Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Winlogon.exe error while shuttdown


  • Please log in to reply

#1
informativos

informativos

    New Member

  • Member
  • Pip
  • 1 posts
I have been reading the topics of the forum and seems to be a common issue. Problems when shutting down windows like "Winlogon.exe aplication error: instruction 0x5b151012 ref. memory in 0x0000001b can´t be writen" Acept or cancel .... anything you decide continues your shuttdown normally.

This is my case. But when you work on a remote system and this happends then you have to go phisically to that machine and restart manually... if it´s miles away of your office it can be a big troubble.

Here is my HijackThis log:


Logfile of HijackThis v1.99.1
Scan saved at 12:19:06, on 01/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
E:\Antivirus\avgamsvr.exe
E:\Antivirus\avgupsvc.exe
D:\WINDOWS\system32\crypserv.exe
E:\Internet\Serv-U\ServUDaemon.exe
D:\WINDOWS\System32\snmp.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\Tablet.exe
D:\WINDOWS\system32\WFXSVC.EXE
E:\VNC4\WinVNC4.exe
E:\ipaq\z2 Remote2PC\R2PCServ.exe
D:\WINDOWS\Explorer.EXE
E:\Grabacion\D-Tools\daemon.exe
E:\Internet\DU Meter\DUMeter.exe
D:\Archivos de programa\Logitech\MouseWare\system\em_exec.exe
E:\Utils\Cool Beans System Info\Cool Beans System Info.exe
D:\WINDOWS\SOUNDMAN.EXE
E:\Antivirus\avgcc.exe
E:\Utils\ClipCache\clipc.exe
D:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
E:\Internet\Serv-U\ServUTray.exe
E:\Microsoft ActiveSync\wcescomm.exe
E:\Utils\Spybot - Search & Destroy 1.1\TeaTimer.exe
E:\Microsoft ActiveSync\rapimgr.exe
D:\WINDOWS\system32\WTablet\TabUserW.exe
E:\Utils\SpywareGuard\sgmain.exe
E:\Utils\SpywareGuard\sgbhp.exe
E:\Mail Utils\SpamWasher\SWasher.exe
D:\Archivos de programa\Archivos comunes\ACD Systems\IDBSvr.exe
D:\Archivos de programa\Ontrack\PowerDesk\PDExplo.exe
E:\Acrobat 6.0\Acrobat\Acrobat.exe
D:\WINDOWS\system32\WISPTIS.EXE
E:\Internet\Avant Browser\avant.exe
E:\Internet\AceFTP 3 Pro\aceftp3.exe
D:\Archivos de programa\ACD Systems\ACDSee\5.0\ACDSee5.exe
E:\Microsoft ActiveSync\WCESMgr.exe
E:\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\APP\Optimizacion Sistema\HijackThis 1.99.1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Informativos.net/Archivos%20Basicos/start.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=168.12.20.87:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Diseño\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - D:\Archivos de programa\Archivos comunes\ReGet Shared\Catcher.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - E:\Utils\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Utils\SPYBOT~1.1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SavePicNoAsk PRO - {CC7C8206-344B-45AB-B898-78D06229268F} - E:\Internet\SavePicNoAsk PRO\SPNAPROBHO.dll
O2 - BHO: IEBHO - {FFFF08F5-F6F8-42AB-B62A-5531F1F42CE2} - E:\Internet\IEToolKit\ietoolkit15.dll
O3 - Toolbar: IEToolKit - {E475FD2D-CDDC-4889-8CD4-AF31C9FEE54D} - E:\Internet\IEToolKit\ietoolkit15.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - E:\Internet\ReGetDx\iebar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Diseño\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Grabacion\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DU Meter] E:\Internet\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Cool Beans System Info] E:\Utils\Cool Beans System Info\Cool Beans System Info.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] E:\Antivirus\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ClipCache] E:\Utils\ClipCache\clipc.exe /wait 3
O4 - HKCU\..\Run: [MsnMsgr] "D:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ServUTrayIcon] E:\Internet\Serv-U\ServUTray.exe
O4 - HKCU\..\Run: [NBJ] "E:\Grabacion\Nero\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Utils\Spybot - Search & Destroy 1.1\TeaTimer.exe
O4 - Startup: MailWasherPro.lnk = E:\Mail Utils\MailWasher Pro\MailWasher.exe
O4 - Startup: SpywareGuard.lnk = E:\Utils\SpywareGuard\sgmain.exe
O4 - Global Startup: TabUserW.exe.lnk = D:\WINDOWS\system32\WTablet\TabUserW.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Abrir todos los vínculos de esta página... - E:\Internet\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Añadir a la lista negra de anuncios - E:\Internet\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Backward Links - res://d:\archivos de programa\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Bloquear todas las imágenes del mismo servidor - E:\Internet\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Buscar - E:\Internet\Avant Browser\Search.htm
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\archivos de programa\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Descargar con &ReGet Deluxe - D:\Archivos de programa\Archivos comunes\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Descargar todo con &ReGet Deluxe - D:\Archivos de programa\Archivos comunes\ReGet Shared\CC_All.htm
O8 - Extra context menu item: Destacar - E:\Internet\Avant Browser\Highlight.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://E:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://d:\archivos de programa\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Sothink SWF Catcher - D:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Translate into English - res://d:\archivos de programa\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra button: SPNA PRO - {1FCAD22D-3FC8-4811-A247-9EBA202F01CE} - E:\Internet\SavePicNoAsk PRO\SPNAPROBHO.dll (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C42D9CE-5249-4F3A-B7CE-0BFFACC8744A}: NameServer = 80.58.61.250,80.58.61.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C42D9CE-5249-4F3A-B7CE-0BFFACC8744A}: NameServer = 212.78.128.11,195.235.96.89
O17 - HKLM\System\CS2\Services\Tcpip\..\{0C42D9CE-5249-4F3A-B7CE-0BFFACC8744A}: NameServer = 80.58.61.250,80.58.61.254
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\Antivirus\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\Antivirus\avgupsvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - D:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: GhostStartService - Unknown owner - E:\Backup\Ghost 2003\GhostStartService.exe (file missing)
O23 - Service: Serv-U FTP Server (Serv-U) - Unknown owner - E:\Internet\Serv-U\ServUDaemon.exe
O23 - Service: TabletService - Wacom Technology, Corp. - D:\WINDOWS\System32\Tablet.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - D:\WINDOWS\system32\WFXSVC.EXE
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - E:\VNC4\WinVNC4.exe" -service (file missing)
O23 - Service: z2 Remote2PC Server (z2 R2PC Server) - Unknown owner - E:\ipaq\z2 Remote2PC\R2PCServ.exe" -service (file missing)

Note: the 'file missing' items have been cleaned :tazz:
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP