Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Sluggish System - Need Logs Checked for Malware


  • Please log in to reply

#1
nates_tips

nates_tips

    Member

  • Member
  • PipPipPip
  • 122 posts
I am working on a computer for my church (I'm a volunteer, not a business).

The computer had a lot of junk files and had not been updated in a extremely long time. I've cleaned it up and I'm running Windows Update while I'm writing this.

Although it's running better thanks to my cleanup tasks, the system is still running sluggish. I would like to have the logs checked just to ensure that there no Malware in the system.

I've downloaded and ran TFC, then downloaded and ran Malwarebytes, which found one Trojan. I selected to remove it within Malwarebytes.

You will see that there is no antivirus, antispyware or firewall programs installed. It was that way when I got it. As a student at GeekU, I understand the importance of having these security programs and will download them once these logs have been checked.

This computer is being used for a projection system so the only thing we need is a web browser and the program "Prologue Sunday Plus". Please remove any other optional programs.

Thanks for your time and help!

_____________________________________________

OTL.Txt file


OTL logfile created on: 6/25/2009 1:15:13 PM - Run 1
OTL by OldTimer - Version 3.0.5.3 Folder = C:\Documents and Settings\First AG\Desktop
Windows XP Home Edition (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2600.0000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 310.96 Mb Available Physical Memory | 60.80% Memory free
866.57 Mb Paging File | 709.73 Mb Available in Paging File | 81.90% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 10.00 Gb Total Space | 6.06 Gb Free Space | 60.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 317.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VALUED-D6A54265
Current User Name: First AG
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\Ati2evxx.exe ()
PRC - C:\Program Files\Linksys\Wireless-N Network Monitor\NICServ.exe ()
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\System32\ICO.EXE (Primax Electronics Ltd.)
PRC - C:\WINDOWS\System32\atiptaxx.exe (ATI Technologies, Inc.)
PRC - C:\Program Files\Linksys\Wireless-N Network Monitor\WPC300N.exe ()
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\Apoint\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Linksys\Wireless-N Network Monitor\OdHost.exe ()
PRC - c:\Program Files\support.com\client\bin\tgcmd.exe (Support.com, Inc.)
PRC - C:\Documents and Settings\First AG\Desktop\sp1aexpress_usa.exe ()
PRC - c:\d2b\update\update.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\First AG\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe ()
SRV - (LBTServ [On_Demand | Stopped]) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (NICSer_WPC300N [Auto | Running]) -- C:\Program Files\Linksys\Wireless-N Network Monitor\NICServ.exe ()
SRV - (SPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (WmdmPmSp [Auto | Running]) -- C:\WINDOWS\System32\mspmspsv.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ApfiltrService [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (ati2mpab [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mpab.sys (ATI Technologies Inc.)
DRV - (atimpab [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\atimpab.sys (ATI Technologies Inc.)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys (Linksys, A Division of Cisco Systems, Inc.)
DRV - (CBTNDIS5 [On_Demand | Running]) -- C:\WINDOWS\System32\CBTNDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (DMICall [System | Running]) -- C:\WINDOWS\System32\DRIVERS\DMICall.sys (Sony Corporation)
DRV - (HSFHWVIA [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWVIA.sys (Conexant Systems)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (pelmouse [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\pelmouse.sys (Primax Electronics Ltd.)
DRV - (pelusblf [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\pelusblf.sys (Primax Electronics Ltd.)
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (VERITAS Software, Inc.)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation )
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys ()
DRV - (va16w2 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\va16w2.sys (Sony Corporation)
DRV - (va32w2 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\va32w2.sys (Sony Corporation)
DRV - (VIAudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\viaudio.sys (VIA Technologies, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AtiPTA] C:\WINDOWS\System32\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Linksys Wireless-N Notebook Adapter] C:\Program Files\Linksys\Wireless-N Network Monitor\WPC300N.exe ()
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ICO.EXE (Primax Electronics Ltd.)
O4 - HKLM..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs ()
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE File not found
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1245948473305 (WUWebControl Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.39.104.1 65.39.104.2
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/04 13:21:14 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/04 12:41:27 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.CAM -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/06/25 13:14:51 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\First AG\Desktop\OTL.exe
[2009/06/25 13:13:56 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/06/25 13:13:33 | 00,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\First AG\Desktop\Rooter.exe
[2009/06/25 13:04:10 | 00,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp3546D.FOT
[2009/06/25 13:04:10 | 00,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp1246D.FOT
[2009/06/25 13:04:09 | 00,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpFE36D.FOT
[2009/06/25 13:04:09 | 00,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpD136D.FOT
[2009/06/25 13:04:09 | 00,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp5436D.FOT
[2009/06/25 13:02:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/06/25 13:02:13 | 00,000,000 | ---D | C] -- C:\d2b
[2009/06/25 12:42:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2009/06/25 12:42:52 | 00,000,000 | ---D | C] -- C:\6669e8ccaeee8e2b874777413aadbd32
[2009/06/25 12:42:48 | 02,028,640 | ---- | C] () -- C:\Documents and Settings\First AG\Desktop\sp1aexpress_usa.exe
[2009/06/25 11:53:26 | 00,000,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/25 11:53:24 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/25 11:53:22 | 00,018,456 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/25 11:53:22 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/25 11:52:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/06/25 11:51:29 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winhttp.dll
[2009/06/25 11:51:29 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpob2res.dll
[2009/06/25 11:51:29 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2009/06/25 11:51:29 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgrprxy.dll
[2009/06/25 11:51:29 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx2.dll
[2009/06/25 11:51:29 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2009/06/25 11:51:29 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx3.dll
[2009/06/25 11:51:29 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2009/06/25 11:51:28 | 00,361,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgr.dll
[2009/06/25 11:48:57 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2009/06/25 11:48:57 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2009/06/25 11:48:57 | 00,031,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2009/06/25 11:48:56 | 00,323,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2009/06/25 11:48:56 | 00,213,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl
[2009/06/25 11:48:56 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui
[2009/06/25 11:48:56 | 00,018,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui
[2009/06/25 11:48:54 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2009/06/25 11:48:54 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2009/06/25 11:48:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2009/06/25 11:42:22 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\First AG\Desktop\TFC.exe
[2009/06/24 17:04:01 | 00,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpB6894.FOT
[2009/06/24 17:04:01 | 00,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp98894.FOT
[2009/06/24 17:04:01 | 00,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp42894.FOT
[2009/06/24 17:04:01 | 00,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp24894.FOT
[2009/06/17 17:22:24 | 00,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpE4731.FOT
[2009/06/17 17:22:24 | 00,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpAE631.FOT
[2009/06/17 17:22:24 | 00,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp80731.FOT
[2009/06/17 17:22:24 | 00,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp03731.FOT
[2009/06/17 17:22:23 | 00,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpCC631.FOT
[2009/06/17 17:01:13 | 00,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpD0AB5.FOT
[2009/06/17 17:01:13 | 00,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpB2AB5.FOT
[2009/06/17 17:01:13 | 00,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp94AB5.FOT
[2009/06/17 17:01:13 | 00,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp5E9B5.FOT
[2009/06/17 17:01:13 | 00,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp17AB5.FOT
[2009/06/10 17:48:26 | 00,001,319 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Open the Eyes of My Heart.ptf
[2009/06/10 17:38:56 | 00,001,245 | ---- | C] () -- C:\Documents and Settings\First AG\My Documents\6-10-09.ptf
[2009/06/10 17:05:46 | 00,000,000 | R--D | C] -- C:\Documents and Settings\First AG\My Documents\My Pictures
[2009/06/10 17:05:46 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2009/06/03 17:34:55 | 00,002,502 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Hosanna.ptf
[2009/06/03 17:28:43 | 00,001,503 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\You Shine.ptf
[2007/03/22 11:45:18 | 00,000,061 | ---- | C] () -- C:\WINDOWS\init.ini
[2004/10/16 22:04:05 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/20 18:55:44 | 00,000,030 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2003/01/08 19:45:12 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/07/29 18:42:48 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2002/07/26 17:09:22 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2002/07/26 16:27:47 | 00,000,599 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2002/07/26 16:27:47 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2002/07/26 16:24:26 | 00,262,416 | ---- | C] () -- C:\WINDOWS\System32\Asfv2.dll
[2002/07/26 16:16:25 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2002/07/26 15:28:34 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/07/26 12:36:32 | 00,000,804 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/07/25 20:46:18 | 00,000,672 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/07/25 20:45:53 | 00,000,600 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/07/25 20:45:48 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/07/25 20:45:43 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1999/08/12 03:00:00 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1999/08/12 03:00:00 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/06/25 13:14:59 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\First AG\Desktop\OTL.exe
[2009/06/25 13:13:36 | 00,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\First AG\Desktop\Rooter.exe
[2009/06/25 13:04:10 | 00,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp3546D.FOT
[2009/06/25 13:04:10 | 00,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp1246D.FOT
[2009/06/25 13:04:09 | 00,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpFE36D.FOT
[2009/06/25 13:04:09 | 00,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpD136D.FOT
[2009/06/25 13:04:09 | 00,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp5436D.FOT
[2009/06/25 13:03:57 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/06/25 12:50:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/25 12:50:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/25 12:42:48 | 02,028,640 | ---- | M] () -- C:\Documents and Settings\First AG\Desktop\sp1aexpress_usa.exe
[2009/06/25 11:53:26 | 00,000,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/25 11:42:24 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\First AG\Desktop\TFC.exe
[2009/06/24 17:04:01 | 00,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpB6894.FOT
[2009/06/24 17:04:01 | 00,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp98894.FOT
[2009/06/24 17:04:01 | 00,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp42894.FOT
[2009/06/24 17:04:01 | 00,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp24894.FOT
[2009/06/24 16:59:25 | 00,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/17 17:22:24 | 00,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpE4731.FOT
[2009/06/17 17:22:24 | 00,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpAE631.FOT
[2009/06/17 17:22:24 | 00,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp80731.FOT
[2009/06/17 17:22:24 | 00,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp03731.FOT
[2009/06/17 17:22:23 | 00,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpCC631.FOT
[2009/06/17 17:01:13 | 00,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpD0AB5.FOT
[2009/06/17 17:01:13 | 00,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpB2AB5.FOT
[2009/06/17 17:01:13 | 00,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp94AB5.FOT
[2009/06/17 17:01:13 | 00,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp5E9B5.FOT
[2009/06/17 17:01:13 | 00,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp17AB5.FOT
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,018,456 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/10 18:03:37 | 00,001,503 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\You Shine.ptf
[2009/06/10 17:48:26 | 00,001,319 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Open the Eyes of My Heart.ptf
[2009/06/10 17:38:56 | 00,001,245 | ---- | M] () -- C:\Documents and Settings\First AG\My Documents\6-10-09.ptf
[2009/06/03 17:34:55 | 00,002,502 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Hosanna.ptf
< End of report >




____________________________________________________

OTL Extras.txt file


OTL Extras logfile created on: 6/25/2009 1:15:13 PM - Run 1
OTL by OldTimer - Version 3.0.5.3 Folder = C:\Documents and Settings\First AG\Desktop
Windows XP Home Edition (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2600.0000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 310.96 Mb Available Physical Memory | 60.80% Memory free
866.57 Mb Paging File | 709.73 Mb Available in Paging File | 81.90% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 10.00 Gb Total Space | 6.06 Gb Free Space | 60.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 317.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VALUED-D6A54265
Current User Name: First AG
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13CD485E-7CF3-471C-8099-7C14EC82E8F0}" = SundayPlus Media
"{197A2B90-A998-4603-9B25-2B7D7CC0060E}" = Screenblast Sound Forge 1.0b
"{1EE377F9-1FBC-440E-82EB-7B8A1EDDEE52}" = SonicStage CD-R Writing Module
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{48BE827A-2D06-4804-90C3-4F2F8460F9D4}" = Support Actions Win2K,WinXP
"{4B6F4C00-E935-11D3-A98A-0080986030D9}" = Smart Capture
"{6060E6A1-5342-4D2B-8F66-B6D6E20BBD03}" = VAIO Help & Support
"{662E1348-3D8D-4BCE-B345-BF7EB40308FD}" = Screenblast ACID 2.0a
"{6990A2BF-D1D2-11D3-81BC-00609789C908}" = Sony DV Shared Library
"{6DF804A8-2CC2-4D22-A958-4534F6EC3C76}" = VAIO Registration
"{913D0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard for Students and Teachers
"{92EBF038-C11C-11D7-A22C-000475C4ADA7}" = PC Study Bible 4 - 2 Translations
"{AF3007FF-47CC-4DAE-AE5A-CDCFFEE93D6A}" = Linksys Wireless-N Notebook Adapter
"{C1939820-A945-11D4-86F6-0001031E5712}" = InterVideo WinDVD
"{C9FAA69F-A990-44CF-B34D-86F74533A35A}" = SundayPlus
"{CD7D5804-C157-48A6-AEE0-4A40A4B5C054}" = VAIO System Information
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{E535DC62-56D6-11D5-8AE3-00105A7276CD}" = SonicStage 1.2.00
"{E84D2015-4FEB-40CC-A2DD-1A6B8BAC2429}" = OpenMG Secure Module 3.0.03
"ATI Display Driver" = ATI Display Driver Utilities
"CNXT_MODEM_PCI_VEN_1106&DEV_3068&SUBSYS_80F6104D" = SoftK56 Data Fax
"Driveware" = Driveware
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Motion JPEG Software Decoder" = Motion JPEG Software Decoder
"MouseSuite98" = Sony USB Mouse
"PC Pitstop Optimize2_is1" = PC Pitstop Optimize2 2.0
"RealProducer 8.5" = RealProducer Basic 8.5
"Revo Uninstaller" = Revo Uninstaller 1.80
"VAIO Support" = VAIO Support

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/12/2006 8:41:40 PM | Computer Name = VALUED-D6A54265 | Source = Application Error | ID = 1000
Description = Faulting application sundayplus.exe, version 2.4.0.0, faulting module
dirapi.dll, version 8.5.1.104, fault address 0x0001d661.

Error - 4/12/2006 8:45:25 PM | Computer Name = VALUED-D6A54265 | Source = Application Error | ID = 1000
Description = Faulting application sundayplus.exe, version 2.4.0.0, faulting module
dirapi.dll, version 8.5.1.104, fault address 0x0001d661.

Error - 4/12/2006 8:48:11 PM | Computer Name = VALUED-D6A54265 | Source = Application Error | ID = 1000
Description = Faulting application sundayplus.exe, version 2.4.0.0, faulting module
dirapi.dll, version 8.5.1.104, fault address 0x0001d661.

Error - 4/14/2006 10:50:04 AM | Computer Name = VALUED-D6A54265 | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 8.0.0.4482, faulting module
wmpcore.dll, version 8.0.0.4482, fault address 0x0007c2ae.

Error - 4/14/2006 10:50:55 AM | Computer Name = VALUED-D6A54265 | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 8.0.0.4482, faulting module
wmpcore.dll, version 8.0.0.4482, fault address 0x0007c2ae.

Error - 4/14/2006 10:51:19 AM | Computer Name = VALUED-D6A54265 | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 8.0.0.4482, faulting module
wmpcore.dll, version 8.0.0.4482, fault address 0x0007c2ae.

Error - 4/14/2006 10:51:25 AM | Computer Name = VALUED-D6A54265 | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 8.0.0.4482, faulting module
wmpcore.dll, version 8.0.0.4482, fault address 0x0007c2ae.

Error - 4/14/2006 11:04:33 AM | Computer Name = VALUED-D6A54265 | Source = Application Error | ID = 1000
Description = Faulting application sundayplus.exe, version 2.4.0.0, faulting module
dirapi.dll, version 8.5.1.104, fault address 0x0001d661.

Error - 4/19/2006 7:21:05 PM | Computer Name = VALUED-D6A54265 | Source = Application Error | ID = 1000
Description = Faulting application sundayplus.exe, version 2.4.0.0, faulting module
dirapi.dll, version 8.5.1.104, fault address 0x0001d661.

Error - 4/23/2006 12:41:49 PM | Computer Name = VALUED-D6A54265 | Source = Application Error | ID = 1000
Description = Faulting application sundayplus.exe, version 2.4.0.0, faulting module
dirapi.dll, version 8.5.1.104, fault address 0x0001d661.

[ System Events ]
Error - 6/25/2009 2:09:47 PM | Computer Name = VALUED-D6A54265 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 6/25/2009 2:09:49 PM | Computer Name = VALUED-D6A54265 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 6/25/2009 2:09:51 PM | Computer Name = VALUED-D6A54265 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 6/25/2009 2:09:53 PM | Computer Name = VALUED-D6A54265 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 6/25/2009 2:09:56 PM | Computer Name = VALUED-D6A54265 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 6/25/2009 2:09:58 PM | Computer Name = VALUED-D6A54265 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 6/25/2009 2:10:00 PM | Computer Name = VALUED-D6A54265 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 6/25/2009 2:10:02 PM | Computer Name = VALUED-D6A54265 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 6/25/2009 2:10:04 PM | Computer Name = VALUED-D6A54265 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 6/25/2009 2:10:07 PM | Computer Name = VALUED-D6A54265 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.


< End of report >


_____________________________________________________________

ROOTER_1 file




Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600)
[32_bits] - x86 Family 6 Model 8 Stepping 0, AuthenticAMD
.
Error OpenService (wscsvc) : 1060
[SharedAccess] STOPPED (state:1) : Windows Firewall -> Disabled !
.
Internet Explorer 6.0.2600.0000
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:10 Go - Free:6 Go )
E:\ [CD_Rom]
.
Scan : 13:13.53
Path : C:\Documents and Settings\First AG\Desktop\Rooter.exe
User : First AG ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (584)
______ \??\C:\WINDOWS\system32\csrss.exe (632)
______ \??\C:\WINDOWS\system32\winlogon.exe (656)
______ C:\WINDOWS\system32\services.exe (700)
______ C:\WINDOWS\system32\lsass.exe (736)
______ C:\WINDOWS\system32\svchost.exe (900)
______ C:\WINDOWS\System32\svchost.exe (944)
______ C:\WINDOWS\System32\svchost.exe (1072)
______ C:\WINDOWS\System32\svchost.exe (1096)
______ C:\WINDOWS\system32\spoolsv.exe (1236)
______ C:\WINDOWS\System32\Ati2evxx.exe (1328)
______ C:\Program Files\Linksys\Wireless-N Network Monitor\NICServ.exe (1364)
______ C:\WINDOWS\System32\wuauclt.exe (636)
______ C:\WINDOWS\Explorer.EXE (1068)
______ C:\Program Files\Apoint\Apoint.exe (832)
______ C:\WINDOWS\System32\ICO.EXE (476)
______ C:\WINDOWS\System32\WScript.exe (484)
______ C:\WINDOWS\System32\atiptaxx.exe (492)
______ C:\Program Files\Linksys\Wireless-N Network Monitor\WPC300N.exe (508)
______ C:\Program Files\Messenger\msmsgs.exe (972)
______ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (1784)
______ C:\Program Files\Apoint\Apntex.exe (1924)
______ C:\Program Files\Linksys\Wireless-N Network Monitor\OdHost.exe (1960)
______ c:\progra~1\Support.com\client\bin\tgcmd.exe (784)
______ C:\Documents and Settings\First AG\Desktop\sp1aexpress_usa.exe (932)
______ c:\d2b\update\update.exe (400)
______ C:\Program Files\Internet Explorer\iexplore.exe (1800)
______ C:\WINDOWS\system32\notepad.exe (1272)
______ C:\WINDOWS\System32\wuauclt.exe (248)
______ C:\Documents and Settings\First AG\Desktop\Rooter.exe (276)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:10742183424)
\Device\Harddisk0\Partition0 (Start_Offset:10742215680 | Length:9261665280)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\Registration reminder 1.job
C:\WINDOWS\Tasks\Registration reminder 2.job
C:\WINDOWS\Tasks\Registration reminder 3.job
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 13:13.56
.
C:\Rooter$\Rooter_1.txt - (25/06/2009 | 13:13.56)
  • 0

Advertisements


#2
Egwene

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello nates_tips,

Sorry for the delay.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Then :

Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.
Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

Regards,
Egwene.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP