Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware.win32.trymedia.d


  • Please log in to reply
33 replies to this topic

#1 ayarlar

ayarlar

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 07 May 2008 - 12:43 AM

after running kaspersky is7: adware.win32.trymedia.d
how can i remove it?
thank's

BC AdBot (Login to Remove)

 


m

#2 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:52 AM

Posted 07 May 2008 - 01:09 AM

this is the 5th or 6th thread you have started this last month in this subforum

could you post a log showing some details?
Chewy

No. Try not. Do... or do not. There is no try.

#3 ayarlar

ayarlar
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 07 May 2008 - 08:39 AM

detected: riskware Invader Running process: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
detected: riskware Invader (loader) Running process: C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
detected: adware not-a-virus:AdWare.Win32.Trymedia.d URL: http://64.92.235.116/e=1344/b=dNPt992CRQzS...tup-dm.exe//UPX
detected: adware not-a-virus:AdWare.Win32.Trymedia.d URL: http://64.92.235.112/e=1344/b=0aD3ci+LsRpH...tup-dm.exe//UPX
detected: adware not-a-virus:AdWare.Win32.Trymedia.d URL: http://64.92.235.112/e=1344/b=0aD3ci+LsRpH...tup-dm.exe//UPX
detected: adware not-a-virus:AdWare.Win32.Trymedia.d URL: http://64.92.235.112/e=1344/b=0aD3ci+LsRpH...tup-dm.exe//UPX

#4 ayarlar

ayarlar
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 07 May 2008 - 08:43 AM

i've tried post all log but my system gets blocked when i want to paste the log.
thank's!

#5 ayarlar

ayarlar
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 07 May 2008 - 08:57 AM

2008-05-03 13:08 Process (PID 2396) tried to access Kaspersky Internet Security process (PID 2948), but the action has been blocked by the Self-Defense component. No action on your part is required.
2008-05-03 13:08 Process (PID 2396) tried to access Kaspersky Internet Security process (PID 2872), but the action has been blocked by the Self-Defense component. No action on your part is required.
2008-05-03 13:08 Running process C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe: detected modification of riskware 'Invader'.
2008-05-03 13:08 Process C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (PID: 2396): attempt to embed itself into another process allowed.
2008-05-03 13:08 Running process C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe: detected modification of riskware 'Invader'.
2008-05-03 13:08 Process C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (PID: 2396): attempt to embed itself into another process allowed.
2008-05-03 13:08 Running process C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe: detected modification of riskware 'Invader'.
2008-05-03 13:08 Process C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (PID: 2396): attempt to embed itself into another process allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12072): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12132): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2676): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12072): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12132): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2676): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12072): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12132): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2676): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12072): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12132): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2676): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12072): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12132): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2676): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12072): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12132): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2676): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12072): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12132): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2676): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12072): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12132): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2676): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12072): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12132): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2676): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12072): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12132): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2676): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2496): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 3240): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12072): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 1556): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12132): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2676): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2496): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 3240): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12072): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 1556): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12132): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2676): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2496): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 3240): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12072): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 1556): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12132): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2676): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2496): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 3240): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12072): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 1556): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12132): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2676): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2496): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 3240): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12072): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 1556): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12132): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2676): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2496): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 3240): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12072): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 1556): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12132): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2676): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2496): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 3240): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12072): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 1556): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12132): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2676): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2496): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 3240): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12072): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 1556): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12132): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2676): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2496): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 3240): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12072): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 1556): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12132): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2676): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2496): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 3240): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12072): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 1556): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12132): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2676): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 3240): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 1556): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12132): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2676): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 3240): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 1556): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 3240): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 1556): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 3240): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 1556): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 3240): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 1556): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 3240): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 1556): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 3240): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 1556): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 3240): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2496): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12132): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12072): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2676): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 1556): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 3240): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2496): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 1556): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 3240): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2496): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12132): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12072): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2676): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 1556): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 3240): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2496): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12132): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12072): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2676): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 1556): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 3240): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2496): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12132): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12072): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2676): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 1556): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 3240): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2496): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12132): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12072): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2676): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 1556): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 3240): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2496): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12132): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12072): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2676): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 1556): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 3240): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2496): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12132): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12072): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2676): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 1556): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 3240): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2496): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 1556): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12132): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 3240): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12072): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2676): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2496): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 1556): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12132): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 3240): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12072): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2676): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2496): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 1556): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 12132): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2676): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 3240): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2496): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 1556): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 3240): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2496): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 1556): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 3240): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2496): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 1556): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2496): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2496): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2496): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2496): attempt to load new or modified module allowed.
2008-05-03 13:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 2496): attempt to load new or modified module allowed.
2008-05-03 13:12 Process (PID 424) tried to access Kaspersky Internet Security process (PID 2948), but the action has been blocked by the Self-Defense component. No action on your part is required.
2008-05-03 13:12 Process (PID 424) tried to access Kaspersky Internet Security process (PID 2872), but the action has been blocked by the Self-Defense component. No action on your part is required.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:24 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:24 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:24 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 13:24 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-03 14:27 Update completed successfully
2008-05-03 15:03 Process C:\WINDOWS\System32\svchost.exe (PID: 1736): attempt to load new or modified module allowed.
2008-05-03 15:03 Process C:\WINDOWS\System32\svchost.exe (PID: 1736): attempt to load new or modified module allowed.
2008-05-03 15:03 Process C:\WINDOWS\System32\svchost.exe (PID: 1736): attempt to load new or modified module allowed.
2008-05-03 16:46 Update completed successfully
2008-05-04 22:04 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-04 22:04 Process C:\WINDOWS\System32\svchost.exe (PID: 1736): attempt to load new or modified module allowed.
2008-05-04 22:04 Process C:\WINDOWS\system32\rundll32.exe (PID: 6108): attempt to load new or modified module allowed.
2008-05-04 22:04 Process C:\WINDOWS\System32\svchost.exe (PID: 1736): attempt to load new or modified module allowed.
2008-05-04 22:04 Process C:\WINDOWS\system32\rundll32.exe (PID: 6108): attempt to load new or modified module allowed.
2008-05-04 22:04 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-04 22:04 Process C:\WINDOWS\system32\rundll32.exe (PID: 6108): attempt to load new or modified module allowed.
2008-05-04 22:04 Process C:\WINDOWS\system32\wuauclt.exe (PID: 6652): attempt to load new or modified module allowed.
2008-05-04 22:04 Update error: The updates source cannot be found.
2008-05-04 22:04 Process C:\WINDOWS\system32\wuauclt.exe (PID: 6652): attempt to load new or modified module allowed.
2008-05-04 22:04 Process C:\WINDOWS\system32\wuauclt.exe (PID: 6652): attempt to load new or modified module allowed.
2008-05-04 22:04 Process C:\WINDOWS\System32\svchost.exe (PID: 1736): attempt to load new or modified module allowed.
2008-05-04 22:04 Process C:\WINDOWS\System32\svchost.exe (PID: 1736): attempt to load new or modified module allowed.
2008-05-04 22:11 Update completed successfully
2008-05-04 22:12 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-04 22:13 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-04 22:13 Popup window from page http://www.microsoft.com/downloads/details...bODV6Tinw%3d%3d has been blocked.
2008-05-04 22:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-04 22:14 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-04 22:14 Process C:\WINDOWS\System32\svchost.exe (PID: 1736): attempt to load new or modified module allowed.
2008-05-04 22:14 Process C:\WINDOWS\System32\svchost.exe (PID: 1736): attempt to load new or modified module allowed.
2008-05-04 22:14 Process C:\WINDOWS\System32\svchost.exe (PID: 1736): attempt to load new or modified module allowed.
2008-05-04 22:14 Process C:\WINDOWS\System32\svchost.exe (PID: 1736): attempt to load new or modified module allowed.
2008-05-04 22:14 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-04 22:14 Process C:\WINDOWS\System32\svchost.exe (PID: 1736): attempt to load new or modified module allowed.
2008-05-04 22:14 Process C:\WINDOWS\System32\svchost.exe (PID: 1736): attempt to load new or modified module allowed.
2008-05-04 22:15 Popup window from page http://www.microsoft.com/downloads/details...;displaylang=en has been blocked.
2008-05-04 22:16 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 7588): attempt to load new or modified module allowed.
2008-05-04 22:17 Protection of your computer is not running. You are advised to resume protection.
2008-05-04 23:46 Protection of your computer started.
2008-05-04 23:46 Some protection components are disabled. You are advised to enable them.
2008-05-04 23:53 Process C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\VOR7PPW8\WindowsXP-KB310994-SP2-Home-BootDisk-ENU[1].exe (PID: 10404): suspicious action. Attempt to create list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, value wextract_cleanup0, data rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\").
2008-05-04 23:53 Process C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\VOR7PPW8\WindowsXP-KB310994-SP2-Home-BootDisk-ENU[1].exe (PID: 10404): attempt to create list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, value wextract_cleanup0, data rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\") allowed.
2008-05-04 23:54 Process C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\VOR7PPW8\WindowsXP-KB310994-SP2-Home-BootDisk-ENU[1].exe (PID: 10404): suspicious action. Attempt to delete list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, value wextract_cleanup0, data rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\").
2008-05-04 23:54 Process C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\VOR7PPW8\WindowsXP-KB310994-SP2-Home-BootDisk-ENU[1].exe (PID: 10404): attempt to delete list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, value wextract_cleanup0, data rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\") allowed.
2008-05-05 00:02 Protection of your computer is not running. You are advised to resume protection.
2008-05-05 00:09 Protection of your computer started.
2008-05-05 00:09 Some protection components are disabled. You are advised to enable them.
2008-05-05 00:09 Process C:\WINDOWS\system32\alg.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 00:09 Running process C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe: detected modification of riskware 'Invader (loader)'.
2008-05-05 00:09 Process C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (PID: 1784): attempt to perform suspicious actions allowed.
2008-05-05 00:09 Process C:\WINDOWS\system32\svchost.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 00:09 Process C:\WINDOWS\system32\svchost.exe (PID: 2840): attempt to load new or modified module allowed.
2008-05-05 00:09 Running process C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe: detected modification of riskware 'Invader (loader)'.
2008-05-05 00:09 Process C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (PID: 1784): attempt to perform suspicious actions allowed.
2008-05-05 00:09 Process C:\WINDOWS\system32\svchost.exe (PID: 2840): attempt to load new or modified module allowed.
2008-05-05 00:09 Process C:\WINDOWS\system32\svchost.exe (PID: 2840): attempt to load new or modified module allowed.
2008-05-05 00:09 Process C:\WINDOWS\system32\svchost.exe (PID: 2840): attempt to load new or modified module allowed.
2008-05-05 00:09 Process C:\WINDOWS\system32\svchost.exe (PID: 2840): attempt to load new or modified module allowed.
2008-05-05 00:09 Process C:\WINDOWS\system32\svchost.exe (PID: 2840): attempt to load new or modified module allowed.
2008-05-05 00:09 Process C:\WINDOWS\system32\svchost.exe (PID: 2840): attempt to load new or modified module allowed.
2008-05-05 00:09 Process C:\WINDOWS\system32\svchost.exe (PID: 2840): attempt to load new or modified module allowed.
2008-05-05 00:09 Process C:\WINDOWS\system32\svchost.exe (PID: 2840): attempt to load new or modified module allowed.
2008-05-05 00:09 Process C:\WINDOWS\system32\svchost.exe (PID: 2840): attempt to load new or modified module allowed.
2008-05-05 00:10 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 00:10 Process C:\WINDOWS\system32\wuauclt.exe (PID: 3224): attempt to load new or modified module allowed.
2008-05-05 00:10 Process C:\WINDOWS\system32\wuauclt.exe (PID: 3224): attempt to load new or modified module allowed.
2008-05-05 00:10 Process C:\WINDOWS\system32\wuauclt.exe (PID: 3224): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:12 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:12 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:12 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:12 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:12 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:12 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:13 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 720): attempt to load new or modified module allowed.
2008-05-05 00:13 Process C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\DFAWN9VS\WindowsXP-KB310994-SP2-Home-BootDisk-ENU[1].exe (PID: 576): suspicious action. Attempt to create list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, value wextract_cleanup0, data rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\").
2008-05-05 00:13 Process C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\DFAWN9VS\WindowsXP-KB310994-SP2-Home-BootDisk-ENU[1].exe (PID: 576): attempt to create list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, value wextract_cleanup0, data rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\") allowed.
2008-05-05 00:14 Process C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\DFAWN9VS\WindowsXP-KB310994-SP2-Home-BootDisk-ENU[1].exe (PID: 576): suspicious action. Attempt to delete list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, value wextract_cleanup0, data rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\").
2008-05-05 00:14 Process C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\DFAWN9VS\WindowsXP-KB310994-SP2-Home-BootDisk-ENU[1].exe (PID: 576): attempt to delete list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, value wextract_cleanup0, data rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\") allowed.
2008-05-05 00:16 Protection of your computer is not running. You are advised to resume protection.
2008-05-05 01:01 Protection of your computer started.
2008-05-05 01:01 Some protection components are disabled. You are advised to enable them.
2008-05-05 01:02 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 01:02 Process C:\WINDOWS\system32\wuauclt.exe (PID: 2784): attempt to load new or modified module allowed.
2008-05-05 01:02 Process C:\WINDOWS\system32\wuauclt.exe (PID: 2784): attempt to load new or modified module allowed.
2008-05-05 01:02 Process C:\WINDOWS\system32\wuauclt.exe (PID: 2784): attempt to load new or modified module allowed.
2008-05-05 01:02 Update completed successfully
2008-05-05 01:03 Process D:\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe (PID: 716): suspicious action. Attempt to create list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, value wextract_cleanup0, data rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\").
2008-05-05 01:03 Process D:\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe (PID: 716): attempt to create list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, value wextract_cleanup0, data rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\") allowed.
2008-05-05 01:03 Process D:\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe (PID: 716): suspicious action. Attempt to delete list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, value wextract_cleanup0, data rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\").
2008-05-05 01:03 Process D:\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe (PID: 716): attempt to delete list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, value wextract_cleanup0, data rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\") allowed.
2008-05-05 01:04 Process D:\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe (PID: 1552): suspicious action. Attempt to create list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, value wextract_cleanup0, data rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\").
2008-05-05 01:04 Process D:\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe (PID: 1552): attempt to create list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, value wextract_cleanup0, data rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\") allowed.
2008-05-05 01:04 Process D:\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe (PID: 1552): suspicious action. Attempt to delete list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, value wextract_cleanup0, data rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\").
2008-05-05 01:04 Process D:\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe (PID: 1552): attempt to delete list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, value wextract_cleanup0, data rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\") allowed.
2008-05-05 01:05 Protection of your computer is not running. You are advised to resume protection.
2008-05-05 01:21 Protection of your computer started.
2008-05-05 01:21 Some protection components are disabled. You are advised to enable them.
2008-05-05 01:21 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 01:21 Process C:\WINDOWS\system32\alg.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 01:21 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:21 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:21 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:21 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:21 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:21 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:21 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:21 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:21 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:21 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:21 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:21 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:21 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:21 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:21 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:21 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:21 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:21 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:21 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:21 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:21 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:21 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:22 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:22 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:22 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:22 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:22 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:22 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:22 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:22 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:22 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:22 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:22 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:22 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 01:22 Process C:\WINDOWS\system32\wuauclt.exe (PID: 2572): attempt to load new or modified module allowed.
2008-05-05 01:22 Process C:\WINDOWS\system32\wuauclt.exe (PID: 2572): attempt to load new or modified module allowed.
2008-05-05 01:22 Process C:\WINDOWS\system32\wuauclt.exe (PID: 2572): attempt to load new or modified module allowed.
2008-05-05 01:22 Process C:\WINDOWS\system32\dwwin.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 01:22 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:22 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:23 Popup window from page http://www.dll-files.com/dllindex/dll-files.shtml?hal has been blocked.
2008-05-05 01:23 Popup window from page http://www.dll-files.com/dllindex/dll-files.shtml?hal has been blocked.
2008-05-05 01:23 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:23 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:24 Process C:\WINDOWS\explorer.exe (PID: 3340): attempt to load new or modified module allowed.
2008-05-05 01:24 Process C:\WINDOWS\explorer.exe (PID: 3340): attempt to load new or modified module allowed.
2008-05-05 01:24 Process C:\WINDOWS\explorer.exe (PID: 3340): attempt to load new or modified module allowed.
2008-05-05 01:24 Process C:\WINDOWS\explorer.exe (PID: 3340): attempt to load new or modified module allowed.
2008-05-05 01:24 Process C:\WINDOWS\explorer.exe (PID: 3340): attempt to load new or modified module allowed.
2008-05-05 01:24 Process C:\WINDOWS\explorer.exe (PID: 3340): attempt to load new or modified module allowed.
2008-05-05 01:24 Process C:\WINDOWS\explorer.exe (PID: 3340): attempt to load new or modified module allowed.
2008-05-05 01:24 Process C:\WINDOWS\explorer.exe (PID: 3340): attempt to load new or modified module allowed.
2008-05-05 01:32 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:32 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3536): attempt to load new or modified module allowed.
2008-05-05 01:33 Protection of your computer is not running. You are advised to resume protection.
2008-05-05 01:35 Protection of your computer started.
2008-05-05 01:35 Some protection components are disabled. You are advised to enable them.
2008-05-05 01:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 01:35 Process C:\WINDOWS\system32\alg.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 01:36 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 01:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3720): attempt to load new or modified module allowed.
2008-05-05 01:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3720): attempt to load new or modified module allowed.
2008-05-05 01:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3720): attempt to load new or modified module allowed.
2008-05-05 01:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3720): attempt to load new or modified module allowed.
2008-05-05 01:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3720): attempt to load new or modified module allowed.
2008-05-05 01:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3720): attempt to load new or modified module allowed.
2008-05-05 01:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3720): attempt to load new or modified module allowed.
2008-05-05 01:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3720): attempt to load new or modified module allowed.
2008-05-05 01:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3840): attempt to load new or modified module allowed.
2008-05-05 01:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3840): attempt to load new or modified module allowed.
2008-05-05 01:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3840): attempt to load new or modified module allowed.
2008-05-05 01:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3840): attempt to load new or modified module allowed.
2008-05-05 01:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3840): attempt to load new or modified module allowed.
2008-05-05 01:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3840): attempt to load new or modified module allowed.
2008-05-05 01:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3840): attempt to load new or modified module allowed.
2008-05-05 01:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3840): attempt to load new or modified module allowed.
2008-05-05 01:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3840): attempt to load new or modified module allowed.
2008-05-05 01:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3840): attempt to load new or modified module allowed.
2008-05-05 01:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3840): attempt to load new or modified module allowed.
2008-05-05 01:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3840): attempt to load new or modified module allowed.
2008-05-05 01:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3840): attempt to load new or modified module allowed.
2008-05-05 01:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3840): attempt to load new or modified module allowed.
2008-05-05 01:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3840): attempt to load new or modified module allowed.
2008-05-05 01:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3840): attempt to load new or modified module allowed.
2008-05-05 01:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3840): attempt to load new or modified module allowed.
2008-05-05 01:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3840): attempt to load new or modified module allowed.
2008-05-05 01:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3840): attempt to load new or modified module allowed.
2008-05-05 01:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3840): attempt to load new or modified module allowed.
2008-05-05 01:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3840): attempt to load new or modified module allowed.
2008-05-05 01:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3840): attempt to load new or modified module allowed.
2008-05-05 01:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3840): attempt to load new or modified module allowed.
2008-05-05 01:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3840): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 356): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 356): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 356): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2368): attempt to load new or modified module allowed.
2008-05-05 01:44 Process C:\WINDOWS\system32\rundll32.exe (PID: 2700): attempt to load new or modified module allowed.
2008-05-05 01:44 Process C:\WINDOWS\system32\rundll32.exe (PID: 2700): attempt to load new or modified module allowed.
2008-05-05 01:44 Process C:\WINDOWS\system32\rundll32.exe (PID: 2700): attempt to load new or modified module allowed.
2008-05-05 01:44 Process C:\WINDOWS\system32\rundll32.exe (PID: 2700): attempt to load new or modified module allowed.
2008-05-05 01:44 Process C:\WINDOWS\system32\rundll32.exe (PID: 2700): attempt to load new or modified module allowed.
2008-05-05 01:44 Process C:\WINDOWS\system32\rundll32.exe (PID: 2700): attempt to load new or modified module allowed.
2008-05-05 01:44 Process C:\WINDOWS\system32\rundll32.exe (PID: 2700): attempt to load new or modified module allowed.
2008-05-05 01:44 Process C:\WINDOWS\system32\rundll32.exe (PID: 2700): attempt to load new or modified module allowed.
2008-05-05 01:44 Process C:\WINDOWS\system32\rundll32.exe (PID: 2700): attempt to load new or modified module allowed.
2008-05-05 01:44 Process C:\WINDOWS\system32\rundll32.exe (PID: 2700): attempt to load new or modified module allowed.
2008-05-05 01:44 Process C:\WINDOWS\system32\rundll32.exe (PID: 2700): attempt to load new or modified module allowed.
2008-05-05 01:44 Process C:\WINDOWS\system32\rundll32.exe (PID: 2700): attempt to load new or modified module allowed.
2008-05-05 01:44 Process C:\WINDOWS\system32\rundll32.exe (PID: 2700): attempt to load new or modified module allowed.
2008-05-05 01:44 Process C:\WINDOWS\system32\rundll32.exe (PID: 2700): attempt to load new or modified module allowed.
2008-05-05 01:44 Process C:\WINDOWS\system32\rundll32.exe (PID: 2700): attempt to load new or modified module allowed.
2008-05-05 01:44 Process C:\WINDOWS\system32\rundll32.exe (PID: 2700): attempt to load new or modified module allowed.
2008-05-05 01:44 Process C:\WINDOWS\system32\rundll32.exe (PID: 2700): attempt to load new or modified module allowed.
2008-05-05 01:44 Process C:\WINDOWS\system32\rundll32.exe (PID: 2700): attempt to load new or modified module allowed.
2008-05-05 01:44 Process C:\WINDOWS\system32\rundll32.exe (PID: 2700): attempt to load new or modified module allowed.
2008-05-05 01:44 Process C:\WINDOWS\system32\rundll32.exe (PID: 2700): attempt to load new or modified module allowed.
2008-05-05 01:44 Process C:\WINDOWS\system32\rundll32.exe (PID: 2700): attempt to load new or modified module allowed.
2008-05-05 01:44 Process C:\WINDOWS\system32\rundll32.exe (PID: 2700): attempt to load new or modified module allowed.
2008-05-05 01:44 Process C:\WINDOWS\system32\rundll32.exe (PID: 2700): attempt to load new or modified module allowed.
2008-05-05 01:44 Process C:\WINDOWS\system32\rundll32.exe (PID: 2700): attempt to load new or modified module allowed.
2008-05-05 01:44 Process C:\WINDOWS\system32\rundll32.exe (PID: 2700): attempt to load new or modified module allowed.
2008-05-05 01:44 Process C:\WINDOWS\system32\rundll32.exe (PID: 2700): attempt to load new or modified module allowed.
2008-05-05 01:44 Process C:\WINDOWS\system32\rundll32.exe (PID: 2700): attempt to load new or modified module allowed.
2008-05-05 01:44 Process C:\WINDOWS\system32\rundll32.exe (PID: 2700): attempt to load new or modified module allowed.
2008-05-05 01:44 Process C:\WINDOWS\system32\rundll32.exe (PID: 2700): attempt to load new or modified module allowed.
2008-05-05 01:44 Process C:\WINDOWS\system32\rundll32.exe (PID: 2700): attempt to load new or modified module allowed.
2008-05-05 01:45 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 01:45 Process C:\WINDOWS\system32\rundll32.exe (PID: 2960): attempt to load new or modified module allowed.
2008-05-05 01:45 Process C:\WINDOWS\system32\rundll32.exe (PID: 2700): attempt to load new or modified module allowed.
2008-05-05 01:45 Process C:\WINDOWS\system32\rundll32.exe (PID: 2700): attempt to load new or modified module allowed.
2008-05-05 01:45 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 01:45 Process C:\WINDOWS\system32\rundll32.exe (PID: 1324): attempt to load new or modified module allowed.
2008-05-05 01:45 Process C:\WINDOWS\system32\rundll32.exe (PID: 1324): attempt to load new or modified module allowed.
2008-05-05 01:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 01:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 636): attempt to load new or modified module allowed.
2008-05-05 01:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 636): attempt to load new or modified module allowed.
2008-05-05 01:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 3156): attempt to load new or modified module allowed.
2008-05-05 01:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 3156): attempt to load new or modified module allowed.
2008-05-05 01:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 3156): attempt to load new or modified module allowed.
2008-05-05 01:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 3156): attempt to load new or modified module allowed.
2008-05-05 01:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 3156): attempt to load new or modified module allowed.
2008-05-05 01:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 3156): attempt to load new or modified module allowed.
2008-05-05 01:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 3156): attempt to load new or modified module allowed.
2008-05-05 01:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 3156): attempt to load new or modified module allowed.
2008-05-05 01:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 3156): attempt to load new or modified module allowed.
2008-05-05 01:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 3156): attempt to load new or modified module allowed.
2008-05-05 01:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 3156): attempt to load new or modified module allowed.
2008-05-05 01:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 3156): attempt to load new or modified module allowed.
2008-05-05 01:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 3156): attempt to load new or modified module allowed.
2008-05-05 01:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 3156): attempt to load new or modified module allowed.
2008-05-05 01:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 3156): attempt to load new or modified module allowed.
2008-05-05 01:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 3156): attempt to load new or modified module allowed.
2008-05-05 01:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 3156): attempt to load new or modified module allowed.
2008-05-05 01:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 3156): attempt to load new or modified module allowed.
2008-05-05 01:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 3156): attempt to load new or modified module allowed.
2008-05-05 01:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 3156): attempt to load new or modified module allowed.
2008-05-05 01:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 3156): attempt to load new or modified module allowed.
2008-05-05 01:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 3156): attempt to load new or modified module allowed.
2008-05-05 01:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 3156): attempt to load new or modified module allowed.
2008-05-05 01:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 3156): attempt to load new or modified module allowed.
2008-05-05 01:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 3156): attempt to load new or modified module allowed.
2008-05-05 01:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 3156): attempt to load new or modified module allowed.
2008-05-05 01:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 3156): attempt to load new or modified module allowed.
2008-05-05 01:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 3156): attempt to load new or modified module allowed.
2008-05-05 01:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 3156): attempt to load new or modified module allowed.
2008-05-05 01:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 3156): attempt to load new or modified module allowed.
2008-05-05 01:53 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 01:53 Process C:\WINDOWS\system32\rundll32.exe (PID: 3064): attempt to load new or modified module allowed.
2008-05-05 01:53 Process C:\WINDOWS\system32\rundll32.exe (PID: 3064): attempt to load new or modified module allowed.
2008-05-05 01:53 Process C:\WINDOWS\system32\rundll32.exe (PID: 3156): attempt to load new or modified module allowed.
2008-05-05 01:53 Process C:\WINDOWS\system32\rundll32.exe (PID: 3156): attempt to load new or modified module allowed.
2008-05-05 01:55 Process C:\WINDOWS\system32\Restore\rstrui.exe (PID: 388): suspicious action. Attempt to create list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, value *Restore, data C:\WINDOWS\system32\restore\rstrui.exe -i).
2008-05-05 01:55 Process C:\WINDOWS\system32\Restore\rstrui.exe (PID: 388): attempt to create list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, value *Restore, data C:\WINDOWS\system32\restore\rstrui.exe -i) allowed.
2008-05-05 01:55 Process C:\WINDOWS\system32\winlogon.exe (PID: 1372): attempt to load new or modified module allowed.
2008-05-05 01:55 Process C:\WINDOWS\system32\winlogon.exe (PID: 1372): attempt to load new or modified module allowed.
2008-05-05 01:55 Process C:\WINDOWS\system32\winlogon.exe (PID: 1372): attempt to load new or modified module allowed.
2008-05-05 01:55 Process C:\WINDOWS\system32\winlogon.exe (PID: 1372): attempt to load new or modified module allowed.
2008-05-05 01:55 Process C:\WINDOWS\system32\winlogon.exe (PID: 1372): attempt to load new or modified module allowed.
2008-05-05 01:55 Process C:\WINDOWS\system32\winlogon.exe (PID: 1372): attempt to load new or modified module allowed.
2008-05-05 01:55 Process C:\WINDOWS\system32\winlogon.exe (PID: 1372): attempt to load new or modified module allowed.
2008-05-05 01:55 Process C:\WINDOWS\system32\winlogon.exe (PID: 1372): attempt to load new or modified module allowed.
2008-05-05 01:55 Process C:\WINDOWS\system32\winlogon.exe (PID: 1372): attempt to load new or modified module allowed.
2008-05-05 01:55 Process C:\WINDOWS\system32\winlogon.exe (PID: 1372): attempt to load new or modified module allowed.
2008-05-05 01:55 Process C:\WINDOWS\system32\winlogon.exe (PID: 1372): attempt to load new or modified module allowed.
2008-05-05 01:55 Process C:\WINDOWS\system32\winlogon.exe (PID: 1372): attempt to load new or modified module allowed.
2008-05-05 01:55 Process C:\WINDOWS\system32\winlogon.exe (PID: 1372): attempt to load new or modified module allowed.
2008-05-05 01:55 Process C:\WINDOWS\system32\winlogon.exe (PID: 1372): attempt to load new or modified module allowed.
2008-05-05 01:55 Process C:\WINDOWS\system32\winlogon.exe (PID: 1372): attempt to load new or modified module allowed.
2008-05-05 01:55 Process C:\WINDOWS\system32\winlogon.exe (PID: 1372): attempt to load new or modified module allowed.
2008-05-05 01:55 Process C:\WINDOWS\system32\winlogon.exe (PID: 1372): attempt to load new or modified module allowed.
2008-05-05 01:55 Protection of your computer is not running. You are advised to resume protection.
2008-05-05 01:56 Protection of your computer started.
2008-05-05 01:56 Some protection components are disabled. You are advised to enable them.
2008-05-05 01:57 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 01:58 Process C:\WINDOWS\system32\rundll32.exe (PID: 3888): attempt to load new or modified module allowed.
2008-05-05 02:00 Protection of your computer started.
2008-05-05 02:00 Some protection components are disabled. You are advised to enable them.
2008-05-05 02:00 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 02:00 Process C:\WINDOWS\system32\alg.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 02:01 Process C:\WINDOWS\system32\dwwin.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 02:01 Process C:\WINDOWS\system32\dwwin.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 02:01 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 02:01 Process C:\WINDOWS\system32\rundll32.exe (PID: 2732): attempt to load new or modified module allowed.
2008-05-05 02:01 Process C:\WINDOWS\system32\rundll32.exe (PID: 2732): attempt to load new or modified module allowed.
2008-05-05 02:01 Process C:\WINDOWS\system32\rundll32.exe (PID: 2732): attempt to load new or modified module allowed.
2008-05-05 02:01 Process C:\WINDOWS\system32\rundll32.exe (PID: 2732): attempt to load new or modified module allowed.
2008-05-05 02:01 Process C:\WINDOWS\system32\rundll32.exe (PID: 2732): attempt to load new or modified module allowed.
2008-05-05 02:01 Process C:\WINDOWS\system32\rundll32.exe (PID: 2732): attempt to load new or modified module allowed.
2008-05-05 02:01 Process C:\WINDOWS\system32\rundll32.exe (PID: 2732): attempt to load new or modified module allowed.
2008-05-05 02:01 Process C:\WINDOWS\system32\rundll32.exe (PID: 2732): attempt to load new or modified module allowed.
2008-05-05 02:01 Process C:\WINDOWS\system32\rundll32.exe (PID: 2732): attempt to load new or modified module allowed.
2008-05-05 02:01 Process C:\WINDOWS\system32\rundll32.exe (PID: 2732): attempt to load new or modified module allowed.
2008-05-05 02:01 Process C:\WINDOWS\system32\rundll32.exe (PID: 2732): attempt to load new or modified module allowed.
2008-05-05 02:01 Process C:\WINDOWS\system32\rundll32.exe (PID: 2732): attempt to load new or modified module allowed.
2008-05-05 02:01 Process C:\WINDOWS\system32\rundll32.exe (PID: 2732): attempt to load new or modified module allowed.
2008-05-05 02:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 2732): attempt to load new or modified module allowed.
2008-05-05 02:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 2732): attempt to load new or modified module allowed.
2008-05-05 02:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 2732): attempt to load new or modified module allowed.
2008-05-05 02:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 2732): attempt to load new or modified module allowed.
2008-05-05 02:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 2732): attempt to load new or modified module allowed.
2008-05-05 02:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 2732): attempt to load new or modified module allowed.
2008-05-05 02:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 2732): attempt to load new or modified module allowed.
2008-05-05 02:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 2732): attempt to load new or modified module allowed.
2008-05-05 02:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 2732): attempt to load new or modified module allowed.
2008-05-05 02:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 2732): attempt to load new or modified module allowed.
2008-05-05 02:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 2732): attempt to load new or modified module allowed.
2008-05-05 02:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 2732): attempt to load new or modified module allowed.
2008-05-05 02:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 2732): attempt to load new or modified module allowed.
2008-05-05 02:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 2732): attempt to load new or modified module allowed.
2008-05-05 02:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 2732): attempt to load new or modified module allowed.
2008-05-05 02:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 2732): attempt to load new or modified module allowed.
2008-05-05 02:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 2732): attempt to load new or modified module allowed.
2008-05-05 02:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 02:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 2284): attempt to load new or modified module allowed.
2008-05-05 02:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 2284): attempt to load new or modified module allowed.
2008-05-05 02:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 2732): attempt to load new or modified module allowed.
2008-05-05 02:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 2732): attempt to load new or modified module allowed.
2008-05-05 02:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 02:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 848): attempt to load new or modified module allowed.
2008-05-05 02:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 848): attempt to load new or modified module allowed.
2008-05-05 02:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 02:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 436): attempt to load new or modified module allowed.
2008-05-05 02:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 436): attempt to load new or modified module allowed.
2008-05-05 02:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 3468): attempt to load new or modified module allowed.
2008-05-05 02:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 3468): attempt to load new or modified module allowed.
2008-05-05 02:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 3468): attempt to load new or modified module allowed.
2008-05-05 02:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 3468): attempt to load new or modified module allowed.
2008-05-05 02:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 3468): attempt to load new or modified module allowed.
2008-05-05 02:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 3468): attempt to load new or modified module allowed.
2008-05-05 02:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 3468): attempt to load new or modified module allowed.
2008-05-05 02:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 3468): attempt to load new or modified module allowed.
2008-05-05 02:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 3468): attempt to load new or modified module allowed.
2008-05-05 02:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 3468): attempt to load new or modified module allowed.
2008-05-05 02:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 3468): attempt to load new or modified module allowed.
2008-05-05 02:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 3468): attempt to load new or modified module allowed.
2008-05-05 02:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 3468): attempt to load new or modified module allowed.
2008-05-05 02:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 3468): attempt to load new or modified module allowed.
2008-05-05 02:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 3468): attempt to load new or modified module allowed.
2008-05-05 02:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 3468): attempt to load new or modified module allowed.
2008-05-05 02:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 3468): attempt to load new or modified module allowed.
2008-05-05 02:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 3468): attempt to load new or modified module allowed.
2008-05-05 02:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 3468): attempt to load new or modified module allowed.
2008-05-05 02:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 3468): attempt to load new or modified module allowed.
2008-05-05 02:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 3468): attempt to load new or modified module allowed.
2008-05-05 02:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 3468): attempt to load new or modified module allowed.
2008-05-05 02:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 3468): attempt to load new or modified module allowed.
2008-05-05 02:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 3468): attempt to load new or modified module allowed.
2008-05-05 02:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 3468): attempt to load new or modified module allowed.
2008-05-05 02:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 3468): attempt to load new or modified module allowed.
2008-05-05 02:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 3468): attempt to load new or modified module allowed.
2008-05-05 02:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 3468): attempt to load new or modified module allowed.
2008-05-05 02:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 3468): attempt to load new or modified module allowed.
2008-05-05 02:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 3468): attempt to load new or modified module allowed.
2008-05-05 02:04 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 02:04 Process C:\WINDOWS\system32\rundll32.exe (PID: 2288): attempt to load new or modified module allowed.
2008-05-05 02:04 Process C:\WINDOWS\system32\rundll32.exe (PID: 2288): attempt to load new or modified module allowed.
2008-05-05 02:04 Process C:\WINDOWS\system32\rundll32.exe (PID: 3468): attempt to load new or modified module allowed.
2008-05-05 02:04 Process C:\WINDOWS\system32\rundll32.exe (PID: 3468): attempt to load new or modified module allowed.
2008-05-05 02:04 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 02:04 Process C:\WINDOWS\system32\rundll32.exe (PID: 832): attempt to load new or modified module allowed.
2008-05-05 02:04 Process C:\WINDOWS\system32\rundll32.exe (PID: 832): attempt to load new or modified module allowed.
2008-05-05 02:05 Process C:\WINDOWS\system32\rundll32.exe (PID: 2608): attempt to load new or modified module allowed.
2008-05-05 02:05 Process C:\WINDOWS\system32\rundll32.exe (PID: 2608): attempt to load new or modified module allowed.
2008-05-05 02:05 Process C:\WINDOWS\system32\rundll32.exe (PID: 2608): attempt to load new or modified module allowed.
2008-05-05 02:05 Process C:\WINDOWS\system32\rundll32.exe (PID: 2608): attempt to load new or modified module allowed.
2008-05-05 02:05 Process C:\WINDOWS\system32\rundll32.exe (PID: 2608): attempt to load new or modified module allowed.
2008-05-05 02:05 Process C:\WINDOWS\system32\rundll32.exe (PID: 2608): attempt to load new or modified module allowed.
2008-05-05 02:05 Process C:\WINDOWS\system32\rundll32.exe (PID: 2608): attempt to load new or modified module allowed.
2008-05-05 02:05 Process C:\WINDOWS\system32\rundll32.exe (PID: 2608): attempt to load new or modified module allowed.
2008-05-05 02:05 Process C:\WINDOWS\system32\rundll32.exe (PID: 2608): attempt to load new or modified module allowed.
2008-05-05 02:05 Process C:\WINDOWS\system32\rundll32.exe (PID: 2608): attempt to load new or modified module allowed.
2008-05-05 02:05 Process C:\WINDOWS\system32\rundll32.exe (PID: 2608): attempt to load new or modified module allowed.
2008-05-05 02:05 Process C:\WINDOWS\system32\rundll32.exe (PID: 2608): attempt to load new or modified module allowed.
2008-05-05 02:05 Process C:\WINDOWS\system32\rundll32.exe (PID: 2608): attempt to load new or modified module allowed.
2008-05-05 02:05 Process C:\WINDOWS\system32\rundll32.exe (PID: 2608): attempt to load new or modified module allowed.
2008-05-05 02:05 Process C:\WINDOWS\system32\rundll32.exe (PID: 2608): attempt to load new or modified module allowed.
2008-05-05 02:05 Process C:\WINDOWS\system32\rundll32.exe (PID: 2608): attempt to load new or modified module allowed.
2008-05-05 02:05 Process C:\WINDOWS\system32\rundll32.exe (PID: 2608): attempt to load new or modified module allowed.
2008-05-05 02:05 Process C:\WINDOWS\system32\rundll32.exe (PID: 2608): attempt to load new or modified module allowed.
2008-05-05 02:05 Process C:\WINDOWS\system32\rundll32.exe (PID: 2608): attempt to load new or modified module allowed.
2008-05-05 02:05 Process C:\WINDOWS\system32\rundll32.exe (PID: 2608): attempt to load new or modified module allowed.
2008-05-05 02:05 Process C:\WINDOWS\system32\rundll32.exe (PID: 2608): attempt to load new or modified module allowed.
2008-05-05 02:05 Process C:\WINDOWS\system32\rundll32.exe (PID: 2608): attempt to load new or modified module allowed.
2008-05-05 02:05 Process C:\WINDOWS\system32\rundll32.exe (PID: 2608): attempt to load new or modified module allowed.
2008-05-05 02:05 Process C:\WINDOWS\system32\rundll32.exe (PID: 2608): attempt to load new or modified module allowed.
2008-05-05 02:05 Process C:\WINDOWS\system32\rundll32.exe (PID: 2608): attempt to load new or modified module allowed.
2008-05-05 02:05 Process C:\WINDOWS\system32\rundll32.exe (PID: 2608): attempt to load new or modified module allowed.
2008-05-05 02:05 Process C:\WINDOWS\system32\rundll32.exe (PID: 2608): attempt to load new or modified module allowed.
2008-05-05 02:05 Process C:\WINDOWS\system32\rundll32.exe (PID: 2608): attempt to load new or modified module allowed.
2008-05-05 02:05 Process C:\WINDOWS\system32\rundll32.exe (PID: 2608): attempt to load new or modified module allowed.
2008-05-05 02:05 Process C:\WINDOWS\system32\rundll32.exe (PID: 2608): attempt to load new or modified module allowed.
2008-05-05 02:06 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 02:06 Process C:\WINDOWS\system32\rundll32.exe (PID: 676): attempt to load new or modified module allowed.
2008-05-05 02:06 Process C:\WINDOWS\system32\rundll32.exe (PID: 676): attempt to load new or modified module allowed.
2008-05-05 02:06 Process C:\WINDOWS\system32\rundll32.exe (PID: 2608): attempt to load new or modified module allowed.
2008-05-05 02:06 Process C:\WINDOWS\system32\rundll32.exe (PID: 2608): attempt to load new or modified module allowed.
2008-05-05 02:09 Protection of your computer is not running. You are advised to resume protection.
2008-05-05 02:10 Protection of your computer started.
2008-05-05 02:10 Some protection components are disabled. You are advised to enable them.
2008-05-05 02:12 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 02:14 Protection of your computer started.
2008-05-05 02:14 Some protection components are disabled. You are advised to enable them.
2008-05-05 02:15 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 02:15 Protection of your computer is not running. You are advised to resume protection.
2008-05-05 02:17 Protection of your computer started.
2008-05-05 02:17 Some protection components are disabled. You are advised to enable them.
2008-05-05 02:19 Running process C:\Program Files\SiteAdvisor\6253\SiteAdv.exe: detected modification of riskware 'Invader (loader)'.
2008-05-05 02:19 Process C:\Program Files\SiteAdvisor\6253\SiteAdv.exe (PID: 1740): attempt to perform suspicious actions allowed.
2008-05-05 02:19 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 02:21 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2744): attempt to load new or modified module was blocked.
2008-05-05 02:21 Process (PID 364) tried to access Kaspersky Internet Security process (PID 1040), but the action has been blocked by the Self-Defense component. No action on your part is required.
2008-05-05 02:22 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2744): attempt to load new or modified module allowed.
2008-05-05 02:22 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2744): attempt to load new or modified module allowed.
2008-05-05 02:22 Process C:\Program Files\Microsoft ActiveSync\wcescomm.exe (PID: 792): attempt to load new or modified module allowed.
2008-05-05 02:22 Process C:\Program Files\Microsoft ActiveSync\wcescomm.exe (PID: 792): attempt to load new or modified module allowed.
2008-05-05 02:22 Process C:\Program Files\Microsoft ActiveSync\wcescomm.exe (PID: 792): attempt to load new or modified module allowed.
2008-05-05 02:22 Process C:\Program Files\Microsoft ActiveSync\wcescomm.exe (PID: 792): attempt to load new or modified module allowed.
2008-05-05 02:22 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2744): attempt to load new or modified module allowed.
2008-05-05 02:23 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2744): attempt to load new or modified module allowed.
2008-05-05 02:23 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2744): attempt to load new or modified module allowed.
2008-05-05 02:23 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2744): attempt to load new or modified module allowed.
2008-05-05 02:23 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2744): attempt to load new or modified module allowed.
2008-05-05 02:23 Protection of your computer is not running. You are advised to resume protection.
2008-05-05 02:30 Protection of your computer started.
2008-05-05 02:30 Some protection components are disabled. You are advised to enable them.
2008-05-05 02:33 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 02:34 Running process C:\Program Files\SiteAdvisor\6253\SiteAdv.exe: detected modification of riskware 'Invader (loader)'.
2008-05-05 02:34 Process C:\Program Files\SiteAdvisor\6253\SiteAdv.exe (PID: 264): attempt to perform suspicious actions allowed.
2008-05-05 02:35 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:35 Process C:\Program Files\Microsoft ActiveSync\wcescomm.exe (PID: 2716): attempt to load new or modified module allowed.
2008-05-05 02:35 Running process C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe: detected modification of riskware 'Invader (loader)'.
2008-05-05 02:35 Process C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (PID: 3220): attempt to perform suspicious actions allowed.
2008-05-05 02:35 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:35 Process C:\Program Files\Microsoft ActiveSync\wcescomm.exe (PID: 2716): attempt to load new or modified module allowed.
2008-05-05 02:35 Running process C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe: detected modification of riskware 'Invader (loader)'.
2008-05-05 02:35 Process C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (PID: 3220): attempt to perform suspicious actions allowed.
2008-05-05 02:35 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:35 Process C:\Program Files\Microsoft ActiveSync\wcescomm.exe (PID: 2716): attempt to load new or modified module allowed.
2008-05-05 02:35 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:35 Process C:\Program Files\Microsoft ActiveSync\wcescomm.exe (PID: 2716): attempt to load new or modified module allowed.
2008-05-05 02:35 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:35 Process C:\Program Files\Microsoft ActiveSync\wcescomm.exe (PID: 2716): attempt to load new or modified module allowed.
2008-05-05 02:35 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:35 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:35 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:35 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:35 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:36 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:36 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:36 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:36 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:36 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:36 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:36 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:36 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:36 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:36 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:36 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:36 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:36 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:36 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:36 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:36 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:36 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:36 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:36 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:36 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:36 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:36 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:36 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:36 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:36 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:36 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:36 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:36 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 2416): attempt to load new or modified module allowed.
2008-05-05 02:37 Protection of your computer is not running. You are advised to resume protection.
2008-05-05 02:44 Protection of your computer started.
2008-05-05 02:44 Some protection components are disabled. You are advised to enable them.
2008-05-05 02:45 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1468): attempt to load new or modified module allowed.
2008-05-05 02:45 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1468): attempt to load new or modified module allowed.
2008-05-05 02:45 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1468): attempt to load new or modified module allowed.
2008-05-05 02:46 Process C:\WINDOWS\system32\rundll32.exe (PID: 2784): attempt to load new or modified module allowed.
2008-05-05 02:46 Process C:\WINDOWS\system32\rundll32.exe (PID: 2784): attempt to load new or modified module allowed.
2008-05-05 02:46 Process C:\WINDOWS\system32\rundll32.exe (PID: 2784): attempt to load new or modified module allowed.
2008-05-05 02:46 Process C:\WINDOWS\system32\rundll32.exe (PID: 2784): attempt to load new or modified module allowed.
2008-05-05 02:46 Process C:\WINDOWS\system32\rundll32.exe (PID: 2784): attempt to load new or modified module allowed.
2008-05-05 02:46 Process C:\WINDOWS\system32\rundll32.exe (PID: 2784): attempt to load new or modified module allowed.
2008-05-05 02:46 Process C:\WINDOWS\system32\rundll32.exe (PID: 2784): attempt to load new or modified module allowed.
2008-05-05 02:46 Process C:\WINDOWS\system32\rundll32.exe (PID: 2784): attempt to load new or modified module allowed.
2008-05-05 02:46 Process C:\WINDOWS\system32\rundll32.exe (PID: 2784): attempt to load new or modified module allowed.
2008-05-05 02:46 Process C:\WINDOWS\system32\rundll32.exe (PID: 2784): attempt to load new or modified module allowed.
2008-05-05 02:46 Process C:\WINDOWS\system32\rundll32.exe (PID: 2784): attempt to load new or modified module allowed.
2008-05-05 02:46 Process C:\WINDOWS\system32\rundll32.exe (PID: 2784): attempt to load new or modified module allowed.
2008-05-05 02:46 Process C:\WINDOWS\system32\rundll32.exe (PID: 2784): attempt to load new or modified module allowed.
2008-05-05 02:46 Process C:\WINDOWS\system32\rundll32.exe (PID: 2784): attempt to load new or modified module allowed.
2008-05-05 02:46 Process C:\WINDOWS\system32\rundll32.exe (PID: 2784): attempt to load new or modified module allowed.
2008-05-05 02:46 Process C:\WINDOWS\system32\rundll32.exe (PID: 2784): attempt to load new or modified module allowed.
2008-05-05 02:46 Process C:\WINDOWS\system32\rundll32.exe (PID: 2784): attempt to load new or modified module allowed.
2008-05-05 02:46 Process C:\WINDOWS\system32\rundll32.exe (PID: 2784): attempt to load new or modified module allowed.
2008-05-05 02:46 Process C:\WINDOWS\system32\rundll32.exe (PID: 2784): attempt to load new or modified module allowed.
2008-05-05 02:46 Process C:\WINDOWS\system32\rundll32.exe (PID: 2784): attempt to load new or modified module allowed.
2008-05-05 02:46 Process C:\WINDOWS\system32\rundll32.exe (PID: 2784): attempt to load new or modified module allowed.
2008-05-05 02:46 Process C:\WINDOWS\system32\rundll32.exe (PID: 2784): attempt to load new or modified module allowed.
2008-05-05 02:46 Process C:\WINDOWS\system32\rundll32.exe (PID: 2784): attempt to load new or modified module allowed.
2008-05-05 02:46 Process C:\WINDOWS\system32\rundll32.exe (PID: 2784): attempt to load new or modified module allowed.
2008-05-05 02:46 Process C:\WINDOWS\system32\rundll32.exe (PID: 2784): attempt to load new or modified module allowed.
2008-05-05 02:46 Process C:\WINDOWS\system32\rundll32.exe (PID: 2784): attempt to load new or modified module allowed.
2008-05-05 02:46 Process C:\WINDOWS\system32\rundll32.exe (PID: 2784): attempt to load new or modified module allowed.
2008-05-05 02:46 Process C:\WINDOWS\system32\rundll32.exe (PID: 2784): attempt to load new or modified module allowed.
2008-05-05 02:46 Process C:\WINDOWS\system32\rundll32.exe (PID: 2784): attempt to load new or modified module allowed.
2008-05-05 02:46 Process C:\WINDOWS\system32\rundll32.exe (PID: 2784): attempt to load new or modified module allowed.
2008-05-05 02:47 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 02:47 Process C:\WINDOWS\system32\rundll32.exe (PID: 3100): attempt to load new or modified module allowed.
2008-05-05 02:47 Process C:\WINDOWS\system32\rundll32.exe (PID: 3100): attempt to load new or modified module allowed.
2008-05-05 02:47 Process C:\WINDOWS\system32\rundll32.exe (PID: 2784): attempt to load new or modified module allowed.
2008-05-05 02:47 Process C:\WINDOWS\system32\rundll32.exe (PID: 2784): attempt to load new or modified module allowed.
2008-05-05 02:48 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 02:48 Process C:\WINDOWS\system32\rundll32.exe (PID: 1204): attempt to load new or modified module allowed.
2008-05-05 02:48 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 02:48 Process C:\WINDOWS\system32\rundll32.exe (PID: 812): attempt to load new or modified module allowed.
2008-05-05 02:48 Process C:\WINDOWS\system32\rundll32.exe (PID: 580): attempt to load new or modified module allowed.
2008-05-05 02:48 Process C:\WINDOWS\system32\rundll32.exe (PID: 580): attempt to load new or modified module allowed.
2008-05-05 02:48 Process C:\WINDOWS\system32\rundll32.exe (PID: 580): attempt to load new or modified module allowed.
2008-05-05 02:48 Process C:\WINDOWS\system32\rundll32.exe (PID: 580): attempt to load new or modified module allowed.
2008-05-05 02:48 Process C:\WINDOWS\system32\rundll32.exe (PID: 580): attempt to load new or modified module allowed.
2008-05-05 02:48 Process C:\WINDOWS\system32\rundll32.exe (PID: 580): attempt to load new or modified module allowed.
2008-05-05 02:48 Process C:\WINDOWS\system32\rundll32.exe (PID: 580): attempt to load new or modified module allowed.
2008-05-05 02:48 Process C:\WINDOWS\system32\rundll32.exe (PID: 580): attempt to load new or modified module allowed.
2008-05-05 02:48 Process C:\WINDOWS\system32\rundll32.exe (PID: 580): attempt to load new or modified module allowed.
2008-05-05 02:48 Process C:\WINDOWS\system32\rundll32.exe (PID: 580): attempt to load new or modified module allowed.
2008-05-05 02:48 Process C:\WINDOWS\system32\rundll32.exe (PID: 580): attempt to load new or modified module allowed.
2008-05-05 02:48 Process C:\WINDOWS\system32\rundll32.exe (PID: 580): attempt to load new or modified module allowed.
2008-05-05 02:48 Process C:\WINDOWS\system32\rundll32.exe (PID: 580): attempt to load new or modified module allowed.
2008-05-05 02:48 Process C:\WINDOWS\system32\rundll32.exe (PID: 2664): attempt to load new or modified module allowed.
2008-05-05 02:48 Process C:\WINDOWS\system32\rundll32.exe (PID: 2664): attempt to load new or modified module allowed.
2008-05-05 02:48 Process C:\WINDOWS\system32\rundll32.exe (PID: 2664): attempt to load new or modified module allowed.
2008-05-05 02:48 Process C:\WINDOWS\system32\rundll32.exe (PID: 2664): attempt to load new or modified module allowed.
2008-05-05 02:48 Process C:\WINDOWS\system32\rundll32.exe (PID: 2664): attempt to load new or modified module allowed.
2008-05-05 02:48 Process C:\WINDOWS\system32\rundll32.exe (PID: 2664): attempt to load new or modified module allowed.
2008-05-05 02:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 580): attempt to load new or modified module allowed.
2008-05-05 02:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 580): attempt to load new or modified module allowed.
2008-05-05 02:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 580): attempt to load new or modified module allowed.
2008-05-05 02:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 580): attempt to load new or modified module allowed.
2008-05-05 02:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 580): attempt to load new or modified module allowed.
2008-05-05 02:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 580): attempt to load new or modified module allowed.
2008-05-05 02:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 580): attempt to load new or modified module allowed.
2008-05-05 02:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 580): attempt to load new or modified module allowed.
2008-05-05 02:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 580): attempt to load new or modified module allowed.
2008-05-05 02:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 580): attempt to load new or modified module allowed.
2008-05-05 02:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 580): attempt to load new or modified module allowed.
2008-05-05 02:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 580): attempt to load new or modified module allowed.
2008-05-05 02:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 580): attempt to load new or modified module allowed.
2008-05-05 02:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 580): attempt to load new or modified module allowed.
2008-05-05 02:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 580): attempt to load new or modified module allowed.
2008-05-05 02:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 580): attempt to load new or modified module allowed.
2008-05-05 02:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 580): attempt to load new or modified module allowed.
2008-05-05 02:51 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 02:51 Process C:\WINDOWS\system32\rundll32.exe (PID: 3480): attempt to load new or modified module allowed.
2008-05-05 02:51 Process C:\WINDOWS\system32\rundll32.exe (PID: 3480): attempt to load new or modified module allowed.
2008-05-05 02:51 Process C:\WINDOWS\system32\rundll32.exe (PID: 580): attempt to load new or modified module allowed.
2008-05-05 02:51 Process C:\WINDOWS\system32\rundll32.exe (PID: 580): attempt to load new or modified module allowed.
2008-05-05 02:51 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 02:51 Process C:\WINDOWS\system32\rundll32.exe (PID: 2364): attempt to load new or modified module allowed.
2008-05-05 02:52 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1468): attempt to load new or modified module allowed.
2008-05-05 02:54 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1468): attempt to load new or modified module allowed.
2008-05-05 02:55 Process C:\Documents and Settings\Owner\Local Settings\Temp\is-2746A.tmp\spybotsd152[1].tmp (PID: 2044): suspicious action. Attempt to create list of modules executed during system startup (key HKEY_USERS\S-1-5-21-1343024091-1788223648-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run, value SpybotSD TeaTimer, data C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe).
2008-05-05 02:55 Process C:\Documents and Settings\Owner\Local Settings\Temp\is-2746A.tmp\spybotsd152[1].tmp (PID: 2044): attempt to create list of modules executed during system startup (key HKEY_USERS\S-1-5-21-1343024091-1788223648-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run, value SpybotSD TeaTimer, data C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe) allowed.
2008-05-05 02:55 Process C:\Documents and Settings\Owner\Local Settings\Temp\is-2746A.tmp\spybotsd152[1].tmp (PID: 2044): suspicious action. Attempt to create list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}, value CLSID, data {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}).
2008-05-05 02:55 Process C:\Documents and Settings\Owner\Local Settings\Temp\is-2746A.tmp\spybotsd152[1].tmp (PID: 2044): attempt to create list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}, value CLSID, data {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}) allowed.
2008-05-05 02:55 Process C:\Documents and Settings\Owner\Local Settings\Temp\is-2746A.tmp\spybotsd152[1].tmp (PID: 2044): suspicious action. Attempt to create list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}, value ClsidExtension, data {53707962-6F74-2D53-2644-206D7942484F}).
2008-05-05 02:55 Process C:\Documents and Settings\Owner\Local Settings\Temp\is-2746A.tmp\spybotsd152[1].tmp (PID: 2044): attempt to create list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}, value ClsidExtension, data {53707962-6F74-2D53-2644-206D7942484F}) allowed.
2008-05-05 02:55 Process C:\Documents and Settings\Owner\Local Settings\Temp\is-2746A.tmp\spybotsd152[1].tmp (PID: 2044): suspicious action. Attempt to create list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}, value Default Visible, data Yes).
2008-05-05 02:55 Process C:\Documents and Settings\Owner\Local Settings\Temp\is-2746A.tmp\spybotsd152[1].tmp (PID: 2044): attempt to create list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}, value Default Visible, data Yes) allowed.
2008-05-05 02:55 Process C:\Documents and Settings\Owner\Local Settings\Temp\is-2746A.tmp\spybotsd152[1].tmp (PID: 2044): suspicious action. Attempt to create list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}, value MenuStatusBar, data Configure how Spybot - Search & Destroy protects your IE.).
2008-05-05 02:55 Process C:\Documents and Settings\Owner\Local Settings\Temp\is-2746A.tmp\spybotsd152[1].tmp (PID: 2044): attempt to create list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}, value MenuStatusBar, data Configure how Spybot - Search & Destroy protects your IE.) allowed.
2008-05-05 02:55 Process C:\Documents and Settings\Owner\Local Settings\Temp\is-2746A.tmp\spybotsd152[1].tmp (PID: 2044): suspicious action. Attempt to create list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}, value MenuText, data Spybot - Search && Destroy Configuration).
2008-05-05 02:55 Process C:\Documents and Settings\Owner\Local Settings\Temp\is-2746A.tmp\spybotsd152[1].tmp (PID: 2044): attempt to create list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}, value MenuText, data Spybot - Search && Destroy Configuration) allowed.
2008-05-05 02:55 Process C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (PID: 252): suspicious action. Attempt to create list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpybotSD.SBEFile\shell\open\command, value , data "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "%1").
2008-05-05 02:55 Process C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (PID: 252): attempt to create list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpybotSD.SBEFile\shell\open\command, value , data "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "%1") allowed.
2008-05-05 02:55 Process C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (PID: 252): suspicious action. Attempt to create list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpybotSD.SBIFile\shell\open\command, value , data "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "%1").
2008-05-05 02:55 Process C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (PID: 252): attempt to create list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpybotSD.SBIFile\shell\open\command, value , data "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "%1") allowed.
2008-05-05 02:55 Process C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (PID: 252): suspicious action. Attempt to create list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpybotSD.SBSFile\shell\open\command, value , data "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "%1").
2008-05-05 02:55 Process C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (PID: 252): attempt to create list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpybotSD.SBSFile\shell\open\command, value , data "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "%1") allowed.
2008-05-05 02:55 Process C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (PID: 252): suspicious action. Attempt to create list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpybotSD.UTIFile\shell\open\command, value , data "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "%1").
2008-05-05 02:55 Process C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (PID: 252): attempt to create list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpybotSD.UTIFile\shell\open\command, value , data "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "%1") allowed.
2008-05-05 02:55 Process C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (PID: 252): suspicious action. Attempt to create list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpybotSD.UTSFile\shell\open\command, value , data "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "%1").
2008-05-05 02:55 Process C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (PID: 252): attempt to create list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpybotSD.UTSFile\shell\open\command, value , data "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "%1") allowed.
2008-05-05 02:55 Process C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (PID: 252): suspicious action. Attempt to create list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpybotSD.TInfoFile\shell\open\command, value , data "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "%1").
2008-05-05 02:55 Process C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (PID: 252): attempt to create list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpybotSD.TInfoFile\shell\open\command, value , data "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "%1") allowed.
2008-05-05 02:55 Process C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (PID: 252): suspicious action. Attempt to create list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpybotSD.DisabledFile\shell\open\command, value , data "C:\Program Files\Spybot - Search & Destroy\blindman.exe" "%1").
2008-05-05 02:55 Process C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (PID: 252): attempt to create list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpybotSD.DisabledFile\shell\open\command, value , data "C:\Program Files\Spybot - Search & Destroy\blindman.exe" "%1") allowed.
2008-05-05 02:56 Process C:\WINDOWS\system32\rundll32.exe (PID: 176): attempt to load new or modified module allowed.
2008-05-05 02:56 Process C:\WINDOWS\system32\rundll32.exe (PID: 176): attempt to load new or modified module allowed.
2008-05-05 02:56 Process C:\WINDOWS\system32\rundll32.exe (PID: 176): attempt to load new or modified module allowed.
2008-05-05 02:56 Process C:\WINDOWS\system32\rundll32.exe (PID: 176): attempt to load new or modified module allowed.
2008-05-05 02:56 Process C:\WINDOWS\system32\rundll32.exe (PID: 176): attempt to load new or modified module allowed.
2008-05-05 02:56 Process C:\WINDOWS\system32\rundll32.exe (PID: 176): attempt to load new or modified module allowed.
2008-05-05 02:56 Process C:\WINDOWS\system32\rundll32.exe (PID: 176): attempt to load new or modified module allowed.
2008-05-05 02:56 Process C:\WINDOWS\system32\rundll32.exe (PID: 176): attempt to load new or modified module allowed.
2008-05-05 02:56 Process C:\WINDOWS\system32\rundll32.exe (PID: 176): attempt to load new or modified module allowed.
2008-05-05 02:56 Process C:\WINDOWS\system32\rundll32.exe (PID: 176): attempt to load new or modified module allowed.
2008-05-05 02:56 Process C:\WINDOWS\system32\rundll32.exe (PID: 176): attempt to load new or modified module allowed.
2008-05-05 02:56 Process C:\WINDOWS\system32\rundll32.exe (PID: 176): attempt to load new or modified module allowed.
2008-05-05 02:56 Process C:\WINDOWS\system32\rundll32.exe (PID: 176): attempt to load new or modified module allowed.
2008-05-05 02:56 Process C:\WINDOWS\system32\rundll32.exe (PID: 176): attempt to load new or modified module allowed.
2008-05-05 02:56 Process C:\WINDOWS\system32\rundll32.exe (PID: 176): attempt to load new or modified module allowed.
2008-05-05 02:56 Process C:\WINDOWS\system32\rundll32.exe (PID: 176): attempt to load new or modified module allowed.
2008-05-05 02:56 Process C:\WINDOWS\system32\rundll32.exe (PID: 176): attempt to load new or modified module allowed.
2008-05-05 02:56 Process C:\WINDOWS\system32\rundll32.exe (PID: 176): attempt to load new or modified module allowed.
2008-05-05 02:56 Process C:\WINDOWS\system32\rundll32.exe (PID: 176): attempt to load new or modified module allowed.
2008-05-05 02:56 Process C:\WINDOWS\system32\rundll32.exe (PID: 176): attempt to load new or modified module allowed.
2008-05-05 02:56 Process C:\WINDOWS\system32\rundll32.exe (PID: 176): attempt to load new or modified module allowed.
2008-05-05 02:56 Process C:\WINDOWS\system32\rundll32.exe (PID: 176): attempt to load new or modified module allowed.
2008-05-05 02:56 Process C:\WINDOWS\system32\rundll32.exe (PID: 176): attempt to load new or modified module allowed.
2008-05-05 02:56 Process C:\WINDOWS\system32\rundll32.exe (PID: 176): attempt to load new or modified module allowed.
2008-05-05 02:56 Process C:\WINDOWS\system32\rundll32.exe (PID: 176): attempt to load new or modified module allowed.
2008-05-05 02:56 Process C:\WINDOWS\system32\rundll32.exe (PID: 176): attempt to load new or modified module allowed.
2008-05-05 02:56 Process C:\WINDOWS\system32\rundll32.exe (PID: 176): attempt to load new or modified module allowed.
2008-05-05 02:56 Process C:\WINDOWS\system32\rundll32.exe (PID: 176): attempt to load new or modified module allowed.
2008-05-05 02:56 Process C:\WINDOWS\system32\rundll32.exe (PID: 176): attempt to load new or modified module allowed.
2008-05-05 02:56 Process C:\WINDOWS\system32\rundll32.exe (PID: 176): attempt to load new or modified module allowed.
2008-05-05 02:57 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 02:57 Process C:\WINDOWS\system32\rundll32.exe (PID: 2808): attempt to load new or modified module allowed.
2008-05-05 02:57 Process C:\WINDOWS\system32\rundll32.exe (PID: 2808): attempt to load new or modified module allowed.
2008-05-05 02:57 Process C:\WINDOWS\system32\rundll32.exe (PID: 176): attempt to load new or modified module allowed.
2008-05-05 02:57 Process C:\WINDOWS\system32\rundll32.exe (PID: 176): attempt to load new or modified module allowed.
2008-05-05 02:57 Process C:\WINDOWS\system32\rundll32.exe (PID: 328): attempt to load new or modified module allowed.
2008-05-05 02:57 Process C:\WINDOWS\system32\rundll32.exe (PID: 328): attempt to load new or modified module allowed.
2008-05-05 02:57 Process C:\WINDOWS\system32\rundll32.exe (PID: 328): attempt to load new or modified module allowed.
2008-05-05 02:57 Process C:\WINDOWS\system32\rundll32.exe (PID: 328): attempt to load new or modified module allowed.
2008-05-05 02:57 Process C:\WINDOWS\system32\rundll32.exe (PID: 328): attempt to load new or modified module allowed.
2008-05-05 02:57 Process C:\WINDOWS\system32\rundll32.exe (PID: 328): attempt to load new or modified module allowed.
2008-05-05 02:57 Process C:\WINDOWS\system32\rundll32.exe (PID: 328): attempt to load new or modified module allowed.
2008-05-05 02:57 Process C:\WINDOWS\system32\rundll32.exe (PID: 328): attempt to load new or modified module allowed.
2008-05-05 02:57 Process C:\WINDOWS\system32\rundll32.exe (PID: 328): attempt to load new or modified module allowed.
2008-05-05 02:57 Process C:\WINDOWS\system32\rundll32.exe (PID: 328): attempt to load new or modified module allowed.
2008-05-05 02:57 Process C:\WINDOWS\system32\rundll32.exe (PID: 328): attempt to load new or modified module allowed.
2008-05-05 02:57 Process C:\WINDOWS\system32\rundll32.exe (PID: 328): attempt to load new or modified module allowed.
2008-05-05 02:57 Process C:\WINDOWS\system32\rundll32.exe (PID: 328): attempt to load new or modified module allowed.
2008-05-05 02:57 Process C:\WINDOWS\system32\rundll32.exe (PID: 328): attempt to load new or modified module allowed.
2008-05-05 02:57 Process C:\WINDOWS\system32\rundll32.exe (PID: 328): attempt to load new or modified module allowed.
2008-05-05 02:57 Process C:\WINDOWS\system32\rundll32.exe (PID: 328): attempt to load new or modified module allowed.
2008-05-05 02:57 Process C:\WINDOWS\system32\rundll32.exe (PID: 328): attempt to load new or modified module allowed.
2008-05-05 02:57 Process C:\WINDOWS\system32\rundll32.exe (PID: 328): attempt to load new or modified module allowed.
2008-05-05 02:57 Process C:\WINDOWS\system32\rundll32.exe (PID: 328): attempt to load new or modified module allowed.
2008-05-05 02:57 Process C:\WINDOWS\system32\rundll32.exe (PID: 328): attempt to load new or modified module allowed.
2008-05-05 02:57 Process C:\WINDOWS\system32\rundll32.exe (PID: 328): attempt to load new or modified module allowed.
2008-05-05 02:57 Process C:\WINDOWS\system32\rundll32.exe (PID: 328): attempt to load new or modified module allowed.
2008-05-05 02:57 Process C:\WINDOWS\system32\rundll32.exe (PID: 328): attempt to load new or modified module allowed.
2008-05-05 02:57 Process C:\WINDOWS\system32\rundll32.exe (PID: 328): attempt to load new or modified module allowed.
2008-05-05 03:00 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 03:00 Process C:\WINDOWS\system32\rundll32.exe (PID: 844): attempt to load new or modified module allowed.
2008-05-05 03:00 Process C:\WINDOWS\system32\rundll32.exe (PID: 844): attempt to load new or modified module allowed.
2008-05-05 03:00 Process C:\WINDOWS\system32\rundll32.exe (PID: 328): attempt to load new or modified module allowed.
2008-05-05 03:00 Process C:\WINDOWS\system32\rundll32.exe (PID: 328): attempt to load new or modified module allowed.
2008-05-05 03:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 3644): attempt to load new or modified module allowed.
2008-05-05 03:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 848): attempt to load new or modified module allowed.
2008-05-05 03:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 3644): attempt to load new or modified module allowed.
2008-05-05 03:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 848): attempt to load new or modified module allowed.
2008-05-05 03:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 3644): attempt to load new or modified module allowed.
2008-05-05 03:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 848): attempt to load new or modified module allowed.
2008-05-05 03:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 3644): attempt to load new or modified module allowed.
2008-05-05 03:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 848): attempt to load new or modified module allowed.
2008-05-05 03:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 3644): attempt to load new or modified module allowed.
2008-05-05 03:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 848): attempt to load new or modified module allowed.
2008-05-05 03:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 3644): attempt to load new or modified module allowed.
2008-05-05 03:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 848): attempt to load new or modified module allowed.
2008-05-05 03:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 3644): attempt to load new or modified module allowed.
2008-05-05 03:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 848): attempt to load new or modified module allowed.
2008-05-05 03:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 3644): attempt to load new or modified module allowed.
2008-05-05 03:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 848): attempt to load new or modified module allowed.
2008-05-05 03:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 3644): attempt to load new or modified module allowed.
2008-05-05 03:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 848): attempt to load new or modified module allowed.
2008-05-05 03:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 3644): attempt to load new or modified module allowed.
2008-05-05 03:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 848): attempt to load new or modified module allowed.
2008-05-05 03:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 3644): attempt to load new or modified module allowed.
2008-05-05 03:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 848): attempt to load new or modified module allowed.
2008-05-05 03:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 3644): attempt to load new or modified module allowed.
2008-05-05 03:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 848): attempt to load new or modified module allowed.
2008-05-05 03:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 3644): attempt to load new or modified module allowed.
2008-05-05 03:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 848): attempt to load new or modified module allowed.
2008-05-05 03:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 848): attempt to load new or modified module allowed.
2008-05-05 03:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 848): attempt to load new or modified module allowed.
2008-05-05 03:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 848): attempt to load new or modified module allowed.
2008-05-05 03:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 848): attempt to load new or modified module allowed.
2008-05-05 03:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 848): attempt to load new or modified module allowed.
2008-05-05 03:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 848): attempt to load new or modified module allowed.
2008-05-05 03:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 848): attempt to load new or modified module allowed.
2008-05-05 03:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 848): attempt to load new or modified module allowed.
2008-05-05 03:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 848): attempt to load new or modified module allowed.
2008-05-05 03:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 848): attempt to load new or modified module allowed.
2008-05-05 03:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 848): attempt to load new or modified module allowed.
2008-05-05 03:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 848): attempt to load new or modified module allowed.
2008-05-05 03:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 848): attempt to load new or modified module allowed.
2008-05-05 03:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 848): attempt to load new or modified module allowed.
2008-05-05 03:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 848): attempt to load new or modified module allowed.
2008-05-05 03:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 848): attempt to load new or modified module allowed.
2008-05-05 03:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 848): attempt to load new or modified module allowed.
2008-05-05 03:04 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 03:04 Process C:\WINDOWS\system32\rundll32.exe (PID: 432): attempt to load new or modified module allowed.
2008-05-05 03:04 Process C:\WINDOWS\system32\rundll32.exe (PID: 432): attempt to load new or modified module allowed.
2008-05-05 03:04 Process C:\WINDOWS\system32\rundll32.exe (PID: 848): attempt to load new or modified module allowed.
2008-05-05 03:04 Process C:\WINDOWS\system32\rundll32.exe (PID: 848): attempt to load new or modified module allowed.
2008-05-05 03:04 Process C:\WINDOWS\system32\winlogon.exe (PID: 1364): attempt to load new or modified module allowed.
2008-05-05 03:04 Process C:\WINDOWS\system32\winlogon.exe (PID: 1364): attempt to load new or modified module allowed.
2008-05-05 03:04 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 03:06 Protection of your computer started.
2008-05-05 03:06 Some protection components are disabled. You are advised to enable them.
2008-05-05 03:07 Running process C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe: detected modification of riskware 'Invader (loader)'.
2008-05-05 03:07 Running process C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe: added to exclusion list.
2008-05-05 03:07 Process C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (PID: 1976): attempt to perform suspicious actions allowed.
2008-05-05 03:07 Process C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (PID: 1976): attempt to perform suspicious actions allowed.
2008-05-05 03:07 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 03:08 Update completed successfully
2008-05-05 03:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4052): attempt to load new or modified module allowed.
2008-05-05 03:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4052): attempt to load new or modified module allowed.
2008-05-05 03:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4052): attempt to load new or modified module allowed.
2008-05-05 03:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4052): attempt to load new or modified module allowed.
2008-05-05 03:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4052): attempt to load new or modified module allowed.
2008-05-05 03:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4052): attempt to load new or modified module allowed.
2008-05-05 03:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4052): attempt to load new or modified module allowed.
2008-05-05 03:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4052): attempt to load new or modified module allowed.
2008-05-05 03:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4052): attempt to load new or modified module allowed.
2008-05-05 03:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4052): attempt to load new or modified module allowed.
2008-05-05 03:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4052): attempt to load new or modified module allowed.
2008-05-05 03:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4052): attempt to load new or modified module allowed.
2008-05-05 03:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4052): attempt to load new or modified module allowed.
2008-05-05 03:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4052): attempt to load new or modified module allowed.
2008-05-05 03:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4052): attempt to load new or modified module allowed.
2008-05-05 03:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4052): attempt to load new or modified module allowed.
2008-05-05 03:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4052): attempt to load new or modified module allowed.
2008-05-05 03:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4052): attempt to load new or modified module allowed.
2008-05-05 03:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4052): attempt to load new or modified module allowed.
2008-05-05 03:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4052): attempt to load new or modified module allowed.
2008-05-05 03:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4052): attempt to load new or modified module allowed.
2008-05-05 03:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4052): attempt to load new or modified module allowed.
2008-05-05 03:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4052): attempt to load new or modified module allowed.
2008-05-05 03:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4052): attempt to load new or modified module allowed.
2008-05-05 03:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4052): attempt to load new or modified module allowed.
2008-05-05 03:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4052): attempt to load new or modified module allowed.
2008-05-05 03:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4052): attempt to load new or modified module allowed.
2008-05-05 03:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4052): attempt to load new or modified module allowed.
2008-05-05 03:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4052): attempt to load new or modified module allowed.
2008-05-05 03:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4052): attempt to load new or modified module allowed.
2008-05-05 03:09 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 03:09 Process C:\WINDOWS\system32\rundll32.exe (PID: 904): attempt to load new or modified module allowed.
2008-05-05 03:09 Process C:\WINDOWS\system32\rundll32.exe (PID: 904): attempt to load new or modified module allowed.
2008-05-05 03:09 Process C:\WINDOWS\system32\rundll32.exe (PID: 4052): attempt to load new or modified module allowed.
2008-05-05 03:09 Process C:\WINDOWS\system32\rundll32.exe (PID: 4052): attempt to load new or modified module allowed.
2008-05-05 03:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 03:10 Process C:\WINDOWS\system32\rundll32.exe (PID: 3632): attempt to load new or modified module allowed.
2008-05-05 03:11 Process C:\WINDOWS\system32\rundll32.exe (PID: 2344): attempt to load new or modified module allowed.
2008-05-05 03:11 Process C:\WINDOWS\system32\rundll32.exe (PID: 2344): attempt to load new or modified module allowed.
2008-05-05 03:11 Process C:\WINDOWS\system32\rundll32.exe (PID: 2344): attempt to load new or modified module allowed.
2008-05-05 03:11 Process C:\WINDOWS\system32\rundll32.exe (PID: 2344): attempt to load new or modified module allowed.
2008-05-05 03:11 Process C:\WINDOWS\system32\rundll32.exe (PID: 2344): attempt to load new or modified module allowed.
2008-05-05 03:11 Process C:\WINDOWS\system32\rundll32.exe (PID: 2344): attempt to load new or modified module allowed.
2008-05-05 03:11 Process C:\WINDOWS\system32\rundll32.exe (PID: 2344): attempt to load new or modified module allowed.
2008-05-05 03:11 Process C:\WINDOWS\system32\rundll32.exe (PID: 2344): attempt to load new or modified module allowed.
2008-05-05 03:11 Process C:\WINDOWS\system32\rundll32.exe (PID: 2344): attempt to load new or modified module allowed.
2008-05-05 03:11 Process C:\WINDOWS\system32\rundll32.exe (PID: 2344): attempt to load new or modified module allowed.
2008-05-05 03:11 Process C:\WINDOWS\system32\rundll32.exe (PID: 2344): attempt to load new or modified module allowed.
2008-05-05 03:11 Process C:\WINDOWS\system32\rundll32.exe (PID: 2344): attempt to load new or modified module allowed.
2008-05-05 03:11 Process C:\WINDOWS\system32\rundll32.exe (PID: 2344): attempt to load new or modified module allowed.
2008-05-05 03:11 Process C:\WINDOWS\system32\rundll32.exe (PID: 2344): attempt to load new or modified module allowed.
2008-05-05 03:11 Process C:\WINDOWS\system32\rundll32.exe (PID: 2344): attempt to load new or modified module allowed.
2008-05-05 03:11 Process C:\WINDOWS\system32\rundll32.exe (PID: 2344): attempt to load new or modified module allowed.
2008-05-05 03:11 Process C:\WINDOWS\system32\rundll32.exe (PID: 2344): attempt to load new or modified module allowed.
2008-05-05 03:11 Process C:\WINDOWS\system32\rundll32.exe (PID: 2344): attempt to load new or modified module allowed.
2008-05-05 03:11 Process C:\WINDOWS\system32\rundll32.exe (PID: 2344): attempt to load new or modified module allowed.
2008-05-05 03:11 Process C:\WINDOWS\system32\rundll32.exe (PID: 2344): attempt to load new or modified module allowed.
2008-05-05 03:11 Process C:\WINDOWS\system32\rundll32.exe (PID: 2344): attempt to load new or modified module allowed.
2008-05-05 03:11 Process C:\WINDOWS\system32\rundll32.exe (PID: 2344): attempt to load new or modified module allowed.
2008-05-05 03:11 Process C:\WINDOWS\system32\rundll32.exe (PID: 2344): attempt to load new or modified module allowed.
2008-05-05 03:11 Process C:\WINDOWS\system32\rundll32.exe (PID: 2344): attempt to load new or modified module allowed.
2008-05-05 03:11 Process C:\WINDOWS\system32\rundll32.exe (PID: 2344): attempt to load new or modified module allowed.
2008-05-05 03:11 Process C:\WINDOWS\system32\rundll32.exe (PID: 2344): attempt to load new or modified module allowed.
2008-05-05 03:11 Process C:\WINDOWS\system32\rundll32.exe (PID: 2344): attempt to load new or modified module allowed.
2008-05-05 03:11 Process C:\WINDOWS\system32\rundll32.exe (PID: 2344): attempt to load new or modified module allowed.
2008-05-05 03:11 Process C:\WINDOWS\system32\rundll32.exe (PID: 2344): attempt to load new or modified module allowed.
2008-05-05 03:11 Process C:\WINDOWS\system32\rundll32.exe (PID: 2344): attempt to load new or modified module allowed.
2008-05-05 03:12 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 03:12 Process C:\WINDOWS\system32\rundll32.exe (PID: 1324): attempt to load new or modified module allowed.
2008-05-05 03:12 Process C:\WINDOWS\system32\rundll32.exe (PID: 1324): attempt to load new or modified module allowed.
2008-05-05 03:12 Process C:\WINDOWS\system32\rundll32.exe (PID: 2344): attempt to load new or modified module allowed.
2008-05-05 03:12 Process C:\WINDOWS\system32\rundll32.exe (PID: 2344): attempt to load new or modified module allowed.
2008-05-05 03:13 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 03:13 Process C:\WINDOWS\system32\rundll32.exe (PID: 1768): attempt to load new or modified module allowed.
2008-05-05 03:13 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3524): attempt to load new or modified module allowed.
2008-05-05 03:13 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3524): attempt to load new or modified module allowed.
2008-05-05 03:16 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3524): attempt to load new or modified module allowed.
2008-05-05 03:16 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3524): attempt to load new or modified module allowed.
2008-05-05 03:21 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3524): attempt to load new or modified module allowed.
2008-05-05 03:21 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3524): attempt to load new or modified module allowed.
2008-05-05 03:23 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 4020): attempt to load new or modified module allowed.
2008-05-05 03:23 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 4020): attempt to load new or modified module allowed.
2008-05-05 03:23 Process C:\WINDOWS\system32\rundll32.exe (PID: 1820): attempt to load new or modified module allowed.
2008-05-05 03:23 Process C:\WINDOWS\system32\rundll32.exe (PID: 1820): attempt to load new or modified module allowed.
2008-05-05 03:23 Process C:\WINDOWS\system32\rundll32.exe (PID: 1820): attempt to load new or modified module allowed.
2008-05-05 03:23 Process C:\WINDOWS\system32\rundll32.exe (PID: 1820): attempt to load new or modified module allowed.
2008-05-05 03:23 Process C:\WINDOWS\system32\rundll32.exe (PID: 1820): attempt to load new or modified module allowed.
2008-05-05 03:23 Process C:\WINDOWS\system32\rundll32.exe (PID: 1820): attempt to load new or modified module allowed.
2008-05-05 03:23 Process C:\WINDOWS\system32\rundll32.exe (PID: 1820): attempt to load new or modified module allowed.
2008-05-05 03:23 Process C:\WINDOWS\system32\rundll32.exe (PID: 1820): attempt to load new or modified module allowed.
2008-05-05 03:23 Process C:\WINDOWS\system32\rundll32.exe (PID: 1820): attempt to load new or modified module allowed.
2008-05-05 03:23 Process C:\WINDOWS\system32\rundll32.exe (PID: 1820): attempt to load new or modified module allowed.
2008-05-05 03:23 Process C:\WINDOWS\system32\rundll32.exe (PID: 1820): attempt to load new or modified module allowed.
2008-05-05 03:23 Process C:\WINDOWS\system32\rundll32.exe (PID: 1820): attempt to load new or modified module allowed.
2008-05-05 03:23 Process C:\WINDOWS\system32\rundll32.exe (PID: 1820): attempt to load new or modified module allowed.
2008-05-05 03:23 Process C:\WINDOWS\system32\rundll32.exe (PID: 1820): attempt to load new or modified module allowed.
2008-05-05 03:23 Process C:\WINDOWS\system32\rundll32.exe (PID: 1820): attempt to load new or modified module allowed.
2008-05-05 03:23 Process C:\WINDOWS\system32\rundll32.exe (PID: 1820): attempt to load new or modified module allowed.
2008-05-05 03:23 Process C:\WINDOWS\system32\rundll32.exe (PID: 1820): attempt to load new or modified module allowed.
2008-05-05 03:23 Process C:\WINDOWS\system32\rundll32.exe (PID: 1820): attempt to load new or modified module allowed.
2008-05-05 03:23 Process C:\WINDOWS\system32\rundll32.exe (PID: 1820): attempt to load new or modified module allowed.
2008-05-05 03:23 Process C:\WINDOWS\system32\rundll32.exe (PID: 1820): attempt to load new or modified module allowed.
2008-05-05 03:23 Process C:\WINDOWS\system32\rundll32.exe (PID: 1820): attempt to load new or modified module allowed.
2008-05-05 03:23 Process C:\WINDOWS\system32\rundll32.exe (PID: 1820): attempt to load new or modified module allowed.
2008-05-05 03:23 Process C:\WINDOWS\system32\rundll32.exe (PID: 1820): attempt to load new or modified module allowed.
2008-05-05 03:23 Process C:\WINDOWS\system32\rundll32.exe (PID: 1820): attempt to load new or modified module allowed.
2008-05-05 03:23 Process C:\WINDOWS\system32\rundll32.exe (PID: 1820): attempt to load new or modified module allowed.
2008-05-05 03:23 Process C:\WINDOWS\system32\rundll32.exe (PID: 1820): attempt to load new or modified module allowed.
2008-05-05 03:23 Process C:\WINDOWS\system32\rundll32.exe (PID: 1820): attempt to load new or modified module allowed.
2008-05-05 03:23 Process C:\WINDOWS\system32\rundll32.exe (PID: 1820): attempt to load new or modified module allowed.
2008-05-05 03:23 Process C:\WINDOWS\system32\rundll32.exe (PID: 1820): attempt to load new or modified module allowed.
2008-05-05 03:23 Process C:\WINDOWS\system32\rundll32.exe (PID: 1820): attempt to load new or modified module allowed.
2008-05-05 03:24 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 03:24 Process C:\WINDOWS\system32\rundll32.exe (PID: 740): attempt to load new or modified module allowed.
2008-05-05 03:24 Process C:\WINDOWS\system32\rundll32.exe (PID: 740): attempt to load new or modified module allowed.
2008-05-05 03:24 Process C:\WINDOWS\system32\rundll32.exe (PID: 1820): attempt to load new or modified module allowed.
2008-05-05 03:24 Process C:\WINDOWS\system32\rundll32.exe (PID: 1820): attempt to load new or modified module allowed.
2008-05-05 03:26 Process C:\WINDOWS\System32\svchost.exe (PID: 1724): attempt to load new or modified module allowed.
2008-05-05 03:26 Process C:\WINDOWS\System32\svchost.exe (PID: 1724): attempt to load new or modified module allowed.
2008-05-05 03:26 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 03:26 Process C:\WINDOWS\system32\rundll32.exe (PID: 3244): attempt to load new or modified module allowed.
2008-05-05 03:26 Process C:\WINDOWS\System32\svchost.exe (PID: 1724): attempt to load new or modified module allowed.
2008-05-05 03:26 Process C:\WINDOWS\System32\svchost.exe (PID: 1724): attempt to load new or modified module allowed.
2008-05-05 03:26 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 03:26 Process C:\WINDOWS\system32\rundll32.exe (PID: 3392): attempt to load new or modified module allowed.
2008-05-05 03:26 Process C:\WINDOWS\system32\rundll32.exe (PID: 3392): attempt to load new or modified module allowed.
2008-05-05 03:27 Process C:\WINDOWS\system32\rundll32.exe (PID: 3360): attempt to load new or modified module allowed.
2008-05-05 03:27 Process C:\WINDOWS\system32\rundll32.exe (PID: 3360): attempt to load new or modified module allowed.
2008-05-05 03:27 Process C:\WINDOWS\system32\rundll32.exe (PID: 3360): attempt to load new or modified module allowed.
2008-05-05 03:27 Process C:\WINDOWS\system32\rundll32.exe (PID: 3360): attempt to load new or modified module allowed.
2008-05-05 03:27 Process C:\WINDOWS\system32\rundll32.exe (PID: 3360): attempt to load new or modified module allowed.
2008-05-05 03:27 Process C:\WINDOWS\system32\rundll32.exe (PID: 3360): attempt to load new or modified module allowed.
2008-05-05 03:27 Process C:\WINDOWS\system32\rundll32.exe (PID: 3360): attempt to load new or modified module allowed.
2008-05-05 03:27 Process C:\WINDOWS\system32\rundll32.exe (PID: 3360): attempt to load new or modified module allowed.
2008-05-05 03:27 Process C:\WINDOWS\system32\rundll32.exe (PID: 3360): attempt to load new or modified module allowed.
2008-05-05 03:27 Process C:\WINDOWS\system32\rundll32.exe (PID: 3360): attempt to load new or modified module allowed.
2008-05-05 03:27 Process C:\WINDOWS\system32\rundll32.exe (PID: 3360): attempt to load new or modified module allowed.
2008-05-05 03:27 Process C:\WINDOWS\system32\rundll32.exe (PID: 3360): attempt to load new or modified module allowed.
2008-05-05 03:27 Process C:\WINDOWS\system32\rundll32.exe (PID: 3360): attempt to load new or modified module allowed.
2008-05-05 03:28 Process C:\WINDOWS\system32\rundll32.exe (PID: 3360): attempt to load new or modified module allowed.
2008-05-05 03:28 Process C:\WINDOWS\system32\rundll32.exe (PID: 3360): attempt to load new or modified module allowed.
2008-05-05 03:28 Process C:\WINDOWS\system32\rundll32.exe (PID: 3360): attempt to load new or modified module allowed.
2008-05-05 03:28 Process C:\WINDOWS\system32\rundll32.exe (PID: 3360): attempt to load new or modified module allowed.
2008-05-05 03:28 Process C:\WINDOWS\system32\rundll32.exe (PID: 3360): attempt to load new or modified module allowed.
2008-05-05 03:28 Process C:\WINDOWS\system32\rundll32.exe (PID: 3360): attempt to load new or modified module allowed.
2008-05-05 03:28 Process C:\WINDOWS\system32\rundll32.exe (PID: 3360): attempt to load new or modified module allowed.
2008-05-05 03:28 Process C:\WINDOWS\system32\rundll32.exe (PID: 3360): attempt to load new or modified module allowed.
2008-05-05 03:28 Process C:\WINDOWS\system32\rundll32.exe (PID: 3360): attempt to load new or modified module allowed.
2008-05-05 03:28 Process C:\WINDOWS\system32\rundll32.exe (PID: 3360): attempt to load new or modified module allowed.
2008-05-05 03:28 Process C:\WINDOWS\system32\rundll32.exe (PID: 3360): attempt to load new or modified module allowed.
2008-05-05 03:28 Process C:\WINDOWS\system32\rundll32.exe (PID: 3360): attempt to load new or modified module allowed.
2008-05-05 03:28 Process C:\WINDOWS\system32\rundll32.exe (PID: 3360): attempt to load new or modified module allowed.
2008-05-05 03:28 Process C:\WINDOWS\system32\rundll32.exe (PID: 3360): attempt to load new or modified module allowed.
2008-05-05 03:28 Process C:\WINDOWS\system32\rundll32.exe (PID: 3360): attempt to load new or modified module allowed.
2008-05-05 03:28 Process C:\WINDOWS\system32\rundll32.exe (PID: 3360): attempt to load new or modified module allowed.
2008-05-05 03:28 Process C:\WINDOWS\system32\rundll32.exe (PID: 3360): attempt to load new or modified module allowed.
2008-05-05 03:30 Process C:\WINDOWS\System32\svchost.exe (PID: 1724): attempt to load new or modified module allowed.
2008-05-05 03:30 Process C:\WINDOWS\System32\svchost.exe (PID: 1724): attempt to load new or modified module allowed.
2008-05-05 03:30 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 03:30 Process C:\WINDOWS\system32\rundll32.exe (PID: 288): attempt to load new or modified module allowed.
2008-05-05 03:30 Process C:\WINDOWS\system32\rundll32.exe (PID: 288): attempt to load new or modified module allowed.
2008-05-05 03:30 Process C:\WINDOWS\system32\rundll32.exe (PID: 3360): attempt to load new or modified module allowed.
2008-05-05 03:30 Process C:\WINDOWS\system32\rundll32.exe (PID: 3360): attempt to load new or modified module allowed.
2008-05-05 03:32 Process C:\WINDOWS\System32\svchost.exe (PID: 1724): attempt to load new or modified module allowed.
2008-05-05 03:32 Process C:\WINDOWS\System32\svchost.exe (PID: 1724): attempt to load new or modified module allowed.
2008-05-05 03:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 03:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 3476): attempt to load new or modified module allowed.
2008-05-05 03:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 712): attempt to load new or modified module allowed.
2008-05-05 03:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 712): attempt to load new or modified module allowed.
2008-05-05 03:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 712): attempt to load new or modified module allowed.
2008-05-05 03:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 712): attempt to load new or modified module allowed.
2008-05-05 03:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 712): attempt to load new or modified module allowed.
2008-05-05 03:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 712): attempt to load new or modified module allowed.
2008-05-05 03:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 712): attempt to load new or modified module allowed.
2008-05-05 03:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 712): attempt to load new or modified module allowed.
2008-05-05 03:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 712): attempt to load new or modified module allowed.
2008-05-05 03:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 712): attempt to load new or modified module allowed.
2008-05-05 03:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 712): attempt to load new or modified module allowed.
2008-05-05 03:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 712): attempt to load new or modified module allowed.
2008-05-05 03:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 712): attempt to load new or modified module allowed.
2008-05-05 03:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 712): attempt to load new or modified module allowed.
2008-05-05 03:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 712): attempt to load new or modified module allowed.
2008-05-05 03:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 712): attempt to load new or modified module allowed.
2008-05-05 03:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 712): attempt to load new or modified module allowed.
2008-05-05 03:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 712): attempt to load new or modified module allowed.
2008-05-05 03:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 712): attempt to load new or modified module allowed.
2008-05-05 03:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 712): attempt to load new or modified module allowed.
2008-05-05 03:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 712): attempt to load new or modified module allowed.
2008-05-05 03:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 712): attempt to load new or modified module allowed.
2008-05-05 03:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 712): attempt to load new or modified module allowed.
2008-05-05 03:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 712): attempt to load new or modified module allowed.
2008-05-05 03:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 712): attempt to load new or modified module allowed.
2008-05-05 03:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 712): attempt to load new or modified module allowed.
2008-05-05 03:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 712): attempt to load new or modified module allowed.
2008-05-05 03:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 712): attempt to load new or modified module allowed.
2008-05-05 03:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 712): attempt to load new or modified module allowed.
2008-05-05 03:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 712): attempt to load new or modified module allowed.
2008-05-05 03:34 Process C:\WINDOWS\System32\svchost.exe (PID: 1724): attempt to load new or modified module allowed.
2008-05-05 03:34 Process C:\WINDOWS\System32\svchost.exe (PID: 1724): attempt to load new or modified module allowed.

#6 ayarlar

ayarlar
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 07 May 2008 - 08:58 AM

and this because was to long:



2008-05-05 03:34 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 03:34 Process C:\WINDOWS\system32\rundll32.exe (PID: 3332): attempt to load new or modified module allowed.
2008-05-05 03:34 Process C:\WINDOWS\system32\rundll32.exe (PID: 3332): attempt to load new or modified module allowed.
2008-05-05 03:34 Process C:\WINDOWS\system32\rundll32.exe (PID: 712): attempt to load new or modified module allowed.
2008-05-05 03:34 Process C:\WINDOWS\system32\rundll32.exe (PID: 712): attempt to load new or modified module allowed.
2008-05-05 03:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 1340): attempt to load new or modified module allowed.
2008-05-05 03:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 1340): attempt to load new or modified module allowed.
2008-05-05 03:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 1340): attempt to load new or modified module allowed.
2008-05-05 03:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 1340): attempt to load new or modified module allowed.
2008-05-05 03:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 1340): attempt to load new or modified module allowed.
2008-05-05 03:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 1340): attempt to load new or modified module allowed.
2008-05-05 03:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 1340): attempt to load new or modified module allowed.
2008-05-05 03:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 1340): attempt to load new or modified module allowed.
2008-05-05 03:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 1340): attempt to load new or modified module allowed.
2008-05-05 03:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 1340): attempt to load new or modified module allowed.
2008-05-05 03:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 1340): attempt to load new or modified module allowed.
2008-05-05 03:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 1340): attempt to load new or modified module allowed.
2008-05-05 03:52 Process C:\WINDOWS\system32\rundll32.exe (PID: 1340): attempt to load new or modified module allowed.
2008-05-05 03:53 Process C:\WINDOWS\system32\rundll32.exe (PID: 1340): attempt to load new or modified module allowed.
2008-05-05 03:53 Process C:\WINDOWS\system32\rundll32.exe (PID: 1340): attempt to load new or modified module allowed.
2008-05-05 03:53 Process C:\WINDOWS\system32\rundll32.exe (PID: 1340): attempt to load new or modified module allowed.
2008-05-05 03:53 Process C:\WINDOWS\system32\rundll32.exe (PID: 1340): attempt to load new or modified module allowed.
2008-05-05 03:53 Process C:\WINDOWS\system32\rundll32.exe (PID: 1340): attempt to load new or modified module allowed.
2008-05-05 03:53 Process C:\WINDOWS\system32\rundll32.exe (PID: 1340): attempt to load new or modified module allowed.
2008-05-05 03:53 Process C:\WINDOWS\system32\rundll32.exe (PID: 1340): attempt to load new or modified module allowed.
2008-05-05 03:53 Process C:\WINDOWS\system32\rundll32.exe (PID: 1340): attempt to load new or modified module allowed.
2008-05-05 03:53 Process C:\WINDOWS\system32\rundll32.exe (PID: 1340): attempt to load new or modified module allowed.
2008-05-05 03:53 Process C:\WINDOWS\system32\rundll32.exe (PID: 1340): attempt to load new or modified module allowed.
2008-05-05 03:53 Process C:\WINDOWS\system32\rundll32.exe (PID: 1340): attempt to load new or modified module allowed.
2008-05-05 03:53 Process C:\WINDOWS\system32\rundll32.exe (PID: 1340): attempt to load new or modified module allowed.
2008-05-05 03:53 Process C:\WINDOWS\system32\rundll32.exe (PID: 1340): attempt to load new or modified module allowed.
2008-05-05 03:53 Process C:\WINDOWS\system32\rundll32.exe (PID: 1340): attempt to load new or modified module allowed.
2008-05-05 03:53 Process C:\WINDOWS\system32\rundll32.exe (PID: 1340): attempt to load new or modified module allowed.
2008-05-05 03:53 Process C:\WINDOWS\system32\rundll32.exe (PID: 1340): attempt to load new or modified module allowed.
2008-05-05 03:53 Process C:\WINDOWS\system32\rundll32.exe (PID: 1340): attempt to load new or modified module allowed.
2008-05-05 03:54 Process C:\WINDOWS\System32\svchost.exe (PID: 1724): attempt to load new or modified module allowed.
2008-05-05 03:54 Process C:\WINDOWS\System32\svchost.exe (PID: 1724): attempt to load new or modified module allowed.
2008-05-05 03:54 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 03:54 Process C:\WINDOWS\system32\rundll32.exe (PID: 3256): attempt to load new or modified module allowed.
2008-05-05 03:54 Process C:\WINDOWS\system32\rundll32.exe (PID: 3256): attempt to load new or modified module allowed.
2008-05-05 03:54 Process C:\WINDOWS\system32\rundll32.exe (PID: 1340): attempt to load new or modified module allowed.
2008-05-05 03:54 Process C:\WINDOWS\system32\rundll32.exe (PID: 1340): attempt to load new or modified module allowed.
2008-05-05 03:55 Process C:\WINDOWS\System32\svchost.exe (PID: 1724): attempt to load new or modified module allowed.
2008-05-05 03:55 Process C:\WINDOWS\System32\svchost.exe (PID: 1724): attempt to load new or modified module allowed.
2008-05-05 03:55 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 03:55 Process C:\WINDOWS\system32\rundll32.exe (PID: 328): attempt to load new or modified module allowed.
2008-05-05 03:56 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2452): attempt to load new or modified module allowed.
2008-05-05 03:56 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2452): attempt to load new or modified module allowed.
2008-05-05 03:59 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3740): attempt to load new or modified module allowed.
2008-05-05 03:59 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3740): attempt to load new or modified module allowed.
2008-05-05 03:59 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3740): attempt to load new or modified module allowed.
2008-05-05 03:59 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3740): attempt to load new or modified module allowed.
2008-05-05 04:04 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 672): attempt to load new or modified module allowed.
2008-05-05 04:04 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 672): attempt to load new or modified module allowed.
2008-05-05 05:28 Update completed successfully
2008-05-05 07:47 Update completed successfully
2008-05-05 10:07 Update completed successfully
2008-05-05 10:19 Process C:\WINDOWS\System32\svchost.exe (PID: 1724): attempt to load new or modified module allowed.
2008-05-05 10:19 Process C:\WINDOWS\System32\svchost.exe (PID: 1724): attempt to load new or modified module allowed.
2008-05-05 12:27 Update completed successfully
2008-05-05 13:36 Process C:\WINDOWS\system32\winlogon.exe (PID: 1360): attempt to load new or modified module allowed.
2008-05-05 13:36 Process C:\WINDOWS\system32\winlogon.exe (PID: 1360): attempt to load new or modified module allowed.
2008-05-05 17:29 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 17:29 Process C:\WINDOWS\system32\winlogon.exe (PID: 1360): attempt to load new or modified module allowed.
2008-05-05 17:29 Process C:\WINDOWS\System32\svchost.exe (PID: 1724): attempt to load new or modified module allowed.
2008-05-05 17:29 Process C:\WINDOWS\system32\winlogon.exe (PID: 1360): attempt to load new or modified module allowed.
2008-05-05 17:29 Process C:\WINDOWS\system32\dwwin.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 17:29 Process C:\WINDOWS\System32\svchost.exe (PID: 1724): attempt to load new or modified module allowed.
2008-05-05 17:29 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:29 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:29 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:29 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:29 Update error: The updates source cannot be found.
2008-05-05 17:29 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:29 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process C:\WINDOWS\system32\dwwin.exe (PID: 928): attempt to load new or modified module allowed.
2008-05-05 17:30 Process (PID 3312) tried to access Kaspersky Internet Security process (PID 1200), but the action has been blocked by the Self-Defense component. No action on your part is required.
2008-05-05 17:30 Process (PID 3312) tried to access Kaspersky Internet Security process (PID 1188), but the action has been blocked by the Self-Defense component. No action on your part is required.
2008-05-05 17:30 Process (PID 1084) tried to access Kaspersky Internet Security process (PID 1188), but the action has been blocked by the Self-Defense component. No action on your part is required.
2008-05-05 17:31 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 17:31 Process C:\WINDOWS\system32\rundll32.exe (PID: 4048): attempt to load new or modified module allowed.
2008-05-05 17:31 Process C:\WINDOWS\system32\rundll32.exe (PID: 4048): attempt to load new or modified module allowed.
2008-05-05 17:31 Process C:\WINDOWS\system32\rundll32.exe (PID: 4048): attempt to load new or modified module allowed.
2008-05-05 17:31 Process C:\WINDOWS\system32\rundll32.exe (PID: 4048): attempt to load new or modified module allowed.
2008-05-05 17:31 Process C:\WINDOWS\system32\rundll32.exe (PID: 4048): attempt to load new or modified module allowed.
2008-05-05 17:31 Process C:\WINDOWS\system32\rundll32.exe (PID: 4048): attempt to load new or modified module allowed.
2008-05-05 17:31 Process C:\WINDOWS\system32\rundll32.exe (PID: 4048): attempt to load new or modified module allowed.
2008-05-05 17:31 Process C:\WINDOWS\system32\rundll32.exe (PID: 4048): attempt to load new or modified module allowed.
2008-05-05 17:31 Process C:\WINDOWS\system32\rundll32.exe (PID: 4048): attempt to load new or modified module allowed.
2008-05-05 17:31 Process C:\WINDOWS\system32\rundll32.exe (PID: 4048): attempt to load new or modified module allowed.
2008-05-05 17:31 Process C:\WINDOWS\system32\rundll32.exe (PID: 4048): attempt to load new or modified module allowed.
2008-05-05 17:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 4048): attempt to load new or modified module allowed.
2008-05-05 17:32 Process C:\WINDOWS\system32\services.exe (PID: 1404): suspicious action. Attempt to modify list of system services executed during system startup (key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sr, value ImagePath, data \SystemRoot\system32\DRIVERS\sr.sys).
2008-05-05 17:32 Process C:\WINDOWS\system32\services.exe (PID: 1404): attempt to modify list of system services executed during system startup (key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sr, value ImagePath, data \SystemRoot\system32\DRIVERS\sr.sys) allowed.
2008-05-05 17:32 Process C:\WINDOWS\System32\svchost.exe (PID: 1724): attempt to load new or modified module allowed.
2008-05-05 17:32 Process C:\WINDOWS\System32\svchost.exe (PID: 1724): attempt to load new or modified module allowed.
2008-05-05 17:32 Update completed successfully
2008-05-05 17:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 17:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 932): attempt to load new or modified module allowed.
2008-05-05 17:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 932): attempt to load new or modified module allowed.
2008-05-05 17:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 932): attempt to load new or modified module allowed.
2008-05-05 17:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 932): attempt to load new or modified module allowed.
2008-05-05 17:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 932): attempt to load new or modified module allowed.
2008-05-05 17:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 932): attempt to load new or modified module allowed.
2008-05-05 17:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 932): attempt to load new or modified module allowed.
2008-05-05 17:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 932): attempt to load new or modified module allowed.
2008-05-05 17:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 932): attempt to load new or modified module allowed.
2008-05-05 17:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 932): attempt to load new or modified module allowed.
2008-05-05 17:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 932): attempt to load new or modified module allowed.
2008-05-05 17:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 932): attempt to load new or modified module allowed.
2008-05-05 17:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 932): attempt to load new or modified module allowed.
2008-05-05 17:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 932): attempt to load new or modified module allowed.
2008-05-05 17:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 932): attempt to load new or modified module allowed.
2008-05-05 17:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 932): attempt to load new or modified module allowed.
2008-05-05 17:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 932): attempt to load new or modified module allowed.
2008-05-05 17:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 932): attempt to load new or modified module allowed.
2008-05-05 17:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 932): attempt to load new or modified module allowed.
2008-05-05 17:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 932): attempt to load new or modified module allowed.
2008-05-05 17:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 932): attempt to load new or modified module allowed.
2008-05-05 17:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 932): attempt to load new or modified module allowed.
2008-05-05 17:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 932): attempt to load new or modified module allowed.
2008-05-05 17:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 932): attempt to load new or modified module allowed.
2008-05-05 17:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 932): attempt to load new or modified module allowed.
2008-05-05 17:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 932): attempt to load new or modified module allowed.
2008-05-05 17:32 Process C:\WINDOWS\system32\services.exe (PID: 1404): suspicious action. Attempt to modify list of system services executed during system startup (key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sr, value ImagePath, data system32\DRIVERS\sr.sys).
2008-05-05 17:32 Process C:\WINDOWS\system32\services.exe (PID: 1404): attempt to modify list of system services executed during system startup (key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sr, value ImagePath, data system32\DRIVERS\sr.sys) allowed.
2008-05-05 17:32 Process C:\WINDOWS\System32\svchost.exe (PID: 1724): attempt to load new or modified module allowed.
2008-05-05 17:32 Process C:\WINDOWS\System32\svchost.exe (PID: 1724): attempt to load new or modified module allowed.
2008-05-05 17:32 Process C:\WINDOWS\System32\svchost.exe (PID: 1724): attempt to load new or modified module allowed.
2008-05-05 17:33 Process C:\WINDOWS\system32\winlogon.exe (PID: 1360): attempt to load new or modified module allowed.
2008-05-05 17:33 Process C:\WINDOWS\system32\winlogon.exe (PID: 1360): attempt to load new or modified module allowed.
2008-05-05 17:33 Process C:\WINDOWS\system32\winlogon.exe (PID: 1360): attempt to load new or modified module allowed.
2008-05-05 17:33 Process C:\WINDOWS\system32\winlogon.exe (PID: 1360): attempt to load new or modified module allowed.
2008-05-05 17:33 Process C:\WINDOWS\system32\winlogon.exe (PID: 1360): attempt to load new or modified module allowed.
2008-05-05 17:33 Process C:\WINDOWS\system32\winlogon.exe (PID: 1360): attempt to load new or modified module allowed.
2008-05-05 17:33 Process C:\WINDOWS\system32\winlogon.exe (PID: 1360): attempt to load new or modified module allowed.
2008-05-05 17:33 Process C:\WINDOWS\system32\winlogon.exe (PID: 1360): attempt to load new or modified module allowed.
2008-05-05 17:33 Process C:\WINDOWS\system32\winlogon.exe (PID: 1360): attempt to load new or modified module allowed.
2008-05-05 17:33 Process C:\WINDOWS\system32\winlogon.exe (PID: 1360): attempt to load new or modified module allowed.
2008-05-05 17:33 Process C:\WINDOWS\system32\winlogon.exe (PID: 1360): attempt to load new or modified module allowed.
2008-05-05 17:33 Process C:\WINDOWS\system32\winlogon.exe (PID: 1360): attempt to load new or modified module allowed.
2008-05-05 17:33 Process C:\WINDOWS\system32\winlogon.exe (PID: 1360): attempt to load new or modified module allowed.
2008-05-05 17:33 Process C:\WINDOWS\system32\winlogon.exe (PID: 1360): attempt to load new or modified module allowed.
2008-05-05 17:33 Process C:\WINDOWS\system32\winlogon.exe (PID: 1360): attempt to load new or modified module allowed.
2008-05-05 17:33 Process C:\WINDOWS\system32\winlogon.exe (PID: 1360): attempt to load new or modified module allowed.
2008-05-05 17:33 Protection of your computer is not running. You are advised to resume protection.
2008-05-05 17:34 Protection of your computer started.
2008-05-05 17:34 Some protection components are disabled. You are advised to enable them.
2008-05-05 17:35 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 17:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 17:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 488): attempt to load new or modified module allowed.
2008-05-05 17:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 17:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 2688): attempt to load new or modified module allowed.
2008-05-05 17:38 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 17:38 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 17:38 Protection of your computer is not running. You are advised to resume protection.
2008-05-05 17:43 Protection of your computer started.
2008-05-05 17:43 Some protection components are disabled. You are advised to enable them.
2008-05-05 17:47 Protection of your computer started.
2008-05-05 17:47 Some protection components are disabled. You are advised to enable them.
2008-05-05 17:47 Protection of your computer is not running. You are advised to resume protection.
2008-05-05 19:44 Protection of your computer started.
2008-05-05 19:44 Some protection components are disabled. You are advised to enable them.
2008-05-05 19:44 Update completed successfully
2008-05-05 19:54 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2948): attempt to load new or modified module allowed.
2008-05-05 19:54 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2948): attempt to load new or modified module allowed.
2008-05-05 19:54 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2948): attempt to load new or modified module allowed.
2008-05-05 19:54 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2948): attempt to load new or modified module allowed.
2008-05-05 19:57 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2948): attempt to load new or modified module allowed.
2008-05-05 19:57 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2948): attempt to load new or modified module allowed.
2008-05-05 19:58 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2292): attempt to load new or modified module allowed.
2008-05-05 19:58 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2972): attempt to load new or modified module allowed.
2008-05-05 19:58 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2292): attempt to load new or modified module allowed.
2008-05-05 19:58 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2972): attempt to load new or modified module allowed.
2008-05-05 20:02 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 20:03 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 20:03 Process C:\WINDOWS\system32\wuauclt.exe (PID: 2848): attempt to load new or modified module allowed.
2008-05-05 20:03 Process C:\WINDOWS\system32\wuauclt.exe (PID: 2848): attempt to load new or modified module allowed.
2008-05-05 20:03 Process C:\WINDOWS\system32\wuauclt.exe (PID: 2848): attempt to load new or modified module allowed.
2008-05-05 20:03 Process C:\WINDOWS\system32\wuauclt.exe (PID: 2848): attempt to load new or modified module allowed.
2008-05-05 20:03 Process C:\WINDOWS\system32\wuauclt.exe (PID: 2848): attempt to load new or modified module allowed.
2008-05-05 20:03 Process C:\WINDOWS\system32\wuauclt.exe (PID: 2848): attempt to load new or modified module allowed.
2008-05-05 20:03 Process C:\WINDOWS\system32\wuauclt.exe (PID: 2848): attempt to load new or modified module allowed.
2008-05-05 20:03 Process C:\WINDOWS\system32\wuauclt.exe (PID: 2848): attempt to load new or modified module allowed.
2008-05-05 20:03 Process C:\WINDOWS\system32\wuauclt.exe (PID: 2848): attempt to load new or modified module allowed.
2008-05-05 20:03 Malicious HTTP object <http://64.92.235.116/e=1344/b=dNPt992CRQzSUSbX4sGVhAAAAAAAAAAAAAAAAAAAAAAWEbV7Ly+ZNbJjKJLo-Z3yZGZnMl9jb20AAAAAAAAAAEVVUgAAAAAAABaZEhAAaWg2MG1fZAAAAAAAAAAAAAAAbm92YWxvZ2ljAAAAAAAAAA==/e=1024/b=aHR0cDovL2QudHJ5bWVkaWEuY29tL2RkL25vdmFsb2dpYy82MG1fZC9kZmcyX2NvbS9EZWx0YUZvcmNlU2V0dXAuZXhl/e=1152/b=RGVsdGEgRm9yY2U=/r/dm/dm2/DeltaForceSetup-dm.exe//UPX>: detected adware 'not-a-virus:AdWare.Win32.Trymedia.d'.
2008-05-05 20:03 Malicious HTTP object <http://64.92.235.116/e=1344/b=dNPt992CRQzSUSbX4sGVhAAAAAAAAAAAAAAAAAAAAAAWEbV7Ly+ZNbJjKJLo-Z3yZGZnMl9jb20AAAAAAAAAAEVVUgAAAAAAABaZEhAAaWg2MG1fZAAAAAAAAAAAAAAAbm92YWxvZ2ljAAAAAAAAAA==/e=1024/b=aHR0cDovL2QudHJ5bWVkaWEuY29tL2RkL25vdmFsb2dpYy82MG1fZC9kZmcyX2NvbS9EZWx0YUZvcmNlU2V0dXAuZXhl/e=1152/b=RGVsdGEgRm9yY2U=/r/dm/dm2/DeltaForceSetup-dm.exe//UPX>: access denied.
2008-05-05 20:03 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2292): attempt to load new or modified module allowed.
2008-05-05 20:05 Malicious HTTP object <http://64.92.235.112/e=1344/b=0aD3ci+LsRpHS0YqEK6RMQAAAAAAAAAAAAAAAAAAAAAulUt5fbQ7sEXtHnuvZ1tOdF8yNW9hX3VrY2EAAAAAAEdCUAAAAAAAABGZEhAAcQgxMHU1bV9wa2c1NDIAAAAAbm92YWxvZ2ljAAAAAAAAAA==/e=1024/b=aHR0cDovL2QudHJ5bWVkaWEuY29tL2RkL25vdmFsb2dpYy8xMHU1bV9wa2c1NDIvdF8yNW9hX3VrY2EvRGYyU2V0dXAuZXhlP2N1cnJfc2VsZWN0ZWQ9R0JQ/e=1152/b=RGVsdGEgRm9yY2UgMg==/r/dm/dm2/Df2Setup-dm.exe//UPX>: detected adware 'not-a-virus:AdWare.Win32.Trymedia.d'.
2008-05-05 20:05 Malicious HTTP object <http://64.92.235.112/e=1344/b=0aD3ci+LsRpHS0YqEK6RMQAAAAAAAAAAAAAAAAAAAAAulUt5fbQ7sEXtHnuvZ1tOdF8yNW9hX3VrY2EAAAAAAEdCUAAAAAAAABGZEhAAcQgxMHU1bV9wa2c1NDIAAAAAbm92YWxvZ2ljAAAAAAAAAA==/e=1024/b=aHR0cDovL2QudHJ5bWVkaWEuY29tL2RkL25vdmFsb2dpYy8xMHU1bV9wa2c1NDIvdF8yNW9hX3VrY2EvRGYyU2V0dXAuZXhlP2N1cnJfc2VsZWN0ZWQ9R0JQ/e=1152/b=RGVsdGEgRm9yY2UgMg==/r/dm/dm2/Df2Setup-dm.exe//UPX>: access denied.
2008-05-05 20:05 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2292): attempt to load new or modified module was blocked.
2008-05-05 20:05 Malicious HTTP object <http://64.92.235.112/e=1344/b=0aD3ci+LsRpHS0YqEK6RMQAAAAAAAAAAAAAAAAAAAABPRGtYyoBwdTgd3HHYVNNCdF8yNW9hX3VrY2EAAAAAAEdCUAAAAAAAABGZEhAAcTkxMHU1bV9wa2c1NDIAAAAAbm92YWxvZ2ljAAAAAAAAAA==/e=1024/b=aHR0cDovL2QudHJ5bWVkaWEuY29tL2RkL25vdmFsb2dpYy8xMHU1bV9wa2c1NDIvdF8yNW9hX3VrY2EvRGYyU2V0dXAuZXhlP2N1cnJfc2VsZWN0ZWQ9R0JQ/e=1152/b=RGVsdGEgRm9yY2UgMg==/r/dm/dm2/Df2Setup-dm.exe//UPX>: detected adware 'not-a-virus:AdWare.Win32.Trymedia.d'.
2008-05-05 20:05 !NOLOC! StatusId(0) EventID(7)
2008-05-05 20:05 File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\RDYPQ8B7\Df2Setup-dm[2].exe//UPX: detected adware 'not-a-virus:AdWare.Win32.Trymedia.d'. User: AYARLAR\Owner, computer: localhost.
2008-05-05 20:05 Security threats have been detected. You are advised to neutralize them immediately.
2008-05-05 20:05 File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\RDYPQ8B7\Df2Setup-dm[2].exe//UPX: is still infected, skipped by user.
2008-05-05 20:06 Malicious HTTP object <http://64.92.235.112/e=1344/b=0aD3ci+LsRpHS0YqEK6RMQAAAAAAAAAAAAAAAAAAAADzlLM8s42duao-Cq2+xWFWdF8yNW9hX3VrY2EAAAAAAEdCUAAAAAAAABGZEhAAcXExMHU1bV9wa2c1NDIAAAAAbm92YWxvZ2ljAAAAAAAAAA==/e=1024/b=aHR0cDovL2QudHJ5bWVkaWEuY29tL2RkL25vdmFsb2dpYy8xMHU1bV9wa2c1NDIvdF8yNW9hX3VrY2EvRGYyU2V0dXAuZXhlP2N1cnJfc2VsZWN0ZWQ9R0JQ/e=1152/b=RGVsdGEgRm9yY2UgMg==/r/dm/dm2/Df2Setup-dm.exe//UPX>: detected adware 'not-a-virus:AdWare.Win32.Trymedia.d'.
2008-05-05 20:06 !NOLOC! StatusId(0) EventID(7)
2008-05-05 20:06 File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\RDYPQ8B7\Df2Setup-dm[2].exe//UPX: detected adware 'not-a-virus:AdWare.Win32.Trymedia.d'. User: AYARLAR\Owner, computer: localhost.
2008-05-05 20:06 File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\RDYPQ8B7\Df2Setup-dm[2].exe: added to exclusion list.
2008-05-05 20:06 File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\RDYPQ8B7\Df2Setup-dm[2].exe//UPX: is still infected, skipped by user.
2008-05-05 20:06 Process C:\WINDOWS\system32\wuauclt.exe (PID: 2848): attempt to load new or modified module allowed.
2008-05-05 20:06 Process C:\WINDOWS\system32\wuauclt.exe (PID: 2848): attempt to load new or modified module allowed.
2008-05-05 20:07 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 20:07 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 20:07 Process C:\WINDOWS\system32\wuauclt.exe (PID: 2352): attempt to load new or modified module allowed.
2008-05-05 20:07 Process C:\WINDOWS\system32\wuauclt.exe (PID: 2352): attempt to load new or modified module allowed.
2008-05-05 20:07 Process C:\WINDOWS\system32\wuauclt.exe (PID: 2352): attempt to load new or modified module allowed.
2008-05-05 20:07 Process C:\WINDOWS\system32\wuauclt.exe (PID: 2352): attempt to load new or modified module allowed.
2008-05-05 20:07 Process C:\WINDOWS\system32\wuauclt.exe (PID: 2352): attempt to load new or modified module allowed.
2008-05-05 20:07 Process C:\WINDOWS\system32\wuauclt.exe (PID: 2352): attempt to load new or modified module allowed.
2008-05-05 20:07 Process C:\WINDOWS\system32\wuauclt.exe (PID: 2352): attempt to load new or modified module allowed.
2008-05-05 20:07 Process C:\WINDOWS\system32\wuauclt.exe (PID: 2352): attempt to load new or modified module allowed.
2008-05-05 20:07 Process C:\WINDOWS\system32\wuauclt.exe (PID: 2352): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3884): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 2204): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4048): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3884): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 2204): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4048): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3884): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 2204): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4048): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3884): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 2204): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4048): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3884): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 2204): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4048): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3884): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 2204): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4048): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3884): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 2204): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4048): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3884): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 2204): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4048): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3884): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 2204): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4048): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3884): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 2204): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4048): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3884): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 2204): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4048): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3884): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 2204): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3884): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4048): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 2204): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4048): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 2532): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3084): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4072): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 2532): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3084): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4072): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 2532): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3084): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4072): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 2532): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3084): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4072): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 2532): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3084): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4072): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 2532): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3084): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4072): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 2532): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3084): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4072): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 1108): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 2532): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3136): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3496): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3084): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4072): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 1108): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 2532): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3136): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3496): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3084): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4072): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 1108): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 2532): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3136): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3496): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3084): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4072): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 1108): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 2532): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3136): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3496): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3084): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4072): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 1108): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 2532): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3136): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3496): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3084): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4072): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 1108): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 2532): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3136): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3496): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3084): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 4072): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 1108): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3136): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3496): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 1108): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3136): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3496): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 1108): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3136): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3496): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 1108): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3136): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3496): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 1108): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3136): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3496): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 1108): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3136): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 1108): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3496): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3136): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\rundll32.exe (PID: 3496): attempt to load new or modified module allowed.
2008-05-05 20:08 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 20:09 Protection of your computer is not running. You are advised to resume protection.
2008-05-05 21:57 Protection of your computer started.
2008-05-05 21:57 Some protection components are disabled. You are advised to enable them.
2008-05-05 21:58 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 21:58 Process C:\WINDOWS\system32\svchost.exe (PID: 1596): attempt to hidden launch of Internet browser allowed.
2008-05-05 21:58 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3696): attempt to load new or modified module allowed.
2008-05-05 21:58 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3696): attempt to load new or modified module allowed.
2008-05-05 21:58 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3696): attempt to load new or modified module allowed.
2008-05-05 21:58 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3696): attempt to load new or modified module allowed.
2008-05-05 21:58 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3696): attempt to load new or modified module allowed.
2008-05-05 21:58 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3696): attempt to load new or modified module allowed.
2008-05-05 21:58 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3696): attempt to load new or modified module allowed.
2008-05-05 21:58 Update completed successfully
2008-05-05 21:58 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3696): attempt to load new or modified module allowed.
2008-05-05 21:59 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3696): attempt to load new or modified module allowed.
2008-05-05 21:59 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3696): attempt to load new or modified module allowed.
2008-05-05 22:01 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 22:01 Process C:\WINDOWS\system32\rundll32.exe (PID: 2968): attempt to load new or modified module allowed.
2008-05-05 22:01 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 22:01 Process C:\WINDOWS\system32\rundll32.exe (PID: 856): attempt to load new or modified module allowed.
2008-05-05 22:01 Protection of your computer is not running. You are advised to resume protection.
2008-05-05 22:35 Protection of your computer started.
2008-05-05 22:35 Some protection components are disabled. You are advised to enable them.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3232): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3008): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3484): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3232): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3008): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3484): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3232): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3008): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3484): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3232): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3008): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3484): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3232): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3008): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3484): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3232): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3484): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3008): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3232): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3484): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3008): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3232): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3484): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3008): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3232): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3484): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3008): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3232): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3484): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3008): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3232): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3484): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3008): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3232): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3484): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3232): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3008): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3484): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3008): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3824): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 2028): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 824): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3824): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 2028): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 824): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3824): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 2028): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 824): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3824): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 2028): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 824): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3824): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 2028): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 824): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3824): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 2028): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 824): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3824): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 2028): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 824): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3824): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 2028): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 824): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3824): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 2028): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 824): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3824): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 2028): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 824): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3824): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 2028): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 824): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3824): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 2028): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3824): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 824): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 2028): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 824): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 2960): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3904): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 336): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 2960): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3904): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 336): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 2960): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3904): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 336): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 2960): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3904): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 336): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 2960): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3904): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 336): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 2960): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3904): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 336): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 2960): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3904): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 336): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 2960): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3904): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 336): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 2960): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3904): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 336): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 2960): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3904): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 2960): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 336): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3904): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 336): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 2960): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3904): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 2960): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 336): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 3904): attempt to load new or modified module allowed.
2008-05-05 22:36 Process C:\WINDOWS\system32\rundll32.exe (PID: 336): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 852): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3744): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3756): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 852): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3744): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3756): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 852): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3744): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3756): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 852): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3744): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3756): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 852): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3744): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3756): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 852): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3744): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3756): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 852): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3744): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3756): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 852): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3744): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3756): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 852): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3744): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3756): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 852): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3744): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 852): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3756): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3744): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3756): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 852): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3744): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 852): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3756): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3744): attempt to load new or modified module allowed.
2008-05-05 22:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3756): attempt to load new or modified module allowed.
2008-05-05 22:43 Protection of your computer is not running. You are advised to resume protection.
2008-05-05 22:43 Protection of your computer started.
2008-05-05 22:43 Some protection components are disabled. You are advised to enable them.
2008-05-05 22:44 Process (PID 1132) tried to access Kaspersky Internet Security process (PID 3940), but the action has been blocked by the Self-Defense component. No action on your part is required.
2008-05-05 23:01 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 23:01 Process C:\WINDOWS\system32\rundll32.exe (PID: 540): attempt to load new or modified module allowed.
2008-05-05 23:01 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 23:01 Process C:\WINDOWS\system32\rundll32.exe (PID: 3968): attempt to load new or modified module allowed.
2008-05-05 23:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 23:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 2816): attempt to load new or modified module allowed.
2008-05-05 23:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-05 23:03 Process C:\WINDOWS\system32\rundll32.exe (PID: 2272): attempt to load new or modified module allowed.
2008-05-05 23:03 Protection of your computer is not running. You are advised to resume protection.
2008-05-06 04:33 Protection of your computer started.
2008-05-06 04:33 Some protection components are disabled. You are advised to enable them.
2008-05-06 04:34 Update completed successfully
2008-05-06 04:35 Protection of your computer is not running. You are advised to resume protection.
2008-05-06 13:53 Protection of your computer started.
2008-05-06 13:53 Some protection components are disabled. You are advised to enable them.
2008-05-06 13:53 Process C:\WINDOWS\system32\alg.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 13:54 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 13:54 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 13:54 Process C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (PID: 1308): attempt to hidden launch of Internet browser allowed.
2008-05-06 13:55 Update completed successfully
2008-05-06 13:55 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1008): attempt to load new or modified module allowed.
2008-05-06 13:55 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1008): attempt to load new or modified module allowed.
2008-05-06 13:58 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3304): attempt to load new or modified module allowed.
2008-05-06 13:58 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3304): attempt to load new or modified module allowed.
2008-05-06 14:03 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 14:24 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3304): attempt to load new or modified module allowed.
2008-05-06 14:24 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3304): attempt to load new or modified module allowed.
2008-05-06 15:17 Protection of your computer is not running. You are advised to resume protection.
2008-05-06 15:35 Protection of your computer started.
2008-05-06 15:35 Some protection components are disabled. You are advised to enable them.
2008-05-06 15:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3788): attempt to load new or modified module allowed.
2008-05-06 15:37 Process C:\WINDOWS\system32\rundll32.exe (PID: 3788): attempt to load new or modified module allowed.
2008-05-06 15:39 Process C:\WINDOWS\system32\rundll32.exe (PID: 1808): attempt to load new or modified module allowed.
2008-05-06 15:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 916): attempt to load new or modified module allowed.
2008-05-06 15:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 916): attempt to load new or modified module allowed.
2008-05-06 15:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 916): attempt to load new or modified module allowed.
2008-05-06 15:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 916): attempt to load new or modified module allowed.
2008-05-06 15:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 916): attempt to load new or modified module allowed.
2008-05-06 15:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 916): attempt to load new or modified module allowed.
2008-05-06 15:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 916): attempt to load new or modified module allowed.
2008-05-06 15:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 916): attempt to load new or modified module allowed.
2008-05-06 15:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 916): attempt to load new or modified module allowed.
2008-05-06 15:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 916): attempt to load new or modified module allowed.
2008-05-06 15:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 916): attempt to load new or modified module allowed.
2008-05-06 15:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 916): attempt to load new or modified module allowed.
2008-05-06 15:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 916): attempt to load new or modified module allowed.
2008-05-06 15:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 916): attempt to load new or modified module allowed.
2008-05-06 15:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 916): attempt to load new or modified module allowed.
2008-05-06 15:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 916): attempt to load new or modified module allowed.
2008-05-06 15:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 916): attempt to load new or modified module allowed.
2008-05-06 15:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 916): attempt to load new or modified module allowed.
2008-05-06 15:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 916): attempt to load new or modified module allowed.
2008-05-06 15:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 916): attempt to load new or modified module allowed.
2008-05-06 15:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 916): attempt to load new or modified module allowed.
2008-05-06 15:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 916): attempt to load new or modified module allowed.
2008-05-06 15:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 916): attempt to load new or modified module allowed.
2008-05-06 15:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 916): attempt to load new or modified module allowed.
2008-05-06 15:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 916): attempt to load new or modified module allowed.
2008-05-06 15:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 916): attempt to load new or modified module allowed.
2008-05-06 15:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 916): attempt to load new or modified module allowed.
2008-05-06 15:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 916): attempt to load new or modified module allowed.
2008-05-06 15:48 Process C:\WINDOWS\system32\rundll32.exe (PID: 2540): attempt to load new or modified module allowed.
2008-05-06 15:48 Process C:\WINDOWS\system32\rundll32.exe (PID: 2540): attempt to load new or modified module allowed.
2008-05-06 15:48 Process C:\WINDOWS\system32\rundll32.exe (PID: 2540): attempt to load new or modified module allowed.
2008-05-06 15:48 Process C:\WINDOWS\system32\rundll32.exe (PID: 2540): attempt to load new or modified module allowed.
2008-05-06 15:48 Process C:\WINDOWS\system32\rundll32.exe (PID: 2540): attempt to load new or modified module allowed.
2008-05-06 15:48 Process C:\WINDOWS\system32\rundll32.exe (PID: 2540): attempt to load new or modified module allowed.
2008-05-06 15:48 Process C:\WINDOWS\system32\rundll32.exe (PID: 2540): attempt to load new or modified module allowed.
2008-05-06 15:48 Process C:\WINDOWS\system32\rundll32.exe (PID: 2540): attempt to load new or modified module allowed.
2008-05-06 15:48 Process C:\WINDOWS\system32\rundll32.exe (PID: 2540): attempt to load new or modified module allowed.
2008-05-06 15:48 Process C:\WINDOWS\system32\rundll32.exe (PID: 2540): attempt to load new or modified module allowed.
2008-05-06 15:48 Process C:\WINDOWS\system32\rundll32.exe (PID: 2540): attempt to load new or modified module allowed.
2008-05-06 15:48 Process C:\WINDOWS\system32\rundll32.exe (PID: 2540): attempt to load new or modified module allowed.
2008-05-06 15:48 Process C:\WINDOWS\system32\rundll32.exe (PID: 2540): attempt to load new or modified module allowed.
2008-05-06 15:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 2540): attempt to load new or modified module allowed.
2008-05-06 15:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 2540): attempt to load new or modified module allowed.
2008-05-06 15:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 2540): attempt to load new or modified module allowed.
2008-05-06 15:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 2540): attempt to load new or modified module allowed.
2008-05-06 15:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 2540): attempt to load new or modified module allowed.
2008-05-06 15:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 2540): attempt to load new or modified module allowed.
2008-05-06 15:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 2540): attempt to load new or modified module allowed.
2008-05-06 15:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 2540): attempt to load new or modified module allowed.
2008-05-06 15:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 2540): attempt to load new or modified module allowed.
2008-05-06 15:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 2540): attempt to load new or modified module allowed.
2008-05-06 15:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 2540): attempt to load new or modified module allowed.
2008-05-06 15:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 2540): attempt to load new or modified module allowed.
2008-05-06 15:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 2540): attempt to load new or modified module allowed.
2008-05-06 15:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 2540): attempt to load new or modified module allowed.
2008-05-06 15:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 2540): attempt to load new or modified module allowed.
2008-05-06 15:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 2540): attempt to load new or modified module allowed.
2008-05-06 15:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 2540): attempt to load new or modified module allowed.
2008-05-06 15:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 15:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 2536): attempt to load new or modified module allowed.
2008-05-06 15:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 2536): attempt to load new or modified module allowed.
2008-05-06 15:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 2540): attempt to load new or modified module allowed.
2008-05-06 15:49 Process C:\WINDOWS\system32\rundll32.exe (PID: 2540): attempt to load new or modified module allowed.
2008-05-06 15:52 Protection of your computer started.
2008-05-06 15:52 Some protection components are disabled. You are advised to enable them.
2008-05-06 15:52 Process C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (PID: 528): attempt to perform suspicious actions allowed.
2008-05-06 15:53 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 15:57 Protection of your computer is not running. You are advised to resume protection.
2008-05-06 15:59 Protection of your computer started.
2008-05-06 15:59 Some protection components are disabled. You are advised to enable them.
2008-05-06 15:59 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 16:00 Update completed successfully
2008-05-06 16:01 Process C:\WINDOWS\system32\rundll32.exe (PID: 2308): attempt to load new or modified module allowed.
2008-05-06 16:01 Process C:\WINDOWS\system32\rundll32.exe (PID: 2308): attempt to load new or modified module allowed.
2008-05-06 16:01 Process C:\WINDOWS\system32\rundll32.exe (PID: 2308): attempt to load new or modified module allowed.
2008-05-06 16:01 Process C:\WINDOWS\system32\rundll32.exe (PID: 3380): attempt to load new or modified module allowed.
2008-05-06 16:01 Process C:\WINDOWS\system32\rundll32.exe (PID: 2308): attempt to load new or modified module allowed.
2008-05-06 16:01 Process C:\WINDOWS\system32\rundll32.exe (PID: 3380): attempt to load new or modified module allowed.
2008-05-06 16:01 Process C:\WINDOWS\system32\rundll32.exe (PID: 2308): attempt to load new or modified module allowed.
2008-05-06 16:01 Process C:\WINDOWS\system32\rundll32.exe (PID: 3380): attempt to load new or modified module allowed.
2008-05-06 16:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 2308): attempt to load new or modified module allowed.
2008-05-06 16:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 3380): attempt to load new or modified module allowed.
2008-05-06 16:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 3380): attempt to load new or modified module allowed.
2008-05-06 16:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 3380): attempt to load new or modified module allowed.
2008-05-06 16:02 Process C:\WINDOWS\system32\rundll32.exe (PID: 2308): attempt to load new or modified module allowed.
2008-05-06 16:04 Protection of your computer started.
2008-05-06 16:04 Some protection components are disabled. You are advised to enable them.
2008-05-06 16:05 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 16:07 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 16:07 Process C:\WINDOWS\system32\alg.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 16:12 Process C:\WINDOWS\system32\rundll32.exe (PID: 3100): attempt to load new or modified module allowed.
2008-05-06 16:12 Process C:\WINDOWS\system32\rundll32.exe (PID: 3100): attempt to load new or modified module allowed.
2008-05-06 16:12 Process C:\WINDOWS\system32\rundll32.exe (PID: 3100): attempt to load new or modified module allowed.
2008-05-06 16:12 Process C:\WINDOWS\system32\rundll32.exe (PID: 3100): attempt to load new or modified module allowed.
2008-05-06 16:12 Process C:\WINDOWS\system32\rundll32.exe (PID: 3100): attempt to load new or modified module allowed.
2008-05-06 16:12 Process C:\WINDOWS\system32\rundll32.exe (PID: 3100): attempt to load new or modified module allowed.
2008-05-06 16:12 Process C:\WINDOWS\system32\rundll32.exe (PID: 3100): attempt to load new or modified module allowed.
2008-05-06 16:12 Process C:\WINDOWS\system32\rundll32.exe (PID: 3100): attempt to load new or modified module allowed.
2008-05-06 16:12 Process C:\WINDOWS\system32\rundll32.exe (PID: 3100): attempt to load new or modified module allowed.
2008-05-06 16:12 Process C:\WINDOWS\system32\rundll32.exe (PID: 3100): attempt to load new or modified module allowed.
2008-05-06 16:12 Process C:\WINDOWS\system32\rundll32.exe (PID: 3100): attempt to load new or modified module allowed.
2008-05-06 16:12 Process C:\WINDOWS\system32\rundll32.exe (PID: 3100): attempt to load new or modified module allowed.
2008-05-06 16:12 Process C:\WINDOWS\system32\rundll32.exe (PID: 3100): attempt to load new or modified module allowed.
2008-05-06 16:12 Process C:\WINDOWS\system32\rundll32.exe (PID: 3100): attempt to load new or modified module allowed.
2008-05-06 16:12 Process C:\WINDOWS\system32\rundll32.exe (PID: 3100): attempt to load new or modified module allowed.
2008-05-06 16:12 Process C:\WINDOWS\system32\rundll32.exe (PID: 3100): attempt to load new or modified module allowed.
2008-05-06 16:12 Process C:\WINDOWS\system32\rundll32.exe (PID: 3100): attempt to load new or modified module allowed.
2008-05-06 16:12 Process C:\WINDOWS\system32\rundll32.exe (PID: 3100): attempt to load new or modified module allowed.
2008-05-06 16:12 Process C:\WINDOWS\system32\rundll32.exe (PID: 3100): attempt to load new or modified module allowed.
2008-05-06 16:12 Process C:\WINDOWS\system32\rundll32.exe (PID: 3100): attempt to load new or modified module allowed.
2008-05-06 16:12 Process C:\WINDOWS\system32\rundll32.exe (PID: 3100): attempt to load new or modified module allowed.
2008-05-06 16:12 Process C:\WINDOWS\system32\rundll32.exe (PID: 3100): attempt to load new or modified module allowed.
2008-05-06 16:12 Process C:\WINDOWS\system32\rundll32.exe (PID: 3100): attempt to load new or modified module allowed.
2008-05-06 16:12 Process C:\WINDOWS\system32\rundll32.exe (PID: 3100): attempt to load new or modified module allowed.
2008-05-06 16:13 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 16:13 Process C:\WINDOWS\system32\rundll32.exe (PID: 3468): attempt to load new or modified module allowed.
2008-05-06 16:13 Process C:\WINDOWS\system32\rundll32.exe (PID: 3468): attempt to load new or modified module allowed.
2008-05-06 16:13 Process C:\WINDOWS\system32\rundll32.exe (PID: 3100): attempt to load new or modified module allowed.
2008-05-06 16:13 Process C:\WINDOWS\system32\rundll32.exe (PID: 3100): attempt to load new or modified module allowed.
2008-05-06 16:13 Process C:\WINDOWS\system32\winlogon.exe (PID: 1368): attempt to load new or modified module allowed.
2008-05-06 16:13 Process C:\WINDOWS\system32\winlogon.exe (PID: 1368): attempt to load new or modified module allowed.
2008-05-06 16:14 Process C:\WINDOWS\system32\winlogon.exe (PID: 1368): attempt to load new or modified module allowed.
2008-05-06 16:14 Process C:\WINDOWS\system32\winlogon.exe (PID: 1368): attempt to load new or modified module allowed.
2008-05-06 16:14 Process C:\WINDOWS\system32\winlogon.exe (PID: 1368): attempt to load new or modified module allowed.
2008-05-06 16:14 Process C:\WINDOWS\system32\winlogon.exe (PID: 1368): attempt to load new or modified module allowed.
2008-05-06 16:14 Process C:\WINDOWS\system32\winlogon.exe (PID: 1368): attempt to load new or modified module allowed.
2008-05-06 16:14 Process C:\WINDOWS\system32\winlogon.exe (PID: 1368): attempt to load new or modified module allowed.
2008-05-06 16:14 Process C:\WINDOWS\system32\winlogon.exe (PID: 1368): attempt to load new or modified module allowed.
2008-05-06 16:14 Process C:\WINDOWS\system32\winlogon.exe (PID: 1368): attempt to load new or modified module allowed.
2008-05-06 16:14 Process C:\WINDOWS\system32\winlogon.exe (PID: 1368): attempt to load new or modified module allowed.
2008-05-06 16:14 Process C:\WINDOWS\system32\winlogon.exe (PID: 1368): attempt to load new or modified module allowed.
2008-05-06 16:14 Process C:\WINDOWS\system32\winlogon.exe (PID: 1368): attempt to load new or modified module allowed.
2008-05-06 16:14 Process C:\WINDOWS\system32\winlogon.exe (PID: 1368): attempt to load new or modified module allowed.
2008-05-06 16:14 Process C:\WINDOWS\system32\winlogon.exe (PID: 1368): attempt to load new or modified module allowed.
2008-05-06 16:14 Process C:\WINDOWS\system32\winlogon.exe (PID: 1368): attempt to load new or modified module allowed.
2008-05-06 16:14 Protection of your computer is not running. You are advised to resume protection.
2008-05-06 16:15 Protection of your computer started.
2008-05-06 16:15 Some protection components are disabled. You are advised to enable them.
2008-05-06 16:15 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 16:15 Process C:\WINDOWS\system32\alg.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 16:15 Process C:\WINDOWS\system32\svchost.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 16:15 Process C:\WINDOWS\system32\svchost.exe (PID: 3828): attempt to load new or modified module allowed.
2008-05-06 16:15 Process C:\WINDOWS\system32\svchost.exe (PID: 3828): attempt to load new or modified module allowed.
2008-05-06 16:15 Process C:\WINDOWS\system32\svchost.exe (PID: 3828): attempt to load new or modified module allowed.
2008-05-06 16:15 Process C:\WINDOWS\system32\svchost.exe (PID: 3828): attempt to load new or modified module allowed.
2008-05-06 16:15 Process C:\WINDOWS\system32\svchost.exe (PID: 3828): attempt to load new or modified module allowed.
2008-05-06 16:15 Process C:\WINDOWS\system32\svchost.exe (PID: 3828): attempt to load new or modified module allowed.
2008-05-06 16:15 Process C:\WINDOWS\system32\svchost.exe (PID: 3828): attempt to load new or modified module allowed.
2008-05-06 16:15 Process C:\WINDOWS\system32\svchost.exe (PID: 3828): attempt to load new or modified module allowed.
2008-05-06 16:15 Process C:\WINDOWS\system32\svchost.exe (PID: 3828): attempt to load new or modified module allowed.
2008-05-06 16:15 Process C:\WINDOWS\system32\svchost.exe (PID: 3828): attempt to load new or modified module allowed.
2008-05-06 16:15 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 16:16 Process C:\WINDOWS\system32\rundll32.exe (PID: 2284): attempt to load new or modified module allowed.
2008-05-06 16:16 Process C:\WINDOWS\system32\rundll32.exe (PID: 2284): attempt to load new or modified module allowed.
2008-05-06 16:16 Process C:\WINDOWS\system32\rundll32.exe (PID: 2284): attempt to load new or modified module allowed.
2008-05-06 16:16 Process C:\WINDOWS\system32\rundll32.exe (PID: 2284): attempt to load new or modified module allowed.
2008-05-06 16:16 Process C:\WINDOWS\system32\rundll32.exe (PID: 2284): attempt to load new or modified module allowed.
2008-05-06 16:16 Process C:\WINDOWS\system32\rundll32.exe (PID: 2284): attempt to load new or modified module allowed.
2008-05-06 16:16 Process C:\WINDOWS\system32\rundll32.exe (PID: 2284): attempt to load new or modified module allowed.
2008-05-06 16:16 Process C:\WINDOWS\system32\rundll32.exe (PID: 2284): attempt to load new or modified module allowed.
2008-05-06 16:16 Process C:\WINDOWS\system32\rundll32.exe (PID: 2284): attempt to load new or modified module allowed.
2008-05-06 16:16 Process C:\WINDOWS\system32\rundll32.exe (PID: 2284): attempt to load new or modified module allowed.
2008-05-06 16:16 Process C:\WINDOWS\system32\rundll32.exe (PID: 2284): attempt to load new or modified module allowed.
2008-05-06 16:16 Process C:\WINDOWS\system32\rundll32.exe (PID: 2284): attempt to load new or modified module allowed.
2008-05-06 16:16 Process C:\WINDOWS\system32\rundll32.exe (PID: 2284): attempt to load new or modified module allowed.
2008-05-06 16:16 Process C:\WINDOWS\system32\rundll32.exe (PID: 2284): attempt to load new or modified module allowed.
2008-05-06 16:16 Process C:\WINDOWS\system32\rundll32.exe (PID: 2284): attempt to load new or modified module allowed.
2008-05-06 16:16 Process C:\WINDOWS\system32\rundll32.exe (PID: 2284): attempt to load new or modified module allowed.
2008-05-06 16:16 Process C:\WINDOWS\system32\rundll32.exe (PID: 2284): attempt to load new or modified module allowed.
2008-05-06 16:16 Process C:\WINDOWS\system32\rundll32.exe (PID: 2284): attempt to load new or modified module allowed.
2008-05-06 16:16 Process C:\WINDOWS\system32\rundll32.exe (PID: 2284): attempt to load new or modified module allowed.
2008-05-06 16:16 Process C:\WINDOWS\system32\rundll32.exe (PID: 2284): attempt to load new or modified module allowed.
2008-05-06 16:16 Process C:\WINDOWS\system32\rundll32.exe (PID: 2284): attempt to load new or modified module allowed.
2008-05-06 16:16 Process C:\WINDOWS\system32\rundll32.exe (PID: 2284): attempt to load new or modified module allowed.
2008-05-06 16:16 Process C:\WINDOWS\system32\rundll32.exe (PID: 2284): attempt to load new or modified module allowed.
2008-05-06 16:16 Process C:\WINDOWS\system32\rundll32.exe (PID: 2284): attempt to load new or modified module allowed.
2008-05-06 16:16 Process C:\WINDOWS\system32\rundll32.exe (PID: 2284): attempt to load new or modified module allowed.
2008-05-06 16:16 Process C:\WINDOWS\system32\rundll32.exe (PID: 2284): attempt to load new or modified module allowed.
2008-05-06 16:16 Process C:\WINDOWS\system32\rundll32.exe (PID: 2284): attempt to load new or modified module allowed.
2008-05-06 16:16 Process C:\WINDOWS\system32\rundll32.exe (PID: 2284): attempt to load new or modified module allowed.
2008-05-06 16:16 Process C:\WINDOWS\system32\rundll32.exe (PID: 2284): attempt to load new or modified module allowed.
2008-05-06 16:16 Process C:\WINDOWS\system32\rundll32.exe (PID: 2284): attempt to load new or modified module allowed.
2008-05-06 16:17 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 16:18 Process C:\WINDOWS\system32\rundll32.exe (PID: 3704): attempt to load new or modified module allowed.
2008-05-06 16:18 Process C:\WINDOWS\system32\rundll32.exe (PID: 3704): attempt to load new or modified module allowed.
2008-05-06 16:19 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 16:19 Process C:\WINDOWS\system32\rundll32.exe (PID: 2268): attempt to load new or modified module allowed.
2008-05-06 16:19 Process C:\WINDOWS\system32\rundll32.exe (PID: 2284): attempt to load new or modified module allowed.
2008-05-06 16:19 Process C:\WINDOWS\system32\rundll32.exe (PID: 2284): attempt to load new or modified module allowed.
2008-05-06 16:20 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 16:20 Process C:\WINDOWS\system32\rundll32.exe (PID: 2452): attempt to load new or modified module allowed.
2008-05-06 16:29 Process C:\WINDOWS\Explorer.EXE (PID: 592): attempt to hidden launch of Internet browser allowed.
2008-05-06 16:38 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 16:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 1240): attempt to load new or modified module allowed.
2008-05-06 16:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 1240): attempt to load new or modified module allowed.
2008-05-06 16:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 1240): attempt to load new or modified module allowed.
2008-05-06 16:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 1240): attempt to load new or modified module allowed.
2008-05-06 16:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 1240): attempt to load new or modified module allowed.
2008-05-06 16:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 1240): attempt to load new or modified module allowed.
2008-05-06 16:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 1240): attempt to load new or modified module allowed.
2008-05-06 16:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 1240): attempt to load new or modified module allowed.
2008-05-06 16:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 1240): attempt to load new or modified module allowed.
2008-05-06 16:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 1240): attempt to load new or modified module allowed.
2008-05-06 16:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 1240): attempt to load new or modified module allowed.
2008-05-06 16:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 1240): attempt to load new or modified module allowed.
2008-05-06 16:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 1240): attempt to load new or modified module allowed.
2008-05-06 16:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 1240): attempt to load new or modified module allowed.
2008-05-06 16:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 1240): attempt to load new or modified module allowed.
2008-05-06 16:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 1240): attempt to load new or modified module allowed.
2008-05-06 16:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 1240): attempt to load new or modified module allowed.
2008-05-06 16:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 1240): attempt to load new or modified module allowed.
2008-05-06 16:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 1240): attempt to load new or modified module allowed.
2008-05-06 16:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 1240): attempt to load new or modified module allowed.
2008-05-06 16:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 1240): attempt to load new or modified module allowed.
2008-05-06 16:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 1240): attempt to load new or modified module allowed.
2008-05-06 16:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 1240): attempt to load new or modified module allowed.
2008-05-06 16:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 1240): attempt to load new or modified module allowed.
2008-05-06 16:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 1240): attempt to load new or modified module allowed.
2008-05-06 16:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 1240): attempt to load new or modified module allowed.
2008-05-06 16:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 1240): attempt to load new or modified module allowed.
2008-05-06 16:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 1240): attempt to load new or modified module allowed.
2008-05-06 16:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 1240): attempt to load new or modified module allowed.
2008-05-06 16:40 Process C:\WINDOWS\system32\rundll32.exe (PID: 1240): attempt to load new or modified module allowed.
2008-05-06 16:41 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 16:41 Process C:\WINDOWS\system32\rundll32.exe (PID: 1096): attempt to load new or modified module allowed.
2008-05-06 16:41 Process C:\WINDOWS\system32\rundll32.exe (PID: 1096): attempt to load new or modified module allowed.
2008-05-06 16:41 Process C:\WINDOWS\system32\rundll32.exe (PID: 1240): attempt to load new or modified module allowed.
2008-05-06 16:41 Process C:\WINDOWS\system32\rundll32.exe (PID: 1240): attempt to load new or modified module allowed.
2008-05-06 16:42 Process C:\WINDOWS\system32\rundll32.exe (PID: 1260): attempt to load new or modified module allowed.
2008-05-06 16:42 Process C:\WINDOWS\system32\rundll32.exe (PID: 1260): attempt to load new or modified module allowed.
2008-05-06 16:42 Process C:\WINDOWS\system32\rundll32.exe (PID: 1260): attempt to load new or modified module allowed.
2008-05-06 16:42 Process C:\WINDOWS\system32\rundll32.exe (PID: 1260): attempt to load new or modified module allowed.
2008-05-06 16:42 Process C:\WINDOWS\system32\rundll32.exe (PID: 1260): attempt to load new or modified module allowed.
2008-05-06 16:42 Process C:\WINDOWS\system32\rundll32.exe (PID: 1260): attempt to load new or modified module allowed.
2008-05-06 16:42 Process C:\WINDOWS\system32\rundll32.exe (PID: 1260): attempt to load new or modified module allowed.
2008-05-06 16:42 Process C:\WINDOWS\system32\rundll32.exe (PID: 1260): attempt to load new or modified module allowed.
2008-05-06 16:42 Process C:\WINDOWS\system32\rundll32.exe (PID: 1260): attempt to load new or modified module allowed.
2008-05-06 16:42 Process C:\WINDOWS\system32\rundll32.exe (PID: 1260): attempt to load new or modified module allowed.
2008-05-06 16:42 Process C:\WINDOWS\system32\rundll32.exe (PID: 1260): attempt to load new or modified module allowed.
2008-05-06 16:42 Process C:\WINDOWS\system32\rundll32.exe (PID: 1260): attempt to load new or modified module allowed.
2008-05-06 16:42 Process C:\WINDOWS\system32\rundll32.exe (PID: 1260): attempt to load new or modified module allowed.
2008-05-06 16:42 Process C:\WINDOWS\system32\rundll32.exe (PID: 1260): attempt to load new or modified module allowed.
2008-05-06 16:42 Process C:\WINDOWS\system32\rundll32.exe (PID: 1260): attempt to load new or modified module allowed.
2008-05-06 16:42 Process C:\WINDOWS\system32\rundll32.exe (PID: 1260): attempt to load new or modified module allowed.
2008-05-06 16:42 Process C:\WINDOWS\system32\rundll32.exe (PID: 1260): attempt to load new or modified module allowed.
2008-05-06 16:42 Process C:\WINDOWS\system32\rundll32.exe (PID: 1260): attempt to load new or modified module allowed.
2008-05-06 16:42 Process C:\WINDOWS\system32\rundll32.exe (PID: 1260): attempt to load new or modified module allowed.
2008-05-06 16:42 Process C:\WINDOWS\system32\rundll32.exe (PID: 1260): attempt to load new or modified module allowed.
2008-05-06 16:42 Process C:\WINDOWS\system32\rundll32.exe (PID: 1260): attempt to load new or modified module allowed.
2008-05-06 16:42 Process C:\WINDOWS\system32\rundll32.exe (PID: 1260): attempt to load new or modified module allowed.
2008-05-06 16:42 Process C:\WINDOWS\system32\rundll32.exe (PID: 1260): attempt to load new or modified module allowed.
2008-05-06 16:42 Process C:\WINDOWS\system32\rundll32.exe (PID: 1260): attempt to load new or modified module allowed.
2008-05-06 16:42 Process C:\WINDOWS\system32\rundll32.exe (PID: 1260): attempt to load new or modified module allowed.
2008-05-06 16:42 Process C:\WINDOWS\system32\rundll32.exe (PID: 1260): attempt to load new or modified module allowed.
2008-05-06 16:42 Process C:\WINDOWS\system32\rundll32.exe (PID: 1260): attempt to load new or modified module allowed.
2008-05-06 16:42 Process C:\WINDOWS\system32\rundll32.exe (PID: 1260): attempt to load new or modified module allowed.
2008-05-06 16:42 Process C:\WINDOWS\system32\rundll32.exe (PID: 1260): attempt to load new or modified module allowed.
2008-05-06 16:42 Process C:\WINDOWS\system32\rundll32.exe (PID: 1260): attempt to load new or modified module allowed.
2008-05-06 16:42 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 16:42 Process C:\WINDOWS\system32\rundll32.exe (PID: 2784): attempt to load new or modified module allowed.
2008-05-06 16:42 Process C:\WINDOWS\system32\rundll32.exe (PID: 1260): attempt to load new or modified module allowed.
2008-05-06 16:42 Process C:\WINDOWS\system32\rundll32.exe (PID: 1260): attempt to load new or modified module allowed.
2008-05-06 16:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:43 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:45 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:45 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:45 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:45 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:45 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:45 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:45 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:45 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:45 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:45 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:45 Process C:\WINDOWS\system32\rundll32.exe (PID: 2184): attempt to load new or modified module allowed.
2008-05-06 16:50 Process C:\WINDOWS\system32\rundll32.exe (PID: 3384): attempt to load new or modified module allowed.
2008-05-06 16:50 Process C:\WINDOWS\system32\rundll32.exe (PID: 3384): attempt to load new or modified module allowed.
2008-05-06 17:04 Process C:\WINDOWS\system32\rundll32.exe (PID: 184): attempt to load new or modified module allowed.
2008-05-06 17:04 Process C:\WINDOWS\system32\rundll32.exe (PID: 184): attempt to load new or modified module allowed.
2008-05-06 17:04 Process C:\WINDOWS\system32\rundll32.exe (PID: 184): attempt to load new or modified module allowed.
2008-05-06 17:04 Process C:\WINDOWS\system32\rundll32.exe (PID: 184): attempt to load new or modified module allowed.
2008-05-06 17:04 Process C:\WINDOWS\system32\rundll32.exe (PID: 184): attempt to load new or modified module allowed.
2008-05-06 17:04 Process C:\WINDOWS\system32\rundll32.exe (PID: 184): attempt to load new or modified module allowed.
2008-05-06 17:07 Process C:\WINDOWS\system32\winlogon.exe (PID: 1368): attempt to load new or modified module allowed.
2008-05-06 17:07 Process C:\WINDOWS\system32\winlogon.exe (PID: 1368): attempt to load new or modified module allowed.
2008-05-06 17:07 Process C:\WINDOWS\system32\winlogon.exe (PID: 1368): attempt to load new or modified module allowed.
2008-05-06 17:07 Process C:\WINDOWS\system32\winlogon.exe (PID: 1368): attempt to load new or modified module allowed.
2008-05-06 17:07 Process C:\WINDOWS\system32\winlogon.exe (PID: 1368): attempt to load new or modified module allowed.
2008-05-06 17:07 Process C:\WINDOWS\system32\winlogon.exe (PID: 1368): attempt to load new or modified module allowed.
2008-05-06 17:07 Process C:\WINDOWS\system32\winlogon.exe (PID: 1368): attempt to load new or modified module allowed.
2008-05-06 17:07 Process C:\WINDOWS\system32\winlogon.exe (PID: 1368): attempt to load new or modified module allowed.
2008-05-06 17:07 Process C:\WINDOWS\system32\winlogon.exe (PID: 1368): attempt to load new or modified module allowed.
2008-05-06 17:07 Process C:\WINDOWS\system32\winlogon.exe (PID: 1368): attempt to load new or modified module allowed.
2008-05-06 17:07 Process C:\WINDOWS\system32\winlogon.exe (PID: 1368): attempt to load new or modified module allowed.
2008-05-06 17:07 Process C:\WINDOWS\system32\winlogon.exe (PID: 1368): attempt to load new or modified module allowed.
2008-05-06 17:07 Process C:\WINDOWS\system32\winlogon.exe (PID: 1368): attempt to load new or modified module allowed.
2008-05-06 17:07 Process C:\WINDOWS\system32\winlogon.exe (PID: 1368): attempt to load new or modified module allowed.
2008-05-06 17:07 Process C:\WINDOWS\system32\winlogon.exe (PID: 1368): attempt to load new or modified module allowed.
2008-05-06 17:07 Process C:\WINDOWS\system32\winlogon.exe (PID: 1368): attempt to load new or modified module allowed.
2008-05-06 17:07 Protection of your computer is not running. You are advised to resume protection.
2008-05-06 17:08 Protection of your computer started.
2008-05-06 17:08 Some protection components are disabled. You are advised to enable them.
2008-05-06 17:09 Process C:\WINDOWS\system32\alg.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 17:09 Process C:\Program Files\HPQ\Default Settings\Cpqset.exe (PID: 260): suspicious action. Attempt to modify list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run, value Cpqset, data 43 00 3a 00 5c 00 50 00 72 00 6f 00 67 00 72 00 61 00 6d 00 20 00 46 00 69 00 6c 00 65 00 73 00 5c 00 48 00 50 00 51 00 5c 00 44 00 65 00 66 00 61 00 75 00 6c 00 74 00 20 00 53 00 65 00 74 00 74 00 69 00 6e 00 67 00 73 00 5c 00 63 00 70 00 71 00 73 00 65 00 74 00 2e 00 65 00 78 00 65 00 00 00 00 00 00 00 00 00 0c 00 00 00 0d 00 00 00 cc 00 1c 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 04 00 01 00 fc 00 78 01 40 00 00 00 20 00 00 00 06 00 02 00 f0 00 55 00 15 00 00 00 00 00 00 00 00 00 00 00 28 00 11 00 40 00 00 00 00 00 00 00 00 00 00 00 fc 00 78 01 40 00 00 00).
2008-05-06 17:09 Process C:\Program Files\HPQ\Default Settings\Cpqset.exe (PID: 260): attempt to modify list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run, value Cpqset, data 43 00 3a 00 5c 00 50 00 72 00 6f 00 67 00 72 00 61 00 6d 00 20 00 46 00 69 00 6c 00 65 00 73 00 5c 00 48 00 50 00 51 00 5c 00 44 00 65 00 66 00 61 00 75 00 6c 00 74 00 20 00 53 00 65 00 74 00 74 00 69 00 6e 00 67 00 73 00 5c 00 63 00 70 00 71 00 73 00 65 00 74 00 2e 00 65 00 78 00 65 00 00 00 00 00 00 00 00 00 0c 00 00 00 0d 00 00 00 cc 00 1c 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 04 00 01 00 fc 00 78 01 40 00 00 00 20 00 00 00 06 00 02 00 f0 00 55 00 15 00 00 00 00 00 00 00 00 00 00 00 28 00 11 00 40 00 00 00 00 00 00 00 00 00 00 00 fc 00 78 01 40 00 00 00) allowed.
2008-05-06 17:09 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 3412): attempt to load new or modified module allowed.
2008-05-06 17:09 Process C:\Program Files\Microsoft ActiveSync\wcescomm.exe (PID: 3460): attempt to load new or modified module allowed.
2008-05-06 17:09 Running process C:\Program Files\SiteAdvisor\6253\SiteAdv.exe: detected modification of riskware 'Invader (loader)'.
2008-05-06 17:09 Process C:\Program Files\SiteAdvisor\6253\SiteAdv.exe (PID: 2592): attempt to perform suspicious actions allowed.
2008-05-06 17:09 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 3412): attempt to load new or modified module allowed.
2008-05-06 17:09 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 3412): attempt to load new or modified module allowed.
2008-05-06 17:09 Process C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (PID: 3512): attempt to perform suspicious actions allowed.
2008-05-06 17:14 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 3412): attempt to load new or modified module allowed.
2008-05-06 17:14 Process C:\Program Files\Microsoft ActiveSync\wcescomm.exe (PID: 3460): attempt to load new or modified module allowed.
2008-05-06 17:14 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 17:14 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 3412): attempt to load new or modified module allowed.
2008-05-06 17:14 Process C:\Program Files\Microsoft ActiveSync\wcescomm.exe (PID: 3460): attempt to load new or modified module allowed.
2008-05-06 17:14 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 3412): attempt to load new or modified module allowed.
2008-05-06 17:14 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 3412): attempt to load new or modified module allowed.
2008-05-06 17:17 Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (PID: 3412): attempt to load new or modified module allowed.
2008-05-06 17:18 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 21:23 Protection of your computer started.
2008-05-06 21:23 Some protection components are disabled. You are advised to enable them.
2008-05-06 21:23 Process C:\WINDOWS\system32\alg.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 21:24 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 21:24 Update completed successfully
2008-05-06 21:26 Process (PID 352) tried to access Kaspersky Internet Security process (PID 1244), but the action has been blocked by the Self-Defense component. No action on your part is required.
2008-05-06 21:26 Process (PID 352) tried to access Kaspersky Internet Security process (PID 1268), but the action has been blocked by the Self-Defense component. No action on your part is required.
2008-05-06 21:29 Process C:\WINDOWS\system32\rundll32.exe (PID: 1852): attempt to load new or modified module allowed.
2008-05-06 21:29 Process C:\WINDOWS\system32\rundll32.exe (PID: 1852): attempt to load new or modified module allowed.
2008-05-06 21:29 Process C:\WINDOWS\system32\rundll32.exe (PID: 1852): attempt to load new or modified module allowed.
2008-05-06 21:29 Process C:\WINDOWS\system32\rundll32.exe (PID: 1852): attempt to load new or modified module allowed.
2008-05-06 21:29 Process C:\WINDOWS\system32\rundll32.exe (PID: 1852): attempt to load new or modified module allowed.
2008-05-06 21:29 Process C:\WINDOWS\system32\rundll32.exe (PID: 1852): attempt to load new or modified module allowed.
2008-05-06 21:29 Process C:\WINDOWS\system32\rundll32.exe (PID: 1852): attempt to load new or modified module allowed.
2008-05-06 21:29 Process C:\WINDOWS\system32\rundll32.exe (PID: 1852): attempt to load new or modified module allowed.
2008-05-06 21:29 Process C:\WINDOWS\system32\rundll32.exe (PID: 1852): attempt to load new or modified module allowed.
2008-05-06 21:29 Process C:\WINDOWS\system32\rundll32.exe (PID: 1852): attempt to load new or modified module allowed.
2008-05-06 21:29 Process C:\WINDOWS\system32\rundll32.exe (PID: 1852): attempt to load new or modified module allowed.
2008-05-06 21:29 Process C:\WINDOWS\system32\rundll32.exe (PID: 1852): attempt to load new or modified module allowed.
2008-05-06 21:29 Process C:\WINDOWS\system32\rundll32.exe (PID: 1852): attempt to load new or modified module allowed.
2008-05-06 21:30 Process C:\WINDOWS\system32\rundll32.exe (PID: 1852): attempt to load new or modified module allowed.
2008-05-06 21:30 Process C:\WINDOWS\system32\rundll32.exe (PID: 1852): attempt to load new or modified module allowed.
2008-05-06 21:30 Process C:\WINDOWS\system32\rundll32.exe (PID: 1852): attempt to load new or modified module allowed.
2008-05-06 21:30 Process C:\WINDOWS\system32\rundll32.exe (PID: 1852): attempt to load new or modified module allowed.
2008-05-06 21:30 Process C:\WINDOWS\system32\rundll32.exe (PID: 1852): attempt to load new or modified module allowed.
2008-05-06 21:30 Process C:\WINDOWS\system32\rundll32.exe (PID: 1852): attempt to load new or modified module allowed.
2008-05-06 21:30 Process C:\WINDOWS\system32\rundll32.exe (PID: 1852): attempt to load new or modified module allowed.
2008-05-06 21:30 Process C:\WINDOWS\system32\rundll32.exe (PID: 1852): attempt to load new or modified module allowed.
2008-05-06 21:30 Process C:\WINDOWS\system32\rundll32.exe (PID: 1852): attempt to load new or modified module allowed.
2008-05-06 21:30 Process C:\WINDOWS\system32\rundll32.exe (PID: 1852): attempt to load new or modified module allowed.
2008-05-06 21:30 Process C:\WINDOWS\system32\rundll32.exe (PID: 1852): attempt to load new or modified module allowed.
2008-05-06 21:30 Process C:\WINDOWS\system32\rundll32.exe (PID: 1852): attempt to load new or modified module allowed.
2008-05-06 21:30 Process C:\WINDOWS\system32\rundll32.exe (PID: 1852): attempt to load new or modified module allowed.
2008-05-06 21:30 Process C:\WINDOWS\system32\rundll32.exe (PID: 1852): attempt to load new or modified module allowed.
2008-05-06 21:30 Process C:\WINDOWS\system32\rundll32.exe (PID: 1852): attempt to load new or modified module allowed.
2008-05-06 21:30 Process C:\WINDOWS\system32\rundll32.exe (PID: 1852): attempt to load new or modified module allowed.
2008-05-06 21:30 Process C:\WINDOWS\system32\rundll32.exe (PID: 1852): attempt to load new or modified module allowed.
2008-05-06 21:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 2052): attempt to load new or modified module allowed.
2008-05-06 21:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 2052): attempt to load new or modified module allowed.
2008-05-06 21:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 2052): attempt to load new or modified module allowed.
2008-05-06 21:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 2052): attempt to load new or modified module allowed.
2008-05-06 21:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 2052): attempt to load new or modified module allowed.
2008-05-06 21:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 2052): attempt to load new or modified module allowed.
2008-05-06 21:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 2052): attempt to load new or modified module allowed.
2008-05-06 21:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 2052): attempt to load new or modified module allowed.
2008-05-06 21:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 2052): attempt to load new or modified module allowed.
2008-05-06 21:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 2052): attempt to load new or modified module allowed.
2008-05-06 21:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 2052): attempt to load new or modified module allowed.
2008-05-06 21:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 2052): attempt to load new or modified module allowed.
2008-05-06 21:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 2052): attempt to load new or modified module allowed.
2008-05-06 21:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 2052): attempt to load new or modified module allowed.
2008-05-06 21:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 2052): attempt to load new or modified module allowed.
2008-05-06 21:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 2052): attempt to load new or modified module allowed.
2008-05-06 21:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 2052): attempt to load new or modified module allowed.
2008-05-06 21:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 2052): attempt to load new or modified module allowed.
2008-05-06 21:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 21:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 2812): attempt to load new or modified module allowed.
2008-05-06 21:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 2812): attempt to load new or modified module allowed.
2008-05-06 21:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 2812): attempt to load new or modified module allowed.
2008-05-06 21:32 Process C:\WINDOWS\system32\rundll32.exe (PID: 2812): attempt to load new or modified module allowed.
2008-05-06 21:33 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 21:34 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3188): attempt to load new or modified module allowed.
2008-05-06 21:34 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3188): attempt to load new or modified module allowed.
2008-05-06 21:59 Protection of your computer started.
2008-05-06 21:59 Some protection components are disabled. You are advised to enable them.
2008-05-06 21:59 Process C:\WINDOWS\system32\alg.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 21:59 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 21:59 Process C:\WINDOWS\system32\svchost.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 21:59 Process C:\WINDOWS\system32\svchost.exe (PID: 2216): attempt to load new or modified module allowed.
2008-05-06 21:59 Process C:\WINDOWS\system32\svchost.exe (PID: 2216): attempt to load new or modified module allowed.
2008-05-06 21:59 Process C:\WINDOWS\system32\svchost.exe (PID: 2216): attempt to load new or modified module allowed.
2008-05-06 21:59 Process C:\WINDOWS\system32\svchost.exe (PID: 2216): attempt to load new or modified module allowed.
2008-05-06 21:59 Process C:\WINDOWS\system32\svchost.exe (PID: 2216): attempt to load new or modified module allowed.
2008-05-06 21:59 Process C:\WINDOWS\system32\svchost.exe (PID: 2216): attempt to load new or modified module allowed.
2008-05-06 21:59 Process C:\WINDOWS\system32\svchost.exe (PID: 2216): attempt to load new or modified module allowed.
2008-05-06 21:59 Process C:\WINDOWS\system32\svchost.exe (PID: 2216): attempt to load new or modified module allowed.
2008-05-06 21:59 Process C:\WINDOWS\system32\svchost.exe (PID: 2216): attempt to load new or modified module allowed.
2008-05-06 21:59 Process C:\WINDOWS\system32\svchost.exe (PID: 2216): attempt to load new or modified module allowed.
2008-05-06 22:00 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 22:12 Process C:\WINDOWS\system32\rundll32.exe (PID: 3740): attempt to load new or modified module allowed.
2008-05-06 22:13 Process C:\WINDOWS\system32\rundll32.exe (PID: 3740): attempt to load new or modified module allowed.
2008-05-06 22:13 Process C:\WINDOWS\system32\rundll32.exe (PID: 3740): attempt to load new or modified module allowed.
2008-05-06 22:13 Process C:\WINDOWS\system32\rundll32.exe (PID: 3740): attempt to load new or modified module allowed.
2008-05-06 22:13 Process C:\WINDOWS\system32\rundll32.exe (PID: 3740): attempt to load new or modified module allowed.
2008-05-06 22:13 Process C:\WINDOWS\system32\rundll32.exe (PID: 3740): attempt to load new or modified module allowed.
2008-05-06 22:13 Process C:\WINDOWS\system32\rundll32.exe (PID: 3740): attempt to load new or modified module allowed.
2008-05-06 22:13 Process C:\WINDOWS\system32\rundll32.exe (PID: 3740): attempt to load new or modified module allowed.
2008-05-06 22:13 Process C:\WINDOWS\system32\rundll32.exe (PID: 3740): attempt to load new or modified module allowed.
2008-05-06 22:13 Process C:\WINDOWS\system32\rundll32.exe (PID: 3740): attempt to load new or modified module allowed.
2008-05-06 22:13 Process C:\WINDOWS\system32\rundll32.exe (PID: 3740): attempt to load new or modified module allowed.
2008-05-06 22:13 Process C:\WINDOWS\system32\rundll32.exe (PID: 3740): attempt to load new or modified module allowed.
2008-05-06 22:13 Process C:\WINDOWS\system32\rundll32.exe (PID: 3740): attempt to load new or modified module allowed.
2008-05-06 22:13 Process C:\WINDOWS\system32\rundll32.exe (PID: 3740): attempt to load new or modified module allowed.
2008-05-06 22:13 Process C:\WINDOWS\system32\rundll32.exe (PID: 3740): attempt to load new or modified module allowed.
2008-05-06 22:13 Process C:\WINDOWS\system32\rundll32.exe (PID: 3740): attempt to load new or modified module allowed.
2008-05-06 22:13 Process C:\WINDOWS\system32\rundll32.exe (PID: 3740): attempt to load new or modified module allowed.
2008-05-06 22:13 Process C:\WINDOWS\system32\rundll32.exe (PID: 3740): attempt to load new or modified module allowed.
2008-05-06 22:13 Process C:\WINDOWS\system32\rundll32.exe (PID: 3740): attempt to load new or modified module allowed.
2008-05-06 22:13 Process C:\WINDOWS\system32\rundll32.exe (PID: 3740): attempt to load new or modified module allowed.
2008-05-06 22:13 Process C:\WINDOWS\system32\rundll32.exe (PID: 3740): attempt to load new or modified module allowed.
2008-05-06 22:13 Process C:\WINDOWS\system32\rundll32.exe (PID: 3740): attempt to load new or modified module allowed.
2008-05-06 22:13 Process C:\WINDOWS\system32\rundll32.exe (PID: 3740): attempt to load new or modified module allowed.
2008-05-06 22:13 Process C:\WINDOWS\system32\rundll32.exe (PID: 3740): attempt to load new or modified module allowed.
2008-05-06 22:13 Process C:\WINDOWS\system32\rundll32.exe (PID: 3740): attempt to load new or modified module allowed.
2008-05-06 22:13 Process C:\WINDOWS\system32\rundll32.exe (PID: 3740): attempt to load new or modified module allowed.
2008-05-06 22:13 Process C:\WINDOWS\system32\rundll32.exe (PID: 3740): attempt to load new or modified module allowed.
2008-05-06 22:13 Process C:\WINDOWS\system32\rundll32.exe (PID: 3740): attempt to load new or modified module allowed.
2008-05-06 22:13 Process C:\WINDOWS\system32\rundll32.exe (PID: 3740): attempt to load new or modified module allowed.
2008-05-06 22:13 Process C:\WINDOWS\system32\rundll32.exe (PID: 3740): attempt to load new or modified module allowed.
2008-05-06 22:13 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 22:17 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 22:17 Process C:\WINDOWS\system32\rundll32.exe (PID: 3116): attempt to load new or modified module allowed.
2008-05-06 22:17 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 22:17 Process C:\WINDOWS\system32\rundll32.exe (PID: 1860): attempt to load new or modified module allowed.
2008-05-06 22:18 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 22:18 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-06 22:18 Protection of your computer is not running. You are advised to resume protection.
2008-05-07 08:04 Protection of your computer started.
2008-05-07 08:04 Some protection components are disabled. You are advised to enable them.
2008-05-07 08:05 Update completed successfully
2008-05-07 08:10 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2772): attempt to load new or modified module allowed.
2008-05-07 08:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2772): attempt to load new or modified module allowed.
2008-05-07 08:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2772): attempt to load new or modified module allowed.
2008-05-07 08:15 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2772): attempt to load new or modified module allowed.
2008-05-07 08:15 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2772): attempt to load new or modified module allowed.
2008-05-07 08:16 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2772): attempt to load new or modified module allowed.
2008-05-07 08:17 Process (PID 588) tried to access Kaspersky Internet Security process (PID 3328), but the action has been blocked by the Self-Defense component. No action on your part is required.
2008-05-07 08:19 Popup window from page http://www.zone66.net/paypopup.html has been blocked.
2008-05-07 08:19 Popup window from page http://www.zone66.net/ has been blocked.
2008-05-07 08:19 Popup window from page http://www.zone66.net/paypopup.html has been blocked.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 1628): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2984): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2264): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 1628): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2984): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2264): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 1628): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2984): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2264): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 1628): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2984): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2264): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 1628): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2984): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2264): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2984): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 1628): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2264): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2984): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 1628): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2984): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 1628): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2984): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2264): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 1628): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2264): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2984): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 1628): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2264): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2984): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 1628): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2264): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2984): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2264): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 1628): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2984): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 1628): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2264): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2264): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 4088): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2524): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 3772): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 4088): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2524): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 3772): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 4088): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2524): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 4088): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 3772): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2524): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 3772): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2516): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 3680): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2544): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2516): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 3680): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2544): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2516): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 3680): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2516): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2544): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 3680): attempt to load new or modified module allowed.
2008-05-07 08:35 Process C:\WINDOWS\system32\rundll32.exe (PID: 2544): attempt to load new or modified module allowed.
2008-05-07 08:43 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3036): attempt to load new or modified module allowed.
2008-05-07 08:46 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-07 08:51 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-07 08:51 Process C:\WINDOWS\system32\rundll32.exe (PID: 2824): attempt to load new or modified module allowed.
2008-05-07 08:51 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-07 08:51 Process C:\WINDOWS\system32\rundll32.exe (PID: 2608): attempt to load new or modified module allowed.
2008-05-07 08:51 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-07 08:51 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-07 08:51 Protection of your computer is not running. You are advised to resume protection.
2008-05-07 08:58 Protection of your computer started.
2008-05-07 08:58 Some protection components are disabled. You are advised to enable them.
2008-05-07 08:58 Process C:\WINDOWS\system32\alg.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-07 08:59 Protection of your computer is not running. You are advised to resume protection.
2008-05-07 09:21 Protection of your computer started.
2008-05-07 09:21 Some protection components are disabled. You are advised to enable them.
2008-05-07 10:22 Update completed successfully
2008-05-07 11:14 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-07 11:55 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-07 11:58 Process C:\WINDOWS\system32\rundll32.exe (PID: 3440): attempt to load new or modified module allowed.
2008-05-07 11:58 Process C:\WINDOWS\System32\svchost.exe (PID: 1736): attempt to load new or modified module allowed.
2008-05-07 11:58 Process C:\WINDOWS\system32\rundll32.exe (PID: 3440): attempt to load new or modified module allowed.
2008-05-07 11:58 Process C:\WINDOWS\system32\rundll32.exe (PID: 3440): attempt to load new or modified module allowed.
2008-05-07 11:58 Process C:\WINDOWS\system32\rundll32.exe (PID: 3440): attempt to load new or modified module allowed.
2008-05-07 11:59 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-07 11:59 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-07 11:59 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-07 11:59 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-07 11:59 Protection of your computer is not running. You are advised to resume protection.
2008-05-07 12:10 Protection of your computer started.
2008-05-07 12:10 Some protection components are disabled. You are advised to enable them.
2008-05-07 12:10 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-07 12:11 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-07 12:11 Process C:\WINDOWS\system32\wuauclt.exe (PID: 3244): attempt to load new or modified module allowed.
2008-05-07 12:11 Process C:\WINDOWS\system32\wuauclt.exe (PID: 3244): attempt to load new or modified module allowed.
2008-05-07 12:11 Process C:\WINDOWS\system32\wuauclt.exe (PID: 3244): attempt to load new or modified module allowed.
2008-05-07 12:11 Process C:\WINDOWS\system32\wuauclt.exe (PID: 3244): attempt to load new or modified module allowed.
2008-05-07 12:31 Update completed successfully
2008-05-07 13:12 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-07 13:45 Protection of your computer is not running. You are advised to resume protection.
2008-05-07 14:39 Protection of your computer started.
2008-05-07 14:39 Some protection components are disabled. You are advised to enable them.
2008-05-07 14:39 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-07 14:39 Process C:\WINDOWS\system32\alg.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-07 14:40 Process C:\WINDOWS\system32\svchost.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-07 14:40 Process C:\WINDOWS\system32\svchost.exe (PID: 2152): attempt to load new or modified module allowed.
2008-05-07 14:40 Process C:\WINDOWS\system32\svchost.exe (PID: 2152): attempt to load new or modified module allowed.
2008-05-07 14:40 Process C:\WINDOWS\system32\svchost.exe (PID: 2152): attempt to load new or modified module allowed.
2008-05-07 14:40 Process C:\WINDOWS\system32\svchost.exe (PID: 2152): attempt to load new or modified module allowed.
2008-05-07 14:40 Process C:\WINDOWS\system32\svchost.exe (PID: 2152): attempt to load new or modified module allowed.
2008-05-07 14:40 Process C:\WINDOWS\system32\svchost.exe (PID: 2152): attempt to load new or modified module allowed.
2008-05-07 14:40 Process C:\WINDOWS\system32\svchost.exe (PID: 2152): attempt to load new or modified module allowed.
2008-05-07 14:40 Process C:\WINDOWS\system32\svchost.exe (PID: 2152): attempt to load new or modified module allowed.
2008-05-07 14:40 Process C:\WINDOWS\system32\svchost.exe (PID: 2152): attempt to load new or modified module allowed.
2008-05-07 14:40 Process C:\WINDOWS\system32\svchost.exe (PID: 2152): attempt to load new or modified module allowed.
2008-05-07 14:40 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-07 14:40 Update completed successfully
2008-05-07 14:41 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-07 14:41 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2128): attempt to load new or modified module allowed.
2008-05-07 14:41 Process C:\Program Files\Windows Live\Mail\wlmail.exe (PID: 3112): attempt to hidden launch of Internet browser allowed.
2008-05-07 15:41 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-07 15:46 Process C:\WINDOWS\System32\svchost.exe (PID: 1732): attempt to load new or modified module allowed.
2008-05-07 15:46 Process C:\WINDOWS\System32\svchost.exe (PID: 1732): attempt to load new or modified module allowed.
2008-05-07 15:46 Process C:\WINDOWS\system32\rundll32.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-07 16:09 Process (PID 1084) tried to access Kaspersky Internet Security process (PID 1200), but the action has been blocked by the Self-Defense component. No action on your part is required.
2008-05-07 16:24 Protection of your computer is not running. You are advised to resume protection.
2008-05-07 16:33 Protection of your computer started.
2008-05-07 16:33 Some protection components are disabled. You are advised to enable them.
2008-05-07 16:35 Process C:\WINDOWS\system32\dwwin.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-07 16:36 Protection of your computer started.
2008-05-07 16:36 Some protection components are disabled. You are advised to enable them.
2008-05-07 16:37 Process C:\WINDOWS\system32\alg.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-07 16:37 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-07 16:38 Process C:\WINDOWS\system32\wuauclt.exe (PID: 0): attempt to run process as a child of another process allowed.
2008-05-07 16:38 Process C:\WINDOWS\system32\wuauclt.exe (PID: 3824): attempt to load new or modified module allowed.
2008-05-07 16:38 Process C:\WINDOWS\system32\wuauclt.exe (PID: 3824): attempt to load new or modified module allowed.
2008-05-07 16:38 Process C:\WINDOWS\system32\wuauclt.exe (PID: 3824): attempt to load new or modified module allowed.
2008-05-07 16:38 Process C:\WINDOWS\system32\wuauclt.exe (PID: 3824): attempt to load new or modified module allowed.

#7 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:52 AM

Posted 07 May 2008 - 09:18 AM

looks like an av run amuck?

http://tools.whois.net/index.php?fuseactio...hoisbyipresults

those ip's are macrovision not the russian business network

download and install malwarebytes antimalware and run a scan if your av will let you

post that log

hxxp://www.zone66.net/

looks like a dangerous porn site

http://www.siteadvisor.com/sites/zone66.ne...FF&aff_id=0

Edited by DaChew, 07 May 2008 - 09:27 AM.

Chewy

No. Try not. Do... or do not. There is no try.

#8 ayarlar

ayarlar
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 07 May 2008 - 10:08 AM

tells to enter an ip address. wich one?

#9 ayarlar

ayarlar
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 07 May 2008 - 10:34 AM

OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US

NetRange: 192.168.0.0 - 192.168.255.255
CIDR: 192.168.0.0/16
NetName: IANA-CBLK1
NetHandle: NET-192-168-0-0-1
Parent: NET-192-0-0-0-0
NetType: IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment: This block is reserved for special purposes.
Comment: Please see RFC 1918 for additional information.
Comment: http://www.arin.net/reference/rfc/rfc1918.txt
RegDate: 1994-03-15
Updated: 2007-11-27

OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName: Internet Corporation for Assigned Names and Number
OrgAbusePhone: +1-310-301-5820
OrgAbuseEmail: abuse@iana.org

OrgTechHandle: IANA-IP-ARIN
OrgTechName: Internet Corporation for Assigned Names and Number
OrgTechPhone: +1-310-301-5820
OrgTechEmail: abuse@iana.org

# ARIN WHOIS database, last updated 2008-05-06 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Other WHOIS Servers: AfriNIC APNIC

#10 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:52 AM

Posted 07 May 2008 - 10:34 AM

wait a little while on that, you are playing with fire when you start researching ip addresses in an anti malware log

did you do the scan with MBAM yet?

as a student in an antimalware school you should be expected to try to heal thyself physician with a little help

there's nothing wrong with asking for help, I imagine even the top security experts in the world help each other
Chewy

No. Try not. Do... or do not. There is no try.

#11 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:52 AM

Posted 07 May 2008 - 10:36 AM

I have found some pretty bad rogues hosted by major ISP's in Canada
Chewy

No. Try not. Do... or do not. There is no try.

#12 ayarlar

ayarlar
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 07 May 2008 - 10:36 AM

where can i get mbam from?

#13 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:52 AM

Posted 07 May 2008 - 10:38 AM

look thru some threads in this subforum, it's probably the most used software here
Chewy

No. Try not. Do... or do not. There is no try.

#14 ayarlar

ayarlar
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 07 May 2008 - 11:08 AM

Malwarebytes' Anti-Malware 1.12
Database version: 729

Scan type: Full Scan (C:\|)
Objects scanned: 76007
Time elapsed: 22 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#15 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:52 AM

Posted 07 May 2008 - 11:20 AM

the second most common self-help? can would be to install atf cleaner and superantispyware and run them from safe mode

that porn site trying to get thru bothers me

Edited by DaChew, 07 May 2008 - 11:20 AM.

Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users