Jump to content

Spy Sweeper

Advanced Member
  • Content Count

    286
  • Joined

  • Last visited

About Spy Sweeper

  • Rank
    Member

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Location
    Minnesota

Previous Fields

  • System Specifications:
    ECS RX480-MB, AMD64 3700+ E4, A-Data 2x1GB DDR400 Dual-Channel, PowerColor X1950Pro-512MB, 2xWD-36GB-16MB Buffer Raptor's in RAID-0, Antec Earthwatts-500Watt-PSU, Windows XP-HomeSP2, PCCillin Internet Security 2008
  • TechExpress Link:
    http://www.pcpitstop.com/techexpress.asp?id=KJ4BSWVJCLVSKMUV
  • Teams:
    Nothing Selected
  1. I just tried to uninstall Advanced System Care 3 from Programs and Features. It would not let me uninstall it cause "C:\Program Files\IObit\Advanced SystemCare 3\unins000.msg is Missing. That being what McAfee has in Quarantine leaves me at not sure what to do next.
  2. I was Surfing through MajorGeeks.com looking for some software. I had not tried the Advanced System Care Program before so figured I'd give it a try. When I downloaded it I noticed something very peculiar. Just as the download ended I saw, just for a second or 2, another download window pop up. It happened so quickly i wasn't able to see what it was. It was rather obvious though that something without my consent just downloaded. When I started the System Care Install Exe I then saw a McAfee Virus Warning Window pop-up. McAfee claimed it found a Trojan. I then immediately went in to the McAfee Quarantine: File Name: unins000.msg Detection Name: Exploit-ObscuredHtml Original Location: C:\Program Files\IObit\Advanced SystemCare 3 I then performed a full system scan with McAfee, it found nothing. Question is, am I rid of this Trojan or is there something else I should do to make sure it is in fact gone. Thanks in advance Btw: In case it matters any. This PC in question is a Toshiba M400 Laptop w/ Vista Business 32-bit. AV Software is McAfee Internet Security
  3. Thanks for the Reply's 8210GUY & pcranger That sounded like a good idea. So I went to the local FleetFarm and bought a 10$ Multimeter. (I needed a multimeter anyway). Then after talking to one of the Older Gents in FleetFarm he explained to just do an Ohm Test. The Ohm test worked perfectly. I put 1 of the meter's +/- wires on the inside of the Adaptaplug Q, then touched the other +/- wire to one of the 2 Prong's. When the Ohm meter needle moved then I knew which particular Prong was In-Line with the Center. I then spliced the Adaptaplug Socket to the AC Adapter wire. It worked fine and the Laptop fired right up. I did though go to Ebay and buy another AC Adapter anyway AC Adapter on Ebay. The spliced wire is imo a bit dangerous. Thanks again for the help
  4. I have a Toshiba M400 S5032 Laptop. It has this AC Adapter The End of the Wire, part that connects to the Laptop, is broken out and missing. I bought this Adaptaplug Q & this Replacement Adaptaplug Socket. I need to attach the "Replacement Adaptaplug Socket" to the Wire on the Toshiba AC Adapter. How ? The Adaptaplug Socket has 2 Bare Wires at one end. What is the Polarity of each wire ? and How should those 2 wires be connected to the AC Adapter (IE Polarity of the AC Adapter wires are ?) Thanks in advance PS I could just buy a new AC Adapter on Ebay for around 15$, but I'd like to get this repaired soon, IE don't want to wait for it to be shipped.
  5. Thanks again Aaflac, After the Kaspersky Scan finished: 0 (Zero) Infected Object 0 Suspicious Object So there was no report to save being it was empty. I did another AVG Scan about 2 hours ago and AVG found no problems. These Hallmark Emails kept coming. So I'd run another AVG scan after the Email arrival and AVG would promptly Quarantine it. So instead of using Outlook (Windows Mail) I've been going directly to the Fastmail website to view my Email. When i see any of these Virus Laden Emails I flag them as Spam then delete them before they even get to my PC. In the AVG Virus Vault is 6 Items related to these Virus Emails, should I use the "Empty Vault" or "Delete" to permanently get rid of them ? (just double checking that it is safe to do) Thanks again
  6. Malwarebytes Results: Malwarebytes' Anti-Malware 1.32 Database version: 1642 Windows 6.0.6001 Service Pack 1 1/11/2009 4:26:33 AM mbam-log-2009-01-11 (04-26-33).txt Scan type: Quick Scan Objects scanned: 46215 Time elapsed: 1 minute(s), 52 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) WOW, that is the fastest Anti-Spyware Program I've seen yet, 1 Minute 52 Seconds ?, SuperAntiSpyware takes 25 Minutes. Makes you wonder though if Malwarebytes is sacrificing Quality for Speed. Anyway it looks as if Malwarebytes found nothing. It would appear that AVG &/or Windows Defender did a Superb Containment Job. I had left those 2 Emails in my Inbox because I had a run-in with a phishing Email a few months ago that Implicated Alaska Airlines, obviously falsely, as the Virus Laden Email Sender. After I contacted Alaska Airlines they asked me to Mail them a Copy of the Email. So i kept these 2 Emails in case i was asked to do something similar. I just didn't open the Attachment again. But being you didn't need the Emails I deleted them. Thanks again for all the help. Btw Any Eta on a 64-bit compatible ComboFix ?, I'd like to see that Program in action. Saw some pretty nice reviews of it over the last couple days.
  7. Thanks Aaflac, I did 2 AVG scans a couple hours ago. 1st scan found 6 pieces of Worm/Generic_r.CZ. 2nd Scan found 0 (none) Problems. After 1st scan, In AVG's Quarantine is (3 Items): Infection Type: Infection Virus Name: Worm/Generic_r.CZ Path to File: 1. C:\Users\Todd\AppData\Local\TEMP_~1.ZIP\postcard.exe 2. " \ " \ " \ " \ " \Microsoft\Windows Mail\mail.messagingengine.com\Inbox\2AEB6FDD-00001COD.eml 3. Same Path as 2nd cept' ----------------------------------------------------------\Inbox\6F8F3626-00001C10D.eml F-Secure Online Scanner found No Viruses at all, yesterday nor today. After I did the F-Secure Online Scan today then I ran the 2 AVG Scans. The 1st of those 2 was when those 6 Items were found by AVG. Odd that the F-Secure Online Scanner found nothing then minutes later AVG found 6 Problems. I hadn't really checked, maybe F-Secures Online Scanner doesn't scan your PC's Email. Very little information (actually none useful anyway) can be found by googling "Worm/Generic_r.CZ", so this must be a fairly new Virus Variation. Btw. This PC is a Gaming PC therefore I use 64-bit for the simple Idea of how much System Memory can be used. My PC has 4GB RAM atm and I'll up that to 8GB eventually, 32-bit wouldn't be able to support the Memory. Thanks again for the help & I'll skip the ComboFix being it's obviously not 64-bit capable.
  8. Edited to Add: The Problems listed below may be due to the fact that my Vista is 64-bit, Is ComboFix 64-bit Compatible ? Thanks Aaflac, I have everything downloaded to desktop and ready to go, cept', I then right-clicked Combofix and chose "Run as Administrator". Then a few seconds later I received 2 windows. 1: Incompatible OS. ComboFix works only With Windows XP & 2000. 2: "Windows cannot find '32788R22FWJFW\nircmd.com' I'll do some googling to see if there is a fix for these 2 errors
  9. Thanks Aaflac, New Thread Started at: Hijack This Forum The Included F-Secure "Show Report" is actually from a few minutes ago, yesterday's had not been saved. Again today F-Secure found nothing wrong, although some Files have been skipped. Not sure if I really need to worry about this Virus anymore or not but I posted in HijackThis Forum anyway to be on the safe side.
  10. RSIT Info info.txt logfile of random's system information tool 1.05 2009-01-10 12:46:49 ======Uninstall list====== -->C:\Program Files (x86)\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\Windows\UNNeroBackItUp.exe /UNINSTALL -->C:\Windows\UNNeroMediaHome.exe /UNINSTALL -->C:\Windows\UNNeroShowTime.exe /UNINSTALL -->C:\Windows\UNNeroVision.exe /UNINSTALL -->C:\Windows\UNRecode.exe /UNINSTALL Adobe Flash Player ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003} AusLogics Disk Defrag-->"C:\Program Files (x86)\Auslogics\AusLogics Disk Defrag\unins000.exe" AusLogics Registry Defrag-->"C:\Program Files (x86)\Auslogics\AusLogics Registry Defrag\unins000.exe" AVG Free 8.0-->C:\Program Files (x86)\AVG\AVG8\setup.exe /UNINSTALL [email protected] v3-->C:\PROGRA~2\Boomtown\Client\UNWISE.EXE C:\PROGRA~2\Boomtown\Client\INSTALL.LOG Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C} CCleaner (remove only)-->"C:\Program Files (x86)\CCleaner\uninst.exe" Download Manager 2.3.6-->C:\Program Files (x86)\Download Manager\uninst.exe Driver Sweeper 1.5.5-->"C:\Program Files (x86)\Driver Sweeper\unins000.exe" DriverAgent by TouchStone Software-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove DUNGEONS & DRAGONS ONLINE™: Stormreach™ v01.08.00.8106-->"F:\Program Files (F)\Dungeons & Dragons Online - Stormreach\unins000.exe" erLT-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C} HijackThis 2.0.2-->"C:\Program Files (x86)\trend micro\HijackThis.exe" /uninstall HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC} HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7} HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4} HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3} Immortal Cities: Children of the Nile-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{667A1F4B-BFFA-4CF0-8C0B-6ED397370BCB} Java 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Logitech Desktop Messenger-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x9 UNINSTALL Logitech SetPoint-->C:\Program Files (x86)\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} MobMap 2.02-->"C:\Program Files (x86)\MobMapUpdater\unins000.exe" Mozilla Firefox (3.0.5)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Nero 7 Essentials-->MsiExec.exe /X{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1033} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} OpenOffice.org 2.4-->MsiExec.exe /I{2CD2C0DB-81C3-416B-9FA6-589B9235359B} Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly RivaTuner v2.06-->"C:\Program Files (x86)\RivaTuner v2.06\uninstall.exe" Secunia PSI (RC2)-->"C:\Program Files (x86)\Secunia\PSI (RC2)\uninstall.exe" Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} SpeedFan (remove only)-->"C:\Program Files (x86)\SpeedFan\uninstall.exe" Star Wars Galaxies: Complete Online Adventures-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{19F59AB5-B1F6-4276-A40B-09472318BCFF}\setup.exe" -l0x9 -removeonly SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} TeamSpeak 2 RC2-->"C:\Program Files (x86)\Teamspeak2_RC2\unins000.exe" The Lord of the Rings Online™: Mines of Moria™ v02.01.03.4020-->"F:\Program Files (F)\Lord of the Rings Online-EU\unins000.exe" Visual C++ 8.0 Runtime Setup Package (x64)-->MsiExec.exe /I{021C4C4F-C93C-4425-BFFD-C2D16776BFAE} World of Warcraft FREE Trial-->MsiExec.exe /X{02EBDBB9-4600-41D3-B566-40CB861511D2} World of Warcraft-->C:\Program Files (x86)\Common Files\Blizzard Entertainment\Wrath of the Lich King\Uninstall.exe ======Security center information====== AV: AVG Anti-Virus Free AS: Avira AntiVir PersonalEdition AS: AVG Anti-Virus Free (disabled) AS: Windows Defender AS: SUPERAntiSpyware (disabled) System event log Computer Name: DualCore Event Code: 7036 Message: The Problem Reports and Solutions Control Panel Support service entered the stopped state. Record Number: 94822 Source Name: Service Control Manager Time Written: 20090110155501.000000-000 Event Type: Information User: Computer Name: DualCore Event Code: 33 Message: The oldest shadow copy of volume C: was deleted to keep disk space usage for shadow copies of volume C: below the user defined limit. Record Number: 94823 Source Name: volsnap Time Written: 20090110175912.681185-000 Event Type: Information User: Computer Name: DualCore Event Code: 26 Message: Application popup: : \??\C:\Users\Todd\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys failed to load Record Number: 94824 Source Name: Application Popup Time Written: 20090110175954.268185-000 Event Type: Information User: Computer Name: DualCore Event Code: 1060 Message: \??\C:\Users\Todd\AppData\Local\Temp\OnlineScanner\Anti-Virus\f has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Record Number: 94825 Source Name: Application Popup Time Written: 20090110175954.268185-000 Event Type: Error User: Computer Name: DualCore Event Code: 6013 Message: The system uptime is 154132 seconds. Record Number: 94826 Source Name: EventLog Time Written: 20090110180004.000000-000 Event Type: Information User: Application event log Computer Name: DualCore Event Code: 224 Message: WinMail (3088) WindowsMail0: Deleting log files C:\Users\Todd\AppData\Local\Microsoft\Windows Mail\edb0012C.log to C:\Users\Todd\AppData\Local\Microsoft\Windows Mail\edb0012C.log. Record Number: 36902 Source Name: ESENT Time Written: 20090110174557.000000-000 Event Type: Information User: Computer Name: DualCore Event Code: 213 Message: WinMail (3088) WindowsMail0: The backup procedure has been successfully completed. Record Number: 36903 Source Name: ESENT Time Written: 20090110174557.000000-000 Event Type: Information User: Computer Name: DualCore Event Code: 103 Message: WinMail (3088) WindowsMail0: The database engine stopped the instance (0). Record Number: 36904 Source Name: ESENT Time Written: 20090110175531.000000-000 Event Type: Information User: Computer Name: DualCore Event Code: 1024 Message: Record Number: 36905 Source Name: NVRAIDSERVICE Time Written: 20090110181226.000000-000 Event Type: Information User: Computer Name: DualCore Event Code: 5 Message: Unsupported service control request (see data below) Record Number: 36906 Source Name: LightScribeService Time Written: 20090110184648.000000-000 Event Type: Information User: Security event log Computer Name: DualCore Event Code: 4648 Message: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DUALCORE$ Account Domain: HILLTOP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: SYSTEM Account Domain: NT AUTHORITY Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x294 Process Name: C:\Windows\System32\services.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Record Number: 28509 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090110093731.040985-000 Event Type: Audit Success User: Computer Name: DualCore Event Code: 4624 Message: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DUALCORE$ Account Domain: HILLTOP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x294 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Record Number: 28510 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090110093731.040985-000 Event Type: Audit Success User: Computer Name: DualCore Event Code: 4672 Message: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 28511 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090110093731.040985-000 Event Type: Audit Success User: Computer Name: DualCore Event Code: 5038 Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name: \Device\HarddiskVolume2\Users\Todd\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys Record Number: 28512 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090110175954.263185-000 Event Type: Audit Failure User: Computer Name: DualCore Event Code: 5038 Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name: \Device\HarddiskVolume2\Users\Todd\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys Record Number: 28513 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090110175954.268185-000 Event Type: Audit Failure User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "NUMBER_OF_PROCESSORS"=2 "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "PROCESSOR_IDENTIFIER"=AMD64 Family 15 Model 107 Stepping 2, AuthenticAMD "PROCESSOR_LEVEL"=15 "PROCESSOR_REVISION"=6b02 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% -----------------EOF-----------------
  11. This is a Continuation from this Thread PCPitStop Listed Below: F-Secure Online Virus Scan "Show Report", RSIT Info & Log Show Report: Scanning Report Saturday, January 10, 2009 11:59:46 - 12:35:52 Computer name: DUALCORE Scanning type: Scan system for malware, rootkits Target: C:\ F:\ Result: 0 malware found Statistics Scanned: * Files: 40062 * System: 5169 * Not scanned: 28 Actions: * Disinfected: 0 * Renamed: 0 * Deleted: 0 * None: 0 * Submitted: 0 Files not scanned: * C:\HIBERFIL.SYS * C:\PAGEFILE.SYS * C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT * C:\WINDOWS\SYSTEM32\CONFIG\SAM * C:\WINDOWS\SYSTEM32\CONFIG\SECURITY * C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE * C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM * C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB * C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB * C:\USERS\TODD\APPDATA\LOCAL\TEMP\ETILQS_VLAZVIA4EGFCMSXDNPSK * C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752} * C:\SYSTEM VOLUME INFORMATION\{A533FC62-DDD9-11DD-A341-00E04D3D846C}{3808876B-C176-4E48-B7AE-04046E6CC752} * C:\SYSTEM VOLUME INFORMATION\{A533FC6B-DDD9-11DD-A341-00E04D3D846C}{3808876B-C176-4E48-B7AE-04046E6CC752} * C:\SYSTEM VOLUME INFORMATION\{ABBA31A4-D13C-11DD-9C73-00E04D3D846C}{3808876B-C176-4E48-B7AE-04046E6CC752} * C:\SYSTEM VOLUME INFORMATION\{ABBA31AB-D13C-11DD-9C73-00E04D3D846C}{3808876B-C176-4E48-B7AE-04046E6CC752} * C:\SYSTEM VOLUME INFORMATION\{ABBA31B2-D13C-11DD-9C73-00E04D3D846C}{3808876B-C176-4E48-B7AE-04046E6CC752} * C:\SYSTEM VOLUME INFORMATION\{ABBA31B9-D13C-11DD-9C73-00E04D3D846C}{3808876B-C176-4E48-B7AE-04046E6CC752} * C:\SYSTEM VOLUME INFORMATION\{ABBA31BF-D13C-11DD-9C73-00E04D3D846C}{3808876B-C176-4E48-B7AE-04046E6CC752} * C:\SYSTEM VOLUME INFORMATION\{ABBA31C6-D13C-11DD-9C73-00E04D3D846C}{3808876B-C176-4E48-B7AE-04046E6CC752} * C:\SYSTEM VOLUME INFORMATION\{ABBA3346-D13C-11DD-9C73-00E04D3D846C}{3808876B-C176-4E48-B7AE-04046E6CC752} * C:\SYSTEM VOLUME INFORMATION\{ABBA334C-D13C-11DD-9C73-00E04D3D846C}{3808876B-C176-4E48-B7AE-04046E6CC752} Options Scanning engines: * F-Secure USS: 2.40.0 * F-Secure Hydra: 2.8.8110, 2009-01-10 * F-Secure Pegasus: 1.20.0, 2008-11-17 * F-Secure AVP: 7.0.171, 2009-01-10 Scanning options: * Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR * Use Advanced heuristics Copyright © 1998-2007 Product support |Send virus sample to F-Secure F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability. RSIT Log: Logfile of random's system information tool 1.05 (written by random/random) Run by Todd at 2009-01-10 12:46:39 Microsoft® Windows Vista™ Home Premium Service Pack 1 System drive C: has 20 GB (28%) free of 71 GB Total RAM: 4094 MB (57% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:46:47 PM, on 1/10/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\AVG\AVG8\avgtray.exe C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\Downloaded Program Files\gatelauncher.exe C:\Users\Todd\AppData\Local\Temp\fsgk32.exe C:\Users\Todd\AppData\Local\Temp\fssm32.exe C:\Users\Todd\Documents\Downloads\RSIT.exe C:\Program Files (x86)\trend micro\Todd.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~2\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~2\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O13 - Gopher Prefix: O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing) O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8987 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}] HP Print Clips - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-02-01 1377576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files (x86)\AVG\AVG8\avgssie.dll [2008-12-23 455960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}] AVG Security Toolbar - C:\PROGRA~2\AVG\AVG8\AVGTOO~1.DLL [2008-12-23 2055960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~2\AVG\AVG8\AVGTOO~1.DLL [2008-12-23 2055960] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152] "Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792] "StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440] "AVG8_TRAY"=C:\PROGRA~2\AVG\AVG8\avgtray.exe [2008-12-23 1261336] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1555968] "igndlm.exe"=C:\Program Files (x86)\Download Manager\DLM.exe [2008-08-01 1103216] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2008-01-22 152872] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL [2008-07-13 77824] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2009-01-10 12:46:40 ----D---- C:\Program Files (x86)\trend micro 2009-01-10 12:46:39 ----D---- C:\rsit 2009-01-09 16:24:57 ----HD---- C:\$AVG8.VAULT$ 2009-01-07 18:09:12 ----D---- C:\Users\Todd\AppData\Roaming\AVGTOOLBAR 2008-12-23 16:12:37 ----D---- C:\Windows\Temp 2008-12-23 15:01:36 ----D---- C:\ProgramData\avg8 2008-12-23 15:01:36 ----D---- C:\Program Files (x86)\AVG 2008-12-17 22:49:35 ----A---- C:\Windows\system32\SET259B.tmp 2008-12-17 14:21:01 ----A---- C:\Windows\system32\mshtml.dll 2008-12-16 02:07:35 ----A---- C:\Windows\system32\XAudio2_1.dll 2008-12-16 02:07:35 ----A---- C:\Windows\system32\XAPOFX1_0.dll 2008-12-16 02:07:34 ----A---- C:\Windows\system32\xactengine3_1.dll 2008-12-16 02:07:33 ----A---- C:\Windows\system32\X3DAudio1_4.dll 2008-12-16 02:07:32 ----A---- C:\Windows\system32\d3dx10_38.dll 2008-12-16 02:07:32 ----A---- C:\Windows\system32\D3DCompiler_38.dll 2008-12-16 02:07:30 ----A---- C:\Windows\system32\D3DX9_38.dll 2008-12-16 02:07:29 ----A---- C:\Windows\system32\XAudio2_0.dll 2008-12-16 02:07:28 ----A---- C:\Windows\system32\xactengine3_0.dll 2008-12-16 02:07:27 ----A---- C:\Windows\system32\X3DAudio1_3.dll 2008-12-16 02:07:25 ----A---- C:\Windows\system32\d3dx10_37.dll 2008-12-16 02:07:25 ----A---- C:\Windows\system32\D3DCompiler_37.dll 2008-12-16 02:07:24 ----A---- C:\Windows\system32\D3DX9_37.dll 2008-12-16 02:07:23 ----A---- C:\Windows\system32\xactengine2_10.dll 2008-12-16 02:07:21 ----A---- C:\Windows\system32\d3dx10_36.dll 2008-12-16 02:07:21 ----A---- C:\Windows\system32\D3DCompiler_36.dll 2008-12-16 02:07:19 ----A---- C:\Windows\system32\d3dx9_36.dll 2008-12-16 02:07:18 ----A---- C:\Windows\system32\xactengine2_9.dll 2008-12-16 02:07:16 ----A---- C:\Windows\system32\d3dx10_35.dll 2008-12-16 02:07:16 ----A---- C:\Windows\system32\D3DCompiler_35.dll 2008-12-16 02:07:15 ----A---- C:\Windows\system32\d3dx9_35.dll 2008-12-16 02:07:13 ----A---- C:\Windows\system32\xactengine2_8.dll 2008-12-16 02:07:13 ----A---- C:\Windows\system32\X3DAudio1_2.dll 2008-12-16 02:07:12 ----A---- C:\Windows\system32\d3dx10_34.dll 2008-12-16 02:07:12 ----A---- C:\Windows\system32\D3DCompiler_34.dll 2008-12-16 02:07:11 ----A---- C:\Windows\system32\d3dx9_34.dll 2008-12-16 02:07:10 ----A---- C:\Windows\system32\xinput1_3.dll 2008-12-16 02:07:08 ----A---- C:\Windows\system32\xactengine2_7.dll 2008-12-16 02:07:07 ----A---- C:\Windows\system32\d3dx10_33.dll 2008-12-16 02:07:07 ----A---- C:\Windows\system32\D3DCompiler_33.dll 2008-12-16 02:07:06 ----A---- C:\Windows\system32\d3dx9_33.dll 2008-12-16 02:07:04 ----A---- C:\Windows\system32\xactengine2_6.dll 2008-12-16 02:07:03 ----A---- C:\Windows\system32\xactengine2_5.dll 2008-12-16 02:07:02 ----A---- C:\Windows\system32\d3dx10.dll 2008-12-16 02:07:01 ----A---- C:\Windows\system32\d3dx9_32.dll 2008-12-16 02:06:59 ----A---- C:\Windows\system32\xactengine2_4.dll 2008-12-16 02:06:59 ----A---- C:\Windows\system32\x3daudio1_1.dll 2008-12-16 02:06:58 ----A---- C:\Windows\system32\d3dx9_31.dll 2008-12-16 02:06:57 ----A---- C:\Windows\system32\xactengine2_3.dll 2008-12-16 02:06:56 ----A---- C:\Windows\system32\xinput1_2.dll 2008-12-16 02:06:55 ----A---- C:\Windows\system32\xactengine2_2.dll 2008-12-16 02:06:54 ----A---- C:\Windows\system32\xinput1_1.dll 2008-12-16 02:06:52 ----A---- C:\Windows\system32\xactengine2_1.dll 2008-12-16 02:06:42 ----A---- C:\Windows\system32\xactengine2_0.dll 2008-12-16 02:06:42 ----A---- C:\Windows\system32\x3daudio1_0.dll 2008-12-16 02:06:41 ----A---- C:\Windows\system32\d3dx9_29.dll ======List of files/folders modified in the last 1 months====== 2009-01-10 12:46:47 ----D---- C:\Windows\Prefetch 2009-01-10 12:46:40 ----RD---- C:\Program Files (x86) 2009-01-10 11:59:51 ----SD---- C:\Windows\Downloaded Program Files 2009-01-10 11:59:12 ----SHD---- C:\System Volume Information 2009-01-08 17:17:59 ----D---- C:\Windows\System32 2009-01-08 17:17:59 ----D---- C:\Windows\inf 2009-01-08 17:11:36 ----D---- C:\Windows 2009-01-07 18:08:33 ----D---- C:\Program Files (x86)\StarWarsGalaxies 2009-01-07 17:52:43 ----D---- C:\Program Files (x86)\Mozilla Firefox 2009-01-05 03:28:40 ----D---- C:\Users\Todd\AppData\Roaming\OpenOffice.org2 2008-12-24 05:29:28 ----D---- C:\Program Files (x86)\CCleaner 2008-12-23 19:21:25 ----RSD---- C:\Windows\assembly 2008-12-23 17:06:26 ----SHD---- C:\Windows\Installer 2008-12-23 17:06:26 ----HD---- C:\Config.Msi 2008-12-23 15:01:36 ----HD---- C:\ProgramData 2008-12-23 15:01:30 ----D---- C:\Windows\winsxs 2008-12-23 14:58:19 ----SD---- C:\Users\Todd\AppData\Roaming\Microsoft 2008-12-23 14:58:18 ----D---- C:\Windows\SysWOW64 2008-12-23 14:58:18 ----D---- C:\Windows\system32\drivers 2008-12-23 13:30:50 ----RD---- C:\Program Files 2008-12-17 22:49:55 ----D---- C:\Users\Todd\AppData\Roaming\GetRightToGo 2008-12-16 02:05:54 ----D---- C:\Windows\Logs 2008-12-16 01:44:06 ----HD---- C:\Program Files (x86)\InstallShield Installation Information 2008-12-16 01:40:49 ----RSD---- C:\Windows\Fonts 2008-12-16 01:36:26 ----D---- C:\Program Files (x86)\Common Files\InstallShield 2008-12-15 03:22:10 ----D---- C:\Windows\Debug ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AvgLdx64;AVG Free AVI Loader Driver x64; C:\Windows\System32\Drivers\avgldx64.sys [] R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64; C:\Windows\System32\Drivers\avgmfx64.sys [] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [] R3 AvgWfpA;AVG Free8 Firewall Driver x86; C:\Windows\System32\Drivers\avgwfpa.sys [] R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [] R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [] R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [] R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [] R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys [] R3 L8042Kbd;SetPoint Keyboard Driver; C:\Windows\system32\DRIVERS\L8042Kbd.sys [] R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [] R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [] R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys [] R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [] R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [] S1 SASDIFSV;SASDIFSV; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2008-07-13 8944] S1 SASKUTIL;SASKUTIL; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2008-07-13 55024] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [] S3 RivaTuner64;RivaTuner64; \??\C:\Program Files (x86)\RivaTuner v2.06\RivaTuner64.sys [2008-02-14 19952] S3 SASENUM;SASENUM; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096] S3 TVICHW64;TVICHW64; \??\C:\Windows\SysWOW64\Drivers\TVICHW64.SYS [2008-05-31 21200] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [] R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~2\AVG\AVG8\avgemc.exe [2008-12-23 875288] R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe [2008-12-23 231704] R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2007-07-25 79136] R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504] R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [2006-12-19 81920] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504] R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504] S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-01-05 93696] S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 160272] S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-04-08 800040] S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-19 19968] -----------------EOF-----------------
  12. I received a very official and legit looking Email today from "[email protected]" Claimed that I had an eCard from a Friend. Normally I'll simply delete any Emails that have attachments (unless from known acquaintances). But this Email was well written and looked very legit. Guess it wasn't. AVG Anti-Virus immediately quarantined the Attachment when I opened it, Windows as well (i think Windows Defender) blocked access to the attachment immediately upon opening. Claimed Virus found by AVG is "Worm/Generic_r.CZ". I'm doing an F-Secure Online Scanner as we speak but it has not yet found any thing wrong. I'll do an AVG scan when F-Secure is complete. I guess this Thread is basically a 'heads-up' & to ask "Have any of you ran into one of these Virus laden 'Hallmark' Email Mails before ? Thanks
  13. In my Test Score look under Disk/Uncached Speed. Windows was installed on a 10GB Partition called Drive C in RAID-0 After Windows install I went into "Administrative Tools/Computer Management/Disk Management". I had 59.18GB of Unallocated Space. I formatted that Space and called it Drive E. But, Drive C has an Uncached Speed of 106 MB/s & Drive E only 50. Is Drive E not being treated as RAID-0 like I want it to be ? Did I set up Drive E incorrectly ? Thanks
  14. He has a point as well, Software installs are much quicker with Raid; Plus Online Gaming Load Screens are as well alot quicker. Plus the 'real-time' game play of Online Games is quicker, although the Game Play speed-up of using Raid over Non-Raid is not as much as I had hoped.
  15. A Thanks to you all for the Replies. You all agreed that Vista is not worth using at the moment. Had thought that myself, was just Hoping otherwise. So Windows XP will be used. Ill probably go with Home-Edition simply cause it's cheaper & Pro not really being needed on this Gaming-Only PC. Plus the PC I'm using now has Home-Edition which will make this Build-PC easier to run for I'm very familiar with Home-Edition. Yup those 2 Quotes make sense, but as I mentioned in my 1st post, I already have 1 of those Raptor 36Gigs I bought many months ago from Newegg. Plus this Fairly outdated Asrock MB does not have an Onboard Sata-"II" Raid, just Sata-"I". On the RAM; I'll stick with the 2gigs of A-Data that I already have, I really didn't want to buy more RAM anyway being DDR"1" is now getting 'Old'. Thanks for that Reply rtyrie 1 that exactly answers my Reliability question. Thanks a Bunch for all the Links miggs78, that certainly is Very appreciated. That about answers all my Questions actually; A Thanks to you all that Posted.
×
×
  • Create New...