Can anyone tell me what this is.....i recently had my WOW account hacked twice in less than 2 hours, even after changing all my information, so Blizzard told me i needed to check my pc for malware or a keylogger. Ive ran nortons and only came up with low level risk tracking cookies but I downloaded malwarebytes tonight and found this....can anyone tell me if this was the culprit or what this is ? thank you!




Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3967

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904

4/7/2010 10:31:41 PM
mbam-log-2010-04-07 (22-31-41).txt

Scan type: Quick scan
Objects scanned: 105529
Time elapsed: 5 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hello! We need to do some diagnostics to get started.

1. Please download Profiles by noahdfear.

• Save it to your desktop.
• Double-click profiles.exe and post its log when you reply

2. Download Win32kDiag by ad13 and save it to your Desktop.

• Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  
• When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  
• Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

3. Please download Cheetah-Anti-Rogue by me, and save to your Desktop.

• Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  
• Double-click on Cheetah-Anti-Rogue.cmd to start.
  
• It will finish quickly and launch a log.
  
• Post the contents of it in your next reply.

4. In your next reply, please post the following logs for my review:

• Profiles log (1)
  
• Win32kDiag log (2)
  
• Cheetah log (3)

Thanks!

Profiles Log....HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\NetworkService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2395309413-2926262993-4208544396-1000
ProfileImagePath REG_EXPAND_SZ C:\Users\Denise

ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\LocalService
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\NetworkService
SystemRoot REG_SZ C:\Windows






win32kdiag log......Running from: C:\Users\Denise\Downloads\Win32kDiag.exe

Log file at : C:\Users\Denise\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Cannot access: C:\Windows\bthservsdp.dat

[1] 2010-04-07 23:19:44 12 C:\Windows\bthservsdp.dat ()
i could not run or unzip the program cheetah to my desktop as instucted?

Please open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.