Just checking...

l2mfix said:
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"Asynchronous"=dword:00000001
"DLLName"="WlNotify.dll"
"Impersonate"=dword:00000001
"Lock"="SensLockEvent"
"Logoff"="SensLogoffEvent"
"Logon"="SensLogonEvent"
"MaxWait"=dword:00000258
"Safe"=dword:00000001
"Shutdown"="SensShutdownEvent"
"StartScreenSaver"="SensStartScreenSaverEvent"
"StartShell"="SensStartShellEvent"
"Startup"="SensStartupEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Unlock"="SensUnlockEvent"
"Disconnect"="SensDisconnectEvent"
"PostShell"="SensPostShellEvent"
"Reconnect"="SensReconnectEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Event"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
00,00,92,48,46,5e,59,9b,18,46,a0,1a,98,f7,1e,34,35,4e,04,00,00,00,04,00,00,\
00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,b6,ff,d7,97,c6,2e,d1,6c,\
fd,d9,ca,b3,6e,b2,a9,a9,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,7c,\
44,a5,05,40,4b,00,18,41,d0,d6,af,a2,92,8f,e5,b0,01,00,00,06,7d,5a,fd,aa,e3,\
15,59,10,0d,9f,75,e4,eb,a4,4b,14,f5,44,79,1e,82,c9,03,b2,30,62,b7,1a,b3,55,\
13,be,d8,12,4f,4a,54,92,63,7b,a9,39,00,29,0c,a9,26,e4,f5,d7,9d,90,3a,21,07,\
87,3b,4c,d6,4b,04,6b,8a,3c,24,c2,64,9d,fb,04,88,07,db,ca,aa,ae,15,a5,a7,96,\
24,df,60,49,78,12,a1,98,40,e3,6a,b2,9e,3b,c0,97,2a,d5,17,aa,e0,fe,d7,dd,86,\
b6,e2,2f,8e,89,d8,da,80,3f,cb,bf,80,21,62,32,98,9e,89,57,f3,4f,fb,80,d4,01,\
f3,79,e4,5c,47,15,8c,61,18,40,7c,9d,36,96,e4,63,9e,bc,c7,ca,9c,76,dd,c9,5b,\
98,14,b3,67,6f,a1,1e,76,41,69,32,f8,3e,0d,ff,7b,fb,5b,30,c6,58,d0,75,38,81,\
c7,81,7b,10,c6,9e,52,90,19,dc,80,f1,71,ad,da,f9,a0,de,6a,a9,fe,7c,20,49,1d,\
08,3c,e3,11,77,e1,aa,b6,35,7d,1f,3d,06,2c,c5,42,dc,b6,0f,b1,ba,4d,e3,5e,a6,\
bd,22,dc,2c,47,bb,a4,eb,db,eb,61,9e,bf,e1,bc,04,b6,4d,06,b7,3a,1e,77,65,63,\
31,b5,c2,6b,ae,15,2d,35,f5,78,63,b8,3e,02,7f,d9,f6,b9,e1,3d,10,be,b1,4e,5d,\
3b,0c,f6,be,a4,d0,bd,26,a9,60,0b,7b,95,25,37,e3,55,b4,70,36,4c,d5,ff,60,1e,\
a4,9e,93,18,41,06,34,ca,8c,46,06,79,ea,fb,be,da,bc,57,bc,79,8d,76,2a,e8,ae,\
b5,22,52,dd,3a,7c,a5,7c,59,56,b1,46,d3,8b,30,59,1b,63,ee,fc,95,a7,2c,36,85,\
29,7f,0a,44,49,9a,fe,a4,dd,aa,cf,d0,25,fd,07,86,5a,e7,8d,48,af,7c,b5,6f,44,\
6c,0c,e4,83,d9,be,76,58,e7,ad,39,b6,6f,69,fe,7e,e8,01,1d,c5,60,5e,56,52,9b,\
3f,4e,36,57,d2,73,d1,47,7a,bf,a6,0f,97,aa,33,1f,2c,2e,a6,00,89,62,78,57,a9,\
e9,14,00,00,00,0f,9b,da,ea,43,1f,4d,cb,d2,c3,5c,39,e5,8f,b7,5e,24,6d,70,c0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
Click to expand...

AVG found no rootkits.
 
This incomplete one belongs to Panda
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr]

Try starting its uninstaller and see if there is an option to repair, if not then Uninstall the program reboot the PC and install again.
 
It's not installed for me to uninstall it. There’s a file in Program Files > Common Files, entitled Panda Software, however when I try and delete it or end process I get a "access denied" pop up.


2jds8r7.jpg
 
Are you logged into the same account as when it was installed ?

Please dont be deleteing or ending its process's/files.

If you cannot uninstall it simply download and install again.
 
I thought I replied... guess it didn't go through or something.

Anyways, I fixed the Panda problem and thank you very much for your help!
 
Good :)

Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
If you should need to post another log for the same PC let one of us know via a PM (personal message).
 
You must log in or register to reply here.
Back
Top