Sign in with
Sign up | Sign in
Your question

WINXP StartUp error - URGENT

Last response: in Windows XP
Share
Anonymous
July 9, 2005 7:45:47 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

When A windows XP SP2 start up , a error box prompt up show winlogon.exe
error, I have capture the debug log , can you let me know how to solve out
this problems. Also I have enclosed Hjask this log for your ref, I hope you
advice how to solve out this problems.

SAFE MODE
Logfile of HijackThis v1.98.2
Scan saved at 12:42:17 AM, on 7/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
D:\FxNetsky.exe
D:\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class -
{AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat
6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe
/SYNC
O4 - HKLM\..\Run: [PHIME2002ASync]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE
/IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat
6.0\Distillr\acrotray.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = marlowint.com
O17 - HKLM\Software\..\Telephony: DomainName = marlowint.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = marlowint.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = marlowint.com
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} -
%SystemRoot%\System32\mshtml.dll (file missing)
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} -
C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program
Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} -
C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} -
C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} -
C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} -
C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} -
C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} -
C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} -
C:\WINDOWS\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} -
%SystemRoot%\System32\mshtml.dll (file missing)
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} -
C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} -
C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} -
%SystemRoot%\System32\mshtml.dll (file missing)
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} -
%SystemRoot%\System32\inetcomm.dll (file missing)
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} -
C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} -
C:\WINDOWS\System32\itss.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} -
C:\Program Files\Common Files\Microsoft Shared\Information
Retrieval\MSITSS.DLL
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} -
C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} -
%SystemRoot%\System32\mshtml.dll (file missing)
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} -
%SystemRoot%\System32\mshtml.dll (file missing)
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} -
C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} -
%SystemRoot%\System32\mshtml.dll (file missing)
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} -
C:\WINDOWS\System32\wiascr.dll
----------------------------------------------------------------------------
----------------------------------------------------------------------------
-----------
Normal Mode

Logfile of HijackThis v1.98.2
Scan saved at 12:56:11 AM, on 7/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\QTRAYIME.EXE
C:\WINDOWS\system32\wuauclt.exe
D:\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class -
{AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat
6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe
/SYNC
O4 - HKLM\..\Run: [PHIME2002ASync]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE
/IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - Startup: ¤E¤è§Ö³t±Ò°Ê.lnk = C:\WINDOWS\system32\QTRAYIME.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat
6.0\Distillr\acrotray.exe
O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: ¤Ï¦V³sµ² - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: ºô­¶ªº§Ö¨ú§Ö·Ó - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Ãþ¦üºô­¶ - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = marlowint.com
O17 - HKLM\Software\..\Telephony: DomainName = marlowint.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = marlowint.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = marlowint.com

----------------------------------------------------------------------------
----------------------------------------------------------------------------
--------------------------------

Server=watson.microsoft.com
UI LCID=1033
Flags=1672016
Brand=WINDOWS
TitleName=winlogon.exe
DigPidRegPath=HKLM\Software\Microsoft\Windows
NT\CurrentVersion\DigitalProductId
ErrorText=This error occurred on 7/7/2005 at 7:55:56 PM.
HeaderText=winlogon.exe encountered a problem and needed to close.
Stage1URL=
Stage1URL=/StageOne/winlogon_exe/0_0_0_0/unknown/0_0_0_0/0200987e.htm
Stage2URL=
Stage2URL=/dw/stagetwo.asp?szAppName=winlogon.exe&szAppVer=0.0.0.0&szModName
=unknown&szModVer=0.0.0.0&offset=0200987e
DataFiles=C:\DOCUME~1\rodyw\LOCALS~1\Temp\WER77b9.dir00\winlogon.exe.mdmp|C:
\DOCUME~1\rodyw\LOCALS~1\Temp\WER77b9.dir00\appcompat.txt
Heap=C:\DOCUME~1\rodyw\LOCALS~1\Temp\WER77b9.dir00\winlogon.exe.hdmp
ErrorSubPath=winlogon.exe\0.0.0.0\unknown\0.0.0.0\0200987e
DirectoryDelete=C:\DOCUME~1\rodyw\LOCALS~1\Temp\WER77b9.dir00

<?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="kernel32.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
<MATCHING_FILE NAME="kernel32.dll" SIZE="983552" CHECKSUM="0x4CE79457"
BIN_FILE_VERSION="5.1.2600.2180" BIN_PRODUCT_VERSION="5.1.2600.2180"
PRODUCT_VERSION="5.1.2600.2180" FILE_DESCRIPTION="Windows NT BASE API Client
DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft?Windows?
Operating System" FILE_VERSION="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"
ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="?
Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0"
VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2"
MODULE_TYPE="WIN32" PE_CHECKSUM="0xFF848" LINKER_VERSION="0x50001"
UPTO_BIN_FILE_VERSION="5.1.2600.2180"
UPTO_BIN_PRODUCT_VERSION="5.1.2600.2180" LINK_DATE="08/04/2004 07:56:36"
UPTO_LINK_DATE="08/04/2004 07:56:36" VER_LANGUAGE="English (United States)
[0x409]" />
</EXE>
</DATABASE>
Anonymous
July 9, 2005 7:45:48 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

I would begin by posting your HijackThis log at:
http://forums.spywareinfo.com/
The experts there will guide you.

While waiting for them to reply you should consider any (or all) of the
following checks.

Run your virus software in Safe Mode (pressing F8 a few times while
booting) - preferably with System Restore tuned off.

Other options (in Normal Boot Mode)
Run an online scan at
http://www.pandasoftware.com/activescan/
and/or
http://housecall.trendmicro.com/housecall/start_corp.as...

Download/Run Microsoft's Malicious Software Removal Tool
http://www.microsoft.com/downloads/details.aspx?FamilyI...

Run Ad-Aware SE Personal (first) and SpyBot-Search & Destroy (second).
http://www.majorgeeks.com/downloads31.html
After you install each, you should click update before running. For example,
with Ad-Aware click on the link "Check for updates now" on the first screen
that appears after you launch the application.

I have also heard good reports about the Damage Cleanup Engine from Trend
Micro at
http://www.trendmicro.com/download/dcs.asp

Good luck and keep us posted.

--
Michael



"IT-BOY" <it_jackie@hotmail.com> wrote in message
news:o U2hlW$gFHA.2560@TK2MSFTNGP10.phx.gbl...
> When A windows XP SP2 start up , a error box prompt up show winlogon.exe
> error, I have capture the debug log , can you let me know how to solve
> out
> this problems. Also I have enclosed Hijack this log for your ref, I hope
> you
> advice how to solve out this problems.
>
>
!