Infected with BOO/TDss.O. Now Iam getting IP addresses blicked.

[edobe]

Got infected with BOO/TDss.O while helping a customer. I managed to stop the process instantly. However, it already removed (or hide) files from my Start > All Programs as well as cleaned icons from my Quick Launch as well as it removed all of me restore points. SO I could not go back to a previous date.

My computer is running Windows XP SP3 and I had Avira running which managed to catch the virus (slightly late I assume). Then every time I was restarting the computer Avira was catching the BOO/TDss.O file and removing it without any success. After going through malwarebytes, bleepingcomputer and couple of other forums, I installed and ran rkill.exe, TDssKiller.exe, TDss Fix Tool from Symantec, MBRCheck and also manually removed some of the malicious entries from the registry file.

I installed Malwarebytes, which found some other instances and removed them. So to make it short, it looks clean now and I am using the Trial period of Malwarebytes with active protection and now I keep getting IP Addresses blocked (like 83.128.124.41 and 206.161.121.5).

I just read the posting http://forums.malwarebytes.org/index.php?showtopic=99663&st=60. Installed ComboFix, ran it and got the log file.

I have too many programs installed to do a clean windows installation but I would need to do it if I have to. At this point I need to make sure I don't have any backdoors open and I would much appreciate your help. Attached are TDSSKiller log file from 3 days ago and today's ComboFix log file.

Thanks!

ComboFix.txt

TDSSKiller.2.6.25.0_09.01.2012_13.54.44_log.txt

[edobe]

I was wondering if "No Reply" means that I should not worry about anything at this point.

Thanks!

[LDTate]

I'm not seeing anything bad in the scans

[edobe]

There was no reply and I wasn't sure if everything is OK with the scan. Thanks for the feedback. I really appreciate it.

[LDTate]

You're more than welcome.

Glad we were able to help

Peace be with you

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!