Recently my World of Warcraft account was hacked into. I do not know how it was done (keylogger etc.), however I would like to ensure that my computer is safe from future events. I did not ever disclose my password or anything of the sort which led me to believe my computer itself was hacked into. I then installed McAfee and SUPERAntiSpyware and ran scans with both (databases updated). A few files were repaired and deleted, however now i do a google search, and am redirected to various sites... Please help me so I can safely browse the internet and be protected from future hackers.

Thank You

I attempted to post my HiJackThis log alos but there are links in it and i cannot post it until my post count is at 5.

Welcome aboard

Please, download DDS from one of the 2 mirrors and save it to your desktop.

Mirror 1
Mirror 2

* Disable any script blocking protection (if present)
* Double click the dds icon to run the tool.
* When done, DDS will open two logs:
1. DDS.txt
2. Attach.txt
* Save both reports to your desktop by clicking File>Save As in each log.

Include the contents of both logs in your new topic. The scan will instruct you to post Attach.txt as an attachment. No need for that though ..... just post it's contents as you would any other log.

================================================== ===========

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): Malwarebytes' Anti-Malware: Malwarebytes to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


STEP 2. Download GMER: GMER - Rootkit Detector and Remover, by clicking on Download EXE button.
Alternative downloads:
- |MG| GMER 1.0.15.15281 Download
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.



DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Here are the results of the DDS tool

ATTACH.TXT:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/9/2008 9:32:10 AM
System Uptime: 7/19/2010 11:36:15 AM (1 hours ago)

Motherboard: Dell Computer Corp. | | 0G0729
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 53.666 GiB free.
D: is FIXED (NTFS) - 112 GiB total, 81.42 GiB free.
E: is CDROM (CDFS)
F: is CDROM ()
G: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RAID Controller
Device ID: PCI\VEN_105A&DEV_3371&SUBSYS_33711028&REV_02\4&1C6 60DD6&0&10F0
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_105A&DEV_3371&SUBSYS_33711028&REV_02\4&1C6 60DD6&0&10F0
Service:

==== System Restore Points ===================

RP370: 5/2/2010 5:23:53 PM - System Checkpoint
RP371: 5/4/2010 5:53:15 PM - System Checkpoint
RP372: 5/5/2010 7:02:08 PM - System Checkpoint
RP373: 5/9/2010 9:17:20 AM - System Checkpoint
RP374: 5/12/2010 9:17:33 AM - Software Distribution Service 3.0
RP375: 5/14/2010 10:11:52 AM - System Checkpoint
RP376: 5/16/2010 3:11:40 PM - System Checkpoint
RP377: 5/17/2010 437 PM - System Checkpoint
RP378: 5/24/2010 5:52:59 PM - System Checkpoint
RP379: 5/26/2010 10:25:54 AM - System Checkpoint
RP380: 5/26/2010 9:22:37 PM - Software Distribution Service 3.0
RP381: 5/30/2010 3:41:53 PM - System Checkpoint
RP382: 6/1/2010 2:18:13 PM - System Checkpoint
RP383: 6/1/2010 3:28:03 PM - Installed NETGEAR WG111v3 wireless USB 2.0 adapter
RP384: 6/4/2010 11:38:07 AM - System Checkpoint
RP385: 6/5/2010 12:18:36 PM - System Checkpoint
RP386: 6/10/2010 11:36:58 AM - System Checkpoint
RP387: 6/10/2010 11:24:58 PM - Software Distribution Service 3.0
RP388: 6/12/2010 5:38:20 PM - System Checkpoint
RP389: 6/15/2010 9:15:38 AM - System Checkpoint
RP390: 6/20/2010 9:11:44 PM - System Checkpoint
RP391: 6/22/2010 8:29:45 AM - System Checkpoint
RP392: 6/23/2010 3:00:17 AM - Software Distribution Service 3.0
RP393: 6/24/2010 1:28:58 PM - System Checkpoint
RP394: 6/25/2010 8:43:25 PM - avast! Free Antivirus Setup
RP395: 6/27/2010 10:37:22 AM - System Checkpoint
RP396: 6/29/2010 9:20:29 AM - System Checkpoint
RP397: 7/2/2010 2:49:42 AM - System Checkpoint
RP398: 7/10/2010 2:10:04 PM - System Checkpoint
RP399: 7/15/2010 5:02:33 PM - System Checkpoint
RP400: 7/16/2010 11:35:28 PM - System Checkpoint
RP401: 7/17/2010 11:41:18 AM - avast! Free Antivirus Setup
RP402: 7/18/2010 7:57:51 AM - Installed Java(TM) 6 Update 20
RP403: 7/19/2010 8:34:19 AM - System Checkpoint

==== Installed Programs ======================

Acoustica Beatcraft
Acoustica Effects Pack
Acrobat.com
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Age of Empires III
Age of Empires III - The WarChiefs
Apple Mobile Device Support
Apple Software Update
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Catalyst Install Manager
ATI Parental Control & Encoder
AviSynth 2.5
Belkin 54Mbps Wireless Network Adapter
BitLord 1.1
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help English
CCC Help French
CCC Help German
CCC Help Spanish
CDBurnerXP
Creative Audio Console
Critical Update for Windows Media Player 11 (KB959772)
Digidesign Free Bomb Factory Plug-Ins 7.4
Digidesign Music Production Toolkit 7.4
Digidesign Pro Tools M-Powered 7.4cs2
Digidesign Shared Plug-Ins 7.4
DVD Decrypter (Remove Only)
Free WMA to MP3 Converter 1.16
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PRO Network Adapters and Drivers
Interlok driver setup x32
InterVideo DeviceService
iPod for Windows 2006-03-23
iTunes
Java Auto Updater
Java(TM) 6 Update 20
LG USB Modem driver
M-Audio FastTrackPro Driver 6.0.2 (x86)
McAfee SecurityCenter
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft WinUsb 1.0
Mozilla Firefox (3.6.6)
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
NETGEAR WG111v3 wireless USB 2.0 adapter
OGA Notifier 2.0.0048.0
PDF Settings
PSP Video 9 4.07
QuickTime
Samplitude 10 10.0.0.0 (US)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Skins
Skype™ 4.2
SUPERAntiSpyware Free Edition
Switch Sound File Converter
The Rosetta Stone
TL Space Native 7.4
Torque Game Engine SDK (remove only)
TorrentMan Toolbar
Ulead VideoStudio 11
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Ventrilo Client
VideoStudio
W Photo Studio
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

7/18/2010 7:51:42 AM, error: Service Control Manager [7022] - The Windows Time service hung on starting.
7/18/2010 11:47:20 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 0026F2B7F958 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/17/2010 5:41:10 PM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 0026F2B7F958 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/17/2010 3:05:01 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
7/17/2010 12:27:23 PM, error: Service Control Manager [7023] - The McAfee Validation Trust Protection Service service terminated with the following error: The requested resource is in use.
7/17/2010 11:58:16 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the crd service to connect.
7/17/2010 11:58:16 AM, error: Service Control Manager [7000] - The crd service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/16/2010 9:20:20 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
7/16/2010 9:20:20 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================


DDS.TXT:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Julian at 12:49:45.46 on Mon 07/19/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2649 [GMT -4:00]

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
svchost.exe "C:\WINDOWS\system32\adsndsx.exe"
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr. exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
C:\Documents and Settings\Julian\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://pspupdates.qj.net/
uInternet Settings,ProxyServer = http=127.0.0.1:5577
mWinlogon: USERINIT=c:\windows\system32\userinit.exe,c:\windo ws\system32\sdra64.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files\torrentman\tbTorr.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100717122537.dl l
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files\torrentman\tbTorr.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\walgre~1\walgre~1\data\xtras\mssysmgr. exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UVS11 Preload] d:\program files\ulead\uvPL.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Lvihize] rundll32.exe "c:\windows\oguperul.dll",Startup
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
dRun: [etxqbihg] c:\documents and settings\localservice\local settings\application data\oyukbknjl\jawxumftssd.exe
dRun: [71d36bc4-a3d7-4c59-a848-442e98d53511_44] rundll32.exe "c:\documents and settings\localservice\application data\71d36bc4-a3d7-4c59-a848-442e98d53511_44.avi", start
StartupFolder: c:\docume~1\julian\startm~1\programs\startup\oneno t~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\net gea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 89.149.193.137 Google
Hosts: 89.149.193.137 us.

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\julian\applic~1\mozilla\firefox\profil es\1itjai10.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://pspupdates.qj.net/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com\com ponents\Shim.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {51C2CA86-213C-4831-8B37-6AC95E505C02} - c:\documents and settings\denise\local settings\application data\{51C2CA86-213C-4831-8B37-6AC95E505C02}
FF - HiddenExtension: XULRunner: {CF10A9D6-4669-40CF-B684-3FB3E0943860} - c:\documents and settings\don\local settings\application data\{CF10A9D6-4669-40CF-B684-3FB3E0943860}
FF - HiddenExtension: XULRunner: {0EDAAF83-E909-4BA0-829F-39C8F3AB3DDC} - c:\documents and settings\julian\local settings\application data\{0EDAAF83-E909-4BA0-829F-39C8F3AB3DDC}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabl ed", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\ DigiFilt.sys [2010-1-18 16384]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-31 385880]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-7-17 82952]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 67656]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-7-17 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-7-17 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-7-17 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-7-17 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-7-17 170144]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-7-17 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-7-17 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-7-17 55456]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-7-17 152320]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-7-17 51688]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-7-17 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\ mfendisk.sys [2010-7-17 88480]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2009-7-31 341504]
S2 NetmanClipSrv;Network Connections NetmanClipSrv;c:\windows\system32\advpack.dlli.exe srv --> c:\windows\system32\advpack.dlli.exe srv [?]
S2 TrkWksRpcSs;Distributed Link Tracking Client TrkWksRpcSs;c:\windows\system32\adsndsx.exe srv --> c:\windows\system32\adsndsx.exe srv [?]
S3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\drivers\MAudioFastTrackPro .sys [2009-11-9 158600]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-7-17 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-7-17 83496]
S3 musbehco;musbehco;c:\docume~1\nicholas\locals~1\te mp\musbehco.sys [2004-11-18 15872]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 12872]

=============== Created Last 30 ================

2010-07-19 15:23:41 0 d-sh--w- c:\windows\system32\lowsec
2010-07-18 11:59:08 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-17 16:25:36 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-07-17 16:25:30 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-07-17 16:25:30 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-07-17 16:25:30 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-07-17 16:25:29 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-07-17 16:25:29 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-07-17 16:25:29 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-07-17 16:25:29 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-07-17 16:25:19 0 d-----w- c:\program files\common files\Mcafee
2010-07-17 16:25:18 0 d-----w- c:\program files\McAfee.com
2010-07-17 16:25:00 0 d-----w- c:\program files\McAfee
2010-07-11 14:51:24 0 d-----w- c:\program files\Conduit
2010-07-11 14:51:23 0 d-----w- c:\program files\TorrentMan
2010-07-11 14:50:55 0 d-----w- c:\program files\BitLord
2010-07-11 11:36:09 120 ----a-w- c:\windows\Kcabohebafi.dat
2010-07-11 11:36:09 0 ----a-w- c:\windows\Sgewiseyi.bin
2010-07-02 21:37:43 235 --s-a-w- c:\windows\system32\3305827441.dat
2010-07-02 18:18:19 0 d-----w- c:\program files\NCH Software
2010-06-26 00:43:04 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-06-25 14:03:31 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-06-25 14:02:56 0 d-----r- c:\program files\Skype

==================== Find3M ====================

2010-07-01 18:45:56 7480 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-01 19:31:46 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-06-01 19:31:43 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2010-06-01 00:32:58 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-06-01 00:32:58 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-05-04 17:20:39 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20:34 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20:32 17408 ------w- c:\windows\system32\corpol.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2009-08-14 01:19:56 73728 ----a-w- c:\windows\inf\wg111v3\win7x64\SetVistaDrv64.exe
2009-07-31 19:12:18 341504 ----a-w- c:\windows\inf\wg111v3\wg111v3.sys
2009-07-20 22:20:04 65536 ----a-w- c:\windows\inf\wg111v3\win7x86\SetVistaDrv.exe
2009-06-03 14:36:22 74752 ----a-w- c:\windows\inf\wg111v3\SetDrv64.exe
2009-06-03 14:30:26 49152 ----a-w- c:\windows\inf\wg111v3\SetDrv.exe
2009-04-01 13:49:14 57344 ----a-w- c:\windows\inf\wg111v3\SetVistaDrv.exe
2008-12-12 22:13:32 512000 ----a-w- c:\windows\inf\wg111v3\win7x64\DIFxAPI.dll
2008-12-12 21:57:46 313856 ----a-w- c:\windows\inf\wg111v3\win7x86\DIFxAPI.dll
2006-12-15 15:30:36 98304 ----a-w- c:\windows\inf\wg111v3\UScanM.exe
2006-12-15 15:30:36 315392 ----a-w- c:\windows\inf\wg111v3\InstallDriver.exe
2006-12-15 15:30:36 212992 ----a-w- c:\windows\inf\wg111v3\CopyWHQLDriver.exe
2006-12-15 15:30:36 20480 ----a-w- c:\windows\inf\wg111v3\RTWUPath.exe
2006-12-15 15:30:36 19968 ----a-w- c:\windows\inf\wg111v3\RTWREFU.EXE
2006-03-16 12:24:24 49664 ----a-w- c:\windows\inf\wg111v3\devcon.exe
2008-08-19 14:31:51 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081920080 820\index.dat

============= FINISH: 12:51:56.54 ===============

I am now proceeding with the next steps.

Thank You

Go on

MalWareByte Log File:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4326

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

7/19/2010 3:58:29 PM
mbam-log-2010-07-19 (15-58-29).txt

Scan type: Quick scan
Objects scanned: 227622
Time elapsed: 39 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 8
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\oguperul.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explo rer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explo rer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explo rer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explo rer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\lvihize (Trojan.Hiloti) -> Delete on reboot.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run\71d36bc4-a3d7-4c59-a848-442e98d53511_44 (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\SYSTEM32\USERINIT.EXE,C:\WINDOWS\syste m32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

Files Infected:
C:\WINDOWS\oguperul.dll (Trojan.Hiloti) -> Delete on reboot.
C:\Documents and Settings\LocalService\Application Data\71d36bc4-a3d7-4c59-a848-442e98d53511_44.avi (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1123561945-790525478-1801674531-1006\Dc1709.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\l_acc0037.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\e3f3fe2d-99a1-4b0b-9470-2ec11641f2da\wrkD.tmp_44 (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Denise\Local Settings\Temporary Internet Files\Content.IE5\HOYVZMUW\setup[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\Documents and Settings\All Users\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot.
C:\WINDOWS\f49f4daa.dat (Worm.Koobface) -> Quarantined and deleted successfully.

Go on...

I tried running the program in step two however it exited unexpectedly once and then the second time my computer simply rebooted.

Im going to sleep however tomorrow ill logon again to finish.

Thank You for all your help!

No problem
Don't forget:

If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.