Page 5 of 5 FirstFirst 12345
Results 41 to 47 of 47

Thread: Just checking...

  1. #41
    Junior Member
    Join Date
    Oct 2006
    Posts
    24

    Default

    Quote Originally Posted by l2mfix
    Winlogon/notify:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
    6c,00,00,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    @=""
    "DLLName"="igfxsrvc.dll"
    "Asynchronous"=dword:00000001
    "Impersonate"=dword:00000001
    "Unlock"="WinlogonUnlockEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "Asynchronous"=dword:00000001
    "DLLName"="WlNotify.dll"
    "Impersonate"=dword:00000001
    "Lock"="SensLockEvent"
    "Logoff"="SensLogoffEvent"
    "Logon"="SensLogonEvent"
    "MaxWait"=dword:00000258
    "Safe"=dword:00000001
    "Shutdown"="SensShutdownEvent"
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StartShell"="SensStartShellEvent"
    "Startup"="SensStartupEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Unlock"="SensUnlockEvent"
    "Disconnect"="SensDisconnectEvent"
    "PostShell"="SensPostShellEvent"
    "Reconnect"="SensReconnectEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    "Logon"="WLEventLogon"
    "Logoff"="WLEventLogoff"
    "Startup"="WLEventStartup"
    "Shutdown"="WLEventShutdown"
    "StartScreenSaver"="WLEventStartScreenSaver"
    "StopScreenSaver"="WLEventStopScreenSaver"
    "Lock"="WLEventLock"
    "Unlock"="WLEventUnlock"
    "StartShell"="WLEventStartShell"
    "PostShell"="WLEventPostShell"
    "Disconnect"="WLEventDisconnect"
    "Reconnect"="WLEventReconnect"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000000
    "SafeMode"=dword:00000001
    "MaxWait"=dword:ffffffff
    "DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Event"=dword:00000000

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
    "Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
    00,00,92,48,46,5e,59,9b,18,46,a0,1a,98,f7,1e,34,35,4e,04,00,00,00,04,00,00,\
    00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,b6,ff,d7,97,c6,2e,d1,6c,\
    fd,d9,ca,b3,6e,b2,a9,a9,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,7c,\
    44,a5,05,40,4b,00,18,41,d0,d6,af,a2,92,8f,e5,b0,01,00,00,06,7d,5a,fd,aa,e3,\
    15,59,10,0d,9f,75,e4,eb,a4,4b,14,f5,44,79,1e,82,c9,03,b2,30,62,b7,1a,b3,55,\
    13,be,d8,12,4f,4a,54,92,63,7b,a9,39,00,29,0c,a9,26,e4,f5,d7,9d,90,3a,21,07,\
    87,3b,4c,d6,4b,04,6b,8a,3c,24,c2,64,9d,fb,04,88,07,db,ca,aa,ae,15,a5,a7,96,\
    24,df,60,49,78,12,a1,98,40,e3,6a,b2,9e,3b,c0,97,2a,d5,17,aa,e0,fe,d7,dd,86,\
    b6,e2,2f,8e,89,d8,da,80,3f,cb,bf,80,21,62,32,98,9e,89,57,f3,4f,fb,80,d4,01,\
    f3,79,e4,5c,47,15,8c,61,18,40,7c,9d,36,96,e4,63,9e,bc,c7,ca,9c,76,dd,c9,5b,\
    98,14,b3,67,6f,a1,1e,76,41,69,32,f8,3e,0d,ff,7b,fb,5b,30,c6,58,d0,75,38,81,\
    c7,81,7b,10,c6,9e,52,90,19,dc,80,f1,71,ad,da,f9,a0,de,6a,a9,fe,7c,20,49,1d,\
    08,3c,e3,11,77,e1,aa,b6,35,7d,1f,3d,06,2c,c5,42,dc,b6,0f,b1,ba,4d,e3,5e,a6,\
    bd,22,dc,2c,47,bb,a4,eb,db,eb,61,9e,bf,e1,bc,04,b6,4d,06,b7,3a,1e,77,65,63,\
    31,b5,c2,6b,ae,15,2d,35,f5,78,63,b8,3e,02,7f,d9,f6,b9,e1,3d,10,be,b1,4e,5d,\
    3b,0c,f6,be,a4,d0,bd,26,a9,60,0b,7b,95,25,37,e3,55,b4,70,36,4c,d5,ff,60,1e,\
    a4,9e,93,18,41,06,34,ca,8c,46,06,79,ea,fb,be,da,bc,57,bc,79,8d,76,2a,e8,ae,\
    b5,22,52,dd,3a,7c,a5,7c,59,56,b1,46,d3,8b,30,59,1b,63,ee,fc,95,a7,2c,36,85,\
    29,7f,0a,44,49,9a,fe,a4,dd,aa,cf,d0,25,fd,07,86,5a,e7,8d,48,af,7c,b5,6f,44,\
    6c,0c,e4,83,d9,be,76,58,e7,ad,39,b6,6f,69,fe,7e,e8,01,1d,c5,60,5e,56,52,9b,\
    3f,4e,36,57,d2,73,d1,47,7a,bf,a6,0f,97,aa,33,1f,2c,2e,a6,00,89,62,78,57,a9,\
    e9,14,00,00,00,0f,9b,da,ea,43,1f,4d,cb,d2,c3,5c,39,e5,8f,b7,5e,24,6d,70,c0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001
    AVG found no rootkits.

  2. #42
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    This incomplete one belongs to Panda
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr]

    Try starting its uninstaller and see if there is an option to repair, if not then Uninstall the program reboot the PC and install again.
    ~~~~~~~~~~~~~~~~~~~~~~~
    Microsoft MVP Windows-Security 2006

  3. #43
    Junior Member
    Join Date
    Oct 2006
    Posts
    24

    Default

    It's not installed for me to uninstall it. There’s a file in Program Files > Common Files, entitled Panda Software, however when I try and delete it or end process I get a "access denied" pop up.



  4. #44
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Are you logged into the same account as when it was installed ?

    Please dont be deleteing or ending its process's/files.

    If you cannot uninstall it simply download and install again.
    ~~~~~~~~~~~~~~~~~~~~~~~
    Microsoft MVP Windows-Security 2006

  5. #45
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Im assuming you got Panda to repair or reinstalled.

    Think Prevention: Put in place a good hosts file
    http://www.mvps.org/winhelp2002/hosts.htm
    How To Download and Extract the HOSTS file:
    http://www.mvps.org/winhelp2002/hosts2.htm
    Repeat that proccess about once or twice a month

    To help avoid reinfection see "So how did I get infected in the first place?"
    http://forums.spybot.info/showthread.php?t=279
    ~~~~~~~~~~~~~~~~~~~~~~~
    Microsoft MVP Windows-Security 2006

  6. #46
    Junior Member
    Join Date
    Oct 2006
    Posts
    24

    Default

    I thought I replied... guess it didn't go through or something.

    Anyways, I fixed the Panda problem and thank you very much for your help!

  7. #47
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Good

    Im Glad we could help
    Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
    If you should need to post another log for the same PC let one of us know via a PM (personal message).
    ~~~~~~~~~~~~~~~~~~~~~~~
    Microsoft MVP Windows-Security 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •