Logon problems... strange.

[Guest]

OK, I am no super-guru so maybe I am missing some way to solution this that I
should know, but I am stumped. (It is also 3:30 AM!)

When I boot now, the Vista screen comes up saying WELCOME and then it negins
to me into Vista. The HDD spins away, the mouse cursor appears, but then the
UAC pops up an ALLOW request for winlogon.exe.

This has not happened in the 2 months I have been using Vista. Even if I
ALLOW the request, the system never kicks in on the screen..

If I open TASK MANAGER and then FILE - NEW TASK and find Windows Explorer
and click it, the system returns to normal.

When I reboot, problem reappears.

When I disable UAC (just experimenting), the system does not give me the
ALLOW request, but it does the same thing (I have ot manually start
explorer.exe in the WINDOWS directory.)

I have even done a few system restores to saves prior to this problem
arising. But they have no impact.

Any thoughts?
Scott

 

[Guest]

No ideas anyone?

 

[Jon]

No ideas anyone?

Try running an 'sfc /scannow' from an elevated command prompt.
The 'winlogon' file may have become corrupted, or have been changed by some
other software you have installed.

 

[Guest]

Jon --

I ran this. All appears well in that regard.

I am stumped!

-- Scott

RESULTS
C:\Windows\system32>sfc /scannow

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 99% complete.
Windows Resource Protection did not find any integrity violations.

 

[Jon]

It is a strange one. Would suggest running a few virus / malware scans
[there are a number of freely downloadable antivirus / malware products to
choose from]. Your system may be attempting to run another 'winlogon.exe'
instead of the default one in the c:\windows\system32 directory.

 

[Guest]

I ran AVGPro, AdAware and SpySweeper. No errors or items found.

I also ran a search for "winlogon.exe" to see if more that one was loaded
someplace, and Vista returned two!

One created 3/14 in the c:\windows directory.
One created 11/2/2006 in the c:\windows\system32 directory.

Since the problem started on 3/14, that file mayt well be the culprit. but
before i delete (actually rename) it, I thought I would see what advice you
have?

 

[Guest]

OK... if I rename the 3/14 winlogon.exe in the windows directory, when I
boot, the system brings me into vista without explorer.exe running, but opens
My Documents in a browse window.

If I boot using the 11/2/06 winlogon.exe, the same problem I have been
having remains.

Is there a way to repair this using my Vista disks without reimaging? I
bought the upgrade version, and to reinstall it, i need to reinstall my ZP
first -- which is SUPER frustrating. I miss being able to insert my disk
during install to prove that I had purchased Windows before.

 

[Guest]

I enabled boot logging, and the only report is as follows. But it does not
appear to have captured any significant problem.

-- Scott

Microsoft (R) Windows (R) Version 6.0 (Build 6000)
3 15 2007 18:34:14.125
Loaded driver \SystemRoot\system32\ntkrnlpa.exe
Loaded driver \SystemRoot\system32\hal.dll
Loaded driver \SystemRoot\system32\kdcom.dll
Loaded driver \SystemRoot\system32\mcupdate_GenuineIntel.dll
Loaded driver \SystemRoot\system32\PSHED.dll
Loaded driver \SystemRoot\system32\BOOTVID.dll
Loaded driver \SystemRoot\system32\CLFS.SYS
Loaded driver \SystemRoot\system32\CI.dll
Loaded driver \SystemRoot\system32\drivers\Wdf01000.sys
Loaded driver \SystemRoot\system32\drivers\WDFLDR.SYS
Loaded driver \SystemRoot\System32\Drivers\sptd.sys
Loaded driver \SystemRoot\System32\Drivers\WMILIB.SYS
Loaded driver \SystemRoot\System32\Drivers\SCSIPORT.SYS
Loaded driver \SystemRoot\system32\drivers\acpi.sys
Loaded driver \SystemRoot\system32\drivers\msisadrv.sys
Loaded driver \SystemRoot\system32\drivers\volmgr.sys
Loaded driver \SystemRoot\system32\drivers\pci.sys
Loaded driver \SystemRoot\System32\drivers\mountmgr.sys
Loaded driver \SystemRoot\system32\drivers\pciide.sys
Loaded driver \SystemRoot\system32\drivers\PCIIDEX.SYS
Loaded driver \SystemRoot\System32\drivers\volmgrx.sys
Loaded driver \SystemRoot\system32\drivers\atapi.sys
Loaded driver \SystemRoot\system32\drivers\ataport.SYS
Loaded driver \SystemRoot\system32\drivers\nvstor.sys
Loaded driver \SystemRoot\system32\drivers\storport.sys
Loaded driver \SystemRoot\system32\drivers\fltmgr.sys
Loaded driver \SystemRoot\system32\drivers\fileinfo.sys
Loaded driver \SystemRoot\system32\drivers\ndis.sys
Loaded driver \SystemRoot\system32\drivers\msrpc.sys
Loaded driver \SystemRoot\system32\drivers\NETIO.SYS
Loaded driver \SystemRoot\System32\Drivers\Ntfs.sys
Loaded driver \SystemRoot\System32\Drivers\ksecdd.sys
Loaded driver \SystemRoot\system32\drivers\wd.sys
Loaded driver \SystemRoot\system32\drivers\volsnap.sys
Loaded driver \SystemRoot\System32\Drivers\spldr.sys
Loaded driver \SystemRoot\System32\drivers\sfhlp01.sys
Loaded driver \SystemRoot\System32\drivers\prosync1.sys
Loaded driver \SystemRoot\System32\drivers\prohlp02.sys
Loaded driver \SystemRoot\System32\drivers\partmgr.sys
Loaded driver \SystemRoot\System32\Drivers\mup.sys
Loaded driver \SystemRoot\System32\drivers\ecache.sys
Loaded driver \SystemRoot\System32\DRIVERS\fvevol.sys
Loaded driver \SystemRoot\system32\drivers\disk.sys
Loaded driver \SystemRoot\system32\drivers\CLASSPNP.SYS
Loaded driver \SystemRoot\system32\drivers\crcdisk.sys
Loaded driver \SystemRoot\system32\DRIVERS\tunnel.sys
Loaded driver \SystemRoot\system32\DRIVERS\tunmp.sys
Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys
Loaded driver \SystemRoot\System32\drivers\dxgkrnl.sys
Loaded driver \SystemRoot\system32\DRIVERS\nvlddmkm.sys
Loaded driver \SystemRoot\system32\DRIVERS\fdc.sys
Loaded driver \SystemRoot\system32\DRIVERS\serial.sys
Loaded driver \SystemRoot\system32\DRIVERS\serenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbohci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\drivers\Afc.sys
Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\system32\DRIVERS\ohci1394.sys
Loaded driver \SystemRoot\system32\drivers\ctoss2k.sys
Loaded driver \SystemRoot\system32\drivers\ctprxy2k.sys
Loaded driver \SystemRoot\system32\drivers\ctaud2k.sys
Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys
Loaded driver \SystemRoot\system32\DRIVERS\nvm60x32.sys
Loaded driver \SystemRoot\System32\Drivers\a5jktk2k.SYS
Loaded driver \SystemRoot\system32\DRIVERS\msiscsi.sys
Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\system32\DRIVERS\rdpdr.sys
Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\mcdbus.sys
Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\system32\DRIVERS\umbus.sys
Loaded driver \SystemRoot\system32\DRIVERS\flpydisk.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Loaded driver \SystemRoot\system32\drivers\ha20x2k.sys
Loaded driver \SystemRoot\system32\drivers\emupia2k.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\drivers\ctsfm2k.sys
Loaded driver \SystemRoot\system32\CTHWIUT.DLL
Loaded driver \SystemRoot\system32\CT20XUT.DLL
Loaded driver \SystemRoot\system32\CTEXFIFX.DLL
Loaded driver \SystemRoot\system32\drivers\HdAudio.sys
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\System32\Drivers\avgclean.sys
Did not load driver \SystemRoot\system32\DRIVERS\kbdhid.sys
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\system32\drivers\rdpencdd.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\System32\drivers\tcpip.sys
Loaded driver \SystemRoot\system32\DRIVERS\tdx.sys
Loaded driver \SystemRoot\system32\DRIVERS\smb.sys
Loaded driver \SystemRoot\system32\drivers\afd.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\system32\DRIVERS\pacer.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\System32\drivers\prodrv06.sys
Loaded driver \SystemRoot\system32\drivers\nsiproxy.sys
Loaded driver \SystemRoot\system32\drivers\csc.sys
Loaded driver \SystemRoot\System32\Drivers\dfsc.sys
Loaded driver \SystemRoot\System32\Drivers\avgmfx86.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbccgp.sys
Loaded driver \SystemRoot\system32\DRIVERS\USBSTOR.SYS
Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdhid.sys
Loaded driver \SystemRoot\system32\DRIVERS\NuidFltr.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys
Loaded driver \SystemRoot\system32\DRIVERS\monitor.sys
Loaded driver \SystemRoot\system32\drivers\luafv.sys
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Loaded driver \SystemRoot\system32\DRIVERS\lltdio.sys
Loaded driver \SystemRoot\system32\DRIVERS\rspndr.sys
Loaded driver \SystemRoot\system32\drivers\HTTP.sys
Loaded driver \SystemRoot\System32\DRIVERS\srvnet.sys
Loaded driver \SystemRoot\system32\DRIVERS\bowser.sys
Loaded driver \SystemRoot\System32\drivers\mpsdrv.sys
Loaded driver \SystemRoot\system32\drivers\mrxdav.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb10.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb20.sys
Loaded driver \SystemRoot\System32\DRIVERS\srv2.sys
Loaded driver \SystemRoot\System32\DRIVERS\srv.sys
Did not load driver \SystemRoot\System32\DRIVERS\srv.sys
Loaded driver \SystemRoot\system32\DRIVERS\asyncmac.sys
Loaded driver \SystemRoot\system32\DRIVERS\atksgt.sys
Loaded driver \SystemRoot\System32\Drivers\avgtdi.sys
Loaded driver \SystemRoot\system32\DRIVERS\lirsgt.sys
Loaded driver \SystemRoot\system32\drivers\peauth.sys
Loaded driver \SystemRoot\System32\Drivers\secdrv.SYS
Loaded driver \SystemRoot\System32\drivers\tcpipreg.sys
Loaded driver \SystemRoot\system32\DRIVERS\cdfs.sys

- end -

 

[Don]

... I
bought the upgrade version, and to reinstall it, i need to reinstall my ZP
first -- which is SUPER frustrating...

Sorry I can't answer your first question, but I've read many times in
this forum that you can reinstall Vista over your existing Vista. You
don't need to reinstall XP (I assume that's what you meant ;o)

The only extra step you will need to take is to do the activation by
telephone this time. As long as you have a legal key they won't give
you any trouble.

 

[Guest]

Little more info: When I enter Vista, - where explorer should start and I
have to go into Task Manager, the only processes running are:

TaskManager (of course)
csrss.exe (984K)
dwm.exe (38000K)
winlogon.exe (1680K)

 

[Jon]

Little more info: When I enter Vista, - where explorer should start and I
have to go into Task Manager, the only processes running are:

TaskManager (of course)
csrss.exe (984K)
dwm.exe (38000K)
winlogon.exe (1680K)

As you rightly say, the extra winlogon.exe in the Windows directory sounds
strange. I only have the system32 version here.

Since it's fairly recent, you could try running System Restore, and trying
to restore back to a point prior to 14th March.
That may well fix it.

NB You can see more processes running with Task Manager, if you click the
'Show processes from all users' on the Processes tab.

You could also check the value of the 'Shell' key at
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
It should be 'explorer.exe' (REG_SZ data type)

Shouldn't be a 'Shell' at the following location, but you could also check
here
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

 

[Guest]

Shell key @ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon reads:

"Explorer.exe C:\WINDOWS\winlogon.exe"

Should I change it to just "Explorer.exe"?

 

[Guest]

I changed that entry to "Explorer.exe" and it works!

My only concern is: None of the AV or Spyware programs are picking up
anything on my system, but something made that change.

I fear I am infected and cannot stop it...

But thank you Jon!
Scott

 

[Jon]

You're welcome. Glad that you've got it up and running again.

Not a good sign, as you say, that none of the AV or Spyware product picked
it up. Still early days for Vista, I suppose.

You could check for other files on your system created on that particular
day - 14/3 Might be able to spot a pattern,eg another program that was
installed at the same time, that may have been responsible.

 

[Guest]

Thanks for the info. Scott Adams i had the same problem and i changed name
of the shell key and now windows works as it did before, but not it is much
slower, i dont know why!

I was wondering if it is know why this is happening with windows?? because
i have been on a lot of different discussion sites and alot of people are
having the same problems.