07-11-2008, 02:30 PM
|
| |
| Re: Once in a while, winlogon.exe will hog CPU and makes my Windows unresponsive.
"Endpoint Protection" Symantec CMC - Why are you using this?
If not necessary for daily use try disabling it.
JS
"Phillip Pi" <phillip_pi@symantec.comSYMC> wrote in message
news:%23V$CLQ54IHA.1428@TK2MSFTNGP06.phx.gbl...
> Hello.
>
> I have a strange rare and annoying Windows XP Pro. SP2 (IE6.0 SP2; all
> critical updates and optional softwares for SP2) issue that had been
> around for three years or so, and I can't figure out what's going on.
>
> Once in a while (very rare -- maybe once every one/two months?), I
> winlogon.exe decides to go nuts and take one of my CPU (have a dual core
> Intel P4 Prescott machine). From there, softwares don't respond and some
> can't be shut down (e.g., SeaMonkey.exe, Trillian.exe, Outlook.exe) even
> if I force end task. When I try to shut down Windows to reboot, it gets
> stuck forever and I need to do a force shut down on the power switch on
> the Dell Optiplex GX280 case.
>
> I tried viewing Process Explorer, Process Monitor, event logs, services
> via cmd.exe (administrative method freezes/doesn't respond), etc. and
> found nothing interesting. Here are the Process Explorer exports:
>
> From Process Explorer v11.20:
>
>
> Process PID Description CPU Company Name
> System Idle Process 0 39.13 Interrupts n/a Hardware Interrupts DPCs n/a
> Deferred Procedure Calls System 4 smss.exe 1160 Windows NT Session Manager
> Microsoft Corporation
> csrss.exe 1208 Client Server Runtime Process Microsoft Corporation
> winlogon.exe 1236 Windows NT Logon Application 50.00 Microsoft
> Corporation
> services.exe 1280 Services and Controller app 0.72 Microsoft
> Corporation
> svchost.exe 1480 Generic Host Process for Win32 Services Microsoft
> Corporation
> svchost.exe 1536 Generic Host Process for Win32 Services Microsoft
> Corporation
> svchost.exe 456 Generic Host Process for Win32 Services Microsoft
> Corporation
> Smc.exe 724 Symantec CMC Smc 0.72 Symantec Corporation
> SmcGui.exe 2168 Symantec CMC SmcGui 4.35 Symantec Corporation
> svchost.exe 780 Generic Host Process for Win32 Services Microsoft
> Corporation
> svchost.exe 892 Generic Host Process for Win32 Services Microsoft
> Corporation
> SNAC.EXE 904 Symantec Network Access Control 0.72 Symantec
> Corporation
> ccSvcHst.exe 1968 Symantec Service Framework Symantec Corporation
> spoolsv.exe 1916 Spooler SubSystem App Microsoft Corporation
> AeXNSAgent.exe 1924 Altiris Agent Altiris, Inc.
> AluSchedulerSvc.exe 524 Automatic LiveUpdate Scheduler Service
> Symantec Corporation
> ntmulti.exe 944 IBM Lotus Notes/Domino IBM Corp
> NMSAccess.exe 968 p4ps.exe 1084 P4Webs.exe 1648 spkrmon.exe 1676
> SoundMAX SpeakerMonitor service Rtvscan.exe 1664 Symantec AntiVirus
> Symantec Corporation
> vmware-authd.exe 2192 VMware Authorization Service VMware, Inc.
> vmount2.exe 2704 virtual disk mount service VMware, Inc.
> vmnat.exe 2904 VMware NAT Service VMware, Inc.
> vmnetdhcp.exe 3180 VMware VMnet DHCP service VMware, Inc.
> alg.exe 2996 Application Layer Gateway Service Microsoft Corporation
> lsass.exe 1292 LSA Shell (Export Version) Microsoft Corporation
> explorer.exe 3228 Windows Explorer Microsoft Corporation
> TaskSwitch.exe 3660 ccApp.exe 3100 Symantec User Session Symantec
> Corporation
> trillian.exe 1700 Trillian Cerulean Studios
> OUTLOOK.EXE 2952 Microsoft Office Outlook Microsoft Corporation
> seamonkey.exe 1012 SeaMonkey mozilla.org
> taskmgr.exe 1616 Windows TaskManager Microsoft Corporation
> procexp.exe 3392 Sysinternals Process Explorer 4.35 Sysinternals -
> www.sysinternals.com
>
> Process: winlogon.exe Pid: 1236
>
> Name Description Company Name Version
> ACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.01.2600.2180
> adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.01.2600.2180
> ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation
> 5.01.2600.2180
> Apphelp.dll Application Compatibility Client Library Microsoft Corporation
> 5.01.2600.2180
> Ati2evxx.dll ATI External Event Utility DLL Module ATI Technologies Inc.
> 6.14.0010.4123
> ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation
> 3.05.2284.0000
> AUTHZ.dll Authorization Framework Microsoft Corporation 5.01.2600.2622
> Cabinet.dll Microsoft® Cabinet File API Microsoft Corporation
> 5.01.2600.2180
> CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0308
> COMCTL32.dll Common Controls Library Microsoft Corporation 5.82.2900.2982
> comctl32.dll User Experience Controls Library Microsoft Corporation
> 6.00.2900.2982
> comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.2180
> COMRes.dll Microsoft Corporation 2001.12.4414.0258
> CRYPT32.dll Crypto API32 Microsoft Corporation 5.131.2600.2180
> cryptdll.dll Cryptography Manager Microsoft Corporation 5.01.2600.2180
> cscdll.dll Offline Network Agent Microsoft Corporation 5.01.2600.2180
> cscui.dll Client Side Caching UI Microsoft Corporation 5.01.2600.2180
> ctype.nls DNSAPI.dll DNS Client API DLL Microsoft Corporation
> 5.01.2600.3394
> fastprox.dll WMI Microsoft Corporation 5.01.2600.2180
> GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.3316
> hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation
> 5.01.2600.2180
> icmp.dll ICMP DLL Microsoft Corporation 5.01.2600.2180
> IMAGEHLP.dll Windows NT Image Helper Microsoft Corporation 5.01.2600.2180
> IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation
> 5.01.2600.2180
> iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.2912
> kerberos.dll Kerberos Security Package Microsoft Corporation
> 5.01.2600.2698
> kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation
> 5.01.2600.3119
> locale.nls LPK.DLL Language Pack Microsoft Corporation 5.01.2600.2180
> midimap.dll Microsoft MIDI Mapper Microsoft Corporation 5.01.2600.2180
> MPR.dll Multiple Provider Router DLL Microsoft Corporation 5.01.2600.2180
> MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation
> 5.01.2600.2180
> MSACM32.dll Microsoft ACM Audio Filter Microsoft Corporation
> 5.01.2600.2180
> msacm32.drv Microsoft Sound Mapper Microsoft Corporation 5.01.2600.0000
> MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.2180
> msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation
> 5.01.2600.2180
> MSGINA.dll Windows NT Logon GINA DLL Microsoft Corporation 5.01.2600.2180
> msv1_0.dll Microsoft Authentication Package v1.0 Microsoft Corporation
> 5.01.2600.2180
> MSVCP60.dll Microsoft (R) C++ Runtime Library Microsoft Corporation
> 6.02.3104.0000
> MSVCR70.dll Microsoft® C Runtime Library Microsoft Corporation
> 7.00.9466.0000
> msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.3085
> mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft
> Corporation 5.01.2600.3394
> msxml3.dll MSXML 3.0 SP9 Microsoft Corporation 8.90.1101.0000
> msxml3r.dll XML Resources Microsoft Corporation 8.20.8730.0001
> NavLogon.dll Symantec AntiVirus Logon Notification Symantec Corporation
> 10.01.0000.0401
> NDdeApi.dll Network DDE Share Management APIs Microsoft Corporation
> 5.01.2600.2180
> NETAPI32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.2976
> ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.2180
> NTDSAPI.DLL NT5DS Microsoft Corporation 5.01.2600.2180
> NTMARTA.DLL Windows NT MARTA provider Microsoft Corporation 5.01.2600.2180
> ODBC32.dll Microsoft Data Access - ODBC Driver Manager Microsoft
> Corporation 3.525.1117.0000
> odbcint.dll Microsoft Data Access - ODBC Resources Microsoft Corporation
> 3.525.1117.0000
> ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.2726
> OLEAUT32.dll Microsoft Corporation 5.01.2600.3266
> PCANotify.dll Winlogon Notification package Symantec Corporation
> 11.00.0001.0764
> PROFMAP.dll Userenv Microsoft Corporation 5.01.2600.2180
> PSAPI.DLL Process Status Helper Microsoft Corporation 5.01.2600.2180
> REGAPI.dll Registry Configuration APIs Microsoft Corporation
> 5.01.2600.2180
> RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation
> 5.01.2600.3173
> rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation
> 5.01.2600.2161
> rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180
> SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180
> SASWINLO.dll SUPERAntiSpyware WinLogon Processor SUPERAntiSpyware.com
> 1.00.0000.1046
> Secur32.dll Security Support Provider Interface Microsoft Corporation
> 5.01.2600.2180
> SETUPAPI.dll Windows Setup API Microsoft Corporation 5.01.2600.2180
> sfc.dll Windows File Protection Microsoft Corporation 5.01.2600.2180
> sfc_os.dll Windows File Protection Microsoft Corporation 5.01.2600.2180
> SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.3241
> SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation
> 6.00.2900.3354
> SHSVCS.dll Windows Shell Services Dll Microsoft Corporation 6.00.2900.3051
> sortkey.nls sorttbls.nls sxs.dll Fusion 2.5 Microsoft Corporation
> 5.01.2600.3019
> unicode.nls USER32.dll Windows XP USER API Client DLL Microsoft
> Corporation 5.01.2600.3099
> USERENV.dll Userenv Microsoft Corporation 5.01.2600.2180
> USP10.dll Uniscribe Unicode script processor Microsoft Corporation
> 1.420.2600.2180
> uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.2180
> VERSION.dll Version Checking and File Installation Libraries Microsoft
> Corporation 5.01.2600.2180
> wbemcomn.dll WMI Microsoft Corporation 5.01.2600.2180
> wbemprox.dll WMI Microsoft Corporation 5.01.2600.2180
> wbemsvc.dll WMI Microsoft Corporation 5.01.2600.2180
> wdmaud.drv WDM Audio driver mapper Microsoft Corporation 5.01.2600.2180
> WgaLogon.dll Windows Genuine Advantage Notification Microsoft Corporation
> 1.07.0018.0007
> WININET.dll Internet Extensions for Win32 Microsoft Corporation
> 6.00.2900.3354
> winlogon.exe Windows NT Logon Application Microsoft Corporation
> 5.01.2600.2180
> WINMM.dll MCI API DLL Microsoft Corporation 5.01.2600.2180
> WINSCARD.DLL Microsoft Smart Card API Microsoft Corporation 5.01.2600.2180
> WINSPOOL.DRV Windows Spooler Driver Microsoft Corporation 5.01.2600.2180
> WINSTA.dll Winstation Library Microsoft Corporation 5.01.2600.2180
> WINTRUST.dll Microsoft Trust Verification APIs Microsoft Corporation
> 5.131.2600.2180
> WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.2180
> WlNotify.dll Common DLL to receive Winlogon notifications Microsoft
> Corporation 5.01.2600.2180
> WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation
> 5.01.2600.2180
> WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation
> 5.01.2600.2180
> wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation
> 5.01.2600.2180
> wsock32.dll Windows Socket 32-Bit DLL Microsoft Corporation 5.01.2600.2180
> WTSAPI32.dll Windows Terminal Server SDK APIs Microsoft Corporation
> 5.01.2600.2180
> xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.01.2600.2180
>
> --
>
> Process PID Description CPU Company Name
> System Idle Process 0 41.18 Interrupts n/a Hardware Interrupts DPCs n/a
> Deferred Procedure Calls System 4 smss.exe 1160 Windows NT Session Manager
> Microsoft Corporation
> csrss.exe 1208 Client Server Runtime Process Microsoft Corporation
> winlogon.exe 1236 Windows NT Logon Application 50.00 Microsoft
> Corporation
> services.exe 1280 Services and Controller app 0.74 Microsoft
> Corporation
> svchost.exe 1480 Generic Host Process for Win32 Services 0.74
> Microsoft Corporation
> svchost.exe 1536 Generic Host Process for Win32 Services Microsoft
> Corporation
> svchost.exe 456 Generic Host Process for Win32 Services Microsoft
> Corporation
> Smc.exe 724 Symantec CMC Smc 0.74 Symantec Corporation
> SmcGui.exe 2168 Symantec CMC SmcGui 2.94 Symantec Corporation
> svchost.exe 780 Generic Host Process for Win32 Services Microsoft
> Corporation
> svchost.exe 892 Generic Host Process for Win32 Services Microsoft
> Corporation
> SNAC.EXE 904 Symantec Network Access Control Symantec Corporation
> ccSvcHst.exe 1968 Symantec Service Framework 0.74 Symantec
> Corporation
> spoolsv.exe 1916 Spooler SubSystem App Microsoft Corporation
> AeXNSAgent.exe 1924 Altiris Agent Altiris, Inc.
> AluSchedulerSvc.exe 524 Automatic LiveUpdate Scheduler Service
> Symantec Corporation
> ntmulti.exe 944 IBM Lotus Notes/Domino IBM Corp
> NMSAccess.exe 968 p4ps.exe 1084 P4Webs.exe 1648 spkrmon.exe 1676
> SoundMAX SpeakerMonitor service Rtvscan.exe 1664 Symantec AntiVirus
> Symantec Corporation
> vmware-authd.exe 2192 VMware Authorization Service VMware, Inc.
> vmount2.exe 2704 virtual disk mount service VMware, Inc.
> vmnat.exe 2904 VMware NAT Service VMware, Inc.
> vmnetdhcp.exe 3180 VMware VMnet DHCP service VMware, Inc.
> alg.exe 2996 Application Layer Gateway Service Microsoft Corporation
> lsass.exe 1292 LSA Shell (Export Version) Microsoft Corporation
> explorer.exe 3228 Windows Explorer Microsoft Corporation
> TaskSwitch.exe 3660 ccApp.exe 3100 Symantec User Session Symantec
> Corporation
> trillian.exe 1700 Trillian Cerulean Studios
> OUTLOOK.EXE 2952 Microsoft Office Outlook Microsoft Corporation
> seamonkey.exe 1012 SeaMonkey mozilla.org
> taskmgr.exe 1616 Windows TaskManager Microsoft Corporation
> procexp.exe 3392 Sysinternals Process Explorer 2.94 Sysinternals -
> www.sysinternals.com
>
> Process: winlogon.exe Pid: 1236
>
> Type Name
> Desktop \Winlogon
> Desktop \Disconnect
> Desktop \Default
> Desktop \Default
> Directory \KnownDlls
> Directory \Windows
> Directory \BaseNamedObjects
> Event \BaseNamedObjects\AUTOENRL:TriggerMachineEnrollmen t
> Event \BaseNamedObjects\crypt32LogoffEvent
> Event \BaseNamedObjects\userenv: User Profile setup event
> Event \BaseNamedObjects\userenv: Machine Group Policy has been applied
> Event \BaseNamedObjects\userenv: Machine Group Policy ForcedRefresh Needs
> Foreground Processing
> Event \BaseNamedObjects\userenv: Machine Group Policy Processing is done
> Event \BaseNamedObjects\userenv: Machine Policy Foreground Done Event
> Event \BaseNamedObjects\userenv: User Group Policy has been applied
> Event \BaseNamedObjects\userenv: User Group Policy ForcedRefresh Needs
> Foreground Processing
> Event \BaseNamedObjects\userenv: User Group Policy Processing is done
> Event \BaseNamedObjects\userenv: User Policy Foreground Done Event
> Event \BaseNamedObjects\WinlogonTSSynchronizeEvent
> Event \BaseNamedObjects\TS-WPAAE
> Event \BaseNamedObjects\ReconEvent
> Event \Security\NetworkProviderLoad
> Event \BaseNamedObjects\AtiExtEventGSNotificationEvent
> Event \BaseNamedObjects\jjCSCSharedFillEvent_UM_KM
> Event \BaseNamedObjects\hardwaremixercallback
> Event \BaseNamedObjects\WFP_IDLE_TRIGGER
> Event \BaseNamedObjects\Microsoft Smart Card Resource Manager Started
> Event \BaseNamedObjects\msgina: ReturnToWelcome
> Event \BaseNamedObjects\ThemesStartEvent
> Event \BaseNamedObjects\DINPUTWINMM
> Event \BaseNamedObjects\winlogon: machine GPO Event 70406
> Event \BaseNamedObjects\userenv: Machine Group Policy has been applied
> Event \BaseNamedObjects\userenv: machine policy refresh event
> Event \BaseNamedObjects\userenv: machine policy force refresh event
> Event \BaseNamedObjects\userenv: Machine Group Policy has been applied
> Event \BaseNamedObjects\userenv: Machine Group Policy ForcedRefresh Needs
> Foreground Processing
> Event \BaseNamedObjects\userenv: Machine Group Policy Processing is done
> Event \BaseNamedObjects\AgentExistsEvent
> Event \BaseNamedObjects\WkssvcToAgentStopEvent
> Event \BaseNamedObjects\WkssvcToAgentStartEvent
> Event \BaseNamedObjects\jjCSCSessEvent_UM_KM_0
> Event \BaseNamedObjects\AgentToWkssvcEvent
> Event \BaseNamedObjects\PCA_UnlockWksNotify
> Event \BaseNamedObjects\PCA_LockWksNotify
> Event \BaseNamedObjects\PCA_TAG_TEAM_0
> Event \BaseNamedObjects\SENS Started Event
> Event \BaseNamedObjects\userenv: user policy force refresh event
> Event \BaseNamedObjects\userenv: User Group Policy has been applied
> Event \BaseNamedObjects\userenv: User Group Policy has been applied
> Event \BaseNamedObjects\userenv: User Group Policy Processing is done
> Event \BaseNamedObjects\userenv: User Group Policy ForcedRefresh Needs
> Foreground Processing
> Event \BaseNamedObjects\userenv: user policy refresh event
> Event \BaseNamedObjects\winlogon: User GPO Event 483671
> Event \BaseNamedObjects\WlballoonLogoffNotificationEvent Name
> Event \BaseNamedObjects\AUTOENRL:TriggerUserEnrollment
> Event \BaseNamedObjects\CscCacheInitCompleteEvent
> Event \BaseNamedObjects\ShellReadyEvent
> Event \BaseNamedObjects\WlballoonLogoffNotificationEvent Name
> Event \BaseNamedObjects\mixercallback
> Event
> \BaseNamedObjects\00000000000a359c_WlballoonKerber osNotificationEventName
> File \Device\NamedPipe\TerminalServer\AutoReconnect
> File
> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
> File \Device\KsecDD
> File \Device\NamedPipe\InitShutdown
> File \Device\NamedPipe\InitShutdown
> File C:\WINDOWS\system32\dllcache
> File
> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
> File C:\WINDOWS\AppPatch
> File C:\Program Files\Common Files\Microsoft Shared\web server
> extensions\40\isapi\_vti_adm
> File C:\Program Files\Common Files\Microsoft Shared\web server
> extensions\40\_vti_bin\_vti_adm
> File C:\WINDOWS\system32
> File C:\WINDOWS\Help
> File C:\Program Files\Common Files\Microsoft Shared\web server
> extensions\40\isapi\_vti_aut
> File C:\Program Files\Common Files\Microsoft Shared\web server
> extensions\40\_vti_bin\_vti_aut
> File C:\WINDOWS\system32\inetsrv
> File C:\Program Files\Common Files\Microsoft Shared\web server
> extensions\40\bin
> File C:\WINDOWS\Fonts
> File C:\WINDOWS\system32\drivers
> File C:\Program Files\Common Files\Microsoft Shared\web server
> extensions\40\servsupp
> File C:\Program Files\Common Files\Microsoft Shared\web server
> extensions\40\bots\vinavbar
> File C:\Program Files\microsoft frontpage\version3.0\bin
> File C:\Program Files\Common Files\Microsoft Shared\web server
> extensions\40\_vti_bin
> File C:\Program Files\Common Files\Microsoft Shared\web server
> extensions\40\bin\1033
> File C:\Program Files\Common Files\Microsoft Shared\web server
> extensions\40\isapi
> File C:\WINDOWS
> File C:\Program Files\Common Files\Microsoft Shared\DAO
> File C:\Program Files\Windows Media Player
> File C:\Program Files\Common Files\System\msadc
> File C:\Program Files\Common Files\System\ado
> File C:\Program Files\Common Files\System\Ole DB
> File C:\WINDOWS\inf
> File C:\WINDOWS\system
> File C:\WINDOWS\msagent
> File C:\WINDOWS\msagent\intl
> File C:\Program Files\MSN Gaming Zone\Windows
> File C:\WINDOWS\PCHealth\HelpCtr\Binaries
> File C:\Program Files\NetMeeting
> File C:\WINDOWS\system32\drivers\disdn
> File C:\WINDOWS\ime\CHTIME\Applets
> File C:\WINDOWS\system32\wbem
> File C:\WINDOWS\system32\IME\CINTLGNT
> File C:\WINDOWS\system32\Com
> File C:\WINDOWS\system32\Setup
> File C:\WINDOWS\ime\IMJP8_1
> File C:\Program Files\Common Files\Microsoft Shared\Triedit
> File C:\Program Files\Windows NT
> File C:\Program Files\Common Files\System
> File C:\WINDOWS\system32\1033
> File C:\Program Files\Common Files\Microsoft Shared\web server
> extensions\40\admcgi\scripts
> File C:\Program Files\Common Files\Microsoft Shared\web server
> extensions\40\admisapi\scripts
> File C:\WINDOWS\system32\usmt
> File C:\WINDOWS\ime\IMKR6_1\Dicts
> File C:\WINDOWS\system32\mui\0009
> File C:\Program Files\Internet Explorer
> File C:\WINDOWS\ime\IMJP8_1\APPLETS
> File C:\WINDOWS\ime\IMKR6_1\Applets
> File C:\WINDOWS\system32\xircom
> File C:\Program Files\Internet Explorer\Connection Wizard
> File C:\Program Files\Common Files\Microsoft Shared\MSInfo
> File C:\WINDOWS\ime\IMKR6_1
> File C:\WINDOWS\ime\SHARED
> File C:\WINDOWS\system32\IME\PINTLGNT
> File C:\Program Files\Common Files\SpeechEngines\Microsoft\Lexicon\1033
> File C:\WINDOWS\Resources\Themes\Luna
> File C:\Program Files\Movie Maker
> File C:\WINDOWS\ime
> File C:\WINDOWS\srchasst
> File C:\Program Files\Outlook Express
> File C:\WINDOWS\system32\oobe
> File C:\Program Files\Common Files\MSSoap\Binaries
> File C:\Program Files\Common Files\MSSoap\Binaries\Resources\1033
> File C:\WINDOWS\mui
> File C:\WINDOWS\system32\npp
> File C:\WINDOWS\ime\SHARED\RES
> File C:\Program Files\Windows NT\Pinball
> File C:\WINDOWS\ime\CHSIME\APPLETS
> File C:\WINDOWS\system32\Restore
> File C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS\1033
> File C:\Program Files\Common Files\Microsoft Shared\Speech
> File C:\WINDOWS\Resources\Themes\Luna\Shell\NormalColor
> File C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead
> File C:\WINDOWS\Resources\Themes\Luna\Shell\Metallic
> File C:\WINDOWS\system32\wbem\snmp
> File C:\Program Files\Common Files\SpeechEngines\Microsoft
> File C:\Program Files\Common Files\Microsoft Shared\Speech\1033
> File C:\WINDOWS\PeerNet
> File C:\WINDOWS\system32\spool\drivers\color
> File C:\WINDOWS\system32\IME\TINTLGNT
> File C:\WINDOWS\Help\Tours\mmTour
> File C:\WINDOWS\PCHealth\UploadLB\Binaries
> File C:\Program Files\Common Files\Microsoft Shared\VGX
> File C:\WINDOWS\system32\wbem\xml
> File C:\Program Files\Windows NT\Accessories
> File C:\WINDOWS\system32\mui\0401
> File C:\WINDOWS\system32\mui\0404
> File C:\WINDOWS\system32\mui\0405
> File C:\WINDOWS\system32\mui\0406
> File C:\WINDOWS\system32\mui\0407
> File C:\WINDOWS\system32\mui\0408
> File C:\WINDOWS\system32\mui\040b
> File C:\WINDOWS\system32\mui\040C
> File C:\WINDOWS\system32\mui\040D
> File C:\WINDOWS\system32\mui\040e
> File C:\WINDOWS\system32\mui\0410
> File C:\WINDOWS\system32\mui\0411
> File C:\WINDOWS\system32\mui\0412
> File C:\WINDOWS\system32\mui\0413
> File C:\WINDOWS\system32\mui\0414
> File C:\WINDOWS\system32\mui\0415
> File C:\WINDOWS\system32\mui\0416
> File C:\WINDOWS\system32\mui\0419
> File C:\WINDOWS\system32\mui\041b
> File C:\WINDOWS\system32\mui\041D
> File C:\WINDOWS\system32\mui\041f
> File C:\WINDOWS\system32\mui\0424
> File C:\WINDOWS\system32\mui\0804
> File C:\WINDOWS\system32\mui\0816
> File C:\WINDOWS\system32\mui\0C0A
> File C:\WINDOWS\system32\mui\0402
> File C:\WINDOWS\system32\mui\0418
> File C:\WINDOWS\system32\mui\041a
> File C:\WINDOWS\system32\mui\041e
> File C:\WINDOWS\system32\mui\0425
> File C:\WINDOWS\system32\mui\0426
> File C:\WINDOWS\system32\mui\0427
> File C:\Program Files\xerox\nwwia
> File C:\WINDOWS\WinSxS
> File \Device\NamedPipe\SfcApi
> File \Device\NamedPipe\SfcApi
> File \Device\Tcp
> File \Device\Tcp
> File \Device\Ip
> File \Device\Ip
> File \Device\Ip
> File \Device\Afd\Endpoint
> File \Device\Udp
> File \Device\Afd\AsyncConnectHlp
> File
> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
> File \Device\LanmanRedirector
> File \Device\NamedPipe\winlogonrpc
> File
> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
> File \Device\NamedPipe\winlogonrpc
> File \Device\NamedPipe\winlogonrpc
> File \Device\KSENUM#00000001\{9B365890-165F-11D0-A195-0020AFD156E4}
> File C:\WINDOWS\system32
> Key HKCR
> Key HKLM\SYSTEM\ControlSet001\Control\Nls\Locale
> Key HKLM\SYSTEM\ControlSet001\Control\Nls\Locale\Alter nate Sorts
> Key HKLM\SYSTEM\ControlSet001\Control\Nls\Language Groups
> Key HKCR
> Key
> HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parame ters\Protocol_Catalog9
> Key
> HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parame ters\NameSpace_Catalog5
> Key HKLM\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\Winlogon\Notify\crypt32chain
> Key HKLM\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\Winlogon\Notify\cryptnet
> Key HKCR\CLSID
> Key HKLM\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\Winlogon\Notify\sclgntfy
> Key HKLM\SYSTEM\ControlSet001\Control\Lsa
> Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
> Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
> Key HKLM\SYSTEM\Setup
> Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Credentials
> Key HKU
> Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
> Key HKU
> Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Linkage
> Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameter s
> Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameter s\Interfaces
> Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameter s
> Key HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet
> Settings
> Key HKLM
> Key HKLM\SYSTEM\ControlSet001\Control\NetworkProvider\ HwOrder
> Key HKLM\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\Winlogon\Notify\WgaLogon
> Key HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoa m\MUICache
> Key HKCU
> Key HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoa m
> Key HKU\.DEFAULT
> Key HKCR
> Key HKCR
> Key HKCR
> Key HKLM\SOFTWARE\Microsoft\COM3
> Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
> Key HKLM\SOFTWARE\Microsoft\COM3
> Key HKLM\SOFTWARE\Microsoft\COM3
> Key HKU
> Key HKU
> Key HKLM\SOFTWARE\Microsoft\COM3
> Key HKCR
> Key HKLM\SOFTWARE\Microsoft\COM3
> Key HKLM\SOFTWARE\Microsoft\COM3
> Key HKCR
> Key HKCR
> Key HKCR\CLSID
> Key HKCR
> Key HKCR
> Key HKCR
> Key HKCR
> Key HKCR
> Key HKCR
> Key HKCR
> KeyedEvent \KernelObjects\CritSecOutOfMemoryEvent
> Mutant \BaseNamedObjects\userenv: machine policy mutex
> Mutant \BaseNamedObjects\userenv: Machine Registry policy mutex
> Mutant \BaseNamedObjects\userenv: user policy mutex
> Mutant \BaseNamedObjects\userenv: User Registry policy mutex
> Mutant \BaseNamedObjects\SingleSesMutex
> Mutant \BaseNamedObjects\winlogon: Logon UserProfileMapping Mutex
> Mutant \BaseNamedObjects\ShimCacheMutex
> Mutant \BaseNamedObjects\WPA_PR_MUTEX
> Mutant \BaseNamedObjects\WPA_RT_MUTEX
> Mutant \BaseNamedObjects\WPA_LT_MUTEX
> Mutant \BaseNamedObjects\WPA_HWID_MUTEX
> Mutant \BaseNamedObjects\WPA_LICSTORE_MUTEX
> Port \RPC Control\sclogonrpc
> Port \RPC Control\IUserProfile
> Port \RPC Control\OLE273DB90569D049E7BB5A549E0AAA
> Process services.exe(1280)
> Process lsass.exe(1292)
> Section \BaseNamedObjects\ShimSharedMemory
> Section \BaseNamedObjects\Debug.Memory.4d4
> Section \BaseNamedObjects\WDMAUD_Callbacks
> Section \BaseNamedObjects\mmGlobalPnpInfo
> Semaphore \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
> Semaphore \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
> Semaphore \BaseNamedObjects\shell.{7CB834F0-527B-11D2-9D1F-0000F805CA57}
> Thread winlogon.exe(1236): 1240
> Thread winlogon.exe(1236): 1644
> Thread winlogon.exe(1236): 3668
> Thread winlogon.exe(1236): 1240
> Thread winlogon.exe(1236): 1260
> Thread winlogon.exe(1236): 2404
> Thread winlogon.exe(1236): 1268
> Thread winlogon.exe(1236): 1276
> Thread winlogon.exe(1236): 1288
> Thread winlogon.exe(1236): 1380
> Thread winlogon.exe(1236): 1380
> Thread winlogon.exe(1236): 1384
> Thread winlogon.exe(1236): 1388
> Thread winlogon.exe(1236): 1420
> Thread winlogon.exe(1236): 1524
> Thread winlogon.exe(1236): 2448
> Thread winlogon.exe(1236): 2212
> Thread winlogon.exe(1236): 1272
> Thread winlogon.exe(1236): 2208
> Thread winlogon.exe(1236): 2004
> Thread winlogon.exe(1236): 1644
> Thread winlogon.exe(1236): 2212
> Thread winlogon.exe(1236): 3516
> Thread winlogon.exe(1236): 2220
> Thread winlogon.exe(1236): 1644
> Thread winlogon.exe(1236): 2220
> Thread winlogon.exe(1236): 2140
> Thread winlogon.exe(1236): 2676
> Thread winlogon.exe(1236): 1644
> Thread winlogon.exe(1236): 2404
> Thread winlogon.exe(1236): 2216
> Thread winlogon.exe(1236): 2404
> Thread winlogon.exe(1236): 3216
> Thread winlogon.exe(1236): 328
> Thread winlogon.exe(1236): 2404
> Thread winlogon.exe(1236): 3492
> Timer \BaseNamedObjects\userenv: refresh timer for 1236:1644
> Timer \BaseNamedObjects\AUTOENRL:MachineEnrollmentTimer
> Timer \BaseNamedObjects\userenv: refresh timer for 1236:2404
> Timer \BaseNamedObjects\AUTOENRL:UserEnrollmentShellTime r
> Timer \BaseNamedObjects\AUTOENRL:UserEnrollmentTimer
> Token domain\phil:a359c
> Token NT AUTHORITY\NETWORK SERVICE:3e4
> Token NT AUTHORITY\SYSTEM:3e7
> Token NT AUTHORITY\SYSTEM:3e7
> Token NT AUTHORITY\SYSTEM:3e7
> Token domain\phil:a359c
> Token domain\phil:a359c
> Token domain\phil:a359c
> Token domain\phil:a359c
> Token domain\phil:a359c
> Token NT AUTHORITY\SYSTEM:3e7
> WindowStation \Windows\WindowStations\WinSta0
> WindowStation \Windows\WindowStations\WinSta0n
>
> Is there a fix for this or a way to calm winlogon.exe down? It doesn't
> seem to matter how long my session uptime is either since this was only
> three days old.
>
> Thank you in advance. :)
> --
> Phillip Pi
> Senior Software Quality Assurance Analyst
> ISP/Symantec Online Services, Consumer Business Unit
> Symantec Corporation
> www.symantec.com
> -----------------------------------------------------
> Email: phillip_pi@symantec.comSYMC (remove SYMC to reply by e-mail)
> -----------------------------------------------------
> Please do NOT e-mail me for technical support. DISCLAIMER: The views
> expressed in this posting are mine, and do not necessarily reflect the
> views of my employer. Thank you.  |