After a week of scans I still get Avast to report this file, type hidden services.
I downloaded and scanned my PC with as suggested with, because the avast start up detects nothing, and it takes almost 16 hours for a scan!!.

http://filehippo.com/download_malwarebytes_anti_malware/
http://filehippo.com/download_superantispyware/
Download and run ThreatExpert Memory Scanner from PCTools.

I use Avast Prof and the latest updates.

Avast reports this after a few minutes.
I use XP Prof, Quad Core 660, 2G Ram, and use IPCop running on a VMware virtual machine, on my linux server. The windows firewall is switched off, as I have IPcop.

Some sites report this as a false alarm from Avast, but I am very nervous about it.

[font=Segoe UI]What are the results of your MBAM , SAS and ThreatExpert MemScan? Please attach the logs on your next reply and give us a better overview of the problem.

1 What was the suspicious file?
2 How was the suspicious file related to the problem?

1. The logs are:
   Malwarebytes’ Anti-Malware 1.41
   Database version: 3260
   Windows 5.1.2600 Service Pack 3

2009/11/30 05:43:24 PM
mbam-log-2009-11-30 (17-43-24).txt

Scan type: Full Scan (C:|D:|)
Objects scanned: 23076
Time elapsed: 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
//====================================
Scan details:
Scan started: Monday, November 30, 2009 17:51:15
Scan time: 01 minutes, 44 seconds
Number of memory objects scanned: 9012
processes: 52
modules: 2338
heap pages: 6622
Number of suspicious memory objects detected: 0
Number of malicious memory objects detected: 0
Overall Risk Level: Safe
Summary of the detected threat characteristics:
No suspicious characteristics detected.
Summary of the detected memory objects:
No suspicious memory objects detected.

SAS Also did not detect any, this ones that it did in the beginning was removed:

However I did save the first run, maybe it can help
Malwarebytes’ Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

2009/11/20 08:42:02 PM
mbam-log-2009-11-20 (20-41-28).txt

Scan type: Quick Scan
Objects scanned: 122665
Time elapsed: 4 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\orb.ta (Trojan.BHO) → No action taken.
HKEY_CLASSES_ROOT\orb.ta.1 (Trojan.BHO) → No action taken.
HKEY_CLASSES_ROOT\Interface{21eeb010-57f3-11dd-b116-dad055d89593} (Trojan.BHO) → No action taken.
HKEY_CLASSES_ROOT\CLSID{ada8c222-95d2-47b5-950b-aebc0a508839} (Trojan.BHO) → No action taken.
HKEY_CLASSES_ROOT\CLSID{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) → No action taken.
HKEY_CLASSES_ROOT\Typelib{1b7f9329-aaf9-4e34-8ecf-c363fd3c60cf} (Trojan.BHO) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{ada8c222-95d2-47b5-950b-aebc0a508839} (Trojan.BHO) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TDSSdata (Trojan.Agent) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\TDSS (Trojan.Agent) → No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\netstats (Backdoor.Bot) → No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TDSSserv.sys (Rootkit.TDSS) → No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) → No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) → Bad: (1) Good: (0) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) → Bad: (1) Good: (0) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) → Bad: (1) Good: (0) → No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\autorun.inf (SuspectAutorun.Rootdrive.H) → No action taken.
C:\WINDOWS\ctfmon.exe (Trojan.Agent) → No action taken.
C:\WINDOWS\system\ctfmon.exe (Trojan.Agent) → No action taken.
C:\WINDOWS\system32\TDSSqekn.dll (Rootkit.TDSS) → No action taken.
C:\WINDOWS\system32\TDSSqrwn.log (Rootkit.TDSS) → No action taken.

2. The files was deleted. However Avast never reported it, and it was only detected when I ran the extra programs, as I was under the impressing avast will take care of it.

3. The file name is ??, where does Avast save it, because the I could not find it. Please tell me then I will send it along.

4. The only ID I have is that Avast pick this up during a background scan, ask permission to submit , then reply that a virus is in memory, ask you to reboot and then is scans for 15 hours. I dont know what is the result, because I only see the XP login, as I cannot wait that long.

Thanks

Your second scan with MBAM was a ’ full ’ scan yet it only lasted 42 seconds, that cannot be right, are you sure the program wasn’t terminated early.I would scan again, these TDSS rootkits are very nasty

I do not think MBAM is capable of removing/seeing the rootkit, which will be in windows/system32/drivers/#######/sys

You can post a log from Rootrepeal if you wish
Open the program > click report > scan > tick all the boxes > ok > tick C drive, post the log as an attachment in ‘additional Options’

http://rootrepeal.googlepages.com/