2 minute(s), 11 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 2

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> No action taken.

HKLM\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> No action taken.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 5

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.

HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\jvyld.pif (Malware.Packer.Gen) -> No action taken.

(end)

Can someone help?

[Maurice Naggar]

When MBAM showed you the scan results, you should have selected ALL lines for removal. You did not do that.

Please try again.

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy & Paste the latest (new) MBAM scan log.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.

• 
  

Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

When done with RKILL, Re-enable (turn ON ) your antivirus program.

Download DDS and save it to your desktop from http://download.bleepingcomputer.com/sUBs/dds.scr here

or http://download.bleepingcomputer.com/sUBs/dds.com or

http://www.infospyware.net/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

Then double click dds.scr to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

• When done, DDS will open two (2) logs:
• DDS.txt
• Attach.txt
• Save both reports to your desktop.

Please Copy & Paste contents of the following logs in your next reply:

DDS.txt

Attach.txt

Edited September 10, 2012 by Maurice Naggar

[TinyMolly]

Seems like after scanning and doing a reboot, I can't open the log, same with the rkill.txt.

[TinyMolly]

EDIT: I've used IE to open the logs. Here's the MBAB log:

--

Malwarebytes Anti-Malware (PRO) 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.11.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 6.0.2900.5512

Justine :: PARAS-C8F976B34 [administrator]

Protection: Enabled

9/11/2012 12:50:19 PM

mbam-log-2012-09-11 (12-50-19).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 169768

Time elapsed: 2 minute(s), 37 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 2

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 5

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 4

C:\jvyld.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justine\Local Settings\Temp\winqcnwx.exe (Virus.Sality) -> Delete on reboot.

C:\Documents and Settings\Justine\Local Settings\Temp\kxcxt.exe (Virus.Sality) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justine\Local Settings\Temp\ssyxm.exe (Virus.Sality) -> Quarantined and deleted successfully.

(end)

[TinyMolly]

Here's the rkill.txt

--

Rkill 2.3.11 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/11/2012 01:20:43 PM in x86 mode.

Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\DOCUME~1\Justine\LOCALS~1\Temp\srbrbk.exe (PID: 4084) [sUP-HEUR]

* C:\DOCUME~1\Justine\LOCALS~1\Temp\srbrbk.exe (PID: 4084) [T-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* System Policy Removed: DisableRegistryTools [HKCU]

* System Policy Removed: DisableTaskMgr [HKCU]

Backup Registry file created at:

C:\Documents and Settings\Justine\Desktop\rkill\rkill-09-11-2012-01-20-47.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Alerter [Missing Service]

* ALG [Missing Service]

* ERSvc [Missing Service]

* helpsvc [Missing Service]

* ImapiService [Missing Service]

* LmHosts [Missing Service]

* Messenger [Missing Service]

* mnmsrvc [Missing Service]

* NtmsSvc [Missing Service]

* RpcLocator [Missing Service]

* TrkWks [Missing Service]

* UPS [Missing Service]

* VSS [Missing Service]

* wscsvc [Missing Service]

* NetDDE [Missing ImagePath]

* NetDDEdsdm [Missing ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/11/2012 01:20:47 PM

Execution time: 0 hours(s), 0 minute(s), and 4 seconds(s)

[TinyMolly]

After running DDS, there are no logs that popped out. Maybe it is because that problem that I can't open .txt files.

[Maurice Naggar]

Download to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from

>>> here <<<

• Double-click FixPolicies.exe.
  
• Click the "Install" button on the bottom toolbar of the box that will open.
  
• The program will create a new Folder called FixPolicies.
  
• Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  
• A black box will briefly appear and then close.
  
• This fix may prove temporary. Active malware may revert these changes at your next startup. You can safely run the utility again.

Run DDS one more time.

If DDS.txt does not show up auto-magically in Notepad .....then let's have you locate DDS.txt and Open it using NOTEPAD.exe

[TinyMolly]

After searching for the fix for my notepad problem, I've finally got the logs. Here:

DDS.txt

--

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512

Run by Justine at 7:19:39 on 2012-09-12

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.322 [GMT 8:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Internet Download Manager\IDMan.exe

C:\Program Files\Internet Download Manager\IEMonitor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\DOCUME~1\Justine\LOCALS~1\Temp\iigk.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\jvyld.pif

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mWinlogon: SfcDisable=-99 (0xffffff9d)

BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll

uRun: [iDMan] c:\program files\internet download manager\IDMan.exe /onboot

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED

uRun: [beyluxeMessenger] "c:\program files\beyluxe messenger\Beyluxe Messenger.exe" /hide

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

uPolicies-explorer: NoResolveTrack = 1 (0x1)

uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)

uPolicies-system: DisableTaskMgr = 1 (0x1)

uPolicies-system: DisableRegistryTools = 1 (0x1)

mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-system: EnableLUA = 0 (0x0)

dPolicies-explorer: NoSMHelp = 1 (0x1)

dPolicies-explorer: NoResolveTrack = 1 (0x1)

dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)

IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm

IE: Download with IDM - c:\program files\internet download manager\IEExt.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

TCP: Interfaces\{236F5D11-2261-42A6-BF49-D3D5938D59BA} : DhcpNameServer = 121.1.3.82 121.1.3.20 121.1.3.250

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\justine\application data\mozilla\firefox\profiles\ihmgmr8g.default\

FF - component: c:\documents and settings\justine\application data\idm\idmmzcc5\components\idmmzcc.dll

FF - component: c:\progra~1\mozill~1\extensions\talkback@mozilla.org\components\qfaservices.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll

.

============= SERVICES / DRIVERS ===============

.

R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2012-4-23 108448]

R3 amsint32;amsint32;\??\c:\windows\system32\drivers\pnmlp.sys --> c:\windows\system32\drivers\pnmlp.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-9-9 214000]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-9-9 1684736]

S3 FXDrv32;FXDrv32;\??\i:\fxdrv32.sys --> i:\FXDrv32.sys [?]

S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena plus\room\safedrv.sys --> c:\program files\garena plus\room\safedrv.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-9-9 214000]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-9-9 114144]

S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\iobit\game booster 3\driver\WinRing0.sys [2012-9-11 14416]

.

=============== Created Last 30 ================

.

2012-09-11 13:49:15 -------- d-----w- c:\documents and settings\justine\application data\Beyluxe

2012-09-11 13:48:36 -------- d-----w- c:\windows\Beyluxe Messenger

2012-09-11 13:48:36 -------- d-----w- c:\program files\Beyluxe Messenger

2012-09-11 12:48:47 -------- d-----w- c:\documents and settings\justine\local settings\application data\Adobe

2012-09-11 12:21:04 -------- d-----w- C:\Editing Tools

2012-09-11 12:20:59 -------- d-----w- c:\documents and settings\justine\application data\REDitor II

2012-09-11 09:19:27 -------- d--h--w- c:\windows\system32\GroupPolicy

2012-09-11 06:14:19 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2012-09-11 06:14:17 -------- d-----w- c:\program files\ffdshow

2012-09-11 06:14:16 -------- d-----w- c:\program files\IObit

2012-09-11 06:14:16 -------- d-----w- c:\documents and settings\all users\application data\IObit

2012-09-11 05:08:47 103140 ----a-w- C:\jvyld.pif

2012-09-11 04:37:23 359936 ----a-w- C:\subinacl.exe

2012-09-11 04:36:56 -------- d-----w- C:\RegBackup

2012-09-11 04:36:35 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs

2012-09-10 23:20:12 -------- d-----w- c:\documents and settings\justine\application data\GarenaPlus

2012-09-10 23:18:45 -------- d-----w- c:\program files\Garena Plus

2012-09-10 23:18:43 -------- d-----w- c:\documents and settings\all users\application data\GarenaMessenger

2012-09-09 14:04:19 -------- d-----w- c:\documents and settings\justine\local settings\application data\Google

.

==================== Find3M ====================

.

2012-09-09 08:40:16 135680 ----a-w- c:\windows\system32\taskmgr.exe

2012-09-09 08:39:25 39424 ----a-w- c:\windows\system32\grpconv.exe

2012-09-09 04:05:59 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-09 04:05:59 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-05 05:22:15 889416 ----a-w- C:\dotNetFx40_Full_setup.exe

.

============= FINISH: 7:19:46.70 ===============

Attach.txt

--

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 9/9/2012 11:32:59 AM

System Uptime: 9/12/2012 6:01:25 AM (1 hours ago)

.

Motherboard: Foxconn | | G31MXP

Processor: Intel® Pentium® Dual CPU E2200 @ 2.20GHz | Socket 775 | 2209/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 68 GiB total, 24.168 GiB free.

D: is FIXED (NTFS) - 81 GiB total, 49.348 GiB free.

E: is Removable

F: is Removable

G: is Removable

H: is Removable

I: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: PCI Modem

Device ID: PCI\VEN_1057&DEV_3052&SUBSYS_30201057&REV_04\4&1AF1648C&0&08F0

Manufacturer:

Name: PCI Modem

PNP Device ID: PCI\VEN_1057&DEV_3052&SUBSYS_30201057&REV_04\4&1AF1648C&0&08F0

Service:

.

==== System Restore Points ===================

.

RP1: 9/9/2012 1:30:42 PM - System Checkpoint

RP2: 9/9/2012 4:32:48 PM - First Restore Point

RP3: 9/9/2012 6:50:51 PM - Installed DirectX

RP4: 9/9/2012 10:06:50 PM - Removed Kaspersky Anti-Virus 2013.

RP5: 9/11/2012 1:09:36 PM - Tweaking.com - Windows Repair

RP6: 9/11/2012 1:26:24 PM - Tweaking.com - Windows Repair

.

==== Installed Programs ======================

.

µTorrent

Adobe Flash Player 11 Plugin

Adobe Photoshop CS4

Beyluxe Messenger

Dota 2

ffdshow [rev 3154] [2009-12-09]

Game Booster 3

Garena Plus

Google Chrome

Google Update Helper

Internet Download Manager

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox 15.0.1 (x86 en-US)

Mozilla Maintenance Service

NVIDIA Drivers

REALTEK GbE & FE Ethernet PCI-E NIC Driver

REALTEK GbE & FE Ethernet PCI NIC Driver

Realtek High Definition Audio Driver

Steam

TeraCopy 2.27

Unlocker 1.9.1

VLC media player 2.0.3

WinRAR 4.20 (32-bit)

.

==== Event Viewer Messages From Past Week ========

.

9/9/2012 5:35:12 PM, error: Sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

9/9/2012 4:47:19 PM, error: Sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.

9/9/2012 4:37:13 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.

9/9/2012 1:38:55 PM, error: PlugPlayManager [11] - The device Root\LEGACY_AMSINT32\0000 disappeared from the system without first being prepared for removal.

9/11/2012 8:48:44 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Import-Export\Twain_32.8BA. Reference error message: The operation completed successfully. .

9/11/2012 8:48:44 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Image Stacks\statistics.8BA. Reference error message: The operation completed successfully. .

9/11/2012 8:48:44 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Filters\ZigZag.8BF. Reference error message: The operation completed successfully. .

9/11/2012 8:48:44 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Filters\Wind.8BF. Reference error message: The operation completed successfully. .

9/11/2012 8:48:44 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Filters\Wave.8BF. Reference error message: The operation completed successfully. .

9/11/2012 8:48:44 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Filters\Twirl.8BF. Reference error message: The operation completed successfully. .

9/11/2012 8:48:44 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Filters\Tiles.8BF. Reference error message: The operation completed successfully. .

9/11/2012 8:48:44 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Filters\Spherize.8BF. Reference error message: The operation completed successfully. .

9/11/2012 8:48:44 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Filters\Solarize.8BF. Reference error message: The operation completed successfully. .

9/11/2012 8:48:44 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Filters\Smart Blur.8BF. Reference error message: The operation completed successfully. .

9/11/2012 8:48:44 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Filters\Shear.8BF. Reference error message: The operation completed successfully. .

9/11/2012 8:48:44 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\File Formats\WBMP.8BI. Reference error message: The operation completed successfully. .

9/11/2012 8:48:44 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\File Formats\U3D.8BI. Reference error message: The operation completed successfully. .

9/11/2012 8:48:44 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\File Formats\Targa.8BI. Reference error message: The operation completed successfully. .

9/11/2012 8:48:44 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Automate\WIASupport.8LI. Reference error message: The operation completed successfully. .

9/11/2012 8:48:44 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Locales\en_US\Additional Plug-Ins\Win\Filters\Variations.8BF. Reference error message: The operation completed successfully. .

9/11/2012 8:48:42 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Measurements\MeasurementCore.8ME. Reference error message: The operation completed successfully. .

9/11/2012 8:48:42 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Import-Export\Paths to Illustrator.8BE. Reference error message: The operation completed successfully. .

9/11/2012 8:48:42 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Import-Export\FireWire Export.8BE. Reference error message: The operation completed successfully. .

9/11/2012 8:48:42 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Filters\Ripple.8BF. Reference error message: The operation completed successfully. .

9/11/2012 8:48:42 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Filters\Radial Blur.8BF. Reference error message: The operation completed successfully. .

9/11/2012 8:48:42 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Filters\Polar Coordinates.8BF. Reference error message: The operation completed successfully. .

9/11/2012 8:48:42 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Filters\Pointillize.8BF. Reference error message: The operation completed successfully. .

9/11/2012 8:48:42 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Filters\Pinch.8BF. Reference error message: The operation completed successfully. .

9/11/2012 8:48:42 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Filters\NTSC Colors.8BF. Reference error message: The operation completed successfully. .

9/11/2012 8:48:42 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Filters\Mezzotint.8BF. Reference error message: The operation completed successfully. .

9/11/2012 8:48:42 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Filters\LightingEffects.8BF. Reference error message: The operation completed successfully. .

9/11/2012 8:48:42 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Filters\Lens Flare.8BF. Reference error message: The operation completed successfully. .

9/11/2012 8:48:42 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Filters\Fibers.8BF. Reference error message: The operation completed successfully. .

9/11/2012 8:48:42 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Filters\Extrude.8BF. Reference error message: The operation completed successfully. .

9/11/2012 8:48:42 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Filters\Displace.8BF. Reference error message: The operation completed successfully. .

9/11/2012 8:48:42 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\File Formats\Radiance.8BI. Reference error message: The operation completed successfully. .

9/11/2012 8:48:42 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\File Formats\PNG.8BI. Reference error message: The operation completed successfully. .

9/11/2012 8:48:42 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\File Formats\Pixar.8BI. Reference error message: The operation completed successfully. .

9/11/2012 8:48:42 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\File Formats\PCX.8BI. Reference error message: The operation completed successfully. .

9/11/2012 8:48:42 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\File Formats\PBM.8BI. Reference error message: The operation completed successfully. .

9/11/2012 8:48:42 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\File Formats\OpenEXR.8BI. Reference error message: The operation completed successfully. .

9/11/2012 8:48:42 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\File Formats\IFF Format.8BI. Reference error message: The operation completed successfully. .

9/11/2012 8:48:42 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\File Formats\GIF.8BI. Reference error message: The operation completed successfully. .

9/11/2012 8:48:42 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\File Formats\FXG.8BI. Reference error message: The operation completed successfully. .

9/11/2012 8:48:42 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\File Formats\FilmStrip.8BI. Reference error message: The operation completed successfully. .

9/11/2012 8:48:42 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Extensions\MultiProcessor Support.8BX. Reference error message: The operation completed successfully. .

9/11/2012 8:48:42 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Extensions\MMXCore.8BX. Reference error message: The operation completed successfully. .

9/11/2012 8:48:42 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Extensions\FastCore.8BX. Reference error message: The operation completed successfully. .

9/11/2012 8:48:42 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\3D Engines\Photoshop3DEngine.8BI. Reference error message: The operation completed successfully. .

9/11/2012 8:48:41 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. .

9/11/2012 8:48:41 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Filters\De-Interlace.8BF. Reference error message: The operation completed successfully. .

9/11/2012 8:48:41 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Filters\Crystallize.8BF. Reference error message: The operation completed successfully. .

9/11/2012 8:48:41 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Filters\CropPhotos.8BF. Reference error message: The operation completed successfully. .

9/11/2012 8:48:41 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Filters\Color Halftone.8BF. Reference error message: The operation completed successfully. .

9/11/2012 8:48:41 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Filters\Clouds.8BF. Reference error message: The operation completed successfully. .

9/11/2012 8:48:41 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Filters\ChannelPort.8BF. Reference error message: The operation completed successfully. .

9/11/2012 8:48:41 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Filters\Average.8BF. Reference error message: The operation completed successfully. .

9/11/2012 8:48:41 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\File Formats\Cineon.8BI. Reference error message: The operation completed successfully. .

9/11/2012 8:48:41 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\File Formats\BMP.8BI. Reference error message: The operation completed successfully. .

9/11/2012 8:48:41 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Photoshop CS4\Plug-ins\Automate\CropPhotosAuto.8LI. Reference error message: The operation completed successfully. .

9/11/2012 8:48:41 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

9/11/2012 1:38:17 PM, error: Service Control Manager [7000] - The wscsvc service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.

.

==== End Of File ===========================

[Maurice Naggar]

I do not see any reference in these logs that would tell us that this system has an antivirus program installed !

How long has this system been without an antivirus program?

The lack of antivirus protection has resulted in a severe security compromise of your system such that the only safe remedy is to wipe clean the HDD and clean install Windows + antivirus + all your apps.

If (a) you do NOT have an anti-virus application installed, or (b) your subscription expired, however briefly, or {c} you didn't have an anti-virus application installed when the machine got infected, and/or (d) you've neglected to keep the machine fully patched at Windows Update, don't bother posting in this forum. See this thread instead: http://aumha.net/viewtopic.php?t=28580

The best and only thing to do in a case like this is to wipe the system in total and do a clean install of Windows.

clean (new) Windows XP Install:

Before you do that, make sure you have at hand the Windows XP CD and also, a fresh new copy of your antivirus that is downloaded from a clean pc and saved on transportable-media (CD-DVD or clean thumb drive).

When you are at point of re-installing o.s., I'd recommend you have the pc disconnected from internet until after the o.s. is installed, plus the antivirus is fully setup and running.

Remember that when you do this you will need to have the installers for all your software, along with all the information for configuring your system, such as license keys and passwords.

See Windows XP Clean Installation - Partitioning and Formatting using Windows XP CD by Ramesh Srinivasan, MS-MVP & AumHa VSOP

Also Clean Install Windows by Michael Stevens, MS-MVP

I would urge you to follow the directions very carefully.

You will loose your documents so if you have some to save, offload them to a separate offline media. And later on insure you do a full scan of them by running your antivirus.

New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.

Three good antivirus programs free for non-commercial home use are Avast!, Avira Free Antivirus and Microsoft Security Essentials

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Safer practices & malware prevention

• Have a hardware router between the incoming internet-modem and your computer.
  
• Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
  
• Check in at Windows Update and install any Important or Critical Updates offered.
  
• Make certain that Automatic Updates is enabled.
  How to configure and use Automatic Updates in Windows
  http://support.microsoft.com/kb/306525
  
• Check on other update issues as well, visit Secunia Online Software Inspector (OSI)
  See How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector
  
• Download, install, and keep updated Spyware Blaster (free): http://www.javacoolsoftware.com/spywareblaster.html (all Protections should be enabled at all times)
  Tutorial for Spywareblaster: Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware
  
• I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm
  See the FAQ page http://mvps.org/winhelp2002/hostsfaq.htm
  That would help to keep your browser away from known spyware/malware sites.
  
• Make regular backups of your system to removable media: DVD, USB external hard drive, etc.
  Having a total image backup of your system stored on DVD/CD is highly important.
  Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if another disaster hits.
  Examples of image backup software: Acronis True Image, or the free (for personal use) Macrium Reflect http://www.macrium.com/reflectfree.asp
  or Paragon Backup & Recovery http://www.paragon-software.com/home/br-free/download.html
  
• Consider using Web of Trust WOT add-on for your browser(s)
  http://www.mywot.com/en/download
  http://www.mywot.com/en/faq/add-on
  On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:
  ESET Online Scanner
  BitDefender Quickscan
  Trend Micro Housecall
  F-Secure Online Scanner
  Microsoft Safety Scanner
  Panda ActiveScan
  
• See Six tips to help you stay safer online
  
• Never, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe !
  

We are finished here.

Good luck to you.