Winlogon.exe doing 100% CPU time

M

Martijn Saly

I've got an XP SP2 box that suffers from winlogon.exe eating 100% CPU
time (well, 50% really, since its a HTT-CPU). This box logs onto a
Windows 2000 domain (I haven't got any details, but feel free to ask).
This behavior doesn't show up on every login, maybe one out of every
five times.

Virusscanner is Symantec AV Corporate 8.0. I've scanned for malware
using Ad-Aware and Windows Defender. So my guess is it couldn't be
malware that's causing this behavior.

This box is a HP Compaq DX2200MT, with a P4-3.2GHz, 1GB memory and a
Radeon X1300 card.

So anyway, I did some research of my own with Process Explorer. Indeed I
see winlogon.exe eating all CPU time. It's the real winlogon.exe, not a
fake one. Its signature is verified to be Microsoft, so it should be
genuine. I upon up its properties and I don't see any extreme numbers on
the performance tab (except for kernel time).

On the threads tab I see something weird. One of the threads is eating
most of the CPU time covered by the process. I have a screenshot of this:
http://thany.org/screenshots/Screenshot1195.png

I can safely suspend, resume and even kill this single thread, without
consequences. But then again, I'd like to know why this thread eats the
CPU time in the first place. And more importantly, how to prevent this
from happening in the future...
 
M

Malke

Martijn said:
I've got an XP SP2 box that suffers from winlogon.exe eating 100% CPU
time (well, 50% really, since its a HTT-CPU). This box logs onto a
Windows 2000 domain (I haven't got any details, but feel free to ask).
This behavior doesn't show up on every login, maybe one out of every
five times.

Virusscanner is Symantec AV Corporate 8.0. I've scanned for malware
using Ad-Aware and Windows Defender. So my guess is it couldn't be
malware that's causing this behavior.

This box is a HP Compaq DX2200MT, with a P4-3.2GHz, 1GB memory and a
Radeon X1300 card.

So anyway, I did some research of my own with Process Explorer. Indeed
I see winlogon.exe eating all CPU time. It's the real winlogon.exe,
not a fake one. Its signature is verified to be Microsoft, so it
should be genuine. I upon up its properties and I don't see any
extreme numbers on the performance tab (except for kernel time).

On the threads tab I see something weird. One of the threads is eating
most of the CPU time covered by the process. I have a screenshot of
this: http://thany.org/screenshots/Screenshot1195.png

I can safely suspend, resume and even kill this single thread, without
consequences. But then again, I'd like to know why this thread eats
the CPU time in the first place. And more importantly, how to prevent
this from happening in the future...
Click to expand...

I have a vague memory of Windows Defender causing similar issues. I say
"vague" because I don't use WD but read about this on one of my mailing
lists. There is a new version of WD so you could troubleshoot by first
uninstalling WD and seeing if that fixes the problem. If it does, then
you could install the newest version of WD and see what happens.

Obviously you'll need to log on as local administrator to do this.

Malke
 
M

Martijn Saly

Malke said:
I have a vague memory of Windows Defender causing similar issues. I say
"vague" because I don't use WD but read about this on one of my mailing
lists. There is a new version of WD so you could troubleshoot by first
uninstalling WD and seeing if that fixes the problem. If it does, then
you could install the newest version of WD and see what happens.

Obviously you'll need to log on as local administrator to do this.

Malke
Click to expand...

Actually, I had WD installed previously but I uninstalled it because I
knew it could cause behavior similar to my problem. However, what I
remember it to cause is 100% CPU time for about a minute. In my case the
CPU clog remains indefinately (until I kill it with PE).

Anyway, WD is no longer on my PC and the problem persists, so my guess
is that WD cannot be causing it, wouldn't you agree?
 
M

Malke

Martijn said:
Actually, I had WD installed previously but I uninstalled it because I
knew it could cause behavior similar to my problem. However, what I
remember it to cause is 100% CPU time for about a minute. In my case
the CPU clog remains indefinately (until I kill it with PE).

Anyway, WD is no longer on my PC and the problem persists, so my guess
is that WD cannot be causing it, wouldn't you agree?
Click to expand...

Yes, I agree. However, since you know that something is causing the
issue you have to track it down. Unfortunately, since the problem
doesn't occur on any regular basis you're going to have to keep tabs on
the box to track down the cause.

What has changed? Any updates from Windows Update or other programs
installed? Any driver updates? I see you have an ATI card - would you
have updated the drivers?

You can try clean-boot troubleshooting:
Clean boot in Windows XP - http://support.microsoft.com/kb/310353
Clean-boot advanced troubleshooting in Windows XP -
http://support.microsoft.com/kb/316434
How to Troubleshoot By Using the Msconfig Utility in Windows XP -
http://support.microsoft.com/?id=310560

Since this is a workstation, if you image your workstations perhaps it
would be more cost/time-efficient to just reimage the box. If the
problems occur on a new install, then bizarre as it seems perhaps the
issue is hardware.

Malke
 
M

Martijn Saly

Malke said:
Yes, I agree. However, since you know that something is causing the
issue you have to track it down. Unfortunately, since the problem
doesn't occur on any regular basis you're going to have to keep tabs on
the box to track down the cause.

What has changed? Any updates from Windows Update or other programs
installed? Any driver updates? I see you have an ATI card - would you
have updated the drivers?
Click to expand...

I'm sure some windows updates were installed before the problem occured,
but I think I'd rather have important updates and kill the clogging
thread every now and then.

I haven't updates videodrivers, but it might be a good idea to do so.
You never know...
You can try clean-boot troubleshooting:
Clean boot in Windows XP - http://support.microsoft.com/kb/310353
Clean-boot advanced troubleshooting in Windows XP -
http://support.microsoft.com/kb/316434
How to Troubleshoot By Using the Msconfig Utility in Windows XP -
http://support.microsoft.com/?id=310560

Since this is a workstation, if you image your workstations perhaps it
would be more cost/time-efficient to just reimage the box. If the
problems occur on a new install, then bizarre as it seems perhaps the
issue is hardware.
Click to expand...

It takes about a day and a half to reinstall this box, and I really
don't like doing that, especially since this box has been purchased just
3 months ago.

I'd like to fix the problem, rather than reinstalling the problem :)

I guess I'll post back when I know more...

Thanks,
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

winlogon.exe using 99% of cpu 1
CPU running at 100% 6
Winlogon.exe uses 100% CPU 0
Winlogon.exe Will Max out CPU !! 1
Winlogon.exe chewing up CPU 46
Winlogon.exe consuming CPU 3
CROSS-POST - winlogon.exe consuming 50% CPU time 7
100% CPU usage by winlogon.exe 1

Top