ok... sorry I didnt post sooner but my pc decided to not load up from the boot screen yesterday.
here are your logs... I know it shows what I removed in the last few days... I've already heard the lecture about p2p stuff... so I get it... its bad.. thanks :D (I wont do it again.. trust me!)
where it says "created last 30" these are the viruses file names I was telling you about in the OP that I have been deleting but it still continues to regenerate itself
Quote:
2008-11-13 09:11 832 ac-sh--- c:\windows\system32\GhhhgMoq.ini2
2008-11-13 09:11 832 ac-sh--- c:\windows\system32\GhhhgMoq.ini
2008-11-13 09:11 313,856 -c------ c:\windows\system32\qoMghhhG.dll
2008-11-13 01:11 524 ac-sh--- c:\windows\system32\CLlUuBeg.ini2
2008-11-13 01:11 524 ac-sh--- c:\windows\system32\CLlUuBeg.ini
2008-11-13 01:11 313,856 ac------ c:\windows\system32\geBuUlLC9.dll
2008-11-11 10:55 7,581 ac-sh--- c:\windows\system32\NmnUuBeg.ini2
2008-11-11 10:55 7,581 ac-sh--- c:\windows\system32\NmnUuBeg.ini
2008-11-11 10:55 313,856 ac------ c:\windows\system32\geBuUnmN1.gif
2008-11-10 22:07 29,696 ac------ c:\windows\system32\hgGyaYom.dll
2008-11-10 22:07 29,696 ac------ c:\windows\system32\qoMfffCt.dll
|
and here is the complete dds log
DDS (Version 1.0) - NTFSx86
Run by Owner at 13:12:32.50 on Sun 11/16/2008
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.959.602 [GMT -5:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Owner\My Documents\internet-html stuff\dds.scr
============== Psuedo HJT Report ===============
uStart Page = hxxp://home.myspace.com/index.cfm?fuseaction=splash&Mytoken=20050814140259
uWindow Title = Microsoft Internet Explorer provided by LocalNet
uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*
http://www.yahoo.com/ext/search/search.html
uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*
http://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
uDefault_Search_URL = hxxp://internetsearchservice.com
mDefault_Page_URL = hxxp://start.localnet.com/
mDefault_Search_URL = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*
http://www.yahoo.com
mStart Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*
http://www.yahoo.com
mSearch Page =
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*
http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://internetsearchservice.com
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*
http://www.yahoo.com
mSearchURL = hxxp://internetsearchservice.com
mSearchAssistant = hxxp://www.google.com/ie
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {4816822F-6BB2-4314-A4DA-D5909E06D766} - c:\windows\system32\wvUklJAS.dll
BHO: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: {63499DDC-582C-4558-89FB-46A4579B8D3D} - c:\windows\system32\qoMghhhG.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
mRunServices: [Windows Sound] exp2.60.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\KEM.exe
uPolicies-explorer: EditLevel = 0 (0x0)
uPolicies-explorer: NoRun = 0 (0x0)
uPolicies-explorer: NoClose = 0 (0x0)
uPolicies-explorer: NoCommonGroups = 0 (0x0)
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\owner\start menu\programs\imvu\Run IMVU.lnk
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\MSMSGS.EXE
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\owner\start menu\programs\imvu\Run IMVU.lnk
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\MSMSGS.EXE
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
Notify: ljjhhii - ljjhhii.dll
Notify: rqRIaWMe - rqRIaWMe.dll
Notify: wvUklJAS - wvUklJAS.dll
Notify: yayxyvv - yayxyvv.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {4816822F-6BB2-4314-A4DA-D5909E06D766} - c:\windows\system32\wvUklJAS.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\qoMghhhG
============= SERVICES / DRIVERS ===============
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys
S2 WUSB54GSC;WUSB54GSC;"c:\program files\linksys\wusb54gsc\WLService.exe" "WUSB54GSC.exe"
S3 AdWatchDrv;AW Realtime Driver;\??\c:\windows\system32\drivers\AWRTPD.sys
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\NSNDIS5.SYS
S3 PRISM_USB;IEEE 802.11 Wireless USB Driver;c:\windows\system32\drivers\EXPSUSB.sys
S3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;c:\windows\system32\drivers\superwebcam.sys
=============== Created Last 30 ================
2008-11-15 22:19 250 ac------ c:\windows\gmer.ini
2008-11-13 12:19 <DIR> --d----- c:\program files\Skype
2008-11-13 09:11 832 ac-sh--- c:\windows\system32\GhhhgMoq.ini2
2008-11-13 09:11 832 ac-sh--- c:\windows\system32\GhhhgMoq.ini
2008-11-13 09:11 313,856 -c------ c:\windows\system32\qoMghhhG.dll
2008-11-13 01:11 524 ac-sh--- c:\windows\system32\CLlUuBeg.ini2
2008-11-13 01:11 524 ac-sh--- c:\windows\system32\CLlUuBeg.ini
2008-11-13 01:11 313,856 ac------ c:\windows\system32\geBuUlLC9.dll
2008-11-11 10:55 7,581 ac-sh--- c:\windows\system32\NmnUuBeg.ini2
2008-11-11 10:55 7,581 ac-sh--- c:\windows\system32\NmnUuBeg.ini
2008-11-11 10:55 313,856 ac------ c:\windows\system32\geBuUnmN1.gif
2008-11-10 22:07 29,696 ac------ c:\windows\system32\hgGyaYom.dll
2008-11-10 22:07 29,696 ac------ c:\windows\system32\qoMfffCt.dll
2008-11-08 22:45 17,801 ac------ c:\windows\system32\drivers\AegisP.sys
2008-11-08 22:44 17,992 ac------ c:\windows\system32\bcm42rly.sys
2008-11-08 22:44 <DIR> --d----- c:\program files\Linksys
2008-11-08 22:44 670 ac------ c:\windows\system32\WLAN.INI
2008-11-07 19:29 <DIR> -cd----- c:\program files\common files\xing shared
2008-11-07 18:48 2,918 ac-sh--- c:\windows\system32\IQrtsBeg.ini2
2008-11-07 18:48 2,918 ac-sh--- c:\windows\system32\IQrtsBeg.ini
2008-11-07 17:22 54,156 ac--h--- c:\windows\QTFont.qfn
2008-11-07 17:22 1,409 ac------ c:\windows\QTFont.for
2008-11-06 19:12 96,976 ac------ c:\windows\system32\drivers\klin.dat
2008-11-06 19:12 87,855 ac------ c:\windows\system32\drivers\klick.dat
2008-11-06 19:09 <DIR> --d----- c:\program files\Kaspersky Lab
2008-11-06 19:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2008-11-06 19:08 4,877,856 ac-sh--- c:\windows\system32\drivers\fidbox.dat
2008-11-06 19:08 950,304 ac-sh--- c:\windows\system32\drivers\fidbox2.dat
2008-11-06 19:08 39,188 ac-sh--- c:\windows\system32\drivers\fidbox.idx
2008-11-06 19:08 4,328 ac-sh--- c:\windows\system32\drivers\fidbox2.idx
2008-11-06 18:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2008-11-06 10:21 410,976 ac------ c:\windows\system32\deploytk.dll
2008-11-05 11:54 <DIR> --d----- c:\program files\Trend Micro
2008-11-02 09:48 <DIR> --d----- c:\program files\Curse
2008-10-31 05:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Blizzard
2008-10-30 18:41 <DIR> --d----- C:\Logs
2008-10-30 10:14 <DIR> acd----- c:\program files\World of Warcraft
2008-10-29 19:30 <DIR> -cd----- c:\program files\common files\Blizzard Entertainment
2008-10-22 10:57 <DIR> --d----- c:\program files\Panda Security
2008-10-21 11:27 343 ac-sh--- c:\windows\system32\WEhjknpo.ini
2008-10-21 11:08 29,696 ac------ c:\windows\system32\opnkhebC.dll
2008-10-21 11:05 29,696 ac------ c:\windows\system32\wvUklJAS.dll
2008-10-21 11:04 38,912 ac------ c:\windows\system32\~.exe
2008-10-20 17:45 <DIR> --d----- c:\docume~1\owner\applic~1\.purple
2008-10-20 17:44 <DIR> --d----- c:\program files\Pidgin
2008-10-20 12:22 230 ac------ c:\windows\system32\spupdsvc.inf
2008-10-19 21:23 13,942 ac------ c:\windows\system32\c.ico
2008-10-19 21:23 7,662 ac------ c:\windows\system32\m.ico
2008-10-19 21:23 4,286 ac------ c:\windows\system32\s.ico
==================== Find3M ====================
2008-11-14 22:46 <DIR> acd----- c:\program files\Yahoo! Games
2008-11-14 22:39 <DIR> acd----- c:\program files\Color Schemer Studio
2008-11-14 22:27 <DIR> acd----- c:\program files\Microsoft Picture It! 7
2008-11-14 22:15 <DIR> acd----- c:\program files\Animated GIF producer 3.2 TRIAL
2008-11-14 21:56 <DIR> a-d----- c:\docume~1\owner\applic~1\uTorrent
2008-11-12 22:37 <DIR> acd----- c:\program files\SimPE
2008-11-12 22:36 <DIR> acd----- c:\program files\Paint.NET
2008-11-12 22:34 <DIR> acd----- c:\program files\Fish Tycoon
2008-11-08 20:06 438,652 ac------ c:\windows\pchealth\helpctr\config\cache\Personal_32_1033.dat
2008-11-08 18:35 <DIR> --d----- c:\program files\Network Stumbler
2008-11-07 19:26 348,160 ac------ c:\windows\system32\msvcr71.dll
2008-11-07 19:26 499,712 ac------ c:\windows\system32\msvcp71.dll
2008-11-06 19:03 <DIR> acd----- c:\docume~1\owner\applic~1\WeatherBug
2008-10-31 08:29 <DIR> acd----- c:\program files\Microsoft Games
2008-10-31 08:23 <DIR> acd----- c:\program files\Yahoo!
2008-10-31 08:22 <DIR> acd----- c:\program files\MySpace
2008-10-31 08:19 6,596 ac------ c:\windows\system32\ealregsnapshot1.reg
2008-10-31 06:48 <DIR> --d----- c:\program files\ICL-Icon Extractor(2)
2008-10-20 10:54 2,568 ac-sh--- c:\windows\system32\UEKjPXbc.ini2
2008-10-17 17:08 <DIR> acd----- c:\program files\The Game Of LIFE PTS
2008-10-13 08:14 <DIR> --d----- c:\program files\Neopets
2008-10-06 19:51 <DIR> --d----- c:\program files\Virtools
2008-10-06 11:55 <DIR> --d----- c:\program files\Hooked on Phonics Learning
2008-09-22 23:16 <DIR> --d----- c:\program files\Adobe Media Player
2008-09-22 15:47 <DIR> --d----- c:\docume~1\owner\applic~1\SPORE
2008-09-14 20:41 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-07-21 15:34 <DIR> a-d----- c:\docume~1\owner\applic~1\SoundSpectrum
2008-07-21 15:26 <DIR> a-d-h--- c:\docume~1\owner\applic~1\Move Networks
2008-06-26 11:09 <DIR> a-d----- c:\docume~1\owner\applic~1\Aveyond II
2008-06-17 06:39 <DIR> a-d----- c:\docume~1\owner\applic~1\Skinux
2008-06-11 21:43 <DIR> a-d----- c:\docume~1\alluse~1\applic~1\HipSoft
2008-06-11 21:06 <DIR> a-d----- c:\docume~1\alluse~1\applic~1\Escape From Paradise
2008-06-10 17:14 <DIR> a-d----- c:\docume~1\owner\applic~1\Neopets Toolbar
2008-05-19 09:14 <DIR> a-d----- c:\docume~1\alluse~1\applic~1\Source
2008-05-18 15:22 <DIR> a-d----- c:\docume~1\owner\applic~1\Webcammax
2008-05-16 13:37 <DIR> a-d----- c:\docume~1\alluse~1\applic~1\Trend Micro
2008-05-09 18:19 <DIR> a-d----- c:\docume~1\owner\applic~1\SystemRequirementsLab
2008-05-01 18:07 <DIR> a-d----- c:\docume~1\owner\applic~1\Windows Live Writer
2008-04-29 21:01 <DIR> a-d----- c:\docume~1\alluse~1\applic~1\Kodak
2008-03-26 13:03 <DIR> a-d----- c:\docume~1\owner\applic~1\Feedreader
2008-03-23 18:45 <DIR> a-d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-03-23 18:45 <DIR> a-d----- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2008-03-22 15:42 <DIR> a-d----- c:\docume~1\alluse~1\applic~1\Symantec
2008-03-18 18:51 <DIR> a-d----- c:\docume~1\alluse~1\applic~1\Bin List Bait Real
2008-03-17 16:04 <DIR> a-d----- c:\docume~1\alluse~1\applic~1\Lavasoft
2008-03-17 15:25 <DIR> a-d----- c:\docume~1\owner\applic~1\Uniblue
2008-03-15 20:02 <DIR> a-d----- c:\docume~1\owner\applic~1\SmartDraw
2008-03-14 16:31 <DIR> a-d----- c:\docume~1\owner\applic~1\MySpace
2008-02-27 11:35 <DIR> a-d----- c:\docume~1\owner\applic~1\School Zone Preferences
2008-01-26 09:35 <DIR> a-d----- c:\docume~1\owner\applic~1\Intuit
2007-09-13 07:28 <DIR> a-d----- c:\docume~1\alluse~1\applic~1\U3
2007-06-12 14:31 <DIR> a-d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2007-05-16 18:49 <DIR> a-d----- c:\docume~1\alluse~1\applic~1\espionServerData
2007-05-15 08:08 <DIR> a-d----- c:\docume~1\owner\applic~1\HoleHtmReadme
2007-04-29 20:03 <DIR> a-d----- c:\docume~1\owner\applic~1\PlayFirst
2007-04-29 20:03 <DIR> a-d----- c:\docume~1\alluse~1\applic~1\PlayFirst
2007-03-09 15:35 <DIR> a-d----- c:\docume~1\alluse~1\applic~1\Sandlot Games
2007-03-07 21:48 <DIR> a-d----- c:\docume~1\owner\applic~1\Ovusoft
2007-02-28 11:30 <DIR> a-d----- c:\docume~1\owner\applic~1\Flock
2006-12-27 21:27 <DIR> a-d----- c:\docume~1\owner\applic~1\MPEG Streamclip
2006-12-27 15:52 <DIR> a-d----- c:\docume~1\alluse~1\applic~1\WhiteCap (Holiday Edition)
2006-12-23 11:03 <DIR> a-d----- c:\docume~1\alluse~1\applic~1\SRS Labs
2006-10-03 16:33 <DIR> a-d----- c:\docume~1\alluse~1\applic~1\Adobe(2)
2006-08-09 16:16 <DIR> a-d----- c:\docume~1\alluse~1\applic~1\YAMAHA
2006-01-28 13:59 <DIR> a-d----- c:\docume~1\alluse~1\applic~1\Intuit
2006-01-01 12:09 <DIR> a-d----- c:\docume~1\owner\applic~1\MSNInstaller
2005-12-31 15:32 <DIR> a-d----- c:\docume~1\owner\applic~1\Trend Micro
2005-10-30 23:01 <DIR> a-d----- c:\docume~1\owner\applic~1\Software602
2005-10-30 19:09 <DIR> a-d----- c:\docume~1\owner\applic~1\ACD Systems
2005-08-09 22:22 <DIR> a-d----- c:\docume~1\owner\applic~1\Webshots
2005-07-26 21:36 <DIR> a-d----- c:\docume~1\alluse~1\applic~1\PopCap
2005-07-23 22:49 <DIR> a-d----- c:\docume~1\alluse~1\applic~1\Trymedia
2005-04-19 21:31 <DIR> a-d----- c:\docume~1\alluse~1\applic~1\XemiComputers
2005-04-11 15:20 <DIR> a-d----- c:\docume~1\owner\applic~1\Digital Album Organizer
2005-03-29 08:15 <DIR> a-d----- c:\docume~1\owner\applic~1\You've Got Pictures Screensaver
2005-03-25 11:27 <DIR> a-d----- c:\docume~1\alluse~1\applic~1\Broderbund LLC
2005-03-25 11:27 <DIR> a-d----- c:\docume~1\alluse~1\applic~1\Broderbund Software
2004-01-14 14:59 <DIR> a-d----- c:\docume~1\alluse~1\applic~1\McAfee.com
2004-01-14 14:54 <DIR> a-d----- c:\docume~1\alluse~1\applic~1\Pure Networks
2004-01-14 14:48 <DIR> a-d----- c:\docume~1\alluse~1\applic~1\Prism Deploy
2004-08-04 14:00 94,784 ac-sh--- c:\windows\twain.dll
2004-08-04 14:00 50,688 ac-sh--- c:\windows\twain_32.dll
2008-03-19 09:50 1,307,297 ac-sh--- c:\windows\system32\anaxqqoe.ini2
2004-08-04 14:00 54,784 ac-sh--- c:\windows\system32\msvcirt.dll
2004-08-04 14:00 413,696 a--sh--- c:\windows\system32\msvcp60.dll
2004-08-04 14:00 11,776 ac-sh--- c:\windows\system32\regsvr32.exe
============= FINISH: 13:13:27.87 ===============
now I'm sorry if I've missed a step but the instructions didnt seem clear to me as far as the "attach.txt"... so if I needed to do it then I will try.
I am truly not trying to waste your time. I just didnt understand it
thank you