Backdoor.Tidserv!inf Help needed

Did the log get cut off?
Is there after this line?

C:\WINDOWS\system32\TDSSwghd.log (Trojan.TDSS) -> Quarantined and deleted successfully.

Nope...that's all that's in the log

Okay, thanks for letting me know.
Well, is there any improvement? MBAM got some stuff.
Give combofix another try now.

ComboFix 08-11-24.03 - baustede 2008-11-25 15:08:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1228 [GMT -5:00]
Running from: c:\documents and settings\baustede\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\baustede\Application Data\inst.exe

----- BITS: Possible infected sites -----

hxxp://windowsupdate.udayton.edu
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\winlogon.exe

.
((((((((((((((((((((((((( Files Created from 2008-10-25 to 2008-11-25 )))))))))))))))))))))))))))))))
.

2008-11-25 14:02 . 2008-11-25 14:02 d-------- c:\documents and settings\baustede\Application Data\Malwarebytes
2008-11-25 14:02 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-25 14:01 . 2008-11-25 14:02 d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-25 14:01 . 2008-11-25 14:01 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-25 14:01 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-24 19:29 . 2008-11-24 19:29 527 --a------ c:\windows\system32\TDSSwuqs.dat
2008-11-24 19:28 . 2008-11-24 19:28 80,384 --a------ c:\documents and settings\baustede\nah_niko.exe
2008-11-24 16:41 . 2008-11-24 16:41 d-------- c:\program files\iTunes
2008-11-24 16:41 . 2008-11-24 16:41 d-------- c:\program files\iPod
2008-11-24 16:41 . 2008-11-24 16:41 d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-24 16:36 . 2008-11-24 16:36 d-------- c:\program files\QuickTime
2008-11-16 23:42 . 2008-11-17 17:01 d-------- c:\program files\Yahoo!
2008-11-16 23:42 . 2008-11-17 17:01 d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2008-11-14 12:47 . 2008-11-14 12:47 d-------- c:\program files\Common Files\Skype
2008-11-14 12:46 . 2008-11-14 12:47 dr------- c:\program files\Skype
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\system32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\system32\QuickTime.qts
2008-11-03 18:30 . 2008-11-06 18:41 92 --a------ C:\Road-Rash-3-(UEJ)-[!].pat
2008-11-03 16:27 . 2008-11-03 16:27 140,408 --a------ C:\Road-Rash-3-(UEJ)-[!].gs0
2008-11-02 18:05 . 2008-11-02 18:05 d-------- C:\ElectronicArts
2008-11-02 18:05 . 1996-01-09 10:38 283,648 --a------ c:\windows\uninst.exe
2008-11-02 18:05 . 1996-08-19 08:43 132,096 --a------ c:\windows\system32\RashIcon.dll
2008-11-02 18:05 . 1996-08-19 08:43 41,472 --a------ c:\windows\system32\RashProp.dll
2008-11-02 18:05 . 1995-05-31 20:41 28,672 --a------ c:\windows\system32\AWEMan32.dll
2008-11-02 18:04 . 2008-11-02 18:04 11 --a------ c:\windows\NetWare.INI
2008-11-02 17:31 . 2008-11-02 17:31 d-------- c:\program files\Road Rash 3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-25 20:23 --------- d-----w c:\program files\Symantec AntiVirus
2008-11-25 19:35 --------- d-----w c:\documents and settings\baustede\Application Data\skypePM
2008-11-25 19:35 --------- d-----w c:\documents and settings\baustede\Application Data\Skype
2008-11-25 03:50 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-25 03:47 --------- d-----w c:\program files\Logitech
2008-11-24 21:41 --------- d-----w c:\program files\Common Files\Apple
2008-11-19 06:16 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-14 17:47 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-11-14 06:02 --------- d-----w c:\documents and settings\baustede\Application Data\64 funk
2008-11-13 19:12 --------- d-----w c:\documents and settings\All Users\Application Data\Meow Intra Bait Face
2008-11-13 06:20 --------- d-----w c:\documents and settings\baustede\Application Data\LimeWire
2008-11-02 20:50 --------- d-----w c:\program files\Bonjour
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 13:11 --------- d-----w c:\program files\LimeWire
2008-10-06 02:25 --------- d-----w c:\program files\JAW Deploy
2008-10-01 04:24 --------- d-----w c:\program files\MySpace
2008-10-01 04:09 --------- d-----w c:\documents and settings\baustede\Application Data\MySpace
2008-09-26 08:20 --------- d-----w c:\program files\64 funk
2008-08-26 19:02 47,360 ----a-w c:\documents and settings\baustede\Application Data\pcouffin.sys
2007-02-08 14:48 133,920 ----a-w c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2007-07-24 22:03 118,784 ----a-w c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
2008-05-02 05:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008042120080428\index.dat
2008-05-09 05:00 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008042820080505\index.dat
2008-05-15 07:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008050520080512\index.dat
2008-05-15 07:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051520080516\index.dat
2008-05-16 05:00 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051620080517\index.dat
.

------- Sigcheck -------

2008-11-24 21:12 295424 40ffc19a8d4875e9e19cecdc76ef9201 c:\windows\system32\termsrv.dll
2004-08-04 03:00 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\system32\dllcache\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="c:\windows\help\SplshWrp.exe" [2004-08-04 16384]
"TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2005-04-25 271872]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-06-18 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-18 688218]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"NDPS"="c:\windows\system32\dpmw32.exe" [2004-05-17 32859]
"ZENRC Tray Icon"="c:\windows\system32\zentray.exe" [2005-05-18 40960]
"Snippet"="c:\program files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" [2005-02-25 68296]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-12-20 125632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"WebrootClientUI"="c:\program files\Webroot\Client\SpySweeperUI.exe" [2008-07-16 435616]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"NI Background Service"="c:\program files\Shared\Update Service\BackgroundService.exe" [2008-04-03 77824]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SigmatelSysTrayApp"="stsystra.exe" [2005-12-27 c:\windows\stsystra.exe]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 c:\windows\system32\nwtray.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlpo_01"="md %USERPROFILE%\Local Settings\Temp" [X]
"nlpo_02"="advpack.dll" [2008-08-26 c:\windows\system32\advpack.dll]
"nlpo_03"="advpack.dll" [2008-08-26 c:\windows\system32\advpack.dll]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Application Explorer.lnk - c:\program files\Novell\ZENworks\NalView.exe [2006-06-13 35840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\program files\Novell\ZENworks\NalShell.dll" [2006-06-28 446464]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2004-08-04 03:00 47104 c:\program files\Common Files\Microsoft Shared\Ink\LoginKey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]
2006-05-02 08:17 24576 c:\windows\system32\novell\xtnotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 02:41 11776 c:\windows\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2006-11-01 09:18 32256 c:\windows\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

and also....

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpmw32.exe"=
"c:\\Program Files\\Novell\\ZENworks\\RemoteManagement\\RMAgent\\ZenRem32.exe"=
"c:\\Misc\\Symantec Antivirus CE\\DownloadXDB.exe"=
"c:\\Program Files\\IBM\\Sametime Connect\\jre\\bin\\sametime75.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Ruckus Player\\Ruckus.exe"=
"c:\\Program Files\\Maple 11\\jre\\bin\\maple.exe"=
"c:\\Program Files\\Real\\RealPlayer Enterprise\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1761:TCP"= 1761:TCP:ZENworks Remote Management port
"1761:UDP"= 1761:UDP:ZENworks Remote Management port
"2967:TCP"= 2967:TCP:Symantec Antivirus v10 Client
"50000:TCP"= 50000:TCP:Webroot SpySweeper Client Service
"50001:TCP"= 50001:TCP:Webroot SpySweeper Sweep Now Function
"50002:TCP"= 50002:TCP:Webroot SpySweeper Poll Now Function
"50003:TCP"= 50003:TCP:Webroot SpySweeper Webroot Client Service
"7460:TCP"= 7460:TCP:ZENworks Asset Manager (Collection Server)
"7460:UDP"= 7460:UDP:ZENworks Asset Manager (Collection Server)
"7461:TCP"= 7461:TCP:ZENworks Asset Manager (Client Application)
"7461:UDP"= 7461:UDP:ZENworks Asset Manager (Client Application)
"7462:TCP"= 7462:TCP:ZENworks Asset Manager (Management Manager)
"7462:UDP"= 7462:UDP:ZENworks Asset Manager (Management Manager)
"7465:TCP"= 7465:TCP:ZENworks Asset Manager (Task Server)
"7465:UDP"= 7465:UDP:ZENworks Asset Manager (Task Server)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 BlankScr;HBDevice;c:\windows\system32\drivers\BlankScr.sys [2005-05-23 6899]
R2 cvintdrv;cvintdrv;c:\windows\system32\drivers\cvintdrv.sys [2007-10-23 4096]
R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [2006-05-09 167936]
R2 TSCensus Collection Client;ZENworks Asset Management - Collection Client;"c:\program files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe" [2007-08-30 49152]
R2 WNTHW;WNTHW;\??\c:\windows\system32\DRIVERS\WNTHW.SYS [2007-08-30 9176]
R2 XTAgent;Novell XTier Agent Services;c:\windows\System32\Novell\XTAgent.exe [2006-05-02 61440]
R3 FinePnt;FinePoint Innovations HID Driver;c:\windows\system32\DRIVERS\FpHidDrv.sys [2006-06-19 18816]
R3 MSTabBtn;Tablet PC Buttons HID Driver;c:\windows\system32\DRIVERS\MSTabBtn.sys [2006-06-19 9600]
S3 LVRS;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs.sys [2008-08-24 627864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16118eee-730e-11dd-9e49-001b7753c089}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f52ff48a-64cd-11dc-9cb8-001b7753c089}]
\Shell\AutoRun\command - setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NWEReboot - (no file)
HKU-Default-Run-TabletWizard - c:\windows\help\wizard.hta


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\baustede\Application Data\Mozilla\Firefox\Profiles\b2d7mcsi.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxps://udportal.udayton.edu/ExpressPortal/portal/cn/AnonContainer/Anon_Welcome
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPLV82Win32.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\nplv85win32.dll
FF -: plugin - c:\program files\Real\RealPlayer Enterprise\Netscape6\nppl3260.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-25 15:25:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\program files\novell\zenworks\ZENPOL32.DLL
c:\windows\system32\xmlparse.dll
c:\windows\system32\ZenMup.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\WRLogonNtf.DLL
c:\program files\novell\zenworks\WMNTAPI.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\lotus\notes\ntmulti.exe
c:\program files\Novell\ZENworks\NALNTSRV.EXE
c:\program files\Shared\Security\nidmsrv.exe
c:\windows\system32\nisvcloc.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Symantec AntiVirus\SavRoam.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Novell\ZENworks\Asset Management\Bin\cclient.exe
c:\program files\Webroot\Client\CommAgent.exe
c:\program files\Novell\ZENworks\WM.EXE
c:\program files\Webroot\Client\SPYSWEEPER.EXE
c:\program files\Novell\ZENworks\WMRUNDLL.EXE
c:\program files\Webroot\Client\SSU.EXE
c:\windows\system32\wisptis.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\tabbtnu.exe
c:\program files\Common Files\Microsoft Shared\Ink\tcserver.exe
c:\program files\Novell\ZENworks\NalAgent.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-11-25 15:32:00 - machine was rebooted [baustede]
ComboFix-quarantined-files.txt 2008-11-25 20:31:54

Pre-Run: 67,790,323,712 bytes free
Post-Run: 70,070,300,672 bytes free

263 --- E O F --- 2008-11-19 06:16:48

Hello.
Nearly there, lets keep going.

Now open a new notepad file.
Input this into the notepad file:

File::
c:\documents and settings\baustede\nah_niko.exe
c:\windows\system32\TDSSwuqs.dat
c:\windows\system32\QuickTimeVR.qtx
c:\windows\system32\QuickTime.qts

Folder::
c:\documents and settings\All Users\Application Data\Viewpoint
c:\documents and settings\All Users\Application Data\Meow Intra Bait Face
c:\documents and settings\baustede\Application Data\64 funk
c:\program files\64 funk
c:\program files\Viewpoint

DirLook::
c:\program files\JAW Deploy

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

ComboFix 08-11-26.01 - baustede 2008-11-25 15:55:40.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1127 [GMT -5:00]
Running from: c:\documents and settings\baustede\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\baustede\Desktop\CFscript.txt
* Created a new restore point

FILE ::
c:\documents and settings\baustede\nah_niko.exe
c:\windows\system32\QuickTime.qts
c:\windows\system32\QuickTimeVR.qtx
c:\windows\system32\TDSSwuqs.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Meow Intra Bait Face
c:\documents and settings\All Users\Application Data\Viewpoint
c:\documents and settings\baustede\Application Data\64 funk
c:\documents and settings\baustede\Application Data\64 funk\0
c:\documents and settings\baustede\nah_niko.exe
c:\program files\64 funk
c:\windows\system32\QuickTime.qts
c:\windows\system32\QuickTimeVR.qtx
c:\windows\system32\TDSSwuqs.dat

.
((((((((((((((((((((((((( Files Created from 2008-10-25 to 2008-11-25 )))))))))))))))))))))))))))))))
.

2008-11-25 14:02 . 2008-11-25 14:02 d-------- c:\documents and settings\baustede\Application Data\Malwarebytes
2008-11-25 14:02 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-25 14:01 . 2008-11-25 14:02 d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-25 14:01 . 2008-11-25 14:01 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-25 14:01 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-24 16:41 . 2008-11-24 16:41 d-------- c:\program files\iTunes
2008-11-24 16:41 . 2008-11-24 16:41 d-------- c:\program files\iPod
2008-11-24 16:41 . 2008-11-24 16:41 d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-24 16:36 . 2008-11-24 16:36 d-------- c:\program files\QuickTime
2008-11-16 23:42 . 2008-11-17 17:01 d-------- c:\program files\Yahoo!
2008-11-16 23:42 . 2008-11-17 17:01 d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2008-11-14 12:47 . 2008-11-14 12:47 d-------- c:\program files\Common Files\Skype
2008-11-14 12:46 . 2008-11-14 12:47 dr------- c:\program files\Skype
2008-11-03 18:30 . 2008-11-06 18:41 92 --a------ C:\Road-Rash-3-(UEJ)-[!].pat
2008-11-03 16:27 . 2008-11-03 16:27 140,408 --a------ C:\Road-Rash-3-(UEJ)-[!].gs0
2008-11-02 18:05 . 2008-11-02 18:05 d-------- C:\ElectronicArts
2008-11-02 18:05 . 1996-01-09 10:38 283,648 --a------ c:\windows\uninst.exe
2008-11-02 18:05 . 1996-08-19 08:43 132,096 --a------ c:\windows\system32\RashIcon.dll
2008-11-02 18:05 . 1996-08-19 08:43 41,472 --a------ c:\windows\system32\RashProp.dll
2008-11-02 18:05 . 1995-05-31 20:41 28,672 --a------ c:\windows\system32\AWEMan32.dll
2008-11-02 18:04 . 2008-11-02 18:04 11 --a------ c:\windows\NetWare.INI
2008-11-02 17:31 . 2008-11-02 17:31 d-------- c:\program files\Road Rash 3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-26 21:09 --------- d-----w c:\program files\Symantec AntiVirus
2008-11-25 19:35 --------- d-----w c:\documents and settings\baustede\Application Data\skypePM
2008-11-25 19:35 --------- d-----w c:\documents and settings\baustede\Application Data\Skype
2008-11-25 03:47 --------- d-----w c:\program files\Logitech
2008-11-24 21:41 --------- d-----w c:\program files\Common Files\Apple
2008-11-19 06:16 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-14 17:47 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-11-13 06:20 --------- d-----w c:\documents and settings\baustede\Application Data\LimeWire
2008-11-02 20:50 --------- d-----w c:\program files\Bonjour
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 13:11 --------- d-----w c:\program files\LimeWire
2008-10-06 02:25 --------- d-----w c:\program files\JAW Deploy
2008-10-01 04:24 --------- d-----w c:\program files\MySpace
2008-10-01 04:09 --------- d-----w c:\documents and settings\baustede\Application Data\MySpace
2008-08-26 19:02 47,360 ----a-w c:\documents and settings\baustede\Application Data\pcouffin.sys
2007-02-08 14:48 133,920 ----a-w c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2007-07-24 22:03 118,784 ----a-w c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
2008-05-02 05:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008042120080428\index.dat
2008-05-09 05:00 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008042820080505\index.dat
2008-05-15 07:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008050520080512\index.dat
2008-05-15 07:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051520080516\index.dat
2008-05-16 05:00 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051620080517\index.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\program files\JAW Deploy ----

2008-10-05 21:25 695578 --a------ c:\program files\JAW Deploy\unins000.exe
2008-10-05 21:25 11975 --a------ c:\program files\JAW Deploy\unins000.dat
2008-10-04 10:21 203 --a------ c:\program files\JAW Deploy\JAW Edit\Readme.txt
2008-10-04 10:20 737 --a------ c:\program files\JAW Deploy\Firmware\Readme.txt
2008-10-04 10:20 261 --a------ c:\program files\JAW Deploy\Readme.txt
2008-10-04 10:19 102400 --a------ c:\program files\JAW Deploy\JAW Edit\JAW_Edit_1_14.exe
2008-10-04 10:13 7168 --a------ c:\program files\JAW Deploy\Firmware\JAW_V_1_12_Code.bin
2008-09-08 11:00 373892 --a------ c:\program files\JAW Deploy\Doc\1.041\JAW_1_041_Hardware_User_Manual_Aug_30_2008.pdf
2008-09-08 10:59 3532078 --a------ c:\program files\JAW Deploy\Doc\1.041\JAW_1_041_Assembly_Guide_Aug_30_2008.pdf
2008-09-08 10:57 294335 --a------ c:\program files\JAW Deploy\Doc\1.041\Display_1_01_Assembly_Guide_Aug_30_2008.pdf
2008-08-30 11:29 27648 --a------ c:\program files\JAW Deploy\Doc\1.041\JAW_1_041_Component_List_Aug_30_2008.xls
2008-08-30 11:29 24576 --a------ c:\program files\JAW Deploy\Doc\1.041\Display_1_01_Component_List_Aug_30_2008.xls
2008-08-19 11:06 66858 --a------ c:\program files\JAW Deploy\Doc\1.041\JAW_Edit_User_Manual_Aug_19_2008.pdf
2008-08-19 11:06 66858 --a------ c:\program files\JAW Deploy\Doc\1.03\JAW_Edit_User_Manual_Aug_19_2008.pdf
2008-08-19 11:06 400426 --a------ c:\program files\JAW Deploy\Doc\1.041\Wideband_Cable_Construction_Guide_Cheap_Method_Aug_7_2008.pdf
2008-08-19 11:05 880617 --a------ c:\program files\JAW Deploy\Doc\1.041\Wideband_Cable_Construction_Guide_Expensive_Method_Aug_7_2008.pdf
2008-03-08 20:06 1044168 --a------ c:\program files\JAW Deploy\Runtime\vbrun60sp5.exe
2007-11-11 12:16 53248 --a------ c:\program files\JAW Deploy\JAW Edit\JAW.exe
2007-09-27 04:26 140288 --a------ c:\program files\JAW Deploy\Runtime\COMDLG32.OCX
2007-09-27 04:01 608448 --a------ c:\program files\JAW Deploy\Runtime\COMCTL32.OCX
2007-07-25 11:53 1942287 --a------ c:\program files\JAW Deploy\Doc\1.03\JAW and Display Assembly Guide July 23 2007.pdf
2007-07-25 11:50 1244604 --a------ c:\program files\JAW Deploy\Doc\1.03\Wideband Cable Construction Guide July 27 2007.pdf
2007-07-25 10:53 1942287 --a------ c:\program files\JAW Deploy\Doc\JAW and Display Assembly Guide July 23 2007.pdf
2007-07-25 10:50 1244604 --a------ c:\program files\JAW Deploy\Doc\Wideband Cable Construction Guide July 27 2007.pdf
2007-06-30 11:50 7168 --a------ c:\program files\JAW Deploy\Firmware\JAW_V_1_10_Code.bin
2007-06-01 08:17 21659 --a------ c:\program files\JAW Deploy\Doc\1.03\JAW Diagnostics.pdf
2007-06-01 07:17 21659 --a------ c:\program files\JAW Deploy\Doc\JAW Diagnostics.pdf
2007-05-19 16:29 609837 --a------ c:\program files\JAW Deploy\Doc\1.03\JAW USER Manual May 19 2007.pdf
2007-05-19 15:59 217343 --a------ c:\program files\JAW Deploy\Doc\1.03\Wideband Cable Construction Guide, Cheap Method, May 19 2007.pdf
2007-05-19 15:29 609837 --a------ c:\program files\JAW Deploy\Doc\JAW USER Manual May 19 2007.pdf
2007-05-19 14:59 217343 --a------ c:\program files\JAW Deploy\Doc\Wideband Cable Construction Guide, Cheap Method, May 19 2007.pdf
1998-06-23 23:00 103744 --a------ c:\program files\JAW Deploy\Runtime\MSCOMM32.OCX


------- Sigcheck -------

2008-11-24 21:12 295424 40ffc19a8d4875e9e19cecdc76ef9201 c:\windows\system32\termsrv.dll
2004-08-04 03:00 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\system32\dllcache\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="c:\windows\help\SplshWrp.exe" [2004-08-04 16384]
"TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2005-04-25 271872]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-06-18 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-18 688218]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"NDPS"="c:\windows\system32\dpmw32.exe" [2004-05-17 32859]
"ZENRC Tray Icon"="c:\windows\system32\zentray.exe" [2005-05-18 40960]
"Snippet"="c:\program files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" [2005-02-25 68296]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-12-20 125632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"WebrootClientUI"="c:\program files\Webroot\Client\SpySweeperUI.exe" [2008-07-16 435616]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"NI Background Service"="c:\program files\Shared\Update Service\BackgroundService.exe" [2008-04-03 77824]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SigmatelSysTrayApp"="stsystra.exe" [2005-12-27 c:\windows\stsystra.exe]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 c:\windows\system32\nwtray.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlpo_01"="md %USERPROFILE%\Local Settings\Temp" [X]
"nlpo_02"="advpack.dll" [2008-08-26 c:\windows\system32\advpack.dll]
"nlpo_03"="advpack.dll" [2008-08-26 c:\windows\system32\advpack.dll]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Application Explorer.lnk - c:\program files\Novell\ZENworks\NalView.exe [2006-06-13 35840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\program files\Novell\ZENworks\NalShell.dll" [2006-06-28 446464]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2004-08-04 03:00 47104 c:\program files\Common Files\Microsoft Shared\Ink\LoginKey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]
2006-05-02 08:17 24576 c:\windows\system32\novell\xtnotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 02:41 11776 c:\windows\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2006-11-01 09:18 32256 c:\windows\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpmw32.exe"=
"c:\\Program Files\\Novell\\ZENworks\\RemoteManagement\\RMAgent\\ZenRem32.exe"=
"c:\\Misc\\Symantec Antivirus CE\\DownloadXDB.exe"=
"c:\\Program Files\\IBM\\Sametime Connect\\jre\\bin\\sametime75.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Ruckus Player\\Ruckus.exe"=
"c:\\Program Files\\Maple 11\\jre\\bin\\maple.exe"=
"c:\\Program Files\\Real\\RealPlayer Enterprise\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1761:TCP"= 1761:TCP:ZENworks Remote Management port
"1761:UDP"= 1761:UDP:ZENworks Remote Management port
"2967:TCP"= 2967:TCP:Symantec Antivirus v10 Client
"50000:TCP"= 50000:TCP:Webroot SpySweeper Client Service
"50001:TCP"= 50001:TCP:Webroot SpySweeper Sweep Now Function
"50002:TCP"= 50002:TCP:Webroot SpySweeper Poll Now Function
"50003:TCP"= 50003:TCP:Webroot SpySweeper Webroot Client Service
"7460:TCP"= 7460:TCP:ZENworks Asset Manager (Collection Server)
"7460:UDP"= 7460:UDP:ZENworks Asset Manager (Collection Server)
"7461:TCP"= 7461:TCP:ZENworks Asset Manager (Client Application)
"7461:UDP"= 7461:UDP:ZENworks Asset Manager (Client Application)
"7462:TCP"= 7462:TCP:ZENworks Asset Manager (Management Manager)
"7462:UDP"= 7462:UDP:ZENworks Asset Manager (Management Manager)
"7465:TCP"= 7465:TCP:ZENworks Asset Manager (Task Server)
"7465:UDP"= 7465:UDP:ZENworks Asset Manager (Task Server)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 BlankScr;HBDevice;c:\windows\system32\drivers\BlankScr.sys [2005-05-23 6899]
R2 cvintdrv;cvintdrv;c:\windows\system32\drivers\cvintdrv.sys [2007-10-23 4096]
R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [2006-05-09 167936]
R2 TSCensus Collection Client;ZENworks Asset Management - Collection Client;"c:\program files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe" [2007-08-30 49152]
R2 WNTHW;WNTHW;\??\c:\windows\system32\DRIVERS\WNTHW.SYS [2007-08-30 9176]
R2 XTAgent;Novell XTier Agent Services;c:\windows\System32\Novell\XTAgent.exe [2006-05-02 61440]
R3 FinePnt;FinePoint Innovations HID Driver;c:\windows\system32\DRIVERS\FpHidDrv.sys [2006-06-19 18816]
R3 MSTabBtn;Tablet PC Buttons HID Driver;c:\windows\system32\DRIVERS\MSTabBtn.sys [2006-06-19 9600]
S3 LVRS;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs.sys [2008-08-24 627864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16118eee-730e-11dd-9e49-001b7753c089}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f52ff48a-64cd-11dc-9cb8-001b7753c089}]
\Shell\AutoRun\command - setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-25 16:11:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\program files\novell\zenworks\ZENPOL32.DLL
c:\windows\system32\xmlparse.dll
c:\windows\system32\ZenMup.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\WRLogonNtf.DLL
c:\program files\novell\zenworks\WMNTAPI.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\lotus\notes\ntmulti.exe
c:\program files\Novell\ZENworks\NALNTSRV.EXE
c:\program files\Shared\Security\nidmsrv.exe
c:\windows\system32\nisvcloc.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Symantec AntiVirus\SavRoam.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Webroot\Client\CommAgent.exe
c:\program files\Novell\ZENworks\Asset Management\Bin\cclient.exe
c:\program files\Novell\ZENworks\WM.EXE
c:\program files\Webroot\Client\SPYSWEEPER.EXE
c:\program files\Novell\ZENworks\WMRUNDLL.EXE
c:\windows\system32\wisptis.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\tabbtnu.exe
c:\program files\Webroot\Client\SSU.EXE
c:\program files\Common Files\Microsoft Shared\Ink\tcserver.exe
c:\program files\Novell\ZENworks\NalAgent.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-11-25 16:18:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-25 21:18:12
ComboFix2.txt 2008-11-25 20:32:02

Pre-Run: 70,024,368,128 bytes free
Post-Run: 70,022,795,264 bytes free

286 --- E O F --- 2008-11-19 06:16:48

Looks good.
Just a question.
Are Road Rash 3 and JAW Deploy games you've installed on the system?

What problems remain?

Road Rash 3 is a game and JAW Deploy is a set of files that contain the interface for a programmable PCM that acts as a wideband o2 sensor for my toyota supra. I'll run virus scan and see if any other problems arise.

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.