infected with 2009 security how to remove ,need Mr Belahzur help

Hello.
The log of OTViewIt.txt is quite long, see for yourself and post the rest of it.

[quote="suzonka"]

Belahzur wrote:

Download OTViewIt to your desktop.

• Close all windows and open it
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
  
• You may need to use two posts to get it all on the forum
  

Here is part three of the copy
OTViewIt logfile created on: 11/28/2008 3:22:38 PM - Run
Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Acrobat.com
"eTrust Suite Personal"=CA Internet Security Suite
"Google Desktop"=Google Desktop
"HijackThis"=HijackThis 2.0.2
"InstallShield_{0AFD47CE-CA9C-4372-AA20-CB05D33638FA}"=CA Desktop DNA Migrator
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}"=OpenMG Secure Module 4.7.00
"InstallShield_{EFAD4066-CAF3-4B27-9669-12EED352C376}"=NVIDIANetworkDiagnostic
"LiveUpdate"=LiveUpdate 3.2 (Symantec Corporation)
"NVIDIA Drivers"=NVIDIA Drivers
"OpenMG HotFix4.7-07-13-22-01"=OpenMG Limited Patch 4.7-07-14-05-01
"Optimum Online net guide"=Optimum Online net guide
"RealPlayer 6.0"=RealPlayer
"SAMSUNG Mobile Modem"=SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver"=Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem"=SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0"=SAMSUNG Mobile USB Modem 1.0 Software
"VETWIN32Vp5"=CA Anti-Virus

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/22/2008 12:48:12 PM | Computer Name = Ron-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x8007041D

Error - 11/22/2008 2:01:43 PM | Computer Name = Ron-PC | Source = UmxAgent | ID = 67
Description = Cannot send event. Process C:\Program Files\CA\CA Internet Security
Suite\CA Personal Firewall\capfsem.exe ended.

Error - 11/22/2008 11:25:29 PM | Computer Name = Ron-PC | Source = Application Error | ID = 1000
Description = Faulting application AUPDATE.EXE, version 3.2.0.68, time stamp 0x46e89173,
faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6, exception
code 0xc0000005, fault offset 0x000681cb, process id 0xf88, application start time
0x01c94d1aa85187c4.

Error - 11/23/2008 12:46:56 PM | Computer Name = Ron-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x8007041D

Error - 11/24/2008 4:21:41 AM | Computer Name = Ron-PC | Source = Application Error | ID = 1000
Description = Faulting application AUPDATE.EXE, version 3.2.0.68, time stamp 0x46e89173,
faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6, exception
code 0xc0000005, fault offset 0x00068169, process id 0x1640, application start time
0x01c94e0d338268d4.

Error - 11/24/2008 10:25:23 PM | Computer Name = Ron-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x8007041D

Error - 11/24/2008 10:44:03 PM | Computer Name = Ron-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x8007041D

Error - 11/27/2008 12:08:33 AM | Computer Name = Ron-PC | Source = VSS | ID = 8194
Description =

Error - 11/27/2008 1:58:00 AM | Computer Name = Ron-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x8007041D

Error - 11/27/2008 2:25:16 AM | Computer Name = Ron-PC | Source = Application Hang | ID = 1002
Description = The program ~tmpj.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 11d8 Start Time: 01c95056abd3e0ac Termination Time: 15

[ System Events ]
Error - 6/24/2008 10:18:26 PM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/24/2008 10:19:56 PM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 6/24/2008 10:19:57 PM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/24/2008 10:19:57 PM | Computer Name = Ron-PC | Source = DCOM | ID = 10005
Description =

Error - 6/24/2008 10:20:45 PM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 6/24/2008 10:20:45 PM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/25/2008 10:14:04 PM | Computer Name = Ron-PC | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.100 on
the Network Card with network address 001AA06B6260.

Error - 6/26/2008 10:14:06 PM | Computer Name = Ron-PC | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.100 on
the Network Card with network address 001AA06B6260.

Error - 6/27/2008 10:14:09 PM | Computer Name = Ron-PC | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.100 on
the Network Card with network address 001AA06B6260.

Error - 6/28/2008 5:30:47 PM | Computer Name = Ron-PC | Source = DCOM | ID = 10010
Description =


< End of report >

Hello suzonka.
Sorry for the delay.
Please look through the log for part of it that has the title something like this:
========== Files created within the last 30 days ==========

Please post that part of the log.

Belahzur wrote:

Hello suzonka.
Sorry for the delay.
Please look through the log for part of it that has the title something like this:
========== Files created within the last 30 days ==========

Please post that part of the log.

Hi I DIDNT GET A DESK TOP Extras part, EVRYTHING WENT ON THE OTViewIt.txt, should I download it again?

Nah. If you aren't having any problems, it's probably okay.

suzonka wrote:

Belahzur wrote:

Hello suzonka.
Sorry for the delay.
Please look through the log for part of it that has the title something like this:
========== Files created within the last 30 days ==========

Please post that part of the log.

Hi I DIDNT GET A DESK TOP Extras part, EVRYTHING WENT ON THE OTViewIt.txt, should I download it again?

Is this what you need

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=1
"UacDisableNotify"=1
"InternetSettingsDisableNotify"=1
"AutoUpdateDisableNotify"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiSpyware]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0
"VistaSp1"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications"=0
"EnableFirewall"=0
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

No, but it doesn't matter.
Any problems remaining?

Belahzur wrote:

Nah. If you aren't having any problems, it's probably okay.

Thanks again , the computer is fast and everything responds they way it should, Thanks so much for your help

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.