Numerous infections, including troy44, p.trats and win32.trojandownloa

Hi and thanx for your time in helping me. The 2 log files requested follow:

Deckard's System Scanner v20071014.68
Run by TJ on 2008-01-07 06:07:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
10: 2008-01-07 12:07:31 UTC - RP417 - Deckard's System Scanner Restore Point
9: 2008-01-06 13:55:09 UTC - RP416 - System Checkpoint
8: 2008-01-05 13:53:48 UTC - RP415 - System Checkpoint
7: 2008-01-04 12:40:21 UTC - RP414 - Installed Windows Live
6: 2008-01-04 12:40:02 UTC - RP413 - Installed Windows Live installer

-- First Restore Point --
1: 2008-01-03 06:01:54 UTC - RP408 - virus prescan point

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as TJ.exe) --------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:08:25 AM, on 1/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Downloads\virus\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\TJ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vnboards.ign....ersebb/b5334/p1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\TJ\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\TJ\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.gaiaon...ns/IDMFlash.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1170604162896
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://tw.msi.com.tw...ine/install.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\RpcSandraSrv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6201 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080103-220449-210 O4 - HKLM\..\Run: [troy44] C:\WINDOWS\troy44.exe
backup-20080103-220449-455 O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sur...ge/w4sgeen9.exe
backup-20080103-220918-356 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080103-220918-563 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080103-220918-911 O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
backup-20080103-221004-255 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20080103-221057-302 O4 - HKLM\..\Run: [win32079641761035] C:\WINDOWS\win32079641761035.exe

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 atitray - c:\program files\ray adams\ati tray tools\atitray.sys
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R1 VIAPFD - c:\windows\system32\drivers\viapfd.sys <Not Verified; VIA Technologies. Inc.; VIA PFD driver>
R2 nxsIO32 (NextSensor Kernel I/O Driver) - c:\windows\system32\drivers\nxsio32.sys
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 SABProcEnum - c:\program files\internet explorer\sabprocenum.sys (file missing)
S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>
S3 SYMIDSCO - c:\progra~1\common~1\symant~1\symcdata\ids-di~1\20071220.001\symidsco.sys (file missing)
S3 VIASens (Vinyl Sensaura WDM 3D Audio Driver) - c:\windows\system32\drivers\viasens.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 SandraDataSrv (SiSoftware Database Agent Service) - c:\program files\sisoftware\sisoftware sandra lite xi.sp1\win32\rpcdatasrv.exe <Not Verified; SiSoftware; SiSoftware Sandra XI.SP1>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-01-02 16:32:00 264 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2007-11-13 14:47:00 386 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job

-- Files created between 2007-12-07 and 2008-01-07 -----------------------------

2008-01-04 06:40:04 0 d-------- C:\Program Files\Windows Live
2008-01-03 17:10:48 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-01-03 17:09:57 8576 --a------ C:\WINDOWS\system32\drivers\llmndygjkjlc.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-03 16:59:30 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-03 15:18:37 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-03 15:18:24 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-03 15:18:24 0 d-------- C:\Documents and Settings\TJ\Application Data\SUPERAntiSpyware.com
2008-01-03 15:17:21 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-03 11:28:40 0 d-------- C:\Documents and Settings\Chris\Application Data\Grisoft
2008-01-03 00:24:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-03 00:14:54 0 d-------- C:\Documents and Settings\TJ\Application Data\Grisoft
2008-01-03 00:14:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-02 02:24:10 0 d-------- C:\Program Files\Trend Micro
2008-01-01 10:27:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-01-01 10:27:53 0 d-------- C:\Program Files\kernel
2008-01-01 10:23:37 0 d-------- C:\WINDOWS\system32\ardCo02
2008-01-01 10:23:36 0 d-------- C:\Temp
2007-12-31 22:15:10 0 d-------- C:\Documents and Settings\Chris\Application Data\Sun
2007-12-29 03:56:47 0 d-------- C:\3Com
2007-12-27 21:55:36 0 d-------- C:\Documents and Settings\Chris\Application Data\Viewpoint
2007-12-27 21:23:09 0 d-------- C:\NASCAR2
2007-12-15 05:39:19 0 d-------- C:\Program Files\Monopoly

-- Find3M Report ---------------------------------------------------------------

2008-01-07 06:04:28 0 d-------- C:\Program Files\Absolute Poker
2008-01-03 22:07:31 0 d-------- C:\Program Files\Common Files
2008-01-03 17:35:43 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-02 23:42:54 0 d-------- C:\Program Files\SymNetDrv
2008-01-02 02:04:53 0 d-------- C:\Program Files\Norton SystemWorks
2008-01-01 10:29:18 0 d-------- C:\Program Files\AIM6
2007-12-28 15:16:30 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-20 03:12:41 0 d-------- C:\Program Files\Decal 3.0
2007-12-02 13:36:57 0 d-------- C:\Documents and Settings\TJ\Application Data\Sun
2007-12-02 13:36:34 0 d-------- C:\Program Files\Java
2007-12-01 21:34:36 0 d-------- C:\Program Files\Viewpoint
2007-12-01 21:33:46 0 d-------- C:\Program Files\Common Files\AOL
2007-11-27 23:50:21 0 d-------- C:\Program Files\Messenger Plus! Live
2007-11-24 19:21:23 0 d-------- C:\Program Files\MSI
2007-11-24 19:18:19 0 d-------- C:\Program Files\SpeedFan
2007-11-24 19:17:46 0 d-------- C:\Program Files\Motherboard Monitor 5
2007-11-20 19:20:25 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-17 01:52:15 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-14 03:21:43 0 d-------- C:\Documents and Settings\TJ\Application Data\OpenOffice.org2
2007-11-13 17:51:27 0 d-------- C:\Program Files\CachemanXP
2007-11-13 16:35:18 0 d-------- C:\Documents and Settings\TJ\Application Data\Uniblue

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" []
"Logitech Utility"="Logi_MwX.Exe" [11/07/2003 03:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 03:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CPUCooLServer"=2 (0x2)

-- End of Deckard's System Scanner: finished at 2008-01-07 06:09:50 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ processor
Percentage of Memory in Use: 33%
Physical Memory (total/avail): 639.48 MiB / 424.48 MiB
Pagefile Memory (total/avail): 1602.34 MiB / 1316.15 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.79 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 21.49 GiB total, 6.8 GiB free.
D: is Fixed (NTFS) - 12.65 GiB total, 7.4 GiB free.
E: is CDROM (No Media)
F: is CDROM (CDFS)
G: is Fixed (NTFS) - 15.77 GiB total, 15.71 GiB free.

\\.\PHYSICALDRIVE0 - ST340014A - 37.27 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 21.49 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 15.77 GiB - G:

\\.\PHYSICALDRIVE1 - WDC AC313500D - 12.65 GiB - 1 partition
\PARTITION0 - 16-bit FAT - 12.65 GiB - D:

-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
AntivirusOverride is set.

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Turbine\\Asheron's Call - Throne of Destiny\\aclauncher.exe"="C:\\Program Files\\Turbine\\Asheron's Call - Throne of Destiny\\aclauncher.exe:*:Enabled:AC Launcher"
"C:\\Program Files\\Turbine\\Asheron's Call - Throne of Destiny\\acclient.exe"="C:\\Program Files\\Turbine\\Asheron's Call - Throne of Destiny\\acclient.exe:*:Enabled:acclient"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Turbine\\Asheron's Call - Throne of Destiny\\2\\acclient.exe"="C:\\Program Files\\Turbine\\Asheron's Call - Throne of Destiny\\2\\acclient.exe:*:Enabled:acclient"
"C:\\Program Files\\Turbine\\Asheron's Call - Throne of Destiny\\2\\aclauncher.exe"="C:\\Program Files\\Turbine\\Asheron's Call - Throne of Destiny\\2\\aclauncher.exe:*:Enabled:AC Launcher"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\TJ\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TJS-COMPUTER
ComSpec=C:\WINDOWS\system32\cmd.exe
DXSDK_DIR=C:\Program Files\Microsoft DirectX SDK (August 2007)\
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\TJ
LOGONSERVER=\\TJS-COMPUTER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Microsoft DirectX SDK (August 2007)\Utilities\Bin\x86;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 4 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0402
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\TJ\LOCALS~1\Temp
TMP=C:\DOCUME~1\TJ\LOCALS~1\Temp
USERDOMAIN=TJS-COMPUTER
USERNAME=TJ
USERPROFILE=C:\Documents and Settings\TJ
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

TJ (admin)
Chris (admin)
Brandi (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Absolute Poker --> C:\Program Files\_uninstallation_info\Absolute Poker\CasinoUninstall.exe
AC+ --> MsiExec.exe /I{FC058280-BC67-4F76-B1A4-162877458C9E}
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Alinco Decal Plugin --> MsiExec.exe /I{CDB5DE25-657B-4614-9081-33EB44E2DC84}
Alinco Filter --> MsiExec.exe /I{02DEB14E-BE29-4CA7-92F3-BC7FAA4CBAD1}
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
Asheron's Call Dual Client Utility --> MsiExec.exe /X{522274C2-C8C5-11D5-8F1C-004F4902DE08}
Asheron's Call: Throne of Destiny --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF455208-C302-4FB3-B21D-F7CBB03DDE5A}\Setup.exe" -l0x9 -removeonly
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BotShopper --> C:\Program Files\haxit\BotShopper\uninstall.exe
CraftBot --> MsiExec.exe /I{D16291FF-A32C-4B2B-AC03-8DD9A8775818}
Decal 3.0 (Alpha 8: 2.9.6.0) --> MsiExec.exe /I{6127968F-398E-45E2-A487-0A3BD89D3F4F}
Fortune Hunter --> MsiExec.exe /I{E6C3FF42-EBD5-4935-B4F8-7952A27E018F}
Guild Wars --> "C:\Program Files\Guild Wars\Gw.exe" -uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Imp Inventory --> MsiExec.exe /I{7BF9977E-A4D7-4262-8AAF-E0DF7AC9C58D}
LifeTank XI --> MsiExec.exe /I{642BF531-FDFD-4035-A068-E277924D57D4}
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech iTouch Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 UNINSTALL
Logitech MouseWare 9.79 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Make It! --> MsiExec.exe /I{1F06459A-C9E3-4249-A29F-5D8B18F3A0E1}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft DirectX SDK (August 2007) --> MsiExec.exe /I{F0A4913F-46A5-48F2-BC73-EE41A6C81EB3}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MiniMap --> MsiExec.exe /I{C5F85A01-B118-432F-B28E-4CDC5DD31475}
Monopoly Here & Now Edition --> C:\PROGRA~1\Monopoly\UNWISE.EXE /U C:\PROGRA~1\Monopoly\INSTALL.LOG
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Mule Trade It! --> MsiExec.exe /I{62B7E9F1-FEB0-4A55-B420-730BAF3AB4C1}
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero PhotoShow Express --> "C:\Program Files\Ahead\Ahead\data\Xtras\Uninstall.exe"
NeroMIX --> C:\WINDOWS\UNNMIX.exe /UNINSTALL
NeroVision Express 2 --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
OpenOffice.org 2.1 --> MsiExec.exe /I{43983EB4-43DC-4C3D-9712-1EF592A31CA8}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PC Wizard 2007.1.72 --> "C:\Program Files\PC Wizard 2007\unins000.exe"
PCI Audio Driver --> cmuninst.exe
Quest Timer v2.4.2 Alpha --> MsiExec.exe /I{694EF928-E5BD-4938-A8BB-1AAD7A35F2C7}
Radar Add-on --> MsiExec.exe /I{D6800489-14EB-47A3-9D0F-7DBEBD15E1FF}
Ray Adams ATI Tray Tools --> "C:\Program Files\Ray Adams\ATI Tray Tools\uninstall.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SiSoftware Sandra Lite XI.SP1 (Win64/32/CE) --> "C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\unins000.exe"
Source Dedicated Server --> "C:\Program Files\Steam\steam.exe" steam://uninstall/205
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Systerac XP Tools --> MsiExec.exe /X{9BE8B234-679A-4A7C-B322-85B508A3B72C}
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
XML Paper Specification Shared Components Pack 1.0 -->
XPender --> C:\Program Files\Decal Plugins\Xpender\uninstall.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

-- Application Event Log -------------------------------------------------------

Event Record #/Type52001 / Error
Event Submitted/Written: 01/04/2008 05:52:42 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16574, faulting module flash9b.ocx, version 9.0.28.0, fault address 0x00099589.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type51992 / Success
Event Submitted/Written: 01/04/2008 06:43:24 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type51952 / Warning
Event Submitted/Written: 01/03/2008 06:33:44 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type51758 / Error
Event Submitted/Written: 01/02/2008 11:19:54 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16574, faulting module housecall_activex.dll, version 6.51.0.1025, fault address 0x00023fcf.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type51697 / Warning
Event Submitted/Written: 01/02/2008 02:00:57 AM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x800401F0

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type24269 / Warning
Event Submitted/Written: 01/06/2008 04:22:17 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type24261 / Error
Event Submitted/Written: 01/06/2008 02:43:02 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.100.2 for the Network Card with network address 00105AA07B19 has been
denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type24244 / Error
Event Submitted/Written: 01/06/2008 02:40:36 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 75.65.130.243 for the Network Card with network address 00105AA07B19 has been
denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type24243 / Error
Event Submitted/Written: 01/06/2008 02:39:56 AM / 01/06/2008 02:40:26 AM
Event ID/Source: 4 / ACPI
Event Description:
AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0xcfc), which lies in the 0xcf8 - 0xcff protected
address range. This could lead to system instability. Please contact your system vendor for technical assistance.

Event Record #/Type24242 / Error
Event Submitted/Written: 01/06/2008 02:39:56 AM / 01/06/2008 02:40:26 AM
Event ID/Source: 5 / ACPI
Event Description:
AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0xcf8), which lies in the 0xcf8 - 0xcff protected
address range. This could lead to system instability. Please contact your system vendor for technical assistance.

-- End of Deckard's System Scanner: finished at 2008-01-07 06:09:50 ------------

Numerous infections, including troy44, p.trats and win32.trojandownloa

#1
TJ Drifter

Posted 03 January 2008 - 07:12 PM

Advertisements

#2
RiP

Posted 06 January 2008 - 07:04 PM

#3
TJ Drifter

Posted 07 January 2008 - 06:19 AM

#4
RiP

Posted 11 January 2008 - 11:40 AM

#5
RiP

Posted 23 January 2008 - 12:08 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Numerous infections, including troy44, p.trats and win32.trojandownloa

#1 TJ Drifter Posted 03 January 2008 - 07:12 PM

Advertisements

#2 RiP Posted 06 January 2008 - 07:04 PM

#3 TJ Drifter Posted 07 January 2008 - 06:19 AM

#4 RiP Posted 11 January 2008 - 11:40 AM

#5 RiP Posted 23 January 2008 - 12:08 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Sign In

#1
TJ Drifter

Posted 03 January 2008 - 07:12 PM

#2
RiP

Posted 06 January 2008 - 07:04 PM

#3
TJ Drifter

Posted 07 January 2008 - 06:19 AM

#4
RiP

Posted 11 January 2008 - 11:40 AM

#5
RiP

Posted 23 January 2008 - 12:08 PM