thanks for the help garmanma
heres my scans.........
Malwarebytes' Anti-Malware 1.41
Database version: 3264
Windows 5.1.2600 Service Pack 3
11/30/2009 10:02:10 PM
mbam-log-2009-11-30 (22-02-10).txt
Scan type: Quick Scan
Objects scanned: 103518
Time elapsed: 3 minute(s), 26 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
.......
SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 11/30/2009 at 09:56 PM
Application Version : 4.31.1000
Core Rules Database Version : 4322
Trace Rules Database Version: 2179
Scan type : Complete Scan
Total Scan Time : 00:21:40
Memory items scanned : 358
Memory threats detected : 0
Registry items scanned : 4189
Registry threats detected : 0
File items scanned : 26952
File threats detected : 5
Trojan.Agent/Gen
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\UNIBLUE\SPYERASER\QUARANTINE\MALWARE (GENERAL COMPONENTS)_30_11_2009_19_52_42.ASQ15724
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DRIVERS\UEUAZEPY.SYS.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E8CDA968-7954-4632-ADB1-98AF8C14FFC6}\RP19\A0001918.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E8CDA968-7954-4632-ADB1-98AF8C14FFC6}\RP20\A0006918.EXE
Trojan.Agent/Gen-PWS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E8CDA968-7954-4632-ADB1-98AF8C14FFC6}\RP20\A0006931.DLL
........
DrWeb.Txt
Process in memory: C:\Program Files\AVG\AVG9\avgchsvx.exe:124;;BackDoor.Tdss.565;Eradicated.;
.......
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/30 22:49
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: 8H6z4x28.sys
Image Path: C:\DOCUME~1\Owner\LOCALS~1\Temp\8H6z4x28.sys
Address: 0xB3189000 Size: 207744 File Visible: No Signed: -
Status: -
Name: atapi.sys
Image Path: atapi.sys
Address: 0xF73F0000 Size: 96512 File Visible: - Signed: -
Status: Hidden from the Windows API!
Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF72E5000 Size: 574976 File Visible: - Signed: -
Status: Hidden from the Windows API!
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB3297000 Size: 49152 File Visible: No Signed: -
Status: -
Hidden/Locked Files
-------------------
Path: c:\recycler\s-1-5-21-1275210071-2111687655-1801674531-1003\info2
Status: Size mismatch (API: 820, Raw: 20)
Path: C:\RECYCLER\S-1-5-21-1275210071-2111687655-1801674531-1003\Dc1.txt
Status: Visible to the Windows API, but not on disk.
Path: c:\windows\temp\485d8fd8-d215-480b-8073-0f917e0961a2.tmp
Status: Allocation size mismatch (API: 32768, Raw: 0)
SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xb560688e
#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xb56060ec
#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xb5605dce
#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xb5607938
#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xb5605ed8
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xb5605fc2
#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xb5606bbc
#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xb56063f4
#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys" at address 0xf7798470
#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xb5606526
#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xb5605bfc
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xb5606b04
#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys" at address 0xf77985c0
#: 274 Function Name: NtWriteFile
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xb560670c
#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys" at address 0xf7798660
Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x845226f0 Size: 103
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x846826f0 Size: 81
Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x84e7c560 Size: 1118
Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x84d58760 Size: 2209
Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x84d18ca0 Size: 864
Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x84fb2318 Size: 143
Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x84d2d200 Size: 1786
==EOF==