1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Winlogon.exe causing computer to fatal error!

Discussion in 'Virus & Other Malware Removal' started by Bolen, Aug 1, 2006.

Thread Status:
Not open for further replies.
  1. Bolen

    Bolen Thread Starter

    Joined:
    Aug 23, 2004
    Messages:
    70
    I am unaware as to what is causing this problem, but i have many concerns over how serious a problem it is. Everytime i log on to my computer the Winlogon.exe file shuts down. But my computer still continues to function normally (besides the internet running way slower then normal, and also causing the other computers on my network to do the same). However, the system stability at that point is obviously comprimised. It isnt until i pursue a more memory/graphic intensive task that my computer will have a fatal error and need to be restarted. Examples include playing World of warcraft, or having more then one browser window open at a time while surfing the internet. But it mostly occurs less then 15 minutes into a session of World of warcraft. The strange thing is, sometimes the shut down wont occur right away, but will instead seemingly happen at random times. Here is the error message:

    STOP C000021a (fatal system error)
    The windows logon process system process terminated unexpectedly with a status of Oxc0000005 (ox00000000 ox00000000)
    The system has been shut down.

    Guesses at to why this is occuring have ranged from trojans, to worms to power outages that have been plaguing our area. We did numerous virus scans, and did find a few things of interest which have all been cleaned from the system, but this is still occuring.

    I have a process log that was created using bazooka spyware scanner, but i dont know how useful that will be in this situation.
    ****************************************
    Bazooka Scanner v1.13.03
    http://www.kephyr.com/spywarescanner/
    http://www.kephyr.com/spywarescanner/library/
    [email protected]
    Log created 23:04:48.
    OS: Windows NT 5.1
    Database version: 3.220000
    Database format version: 1.020000
    Database date: 20060726
    Current date: 2006-07-31 23:04


    ****************************************
    Result when scanning:

    No threats found.
    ****************************************
    Auto start entries:
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
    C:\Program Files\CallWave\IAM.exe -start
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
    C:\Program Files\CallWave\IAM.exe -start
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Documents and Settings\james bolen\Start Menu\Programs\Startup\DESKTOP.INI
    C:\Documents and Settings\james bolen\Start Menu\Programs\Startup\DESKTOP.INI

    Go here to analyse the startup entries and the associated files:
    http://www.kephyr.com/filedb/index.php

    ****************************************
    Run entries:
    ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ATIPTA

    UpdateManager "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\UpdateManager

    dla C:\WINDOWS\system32\dla\tfswctrl.exe
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\dla

    BJCFD C:\Program Files\BroadJump\Client Foundation\CFD.exe
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\BJCFD

    VSOCheckTask "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\VSOCheckTask

    VirusScan Online c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\VirusScan Online

    mmtask "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\mmtask

    iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\iTunesHelper

    QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task

    HostManager C:\Program Files\Common Files\AOL\1130084730\ee\AOLSoftware.exe
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HostManager

    Dell Photo AIO Printer 942 "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Dell Photo AIO Printer 942

    DellMCM "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\DellMCM

    MskAgentexe C:\Program Files\McAfee\MSK\MskAgent.exe
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MskAgentexe

    McAfee Backup C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\McAfee Backup

    DellSupport "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\DellSupport

    AIM C:\Program Files\AIM\aim.exe -cnetwait.odl
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AIM

    MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MSMSGS


    Go here to analyse the run entries and the associated files:
    http://www.kephyr.com/filedb/index.php

    ****************************************
    Browser helper objects:

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} not set C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

    {089FD14D-132B-48FC-8861-0048AE113215} not set C:\Program Files\SiteAdvisor\SiteAdv.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}

    {2B449E67-92A2-415C-8B34-E0EFA4452B98} not set C:\WINDOWS\system32\ocbllsdv.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B449E67-92A2-415C-8B34-E0EFA4452B98}

    {5CA3D70E-1895-11CF-8E15-001234567890} C:\WINDOWS\system32\ocbllsdv.dll C:\WINDOWS\system32\dla\tfswshx.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}

    {AA58ED58-01DD-4d91-8333-CF10577473F7} not set c:\program files\google\googletoolbar2.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}

    {B279B0F0-560C-454B-98C4-146BB5F7692a} not set C:\WINDOWS\system32\ocbllsdv.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B279B0F0-560C-454B-98C4-146BB5F7692a}

    {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} McAfee Popup Blocker c:\program files\mcafee\mps\mcpopup.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}

    {E51E39F0-245C-4B48-B0B5-B18F7F4B753b} not set C:\WINDOWS\system32\ocbllsdv.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E51E39F0-245C-4B48-B0B5-B18F7F4B753b}

    {FC148228-87E1-4D00-AC06-58DCAA52A4D1} not set C:\WINDOWS\system32\jkhhh.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC148228-87E1-4D00-AC06-58DCAA52A4D1}


    ****************************************
    Toolbars:

    {BA52B914-B692-46c4-B683-905236F6F655} c:\progra~1\mcafee.com\vso\mcvsshl.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{BA52B914-B692-46c4-B683-905236F6F655}

    {40D41A8B-D79B-43d7-99A7-9EE0F344C385} C:\Program Files\AIM Toolbar\AIMBar.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{40D41A8B-D79B-43d7-99A7-9EE0F344C385}

    {2318C2B1-4965-11d4-9B18-009027A5CD4F} c:\program files\google\googletoolbar2.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2318C2B1-4965-11d4-9B18-009027A5CD4F}

    {821F87FF-8245-4972-9E28-732E92EC2F51} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{821F87FF-8245-4972-9E28-732E92EC2F51}\InprocServer32

    System error message: The system cannot find the file specified.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{821F87FF-8245-4972-9E28-732E92EC2F51}

    {0BF43445-2F28-4351-9252-17FE6E806AA0} C:\Program Files\SiteAdvisor\SiteAdv.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0BF43445-2F28-4351-9252-17FE6E806AA0}

    {01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\system32\browseui.dll
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

    {0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

    {2318C2B1-4965-11D4-9B18-009027A5CD4F} c:\program files\google\googletoolbar2.dll
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

    {821F87FF-8245-4972-9E28-732E92EC2F51} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{821F87FF-8245-4972-9E28-732E92EC2F51}\InprocServer32

    System error message: The system cannot find the file specified.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{821F87FF-8245-4972-9E28-732E92EC2F51}

    {4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINDOWS\system32\shdocvw.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

    {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} C:\WINDOWS\system32\Shdocvw.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}

    {21569614-B795-46B1-85F4-E737A8DC09AD} C:\WINDOWS\system32\browseui.dll
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{21569614-B795-46B1-85F4-E737A8DC09AD}

    {EFA24E61-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\system32\shdocvw.dll
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}

    {EFA24E62-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\system32\shdocvw.dll
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}


    ****************************************
    All processes:

    [System Process]
    System
    SMSS.EXE
    CSRSS.EXE
    WINLOGON.EXE
    SERVICES.EXE
    LSASS.EXE
    ati2evxx.exe
    SVCHOST.EXE
    SVCHOST.EXE
    SVCHOST.EXE
    SVCHOST.EXE
    SVCHOST.EXE
    spoolsv.exe
    EXPLORER.EXE
    AOLacsd.exe
    HWAPI.exe
    mclogsrv.exe
    tfswctrl.exe
    mcvsshld.exe
    mmtask.exe
    McVSEscn.exe
    iTunesHelper.exe
    mcagent.exe
    aolsoftware.exe
    dlbubmgr.exe
    memcard.exe
    mskagent.exe
    dlbubmon.exe
    McAfeeDataBackup.exe
    mcupdmgr.exe
    DLG.exe
    McNASvc.exe
    mcpromgr.exe
    McProxy.exe
    AOLSP Scheduler.exe
    RedirSvc.exe
    mctskshd.exe
    mcusrmgr.exe
    aolsoftware.exe
    mcvsrte.exe
    MpfSrv.exe
    msksrver.exe
    SVCHOST.EXE
    wdfmgr.exe
    mcvsftsn.exe
    msmsgs.exe
    mps.exe
    mpsevh.exe
    iPodService.exe
    McShield.exe
    ALG.EXE
    mcuimgr.exe
    firefox.exe
    spywarescanner.exe

    Go here to analyse the running processes:
    http://www.kephyr.com/filedb/index.php

    ****************************************
    Internet Explorer Settings:

    Default_Page_URL http://www.dell4me.com/myway
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

    Default_Search_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

    Local Page C:\WINDOWS\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

    Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

    Start Page http://www.dell4me.com/myway
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

    SearchAssistant http://www.google.com/ie
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

    CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

    http://
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\

    www http://
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www

    http://www.google.com/keyword/%s
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\

    provider gogl
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider

    Default_Page_URL http://www.dell4me.com/myway
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

    Local Page C:\WINDOWS\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

    Search Page http://www.google.com
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

    Start Page http://www.google.com/
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

    Use Search Asst yes
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Search Asst


    ****************************************

    I am despearte for help. i dont want to have to end up reformatting the entire thing. Please let me know if my computer can be saved. Thank you \. - Bolen
     
  2. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    you would be better posting this in the Xp forum or the hardware forum as you'll get better help!
     
  3. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/488318

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice