jmob

The dll file had to be modified to run vista sidebar app on xp machine

Well I only get the popup from one site that i visit and that is myspace mobsters app I have stated this all along as well as my friends computer that has a fresh install of vista also got it when I was at his house. I just dont think its any type of malware.

Complete scanning result of "sfcfiles.dll", processed in VirusTotal at 05/23/2010 23:58:18 (CET). [ file data ] * name..: sfcfiles.dll * size..: 1614848 * md5...: 362bc5af8eaf712832c58cc13ae05750 * sha1..: c8c2d44f34115f27f10bc435dd986d4eff00fe3f * peid..: - [ scan result ] a-squared 4.5.0.50/20100510 found nothing AhnLab-V3 2010.05.23.00/20100522 found nothing AntiVir 8.2.1.242/20100523 found nothing Antiy-AVL 2.0.3.7/20100521 found nothing Authentium 5.2.0.5/20100523 found nothing Avast 4.8.1351.0/20100523 found nothing Avast5 5.0.332.0/20100523 found nothing AVG 9.0.0.787/20100523 found nothing BitDefender 7.2/20100523 found nothing CAT-QuickHeal 10.00/20100521 found nothing ClamAV 0.96.0.3-git/20100522 found nothing Comodo 4920/20100523 found nothing DrWeb 5.0.2.03300/20100523 found nothing eSafe 7.0.17.0/20100523 found nothing eTrust-Vet 35.2.7503/20100521 found nothing F-Prot 4.6.0.103/20100523 found nothing F-Secure 9.0.15370.0/20100523 found nothing Fortinet 4.1.133.0/20100523 found nothing GData 21/20100523 found nothing Ikarus T3.1.1.84.0/20100523 found nothing Jiangmin 13.0.900/20100522 found nothing Kaspersky 7.0.0.125/20100523 found nothing McAfee 5.400.0.1158/20100523 found nothing McAfee-GW-Edition 2010.1/20100523 found nothing Microsoft 1.5802/20100523 found nothing NOD32 5139/20100523 found nothing Norman 6.04.12/20100523 found nothing nProtect 2010-05-23.01/20100523 found nothing Panda 10.0.2.7/20100523 found nothing PCTools 7.0.3.5/20100523 found nothing Rising 22.48.06.04/20100523 found nothing Sophos 4.53.0/20100523 found nothing Sunbelt 6343/20100523 found nothing Symantec 20101.1.0.89/20100523 found nothing TheHacker 6.5.2.0.285/20100523 found nothing TrendMicro 9.120.0.1004/20100523 found nothing TrendMicro-HouseCall 9.120.0.1004/20100523 found nothing VBA32 3.12.12.5/20100522 found nothing ViRobot 2010.5.20.2326/20100523 found nothing VirusBuster 5.0.27.0/20100523 found nothing

File has already been analysed: MD5: 362bc5af8eaf712832c58cc13ae05750 First received: 2009.05.04 04:25:13 UTC Date: 2010.05.09 10:06:46 UTC [>14D] Results: 0/41 sfcfiles.dll received on 2010.05.09 10:06:46 (UTC) Current status: finished Result: 0/41 (0.00%)

SystemLook v1.0 by jpshortstuff (11.01.10) Log created at 17:35 on 23/05/2010 by Administrator (Administrator - Elevation successful) ========== filefind ========== Searching for "*sfcfiles*" C:\i386\SFCFILES.DL_ -ra--c 80171 bytes [20:34 23/05/2010] [18:42 11/02/2010] 420E1B7B51331957FAEAD955FD33D838 C:\WINDOWS\system32\sfcfiles.dll ------ 1614848 bytes [22:30 11/02/2010] [13:42 11/02/2010] 362BC5AF8EAF712832C58CC13AE05750 -=End Of File=-

well this is a netbook and has no cd drive xp was installed from a flash drive that has been formated since installation but the cd I am using to burn image to flash drive is the same as the original xp cd i used when I installed xp on this netbook

it keeps asking for win install cd and when I put it in it says it's the wrong cd

15:57:43:328 4720 TDSS rootkit removing tool 2.3.0.0 May 12 2010 18:11:17 15:57:43:328 4720 ================================================================================ 15:57:43:328 4720 SystemInfo: 15:57:43:328 4720 OS Version: 5.1.2600 ServicePack: 3.0 15:57:43:328 4720 Product type: Workstation 15:57:43:328 4720 ComputerName: NETBOOK 15:57:43:328 4720 UserName: Administrator 15:57:43:328 4720 Windows directory: C:\WINDOWS 15:57:43:328 4720 Processor architecture: Intel x86 15:57:43:328 4720 Number of processors: 2 15:57:43:328 4720 Page size: 0x1000 15:57:43:328 4720 Boot type: Normal boot 15:57:43:328 4720 ================================================================================ 15:57:43:343 4720 UnloadDriverW: NtUnloadDriver error 2 15:57:43:343 4720 ForceUnloadDriverW: UnloadDriverW(klmd23) error 2 15:57:43:359 4720 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system 15:57:43:359 4720 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 15:57:43:359 4720 wfopen_ex: Trying to KLMD file open 15:57:43:359 4720 wfopen_ex: File opened ok (Flags 2) 15:57:43:359 4720 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software 15:57:43:359 4720 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 15:57:43:359 4720 wfopen_ex: Trying to KLMD file open 15:57:43:359 4720 wfopen_ex: File opened ok (Flags 2) 15:57:43:359 4720 KLAVA engine initialized 15:57:43:656 4720 Initialize success 15:57:43:656 4720 15:57:43:656 4720 Scanning Services ... 15:57:43:890 4720 Raw services enum returned 384 services 15:57:43:906 4720 15:57:43:906 4720 Scanning Drivers ... 15:57:44:093 4720 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 15:57:44:125 4720 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 15:57:44:171 4720 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys 15:57:44:234 4720 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 15:57:44:296 4720 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 15:57:44:437 4720 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys 15:57:44:562 4720 AR5416 (41074707ba49d02e240c7b960217aabe) C:\WINDOWS\system32\DRIVERS\athw.sys 15:57:44:656 4720 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 15:57:44:687 4720 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys 15:57:44:750 4720 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 15:57:44:796 4720 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 15:57:44:859 4720 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 15:57:44:921 4720 btaudio (2c04f295f7f40eb46f7accd3f6cdef4a) C:\WINDOWS\system32\drivers\btaudio.sys 15:57:45:000 4720 BTKRNL (75130181fa2fd6cbe83083c5311abe78) C:\WINDOWS\system32\DRIVERS\btkrnl.sys 15:57:45:046 4720 btwhid (c51d50cf24da69a9c499e65b0edb3bb7) C:\WINDOWS\system32\DRIVERS\btwhid.sys 15:57:45:078 4720 BVRPMPR5 (51b327292408b5f3a42e295bce055859) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS 15:57:45:265 4720 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 15:57:45:312 4720 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 15:57:45:343 4720 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 15:57:45:406 4720 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 15:57:45:421 4720 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 15:57:45:484 4720 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 15:57:45:562 4720 COH_Mon (6186b6b953bdc884f0f379b84b3e3a98) C:\WINDOWS\system32\Drivers\COH_Mon.sys 15:57:45:562 4720 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 15:57:45:625 4720 CO_Mon (73f5d6835bfa66019c03e316d99649da) C:\WINDOWS\system32\drivers\CO_Mon.sys 15:57:45:687 4720 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 15:57:45:765 4720 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 15:57:45:796 4720 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 15:57:45:812 4720 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 15:57:45:859 4720 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 15:57:45:875 4720 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 15:57:46:015 4720 eeCtrl (96bcd90ed9235a21629effde5e941fb1) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 15:57:46:046 4720 EraserUtilRebootDrv (392c86f6b45c0bc696c32c27f51e749f) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 15:57:46:093 4720 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 15:57:46:109 4720 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 15:57:46:140 4720 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 15:57:46:140 4720 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 15:57:46:187 4720 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 15:57:46:203 4720 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 15:57:46:218 4720 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 15:57:46:265 4720 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 15:57:46:312 4720 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 15:57:46:390 4720 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 15:57:46:437 4720 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 15:57:46:515 4720 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 15:57:46:593 4720 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 15:57:46:796 4720 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 15:57:46:921 4720 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\WINDOWS\system32\DRIVERS\iaStor.sys 15:57:46:984 4720 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 15:57:47:203 4720 IntcAzAudAddService (3fa02c6e3e9ebe8523a2d4e51d0ece1f) C:\WINDOWS\system32\drivers\RtkHDAud.sys 15:57:47:296 4720 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 15:57:47:312 4720 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 15:57:47:343 4720 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 15:57:47:390 4720 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 15:57:47:421 4720 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 15:57:47:453 4720 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 15:57:47:484 4720 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 15:57:47:546 4720 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 15:57:47:593 4720 ISODrive (2f03ceb28307983f3b36216d35ffa5aa) C:\Program Files\UltraISO\drivers\ISODrive.sys 15:57:47:656 4720 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 15:57:47:734 4720 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 15:57:47:781 4720 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys 15:57:47:828 4720 L1c (bb5ef34bcf516faa11193826c5b468ad) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys 15:57:47:890 4720 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 15:57:47:937 4720 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 15:57:48:015 4720 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys 15:57:48:093 4720 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 15:57:48:140 4720 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 15:57:48:187 4720 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 15:57:48:218 4720 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 15:57:48:281 4720 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 15:57:48:296 4720 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 15:57:48:343 4720 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 15:57:48:375 4720 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 15:57:48:421 4720 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 15:57:48:453 4720 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 15:57:48:484 4720 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 15:57:48:515 4720 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 15:57:48:546 4720 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 15:57:48:734 4720 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100523.004\NAVENG.SYS 15:57:48:828 4720 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100523.004\NAVEX15.SYS 15:57:48:968 4720 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 15:57:49:000 4720 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 15:57:49:031 4720 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 15:57:49:062 4720 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 15:57:49:078 4720 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 15:57:49:093 4720 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 15:57:49:109 4720 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 15:57:49:140 4720 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 15:57:49:171 4720 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys 15:57:49:187 4720 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 15:57:49:250 4720 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 15:57:49:296 4720 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 15:57:49:328 4720 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 15:57:49:359 4720 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 15:57:49:437 4720 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 15:57:49:453 4720 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 15:57:49:515 4720 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 15:57:49:531 4720 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys 15:57:49:562 4720 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 15:57:49:562 4720 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 15:57:49:625 4720 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 15:57:49:656 4720 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 15:57:49:703 4720 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 15:57:49:812 4720 pnarp (ce27fc8bdc54b3ac63d53e2d5f6cc929) C:\WINDOWS\system32\DRIVERS\pnarp.sys 15:57:49:843 4720 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 15:57:49:859 4720 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 15:57:49:890 4720 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 15:57:49:921 4720 purendis (f4fd591e86ecb6b5d000c7d6c987416b) C:\WINDOWS\system32\DRIVERS\purendis.sys 15:57:49:968 4720 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\WINDOWS\system32\Drivers\PxHelp20.sys 15:57:50:046 4720 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 15:57:50:109 4720 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 15:57:50:125 4720 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 15:57:50:156 4720 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 15:57:50:187 4720 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 15:57:50:203 4720 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 15:57:50:250 4720 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 15:57:50:281 4720 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 15:57:50:328 4720 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 15:57:50:390 4720 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys 15:57:50:421 4720 RSUSBSTOR (7ffa9821b1c5e0e0667e0a2685cfb89f) C:\WINDOWS\system32\Drivers\RtsUStor.sys 15:57:50:468 4720 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 15:57:50:500 4720 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 15:57:50:531 4720 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 15:57:50:578 4720 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 15:57:50:671 4720 SNP2UVC (59c9b920a1767cb857c5fb2e1e66e7e4) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys 15:57:50:859 4720 SPBBCDrv (dc4dc886d3779c446f9b0e9d6b006e72) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 15:57:50:921 4720 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 15:57:50:984 4720 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 15:57:51:015 4720 SRTSP (e0e54a571d4323567e95e11fe76a5ff3) C:\WINDOWS\system32\Drivers\SRTSP.SYS 15:57:51:046 4720 SRTSPL (4e44f0e22df824d318988caa6f321c30) C:\WINDOWS\system32\Drivers\SRTSPL.SYS 15:57:51:093 4720 SRTSPX (d3bb40427cf3d02e56bba97feda0a3aa) C:\WINDOWS\system32\Drivers\SRTSPX.SYS 15:57:51:156 4720 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys 15:57:51:203 4720 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 15:57:51:250 4720 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 15:57:51:296 4720 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 15:57:51:343 4720 SYMDNS (fe9f8b3a8bc22d85332b42e92308ddf9) C:\WINDOWS\System32\Drivers\SYMDNS.SYS 15:57:51:406 4720 SymEvent (06b95820df51502099a8a15c93e87986) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 15:57:51:437 4720 SYMFW (a0ea9d273889e53cfaabf2444692ccbf) C:\WINDOWS\System32\Drivers\SYMFW.SYS 15:57:51:437 4720 SYMIDS (23527b9cd4f7b9e31160e98d340e7e85) C:\WINDOWS\System32\Drivers\SYMIDS.SYS 15:57:51:656 4720 SYMIDSCO (d65255d470cd5103cce573cd7b5a88d2) C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20100513.001\SymIDSCo.sys 15:57:51:765 4720 SymIM (b54f7959afb4aaf1a8c589b0aa7fde02) C:\WINDOWS\system32\DRIVERS\SymIM.sys 15:57:51:765 4720 SymIMMP (b54f7959afb4aaf1a8c589b0aa7fde02) C:\WINDOWS\system32\DRIVERS\SymIM.sys 15:57:51:796 4720 SYMNDIS (d605af3a380a83f4a562f1ad3ee19ecd) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS 15:57:51:812 4720 SYMREDRV (7c6505ea598e58099d3b7e1f70426864) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 15:57:51:828 4720 SYMTDI (e6ff7ace71d07ca90119f2c6ab592ba4) C:\WINDOWS\System32\Drivers\SYMTDI.SYS 15:57:51:906 4720 SynTP (e09c6ae9f84b5985979046e0a5896584) C:\WINDOWS\system32\DRIVERS\SynTP.sys 15:57:51:968 4720 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 15:57:52:031 4720 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 15:57:52:109 4720 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys 15:57:52:171 4720 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 15:57:52:187 4720 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 15:57:52:250 4720 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 15:57:52:312 4720 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys 15:57:52:343 4720 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 15:57:52:406 4720 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 15:57:52:453 4720 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 15:57:52:500 4720 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 15:57:52:515 4720 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 15:57:52:578 4720 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 15:57:52:625 4720 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:57:52:671 4720 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 15:57:52:718 4720 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 15:57:52:781 4720 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 15:57:52:828 4720 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 15:57:52:843 4720 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 15:57:52:906 4720 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys 15:57:52:953 4720 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys 15:57:53:015 4720 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 15:57:53:062 4720 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 15:57:53:078 4720 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 15:57:53:125 4720 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 15:57:53:140 4720 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 15:57:53:156 4720 15:57:53:156 4720 Completed 15:57:53:156 4720 15:57:53:156 4720 Results: 15:57:53:156 4720 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 15:57:53:156 4720 File objects infected / cured / cured on reboot: 0 / 0 / 0 15:57:53:156 4720 15:57:53:156 4720 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system 15:57:53:156 4720 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software 15:57:53:156 4720 KLMD(ARK) unloaded successfully

and you told me to remove java but most programs require that platform to correctly run so when should I reinstall java

that post was started Feb 2 2006, 05:35 PM over 4 years ago I do not have issues with my system files being corrupt. I have a multiboot system and have removed some of the other os's from my computer so there may still be files from the deleted os but that not going to cause problems with browsing the net. I just get this redirect to http://7e556.virus-radar7.com/content1/fssudp/plvwwqwsjx from myspace app. I have got it on 4 computers at my house and a friends brand new computer at his house. Do you think I am just getting redirects from third party's through myspace apps?

it was kind long so I attached it also in case it did run off the post ComboFix 10-05-22.03 - Administrator 05/23/2010 14:00:33.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1446 [GMT -4:00] Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe AV: Norton 360 *On-access scanning disabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4} FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\Application Data\Microsoft\HTML Help\hh.dat c:\windows\Downloaded Program Files\popcaploader.dll c:\windows\Downloaded Program Files\popcaploader.inf c:\windows\system32\Desktop_.ini . ((((((((((((((((((((((((( Files Created from 2010-04-23 to 2010-05-23 ))))))))))))))))))))))))))))))) . 2010-05-23 02:55 . 2010-05-23 02:56 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-05-22 23:59 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-22 23:59 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-11 00:33 . 2010-05-11 00:46 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temporary Projects 2010-05-03 22:45 . 2010-05-03 22:45 -------- dc----w- c:\documents and settings\Administrator\Application Data\Nvu 2010-04-28 21:16 . 2010-04-28 21:16 -------- dc----w- c:\documents and settings\All Users\Application Data\Norton . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-23 16:25 . 2010-02-19 03:04 -------- dc----w- c:\program files\Common Files\Symantec Shared 2010-05-23 00:50 . 2010-02-12 05:28 -------- dc----w- c:\program files\Common Files\Adobe 2010-05-22 23:59 . 2010-02-14 01:17 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-22 17:45 . 2010-03-10 20:56 -------- dc----w- c:\program files\eMule 2010-05-22 05:01 . 2010-02-19 03:06 -------- dc----w- c:\documents and settings\All Users\Application Data\Symantec 2010-05-15 19:31 . 2010-02-14 01:17 -------- dc----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-05-12 07:03 . 2010-02-17 19:59 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-05-03 23:32 . 2010-03-12 20:54 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-04-10 18:24 . 2010-04-10 18:24 -------- dc----w- c:\program files\VB Decompiler Pro 2010-04-10 18:13 . 2010-04-10 18:13 -------- dc----w- c:\program files\Common Files\SourceTec 2010-04-10 18:13 . 2010-04-10 18:13 -------- dc----w- c:\program files\SourceTec 2010-04-10 14:05 . 2010-04-10 14:05 -------- dc----w- c:\documents and settings\All Users\Application Data\PopCap 2010-04-10 14:01 . 2010-04-10 14:01 -------- dc----w- c:\program files\PopCap Games 2010-04-10 13:02 . 2010-04-10 13:02 -------- dc----w- c:\program files\Support Tools 2010-04-09 14:03 . 2010-04-09 14:03 -------- dc----w- c:\program files\NeoSmart Technologies 2010-04-06 09:12 . 2010-04-16 05:48 114360 -c--a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2jpyefkl.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll 2010-04-05 02:07 . 2010-03-09 07:21 -------- dc----w- c:\documents and settings\All Users\Application Data\FLEXnet 2010-03-30 06:47 . 2010-02-12 07:13 -------- dc----w- c:\program files\Windows Live 2010-03-30 06:16 . 2010-03-30 06:16 -------- dc----w- c:\program files\everest 2010-03-29 23:00 . 2010-03-02 22:52 -------- dc----w- c:\program files\Microsoft Visual Studio 8 2010-03-29 22:44 . 2010-03-29 22:43 -------- dc----w- c:\program files\JDownloader 0.6.193 2010-03-29 01:49 . 2010-02-12 06:48 -------- dc----w- c:\program files\Windows Desktop Search 2010-03-29 01:26 . 2010-02-12 04:30 -------- dc-h--w- c:\program files\InstallShield Installation Information 2010-03-26 01:59 . 2010-03-26 01:59 -------- dc----w- c:\program files\Boson Software 2010-03-26 01:59 . 2010-03-26 01:59 -------- dc----w- c:\documents and settings\All Users\Application Data\Boson Software 2010-03-12 05:46 . 2010-02-12 05:36 71928 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-10 06:15 . 2010-02-11 22:31 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-03 00:47 . 2010-02-28 23:05 1605864 ----a-w- c:\windows\system32\drivers\ts_athw.sys 2010-02-25 06:24 . 2010-02-11 22:32 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2010-02-11 22:27 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-23 00:57 . 2010-02-19 03:06 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2010-02-23 00:57 . 2010-02-19 03:06 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2008-06-30 18:44 . 2010-02-19 10:43 324976 -c--a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll . ------- Sigcheck ------- [-] 2010-02-11 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208] "snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2009-02-16 196608] "snuvcdsm"="c:\windows\snuvcdsm.exe" [2009-08-10 27184] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-09-03 1557800] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752] "RTHDCPL"="RTHDCPL.EXE" [2009-08-24 18702336] "AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-18 53248] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048] "osCheck"="c:\program files\Norton\osCheck.exe" [2008-02-26 988512] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk backup=c:\windows\pss\Bluetooth.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2008-06-12 03:43 640376 -c--a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher] 2008-06-12 07:25 37232 -c--a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2008-08-14 12:58 611712 -c--a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-03-30 05:50 136176 -c--atw- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] 2006-11-13 18:39 1289000 -c--a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 21:44 3883856 -c--a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth] 2008-12-12 23:06 642856 -c--a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "67:UDP"= 67:UDP:DHCP Discovery Service "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "5353:TCP"= 5353:TCP:Adobe CSI CS4 "3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 3:37 PM 149352] R3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 10:32 PM 23888] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/25/2010 10:13 PM 102448] R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/2/2009 2:03 PM 49664] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2/14/2010 11:55 PM 162816] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 6:46 AM 284016] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/12/2010 12:43 AM 1684736] S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?] --- Other Services/Drivers In Memory --- *NewlyCreated* - COMHOST [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}] 2007-07-28 13:53 1230848 -c--a-w- c:\program files\Windows Sidebar\sidebar.exe . Contents of the 'Scheduled Tasks' folder 2010-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-839522115-515967899-500Core.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-30 05:50] 2010-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-839522115-515967899-500UA.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-30 05:50] 2010-05-23 c:\windows\Tasks\User_Feed_Synchronization-{F0568526-1B19-43CB-A376-CC54BFCF21F3}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2jpyefkl.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.mirostart.com/s/?src=FF-Address&site=Yahoo!&cfg=2-73-0-0&q= FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2jpyefkl.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true. - - - - ORPHANS REMOVED - - - - MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-23 14:07 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-583907252-839522115-515967899-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f1,0a,ed,4e,86,f3,0b,4e,96,d9,2b,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f1,0a,ed,4e,86,f3,0b,4e,96,d9,2b,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f1,0a,ed,4e,86,f3,0b,4e,96,d9,2b,\ . Completion time: 2010-05-23 14:11:36 ComboFix-quarantined-files.txt 2010-05-23 18:11 Pre-Run: 74,864,406,528 bytes free Post-Run: 74,883,805,184 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT - - End Of File - - BAE212D57D29076562BF4A00A7F5C2B4 combo_fixlog.txt

Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4131 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 5/22/2010 11:22:32 PM mbam-log-2010-05-22 (23-22-32).txt Scan type: Quick scan Objects scanned: 119184 Time elapsed: 6 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

well I just booted in safe mode w/networking and was able to update mbam so i will post the results in a few minutes

JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sat May 22 20:29:05 2010 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500} ------------------------------------ Finished reporting.

Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4052 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 5/22/2010 9:18:03 PM mbam-log-2010-05-22 (21-18-03).txt Scan type: Quick scan Objects scanned: 117358 Time elapsed: 7 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ROOTREPEAL © AD, 2007-2010 ================================================== Report Save Time: 2010/05/22 21:27 Program Version: Version 2.0.0.0 Windows Version: Windows XP SP3 ================================================== DRIVERS ------------------- File Invisible dump_iaStor.sys 0xa029e000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys, 843776 bytes File Invisible rootrepeal.sys 0x9df53000 C:\WINDOWS\system32\drivers\rootrepeal.sys, 49152 bytes PROCESSES ------------------- 4 - System 252 - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe 348 - C:\WINDOWS\system32\spoolsv.exe 448 - C:\WINDOWS\system32\svchost.exe 528 - C:\Program Files\Common Files\LightScribe\LSSrvc.exe 612 - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 640 - C:\WINDOWS\system32\svchost.exe 652 - C:\WINDOWS\system32\svchost.exe 696 - C:\WINDOWS\system32\svchost.exe 716 - C:\WINDOWS\system32\wbem\wmiprvse.exe 720 - C:\WINDOWS\system32\svchost.exe 868 - C:\Documents and Settings\Administrator\My Documents\My ISO Files\My ISO Files\Downloads\Defogger.exe 876 - C:\WINDOWS\system32\smss.exe 1024 - C:\Program Files\Microsoft ActiveSync\wcescomm.exe 1092 - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe 1104 - C:\WINDOWS\explorer.exe 1136 - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE 1204 - C:\WINDOWS\system32\wbem\unsecapp.exe 1272 - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe 1380 - C:\WINDOWS\system32\svchost.exe 1464 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 1500 - C:\PROGRA~1\MI3AA1~1\rapimgr.exe 1520 - C:\WINDOWS\system32\csrss.exe 1544 - C:\WINDOWS\system32\winlogon.exe 1588 - C:\WINDOWS\system32\services.exe 1600 - C:\WINDOWS\system32\lsass.exe 1768 - C:\WINDOWS\system32\svchost.exe 1832 - C:\WINDOWS\system32\svchost.exe 1872 - C:\WINDOWS\system32\svchost.exe 1932 - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe 2100 - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe 2332 - C:\WINDOWS\snuvcdsm.exe 2344 - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 2500 - C:\WINDOWS\system32\igfxtray.exe 2508 - C:\WINDOWS\system32\hkcmd.exe 2516 - C:\WINDOWS\system32\igfxpers.exe 2532 - C:\WINDOWS\RTHDCPL.EXE 2612 - C:\WINDOWS\system32\igfxsrvc.exe 2656 - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe 2760 - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE 2840 - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe 2848 - C:\WINDOWS\system32\alg.exe 3136 - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe 3300 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE 3844 - C:\Documents and Settings\Administrator\My Documents\My ISO Files\My ISO Files\Downloads\RootRepeal.exe 4040 - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 4052 - C:\WINDOWS\system32\ctfmon.exe 4072 - C:\Program Files\RocketDock\RocketDock.exe FILES ------------------- Locked C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\EXCMAW6Q.NW8\VMCVNCHR.YPT\manifests\clickonce_bootstrap.exe.cdf-ms Locked C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\EXCMAW6Q.NW8\VMCVNCHR.YPT\manifests\clickonce_bootstrap.exe.manifest Mismatch C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat, Allocation size mismatch (API: 104410861148500096, Raw: 4096) Mismatch C:\Documents and Settings\All Users\Application Data\Pure Networks\Log\Gateway-00-1F-33-C1-6A-E6.txt, Allocation size mismatch (API: 104410861148500096, Raw: 0) Mismatch C:\Documents and Settings\All Users\Application Data\Pure Networks\Log\logfile.nmctxth_exe.txt, Size mismatch (API: 2648, Raw: 2466) Mismatch C:\Documents and Settings\All Users\Application Data\Pure Networks\Log\logfile.nmsrvc_exe.txt, Size mismatch (API: 66056, Raw: 65222) Mismatch C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.DAT, Allocation size mismatch (API: 104410861148500096, Raw: 1085440) Mismatch C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\MSHist012010051020100517\index.dat, Allocation size mismatch (API: 104410861148500096, Raw: 16384) Mismatch C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\MSHist012010051820100519\index.dat, Allocation size mismatch (API: 104410861148500096, Raw: 16384) STEALTH CODE ------------------- HIDDEN SERVICES ------------------- DDS.txt