asked on

Winlogon error, then bluescreen at every restart

My laptop got hit with malware called "BraveSentry". I have run all the utilities to remove it, and it is completely gone. What is left, now, is a persistent winlogon error. Whenever I shutdown/restart windows, I get the following errors in this screenshot:
www.songwave.com/ttemp/shutdown_error.jpg

then, upon restarting windows, I get a message that "Winlogon encountered a problem and needed to close" with an option to send an error report to microsoft.
DETAILS:
szAppName : winlogon.exe szAppVer : 0.0.0.0 szModName : unknown
szModVer : 0.0.0.0 offset : 3bf22d96

an event is posted in my application log.

Event 1004
Faulting application winlogon.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x3bf22d

I have already tried creating a new profile, but no avail. What do you recommend I do at this point to fix a winlogon error?
Here is a HijackThis log of my system
www.songwave.com/ttemp/hijackthis.log

thanks!

ASKER CERTIFIED SOLUTION

johnb6767

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

arthurh88

ASKER

ok i found the problem, its a trojan dll called winsys2f.dll and i am unable to delete it since it starts with winlogon (being used, access denied). I have a registry entry that initiates this trojan in the notify area of winlogon:
C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll

the problem is as soon as I delete this, it pops right back immediately. best way to stop this DLL?

arthurh88

ASKER

cannot unlaod it using regsvr32 /u "C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll" says access denied. AVG detects it but cannot clean it

arthurh88

ASKER

finally got it with killbox then rebooting to safemode with command prompt. thanks a bunch!!

johnb6767

YW, sorry it took so long to get back here...