1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Winlogon.exe Application Error

Discussion in 'Virus & Other Malware Removal' started by Jack Young, Jan 27, 2006.

Thread Status:
Not open for further replies.
  1. Jack Young

    Jack Young Thread Starter

    Joined:
    Jul 22, 2005
    Messages:
    26
    I am working on an eMachine P4 2.6 GHz, 512MB RAM,80GB HDD, Windows XP Home Edition SP2.
    When trying to shut off the computer the following message appears:

    Winlogon.exe - Application error
    The instructions at 0x7c913c98 referenced memory at 0x53005700
    The memory could not be read.

    After clicking OK or Cancel, the computer restarts instead of shutting off.

    I am trying to determine if it is a malware problem or software. McAfee virus scan and Microsoft Antispyware scans come up with nothing. I have some experience with Hijackthis and will try to post a log file Friday. I also have a copy of Killbox. Any thoughts on the nature of this error?
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You are likely infected

    Click here to download HJTsetup.exe: http://www.thespykiller.co.uk/files/HJTSetup.exe
    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. Jack Young

    Jack Young Thread Starter

    Joined:
    Jul 22, 2005
    Messages:
    26
    Here is the HJT log:
    Logfile of HijackThis v1.99.1
    Scan saved at 9:39:25 AM, on 1/27/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\Common Files\AOL\1100837400\ee\AOLSoftware.exe
    C:\Program Files\mcafee.com\antivirus\oasclnt.exe
    C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
    C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Common
    Files\AOL\1100837400\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Common
    Files\AOL\1100837400\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
    C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
    C:\Program Files\mcafee.com\personal firewall\MPFService.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    c:\program files\common
    files\aol\1100837400\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP
    Scheduler.exe
    c:\program files\common files\aol\1100837400\ee\aolssc.exe
    C:\Documents and Settings\J\My Documents\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.emachines.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yaho
    o.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yaho
    o.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yaho
    o.com
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
    C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program
    Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
    Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program
    Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common
    Files\AOL\1100837400\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [Pure Networks Port Magic]
    "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
    O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
    O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal
    firewall\MPfTray.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
    AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
    -atboottime
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL
    Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Search -
    http://kl.bar.need2find.com/KL/menusearch.html?p=KL
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program
    Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program
    Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program
    Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
    C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
    {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
    Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -
    C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar -
    {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL
    Toolbar\toolbar.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -
    C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com -
    {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program
    Files\PartyPoker\PartyPoker.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
    C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} -
    C:\Program Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    O16 - DPF: Texas Hold'em Poker by pogo -
    http://game1.pogo.com/applet-6.3.3.27/holdem/holdem-ob-assets.cab
    O16 - DPF: Yahoo! Chat -
    http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: Yahoo! Pool 2 -
    http://download.games.yahoo.com/games/clients/y/pote_x.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
    Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
    O16 - DPF: {18CD2FD8-81CE-44C3-99E1-0822E1C7116C} (EARTPatch8X Class) -
    http://files.ea.com/downloads/rtpatch/v4/EARTP8X.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) -
    http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
    http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    O16 - DPF: {7DD82D6B-3553-470B-8D1E-D5C7086478A7}
    (QBMASSyncCom2_2005.UserControl1) -
    https://merchantaccount.quickbooks.com/sync/QBMASSyncCom2_2005.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) -
    http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
    http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
    O16 - DPF: {BDF9A7C7-F4DC-455D-B5C2-045D74788295} (AOLRegistrationWizard
    Control) - https://objects.aol.com/filebackup/AOLRegistrationWizard.cab
    O16 - DPF: {F8A9F96F-8375-4596-BD89-EEAE2781D810} (QBMASSyncCom1.UserControl1) -
    https://merchantaccount.quickbooks.com/sync/QBMASSyncCom1.cab
    O18 - Filter: text/html - (no CLSID) - (no file)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O21 - SSODL: Lockprof - {FA83F2B7-7F5C-482D-AB9E-9ACF02BEAF92} - (no file)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program
    Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc
    - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online -
    C:\Program Files\Common
    Files\AOL\1100837400\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
    O23 - Service: McAfee McShield (McShield) - McAfee Inc. -
    C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee
    Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online,
    Inc. - C:\WINDOWS\wanmpsvc.exe
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/437607

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice