possible rootkit infection not detected by malwarebytes

[mooneym20]

I have tried everything and short of a complete reformat - this is the last resort. I hope you are able to advise me as to what I need to do.

mooneym20

DDS (Ver_10-11-10.01) - NTFSx86

Run by Owner at 17:54:51.20 on Wed 11/10/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.533 [GMT -5:00]

AV: AVG Internet Security 3-pack *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\system32\TCtrlIOHook.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\AVG\AVG9\avgfws9.exe

C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Common Files\AOL\1202459479\ee\AOLSoftware.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\Pure Networks\Network Magic\nmapp.exe

C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

c:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Owner\My Documents\Downloads\6lfbb6bi.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Owner\My Documents\Downloads\dds.com

C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.start.earthlink.net

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://www.start.earthlink.net

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

mURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {47833539-D0C5

Attach.zip

[negster22]

Hi mooneym20 and Welcome to the Malwarebytes' Forum,

I have tried everything

Please elaborate on what You've tried. I see You have two active antivirus's installed AVG and Lavasoft - VERY IMPORTANT -Please remove one of them or serious system instability can result!!!

What makes You think that You have a "possible rootkit infection not detected by malwarebytes"?

Your DDS.txt log is incomplete:

Please post the FULL log, and if you did not save it, run DDS.SCR to recreate it. Then copy/paste it into your next reply.

Please follow the directions to perform a Gmer Rootkit Scan HERE and post the scan log into your next reply.

I'll be able to help You better when I see those results. Thanks!