Getting Winlogon.exe Error Messages at Startup and Shutdown of XP Pro SP2
Hi Everyone:
Each time I start up the computer, I get the following error message when the desktop attempts to load: Winlogon.exe encountered a problem and needed to close. After a few seconds, it disappears on its own. Sometimes, I can click Cancel to clear it as well. When I shutdown XP, I get the following error message which also makes reference to winlogin.exe. The error message reads as follows: Winlogon.exe Application Error. The instruction at (makes reference to a memory address with numbers and letters) could not be read by the memory. Click Cancel or OK to terminate the program or select Debug program.
Any help on resolving this winlogon.exe error message within XP Pro SP2 will be appreciated.
Thank you.
George
Each time I start up the computer, I get the following error message when the desktop attempts to load: Winlogon.exe encountered a problem and needed to close. After a few seconds, it disappears on its own. Sometimes, I can click Cancel to clear it as well. When I shutdown XP, I get the following error message which also makes reference to winlogin.exe. The error message reads as follows: Winlogon.exe Application Error. The instruction at (makes reference to a memory address with numbers and letters) could not be read by the memory. Click Cancel or OK to terminate the program or select Debug program.
Any help on resolving this winlogon.exe error message within XP Pro SP2 will be appreciated.
Thank you.
George
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Everyone:
I tried the sfc /scannow and chkdsk /r, b ut, those procedures did not correct the problem. I did post the log file after running HiJack This. Hopefully, this issue can be resolved this way.
Thanks again for the suggestions. I look forwad to hearing again from everyone.
George
I tried the sfc /scannow and chkdsk /r, b ut, those procedures did not correct the problem. I did post the log file after running HiJack This. Hopefully, this issue can be resolved this way.
Thanks again for the suggestions. I look forwad to hearing again from everyone.
George
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi
Sorry for taking so long. Here is the link to the log file:
http://www.rafb.net/paste/results/B0V1sV38.html
Thank you
George
Sorry for taking so long. Here is the link to the log file:
http://www.rafb.net/paste/results/B0V1sV38.html
Thank you
George
Thanks for the log.
Download Pocket Killbox.
http://www.atribune.org/downloads/KillBox.exe
*Select the "Delete on Reboot" option.
*Select "All Files"
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:
c:\windows\system32\mstds.
c:\windows\system32\p2pnet
C:\WINDOWS\sachostx.exe
C:\WINDOWS\mservice.exe
*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
*If the computer doesn't restart, just restart manually.
Run a scan with Hijackthis and put a check next to these entries, while all browsers and other windows are closed click "Fix Checked":
R1 - HKLM\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-6
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\Run: [mstds.exe] c:\windows\system32\mstds.
O4 - HKLM\..\Run: [sachost] C:\WINDOWS\sachostx.exe
O4 - HKCU\..\Run: [Multimedia extensions] mservice.exe
O16 - DPF: {33331111-1111-1111-1111-6
O16 - DPF: {33331111-1111-1111-1111-6
O16 - DPF: {33331111-1111-1111-1111-6
Please, also download AVG anti-spyware(formerly Ewido)
http://www.ewido.net/en/download/
and save that file to your desktop. This is a 30 day trial of the program
Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run ewido and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
*Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
*Select "Automatically generate report after every scan"
*Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet.
Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.
IMPORTANT: Do not open any other windows or programs while Ewido is scanning, it may interfere with the scanning proccess:
* Launch ewido-anti-spyware by double-clicking the icon on your desktop.
* Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
* Ewido will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
* If you have any infections you will prompted, then select "Apply all actions"
* Next select the "Reports" icon at the top.
* Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file).
* Close ewido.
Download Pocket Killbox.
http://www.atribune.org/downloads/KillBox.exe
*Select the "Delete on Reboot" option.
*Select "All Files"
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:
c:\windows\system32\mstds.
c:\windows\system32\p2pnet
C:\WINDOWS\sachostx.exe
C:\WINDOWS\mservice.exe
*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
*If the computer doesn't restart, just restart manually.
Run a scan with Hijackthis and put a check next to these entries, while all browsers and other windows are closed click "Fix Checked":
R1 - HKLM\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-6
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\Run: [mstds.exe] c:\windows\system32\mstds.
O4 - HKLM\..\Run: [sachost] C:\WINDOWS\sachostx.exe
O4 - HKCU\..\Run: [Multimedia extensions] mservice.exe
O16 - DPF: {33331111-1111-1111-1111-6
O16 - DPF: {33331111-1111-1111-1111-6
O16 - DPF: {33331111-1111-1111-1111-6
Please, also download AVG anti-spyware(formerly Ewido)
http://www.ewido.net/en/download/
and save that file to your desktop. This is a 30 day trial of the program
Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run ewido and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
*Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
*Select "Automatically generate report after every scan"
*Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet.
Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.
IMPORTANT: Do not open any other windows or programs while Ewido is scanning, it may interfere with the scanning proccess:
* Launch ewido-anti-spyware by double-clicking the icon on your desktop.
* Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
* Ewido will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
* If you have any infections you will prompted, then select "Apply all actions"
* Next select the "Reports" icon at the top.
* Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file).
* Close ewido.
ASKER
Hi Everyone:
I want to take a moment and followup on the progress with this concern. Basically, infection was detected on this computer by HiJack This and Ewido. While I was able to quarantine and delete the infection through the trial version of AVG Anti-Spyware, I am still experiencing the same winlogon.exe error messages at bootup and shut down.
On a sidenote, I wanted to use System Restore, but, this feature was turned off. Any further helps with this concern will be appreciated.
Thank you.
George
I want to take a moment and followup on the progress with this concern. Basically, infection was detected on this computer by HiJack This and Ewido. While I was able to quarantine and delete the infection through the trial version of AVG Anti-Spyware, I am still experiencing the same winlogon.exe error messages at bootup and shut down.
On a sidenote, I wanted to use System Restore, but, this feature was turned off. Any further helps with this concern will be appreciated.
Thank you.
George
ASKER
Hi Everyone:
Whenever I click on Ctrl, Alt, Del, and click on the Processes tab, I do see winlogon.exe within the list taking up 856K of memory. Whenever I first open this menu, it is interesting to note this file takes up 468K of memory. The type classified for this background process is System.
The reviews regarding the winlogon.exe file are "mixed" at best. Some experts suggest this is an needed file because it manages the login and logoff protocols of Windows XP, while, some experts believe this file can sometimes become dangerously infected and can be used by hackers to obtain personal information like usernames and passwords.
I look forward to revewing any further thoughts to this post.
George
Whenever I click on Ctrl, Alt, Del, and click on the Processes tab, I do see winlogon.exe within the list taking up 856K of memory. Whenever I first open this menu, it is interesting to note this file takes up 468K of memory. The type classified for this background process is System.
The reviews regarding the winlogon.exe file are "mixed" at best. Some experts suggest this is an needed file because it manages the login and logoff protocols of Windows XP, while, some experts believe this file can sometimes become dangerously infected and can be used by hackers to obtain personal information like usernames and passwords.
I look forward to revewing any further thoughts to this post.
George
ASKER
Hi Everyone:
Just one more observation I made which I like to share. As I understand it, the winlogon.exe file should only be in the system32 folder of windows. However, when I performed a file search, I found this file to exist in other folders. Should I delete the winlogon.exe files in the other folders and leave the one with system32 intact?
George
Just one more observation I made which I like to share. As I understand it, the winlogon.exe file should only be in the system32 folder of windows. However, when I performed a file search, I found this file to exist in other folders. Should I delete the winlogon.exe files in the other folders and leave the one with system32 intact?
George
ASKER
Hi Once Again Everyone:
I did not think it necessary to mention this earlier, but, perhaps it is fruitful to bring it up. While I was able to run sfc /scannow and chkdsk /r, I was only able to carry out these procedures within Normal Mode. Whenever I tried to do it as an Administrator within Safe Mode, I continually got the following error message: Windows file protection could not initiate a scan of protected system files. The specific error code is 0x000006ba [The RPC Server is Unavailable].
I am not sure if reporting this error is of much help, but, I like to carefully go over anything which might help provide a clue to resolving the issue at hand.
George
I did not think it necessary to mention this earlier, but, perhaps it is fruitful to bring it up. While I was able to run sfc /scannow and chkdsk /r, I was only able to carry out these procedures within Normal Mode. Whenever I tried to do it as an Administrator within Safe Mode, I continually got the following error message: Windows file protection could not initiate a scan of protected system files. The specific error code is 0x000006ba [The RPC Server is Unavailable].
I am not sure if reporting this error is of much help, but, I like to carefully go over anything which might help provide a clue to resolving the issue at hand.
George
Did you also follow my suggestions above? after you've done those let us look at a new hijackthis log.
Yes the legit svchost.exe should be in the system32 folder and unless you're talking about the ones in the windows backup, otherwise anywhere else would be bad.
tell us where this svchost.exe you're talking about and we'll tell you if it's bad or not.
You need to try and clean your system from malware/viruses before you try any repair etc, or you might end up having your system unbootable or not being able to login.
Yes the legit svchost.exe should be in the system32 folder and unless you're talking about the ones in the windows backup, otherwise anywhere else would be bad.
tell us where this svchost.exe you're talking about and we'll tell you if it's bad or not.
You need to try and clean your system from malware/viruses before you try any repair etc, or you might end up having your system unbootable or not being able to login.
ASKER
Hi
The file I am referring to is winlogon.exe which is referenced within the startup and shutdown windows error message. By the way, I will go ahead and prepare to send the link to a new hijack this log file.
Thanks again for your help and followups.
George
The file I am referring to is winlogon.exe which is referenced within the startup and shutdown windows error message. By the way, I will go ahead and prepare to send the link to a new hijack this log file.
Thanks again for your help and followups.
George
ASKER
Hi
Here is the link to the new HijackThis Log File created after the cleanup. The link is
http://www.rafb.net/paste/results/zGP7qS84.html
George
Here is the link to the new HijackThis Log File created after the cleanup. The link is
http://www.rafb.net/paste/results/zGP7qS84.html
George
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi There
Thanks so much for the followup advise. Incidentally, I bookmarked the scan links given. They are handy especially when it comes to malware infection. Now, to the problem at hand.
I fixed 020 using HiJack This and renamed the file instcat.dll to test.dll, but, still having the error messages relating to winlogon.exe. Sorry about this because the suggestions you are giving are great ones. Apparently, this is going to be a tricky problem to finally resolve.
On a sidenote, I really want to thank you for helping me clean up my pc. Outside of the annoying error message upon restart and shutdown of the pc, it is running much smoother.
In closing, I look forward to reading and trying out any further suggestions you have.
George
Thanks so much for the followup advise. Incidentally, I bookmarked the scan links given. They are handy especially when it comes to malware infection. Now, to the problem at hand.
I fixed 020 using HiJack This and renamed the file instcat.dll to test.dll, but, still having the error messages relating to winlogon.exe. Sorry about this because the suggestions you are giving are great ones. Apparently, this is going to be a tricky problem to finally resolve.
On a sidenote, I really want to thank you for helping me clean up my pc. Outside of the annoying error message upon restart and shutdown of the pc, it is running much smoother.
In closing, I look forward to reading and trying out any further suggestions you have.
George
ASKER
Hi Everyone:
I am happy to report this problem is now fully resolved. I have restarted my pc both from cold and warm boots without the annoying winlogon.exe application error. While I enjoyed trying out each expert's suggestions, I must confess I got a whole lot out of rpggamergirl's recommendations. Not only did this expert solve my problem, but, this expert gave me information and resourceful tools which can be used in the future in dealing with malware. As stated earlier, I bookmarked the resourceful links supplied.
Now, regarding why the intervention strategies did not work right away may have been due to the updates (e.g. cleaning out the registry entries and memory of malware, etc.) probably had something to do with Windows XP needing to update the changes by either a cold or warm reboot. As always, I am very pleased with the results of this post.
Very good job everyone, especially rpggamergirl. I greatly appreciate your professional guidance through this rather difficult problem.
Thank you again for a job well done!!!
George
I am happy to report this problem is now fully resolved. I have restarted my pc both from cold and warm boots without the annoying winlogon.exe application error. While I enjoyed trying out each expert's suggestions, I must confess I got a whole lot out of rpggamergirl's recommendations. Not only did this expert solve my problem, but, this expert gave me information and resourceful tools which can be used in the future in dealing with malware. As stated earlier, I bookmarked the resourceful links supplied.
Now, regarding why the intervention strategies did not work right away may have been due to the updates (e.g. cleaning out the registry entries and memory of malware, etc.) probably had something to do with Windows XP needing to update the changes by either a cold or warm reboot. As always, I am very pleased with the results of this post.
Very good job everyone, especially rpggamergirl. I greatly appreciate your professional guidance through this rather difficult problem.
Thank you again for a job well done!!!
George
Hi George,
It's good to know that the problem's been resolved. And it was a pleasure assisting with you.
Thank you for the points and the excellent grade!
Happy computing!
It's good to know that the problem's been resolved. And it was a pleasure assisting with you.
Thank you for the points and the excellent grade!
Happy computing!
https://www.experts-exchange.com/questions/21238499/Winlogon-exe.html
Please Follow the acepted answer. you would be able to resolve this issue.
Any comments please get back to us.
Regards
Gopal krishna K