[Active] Trojans and random Popups

Selphy · 26th January 2009

So my friend sends me some random picture file. Not thinking, I open it and boom, trojans galore. I use spybot and my anti-virus and they both pick up a lot of junk, but after all of that, the problem seems to persist. I'm getting a bunch of random popups and recently, I reformatted my computer due to a keylogger who stole my WoW account >.>

I already had DSS on my computer from a while ago, but the files that it gives are main.txt and extra.txt as opposed to the dss.txt and attach.txt in the "read this" post.

Deckard's System Scanner v20071014.68
Run by Cirno on 2009-01-26 04:18:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
34: 2009-01-26 11:04:42 UTC - RP41 - Windows Defender Checkpoint
33: 2009-01-26 10:50:41 UTC - RP39 - Installed AVG 7.5
32: 2009-01-26 09:11:00 UTC - RP38 - Windows Defender Checkpoint
31: 2009-01-25 21:16:30 UTC - RP36 - Installed Java(TM) 6 Update 11
30: 2009-01-22 18:34:12 UTC - RP35 - Windows Update

-- First Restore Point --
1: 2009-01-03 10:01:44 UTC - RP6 - Windows Update

Backed up registry hives.
Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2009-01-26 04:21:04
Platform: Windows Vista Service Pack 1 (6.00.6001)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\VnrPack\VnrPack22.exe
C:\Program Files (x86)\GetModule\GetModule35.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Grisoft\AVG7\avgcc.exe
D:\Anti-Junk Programs\dss.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free2article.info
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: CPV - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files (x86)\WebShow\WebShow.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files (x86)\Mjcore\Mjcore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows DLL Loader] C:\Windows\system32\winamp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~2\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Twain] C:\Users\Cirno\AppData\Roaming\Twain\Twain.exe
O4 - HKCU\..\Run: [SpeedRunner] C:\Users\Cirno\AppData\Roaming\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [VnrPack22] "C:\Program Files (x86)\VnrPack\VnrPack22.exe"
O4 - HKCU\..\Run: [GetModule35] C:\Program Files (x86)\GetModule\GetModule35.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{8764446A-33A7-42C8-9AB6-3EFC0AD4E11A}: NameServer = 66.51.206.100,66.51.205.100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files (x86)\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files (x86)\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\Program Files (x86)\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files (x86)\Grisoft\AVG7\avgemc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe

--
End of file - 6859 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ACPI (Microsoft ACPI Driver) - c:\windows\system32\drivers\acpi.sys (file missing)
R0 atapi (IDE Channel) - c:\windows\system32\drivers\atapi.sys (file missing)
R0 CLFS (Common Log (CLFS)) - c:\windows\system32\clfs.sys (file missing)
R0 crcdisk (Crcdisk Filter Driver) - c:\windows\system32\drivers\crcdisk.sys (file missing)
R0 disk (Disk Driver) - c:\windows\system32\drivers\disk.sys (file missing)
R0 Ecache (ReadyBoost Caching Driver) - c:\windows\system32\drivers\ecache.sys (file missing)
R0 FileInfo (File Information FS MiniFilter) - c:\windows\system32\drivers\fileinfo.sys (file missing)
R0 FltMgr - c:\windows\system32\drivers\fltmgr.sys (file missing)
R0 KSecDD - c:\windows\system32\drivers\ksecdd.sys (file missing)
R0 MountMgr (Mount Point Manager) - c:\windows\system32\drivers\mountmgr.sys (file missing)
R0 msisadrv (ISA/EISA Class Driver) - c:\windows\system32\drivers\msisadrv.sys (file missing)
R0 Mup - c:\windows\system32\drivers\mup.sys (file missing)
R0 NDIS (NDIS System Driver) - c:\windows\system32\drivers\ndis.sys (file missing)
R0 nvstor - c:\windows\system32\drivers\nvstor.sys (file missing)
R0 partmgr (Partition Manager) - c:\windows\system32\drivers\partmgr.sys (file missing)
R0 pci (PCI Bus Driver) - c:\windows\system32\drivers\pci.sys (file missing)
R0 pciide - c:\windows\system32\drivers\pciide.sys (file missing)
R0 spldr (Security Processor Loader Driver) - c:\windows\system32\drivers\spldr.sys (file missing)
R0 Tcpip (TCP/IP Protocol Driver) - c:\windows\system32\drivers\tcpip.sys (file missing)
R0 volmgr (Volume Manager Driver) - c:\windows\system32\drivers\volmgr.sys (file missing)
R0 volmgrx (Dynamic Volume Manager) - c:\windows\system32\drivers\volmgrx.sys (file missing)
R0 volsnap (Storage volumes) - c:\windows\system32\drivers\volsnap.sys (file missing)
R0 Wdf01000 (Kernel Mode Driver Frameworks service) - c:\windows\system32\drivers\wdf01000.sys (file missing)
R1 AFD (Ancilliary Function Driver for Winsock) - c:\windows\system32\drivers\afd.sys (file missing)
R1 AvgCln64 (AVG7 Clean Driver (x64)) - c:\windows\system32\drivers\avgcln64.sys (file missing)
R1 AvgMfx64 (AVG Minifilter x64 Resident Driver) - c:\windows\system32\drivers\avgmfx64.sys (file missing)
R1 cdrom (CD-ROM Driver) - c:\windows\system32\drivers\cdrom.sys (file missing)
R1 DfsC (DFS Namespace Client Driver) - c:\windows\system32\drivers\dfsc.sys (file missing)
R1 i8042prt (i8042 Keyboard and PS/2 Mouse Port Driver) - c:\windows\system32\drivers\i8042prt.sys (file missing)
R1 kbdclass (Keyboard Class Driver) - c:\windows\system32\drivers\kbdclass.sys (file missing)
R1 mouclass (Mouse Class Driver) - c:\windows\system32\drivers\mouclass.sys (file missing)
R1 Msfs - c:\windows\system32\drivers\msfs.sys (file missing)
R1 NetBIOS (NetBIOS Interface) - c:\windows\system32\drivers\netbios.sys (file missing)
R1 netbt - c:\windows\system32\drivers\netbt.sys (file missing)
R1 Npfs - c:\windows\system32\drivers\npfs.sys (file missing)
R1 nsiproxy (NSI proxy service) - c:\windows\system32\drivers\nsiproxy.sys (file missing)
R1 Null - c:\windows\system32\drivers\null.sys (file missing)
R1 PSched (QoS Packet Scheduler) - c:\windows\system32\drivers\pacer.sys (file missing)
R1 RasAcd (Remote Access Auto Connection Driver) - c:\windows\system32\drivers\rasacd.sys (file missing)
R1 rdbss (Redirected Buffering Sub Sysytem) - c:\windows\system32\drivers\rdbss.sys (file missing)
R1 RDPCDD - c:\windows\system32\drivers\rdpcdd.sys (file missing)
R1 RDPENCDD (RDP Encoder Mirror Driver) - c:\windows\system32\drivers\rdpencdd.sys (file missing)
R1 Smb (Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)) - c:\windows\system32\drivers\smb.sys (file missing)
R1 tdx (NetIO Legacy TDI Support Driver) - c:\windows\system32\drivers\tdx.sys (file missing)
R1 TermDD (Terminal Device Driver) - c:\windows\system32\drivers\termdd.sys (file missing)
R1 VgaSave - c:\windows\system32\drivers\vga.sys (file missing)
R1 Wanarpv6 (Remote Access IPv6 ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing)
R2 lltdio (Link-Layer Topology Discovery Mapper I/O Driver) - c:\windows\system32\drivers\lltdio.sys (file missing)
R2 luafv (UAC File Virtualization) - c:\windows\system32\drivers\luafv.sys (file missing)
R2 PEAUTH - c:\windows\system32\drivers\peauth.sys (file missing)
R2 rspndr (Link-Layer Topology Discovery Responder) - c:\windows\system32\drivers\rspndr.sys (file missing)
R2 secdrv (Security Driver) - c:\windows\system32\drivers\secdrv.sys (file missing)
R2 tcpipreg (TCP/IP Registry Compatibility) - c:\windows\system32\drivers\tcpipreg.sys (file missing)
R3 AgereSoftModem (Agere Systems Soft Modem) - c:\windows\system32\drivers\agrsm64.sys (file missing)
R3 AmdK8 (AMD K8 Processor Driver) - c:\windows\system32\drivers\amdk8.sys (file missing)
R3 AsyncMac (RAS Asynchronous Media Driver) - c:\windows\system32\drivers\asyncmac.sys (file missing)
R3 AvgWFPx64 (AVG7 Firewall Driver x64) - c:\windows\system32\drivers\avgwfpx64.sys (file missing)
R3 bowser - c:\windows\system32\drivers\bowser.sys (file missing)
R3 DXGKrnl (LDDM Graphics Subsystem) - c:\windows\system32\drivers\dxgkrnl.sys (file missing)
R3 fastfat (FAT12/16/32 File System Driver) - c:\windows\system32\drivers\fastfat.sys (file missing)
R3 HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - c:\windows\system32\drivers\hdaudbus.sys (file missing)
R3 HidUsb (Microsoft HID Class Driver) - c:\windows\system32\drivers\hidusb.sys (file missing)
R3 HTTP - c:\windows\system32\drivers\http.sys (file missing)
R3 IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - c:\windows\system32\drivers\rtkvhd64.sys (file missing)
R3 iScsiPrt (iScsiPort Driver) - c:\windows\system32\drivers\msiscsi.sys (file missing)
R3 ksthunk (Kernel Streaming Thunks) - c:\windows\system32\drivers\ksthunk.sys (file missing)
R3 Modem - c:\windows\system32\drivers\modem.sys (file missing)
R3 monitor (Microsoft Monitor Class Function Driver Service) - c:\windows\system32\drivers\monitor.sys (file missing)
R3 mouhid (Mouse HID Driver) - c:\windows\system32\drivers\mouhid.sys (file missing)
R3 mpsdrv (Windows Firewall Authorization Driver) - c:\windows\system32\drivers\mpsdrv.sys (file missing)
R3 MRxDAV (WebDav Client Redirector Driver) - c:\windows\system32\drivers\mrxdav.sys (file missing)
R3 mrxsmb (SMB MiniRedirector Wrapper and Engine) - c:\windows\system32\drivers\mrxsmb.sys (file missing)
R3 mrxsmb10 (SMB 1.x MiniRedirector) - c:\windows\system32\drivers\mrxsmb10.sys (file missing)
R3 mrxsmb20 (SMB 2.0 MiniRedirector) - c:\windows\system32\drivers\mrxsmb20.sys (file missing)
R3 mssmbios (Microsoft System Management BIOS Driver) - c:\windows\system32\drivers\mssmbios.sys (file missing)
R3 NdisTapi (Remote Access NDIS TAPI Driver) - c:\windows\system32\drivers\ndistapi.sys (file missing)
R3 NdisWan (Remote Access NDIS WAN Driver) - c:\windows\system32\drivers\ndiswan.sys (file missing)
R3 NDProxy (NDIS Proxy) - c:\windows\system32\drivers\ndproxy.sys (file missing)
R3 Ntfs - c:\windows\system32\drivers\ntfs.sys (file missing)
R3 NVENETFD (NVIDIA nForce Networking Controller Driver) - c:\windows\system32\drivers\nvm60x64.sys (file missing)
R3 nvlddmkm - c:\windows\system32\drivers\nvlddmkm.sys (file missing)
R3 ohci1394 (AGERE OHCI Compliant IEEE 1394 Host Controller) - c:\windows\system32\drivers\ohci1394.sys (file missing)
R3 PptpMiniport (WAN Miniport (PPTP)) - c:\windows\system32\drivers\raspptp.sys (file missing)
R3 Rasl2tp (WAN Miniport (L2TP)) - c:\windows\system32\drivers\rasl2tp.sys (file missing)
R3 RasPppoe (Remote Access PPPOE Driver) - c:\windows\system32\drivers\raspppoe.sys (file missing)
R3 RasSstp (WAN Miniport (SSTP)) - c:\windows\system32\drivers\rassstp.sys (file missing)
R3 srv - c:\windows\system32\drivers\srv.sys (file missing)
R3 srv2 - c:\windows\system32\drivers\srv2.sys (file missing)
R3 srvnet - c:\windows\system32\drivers\srvnet.sys (file missing)
R3 swenum (Software Bus Driver) - c:\windows\system32\drivers\swenum.sys (file missing)
R3 tunmp (Microsoft Tun Miniport Adapter Driver) - c:\windows\system32\drivers\tunmp.sys (file missing)
R3 tunnel (Microsoft IPv6 Tunnel Miniport Adapter Driver) - c:\windows\system32\drivers\tunnel.sys (file missing)
R3 umbus (UMBus Enumerator Driver) - c:\windows\system32\drivers\umbus.sys (file missing)
R3 usbaudio (USB Audio Driver (WDM)) - c:\windows\system32\drivers\usbaudio.sys (file missing)
R3 usbccgp (Microsoft USB Generic Parent Driver) - c:\windows\system32\drivers\usbccgp.sys (file missing)
R3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - c:\windows\system32\drivers\usbehci.sys (file missing)
R3 usbhub (USB2 Enabled Hub) - c:\windows\system32\drivers\usbhub.sys (file missing)
R3 usbohci (Microsoft USB Open Host Controller Miniport Driver) - c:\windows\system32\drivers\usbohci.sys (file missing)
R3 USBSTOR (USB Mass Storage Driver) - c:\windows\system32\drivers\usbstor.sys (file missing)
R3 WUDFRd - c:\windows\system32\drivers\wudfrd.sys (file missing)
R4 cdfs (CD/DVD File System Reader) - c:\windows\system32\drivers\cdfs.sys (file missing)

S3 agp440 (Intel AGP Bus Filter) - c:\windows\system32\drivers\agp440.sys (file missing)
S3 BrFiltLo (Brother USB Mass-Storage Lower Filter Driver) - c:\windows\system32\drivers\brfiltlo.sys (file missing)
S3 BrFiltUp (Brother USB Mass-Storage Upper Filter Driver) - c:\windows\system32\drivers\brfiltup.sys (file missing)
S3 BrUsbSer (Brother MFC USB Serial WDM Driver) - c:\windows\system32\drivers\brusbser.sys (file missing)
S3 drmkaud (Microsoft Kernel DRM Audio Descrambler) - c:\windows\system32\drivers\drmkaud.sys (file missing)
S3 E1G60 (Intel(R) PRO/1000 NDIS 6 Adapter Driver) - c:\windows\system32\drivers\e1g6032e.sys (file missing)
S3 exfat (exFAT File System Driver) - c:\windows\system32\drivers\exfat.sys (file missing)
S3 Filetrace - c:\windows\system32\drivers\filetrace.sys (file missing)
S3 gagp30kx (Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) - c:\windows\system32\drivers\gagp30kx.sys (file missing)
S3 HdAudAddService (Microsoft 1.1 UAA Function Driver for High Definition Audio Service) - c:\windows\system32\drivers\hdaudio.sys (file missing)
S3 IpFilterDriver (IP Traffic Filter Driver) - c:\windows\system32\drivers\ipfltdrv.sys (file missing)
S3 IPNAT (IP Network Address Translator) - c:\windows\system32\drivers\ipnat.sys (file missing)
S3 IRENUM (IR Bus Enumerator) - c:\windows\system32\drivers\irenum.sys (file missing)
S3 MSKSSRV (Microsoft Streaming Service Proxy) - c:\windows\system32\drivers\mskssrv.sys (file missing)
S3 MSPCLOCK (Microsoft Streaming Clock Proxy) - c:\windows\system32\drivers\mspclock.sys (file missing)
S3 MSPQM (Microsoft Streaming Quality Manager Proxy) - c:\windows\system32\drivers\mspqm.sys (file missing)
S3 MsRPC - c:\windows\system32\drivers\msrpc.sys (file missing)
S3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - c:\windows\system32\drivers\mstee.sys (file missing)
S3 NativeWifiP (NativeWiFi Filter) - c:\windows\system32\drivers\nwifi.sys (file missing)
S3 Ndisuio (NDIS Usermode I/O Protocol) - c:\windows\system32\drivers\ndisuio.sys (file missing)
S3 nv_agp (NVIDIA nForce AGP Bus Filter) - c:\windows\system32\drivers\nv_agp.sys (file missing)
S3 QWAVEdrv (QWAVE driver) - c:\windows\system32\drivers\qwavedrv.sys (file missing)
S3 RDPWD (RDP Winstation Driver) - c:\windows\system32\drivers\rdpwd.sys (file missing)
S3 Serenum (Serenum Filter Driver) - c:\windows\system32\drivers\serenum.sys (file missing)
S3 Serial (Serial Port Driver) - c:\windows\system32\drivers\serial.sys (file missing)
S3 sffp_mmc (SFF Storage Protocol Driver for MMC) - c:\windows\system32\drivers\sffp_mmc.sys (file missing)
S3 sffp_sd (SFF Storage Protocol Driver for SDBus) - c:\windows\system32\drivers\sffp_sd.sys (file missing)
S3 Tcpip6 (Microsoft IPv6 Protocol Driver) - c:\windows\system32\drivers\tcpip.sys (file missing)
S3 TDPIPE - c:\windows\system32\drivers\tdpipe.sys (file missing)
S3 TDTCP - c:\windows\system32\drivers\tdtcp.sys (file missing)
S3 tssecsrv (Terminal Services Security Filter Driver) - c:\windows\system32\drivers\tssecsrv.sys (file missing)
S3 uagp35 (Microsoft AGPv3.5 Filter) - c:\windows\system32\drivers\uagp35.sys (file missing)
S3 uliagpkx (Uli AGP Bus Filter) - c:\windows\system32\drivers\uliagpkx.sys (file missing)
S3 vga - c:\windows\system32\drivers\vgapnp.sys (file missing)
S3 Wanarp (Remote Access IP ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing)
S4 adp94xx - c:\windows\system32\drivers\adp94xx.sys (file missing)
S4 adpahci - c:\windows\system32\drivers\adpahci.sys (file missing)
S4 adpu160m - c:\windows\system32\drivers\adpu160m.sys (file missing)
S4 adpu320 - c:\windows\system32\drivers\adpu320.sys (file missing)
S4 aic78xx - c:\windows\system32\drivers\djsvs.sys (file missing)
S4 aliide - c:\windows\system32\drivers\aliide.sys (file missing)
S4 amdide - c:\windows\system32\drivers\amdide.sys (file missing)
S4 arc - c:\windows\system32\drivers\arc.sys (file missing)
S4 arcsas - c:\windows\system32\drivers\arcsas.sys (file missing)
S4 blbdrive - c:\windows\system32\drivers\blbdrive.sys (file missing)
S4 Brserid (Brother MFC Serial Port Interface Driver (WDM)) - c:\windows\system32\drivers\brserid.sys (file missing)
S4 BrSerWdm (Brother WDM Serial driver) - c:\windows\system32\drivers\brserwdm.sys (file missing)
S4 BrUsbMdm (Brother MFC USB Fax Only Modem) - c:\windows\system32\drivers\brusbmdm.sys (file missing)
S4 BTHMODEM (Bluetooth Serial Communications Driver) - c:\windows\system32\drivers\bthmodem.sys (file missing)
S4 circlass (Consumer IR Devices) - c:\windows\system32\drivers\circlass.sys (file missing)
S4 cmdide - c:\windows\system32\drivers\cmdide.sys (file missing)
S4 Compbatt (Microsoft Composite Battery Driver) - c:\windows\system32\drivers\compbatt.sys (file missing)
S4 elxstor - c:\windows\system32\drivers\elxstor.sys (file missing)
S4 ErrDev (Microsoft Hardware Error Device Driver) - c:\windows\system32\drivers\errdev.sys (file missing)
S4 fdc (Floppy Disk Controller Driver) - c:\windows\system32\drivers\fdc.sys (file missing)
S4 flpydisk (Floppy Disk Driver) - c:\windows\system32\drivers\flpydisk.sys (file missing)
S4 HidBth (Microsoft Bluetooth HID Miniport) - c:\windows\system32\drivers\hidbth.sys (file missing)
S4 HidIr (Microsoft Infrared HID Driver) - c:\windows\system32\drivers\hidir.sys (file missing)
S4 HpCISSs - c:\windows\system32\drivers\hpcisss.sys (file missing)
S4 i2omp - c:\windows\system32\drivers\i2omp.sys (file missing)
S4 iaStorV (Intel RAID Controller Vista) - c:\windows\system32\drivers\iastorv.sys (file missing)
S4 iirsp - c:\windows\system32\drivers\iirsp.sys (file missing)
S4 intelide - c:\windows\system32\drivers\intelide.sys (file missing)
S4 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)
S4 IPMIDRV - c:\windows\system32\drivers\ipmidrv.sys (file missing)
S4 isapnp (PnP ISA/EISA Bus Driver) - c:\windows\system32\drivers\isapnp.sys (file missing)
S4 iteatapi (ITEATAPI_Service_Install) - c:\windows\system32\drivers\iteatapi.sys (file missing)
S4 iteraid (ITERAID_Service_Install) - c:\windows\system32\drivers\iteraid.sys (file missing)
S4 kbdhid (Keyboard HID Driver) - c:\windows\system32\drivers\kbdhid.sys (file missing)
S4 LSI_FC - c:\windows\system32\drivers\lsi_fc.sys (file missing)
S4 LSI_SAS - c:\windows\system32\drivers\lsi_sas.sys (file missing)
S4 LSI_SCSI - c:\windows\system32\drivers\lsi_scsi.sys (file missing)
S4 megasas - c:\windows\system32\drivers\megasas.sys (file missing)
S4 MegaSR - c:\windows\system32\drivers\megasr.sys (file missing)
S4 mpio (Microsoft Multi-Path Bus Driver) - c:\windows\system32\drivers\mpio.sys (file missing)
S4 Mraid35x - c:\windows\system32\drivers\mraid35x.sys (file missing)
S4 msahci - c:\windows\system32\drivers\msahci.sys (file missing)
S4 msdsm (Microsoft Multi-Path Device Specific Module) - c:\windows\system32\drivers\msdsm.sys (file missing)
S4 nfrd960 - c:\windows\system32\drivers\nfrd960.sys (file missing)
S4 nvraid (NVIDIA nForce RAID Driver ) - c:\windows\system32\drivers\nvraid.sys (file missing)
S4 Parport (Parallel port driver) - c:\windows\system32\drivers\parport.sys (file missing)
S4 pcmcia - c:\windows\system32\drivers\pcmcia.sys (file missing)
S4 Processor (Processor Driver) - c:\windows\system32\drivers\processr.sys (file missing)
S4 ql2300 (QLogic Fibre Channel Miniport Driver) - c:\windows\system32\drivers\ql2300.sys (file missing)
S4 ql40xx (QLogic iSCSI Miniport Driver) - c:\windows\system32\drivers\ql40xx.sys (file missing)
S4 rdpdr (Terminal Server Device Redirector Driver) - c:\windows\system32\drivers\rdpdr.sys (file missing)
S4 sbp2port (SBP-2 Transport/Protocol Bus Driver) - c:\windows\system32\drivers\sbp2port.sys (file missing)
S4 sermouse (Serial Mouse Driver) - c:\windows\system32\drivers\sermouse.sys (file missing)
S4 sffdisk (SFF Storage Class Driver) - c:\windows\system32\drivers\sffdisk.sys (file missing)
S4 sfloppy (High-Capacity Floppy Disk Drive) - c:\windows\system32\drivers\sfloppy.sys (file missing)
S4 SiSRaid2 - c:\windows\system32\drivers\sisraid2.sys (file missing)
S4 SiSRaid4 - c:\windows\system32\drivers\sisraid4.sys (file missing)
S4 Sym_hi - c:\windows\system32\drivers\sym_hi.sys (file missing)
S4 Sym_u3 - c:\windows\system32\drivers\sym_u3.sys (file missing)
S4 Symc8xx - c:\windows\system32\drivers\symc8xx.sys (file missing)
S4 udfs - c:\windows\system32\drivers\udfs.sys (file missing)
S4 uliahci - c:\windows\system32\drivers\uliahci.sys (file missing)
S4 UlSata - c:\windows\system32\drivers\ulsata.sys (file missing)
S4 ulsata2 - c:\windows\system32\drivers\ulsata2.sys (file missing)
S4 usbcir (eHome Infrared Receiver (USBCIR)) - c:\windows\system32\drivers\usbcir.sys (file missing)
S4 usbprint (Microsoft USB PRINTER Class) - c:\windows\system32\drivers\usbprint.sys (file missing)
S4 usbuhci (Microsoft USB Universal Host Controller Miniport Driver) - c:\windows\system32\drivers\usbuhci.sys (file missing)
S4 viaide - c:\windows\system32\drivers\viaide.sys (file missing)
S4 vsmraid - c:\windows\system32\drivers\vsmraid.sys (file missing)
S4 WacomPen (Wacom Serial Pen HID Driver) - c:\windows\system32\drivers\wacompen.sys (file missing)
S4 Wd (Microsoft Watchdog Timer Driver) - c:\windows\system32\drivers\wd.sys (file missing)
S4 WmiAcpi (Microsoft Windows Management Interface for ACPI) - c:\windows\system32\drivers\wmiacpi.sys (file missing)
S4 ws2ifsl (Winsock IFS driver) - c:\windows\system32\drivers\ws2ifsl.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 nvsvc (NVIDIA Display Driver Service) - c:\windows\system32\nvvsvc.exe (file missing)
R2 SamSs (Security Accounts Manager) - c:\windows\system32\lsass.exe (file missing)
R2 slsvc (Software Licensing) - c:\windows\system32\slsvc.exe (file missing)
R2 Spooler (Print Spooler) - c:\windows\system32\spoolsv.exe (file missing)
R3 VSS (Volume Shadow Copy) - c:\windows\system32\vssvc.exe (file missing)

S3 ALG (Application Layer Gateway Service) - c:\windows\system32\alg.exe (file missing)
S3 DFSR (DFS Replication) - c:\windows\system32\dfsr.exe (file missing)
S3 KeyIso (CNG Key Isolation) - c:\windows\system32\lsass.exe (file missing)
S3 MSDTC (Distributed Transaction Coordinator) - c:\windows\system32\msdtc.exe (file missing)
S3 Netlogon - c:\windows\system32\lsass.exe (file missing)
S3 ProtectedStorage (Protected Storage) - c:\windows\system32\lsass.exe (file missing)
S3 RpcLocator (Remote Procedure Call (RPC) Locator) - c:\windows\system32\locator.exe (file missing)
S3 SNMPTRAP (SNMP Trap) - c:\windows\system32\snmptrap.exe (file missing)
S3 UI0Detect (Interactive Services Detection) - c:\windows\system32\ui0detect.exe (file missing)
S3 vds (Virtual Disk) - c:\windows\system32\vds.exe (file missing)
S3 wmiApSrv (WMI Performance Adapter) - c:\windows\system32\wbem\wmiapsrv.exe (file missing)

-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description:
Device ID: ACPI\AWY0001\2&DABA3FF&2
Manufacturer:
Name:
PNP Device ID: ACPI\AWY0001\2&DABA3FF&2
Service:

-- Scheduled Tasks -------------------------------------------------------------

2009-01-26 04:00:00 316 --a------ C:\Windows\Tasks\sdojfeyo.job

-- Files created between 2008-12-26 and 2009-01-26 -----------------------------

2009-01-26 03:11:32 0 d-------- C:\Program Files (x86)\GetModule
2009-01-26 03:11:23 0 d-------- C:\Program Files (x86)\VnrPack
2009-01-26 03:11:23 0 d-------- C:\Program Files (x86)\iCheck
2009-01-26 02:55:51 0 d-------- C:\Program Files (x86)\WebShow
2009-01-26 02:54:51 0 dr-h----- C:\$VAULT$.AVG
2009-01-26 02:51:24 0 d-------- C:\Program Files (x86)\Mjcore
2009-01-26 02:51:06 0 d-------- C:\Users\All Users\Grisoft
2009-01-26 02:51:06 0 d-------- C:\Users\All Users\avg7
2009-01-26 01:12:18 0 d-------- C:\Users\All Users\Spybot - Search & Destroy <SPYBOT~1>
2009-01-25 13:17:53 0 d-------- C:\Program Files (x86)\Java
2009-01-19 16:35:49 0 d-------- C:\Windows\system32\Adobe
2009-01-19 16:34:58 687 --a------ C:\Windows\mozver.dat
2009-01-05 23:37:20 0 d-------- C:\Windows\system32\Macromed
2009-01-03 17:38:23 0 d-------- C:\Users\All Users\NVIDIA
2009-01-03 15:07:53 0 d-------- C:\Users\All Users\Blizzard
2009-01-03 14:04:03 0 d-------- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2009-01-03 13:57:34 0 d-------- C:\Program Files (x86)\Ventrilo
2009-01-03 13:57:09 0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2009-01-03 13:52:00 0 d-------- C:\Users\All Users\CheckPoint
2009-01-03 13:51:17 0 d-------- C:\Windows\Internet Logs
2009-01-03 13:37:04 0 d-------- C:\Windows\system32\RTCOM
2009-01-03 13:27:40 0 d-------- C:\Windows\PCHEALTH
2009-01-03 13:26:01 0 d--hs--c- C:\Program Files (x86)\Common Files\WindowsLiveInstaller
2009-01-03 13:25:41 0 d-------- C:\Program Files (x86)\Windows Live
2009-01-03 13:25:25 0 d--hs---- C:\Windows\Installer
2009-01-03 13:25:22 0 d-------- C:\Users\All Users\WLInstaller
2009-01-03 13:03:01 0 d--hs---- C:\Boot
2009-01-03 12:53:03 0 --a------ C:\Windows\nsreg.dat
2009-01-03 02:14:12 140338 ---h----- C:\Windows\system32\winamp.exe
2009-01-03 02:05:23 0 dr------- C:\Users\Cirno\Searches
2009-01-03 02:05:11 0 dr------- C:\Users\Cirno\Contacts
2009-01-03 02:05:06 0 dr------- C:\Users\Cirno\Videos
2009-01-03 02:05:06 0 d--hs---- C:\Users\Cirno\Templates
2009-01-03 02:05:06 0 d--hs---- C:\Users\Cirno\Start Menu
2009-01-03 02:05:06 0 d--hs---- C:\Users\Cirno\SendTo
2009-01-03 02:05:06 0 dr------- C:\Users\Cirno\Saved Games
2009-01-03 02:05:06 0 d--hs---- C:\Users\Cirno\Recent
2009-01-03 02:05:06 0 d--hs---- C:\Users\Cirno\PrintHood
2009-01-03 02:05:06 0 dr------- C:\Users\Cirno\Pictures
2009-01-03 02:05:06 1310720 --ahs---- C:\Users\Cirno\NTUSER.DAT
2009-01-03 02:05:06 0 d--hs---- C:\Users\Cirno\NetHood
2009-01-03 02:05:06 0 d--hs---- C:\Users\Cirno\My Documents
2009-01-03 02:05:06 0 dr------- C:\Users\Cirno\Music
2009-01-03 02:05:06 0 d--hs---- C:\Users\Cirno\Local Settings
2009-01-03 02:05:06 0 dr------- C:\Users\Cirno\Links
2009-01-03 02:05:06 0 dr------- C:\Users\Cirno\Favorites
2009-01-03 02:05:06 0 dr------- C:\Users\Cirno\Downloads
2009-01-03 02:05:06 0 dr------- C:\Users\Cirno\Documents
2009-01-03 02:05:06 0 dr------- C:\Users\Cirno\Desktop
2009-01-03 02:05:06 0 d--hs---- C:\Users\Cirno\Cookies
2009-01-03 02:05:06 0 d--hs---- C:\Users\Cirno\Application Data
2009-01-03 02:05:06 0 d--h----- C:\Users\Cirno\AppData
2009-01-03 02:01:07 0 d-------- C:\Windows\Debug
2009-01-03 01:58:35 0 d-------- C:\Windows\SoftwareDistribution
2009-01-03 01:53:31 0 d-------- C:\Windows\Prefetch
2009-01-03 01:53:27 0 d--hs---- C:\System Volume Information
2009-01-03 01:52:35 0 d-------- C:\Windows\Panther

-- Find3M Report ---------------------------------------------------------------

2009-01-26 03:56:25 0 d-------- C:\Users\Cirno\AppData\Roaming\cogad
2009-01-26 03:11:36 0 d-------- C:\Users\Cirno\AppData\Roaming\GetModule
2009-01-26 03:06:08 0 d-------- C:\Users\Cirno\AppData\Roaming\SpeedRunner
2009-01-26 03:01:30 0 d-------- C:\Users\Cirno\AppData\Roaming\Twain
2009-01-26 02:54:16 0 d-------- C:\Users\Cirno\AppData\Roaming\AVG7
2009-01-25 13:21:12 0 d-------- C:\Users\Cirno\AppData\Roaming\Azureus
2009-01-17 23:31:35 0 d-------- C:\Users\Cirno\AppData\Roaming\vlc
2009-01-17 23:24:47 0 d-------- C:\Users\Cirno\AppData\Roaming\Media Player Classic
2009-01-17 17:41:09 0 d-------- C:\Users\Cirno\AppData\Roaming\Ventrilo
2009-01-15 09:36:35 0 d-------- C:\Program Files (x86)\Windows Mail
2009-01-12 17:16:50 0 d-------- C:\Users\Cirno\AppData\Roaming\Aim
2009-01-05 23:37:33 0 d-------- C:\Users\Cirno\AppData\Roaming\Macromedia
2009-01-05 23:37:33 0 d-------- C:\Users\Cirno\AppData\Roaming\Adobe
2009-01-05 12:04:40 0 d-------- C:\Users\Cirno\AppData\Roaming\WinRAR
2009-01-03 14:04:03 0 d-------- C:\Program Files (x86)\Common Files
2009-01-03 12:53:01 0 d-------- C:\Users\Cirno\AppData\Roaming\Mozilla
2009-01-03 02:05:13 0 d-------- C:\Users\Cirno\AppData\Roaming\Identities

-- Registry Dump ---------------------------------------------------------------

-- End of Deckard's System Scanner: finished at 2009-01-26 04:21:46 ------------

End of Main.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6001) SP 1.0
Architecture: X64; Language: English

CPU 0: AMD Athlon(tm) 64 Processor 3800+
Percentage of Memory in Use: 39%
Physical Memory (total/avail): 2045.76 MiB / 1228.39 MiB
Pagefile Memory (total/avail): 4336.08 MiB / 3057.2 MiB
Virtual Memory (total/avail): 4095.88 MiB / 3952.34 MiB

C: is Fixed (NTFS) - 465.76 GiB total, 377.51 GiB free.
D: is Fixed (NTFS) - 177.81 GiB total, 150.68 GiB free.
E: is Fixed (NTFS) - 8.5 GiB total, 8.41 GiB free.
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (FAT)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST320082 6AS SCSI Disk Device - 186.31 GiB - 2 partitions
\PARTITION0 - Extended w/Extended Int 13 - 177.81 GiB - D:
\PARTITION1 (bootable) - Installable File System - 8.5 GiB - E:

\\.\PHYSICALDRIVE1 - WDC WD50 00AAKS-00A7B SCSI Disk Device - 465.76 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 465.76 GiB - C:

\\.\PHYSICALDRIVE3 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE5 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE2 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB SM Reader USB Device - 117.66 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 124.98 MiB - I:

-- Security Center -------------------------------------------------------------

Windows Internal Firewall is enabled.

AV: AVG 7.5.516 v7.5.516 (Grisoft)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPoli cy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPoli cy\StandardProfile\AuthorizedApplications\List]

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Cirno\AppData\Roaming
CommonProgramFiles=C:\Program Files (x86)\Common Files
CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
CommonProgramW6432=C:\Program Files\Common Files
COMPUTERNAME=CIRNO-PC
ComSpec=C:\Windows\system32\cmd.exe
DFSTRACINGON=FALSE
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Cirno
LOCALAPPDATA=C:\Users\Cirno\AppData\Local
LOGONSERVER=\\CIRNO-PC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_ARCHITEW6432=AMD64
PROCESSOR_IDENTIFIER=AMD64 Family 15 Model 47 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f02
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files (x86)
ProgramFiles(x86)=C:\Program Files (x86)
ProgramW6432=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Cirno\AppData\Local\Temp
TMP=C:\Users\Cirno\AppData\Local\Temp
TRACE_FORMAT_SEARCH_PATH=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
USERDOMAIN=Cirno-PC
USERNAME=Cirno
USERPROFILE=C:\Users\Cirno
windir=C:\Windows

-- User Profiles ---------------------------------------------------------------

Cirno (admin)

-- Add/Remove Programs ---------------------------------------------------------

Adobe Flash Player 10 ActiveX --> C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin --> C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player --> C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Albatross18 (OGPlanet) --> C:\Program Files\OGPlanet\Albatross18\uninstall.exe
AOL Instant Messenger (SM) --> C:\Program Files\AIM95\uninstll.exe -LOG= C:\Program Files\AIM95\install.log -OEM=
AVG 7.5 --> C:\Program Files (x86)\Grisoft\AVG7\setup.exe /UNINSTALL
Azureus --> C:\Program Files\Azureus\Uninstall.exe
Internet Speed Monitor --> C:\Program Files (x86)\iCheck\Uninstall.exe
Java(TM) 6 Update 11 --> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Mozilla Firefox (2.0.0.20) --> C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
Realtek High Definition Audio Driver --> RtlUpd64.exe -r -m
SpeedRunner --> C:\Users\Cirno\AppData\Roaming\SpeedRunner\SRUninstall.exe
VC 9.0 Runtime --> MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VLC media player 0.9.8a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files (x86)\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type1359 / Error
Event Submitted/Written: 01/26/2009 03:58:14 AM
Event ID/Source: 10 / WinMgmt
Event Description:
//./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Event Record #/Type1355 / Success
Event Submitted/Written: 01/26/2009 03:57:19 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type1351 / Success
Event Submitted/Written: 01/26/2009 03:57:11 AM
Event ID/Source: 5617 / WinMgmt
Event Description:

Event Record #/Type1350 / Success
Event Submitted/Written: 01/26/2009 03:57:10 AM
Event ID/Source: 5615 / WinMgmt
Event Description:

Event Record #/Type1332 / Error
Event Submitted/Written: 01/26/2009 03:04:41 AM
Event ID/Source: 8194 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {0b98fe72-32bc-4a81-8a53-856c9cb89584}

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type11028 / Error
Event Submitted/Written: 01/26/2009 03:56:45 AM
Event ID/Source: 15016 / HTTP
Event Description:
\Device\Http\ReqQueueKerberos

Event Record #/Type10989 / Warning
Event Submitted/Written: 01/26/2009 03:54:36 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type10987 / Warning
Event Submitted/Written: 01/26/2009 03:22:34 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type10984 / Warning
Event Submitted/Written: 01/26/2009 03:11:35 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%%8271.1.1600.0{1ECA22BB-7874-41BF-83ED-E96A53A7FE7F}Cirno-PCCirnoS-1-5-21-616576610-75377412-1125985735-1000Unknown%%832regkey:HKCU@S-1-5-21-616576610-75377412-1125985735-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GetModule35;runkey:HKCU @S-1-5-21-616576610-75377412-1125985735-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GetModule35;file:C:\Pro gram Files (x86)\GetModule\GetModule35.exe0%%807

Event Record #/Type10983 / Warning
Event Submitted/Written: 01/26/2009 03:11:34 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%%8271.1.1600.0{3DBA0EC3-4F3F-4FBE-8469-4FF25E3849C4}Cirno-PCCirnoS-1-5-21-616576610-75377412-1125985735-1000Unknown%%832regkey:HKCU@S-1-5-21-616576610-75377412-1125985735-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GetModule35;runkey:HKCU @S-1-5-21-616576610-75377412-1125985735-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GetModule35;file:C:\Pro gram Files (x86)\GetModule\GetModule35.exe0%%807

-- End of Deckard's System Scanner: finished at 2009-01-26 04:21:46 ------------

And those are the two text files. Any help would be appreciated. I've use my vista key several times already and I don't know how many more times I can afford to reformat, which of course is an option to getting rid of viruses and trojans and all that bad stuff, but isn't a good one.

**Geri** · 27th January 2009

Hi Selphy
This comes back as a password stealer.

I would suggest you change all passwords using a Non-infected computer (Not this one) and refrain from any credit card or financial dealings until clean. If you do any financial dealings with this computer Contact any credit card or banks for possible fraud on your account.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can attempt to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Unfortunately there are no tools that we use that will work on a 64 bit machine.

So we will have to do this manually.

Let me know what you would like to do.

Thanks
Geri

Selphy · 27th January 2009

Well, I guess if I have to reformat again, I'll do it again. I'm sure I can do that easily myself, but is there anything I have to watch for, or should do?

**Geri** · 27th January 2009

Hi
P2P file sharing will get you, I suggest you remove any P2P programs.

Azureus

I see you have P2P software (Azureus, Limewire, BitTorrent uTorrent etc… ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them,

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

Then look here.

Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Malware and Virus Removal Forums.
An ounce of prevention is worth a pound of cure

Geri