Gary Adamik

Here is our beta for the 09′ GDC contest for DeVry University. Wish us luck…

    So after watching the presidential candidates duke it out for power in an awe inspiring conflict that is clearly divided across the party lines and the people are split down the middle… Will the US (Politics) ever change its ways of corruption and BIG Business (lobbying) or will the 7 sins of the Bible be the down fall of the great USA like it was in so many earlier civilizations in our history?

The great Roman empire… Last time I checked the great roman empire only lasted 250 years tops,  You do the math 1776 - 2008, We are approaching 250 years fairly quickly.  I am not a prophet of doom or nay Sayer but some items clearly need to be addressed in our near future if America clearly wants to continue its global influence as it has for the last 64 years(WWII ends 1944),  Now is our time to act, not by electing our same party lines who use and abuse the system, but by looking to alternative powers.

That is one of our greatest strengths in a Democracy, We The People… Get to decide its faith! Not all the BS from the news channels and garbage we are fed from paid advertisements but what we feel right from our hearts.  As is stands today we need a true reform in American politics to a government by the people for the people… Not these earmarks and Bailouts. We the people need to take a stand on this issue and put in check the over spending and wasteful programs the Government has come to love today. I think Mr. Teddy Roosevelt explained it well:

THE RIGHT OF THE PEOPLE TO RULEIt seems to me, therefore, that the time is ripe, and overripe, for a genuine Progressive movement, Nationwide and justice-loving, sprung from and responsible to the people themselves, and sundered by a great gulf from both of the old party organizations, while representing all that is best in the hopes, beliefs, and aspirations of the plain people who make up the immense majority of the rank and file of both the old parties.

Source:  http://www.ssa.gov/history/trspeech.html

Clearly we the people are long over due for a new party to be involved in government, now is our time to act. Oh how they say history repeats it self, Now more than ever… as Americans we must stand together and flush our system of the sins it has created.

Ok, Here is a good one, been a while since I got a new virus, I deleted the .SCR file myself and a few other files like A.EXE but this one eluded the Gnar and then there it was low and behold… I stumbled across this software call MBAM, Yeah I know what you Emerald fans boys are thinking, He coined this phrase way b4 these guys but man it just that “BAM”, and my desk top was almost as good as new!! Now-a-days I typically just re-install when some one gets past my defense just for the simple fact that you never know whats still lingering around inside even after you quarantine and remove a virus, but tonight for some reason I just had to find out how to eradicate this sucker! I suppose just for confidence if nothing else to make sure I haven’t lost my touch or who know maybe just out of boredom. Anyways here are my HIJACKTHIS log and MBAM log:

This file also caught my attention from my hiJackThis log: psrem02

But eventually I stumbled though this and got the wallpaper and fake virus warnings removed, I was almost ready for a re-install of Windows XP anyways. I suppose now is as a good of a time as any.

Malwarebytes’ Anti-Malware 1.25 LOG
Database version: 1062
Windows 5.1.2600 Service Pack 2

4:37:42 AM 8/25/2008
mbam-log-08-25-2008 (04-37-42).txt

Scan type: Quick Scan
Objects scanned: 50033
Time elapsed: 5 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 5
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\battle.net (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\diablo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\bnetunin.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\diabunin.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\lphce9qj0eg0c.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phce9qj0eg0c.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gnar\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gnar\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gnar\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gnar\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gnar\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gnar\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

HIJACKTHIS LOG:
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\oembios.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM\..\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185432231671
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CD Guard Drivers Auto Removal (v2) (psrem02) - Unknown owner - C:\WINDOWS\system32\psrem02.exe (file missing)

Hope this helps

My friend received this email recently and well honestly it looks totally bogus to me. I know if it sounds too good to be true it probably is, but here are the few things I see right away that are wrong with this:

1. Why would a Spanish official be using a YAHOO address?
2. + (N_3324_0667_22) This country code looks up +324 is Nigeria
3. No idea this looks as crooked as a three dollar bill to me.

http://www.fundaciongsr.es.

Fundacion German Sanchez Ruiperez Spain, would like
to notify you that you have been chosen by the board of trustees as
One of the final recipients of a cash Grant/Donation for your own
Personal, educational, and business development. The FGSR, established
In the year 1901,
They started offering collection for the sole aim of human growth,
Educational and Community development.

In conjunction with the Shell Petroleum Company, UNO, and the
EU, we are giving out a yearly donation of US$500,000.00 each to 100
Lucky recipients each year.

These specific Donations/Grants will be awarded to 100 lucky
international recipients
Worldwide; in different categories for their personal business
Development.

The objective is to make a notable change in the standard of living of
People all around the Universe (From America to Europe, Asia to
Africa and all around). Kindly note that you will only be chosen to
receive
The donation once, which means that subsequent yearly donation, will
Not get to you. Take time and thought in spending the donation wisely
On something that will last you a long time.

Based on the random selection exercise of internet websites and
Millions of supermarket cash invoices worldwide, you were selected
among
The lucky recipients to receive the award sum of US$500,000.00 as
Charity donations/aid from the FGSR Spain, Shell Petroleum Company, EU
and the
UNO in accordance with the enabling act of Parliament. (Note that all
Beneficiaries email addresses were selected randomly from over 100,000
Internet websites or a shop’s cash invoice around your area in which
You might have purchased something from). You are required to contact
the FGSR Executive Secretary below, for qualification documentation
And processing of your claims. After contacting the secretary, you
will
Be given your donation pin number, which you will use in collecting
the funds. Please endeavor to quote your Qualification numbers
+ (N_3324_0667_22) in all discussions.

EXEC SEC.MRS.WAMA CARLITO.
EMAIL: hhamabless@yahoo.es

Please note that the EU, Shell Petroleum Company, UNO, strictly
administers these
Donations/Grants. You are by all means hereby advised to keep this
whole
Information confidential until you have been able to collect your
Donation.

On behalf of God, The Shell Petroleum Company, UNO and the EU, accept
our
Warmest congratulations.

May God Bless you with this donation.

BEST REGARD

Sanchez Ruiperez.
FGSR OFFICE SPAIN.
===================================

  This photo is pretty cool, but honestly if you have never seen a Space Shuttle launch in person it is a truly amazing event and it should be on everyone’s to do list of things they want to accomplish before they leave the planet earth.

   When we watched it launch a few years ago, it was biker week and couldn’t find a hotel room close to the launch site but even watching this event from a distance, it is definitely an awe inspiring event. It is amazing the power you can feel resonating from the Space Shuttle during a launch.

The space shuttle Atlantis rolls out to launch pad 39A at the Kennedy Space Center in Cape Canaveral, Florida November 10, 2007. The space shuttle Atlantis is scheduled to launch December 6 on a mission to the International Space Station. (Scott Audette/Reuters).

 Obi-Wan Kenobi in Star Wars Episode IV: A New Hope.

“Mos Eisley spaceport. You will never find a more wretched hive of scum and villainy. We must be cautious.”

It’s an amazing concept, in today’s world that a simple thing such as a building can make such a stir. We are not racists here at allpcs.us, far from it actually. We try to be as (PC) politically correct as the next guy, but I am sorry I found this story on Yahoo and about blew a gasket. Some people have too much time on their hands that’s all there is too it. Basically, some jokers went and found an old U.S. Navy building, and said it looks like a swastika.

Read more…