Thread: Once in a while, winlogon.exe will hog CPU and makes my Windows unresponsive.
View Single Post
  #3 (permalink)  
Old 07-11-2008, 08:30 PM
Phillip Pi
Newsgroup Contributor
  
Posts: n/a
Re: Once in a while, winlogon.exe will hog CPU and makes my Windowsunresponsive.
IT requires everyone to use it. I had Symantec Client Security (SCS) in
the past before SEP, and still had those rare winlogon.exe going nuts so
it is not by SEP.


On 7/11/2008 2:04 PM PT, JS wrote:

> "Endpoint Protection" Symantec CMC - Why are you using this?
> If not necessary for daily use try disabling it.
>
> JS
>
> "Phillip Pi" <phillip_pi@symantec.comSYMC> wrote in message
> news:%23V$CLQ54IHA.1428@TK2MSFTNGP06.phx.gbl...
>> Hello.
>>
>> I have a strange rare and annoying Windows XP Pro. SP2 (IE6.0 SP2; all
>> critical updates and optional softwares for SP2) issue that had been
>> around for three years or so, and I can't figure out what's going on.
>>
>> Once in a while (very rare -- maybe once every one/two months?), I
>> winlogon.exe decides to go nuts and take one of my CPU (have a dual core
>> Intel P4 Prescott machine). From there, softwares don't respond and some
>> can't be shut down (e.g., SeaMonkey.exe, Trillian.exe, Outlook.exe) even
>> if I force end task. When I try to shut down Windows to reboot, it gets
>> stuck forever and I need to do a force shut down on the power switch on
>> the Dell Optiplex GX280 case.
>>
>> I tried viewing Process Explorer, Process Monitor, event logs, services
>> via cmd.exe (administrative method freezes/doesn't respond), etc. and
>> found nothing interesting. Here are the Process Explorer exports:
>>
>> From Process Explorer v11.20:
>>
>>
>> Process PID Description CPU Company Name
>> System Idle Process 0 39.13 Interrupts n/a Hardware Interrupts DPCs n/a
>> Deferred Procedure Calls System 4 smss.exe 1160 Windows NT Session Manager
>> Microsoft Corporation
>> csrss.exe 1208 Client Server Runtime Process Microsoft Corporation
>> winlogon.exe 1236 Windows NT Logon Application 50.00 Microsoft
>> Corporation
>> services.exe 1280 Services and Controller app 0.72 Microsoft
>> Corporation
>> svchost.exe 1480 Generic Host Process for Win32 Services Microsoft
>> Corporation
>> svchost.exe 1536 Generic Host Process for Win32 Services Microsoft
>> Corporation
>> svchost.exe 456 Generic Host Process for Win32 Services Microsoft
>> Corporation
>> Smc.exe 724 Symantec CMC Smc 0.72 Symantec Corporation
>> SmcGui.exe 2168 Symantec CMC SmcGui 4.35 Symantec Corporation
>> svchost.exe 780 Generic Host Process for Win32 Services Microsoft
>> Corporation
>> svchost.exe 892 Generic Host Process for Win32 Services Microsoft
>> Corporation
>> SNAC.EXE 904 Symantec Network Access Control 0.72 Symantec
>> Corporation
>> ccSvcHst.exe 1968 Symantec Service Framework Symantec Corporation
>> spoolsv.exe 1916 Spooler SubSystem App Microsoft Corporation
>> AeXNSAgent.exe 1924 Altiris Agent Altiris, Inc.
>> AluSchedulerSvc.exe 524 Automatic LiveUpdate Scheduler Service
>> Symantec Corporation
>> ntmulti.exe 944 IBM Lotus Notes/Domino IBM Corp
>> NMSAccess.exe 968 p4ps.exe 1084 P4Webs.exe 1648 spkrmon.exe 1676
>> SoundMAX SpeakerMonitor service Rtvscan.exe 1664 Symantec AntiVirus
>> Symantec Corporation
>> vmware-authd.exe 2192 VMware Authorization Service VMware, Inc.
>> vmount2.exe 2704 virtual disk mount service VMware, Inc.
>> vmnat.exe 2904 VMware NAT Service VMware, Inc.
>> vmnetdhcp.exe 3180 VMware VMnet DHCP service VMware, Inc.
>> alg.exe 2996 Application Layer Gateway Service Microsoft Corporation
>> lsass.exe 1292 LSA Shell (Export Version) Microsoft Corporation
>> explorer.exe 3228 Windows Explorer Microsoft Corporation
>> TaskSwitch.exe 3660 ccApp.exe 3100 Symantec User Session Symantec
>> Corporation
>> trillian.exe 1700 Trillian Cerulean Studios
>> OUTLOOK.EXE 2952 Microsoft Office Outlook Microsoft Corporation
>> seamonkey.exe 1012 SeaMonkey mozilla.org
>> taskmgr.exe 1616 Windows TaskManager Microsoft Corporation
>> procexp.exe 3392 Sysinternals Process Explorer 4.35 Sysinternals -
>> www.sysinternals.com
>>
>> Process: winlogon.exe Pid: 1236
>>
>> Name Description Company Name Version
>> ACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.01.2600.2180
>> adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.01.2600.2180
>> ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation
>> 5.01.2600.2180
>> Apphelp.dll Application Compatibility Client Library Microsoft Corporation
>> 5.01.2600.2180
>> Ati2evxx.dll ATI External Event Utility DLL Module ATI Technologies Inc.
>> 6.14.0010.4123
>> ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation
>> 3.05.2284.0000
>> AUTHZ.dll Authorization Framework Microsoft Corporation 5.01.2600.2622
>> Cabinet.dll Microsoft® Cabinet File API Microsoft Corporation
>> 5.01.2600.2180
>> CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0308
>> COMCTL32.dll Common Controls Library Microsoft Corporation 5.82.2900.2982
>> comctl32.dll User Experience Controls Library Microsoft Corporation
>> 6.00.2900.2982
>> comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.2180
>> COMRes.dll Microsoft Corporation 2001.12.4414.0258
>> CRYPT32.dll Crypto API32 Microsoft Corporation 5.131.2600.2180
>> cryptdll.dll Cryptography Manager Microsoft Corporation 5.01.2600.2180
>> cscdll.dll Offline Network Agent Microsoft Corporation 5.01.2600.2180
>> cscui.dll Client Side Caching UI Microsoft Corporation 5.01.2600.2180
>> ctype.nls DNSAPI.dll DNS Client API DLL Microsoft Corporation
>> 5.01.2600.3394
>> fastprox.dll WMI Microsoft Corporation 5.01.2600.2180
>> GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.3316
>> hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation
>> 5.01.2600.2180
>> icmp.dll ICMP DLL Microsoft Corporation 5.01.2600.2180
>> IMAGEHLP.dll Windows NT Image Helper Microsoft Corporation 5.01.2600.2180
>> IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation
>> 5.01.2600.2180
>> iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.2912
>> kerberos.dll Kerberos Security Package Microsoft Corporation
>> 5.01.2600.2698
>> kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation
>> 5.01.2600.3119
>> locale.nls LPK.DLL Language Pack Microsoft Corporation 5.01.2600.2180
>> midimap.dll Microsoft MIDI Mapper Microsoft Corporation 5.01.2600.2180
>> MPR.dll Multiple Provider Router DLL Microsoft Corporation 5.01.2600.2180
>> MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation
>> 5.01.2600.2180
>> MSACM32.dll Microsoft ACM Audio Filter Microsoft Corporation
>> 5.01.2600.2180
>> msacm32.drv Microsoft Sound Mapper Microsoft Corporation 5.01.2600.0000
>> MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.2180
>> msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation
>> 5.01.2600.2180
>> MSGINA.dll Windows NT Logon GINA DLL Microsoft Corporation 5.01.2600.2180
>> msv1_0.dll Microsoft Authentication Package v1.0 Microsoft Corporation
>> 5.01.2600.2180
>> MSVCP60.dll Microsoft (R) C++ Runtime Library Microsoft Corporation
>> 6.02.3104.0000
>> MSVCR70.dll Microsoft® C Runtime Library Microsoft Corporation
>> 7.00.9466.0000
>> msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.3085
>> mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft
>> Corporation 5.01.2600.3394
>> msxml3.dll MSXML 3.0 SP9 Microsoft Corporation 8.90.1101.0000
>> msxml3r.dll XML Resources Microsoft Corporation 8.20.8730.0001
>> NavLogon.dll Symantec AntiVirus Logon Notification Symantec Corporation
>> 10.01.0000.0401
>> NDdeApi.dll Network DDE Share Management APIs Microsoft Corporation
>> 5.01.2600.2180
>> NETAPI32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.2976
>> ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.2180
>> NTDSAPI.DLL NT5DS Microsoft Corporation 5.01.2600.2180
>> NTMARTA.DLL Windows NT MARTA provider Microsoft Corporation 5.01.2600.2180
>> ODBC32.dll Microsoft Data Access - ODBC Driver Manager Microsoft
>> Corporation 3.525.1117.0000
>> odbcint.dll Microsoft Data Access - ODBC Resources Microsoft Corporation
>> 3.525.1117.0000
>> ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.2726
>> OLEAUT32.dll Microsoft Corporation 5.01.2600.3266
>> PCANotify.dll Winlogon Notification package Symantec Corporation
>> 11.00.0001.0764
>> PROFMAP.dll Userenv Microsoft Corporation 5.01.2600.2180
>> PSAPI.DLL Process Status Helper Microsoft Corporation 5.01.2600.2180
>> REGAPI.dll Registry Configuration APIs Microsoft Corporation
>> 5.01.2600.2180
>> RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation
>> 5.01.2600.3173
>> rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation
>> 5.01.2600.2161
>> rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180
>> SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180
>> SASWINLO.dll SUPERAntiSpyware WinLogon Processor SUPERAntiSpyware.com
>> 1.00.0000.1046
>> Secur32.dll Security Support Provider Interface Microsoft Corporation
>> 5.01.2600.2180
>> SETUPAPI.dll Windows Setup API Microsoft Corporation 5.01.2600.2180
>> sfc.dll Windows File Protection Microsoft Corporation 5.01.2600.2180
>> sfc_os.dll Windows File Protection Microsoft Corporation 5.01.2600.2180
>> SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.3241
>> SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation
>> 6.00.2900.3354
>> SHSVCS.dll Windows Shell Services Dll Microsoft Corporation 6.00.2900.3051
>> sortkey.nls sorttbls.nls sxs.dll Fusion 2.5 Microsoft Corporation
>> 5.01.2600.3019
>> unicode.nls USER32.dll Windows XP USER API Client DLL Microsoft
>> Corporation 5.01.2600.3099
>> USERENV.dll Userenv Microsoft Corporation 5.01.2600.2180
>> USP10.dll Uniscribe Unicode script processor Microsoft Corporation
>> 1.420.2600.2180
>> uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.2180
>> VERSION.dll Version Checking and File Installation Libraries Microsoft
>> Corporation 5.01.2600.2180
>> wbemcomn.dll WMI Microsoft Corporation 5.01.2600.2180
>> wbemprox.dll WMI Microsoft Corporation 5.01.2600.2180
>> wbemsvc.dll WMI Microsoft Corporation 5.01.2600.2180
>> wdmaud.drv WDM Audio driver mapper Microsoft Corporation 5.01.2600.2180
>> WgaLogon.dll Windows Genuine Advantage Notification Microsoft Corporation
>> 1.07.0018.0007
>> WININET.dll Internet Extensions for Win32 Microsoft Corporation
>> 6.00.2900.3354
>> winlogon.exe Windows NT Logon Application Microsoft Corporation
>> 5.01.2600.2180
>> WINMM.dll MCI API DLL Microsoft Corporation 5.01.2600.2180
>> WINSCARD.DLL Microsoft Smart Card API Microsoft Corporation 5.01.2600.2180
>> WINSPOOL.DRV Windows Spooler Driver Microsoft Corporation 5.01.2600.2180
>> WINSTA.dll Winstation Library Microsoft Corporation 5.01.2600.2180
>> WINTRUST.dll Microsoft Trust Verification APIs Microsoft Corporation
>> 5.131.2600.2180
>> WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.2180
>> WlNotify.dll Common DLL to receive Winlogon notifications Microsoft
>> Corporation 5.01.2600.2180
>> WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation
>> 5.01.2600.2180
>> WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation
>> 5.01.2600.2180
>> wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation
>> 5.01.2600.2180
>> wsock32.dll Windows Socket 32-Bit DLL Microsoft Corporation 5.01.2600.2180
>> WTSAPI32.dll Windows Terminal Server SDK APIs Microsoft Corporation
>> 5.01.2600.2180
>> xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.01.2600.2180
>>
>> --
>>
>> Process PID Description CPU Company Name
>> System Idle Process 0 41.18 Interrupts n/a Hardware Interrupts DPCs n/a
>> Deferred Procedure Calls System 4 smss.exe 1160 Windows NT Session Manager
>> Microsoft Corporation
>> csrss.exe 1208 Client Server Runtime Process Microsoft Corporation
>> winlogon.exe 1236 Windows NT Logon Application 50.00 Microsoft
>> Corporation
>> services.exe 1280 Services and Controller app 0.74 Microsoft
>> Corporation
>> svchost.exe 1480 Generic Host Process for Win32 Services 0.74
>> Microsoft Corporation
>> svchost.exe 1536 Generic Host Process for Win32 Services Microsoft
>> Corporation
>> svchost.exe 456 Generic Host Process for Win32 Services Microsoft
>> Corporation
>> Smc.exe 724 Symantec CMC Smc 0.74 Symantec Corporation
>> SmcGui.exe 2168 Symantec CMC SmcGui 2.94 Symantec Corporation
>> svchost.exe 780 Generic Host Process for Win32 Services Microsoft
>> Corporation
>> svchost.exe 892 Generic Host Process for Win32 Services Microsoft
>> Corporation
>> SNAC.EXE 904 Symantec Network Access Control Symantec Corporation
>> ccSvcHst.exe 1968 Symantec Service Framework 0.74 Symantec
>> Corporation
>> spoolsv.exe 1916 Spooler SubSystem App Microsoft Corporation
>> AeXNSAgent.exe 1924 Altiris Agent Altiris, Inc.
>> AluSchedulerSvc.exe 524 Automatic LiveUpdate Scheduler Service
>> Symantec Corporation
>> ntmulti.exe 944 IBM Lotus Notes/Domino IBM Corp
>> NMSAccess.exe 968 p4ps.exe 1084 P4Webs.exe 1648 spkrmon.exe 1676
>> SoundMAX SpeakerMonitor service Rtvscan.exe 1664 Symantec AntiVirus
>> Symantec Corporation
>> vmware-authd.exe 2192 VMware Authorization Service VMware, Inc.
>> vmount2.exe 2704 virtual disk mount service VMware, Inc.
>> vmnat.exe 2904 VMware NAT Service VMware, Inc.
>> vmnetdhcp.exe 3180 VMware VMnet DHCP service VMware, Inc.
>> alg.exe 2996 Application Layer Gateway Service Microsoft Corporation
>> lsass.exe 1292 LSA Shell (Export Version) Microsoft Corporation
>> explorer.exe 3228 Windows Explorer Microsoft Corporation
>> TaskSwitch.exe 3660 ccApp.exe 3100 Symantec User Session Symantec
>> Corporation
>> trillian.exe 1700 Trillian Cerulean Studios
>> OUTLOOK.EXE 2952 Microsoft Office Outlook Microsoft Corporation
>> seamonkey.exe 1012 SeaMonkey mozilla.org
>> taskmgr.exe 1616 Windows TaskManager Microsoft Corporation
>> procexp.exe 3392 Sysinternals Process Explorer 2.94 Sysinternals -
>> www.sysinternals.com
>>
>> Process: winlogon.exe Pid: 1236
>>
>> Type Name
>> Desktop \Winlogon
>> Desktop \Disconnect
>> Desktop \Default
>> Desktop \Default
>> Directory \KnownDlls
>> Directory \Windows
>> Directory \BaseNamedObjects
>> Event \BaseNamedObjects\AUTOENRL:TriggerMachineEnrollmen t
>> Event \BaseNamedObjects\crypt32LogoffEvent
>> Event \BaseNamedObjects\userenv: User Profile setup event
>> Event \BaseNamedObjects\userenv: Machine Group Policy has been applied
>> Event \BaseNamedObjects\userenv: Machine Group Policy ForcedRefresh Needs
>> Foreground Processing
>> Event \BaseNamedObjects\userenv: Machine Group Policy Processing is done
>> Event \BaseNamedObjects\userenv: Machine Policy Foreground Done Event
>> Event \BaseNamedObjects\userenv: User Group Policy has been applied
>> Event \BaseNamedObjects\userenv: User Group Policy ForcedRefresh Needs
>> Foreground Processing
>> Event \BaseNamedObjects\userenv: User Group Policy Processing is done
>> Event \BaseNamedObjects\userenv: User Policy Foreground Done Event
>> Event \BaseNamedObjects\WinlogonTSSynchronizeEvent
>> Event \BaseNamedObjects\TS-WPAAE
>> Event \BaseNamedObjects\ReconEvent
>> Event \Security\NetworkProviderLoad
>> Event \BaseNamedObjects\AtiExtEventGSNotificationEvent
>> Event \BaseNamedObjects\jjCSCSharedFillEvent_UM_KM
>> Event \BaseNamedObjects\hardwaremixercallback
>> Event \BaseNamedObjects\WFP_IDLE_TRIGGER
>> Event \BaseNamedObjects\Microsoft Smart Card Resource Manager Started
>> Event \BaseNamedObjects\msgina: ReturnToWelcome
>> Event \BaseNamedObjects\ThemesStartEvent
>> Event \BaseNamedObjects\DINPUTWINMM
>> Event \BaseNamedObjects\winlogon: machine GPO Event 70406
>> Event \BaseNamedObjects\userenv: Machine Group Policy has been applied
>> Event \BaseNamedObjects\userenv: machine policy refresh event
>> Event \BaseNamedObjects\userenv: machine policy force refresh event
>> Event \BaseNamedObjects\userenv: Machine Group Policy has been applied
>> Event \BaseNamedObjects\userenv: Machine Group Policy ForcedRefresh Needs
>> Foreground Processing
>> Event \BaseNamedObjects\userenv: Machine Group Policy Processing is done
>> Event \BaseNamedObjects\AgentExistsEvent
>> Event \BaseNamedObjects\WkssvcToAgentStopEvent
>> Event \BaseNamedObjects\WkssvcToAgentStartEvent
>> Event \BaseNamedObjects\jjCSCSessEvent_UM_KM_0
>> Event \BaseNamedObjects\AgentToWkssvcEvent
>> Event \BaseNamedObjects\PCA_UnlockWksNotify
>> Event \BaseNamedObjects\PCA_LockWksNotify
>> Event \BaseNamedObjects\PCA_TAG_TEAM_0
>> Event \BaseNamedObjects\SENS Started Event
>> Event \BaseNamedObjects\userenv: user policy force refresh event
>> Event \BaseNamedObjects\userenv: User Group Policy has been applied
>> Event \BaseNamedObjects\userenv: User Group Policy has been applied
>> Event \BaseNamedObjects\userenv: User Group Policy Processing is done
>> Event \BaseNamedObjects\userenv: User Group Policy ForcedRefresh Needs
>> Foreground Processing
>> Event \BaseNamedObjects\userenv: user policy refresh event
>> Event \BaseNamedObjects\winlogon: User GPO Event 483671
>> Event \BaseNamedObjects\WlballoonLogoffNotificationEvent Name
>> Event \BaseNamedObjects\AUTOENRL:TriggerUserEnrollment
>> Event \BaseNamedObjects\CscCacheInitCompleteEvent
>> Event \BaseNamedObjects\ShellReadyEvent
>> Event \BaseNamedObjects\WlballoonLogoffNotificationEvent Name
>> Event \BaseNamedObjects\mixercallback
>> Event
>> \BaseNamedObjects\00000000000a359c_WlballoonKerber osNotificationEventName
>> File \Device\NamedPipe\TerminalServer\AutoReconnect
>> File
>> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
>> File \Device\KsecDD
>> File \Device\NamedPipe\InitShutdown
>> File \Device\NamedPipe\InitShutdown
>> File C:\WINDOWS\system32\dllcache
>> File
>> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
>> File C:\WINDOWS\AppPatch
>> File C:\Program Files\Common Files\Microsoft Shared\web server
>> extensions\40\isapi\_vti_adm
>> File C:\Program Files\Common Files\Microsoft Shared\web server
>> extensions\40\_vti_bin\_vti_adm
>> File C:\WINDOWS\system32
>> File C:\WINDOWS\Help
>> File C:\Program Files\Common Files\Microsoft Shared\web server
>> extensions\40\isapi\_vti_aut
>> File C:\Program Files\Common Files\Microsoft Shared\web server
>> extensions\40\_vti_bin\_vti_aut
>> File C:\WINDOWS\system32\inetsrv
>> File C:\Program Files\Common Files\Microsoft Shared\web server
>> extensions\40\bin
>> File C:\WINDOWS\Fonts
>> File C:\WINDOWS\system32\drivers
>> File C:\Program Files\Common Files\Microsoft Shared\web server
>> extensions\40\servsupp
>> File C:\Program Files\Common Files\Microsoft Shared\web server
>> extensions\40\bots\vinavbar
>> File C:\Program Files\microsoft frontpage\version3.0\bin
>> File C:\Program Files\Common Files\Microsoft Shared\web server
>> extensions\40\_vti_bin
>> File C:\Program Files\Common Files\Microsoft Shared\web server
>> extensions\40\bin\1033
>> File C:\Program Files\Common Files\Microsoft Shared\web server
>> extensions\40\isapi
>> File C:\WINDOWS
>> File C:\Program Files\Common Files\Microsoft Shared\DAO
>> File C:\Program Files\Windows Media Player
>> File C:\Program Files\Common Files\System\msadc
>> File C:\Program Files\Common Files\System\ado
>> File C:\Program Files\Common Files\System\Ole DB
>> File C:\WINDOWS\inf
>> File C:\WINDOWS\system
>> File C:\WINDOWS\msagent
>> File C:\WINDOWS\msagent\intl
>> File C:\Program Files\MSN Gaming Zone\Windows
>> File C:\WINDOWS\PCHealth\HelpCtr\Binaries
>> File C:\Program Files\NetMeeting
>> File C:\WINDOWS\system32\drivers\disdn
>> File C:\WINDOWS\ime\CHTIME\Applets
>> File C:\WINDOWS\system32\wbem
>> File C:\WINDOWS\system32\IME\CINTLGNT
>> File C:\WINDOWS\system32\Com
>> File C:\WINDOWS\system32\Setup
>> File C:\WINDOWS\ime\IMJP8_1
>> File C:\Program Files\Common Files\Microsoft Shared\Triedit
>> File C:\Program Files\Windows NT
>> File C:\Program Files\Common Files\System
>> File C:\WINDOWS\system32\1033
>> File C:\Program Files\Common Files\Microsoft Shared\web server
>> extensions\40\admcgi\scripts
>> File C:\Program Files\Common Files\Microsoft Shared\web server
>> extensions\40\admisapi\scripts
>> File C:\WINDOWS\system32\usmt
>> File C:\WINDOWS\ime\IMKR6_1\Dicts
>> File C:\WINDOWS\system32\mui\0009
>> File C:\Program Files\Internet Explorer
>> File C:\WINDOWS\ime\IMJP8_1\APPLETS
>> File C:\WINDOWS\ime\IMKR6_1\Applets
>> File C:\WINDOWS\system32\xircom
>> File C:\Program Files\Internet Explorer\Connection Wizard
>> File C:\Program Files\Common Files\Microsoft Shared\MSInfo
>> File C:\WINDOWS\ime\IMKR6_1
>> File C:\WINDOWS\ime\SHARED
>> File C:\WINDOWS\system32\IME\PINTLGNT
>> File C:\Program Files\Common Files\SpeechEngines\Microsoft\Lexicon\1033
>> File C:\WINDOWS\Resources\Themes\Luna
>> File C:\Program Files\Movie Maker
>> File C:\WINDOWS\ime
>> File C:\WINDOWS\srchasst
>> File C:\Program Files\Outlook Express
>> File C:\WINDOWS\system32\oobe
>> File C:\Program Files\Common Files\MSSoap\Binaries
>> File C:\Program Files\Common Files\MSSoap\Binaries\Resources\1033
>> File C:\WINDOWS\mui
>> File C:\WINDOWS\system32\npp
>> File C:\WINDOWS\ime\SHARED\RES
>> File C:\Program Files\Windows NT\Pinball
>> File C:\WINDOWS\ime\CHSIME\APPLETS
>> File C:\WINDOWS\system32\Restore
>> File C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS\1033
>> File C:\Program Files\Common Files\Microsoft Shared\Speech
>> File C:\WINDOWS\Resources\Themes\Luna\Shell\NormalColor
>> File C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead
>> File C:\WINDOWS\Resources\Themes\Luna\Shell\Metallic
>> File C:\WINDOWS\system32\wbem\snmp
>> File C:\Program Files\Common Files\SpeechEngines\Microsoft
>> File C:\Program Files\Common Files\Microsoft Shared\Speech\1033
>> File C:\WINDOWS\PeerNet
>> File C:\WINDOWS\system32\spool\drivers\color
>> File C:\WINDOWS\system32\IME\TINTLGNT
>> File C:\WINDOWS\Help\Tours\mmTour
>> File C:\WINDOWS\PCHealth\UploadLB\Binaries
>> File C:\Program Files\Common Files\Microsoft Shared\VGX
>> File C:\WINDOWS\system32\wbem\xml
>> File C:\Program Files\Windows NT\Accessories
>> File C:\WINDOWS\system32\mui\0401
>> File C:\WINDOWS\system32\mui\0404
>> File C:\WINDOWS\system32\mui\0405
>> File C:\WINDOWS\system32\mui\0406
>> File C:\WINDOWS\system32\mui\0407
>> File C:\WINDOWS\system32\mui\0408
>> File C:\WINDOWS\system32\mui\040b
>> File C:\WINDOWS\system32\mui\040C
>> File C:\WINDOWS\system32\mui\040D
>> File C:\WINDOWS\system32\mui\040e
>> File C:\WINDOWS\system32\mui\0410
>> File C:\WINDOWS\system32\mui\0411
>> File C:\WINDOWS\system32\mui\0412
>> File C:\WINDOWS\system32\mui\0413
>> File C:\WINDOWS\system32\mui\0414
>> File C:\WINDOWS\system32\mui\0415
>> File C:\WINDOWS\system32\mui\0416
>> File C:\WINDOWS\system32\mui\0419
>> File C:\WINDOWS\system32\mui\041b
>> File C:\WINDOWS\system32\mui\041D
>> File C:\WINDOWS\system32\mui\041f
>> File C:\WINDOWS\system32\mui\0424
>> File C:\WINDOWS\system32\mui\0804
>> File C:\WINDOWS\system32\mui\0816
>> File C:\WINDOWS\system32\mui\0C0A
>> File C:\WINDOWS\system32\mui\0402
>> File C:\WINDOWS\system32\mui\0418
>> File C:\WINDOWS\system32\mui\041a
>> File C:\WINDOWS\system32\mui\041e
>> File C:\WINDOWS\system32\mui\0425
>> File C:\WINDOWS\system32\mui\0426
>> File C:\WINDOWS\system32\mui\0427
>> File C:\Program Files\xerox\nwwia
>> File C:\WINDOWS\WinSxS
>> File \Device\NamedPipe\SfcApi
>> File \Device\NamedPipe\SfcApi
>> File \Device\Tcp
>> File \Device\Tcp
>> File \Device\Ip
>> File \Device\Ip
>> File \Device\Ip
>> File \Device\Afd\Endpoint
>> File \Device\Udp
>> File \Device\Afd\AsyncConnectHlp
>> File
>> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
>> File \Device\LanmanRedirector
>> File \Device\NamedPipe\winlogonrpc
>> File
>> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
>> File \Device\NamedPipe\winlogonrpc
>> File \Device\NamedPipe\winlogonrpc
>> File \Device\KSENUM#00000001\{9B365890-165F-11D0-A195-0020AFD156E4}
>> File C:\WINDOWS\system32
>> Key HKCR
>> Key HKLM\SYSTEM\ControlSet001\Control\Nls\Locale
>> Key HKLM\SYSTEM\ControlSet001\Control\Nls\Locale\Alter nate Sorts
>> Key HKLM\SYSTEM\ControlSet001\Control\Nls\Language Groups
>> Key HKCR
>> Key
>> HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parame ters\Protocol_Catalog9
>> Key
>> HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parame ters\NameSpace_Catalog5
>> Key HKLM\SOFTWARE\Microsoft\Windows
>> NT\CurrentVersion\Winlogon\Notify\crypt32chain
>> Key HKLM\SOFTWARE\Microsoft\Windows
>> NT\CurrentVersion\Winlogon\Notify\cryptnet
>> Key HKCR\CLSID
>> Key HKLM\SOFTWARE\Microsoft\Windows
>> NT\CurrentVersion\Winlogon\Notify\sclgntfy
>> Key HKLM\SYSTEM\ControlSet001\Control\Lsa
>> Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
>> Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
>> Key HKLM\SYSTEM\Setup
>> Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Credentials
>> Key HKU
>> Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
>> Key HKU
>> Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Linkage
>> Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameter s
>> Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameter s\Interfaces
>> Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameter s
>> Key HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet
>> Settings
>> Key HKLM
>> Key HKLM\SYSTEM\ControlSet001\Control\NetworkProvider\ HwOrder
>> Key HKLM\SOFTWARE\Microsoft\Windows
>> NT\CurrentVersion\Winlogon\Notify\WgaLogon
>> Key HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoa m\MUICache
>> Key HKCU
>> Key HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoa m
>> Key HKU\.DEFAULT
>> Key HKCR
>> Key HKCR
>> Key HKCR
>> Key HKLM\SOFTWARE\Microsoft\COM3
>> Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
>> Key HKLM\SOFTWARE\Microsoft\COM3
>> Key HKLM\SOFTWARE\Microsoft\COM3
>> Key HKU
>> Key HKU
>> Key HKLM\SOFTWARE\Microsoft\COM3
>> Key HKCR
>> Key HKLM\SOFTWARE\Microsoft\COM3
>> Key HKLM\SOFTWARE\Microsoft\COM3
>> Key HKCR
>> Key HKCR
>> Key HKCR\CLSID
>> Key HKCR
>> Key HKCR
>> Key HKCR
>> Key HKCR
>> Key HKCR
>> Key HKCR
>> Key HKCR
>> KeyedEvent \KernelObjects\CritSecOutOfMemoryEvent
>> Mutant \BaseNamedObjects\userenv: machine policy mutex
>> Mutant \BaseNamedObjects\userenv: Machine Registry policy mutex
>> Mutant \BaseNamedObjects\userenv: user policy mutex
>> Mutant \BaseNamedObjects\userenv: User Registry policy mutex
>> Mutant \BaseNamedObjects\SingleSesMutex
>> Mutant \BaseNamedObjects\winlogon: Logon UserProfileMapping Mutex
>> Mutant \BaseNamedObjects\ShimCacheMutex
>> Mutant \BaseNamedObjects\WPA_PR_MUTEX
>> Mutant \BaseNamedObjects\WPA_RT_MUTEX
>> Mutant \BaseNamedObjects\WPA_LT_MUTEX
>> Mutant \BaseNamedObjects\WPA_HWID_MUTEX
>> Mutant \BaseNamedObjects\WPA_LICSTORE_MUTEX
>> Port \RPC Control\sclogonrpc
>> Port \RPC Control\IUserProfile
>> Port \RPC Control\OLE273DB90569D049E7BB5A549E0AAA
>> Process services.exe(1280)
>> Process lsass.exe(1292)
>> Section \BaseNamedObjects\ShimSharedMemory
>> Section \BaseNamedObjects\Debug.Memory.4d4
>> Section \BaseNamedObjects\WDMAUD_Callbacks
>> Section \BaseNamedObjects\mmGlobalPnpInfo
>> Semaphore \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
>> Semaphore \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
>> Semaphore \BaseNamedObjects\shell.{7CB834F0-527B-11D2-9D1F-0000F805CA57}
>> Thread winlogon.exe(1236): 1240
>> Thread winlogon.exe(1236): 1644
>> Thread winlogon.exe(1236): 3668
>> Thread winlogon.exe(1236): 1240
>> Thread winlogon.exe(1236): 1260
>> Thread winlogon.exe(1236): 2404
>> Thread winlogon.exe(1236): 1268
>> Thread winlogon.exe(1236): 1276
>> Thread winlogon.exe(1236): 1288
>> Thread winlogon.exe(1236): 1380
>> Thread winlogon.exe(1236): 1380
>> Thread winlogon.exe(1236): 1384
>> Thread winlogon.exe(1236): 1388
>> Thread winlogon.exe(1236): 1420
>> Thread winlogon.exe(1236): 1524
>> Thread winlogon.exe(1236): 2448
>> Thread winlogon.exe(1236): 2212
>> Thread winlogon.exe(1236): 1272
>> Thread winlogon.exe(1236): 2208
>> Thread winlogon.exe(1236): 2004
>> Thread winlogon.exe(1236): 1644
>> Thread winlogon.exe(1236): 2212
>> Thread winlogon.exe(1236): 3516
>> Thread winlogon.exe(1236): 2220
>> Thread winlogon.exe(1236): 1644
>> Thread winlogon.exe(1236): 2220
>> Thread winlogon.exe(1236): 2140
>> Thread winlogon.exe(1236): 2676
>> Thread winlogon.exe(1236): 1644
>> Thread winlogon.exe(1236): 2404
>> Thread winlogon.exe(1236): 2216
>> Thread winlogon.exe(1236): 2404
>> Thread winlogon.exe(1236): 3216
>> Thread winlogon.exe(1236): 328
>> Thread winlogon.exe(1236): 2404
>> Thread winlogon.exe(1236): 3492
>> Timer \BaseNamedObjects\userenv: refresh timer for 1236:1644
>> Timer \BaseNamedObjects\AUTOENRL:MachineEnrollmentTimer
>> Timer \BaseNamedObjects\userenv: refresh timer for 1236:2404
>> Timer \BaseNamedObjects\AUTOENRL:UserEnrollmentShellTime r
>> Timer \BaseNamedObjects\AUTOENRL:UserEnrollmentTimer
>> Token domain\phil:a359c
>> Token NT AUTHORITY\NETWORK SERVICE:3e4
>> Token NT AUTHORITY\SYSTEM:3e7
>> Token NT AUTHORITY\SYSTEM:3e7
>> Token NT AUTHORITY\SYSTEM:3e7
>> Token domain\phil:a359c
>> Token domain\phil:a359c
>> Token domain\phil:a359c
>> Token domain\phil:a359c
>> Token domain\phil:a359c
>> Token NT AUTHORITY\SYSTEM:3e7
>> WindowStation \Windows\WindowStations\WinSta0
>> WindowStation \Windows\WindowStations\WinSta0n
>>
>> Is there a fix for this or a way to calm winlogon.exe down? It doesn't
>> seem to matter how long my session uptime is either since this was only
>> three days old.
>>
>> Thank you in advance. :)
--
Phillip Pi (aka Ant)
Senior Software Quality Assurance Analyst
ISP/Symantec Online Services, Consumer Business Unit
Symantec Corporation
www.symantec.com
-----------------------------------------------------
Email: phillip_pi@symantec.comSYMC (remove SYMC to reply by e-mail)
-----------------------------------------------------
Please do NOT e-mail me for technical support. DISCLAIMER: The views
expressed in this posting are mine, and do not necessarily reflect the
views of my employer. Thank you.
Reply With Quote

 
Old 07-11-2008, 08:30 PM