Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help removing Prorat Trojan!


  • Please log in to reply

#1
Haus

Haus

    New Member

  • Member
  • Pip
  • 1 posts
Hi,

I'm at my wit's end trying to get rid of this nasty trojan which I idiotically was infected with last night. Any help would be greatly appreciated!!!

I believe it's the Prorat trojan which includes reginv.dll, winkey.dll and fservice.exe.

Below is the HijackThis log and after looking at OldTimer's advice from this thread
(http://www.geekstogo...ll-t144992.html) , I made a log from WinPFind3U as well.

I can't express how desperately I need help. :whistling:

--------------------------------------------------

UPDATE after these 2 logs

--------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 5:42:34 AM, on 1/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Surge\Desktop\WinPFind3u\WinPFind3U.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\Surge\LOCALS~1\Temp\~DPE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

---------------------------------------------------

WinPFind3 logfile created on: 1/16/2007 5:22:22 AM
WinPFind3U by OldTimer - Version 1.0.10 Folder = C:\Documents and Settings\Surge\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

785904 Kb Total Physical Memory | 540708 Kb Available Physical Memory | 68.80% Memory free
1922824 Kb Paging File | 1704524 Kb Available in Paging File | 88.65% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 199133672 Kb Total Space | 16108336 Kb Free Space | 8.09% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 40009848 Kb Total Space | 2685844 Kb Free Space | 6.71% Space Free


[Processes - Non-Microsoft Only]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 1/16/2007 3:35:00 AM | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.1: 2006120418 | Size = 7620696 bytes | Modified Date = 12/20/2006 6:32:12 PM | Attr = ]
services.exe -> %SystemRoot%\services.exe -> [Ver = | Size = 2035244 bytes | Modified Date = 1/14/2007 11:43:38 AM | Attr = HS]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.10.0 | Size = 306176 bytes | Modified Date = 1/12/2007 4:20:26 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 5/19/2006 12:37:52 AM | Attr = ]
(AOL ACS) AOL Connectivity Service [Win32_Own | Disabled | Stopped] -> %SystemDrive%\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe -> File not found
(Diskeeper) Diskeeper [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Executive Software\Diskeeper\DkService.exe -> Executive Software International, Inc. [Ver = 9.0.532.0 | Size = 606316 bytes | Modified Date = 7/26/2005 4:51:22 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/3/2004 6:56:50 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr = ]
(LicCtrlService) LicCtrl Service [Win32_Own | Disabled | Stopped] -> %SystemRoot%\runservice.exe -> [Ver = | Size = 2560 bytes | Modified Date = 10/3/2006 8:14:46 AM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Disabled | Stopped] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 143436 bytes | Modified Date = 3/9/2006 3:29:00 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 1/16/2007 3:35:00 AM | Attr = ]
KernelFaultCheck -> -> File not found
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Disabled MSConfig Services [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Adobe LM Service -> ->
AOL ACS -> ->
aspnet_state -> ->
Avg7Alrt -> ->
Avg7UpdSvc -> ->
Diskeeper -> ->
IDriverT -> ->
LicCtrlService -> ->
NVSvc -> ->
SandraDataSrv -> ->
SandraTheSrv -> ->
WANMiniportService -> ->
WinDefend -> ->
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 9:05:26 PM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk -> %SystemDrive%\PROGRA~1\AMERIC~1.0\aoltray.exe -> File not found
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk -> %ProgramFiles%\GetRight\getright.exe -> Headlight Software, Inc. [Ver = 5.2d | Size = 2301952 bytes | Modified Date = 2/23/2005 10:05:52 AM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalStart.lnk -> %ProgramFiles%\Paltalk Messenger\palstart.exe -> [Ver = | Size = 30720 bytes | Modified Date = 9/7/2006 4:12:16 PM | Attr = ]
C:^Documents and Settings^Surge^Start Menu^Programs^Startup^├ĘĐ█═°┬šÁš╩Ë.lnk -> %SystemDrive%\PROGRA~1\pcast\PODCAS~1\Start.exe -> File not found
C:^Documents and Settings^Surge^Start Menu^Programs^Startup^Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 3/16/2005 8:16:50 PM | Attr = ]
C:^Documents and Settings^Surge^Start Menu^Programs^Startup^AOL Call Alert for the web.LNK -> %ProgramFiles%\AOL Call Alert for the web\ACA.exe -> America Online [Ver = 8, 33, 0, 7 | Size = 1003520 bytes | Modified Date = 6/30/2004 2:32:34 PM | Attr = ]
C:^Documents and Settings^Surge^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk -> -> File not found
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
AOLDialer -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe -> File not found
AVG7_CC -> %SystemDrive%\PROGRA~1\Grisoft\AVG7\avgcc.exe -> File not found
DiskeeperSystray -> %ProgramFiles%\Executive Software\Diskeeper\DkIcon.exe -> Executive Software International, Inc. [Ver = 9.0.532.0 | Size = 184408 bytes | Modified Date = 7/26/2005 4:52:24 PM | Attr = ]
EA Core -> %ProgramFiles%\Electronic Arts\EA Downloader\Core.exe -> Electronic Arts [Ver = 2.2.1.54 | Size = 1826816 bytes | Modified Date = 8/16/2006 11:33:12 AM | Attr = ]
HostManager -> %CommonProgramFiles%\AOL\1152551477\ee\AOLSoftware.exe -> File not found
HPDJ Taskbar Utility -> %System32%\spool\drivers\w32x86\3\hpztsb04.exe -> File not found
IPHSend -> %CommonProgramFiles%\AOL\IPHSend\IPHSend.exe -> File not found
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 9:50:42 AM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 7561216 bytes | Modified Date = 3/9/2006 3:29:00 PM | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 86016 bytes | Modified Date = 3/9/2006 3:29:00 PM | Attr = ]
nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1519616 bytes | Modified Date = 3/9/2006 3:29:00 PM | Attr = ]
Pure Networks Port Magic -> %SystemDrive%\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe -> File not found
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 9/1/2006 3:57:48 PM | Attr = ]
RapidCheck -> %ProgramFiles%\RapidCheck\RapidCheck.exe -> File not found
rfagent -> %ProgramFiles%\RFA\rfagent.exe -> KsL Software [Ver = 4.3.1.980 | Size = 365056 bytes | Modified Date = 2/7/2006 6:07:58 PM | Attr = ]
SoundMan -> %SystemRoot%\soundman.exe -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 56 | Size = 577536 bytes | Modified Date = 8/3/2006 5:12:36 AM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 11/10/2005 12:03:52 PM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> File not found
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.9 | Size = 307200 bytes | Modified Date = 10/24/2005 2:53:40 PM | Attr = R ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 9:13:28 AM | Attr = ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1004 | Size = 77824 bytes | Modified Date = 2/16/2006 4:51:08 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
C:\WINDOWS\system32\fservice.exe -> %System32%\fservice.exe -> [Ver = | Size = 2035244 bytes | Modified Date = 1/14/2007 11:43:38 AM | Attr = HS]
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\\DirectX For Microsoft« Windows -> C:\WINDOWS\system32\fservice.exe ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoViewOnDrive -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLogoff -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{B4491C51-0578-1033-0710-020508020001} -> "C:\Program Files\Common Files\{B4491C51-0578-1033-0710-020508020001}\Update.exe" mc-110-12-0000272 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Windows Update\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\\Windows Update Menu Text -> Microsoft Update ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\Feature Control\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\Feature Control\\IMAGING_EMF_USE_RCLFRAMESIZE_KB905299 -> 1 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ -> ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Bar -> http://ie.search.msn...st/srchasst.htm ->
HKLM: Start Page -> about:blank ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.yahoo.com/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 7:38:22 PM | Attr = ]
{31FF080D-12A3-439A-A2EF-4BA95A3148E8} [HKLM] -> %ProgramFiles%\GetRight\xx2gr.dll [bho2gr Class] -> Headlight Software, Inc. [Ver = 5.2c | Size = 233472 bytes | Modified Date = 2/14/2005 11:08:50 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Data - Value does not exist] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 12:04:00 AM | Attr = ]
{598F4775-6FB6-477B-9842-E0426824E077} [HKLM] -> %LocalSettings%\Temp\~DPE.dll [] -> [Ver = | Size = 127488 bytes | Modified Date = 1/15/2007 9:37:58 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_10\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 11/9/2006 3:21:52 PM | Attr = ]
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8193 - Sun Java Console ->
{4982D40A-C53B-4615-B15B-B5B5E98D167C} -> 8195 - Reg Data - Key not found ->
{94148DB5-B42D-4915-95DA-2CBB4F7095BF} -> 8198 - Reg Data - Key not found ->
{94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} -> 8199 - Reg Data - Key not found ->
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -> 8197 - Reg Data - Key not found ->
{B863453A-26C3-4e1f-A54D-A2CD196348E9} -> 8194 - Reg Data - Key not found ->
{CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} -> 8196 - Reg Data - Key not found ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8192 - Reg Data - Key not found ->
NextId -> 8200 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_10\bin\npjpi150_10.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 75528 bytes | Modified Date = 11/9/2006 3:21:54 PM | Attr = ]
CmdMapping [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
Download with GetRight -> %ProgramFiles%\GetRight\GRdownload.htm -> [Ver = | Size = 638 bytes | Modified Date = 12/11/2001 1:49:46 PM | Attr = ]
Open with GetRight Browser -> %ProgramFiles%\GetRight\GRBrowse.htm -> [Ver = | Size = 638 bytes | Modified Date = 12/11/2001 1:49:38 PM | Attr = ]
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{1CDB2949-8F65-4355-8456-263E7C208A5D} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer] -> [Ver = | Size = 466944 bytes | Modified Date = 3/9/2006 3:29:00 PM | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer Menu] -> [Ver = | Size = 466944 bytes | Modified Date = 3/9/2006 3:29:00 PM | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [nView Desktop Context Menu] -> [Ver = | Size = 466944 bytes | Modified Date = 3/9/2006 3:29:00 PM | Attr = ]
{2F25CF20-C569-11D1-B94C-00608CB45480} [HKLM] -> %ProgramFiles%\TextPad 4\system\shellext.dll [TextPad] -> Helios Software Solutions [Ver = 1.4 | Size = 49152 bytes | Modified Date = 10/30/2003 5:59:02 AM | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{73B24247-042E-4EF5-ADC2-42F62E6FD654} [HKLM] -> %ProgramFiles%\ICQLite\ICQLiteShell.dll [ICQ Lite Shell Extension] -> [Ver = 20, 34, 2321, 0 | Size = 57443 bytes | Modified Date = 4/10/2005 7:55:02 AM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> %System32%\nvcpl.dll [NvCpl DesktopContext Class] -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 7561216 bytes | Modified Date = 3/9/2006 3:29:00 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR shell extension] -> [Ver = | Size = 126464 bytes | Modified Date = 9/13/2006 11:20:24 PM | Attr = ]
{B8323370-FF27-11D2-97B6-204C4F4F5020} [HKLM] -> %ProgramFiles%\SmartFTP Client 2.0\smarthook.dll [SmartFTP Shell Extension DLL] -> SmartFTP [Ver = 1.0.2.1 | Size = 75328 bytes | Modified Date = 1/5/2006 5:58:00 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 2/16/2006 10:00:00 AM | Attr = ]
{E0D79305-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 2/16/2006 10:00:00 AM | Attr = ]
{E0D79306-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 2/16/2006 10:00:00 AM | Attr = ]
{E0D79307-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 2/16/2006 10:00:00 AM | Attr = ]
{EB47FF00-225E-11D2-9E1D-00A0C9AB0EEE} [HKLM] -> %SystemRoot%\lcmmfu.cpl [eLicense Control] -> [Ver = 2.0.10.0 | Size = 122880 bytes | Modified Date = 10/3/2006 8:14:48 AM | Attr = ]
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> %ProgramFiles%\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] -> RealNetworks, Inc. [Ver = 1.0.1.2237 | Size = 49198 bytes | Modified Date = 4/24/2006 12:28:24 AM | Attr = ]
{FFB699E0-306A-11d3-8BD1-00104B6F7516} [HKLM] -> %System32%\nvcpl.dll [Play on my TV helper] -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 7561216 bytes | Modified Date = 3/9/2006 3:29:00 PM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 10/6/2006 6:40:48 AM | Attr = ]
{73B24247-042E-4EF5-ADC2-42F62E6FD654} [HKLM] -> %ProgramFiles%\ICQLite\ICQLiteShell.dll [ICQLiteMenu] -> [Ver = 20, 34, 2321, 0 | Size = 57443 bytes | Modified Date = 4/10/2005 7:55:02 AM | Attr = ]
{2F25CF20-C569-11D1-B94C-00608CB45480} [HKLM] -> %ProgramFiles%\TextPad 4\system\shellext.dll [TextPad] -> Helios Software Solutions [Ver = 1.4 | Size = 49152 bytes | Modified Date = 10/30/2003 5:59:02 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 9/13/2006 11:20:24 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 2/16/2006 10:00:00 AM | Attr = ]
< ContextMenuHandlers - AllFilesystemObjects [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
Reg Data - Value does not exist [HKLM] -> Reg Data - Key not found [Copy To] -> File not found
Reg Data - Value does not exist [HKLM] -> Reg Data - Key not found [Move To] -> File not found
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 10/6/2006 6:40:48 AM | Attr = ]
{73B24247-042E-4EF5-ADC2-42F62E6FD654} [HKLM] -> %ProgramFiles%\ICQLite\ICQLiteShell.dll [ICQLiteMenu] -> [Ver = 20, 34, 2321, 0 | Size = 57443 bytes | Modified Date = 4/10/2005 7:55:02 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 9/13/2006 11:20:24 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 2/16/2006 10:00:00 AM | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [00nView] -> [Ver = | Size = 466944 bytes | Modified Date = 3/9/2006 3:29:00 PM | Attr = ]
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> %System32%\nvcpl.dll [NvCplDesktopContext] -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 7561216 bytes | Modified Date = 3/9/2006 3:29:00 PM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 9/13/2006 11:20:24 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 2/16/2006 10:00:00 AM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{140B30F3-E361-409F-8461-95C795AE09F9} [HKLM] -> %System32%\DirSize.dll [ColHandler Class] -> [Ver = 1, 0, 0, 2 | Size = 49152 bytes | Modified Date = 4/11/2006 8:48:00 AM | Attr = ]
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 12/14/2004 1:20:02 AM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{65AFD313-4C9C-41A5-A389-3182DB5FD745} -> (LNE100TX Fast Ethernet Adapter Version 1.0) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
belarc -> %ProgramFiles%\Belarc\Advisor\System\BAVoilaX.dll -> Belarc, Inc. [Ver = 7.2a | Size = 33280 bytes | Modified Date = 8/25/2006 10:31:04 AM | Attr = ]
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{33564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.micr...922/wmv9VCM.CAB ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.ma...ent/swflash.cab ->


[Files - Created Wihin 30 days]
152570839dJXoYA_fs.jpg -> %SystemDrive%\152570839dJXoYA_fs.jpg -> [Ver = | Size = 141887 bytes | Created Date = 12/22/2006 2:29:01 PM | Attr = ]
1N4AL11D25C324677-1.jpg -> %SystemDrive%\1N4AL11D25C324677-1.jpg -> [Ver = | Size = 231735 bytes | Created Date = 1/1/2007 4:38:17 PM | Attr = ]
1N4AL11D25C324677-2.jpg -> %SystemDrive%\1N4AL11D25C324677-2.jpg -> [Ver = | Size = 251591 bytes | Created Date = 1/1/2007 4:38:28 PM | Attr = ]
1N4AL11D25C324677-3.jpg -> %SystemDrive%\1N4AL11D25C324677-3.jpg -> [Ver = | Size = 253720 bytes | Created Date = 1/1/2007 4:38:36 PM | Attr = ]
1N4AL11D25C324677-4.jpg -> %SystemDrive%\1N4AL11D25C324677-4.jpg -> [Ver = | Size = 208132 bytes | Created Date = 1/1/2007 4:38:43 PM | Attr = ]
1N4AL11D25C324677-5.jpg -> %SystemDrive%\1N4AL11D25C324677-5.jpg -> [Ver = | Size = 222795 bytes | Created Date = 1/1/2007 4:38:53 PM | Attr = ]
2189825180054944492gnYSaX_fs.jpg -> %SystemDrive%\2189825180054944492gnYSaX_fs.jpg -> [Ver = | Size = 508999 bytes | Created Date = 12/22/2006 2:36:21 PM | Attr = ]
378.jpg -> %SystemDrive%\378.jpg -> [Ver = | Size = 136339 bytes | Created Date = 1/6/2007 3:02:43 AM | Attr = ]
518339642vyPtfW_fs.jpg -> %SystemDrive%\518339642vyPtfW_fs.jpg -> [Ver = | Size = 162678 bytes | Created Date = 12/22/2006 2:29:56 PM | Attr = ]
96CB3965.jpg -> %SystemDrive%\96CB3965.jpg -> [Ver = | Size = 405579 bytes | Created Date = 1/6/2007 3:04:57 AM | Attr = ]
96CB4180.jpg -> %SystemDrive%\96CB4180.jpg -> [Ver = | Size = 372927 bytes | Created Date = 1/6/2007 3:05:08 AM | Attr = ]
avatar3042_3.gif.jpg -> %SystemDrive%\avatar3042_3.gif.jpg -> [Ver = | Size = 14864 bytes | Created Date = 1/9/2007 4:50:11 PM | Attr = ]
avg75avwt_433a904.exe -> %SystemDrive%\avg75avwt_433a904.exe -> [Ver = | Size = 24346376 bytes | Created Date = 1/15/2007 10:48:23 PM | Attr = ]
avgas-setup-7.5.0.50.exe -> %SystemDrive%\avgas-setup-7.5.0.50.exe -> [Ver = | Size = 6469352 bytes | Created Date = 1/16/2007 3:06:18 AM | Attr = ]
clheader2.jpg -> %SystemDrive%\clheader2.jpg -> [Ver = | Size = 52907 bytes | Created Date = 12/21/2006 12:54:43 PM | Attr = ]
faflogo.jpg -> %SystemDrive%\faflogo.jpg -> [Ver = | Size = 26931 bytes | Created Date = 12/20/2006 6:27:53 PM | Attr = ]
getimage.asp.jpg -> %SystemDrive%\getimage.asp.jpg -> [Ver = | Size = 38107 bytes | Created Date = 1/5/2007 10:32:36 PM | Attr = ]
header copy.jpg -> %SystemDrive%\header copy.jpg -> [Ver = | Size = 79065 bytes | Created Date = 12/21/2006 1:02:49 PM | Attr = ]
header.gif -> %SystemDrive%\header.gif -> [Ver = | Size = 23188 bytes | Created Date = 12/20/2006 6:40:43 PM | Attr = ]
header.jpg -> %SystemDrive%\header.jpg -> [Ver = | Size = 11017 bytes | Created Date = 12/21/2006 12:54:35 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 804835328 bytes | Created Date = 1/1/1601 5:00:00 AM | Attr = HS]
img10_1024x768.jpg -> %SystemDrive%\img10_1024x768.jpg -> [Ver = | Size = 205510 bytes | Created Date = 1/6/2007 3:07:44 AM | Attr = ]
img12_800x600.jpg -> %SystemDrive%\img12_800x600.jpg -> [Ver = | Size = 110418 bytes | Created Date = 1/6/2007 3:03:02 AM | Attr = ]
setupeng.exe -> %SystemDrive%\setupeng.exe -> [Ver = 1, 1, 0, 0 | Size = 13326120 bytes | Created Date = 1/16/2007 3:07:00 AM | Attr = ]
tamayo_sarge_tah01r1fs.jpg -> %SystemDrive%\tamayo_sarge_tah01r1fs.jpg -> [Ver = | Size = 217270 bytes | Created Date = 1/6/2007 3:04:29 AM | Attr = ]
teahupoo-1.jpe -> %SystemDrive%\teahupoo-1.jpe -> [Ver = | Size = 130020 bytes | Created Date = 1/6/2007 3:02:15 AM | Attr = ]
teahupoo-1.jpg -> %SystemDrive%\teahupoo-1.jpg -> [Ver = | Size = 116819 bytes | Created Date = 1/6/2007 3:02:33 AM | Attr = ]
teahupoo-2.jpe -> %SystemDrive%\teahupoo-2.jpe -> [Ver = | Size = 129718 bytes | Created Date = 1/6/2007 3:02:03 AM | Attr = ]
test.jpg -> %SystemDrive%\test.jpg -> [Ver = | Size = 31444 bytes | Created Date = 12/20/2006 6:39:24 PM | Attr = ]
test2.jpg -> %SystemDrive%\test2.jpg -> [Ver = | Size = 31029 bytes | Created Date = 12/20/2006 6:42:02 PM | Attr = ]
wall_tahiti_wave_1024.jpg -> %SystemDrive%\wall_tahiti_wave_1024.jpg -> [Ver = | Size = 161567 bytes | Created Date = 1/6/2007 3:03:09 AM | Attr = ]
ktd32.atm -> %SystemRoot%\ktd32.atm -> [Ver = | Size = 790 bytes | Created Date = 1/15/2007 10:06:48 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 12/26/2006 5:42:08 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 12/26/2006 5:42:08 PM | Attr = H ]
services.exe -> %SystemRoot%\services.exe -> [Ver = | Size = 2035244 bytes | Created Date = 1/16/2007 5:14:17 AM | Attr = HS]
setup.exe -> %SystemRoot%\setup.exe -> [Ver = | Size = 32923352 bytes | Created Date = 1/15/2007 9:58:50 PM | Attr = ]
UnDeploy.exe -> %SystemRoot%\UnDeploy.exe -> JGsoft - Just Great Software [Ver = 2.8.1.0 | Size = 67472 bytes | Created Date = 12/26/2006 1:52:00 PM | Attr = ]
__delete_on_reboot__s_e_r_v_i_c_e_s_._e_x_e_ -> %SystemRoot%\__delete_on_reboot__s_e_r_v_i_c_e_s_._e_x_e_ -> [Ver = | Size = 2035244 bytes | Created Date = 1/15/2007 9:58:52 PM | Attr = ]
fservice.exe -> %System32%\fservice.exe -> [Ver = | Size = 2035244 bytes | Created Date = 1/15/2007 9:58:52 PM | Attr = HS]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49248 bytes | Created Date = 1/14/2007 10:14:57 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 53346 bytes | Created Date = 1/14/2007 10:14:57 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 127078 bytes | Created Date = 1/14/2007 10:14:57 PM | Attr = ]
reginv.dll -> %System32%\reginv.dll -> [Ver = | Size = 36864 bytes | Created Date = 1/16/2007 5:14:24 AM | Attr = ]
winkey.dll -> %System32%\winkey.dll -> [Ver = | Size = 24576 bytes | Created Date = 1/16/2007 5:14:18 AM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 1/16/2007 3:29:20 AM | Attr = ]

[Files - Modified Wihin 30 days]
152570839dJXoYA_fs.jpg -> %SystemDrive%\152570839dJXoYA_fs.jpg -> [Ver = | Size = 141887 bytes | Modified Date = 12/22/2006 2:29:02 PM | Attr = ]
1N4AL11D25C324677-1.jpg -> %SystemDrive%\1N4AL11D25C324677-1.jpg -> [Ver = | Size = 231735 bytes | Modified Date = 1/1/2007 4:38:18 PM | Attr = ]
1N4AL11D25C324677-2.jpg -> %SystemDrive%\1N4AL11D25C324677-2.jpg -> [Ver = | Size = 251591 bytes | Modified Date = 1/1/2007 4:38:30 PM | Attr = ]
1N4AL11D25C324677-3.jpg -> %SystemDrive%\1N4AL11D25C324677-3.jpg -> [Ver = | Size = 253720 bytes | Modified Date = 1/1/2007 4:38:38 PM | Attr = ]
1N4AL11D25C324677-4.jpg -> %SystemDrive%\1N4AL11D25C324677-4.jpg -> [Ver = | Size = 208132 bytes | Modified Date = 1/1/2007 4:38:44 PM | Attr = ]
1N4AL11D25C324677-5.jpg -> %SystemDrive%\1N4AL11D25C324677-5.jpg -> [Ver = | Size = 222795 bytes | Modified Date = 1/1/2007 4:38:54 PM | Attr = ]
2189825180054944492gnYSaX_fs.jpg -> %SystemDrive%\2189825180054944492gnYSaX_fs.jpg -> [Ver = | Size = 508999 bytes | Modified Date = 12/22/2006 2:36:24 PM | Attr = ]
378.jpg -> %SystemDrive%\378.jpg -> [Ver = | Size = 136339 bytes | Modified Date = 1/6/2007 3:02:46 AM | Attr = ]
518339642vyPtfW_fs.jpg -> %SystemDrive%\518339642vyPtfW_fs.jpg -> [Ver = | Size = 162678 bytes | Modified Date = 12/22/2006 2:29:58 PM | Attr = ]
96CB3965.jpg -> %SystemDrive%\96CB3965.jpg -> [Ver = | Size = 405579 bytes | Modified Date = 1/6/2007 3:05:04 AM | Attr = ]
96CB4180.jpg -> %SystemDrive%\96CB4180.jpg -> [Ver = | Size = 372927 bytes | Modified Date = 1/6/2007 3:05:14 AM | Attr = ]
avatar3042_3.gif.jpg -> %SystemDrive%\avatar3042_3.gif.jpg -> [Ver = | Size = 14864 bytes | Modified Date = 1/9/2007 4:50:12 PM | Attr = ]
avg75avwt_433a904.exe -> %SystemDrive%\avg75avwt_433a904.exe -> [Ver = | Size = 24346376 bytes | Modified Date = 1/15/2007 10:49:10 PM | Attr = ]
avgas-setup-7.5.0.50.exe -> %SystemDrive%\avgas-setup-7.5.0.50.exe -> [Ver = | Size = 6469352 bytes | Modified Date = 1/16/2007 3:06:34 AM | Attr = ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 12/19/2006 9:01:46 AM | Attr = HS]
clheader2.jpg -> %SystemDrive%\clheader2.jpg -> [Ver = | Size = 52907 bytes | Modified Date = 12/21/2006 12:54:46 PM | Attr = ]
faflogo.jpg -> %SystemDrive%\faflogo.jpg -> [Ver = | Size = 26931 bytes | Modified Date = 12/20/2006 6:27:54 PM | Attr = ]
getimage.asp.jpg -> %SystemDrive%\getimage.asp.jpg -> [Ver = | Size = 38107 bytes | Modified Date = 1/5/2007 10:32:38 PM | Attr = ]
header copy.jpg -> %SystemDrive%\header copy.jpg -> [Ver = | Size = 79065 bytes | Modified Date = 12/21/2006 1:02:52 PM | Attr = ]
header.gif -> %SystemDrive%\header.gif -> [Ver = | Size = 23188 bytes | Modified Date = 12/20/2006 6:40:44 PM | Attr = ]
header.jpg -> %SystemDrive%\header.jpg -> [Ver = | Size = 11017 bytes | Modified Date = 12/21/2006 12:54:36 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 804835328 bytes | Modified Date = 1/16/2007 5:13:52 AM | Attr = HS]
img10_1024x768.jpg -> %SystemDrive%\img10_1024x768.jpg -> [Ver = | Size = 205510 bytes | Modified Date = 1/6/2007 3:07:48 AM | Attr = ]
img12_800x600.jpg -> %SystemDrive%\img12_800x600.jpg -> [Ver = | Size = 110418 bytes | Modified Date = 1/6/2007 3:03:06 AM | Attr = ]
setupeng.exe -> %SystemDrive%\setupeng.exe -> [Ver = 1, 1, 0, 0 | Size = 13326120 bytes | Modified Date = 1/16/2007 3:07:20 AM | Attr = ]
tamayo_sarge_tah01r1fs.jpg -> %SystemDrive%\tamayo_sarge_tah01r1fs.jpg -> [Ver = | Size = 217270 bytes | Modified Date = 1/6/2007 3:04:34 AM | Attr = ]
teahupoo-1.jpe -> %SystemDrive%\teahupoo-1.jpe -> [Ver = | Size = 130020 bytes | Modified Date = 1/6/2007 3:02:18 AM | Attr = ]
teahupoo-1.jpg -> %SystemDrive%\teahupoo-1.jpg -> [Ver = | Size = 116819 bytes | Modified Date = 1/6/2007 3:02:36 AM | Attr = ]
teahupoo-2.jpe -> %SystemDrive%\teahupoo-2.jpe -> [Ver = | Size = 129718 bytes | Modified Date = 1/6/2007 3:02:06 AM | Attr = ]
test.jpg -> %SystemDrive%\test.jpg -> [Ver = | Size = 31444 bytes | Modified Date = 12/20/2006 6:39:28 PM | Attr = ]
test2.jpg -> %SystemDrive%\test2.jpg -> [Ver = | Size = 31029 bytes | Modified Date = 12/20/2006 6:42:04 PM | Attr = ]
wall_tahiti_wave_1024.jpg -> %SystemDrive%\wall_tahiti_wave_1024.jpg -> [Ver = | Size = 161567 bytes | Modified Date = 1/6/2007 3:03:12 AM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/16/2007 5:13:56 AM | Attr = S]
ktd32.atm -> %SystemRoot%\ktd32.atm -> [Ver = | Size = 790 bytes | Modified Date = 1/16/2007 4:40:18 AM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 1/14/2007 11:12:52 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 12/27/2006 6:50:22 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 1/7/2007 8:17:04 AM | Attr = H ]
services.exe -> %SystemRoot%\services.exe -> [Ver = | Size = 2035244 bytes | Modified Date = 1/14/2007 11:43:38 AM | Attr = HS]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 12/19/2006 9:01:46 AM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 639 bytes | Modified Date = 12/26/2006 12:32:58 PM | Attr = ]
__delete_on_reboot__s_e_r_v_i_c_e_s_._e_x_e_ -> %SystemRoot%\__delete_on_reboot__s_e_r_v_i_c_e_s_._e_x_e_ -> [Ver = | Size = 2035244 bytes | Modified Date = 1/14/2007 11:43:38 AM | Attr = ]
fservice.exe -> %System32%\fservice.exe -> [Ver = | Size = 2035244 bytes | Modified Date = 1/14/2007 11:43:38 AM | Attr = HS]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 55118 bytes | Modified Date = 12/26/2006 11:42:34 AM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 385268 bytes | Modified Date = 12/26/2006 11:42:34 AM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 392740 bytes | Modified Date = 12/26/2006 11:42:34 AM | Attr = ]
reginv.dll -> %System32%\reginv.dll -> [Ver = | Size = 36864 bytes | Modified Date = 1/16/2007 5:14:26 AM | Attr = ]
winkey.dll -> %System32%\winkey.dll -> [Ver = | Size = 24576 bytes | Modified Date = 1/16/2007 5:14:20 AM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 1/13/2007 5:12:44 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
qoologic , urllogic , urllogic , -> %SystemDrive%\cwshredder.exe -> Trend Micro Incorporated [Ver = 2.19-1099 | Size = 532480 bytes | Modified Date = 1/19/2006 9:48:16 AM | Attr = ]
FSG! , UPX0 , -> %SystemDrive%\mist.avi -> [Ver = | Size = 107628544 bytes | Modified Date = 11/10/2006 5:22:46 AM | Attr = ]
UPX! , UPX0 , -> %SystemDrive%\setupeng.exe -> [Ver = 1, 1, 0, 0 | Size = 13326120 bytes | Modified Date = 1/16/2007 3:07:20 AM | Attr = ]
PEC2 , PECompact2 , -> %SystemDrive%\utorrent.exe -> [Ver = | Size = 174163 bytes | Modified Date = 12/4/2006 12:34:48 AM | Attr = ]
PEC2 , PECompact2 , -> %CommonProgramFiles%\Adobe\ESD\AdobeDownloadManager.exe -> Adobe Systems [Ver = 2.0.0.43 | Size = 414208 bytes | Modified Date = 11/12/2004 10:36:04 PM | Attr = ]
PTech , -> %CommonProgramFiles%\Adobe\Linguistics\Providers\Proximity\cze108.lex -> [Ver = | Size = 3916800 bytes | Modified Date = 3/16/2005 8:15:32 PM | Attr = ]
PEC2 , PECompact2 , -> %CommonProgramFiles%\Adobe\Updater\AdobeUpdaterApp.dll -> Adobe Systems Incorporated [Ver = 4, 0, 3, 26 | Size = 745984 bytes | Modified Date = 9/19/2005 10:49:16 AM | Attr = ]
UPX! , -> %CommonProgramFiles%\aolback\comp01.000 -> [Ver = | Size = 14076719 bytes | Modified Date = 6/4/2006 8:40:02 PM | Attr = ]
WSUD , -> %CommonProgramFiles%\aolback\comp02.000 -> [Ver = | Size = 27907843 bytes | Modified Date = 6/4/2006 8:40:02 PM | Attr = ]
UPX! , UPX0 , -> %CommonProgramFiles%\aolback\Comps\fw\nisale.exe -> [Ver = | Size = 150118 bytes | Modified Date = 6/4/2006 8:40:10 PM | Attr = ]
Thawte Consulting , -> %CommonProgramFiles%\Java\Update\Base Images\jre1.5.0.b64\core3.zip -> [Ver = | Size = 3290841 bytes | Modified Date = 3/2/2006 4:18:34 PM | Attr = ]
USERTRUST , -> %CommonProgramFiles%\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_10.b03\patchjre.exe -> Sun Microsystems, Inc. [Ver = 1, 0, 0, 1 | Size = 4650616 bytes | Modified Date = 11/9/2006 3:38:38 PM | Attr = ]
UPX! , UPX0 , -> %CommonProgramFiles%\Nullsoft\Video\ActiveX\plugins\nsvplayx_vp5_mp3.dll -> * * * [Ver = 1, 0, 0, 98 | Size = 177152 bytes | Modified Date = 5/7/2004 3:54:36 PM | Attr = ]
PEC2 , PECompact2 , -> %CommonProgramFiles%\Real\GToolbar\GDSSetup.exe -> [Ver = | Size = 746600 bytes | Modified Date = 4/24/2006 12:28:34 AM | Attr = ]
PEC2 , PECompact2 , -> %CommonProgramFiles%\Real\GToolbar\GoogleToolbarInstaller.exe -> Google [Ver = 3, 0, 126, 3 | Size = 559784 bytes | Modified Date = 4/24/2006 12:28:30 AM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\x2.64.exe -> [Ver = | Size = 422400 bytes | Modified Date = 10/13/2005 8:27:00 PM | Attr = RHS]
WSUD , -> %System32%\alsndmgr.cpl -> Realtek Semiconductor Corp. [Ver = 2, 2, 0, 71 | Size = 18804736 bytes | Modified Date = 10/21/2006 2:21:56 AM | Attr = ]
UPX! , UPX0 , -> %System32%\avisynth.dll -> The Public [Ver = 2, 5, 6, 0 | Size = 308224 bytes | Modified Date = 10/7/2005 6:14:52 PM | Attr = RHS]
UPX! , UPX0 , -> %System32%\CoreAAC.ax -> [Ver = 1, 1, 0, 642 | Size = 167936 bytes | Modified Date = 7/9/2004 2:47:04 AM | Attr = RHS]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
UPX! , UPX0 , -> %System32%\i420vfw.dll -> www.helixcommunity.org [Ver = R1.02 | Size = 70656 bytes | Modified Date = 1/24/2004 11:00:00 PM | Attr = RHS]
aspack , -> %System32%\msasf.exe -> [Ver = | Size = 45056 bytes | Modified Date = 2/26/2001 2:01:00 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
UPX! , UPX0 , -> %System32%\x.264.exe -> [Ver = | Size = 240128 bytes | Modified Date = 2/28/2005 12:16:22 PM | Attr = RHS]
UPX! , UPX0 , -> %System32%\yv12vfw.dll -> www.helixcommunity.org [Ver = R1.02 | Size = 70656 bytes | Modified Date = 1/24/2004 11:00:00 PM | Attr = RHS]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]

< End of report >

------------------------------------------------

UPDATE

I used the information from g2i2r4 in this thread (http://www.geekstogo...showtopic=79297) and fixed the following:

Killbox
C:\windows\services.exe
C:\windows\system32\reginv.dll
C:\windows\system32\fservice.exe
C:\windows\system32\winkey.dll

Hijackthis
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\Surge\LOCALS~1\Temp\~DPE.dll

Regfix
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"DirectX For Microsoft« Windows"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"



I then used Kaspersky AntiVirus 6.0, AVG Anti-Spyware 7.5, Spybot S&D, SUPERAntiSpyware, and Lavasoft Ad-Aware, one at a time and each with the newest updates and removed everything they found.

My PC is still slow (boots take forever, mouse movement pausing at times, and apps taking longer to load and run). I'm going to free up some space and try defragging to see if it helps.

I've also noticed that when I try to disable my LAN connection by right-clicking on the tray icon I receive this error message:
(Error Disabling Connection: It is not possible to disable the connection at this time. This connection may be using one or more protocols that do not support Plug-and-Play, or it may have been initiated by another user or the system account)

So when I haven't been online to try to fix my PC I have just unplugged my modem (I'm on cable btw) from the outlet in case my system is still being compromised.

This is where I stand right now. TIA to anyone who can help me and below are my current logs for HijackThis and WinPFind3u:


Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 1:15:41 AM, on 1/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

----------------------------------------------
WinPFind3

Won't fit without replying to the topic, so I've posted it here:

http://www.geocities...x/WinPFind3.Txt

Edited by Haus, 17 January 2007 - 01:52 AM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP