An Unusual W2K Happenstance

Discussion in 'Computer Security' started by doktor.who@fahrt.net, Apr 3, 2006.

  1. Guest

    Something strange is happening here. Some application continually starts
    and will not stop doing so, for some strange reason.

    Visited a torrent website, using heavy filtering as I always do, to do my
    best to block the nasties and suddenly, something is occuring quite
    differently from the usual, familiar W2K machine processing.

    The website had a scrolling window within several frames and as it came
    up I noticed that the sound I have set for application *startup* sounded,
    which is fairly unusual.

    This is the output from filemon, showing the file execution activity in
    question, as it happens.

    I do not understand the "WINLOGON" execution, or why this all keeps cycling.

    My "C:" drive is on X: ---- fooled ya /g/.

    Anyone know what causes this, or how to prevent it from happening?

    ==

    23:17:33 WINLOGON.EXE:196 QUERY INFORMATION Z:\utilities\MultimediaFiles\wav\other\BassExitNotes.wav SUCCESS Attributes: A
    23:17:33 WINLOGON.EXE:196 OPEN Z:\utilities\MultimediaFiles\wav\other\BassExitNotes.wav SUCCESS Options: Open Access: All
    23:17:33 WINLOGON.EXE:196 QUERY INFORMATION Z:\utilities\MultimediaFiles\wav\other\BassExitNotes.wav SUCCESS Length: 168520
    23:17:33 WINLOGON.EXE:196 QUERY INFORMATION Z:\utilities\MultimediaFiles\wav\other\BassExitNotes.wav SUCCESS Attributes: A
    23:17:33 WINLOGON.EXE:196 CLOSE Z:\utilities\MultimediaFiles\wav\other\BassExitNotes.wav SUCCESS
    23:17:33 mplayer2.exe:424 CLOSE X:\WINNT\system32\ SUCCESS
    23:17:33 SERVICES.EXE:224 WRITE X:\WINNT\system32\config\SysEvent.Evt SUCCESS Offset: 454464 Length: 200
    23:17:33 SERVICES.EXE:224 WRITE X:\WINNT\system32\config\SysEvent.Evt SUCCESS Offset: 454664 Length: 40
    23:17:33 svchost.exe:412 QUERY INFORMATION X:\Program FILE NOT FOUND Attributes: Error
    23:17:33 svchost.exe:412 QUERY INFORMATION X:\Program.exe FILE NOT FOUND Attributes: Error
    23:17:33 svchost.exe:412 OPEN X:\Program FILE NOT FOUND Options: Open Access: All
    23:17:33 svchost.exe:412 QUERY INFORMATION X:\Program Files\Windows FILE NOT FOUND Attributes: Error
    23:17:33 svchost.exe:412 QUERY INFORMATION X:\Program Files\Windows.exe FILE NOT FOUND Attributes: Error
    23:17:33 svchost.exe:412 OPEN X:\Program Files\Windows FILE NOT FOUND Options: Open Access: All
    23:17:33 svchost.exe:412 QUERY INFORMATION X:\Program Files\Windows Media FILE NOT FOUND Attributes: Error
    23:17:33 svchost.exe:412 QUERY INFORMATION X:\Program Files\Windows Media.exe FILE NOT FOUND Attributes: Error
    23:17:33 svchost.exe:412 OPEN X:\Program Files\Windows Media FILE NOT FOUND Options: Open Access: All
    23:17:33 svchost.exe:412 QUERY INFORMATION X:\Program Files\Windows Media Player\mplayer2.exe SUCCESS Attributes: A
    23:17:33 svchost.exe:412 QUERY INFORMATION X:\Program Files\Windows Media Player\mplayer2.exe SUCCESS Attributes: A
    23:17:33 svchost.exe:412 OPEN X:\Program Files\Windows Media Player\mplayer2.exe SUCCESS Options: Open Access: Execute
    23:17:33 svchost.exe:412 QUERY INFORMATION X:\Program Files\Windows Media Player\mplayer2.exe SUCCESS FileNameInformation
    23:17:33 svchost.exe:412 CLOSE X:\Program Files\Windows Media Player\mplayer2.exe SUCCESS
    23:17:33 svchost.exe:412 OPEN X:\ SUCCESS Options: Open Directory Access: All
    23:17:33 svchost.exe:412 DIRECTORY X:\ SUCCESS FileDirectoryInformation: WINNT
    23:17:33 svchost.exe:412 CLOSE X:\ SUCCESS
    23:17:33 svchost.exe:412 OPEN X:\WINNT SUCCESS Options: Open Directory Access: All
    23:17:33 svchost.exe:412 DIRECTORY X:\WINNT SUCCESS FileDirectoryInformation: system32
    23:17:33 svchost.exe:412 CLOSE X:\WINNT SUCCESS
    23:17:33 svchost.exe:412 OPEN X:\WINNT\system32 SUCCESS Options: Open Directory Access: All
    23:17:33 svchost.exe:412 DIRECTORY X:\WINNT\system32 SUCCESS FileDirectoryInformation: svchost.exe
    23:17:33 svchost.exe:412 CLOSE X:\WINNT\system32 SUCCESS
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\ SUCCESS Options: Open Directory Access: Traverse
    23:17:33 mplayer2.exe:1180 QUERY INFORMATION X:\Program Files\Windows Media Player\msdxm.ocx FILE NOT FOUND Attributes: Error
    23:17:33 mplayer2.exe:1180 QUERY INFORMATION X:\WINNT\system32\msdxm.ocx SUCCESS Attributes: N
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\msdxm.ocx SUCCESS Options: Open Access: Execute
    23:17:33 mplayer2.exe:1180 QUERY INFORMATION X:\WINNT\system32\msdxm.ocx SUCCESS FileNameInformation
    23:17:33 mplayer2.exe:1180 CLOSE X:\WINNT\system32\msdxm.ocx SUCCESS
    23:17:33 mplayer2.exe:1180 QUERY INFORMATION X:\Program Files\Windows Media Player\Quartz.dll FILE NOT FOUND Attributes: Error
    23:17:33 mplayer2.exe:1180 QUERY INFORMATION X:\WINNT\system32\Quartz.dll SUCCESS Attributes: N
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\Quartz.dll SUCCESS Options: Open Access: Execute
    23:17:33 mplayer2.exe:1180 QUERY INFORMATION X:\WINNT\system32\Quartz.dll SUCCESS FileNameInformation
    23:17:33 mplayer2.exe:1180 CLOSE X:\WINNT\system32\Quartz.dll SUCCESS
    23:17:33 mplayer2.exe:1180 QUERY INFORMATION X:\Program Files\Windows Media Player\WINMM.dll FILE NOT FOUND Attributes: Error
    23:17:33 mplayer2.exe:1180 QUERY INFORMATION X:\WINNT\system32\WINMM.dll SUCCESS Attributes: N
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\WINMM.dll SUCCESS Options: Open Access: Execute
    23:17:33 mplayer2.exe:1180 QUERY INFORMATION X:\WINNT\system32\WINMM.dll SUCCESS FileNameInformation
    23:17:33 mplayer2.exe:1180 CLOSE X:\WINNT\system32\WINMM.dll SUCCESS
    23:17:33 mplayer2.exe:1180 QUERY INFORMATION X:\Program Files\Windows Media Player\mplayer2.exe.Local FILE NOT FOUND Attributes: Error
    23:17:33 WINLOGON.EXE:196 QUERY INFORMATION Z:\utilities\MultimediaFiles\wav\other\Bongos.wav SUCCESS Attributes: A
    23:17:33 WINLOGON.EXE:196 OPEN Z:\utilities\MultimediaFiles\wav\other\Bongos.wav SUCCESS Options: Open Access: All
    23:17:33 WINLOGON.EXE:196 QUERY INFORMATION Z:\utilities\MultimediaFiles\wav\other\Bongos.wav SUCCESS Length: 77120
    23:17:33 WINLOGON.EXE:196 READ Z:\utilities\MultimediaFiles\wav\other\Bongos.wav SUCCESS Offset: 0 Length: 77120
    23:17:33 WINLOGON.EXE:196 QUERY INFORMATION Z:\utilities\MultimediaFiles\wav\other\Bongos.wav SUCCESS Attributes: A
    23:17:33 WINLOGON.EXE:196 CLOSE Z:\utilities\MultimediaFiles\wav\other\Bongos.wav SUCCESS
    23:17:33 mplayer2.exe:1180 SET INFORMATION X:\WINNT\system32\config\software.LOG SUCCESS Length: 4096
    23:17:33 mplayer2.exe:1180 SET INFORMATION X:\WINNT\system32\config\software.LOG SUCCESS Length: 4096
    23:17:33 mplayer2.exe:1180 SET INFORMATION X:\WINNT\system32\config\software.LOG SUCCESS Length: 8192
    23:17:33 mplayer2.exe:1180 SET INFORMATION X:\WINNT\system32\config\software.LOG SUCCESS Length: 8192
    23:17:33 mplayer2.exe:1180 QUERY INFORMATION X:\WINNT\system32\ole32.dll SUCCESS Attributes: N
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\wave1 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\wave1 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\wave2 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\wave2 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\wave3 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\wave3 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\wave4 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\wave4 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\wave5 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\wave5 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\wave6 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\wave6 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\wave7 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\wave7 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\wave8 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\wave8 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\wave9 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\wave9 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\midi1 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\midi1 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\midi2 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\midi2 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\midi3 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\midi3 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\midi4 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\midi4 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\midi5 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\midi5 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\midi6 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\midi6 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\midi7 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\midi7 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\midi8 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\midi8 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\midi9 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\midi9 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 QUERY INFORMATION X:\Program Files\Windows Media Player\mmdrv.dll FILE NOT FOUND Attributes: Error
    23:17:33 mplayer2.exe:1180 QUERY INFORMATION X:\WINNT\system32\mmdrv.dll SUCCESS Attributes: N
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\mmdrv.dll SUCCESS Options: Open Access: Execute
    23:17:33 mplayer2.exe:1180 QUERY INFORMATION X:\WINNT\system32\mmdrv.dll SUCCESS FileNameInformation
    23:17:33 mplayer2.exe:1180 CLOSE X:\WINNT\system32\mmdrv.dll SUCCESS
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\aux2 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\aux2 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\aux3 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\aux3 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\aux4 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\aux4 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\aux5 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\aux5 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\aux6 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\aux6 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\aux7 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\aux7 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\aux8 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\aux8 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\aux9 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\aux9 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\mixer1 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\mixer1 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\mixer2 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\mixer2 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\mixer3 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\mixer3 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\mixer4 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\mixer4 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\mixer5 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\mixer5 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\mixer6 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\mixer6 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\mixer7 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\mixer7 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\mixer8 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\mixer8 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\mixer9 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\mixer9 FILE NOT FOUND Options: Open Access: All
    23:17:33 mplayer2.exe:1180 QUERY INFORMATION X:\WINNT\system32\rpcss.dll SUCCESS Attributes: N
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\rpcss.dll SUCCESS Options: Open Access: Execute
    23:17:33 mplayer2.exe:1180 QUERY INFORMATION X:\WINNT\system32\rpcss.dll SUCCESS Length: 273680
    23:17:33 mplayer2.exe:1180 QUERY INFORMATION X:\WINNT\system32\rpcss.dll SUCCESS FileNameInformation
    23:17:33 mplayer2.exe:1180 CLOSE X:\WINNT\system32\rpcss.dll SUCCESS
    23:17:33 mplayer2.exe:1180 QUERY INFORMATION X:\PROGRA~1\BillP Studios\WinPatrol\PATROLPRO.DLL SUCCESS Attributes: A
    23:17:33 mplayer2.exe:1180 OPEN X:\PROGRA~1\BillP Studios\WinPatrol\PATROLPRO.DLL SUCCESS Options: Open Access: Execute
    23:17:33 mplayer2.exe:1180 QUERY INFORMATION X:\PROGRA~1\BillP Studios\WinPatrol\PATROLPRO.DLL SUCCESS Length: 42552
    23:17:33 mplayer2.exe:1180 QUERY INFORMATION X:\PROGRA~1\BillP Studios\WinPatrol\PATROLPRO.DLL SUCCESS FileNameInformation
    23:17:33 mplayer2.exe:1180 CLOSE X:\PROGRA~1\BillP Studios\WinPatrol\PATROLPRO.DLL SUCCESS
    23:17:33 mplayer2.exe:1180 QUERY INFORMATION X:\PROGRA~1\BillP Studios\WinPatrol\PATROLPRO.DLL SUCCESS Attributes: A
    23:17:33 mplayer2.exe:1180 OPEN X:\PROGRA~1\BillP Studios\WinPatrol\PATROLPRO.DLL SUCCESS Options: Open Access: Execute
    23:17:33 mplayer2.exe:1180 QUERY INFORMATION X:\PROGRA~1\BillP Studios\WinPatrol\PATROLPRO.DLL SUCCESS FileNameInformation
    23:17:33 mplayer2.exe:1180 CLOSE X:\PROGRA~1\BillP Studios\WinPatrol\PATROLPRO.DLL SUCCESS
    23:17:33 mplayer2.exe:1180 QUERY INFORMATION X:\WINNT\system32\msdxm.ocx SUCCESS Attributes: N
    23:17:33 mplayer2.exe:1180 QUERY INFORMATION X:\WINNT\System32\~CLBCATQ.DLL FILE NOT FOUND Attributes: Error
    23:17:33 mplayer2.exe:1180 QUERY INFORMATION X:\Program Files\Windows Media Player\CLBCATQ.DLL FILE NOT FOUND Attributes: Error
    23:17:33 mplayer2.exe:1180 QUERY INFORMATION X:\WINNT\system32\CLBCATQ.DLL SUCCESS Attributes: N
    23:17:33 mplayer2.exe:1180 OPEN X:\WINNT\system32\CLBCATQ.DLL SUCCESS Options: Open Access: Execute
    23:17:33 mplayer2.exe:1180 QUERY INFORMATION X:\WINNT\system32\CLBCATQ.DLL SUCCESS FileNameInformation
    23:17:33 mplayer2.exe:1180 CLOSE X:\WINNT\system32\CLBCATQ.DLL SUCCESS
    23:17:33 mplayer2.exe:1180 OPEN \\.\Pipe\lsarpc SUCCESS Options: Open Access: All
    23:17:33 mplayer2.exe:1180 SET INFORMATION \\.\Pipe\lsarpc SUCCESS FilePipeInformation
    23:17:33 LSASS.EXE:236 READ \\.\Pipe\lsass SUCCESS Offset: 0 Length: 1024
    23:17:33 LSASS.EXE:236 WRITE \\.\Pipe\lsass SUCCESS Offset: 0 Length: 68
    23:17:33 LSASS.EXE:236 READ \\.\Pipe\lsass SUCCESS Offset: 0 Length: 1024
    23:17:33 LSASS.EXE:236 READ \\.\Pipe\lsass SUCCESS Offset: 0 Length: 1024
    23:17:33 LSASS.EXE:236 WRITE \\.\Pipe\lsass SUCCESS Offset: 0 Length: 48
    23:17:33 LSASS.EXE:236 READ \\.\Pipe\lsass SUCCESS Offset: 0 Length: 1024
    23:17:33 LSASS.EXE:236 WRITE \\.\Pipe\lsass SUCCESS Offset: 0 Length: 196
    23:17:33 LSASS.EXE:236 READ \\.\Pipe\lsass PIPE BROKEN Offset: 0 Length: 1024
    23:17:33 LSASS.EXE:236 WRITE \\.\Pipe\lsass SUCCESS Offset: 0 Length: 48
    23:17:33 mplayer2.exe:1180 CLOSE \\.\Pipe\lsarpc SUCCESS
    23:17:33 LSASS.EXE:236 FLUSH \\.\Pipe\lsass SUCCESS
    23:17:33 explorer.exe:968 QUERY INFORMATION X:\Program Files\Kerio\Personal Firewall\persfw.exe SUCCESS Attributes: N
    23:17:33 explorer.exe:968 OPEN X:\Program Files\Kerio\Personal Firewall\persfw.exe SUCCESS Options: Open Access: Execute
    23:17:33 explorer.exe:968 QUERY INFORMATION X:\Program Files\Kerio\Personal Firewall\persfw.exe SUCCESS Length: 389120
    23:17:33 explorer.exe:968 QUERY INFORMATION X:\Program Files\Kerio\Personal Firewall\persfw.exe SUCCESS FileNameInformation
    23:17:33 explorer.exe:968 CLOSE X:\Program Files\Kerio\Personal Firewall\persfw.exe SUCCESS
    23:17:33 LSASS.EXE:236 READ \\.\Pipe\lsass SUCCESS Offset: 0 Length: 1024
    23:17:33 LSASS.EXE:236 WRITE \\.\Pipe\lsass SUCCESS Offset: 0 Length: 68
    23:17:33 LSASS.EXE:236 READ \\.\Pipe\lsass Offset: 0 Length: 1024
    23:17:33 LSASS.EXE:236 READ \\.\Pipe\lsass Offset: 0 Length: 1024
    23:17:33 LSASS.EXE:236 WRITE \\.\Pipe\lsass SUCCESS Offset: 0 Length: 48
    23:17:33 LSASS.EXE:236 READ \\.\Pipe\lsass Offset: 0 Length: 1024
    23:17:33 LSASS.EXE:236 WRITE \\.\Pipe\lsass SUCCESS Offset: 0 Length: 196
    23:17:33 LSASS.EXE:236 READ \\.\Pipe\lsass Offset: 0 Length: 1024
    23:17:33 LSASS.EXE:236 WRITE \\.\Pipe\lsass SUCCESS Offset: 0 Length: 48
    23:17:33 LSASS.EXE:236 FLUSH \\.\Pipe\lsass SUCCESS
    , Apr 3, 2006
    #1
    1. Advertising

  2. Galen Guest

    In news:4430d7a8$0$15851$,
    had this to say:

    My reply is at the bottom of your sent message:

    > Something strange is happening here. Some application continually
    > starts
    > and will not stop doing so, for some strange reason.
    >
    > Visited a torrent website, using heavy filtering as I always do, to
    > do my
    > best to block the nasties and suddenly, something is occuring quite
    > differently from the usual, familiar W2K machine processing.
    >
    > The website had a scrolling window within several frames and as it
    > came
    > up I noticed that the sound I have set for application *startup*
    > sounded,
    > which is fairly unusual.
    >
    > This is the output from filemon, showing the file execution activity
    > in
    > question, as it happens.
    >
    > I do not understand the "WINLOGON" execution, or why this all keeps
    > cycling.
    >
    > My "C:" drive is on X: ---- fooled ya /g/.
    >
    > Anyone know what causes this, or how to prevent it from happening?


    <snipped>

    Well it looks like putting the OS on X: didn't do any fooling. ;)

    Anyhow, it LOOKS like there is a media file constantly trying to open? It
    also looks like the file is not there? At least that's what I'm getting from
    this?

    Have you scanned for malware? I guess that's where I'd take a gander first.

    --
    Galen - MS MVP - Windows (Shell/User & IE)
    http://dts-l.org/
    http://kgiii.info/

    "At present I am, as you know, fairly busy, but I propose to devote my
    declining years to the composition of a textbook which shall focus the
    whole art of detection into one volume." - Sherlock Holmes
    Galen, Apr 3, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?Qm9i?=

    W2K Prof. to W2K Prof. File & Printer Sharing Not Working

    =?Utf-8?B?Qm9i?=, Dec 12, 2004, in forum: Wireless Networking
    Replies:
    14
    Views:
    2,260
    Malke
    Dec 17, 2004
  2. ICS unusual problem

    , Apr 13, 2005, in forum: Wireless Networking
    Replies:
    2
    Views:
    430
  3. =?Utf-8?B?UmVjb24=?=

    Unusual network setup due to hardware limitation

    =?Utf-8?B?UmVjb24=?=, Dec 9, 2005, in forum: Wireless Networking
    Replies:
    3
    Views:
    1,026
    Doug Sherman [MVP]
    Dec 12, 2005
  4. Andrew

    Unusual IPSEC routing issue

    Andrew, Feb 25, 2005, in forum: Cisco
    Replies:
    2
    Views:
    520
    Andrew
    Feb 25, 2005
  5. =?Utf-8?B?c2FuZHdvcm0=?=

    RE: It's not unusual

    =?Utf-8?B?c2FuZHdvcm0=?=, May 19, 2004, in forum: MCSE
    Replies:
    14
    Views:
    689
    Consultant
    May 20, 2004
Loading...

Share This Page