Trojan - redirecting google search websites [Solved] - Page 2

Hi, sorry about the delay in responding!

I ran combofix again and it was a lot faster.

ComboFix 12-08-18.03 - sanja 19/08/2012 21:05:54.6.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3963.2045 [GMT -4:00]
Running from: c:\users\sanja\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-20 to 2012-08-20 )))))))))))))))))))))))))))))))
.
.
2012-08-20 01:15 . 2012-08-20 01:15 -------- d-----w- c:\users\sanja\AppData\Local\temp
2012-08-20 01:15 . 2012-08-20 01:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-20 01:15 . 2012-08-20 01:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-19 17:27 . 2012-08-19 17:27 -------- d-----w- c:\users\sanja\AppData\Local\Apple
2012-08-17 21:47 . 2012-07-16 06:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2364F4F2-0E77-4B92-82D1-6F817D0F192A}\mpengine.dll
2012-08-17 21:42 . 2012-05-11 16:34 788480 ----a-w- c:\windows\system32\localspl.dll
2012-08-17 21:42 . 2012-05-11 15:57 623616 ----a-w- c:\windows\SysWow64\localspl.dll
2012-08-17 21:41 . 2012-06-28 11:37 916992 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-17 21:41 . 2012-06-28 11:31 521728 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-08-17 21:41 . 2012-06-28 11:31 743424 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-08-17 21:41 . 2012-06-28 06:49 9328640 ----a-w- c:\windows\system32\mshtml.dll
2012-08-17 07:27 . 2012-06-16 11:19 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-17 07:27 . 2012-06-16 07:02 610816 ----a-w- c:\windows\system32\vbscript.dll
2012-08-17 07:27 . 2012-06-16 06:58 818176 ----a-w- c:\windows\system32\jscript.dll
2012-08-17 07:00 . 2012-07-04 14:33 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-08-16 23:21 . 2012-08-16 23:24 -------- d-----w- c:\users\sanja\AppData\Local\Adobe
2012-08-16 22:42 . 2012-08-20 01:01 -------- d-----w- C:\32788R22FWJFW
2012-08-13 18:43 . 2012-08-13 18:43 -------- d-----w- C:\_OTL
2012-08-13 17:57 . 2012-08-13 17:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-13 17:57 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-13 03:10 . 2012-08-13 03:10 -------- d-----w- c:\users\sanja\AppData\Roaming\SUPERAntiSpyware.com
2012-08-13 03:10 . 2012-08-13 03:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-13 03:10 . 2012-08-13 03:10 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-13 02:12 . 2012-08-13 02:12 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-05 21:54 . 2012-07-23 19:59 24960 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-08-02 23:30 . 2012-08-02 23:30 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-02 23:27 . 2012-08-02 23:27 -------- d-----w- c:\programdata\IObit
2012-08-02 23:27 . 2012-08-02 23:27 -------- d-----w- c:\users\sanja\AppData\Roaming\IObit
2012-08-02 23:27 . 2012-08-02 23:27 -------- d-----w- c:\program files (x86)\IObit
2012-07-27 00:12 . 2012-07-27 00:12 -------- d-----w- c:\users\sanja\AppData\Roaming\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1
2012-07-27 00:02 . 2012-07-27 00:02 -------- d-----w- c:\users\sanja\AppData\Local\Macromedia
2012-07-26 23:50 . 2012-08-14 23:09 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-26 23:50 . 2012-07-26 23:50 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-19 03:16 . 2006-11-02 12:35 62134624 ----a-w- c:\windows\system32\mrt.exe
2012-08-14 23:09 . 2011-09-04 16:05 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-13 02:12 . 2010-07-14 19:48 472880 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-08 17:59 . 2012-07-11 20:28 12899840 ----a-w- c:\windows\system32\shell32.dll
2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-05 16:47 . 2012-07-11 20:28 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-05 16:47 . 2012-07-11 20:28 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-05 16:22 . 2012-07-11 20:28 1797120 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:22 . 2012-07-11 20:28 1869824 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:29 . 2012-07-11 20:28 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-22 20:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 20:20 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 20:20 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 20:20 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 20:19 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-22 20:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 20:19 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-22 20:20 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 20:19 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-22 20:19 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 19:19 . 2012-06-22 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:19 . 2012-06-22 20:19 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 19:15 . 2012-06-22 20:19 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 19:12 . 2012-06-22 20:19 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-06-02 00:22 . 2012-07-11 20:28 347136 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:22 . 2012-07-11 20:28 254464 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 00:05 . 2012-07-11 20:28 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 00:04 . 2012-07-11 20:28 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 00:03 . 2012-07-11 20:28 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-05-31 16:25 . 2010-03-22 01:28 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-08-13_21.05.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-17 21:40 . 2012-06-28 11:32 67072 c:\windows\SysWOW64\mshtmled.dll
- 2012-06-19 00:05 . 2012-05-15 06:33 67072 c:\windows\SysWOW64\mshtmled.dll
+ 2012-08-17 21:40 . 2012-06-28 08:18 13312 c:\windows\SysWOW64\msfeedssync.exe
- 2012-06-19 00:05 . 2012-05-15 03:24 13312 c:\windows\SysWOW64\msfeedssync.exe
+ 2012-08-17 21:40 . 2012-06-28 11:32 55296 c:\windows\SysWOW64\msfeedsbs.dll
- 2012-06-19 00:05 . 2012-05-15 06:33 55296 c:\windows\SysWOW64\msfeedsbs.dll
+ 2012-08-17 21:41 . 2012-06-28 11:37 64512 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2012-06-19 00:05 . 2012-05-15 06:37 64512 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2012-06-19 00:05 . 2012-05-15 06:32 43520 c:\windows\SysWOW64\licmgr10.dll
+ 2012-08-17 21:40 . 2012-06-28 11:32 43520 c:\windows\SysWOW64\licmgr10.dll
+ 2012-08-17 21:40 . 2012-06-28 11:31 25600 c:\windows\SysWOW64\jsproxy.dll
- 2012-06-19 00:05 . 2012-05-15 06:32 25600 c:\windows\SysWOW64\jsproxy.dll
- 2012-06-19 00:05 . 2012-05-15 06:31 71680 c:\windows\SysWOW64\iesetup.dll
+ 2012-08-17 21:40 . 2012-06-28 11:31 71680 c:\windows\SysWOW64\iesetup.dll
- 2012-06-19 00:05 . 2012-05-15 06:31 55808 c:\windows\SysWOW64\iernonce.dll
+ 2012-08-17 21:40 . 2012-06-28 11:31 55808 c:\windows\SysWOW64\iernonce.dll
- 2012-08-13 18:35 . 2012-08-13 19:32 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-08-13 18:35 . 2012-08-19 17:34 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 02:23 . 2012-08-17 07:21 74842 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-08-20 00:59 79062 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-21 12:10 . 2012-08-20 00:59 20444 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1181711447-2757771419-2931224057-1000_UserData.bin
+ 2012-08-17 21:40 . 2012-06-28 06:49 98304 c:\windows\system32\mshtmled.dll
- 2012-06-19 00:05 . 2012-05-15 02:15 98304 c:\windows\system32\mshtmled.dll
+ 2012-08-17 21:40 . 2012-06-28 05:10 12288 c:\windows\system32\msfeedssync.exe
- 2012-06-19 00:05 . 2012-05-15 00:39 12288 c:\windows\system32\msfeedssync.exe
+ 2012-08-17 21:40 . 2012-06-28 06:49 71680 c:\windows\system32\msfeedsbs.dll
- 2012-06-19 00:05 . 2012-05-15 02:15 71680 c:\windows\system32\msfeedsbs.dll
- 2012-06-19 00:05 . 2012-05-15 02:19 93184 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-08-17 21:40 . 2012-06-28 06:53 93184 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-08-17 21:40 . 2012-06-28 06:48 56832 c:\windows\system32\licmgr10.dll
- 2012-06-19 00:05 . 2012-05-15 02:15 56832 c:\windows\system32\licmgr10.dll
- 2012-06-19 00:05 . 2012-05-15 02:15 31744 c:\windows\system32\jsproxy.dll
+ 2012-08-17 21:40 . 2012-06-28 06:48 31744 c:\windows\system32\jsproxy.dll
- 2012-06-19 00:05 . 2012-05-15 02:14 77312 c:\windows\system32\iesetup.dll
+ 2012-08-17 21:40 . 2012-06-28 06:47 77312 c:\windows\system32\iesetup.dll
+ 2012-08-17 21:40 . 2012-06-28 06:47 72192 c:\windows\system32\iernonce.dll
- 2012-06-19 00:05 . 2012-05-15 02:14 72192 c:\windows\system32\iernonce.dll
+ 2012-08-17 21:40 . 2012-06-28 05:11 70656 c:\windows\system32\ie4uinit.exe
- 2012-06-19 00:05 . 2012-05-15 00:40 70656 c:\windows\system32\ie4uinit.exe
+ 2008-10-21 12:06 . 2012-08-20 01:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-21 12:06 . 2012-08-13 18:49 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-08-13 18:49 . 2012-08-13 18:49 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-08-13 18:49 . 2012-08-20 01:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-21 12:06 . 2012-08-13 18:49 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-21 12:06 . 2012-08-20 01:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-05-11 21:39 . 2012-05-11 21:39 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2012-08-19 03:23 . 2012-08-19 03:23 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2008-10-22 02:54 . 2012-07-12 12:39 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-10-22 02:54 . 2012-08-19 03:24 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-10-22 02:54 . 2012-07-12 12:39 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-10-22 02:54 . 2012-08-19 03:24 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-10-22 02:54 . 2012-08-19 03:24 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-10-22 02:54 . 2012-07-12 12:39 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-08-19 03:23 . 2012-08-19 03:23 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2012-05-11 21:54 . 2012-05-11 21:54 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2012-08-13 21:05 . 2012-08-13 21:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-17 07:19 . 2012-08-20 00:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-13 21:05 . 2012-08-13 21:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-17 07:19 . 2012-08-20 00:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-17 21:40 . 2012-06-28 11:37 105984 c:\windows\SysWOW64\url.dll
- 2012-06-19 00:05 . 2012-05-15 06:37 105984 c:\windows\SysWOW64\url.dll
+ 2012-08-17 21:40 . 2012-06-28 11:35 206848 c:\windows\SysWOW64\occache.dll
- 2012-06-19 00:05 . 2012-05-15 06:35 206848 c:\windows\SysWOW64\occache.dll
+ 2012-08-17 21:40 . 2012-06-29 16:01 467968 c:\windows\SysWOW64\netapi32.dll
+ 2012-08-17 21:40 . 2012-06-28 11:33 611840 c:\windows\SysWOW64\mstime.dll
- 2012-06-19 00:05 . 2012-05-15 06:33 611840 c:\windows\SysWOW64\mstime.dll
+ 2012-08-17 21:40 . 2012-06-28 11:32 629760 c:\windows\SysWOW64\msfeeds.dll
- 2012-06-19 00:05 . 2012-05-15 06:33 629760 c:\windows\SysWOW64\msfeeds.dll
+ 2012-08-14 23:09 . 2012-08-14 23:09 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe
+ 2012-08-14 22:02 . 2012-08-14 22:02 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
+ 2012-08-14 22:02 . 2012-08-14 22:02 466632 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.dll
- 2012-07-26 23:50 . 2012-08-03 01:09 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-07-26 23:50 . 2012-08-14 23:09 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-08-17 07:27 . 2012-06-16 11:14 727040 c:\windows\SysWOW64\jscript.dll
- 2012-06-19 00:05 . 2012-05-15 03:26 133632 c:\windows\SysWOW64\ieUnatt.exe
+ 2012-08-17 21:40 . 2012-06-28 08:19 133632 c:\windows\SysWOW64\ieUnatt.exe
+ 2012-08-17 21:40 . 2012-06-28 11:31 164352 c:\windows\SysWOW64\ieui.dll
- 2012-06-19 00:05 . 2012-05-15 06:31 164352 c:\windows\SysWOW64\ieui.dll
- 2012-06-19 00:05 . 2012-05-15 06:31 109056 c:\windows\SysWOW64\iesysprep.dll
+ 2012-08-17 21:40 . 2012-06-28 11:31 109056 c:\windows\SysWOW64\iesysprep.dll
- 2012-06-19 00:05 . 2012-05-15 06:31 184320 c:\windows\SysWOW64\iepeers.dll
+ 2012-08-17 21:40 . 2012-06-28 11:31 184320 c:\windows\SysWOW64\iepeers.dll
- 2012-06-19 00:05 . 2012-05-15 06:31 387584 c:\windows\SysWOW64\iedkcs32.dll
+ 2012-08-17 21:40 . 2012-06-28 11:31 387584 c:\windows\SysWOW64\iedkcs32.dll
+ 2012-08-17 21:40 . 2012-06-28 08:19 174080 c:\windows\SysWOW64\ie4uinit.exe
- 2012-06-19 00:05 . 2012-05-15 03:25 174080 c:\windows\SysWOW64\ie4uinit.exe
- 2008-01-21 03:20 . 2012-08-13 19:32 327680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2012-08-19 17:34 327680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-25 22:45 . 2012-08-14 22:01 196402 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2008-10-22 15:15 . 2012-08-17 23:54 224766 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-12-10 22:08 . 2012-08-19 03:09 143262 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2012-06-19 00:05 . 2012-05-15 02:19 108032 c:\windows\system32\url.dll
+ 2012-08-17 21:40 . 2012-06-28 06:53 108032 c:\windows\system32\url.dll
- 2006-11-02 12:46 . 2012-08-13 19:22 603282 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-08-20 01:05 603282 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-08-13 19:22 106696 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2012-08-20 01:05 106696 c:\windows\system32\perfc009.dat
+ 2012-08-17 21:40 . 2012-06-28 06:51 243712 c:\windows\system32\occache.dll
- 2012-06-19 00:05 . 2012-05-15 02:18 243712 c:\windows\system32\occache.dll
- 2009-09-18 13:35 . 2009-04-11 07:11 648192 c:\windows\system32\netapi32.dll
+ 2012-08-17 21:40 . 2012-06-29 16:20 648192 c:\windows\system32\netapi32.dll
- 2012-06-19 00:05 . 2012-05-15 02:15 742912 c:\windows\system32\msfeeds.dll
+ 2012-08-17 21:40 . 2012-06-28 06:49 742912 c:\windows\system32\msfeeds.dll
+ 2012-08-14 23:09 . 2012-08-14 23:09 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_Plugin.exe
+ 2012-08-14 22:02 . 2012-08-14 22:02 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_ActiveX.exe
+ 2012-08-14 22:02 . 2012-08-14 22:02 513224 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_ActiveX.dll
+ 2012-08-17 21:40 . 2012-06-28 05:11 162816 c:\windows\system32\ieUnatt.exe
- 2012-06-19 00:05 . 2012-05-15 00:40 162816 c:\windows\system32\ieUnatt.exe
+ 2012-08-17 21:40 . 2012-06-28 06:47 219136 c:\windows\system32\ieui.dll
- 2012-06-19 00:05 . 2012-05-15 02:14 219136 c:\windows\system32\ieui.dll
- 2012-06-19 00:05 . 2012-05-15 02:14 132096 c:\windows\system32\iesysprep.dll
+ 2012-08-17 21:40 . 2012-06-28 06:47 132096 c:\windows\system32\iesysprep.dll
- 2012-06-19 00:05 . 2012-05-15 02:14 252416 c:\windows\system32\iepeers.dll
+ 2012-08-17 21:40 . 2012-06-28 06:47 252416 c:\windows\system32\iepeers.dll
- 2012-06-19 00:05 . 2012-05-15 02:14 459776 c:\windows\system32\iedkcs32.dll
+ 2012-08-17 21:40 . 2012-06-28 06:47 459776 c:\windows\system32\iedkcs32.dll
- 2006-11-02 15:21 . 2012-07-12 12:43 412088 c:\windows\system32\FNTCACHE.DAT
+ 2006-11-02 15:21 . 2012-08-17 07:19 412088 c:\windows\system32\FNTCACHE.DAT
+ 2012-07-18 19:46 . 2012-07-18 19:46 593408 c:\windows\Installer\1cb6333.msp
+ 2008-10-22 02:54 . 2012-08-19 03:24 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-10-22 02:54 . 2012-07-12 12:39 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-10-22 02:54 . 2012-07-12 12:39 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-10-22 02:54 . 2012-08-19 03:24 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-10-22 02:54 . 2012-08-19 03:24 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-10-22 02:54 . 2012-07-12 12:39 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-10-22 02:54 . 2012-08-19 03:24 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-10-22 02:54 . 2012-07-12 12:39 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-10-22 02:54 . 2012-08-19 03:24 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-10-22 02:54 . 2012-07-12 12:39 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-10-22 02:54 . 2012-07-12 12:39 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-10-22 02:54 . 2012-08-19 03:24 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-10-22 02:54 . 2012-08-19 03:24 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-10-22 02:54 . 2012-07-12 12:39 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-06-23 13:54 . 2011-06-23 13:54 119160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\MSCONV97.DLL
+ 2012-08-17 21:41 . 2012-06-28 11:37 1212416 c:\windows\SysWOW64\urlmon.dll
- 2012-06-19 00:05 . 2012-05-15 06:37 1212416 c:\windows\SysWOW64\urlmon.dll
+ 2012-08-17 21:40 . 2012-06-28 11:32 6008320 c:\windows\SysWOW64\mshtml.dll
+ 2012-08-14 23:09 . 2012-08-14 23:09 9465032 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
+ 2012-08-14 23:09 . 2012-08-14 23:09 1536712 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
- 2012-06-19 00:05 . 2012-05-15 06:31 2000384 c:\windows\SysWOW64\iertutil.dll
+ 2012-08-17 21:41 . 2012-06-28 11:31 2000384 c:\windows\SysWOW64\iertutil.dll
- 2008-01-21 03:20 . 2012-08-13 19:32 1638400 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-08-19 17:34 1638400 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-08-17 21:40 . 2012-06-28 06:53 1147392 c:\windows\system32\wininet.dll
- 2012-06-19 00:05 . 2012-05-15 02:19 1147392 c:\windows\system32\wininet.dll
+ 2012-08-17 21:40 . 2012-06-28 06:53 1488384 c:\windows\system32\urlmon.dll
- 2012-06-19 00:05 . 2012-05-15 02:19 1488384 c:\windows\system32\urlmon.dll
+ 2012-08-17 21:40 . 2012-06-28 06:49 1062912 c:\windows\system32\mstime.dll
- 2012-06-19 00:05 . 2012-05-15 02:16 1062912 c:\windows\system32\mstime.dll
- 2012-06-19 00:05 . 2012-05-15 02:14 2350592 c:\windows\system32\iertutil.dll
+ 2012-08-17 21:40 . 2012-06-28 06:47 2350592 c:\windows\system32\iertutil.dll
+ 2008-10-22 01:43 . 2012-08-17 07:17 2600616 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-10-22 01:43 . 2012-08-13 21:03 2600616 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-06-26 22:03 . 2012-06-26 22:03 3875840 c:\windows\Installer\dfead.msp
+ 2012-07-18 19:53 . 2012-07-18 19:53 5009920 c:\windows\Installer\dfe7f.msp
- 2008-10-22 02:54 . 2012-07-12 12:39 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-10-22 02:54 . 2012-08-19 03:24 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-10-22 02:54 . 2012-07-12 12:39 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-10-22 02:54 . 2012-08-19 03:24 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2012-06-19 00:05 . 2012-05-15 06:31 11111424 c:\windows\SysWOW64\ieframe.dll
+ 2012-08-17 21:40 . 2012-06-28 11:31 11111424 c:\windows\SysWOW64\ieframe.dll
+ 2006-11-02 12:33 . 2012-08-19 17:16 11796480 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2006-11-02 12:33 . 2012-07-22 04:36 11796480 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-08-14 23:09 . 2012-08-14 23:09 12315336 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll
- 2012-06-19 00:05 . 2012-05-15 02:14 12508672 c:\windows\system32\ieframe.dll
+ 2012-08-17 21:40 . 2012-06-28 06:47 12508672 c:\windows\system32\ieframe.dll
+ 2012-07-18 19:53 . 2012-07-18 19:53 10937344 c:\windows\Installer\dfe88.msp
+ 2012-07-25 20:59 . 2012-07-25 20:59 11032064 c:\windows\Installer\1cb634a.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"BitTorrent DNA"="c:\users\sanja\Program Files (x86)\DNA\btdna.exe" [2009-11-07 323392]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-21 68856]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"="NDSTray.exe" [BU]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-01-02 198160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-03-15 650080]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\sanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
ViiKiiDesktopPlugin.lnk - c:\program files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 23:09]
.
2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 13:34]
.
2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 13:34]
.
2012-08-17 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task b89ea438-9161-45ca-8632-bcf2363f0534.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-08-19 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c9c71027-d5d9-4ca5-8a6a-d7735a8d2203.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1216808]
"RtHDVCpl"="RAVCpl64.exe" [2008-04-08 6156288]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 151064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 209432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 181784]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 64.71.255.198
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\sanja\AppData\Roaming\Mozilla\Firefox\Profiles\q2dgay51.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-08-19 21:18:16
ComboFix-quarantined-files.txt 2012-08-20 01:18
ComboFix2.txt 2012-08-16 23:15
ComboFix3.txt 2012-08-14 22:30
ComboFix4.txt 2012-08-13 23:58
ComboFix5.txt 2012-08-20 01:01
.
Pre-Run: 167,007,014,912 bytes free
Post-Run: 166,956,032,000 bytes free
.
- - End Of File - - 3F7D49CB38E9C6222E4416F1A73185A3

Trojan - redirecting google search websites [Solved]

#16
sanja8888

Posted 19 August 2012 - 07:27 PM

Advertisements

#17
Essexboy

Posted 20 August 2012 - 06:39 AM

#18
sanja8888

Posted 21 August 2012 - 07:23 PM

Attached Files

#19
Essexboy

Posted 22 August 2012 - 07:53 AM

#20
Essexboy

Posted 24 August 2012 - 11:47 AM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us