Author Topic: hijacked and sending emails 100 per minute (Read 3970 times)

bodine · « **on:** February 13, 2005, 12:51:40 AM »

I have been smacked down
my pc is spewing about 100 emails a minute and it won't stop
plus i have the "topantispyware" B.S. for my desktop
here is my hjt log

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' />
Logfile of HijackThis v1.99.0
Scan saved at 12:44:08 AM, on 2/13/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\main frame\Desktop\antivirus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Windows System Manager Proc] winsmc.exe
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\SYSCFG16.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [TVMD] C:\WINDOWS\TVMD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TB_setup] C:\DOCUME~1\MAINFR~1\LOCALS~1\Temp\TB_ANI~1.EXE /dcheck
O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{FAC7AB0E-FF64-4849-8573-11166582C169}\SVCHOST.EXE
O4 - HKLM\..\Run: [SaveNow] C:\Program Files\SaveNow\SaveNow.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [mismo] win32x.exe
O4 - HKLM\..\Run: [MemoryMeter] C:\Program Files\MemoryMeter\MemoryMeter.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\KaZaA\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [awerea.exe] sadfadsf.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\System32\tbctray.exe
O4 - HKLM\..\Run: [secboot] C:\WINDOWS\System32\mszx23.exe !!
O4 - HKLM\..\RunServices: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKCU\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1108246629031
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

A+Net+MCP · « **Reply #1 on:** February 13, 2005, 01:09:37 AM »

Use spybot and buy Spyweeper3.5 and spyware will be gone.

bodine · « **Reply #2 on:** February 13, 2005, 01:55:27 AM »

here is my HJT log when I'm NOT in safe mode
this is just the normal boot up

Logfile of HijackThis v1.99.0
Scan saved at 1:51:13 AM, on 2/13/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\DllHost.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\systime.exe
C:\WINDOWS\System32\ntddetect.exe
C:\Program Files\Netropa\Traymon.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\tbctray.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\systime.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\msiexec.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Documents and Settings\main frame\Desktop\antivirus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Windows System Manager Proc] winsmc.exe
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\SYSCFG16.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [TVMD] C:\WINDOWS\TVMD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TB_setup] C:\DOCUME~1\MAINFR~1\LOCALS~1\Temp\TB_ANI~1.EXE /dcheck
O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [mismo] win32x.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\KaZaA\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [awerea.exe] sadfadsf.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\System32\tbctray.exe
O4 - HKLM\..\RunServices: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKCU\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1108246629031
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

guestolo · « **Reply #3 on:** February 13, 2005, 02:58:26 AM »

Your first log indicated you are infected with Haxdoor virus
Fortunatey an Auto fix for that seems to have subsided

Download HSFIX.zip
Unzip the contents of HSFix.zip and an HSFix directory will be created
We'll need this later

Next:
Download and Install this small program
to help clean your temp folders,cookies,prefetch folder, etc...
Windows Cleanup
Install for now but Don't run a scan yet

You also have remnants of New.Net on your computer
Can you for now
Download and save to desktop
LSPfix.zip
We're not going to remove the entry related yet, but Unzip the contents to desktop for now>>Used to repair internet connection if lost, we probably won't need it , but download for now

Can you do me a favor
Can you go to this link
http://virusscan.jotti.org/
Give it time to load if it's busy

Use the BROWSE button at the top and Navigate to this file
C:\WINDOWS\System32\ntddetect.exe <--this file
Right click on the file and choose Select
Back at the site choose SUBMIT
Wait for the Scan Results and save them in a convenient spot in Notepad
Could you also right click on the file and left click properties
Click Version tab, do you know what it's related too
What is the date created?

Print this out or save to a Notepad file on your Desktop
Close down all Windows Including this one

Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.

Open Hijackthis>>Open Misc Tools Section>>Open Process Manager and end process on these if still running
C:\WINDOWS\System32\systime.exe
C:\WINDOWS\System32\ntddetect.exe
C:\WINDOWS\System32\systime.exe

Do another scan with Hijackthis and put a check next to these entries:
I'm going to include the entries related too ntddetect.exe
Unless you know that it's safe, fix them, I can find no info on it

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

O4 - HKLM\..\Run: [Windows System Manager Proc] winsmc.exe
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\SYSCFG16.EXE

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

O4 - HKLM\..\Run: [TVMD] C:\WINDOWS\TVMD.exe

O4 - HKLM\..\Run: [TB_setup] C:\DOCUME~1\MAINFR~1\LOCALS~1\Temp\TB_ANI~1.EXE /dcheck
O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe

O4 - HKLM\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe

O4 - HKLM\..\Run: [mismo] win32x.exe

O4 - HKLM\..\Run: [KAZAA] C:\Program Files\KaZaA\kazaa.exe /SYSTRAY <not needed on startup
O4 - HKLM\..\Run: [awerea.exe] sadfadsf.exe

O4 - HKLM\..\RunServices: [ntddetect] C:\WINDOWS\System32\ntddetect.exe

O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKCU\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - Startup: PowerReg Scheduler.exe

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

RESTART your computer into SAFE MODE <--this is important

In safe mode open up Windows CleanUp! you installed earlier
START>>All programs>>Cleanup
Click the CleanUp button
Let it finish scanning for files, when it's done it will prompt you to Log off
DON'T at this time

Instead find and delete these files or folders if they exist
C:\WINDOWS\SYSCFG16.EXE <--this file
C:\WINDOWS\System32\systime.exe <--file
C:\WINDOWS\System32\ntddetect.exe <--file, if found bad or unknown

win32x.exe
sadfadsf.exe <--search for these 2 and delete if found

Stay in safe mode
* Navigate to the HSFix directory and double-click on HSFix.bat.
* It will produce a log file, also located here: C:\hslog.txt. <--we'll need this later

Restart back to Normal mode
Don't open a browser yet, instead access Internet Options via Control Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Reset home page

Along with Haxdoor, you have/had a few other infections
To ensure we didn't miss anything
Download this virus checker from eScan
Mwav.exe
There's nothing to install, save it and then double click to run
It will self extract

Select all local drives, scan all files, press 'SCAN' and when it is completed, anything found will be displayed in the lower pane.
In the Virus Log Information Pane
Left click and Highlight all the info in the Lower pane--- Use "CTRL C" on your Keyboard to copy all found in the lower pane and paste it in your next reply.

****If prompted that a Virus was found and you need to purchase the product to remove the malware, just close out the prompt and let it continue scanning
We just want to see where the bad guys are

Post back a fresh hijackthis log afterwards too
Try not too shut down or restart your computer after posting the logs

Could you also post the C:\hslog.txt <--this is important

Also let me know if you see New.net Application or New.net Domains
in your Add/Remove Programs
Post the scanner results from ntddetect, if found as malware or infected
One last request
Open LSP fix and let me know what you see on the KEEP side
and the REMOVE side, thanks

We should be able to do some final cleanup after that

bodine · « **Reply #4 on:** February 13, 2005, 02:45:45 PM »

here is the info you requested
I'm still spewing nonstop emails

Logfile of HijackThis v1.99.0
Scan saved at 2:33:23 PM, on 2/13/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\DllHost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\tbctray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Netropa\Traymon.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\main frame\Desktop\antivirus\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\System32\tbctray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1108246629031
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

MWAV virus finds:

File C:\WINDOWS\System32\chupv.dll infected by "Trojan-Proxy.Win32.Agent.cy" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\chupv.dll infected by "Trojan-Proxy.Win32.Agent.cy" Virus. Action Taken: No Action Taken.
File C:\PROGRA~1\RealVNC\WinVNC\WinVNC.exe tagged as not-a-virus:RiskWare.RemoteAdmin.WinVNC-based.c. No Action Taken.
File C:\WINDOWS\cep1unin.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\NDNuninstall4_88.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall4_94.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\spoolsrv32.exe infected by "Trojan-Downloader.Win32.Adload.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\srpcsrv32.dll infected by "Trojan-Downloader.Win32.Adload.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\txfdb32.dll infected by "Trojan-Downloader.Win32.Adload.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\wz.sys infected by "Backdoor.Win32.Haxdoor.br" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\main frame\Desktop\antivirus\backup dllfiles\backup-20050211-190212-112.dll tagged as not-a-virus:RiskWare.Downloader.SpyGame. No Action Taken.
File C:\Documents and Settings\main frame\Desktop\antivirus\HSFix\modservices.exe tagged as not-a-virus:RiskWare.Tool.Hideout. No Action Taken.
File C:\Documents and Settings\main frame\Desktop\antivirus\HSFix\Process.exe tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken.
File C:\Documents and Settings\main frame\Desktop\antivirus\HSFix.zip tagged as not-a-virus:RiskWare.Tool.Hideout. No Action Taken.
File C:\Documents and Settings\main frame\Desktop\music stuff\Artist\bootcd.zip tagged as not-a-virus:Tool.DOS.Restart. No Action Taken.
File C:\Documents and Settings\main frame\Desktop\Unused Desktop Shortcuts\My Shared Folder\kmd171gu_en.exe infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\main frame\My Documents\mdtvcharleston\geoinst.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\main frame\My Documents\mdtvcharleston\receive\geoinst.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\main frame\My Documents\UT2003_NOCD.rar tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\main frame\My Documents\vnc-3.3.7-x86_win32_viewer\vnc-3.3.7-x86_win32.zip tagged as not-a-virus:RiskWare.RemoteAdmin.WinVNC-based.c. No Action Taken.
File C:\Documents and Settings\main frame\My Documents\vnc-3.3.7-x86_win32_viewer\vnc-3.3.7-x86_win32_viewer.zip tagged as not-a-virus:RiskWare.RemoteAdmin.WinVNC-based.c. No Action Taken.
File C:\games\CLS-AMWW1\Mplaynow\MPLAYER\setup.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\new.exe infected by "Trojan-Downloader.Win32.Small.yx" Virus. Action Taken: No Action Taken.
File C:\Program Files\AIM\aim95.exe infected by "not-a-virus:AdWare.MiniBug" Virus. Action Taken: No Action Taken.
File C:\Program Files\AIM\Sysfiles\WxBug.EXE infected by "not-a-virus:AdWare.MiniBug" Virus. Action Taken: No Action Taken.
File C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll infected by "not-a-virus:AdWare.MiniBug" Virus. Action Taken: No Action Taken.
File C:\Program Files\ddm\8422\SaveInstCmS.exe infected by "not-a-virus:AdWare.SaveNow.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\ddm\9998\SaveInstCmS.exe infected by "not-a-virus:AdWare.SaveNow.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\RealVNC\WinVNC\othread2.dll tagged as not-a-virus:RiskWare.RemoteAdmin.WinVNC-based.c. No Action Taken.
File C:\Program Files\RealVNC\WinVNC\vnchooks.dll tagged as not-a-virus:RiskWare.RemoteAdmin.WinVNC-based.c. No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0002347.EXE infected by "Trojan-Clicker.Win32.Agent.bw" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0007886.exe infected by "Trojan.Win32.StartPage.pu" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0007890.sys infected by "Backdoor.Win32.Haxdoor.br" Virus. Action Taken: No Action Taken.
File C:\UT2003\System\UT2003_NOCD.rar tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\cep1unin.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\NDNuninstall4_88.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall4_94.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\Services\{FAC7AB0E-FF64-4849-8573-11166582C169}\SVCHOST.DLL infected by "Trojan-Proxy.Win32.Agent.df" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\spoolsrv32.exe infected by "Trojan-Downloader.Win32.Adload.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\srpcsrv32.dll infected by "Trojan-Downloader.Win32.Adload.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\txfdb32.dll infected by "Trojan-Downloader.Win32.Adload.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\wz.sys infected by "Backdoor.Win32.Haxdoor.br" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtbgm\wtbgmtt.exe infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtvh.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.

JOTTI log:
Service load: 0% 100%

File: ntddetect.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
Packers detected: Analyzing...

AntiVir No viruses found (0.22 seconds taken)
Avast No viruses found (3.01 seconds taken)
AVG Antivirus No viruses found (2.04 seconds taken)
BitDefender No viruses found (2.20 seconds taken)
ClamAV No viruses found (0.76 seconds taken)
Dr.Web No viruses found (1.16 seconds taken)
F-Prot Antivirus No viruses found (0.15 seconds taken)
Fortinet No viruses found (0.73 seconds taken)
Kaspersky Anti-Virus Trojan-Proxy.Win32.Agent.dl (1.33 seconds taken)
mks_vir No viruses found (0.36 seconds taken)
NOD32 probably unknown NewHeur_PE (probable variant) (0.91 seconds taken)
Norman Virus Control Scanning, please wait...

Statistics
Last piece of malware found was Java/ClassLoader.Z in archive_3_.jar, detected by:

Scanner Malware name Time taken
AntiVir Java/ClassLoade.Z.1 0.40 seconds
Avast X 1.52 seconds
AVG Antivirus Java/ByteVerify 1.48 seconds
BitDefender Java.Trojan.ClassLoader.Z 0.65 seconds
ClamAV X 0.75 seconds
Dr.Web Trojan.DownLoader.1485 1.01 seconds
F-Prot Antivirus X 0.12 seconds
Fortinet JAV/BYTVerify.A-tr 0.69 seconds
Kaspersky Anti-Virus Trojan.Java.ClassLoader.z 1.07 seconds
mks_vir Trojan.Java.Classloader.Z 0.39 seconds
NOD32 Java/ClassLoader.Z 0.70 seconds
Norman Virus Control X 0.27 seconds

hslog.txt

Horseserver Removal Tool v1.05
by Atri
-
-
1. Registry Fix Started
-
Registry fix complete
-
2. Deleted Services
-
WINLOW
Service WINLOW sucessfully deleted.
vdmt16
Service vdmt16 sucessfully deleted.
memlow
Could not open the service for deletion.
Are you sure memlow exists?
vdnt32
Could not open the service for deletion.
Are you sure vdnt32 exists?
-
3. Finding files Located on system
-
klogini.dll
p2.ini
ps.a3d
vdmt16.sys
winlow.sys
drct16.dll
mszx23.exe
cz.dll
w32tm.exe
-
4. Deleting files that were found.
-
unable to remove drct16.dll
unable to remove mszx23.exe
-
5. Checking for and Removing Winupdate
-
-
-
lspfix

KEEP:
nwprovau.dll
mswsock.dll
winrnr.dll
rsvpsp.dll

REMOVE:
nothing in the box

and there is no New.net Application or New.net Domains
in my Add/Remove Programs

thanks for all your guidance

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/rolleyes.gif\' class=\'bbc_emoticon\' alt=\':rolleyes:\' />

bodine · « **Reply #5 on:** February 13, 2005, 06:18:26 PM »

[quote name=\'mad\' date=\'Feb 13 2005, 04:53 PM\']Locking this topic
Duplicate Post

I'm not on any salary here, just a volunteer
I will be glad to help you with your log when I can find the time

I'm sorry you feel like I must look at it right now, but please be patient
This is my day off from work for the weekend, I have other things to do too

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/rolleyes.gif\' class=\'bbc_emoticon\' alt=\':rolleyes:\' />

~guestolo~

[post=\"24632\"]<{POST_SNAPBACK}>[/post]

[/quote]

my bad dude
I am just worried that the rate this thing is sending emails my ISP
will turn down my connection and not to mention the poor saps that are the target of those emails. I'll be patient and I hope you have a good day off.

guestolo · « **Reply #6 on:** February 13, 2005, 06:49:20 PM »

Your system is unpatched and open to vulnerabilites

Delete this log from this location
C:\hslog.txt <--this log

Download Pocket Killbox
UNZIP the files to the folder of your choice.

Create a New folder on your desktop, call it Aboutbuster
Download to desktop About:Buster
by RubbeR Ducky
Unzip it to that new folder===Open it and check for updates
But don't run a scan yet

Download and Save to desktop
CWShredder.exe
Don't run it yet

Save this to a Notepad file or txt file on desktop for reference
Close down all browser windows, including this one

Do another scan with Hijackthis and put a check next to these entries:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
Ok the prompt and exit Hijackths

NEXT: Double click to open Killbox.exe and have Notepad open for reference
ALL other windows closed

Copy and paste each of the following bold lines below into the "Full Path of File to Delete" box in Killbox, one at a time
Put a mark next to "Replace on Reboot"
Also mark "Use Dummy"
Click the Red button with the X that looks like a stop sign after each
Click "Yes" at the Delete on Reboot prompt.
Click "No" at the Pending Operations prompt.

Repeat those same steps for all of these files.
=============================================
Full paths of file to delete

C:\WINDOWS\System32\chupv.dll

C:\WINDOWS\System32\spoolsrv32.exe

C:\WINDOWS\System32\srpcsrv32.dll

C:\WINDOWS\SYSTEM32\Services\{FAC7AB0E-FF64-4849-8573-11166582C169}\SVCHOST.DLL

C:\WINDOWS\System32\txfdb32.dll

C:\new.exe

C:\WINDOWS\SYSTEM32\mszx23.exe

C:\WINDOWS\System32\wz.sys

===============================================
After adding the next bold line below into the Full Path of file to delete
===============================================

C:\WINDOWS\System32\drct16.dll

===============================================
Click "Yes" at the Delete on Reboot prompt.
Click "Yes" at the Pending Operations prompt

Allow the computer to Reboot

Please Restart into Safe mode
Find and delete these folder
C:\Program Files\AWS <--this folder
C:\WINDOWS\wt <--folder

Look in your Add/remove Programs and remove if found
ClockSync
Save
WhenUSearch
InternetOptimizer

Let me know if anything was found

Follow this procedure again
* Navigate to the HSFix directory and double-click on HSFix.bat.
* It will produce a log file, also located here: C:\hslog.txt. <--we'll need this later

Stay in safe mode
Navigate to About:buster you unzipped earlier
===Start About:Buster and hit ok. Now for the scanning part. Hit Start and then Ok. The program should start scanning.Scan a Second time.
Save the logs to a convenient location Then hit exit

Open HOSTER and click "Restore Original Hosts"
===Open CWShredder and click ONLY the Fix button
Let it finish scanning

Restart back to Normal mode

NEXT: Your system is open to these vulnerabilities because it is unpatched and insecure
For now, IF you have a legit version of Windows
http://www.microsoft.com/windowsxp/downloa...p1/default.mspx
Visit that link to help install Service Pack1a, this will help close some security gaps
Don't install Service Pack 2 at this time
Once you have all other Latest Critical (High Priority) updates and SP1a installed
You will be prompted to Restart your computer
Ensure you go back to Windows updates and see if there are any more Latests Critcal updates
Keep checking until you have them all
Excluding Service Pack 2 and Recommended updates

Once you have the latest updates installed
Go and change your passwords to your Email accounts any financial Institution you back with Online

Post back a fresh hijackthis log
C:\hslog.txt. <--this log again
About:Buster logs

If at any time you lose Internet connection, I don't see this happening
Open LSP FIX>>With all other Windows closed, and click the FINISH button
Restart your computer

Guest · « **Reply #7 on:** February 13, 2005, 08:06:18 PM »

did every thing except this:
"Open HOSTER and click "Restore Original Hosts"

HOSTER is what? a file? Function? I don't have it i think

Logfile of HijackThis v1.99.0
Scan saved at 8:01:47 PM, on 2/13/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Netropa\Traymon.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\tbctray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\DllHost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\main frame\Desktop\antivirus\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\System32\tbctray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1108246629031
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Horseserver Removal Tool v1.05
by Atri
-
-
1. Registry Fix Started
-
Registry fix complete
-
2. Deleted Services
-
WINLOW
vdmt16
memlow
vdnt32
-
3. Finding files Located on system
-
ps.a3d
drct16.dll
mszx23.exe
-
4. Deleting files that were found.
-
-
5. Checking for and Removing Winupdate
-
-
-

Scanned at: 7:41:33 PM on: 2/13/2005

-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 19

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 19

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

Scanned at: 7:51:34 PM on: 2/13/2005

-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 23

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 23

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

no bad stuff in add/remove programs
and i updated win xp
BUT i Still have emails pouring out of my system

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' />

guestolo · « **Reply #8 on:** February 13, 2005, 08:16:58 PM »

You didn't appear to apply no Security patches from Windows Updates

Did you at least change your passwords?

Sorry, not sure if you need Hoster, that was for another post
Can you open Hijackthis>>Open Misc Tools>>Open hosts file manager
Click the >Open In notepad< button

Post back here the Whole contents of the notepad host file

bodine · « **Reply #9 on:** February 13, 2005, 08:39:58 PM »

nothing in the hjt host file mgr
and i ran/installed win xp update
and I'm still beelding emails

about the passwords...which/how /where do i change them???

guestolo · « **Reply #10 on:** February 13, 2005, 08:51:25 PM »

Quote

i ran/installed win xp update

Can I see a new Hijackthis log

I still can't see the Host file from Notepad

Follow the instructions above to post it

bodine · « **Reply #11 on:** February 13, 2005, 10:37:42 PM »

new hjt log

Logfile of HijackThis v1.99.0
Scan saved at 10:37:16 PM, on 2/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Netropa\Traymon.exe
C:\Program Files\Netropa\OSD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\tbctray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\DllHost.exe
C:\Documents and Settings\main frame\Desktop\antivirus\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\System32\tbctray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1108246629031
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

guestolo · « **Reply #12 on:** February 14, 2005, 01:38:22 PM »

How you doing Bodine

Any luck with the email situation
This may help for the time being

Not sure if you have the XP firewall enabled
But you may have better luck with a third party firewall if your not running through
a Router (NAT)

If your not running through a Router
Try installing the free Sygates on your machine
http://www.tucows.com/preview/213160.html

Once installed and you Restart, ensure that XP's firewall is disabled, you don't need both running
Control Panel>>>Network Connections>>Right click your connection>>left click properties
Advanced tab

Don't allow Outlook Express Outbound access yet, but let me know what else is trying to acquire Inbound or Outbound traffic

bodine · « **Reply #13 on:** February 14, 2005, 08:30:44 PM »

thanks for the link and info, it's time to buy a router and when i finally get this clean I'll back it up.. I believe the "webdialer" (I still haven't identified it) is using it's own program to access my network though .net services or messenger services. I disable my Outlook the very first nite after it infection and change all my passwords. someone mentioned AVG's new 7 version is allowing alot of these things to happen.
Well It is still going but I'll let you know what happens after i install the firewall and router.

bodine · « **Reply #14 on:** February 17, 2005, 01:38:36 PM »

Thanks for all your help, the sygate firewall works really well. I seemed to have removed all the major stuff from my system BUT
I have another question.
Now i have a file that shows up in my processes in task manager called System (220k) and it is eating about 20-30% of my cpu resources.
Can't stop it. not sure what it is. never had it before the "Big Infection".
HELP.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/huh.gif\' class=\'bbc_emoticon\' alt=\':huh:\' />

guestolo · « **Reply #15 on:** February 17, 2005, 10:21:42 PM »

That could be normal, just not the CPU useage
Can you supply a fresh hijackthis log, thanks

Is Sygates' blocking anything malicious

bodine · « **Reply #16 on:** February 17, 2005, 11:05:13 PM »

sygate is blocking incoming and outgoing requests but i don't know what they are.
2/17/2005 7:39:52 PM   Blocked   10   Incoming   TCP   207.33.111.36   00-05-00-E6-9B-80   60118   24.179.90.29   00-08-A1-0B-ED-F0   5556   C:\WINDOWS\System32\DRIVERS\ndisuio.sys   main frame   D12VKD11   Normal   1   2/17/2005 7:38:50 PM   2/17/2005 7:38:50 PM   Ask all running apps
2/17/2005 7:39:52 PM   Blocked   10   Incoming   TCP   207.33.111.36   00-05-00-E6-9B-80   60118   24.179.90.29   00-08-A1-0B-ED-F0   6400      main frame   D12VKD11   Normal   1   2/17/2005 7:38:49 PM   2/17/2005 7:38:49 PM   Block_all
2/17/2005 7:39:52 PM   Blocked   10   Incoming   TCP   207.33.111.36   00-05-00-E6-9B-80   60118   24.179.90.29   00-08-A1-0B-ED-F0   6400   C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkipx.sys   main frame   D12VKD11   Normal   1   2/17/2005 7:38:49 PM   2/17/2005 7:38:49 PM   Ask all running apps
2/17/2005 7:39:52 PM   Blocked   10   Incoming   TCP   207.33.111.36   00-05-00-E6-9B-80   60118   24.179.90.29   00-08-A1-0B-ED-F0   6400   C:\WINDOWS\System32\DRIVERS\ndisuio.sys   main frame   D12VKD11   Normal   1   2/17/2005 7:38:49 PM   2/17/2005 7:38:49 PM   Ask all running apps
2/17/2005 7:39:52 PM   Blocked   10   Incoming   TCP   207.33.111.36   00-05-00-E6-9B-80   60118   24.179.90.29   00-08-A1-0B-ED-F0   6771      main frame   D12VKD11   Normal   1   2/17/2005 7:38:50 PM   2/17/2005 7:38:50 PM   Block_all
2/17/2005 7:39:52 PM   Blocked   10   Incoming   TCP   207.33.111.36   00-05-00-E6-9B-80   60118   24.179.90.29   00-08-A1-0B-ED-F0   6771   C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkipx.sys   main frame   D12VKD11   Normal   1   2/17/2005 7:38:49 PM   2/17/2005 7:38:49 PM   Ask all running apps
2/17/2005 7:39:52 PM   Blocked   10   Incoming   TCP   207.33.111.36   00-05-00-E6-9B-80   60118   24.179.90.29   00-08-A1-0B-ED-F0   6771   C:\WINDOWS\System32\DRIVERS\ndisuio.sys   main frame   D12VKD11   Normal   1   2/17/2005 7:38:49 PM   2/17/2005 7:38:49 PM   Ask all running apps
2/17/2005 7:39:52 PM   Blocked   10   Incoming   TCP   207.33.111.36   00-05-00-E6-9B-80   60118   24.179.90.29   00-08-A1-0B-ED-F0   5742      main frame   D12VKD11   Normal   1   2/17/2005 7:38:50 PM   2/17/2005 7:38:50 PM   Block_all
2/17/2005 7:39:52 PM   Blocked   10   Incoming   TCP   207.33.111.36   00-05-00-E6-9B-80   60118   24.179.90.29   00-08-A1-0B-ED-F0   5742   C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkipx.sys   main frame   D12VKD11   Normal   1   2/17/2005 7:38:50 PM   2/17/2005 7:38:50 PM   Ask all running apps
2/17/2005 7:39:52 PM   Blocked   10   Incoming   TCP   207.33.111.36   00-05-00-E6-9B-80   60118   24.179.90.29   00-08-A1-0B-ED-F0   5742   C:\WINDOWS\System32\DRIVERS\ndisuio.sys   main frame   D12VKD11   Normal   1   2/17/2005 7:38:50 PM   2/17/2005 7:38:50 PM   Ask all running apps
2/17/2005 7:39:41 PM   Blocked   10   Incoming   TCP   207.33.111.36   00-05-00-E6-9B-80   52906   24.179.90.29   00-08-A1-0B-ED-F0   5555      main frame   D12VKD11   Normal   1   2/17/2005 7:38:39 PM   2/17/2005 7:38:39 PM   Block_all
2/17/2005 7:39:41 PM   Blocked   10   Incoming   TCP   207.33.111.36   00-05-00-E6-9B-80   52906   24.179.90.29   00-08-A1-0B-ED-F0   5512      main frame   D12VKD11   Normal   1   2/17/2005 7:38:39 PM   2/17/2005 7:38:39 PM   Block_all
2/17/2005 7:39:41 PM   Blocked   10   Incoming   TCP   207.33.111.36   00-05-00-E6-9B-80   52906   24.179.90.29   00-08-A1-0B-ED-F0   5402      main frame   D12VKD11   Normal   1   2/17/2005 7:38:39 PM   2/17/2005 7:38:39 PM   Block_all
2/17/2005 7:39:41 PM   Blocked   10   Incoming   TCP   207.33.111.36   00-05-00-E6-9B-80   52906   24.179.90.29   00-08-A1-0B-ED-F0   5401      main frame   D12VKD11   Normal   1   2/17/2005 7:38:39 PM   2/17/2005 7:38:39 PM   Block_all
2/17/2005 7:39:41 PM   Blocked   10   Incoming   TCP   207.33.111.36   00-05-00-E6-9B-80   52906   24.179.90.29   00-08-A1-0B-ED-F0   5400      main frame   D12VKD11   Normal   1   2/17/2005 7:38:39 PM   2/17/2005 7:38:39 PM   Block_all
2/17/2005 11:02:00 PM   Allowed   10   Outgoing   TCP   s0b.bluestreak.com [12.130.12.31]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1684   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:56:52 PM   2/17/2005 10:56:52 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:02:00 PM   Allowed   10   Incoming   UDP   10.152.128.1   00-05-00-E6-9B-76   67   255.255.255.255   FF-FF-FF-FF-FF-FF   68      main frame   D12VKD11   Allow All   26   2/17/2005 10:55:01 PM   2/17/2005 11:01:48 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:02:00 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1088   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:02:32 PM   2/17/2005 10:02:32 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:02:00 PM   Allowed   10   Incoming   UDP   10.152.224.1   00-05-00-E6-9B-76   67   255.255.255.255   FF-FF-FF-FF-FF-FF   68      main frame   D12VKD11   Allow All   426   2/17/2005 9:55:38 PM   2/17/2005 11:01:48 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:02:00 PM   Allowed   10   Incoming   TCP   211.147.232.109   00-05-00-E6-9B-80   4172   24.179.90.29   00-08-A1-0B-ED-F0   9898      main frame   D12VKD11   Allow All   1   2/17/2005 11:01:03 PM   2/17/2005 11:01:03 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:02:00 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1921   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:45 PM   2/17/2005 11:00:45 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:02:00 PM   Allowed   10   Outgoing   TCP   forums.aspfree.com [66.230.239.174]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1848   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:58:34 PM   2/17/2005 10:58:34 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:02:00 PM   Allowed   10   Incoming   UDP   10.150.0.1   00-05-00-E6-9B-76   67   255.255.255.255   FF-FF-FF-FF-FF-FF   68      main frame   D12VKD11   Allow All   599   2/17/2005 9:55:42 PM   2/17/2005 11:01:44 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1948   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:47 PM   2/17/2005 11:00:47 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1947   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:47 PM   2/17/2005 11:00:47 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1946   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:47 PM   2/17/2005 11:00:47 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1945   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:47 PM   2/17/2005 11:00:47 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1944   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:47 PM   2/17/2005 11:00:47 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1943   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:47 PM   2/17/2005 11:00:47 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1942   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:47 PM   2/17/2005 11:00:47 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1941   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:47 PM   2/17/2005 11:00:47 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1940   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:47 PM   2/17/2005 11:00:47 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1939   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:47 PM   2/17/2005 11:00:47 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1938   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:47 PM   2/17/2005 11:00:47 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1937   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:47 PM   2/17/2005 11:00:47 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1936   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:46 PM   2/17/2005 11:00:46 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1935   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:46 PM   2/17/2005 11:00:46 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1934   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:46 PM   2/17/2005 11:00:46 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1933   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:46 PM   2/17/2005 11:00:46 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1932   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:46 PM   2/17/2005 11:00:46 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1931   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:46 PM   2/17/2005 11:00:46 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1930   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:46 PM   2/17/2005 11:00:46 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1929   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:46 PM   2/17/2005 11:00:46 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1928   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:46 PM   2/17/2005 11:00:46 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1927   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:46 PM   2/17/2005 11:00:46 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1926   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:46 PM   2/17/2005 11:00:46 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1925   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:46 PM   2/17/2005 11:00:46 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1924   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:45 PM   2/17/2005 11:00:45 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1923   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:45 PM   2/17/2005 11:00:45 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1922   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:45 PM   2/17/2005 11:00:45 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1920   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:45 PM   2/17/2005 11:00:45 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1919   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:45 PM   2/17/2005 11:00:45 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1918   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:45 PM   2/17/2005 11:00:45 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1917   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:45 PM   2/17/2005 11:00:45 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1916   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:45 PM   2/17/2005 11:00:45 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1915   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:45 PM   2/17/2005 11:00:45 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1914   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:45 PM   2/17/2005 11:00:45 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1913   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:45 PM   2/17/2005 11:00:45 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1912   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:44 PM   2/17/2005 11:00:44 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1911   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:44 PM   2/17/2005 11:00:44 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1910   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:44 PM   2/17/2005 11:00:44 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1909   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:44 PM   2/17/2005 11:00:44 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1908   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:44 PM   2/17/2005 11:00:44 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1907   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:44 PM   2/17/2005 11:00:44 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1906   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:44 PM   2/17/2005 11:00:44 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1905   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:44 PM   2/17/2005 11:00:44 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1904   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:44 PM   2/17/2005 11:00:44 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1903   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:44 PM   2/17/2005 11:00:44 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1902   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:44 PM   2/17/2005 11:00:44 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1901   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:44 PM   2/17/2005 11:00:44 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1900   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:44 PM   2/17/2005 11:00:44 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:50 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1899   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:44 PM   2/17/2005 11:00:44 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:44 PM   Allowed   10   Outgoing   TCP   pagead2.googlesyndication.com [64.233.161.99]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1888   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:43 PM   2/17/2005 11:00:43 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:44 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1898   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:43 PM   2/17/2005 11:00:43 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:44 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1897   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:43 PM   2/17/2005 11:00:43 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:44 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1896   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:43 PM   2/17/2005 11:00:43 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:44 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1895   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:43 PM   2/17/2005 11:00:43 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:44 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1894   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:43 PM   2/17/2005 11:00:43 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:44 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1893   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:43 PM   2/17/2005 11:00:43 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:44 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1892   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:43 PM   2/17/2005 11:00:43 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:44 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1891   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:43 PM   2/17/2005 11:00:43 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:44 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1890   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:43 PM   2/17/2005 11:00:43 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:44 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1889   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:43 PM   2/17/2005 11:00:43 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:44 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1887   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:43 PM   2/17/2005 11:00:43 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:44 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1886   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:43 PM   2/17/2005 11:00:43 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:44 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1885   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:42 PM   2/17/2005 11:00:42 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:44 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1884   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:42 PM   2/17/2005 11:00:42 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:01:44 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1883   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 11:00:42 PM   2/17/2005 11:00:42 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:00:46 PM   Allowed   10   Outgoing   TCP   forums.aspfree.com [66.230.239.174]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1882   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:59:42 PM   2/17/2005 10:59:42 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:00:35 PM   Allowed   10   Outgoing   TCP   s0b.bluestreak.com [12.130.12.31]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1870   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:59:29 PM   2/17/2005 10:59:29 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:00:35 PM   Allowed   10   Outgoing   TCP   m2.doubleclick.net [64.14.117.21]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1875   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:59:30 PM   2/17/2005 10:59:30 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:00:35 PM   Allowed   10   Outgoing   TCP   forums.aspfree.com [66.230.239.174]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1881   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:59:31 PM   2/17/2005 10:59:31 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:00:35 PM   Allowed   10   Outgoing   TCP   forums.aspfree.com [66.230.239.174]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1880   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:59:31 PM   2/17/2005 10:59:31 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:00:35 PM   Allowed   10   Outgoing   TCP   forums.aspfree.com [66.230.239.174]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1879   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:59:30 PM   2/17/2005 10:59:30 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:00:35 PM   Allowed   10   Outgoing   TCP   forums.aspfree.com [66.230.239.174]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1878   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:59:30 PM   2/17/2005 10:59:30 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:00:35 PM   Allowed   10   Outgoing   TCP   forums.aspfree.com [66.230.239.174]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1877   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:59:30 PM   2/17/2005 10:59:30 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:00:35 PM   Allowed   10   Outgoing   TCP   forums.aspfree.com [66.230.239.174]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1876   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:59:30 PM   2/17/2005 10:59:30 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:00:35 PM   Allowed   10   Outgoing   TCP   forums.aspfree.com [66.230.239.174]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1874   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:59:30 PM   2/17/2005 10:59:30 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:00:35 PM   Allowed   10   Outgoing   TCP   forums.aspfree.com [66.230.239.174]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1873   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:59:30 PM   2/17/2005 10:59:30 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:00:35 PM   Allowed   10   Outgoing   TCP   forums.aspfree.com [66.230.239.174]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1871   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:59:30 PM   2/17/2005 10:59:30 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:00:35 PM   Allowed   10   Outgoing   TCP   forums.aspfree.com [66.230.239.174]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1869   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:59:29 PM   2/17/2005 10:59:29 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:00:35 PM   Allowed   10   Outgoing   TCP   forums.aspfree.com [66.230.239.174]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1868   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:59:29 PM   2/17/2005 10:59:29 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:00:35 PM   Allowed   10   Outgoing   TCP   forums.aspfree.com [66.230.239.174]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1867   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:59:29 PM   2/17/2005 10:59:29 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:00:35 PM   Allowed   10   Outgoing   TCP   ad.doubleclick.net [206.65.183.68]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1866   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:59:29 PM   2/17/2005 10:59:29 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:00:35 PM   Allowed   10   Outgoing   TCP   ad.doubleclick.net [206.65.183.68]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1865   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:59:29 PM   2/17/2005 10:59:29 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:00:35 PM   Allowed   10   Outgoing   TCP   ads.developershed.com [66.230.239.176]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1872   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:59:30 PM   2/17/2005 10:59:30 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:00:29 PM   Allowed   10   Outgoing   TCP   forums.aspfree.com [66.230.239.174]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1864   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:59:28 PM   2/17/2005 10:59:28 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:00:29 PM   Allowed   10   Outgoing   TCP   forums.aspfree.com [66.230.239.174]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1862   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:59:28 PM   2/17/2005 10:59:28 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:00:29 PM   Allowed   10   Outgoing   TCP   forums.aspfree.com [66.230.239.174]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1861   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:59:28 PM   2/17/2005 10:59:28 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:00:29 PM   Allowed   10   Outgoing   TCP   forums.aspfree.com [66.230.239.174]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1860   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:59:27 PM   2/17/2005 10:59:27 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:00:29 PM   Allowed   10   Outgoing   TCP   forums.aspfree.com [66.230.239.174]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1859   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:59:27 PM   2/17/2005 10:59:27 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:00:29 PM   Allowed   10   Outgoing   TCP   ads.developershed.com [66.230.239.176]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1863   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:59:28 PM   2/17/2005 10:59:28 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:00:00 PM   Allowed   10   Incoming   UDP   205.234.183.153   00-05-00-E6-9B-80   29836   24.179.90.29   00-08-A1-0B-ED-F0   1026   C:\WINDOWS\System32\DRIVERS\ndisuio.sys   main frame   D12VKD11   Allow All   3   2/17/2005 10:58:58 PM   2/17/2005 10:58:58 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:00:00 PM   Allowed   10   Incoming   UDP   206.138.135.189   00-05-00-E6-9B-80   22449   24.179.90.29   00-08-A1-0B-ED-F0   1027      main frame   D12VKD11   Allow All   1   2/17/2005 10:58:58 PM   2/17/2005 10:58:58 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:00:00 PM   Allowed   10   Outgoing   ICMP   206.138.135.189   00-05-00-E6-9B-80   3   24.179.90.29   00-08-A1-0B-ED-F0   3      main frame   D12VKD11   Allow All   1   2/17/2005 10:58:58 PM   2/17/2005 10:58:58 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 11:00:00 PM   Allowed   10   Outgoing   ICMP   205.234.183.153   00-05-00-E6-9B-80   3   24.179.90.29   00-08-A1-0B-ED-F0   3      main frame   D12VKD11   Allow All   1   2/17/2005 10:58:58 PM   2/17/2005 10:58:58 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:59:43 PM   Allowed   10   Outgoing   TCP   pagead2.googlesyndication.com [64.233.161.99]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1858   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:58:38 PM   2/17/2005 10:58:38 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:59:38 PM   Allowed   10   Outgoing   TCP   ak.bluestreak.com [66.77.99.144]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1853   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:58:35 PM   2/17/2005 10:58:35 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:59:38 PM   Allowed   10   Outgoing   TCP   s0b.bluestreak.com [12.130.12.31]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1850   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:58:34 PM   2/17/2005 10:58:34 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:59:38 PM   Allowed   10   Outgoing   TCP   forums.aspfree.com [66.230.239.174]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1857   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:58:36 PM   2/17/2005 10:58:36 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:59:38 PM   Allowed   10   Outgoing   TCP   forums.aspfree.com [66.230.239.174]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1856   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:58:36 PM   2/17/2005 10:58:36 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:59:38 PM   Allowed   10   Outgoing   TCP   forums.aspfree.com [66.230.239.174]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1855   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:58:36 PM   2/17/2005 10:58:36 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:59:38 PM   Allowed   10   Outgoing   TCP   forums.aspfree.com [66.230.239.174]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1852   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:58:35 PM   2/17/2005 10:58:35 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:59:38 PM   Allowed   10   Outgoing   TCP   forums.aspfree.com [66.230.239.174]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1851   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:58:34 PM   2/17/2005 10:58:34 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:59:38 PM   Allowed   10   Outgoing   TCP   forums.aspfree.com [66.230.239.174]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1847   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:58:34 PM   2/17/2005 10:58:34 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:59:38 PM   Allowed   10   Outgoing   TCP   forums.aspfree.com [66.230.239.174]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1846   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:58:33 PM   2/17/2005 10:58:33 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:59:38 PM   Allowed   10   Outgoing   TCP   forums.aspfree.com [66.230.239.174]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1845   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:58:33 PM   2/17/2005 10:58:33 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:59:38 PM   Allowed   10   Outgoing   TCP   forums.aspfree.com [66.230.239.174]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1844   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:58:32 PM   2/17/2005 10:58:32 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:59:38 PM   Allowed   10   Outgoing   TCP   ads.developershed.com [66.230.239.176]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1854   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:58:35 PM   2/17/2005 10:58:35 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:59:38 PM   Allowed   10   Outgoing   TCP   ads.developershed.com [66.230.239.176]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1849   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:58:34 PM   2/17/2005 10:58:34 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:59:00 PM   Allowed   10   Outgoing   TCP   forums.aspfree.com [66.230.239.174]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1842   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:55 PM   2/17/2005 10:57:55 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:59:00 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1843   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:55 PM   2/17/2005 10:57:55 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:39 PM   Allowed   10   Outgoing   UDP   24.179.95.255   FF-FF-FF-FF-FF-FF   138   24.179.90.29   00-08-A1-0B-ED-F0   138   C:\WINDOWS\System32\ntoskrnl.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:37 PM   2/17/2005 10:57:37 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:39 PM   Allowed   10   Incoming   UDP   24.179.90.29   00-08-A1-0B-ED-F0   138   24.179.95.255   FF-FF-FF-FF-FF-FF   138   C:\WINDOWS\System32\ntoskrnl.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:37 PM   2/17/2005 10:57:37 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:33 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1841   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:29 PM   2/17/2005 10:57:29 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:33 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1840   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:28 PM   2/17/2005 10:57:28 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:33 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1839   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:28 PM   2/17/2005 10:57:28 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:33 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1838   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:28 PM   2/17/2005 10:57:28 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:33 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1837   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:28 PM   2/17/2005 10:57:28 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:33 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1836   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:28 PM   2/17/2005 10:57:28 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:33 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1835   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:28 PM   2/17/2005 10:57:28 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:33 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1834   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:28 PM   2/17/2005 10:57:28 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:33 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1833   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:28 PM   2/17/2005 10:57:28 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:33 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1832   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:28 PM   2/17/2005 10:57:28 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:33 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1831   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:28 PM   2/17/2005 10:57:28 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:33 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1830   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:28 PM   2/17/2005 10:57:28 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:33 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1829   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:28 PM   2/17/2005 10:57:28 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:33 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1828   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:28 PM   2/17/2005 10:57:28 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:33 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1827   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:28 PM   2/17/2005 10:57:28 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:33 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1826   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:27 PM   2/17/2005 10:57:27 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:33 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1825   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:27 PM   2/17/2005 10:57:27 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:33 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1824   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:27 PM   2/17/2005 10:57:27 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:33 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1823   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:27 PM   2/17/2005 10:57:27 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:33 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1822   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:27 PM   2/17/2005 10:57:27 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:33 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1821   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:27 PM   2/17/2005 10:57:27 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:33 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1820   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:27 PM   2/17/2005 10:57:27 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:33 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1819   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:27 PM   2/17/2005 10:57:27 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:33 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1818   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:27 PM   2/17/2005 10:57:27 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:33 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1817   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:27 PM   2/17/2005 10:57:27 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:33 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1816   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:27 PM   2/17/2005 10:57:27 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:33 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1815   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:27 PM   2/17/2005 10:57:27 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:27 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1814   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:26 PM   2/17/2005 10:57:26 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:27 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1813   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:26 PM   2/17/2005 10:57:26 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:27 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1812   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:26 PM   2/17/2005 10:57:26 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:27 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1811   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:26 PM   2/17/2005 10:57:26 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:27 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1810   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:26 PM   2/17/2005 10:57:26 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:27 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1809   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:26 PM   2/17/2005 10:57:26 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:27 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1808   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:26 PM   2/17/2005 10:57:26 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:27 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1807   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:26 PM   2/17/2005 10:57:26 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:27 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1806   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:26 PM   2/17/2005 10:57:26 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:27 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1805   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:26 PM   2/17/2005 10:57:26 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:27 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1804   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:26 PM   2/17/2005 10:57:26 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:27 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1803   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:26 PM   2/17/2005 10:57:26 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:27 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1802   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:26 PM   2/17/2005 10:57:26 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:27 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1801   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:25 PM   2/17/2005 10:57:25 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:27 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1800   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:25 PM   2/17/2005 10:57:25 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:27 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1799   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:25 PM   2/17/2005 10:57:25 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:27 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1798   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:25 PM   2/17/2005 10:57:25 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:27 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1797   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:25 PM   2/17/2005 10:57:25 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:27 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1796   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:25 PM   2/17/2005 10:57:25 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:27 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1795   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:25 PM   2/17/2005 10:57:25 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:27 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1794   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:25 PM   2/17/2005 10:57:25 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:27 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1793   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:25 PM   2/17/2005 10:57:25 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:27 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1792   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:25 PM   2/17/2005 10:57:25 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:27 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1791   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:25 PM   2/17/2005 10:57:25 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:27 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1790   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:24 PM   2/17/2005 10:57:24 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:27 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1789   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:24 PM   2/17/2005 10:57:24 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:27 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1788   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:24 PM   2/17/2005 10:57:24 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:27 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1787   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:24 PM   2/17/2005 10:57:24 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:27 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1786   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:24 PM   2/17/2005 10:57:24 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:27 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1785   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:24 PM   2/17/2005 10:57:24 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:27 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1784   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:23 PM   2/17/2005 10:57:23 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:21 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1783   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:16 PM   2/17/2005 10:57:16 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:21 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1782   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:16 PM   2/17/2005 10:57:16 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:21 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1781   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:16 PM   2/17/2005 10:57:16 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:21 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1780   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:16 PM   2/17/2005 10:57:16 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:21 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1779   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:16 PM   2/17/2005 10:57:16 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:21 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1778   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:16 PM   2/17/2005 10:57:16 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:21 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1777   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:16 PM   2/17/2005 10:57:16 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:21 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1776   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:16 PM   2/17/2005 10:57:16 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:21 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1775   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:16 PM   2/17/2005 10:57:16 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:21 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1774   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:16 PM   2/17/2005 10:57:16 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:21 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1773   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:16 PM   2/17/2005 10:57:16 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:21 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1772   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:15 PM   2/17/2005 10:57:15 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:21 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1771   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:15 PM   2/17/2005 10:57:15 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:21 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1770   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:15 PM   2/17/2005 10:57:15 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:21 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1769   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:15 PM   2/17/2005 10:57:15 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:21 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1768   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:15 PM   2/17/2005 10:57:15 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:21 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1767   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:15 PM   2/17/2005 10:57:15 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:21 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1766   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:15 PM   2/17/2005 10:57:15 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:21 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1765   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:15 PM   2/17/2005 10:57:15 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:21 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1764   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:15 PM   2/17/2005 10:57:15 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:21 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1763   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:15 PM   2/17/2005 10:57:15 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:21 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1762   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:15 PM   2/17/2005 10:57:15 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:21 PM   Allowed   10   Outgoing   TCP   www.thetechguide.com [66.17.244.2]   00-05-00-E6-9B-80   80   24.179.90.29   00-08-A1-0B-ED-F0   1761   C:\Program Files\Internet Explorer\iexplore.exe   main frame   D12VKD11   Allow All   1   2/17/2005 10:57:15 PM   2/17/2005 10:57:15 PM   GUI%GUICONFIG#SRULE#ALLOWALL
2/17/2005 10:58:15 PM   Allowed   10   Outgoing   TCP   for

Guest · « **Reply #17 on:** February 18, 2005, 01:01:52 PM »

you can check me DONE for now. The registry needed a good cleaning and the services needed adjusting.

FYI the sygate firewall runs under services and will constatly access your regstry. If you run cpu/memory intense programs, turn this to manual at the services and it will quit ticking away at your CPU useage.

thanks for your help.

guestolo · « **Reply #18 on:** February 18, 2005, 01:12:56 PM »

Thanks for posting back, so I take it no more 100 emails a minute?
I guess so, I'll lock this topic then

Any others with similiar problems please start your own post

News:

Author Topic: hijacked and sending emails 100 per minute (Read 3970 times)

bodine

bodine

bodine

bodine

Guest

bodine

bodine

bodine

bodine

bodine

Guest