Virus and stop message

Discussion in 'SpywareBlaster & Other Forum' started by AintGeo, Feb 26, 2007.

Thread Status:
Not open for further replies.
  1. AintGeo

    AintGeo Registered Member

    Joined:
    Feb 22, 2007
    Posts:
    8
    Location:
    Home
    My error says I must report it. It does not say to whom. CounterSpy calls it TribalFusion, but I'm here because yesterday I found the Spyblaster CLSID info to add files. I searched my directories for over 7 hours and came up with a few. One surprised me when I installed "universal extractor". It happened to open when I was creating the email list to import to TreeViewer (I deleted it though). It was some kind of pop3uidl.dbx file that didn't seem to be in the right place. The other two were: NOLAUNCHSETUP and MSNCOMPLETED. These seemed appropriate because I always delete these icons and later reinstall with the User account setup. Anyway, I got that STOP error: sbaprfs.sys F7849204 base at F7846000 Datestamp 45ccad3b. There was more, but since I had to write fast that's all I got. Anyway all the work I did to delete duplicates and find files was a waste because it all has to be redone. Two kbfiles were found in my search: kb920213 and kb926239. I have the new install of XP SP2 that doesn't send separate kb updates. I haven't had time to find out if these are important. Other files that don't seem right are: local settings\temp\glbb.tmp and \gljd.tmp and \is-i9jee.tmp\is-oas56.tmp. These are in my "behavior blocking" applications from Kerio firewall. Strange! I didn't learn anything, so I read some more of your posts in Spyblaster. Someone said to try the rootkit revealer and I keep SysInternals files just for that reason. One of the commands: "dir\psexec \\remote -c dir\rootkitrevealer.exe -a c:\windows\rootkit.log" (I added the directories netted a winner! Like I said I don't know who gets this. 2 images attached. The machine is still Chugging along:cool: :cool: :cool:
     

    Attached Files:

  2. AintGeo

    AintGeo Registered Member

    Joined:
    Feb 22, 2007
    Posts:
    8
    Location:
    Home
    FOLLOW_UP: TO MY POST

    sbapifs.sys = DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATION
     
Thread Status:
Not open for further replies.