Thread: Random problems...
View Single Post
Old 03-25-2005, 03:56 AM   #11 (permalink)
Zeokage
Registered User
 
Join Date: Mar 2005
Location: London, England
Posts: 70
OS: Windows XP Home

My System

Finally able to keep the computer on, I hope you all aren't asleep ...
Quote:
Originally Posted by HijackThis Analyzer
====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 3/2/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 19:21:09, on 2005/03/25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\NTMETER.EXE
C:\Smdata\ReadSctService.exe
C:\Program Files\necmfk\necmfk.exe
C:\Program Files\LiquidView\lviewj.exe
C:\WINDOWS\System32\hfsmop.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\SmartHobby\PlugIn\CopyFromDigitalCamera\SearchM.exe
C:\Program Files\子画面設定ユーティリティ\piputil.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Yahoo_BB\bin\mpbtn.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\PCGATE Personal\pcgate.exe

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk.exe
O4 - HKLM\..\Run: [SHRunOnce] C:\Program Files\SmartHobby\SHRunOnce.exe
O4 - HKLM\..\Run: [LiquidView] C:\Program Files\LiquidView\lviewj.exe
O4 - HKLM\..\Run: [HFSMOP] C:\WINDOWS\System32\hfsmop.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKCU\..\Run: [SearchM] C:\Program Files\SmartHobby\PlugIn\CopyFromDigitalCamera\SearchM.exe
O8 - Extra context menu item: BIGLOBE:ニュース検索 - res://C:\Program Files\BIGLOBE\Toolbar\biglobe.dll/script_news.htm
O8 - Extra context menu item: BIGLOBE:ページ検索 - res://C:\Program Files\BIGLOBE\Toolbar\biglobe.dll/script_web.htm
O8 - Extra context menu item: BIGLOBE:画像検索 - res://C:\Program Files\BIGLOBE\Toolbar\biglobe.dll/script_pict.htm
O8 - Extra context menu item: BIGLOBE:辞書検索 - res://C:\Program Files\BIGLOBE\Toolbar\biglobe.dll/script_dic.htm
O9 - Extra 'Tools' menuitem: Sun の Java コンソール - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: JWord(日本語キーワード) - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://www.jword.jp/intro/?partner=A...k&frm=iebutton (file missing)
O11 - Options group: [!CNS] JWord(日本語キーワード)
O14 - IERESET.INF: START_PAGE_URL=http://www.biglobe.ne.jp/
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (ウイルスバスター On-Line Scan) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol hijack: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D}
O18 - Protocol hijack: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B}
O18 - Protocol hijack: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B}
O18 - Protocol hijack: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B}
O18 - Protocol hijack: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6}
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll
O18 - Protocol hijack: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B}
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol hijack: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol hijack: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol hijack: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE}
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NT Meter - Unknown owner - C:\WINDOWS\system32\NTMETER.EXE
O23 - Service: BroadPass Manager (Poling_Service) - 日本電気株式会社 - c:\Program Files\BIGLOBE\BroadPass\base\base.exe
O23 - Service: ReadSector (ReadSctService) - Unknown owner - C:\Smdata\ReadSctService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


End of KRC HijackThis Analyzer Log.
====================================================================
hfsmop.exe = NEC Half-Screen Style Utility... I think it's the thing that lets me watch TV and the computer screen at the same time.
piputil seems to be the program it uses.

Look2Me Uninstaller: No version found to uninstall, could it be because I started using Opera and haven't run IE for almost a week now?

IGN Keyword Uninstaller and ClearSearch Uninstaller said to reboot the computer, but I haven't done it yet... should I do so now?
Quote:
Originally Posted by pv.zip Log 3
It was empty
Quote:
Originally Posted by pv.zip Log 5
Module information for 'winlogon.exe'
MODULE BASE SIZE PATH
winlogon.exe 1000000 512000 C:\WINDOWS\system32\winlogon.exe 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Logon Application
ntdll.dll 7c940000 643072 C:\WINDOWS\system32\ntdll.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT Layer DLL
kernel32.dll 7c800000 1249280 C:\WINDOWS\system32\kernel32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT BASE API Client DLL
ADVAPI32.dll 77d80000 692224 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Advanced Windows 32 Base API
RPCRT4.dll 77e30000 593920 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Procedure Call Runtime
AUTHZ.dll 77c20000 69632 C:\WINDOWS\system32\AUTHZ.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Authorization Framework
msvcrt.dll 77bc0000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT CRT DLL
CRYPT32.dll 765c0000 602112 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Crypto API32
USER32.dll 77cf0000 585728 C:\WINDOWS\system32\USER32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows XP USER API Client DLL
GDI32.dll 77ed0000 286720 C:\WINDOWS\system32\GDI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) GDI Client DLL
MSASN1.dll 77c40000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ASN.1 Runtime APIs
NDdeApi.dll 75880000 32768 C:\WINDOWS\system32\NDdeApi.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Network DDE Share Management APIs
PROFMAP.dll 75870000 40960 C:\WINDOWS\system32\PROFMAP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Userenv
NETAPI32.dll 59250000 344064 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Net Win32 API DLL
USERENV.dll 759b0000 720896 C:\WINDOWS\system32\USERENV.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Userenv
PSAPI.DLL 76ba0000 45056 C:\WINDOWS\system32\PSAPI.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Process Status Helper
REGAPI.dll 76b70000 61440 C:\WINDOWS\system32\REGAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Registry Configuration APIs
Secur32.dll 77fa0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Security Support Provider Interface
SETUPAPI.dll 76040000 1413120 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Setup API
VERSION.dll 77bb0000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Version Checking and File Installation Libraries
WINSTA.dll 762b0000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Winstation Library
WINTRUST.dll 76be0000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c40000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Image Helper
WS2_32.dll 719e0000 94208 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 719d0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 Helper for Windows NT
IMM32.DLL 762e0000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows XP IMM32 API Client DLL
LPK.DLL 60740000 36864 C:\WINDOWS\system32\LPK.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Language Pack
USP10.dll 73f80000 438272 C:\WINDOWS\system32\USP10.dll 1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158) Uniscribe Unicode script processor
MSGINA.dll 758b0000 995328 C:\WINDOWS\system32\MSGINA.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Logon GINA DLL
SHELL32.dll 77380000 8376320 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.2578 (xpsp_sp2_gdr.041130-1729) Windows Shell Common Dll
SHLWAPI.dll 77f20000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.2573 (xpsp_sp2_gdr.041130-1729) Shell Light-weight Utility Library
COMCTL32.dll 5ab60000 618496 C:\WINDOWS\system32\COMCTL32.dll 5.82 (xpsp_sp2_rtm.040803-2158) Common Controls Library
ODBC32.dll 73520000 249856 C:\WINDOWS\system32\ODBC32.dll 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) Microsoft Data Access - ODBC Driver Manager
comdlg32.dll 76300000 294912 C:\WINDOWS\system32\comdlg32.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Common Dialogs DLL
comctl32.dll 77160000 1056768 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 6.0 (xpsp_sp2_rtm.040803-2158) User Experience Controls Library
odbcint.dll 20000000 94208 C:\WINDOWS\system32\odbcint.dll 3.525.1117.0 built by: (_sqlbld) Microsoft Data Access - ODBC Resources
SHSVCS.dll 76df0000 143360 C:\WINDOWS\system32\SHSVCS.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Windows Shell Services Dll
sfc.dll 76b60000 20480 C:\WINDOWS\system32\sfc.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows File Protection
sfc_os.dll 76c10000 167936 C:\WINDOWS\system32\sfc_os.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows File Protection
ole32.dll 76970000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.2595 (xpsp_sp2_gdr.041130-1729) Microsoft OLE for Windows
Apphelp.dll 76d90000 139264 C:\WINDOWS\system32\Apphelp.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Application Compatibility Client Library
msctfime.ime 73620000 188416 C:\WINDOWS\system32\msctfime.ime 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Text Frame Work Service IME
uxtheme.dll 58730000 229376 C:\WINDOWS\system32\uxtheme.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Microsoft UxTheme Library
WINSCARD.DLL 72340000 110592 C:\WINDOWS\system32\WINSCARD.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Smart Card API
WTSAPI32.dll 76f00000 32768 C:\WINDOWS\system32\WTSAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Terminal Server SDK APIs
WINMM.dll 76af0000 176128 C:\WINDOWS\system32\WINMM.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MCI API DLL
SYNCOR11.DLL 6bd00000 53248 C:\WINDOWS\system32\SYNCOR11.DLL 1.2.3 SynthCore R2.0 Midi Interface Driver
cscdll.dll 76550000 114688 C:\WINDOWS\system32\cscdll.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Offline Network Agent
WlNotify.dll 75890000 106496 C:\WINDOWS\system32\WlNotify.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Common DLL to receive Winlogon notifications
WINSPOOL.DRV 72f50000 155648 C:\WINDOWS\system32\WINSPOOL.DRV 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Spooler Driver
MPR.dll 71a50000 73728 C:\WINDOWS\system32\MPR.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Multiple Provider Router DLL
rsaenh.dll ffd0000 163840 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.2161 (xpsp.040706-1629) Microsoft Enhanced Cryptographic Provider
SAMLIB.dll 71b40000 77824 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SAM Library DLL
sxs.dll 75de0000 716800 C:\WINDOWS\system32\sxs.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Fusion 2.5
msv1_0.dll 77cb0000 143360 C:\WINDOWS\system32\msv1_0.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Authentication Package v1.0
iphlpapi.dll 76d10000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) IP Helper API
imjp81.ime 4edc0000 352256 C:\WINDOWS\system32\imjp81.ime 8.1.4202.0 Microsoft IME Standard
imjp81k.dll 648f0000 851968 C:\WINDOWS\system32\imjp81k.dll 8.1.4202.0 Microsoft IME
cscui.dll 76570000 327680 C:\WINDOWS\system32\cscui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Client Side Caching UI
xpsp2res.dll 1c60000 5636096 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Service Pack 2 Messages
COMRes.dll 77000000 700416 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.258
OLEAUT32.dll 770d0000 573440 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.2180
CLBCATQ.DLL 76f80000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.258
NTMARTA.DLL 76c90000 131072 C:\WINDOWS\system32\NTMARTA.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT MARTA provider
WLDAP32.dll 76f10000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Win32 LDAP API DLL
IMJPCD.DIC 3b100000 110592 C:\WINDOWS\IME\IMJP8_1\Dicts\IMJPCD.DIC 8.1.4202.0 Microsoft IME Code Dictionary
wdmaud.drv 72c70000 36864 C:\WINDOWS\system32\wdmaud.drv 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) WDM Audio driver mapper
msacm32.drv 72c60000 32768 C:\WINDOWS\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
MSACM32.dll 77b90000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft ACM Audio Filter
midimap.dll 77b80000 28672 C:\WINDOWS\system32\midimap.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft MIDI Mapper
Quote:
Originally Posted by Notify
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
VX2Finder(126): When I clicked "Make Log" nothing noticable happened, so I clicked "Hosts Log" and this came up...
Quote:
Originally Posted by Hosts Log
127.0.0.1 www.igetnet.com
127.0.0.1 code.ignphrases.com
127.0.0.1 clear-search.com
127.0.0.1 r1.clrsch.com
127.0.0.1 sds.clrsch.com
127.0.0.1 status.clrsch.com
127.0.0.1 www.clrsch.com
127.0.0.1 clr-sch.com
127.0.0.1 sds-qckads.com
127.0.0.1 status.qckads.com
# Start of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 status.qckads.com
Downloaded Program Files (Description in brackets):
  • {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
  • {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}
  • FileSharingCtrl Class (fsmsngr Module)
  • Java Runtime Environment 1.4.2
  • Java Runtime Environment 1.4.2
  • MessengerStatsClient Class
  • MsnMessengerSetupDownloadControl Class
  • Solitaire Showdown Class
  • ウイルスバスター On-line Scan
The first two didn't have a description, but on the first tab the piece of information above the (install?) date was (ActiveX コントロール) the last word means "control" in Japanese. The On-Line Scan one I think says something like Wills Buster. It's the first word I'm not sure of...

C:\Program Files\Internet Explorer\
  • Folders
    • Connection Wizard
    • Custom
    • mui
    • PLUGINS
    • SIGNUP
    dll files
    • hmmapi.dll
    Applications
    • iedw (Apparantly it's Crash Detection)
    • iexplore (Internet Explorer)
    Crypto Shell Extensions
    • KB870669
    • Q330994
    • Q818529
    • Q822925
    • Q823353
    • Q831167
Zeokage is offline