sllydell

When i try to run DDS it just opens and closes and doesn't produce any output. I made sure it was unblocked by right clicking on it and selecting unblock but that didn't see to do the trick. any suggestions?

I can't seem to get rootkit off my machine. Here are the logs from anti-malware and GMER GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-01-22 20:48:30 Windows 5.1.2600 Service Pack 2 Running: wv447288.exe; Driver: C:\DOCUME~1\bbuckey\LOCALS~1\Temp\pwlyiaog.sys ---- System - GMER 1.0.15 ---- INT 0x01 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) F6FEE59A INT 0x03 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) F6FEE655 Code 8465D920 ZwEnumerateKey Code 84644E68 ZwFlushInstructionCache Code 8461DADE IofCallDriver Code 846719EE IofCompleteRequest ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) ---- Modules - GMER 1.0.15 ---- Module \systemroot\system32\drivers\H8SRTmhgtelcfig.sys (*** hidden *** ) ED666000-ED683000 (118784 bytes) ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\drivers\H8SRTmhgtelcfig.sys (*** hidden *** ) [sYSTEM] H8SRTd.sys <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTmhgtelcfig.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@group file system Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTmhgtelcfig.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTexclnrrvbj.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTkbyktmyoly.dat Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTinyrsdqtyv.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtmsg \\?\globalroot\systemroot\system32\H8SRTeacmiocqrl.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTdbswaajuse.dll Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@start 1 Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@type 1 Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTmhgtelcfig.sys Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@group file system Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTmhgtelcfig.sys Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTexclnrrvbj.dll Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTkbyktmyoly.dat Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTinyrsdqtyv.dll Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtmsg \\?\globalroot\systemroot\system32\H8SRTeacmiocqrl.dll Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTdbswaajuse.dll ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\All Users\Application Data\h8srtkrl32mainweq.dll 646 bytes File C:\Documents and Settings\bbuckey\Local Settings\Temp\h8srtmainqt.dll 0 bytes File C:\Documents and Settings\bbuckey\Local Settings\Temp\MPSampleSubmit\h8srteacmiocqrl.dll.xor 16896 bytes File C:\Documents and Settings\bbuckey\Local Settings\Temp\MPSampleSubmit\h8srteacmiocqrl_1.dll.xor 16896 bytes File C:\Documents and Settings\bbuckey\Local Settings\Temp\H8SRTcfc0.tmp 343040 bytes executable File C:\WINDOWS\system32\drivers\H8SRTmhgtelcfig.sys 40960 bytes executable <-- ROOTKIT !!! File C:\WINDOWS\system32\H8SRTdbswaajuse.dll 40960 bytes executable File C:\WINDOWS\system32\H8SRTeacmiocqrl.dll 16896 bytes executable File C:\WINDOWS\system32\H8SRTexclnrrvbj.dll 23552 bytes executable File C:\WINDOWS\system32\H8SRTinyrsdqtyv.dll 27136 bytes executable File C:\WINDOWS\system32\H8SRTkbyktmyoly.dat 251 bytes File C:\WINDOWS\system32\h8srtkrl32mainweq.dll 765 bytes File C:\WINDOWS\system32\h8srtshsyst.dll 1048 bytes ---- EOF - GMER 1.0.15 ---- Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: \\?\globalroot\systemroot\system32\H8SRTeacmiocqrl.dll (Rootkit.TDSS.Gen) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: \\?\globalroot\systemroot\system32\H8SRTeacmiocqrl.dll (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.

I have a rootkit.tdss on my machine right now and i can't seem to remove it. maleware detects a portion of the rootkit removes it on a reboot however as soon as i connect my machine to the internet it is downloaded again causing problems with firefox, my anit virus software and firewall. I don't have the logs at this time but will post them as soon as i get a chance. I was wondering if anyone