I can not get windows XP sp3 to operate.
When I boot, windows xp logo displays and the loading bar shows the loading progress.
Then BSOD flashes (so fast I cant even read any error message) and the system reboots
only to repeat the process.
I can start in safe mode, but can not access any of my virus/spyware programs - such as
SmitFruadFix, Spybot Search & Destroy, AVG or Adaware.
In safe mode I can get to a command prompt, but don't know enough about what I am doing
to fix anything.
Have been having problems lately with BSOD occuring at odd intervals - or more frequently if
I play video news files or (- may I dare admit it!) porn vids.
I did have 'xpantispyware2009' and also 'brastk.exe' a short time ago, but Smitfraudfix got rid of
it last time - or at least I think it did. Maybe it was not a full elimination?
Any help will be much appreciated.

builder4580

Hi, and Welcome to WhatTheTech

My name is jpshortstuff. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

• I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for the issues on this machine.
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
• It's often worth reading through these instructions and printing them for ease of reference.
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
• Please reply to this thread. Do not start a new topic.

Restart your computer as if you were going into Safe Mode. Instead of selecting safe mode, select Last Known Good Configuration, see if that gets you anywhere.

Have you got a Windows Installation Disk?

Have you got any way of downloading programs on another computer and transferring them to your computer with a USB stick or something?

If you do, or if "Last Known Good Configuration" works, please do the following:

Please download HijackThis and save the file to your desktop. Double click the HijackThis icon on your desktop and hit Do a System Scan and Save a Logfile and then copy and paste the log into a new reply, using the Add Reply button.

Please download DDS and save it to your desktop.

• Disable any script blocking protection
• Double click dds.scr to run the tool.
• When done, DDS.txt will open.
• Click Yes at the next prompt for Optional Scan.
• Save both reports to your desktop.

---------------------------------------------------

• Post the contents of the DDS.txt report in your next reply
• Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and the click UPLOAD.

Thanks.

Hi JP,
I tried booting into "Last known good config" but still get BSOD and Reboot.
I do have an Installation disk (original set up) which is Windows XP Home Edn - includes SP2 version 2002.
Rebooting in safe mode shows I have Windows XP ® (Build2600.xpsp_sp3_gdr.080814-1236:Service Pack 3)
I can download programs to Laptop USB, but can still only open XP in safe mode.
Here is a copy of hyjackthis log that I ran in safe mode

Well.... I copied my Hijack log here but can not reply.
I keep getting redirected to Blair's message - Outdated Hijack this version detected - please download latest update from here ..(link)
Downloading the latest version to my laptop will not help, as I need it on my desktop PC to download that computers log, and I can only
boot in safe mode.
Took out the version # of HJT and got log to copy - version is v1.99.1

Logfile of HijackThis
Scan saved at 23:04:31, on 11/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trafficswarm.com/cgi-bin/swarm....7abbbcad0f9c429
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {30a02444-5278-4611-8455-6f06239095f1} - (no file)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {754872B3-22C0-45F1-8490-549E9B393178} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SoundBreak] "C:\Program Files\The Lost Continent of\SoundBreak\SoundBreak.exe -hide"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\WINDOWS\twain_32\ScanWiz5\SDII.exe
O4 - Global Startup: Reality Fusion GameCam SE.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.bettertrades.com
O15 - Trusted Zone: *.bobeldridge.com
O15 - Trusted Zone: *.centra.com
O15 - Trusted Zone: *.darlenenelson.com
O15 - Trusted Zone: *.dedicatedtrader.com
O15 - Trusted Zone: *.markaylatimer.com
O15 - Trusted Zone: *.ryanlitchfield.com
O15 - Trusted Zone: http://www.vectorvest.com
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://prod1.centra.com/SiteRoots/main/Ins...raUpdaterAx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://asp17.centra.com/SiteRoots/main/Ins...aDownloader.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - http://omnidata.nirvanasystems.com/omnitra...iData/setup.exe
O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} (CamRegCleanControl Object) - http://www.amustsoft.com/onlineregistrysca...eRegCleaner.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://interactivebrokers.webex.com/client...nbr/ieatgpc.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - AppInit_DLLs: karna.dat
O20 - Winlogon Notify: cbXNDSlJ - cbXNDSlJ.dll (file missing)
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: MetaTrader Data Center (mtdcsrv) - Unknown owner - C:\Program Files\MetaTrader Data Center\mtdcsrv.exe" /start (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Hi

Does "Safe Mode With Networking" work?

I've never tried, but I thought you could use USB sticks in safe mode, to transfer files onto your computer.

Let's try something.

Click Start >> Run. Type the following into the run box:
C:\WINDOWS\system32\Restore\rstrui.exe
and then hit enter.

When the system restore window appears, make sure "Restore my computer to an earlier time" is selected and click Next. Select a restore point from when you know your computer could boot, and the click Next. Close all other windows and then click Next again. System Restore will now restart your computer and attempt to restore settings.

If you can boot into normal mode after this, or if you can get into "Safe Mode with Networking" or if you can transfer files to your computer via USB in safe mode, please download this file:
ComboFix
to your desktop. Temporarily disable your real-time security programs and close all other windows, then double-click ComboFix.exe. If it finishes, please post the resulting log (C:\ComboFix.txt), and a new HijackThis log if you can.

If none of the above options are available, please let me know and we will try something different.

Thanks.

Hi JP,
Didn't have any success with any of the above.
C:WINDOWS etc returned the Error Message - C:WINDOWS etc... refers to a location that is unavailable. It could
be on a hard drive on this computer or on a network.......

I can not access the internet in safe mode - I get to the website address but get the message ... IE cannot display
the webpage. Most likely causes: You are not connected to the internet. The website is encountering problems.
There might be a typing error in the address.
I did download Combofix to a usb stick, but have not been able to copy (or even run) from usb to my problem PC.

Hi.

By "Safe Mode With Networking", I mean that when you start your computer and press F8, you are currently hitting enter on the "Safe Mode" option. There should be another option (where you also found "Last Known Good Configuration") that says "Safe Mode With Networking".

Hmm, let's try getting to system restore a different way.

Click Start >> All Programs >> Accessories >> System Tools >> System Restore. If that works, do the below:

When the system restore window appears, make sure "Restore my computer to an earlier time" is selected and click Next. Select a restore point from when you know your computer could boot, and the click Next. Close all other windows and then click Next again. System Restore will now restart your computer and attempt to restore settings.

Again, if the above helps, or if you can now find "Safe Mode With Networking", then please try and download ComboFix that I recommended above.

We still have more options if this doesn't work though.

Thanks.

Hi JP,
Start-all programs - ................... -restore - brought up the system restore "step through panels", with
the last panel stating Windows may take a moment to collect information about the selected restore
point before shutting down your computer. I clicked 'next' then waited - for 17 minutes. Nothing happening.

I rebooted in safe mode and checked "safe mode with networking" and pressed enter.
The screen shows various program icons and in each corner of the screen the words "safe mode".
My assumption is that I am still in safe mode and not "safe mode with networking"

Hi.

Have you tried to access the internet after trying to get into "Safe Mode With Networking"? If you have, and that still doesn't work, then please try the below.


Restart you computer, and you should be presented briefly with a screen from your computer's manufacturer (Dell, ACER etc), that also has some text somewhere along the lines of "To enter setup press XXX". This is usually F2 or DEL or similar, as soon as you see it, press it to get into the setup mode. Once in setup, we need to look for the "boot" options, there's usually a tab for "Boot". It may look something like this:

Once you're here, we need to make sure that your CD-ROM drive is at the top of the list, so please use the + key (or whatever your computer specifies) to move the CD-ROM (or similar) option to the top of the list.

Next, please put your Windows Installation Disk into your disk drive. Move onto the exit tab and "Exit saving changes". Your computer should now boot from your windows disk (if it doesn't the first time try rebooting once).

At the "Welcome to Setup" screen, press R to start Recovery Console. Choose the installation to be repaired by number (usually 1) and press "Enter". When you are asked for the Administrator password, leave it blank and press "Enter".

You should be brought to a prompt that says:
C:\WINDOWS>

Please type the following commands, one by one, pressing Enter after each one and allowing time for each to finish (you will be presented with a new prompt when they finish):
cd \
CHKDSK /R (this may take a while as it will scan you system, so you it may be wise to leave it and check at regular intervals)
FIXBOOT (there may be warnings, hit yes/ok to get through them)
EXIT

Your computer should now restart, use F8 as you are going into safe-mode and use "Last Known Good Configuration" as before.

Let me know if that works.

Thanks.

Hi JP,
Tried latest post without success.
No Manufacturer option appears, only the words .. Press Tab key into user window.
Pressing the tab key just starts to boot into windows normally ... then BSOD.
Can not boot into "Safe mode with networking" - it just defaults into Safe Mode
Can not access the internet.... ahah! Finally accessed the internet, - but can not access any
computer help sites such as "whatthetech.com", "computercops", "Bleeping computer", "Major Geeks","Cyber Tech Help"
I can access Yahoo & Google but if I try to get to any computer help site through either search engine, I just get
"Internet Explorer can not display the webpage"
None of my spyware/antivirus icons start their related programs - SpyBot S&D, Smitfraud fix, Ad-Aware.

All I seem able to do is 1) boot into safe mode 2) Create a Hijackthis log in version 1.99.1 3) connect to internet - but with limited access.

Hi.

It's possible that your computer is already set to boot from CD, so give this a quick try:

If that doesn't work, let's see if we can use your limited internet access. Please open your browser, and type this address into the address bar:

Hopefully, this will start a download. If so, pleae save the file to your desktop and then double-click it to run it once finished. If that all works you should be presented with a log (also found at C:\ComboFix.txt) to post in your next reply.

Let me know if any of that works for you. If ComboFix does run, try booting into normal mode.

Thanks.

Hi JP
Tried to boot from Installation disk. When I entered R - I got this message ....
Setup did not find any hard disk drives installed in your computer.
Make sure any hard drives are powered on and properly configured to your
computer, and that any disk related hardware configuration is correct. This
may involve running a manufacturer supplied diagnostic or setup program.

Setup can not continue. To quit press F3.

Then tried to access your website, but just get the message page -
Internet Explorer cannot display the webpage.

Hi JP
Don't know where your latest post (#12?) has gone to, but
I tried to download the program you directed me to, but got the message ...
This tool is not compatible with your system.
Then when I exit, I get a popup that reads ...
If this program didn't install correctly, try installing using settings that are
compatible with this version of windows ... followed by the button 'Reinstall
using recommended settings.
My laptop runs Vista OS, My problem computer runs Windows XP Home Edition.
If I download anything to my laptop (Vista), won't it now be incompatible with XP?
Opened problem PC in Safe mode with networking, but again get the "IE can not
display the website" when I type the address of the link you provided
I can still run Hijackthis in safe mode on my problem PC, but it is version 1.99.1
Is the difference so great between v1.99.9 and v 2 that the earlier version can not be
analysed any longer?

Hi

There was no post, I sent you a message with the latest information.

Don't worry about getting a new HijackThis, the one you have is fine and we have indeed identified the infection. We are just trying to work around it as it is very stubborn.

Bear with me while I consult with my colleagues some more.

Thanks for your patience.

A quick question - how did you get your HijackThis log here if you can't access the internet and you can't transfer files through your USB to your other computer?

Thanks.

Hi JP
This reply comes from my XP system which is up and running again.
Regarding my Hijackthis log, It came from my XP system when I was in safe mode.
I don't know why it worked when all my anti spyware programs wouldn't. The only thing I
can think of is that maybe because it was version 1.99.1 and not version 2.??, the virus
wasn't built to kill the older versions.
I did manage to download the the latest version of hijackthis - or at least I thought I had,
but when I clicked on the HJT install icon, nothing happened.
I just clicked on it now, and ran a scan - which I will post after my combofix log - as I see
it still shows brastk.exe in the 04 section
When I was in reboot at the end of combofix I got three (I think) spybot pop-up warnings that
important registry changes were being attempted, but my deny option was greyed out, and
only the accept option was available. I assumed this was Combofix completing it's thing,
but now think it may have been the virus reinfecting as the last popup(#4) had brastk
mentioned, but this popup allowed me the deny option - which I took.

A big thank you for all your help.
I will return to this thread for the next few days in case there is something in my logs that
need attention - such as installing the recovery consol
Here is my Combofix log

ComboFix 08-11-20.02 - user 2008-11-24 21:23:09.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.245 [GMT -8:00]
Running from: c:\documents and settings\user\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\user\Cookies\egicu.com
c:\documents and settings\user\Cookies\ehocox.dl
c:\documents and settings\user\Cookies\ipigow.db
c:\documents and settings\user\Cookies\jinacaf.scr
c:\documents and settings\user\Cookies\vyzaqedyc.bin
c:\documents and settings\user\Cookies\zagotageby.dat
c:\program files\XP_AntiSpyware
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\brastk.exe
c:\windows\Downloaded Program Files\Temp
c:\windows\system32\Drivers\TDSSmqlt.sys
c:\windows\system32\drivers\TDSSpqxt.sys
c:\windows\system32\TDSSbivk.log
c:\windows\system32\TDSSbrsr.dll
c:\windows\system32\TDSSbubx.dll
c:\windows\system32\TDSSbubx.log
c:\windows\system32\TDSScbqp.dll
c:\windows\system32\TDSScfub.dll
c:\windows\system32\TDSSciou.dll
c:\windows\system32\TDSSlxwp.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSnrse.dll
c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\TDSSoeqh.dll
c:\windows\system32\TDSSoiqh.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSosvd.dll
c:\windows\system32\TDSSosvn.dll
c:\windows\system32\TDSSpaxt.dat
c:\windows\system32\TDSSpqxt.dat
c:\windows\system32\TDSSrhym.dll
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSsbhc.dll
c:\windows\system32\TDSSsltn.log
c:\windows\system32\TDSSthym.dll
c:\windows\system32\TDSStkdr.dll
c:\windows\system32\TDSSxfum.dll
c:\windows\system32\wini101936.exe
c:\windows\system32\wini101973.exe
c:\windows\winhelp.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-10-25 to 2008-11-25 )))))))))))))))))))))))))))))))
.

2008-11-24 21:26 . 2008-11-24 21:30 22,560 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-11-24 21:26 . 2008-11-24 21:26 32 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-11-19 20:33 . 2008-11-24 21:01 2,348 --a------ c:\windows\system32\TDSSvvbi.dll
2008-11-11 18:32 . 2008-09-04 09:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 18:32 . 2008-10-24 03:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-07 21:29 . 2008-11-07 21:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-11-05 18:20 . 2004-08-04 04:00 4,224 --a------ c:\windows\system32\drivers\beep.sys
2008-11-05 18:20 . 2004-08-04 04:00 4,224 --a--c--- c:\windows\system32\dllcache\beep.sys
2008-11-01 01:24 . 2008-11-01 01:24 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-01 01:24 . 2008-11-01 01:24 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-11-01 01:24 . 2008-11-01 01:24 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-01 01:23 . 2008-11-02 14:29 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-10-31 21:15 . 2008-11-15 09:18 3,766 --a------ c:\windows\system32\tmp.reg
2008-10-31 19:43 . 2008-10-31 19:43 26,624 --a------ c:\windows\system32\TDSSnmxh.dll
2008-10-30 22:29 . 2008-10-30 22:29 26,624 --a------ c:\windows\system32\TDSSfpmp.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-21 04:24 1,417,216 ----a-w c:\windows\Internet Logs\xDB20.tmp
2008-11-16 08:01 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-15 18:24 1,404,928 ----a-w c:\windows\Internet Logs\xDB1F.tmp
2008-11-15 16:45 1,400,832 ----a-w c:\windows\Internet Logs\xDB1E.tmp
2008-11-15 07:35 1,399,808 ----a-w c:\windows\Internet Logs\xDB1D.tmp
2008-11-14 07:55 --------- d-----w c:\documents and settings\user\Application Data\OpenOffice.org2
2008-11-13 07:26 1,395,712 ----a-w c:\windows\Internet Logs\xDB1C.tmp
2008-11-13 05:02 1,395,200 ----a-w c:\windows\Internet Logs\xDB1A.tmp
2008-11-13 01:42 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-10 07:00 1,380,352 ----a-w c:\windows\Internet Logs\xDB19.tmp
2008-11-08 04:51 1,362,432 ----a-w c:\windows\Internet Logs\xDB18.tmp
2008-11-07 08:00 1,360,384 ----a-w c:\windows\Internet Logs\xDB17.tmp
2008-11-07 06:55 1,357,824 ----a-w c:\windows\Internet Logs\xDB16.tmp
2008-11-06 15:55 24,284,276 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-11-06 07:47 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-18 21:17 19,989 ----a-w c:\windows\izeken.dll
2008-10-18 21:17 15,820 ----a-w c:\windows\system32\omecyk.com
2008-10-18 21:17 15,072 ----a-w c:\windows\oryjiroxi.bat
2008-10-18 21:17 14,622 ----a-w c:\windows\system32\udot.sys
2008-10-18 21:17 14,194 ----a-w c:\documents and settings\user\Application Data\kotulob.bat
2008-10-18 21:17 12,717 ----a-w c:\windows\qeruril.reg
2008-10-18 21:17 11,652 ----a-w c:\documents and settings\All Users\Application Data\yceg.dll
2008-10-18 21:17 10,382 ----a-w c:\windows\system32\axet.pif
2008-10-18 21:17 10,006 ----a-w c:\documents and settings\user\Application Data\evosehece.dat
2008-10-18 16:52 18,795 ----a-w c:\windows\ywuwu.bin
2008-10-18 16:52 17,698 ----a-w c:\documents and settings\user\Application Data\akoxyw.pif
2008-10-18 16:52 17,123 ----a-w c:\windows\system32\cebi.scr
2008-10-18 16:52 17,051 ----a-w c:\windows\system32\icozy.scr
2008-10-18 16:52 16,304 ----a-w c:\windows\system32\beminiwuf.bat
2008-10-18 16:52 15,951 ----a-w c:\windows\kaxute.com
2008-10-18 16:52 15,589 ----a-w c:\windows\ymybocuz.vbs
2008-10-18 16:52 14,863 ----a-w c:\program files\Common Files\wigi.lib
2008-10-18 16:52 13,885 ----a-w c:\windows\efikyqy.sys
2008-10-18 16:52 13,586 ----a-w c:\windows\qikabinu.reg
2008-10-18 16:52 13,292 ----a-w c:\documents and settings\All Users\Application Data\olew.reg
2008-10-18 16:52 10,377 ----a-w c:\program files\Common Files\zizasadu.sys
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-15 16:34 337,408 ----a-w c:\windows\system32\SET51.tmp
2008-10-10 09:24 --------- d-----w c:\documents and settings\All Users\Application Data\VTSystems
2008-10-09 08:58 --------- d-----w c:\program files\Java
2008-10-01 00:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2007-01-31 03:35 2,804,189 -c--a-w c:\program files\VisualTradingSetup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"SoundBreak"="c:\program files\The Lost Continent of\SoundBreak\SoundBreak.exe" [2002-12-18 652800]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 368706]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2006-11-15 380928]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-07 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-01 1234712]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"VTTimer"="VTTimer.exe" [2004-05-27 c:\windows\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2004-06-07 c:\windows\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 c:\windows\SOUNDMAN.EXE]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 c:\windows\LOGI_MWX.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JPGL"= jpgl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\user\\My Documents\\Downloads\\avg70free_323a539.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncredibleCharts\\IncredibleCharts.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2003-12-12 77312]
S1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMhelpr.sys [2005-09-21 4064]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-01 97928]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-01 875288]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-01 231704]
S2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-01 76040]
S2 mtdcsrv;MetaTrader Data Center;"c:\program files\MetaTrader Data Center\mtdcsrv.exe" /start [2006-05-23 180024]
S2 ZPMODEMSYSNTDRVNT;ZPMODEMSYSNTDRVNT;\??\c:\windows\system32\drivers\zpmodemnt.sys [2005-12-09 1792]
S3 QCPro;Logitech QuickCam Pro USB(PID_D001);c:\windows\system32\DRIVERS\p35u.sys [2005-09-22 116448]
.
Contents of the 'Scheduled Tasks' folder

2008-11-25 c:\windows\Tasks\User_Feed_Synchronization-{A40EC577-FA88-4318-A080-61D45CB7FAAA}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
- - - - ORPHANS REMOVED - - - -

BHO-{30a02444-5278-4611-8455-6f06239095f1} - (no file)
BHO-{754872B3-22C0-45F1-8490-549E9B393178} - (no file)
HKCU-Run-brastk - c:\windows\system32\brastk.exe
Notify-cbXNDSlJ - cbXNDSlJ.dll
SafeBoot-TDSSmqlt.sys


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\u6vqsap5.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 21:26:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\windows\twain_32\ScanWiz5\SDII.exe
c:\program files\Reality Fusion\Reality Fusion GameCam SE\Program\RFTray.exe
c:\program files\Real\RealPlayer\realplay.exe
c:\program files\Real\RealPlayer\realplay.exe
c:\program files\SBC Self Support Tool\bin\mpbtn.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-11-24 21:34:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-25 05:34:27

Pre-Run: 63,727,497,216 bytes free
Post-Run: 63,639,379,968 bytes free

233 --- E O F --- 2008-11-12 11:02:39


And here is my Latest HJThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:29:38, on 11/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\MetaTrader Data Center\mtdcsrv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Spybot