I need a PC prince to help me fight this stupid Virus/Malware

Viruses and worms
1

Ok. Last Thursday or Friday I downloaded the MyWebSearch/Webfetti against my better judgement. I have spent every day on this, downloading everything I thought would help. Avast antivirus, HijackThis, Unlocker, Adaware…the list goes on. I barely got on here because the stupid thing conspires to slow down when I go to sites that remove it, and then ultimately stops all together. I know which ones are the culprits, but when going into windows search it acts as if its not running…and says it IS NOT RUNNING, I have read these forums, and tried, I want to make a REBOOT- back up disk, but when I go to the sites to download them the malware stalls IE… so please help me.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:16:51, on 3/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\WINDOWS\system32\java.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe
C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe
C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe

continued on next topic/thread !!! Thanks in advance…ya’ll are just Heaven on Earth !

2

Are you having multiple anti viruses??? that complicates the problem

3

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {25418557-5b15-45a3-b580-a349d9b4e161} - C:\WINDOWS\system32\gomopiwe.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe”
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..\Run: [RoxWatchTray] “C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe”
O4 - HKLM..\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [Monitor] “C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe”
O4 - HKLM..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [UnlockerAssistant] “C:\Program Files\Unlocker\UnlockerAssistant.exe”
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM..\Run: [CPM37099928] Rundll32.exe “c:\windows\system32\bajujami.dll”,a
O4 - HKLM..\Run: [beliyagohe] Rundll32.exe “C:\WINDOWS\system32\kamileva.dll”,s
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19..\Run: [beliyagohe] Rundll32.exe “C:\WINDOWS\system32\kamileva.dll”,s (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20..\Run: [beliyagohe] Rundll32.exe “C:\WINDOWS\system32\kamileva.dll”,s (User ‘NETWORK SERVICE’)
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra ‘Tools’ menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

4

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files\Cozi Express\CoziProtocolHandler.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\nupanogo.dll c:\windows\system32\bajujami.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bajujami.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bajujami.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LeapFrog Connect Device Service - Unknown owner - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe
O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe
O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe
O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe
O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

End of file - 13436 bytes

5

Coz i can see Avast as well as McAfee in that list

6

McCrappy has expired. I only run Avast. I have done system scans, and hijack this deletes…but then one is starting at start up. kamileva.dll, bajujami.dll,
O2 - BHO: (no name) - {25418557-5b15-45a3-b580-a349d9b4e161} - C:\WINDOWS\system32\gomopiwe.dll

there are 9 that keep re-infesting themselves.

7

I deleted mywebsearch from Add/Remove . I haven’t deleted McAffe because I have been dealing with this. I dont mind the pop ups as much, but I hate that I can’t go to sites on instant, because it slows it down. Plus I hate the vunerability to my files.

8

hmmm… what kind of a virus did Avast detect if any?

9

kamileva.dll is a malware-associated dynamic link library (dll). Legitimate dll files contain a set of executable functions that can be used by Windows applications. Malware-associated dlls contain malicious code that causes damage to your PC.

10

I also hate that so many processes are running on my PC, I know that is the least of my problems right now, but once I fix this, I would like to have better control of what is running in the background. I know a little about computers, I know enough to get me in trouble. I don’t want to have to to a TOTAL WIPEOUT, because I don’t have a backup of my current system, SP3, alll the hotfixes, and other things that would take a week just to update. I have pictures that are irreplaceable. I have a Gateway 250 GB dual core GT 5032. I only use about 1/4 of my hard drive, so theres not a memory problem.

11

www.iobit.com/advancedwindowscareper.html try this software
it would reduce the unnecessary processes running in the background and also take care of the registry entries which are not reqd

12

3/16/2009 10:41:28 SYSTEM 1180 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\WINDOWS\SYSTEM32\UKBTTN.DLL” file.
3/16/2009 10:41:48 SYSTEM 1180 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\WINDOWS\SYSTEM32\DOGUMIVU.DLL” file.
3/16/2009 10:47:42 SYSTEM 1180 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\WINDOWS\SYSTEM32\BTUQSL.DLL” file.
3/16/2009 11:14:54 SYSTEM 1180 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\WINDOWS\SYSTEM32\POFUSIDO.DLL” file.
3/16/2009 12:06:42 SYSTEM 1180 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\WINDOWS\SYSTEM32\XPHSAX.DLL” file.
3/16/2009 1:19:56 SYSTEM 1180 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\WINDOWS\SYSTEM32\ZUDOVASE.DLL” file.
3/16/2009 4:05:54 Butcher 1188 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\Documents and Settings\Butcher\Desktop\SmitfraudFix\Process.exe (C:\Documents and Settings\Butcher\Desktop\SmitfraudFix\Process.exe) returning error, 00000005.
3/17/2009 12:52:12 Administrator 1328 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\System Volume Information_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP235\A0041095.dll” file.
3/17/2009 8:26:04 Administrator 1328 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\System Volume Information_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP235\A0041096.dll” file.
3/17/2009 8:26:20 Administrator 1328 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\System Volume Information_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP235\A0041097.dll” file.
3/17/2009 8:26:39 Administrator 1328 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\System Volume Information_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP235\A0041101.dll” file.
3/17/2009 8:27:00 Administrator 1328 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\System Volume Information_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP235\A0041141.dll” file.
3/17/2009 8:27:10 Administrator 1328 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\System Volume Information_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP235\A0041162.dll” file.
3/17/2009 9:32:23 Administrator 1328 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\WINDOWS\system32\hosazowa.dll” file.
3/17/2009 9:39:54 Administrator 1328 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\WINDOWS\system32\nudodina.dll” file.
3/17/2009 9:41:06 Administrator 1328 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\WINDOWS\system32\pivetupa.dll” file.
3/17/2009 6:32:48 SYSTEM 1236 Sign of “Win32:Virtumonde-TV [Adw]” has been found in “http://82.98.235.205/dwn/d.html?sid=RB39GXIMpk98CqkfJgX6G3EJ-U5xCPpNdQ_uGHEOp0N3DZ1aIV_oH3UPpx90Df4ZdAz7H31Zq0x0C6ZIdQX5HCNb_RxGO65MfA_vQkE3rkh2CqxIfA2pTkA5rkp1D5l4dAyYfndcrUtNOK5Kcgqo\[Embedded_I#0a260]\[UPX]” file.

13

I go to manually find the files in the folders…not using windows search since it has been altered too I guess…and cant. I assume they are hidden, and this is where I am. thanks for the tip for processor mgmt.

14

well eventually you will have to backup personal files and reinstall Win XP :-\

15

O20 - AppInit_DLLs: C:\WINDOWS\system32\nupanogo.dll c:\windows\system32\bajujami.dll

installs on startup. I have read about going into C:\ mode, and del “filename.dll” but don’t want to make a mess of something I don’t feel comfortable getting into.

16

BAJUJAMI.DLL is added as a Registry auto start to load Program on Boot up

17

thats what I was saying before. I read that you can make an exact replica of your OS, I don’t care about having to reinstall small programs/applications like printers, camera, but its the Windows update, I got this pc in 2005. thats 4 years worth of updates, hotfixes, so on. I heard about a way to restart your computer in DOS mode, by a certain date, its restoring I know, but doesn’t your computer make additional hidden " restore points " ?>?

18

I am having a look at your log, that entry is bad, and is probably redirecting your web search.I will post back soon,then you can use HJT to fix some of the entries

19

I really appreciate all the help. I have 4 kids, ages 8 months, 4 , 8, and 9 years. I don’t want to lose pics of them, nor do I want inappropriate content flashing before their eyes while they do homework. Its a shame that people have nothing better to do, then to create viruses, and trojens, and all the other names and crap that they do. People like me just want to live their lives, I don’t harm others, why …why…why…its just rediculous !!! but thanks , I am glad you guys are here to the rescue !!!

20

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html

O2 - BHO: (no name) - {25418557-5b15-45a3-b580-a349d9b4e161} - C:\WINDOWS\system32\gomopiwe.dll

O4 - HKLM..\Run: [CPM37099928] Rundll32.exe “c:\windows\system32\bajujami.dll”,a

O4 - HKLM..\Run: [beliyagohe] Rundll32.exe “C:\WINDOWS\system32\kamileva.dll”,s

O4 - HKUS\S-1-5-19..\Run: [beliyagohe] Rundll32.exe “C:\WINDOWS\system32\kamileva.dll”,s (User ‘LOCAL SERVICE’)

O4 - HKUS\S-1-5-20..\Run: [beliyagohe] Rundll32.exe “C:\WINDOWS\system32\kamileva.dll”,s (User ‘NETWORK SERVICE’)

O20 - AppInit_DLLs: C:\WINDOWS\system32\nupanogo.dll c:\windows\system32\bajujami.dll

O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bajujami.dll

O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bajujami.dll

All those entries look bad

Did you install Program Files\LeapFrog\LeapFrog Connect\Monitor.exe and C:\Program Files\Cozi Express\CoziProtocolHandler.dll ?