GeekPolice
Would you like to react to this message? Create an account in a few clicks or log in to continue.

GeekPoliceLog in

 


descriptioninfected with 2009 security how to remove ,need Mr Belahzur help Emptyinfected with 2009 security how to remove ,need Mr Belahzur help

more_horiz
Hi I have vista basic with a dell PC inspiron 531, Mr Belahzur helped with a Hijack program a year ago and told me what to fix and it worked, Now I have a new infection the 2009 security one that in the end wants you to buy their software to get rid of the infection that they give you , can Mr Belahzur help me again with the removal Thank you.

Last edited by Belahzur on 29th November 2008, 8:29 pm; edited 2 times in total (Reason for editing : added name)

descriptioninfected with 2009 security how to remove ,need Mr Belahzur help EmptyRe: infected with 2009 security how to remove ,need Mr Belahzur help

more_horiz
Hello. Smile...

Please read this thread:
http://www.geekpolice.net/malware-removal-support-hijackthis-logs-f11/read-this-before-posting-t3821.htm
And post a Hijack This log here.

descriptioninfected with 2009 security how to remove ,need Mr Belahzur help Emptymy hijack copy for 2009 removale

more_horiz
Belahzur wrote:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:06:35 PM, on 11/27/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Optimum Online\Netsurf.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Sony\SonicStage\SSAAD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Users\Ron\AppData\Local\Temp\xxx41.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Users\Ron\AppData\Local\Temp\~tmpd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Users\Ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TGYH7ELK\HiJackThis[1].exe
C:\Users\Ron\Desktop\HiJackThis.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Users\Ron\Desktop\Hijack(GP)This.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSFox] C:\Users\Ron\AppData\Local\Temp\xxx41.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O13 - Gopher Prefix:
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5368/mcfscan.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11854 bytes

descriptioninfected with 2009 security how to remove ,need Mr Belahzur help EmptyRe: infected with 2009 security how to remove ,need Mr Belahzur help

more_horiz
A year ago? Has it really been that long? Wow, time flies by. LMBO or ROFL


  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKCU\..\Run: [MSFox] C:\Users\Ron\AppData\Local\Temp\xxx41.exe


  • Press "Fix Checked"
  • Close Hijack This.

====

This will remove anymore malware the the Temp folder.

Download ATF Cleaner

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
  • Close ATF-Cleaner.exe.

===

And last, lets have a look around.

1. Download this file - combofix.exe
2. Double click combofix.exe & select NO when asked about the recovery console.
3. When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptioninfected with 2009 security how to remove ,need Mr Belahzur help EmptyRe: infected with 2009 security how to remove ,need Mr Belahzur help

more_horiz
Hi everything worked the 2009 infection is gone, and the AFT cleaner worked, The
combofix.exe After downloading it a dialog box stated you an rename combofix.exe[2] ,I tried to find the
combofix.exe download in the search area and I keep getting the same dialog box about renaming it however I cant change it however the computer is working good, thanks again




Belahzur wrote:
A year ago? Has it really been that long? Wow, time flies by. LMBO or ROFL


  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKCU\..\Run: [MSFox] C:\Users\Ron\AppData\Local\Temp\xxx41.exe


  • Press "Fix Checked"
  • Close Hijack This.

====

This will remove anymore malware the the Temp folder.

Download ATF Cleaner

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
  • Close ATF-Cleaner.exe.

===

And last, lets have a look around.

1. Download this file - combofix.exe
2. Double click combofix.exe & select NO when asked about the recovery console.
3. When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptioninfected with 2009 security how to remove ,need Mr Belahzur help EmptyRe: infected with 2009 security how to remove ,need Mr Belahzur help

more_horiz
Hello.
I have uploaded a renamed copy for you, this will work, or it should anyway.

http://www.sendspace.com/file/3jk91g

Download and follow my instructions.

descriptioninfected with 2009 security how to remove ,need Mr Belahzur help Empty2009 virus removal

more_horiz
Belahzur wrote:
Hello.
I have uploaded a renamed copy for you, this will work, or it should anyway.

http://www.sendspace.com/file/3jk91g

Download and follow my instructions.


I tried the above download and a dialog box pops up and says you can not rename combo fix[1] you must use a alphanumeric name ,so I click on the OK box and nothing happends, should I be clicking on run after I download it ?- or save it desk top first then open and run it? Thanks, Also what will this help my system with ,thanks for you help again . right now my system is operating the best ever .

Last edited by suzonka on 28th November 2008, 6:47 am; edited 1 time in total (Reason for editing : added words)

descriptioninfected with 2009 security how to remove ,need Mr Belahzur help EmptyRe: infected with 2009 security how to remove ,need Mr Belahzur help

more_horiz
Download OTViewIt to your desktop.

  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
  • You may need to use two posts to get it all on the forum

descriptioninfected with 2009 security how to remove ,need Mr Belahzur help Empty2009 Otviewit[1] copied files

more_horiz
Belahzur wrote:
Download OTViewIt to your desktop.

  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
  • You may need to use two posts to get it all on the forum


Here is part one of the copy
OTViewIt logfile created on: 11/28/2008 3:22:38 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Users\Ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UA3GFX2U
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

957.76 Mb Total Physical Memory | 431.11 Mb Available Physical Memory | 45.01% Memory free
2.13 Gb Paging File | 1.14 Gb Available in Paging File | 53.83% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 198.09 Gb Free Space | 88.92% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.92 Gb Free Space | 39.22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RON-PC
Current User Name: Ron
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/01/19 02:33:37 | 00,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2008/01/19 02:33:14 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2008/05/02 23:16:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
[2008/01/19 02:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2006/11/02 04:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
[2007/10/18 10:24:46 | 00,801,296 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
[2008/03/19 10:56:58 | 00,145,936 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
[2008/04/15 11:50:44 | 00,281,104 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
[2007/10/18 10:24:46 | 01,010,192 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
[2007/12/05 05:17:24 | 00,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2007/09/12 19:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/06/02 12:06:04 | 00,144,696 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
[2007/09/26 12:55:04 | 00,283,912 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
[2007/03/12 18:30:14 | 00,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
[2007/11/15 09:23:56 | 00,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
[2008/09/09 04:45:45 | 00,255,216 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
[2008/05/27 00:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2006/08/04 19:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
[2008/01/19 02:33:08 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2008/01/19 02:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/09/09 04:45:49 | 00,189,680 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
[2008/01/19 02:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
[2008/01/19 02:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/08/08 19:37:26 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[2008/08/08 19:37:26 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[2008/01/19 02:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2008/09/09 04:45:43 | 00,238,832 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\cappactiveprotection.exe
[2008/09/09 04:45:43 | 00,185,584 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
[2004/08/20 13:58:24 | 00,634,880 | ---- | M] (STOIK Imaging (www.stoik.com)) -- C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
[2006/11/03 18:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
[2008/01/19 02:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/10/12 23:58:47 | 00,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
[2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/01/19 02:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/01/19 02:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/08/30 16:31:33 | 00,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
[2008/11/27 15:28:28 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TGYH7ELK\HiJackThis[1].exe
[2008/11/27 15:30:16 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Ron\Desktop\HiJackThis.exe
[2008/01/19 02:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/08/29 16:04:08 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2008/01/19 02:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2008/01/19 02:33:15 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
[2007/09/12 19:27:24 | 00,623,984 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
[2008/01/19 02:33:12 | 00,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
[2008/11/28 15:22:26 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Users\Ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UA3GFX2U\OTViewIt[1].exe

descriptioninfected with 2009 security how to remove ,need Mr Belahzur help Emptypart two of 2009 Otviewit

more_horiz
[quote="suzonka"]
Belahzur wrote:
Download OTViewIt to your desktop.

  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
  • You may need to use two posts to get it all on the forum


Here is part two of the copy

OTViewIt Extras logfile created on: 11/28/2008 3:22:38 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Users\Ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UA3GFX2U
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

957.76 Mb Total Physical Memory | 431.11 Mb Available Physical Memory | 45.01% Memory free
2.13 Gb Paging File | 1.14 Gb Available in Paging File | 53.83% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 198.09 Gb Free Space | 88.92% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.92 Gb Free Space | 39.22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RON-PC
Current User Name: Ron
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=1
"UacDisableNotify"=1
"InternetSettingsDisableNotify"=1
"AutoUpdateDisableNotify"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiSpyware]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0
"VistaSp1"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications"=0
"EnableFirewall"=0
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000007 [Bluetooth Namespace] -- C:\Windows\System32\wshbth.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000008 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000012 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000013 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000014 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000015 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000016 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000017 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000018 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000019 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000020 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000021 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000022 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000023 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000024 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000025 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000026 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000027 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000028 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000029 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000030 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000031 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000032 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000033 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000034 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000035 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000036 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000037 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000038 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000039 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000040 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000041 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000042 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000043 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000044 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000045 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000046 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000047 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
ldap -- 4 = Restricted sites (Not a Default Protocol)
news -- 4 = Restricted sites (Not a Default Protocol)
nntp -- 4 = Restricted sites (Not a Default Protocol)
oecmd -- 4 = Restricted sites (Not a Default Protocol)
snews -- 4 = Restricted sites (Not a Default Protocol)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/06/05 04:18:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}"=Roxio Creator Tools
"{0AFD47CE-CA9C-4372-AA20-CB05D33638FA}"=CA Desktop DNA Migrator
"{0D397393-9B50-4c52-84D5-77E344289F87}"=Roxio Creator Data
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}"=QualxServ Service Agreement
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}"=Dell System Customization Wizard
"{18455581-E099-4BA8-BC6B-F34B2F06600C}"=Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}"=AOL Install
"{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}"=MobileMe Control Panel
"{281ECE39-F043-492B-8337-F2E546B5604A}"=PowerDVD
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}"=Dell DataSafe Online
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}"=Java(TM) SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}"=Sonic Activation Module
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}"=Games, Music, & Photos Launcher
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=NetWaiting
"{546C7D0B-1E12-4573-BCD0-F5B0D3C66A74}"=ArcSoft PhotoImpression 4
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}"=User's Guides
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}"=EarthLink Setup Files
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}"=Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}"=Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}"=Microsoft Works
"{77DCDCE3-2DED-62F3-8154-05E745472D07}"=Acrobat.com
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}"=DellSupport
"{83FFCFC7-88C6-41c6-8752-958A45325C82}"=Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}"=Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}"=Product Documentation Launcher
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{9EE54C1F-FC99-44D6-916A-0CA2D45E740F}"=Digimax Viewer 2.1
"{A0EB195B-5876-48E6-879D-33D4B2102610}"=SonicStage 4.3
"{AC76BA86-7AD7-1033-7B44-A81300000003}"=Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}"=Spelling Dictionaries Support For Adobe Reader 8
"{AEAD18F3-6481-4ef4-96B5-A24D5ADAC30D}"=CA Anti-Spyware
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}"=Roxio Creator DE
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}"=OpenMG Secure Module 4.7.00
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}"=Internet Service Offers Launcher
"{CDB98E2F-7B2A-42C2-B718-F1F6B31586DF}"=CA Website Inspector
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}"=Roxio MyDVD DE
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}"=LiveUpdate Notice (Symantec Corporation)
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}"=iTunes
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}"=Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}"=Digital Line Detect
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}"=Samsung PC Studio 3 USB Driver Installer
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support
"{EFAD4066-CAF3-4B27-9669-12EED352C376}"=NVIDIANetworkDiagnostic
"{F05A5232-CE5E-4274-AB27-44EB8105898D}"=CA Pest Patrol Realtime Protection
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}"=Modem Diagnostic Tool
"{F958CA02-BB40-4007-894B-258729456EE4}"=QuickTime
"{FD67A9A9-B292-43B2-A4F9-59AD62626CAD}"=Digimax Reader
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1"=Conexant D850 PCI V.92

descriptioninfected with 2009 security how to remove ,need Mr Belahzur help EmptyRe: infected with 2009 security how to remove ,need Mr Belahzur help

more_horiz
Hello.
The log of OTViewIt.txt is quite long, see for yourself and post the rest of it. Smile...

descriptioninfected with 2009 security how to remove ,need Mr Belahzur help Emptyoviewit copy 3 for 2009

more_horiz
[quote="suzonka"]
Belahzur wrote:
Download OTViewIt to your desktop.

  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
  • You may need to use two posts to get it all on the forum


Here is part three of the copy
OTViewIt logfile created on: 11/28/2008 3:22:38 PM - Run
Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Acrobat.com
"eTrust Suite Personal"=CA Internet Security Suite
"Google Desktop"=Google Desktop
"HijackThis"=HijackThis 2.0.2
"InstallShield_{0AFD47CE-CA9C-4372-AA20-CB05D33638FA}"=CA Desktop DNA Migrator
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}"=OpenMG Secure Module 4.7.00
"InstallShield_{EFAD4066-CAF3-4B27-9669-12EED352C376}"=NVIDIANetworkDiagnostic
"LiveUpdate"=LiveUpdate 3.2 (Symantec Corporation)
"NVIDIA Drivers"=NVIDIA Drivers
"OpenMG HotFix4.7-07-13-22-01"=OpenMG Limited Patch 4.7-07-14-05-01
"Optimum Online net guide"=Optimum Online net guide
"RealPlayer 6.0"=RealPlayer
"SAMSUNG Mobile Modem"=SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver"=Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem"=SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0"=SAMSUNG Mobile USB Modem 1.0 Software
"VETWIN32Vp5"=CA Anti-Virus

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/22/2008 12:48:12 PM | Computer Name = Ron-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x8007041D

Error - 11/22/2008 2:01:43 PM | Computer Name = Ron-PC | Source = UmxAgent | ID = 67
Description = Cannot send event. Process C:\Program Files\CA\CA Internet Security
Suite\CA Personal Firewall\capfsem.exe ended.

Error - 11/22/2008 11:25:29 PM | Computer Name = Ron-PC | Source = Application Error | ID = 1000
Description = Faulting application AUPDATE.EXE, version 3.2.0.68, time stamp 0x46e89173,
faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6, exception
code 0xc0000005, fault offset 0x000681cb, process id 0xf88, application start time
0x01c94d1aa85187c4.

Error - 11/23/2008 12:46:56 PM | Computer Name = Ron-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x8007041D

Error - 11/24/2008 4:21:41 AM | Computer Name = Ron-PC | Source = Application Error | ID = 1000
Description = Faulting application AUPDATE.EXE, version 3.2.0.68, time stamp 0x46e89173,
faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6, exception
code 0xc0000005, fault offset 0x00068169, process id 0x1640, application start time
0x01c94e0d338268d4.

Error - 11/24/2008 10:25:23 PM | Computer Name = Ron-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x8007041D

Error - 11/24/2008 10:44:03 PM | Computer Name = Ron-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x8007041D

Error - 11/27/2008 12:08:33 AM | Computer Name = Ron-PC | Source = VSS | ID = 8194
Description =

Error - 11/27/2008 1:58:00 AM | Computer Name = Ron-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x8007041D

Error - 11/27/2008 2:25:16 AM | Computer Name = Ron-PC | Source = Application Hang | ID = 1002
Description = The program ~tmpj.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 11d8 Start Time: 01c95056abd3e0ac Termination Time: 15

[ System Events ]
Error - 6/24/2008 10:18:26 PM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/24/2008 10:19:56 PM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 6/24/2008 10:19:57 PM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/24/2008 10:19:57 PM | Computer Name = Ron-PC | Source = DCOM | ID = 10005
Description =

Error - 6/24/2008 10:20:45 PM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 6/24/2008 10:20:45 PM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/25/2008 10:14:04 PM | Computer Name = Ron-PC | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.100 on
the Network Card with network address 001AA06B6260.

Error - 6/26/2008 10:14:06 PM | Computer Name = Ron-PC | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.100 on
the Network Card with network address 001AA06B6260.

Error - 6/27/2008 10:14:09 PM | Computer Name = Ron-PC | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.100 on
the Network Card with network address 001AA06B6260.

Error - 6/28/2008 5:30:47 PM | Computer Name = Ron-PC | Source = DCOM | ID = 10010
Description =


< End of report >

descriptioninfected with 2009 security how to remove ,need Mr Belahzur help EmptyRe: infected with 2009 security how to remove ,need Mr Belahzur help

more_horiz
Hello suzonka.
Sorry for the delay.
Please look through the log for part of it that has the title something like this:
========== Files created within the last 30 days ==========

Please post that part of the log.

descriptioninfected with 2009 security how to remove ,need Mr Belahzur help EmptyRe: infected with 2009 security how to remove ,need Mr Belahzur help

more_horiz
Belahzur wrote:
Hello suzonka.
Sorry for the delay.
Please look through the log for part of it that has the title something like this:
========== Files created within the last 30 days ==========

Please post that part of the log.


Hi I DIDNT GET A DESK TOP Extras part, EVRYTHING WENT ON THE OTViewIt.txt, should I download it again?

descriptioninfected with 2009 security how to remove ,need Mr Belahzur help EmptyRe: infected with 2009 security how to remove ,need Mr Belahzur help

more_horiz
Nah. If you aren't having any problems, it's probably okay.

descriptioninfected with 2009 security how to remove ,need Mr Belahzur help Empty2009 OTViewit last 30 days

more_horiz
suzonka wrote:
Belahzur wrote:
Hello suzonka.
Sorry for the delay.
Please look through the log for part of it that has the title something like this:
========== Files created within the last 30 days ==========

Please post that part of the log.


Hi I DIDNT GET A DESK TOP Extras part, EVRYTHING WENT ON THE OTViewIt.txt, should I download it again?


Is this what you need

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=1
"UacDisableNotify"=1
"InternetSettingsDisableNotify"=1
"AutoUpdateDisableNotify"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiSpyware]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0
"VistaSp1"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications"=0
"EnableFirewall"=0
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

descriptioninfected with 2009 security how to remove ,need Mr Belahzur help EmptyRe: infected with 2009 security how to remove ,need Mr Belahzur help

more_horiz
No, but it doesn't matter.
Any problems remaining?

descriptioninfected with 2009 security how to remove ,need Mr Belahzur help Empty2009 security infection removed and working

more_horiz
Belahzur wrote:
Nah. If you aren't having any problems, it's probably okay.


Thanks again , the computer is fast and everything responds they way it should, Thanks so much for your help

descriptioninfected with 2009 security how to remove ,need Mr Belahzur help EmptyRe: infected with 2009 security how to remove ,need Mr Belahzur help

more_horiz
Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.

descriptioninfected with 2009 security how to remove ,need Mr Belahzur help EmptyRe: infected with 2009 security how to remove ,need Mr Belahzur help

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum