Active Keep Getting email hacked some way and can't figure out why

[Active] Keep Getting email hacked some way and can't figure out why

Good morning,
I am an admin guy who's been into Administration for six years. However, I am still learning new things everyday. Now here is my current delema. My son plays wow. My account keeps getting hacked into World of Warcraft but I think there is either a keylogger or something else on our home machine. I will run the RSIT once I get home tonight but I already have the hijack this file that I will also insert. I believe that the email address is getting hacked because everytime I scan using AVG, Norton, Adaware, Spybot, Malware I get everything off but someone keeps getting into our account. I just don't understand it. I have changed all passwords and it still keeps happening. I know this is for a game but in general I believe it is the machine that has been tampered with in order for this to keep happening over and over again. This has been going on for a couple of months now. I was hoping that maybe someone on this site would know more and maybe point me into the right direction. Thank you for your time in advance.
Jeff Palmer

Logfile of HijackThis v1.99.1
Scan saved at 12:51:57 PM, on 12/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Repair Files\Spyware Removal Software\HiJack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AT&T Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AT&T Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe "
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe "
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Easy Dock] C:\Documents and Settings\justin\My Documents\RCA EasyRip\EZDock.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Search - ?p=ZKxdm021YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175739402531
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

 

Welcome to WindowsBBS jeffpalmer

Instead of RSIT, please download DDS and save it to your desktop.

• Disable any script blocking protection
• Double click dds.scr to run the tool.
• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt
• Save both reports to your desktop.

Please include the contents of both logs in your next reply. The scan will instruct you to post the attach log as an attachment. No need for that though ..... just post it as you would any other log.

Then, download GMER

Right click and extract it to it's own folder on the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for "˜Show All’.
Click on Scan.
When the scan has completed, click Copy and paste the results (if any) into this topic.


Since you mentioned the email account, what type of email client are you using?

 

Will put in the information tonight. Thanks again for all of the help.

 

We use yahoo through ie.

 

DDS (Version 1.1.0) - NTFSx86
Run by cheryl at 16:45:41.45 on Tue 12/23/2008
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.362 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\PROGRA~1\SYMANT~1\DWHWIZRD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\cheryl\My Documents\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: AT&T Toolbar: {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - c:\progra~1\blstoo~1\BLSTOO~1.DLL
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AT&T Toolbar: {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - c:\progra~1\blstoo~1\BLSTOO~1.DLL
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe "
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [dlcgmon.exe] "c:\program files\dell aio 810\dlcgmon.exe "
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Easy Dock] c:\documents and settings\justin\my documents\rca easyrip\EZDock.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &Search - ?p=ZKxdm021YYUS
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: Zboard - Winlognotif.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;\??\c:\program files\symantec antivirus\savrt.sys [2005-8-26 334984]
R1 SAVRTPEL;SAVRTPEL;\??\c:\program files\symantec antivirus\Savrtpel.sys [2005-8-26 53896]
R2 aawservice;Lavasoft Ad-Aware Service; "c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-5-12 611664]
R2 ccEvtMgr;Symantec Event Manager; "c:\program files\common files\symantec shared\ccEvtMgr.exe" [2005-10-4 185968]
R2 ccSetMgr;Symantec Settings Manager; "c:\program files\common files\symantec shared\ccSetMgr.exe" [2005-10-4 177776]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Symantec AntiVirus;Symantec AntiVirus; "c:\program files\symantec antivirus\Rtvscan.exe" [2005-11-15 1756912]
R3 Alpham1;Ideazon ZBoard USB Human Interface Device;c:\windows\system32\drivers\Alpham1.sys [2007-7-23 42624]
R3 Alpham2;Ideazon ZBoard MM USB Human Interface Device;c:\windows\system32\drivers\Alpham2.sys [2007-3-20 18432]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-23 99376]
R3 NAVENG;NAVENG;\??\c:\progra~1\common~1\symant~1\virusd~1\20081222.005\naveng.sys [2008-12-23 89104]
R3 NAVEX15;NAVEX15;\??\c:\progra~1\common~1\symant~1\virusd~1\20081222.005\navex15.sys [2008-12-23 876112]
S3 ccPwdSvc;Symantec Password Validation; "c:\program files\common files\symantec shared\ccPwdSvc.exe" [2005-10-4 83568]
S3 SavRoam;SAVRoam; "c:\program files\symantec antivirus\SavRoam.exe" [2005-11-15 169200]

=============== Created Last 30 ================

2008-12-22 20:03 <DIR> --d----- c:\program files\trend micro
2008-12-20 21:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avg8
2008-12-20 21:33 <DIR> --d-h--- c:\windows\PIF
2008-12-17 15:17 <DIR> --d----- c:\docume~1\cheryl\applic~1\Windows Desktop Search
2008-12-13 15:46 <DIR> --d----- c:\windows\system32\GroupPolicy
2008-12-13 15:46 <DIR> --d----- c:\program files\Windows Desktop Search
2008-12-13 15:45 192,000 -------- c:\windows\system32\dllcache\offfilt.dll
2008-12-13 15:45 98,304 -------- c:\windows\system32\dllcache\nlhtml.dll
2008-12-13 15:45 29,696 -------- c:\windows\system32\dllcache\mimefilt.dll
2008-12-13 15:45 <DIR> --d----- c:\program files\Windows Media Connect 2
2008-12-13 10:18 23 a------- c:\windows\BlendSettings.ini
2008-12-13 08:13 <DIR> --d----- c:\program files\Bethesda Softworks
2008-12-13 08:12 107,888 a------- c:\windows\system32\CmdLineExt.dll

==================== Find3M ====================

2008-12-13 00:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-03 19:52 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 19:52 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-11-17 07:00 8,800 a------- c:\docume~1\cheryl\applic~1\wklnhst.dat
2008-10-24 05:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 06:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 06:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 07:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 07:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 10:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 01:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 01:04 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-10-03 04:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-10-03 04:02 247,326 a------- c:\windows\system32\dllcache\strmdll.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-29 16:20 6,008 a--sh--- c:\windows\system32\KGyGaAvL.sys
2007-07-30 12:40 10,385,200 a------- c:\documents and settings\cheryl\HC41Installer.exe
2007-05-17 18:47 66,269 a------- c:\program files\INSTALL.LOG
2008-06-27 17:11 88 ---shr-- c:\windows\system32\7568F46966.sys
2008-09-23 08:31 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092320080924\index.dat

============= FINISH: 16:46:22.37 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 7/30/2006 12:22:30 AM
System Uptime: 12/20/2008 9:38:02 PM (67 hours ago)

Motherboard: Dell Inc. | | 0FJ030
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 228 GiB total, 169.105 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP740: 9/25/2008 3:10:10 AM - System Checkpoint
RP741: 9/26/2008 3:34:08 AM - System Checkpoint
RP742: 9/27/2008 4:34:11 AM - System Checkpoint
RP743: 9/28/2008 5:34:10 AM - System Checkpoint
RP744: 9/29/2008 6:58:14 AM - System Checkpoint
RP745: 9/30/2008 7:24:53 AM - System Checkpoint
RP746: 10/1/2008 8:10:09 AM - System Checkpoint
RP747: 10/2/2008 8:11:17 AM - System Checkpoint
RP748: 10/6/2008 6:59:29 PM - System Checkpoint
RP749: 10/7/2008 7:34:40 PM - System Checkpoint
RP750: 10/8/2008 8:22:43 PM - System Checkpoint
RP751: 10/9/2008 9:23:29 PM - System Checkpoint
RP752: 10/11/2008 1:08:20 AM - System Checkpoint
RP753: 10/12/2008 1:41:43 AM - System Checkpoint
RP754: 10/13/2008 2:41:40 AM - System Checkpoint
RP755: 10/14/2008 3:41:44 AM - System Checkpoint
RP756: 10/15/2008 3:00:24 AM - Software Distribution Service 3.0
RP757: 10/16/2008 3:14:50 AM - System Checkpoint
RP758: 10/17/2008 4:14:45 AM - System Checkpoint
RP759: 10/18/2008 5:14:43 AM - System Checkpoint
RP760: 10/19/2008 6:14:42 AM - System Checkpoint
RP761: 10/20/2008 6:26:44 AM - System Checkpoint
RP762: 10/21/2008 3:00:17 AM - Software Distribution Service 3.0
RP763: 10/22/2008 3:50:43 AM - System Checkpoint
RP764: 10/23/2008 4:00:26 AM - System Checkpoint
RP765: 10/24/2008 5:48:28 AM - System Checkpoint
RP766: 10/25/2008 3:00:32 AM - Software Distribution Service 3.0
RP767: 10/26/2008 3:10:22 AM - System Checkpoint
RP768: 10/27/2008 4:10:24 AM - System Checkpoint
RP769: 10/28/2008 5:10:30 AM - System Checkpoint
RP770: 10/29/2008 5:58:16 AM - System Checkpoint
RP771: 10/30/2008 7:57:53 AM - System Checkpoint
RP772: 10/31/2008 3:26:01 PM - System Checkpoint
RP773: 11/1/2008 3:40:18 PM - System Checkpoint
RP774: 11/2/2008 3:40:11 PM - System Checkpoint
RP775: 11/3/2008 6:52:14 PM - System Checkpoint
RP776: 11/4/2008 6:55:04 PM - System Checkpoint
RP777: 11/5/2008 7:54:58 PM - System Checkpoint
RP778: 11/8/2008 10:12:06 PM - System Checkpoint
RP779: 11/9/2008 10:14:01 PM - System Checkpoint
RP780: 11/10/2008 10:39:21 PM - System Checkpoint
RP781: 11/12/2008 6:38:09 AM - System Checkpoint
RP782: 11/13/2008 3:00:26 AM - Software Distribution Service 3.0
RP783: 11/14/2008 3:14:59 AM - System Checkpoint
RP784: 11/15/2008 5:26:55 AM - System Checkpoint
RP785: 11/15/2008 7:00:23 AM - Removed Adobe Reader 7.1.0
RP786: 11/15/2008 7:00:42 AM - Installed Adobe Reader 9.
RP787: 11/16/2008 7:07:43 AM - System Checkpoint
RP788: 11/17/2008 7:46:19 AM - System Checkpoint
RP789: 11/18/2008 8:07:47 AM - System Checkpoint
RP790: 11/19/2008 9:07:46 AM - System Checkpoint
RP791: 11/20/2008 10:43:44 AM - System Checkpoint
RP792: 11/20/2008 5:53:23 PM - Installed AVG Free 8.0
RP793: 11/20/2008 9:30:51 PM - Installed AVG Free 8.0
RP794: 11/20/2008 9:37:34 PM - Installed AVG Free 8.0
RP795: 11/21/2008 12:22:44 PM - Installed AVG Free 8.0
RP796: 11/21/2008 12:24:31 PM - Avg8 Update
RP797: 11/22/2008 12:48:04 PM - System Checkpoint
RP798: 11/23/2008 1:21:43 PM - System Checkpoint
RP799: 11/24/2008 7:02:33 PM - System Checkpoint
RP800: 11/25/2008 10:09:52 AM - Avg8 Update
RP801: 11/26/2008 3:47:29 PM - System Checkpoint
RP802: 11/27/2008 8:22:35 AM - Avg8 Update
RP803: 11/28/2008 9:24:47 AM - System Checkpoint
RP804: 11/29/2008 10:04:08 AM - System Checkpoint
RP805: 11/30/2008 11:00:13 AM - System Checkpoint
RP806: 12/1/2008 11:04:24 AM - System Checkpoint
RP807: 12/2/2008 12:04:27 PM - System Checkpoint
RP808: 12/3/2008 1:04:28 PM - System Checkpoint
RP809: 12/4/2008 2:04:27 PM - System Checkpoint
RP810: 12/5/2008 4:09:45 PM - System Checkpoint
RP811: 12/6/2008 4:39:16 PM - System Checkpoint
RP812: 12/7/2008 11:44:23 PM - System Checkpoint
RP813: 12/9/2008 12:35:04 AM - System Checkpoint
RP814: 12/10/2008 1:35:00 AM - System Checkpoint
RP815: 12/11/2008 1:38:52 AM - System Checkpoint
RP816: 12/12/2008 2:38:57 AM - System Checkpoint
RP817: 12/12/2008 3:01:05 AM - Software Distribution Service 3.0
RP818: 12/13/2008 3:32:02 AM - System Checkpoint
RP819: 12/13/2008 8:08:13 AM - Avg8 Update
RP820: 12/13/2008 8:13:03 AM - Installed Oblivion
RP821: 12/13/2008 8:13:11 AM - Installed DirectX 9.0
RP822: 12/13/2008 8:21:37 AM - Installed Oblivion - Shivering Isles/Knights of the Nine
RP823: 12/13/2008 3:40:30 PM - Software Distribution Service 3.0
RP824: 12/14/2008 3:00:26 AM - Software Distribution Service 3.0
RP825: 12/15/2008 3:41:05 AM - System Checkpoint
RP826: 12/16/2008 4:30:52 AM - System Checkpoint
RP827: 12/17/2008 5:16:14 AM - System Checkpoint
RP828: 12/18/2008 3:00:21 AM - Software Distribution Service 3.0
RP829: 12/19/2008 3:12:10 AM - System Checkpoint
RP830: 12/20/2008 3:00:40 AM - Software Distribution Service 3.0
RP831: 12/20/2008 9:35:39 PM - Removed AVG Free 8.0
RP832: 12/20/2008 9:36:55 PM - Installed AVG Free 8.0
RP833: 12/21/2008 9:42:29 PM - System Checkpoint
RP834: 12/22/2008 10:54:29 PM - System Checkpoint

==== Installed Programs ======================

1400
1400_Help
1400Trb
2007 Microsoft Office Suite Service Pack 1 (SP1)
810plc32
ABBYY FineReader 6.0 Sprint
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9
AiO_Scan
AiOSoftware
AOLIcon
Apple Mobile Device Support
Apple Software Update
AT&T Toolbar
ATI Control Panel
ATI Display Driver
Banctec Service Agreement
BellSouth Application Management
BellSouth Internet Security - Alert Manager 1.5.11
BitTorrent
Blasterball 2
Bonjour
BufferChm
CCleaner (remove only)
Chuzzle Deluxe
Conexant D850 56K V.9x DFVc Modem
Consumer Complete Care Services Agreement
Corel Paint Shop Pro Photo X2
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CustomerResearchQFolder
Dell AIO 810
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell System Restore
DellSupport
DesignPro 5.0 Limited Edition
Destinations
DeviceManagementQFolder
Digital Content Portal
Digital Line Detect
DNA
DocProc
Documentation & Support Launcher
EducateU
ELIcon
eSupportQFolder
FastAccess® DSL Help Center 4.1
Fax
Games, Music, & Photos Launcher
Get High Speed Internet!
Google Desktop
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
HP Driver Diagnostics
HP Extended Capabilities 5.3
HP Image Zone Express
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
Intel Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Intel(R) Quick Resume Technology Drivers
Intel® Viivâ„¢
iPod for Windows 2006-03-23
IrfanView (remove only)
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
LimeWire PRO 4.9.23
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
MarketResearch
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Standard 2006
Microsoft Digital Image Standard 2006 Editor
Microsoft Digital Image Standard 2006 Library
Microsoft Encarta Encyclopedia Standard 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Streets & Trips 2006
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
MobileMe Control Panel
Modem Helper
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
My Wal-Mart Digital Photo Center
NetWaiting
NewCopy
Oblivion
OTOY
Otto
Polar Golfer
ProductContext
QuickTime
RCA Detective 1.0.0.95
RCA EasyRipâ„¢ 1.3.8.0
Readme
RealPlayer Basic
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Safari
Scan
ScannerCopy
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SolutionCenter
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Status
Symantec AntiVirus
TrayApp
Tweak UI
Unload
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office InfoPath 2007 Help (KB957243)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb958619)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Viewpoint Media Player
Wal-Mart Digital Photo Manager
WebCyberCoach 3.2 Dell
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinRAR archiver
Works Upgrade
World of Warcraft
XML Paper Specification Shared Components Pack 1.0
Yahoo! Toolbar
Zboard (TM) Software

==== Event Viewer Messages From Past Week ========

12/18/2008 3:08:35 AM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The system cannot find the file specified.
12/16/2008 8:11:16 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/16/2008 11:36:16 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SAVRT SAVRTPEL SYMTDI Tcpip
12/16/2008 11:36:16 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/16/2008 11:36:16 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/16/2008 11:36:16 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/16/2008 11:36:16 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/16/2008 11:36:16 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/16/2008 11:36:16 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/16/2008 11:34:59 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

==== End Of File ===========================

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-23 17:01:43
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT 867DE4F0 ZwConnectPort
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF46CADC0]
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF46CB020]

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[1576] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7628] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7628] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A179F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7628] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A1720 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7628] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A1764 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7628] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A16AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7628] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A16E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7628] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A17DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7628] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \FileSystem\Fastfat \Fat B5374D20

AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\32F36B64A4B252548A72860862EBE504\Usage@SAVUI 966198183

---- EOF - GMER 1.0.14 ----


Here is the information that you wanted. However, I must admit that this is dipping into IT that I have never dealt with before.
Jeff

 

I'm not seeing anything suspicious in thos logs. Lets see if there are any known to me WoW keyloggers. Highlight and copy the contents of the code box below.

Code:

@echo off
echo.  
echo Searching ..... please wait
dir %Systemdrive%\wow*.* /a h /s >check.txt
echo.>>check.txt
start notepad check.txt
exit
cls

Click Start>Run and type cmd then hit enter to open a command window. Right click in the command window and select paste. The command window will close and a log will open. Please post the contents of that log.

With Yahoo mail you can setup secret questions and such to request the password. I've found that it's best to use false info that only you would know is false, in case there's someone that might know what the true info would be and can use it to gain your password. Might give that a try then reset your password again.

 

I will get this to you as soon as I get home.

 

Noah - Because I don't know how to look for it yet, if this *were* that new IE exploit that steals WoW (and other online passwords), what would it look like in a log like this?

I'm not suggesting it even is... But lord knows I'm probably going to get calls about it from friends soon.

 

@CUISTech

Guess I don't know what 'new' IE exploit you're referring to.

 

I don't know if you know, but Blizzard offers these new keyfob/secureID tags (I think they are $6 - one time fee). Basically, you order it from your WoW account management screen, get it in the mail and activate it with your account. When you log into WoW, you put in your regular password PLUS the 6 digits showing on the keyfob. The 6 digits are random and change every 60 seconds so it's impossible for anyone to steel your password again. My DH and I use one and the same one can be used by multiple wow accounts in the same house.

I still think you should make sure there are no keyloggers, just in case (for online banking and such - just to be sure), but I just wanted to let you know there is a secure way to protect your wow account! : )

Here is the link to the FAQ - http://us.blizzard.com/support/article.xml?articleId=24660

 

Here is my scan guys. Hope this helps. Thanks again for all of the help.

Volume in drive C has no label.
Volume Serial Number is DCBE-E95A

Directory of C:\Documents and Settings\cheryl\Local Settings\Temp\Temporary Internet Files\Content.IE5\KLIVS56J

08/04/2006 07:37 PM 39,038 wow_175x110[1].gif
1 File(s) 39,038 bytes

Directory of C:\Documents and Settings\justin\Application Data\Acreon

12/01/2008 08:51 PM <DIR> WowMatrix
0 File(s) 0 bytes

Directory of C:\Documents and Settings\justin\Application Data\Acreon\WowMatrix\Archives\!Swatter

10/31/2008 12:17 PM 87 WowMatrix.dat
1 File(s) 87 bytes

Directory of C:\Documents and Settings\justin\Application Data\Acreon\WowMatrix\Archives\AtlasLoot

11/22/2008 03:02 PM 91 WowMatrix.dat
1 File(s) 91 bytes

Directory of C:\Documents and Settings\justin\Application Data\Acreon\WowMatrix\Archives\AtlasLootFu

11/22/2008 03:02 PM 91 WowMatrix.dat
1 File(s) 91 bytes

Directory of C:\Documents and Settings\justin\Application Data\Acreon\WowMatrix\Archives\AtlasLoot_BurningCrusade

11/22/2008 03:02 PM 91 WowMatrix.dat
1 File(s) 91 bytes

Directory of C:\Documents and Settings\justin\Application Data\Acreon\WowMatrix\Archives\AtlasLoot_Crafting

11/22/2008 03:02 PM 91 WowMatrix.dat
1 File(s) 91 bytes

Directory of C:\Documents and Settings\justin\Application Data\Acreon\WowMatrix\Archives\AtlasLoot_OriginalWoW

11/22/2008 03:02 PM 91 WowMatrix.dat
1 File(s) 91 bytes

Directory of C:\Documents and Settings\justin\Application Data\Acreon\WowMatrix\Archives\AtlasLoot_WorldEvents

11/22/2008 03:02 PM 91 WowMatrix.dat
1 File(s) 91 bytes

Directory of C:\Documents and Settings\justin\Application Data\Acreon\WowMatrix\Archives\AtlasLoot_WrathoftheLichKing

11/22/2008 03:02 PM 91 WowMatrix.dat
1 File(s) 91 bytes

Directory of C:\Documents and Settings\justin\Application Data\Acreon\WowMatrix\Archives\Auc-Advanced

10/31/2008 12:16 PM 47 WowMatrix.dat
1 File(s) 47 bytes

Directory of C:\Documents and Settings\justin\Application Data\Acreon\WowMatrix\Archives\Auc-Advanced\Modules\Auc-Stat-WOWEcon

10/05/2008 05:30 PM 9,029 WOWEcon.lua
1 File(s) 9,029 bytes

Directory of C:\Documents and Settings\justin\Application Data\Acreon\WowMatrix\Archives\Auc-Filter-Basic

10/31/2008 12:16 PM 47 WowMatrix.dat
1 File(s) 47 bytes

Directory of C:\Documents and Settings\justin\Application Data\Acreon\WowMatrix\Archives\Auc-ScanData

10/31/2008 12:16 PM 47 WowMatrix.dat
1 File(s) 47 bytes

Directory of C:\Documents and Settings\justin\Application Data\Acreon\WowMatrix\Archives\Auc-Stat-Classic

10/31/2008 12:16 PM 47 WowMatrix.dat
1 File(s) 47 bytes

Directory of C:\Documents and Settings\justin\Application Data\Acreon\WowMatrix\Archives\Auc-Stat-Histogram

10/31/2008 12:16 PM 47 WowMatrix.dat
1 File(s) 47 bytes

Directory of C:\Documents and Settings\justin\Application Data\Acreon\WowMatrix\Archives\Auc-Stat-Purchased

10/31/2008 12:16 PM 47 WowMatrix.dat
1 File(s) 47 bytes

Directory of C:\Documents and Settings\justin\Application Data\Acreon\WowMatrix\Archives\Auc-Stat-Simple

10/31/2008 12:16 PM 47 WowMatrix.dat
1 File(s) 47 bytes

Directory of C:\Documents and Settings\justin\Application Data\Acreon\WowMatrix\Archives\Auc-Stat-StdDev

10/31/2008 12:16 PM 47 WowMatrix.dat
1 File(s) 47 bytes

Directory of C:\Documents and Settings\justin\Application Data\Acreon\WowMatrix\Archives\Auctioneer

10/31/2008 12:16 PM 47 WowMatrix.dat
1 File(s) 47 bytes

Directory of C:\Documents and Settings\justin\Application Data\Acreon\WowMatrix\Archives\BeanCounter

10/31/2008 12:16 PM 47 WowMatrix.dat
1 File(s) 47 bytes

Directory of C:\Documents and Settings\justin\Application Data\Acreon\WowMatrix\Archives\BtmScan

10/31/2008 12:16 PM 47 WowMatrix.dat
1 File(s) 47 bytes

Directory of C:\Documents and Settings\justin\Application Data\Acreon\WowMatrix\Archives\Enchantrix

10/31/2008 12:16 PM 47 WowMatrix.dat
1 File(s) 47 bytes

Directory of C:\Documents and Settings\justin\Application Data\Acreon\WowMatrix\Archives\Enchantrix-Barker

10/31/2008 12:16 PM 47 WowMatrix.dat
1 File(s) 47 bytes

Directory of C:\Documents and Settings\justin\Application Data\Acreon\WowMatrix\Archives\EnhTooltip

10/31/2008 12:16 PM 47 WowMatrix.dat
1 File(s) 47 bytes

Directory of C:\Documents and Settings\justin\Application Data\Acreon\WowMatrix\Archives\Gatherer

10/31/2008 12:17 PM 87 WowMatrix.dat
1 File(s) 87 bytes

Directory of C:\Documents and Settings\justin\Application Data\Acreon\WowMatrix\Archives\Gatherer_HUD

10/31/2008 12:17 PM 87 WowMatrix.dat
1 File(s) 87 bytes

Directory of C:\Documents and Settings\justin\Application Data\Acreon\WowMatrix\Archives\Informant

10/31/2008 12:16 PM 47 WowMatrix.dat
1 File(s) 47 bytes

Directory of C:\Documents and Settings\justin\Application Data\Acreon\WowMatrix\Archives\QuestHelper

11/29/2008 10:21 AM 89 WowMatrix.dat
1 File(s) 89 bytes

Directory of C:\Documents and Settings\justin\Application Data\Acreon\WowMatrix\Archives\SlideBar

10/31/2008 12:17 PM 87 WowMatrix.dat
1 File(s) 87 bytes

Directory of C:\Documents and Settings\justin\Application Data\Acreon\WowMatrix\Archives\Stubby

10/31/2008 12:16 PM 47 WowMatrix.dat
1 File(s) 47 bytes

Directory of C:\Documents and Settings\justin\Local Settings\Temporary Internet Files\Content.IE5\24S09G3K

12/22/2008 11:00 AM 18,474 wow[1].css
1 File(s) 18,474 bytes

Directory of C:\Documents and Settings\justin\Local Settings\Temporary Internet Files\Content.IE5\U4VYYOVJ

12/22/2008 11:00 AM 15,676 wowlogo[1].gif
1 File(s) 15,676 bytes

Directory of C:\Documents and Settings\justin\Local Settings\Temporary Internet Files\Content.IE5\X3P7ZR2N

12/22/2008 11:00 AM 11,510 wow[1].js
1 File(s) 11,510 bytes

Directory of C:\Documents and Settings\justin\My Documents

09/14/2007 08:39 AM <DIR> wow addons
07/30/2007 06:02 PM 944,405 WoW-2.1.3.6898-to-0.2.0.6932-enUS-downloader.dmg
10/31/2008 12:15 PM 1,612,032 WowMatrix.zip
2 File(s) 2,556,437 bytes

Directory of C:\i386

08/10/2004 04:00 AM 264,192 wow32.dll
08/10/2004 04:00 AM 2,736 wowdeb.exe
08/10/2004 04:00 AM 10,368 wowexec.exe
08/10/2004 04:00 AM 3,200 wowfax.dll
08/10/2004 04:00 AM 13,824 wowfaxui.dll
5 File(s) 294,320 bytes

Directory of C:\Program Files\World of Warcraft

07/30/2006 10:24 PM 778,683 WoW-1.11.0-enUS-downloader.exe
07/30/2006 11:20 PM 476,712,485 WoW-1.11.0-enUS-patch.exe
07/31/2006 02:32 PM 742,899 WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe
07/31/2006 02:32 PM 5,292,747 WoW-1.11.1.5462-to-1.11.2.5464-enUS-patch.exe
08/23/2006 05:10 PM 764,021 WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe
08/23/2006 05:24 PM 17,122,507 WoW-1.11.2.5464-to-1.12.0.5595-enUS-patch.exe
09/26/2006 07:56 AM 763,219 WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe
09/26/2006 08:32 AM 3,272,170 WoW-1.12.0.5595-to-1.12.1.5875-enUS-patch.exe
12/05/2006 04:29 PM <DIR> WoW-1.12.x-to-2.0.1-enUS-patch
12/05/2006 04:29 PM 807,252 WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe
04/11/2007 03:20 PM 771,411 WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe
04/11/2007 03:21 PM 3,377,726 WoW-2.0.10.6448-to-2.0.12.6546-enUS-patch.exe
06/04/2007 05:40 PM 830,423 WoW-2.0.12.6546-to-2.1.0.6692-enUS-downloader.exe
01/23/2007 04:33 PM 784,032 WoW-2.0.3-enUS-downloader.exe
01/23/2007 04:40 PM 771,373 WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe
01/23/2007 04:40 PM 2,959,007 WoW-2.0.3.6299-to-2.0.5.6320-enUS-patch.exe
01/24/2007 04:14 PM 771,493 WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe
01/24/2007 04:14 PM 4,513,498 WoW-2.0.5.6320-to-2.0.6.6337-enUS-patch.exe
02/13/2007 04:10 PM 771,373 WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe
02/13/2007 04:13 PM 3,001,185 WoW-2.0.6.6337-to-2.0.7.6383-enUS-patch.exe
02/15/2007 04:09 PM 771,353 WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe
02/15/2007 04:10 PM 2,782,713 WoW-2.0.7.6383-to-2.0.8.6403-enUS-patch.exe
03/06/2007 09:20 PM 771,362 WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe
03/06/2007 09:21 PM 2,879,216 WoW-2.0.8.6403-to-2.0.10.6448-enUS-patch.exe
06/04/2007 06:38 PM 808,137 WoW-2.1.0.6692-to-2.1.0.6729-enUS-downloader.exe
06/04/2007 06:39 PM 1,832,158 WoW-2.1.0.6692-to-2.1.0.6729-enUS-patch.exe
06/08/2007 04:51 PM 808,157 WoW-2.1.0.6729-to-2.1.1.6739-enUS-downloader.exe
06/08/2007 04:52 PM 1,932,609 WoW-2.1.0.6729-to-2.1.1.6739-enUS-patch.exe
06/19/2007 06:48 AM 811,219 WoW-2.1.1.6739-to-2.1.2.6803-enUS-downloader.exe
06/19/2007 07:00 AM 42,088,676 WoW-2.1.1.6739-to-2.1.2.6803-enUS-patch.exe
07/10/2007 08:00 AM 808,257 WoW-2.1.2.6803-to-2.1.3.6898-enUS-downloader.exe
07/10/2007 08:02 AM 3,357,356 WoW-2.1.2.6803-to-2.1.3.6898-enUS-patch.exe
10/04/2007 06:28 PM 814,748 WoW-2.1.3.6898-to-2.2.0.7272-enUS-downloader.exe
10/04/2007 06:34 PM 808,597 WoW-2.2.0.7272-to-2.2.2.7318-enUS-downloader.exe
10/04/2007 06:36 PM 7,696,919 WoW-2.2.0.7272-to-2.2.2.7318-enUS-patch.exe
10/14/2007 06:05 PM 808,177 WoW-2.2.2.7318-to-2.2.3.7359-enUS-downloader.exe
10/14/2007 06:06 PM 2,132,022 WoW-2.2.2.7318-to-2.2.3.7359-enUS-patch.exe
11/13/2007 05:01 PM 830,650 WoW-2.2.3.7359-to-2.3.0.7561-enUS-downloader.exe
01/08/2008 02:55 PM 817,032 WoW-2.3.0.7561-to-2.3.2.7741-enUS-downloader.exe
01/08/2008 02:57 PM 5,300,568 WoW-2.3.0.7561-to-2.3.2.7741-enUS-patch.exe
01/22/2008 02:51 PM 816,952 WoW-2.3.2.7741-to-2.3.3.7799-enUS-downloader.exe
01/22/2008 02:52 PM 4,543,704 WoW-2.3.2.7741-to-2.3.3.7799-enUS-patch.exe
03/25/2008 06:30 AM 985,232 WoW-2.3.3.7799-to-2.4.0.8089-enUS-downloader.exe
03/25/2008 07:01 AM 816,952 WoW-2.3.3.7954-to-2.4.0.8098-enUS-downloader.exe
03/25/2008 07:01 AM 4,710,184 WoW-2.3.3.7954-to-2.4.0.8098-enUS-patch.exe
04/01/2008 02:04 PM 964,448 WoW-2.4.0.8089-to-2.4.1.8125-enUS-downloader.exe
04/01/2008 02:05 PM 5,167,176 WoW-2.4.0.8089-to-2.4.1.8125-enUS-patch.exe
05/13/2008 04:19 PM 965,264 WoW-2.4.1.8125-to-2.4.2.8278-enUS-downloader.exe
05/13/2008 04:24 PM 15,803,224 WoW-2.4.1.8125-to-2.4.2.8278-enUS-patch.exe
07/15/2008 08:43 AM 1,072,744 WoW-2.4.2.8278-to-2.4.3.8606-enUS-downloader.exe
07/15/2008 08:49 AM 28,589,672 WoW-2.4.2.8278-to-2.4.3.8606-enUS-patch.exe
10/15/2008 02:28 PM 1,415,640 WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe
11/13/2008 03:28 PM 1,101,608 WoW-3.0.1-to-3.0.2-enUS-Win-Update-downloader.exe
11/13/2008 03:34 PM 1,072,200 WoW-3.0.2.9056-to-3.0.3.9183-enUS-downloader.exe
11/07/2008 05:12 PM 21,689,232 WoW-3.0.2.9056-to-3.0.3.9183-enUS-patch.exe
07/30/2006 11:31 PM <DIR> wow-patch (1.11.0.5428 - 1.11.1.5462)
11/13/2008 03:34 PM 12,676,752 Wow.exe
11/13/2008 03:34 PM 217,232 WowError.exe
56 File(s) 706,275,646 bytes

Directory of C:\Program Files\World of Warcraft\Cache\WDB\enUS

12/25/2008 08:40 AM 75,961 wowcache.wdb
1 File(s) 75,961 bytes

Directory of C:\Program Files\World of Warcraft\Data\enUS\Interface\Cinematics

10/15/2008 02:34 PM 47,632,384 WOW_Intro_1024.avi
10/15/2008 02:34 PM 41,175,040 WOW_Intro_800.avi
10/15/2008 02:34 PM 47,577,088 WOW_Intro_BC_1024.avi
10/15/2008 02:34 PM 41,263,104 WOW_Intro_BC_800.avi
11/13/2008 03:07 PM 56,177,056 WOW_Intro_LK_1024.avi
11/13/2008 03:07 PM 48,820,376 WOW_Intro_LK_800.avi
11/13/2008 03:09 PM 75,685,834 WOW_Wrathgate_1024.avi
11/13/2008 03:08 PM 65,683,896 WOW_Wrathgate_800.avi
8 File(s) 424,014,778 bytes

Directory of C:\Program Files\World of Warcraft\Interface\AddOns\!Swatter

11/14/2008 06:35 PM 87 WowMatrix.dat
1 File(s) 87 bytes

Directory of C:\Program Files\World of Warcraft\Interface\AddOns\AtlasLoot

12/01/2008 08:51 PM 90 WowMatrix.dat
1 File(s) 90 bytes

Directory of C:\Program Files\World of Warcraft\Interface\AddOns\AtlasLootFu

12/01/2008 08:51 PM 90 WowMatrix.dat
1 File(s) 90 bytes

Directory of C:\Program Files\World of Warcraft\Interface\AddOns\AtlasLoot_BCInstances

10/31/2008 12:16 PM 47 WowMatrix.dat
1 File(s) 47 bytes

Directory of C:\Program Files\World of Warcraft\Interface\AddOns\AtlasLoot_BurningCrusade

12/01/2008 08:51 PM 90 WowMatrix.dat
1 File(s) 90 bytes

Directory of C:\Program Files\World of Warcraft\Interface\AddOns\AtlasLoot_Crafting

12/01/2008 08:51 PM 90 WowMatrix.dat
1 File(s) 90 bytes

Directory of C:\Program Files\World of Warcraft\Interface\AddOns\AtlasLoot_OldInstances

10/31/2008 12:16 PM 47 WowMatrix.dat
1 File(s) 47 bytes

Directory of C:\Program Files\World of Warcraft\Interface\AddOns\AtlasLoot_OriginalWoW

12/01/2008 08:51 PM 90 WowMatrix.dat
1 File(s) 90 bytes

Directory of C:\Program Files\World of Warcraft\Interface\AddOns\AtlasLoot_RepFactions

10/31/2008 12:16 PM 47 WowMatrix.dat
1 File(s) 47 bytes

Directory of C:\Program Files\World of Warcraft\Interface\AddOns\AtlasLoot_SetsandPvP

10/31/2008 12:16 PM 47 WowMatrix.dat
1 File(s) 47 bytes

Directory of C:\Program Files\World of Warcraft\Interface\AddOns\AtlasLoot_WorldEvents

12/01/2008 08:51 PM 90 WowMatrix.dat
1 File(s) 90 bytes

Directory of C:\Program Files\World of Warcraft\Interface\AddOns\AtlasLoot_WorldLoot

10/31/2008 12:16 PM 47 WowMatrix.dat
1 File(s) 47 bytes

Directory of C:\Program Files\World of Warcraft\Interface\AddOns\AtlasLoot_WrathoftheLichKing

12/01/2008 08:51 PM 90 WowMatrix.dat
1 File(s) 90 bytes

Directory of C:\Program Files\World of Warcraft\Interface\AddOns\Auc-Advanced

10/31/2008 12:17 PM 94 WowMatrix.dat
1 File(s) 94 bytes

Directory of C:\Program Files\World of Warcraft\Interface\AddOns\Auc-Advanced\Modules\Auc-Stat-WOWEcon

10/31/2008 12:16 PM 9,144 WOWEcon.lua
1 File(s) 9,144 bytes

Directory of C:\Program Files\World of Warcraft\Interface\AddOns\Auc-Filter-Basic

10/31/2008 12:17 PM 94 WowMatrix.dat
1 File(s) 94 bytes

Directory of C:\Program Files\World of Warcraft\Interface\AddOns\Auc-ScanData

10/31/2008 12:17 PM 94 WowMatrix.dat
1 File(s) 94 bytes

Directory of C:\Program Files\World of Warcraft\Interface\AddOns\Auc-Stat-Classic

10/31/2008 12:17 PM 94 WowMatrix.dat
1 File(s) 94 bytes

Directory of C:\Program Files\World of Warcraft\Interface\AddOns\Auc-Stat-Histogram

10/31/2008 12:17 PM 94 WowMatrix.dat
1 File(s) 94 bytes

Directory of C:\Program Files\World of Warcraft\Interface\AddOns\Auc-Stat-iLevel

10/31/2008 12:17 PM 94 WowMatrix.dat
1 File(s) 94 bytes

Directory of C:\Program Files\World of Warcraft\Interface\AddOns\Auc-Stat-Purchased

10/31/2008 12:17 PM 94 WowMatrix.dat
1 File(s) 94 bytes

Directory of C:\Program Files\World of Warcraft\Interface\AddOns\Auc-Stat-Simple

10/31/2008 12:17 PM 94 WowMatrix.dat
1 File(s) 94 bytes

Directory of C:\Program Files\World of Warcraft\Interface\AddOns\Auc-Stat-StdDev

10/31/2008 12:17 PM 94 WowMatrix.dat
1 File(s) 94 bytes

Directory of C:\Program Files\World of Warcraft\Interface\AddOns\BeanCounter

10/31/2008 12:17 PM 94 WowMatrix.dat
1 File(s) 94 bytes

Directory of C:\Program Files\World of Warcraft\Interface\AddOns\Enchantrix

10/31/2008 12:17 PM 94 WowMatrix.dat
1 File(s) 94 bytes

Directory of C:\Program Files\World of Warcraft\Interface\AddOns\Enchantrix-Barker

10/31/2008 12:17 PM 94 WowMatrix.dat
1 File(s) 94 bytes

Directory of C:\Program Files\World of Warcraft\Interface\AddOns\EnhTooltip

10/31/2008 12:17 PM 94 WowMatrix.dat
1 File(s) 94 bytes

Directory of C:\Program Files\World of Warcraft\Interface\AddOns\Gatherer

11/14/2008 06:35 PM 87 WowMatrix.dat
1 File(s) 87 bytes

Directory of C:\Program Files\World of Warcraft\Interface\AddOns\Gatherer_HUD

11/14/2008 06:35 PM 87 WowMatrix.dat
1 File(s) 87 bytes

Directory of C:\Program Files\World of Warcraft\Interface\AddOns\Informant

10/31/2008 12:17 PM 94 WowMatrix.dat
1 File(s) 94 bytes

Directory of C:\Program Files\World of Warcraft\Interface\AddOns\QuestHelper

12/01/2008 08:51 PM 89 WowMatrix.dat
1 File(s) 89 bytes

Directory of C:\Program Files\World of Warcraft\Interface\AddOns\SlideBar

11/14/2008 06:35 PM 87 WowMatrix.dat
1 File(s) 87 bytes

Directory of C:\Program Files\World of Warcraft\Interface\AddOns\Stubby

10/31/2008 12:17 PM 94 WowMatrix.dat
1 File(s) 94 bytes

Directory of C:\Program Files\World of Warcraft\Screenshots

01/28/2007 08:27 AM 3,145,772 WoWScrnShot_012807_082745.tga
01/28/2007 08:27 AM 3,145,772 WoWScrnShot_012807_082746.tga
02/01/2007 06:42 PM 3,145,772 WoWScrnShot_020107_184222.tga
02/01/2007 06:42 PM 3,145,772 WoWScrnShot_020107_184223.tga
02/03/2008 07:15 PM 162,794 WoWScrnShot_020308_191525.jpg
02/08/2007 07:18 PM 3,145,772 WoWScrnShot_020807_191840.tga
02/22/2007 09:54 PM 3,145,772 WoWScrnShot_022207_215433.tga
02/26/2007 07:58 PM 3,145,772 WoWScrnShot_022607_195844.tga
02/29/2008 11:38 PM 233,424 WoWScrnShot_022908_233807.jpg
04/01/2008 05:29 PM 212,921 WoWScrnShot_040108_182948.jpg
04/01/2008 05:29 PM 211,990 WoWScrnShot_040108_182954.jpg
04/01/2008 05:29 PM 212,106 WoWScrnShot_040108_182956.jpg
04/01/2008 05:29 PM 212,211 WoWScrnShot_040108_182957.jpg
04/25/2008 03:07 PM 164,571 WoWScrnShot_042508_160759.jpg
04/25/2008 05:39 PM 212,169 WoWScrnShot_042508_183913.jpg
06/10/2008 05:08 PM 274,359 WoWScrnShot_061008_180805.jpg
06/10/2008 05:08 PM 273,175 WoWScrnShot_061008_180807.jpg
07/10/2008 07:15 PM 220,631 WoWScrnShot_071008_201554.jpg
07/10/2008 07:15 PM 232,163 WoWScrnShot_071008_201557.jpg
08/05/2007 01:36 PM 156,547 WoWScrnShot_080507_143627.jpg
08/22/2007 06:31 PM 205,659 WoWScrnShot_082207_193154.jpg
08/22/2007 06:31 PM 206,016 WoWScrnShot_082207_193156.jpg
09/24/2006 09:14 AM 3,145,772 WoWScrnShot_092406_101457.tga
10/01/2008 08:46 PM 256,754 WoWScrnShot_100108_214613.jpg
10/01/2008 08:46 PM 253,934 WoWScrnShot_100108_214616.jpg
10/01/2008 08:46 PM 258,391 WoWScrnShot_100108_214633.jpg
10/13/2008 01:21 PM 245,949 WoWScrnShot_101308_142107.jpg
10/13/2008 01:21 PM 244,341 WoWScrnShot_101308_142110.jpg
10/20/2006 10:57 AM 3,145,772 WoWScrnShot_102006_115730.tga
10/21/2006 12:03 PM 3,145,772 WoWScrnShot_102106_130302.tga
10/21/2006 12:03 PM 3,145,772 WoWScrnShot_102106_130303.tga
11/02/2006 06:59 PM 3,145,772 WoWScrnShot_110206_185937.tga
12/08/2008 07:06 PM 206,658 WoWScrnShot_120808_190645.jpg
33 File(s) 42,406,027 bytes

Directory of C:\Program Files\World of Warcraft\Updates

10/15/2008 02:33 PM <DIR> WoW-2.4.3-to-3.0.1-TBC-USMX-Update
10/15/2008 02:57 PM <DIR> WoW-3.0.1-to-3.0.2-Update
0 File(s) 0 bytes

Directory of C:\Program Files\World of Warcraft\Updates\WoW-3.0.1-to-3.0.2-Update

10/15/2008 02:57 PM 7,996,664 wow-final.MPQ
10/15/2008 02:57 PM 333,097,651 wow-partial-1.MPQ
10/15/2008 02:29 PM 66,380,747 wow-partial-2.MPQ
3 File(s) 407,475,062 bytes

Directory of C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch

12/05/2006 04:30 PM 859,664 wow-final.MPQ
12/05/2006 04:30 PM 37,576,390 wow-partial-1.MPQ
12/03/2006 08:00 PM 453,839,249 wow-partial-2.MPQ
12/03/2006 08:00 PM 21,816,326 wow-partial-3.MPQ
4 File(s) 514,091,629 bytes

Directory of C:\Program Files\World of Warcraft\wow-patch (1.11.0.5428 - 1.11.1.5462)

07/30/2006 11:31 PM 2,474,702 wow-patch-backup.MPQ
1 File(s) 2,474,702 bytes

Directory of C:\Repair Files\Stuff\Personal

11/02/2006 09:18 AM 1,100,800 wow stuff.doc
1 File(s) 1,100,800 bytes

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/10/2004 04:00 AM 264,192 wow32.dll
1 File(s) 264,192 bytes

Directory of C:\WINDOWS\Prefetch

12/25/2008 08:37 AM 61,260 WOW.EXE-2292A7C2.pf
1 File(s) 61,260 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 06:12 PM 264,192 wow32.dll
1 File(s) 264,192 bytes

Directory of C:\WINDOWS\system32

04/13/2008 06:12 PM 264,192 wow32.dll
08/10/2004 04:00 AM 2,736 wowdeb.exe
08/10/2004 04:00 AM 10,368 wowexec.exe
08/10/2004 04:00 AM 3,200 wowfax.dll
08/10/2004 04:00 AM 13,824 wowfaxui.dll
5 File(s) 294,320 bytes

Directory of C:\WINDOWS\system32\dllcache

08/10/2004 04:00 AM 2,736 wowdeb.exe
08/10/2004 04:00 AM 10,368 wowexec.exe
08/10/2004 04:00 AM 3,200 wowfax.dll
08/10/2004 04:00 AM 13,824 wowfaxui.dll
4 File(s) 30,128 bytes

 

This one, from just like two weeks ago: Serious security flaw found in IE

Maybe "exploit" was the wrong word.

 

Hi jeff,

All of those appear legit. Is the account still being hacked? Did you check into the Yahoo mail options or raingirl's suggestion?

 

I changed my yahoo password and I deleted the interfaces on WoW and it's still being hacked. So, I guess I'm going to have to get the WoW key thing. I guess that is about all I can do. I'm still stumped at the situation. It just did it again too.
Jeff

 

I did just look at the screenshots folder and it has my son's account name on a couple of the screenshots. Do you think I should delete that folder so they can't see the screenshots folder?
Jeff

 

I don't do any gaming, so I'm probably the least qualified person to ask about securing it. I see no indication of infection, but an online scan wouldn't hurt to make sure. Do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Post the Kaspersky log here if any infections are reported.