Over 1 million tech questions and answers.

combofix.exe winlogin error

Q: combofix.exe winlogin error

Hi

I had a similar problem to the guy over here:
http://forums.techguy.org/malware-r...68-post-virtumonde-cryp_morphine-removal.html

I have Windows Vista Ultimate SP1 32bit if that helps.
I have 2 x 500Gb hard drives in RAID0 partitioned to a C and D drive, C being the primary Windows Drive and D being where I backup all my work etc...

Full hardware specs:
Intel Core 2 Quad Q6600 @ 3.41Ghz
2x2gb OCZ Reaper [email protected] 5-5-5-12
2x500Gb Western Digital GreenPower (More info above)
Gainward 8800GT 1Gb Golden Sample
Coolermaster Real Power Modular 800W

I followed the instructions, it all went well until I tried combofix.exe

It asked for a restart and as one of the posts said to expect this, I allowed it to happen, upon Windows restarting and the login screen appearing, I proceeded to enter my password and sat back waiting the spinning circle to do its work.

Then came the error, "Error: The handle is invalid." and a "OK" button underneath it.

So I simply tried again with same results. So then I went to hit the restart button on the bottom right hand corner, but the problem was that the button animated (glowing as I clicked it) but nothing happened.

Restarted computer and tried all the safe modes with same results.

What went wrong? How can I fix it? Oh and I can't really provide any logs as I can't log on, I am writing this thread on another computer.

I seriously need to access my work and everything on it. The best scenario is that I am able to view C Drive and copy everything from that to my portable hard drive.

Things I have thought about doing tomorow as I need to desperately finish a report tonight for tomorow:

PLAN A: As according to this site (http://www.pctoday.com/Editorial/ar...10.asp&articleid=48991&WordList=&bJumpTo=True) , try to repair Windows.
PLAN B:Try to get myself a Windows Password Reset Disk .iso as i never thought of making one myself and I do not have access to any other Vista machines. Might not work though.
PLAN C: Contact Acronis Support as I have Acronis True Image 11 and one of the features is to restore computer even if Windows doesn't work. This is 2nd priority as I haven't backed up all my latest work and stuff.
LAST RESORT: Reinstall Windows and lose all my work. I have another question, If i reinstall Windows, will it wipe both partitions (C primary & D backup) or will it just delete everything on C and leave D alone?

It seems I will learn a valuable lesson the hard way through this mistake.

THANK YOU.

PS: I had a hard time deciding which forum to post this in. Hope i got it right.

EDIT: Just reread the other thread and it said save directly to desktop, at the time of reading, I assumed that it meant desktop = computer as in don't install it to network, but now that I think about it, did it mean save to desktop as in desktop home page windows thing? Because if it does, I didn't do that step right!

RELEVANCY SCORE 200
Preferred Solution: combofix.exe winlogin error

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: combofix.exe winlogin error

Ok, Hi everyone again.

Today I tried to fix this and I fixed it. Can someone tell me how to find 'Last Known Good Configuration' as the first few times I got the boot menu I didn't get that option, and how do I get the boot menu without hitting the physical reset switch when the computer is on? Thanks

Oh and I can't enter my Combofix log as it is too large...

Read other 1 answers
RELEVANCY SCORE 54.8

Hi I get a win login error using windows 2000 and the system reboots. I tried to do a fix of the windows installation using the repair option on the windows 2000 disk but the error is still there and I cant get onto the computer at all.

Help Please
 

Read other answers
RELEVANCY SCORE 54.8

Hi can anyone help me with this problem I'm having. I have windows 2000 and everytime I'm on the computer for awhile a winlogin.exe error popsup and said it generate an error than it just restarts by itself. I try running my norton virus scan to see if its a virus but it doesn't detected it.
 

A:winlogin.exe error

this is my:

Logfile of HijackThis v1.99.0
Scan saved at 12:58:57 AM, on 12/18/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\CTSVCCDA.EXE
C:\WINNT\system32\DRIVERS\dcfssvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
D:\norton\NORTON~2\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\SUPERVOC\PROGRAM\PICPMON.EXE
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
D:\norton\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Lexmark X1100 Series\lx... Read more

Read other 3 answers
RELEVANCY SCORE 54.8

Hi last night my desktop PC would not boot up correctly. I could boot up and log in using safe mode, But if I booted it up normally it would reach the xp log in screen then it would display a winlogon error. Which is followed by a second error and then crash. Once the pc crashes it then starts booting up again, but it gets stuck in a loop every time it gets to the windows xp loading screen with the scrolling bar it crashes again and starts booting up again. Can anyone tell why its doing this? And how can I resolve this issue?

A:winlogin error

I'm not sure this a a BSOD event or not, but verify auto-reboot is OFF;

In Safe Mode -

1.Right-click My Computer, and then click Properties.

2.Click the Advanced tab.

3.Under Startup and Recovery, click Settings to open the Startup and Recovery dialog box.

4.Clear the Automatically restart check box, and click OK the necessary number of times to back out.

5.Restart your computer for the settings to take effect.

Then when it crashes again write down the error code (from the Blue screen) to post here then hopefully someone can tell you what it means.

Read other 5 answers
RELEVANCY SCORE 54.4

cannot find it in c:documents and settings/adminstator/winlogin

A:winlogin.exe error at startup

You may be infected. Go to the Security Forum - Am I infected? What do I do? Start new topic.

Read other 2 answers
RELEVANCY SCORE 54.4

i have when i start up a computer a winlogin.exe error. winlogin.exe \Device\Harddisk1\DR1 error it is driving me insane it pops up when i start the computer. i have tried a lot of things to resolve this problem like stopping and starting services. yes it makes it go away for a lil put it comes back eventually. also i tried loading in a thumb drive and changing the drive letter in disk management when i put the thumb drive in and click continue on the error it stops any suggestions on how to get this fix?

A:winlogin.exe error in Windows 7

Post EAXCT error, you're getting.
Is the computer operable at all?

Read other 5 answers
RELEVANCY SCORE 53.6

hello, I have this trojan file on my computer called a3dxq.dll and I can't seem to get rid of it. I also have something called "DRive Cleaner" that is a real annoyance that I can't seem to fix also. When I go to my source folder for the "A3dxq.dll" in my sytems32 folder it will not let me erase or rename it. It says that anouther program is using it. anyone got any suggestions??? here is my hijack this log.

Logfile of HijackThis v1.99.1
Scan saved at 5:58:17 PM, on 4/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WIND... Read more

A:winlogin/system32/a3dxq.dll error

I have had this anoying pop up called drive cleaner for the last week wanting me to buy this software. I have scaned manytimes with AVG, AD-aware and spybot and cant seem to get rid of it. Can someone please help me. here is my hijack log. Thanx.

Logfile of HijackThis v1.99.1
Scan saved at 3:22:19 PM, on 4/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Larson\Desktop\Hijack This\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: Acro... Read more

Read other 2 answers
RELEVANCY SCORE 53.2

when i start my laptop when it says "welcome" i get :

Winlogin.exe - application error
the instruction at 0x071d4ag reference memory at 0x017270000 , the memory could not be read, ive tryed clicking Ok (to terminate )and cancel (debug) but then i get blue screen then this is what it says:

technical info:
*** stop: 0x00000008e ( 0xc0000005 , 0xbf80ef240 , 0x0aafbf240 , 0x00000000 )
***win32k.sys - adress bf80ef13 base at bf800000, datestamp 49900fc9

Begguining dump of physical memory,
Ive tryed all boot modes:

Debugging mode = blue screen
start windows normally = winlogin.exe error
all the safe modes = winlogin.exe error
start windows with last known configuration = winlogin.exe error
start boot logging = winlogin.exe error
vsa mode = blue screen

help and support says error "system service not running"

boot modes change 0x017270000 in winlogin.exe error change to 0x0155d4ag

OS = microsoft (R) windows xp (R) (build 2600.xpsp_sp3_gdr.080814-1236-SP3)

tryed windows update but doesnt run
system restore = blue screen

What the hecks going on :(

A:major problem - winlogin.exe application error

ive tryed booting using winxp disc and reinstall/repair windows but not it says theres no bootmanager file..

Read other 1 answers
RELEVANCY SCORE 53.2

When I turn on my computer and get to the windows login. Sometimes I get that winlogin error saying stuff like "0x01349b2f" reference memory at "0x01349b2f" memory can not be read.

Whether I get that message or not it take a little while to log in. And once it does, it only load my desktop wallpaper nothing else. I press alt control delete to try to load explorer.exe myself. but that wont load either. I've tried waiting half an hour, and nothing happens.

Before this started happening. I use to log into my account, and the desktop bar, and desktop icons use to freeze when I first loged in. I would have to shut down explorer.exe and restart it to work on my computer like normal. But not explorer.exe doesn't seem to be loading alot with everything besides my desktop background.

Although I can log into safe mode perfectly fine without any problems. I've ran virus scans in it. And nothing showed up. I've also system restored it to over 2 weeks ago. Still nothing changed.

Please help. =]

A:Winlogin Error/Doesn't load on login.

Have you tried SFC /SCANNOW?

Read other 2 answers
RELEVANCY SCORE 53.2

Sirs

I feel my computer has been attacked by a svchost.exe virus because

whenever I log on the system I get a message saying that 'The following

command was not found: firewall set allowedprogram %systemroot%\sy
stem32\scvhost.exe enable.' in a window and also I am unable to

connect to most of the anti-virus companies sites like symantec,macfee

etc.

I have tried various methods for removing that virus but to no avail. And

also whenever I shut down the system a winlog.exe message window

appears saying that there is some information missing at some particular

address location of the memory and when I click the OK button the

system reboots again.Only on the second attempt does the system shut

down.

The system is running on Windows 2000 professional SP 4.0. I have tried

anti-virus scans,registry clearners, unnecessary files cleaners but could

not fix the problem.

Is there any way out or the only way of formatting the C: drive of its

operating system left? I am attaching the error messages in image format

alongwith this message for your convenience.

Looking forward to your replies.

Thanking You

S.Dheeraj`

Read other answers
RELEVANCY SCORE 52.4

Hi I have windows XP on an HP pavilion a430n not sure if I have service pack 2 or 3 but think it's 2

when I bootup I receive the error message for
"NetDDE Agent winlogin.exe

The exception Breakpoint
A breakpoint has been reached 0 x 80000003
occurred in the application at location 0x5ad71010
click OK to terminate or cancel to delete." I think it's "delete" - my not taking broke down

no matter what I click on within the error message the computer wants to reboot.
I stopped the auto reboot and received this error message when I clicked "OK" on the "NetDDE Agent winlogin.exe" error message:

"STOP: c000021a {fatal system error}
The WindowsLoginProcess system terminated unexpectedly with a status of
0 x 80000003 (0x00000000 0x00000000)
The system has been shut down"

If I ignore the error message I can work on the computer just fine.
I ran Kaspersky, Malwarebytes and spybot and found nothing.

Is there a way to correct this?
Is it possible to correct by rebooting and setting the system back (not sure of the terminology) say three weeks when I did not have this error?

Thank you!

A:error: Exception Breakpoint NetDDE Agent winlogin.exe

Hello Ruth -To to a System Restore go - Start > Programs > Accessories > System Tools > System Restore -Click Next and see if you have a date highlighted prior to your problem - This may or may not solve the problem, so please post back with the results -Thank You - EDIT - Details = NetDDE is basically Network Data Exchange DDE across a network is simple to set up. It uses NetBIOS and since this can be run over TCP/IP, NetDDE can use the Internet. Given a fast connection, network DDE is if anything faster than between two programs on one machine, because the server and client can process in parallel.

Read other 46 answers
RELEVANCY SCORE 52

Hello to who will help me.
2 days ago i got this annoying problem
explorer keeps on shutting down and restarting every 14 seconds or so. all icons disapear then come back again and again and again, but the background still is there. I now shut down explorer through task manager and open things up through it as well. the internet is fine, apps run fine, just explorer doesen't.
in event viewer I get hundreds of errors all saying the same thing about "winlogon" at the same interval (14 seconds)
I have found a couple of similar threads here but not quite enough to help

in "event viewer\application" I keep getting this warning

Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1002
Date: 28-Apr-2008
Time: 11:30:12 PM
User: N/A
Computer: UPSTAIRS
Description:
The shell stopped unexpectedly and Explorer.exe was restarted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


My HJT file is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:43 PM, on 28-Apr-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
... Read more

A:Solved: desktop. explorer turns on off every 14 seconds . winlogin error

fixed it, I had to reformat computer seem as I couldn't get answer from anywhere
cheers to all those that looked
 

Read other 1 answers
RELEVANCY SCORE 47.6

I want to run combofix cause i went to a website and possible clicked on something i should not i beleive i may have a back door trojan

The error i am getting is

Windows cannot find "NircmdB.exe". make sure you typed the name correctly, and then try again.

I tried renaming to cf.exe no luck i even try using SDFix in safemode no luck when i click on runthis bat file cmd start then close so i dont know what is going on..

In the past i had vista and abale to run combofix and get rid of any virus i had . Now with window 7 i am getting this error above

Any help to run combofix would really appreciate. All i want ot do is run combofix on window 7

thanks

A:Combofix will not run on window 7 full retail version, combofix will not run error

Please note the message text in blue at the top of this forum. You should not be using Combofix unless instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Combofix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer. That's the decision by the creator and we will abide by that decision.Further ComboFix does not officially support Windows 7 and SDFix only works on Windows XP.Please download Malwarebytes Anti-Malware (v1.40) and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-Malware... Read more

Read other 3 answers
RELEVANCY SCORE 42.4

Computer keeps crashing. Please someone look though this and tell me if something here is causing it. I get a winlogin.exe error most of the time. Thanks


Logfile of HijackThis v1.99.1
Scan saved at 2:22:35 PM, on 12/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Garmin\gStart.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\YTBSDK.exe
C:\Program Files\Google\GoogleToolbarNotifie... Read more

A:winlogin.exe help

Hello and welcome to TSF.

Right click on HijackThis.exe on your desktop . From the menu that appears, click on Rename. Change the name to "Show.exe". If it simply says "HijackThis" for the file inside the folder, change it to "Show". Then, right click on an empty space on the desktop. On the menu go to New>Folder to create a folder. Name the folder "HijackThis". Now, drag and drop Show/show.exe into the new folder so that it can function properly.
I don't know if a reboot will be needed. Probably not, but If it prompts you to reboot, please do so.

Open the HijackThis folder and click on Show.exe to scan, and post the new log please.

Read other 15 answers
RELEVANCY SCORE 42.4

I've just installed XP home on the laptop and it seems there is no winlogin.exe in system 32. Is that usual ?

Joe
 

A:No Winlogin.exe

Read other 8 answers
RELEVANCY SCORE 42.4

Hi there, I found this forum by chance while researching help with this virus. I've gone through every method I can think of, and can't seem to be rid of this problem. I've tried several scanners, fixes, etc. I just can't seem to rid myself of this problem. I hope I'm not breaking any rules, and I'll gladly present any necessary information. Thank you very much.

A:Winlogin.exe Help

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 41.6

I noticed these processes running with no description. I cannot stop them.

csrss.exe
winlogin.exe
atieclxx.exe
I know that these can be legitimate processes, but it seems that they can also be trojans too. How do I know if they are legit?

I am running Vista Home SP2.

Please let me know what I can do to figure this question out.

Thanks for any help.

A:winlogin.exe and csrss.exe

It all depends on those files locations>I assume, you meant winlogon.exe, not winlogin.exe?Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspxUnzip ProcessExplorer.zip, and double click on procexp.exe to run the program.Click on View > Select Colunms.In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.Go File>Save As, and save the report as Procexp.txt.Attach the file to your next reply.

Read other 5 answers
RELEVANCY SCORE 41.6

Hi, must have opened a wrong file. I got a popup box from McAfee asking if I wanted to let win96.exe connect to internet. I said no. But then had the program appearing in the task manager. Did a virus scan and it seemed to disapear. But there was WINLOGIN.EXE in the task manager. I monitor what programs I have running in there quite often, and that one is new. I also get different popups at random times and my internet explorer startup opens on different pages. If you could please help I would much appreciate it. Also my cpu usage reads 99-100% all the time. ThanksLogfile of HijackThis v1.99.1Scan saved at 10:02:59 AM, on 6/13/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\spoolsv.exeC:\ProgramFiles\MATLAB6p5\webserver\bin\win32\matlabserver.exeC:\Program Files\Network Associates\Common Framewor... Read more

A:Winlogin.exe Trojan

Hi there and welcome to Bleeping Computer !As you may have noticed already, the forums are very busy at the moment and i have noticed your log has gone unanswered so far!We look at the oldest logs first, and we were wondering that if you still need help, please start by posting a new HijackThis log in this topic and i will then be able to take a look!Thanks very much David

Read other 6 answers
RELEVANCY SCORE 41.6

Hi evrybody i have a problem with cpu and winlogin.exe. First of all i don't know what is winlogin.exe and what it supposed to do, please tell me what it is. And i assume because of multiple winlogin.exe my cpu is 100%. Please help me.

A:Cpu 100% & multiple winlogin.exe

Welcome
With a winlogin problem, may I suggest that you run a full anti virus scan. Download and run a full and updated scan with malwarebyes. Winlogin, although a normal process, for log in, is often a hiding palce for virus.

Click on the cpu heading, so that the most heavy users of cpu are on top. I want to take a look.

Read other 4 answers
RELEVANCY SCORE 41.6

pwr. up on windows xp I get message "windows cannot find 'winlogin.exe.'
make sure you typed the name correctly, and then try again etc.
I click OK and then it works fine. This started about six months ago.
 

A:can't find 'winlogin.exe.'

ALICE3 said:

pwr. up on windows xp I get message "windows cannot find 'winlogin.exe.'
make sure you typed the name correctly, and then try again etc.
I click OK and then it works fine. This started about six months ago.Click to expand...
smells like you had a virus.

Check this out:

http://www.dougknox.com/xp/utils/xp_winlogin_remove.htm
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RPCSDBOT.A&VSect=T

seems to be many variants of it......do a search on Google too.

Pileyrei
 

Read other 2 answers
RELEVANCY SCORE 41.6

Clients PC ramps up to 100% CPU usage after about 3 min's .. Also had the Magicantispy software which I have removed.

I can not launch taskmng.exe or install any other tools like Adaware, they are restricted by my administrator [email protected]



Logfile of HijackThis v1.99.1
Scan saved at 6:39:04 AM, on 11/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJTS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R1 - HKLM\Software\Microsoft\In... Read more

A:WinLogin.exe 100% CPU usage / and others

The first thing you need to do is to get some form of virus protection,such as :


http://free.grisoft.com/doc/2/


After that has been installed......

Please go HERE and carry out the instructions that are posted.Thankyou..

Read other 1 answers
RELEVANCY SCORE 41.6

Hey guys, just wondering if i can get some help and some recommended programs to remove the winlogin.exe virus. im not sure where i got it. i have prevx trial and it has found them in the scan but i can get rid of them without buying the full program which i cant afford. is there any free services out there that can help?
 

A:winlogin.exe virus

closed as your problem isn't a virus but due to update problems
beinmg helped here
http://forums.techguy.org/windows-7/1011776-unable-update-windows-7-sp.html
 

Read other 1 answers
RELEVANCY SCORE 41.6

COntinuation from this thread:
Login problem

No minidump was created, but a check in the event log gave me this.


Code:
Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0

Problem signature:
P1: winlogon.exe
P2: 6.1.7600.16447
P3: 4ae7b522
P4: UxTheme.dll
P5: 6.1.7600.16385
P6: 4a5be093
P7: c0000005
P8: 0000000000019a57
P9:
P10:

Attached files:

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_winlogon.exe_54b66a09f146b42776ef59360cb3bdd561e167_08f8867d

Analysis symbol:
Rechecking for solution: 0
Report Id: bb821fce-666c-11df-84df-000a94022733
Report Status: 6
I'm really lost.

Thanks for your time.

A:Winlogin.exe, FM UXTheme.dll

  
Quote: Originally Posted by Uber Philf


COntinuation from this thread:
Login problem

No minidump was created, but a check in the event log gave me this.


Code:
Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0

Problem signature:
P1: winlogon.exe
P2: 6.1.7600.16447
P3: 4ae7b522
P4: UxTheme.dll
P5: 6.1.7600.16385
P6: 4a5be093
P7: c0000005
P8: 0000000000019a57
P9:
P10:

Attached files:

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_winlogon.exe_54b66a09f146b42776ef59360cb3bdd561e167_08f8867d

Analysis symbol:
Rechecking for solution: 0
Report Id: bb821fce-666c-11df-84df-000a94022733
Report Status: 6
I'm really lost.

Thanks for your time.



Zen

We need the event ID and source codes from event viewer.
Let us know if you need help

Ken

Read other 2 answers
RELEVANCY SCORE 41.6

I recently got infected by some unknown virus which upon startup, it pops up saying NET Framework not installed or some error, i checked my task manager and it points to winlogin.exe and some other. I ran combofix but the same thing keeps happening. This is all i know.Here's combofix'es logComboFix 10-07-04.02 - 105712 05/07/2010 11:23:37.1.4 - x86Microsoft Windows 7 Enterprise 6.1.7600.0.1252.65.1033.18.1909.950 [GMT 8:00]Running from: c:\users\105712\Desktop\ComboFix.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\program files\Cheat Engine\dbk32.sysc:\programdata\Microsoft\Network\Downloader\qmgr0.datc:\programdata\Microsoft\Network\Downloader\qmgr1.datc:\users\105712\AppData\Roaming\afbm8660WQ.exec:\users\105712\AppData\Roaming\bhni1349XR.exec:\users\105712\AppData\Roaming\BITSc:\users\105712\AppData\Roaming\BITS\BITS.inic:\users\105712\AppData\Roaming\BITS\DHTTable.datc:\users\105712\AppData\Roaming\BITS\ProxyList.inic:\users\105712\AppData\Roaming\BITS\UPnP.inic:\users\105712\AppData\Roaming\FlashGetBHOc:\users\105712\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dllc... Read more

A:Winlogin Virus?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 11 answers
RELEVANCY SCORE 41.6

Hello all. I am new here. I have a Ibm thinkpad with Xp pro and SP1. One day I turned on the computer and notice a really bad lag. I finally openned Task Manager and noticed Winlogin.exe is using 99% of my resources. Any thoughts on how to fix this?

Thanks,

Chris
 

A:Winlogin.exe is hanging

Hello and welcome to Techspot.

Your computer is infected.

First go and have your computer scanned by the Trend Houscall online scanner

Then, go and read both these threads by RBS. Follow all the instructions exactly.

How to remove Trojans and its ilk! and How to remove Begin2search / coolwebsearch and other nasties.

Then see How to post your Hijackthis log-file as an ATTACHMENT.

Regards Howard :wave: :wave:
 

Read other 3 answers
RELEVANCY SCORE 41.2

My PC locks up completely when I drag files from my HD to my external HD. The progress bar slows, stops, and that's that. Can't even shut down. Ran ComboFix, said Explorer.exe and winlogin.exe were infected, but failed to correct. Any help is appreciated! My AVP is Kaspersky.
 

A:Infected explorer.exe and Winlogin.exe

Please post the ComboFix log

NEXT

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.

Disable any script blocking protection
Double click dds to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.
NEXT
Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.

Double click the exe file.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.
Click the image to enlarge it

In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
 

Read other 1 answers
RELEVANCY SCORE 41.2

WINLOGIN

Sorry please ignore the one about WinLogin....I misread it sorry my only problem is about the fool0.dll
======================================================

fool0.dll

My avast keeps detecting this trojan and I keep on deleting it but it comes after I restart my computer. I cant seem to remove. Before it detects fool0.dll, it detects another dll forgot what it is...its starts with an "e"

Read other answers
RELEVANCY SCORE 41.2

I decided to ask here on this forum, hoping someone had the information I was looking for in regards to AVAST finding a virus in the WinLogin.exe.

I'm not quite sure what method to take I know that AVAST can take care of it using some automatic method but I don't want AVAST to take care of it only to find that my Windows7 doesn't boot here, is the information:

Location : O:\Windows\System32\install\winlogin.exe
Type: Win32:Malware-gen
Virus/Worm

A:WinLogin Virus - What approach ?

Quote:
WinLogon Virus - What approach ?


honestly......go to a specialist malware removal forum
malwarebytes
bleepingcomputer
MajorGeeks

for an extensive list of such forums see post 10 of this thread

Read other 2 answers
RELEVANCY SCORE 41.2

Hello, I have problem of popus .

Logfile of HijackThis v1.99.1
Scan saved at 12:57:50, on 20/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Documents and Settings\user\Desktop\hijackthis\HijackThis.exe

O4 -... Read more

A:Winlogin Notify Spyware

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download Look2Me-Destroyer.exe to your desktop.Close all windows before continuing.Double-click Look2Me-Destroyer.exe to run it.Put a check next to Run this program as a task.You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OKWhen Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.Once it's done scanning, click the Remove L2M button.You will receive a Done Scanning message, click OK.When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.Your computer will then shutdown.Turn your computer back on.Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.If you receive a message from your firewall about this program accessing the internet please allow it.If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

Read other 4 answers
RELEVANCY SCORE 41.2

my computer was infected with the worm and now my computer will not boot and load my windows xp professional edition. When I turn my computer on, it appears to be running normally, then right before it normally shows the windows logon screen, it "trips" over itself and restarts the boot process. I've tried booting it in safe mode, no luck. I've tried using the 6 floppy disk windows setup approach from microsoft, no luck. I think it might have something to do with winlogin.exe and not winlogon.exe. Is there any way to fix this without actually being in windows? PLEASE SOMEONE HELP! This is driving me crazy.
THANKS!
 

A:winlogin.exe vs. winlogon.exe (big problem)

Read other 6 answers
RELEVANCY SCORE 41.2

Right i have had this annoying problem everytime i restart my pc.
I get a BSOD and an error telling me that winlogon.exe did NOT load. So i have to turn my pc off wait and then restart it.

I got Hijackthis. Here is the log.

Logfile of HijackThis v1.99.1
Scan saved at 21:24:34, on 02/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThreadMaster\ThreadMast.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\wuauclt.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\... Read more

Read other answers
RELEVANCY SCORE 41.2

Ok it's kinda complicated to explain so I will do my best.

My computer has been sending out mass emails for about a week now, I only know this because norton pops up all over the place telling me that its scanning emails, sometimes it stops for a while and sometimes it's sending them nonstop. I've ran a dozen virus scans with a dozen different scanners, includeing a registered norton antivurus.

The only hint I'm going on after all this time now is a program called TCPView that I downloaded and ran that shows winlogon.exe all over the place all different ports when emails start going out. The worm(guessing its a worm) is useing its own SMTP because I don't have one setup on my computer.

A friend of mine that works in tech. support has been over doing alot to the computer also but he can't figure it out, he was useing hijack this I've never used it, but gonna load it real quick and put a copy of the log into here, since I see you guys always asking for a copy of a log. the computer is not currently sending out emails thou. Also this TCPView program never shows Winlogin.exe unless emails are going out. I'll give you a copy of the TCPView looking normal first, then a copy of it when emails are going out, and then a log of hijackthis

[System Process]:0 TCP abd-60d9dc4a92c:1076 localhost:1029 TIME_WAIT
[System Process]:0 TCP abd-60d9dc4a92c:1077 localhost:1029 TIME_WAIT
[System Process]:0 TCP abd-60d9dc4a92c:1078 localhost:1029 TIME_WA... Read more

A:Mass Emails being sent from winlogin.exe

Logfile of HijackThis v1.99.1
Scan saved at 6:27:26 PM, on 12/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Intel\BootStrap Agent\Bsa.exe
C:\Program Files\Intel\LDCM\bin\IIDS.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Intel\DMI\BIN\WIN32SL.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Mi... Read more

Read other 2 answers
RELEVANCY SCORE 41.2

"Windows cannot find winlogin.exe".......it pops up every time I boot up. I just click 'ok' and it goes away. I think it is a leftover bug from the blaster worm. Everything else is running smoothly but the box is a nuisance. And idea how to get rid of it?
 

A:winlogin.exe popup at startup

Read other 16 answers
RELEVANCY SCORE 40.8

Hey There,

I am having some issues with Win XP on a Dell. Customer had tons of Spyware/adware on the PC and we removed most of it successfully, it would seem. Now, however, when we run hijackthis we see a mark for winlogin.exe and when we try and remove it, it won't get rid of the junk. It says it can't delete the file. I have done a little research on this file and it's variants but have yet to get through it. I have looked for modified reg entries and most don't show up as others have reported. I noticed that the rundll32 file was running under the user profile as well. Also, if I try and go to windows updates I was able to update the system as far as the new validation tool and whenever I try and validate the machine, Internet explorer will crash and when we do the error report, microsoft reports that it could be an add-in. I disabled all the add-ins and it still crashes. I suspect this crashing at the same point everytime is some sort of spyware that is preventing microsoft from running its process. Anyway, here is my hijackthis log, let me know if you see anything suspicious otherwise.

Logfile of HijackThis v1.99.1
Scan saved at 3:27:32 PM, on 8/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe... Read more

A:winlogin.exe as well as browser crash in winxp

Read other 10 answers
RELEVANCY SCORE 40.8

I have a friend who has what appears to be a virus. Originally he had one of those hijack programs that would not let him do anything unless he bought their "antivirus" program to clean his computer. I was able to get rid of that problem, but then got hit with a redircter problem that I had more trouble with. In the process of getting that under control I enlisted the help of another site, but the help kind of died off. I did run several tests, one of them being combofix. It came back withc:\windows\system32\winlogon.exe . . . is infected!!c:\windows\explorer.exe . . . is infected!!I was asked to go to the MS site and download SP3 for XP, which I did. Here is my last message regarding the problem....Tried to download from the webpage and get the download window popup, but it never actually starts the download. Just sits there with the animation of the file going from the spinning globe to the folder, but never downloads. I have left that open for an hour and download progress is still 0%. OK, went back to my place and downloaded the file onto my stick and took it back to the suspect puter. When I tried to install SP3, I get a message "The volume for a file has been externally altered such that the opened file is no longer valid", and I can not copy it over. If I take that same stick back to my computer it copies over just fine....The last suggestion I received was to reformat...Is that all that is left to do t... Read more

A:Winlogin/explorer files infected

Hi ArcticPrince.In the process of getting that under control I enlisted the help of another site, but the help kind of died off.Could we have a link to that topic so that our team will have a history of what was tried?are there still some roads untraveled?Maybe. Do you have a Windows XP disk available?

Read other 1 answers
RELEVANCY SCORE 40.8

HI, I have a dell inspiron 1100 laptop and recently it started to refuse to boot to the home screen. I start the computer and it gets all the way to starting the home screen and then comes up with the error message 'winlogin.exe could not be found' shwapldll or something.
I've searched online and can't find any situation similar to mine. Most suggest installing an anti malaware software but I can't get into the computer. Ive tried booting it in safe mode, safe mode with networking, last known good config but it always comes up with the same message and as soon as I click ok on the message the computer automatically reboots itself.

Any help would be much appreciated.
 

Read other answers
RELEVANCY SCORE 40.8

Hitman Pro Removed My WinLogin and Explorer.When I saw that, I was wondering whether it was a good idea.Without WinLogin and without explorer, how does one login?And my suspicion was right. My PC kept rebooting, on and on.I don't know XP internal enough to recover from that problem myself and ended up having to reinstall.It's like throwing the baby out with the bath water. Bad idea! Don't trust the amateurs.Edit: Moved topic from XP to the more appropriate forum. ~ Animal

A:Hitman Pro Removed My WinLogin and Explorer

I would take it you posted this as a warning to others not to put the power of your computer in the hands of another person you don't know, which is the case with programs that make changes to your computer, you just never know what could go wrong in cases like this.

Its is always best to make full back ups of your hard drives, those always seem to get you of any jam.

Bruce.

Read other 4 answers
RELEVANCY SCORE 40.8

Ok, so I was able to follow other people's posts to remove winlogin.exe, using the KillBox. Then somehow it was replaced by something called "Network Security Guard," which kept on creating files with random number and letter strings for filenames in the /system32 folder. So I used the KillBox again to get rid of those files. Before, Norton Internet Security kept on alerting that a randomly named file in the /system32 folder was trying to access the internet; now that problem is fixed.

Trouble is, in the course of fixing that problem I think I created another one. Internet Explorer has trouble loading certain websites (e.g. hotmail.com, windowsupdate.microsoft.com, etc.) However, I am able to use Netscape to read these sites, so I know that it's not a problem with their server.

When I try to access hotmail in IE, it redirects me to the loginnet.passport.... etc (long string of characters) URL and then just stops loading. No "Page cannot be displayed" message, nothing -- just a blank page. Usually the URL switches from "http://hotmail.com/" to "http://loginnet.passport...lang=EN" and finally to "http://login.passport.net/uilogin.srf?id=2". But now it's just stopping at the second URL.

I thought it might have something to do with the nameserver, so I put in two addresses into the the TCPIP parameters using regedit. You can see this in the bottom three lines of the HJT log. But this hasn't seemed to help ..... Read more

A:Winlogin.exe removal caused IE prob - HJT log

First download CWshredder from http://www.thespykiller.co.uk then Run it
Close all browser windows, click on the cwshredder.exe then click "FIX" (Not "Scan only") and let it do it's thing.
then post back with a new HJT log
 

Read other 2 answers
RELEVANCY SCORE 40.8

ok.

i was infected with the msblaster worm making the rounds, and i thought i had that cleared up.

then, i was unable to run regedit, msconfig, or task manager for more than a second before the windows would close.

i posted this problem, and was given some advice, and now have access to regedit, msconfig, and task manager again.

however, i was unable to delete what i was told is the problem file: winlogin.exe

booting into safe mode, i searched and found the file, which i deleted to the recycle bin. emptying the recycle bin, the file promptly reappears in its original location.

i try deleting it from the registry, and again it looks good, but the entry reappears seconds later.

below is posted my log file from hijackthis.

i have also included a start up list, generated about the same time, in case any helpful information can be gleaned from that.

there appears to be an entry in the system.ini file explaining the problem, but being technologically inept, i am unable to help myself, and am looking for some more advice.

please help.

thanks very much for your time and consideration.

-----------------------------------------

Logfile of HijackThis v1.96.0
Scan saved at 5:03:04 AM, on 8/14/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Syst... Read more

A:[Resolved] winlogIN.exe as opposed to winlogON.exe

Read other 14 answers
RELEVANCY SCORE 40.8

Everytime i try to log off and shut down my pc i get a blue screen with a error message about winlogin exe.
The system then re-boots and i get a error messege appear on my desktop saying win login exe encountered a problem and needed to close?

i have run spy sweeper, macafee and regrepair programmes and they cant find anything can anyone advise?

A:Winlogin Exe Preventing system shutdown

Double post....

Read other 1 answers
RELEVANCY SCORE 40.4

I am in a bit of a crunch, I have been referred to this company that I am setting up a wireless network for from a friend. I am the new it guy here and I screwed up 2nd day on job. It seems that I have changed a setting in the regrisrty (that I have done time and time again. But tyhis time I can not access my two computers. One is the bosses and the other is her next in line employee. regedit, all usere, software, micrisift, windows, winlogin. Does anyone know how to get back in,
How do I access default admin?

A:I changed a 1 to a 0 winlogin floder in regrisrty xp home

Hi rprzybylow,If you are requesting how to get admin rights look here regards,chameleon437

Read other 1 answers
RELEVANCY SCORE 40.4

My wife's computer is infected by virus and malware.

Problems:
can't run AVG anti-virus;

can't install any anti-virus or anti-mayware software; even run as administrator

only IE and firefox can visit online, chrome can't; but machine has IP address and can ping google.com

in the task manager, csrss.exe winlogin.exe and rundll32.exe have no user name. I guess they are infected.

system restore has the same effect.
-----------------

I guess some backdoor virus stayed at the computer, Can you help me to remove them. Thank you very much.

A:vista infected csrss.exe winlogin.exe and rundll32.exe

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined below. Use a USB flash drive to download and transfer the tools to the affected machine, if necessary. You might like to run the Flash_Disinfector.exe on the clean machine and the flash drive first to protect against any possible transfer of infection via USB.


NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 40.4

When I turn on this computer there is no desktop, no icons, no taskbar, etc. All that comes up is the background picture. I can use ctl+alt+del to open the task manager and get the cmd prompt running. I can get the programs running using the cmd prompt but I cannot use explorer to open folders, files or programs that way. Your help is greatly appreciated.


 ark.txt   5.75KB
  3 downloadsHere is the requested information:
dds.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by teacher at 9:09:32 on 2012-07-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.246 [GMT -6:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\... Read more

A:TR/Patched.gen virus affecting winlogin.exe and explorer.exe

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/459088 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 6 answers
RELEVANCY SCORE 40.4

Hello, I do hope someone can find a good fix for this because I am at a lost as to what to do. This morning I woke up to find that try as I might, my computer would not turn on. It would go through the normal start up but suddenly stop sending any video signals. After a while I decided to try a factory restore. It almost worked fine the first time but once it began 'expanding files' during the installation the computer suddenly restarted.

Now when I try to factory restore it can not find my hard drive in the select drivers to install list.
When trying to start it up normally the computer shows the normal 'Unable to detect Boots Disk' error as well sometimes one claiming the winlogin is missing.
Any ideas?
 

Read other answers
RELEVANCY SCORE 40.4

This is the first time in a while I have had trouble removing something from someones computer. I've used several different programs to try and detect it but they come up with nothing. I've used Ewido, AVG and trojan hunter. I have to run trojan hunter again because it found some .dll attatched it an exe called lhp.exe I think but the scan got cut off. It wasn't the same .dll causing problems with the winlogin. I have deleted the file but it comes back with a different name. It also changes its name every time windows is restarted. I will highlight it in bold.

Logfile of HijackThis v1.99.1
Scan saved at 12:07:47 PM, on 12/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:... Read more

A:Trouble removing .dll attached to winlogin causing pop ups

Read other 9 answers
RELEVANCY SCORE 40

Hi,I am wondering whether combofix.net and combofix.org are GENUINE sites to download ComboFix.There's no Impressum and the whois-info is private registered.Just wanted to know.Edit: Moved topic from Am I infected? What do I do? to the more appropriate forum. ~ Animal

A:Is combofix.net and combofix.org GENUINE Site to download ComboFix?

Please Take a look here: ComboFix usage, Questions, Help? - Look hereSpecifically the link to the combofix disclaimer image. AlsoThere are only two sites that are authorized for combofix, which are shown in red in the last quote box.

Read other 3 answers