Log in

View Full Version : My computer is unable to shutdown and has a Winlogon.exe error

anya1009
Feb 19, 2008, 01:00 AM
My computer is unable to shutdown properly since Monday, the 11th of February. I am turning off the power to shutdown. I've got an error "Winlogon.exe encountered a problem and needed to close." every time I log in but not sure if this is the error caused by not shutting down properly.

This is my Hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:26:34 PM, on 2/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Schlumberger\i-Handbook\i-Handbook.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\Program Files\SolidWorks\SolidWorks\swScheduler\swBOEngine .exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\galcan\LOCALS~1\Temp\SolidWorksLicTemp .0001
C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\PROGRA~1\SOLIDW~3\SOLIDW~1\sldworks.exe
C:\DOCUME~1\galcan\LOCALS~1\Temp\SolidWorksLicTemp .0001
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\galcan\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.miswaco.com/default.aspx
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\.. \Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\.. \Run: [nwiz] nwiz.exe /install
O4 - HKLM\.. \Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\.. \Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\.. \Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\.. \Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\.. \Run: [SolidWorks_CheckForUpdates] "C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /scheduler
O4 - HKLM\.. \Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\.. \Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\.. \Run: [M-I] MI_Startup.vbs
O4 - HKCU\.. \Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\.. \Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\.. \Run: [i-Handbook] C:\Program Files\Schlumberger\i-Handbook\i-Handbook.exe /i
O4 - HKCU\.. \Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe"
O4 - HKUS\S-1-5-19\.. \Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\.. \Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\.. \Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\.. \RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.v bs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\.. \Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\.. \RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.v bs" (User 'Default user')
O4 - Startup: SolidWorks Task Scheduler Engine.lnk = C:\Program Files\SolidWorks\SolidWorks\swScheduler\swBOEngine .exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: *.prod.miswaco.com
O15 - Trusted Zone: *.web.miswaco.com
O15 - Trusted Zone: *.prod.miswaco.com (HKLM)
O15 - Trusted Zone: *.web.miswaco.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} (JInitiator 1.3.1.28) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = net.smith.com
O17 - HKLM\Software\.. \Telephony: DomainName = net.smith.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = net.smith.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = net.smith.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\Plugin Manager\Skype4COM.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/galcan/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 8036 bytes


please help!

Thanks.
anya1009
Feb 19, 2008, 01:13 AM
This is an error screen.
xphelper
Feb 19, 2008, 01:32 AM
Hello,
The presentation of a "hijack this" log is usually a sign that someone told you to run the program due to a suspected malware problem. With that said, I would strongly encourage you to post your results in a specialized forum that is designed specifically to interpret the results of 'hijack this' logs. Sorry, I am not trained in that area.
CliffARobinson
Jan 10, 2012, 03:37 PM
One Shutdown issue introduced with XP Service Pack 2 was caused by the addition of "Automatic Windows Update Installation". Every time XP SP2 is shutdown, it checks for any Updates that haven't been installed yet. Sometimes, this process can cause your computer to hang if something goes wrong.

To see if this is the case, take a look for error 0x80248011 in the Windows Update logs. Specifically, look in %windir%\SoftwareDistribution\ReportingEvents.log. If you see this error, then you are going to need to do the following:


Click "Start"
Click "Run"
Type in: SERVICES.MSC
Click "Ok"
Stop the Automatic Updates service.
Find the software distribution folder; (c:\Windows\SoftwareDistribution) to c:\Windows\SoftwareDistribution.old
Now go back to services and restart the Automatic Updates service
.