Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

High Usage coming from Svchost.exe, Hitman found Bootkit


  • Please log in to reply
23 replies to this topic

#1 Play_Cold

Play_Cold

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 02 September 2011 - 08:08 PM

Hello All,

I am new to the forum, and like so many others, have come here seeking help. I've seen some wonderful things done by the mods and am extremely impressed with their charity and willingness to help.

Here's my story... About three days ago, I noticed after visiting Metacafe and Break and watching a few videos that my computer began to run extremely slow when I was connected to the internet. I pulled up Task Manager and noticed that one of my SVCHOST.EXE programs was running at around 200,000K. Needless to say, I was rather perplexed. I check TM frequently and have never seen any process besides FireFox run at such a high rate. I disconnected from the internet, killed the process and restarted my computer. Everything seemed to be fine until I reconnected to the web. At this point, I realized something might be wrong; I then ran a quick scan via AVG 2011 to see if anything obvious might be going on. Unfortunately, the Quick Scan revealed nothing. Afterward, I ran a Quick Scan with Malwarebytes and found that my computer had a Trojan.FakeAlert. I attempted to delete the Trojan, but for some reason, it would not delete. I figured there may have been an error on my part, or that I did not select the infection, and ran another quick scan. Once again, the Trojan was detected and this time I deleted it successfully.

I thought all might be well, so I reconnected to the internet and once again, noticed the drain on my speed and the same SVCHOST.EXE running at 230,000K. I realized that I might be dealing with something nastier than anticipated. I therefore googled Trojan.FakeAlert & SVCHOST.EXE to see what other people had dealt with. I was perplexed that MalwareBytes detected the Trojan, although I had no symptoms related to it (i. e. no weird pop-up warnings, Fake Anti-virus, etc.) I decided to run a deep scan with AVG and see if MalwareBytes had rooted out some of the virus. Oddly, AVG detected this time, something called an Exploit Black Hole (Type 1889). I googled this and was perplexed because I was not connected to the internet at this time. AVG blocked it but did not count it as a virus and I realized I perhaps needed something else to try.

This led me to download Hitman Pro 3.5; I had read on some different Windows Forums that this often could do the trick with an SVCHOST.EXE related virus. After running Hitman Pro, sure enough it detected something else. It said a Bootkit was detected (I would attach the screen shot but I'm not sure how). It also said that the Bootkit could be a variation of Alueron and several other Bootkits. Anyways, after running Hitman Pro and having it delete the program, I decided to run a scan on AVG in Safe Mode to see if that did anything else. From what I could understand, it cleaned all of the registries in Safe Mode.

After I ran the scan, I restarted my computer and connected to the Internet to see if anything had changed in Task Manager and Process Explorer, which I downloaded before Hitman Pro. Amazingly, nothing was happening with the usual SVCHOST.EXE. It remained stable at 26,000K and has remained stable ever since.

Now my question is, Is my computer cured? Does anyone know if Hitman Pro can really get rid of a Bootkit without anything remaining? I figured I'd tread cautiously before trusting a program completely.

I apologize for the long story. Unless you couldn't tell, it's been rather tasking working on this on my own. I will provide any necessary logs and such for anyone willing to help! Maybe I can bake you cookies too? :whistle:

Thanks for reading and helping.

Play_Cold


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:03 PM

Posted 02 September 2011 - 08:25 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 Play_Cold

Play_Cold
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 02 September 2011 - 08:42 PM

Broni, thanks for your willingness to help me!

I am currently away from my (possibly) infected computer and will be for several hours. I will make sure that I post a response with these accompanying logs tonight but just be aware that it may be much later this evening. I will for sure check in the morning to see if you were able to respond to them. Just thought I'd let you know I won't leave you hanging. B)

Also, do I need to uninstall and then reinstall MalwareBytes? I downloaded my version very recently. I will download it again just in case.


Play_Cold

Edited by Play_Cold, 02 September 2011 - 08:43 PM.


#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:03 PM

Posted 02 September 2011 - 08:44 PM

You're welcome :)

No need to reinstall MBAM. Just make sure you update it before running it.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 Play_Cold

Play_Cold
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 03 September 2011 - 02:56 AM

Results of screen317's Security Check version 0.99.7


Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2011
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 21
Out of date Java installed!
Adobe Flash Player 10.3.183.5
Adobe Reader 9.4.5
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.8)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````



MiniToolBox by Farbar

Ran by M'Recia (administrator) on 03-09-2011 at 01:46:29
Microsoft Windows XP Service Pack 2 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================


127.0.0.1 localhost


========================= Event log errors: ===============================

Application errors:
==================
Error: (09/01/2011 10:13:14 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.

Error: (09/01/2011 06:38:58 PM) (Source: Application Hang) (User: )
Description: Hanging application regedit.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/01/2011 06:38:57 PM) (Source: Application Hang) (User: )
Description: Hanging application regedit.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/01/2011 06:27:53 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.

Error: (09/01/2011 07:51:34 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.

Error: (09/01/2011 07:12:47 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.

Error: (09/01/2011 05:57:42 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.

Error: (09/01/2011 05:52:19 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.

Error: (09/01/2011 05:47:45 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.

Error: (09/01/2011 03:17:55 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.


System errors:
=============
Error: (09/03/2011 01:33:45 AM) (Source: Dhcp) (User: )
Description: Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 002275511149. The following error
occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Error: (09/01/2011 11:08:32 PM) (Source: Service Control Manager) (User: )
Description: The Hitman Pro 3.5 Crusader (Boot) service terminated with service-specific error 0 (0x0).

Error: (09/01/2011 11:03:18 PM) (Source: ipnathlp) (User: )
Description: The Network Address Translator (NAT) was unable to request an operation
of the kernel-mode translation module.
This may indicate misconfiguration, insufficient resources, or
an internal error.
The data is the error code.

Error: (09/01/2011 11:03:18 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.100 for the Network Card with network address 002275511149 has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (09/01/2011 09:49:59 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/01/2011 09:49:33 PM) (Source: DCOM) (User: M'Recia)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error: (09/01/2011 07:34:27 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
Avgldx86
Avgmfx86
Avgtdix
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
PCLEPCI
RasAcd
Rdbss
Tcpip

Error: (09/01/2011 07:34:27 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Error: (09/01/2011 07:34:27 PM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (09/01/2011 07:34:27 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

1600 (Version: 47.0.1.000)
1600_Help (Version: 47.0.1.000)
1600Trb (Version: 47.0.1.000)
7-Zip 9.20
Adobe AIR (Version: 1.5.2.8870)
Adobe Flash Player 10 ActiveX (Version: 10.1.53.64)
Adobe Flash Player 10 Plugin (Version: 10.3.183.5)
Adobe Photoshop 7.0 (Version: 7.0)
Adobe Photoshop Elements 8.0 (Version: 8.0)
Adobe Photoshop.com Inspiration Browser (Version: 3.02)
Adobe Reader 9.4.5 (Version: 9.4.5)
AiO_Scan (Version: 47.0.1.000)
AiOSoftware (Version: 47.0.1.000)
Amazon MP3 Downloader 1.0.10
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.1.3)
Apple Software Update (Version: 2.1.2.120)
AutoUpdate (Version: 1.1)
AVG 2011 (Version: 10.0.1392)
AVG 2011 (Version: 10.0.1520)
Belkin 54Mbps Wireless Network Adapter (Version: 1.00.01)
Bonjour (Version: 2.0.4.0)
BookSmart® 3.0.3 3.0.3
Broadcom ASF Management Applications (Version: 8.18.14)
Broadcom Gigabit Integrated Controller (Version: 10.50.03)
Broadcom Management Programs (Version: 10.20.03)
BufferChm (Version: 45.4.157.000)
Copy (Version: 45.4.157.000)
Coupon Printer for Windows (Version: 5.0.0.0)
CP_AtenaShokunin1Config (Version: 45.4.131.000)
cp_dwShrek2Albums1 (Version: 45.4.157.000)
cp_dwShrek2Cards1 (Version: 45.4.157.000)
CreativeProjects (Version: 45.4.157.000)
CreativeProjectsTemplates (Version: 45.4.157.000)
CueTour (Version: 45.4.157.000)
Dell Support 3.2.1 (Version: 5.5.2094)
Destinations (Version: 45.4.157.000)
Director (Version: 45.4.157.000)
DiscAPI (Version: 2.00.0000)
DivX (Version: 6.0)
DocProc (Version: 4.5.0.0)
DocumentViewer (Version: 45.4.157.000)
eMusic Download Manager 4.1.4 (Version: 4.1.4)
Fax (Version: 47.0.1.000)
GoToAssist 8.0.0.514
Hitman Pro 3.5 (Version: 3.5.9.129)
HP Deskjet 3050 J610 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 3050 J610 series Help (Version: 140.0.63.63)
HP Extended Capabilities 4.7 (Version: 4.7)
HP Image Zone 4.7 (Version: 4.7)
HP Product Assistant (Version: 2.0.0.0)
HP PSC & OfficeJet 4.7
HP PSC 1600 series
HP Software Update (Version: 3.0.2.991)
HPSystemDiagnostics (Version: 1.6.0.0)
InstantShare (Version: 45.4.157.000)
Intel® Graphics Media Accelerator Driver
iTunes (Version: 10.1.2.17)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 21 (Version: 6.0.210)
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
MarketResearch (Version: 45.4.158.000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office 2000 Premium (Version: 9.00.2720)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Ultimate 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Picture It! Publishing Platinum 2001 (Version: 5.0.0.0000)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Mozilla Firefox (3.6.8) (Version: 3.6.8 (en-US))
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
NTRU TCG Software Stack (Version: 2.1.29)
PanoStandAlone (Version: 45.4.157.000)
PhotoGallery (Version: 45.4.157.000)
Picasa 3 (Version: 3.8)
Pinnacle Hollywood FX for Studio
Pinnacle Instant DVD Recorder (Version: 1.60.066)
proDAD Heroglyph 2.0
ProductContext (Version: 47.0.1.000)
QFolder (Version: 1.00.0000)
QuickTime (Version: 7.69.80.9)
RAPID (Version: 1.00.0000)
Readme (Version: 47.0.1.000)
RollerCoaster Tycoon Deluxe (Version: 1.00.000)
Roxio Drag-to-Disc (Version: 9.0)
Roxio Easy Media Creator 9 Suite (Version: 9.0.088)
Scan (Version: 4.5.0.0)
ScannerCopy (Version: 4.5.0.0)
ScummVM 1.2.0
Shockwave
SkinsHP1 (Version: 45.4.157.000)
SmartSound Quicktracks Plugin (Version: 3.0.2.7)
SoundMAX (Version: 5.10.01.4542)
Studio 10 (Version: 10.0)
Studio 10 Bonus DVD (Version: 10.0.000)
TrayApp (Version: 45.4.157.000)
Unload (Version: 4.5.0)
WebFldrs XP (Version: 9.50.5318)
WebReg (Version: 45.4.157.000)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Installer 3.1 (KB893803) (Version: 3.1)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Memory info: ===================================

Percentage of memory in use: 68%
Total physical RAM: 1013.54 MB
Available physical RAM: 321.35 MB
Total Pagefile: 2440.69 MB
Available Pagefile: 1867.33 MB
Total Virtual: 2047.88 MB
Available Virtual: 2003.57 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:74.45 GB) (Free:12.76 GB) NTFS
6 Drive h: () (Removable) (Total:1.86 GB) (Free:1.78 GB) FAT

========================= Users: ========================================

User accounts for \\LAPOSTROPHE-II

Administrator ASPNET Guest
HelpAssistant M'Recia SUPPORT_388945a0


**** End of log ****



I will get you the GMER Log in a quick second, along with the MalwareBytes Log...
:busy:

#6 Play_Cold

Play_Cold
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 03 September 2011 - 03:02 AM

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7624

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

9/3/2011 2:00:45 AM
mbam-log-2011-09-03 (02-00-45).txt

Scan type: Quick scan
Objects scanned: 180794
Time elapsed: 10 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by Play_Cold, 03 September 2011 - 03:02 AM.


#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:03 PM

Posted 03 September 2011 - 10:36 AM

In MiniToolbox you didn't checkmark List IP configuration.
Please redo.

I still need GMER log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#8 Play_Cold

Play_Cold
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 03 September 2011 - 02:07 PM

Broni,

I apologize for not getting you the GMER log sooner. I had some issues in running it and had to reinstall my internet card after. Below is the Log. Also, I'll run the Minitool Box Log again and post it shortly. Thanks!


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-03 12:44:54


Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3808110AS rev.3.ADJ
Running: 69lj8xs8.exe; Driver: C:\DOCUME~1\M'Recia\LOCALS~1\Temp\fwryakoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA51FC738]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA51FC7DC]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA51FC878]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA51FC914]

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xA9905A00]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.15 ----



And here is the Minitoolbox Log...




MiniToolBox by Farbar
Ran by M'Recia (administrator) on 03-09-2011 at 13:10:44
Microsoft Windows XP Service Pack 2 (X86)


***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 4"

set address name="Local Area Connection 4" source=dhcp
set dns name="Local Area Connection 4" source=dhcp register=PRIMARY
set wins name="Local Area Connection 4" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 3"

set address name="Wireless Network Connection 3" source=dhcp
set dns name="Wireless Network Connection 3" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 3" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : lapostrophe-ii

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection 4:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-1A-A0-41-0D-89



Ethernet adapter Wireless Network Connection 3:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Belkin 54g Wireless USB Network Adapter #4

Physical Address. . . . . . . . . : 00-22-75-51-11-49

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.105

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : Saturday, September 03, 2011 1:03:14 PM

Lease Expires . . . . . . . . . . : Saturday, September 03, 2011 4:03:14 PM

Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 74.125.53.105, 74.125.53.103, 74.125.53.99, 74.125.53.104
74.125.53.147, 74.125.53.106



Pinging google.com [74.125.73.147] with 32 bytes of data:



Reply from 74.125.73.147: bytes=32 time=76ms TTL=47

Reply from 74.125.73.147: bytes=32 time=78ms TTL=47



Ping statistics for 74.125.73.147:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 76ms, Maximum = 78ms, Average = 77ms

Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 72.30.2.43, 98.137.149.56, 209.191.122.70, 67.195.160.76
69.147.125.65



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=57ms TTL=52

Reply from 209.191.122.70: bytes=32 time=40ms TTL=52



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 40ms, Maximum = 57ms, Average = 48ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1a a0 41 0d 89 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
0x10004 ...00 22 75 51 11 49 ...... Belkin 54g Wireless USB Network Adapter #4 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.105 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.0.105 192.168.0.105 20
192.168.0.0 255.255.255.0 192.168.0.105 192.168.0.105 25
192.168.0.105 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.0.255 255.255.255.255 192.168.0.105 192.168.0.105 25
224.0.0.0 240.0.0.0 192.168.0.105 192.168.0.105 25
255.255.255.255 255.255.255.255 192.168.0.105 2 1
255.255.255.255 255.255.255.255 192.168.0.105 192.168.0.105 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/01/2011 10:13:14 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.

Error: (09/01/2011 06:38:58 PM) (Source: Application Hang) (User: )
Description: Hanging application regedit.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/01/2011 06:38:57 PM) (Source: Application Hang) (User: )
Description: Hanging application regedit.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/01/2011 06:27:53 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.

Error: (09/01/2011 07:51:34 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.

Error: (09/01/2011 07:12:47 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.

Error: (09/01/2011 05:57:42 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.

Error: (09/01/2011 05:52:19 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.

Error: (09/01/2011 05:47:45 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.

Error: (09/01/2011 03:17:55 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.


System errors:
=============
Error: (09/03/2011 00:07:01 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (09/03/2011 11:35:28 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (09/03/2011 10:26:02 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (09/03/2011 10:25:35 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (09/03/2011 10:25:23 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (09/03/2011 10:25:08 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (09/03/2011 10:24:46 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (09/03/2011 10:24:42 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (09/03/2011 10:23:22 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (09/03/2011 10:22:49 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

1600 (Version: 47.0.1.000)
1600_Help (Version: 47.0.1.000)
1600Trb (Version: 47.0.1.000)
7-Zip 9.20
Adobe AIR (Version: 1.5.2.8870)
Adobe Flash Player 10 ActiveX (Version: 10.1.53.64)
Adobe Flash Player 10 Plugin (Version: 10.3.183.5)
Adobe Photoshop 7.0 (Version: 7.0)
Adobe Photoshop Elements 8.0 (Version: 8.0)
Adobe Photoshop.com Inspiration Browser (Version: 3.02)
Adobe Reader 9.4.5 (Version: 9.4.5)
AiO_Scan (Version: 47.0.1.000)
AiOSoftware (Version: 47.0.1.000)
Amazon MP3 Downloader 1.0.10
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.1.3)
Apple Software Update (Version: 2.1.2.120)
AutoUpdate (Version: 1.1)
AVG 2011 (Version: 10.0.1392)
AVG 2011 (Version: 10.0.1520)
Belkin 54Mbps Wireless Network Adapter (Version: 1.00.01)
Bonjour (Version: 2.0.4.0)
BookSmart® 3.0.3 3.0.3
Broadcom ASF Management Applications (Version: 8.18.14)
Broadcom Gigabit Integrated Controller (Version: 10.50.03)
Broadcom Management Programs (Version: 10.20.03)
BufferChm (Version: 45.4.157.000)
Copy (Version: 45.4.157.000)
Coupon Printer for Windows (Version: 5.0.0.0)
CP_AtenaShokunin1Config (Version: 45.4.131.000)
cp_dwShrek2Albums1 (Version: 45.4.157.000)
cp_dwShrek2Cards1 (Version: 45.4.157.000)
CreativeProjects (Version: 45.4.157.000)
CreativeProjectsTemplates (Version: 45.4.157.000)
CueTour (Version: 45.4.157.000)
Dell Support 3.2.1 (Version: 5.5.2094)
Destinations (Version: 45.4.157.000)
Director (Version: 45.4.157.000)
DiscAPI (Version: 2.00.0000)
DivX (Version: 6.0)
DocProc (Version: 4.5.0.0)
DocumentViewer (Version: 45.4.157.000)
eMusic Download Manager 4.1.4 (Version: 4.1.4)
Fax (Version: 47.0.1.000)
GoToAssist 8.0.0.514
Hitman Pro 3.5 (Version: 3.5.9.129)
HP Deskjet 3050 J610 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 3050 J610 series Help (Version: 140.0.63.63)
HP Extended Capabilities 4.7 (Version: 4.7)
HP Image Zone 4.7 (Version: 4.7)
HP Product Assistant (Version: 2.0.0.0)
HP PSC & OfficeJet 4.7
HP PSC 1600 series
HP Software Update (Version: 3.0.2.991)
HPSystemDiagnostics (Version: 1.6.0.0)
InstantShare (Version: 45.4.157.000)
Intel® Graphics Media Accelerator Driver
iTunes (Version: 10.1.2.17)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 21 (Version: 6.0.210)
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
MarketResearch (Version: 45.4.158.000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office 2000 Premium (Version: 9.00.2720)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Ultimate 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Picture It! Publishing Platinum 2001 (Version: 5.0.0.0000)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Mozilla Firefox (3.6.8) (Version: 3.6.8 (en-US))
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
NTRU TCG Software Stack (Version: 2.1.29)
PanoStandAlone (Version: 45.4.157.000)
PhotoGallery (Version: 45.4.157.000)
Picasa 3 (Version: 3.8)
Pinnacle Hollywood FX for Studio
Pinnacle Instant DVD Recorder (Version: 1.60.066)
proDAD Heroglyph 2.0
ProductContext (Version: 47.0.1.000)
QFolder (Version: 1.00.0000)
QuickTime (Version: 7.69.80.9)
RAPID (Version: 1.00.0000)
Readme (Version: 47.0.1.000)
RollerCoaster Tycoon Deluxe (Version: 1.00.000)
Roxio Drag-to-Disc (Version: 9.0)
Roxio Easy Media Creator 9 Suite (Version: 9.0.088)
Scan (Version: 4.5.0.0)
ScannerCopy (Version: 4.5.0.0)
ScummVM 1.2.0
Shockwave
SkinsHP1 (Version: 45.4.157.000)
SmartSound Quicktracks Plugin (Version: 3.0.2.7)
SoundMAX (Version: 5.10.01.4542)
Studio 10 (Version: 10.0)
Studio 10 Bonus DVD (Version: 10.0.000)
TrayApp (Version: 45.4.157.000)
Unload (Version: 4.5.0)
WebFldrs XP (Version: 9.50.5318)
WebReg (Version: 45.4.157.000)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Installer 3.1 (KB893803) (Version: 3.1)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Memory info: ===================================

Percentage of memory in use: 68%
Total physical RAM: 1013.54 MB
Available physical RAM: 317.8 MB
Total Pagefile: 2440.69 MB
Available Pagefile: 1858.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 2003.57 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:74.45 GB) (Free:12.56 GB) NTFS
6 Drive h: () (Removable) (Total:1.86 GB) (Free:1.78 GB) FAT

========================= Users: ========================================

User accounts for \\LAPOSTROPHE-II

Administrator ASPNET Guest
HelpAssistant M'Recia SUPPORT_388945a0


**** End of log ****
[/size][/font]


I will work on getting back to you as soon as I can. I will also be away from my computer today until the evening. I will make sure I send a response as soon as I can.

Edited by Play_Cold, 03 September 2011 - 02:17 PM.


#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:03 PM

Posted 03 September 2011 - 03:56 PM

So far looks clean.

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Post the content in your next reply.

===========================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#10 Play_Cold

Play_Cold
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 04 September 2011 - 12:36 AM

Process Explorer Log

Process PID CPU Private Bytes Working Set Description Company Name Command Line
System Idle Process 0 61.54 0 K 28 K
System 4 0 K 149,896 K
Interrupts n/a 35.38 0 K 0 K Hardware Interrupts and DPCs
smss.exe 796 172 K 416 K Windows NT Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
csrss.exe 1056 1,824 K 4,000 K Client Server Runtime Process Microsoft Corporation C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe 1080 8,200 K 1,504 K Windows NT Logon Application Microsoft Corporation winlogon.exe
services.exe 1128 0.77 2,160 K 4,996 K Services and Controller app Microsoft Corporation C:\WINDOWS\system32\services.exe
svchost.exe 1468 3,060 K 4,700 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost -k DcomLaunch
igfxsrvc.exe 120 1,008 K 3,120 K igfxsrvc Module Intel Corporation C:\WINDOWS\system32\igfxsrvc.exe -Embedding
wmiprvse.exe 1196 2,396 K 4,728 K WMI Microsoft Corporation C:\WINDOWS\system32\wbem\wmiprvse.exe
svchost.exe 1512 1,944 K 4,436 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost -k rpcss
svchost.exe 1660 18,400 K 27,584 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k netsvcs
wscntfy.exe 3540 508 K 2,100 K Windows Security Center Notification App Microsoft Corporation C:\WINDOWS\system32\wscntfy.exe
svchost.exe 1820 1,376 K 3,448 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k NetworkService
svchost.exe 1916 6,176 K 7,244 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k LocalService
spoolsv.exe 336 4,332 K 6,772 K Spooler SubSystem App Microsoft Corporation C:\WINDOWS\system32\spoolsv.exe
svchost.exe 456 1,212 K 3,460 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k LocalService
PhotoshopElementsFileAgent.exe 492 1,692 K 248 K Adobe Photoshop Elements 8.0 (component) Adobe Systems Incorporated "C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe"
AppleMobileDeviceService.exe 528 4,880 K 7,528 K MobileDeviceService Apple Inc. "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
AsfIpMon.exe 544 2,004 K 2,988 K Broadcom ASF IP Monitor Broadcom Corporation "C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service
avgwdsvc.exe 580 9,376 K 17,084 K AVG Watchdog Service AVG Technologies CZ, s.r.o. "C:\Program Files\AVG\AVG10\avgwdsvc.exe"
avgnsx.exe 1872 10,980 K 1,456 K AVG Online Shield Service AVG Technologies CZ, s.r.o. "C:\Program Files\AVG\AVG10\avgnsx.exe"
avgmfapx.exe 3088 0.77 8,104 K 13,416 K AVG Installer Application AVG Technologies CZ, s.r.o. /AppMode=UPDATE /pri=2 /sched=2 /source=inet /path=""
mDNSResponder.exe 616 1,208 K 3,648 K Bonjour Service Apple Inc. "C:\Program Files\Bonjour\mDNSResponder.exe"
jqs.exe 744 2,192 K 1,816 K Java™ Quick Starter Service Sun Microsystems, Inc. "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
HPZipm12.exe 808 532 K 1,744 K PML Driver HP C:\WINDOWS\System32\HPZipm12.exe
RoxWatch9.exe 1040 4,660 K 7,424 K RoxSniffer9 Module Sonic Solutions "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"
svchost.exe 1400 2,668 K 5,284 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k imgsvc
AVGIDSAgent.exe 1584 26,560 K 19,620 K AVG Identity Protection Service AVG Technologies CZ, s.r.o. "C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe"
RoxMediaDB9.exe 2232 6,876 K 9,536 K RoxMediaDB9 Module Sonic Solutions "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe"
alg.exe 2280 1,172 K 3,456 K Application Layer Gateway Service Microsoft Corporation C:\WINDOWS\System32\alg.exe
iPodService.exe 1632 2,428 K 3,980 K iPodService Module (32-bit) Apple Inc. "C:\Program Files\iPod\bin\iPodService.exe"
svchost.exe 2988 1,596 K 3,376 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k HTTPFilter
lsass.exe 1140 3,796 K 1,348 K LSA Shell (Export Version) Microsoft Corporation C:\WINDOWS\system32\lsass.exe
avgchsvx.exe 836 20,456 K 240 K AVG Cache Server AVG Technologies CZ, s.r.o. C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /boot
explorer.exe 3772 0.77 15,904 K 27,624 K Windows Explorer Microsoft Corporation C:\WINDOWS\Explorer.EXE
hkcmd.exe 3976 904 K 3,272 K hkcmd Module Intel Corporation "C:\WINDOWS\system32\hkcmd.exe"
igfxpers.exe 3996 668 K 2,732 K persistence Module Intel Corporation "C:\WINDOWS\system32\igfxpers.exe"
smax4pnp.exe 4032 2,240 K 4,100 K SMax4PNP Analog Devices, Inc. "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
jusched.exe 4056 704 K 2,416 K Java™ Update Scheduler Sun Microsystems, Inc. "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
GrooveMonitor.exe 4088 1,516 K 5,380 K GrooveMonitor Utility Microsoft Corporation "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
QTTask.exe 1668 604 K 2,240 K QuickTime Task Apple Inc. "C:\Program Files\QuickTime\QTTask.exe" -atboottime
avgtray.exe 720 4,340 K 3,428 K AVG Tray Monitor AVG Technologies CZ, s.r.o. "C:\Program Files\AVG\AVG10\avgtray.exe"
AVGIDSMonitor.exe 2604 1,052 K 3,444 K "C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe"
iTunesHelper.exe 1944 10,112 K 14,692 K iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Belkinwcui.exe 2192 5,500 K 9,652 K Belkin Wireless Client Utility Belkin "C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe"
DSAgnt.exe 2216 9,024 K 13,728 K Dell Support Gteko Ltd. "C:\Program Files\Dell Support\DSAgnt.exe" /startup
msmsgs.exe 1420 2,976 K 3,908 K Windows Messenger Microsoft Corporation "C:\Program Files\Messenger\msmsgs.exe" /background
ctfmon.exe 2348 884 K 3,460 K CTF Loader Microsoft Corporation "C:\WINDOWS\system32\ctfmon.exe"
WkCalRem.exe 2764 376 K 1,732 K Microsoft® Works Calendar Reminder Service Microsoft® Corporation "C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe"
firefox.exe 3812 83,812 K 99,300 K Firefox Mozilla Corporation "C:\Program Files\Mozilla Firefox\firefox.exe"
plugin-container.exe 3556 12,228 K 15,540 K Plugin Container for Firefox Mozilla Corporation "C:\Program Files\Mozilla Firefox\plugin-container.exe" --channel=3812.24d89e0.859495093 "C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll" 3812 plugin \\.\pipe\gecko-crash-server-pipe.3812
procexp.exe 872 0.77 10,872 K 15,660 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Documents and Settings\M'Recia\Desktop\procexp.exe"
avgrsx.exe 3092 816 K 468 K AVG Resident Shield Service AVG Technologies CZ, s.r.o.
avgcsrvx.exe 3608 12,384 K 320 K AVG Scanning Core Module - Server Part AVG Technologies CZ, s.r.o. C:\Program Files\AVG\AVG10\avgcsrvx.exe /pipeName=9e407e14-093a-4a24-9ae8-7b564d64492e /coreSdkOptions=30 /logConfFile="C:\Documents and Settings\All Users\Application Data\AVG10\temp\54190e29-9dbe-4a52-b283-0e4ebb8c335e-c14-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="C:\Program Files\AVG\AVG10\" /registryPath="SYSTEM\CurrentControlSet\Services\Avg\Avg10" /tempPath="C:\Documents and Settings\All Users\Application Data\AVG10\temp\"




aswMBR Log


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-03 23:26:50
-----------------------------
23:26:50.625 OS Version: Windows 5.1.2600 Service Pack 2
23:26:50.625 Number of processors: 2 586 0x605
23:26:50.640 ComputerName: LAPOSTROPHE-II UserName: M'Recia
23:26:59.296 Initialize success
23:30:13.031 AVAST engine defs: 11090201
23:32:03.171 The log file has been saved successfully to "C:\Documents and Settings\M'Recia\Desktop\aswMBR.txt"




#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:03 PM

Posted 04 September 2011 - 10:32 AM

aswMBR log is incomplete, so please redo that.

Meanwhile I can an issue:

Interrupts n/a 35.38 0 K 0 K Hardware Interrupts and DPCs


Check Primary and Secondary IDE settings: Device Manager -> IDE ATA/ATAPI controllers -> Primary or Secondary IDE Channel -> Properties -> Advanced Settings. Look at the Current Transfer Mode field.
See, if it's in PIO mode instead of DMA mode.

Edited by Broni, 04 September 2011 - 10:32 AM.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#12 Play_Cold

Play_Cold
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 04 September 2011 - 01:49 PM

The Current Transfer Mode is set to DMA if available for both Primary & Secondary IDE's under both Devices 0 and 1. However, the Primary IDE, Device 0 is currently set at PIO Mode while Device 1 shows N/A for the current status. Meanwhile, the Secondary IDE, Device 0 shows the Current Mode as Ultra DMA Mode 2 and the Device 1 is also N/A. I'll work on supplying you with the completed aswMBR log in my next post.



#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:03 PM

Posted 04 September 2011 - 01:58 PM

the Primary IDE, Device 0 is currently set at PIO Mode

Uninstall it.
Restart computer. It'll reinstall itself automatically.
See what mode do you have now.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#14 Play_Cold

Play_Cold
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 04 September 2011 - 02:55 PM

Complete aswBMR Log...

Run date: 2011-09-03 23:26:50
-----------------------------
23:26:50.625 OS Version: Windows 5.1.2600 Service Pack 2
23:26:50.625 Number of processors: 2 586 0x605
23:26:50.640 ComputerName: LAPOSTROPHE-II UserName: M'Recia
23:26:59.296 Initialize success
23:30:13.031 AVAST engine defs: 11090201
23:32:03.171 The log file has been saved successfully to "C:\Documents and Settings\M'Recia\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-04 12:37:52
-----------------------------
12:37:52.828 OS Version: Windows 5.1.2600 Service Pack 2
12:37:52.828 Number of processors: 2 586 0x605
12:37:52.828 ComputerName: LAPOSTROPHE-II UserName: M'Recia
12:37:58.109 Initialize success
12:47:00.234 AVAST engine defs: 11090401
12:47:36.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:47:36.000 Disk 0 Vendor: ST3808110AS 3.ADJ Size: 76293MB BusType: 3
12:47:36.015 Disk 0 MBR read successfully
12:47:36.031 Disk 0 MBR scan
12:47:36.109 Disk 0 Windows XP default MBR code
12:47:36.125 Disk 0 scanning sectors +156232125
12:47:36.234 Disk 0 scanning C:\WINDOWS\system32\drivers
12:48:02.109 Service scanning
12:48:04.953 Modules scanning
12:48:23.281 Disk 0 trace - called modules:
12:48:23.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
12:48:23.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865e1030]
12:48:23.312 3 CLASSPNP.SYS[f763305b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x865c5d98]
12:48:24.546 AVAST engine scan C:\WINDOWS
12:48:39.750 AVAST engine scan C:\WINDOWS\system32
12:54:33.718 AVAST engine scan C:\WINDOWS\system32\drivers
12:55:00.859 AVAST engine scan C:\Documents and Settings\M'Recia
12:59:20.453 File: C:\Documents and Settings\M'Recia\Local Settings\Temp\177.tmp **INFECTED** Win32:Rorpian-F [Trj]
13:30:32.000 AVAST engine scan C:\Documents and Settings\All Users
13:41:50.406 Scan finished successfully
13:51:16.484 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\M'Recia\Desktop\MBR.dat"
13:51:16.546 The log file has been saved successfully to "C:\Documents and Settings\M'Recia\Desktop\aswMBR.txt"


I will restart the computer and then post the status of the Primary IDE...


#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:03 PM

Posted 04 September 2011 - 03:19 PM

OK :)

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users