RootKit.TDSS keeps coming back - Please review my logs

[DKNY]

That didnt show me anything new ;(

You have hidden file set to be shown ?

zip up these two files and submit them to http://www.bleepingcomputer.com/submit-malware.php

c:\windows\system32\xvvvus.exe

c:\windows\system32\drivers\pciide.sys

Thanks

There's no xvvvus.exe file in system32 Lonney. I've just submitted pciide.sys file to bleepingcomputer

[LonnyRJ]

Copy the contents of the code (dont include the word code) box below into a new notepad document (not wordpad or another text editor).

Click file> save as...> call it check.bat > file types *all files*> and save it to your desktop.

For /F "TOKENS=*" %%g IN ('dir /s/a-d/b %windir%\iaStor.sys,%windir%\PCIIDEX.SYS,%windir%\pciide.sys,%windir%\atapi.sys'
) Do @echo "%%~g" %%~zg %%~tg >>report.txt 2>nul
reg query "HKLM\SYSTEM\CurrentControlSet\Services\evgffypx" >>report.txt 2>nul
dir /b/a C:\WINDOWS\system32\xvvvus.exe >>report.txt 2>nul
start notepad report.txt & exit

Run check.bat then post the text that will open please

[DKNY]

"C:\WINDOWS\$NtServicePackUninstall$\pciidex.sys" 25088 08/04/2004 07:00 AM

"C:\WINDOWS\$NtServicePackUninstall$\atapi.sys" 95360 08/04/2004 07:00 AM

"C:\WINDOWS\ServicePackFiles\i386\pciidex.sys" 24960 04/13/2008 01:40 PM

"C:\WINDOWS\ServicePackFiles\i386\atapi.sys" 96512 04/13/2008 01:40 PM

"C:\WINDOWS\system32\dllcache\atapi.sys" 96512 04/13/2008 01:40 PM

"C:\WINDOWS\system32\drivers\pciidex.sys" 24960 04/13/2008 01:40 PM

"C:\WINDOWS\system32\drivers\pciide.sys" 3328 08/04/2004 07:00 AM

"C:\WINDOWS\system32\drivers\atapi.sys" 96512 04/13/2008 01:40 PM

[LonnyRJ]

Download The Avenger2 by SwanDog46. http://swandog46.geekstogo.com/avenger.zip

Unzip avenger.exe to your desktop.

Copy the text in the following codebox by selecting all of it, and pressing (<Control> + C) or by right clicking and selecting "Copy"

(dont include the word code)

Comment: 
files to move:
C:\WINDOWS\ServicePackFiles\i386\atapi.sys |C:\WINDOWS\system32\drivers\atapi.sys

Note: this script is for this paticular member, do not use it unless you are DKNY, otherwise you could end up with an unbootable PC

Now start The Avenger2 by double clicking avenger.exe on your desktop.

Read the prompt that appears, and press OK.

Paste the script into the textbox that appears, using (<Control> + V) or by right clicking and choosing "Paste".

(what you pasted in must be at the very top) Press the "Execute" button.

You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot.

Note: It is possible that Avenger will reboot your system TWICE.

Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open.

Paste that log here in your next post.

Do a quickscan with Mbam and post its log.

[DKNY]

avenger and mbam's logs

avenger.txt

mbam_log_2009_09_30__16_04_10_.txt

[LonnyRJ]

PC running better ?

[DKNY]

PC running better ?

You're awesome Lonney. No more Bad Image error messages. Last night, I just realized that IE homepage default URL was set as go.microsoft.com/fwlink/?linkid=69157. So I did a quick search on google and found winsockxpfix which cured it.

Thank you so much for saving me.

[LonnyRJ]

You could have just used IE's option to change the homepage, no need for major surgery tools

Uninstall combofix, to do so go start run type (provided it is still on your desktop ?, if not get it there again)

combofix /u

and press enter, you should see a confirmation message ?

Give the pc a few days of use and post back ok ?