Winlogon.exe Error

G

Guest

Windows Explorer is frequently teminating unexpectedly when I attempt to view
folders, copy files, etc. The event viewer shows:
----------------------
Details
Product: Windows Operating System
Event ID: 1002
Source: Winlogon
Version: 5.0
Component: Application Event Log
Symbolic Name: EVENT_SHELL_RESTARTED
Message: The shell stopped unexpectedly and %1 was restarted.

Explanation
The shell was stopped and then restarted. By default, the shell is
explorer.exe; however, you might have a customized shell.


User Action
No user action is required.



Version: 5.2
Symbolic Name: EVENT_SHELL_RESTARTED
Message: The shell stopped unexpectedly and %1 was restarted.

Explanation
The shell was stopped and then restarted. By default, the shell is
explorer.exe; however, you might have a customized shell.


User Action
No user action is required.
-----------------

I've run Virusscan, Adaware, and Spysweeper to check for viruses, spyware,
etc. and found nothing to resolve the problem. I ran HijackThis and obtained
the following log. Any spyware experts out there who can tell me what I can
remove to correct this problem?

----------------------------

Logfile of HijackThis v1.99.1
Scan saved at 2:49:28 PM, on 2/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\My Directory\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://news.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.att.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} -
C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program
files\mcafee\virusscan\scriptcl.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} -
c:\program files\mcafee\mps\mcpopup.dll
O3 - Toolbar: NewsStand Toolbar - {6E94ACD5-2C6A-48AC-84EF-A4DE746D385F} -
C:\Program Files\NewsStand\Reader\NSIEToolbar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program
Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program
Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [DadApp] "C:\Program Files\Dell\AccessDirect\dadapp.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator
5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DIGStream] "C:\Program Files\DIGStream\digstream.exe"
O4 - HKLM\..\Run: [StatusClient] "C:\Program
Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat
4.0\webapps\Toolbox\StatusClient\StatusClient.exe" /auto
O4 - HKLM\..\Run: [TomcatStartup] "C:\Program
Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM\..\Run: [sealmon] "C:\Program Files\SealedMedia\sealmon.exe"
O4 - HKLM\..\Run: [DVDTray] C:\PROGRA~1\HPDVD~1\Umbrella\DVDTray.exe
O4 - HKLM\..\Run: [DVDBitSet] "C:\PROGRA~1\HPDVD~1\Umbrella\DVDBitSet.exe"
/NOUI
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [Necutray] NECUTRAY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media
Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network
Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] "C:\Program Files\ANI\ANIWZCS2
Service\WZCSLDR2.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe"
/startup
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop
Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [i8kfangui] "C:\Program Files\I8kfanGUI\I8kfanGUI.exe"
/startup
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft
Office\Office\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat
5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program
Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Define - C:\Program Files\Common
Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program
Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Encarta Encyclopedia -
{2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common
Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia -
{2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common
Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} -
C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37}
- C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} -
C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no
file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software
AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {11865A2A-649F-4FA1-8B99-B97DF8070B7C} (IWSystemchecks Control) -
http://stevens.interwise.com/stevens/English/ActiveX/IWsystemchecks.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating
System Class) -
http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://207.188.7.150/1442dd09d281ff5ad806/netzip/RdxIE601.cab
O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI
Control) - http://www.snapfish.com/SnapfishUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134151141145
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield
International Setup Player) -
http://www.newsstand.com/downloads/reader/2.5.0.0/Disk1/isetupml.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield
International Setup Player) -
http://zinio.earthc.net/images.zinio.com/reader/isetup.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object)
- http://autos.msn.com/components/ocx/survid/MSSurVid.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object)
- http://autos.msn.com/components/ocx/exterior/Outside.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) -
http://viewers.316networks.com/common/mbrowser/MINIBrowser.CAB
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class)
- http://picturecenter.kodak.com/activex/LightSurfUploadControl.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin
Class) -
http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software
AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} -
C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. -
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. -
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel
32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program
Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. -
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. -
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program
files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. -
C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. -
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. -
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. -
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. -
C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. -
C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. -
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. -
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc.
- C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. -
C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner -
C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k
runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure
Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation -
C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) -
Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
 
G

Guest

always the same folder, or does it vary?

have you tried running scandisk to check you HDD?

possible problem with memory as well - machine diagnostics
 
G

Guest

The folder varies. Sometimes I don't even have the opportunity to select a
folder before it terminates.
No harddisk or memory problems.
 
N

Newbie Coder

The error points to '%1' which means logon is running an application passed
to it

Look into the Winlogon section of the registry to see what Winlogon is
running then we can diagnose it from that

Winlogon Key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Look at the values & the other subkeys
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

sharedobj.dll errors 1
WinVir 5
mouse moving and closing out programs 5
no desktop icons, start menu, task bar?? 35
IE redirection problem 2
Problems with pops ups 6
PLEASE HELp.. i can not get rid of this bug on my computer 2
over 600 virus's found! ran anti-virus but still not working 12

Top