Solved C:\windows\system32\drivers\spools.exe

noahdfear · 2008/04/07

Great! Please see this link for information about the installed program OneStep, then decide if you want to remove it (I recommend you do). Should you decide to, just uninstall it via Add/Remove programs.

Next, click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing the infected files there as well. The C:\Deckard's folder will also be removed. You can delete any logs that were created/saved too.

Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.

Finally, please run another scan with Kaspersky WebScanner and post the results.

matthewgz1985 · 2008/04/07

Monday, April 07, 2008 8:37:09 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/04/2008
Kaspersky Anti-Virus database records: 689126

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\

Scan Statistics
Total number of scanned objects 68031
Number of viruses found 24
Number of infected objects 84
Number of suspicious objects 0
Duration of the scan process 01:17:25

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.DAT Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\volatile.DAT Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{70CA5BB8-DF87-4640-9079-F75A1B2EDD0A}.DAT Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-04-07_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Log.LiveUpdate Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{159CCB00-A20E-4A73-92AD-C0CF712201F4}.ldb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{159CCB00-A20E-4A73-92AD-C0CF712201F4}.sds Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\EC0D3626.TMP Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\FC1EDFA6.TMP Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Matthew D. Gramenz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-1181d259-21ea8e84.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped

C:\Documents and Settings\Matthew D. Gramenz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-1181d259-21ea8e84.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Matthew D. Gramenz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-69ad71ff.zip/vmain.class Infected: Exploit.Java.Gimsh.a skipped

C:\Documents and Settings\Matthew D. Gramenz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-69ad71ff.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Matthew D. Gramenz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-5df9b0c8.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped

C:\Documents and Settings\Matthew D. Gramenz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-5df9b0c8.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Matthew D. Gramenz\Application Data\Symantec\NPMDataStore\CIMStore.xml Object is locked skipped

C:\Documents and Settings\Matthew D. Gramenz\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Matthew D. Gramenz\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Matthew D. Gramenz\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Matthew D. Gramenz\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Matthew D. Gramenz\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Matthew D. Gramenz\Local Settings\History\History.IE5\MSHist012008040720080408\index.dat Object is locked skipped

C:\Documents and Settings\Matthew D. Gramenz\Local Settings\temp\fla10.tmp Object is locked skipped

C:\Documents and Settings\Matthew D. Gramenz\Local Settings\temp\~DFA2F7.tmp Object is locked skipped

C:\Documents and Settings\Matthew D. Gramenz\Local Settings\temp\~DFA858.tmp Object is locked skipped

C:\Documents and Settings\Matthew D. Gramenz\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Matthew D. Gramenz\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Matthew D. Gramenz\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Matthew D. Gramenz\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Matthew D. Gramenz\Shared\07 Track 7.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped

C:\Program Files\Freeze.com Toolbar\freeze_int.dll Infected: not-a-virus:AdWare.Win32.Mostofate.bn skipped

C:\Program Files\Freeze.com Toolbar\tbhelper.dll Infected: not-a-virus:AdWare.Win32.Mostofate.bt skipped

C:\Program Files\Norton 360\Log\AutoProtect.log Object is locked skipped

C:\Program Files\Norton 360\Log\AVContext.log Object is locked skipped

C:\Program Files\Norton 360\Log\AVManual.log Object is locked skipped

C:\Program Files\Norton 360\Log\Backup.log Object is locked skipped

C:\Program Files\Norton 360\Log\CUInternetPageViewHistory.log Object is locked skipped

C:\Program Files\Norton 360\Log\CUInternetSearchHistory.log Object is locked skipped

C:\Program Files\Norton 360\Log\CUInternetTempFiles.log Object is locked skipped

C:\Program Files\Norton 360\Log\CUWindowsTempFiles.log Object is locked skipped

C:\Program Files\Norton 360\Log\EmailScan.log Object is locked skipped

C:\Program Files\Norton 360\Log\HomeNetworking.log Object is locked skipped

C:\Program Files\Norton 360\Log\InternetSecurity.log Object is locked skipped

C:\Program Files\Norton 360\Log\ISIntrusionPrevented.log Object is locked skipped

C:\Program Files\Norton 360\Log\ISIOTraffic.log Object is locked skipped

C:\Program Files\Norton 360\Log\ISNewNetwork.log Object is locked skipped

C:\Program Files\Norton 360\Log\LiveUpdate.log Object is locked skipped

C:\Program Files\Norton 360\Log\NCO.log Object is locked skipped

C:\Program Files\Norton 360\Log\RegClean.log Object is locked skipped

C:\Program Files\Norton 360\Log\VABrowserSettings.log Object is locked skipped

C:\Program Files\Norton 360\Log\VAIPAddresses.log Object is locked skipped

C:\Program Files\Norton 360\Log\WDFScanner.log Object is locked skipped

C:\QooBox\Quarantine\C\PROGRA~1\ISM\ism.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.vv skipped

C:\QooBox\Quarantine\C\PROGRA~1\QdrPack\QdrPack14.exe.vir Infected: not-a-virus:AdWare.Win32.AdBand.n skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\ysdlwtjr.dat.vir Object is locked skipped

C:\QooBox\Quarantine\catchme2008-04-06_173024.79.zip/DOCUME~1/MATTHE~1.GRA/Desktop/catchme.zip/ysdlwtjr.dat Infected: Rootkit.Win32.Agent.aap skipped

C:\QooBox\Quarantine\catchme2008-04-06_173024.79.zip/DOCUME~1/MATTHE~1.GRA/Desktop/catchme.zip/ysdlwtjr.dat.1 Infected: Rootkit.Win32.Agent.aap skipped

C:\QooBox\Quarantine\catchme2008-04-06_173024.79.zip/DOCUME~1/MATTHE~1.GRA/Desktop/catchme.zip Infected: Rootkit.Win32.Agent.aap skipped

C:\QooBox\Quarantine\catchme2008-04-06_173024.79.zip ZIP: infected - 3 skipped

C:\QooBox\Quarantine\catchme2008-04-06_181336.26.zip/DOCUME~1/MATTHE~1.GRA/Desktop/catchme.zip/lkzfg.dll Infected: Trojan-Downloader.Win32.Agent.mbw skipped

C:\QooBox\Quarantine\catchme2008-04-06_181336.26.zip/DOCUME~1/MATTHE~1.GRA/Desktop/catchme.zip Infected: Trojan-Downloader.Win32.Agent.mbw skipped

C:\QooBox\Quarantine\catchme2008-04-06_181336.26.zip ZIP: infected - 2 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP347\A0073762.exe Infected: not-a-virus:AdWare.Win32.OneStep.c skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP348\A0073772.exe Infected: not-a-virus:AdWare.Win32.OneStep.c skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP353\A0077955.dll Infected: not-a-virus:AdWare.Win32.OneStep.d skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP353\A0077956.exe Infected: not-a-virus:AdWare.Win32.OneStep.c skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP353\A0077977.dll Infected: Trojan.Win32.Pakes.cdw skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP358\A0078115.exe Infected: not-a-virus:AdWare.Win32.OneStep.c skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP364\A0080780.exe Infected: not-a-virus:AdWare.Win32.OneStep.c skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP366\A0081808.dll Infected: not-a-virus:AdWare.Win32.Beginto.f skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP366\A0081827.exe Infected: not-a-virus:AdWare.Win32.OneStep.c skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0084303.dll Infected: Trojan-Downloader.Win32.Agent.lxa skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0085303.dll Infected: Trojan-Downloader.Win32.Agent.lxa skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0085312.exe Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0085626.dll Infected: Trojan-Downloader.Win32.Agent.lxa skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0085629.dll Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0085637.exe Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0087691.dll Infected: Trojan-Downloader.Win32.Agent.lxa skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0087694.dll Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0088663.dll Infected: Trojan-Downloader.Win32.Agent.lxa skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0088668.exe Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0088925.dll Infected: Trojan-Downloader.Win32.Agent.lxa skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0088928.dll Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0088935.exe Infected: not-a-virus:FraudTool.Win32.AntiVirPro.g skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0088936.dll Infected: not-a-virus:FraudTool.Win32.AntiVirPro.g skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0088945.dll Infected: not-a-virus:AdWare.Win32.Beginto.f skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0090947.dll Infected: Trojan-Downloader.Win32.Agent.lxa skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0091947.dll Infected: Trojan-Downloader.Win32.Agent.lxa skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0091950.dll Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0091953.exe Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP384\A0092035.dll Infected: Trojan-Downloader.Win32.Agent.lxa skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP384\A0092038.dll Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0099079.dll Infected: Trojan-Downloader.Win32.Agent.lxa skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0099082.dll Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0099088.exe Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0099251.dll Infected: Trojan-Downloader.Win32.Agent.lxa skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0099255.dll Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0099277.dll Infected: Trojan-Downloader.Win32.Agent.lxa skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0099280.dll Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0099287.exe Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0099297.dll Infected: not-a-virus:AdWare.Win32.Mirar.a skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0099298.dll Infected: not-a-virus:AdWare.Win32.Mirar.a skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0109333.dll Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0109336.dll Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0109341.exe Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0109352.exe Infected: not-a-virus:FraudTool.Win32.WinFixer.c skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0109385.exe Infected: not-a-virus:AdWare.Win32.Agent.ahs skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0109402.exe Infected: not-a-virus:FraudTool.Win32.AdvancedCleaner.a skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0109404.exe Infected: not-a-virusownloader.Win32.WinFixer.bt skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0109423.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.Beginto.f skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0109423.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Beginto.f skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0109423.exe/stream Infected: not-a-virus:AdWare.Win32.Beginto.f skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0109423.exe NSIS: infected - 3 skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0109424.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bj skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0111431.dll Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0111432.exe Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP388\A0112671.exe Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP390\A0112805.exe Infected: not-a-virus:AdWare.Win32.Agent.vv skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP390\A0112809.exe Infected: not-a-virus:AdWare.Win32.AdBand.n skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP391\A0113415.exe Infected: Trojan.Win32.Patched.aa skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP391\A0113416.exe Infected: Trojan.Win32.Patched.aa skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP391\A0113417.exe Infected: Trojan.Win32.Patched.aa skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP391\A0113418.exe Infected: Trojan.Win32.Patched.aa skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP391\A0113419.exe Infected: Trojan.Win32.Patched.aa skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP391\A0113420.exe Infected: Trojan.Win32.Patched.aa skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP391\A0113440.exe Infected: not-a-virus:AdWare.Win32.OneStep.c skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP391\A0113445.dll Infected: not-a-virus:AdWare.Win32.OneStep.h skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP391\A0113446.exe Infected: not-a-virus:AdWare.Win32.OneStep.c skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP391\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{52677856-FC01-41E1-9CD9-69AFCB0790C1}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\JETF31A.tmp Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_7d4.dat Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

noahdfear · 2008/04/07

It doesn't appear that ComboFix uninstalled prior to the scan. The C:\Qoobox folder is still present containing infected files, as are the infected system restore points. Did you run the ComboFix /u command as described? Did you get a message that ComboFix was uninstalled?

You also need to open the Java Control Panel via Start>Control Panel>Java Plug-In and clear the temporary files.

Delete the following infected file too.

C:\Documents and Settings\Matthew D. Gramenz\Shared\07 Track 7.wma

If you aren't attached to the Freeze.com Toolbar, I recommend uninstalling it as well.

matthewgz1985 · 2008/04/07

start>run and i typed in combofix /u and ran it when it popped up but it didn't do anything. can i delete it via Crogram files/combofix and then just rightclick delete it?

i've also delete the 07track07 file u mentioned, i knew that one. i've also deleted the freeze.com toolbar

noahdfear · 2008/04/08

Please delete the ComboFix.exe file you currently have and download a fresh copy from here, saving it to your desktop. Now, try the ComboFix /u command again. Let me know what happens.

matthewgz1985 · 2008/04/09

I've uninstalled combofix and my next post is the kaspersky webscanner results

matthewgz1985 · 2008/04/09

KASPERSKY ONLINE SCANNER REPORT

Wednesday, April 09, 2008 1:32:49 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/04/2008
Kaspersky Anti-Virus database records: 691719

Scan Settings
extended

Scan Archives
true

Scan Mail Bases
true

Scan Target
My Computer

C:\
D:\

Scan Statistcs

Total number of scanned objects
61284

Number of viruses found
2

Number of infected objects
6

Number of suspicious objects
0

Duration of the scan process
01:09:09

Infected Object Name

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Backup\0\01C89A10543FD778.SLG
Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Backup\bustate.db
Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Backup\bustate.index
Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Backup\OnlineBackup.LOG
Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.DAT
Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{19AEF10D-F791-432F-9722-7AD0BB2E5E41}.DAT
Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{21BD76B3-F351-4E07-A5AA-23A04C5747FF}.DAT
Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{4041F9ED-3966-452B-A390-16C493AC1143}.DAT
Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-04-09_Log.ALUSchedulerSvc.LiveUpdate
Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Log.LiveUpdate
Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log
Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log
Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log
Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log
Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log
Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log
Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log
Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log
Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log
Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log
Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log
Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log
Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{159CCB00-A20E-4A73-92AD-C0CF712201F4}.ldb
Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{159CCB00-A20E-4A73-92AD-C0CF712201F4}.sds
Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log
Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log
Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log
Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log
Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\1E78A054.TMP
Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\F9FF541F.TMP
Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log
Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log
Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log
Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log
Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log
Object is locked
skipped
C:\Documents and Settings\LocalService\Cookies\index.dat
Object is locked
skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
Object is locked
skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
Object is locked
skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat
Object is locked
skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Object is locked
skipped
C:\Documents and Settings\LocalService\NTUSER.DAT
Object is locked
skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG
Object is locked
skipped
C:\Documents and Settings\Matthew D. Gramenz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-1181d259-21ea8e84.zip/vmain.class
Infected: Exploit.Java.Gimsh.b
skipped
C:\Documents and Settings\Matthew D. Gramenz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-1181d259-21ea8e84.zip
ZIP: infected - 1
skipped
C:\Documents and Settings\Matthew D. Gramenz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-69ad71ff.zip/vmain.class
Infected: Exploit.Java.Gimsh.a
skipped
C:\Documents and Settings\Matthew D. Gramenz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-69ad71ff.zip
ZIP: infected - 1
skipped
C:\Documents and Settings\Matthew D. Gramenz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-5df9b0c8.zip/vmain.class
Infected: Exploit.Java.Gimsh.b
skipped
C:\Documents and Settings\Matthew D. Gramenz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-5df9b0c8.zip
ZIP: infected - 1
skipped
C:\Documents and Settings\Matthew D. Gramenz\Cookies\index.dat
Object is locked
skipped
C:\Documents and Settings\Matthew D. Gramenz\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
Object is locked
skipped
C:\Documents and Settings\Matthew D. Gramenz\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb
Object is locked
skipped
C:\Documents and Settings\Matthew D. Gramenz\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
Object is locked
skipped
C:\Documents and Settings\Matthew D. Gramenz\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
Object is locked
skipped
C:\Documents and Settings\Matthew D. Gramenz\Local Settings\History\History.IE5\index.dat
Object is locked
skipped
C:\Documents and Settings\Matthew D. Gramenz\Local Settings\History\History.IE5\MSHist012008040920080410\index.dat
Object is locked
skipped
C:\Documents and Settings\Matthew D. Gramenz\Local Settings\temp\Exent\GI20080409070304GMT.Log
Object is locked
skipped
C:\Documents and Settings\Matthew D. Gramenz\Local Settings\temp\~DFE21E.tmp
Object is locked
skipped
C:\Documents and Settings\Matthew D. Gramenz\Local Settings\temp\~DFE327.tmp
Object is locked
skipped
C:\Documents and Settings\Matthew D. Gramenz\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
Object is locked
skipped
C:\Documents and Settings\Matthew D. Gramenz\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Object is locked
skipped
C:\Documents and Settings\Matthew D. Gramenz\NTUSER.DAT
Object is locked
skipped
C:\Documents and Settings\Matthew D. Gramenz\ntuser.dat.LOG
Object is locked
skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat
Object is locked
skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
Object is locked
skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
Object is locked
skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat
Object is locked
skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Object is locked
skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT
Object is locked
skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG
Object is locked
skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
Object is locked
skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT
Object is locked
skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log
Object is locked
skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log
Object is locked
skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log
Object is locked
skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log
Object is locked
skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log
Object is locked
skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log
Object is locked
skipped
C:\Program Files\Free Ride Games\Info\10.clg
Object is locked
skipped

matthewgz1985 · 2008/04/09

C:\Program Files\Norton 360\Log\AutoProtect.log
Object is locked
skipped
C:\Program Files\Norton 360\Log\AVContext.log
Object is locked
skipped
C:\Program Files\Norton 360\Log\AVManual.log
Object is locked
skipped
C:\Program Files\Norton 360\Log\Backup.log
Object is locked
skipped
C:\Program Files\Norton 360\Log\CUInternetPageViewHistory.log
Object is locked
skipped
C:\Program Files\Norton 360\Log\CUInternetSearchHistory.log
Object is locked
skipped
C:\Program Files\Norton 360\Log\CUInternetTempFiles.log
Object is locked
skipped
C:\Program Files\Norton 360\Log\CUWindowsTempFiles.log
Object is locked
skipped
C:\Program Files\Norton 360\Log\EmailScan.log
Object is locked
skipped
C:\Program Files\Norton 360\Log\HomeNetworking.log
Object is locked
skipped
C:\Program Files\Norton 360\Log\InternetSecurity.log
Object is locked
skipped
C:\Program Files\Norton 360\Log\ISIntrusionPrevented.log
Object is locked
skipped
C:\Program Files\Norton 360\Log\ISIOTraffic.log
Object is locked
skipped
C:\Program Files\Norton 360\Log\ISNewNetwork.log
Object is locked
skipped
C:\Program Files\Norton 360\Log\LiveUpdate.log
Object is locked
skipped
C:\Program Files\Norton 360\Log\NCO.log
Object is locked
skipped
C:\Program Files\Norton 360\Log\RegClean.log
Object is locked
skipped
C:\Program Files\Norton 360\Log\VABrowserSettings.log
Object is locked
skipped
C:\Program Files\Norton 360\Log\VAIPAddresses.log
Object is locked
skipped
C:\Program Files\Norton 360\Log\WDFScanner.log
Object is locked
skipped
C:\System Volume Information\MountPointManagerRemoteDatabase
Object is locked
skipped
C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP396\change.log
Object is locked
skipped
C:\WINDOWS\Debug\PASSWD.LOG
Object is locked
skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{530FDA20-E24B-4A2A-AE1D-C53819439281}.bin
Object is locked
skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log
Object is locked
skipped
C:\WINDOWS\system32\CatRoot2\edb.log
Object is locked
skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb
Object is locked
skipped
C:\WINDOWS\system32\config\AppEvent.Evt
Object is locked
skipped
C:\WINDOWS\system32\config\default
Object is locked
skipped
C:\WINDOWS\system32\config\default.LOG
Object is locked
skipped
C:\WINDOWS\system32\config\Internet.evt
Object is locked
skipped
C:\WINDOWS\system32\config\SAM
Object is locked
skipped
C:\WINDOWS\system32\config\SAM.LOG
Object is locked
skipped
C:\WINDOWS\system32\config\SecEvent.Evt
Object is locked
skipped
C:\WINDOWS\system32\config\SECURITY
Object is locked
skipped
C:\WINDOWS\system32\config\SECURITY.LOG
Object is locked
skipped
C:\WINDOWS\system32\config\software
Object is locked
skipped
C:\WINDOWS\system32\config\software.LOG
Object is locked
skipped
C:\WINDOWS\system32\config\SysEvent.Evt
Object is locked
skipped
C:\WINDOWS\system32\config\system
Object is locked
skipped
C:\WINDOWS\system32\config\system.LOG
Object is locked
skipped
C:\WINDOWS\system32\h323log.txt
Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR
Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP
Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER
Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP
Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP
Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA
Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP
Object is locked
skipped
C:\WINDOWS\Temp\JET600E.tmp
Object is locked
skipped
C:\WINDOWS\Temp\Perflib_Perfdata_c9c.dat
Object is locked
skipped
C:\WINDOWS\WindowsUpdate.log
Object is locked
skipped

noahdfear · 2008/04/09

Looks good. Just a couple of infected temporary Java files. Download ATF Cleaner by Atribune and save it to your Desktop.

Double click ATF-Cleaner.exe to run the program.

Check the boxes to the left of:

Windows Temp

Current User Temp

All Users Temp

Temporary Internet Files

Prefetch

Java Cache

Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".

Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.

Reboot

How's the computer behaving now?

matthewgz1985 · 2008/04/09

running great, is there any i need to do?

noahdfear · 2008/04/09

Geri has posted some very helpful information and recommendations regarding future protection in the following link.

http://www.windowsbbs.com/showthread.php?t=67958

Surf safe!

matthewgz1985 · 2008/04/09

thank you, thank you, very very much!

noahdfear · 2008/04/09

You're most welcome. Glad I could help.

Log in or Sign up

Solved C:\windows\system32\drivers\spools.exe

noahdfear Inactive

matthewgz1985 Inactive Thread Starter

noahdfear Inactive

matthewgz1985 Inactive Thread Starter

noahdfear Inactive

matthewgz1985 Inactive Thread Starter

matthewgz1985 Inactive Thread Starter

matthewgz1985 Inactive Thread Starter

noahdfear Inactive

matthewgz1985 Inactive Thread Starter

noahdfear Inactive

matthewgz1985 Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Solved C:\windows\system32\drivers\spools.exe

noahdfear Inactive

matthewgz1985 Inactive Thread Starter

noahdfear Inactive

matthewgz1985 Inactive Thread Starter

noahdfear Inactive

matthewgz1985 Inactive Thread Starter

matthewgz1985 Inactive Thread Starter

matthewgz1985 Inactive Thread Starter

noahdfear Inactive

matthewgz1985 Inactive Thread Starter

noahdfear Inactive

matthewgz1985 Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches