gedeyenite
Thread Starter
- Joined
- Jan 16, 2004
- Messages
- 133
HJT! Log
Logfile of HijackThis v1.99.1
Scan saved at 19:07:24, on 7/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\NavNT\vptray.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\BToes Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Common Files\Filseclab\FilMsg.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\VirtuaWin\VirtuaWin.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\VirtuaWin\modules\WinList.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\BToes Bluetooth Software\bin\btwdins.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Filseclab\xfilter\xfilter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HiJack This!\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://usarmy.breezecentral.com/r82677489/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Filseclab Messenger.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: VirtuaWin.lnk = C:\Program Files\VirtuaWin\VirtuaWin.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\BToes Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141025598843
O20 - AppInit_DLLs: wbsys.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Filseclab Log (Application)
Rules ActionApplicationProtocol/DirectionLocal IP/Port Remote IP/Port Sent/Recv Time Description Full Path
10011 Deny svchost TCP/In 192.168.16.102/1318 207.46.198.93/80 0/62 19:08:55 ACK SYN RECV|RT:10|No.10011 built-in Rules C:\WINDOWS\System32\svchost.exe
10011 Deny svchost TCP/In 192.168.16.102/1318 207.46.198.93/80 0/62 19:08:57 ACK SYN RECV|RT:10|No.10011 built-in Rules C:\WINDOWS\System32\svchost.exe
10011 Deny svchost TCP/In 192.168.16.102/1318 207.46.198.93/80 0/62 19:09:02 ACK SYN RECV|RT:10|No.10011 built-in Rules C:\WINDOWS\System32\svchost.exe
95 Pass firefox TCP/In 192.168.16.102/1320 24.137.12.230/80 0/62 19:09:02 ACK SYN RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1321 24.137.12.230/80 0/62 19:09:02 ACK SYN RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox HTTP/Out 0.0.0.0/0 24.137.12.230/80 0/0 19:09:03 RDSD|RT:6|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox HTTP/Out 0.0.0.0/0 24.137.12.230/80 0/0 19:09:03 RDSD|RT:6|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox HTTP/Out 0.0.0.0/0 67.15.204.16/80 0/0 19:09:03 RDSD|RT:6|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox HTTP/Out 0.0.0.0/0 24.137.12.230/80 0/0 19:09:03 RDSD|RT:6|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox HTTP/Out 0.0.0.0/0 24.137.12.230/80 0/0 19:09:03 RDSD|RT:6|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1322 67.15.204.16/80 0/58 19:09:03 ACK SYN RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1237 64.233.161.104/80 0/383 19:09:03 ACK PSH RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1237 64.233.161.104/80 0/54 19:09:03 ACK FIN RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1323 24.137.12.230/80 0/62 19:09:03 ACK SYN RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1313 24.137.12.230/80 0/62 19:09:04 ACK SYN RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1325 24.137.12.228/80 0/62 19:09:04 ACK SYN RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
10001 Pass svchost HTTP/Out 0.0.0.0/1318 207.46.198.93/80 0/0 19:09:04 RDSD|RT:6|No.10001 built-in Rules C:\WINDOWS\System32\svchost.exe
95 Pass firefox TCP/In 192.168.16.102/1321 24.137.12.230/80 0/62 19:09:06 ACK SYN RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1323 24.137.12.230/80 0/62 19:09:06 ACK SYN RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1320 24.137.12.230/80 0/62 19:09:07 ACK SYN RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1237 64.233.161.104/80 0/383 19:09:07 ACK PSH RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1322 67.15.204.16/80 0/58 19:09:07 ACK SYN RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1325 24.137.12.228/80 0/62 19:09:08 ACK SYN RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1299 24.137.12.230/80 0/1434 19:09:08 ACK RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
93 Pass trillian TCP/In 192.168.16.102/1071 64.12.165.103/5191 0/54 19:09:10 ACK RECV|RT:10|No.93 Application Rules C:\Program Files\Trillian\trillian.exe
95 Pass firefox TCP/In 192.168.16.102/1319 24.137.12.228/80 0/66 19:09:12 ACK FIN RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1323 24.137.12.230/80 0/62 19:09:12 ACK SYN RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1321 24.137.12.230/80 0/62 19:09:12 ACK SYN RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1320 24.137.12.230/80 0/62 19:09:13 ACK SYN RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1322 67.15.204.16/80 0/58 19:09:13 ACK SYN RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
10014 Pass firefox HTTP/Out 192.168.16.102/1325 24.137.12.228/80 1117/0 19:09:14 forums.techguy.org/clientscript/vbulletin_editor.css RDSD|RT:7|No.10014 built-in RulesC:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1237 64.233.161.104/80 0/383 19:09:14 ACK PSH RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1300 24.137.12.230/80 0/1434 19:09:16 ACK RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1319 24.137.12.228/80 0/66 19:09:16 ACK FIN RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
10011 Deny SYSTEM TCP/In 192.168.16.102/1073 205.188.1.144/5191 0/54 19:09:16 ACK FIN RECV|RT:10|No.10011 built-in Rules SYSTEM
10011 Deny svchost TCP/In 192.168.16.102/1326 207.46.253.125/80 0/62 19:09:18 ACK SYN RECV|RT:10|No.10011 built-in Rules C:\WINDOWS\System32\svchost.exe
10011 Deny SYSTEM TCP/In 192.168.16.102/1073 205.188.1.144/5191 0/54 19:09:18 ACK FIN RECV|RT:10|No.10011 built-in Rules SYSTEM
10011 Deny SYSTEM TCP/In 192.168.16.102/1073 205.188.1.144/5191 0/54 19:09:19 ACK FIN RECV|RT:10|No.10011 built-in Rules SYSTEM
10011 Deny svchost TCP/In 192.168.16.102/1326 207.46.253.125/80 0/62 19:09:21 ACK SYN RECV|RT:10|No.10011 built-in Rules C:\WINDOWS\System32\svchost.exe
10011 Deny SYSTEM TCP/In 192.168.16.102/1073 205.188.1.144/5191 0/54 19:09:23 ACK FIN RECV|RT:10|No.10011 built-in Rules SYSTEM
10011 Deny SYSTEM TCP/In 192.168.16.102/1073 205.188.1.144/5191 0/54 19:09:25 ACK FIN RECV|RT:10|No.10011 built-in Rules SYSTEM
10011 Deny svchost TCP/In 192.168.16.102/1326 207.46.253.125/80 0/62 19:09:27 ACK SYN RECV|RT:10|No.10011 built-in Rules C:\WINDOWS\System32\svchost.exe
10011 Deny SYSTEM TCP/In 192.168.16.102/1237 64.233.161.104/80 0/383 19:09:30 ACK PSH RECV|RT:10|No.10011 built-in Rules SYSTEM
10011 Deny SYSTEM TCP/In 192.168.16.102/1073 205.188.1.144/5191 0/54 19:09:32 ACK FIN RECV|RT:10|No.10011 built-in Rules SYSTEM
10011 Deny svchost TCP/In 192.168.16.102/1332 207.46.250.185/80 0/62 19:09:36 ACK SYN RECV|RT:10|No.10011 built-in Rules C:\WINDOWS\System32\svchost.exe
10011 Deny SYSTEM TCP/In 192.168.16.102/1073 205.188.1.144/5191 0/54 19:09:37 ACK FIN RECV|RT:10|No.10011 built-in Rules SYSTEM
10011 Deny svchost TCP/In 192.168.16.102/1332 207.46.250.185/80 0/62 19:09:39 ACK SYN RECV|RT:10|No.10011 built-in Rules C:\WINDOWS\System32\svchost.exe
Logfile of HijackThis v1.99.1
Scan saved at 19:07:24, on 7/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\NavNT\vptray.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\BToes Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Common Files\Filseclab\FilMsg.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\VirtuaWin\VirtuaWin.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\VirtuaWin\modules\WinList.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\BToes Bluetooth Software\bin\btwdins.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Filseclab\xfilter\xfilter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HiJack This!\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://usarmy.breezecentral.com/r82677489/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Filseclab Messenger.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: VirtuaWin.lnk = C:\Program Files\VirtuaWin\VirtuaWin.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\BToes Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141025598843
O20 - AppInit_DLLs: wbsys.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Filseclab Log (Application)
Rules ActionApplicationProtocol/DirectionLocal IP/Port Remote IP/Port Sent/Recv Time Description Full Path
10011 Deny svchost TCP/In 192.168.16.102/1318 207.46.198.93/80 0/62 19:08:55 ACK SYN RECV|RT:10|No.10011 built-in Rules C:\WINDOWS\System32\svchost.exe
10011 Deny svchost TCP/In 192.168.16.102/1318 207.46.198.93/80 0/62 19:08:57 ACK SYN RECV|RT:10|No.10011 built-in Rules C:\WINDOWS\System32\svchost.exe
10011 Deny svchost TCP/In 192.168.16.102/1318 207.46.198.93/80 0/62 19:09:02 ACK SYN RECV|RT:10|No.10011 built-in Rules C:\WINDOWS\System32\svchost.exe
95 Pass firefox TCP/In 192.168.16.102/1320 24.137.12.230/80 0/62 19:09:02 ACK SYN RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1321 24.137.12.230/80 0/62 19:09:02 ACK SYN RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox HTTP/Out 0.0.0.0/0 24.137.12.230/80 0/0 19:09:03 RDSD|RT:6|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox HTTP/Out 0.0.0.0/0 24.137.12.230/80 0/0 19:09:03 RDSD|RT:6|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox HTTP/Out 0.0.0.0/0 67.15.204.16/80 0/0 19:09:03 RDSD|RT:6|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox HTTP/Out 0.0.0.0/0 24.137.12.230/80 0/0 19:09:03 RDSD|RT:6|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox HTTP/Out 0.0.0.0/0 24.137.12.230/80 0/0 19:09:03 RDSD|RT:6|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1322 67.15.204.16/80 0/58 19:09:03 ACK SYN RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1237 64.233.161.104/80 0/383 19:09:03 ACK PSH RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1237 64.233.161.104/80 0/54 19:09:03 ACK FIN RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1323 24.137.12.230/80 0/62 19:09:03 ACK SYN RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1313 24.137.12.230/80 0/62 19:09:04 ACK SYN RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1325 24.137.12.228/80 0/62 19:09:04 ACK SYN RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
10001 Pass svchost HTTP/Out 0.0.0.0/1318 207.46.198.93/80 0/0 19:09:04 RDSD|RT:6|No.10001 built-in Rules C:\WINDOWS\System32\svchost.exe
95 Pass firefox TCP/In 192.168.16.102/1321 24.137.12.230/80 0/62 19:09:06 ACK SYN RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1323 24.137.12.230/80 0/62 19:09:06 ACK SYN RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1320 24.137.12.230/80 0/62 19:09:07 ACK SYN RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1237 64.233.161.104/80 0/383 19:09:07 ACK PSH RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1322 67.15.204.16/80 0/58 19:09:07 ACK SYN RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1325 24.137.12.228/80 0/62 19:09:08 ACK SYN RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1299 24.137.12.230/80 0/1434 19:09:08 ACK RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
93 Pass trillian TCP/In 192.168.16.102/1071 64.12.165.103/5191 0/54 19:09:10 ACK RECV|RT:10|No.93 Application Rules C:\Program Files\Trillian\trillian.exe
95 Pass firefox TCP/In 192.168.16.102/1319 24.137.12.228/80 0/66 19:09:12 ACK FIN RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1323 24.137.12.230/80 0/62 19:09:12 ACK SYN RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1321 24.137.12.230/80 0/62 19:09:12 ACK SYN RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1320 24.137.12.230/80 0/62 19:09:13 ACK SYN RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1322 67.15.204.16/80 0/58 19:09:13 ACK SYN RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
10014 Pass firefox HTTP/Out 192.168.16.102/1325 24.137.12.228/80 1117/0 19:09:14 forums.techguy.org/clientscript/vbulletin_editor.css RDSD|RT:7|No.10014 built-in RulesC:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1237 64.233.161.104/80 0/383 19:09:14 ACK PSH RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1300 24.137.12.230/80 0/1434 19:09:16 ACK RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
95 Pass firefox TCP/In 192.168.16.102/1319 24.137.12.228/80 0/66 19:09:16 ACK FIN RECV|RT:10|No.95 Application Rules C:\Program Files\Mozilla Firefox\firefox.exe
10011 Deny SYSTEM TCP/In 192.168.16.102/1073 205.188.1.144/5191 0/54 19:09:16 ACK FIN RECV|RT:10|No.10011 built-in Rules SYSTEM
10011 Deny svchost TCP/In 192.168.16.102/1326 207.46.253.125/80 0/62 19:09:18 ACK SYN RECV|RT:10|No.10011 built-in Rules C:\WINDOWS\System32\svchost.exe
10011 Deny SYSTEM TCP/In 192.168.16.102/1073 205.188.1.144/5191 0/54 19:09:18 ACK FIN RECV|RT:10|No.10011 built-in Rules SYSTEM
10011 Deny SYSTEM TCP/In 192.168.16.102/1073 205.188.1.144/5191 0/54 19:09:19 ACK FIN RECV|RT:10|No.10011 built-in Rules SYSTEM
10011 Deny svchost TCP/In 192.168.16.102/1326 207.46.253.125/80 0/62 19:09:21 ACK SYN RECV|RT:10|No.10011 built-in Rules C:\WINDOWS\System32\svchost.exe
10011 Deny SYSTEM TCP/In 192.168.16.102/1073 205.188.1.144/5191 0/54 19:09:23 ACK FIN RECV|RT:10|No.10011 built-in Rules SYSTEM
10011 Deny SYSTEM TCP/In 192.168.16.102/1073 205.188.1.144/5191 0/54 19:09:25 ACK FIN RECV|RT:10|No.10011 built-in Rules SYSTEM
10011 Deny svchost TCP/In 192.168.16.102/1326 207.46.253.125/80 0/62 19:09:27 ACK SYN RECV|RT:10|No.10011 built-in Rules C:\WINDOWS\System32\svchost.exe
10011 Deny SYSTEM TCP/In 192.168.16.102/1237 64.233.161.104/80 0/383 19:09:30 ACK PSH RECV|RT:10|No.10011 built-in Rules SYSTEM
10011 Deny SYSTEM TCP/In 192.168.16.102/1073 205.188.1.144/5191 0/54 19:09:32 ACK FIN RECV|RT:10|No.10011 built-in Rules SYSTEM
10011 Deny svchost TCP/In 192.168.16.102/1332 207.46.250.185/80 0/62 19:09:36 ACK SYN RECV|RT:10|No.10011 built-in Rules C:\WINDOWS\System32\svchost.exe
10011 Deny SYSTEM TCP/In 192.168.16.102/1073 205.188.1.144/5191 0/54 19:09:37 ACK FIN RECV|RT:10|No.10011 built-in Rules SYSTEM
10011 Deny svchost TCP/In 192.168.16.102/1332 207.46.250.185/80 0/62 19:09:39 ACK SYN RECV|RT:10|No.10011 built-in Rules C:\WINDOWS\System32\svchost.exe
