Inactive [InActive] Virus Redirecting can't update antivirus/download

ianchesh · 2009/01/16

So I seem to have a similar problem to many people on here. I try to search for something on google or yahoo and it redirects me to a page saying "did you mean this?" and it especially happens if I search for anything anti-virus related. Unfortunately for me I can't download ANY anti-virus programs or even run the ones I have on my computer. I have tried to download Combofix and rename it and run it but it doesn't work. I did get Kaspersky Online to scan my computer and it came up with 6 infected obejects...

C:\as3_ins\im_web_client\iss2.tar.gz - Trojan-downloader.win32.banload.xmu
C:\as3_ins\im_web_client\iss2.tar.gz - Trojan-downloader.win32.banload.xen
C:\as3_ins\im_web_client\iss2.tar.gz - Trojan-downloader.win32.banload.xmy
C:\as3_ins\im_web_client\iss2.tar.gz - Trojan-downloader.win32.banload.xmt
C:\as3_ins\im_web_client\webplr05.tar.gz - Trojan-downloader.win32.banload.xen
C:\as3_ins\im_web_client\webplr05.tar.gz - Trojan-downloader.win32.banload.xmy

I am on my laptop and not on my other computer so I had to just copy this by reading it. =P

If anyone can help that would be much appreciated!

Thanks!
Ian

noahdfear · 2009/01/17

Welcome to WindowsBBS Ian

If you have a flash drive, download ComboFix by sUBs from here, saving it to the flash drive with a different name. kitty.exe or something.

Transfer it to the desktop of the affected computer, then run it as described below.

Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

Close all open programs and windows

Double click ComboFix.exe and follow the prompts.

It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

If that fails, download RootRepeal to the Desktop. <---- shouldn't be blocked on the affected machine

Extract the compressed file to it's own folder.

Open the folder and doubleclick on RootRepeal.exe to run it.

Click on the Report tab, and then click on: Scan

A window opens asking what to include in the scan.

Check the following boxes then click OK:

Drivers

Files

Processes

SSDT

Stealth Objects

Hidden Services

You will then be asked which drive to scan.

Check C: (or the drive your operating system is installed on, if not C)

Click OK once again.

The tool will begin scanning and may take a while to complete, so please be patient.

When the scan finishes, click on: Save Report
Name the log RootRepeal.txt and save it to your Documents folder (it should default there).

Post the contents of the report in a reply here.

ianchesh · 2009/01/19

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/01/19 14:19
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: 00000039
Image Path: \Driver\00000039
Address: 0x00000000 Size: 0 File Visible: No
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB3FEB000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBAE42000 Size: 8192 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB02A9000 Size: 45056 File Visible: No
Status: -

Name: TDSSpaxt.sys
Image Path: C:\WINDOWS\system32\drivers\TDSSpaxt.sys
Address: 0xB422B000 Size: 73728 File Visible: -
Status: Hidden from Windows API!

Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\Ian\ntuser.dat.LOG
Status: Size mismatch (API: 1331200, Raw: 1097728)

Path: C:\RECYCLER\S-1-5-21-484763869-573735546-725345543-1005\mbam-setup.exe
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-484763869-573735546-725345543-1005\Kitty.exe.exe
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-484763869-573735546-725345543-1005\Dc4.lnk:Zone.Identifier
Status: Invisible to the Windows API!

Path: C:\RECYCLER\S-1-5-21-484763869-573735546-725345543-1005\Dc4.lnk:Zone.Identifier
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\TDSScfum.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\TDSSfxmp.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\TDSSnrsr.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\TDSSofxh.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\TDSSosvd.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\TDSSriqp.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\TDSStkdv.log
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\TDSSpaxt.sys
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Ian\Local Settings\Temp\TDSSac25.tmp
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Ian\Local Settings\Temp\TDSSac35.tmp
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Ian\Local Settings\Temp\jusched.log
Status: Size mismatch (API: 4648, Raw: 4404)

Path: C:\Documents and Settings\Ian\Application Data\SecuROM\UserData\ЃϵϳЅЂϿϽϯІχϯπρϴϱЄϱЃϵϳЅ
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Ian\Application Data\SecuROM\UserData\ЃϵϳЅЂϿϽϯІχϯπρЂϻϵЉЃϵϳЅ
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Jaimee\Local Settings\History\History.IE5\index.dat
Status: Allocation size mismatch (API: 24576, Raw: 20480)

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "sptd.sys" at address 0xba6dbc04

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sptd.sys" at address 0xba6dbd48

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sptd.sys" at address 0xba6dc0c0

#: 119 Function Name: NtOpenKey
Status: Hooked by "sptd.sys" at address 0xba6dbae2

#: 160 Function Name: NtQueryKey
Status: Hooked by "sptd.sys" at address 0xba6dc18a

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "sptd.sys" at address 0xba6dc022

#: 247 Function Name: NtSetValueKey
Status: Hooked by "sptd.sys" at address 0xba6dc212

Stealth Objects
-------------------
Object: Hidden Module [Name: TDSScfum.dll]
Process: winlogon.exe (PID: 712) Address: 0x10000000 Size: 126976

Object: Hidden Module [Name: TDSScfum.dll]
Process: services.exe (PID: 764) Address: 0x10000000 Size: 126976

Object: Hidden Module [Name: TDSScfum.dll]
Process: lsass.exe (PID: 776) Address: 0x10000000 Size: 126976

Object: Hidden Module [Name: TDSSofxh.dll]
Process: svchost.exe (PID: 944) Address: 0x00990000 Size: 81920

Object: Hidden Module [Name: TDSScfum.dll]
Process: svchost.exe (PID: 944) Address: 0x10000000 Size: 126976

Object: Hidden Module [Name: TDSScfum.dll]
Process: svchost.exe (PID: 1152) Address: 0x10000000 Size: 126976

Object: Hidden Module [Name: TDSScfum.dll]
Process: spoolsv.exe (PID: 1532) Address: 0x10000000 Size: 126976

Object: Hidden Module [Name: TDSScfum.dll]
Process: Explorer.EXE (PID: 1828) Address: 0x10000000 Size: 126976

Object: Hidden Module [Name: TDSScfum.dll]
Process: iTunesHelper.exe (PID: 248) Address: 0x10000000 Size: 126976

Object: Hidden Module [Name: TDSScfum.dll]
Process: jusched.exe (PID: 256) Address: 0x10000000 Size: 126976

Object: Hidden Module [Name: TDSScfum.dll]
Process: RUNDLL32.EXE (PID: 304) Address: 0x10000000 Size: 126976

Object: Hidden Module [Name: TDSScfum.dll]
Process: ctfmon.exe (PID: 332) Address: 0x10000000 Size: 126976

Object: Hidden Module [Name: TDSScfum.dll]
Process: WMPNSCFG.exe (PID: 360) Address: 0x10000000 Size: 126976

Object: Hidden Module [Name: TDSScfum.dll]
Process: LightScribeControlPanel.exe (PID: 368) Address: 0x10000000 Size: 126976

Object: Hidden Module [Name: TDSScfum.dll]
Process: RocketDock.exe (PID: 384) Address: 0x10000000 Size: 126976

Object: Hidden Module [Name: TDSScfum.dll]
Process: AppleMobileDeviceService.exe (PID: 648) Address: 0x10000000 Size: 126976

Object: Hidden Module [Name: TDSScfum.dll]
Process: svchost.exe (PID: 1956) Address: 0x10000000 Size: 126976

Object: Hidden Module [Name: TDSScfum.dll]
Process: jqs.exe (PID: 1340) Address: 0x10000000 Size: 126976

Object: Hidden Module [Name: TDSScfum.dll]
Process: runservice.exe (PID: 1996) Address: 0x10000000 Size: 126976

Object: Hidden Module [Name: TDSScfum.dll]
Process: LSSrvc.exe (PID: 220) Address: 0x10000000 Size: 126976

Object: Hidden Module [Name: TDSScfum.dll]
Process: NBService.exe (PID: 400) Address: 0x10000000 Size: 126976

Object: Hidden Module [Name: TDSScfum.dll]
Process: nTuneService.exe (PID: 520) Address: 0x10000000 Size: 126976

Object: Hidden Module [Name: TDSScfum.dll]
Process: nvsvc32.exe (PID: 576) Address: 0x10000000 Size: 126976

Object: Hidden Module [Name: TDSScfum.dll]
Process: IoctlSvc.exe (PID: 2024) Address: 0x10000000 Size: 126976

Object: Hidden Module [Name: TDSScfum.dll]
Process: HPZipm12.exe (PID: 1696) Address: 0x10000000 Size: 126976

Object: Hidden Module [Name: TDSScfum.dll]
Process: PnkBstrA.exe (PID: 848) Address: 0x10000000 Size: 126976

Object: Hidden Module [Name: TDSScfum.dll]
Process: PnkBstrB.exe (PID: 1120) Address: 0x10000000 Size: 126976

Object: Hidden Module [Name: TDSScfum.dll]
Process: svchost.exe (PID: 1368) Address: 0x10000000 Size: 126976

Object: Hidden Module [Name: TDSScfum.dll]
Process: iPodService.exe (PID: 2524) Address: 0x10000000 Size: 126976

Object: Hidden Module [Name: TDSScfum.dll]
Process: wscntfy.exe (PID: 3000) Address: 0x10000000 Size: 126976

Object: Hidden Module [Name: TDSScfum.dll]
Process: RootRepeal.exe (PID: 3580) Address: 0x10000000 Size: 126976

Object: Hidden Module [Name: TDSScfum.dll]
Process: GoogleUpdate.exe (PID: 3824) Address: 0x10000000 Size: 126976

Object: Hidden Module [Name: TDSScfum.dll]
Process: dwwin.exe (PID: 3844) Address: 0x10000000 Size: 126976

Object: Hidden Code [ETHREAD: 0x89a4a020]
Process: System Address: 0xb422dd66 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x8a980eb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x8a980eb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8a980eb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x8a980eb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a980eb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a980eb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a980eb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x8a980eb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a980eb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a980eb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a980eb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a980eb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a980eb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a980eb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a980eb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a980eb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x8a980eb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a980eb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a980eb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a980eb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a980eb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x8a980eb0 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x899650e8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x899650e8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x899650e8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x899650e8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x899650e8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x899650e8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x899650e8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x899650e8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x899650e8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x899650e8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x899650e8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x899650e8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x899650e8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x899650e8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x899650e8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x899650e8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x899650e8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x899650e8 Size: -

Object: Hidden Code [Driver: UdfsЅఄ浗灩MofResource, IRP_MJ_CREATE]
Process: System Address: 0x89a4c7a8 Size: -

Object: Hidden Code [Driver: UdfsЅఄ浗灩MofResource, IRP_MJ_CLOSE]
Process: System Address: 0x89a4c7a8 Size: -

Object: Hidden Code [Driver: UdfsЅఄ浗灩MofResource, IRP_MJ_READ]
Process: System Address: 0x89a4c7a8 Size: -

Object: Hidden Code [Driver: UdfsЅఄ浗灩MofResource, IRP_MJ_WRITE]
Process: System Address: 0x89a4c7a8 Size: -

Object: Hidden Code [Driver: UdfsЅఄ浗灩MofResource, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89a4c7a8 Size: -

Object: Hidden Code [Driver: UdfsЅఄ浗灩MofResource, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89a4c7a8 Size: -

Object: Hidden Code [Driver: UdfsЅఄ浗灩MofResource, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89a4c7a8 Size: -

Object: Hidden Code [Driver: UdfsЅఄ浗灩MofResource, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x89a4c7a8 Size: -

Object: Hidden Code [Driver: UdfsЅఄ浗灩MofResource, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89a4c7a8 Size: -

Object: Hidden Code [Driver: UdfsЅఄ浗灩MofResource, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89a4c7a8 Size: -

Object: Hidden Code [Driver: UdfsЅఄ浗灩MofResource, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89a4c7a8 Size: -

Object: Hidden Code [Driver: UdfsЅఄ浗灩MofResource, IRP_MJ_CLEANUP]
Process: System Address: 0x89a4c7a8 Size: -

Object: Hidden Code [Driver: UdfsЅఄ浗灩MofResource, IRP_MJ_PNP]
Process: System Address: 0x89a4c7a8 Size: -

Object: Hidden Code [Driver: dtscsi, IRP_MJ_CREATE]
Process: System Address: 0x8a39a0e8 Size: -

Object: Hidden Code [Driver: dtscsi, IRP_MJ_CLOSE]
Process: System Address: 0x8a39a0e8 Size: -

Object: Hidden Code [Driver: dtscsi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a39a0e8 Size: -

Object: Hidden Code [Driver: dtscsi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a39a0e8 Size: -

Object: Hidden Code [Driver: dtscsi, IRP_MJ_POWER]
Process: System Address: 0x8a39a0e8 Size: -

Object: Hidden Code [Driver: dtscsi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a39a0e8 Size: -

Object: Hidden Code [Driver: dtscsi, IRP_MJ_PNP]
Process: System Address: 0x8a39a0e8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8a543ca8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8a543ca8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8a543ca8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8a543ca8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a543ca8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a543ca8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a543ca8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a543ca8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8a543ca8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a543ca8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8a543ca8 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_CREATE]
Process: System Address: 0x8a9800e8 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_CLOSE]
Process: System Address: 0x8a9800e8 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_READ]
Process: System Address: 0x8a9800e8 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_WRITE]
Process: System Address: 0x8a9800e8 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a9800e8 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a9800e8 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a9800e8 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a9800e8 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_POWER]
Process: System Address: 0x8a9800e8 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a9800e8 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_PNP]
Process: System Address: 0x8a9800e8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x8a9cb9c0 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x8a9cb9c0 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x8a9cb9c0 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x8a9cb9c0 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a9cb9c0 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a9cb9c0 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a9cb9c0 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a9cb9c0 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x8a9cb9c0 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a9cb9c0 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x8a9cb9c0 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x8a9cbc78 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x8a9cbc78 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x8a9cbc78 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a9cbc78 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a9cbc78 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a9cbc78 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a9cbc78 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x8a9cbc78 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x8a9cbc78 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a9cbc78 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x8a9cbc78 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x89e58328 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x89e58328 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89e58328 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89e58328 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x89e58328 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x89e58328 Size: -

Object: Hidden Code [Driver: SI3132, IRP_MJ_CREATE]
Process: System Address: 0x8a9cb450 Size: -

Object: Hidden Code [Driver: SI3132, IRP_MJ_CLOSE]
Process: System Address: 0x8a9cb450 Size: -

Object: Hidden Code [Driver: SI3132, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a9cb450 Size: -

Object: Hidden Code [Driver: SI3132, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a9cb450 Size: -

Object: Hidden Code [Driver: SI3132, IRP_MJ_POWER]
Process: System Address: 0x8a9cb450 Size: -

Object: Hidden Code [Driver: SI3132, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a9cb450 Size: -

Object: Hidden Code [Driver: SI3132, IRP_MJ_PNP]
Process: System Address: 0x8a9cb450 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CREATE]
Process: System Address: 0x89a35bc0 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x89a35bc0 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CLOSE]
Process: System Address: 0x89a35bc0 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ]
Process: System Address: 0x89a35bc0 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_WRITE]
Process: System Address: 0x89a35bc0 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89a35bc0 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89a35bc0 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_EA]
Process: System Address: 0x89a35bc0 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_EA]
Process: System Address: 0x89a35bc0 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89a35bc0 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89a35bc0 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x89a35bc0 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89a35bc0 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89a35bc0 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89a35bc0 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89a35bc0 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89a35bc0 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89a35bc0 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CLEANUP]
Process: System Address: 0x89a35bc0 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x89a35bc0 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x89a35bc0 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_SECURITY]
Process: System Address: 0x89a35bc0 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_POWER]
Process: System Address: 0x89a35bc0 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89a35bc0 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x89a35bc0 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x89a35bc0 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_QUOTA]
Process: System Address: 0x89a35bc0 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x89a323c8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x89a323c8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x89a323c8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x89a323c8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x89a323c8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89a323c8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89a323c8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x89a323c8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x89a323c8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89a323c8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89a323c8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x89a323c8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89a323c8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89a323c8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89a323c8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89a323c8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89a323c8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89a323c8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x89a323c8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x89a323c8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x89a323c8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x89a323c8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x89a323c8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89a323c8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x89a323c8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x89a323c8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x89a323c8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x89a323c8 Size: -

Object: Hidden Code [Driver: Npfsȅః灐â€ Beep.SYSȃణ浍瑓, IRP_MJ_CREATE]
Process: System Address: 0x89e5dca8 Size: -

Object: Hidden Code [Driver: Npfsȅః灐â€ Beep.SYSȃణ浍瑓, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x89e5dca8 Size: -

Object: Hidden Code [Driver: Npfsȅః灐â€ Beep.SYSȃణ浍瑓, IRP_MJ_CLOSE]
Process: System Address: 0x89e5dca8 Size: -

Object: Hidden Code [Driver: Npfsȅః灐â€ Beep.SYSȃణ浍瑓, IRP_MJ_READ]
Process: System Address: 0x89e5dca8 Size: -

Object: Hidden Code [Driver: Npfsȅః灐â€ Beep.SYSȃణ浍瑓, IRP_MJ_WRITE]
Process: System Address: 0x89e5dca8 Size: -

Object: Hidden Code [Driver: Npfsȅః灐â€ Beep.SYSȃణ浍瑓, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89e5dca8 Size: -

Object: Hidden Code [Driver: Npfsȅః灐â€ Beep.SYSȃణ浍瑓, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89e5dca8 Size: -

Object: Hidden Code [Driver: Npfsȅః灐â€ Beep.SYSȃణ浍瑓, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89e5dca8 Size: -

Object: Hidden Code [Driver: Npfsȅః灐â€ Beep.SYSȃణ浍瑓, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89e5dca8 Size: -

Object: Hidden Code [Driver: Npfsȅః灐â€ Beep.SYSȃణ浍瑓, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89e5dca8 Size: -

Object: Hidden Code [Driver: Npfsȅః灐â€ Beep.SYSȃణ浍瑓, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89e5dca8 Size: -

Object: Hidden Code [Driver: Npfsȅః灐â€ Beep.SYSȃణ浍瑓, IRP_MJ_CLEANUP]
Process: System Address: 0x89e5dca8 Size: -

Object: Hidden Code [Driver: Npfsȅః灐â€ Beep.SYSȃణ浍瑓, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x89e5dca8 Size: -

Object: Hidden Code [Driver: Npfsȅః灐â€ Beep.SYSȃణ浍瑓, IRP_MJ_SET_SECURITY]
Process: System Address: 0x89e5dca8 Size: -

Object: Hidden Code [Driver: sys, IRP_MJ_CREATE]
Process: System Address: 0x89aaaca8 Size: -

Object: Hidden Code [Driver: sys, IRP_MJ_CLOSE]
Process: System Address: 0x89aaaca8 Size: -

Object: Hidden Code [Driver: sys, IRP_MJ_READ]
Process: System Address: 0x89aaaca8 Size: -

Object: Hidden Code [Driver: sys, IRP_MJ_WRITE]
Process: System Address: 0x89aaaca8 Size: -

Object: Hidden Code [Driver: sys, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89aaaca8 Size: -

Object: Hidden Code [Driver: sys, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89aaaca8 Size: -

Object: Hidden Code [Driver: sys, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89aaaca8 Size: -

Object: Hidden Code [Driver: sys, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89aaaca8 Size: -

Object: Hidden Code [Driver: sys, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89aaaca8 Size: -

Object: Hidden Code [Driver: sys, IRP_MJ_CLEANUP]
Process: System Address: 0x89aaaca8 Size: -

Object: Hidden Code [Driver: sys, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x89aaaca8 Size: -

Object: Hidden Code [Driver: sys, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x89aaaca8 Size: -

Object: Hidden Code [Driver: sys, IRP_MJ_SET_SECURITY]
Process: System Address: 0x89aaaca8 Size: -

Object: Hidden Code [Driver: mouh, IRP_MJ_CREATE]
Process: System Address: 0x89e5beb0 Size: -

Object: Hidden Code [Driver: mouh, IRP_MJ_CLOSE]
Process: System Address: 0x89e5beb0 Size: -

Object: Hidden Code [Driver: mouh, IRP_MJ_READ]
Process: System Address: 0x89e5beb0 Size: -

Object: Hidden Code [Driver: mouh, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89e5beb0 Size: -

Object: Hidden Code [Driver: mouh, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89e5beb0 Size: -

Object: Hidden Code [Driver: mouh, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89e5beb0 Size: -

Object: Hidden Code [Driver: mouh, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89e5beb0 Size: -

Object: Hidden Code [Driver: mouh, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89e5beb0 Size: -

Object: Hidden Code [Driver: mouh, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89e5beb0 Size: -

Object: Hidden Code [Driver: mouh, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89e5beb0 Size: -

Object: Hidden Code [Driver: mouh, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89e5beb0 Size: -

Object: Hidden Code [Driver: mouh, IRP_MJ_CLEANUP]
Process: System Address: 0x89e5beb0 Size: -

Object: Hidden Code [Driver: mouh, IRP_MJ_PNP]
Process: SysHidden Services
-------------------
Service Name: TDSSserv.sys
Image Path: C:\WINDOWS\system32\drivers\TDSSpaxt.sys

noahdfear · 2009/01/20

Open RootRepeal again and select the Drivers tab, then click Scan.
Locate and select the following driver in the list.

C:\WINDOWS\system32\drivers\TDSSpaxt.sys

Right click the entry and select in the following order;

Dump File

Force Delete

Restart the computer and run another Driver scan with RootRepeal.
If the file is still present, right click and select in the following order;

Dump File

Wipe File

Reboot once more and rescan.

When the file no longer appears in a Driver scan, try running ComboFix again as described above.

ianchesh · 2009/01/20

ComboFix 09-01-19.05 - Ian 2009-01-20 0:56:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1562 [GMT -8:00]
Running from: c:\documents and settings\Ian\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\smdat32m.sys
c:\windows\system32\Drivers\TDSSpaxt.sys
c:\windows\system32\TDSScfum.dll
c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\TDSSofxh.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSStkdv.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys

((((((((((((((((((((((((( Files Created from 2008-12-20 to 2009-01-20 )))))))))))))))))))))))))))))))
.

2009-01-19 12:37 . 2009-01-19 12:37 <DIR> d-------- c:\documents and settings\Jaimee\Application Data\Nero
2009-01-14 16:39 . 2009-01-14 16:39 <DIR> d-------- c:\documents and settings\Anna\Application Data\Nero
2009-01-14 15:32 . 2009-01-14 15:32 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Lavasoft
2009-01-14 15:31 . 2009-01-14 15:31 <DIR> d-------- c:\documents and settings\Administrator
2009-01-14 14:07 . 2009-01-14 14:34 <DIR> d-------- c:\program files\EMCO Malware Destroyer
2009-01-14 13:53 . 2009-01-14 13:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg7
2009-01-13 23:18 . 2009-01-13 23:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\LightScribe
2009-01-13 20:17 . 2009-01-20 00:47 2,204 --a------ c:\windows\system32\TDSSfxmp.dll
2009-01-13 18:16 . 2009-01-13 18:16 <DIR> d-------- c:\program files\Common Files\LightScribe
2009-01-13 18:15 . 2009-01-13 18:15 <DIR> d-------- c:\program files\NeroInstall.bak
2009-01-13 18:14 . 2009-01-13 18:14 <DIR> d-------- c:\documents and settings\Ian\Application Data\Nero
2009-01-13 18:12 . 2009-01-13 18:14 <DIR> d-------- c:\program files\Common Files\Nero
2009-01-13 18:12 . 2009-01-13 18:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-20 08:56 --------- d-----w c:\program files\Google
2009-01-16 21:58 --------- d-----w c:\program files\Bethesda Softworks
2009-01-15 20:46 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-14 22:35 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-14 22:35 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-14 21:46 --------- d-----w c:\program files\Steam
2009-01-14 02:12 --------- d-----w c:\program files\Nero
2009-01-13 22:20 --------- d-----w c:\program files\Common Files\Ahead
2009-01-04 21:51 --------- d-----w c:\documents and settings\Ian\Application Data\Image Zone Express
2008-12-22 21:08 --------- d-----w c:\documents and settings\Ian\Application Data\LimeWire
2008-12-18 20:09 --------- d-----w c:\program files\AIM6
2008-12-18 20:06 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-12-18 20:05 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-12-17 23:31 61,160 ----a-w c:\documents and settings\Ian\Application Data\GDIPFONTCACHEV1.DAT
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-10 21:25 --------- d-----w c:\program files\Java
2008-12-10 02:11 --------- d-----w c:\documents and settings\All Users\Application Data\2DBoy
2007-11-18 09:25 22,328 -c--a-w c:\documents and settings\Ian\Application Data\PnkBstrK.sys
2006-04-01 23:17 1 -c--a-w c:\documents and settings\Ian\SI.bin
2008-08-30 02:42 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082920080830\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"NVIDIA nTune "= "c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"LightScribe Control Panel "= "c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-12-10 136600]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"NeroFilterCheck "= "c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-03-25 570664]
"NBKeyScan "= "c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-10 2221352]
"nwiz "= "nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

c:\documents and settings\Ian\Start Menu\Programs\Startup\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.VP40 "= vp4vfw.dll
"vidc.VP50 "= vp5vfw.dll
"msacm.divxa32 "= msaud32_divx.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ian^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Ian\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 16:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a--c--- 2005-12-10 06:57 133016 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.2]
--a--c--- 2006-07-14 12:36 107008 c:\program files\eFax Messenger 4.2\J2GDllCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3]
--a------ 2007-03-06 09:21 116224 c:\program files\eFax Messenger 4.3\J2GDllCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2005-05-11 23:12 49152 c:\program files\Hp\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2007-03-05 13:57 1103480 c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 09:47 289064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 16:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-10-07 12:33 13574144 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
--a------ 2007-09-04 19:25 81920 c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-10-07 12:33 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-13 22:15 1410296 c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-11-10 13:03 36975 c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2006-03-30 16:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a--c--- 2005-12-08 11:06 16384 c:\windows\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-10-07 12:33 1630208 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
--a------ 2005-05-03 18:38 64512 c:\windows\system32\P17.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\StubInstaller.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\EMCO Malware Destroyer\\MalwareDestroyer.exe "=
"c:\\Program Files\\Steam\\SteamApps\\punkrockerseattle\\day of defeat source\\hl2.exe "=
"c:\\Program Files\\Steam\\SteamApps\\punkrockerseattle\\counter-strike source\\hl2.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"c:\\Program Files\\Steam\\SteamApps\\punkrockerseattle\\half-life 2\\hl2.exe "=
"c:\\Program Files\\BitComet\\BitComet.exe "=
"c:\\Program Files\\Sierra On-Line\\SIGSPat.exe "=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe "=
"c:\\Program Files\\Steam\\SteamApps\\punkrockerseattle\\source sdk base\\hl2.exe "=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe "=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe "=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe "=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\Steam\\steam.exe "=
"c:\\WINDOWS\\system32\\PnkBstrA.exe "=
"c:\\WINDOWS\\system32\\PnkBstrB.exe "=
"c:\\academic\\iss2\\iss.exe "=
"c:\\Program Files\\Steam\\SteamApps\\punkrockerseattle\\team fortress 2\\hl2.exe "=
"c:\\Program Files\\Steam\\SteamApps\\common\\red orchestra\\System\\RedOrchestra.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21525:TCP "= 21525:TCP:BitComet 21525 TCP
"21525:UDP "= 21525:UDP:BitComet 21525 UDP

R4 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\program files\ASTRA32\astra32.sys [2007-02-22 30864]
R4 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [2007-09-14 8440]
R4 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2007-06-02 2560]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-10-24 24652]
S3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [2002-12-30 12160]
S3 SaiH8000;SaiH8000;c:\windows\system32\drivers\SaiH8000.sys [2004-07-30 56576]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [2006-10-13 50048]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe "
.
Contents of the 'Scheduled Tasks' folder

2009-01-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

Notify-AtiExtEvent - (no file)
MSConfigStartUp-AGEIA PhysX SysTray - c:\program files\AGEIA Technologies\TrayIcon.exe
MSConfigStartUp-AIM - c:\program files\AIM\aim.exe
MSConfigStartUp-ATICCC - c:\program files\ATI Technologies\ATI.ACE\cli.exe
MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVG7\avgcc.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe
MSConfigStartUp-CaAvTray - c:\program files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
MSConfigStartUp-CaISSDT - c:\program files\CA\eTrust Internet Security Suite\caissdt.exe
MSConfigStartUp-CAVRID - c:\program files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EA Link\Core.exe
MSConfigStartUp-NeroCheck - c:\windows\system32\NeroCheck.exe
MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
MSConfigStartUp-PlaxoUpdate - c:\program files\Plaxo\2.12.1.1\PlaxoHelper.exe
MSConfigStartUp-SemanticInsight - c:\program files\RXToolBar\Semantic Insight\SemanticInsight.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Ian\Application Data\Mozilla\Firefox\Profiles\sic4mdaa.default\
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-20 01:00:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-484763869-573735546-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"?? "=hex:73,30,45,cc,80,2a,7a,96,17,ab,8e,8e,c8,f8,eb,bf,2b,5a,ed,08,84,55,26,
18,22,75,03,96,df,f6,9a,01,3c,05,92,28,19,65,40,a5,be,34,81,16,80,60,7b,5c,\
"?? "=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347]
"1 "=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,60,bf,2f,c2,35,91,ae,
25
"2 "=hex:fb,e6,50,7f,41,f4,51,a7,7f,ec,2d,f9,42,45,3a,02,3a,b7,45,15,3f,9d,8b,
c3
"3 "=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,5d,f5,58,d1,21,e0,48,
8b,38,57,44,9c,4e,8d,78,88,fd,f1,01,9d,86,d8,b5,cb,d9,bf,23,55,4a,bb,31,1f

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\B3E62936FE1487AF4E0CC9BD2A26433C]
"1 "=hex:df,c7,3a,96,ab,66,13,d2,35,84,aa,2e,3b,c4,59,82
"2 "=hex:a5,2d,b1,39,25,57,b6,7c,bd,55,f5,f4,85,30,c7,12
"3 "=hex:2f,8f,ed,3f,e5,08,9c,0a,81,ae,1f,4c,5c,91,00,bf,06,63,96,90,0d,0c,ac,
2f,b0,0f,f2,5a,53,2c,15,79,c9,60,ec,a6,d8,ae,43,10,8e,0b,a5,70,16,20,b2,12,\
"4 "=hex:2f,ad,a2,e7,8a,bf,05,5e
"5 "=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6 "=hex:df,c7,3a,96,ab,66,13,d2,0e,90,72,68,c4,63,c8,bb,00,5d,70,3b,08,36,97,
bd,ee,04,c1,4a,7c,6f,fd,5f,f7,67,d1,43,f2,ef,e6,1c,89,7c,fa,9f,4c,d6,39,08,\
"7 "=hex:93,41,de,56,34,94,a7,b2,13,ca,26,2f,35,a5,e0,53,1e,d5,e7,20,4a,dd,09,
c9,2d,37,7b,a2,3c,71,f4,5e,ed,02,2a,97,fd,fb,2c,72,12,5f,23,ff,c4,2a,48,c4,\
"8 "=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,2e,4e,96,8c,7e,a3,52,
64,c9,4f,a5,f8,51,27,e9,29,77,5c,86,6d,0a,20,f9,c7,d7,30,8a,47,ce,07,3e,13,\
"9 "=hex:81,20,8f,ab,28,6a,52,9c
"18 "=hex:d0,71,12,cb,08,b7,a7,d6
"10 "=hex:81,20,8f,ab,28,6a,52,9c
"11 "=hex:81,20,8f,ab,28,6a,52,9c
"12 "=hex:0f,3a,fb,24,46,f7,bf,f1,f8,d3,5d,05,e8,50,d6,ef,2a,e4,a4,c1,a5,13,32,
f4,5a,6f,e8,a1,de,72,3a,c0,17,79,66,cf,c7,0c,b0,9a,d4,94,d0,52,fe,51,07,58,\
"13 "=hex:fa,3d,57,69,9e,ab,85,a4,ca,2e,fd,0e,c1,08,d7,70,b6,d6,e0,42,8c,23,25,
3e,c7,69,b6,b4,cd,95,f9,3d,e3,01,6a,11,31,03,6d,b0
"14 "=hex:d2,08,a4,82,f1,1a,a0,b4,f5,1f,60,13,49,13,4c,d5
"24 "=hex:81,20,8f,ab,28,6a,52,9c
"26 "=hex:81,20,8f,ab,28,6a,52,9c
"27 "=hex:81,20,8f,ab,28,6a,52,9c
"19 "=hex:92,30,3b,c0,d9,27,1e,2d,3f,dc,08,ab,2b,c8,0d,1b
"22 "=hex:81,20,8f,ab,28,6a,52,9c
"15 "=hex:87,aa,1d,80,fb,79,6f,d6,14,af,c4,30,aa,6b,dc,cd,8f,f7,63,00,35,d1,83,
d7,d3,89,0c,aa,f8,73,ca,66,b7,c6,67,74,90,a2,0c,03,71,8a,e6,a1,5c,2c,82,5a,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-01-20 1:04:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-20 09:03:58

Pre-Run: 39,760,158,720 bytes free
Post-Run: 39,917,273,088 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

309 --- E O F --- 2009-01-14 21:27:48

ianchesh · 2009/01/20

I think I'm good now. I ran Combofix, then I was able to update my anti-virus software and ran full scans which found some virus' and got rid of them. My system comes up clean on AVG, Malware Destroyer and Ad-Ware.

noahdfear · 2009/01/20

I need some fresh logs to see what remains after running the other scans. Please download DDS from one of the 3 mirrors and save it to your desktop.

Mirror 1 Mirror 2 Mirror 3

Disable any script blocking protection

Double click the dds icon to run the tool.

When done, DDS will open two (2) logs:

DDS.txt

Attach.txt

Save both reports to your desktop.

Include the contents of both logs in your new topic.
The scan will instruct you to post Attach.txt as an attachment.
No need for that though ..... just post it's contents as you would any other log.

Log in or Sign up

Inactive [InActive] Virus Redirecting can't update antivirus/download

ianchesh Inactive Thread Starter

noahdfear Inactive

ianchesh Inactive Thread Starter

noahdfear Inactive

ianchesh Inactive Thread Starter

ianchesh Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Inactive [InActive] Virus Redirecting can't update antivirus/download

ianchesh Inactive Thread Starter

noahdfear Inactive

ianchesh Inactive Thread Starter

noahdfear Inactive

ianchesh Inactive Thread Starter

ianchesh Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches