Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Highjack Log


  • This topic is locked This topic is locked
16 replies to this topic

#1 bignight2

bignight2

  • Members
  • 294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:usa
  • Local time:12:17 AM

Posted 11 September 2006 - 05:15 AM

Logfile of HijackThis v1.99.1
Scan saved at 5:44:36 AM, on 9/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\PurgeIE\PurgeIE_Service.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\My Documents\hijack\HijackThis.exe

O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1157887882797
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1157892407781
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: PurgeIE XP Service (PurgeIEservice) - Assistance & Resources for Computing, Inc. - C:\Program Files\PurgeIE\PurgeIE_Service.exe

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:17 AM

Posted 12 September 2006 - 08:49 AM

Hello,

What is the reason why you posted this log? Because the subject says: "Highjack Log" and content is only a hijackthislog.. so unfortunately we can't guess what your problem is since this log looks clean.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 bignight2

bignight2
  • Topic Starter

  • Members
  • 294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:usa
  • Local time:12:17 AM

Posted 12 September 2006 - 08:57 AM

um it kinda refers to my post in winwp discusion about my updates failing

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:17 AM

Posted 12 September 2006 - 09:28 AM

First and most important thing of all.. what exact error do you get when you try to install the updates?
There's always an error code it displays.

Secondly, are you logged in under an administrator account? Because it won't work otherwise.

Also take a look here:
http://support.microsoft.com/?kbid=910341

Look under the XP solution there.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 bignight2

bignight2
  • Topic Starter

  • Members
  • 294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:usa
  • Local time:12:17 AM

Posted 12 September 2006 - 09:43 AM

thats the weird thing there is no error code and yes i am the admin never had probs dloading updates before or had to do to start shutdown pc to see them there

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:17 AM

Posted 12 September 2006 - 10:08 AM

Well, this is the main error you are getting:
WU client failed installing updates with error 0x80240020

So, perform next..

Open notepad and copy and paste next present in the quotebox in it:

regedit /e look.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn"
start notepad look.txt

Save this as look.bat , choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and notepad should open.
Copy and paste the contents of it in your next reply.
(In case you are unsure how to create a bat file, take a look here with screenshots.)
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 bignight2

bignight2
  • Topic Starter

  • Members
  • 294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:usa
  • Local time:12:17 AM

Posted 12 September 2006 - 10:30 AM

says cannott fint the look.txt file is this saved as a ansi file

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:17 AM

Posted 12 September 2006 - 10:34 AM

Could be possible that this key is not present and that's the cause for the failed updates.

Ok, try next, so I am sure you made that regfix properly..

Open NOTEPAD and copy and paste next content in it:

regedit /e look2.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify"
start notepad look2.txt


save this as look2.bat.
Then doubleclick it and post the contents of look2.txt.
Then we'll see if SensLogn is present or not. If not, I'll let you fix it. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 bignight2

bignight2
  • Topic Starter

  • Members
  • 294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:usa
  • Local time:12:17 AM

Posted 12 September 2006 - 10:37 AM

ok that worked

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Event"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
00,00,34,09,c8,f0,ec,72,cf,47,a0,a2,24,ac,80,b4,94,74,04,00,00,00,04,00,00,\
00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,ec,31,53,7d,e4,72,a9,fa,\
04,df,7e,8f,2a,c2,d3,8d,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,4a,\
56,d4,99,81,c0,84,a4,18,dd,0c,0e,7b,72,61,03,b0,01,00,00,a6,50,e0,4f,e3,ac,\
e9,32,6f,db,17,ca,b8,78,a1,90,5f,a6,10,56,32,26,10,f7,b6,3f,6d,dc,13,be,bc,\
ef,7f,b5,7b,2c,3e,c3,7a,34,f3,f3,e7,68,6f,ca,df,04,ab,86,3e,e1,cc,c3,bf,e2,\
31,36,4e,6c,1b,56,b0,06,e2,68,86,43,d9,a4,2c,1b,0d,07,5e,52,5e,13,33,6e,29,\
92,22,b1,f4,5b,94,13,0f,77,d5,f8,38,04,45,51,e2,c4,d2,f6,5a,40,ce,41,8f,c2,\
08,4e,62,92,2b,cb,39,66,64,92,dd,59,5c,19,52,c9,2b,1f,11,06,51,49,d7,26,f1,\
16,d4,25,1e,71,c0,bd,1b,21,79,85,e0,f0,f9,e3,a2,e5,74,72,f3,84,08,bf,eb,fa,\
52,48,82,d2,35,9b,7e,ae,1c,18,a5,2c,71,85,63,8e,79,9e,a8,3a,e3,0a,bd,ea,67,\
f4,87,9a,db,71,12,6a,cc,31,5c,1e,8a,fc,00,68,6f,7f,22,41,af,bc,2e,a1,60,7f,\
63,56,6d,82,47,c4,a7,ac,63,58,73,b7,93,9a,a7,87,5c,31,81,e2,f9,cc,8c,1c,15,\
e2,77,f6,74,66,60,f0,bd,97,6d,83,47,75,ff,49,72,5a,10,05,32,9d,ae,4e,35,29,\
53,d9,31,7c,c7,6a,c3,69,39,81,a1,82,70,95,5b,91,8d,fa,b1,05,93,f2,0d,d1,ae,\
eb,d4,2c,22,6f,1e,10,d1,6d,49,22,02,aa,1f,49,25,13,c0,f6,90,57,10,4c,1d,ed,\
60,bd,f2,bd,bd,6c,41,7d,2e,f9,c3,4c,95,63,fc,f9,c2,41,7d,0f,c7,57,72,8a,e5,\
3d,a0,c3,ec,5e,a9,3b,95,7e,a2,b8,9a,b5,59,69,e9,3e,3c,b2,a6,b1,fb,94,ae,1b,\
58,66,b3,b2,0b,44,a3,16,6d,bb,42,22,18,b8,b6,99,d6,8f,ad,fc,ba,3f,db,ac,62,\
09,f2,05,68,b1,e6,cd,ef,45,86,50,13,8b,db,e8,0d,89,90,de,2e,47,77,c9,ff,22,\
c2,92,0e,86,3f,cb,3a,86,23,90,f7,01,54,7a,c4,af,3b,87,47,54,f1,23,24,cd,17,\
38,14,00,00,00,aa,57,4b,63,1a,30,97,b8,f2,99,7c,6b,61,ac,46,eb,b3,02,05,72

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:17 AM

Posted 12 September 2006 - 10:53 AM

Hmm, you are missing all default Winlogon Notify keys as well, except for the wgalogon...
Anyway, since the SensLogn isn't present as well, that's the cause why you can't install the updates.

Let's restore all default notify keys including the SensLogn one.. because that may fix other issues as well.

Extra question... were you ever dealing with an infection called Look2me? Because that infection is responsible for deleting those keys.

Download next attachement to your desktop [attachment=951:attachment]
Unzip it. Important.
This will create a new folder on your desktop with the name winlogonnotifyrestore
Inside, there will be a file: winlogonnotifyrestore.reg
Doubleclick winlogonnotifyrestore.reg
When it asks if you want to merge it into the registry.. click yes.
It could be possible that you'll receive an error, but they will get imported after all.

Then REBOOT!!!! Important!!!

After reboot, delete look2.txt from your desktop and doubleclick look2.bat again. This to make sure everything is imported properly. Post the results of the new look2.txt in your next reply.

Edited by miekiemoes, 12 September 2006 - 10:54 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 bignight2

bignight2
  • Topic Starter

  • Members
  • 294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:usa
  • Local time:12:17 AM

Posted 12 September 2006 - 10:54 AM

no i dont think i had that infection ill do the above and be back in five

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Event"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
00,00,34,09,c8,f0,ec,72,cf,47,a0,a2,24,ac,80,b4,94,74,04,00,00,00,04,00,00,\
00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,65,29,d6,e3,19,08,cb,f8,\
b9,84,65,b5,db,19,21,7f,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,ac,\
38,6d,94,27,59,21,5a,0b,44,e6,46,86,e9,f2,e0,b0,01,00,00,b5,ad,db,1b,d4,3b,\
f9,84,6e,8a,4d,11,51,c0,f1,94,e6,72,f0,48,39,e6,63,b4,19,b0,4c,88,48,01,a4,\
4e,ff,4b,fe,09,0e,2f,3b,ab,2f,d8,f5,e9,57,81,a1,bc,95,9e,07,22,9a,e0,2f,9c,\
51,0d,fe,75,ff,ea,55,c2,d4,a7,48,76,37,54,c9,d9,3d,7d,29,51,87,92,8f,62,24,\
d6,b1,65,17,c8,a8,d7,56,e4,20,b9,96,11,9d,7d,61,90,08,22,51,b0,18,77,01,a4,\
e1,d4,d0,66,2b,85,ac,8b,60,97,f1,b4,c6,ab,ba,75,2a,32,6e,a2,82,0b,11,32,db,\
ed,7f,a5,02,eb,32,7f,bc,f8,fd,e2,5f,fc,b2,ca,87,02,31,96,2e,95,c8,ee,f3,6e,\
01,f5,16,41,f5,9d,68,8a,0f,b0,09,03,56,d7,1b,13,15,7b,3a,b4,cd,be,6e,95,be,\
a0,1e,85,d6,21,cb,c6,93,8b,33,39,ce,73,61,7c,a0,7a,3b,3a,60,ce,c9,12,9b,60,\
7c,fa,36,eb,38,c5,ff,7a,b8,67,ab,b3,45,c7,91,80,77,d4,32,b6,a6,a3,77,a5,83,\
8e,14,a3,2e,b3,23,ad,9c,6b,2e,86,f2,5d,9f,32,f7,1f,45,2c,47,6c,70,bc,98,29,\
49,92,87,86,5e,ec,1f,8b,90,86,fb,2b,5c,03,5b,2c,81,5b,1a,82,8a,9a,4e,e4,54,\
8f,4d,85,4e,08,b5,86,74,af,1f,55,b3,f3,1e,83,1e,bf,c2,43,5a,c3,50,88,c4,6d,\
50,16,f4,7b,64,cf,ab,a8,d2,f2,e3,59,5c,c6,43,59,7a,04,70,44,19,07,0b,12,9c,\
a8,8b,64,e4,bd,6b,df,66,6f,bd,e6,7a,fc,2c,0d,9c,25,da,25,aa,dc,ae,2c,80,46,\
f6,ec,32,c3,04,91,3f,23,51,fe,15,53,45,cf,87,51,47,15,a9,08,c5,03,21,9b,ae,\
1b,b8,15,c0,0a,21,6a,a9,31,a3,e4,a5,95,33,e2,71,cf,cc,db,ba,ec,a0,ac,e2,46,\
fe,ba,d5,0d,5a,9e,a5,59,37,fb,3f,cc,74,47,32,e5,e8,5b,df,a1,53,79,76,a0,5d,\
1f,14,00,00,00,d3,4a,40,8d,e3,36,9b,5c,bd,3a,60,df,31,f7,16,ee,e7,d8,ab,e3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

Edited by bignight2, 12 September 2006 - 11:01 AM.


#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:17 AM

Posted 12 September 2006 - 11:03 AM

Ok, that went well..... Now try to update. :thumbsup:

Fingers crossed.....
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 bignight2

bignight2
  • Topic Starter

  • Members
  • 294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:usa
  • Local time:12:17 AM

Posted 12 September 2006 - 11:08 AM

you are a damn genius! working like a champ what ya might think caused this, ill be donating soon

#14 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:17 AM

Posted 12 September 2006 - 11:12 AM

Well the cause was this key missing before:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

and actually, you were missing all default winlogon notify keys as well, which could also caused problems with other actions you wanted to perform.
In anyway, we restored all these defaults back again.

Not sure what wiped those keys though - seen some infections causing this, but also some "so called" registry cleaners.
Just keep that winlogonnotifyrestore.reg, because you never know that something wipes it again. :thumbsup:

Glad to hear the update problem is now solved :flowers:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 bignight2

bignight2
  • Topic Starter

  • Members
  • 294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:usa
  • Local time:12:17 AM

Posted 12 September 2006 - 11:15 AM

thanks miekiemoes, yea i looked on a few other posts to find that in reg and didnt see it so i didnt fart around in there but thankyou so much! bignight


and yes it might have been jv16 i ran months ago thankyou

Edited by bignight2, 12 September 2006 - 11:16 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users