07-14-2008, 10:51 AM
|
| |
| Re: Once in a while, winlogon.exe will hog CPU and makes my Windows unresponsive.
Current version of winmm.dll for Windows SP2 is: "5.1.2600.2180"
Located in C:\Windows\sytem32
JS
"Phillip Pi" <phillip_pi@symantec.comSYMC> wrote in message
news:%234aDdIU5IHA.2348@TK2MSFTNGP06.phx.gbl...
>I did more research today since I had another one earlier today. :(
>According to Process Explorer v11.20's winlogon.exe's threads properties,
>WINMM.dll!PlaySoundW+0x77f was the one hogging the CPU (not sure if this
>was the same as before since I never went this deep). Here's Process
>Explorer exported log: http://pastebin.ca/1071193 (no wordwrapping since
>this is wide and expires in 30 days). That sounds like audio so I check my
>headphones and heard NO sounds. I tried disabling and enabling SoundMAX
>Integrated Digital Audio in device manager, but that didn't help. I believe
>I have the latest drivers (2004).
>
>
> On 7/11/2008 1:23 PM PT, Phillip Pi wrote:
>
>> Hello.
>>
>> I have a strange rare and annoying Windows XP Pro. SP2 (IE6.0 SP2; all
>> critical updates and optional softwares for SP2) issue that had been
>> around for three years or so, and I can't figure out what's going on.
>>
>> Once in a while (very rare -- maybe once every one/two months?), I
>> winlogon.exe decides to go nuts and take one of my CPU (have a dual core
>> Intel P4 Prescott machine). From there, softwares don't respond and some
>> can't be shut down (e.g., SeaMonkey.exe, Trillian.exe, Outlook.exe) even
>> if I force end task. When I try to shut down Windows to reboot, it gets
>> stuck forever and I need to do a force shut down on the power switch on
>> the Dell Optiplex GX280 case.
>>
>> I tried viewing Process Explorer, Process Monitor, event logs, services
>> via cmd.exe (administrative method freezes/doesn't respond), etc. and
>> found nothing interesting. Here are the Process Explorer exports:
>>
>> From Process Explorer v11.20:
>>
>>
>> Process PID Description CPU Company Name
>> System Idle Process 0 39.13 Interrupts n/a Hardware
>> Interrupts DPCs n/a Deferred Procedure Calls System
>> 4 smss.exe 1160 Windows NT Session Manager
>> Microsoft Corporation
>> csrss.exe 1208 Client Server Runtime Process Microsoft
>> Corporation
>> winlogon.exe 1236 Windows NT Logon Application 50.00
>> Microsoft Corporation
>> services.exe 1280 Services and Controller app 0.72
>> Microsoft Corporation
>> svchost.exe 1480 Generic Host Process for Win32 Services
>> Microsoft Corporation
>> svchost.exe 1536 Generic Host Process for Win32 Services
>> Microsoft Corporation
>> svchost.exe 456 Generic Host Process for Win32 Services
>> Microsoft Corporation
>> Smc.exe 724 Symantec CMC Smc 0.72 Symantec Corporation
>> SmcGui.exe 2168 Symantec CMC SmcGui 4.35 Symantec
>> Corporation
>> svchost.exe 780 Generic Host Process for Win32 Services
>> Microsoft Corporation
>> svchost.exe 892 Generic Host Process for Win32 Services
>> Microsoft Corporation
>> SNAC.EXE 904 Symantec Network Access Control 0.72
>> Symantec Corporation
>> ccSvcHst.exe 1968 Symantec Service Framework Symantec
>> Corporation
>> spoolsv.exe 1916 Spooler SubSystem App Microsoft
>> Corporation
>> AeXNSAgent.exe 1924 Altiris Agent Altiris, Inc.
>> AluSchedulerSvc.exe 524 Automatic LiveUpdate Scheduler Service
>> Symantec Corporation
>> ntmulti.exe 944 IBM Lotus Notes/Domino IBM Corp
>> NMSAccess.exe 968 p4ps.exe 1084 P4Webs.exe
>> 1648 spkrmon.exe 1676 SoundMAX SpeakerMonitor service
>> Rtvscan.exe 1664 Symantec AntiVirus Symantec Corporation
>> vmware-authd.exe 2192 VMware Authorization Service
>> VMware, Inc.
>> vmount2.exe 2704 virtual disk mount service VMware,
>> Inc.
>> vmnat.exe 2904 VMware NAT Service VMware, Inc.
>> vmnetdhcp.exe 3180 VMware VMnet DHCP service VMware,
>> Inc.
>> alg.exe 2996 Application Layer Gateway Service
>> Microsoft Corporation
>> lsass.exe 1292 LSA Shell (Export Version) Microsoft
>> Corporation
>> explorer.exe 3228 Windows Explorer Microsoft Corporation
>> TaskSwitch.exe 3660 ccApp.exe 3100 Symantec User
>> Session Symantec Corporation
>> trillian.exe 1700 Trillian Cerulean Studios
>> OUTLOOK.EXE 2952 Microsoft Office Outlook Microsoft
>> Corporation
>> seamonkey.exe 1012 SeaMonkey mozilla.org
>> taskmgr.exe 1616 Windows TaskManager Microsoft Corporation
>> procexp.exe 3392 Sysinternals Process Explorer 4.35
>> Sysinternals - www.sysinternals.com
>>
>> Process: winlogon.exe Pid: 1236
>>
>> Name Description Company Name Version
>> ACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation
>> 5.01.2600.2180
>> adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation
>> 5.01.2600.2180
>> ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation
>> 5.01.2600.2180
>> Apphelp.dll Application Compatibility Client Library Microsoft
>> Corporation 5.01.2600.2180
>> Ati2evxx.dll ATI External Event Utility DLL Module ATI Technologies
>> Inc. 6.14.0010.4123
>> ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation
>> 3.05.2284.0000
>> AUTHZ.dll Authorization Framework Microsoft Corporation
>> 5.01.2600.2622
>> Cabinet.dll Microsoft® Cabinet File API Microsoft Corporation
>> 5.01.2600.2180
>> CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0308
>> COMCTL32.dll Common Controls Library Microsoft Corporation
>> 5.82.2900.2982
>> comctl32.dll User Experience Controls Library Microsoft Corporation
>> 6.00.2900.2982
>> comdlg32.dll Common Dialogs DLL Microsoft Corporation
>> 6.00.2900.2180
>> COMRes.dll Microsoft Corporation 2001.12.4414.0258
>> CRYPT32.dll Crypto API32 Microsoft Corporation 5.131.2600.2180
>> cryptdll.dll Cryptography Manager Microsoft Corporation
>> 5.01.2600.2180
>> cscdll.dll Offline Network Agent Microsoft Corporation
>> 5.01.2600.2180
>> cscui.dll Client Side Caching UI Microsoft Corporation
>> 5.01.2600.2180
>> ctype.nls DNSAPI.dll DNS Client API DLL Microsoft
>> Corporation 5.01.2600.3394
>> fastprox.dll WMI Microsoft Corporation 5.01.2600.2180
>> GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.3316
>> hnetcfg.dll Home Networking Configuration Manager Microsoft
>> Corporation 5.01.2600.2180
>> icmp.dll ICMP DLL Microsoft Corporation 5.01.2600.2180
>> IMAGEHLP.dll Windows NT Image Helper Microsoft Corporation
>> 5.01.2600.2180
>> IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation
>> 5.01.2600.2180
>> iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.2912
>> kerberos.dll Kerberos Security Package Microsoft Corporation
>> 5.01.2600.2698
>> kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation
>> 5.01.2600.3119
>> locale.nls LPK.DLL Language Pack Microsoft Corporation
>> 5.01.2600.2180
>> midimap.dll Microsoft MIDI Mapper Microsoft Corporation
>> 5.01.2600.2180
>> MPR.dll Multiple Provider Router DLL Microsoft Corporation
>> 5.01.2600.2180
>> MPRAPI.dll Windows NT MP Router Administration DLL Microsoft
>> Corporation 5.01.2600.2180
>> MSACM32.dll Microsoft ACM Audio Filter Microsoft Corporation
>> 5.01.2600.2180
>> msacm32.drv Microsoft Sound Mapper Microsoft Corporation
>> 5.01.2600.0000
>> MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation
>> 5.01.2600.2180
>> msctfime.ime Microsoft Text Frame Work Service IME Microsoft
>> Corporation 5.01.2600.2180
>> MSGINA.dll Windows NT Logon GINA DLL Microsoft Corporation
>> 5.01.2600.2180
>> msv1_0.dll Microsoft Authentication Package v1.0 Microsoft
>> Corporation 5.01.2600.2180
>> MSVCP60.dll Microsoft (R) C++ Runtime Library Microsoft Corporation
>> 6.02.3104.0000
>> MSVCR70.dll Microsoft® C Runtime Library Microsoft Corporation
>> 7.00.9466.0000
>> msvcrt.dll Windows NT CRT DLL Microsoft Corporation
>> 7.00.2600.3085
>> mswsock.dll Microsoft Windows Sockets 2.0 Service Provider
>> Microsoft Corporation 5.01.2600.3394
>> msxml3.dll MSXML 3.0 SP9 Microsoft Corporation 8.90.1101.0000
>> msxml3r.dll XML Resources Microsoft Corporation 8.20.8730.0001
>> NavLogon.dll Symantec AntiVirus Logon Notification Symantec
>> Corporation 10.01.0000.0401
>> NDdeApi.dll Network DDE Share Management APIs Microsoft Corporation
>> 5.01.2600.2180
>> NETAPI32.dll Net Win32 API DLL Microsoft Corporation
>> 5.01.2600.2976
>> ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.2180
>> NTDSAPI.DLL NT5DS Microsoft Corporation 5.01.2600.2180
>> NTMARTA.DLL Windows NT MARTA provider Microsoft Corporation
>> 5.01.2600.2180
>> ODBC32.dll Microsoft Data Access - ODBC Driver Manager Microsoft
>> Corporation 3.525.1117.0000
>> odbcint.dll Microsoft Data Access - ODBC Resources Microsoft
>> Corporation 3.525.1117.0000
>> ole32.dll Microsoft OLE for Windows Microsoft Corporation
>> 5.01.2600.2726
>> OLEAUT32.dll Microsoft Corporation 5.01.2600.3266
>> PCANotify.dll Winlogon Notification package Symantec Corporation
>> 11.00.0001.0764
>> PROFMAP.dll Userenv Microsoft Corporation 5.01.2600.2180
>> PSAPI.DLL Process Status Helper Microsoft Corporation
>> 5.01.2600.2180
>> REGAPI.dll Registry Configuration APIs Microsoft Corporation
>> 5.01.2600.2180
>> RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation
>> 5.01.2600.3173
>> rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft
>> Corporation 5.01.2600.2161
>> rtutils.dll Routing Utilities Microsoft Corporation
>> 5.01.2600.2180
>> SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180
>> SASWINLO.dll SUPERAntiSpyware WinLogon Processor
>> SUPERAntiSpyware.com 1.00.0000.1046
>> Secur32.dll Security Support Provider Interface Microsoft
>> Corporation 5.01.2600.2180
>> SETUPAPI.dll Windows Setup API Microsoft Corporation
>> 5.01.2600.2180
>> sfc.dll Windows File Protection Microsoft Corporation
>> 5.01.2600.2180
>> sfc_os.dll Windows File Protection Microsoft Corporation
>> 5.01.2600.2180
>> SHELL32.dll Windows Shell Common Dll Microsoft Corporation
>> 6.00.2900.3241
>> SHLWAPI.dll Shell Light-weight Utility Library Microsoft
>> Corporation 6.00.2900.3354
>> SHSVCS.dll Windows Shell Services Dll Microsoft Corporation
>> 6.00.2900.3051
>> sortkey.nls sorttbls.nls sxs.dll Fusion 2.5
>> Microsoft Corporation 5.01.2600.3019
>> unicode.nls USER32.dll Windows XP USER API Client DLL
>> Microsoft Corporation 5.01.2600.3099
>> USERENV.dll Userenv Microsoft Corporation 5.01.2600.2180
>> USP10.dll Uniscribe Unicode script processor Microsoft Corporation
>> 1.420.2600.2180
>> uxtheme.dll Microsoft UxTheme Library Microsoft Corporation
>> 6.00.2900.2180
>> VERSION.dll Version Checking and File Installation Libraries
>> Microsoft Corporation 5.01.2600.2180
>> wbemcomn.dll WMI Microsoft Corporation 5.01.2600.2180
>> wbemprox.dll WMI Microsoft Corporation 5.01.2600.2180
>> wbemsvc.dll WMI Microsoft Corporation 5.01.2600.2180
>> wdmaud.drv WDM Audio driver mapper Microsoft Corporation
>> 5.01.2600.2180
>> WgaLogon.dll Windows Genuine Advantage Notification Microsoft
>> Corporation 1.07.0018.0007
>> WININET.dll Internet Extensions for Win32 Microsoft Corporation
>> 6.00.2900.3354
>> winlogon.exe Windows NT Logon Application Microsoft Corporation
>> 5.01.2600.2180
>> WINMM.dll MCI API DLL Microsoft Corporation 5.01.2600.2180
>> WINSCARD.DLL Microsoft Smart Card API Microsoft Corporation
>> 5.01.2600.2180
>> WINSPOOL.DRV Windows Spooler Driver Microsoft Corporation
>> 5.01.2600.2180
>> WINSTA.dll Winstation Library Microsoft Corporation
>> 5.01.2600.2180
>> WINTRUST.dll Microsoft Trust Verification APIs Microsoft
>> Corporation 5.131.2600.2180
>> WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation
>> 5.01.2600.2180
>> WlNotify.dll Common DLL to receive Winlogon notifications Microsoft
>> Corporation 5.01.2600.2180
>> WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation
>> 5.01.2600.2180
>> WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft
>> Corporation 5.01.2600.2180
>> wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation
>> 5.01.2600.2180
>> wsock32.dll Windows Socket 32-Bit DLL Microsoft Corporation
>> 5.01.2600.2180
>> WTSAPI32.dll Windows Terminal Server SDK APIs Microsoft Corporation
>> 5.01.2600.2180
>> xpsp2res.dll Service Pack 2 Messages Microsoft Corporation
>> 5.01.2600.2180
>>
>> --
>>
>> Process PID Description CPU Company Name
>> System Idle Process 0 41.18 Interrupts n/a Hardware
>> Interrupts DPCs n/a Deferred Procedure Calls System
>> 4 smss.exe 1160 Windows NT Session Manager
>> Microsoft Corporation
>> csrss.exe 1208 Client Server Runtime Process Microsoft
>> Corporation
>> winlogon.exe 1236 Windows NT Logon Application 50.00
>> Microsoft Corporation
>> services.exe 1280 Services and Controller app 0.74
>> Microsoft Corporation
>> svchost.exe 1480 Generic Host Process for Win32 Services
>> 0.74 Microsoft Corporation
>> svchost.exe 1536 Generic Host Process for Win32 Services
>> Microsoft Corporation
>> svchost.exe 456 Generic Host Process for Win32 Services
>> Microsoft Corporation
>> Smc.exe 724 Symantec CMC Smc 0.74 Symantec Corporation
>> SmcGui.exe 2168 Symantec CMC SmcGui 2.94 Symantec
>> Corporation
>> svchost.exe 780 Generic Host Process for Win32 Services
>> Microsoft Corporation
>> svchost.exe 892 Generic Host Process for Win32 Services
>> Microsoft Corporation
>> SNAC.EXE 904 Symantec Network Access Control Symantec
>> Corporation
>> ccSvcHst.exe 1968 Symantec Service Framework 0.74
>> Symantec Corporation
>> spoolsv.exe 1916 Spooler SubSystem App Microsoft
>> Corporation
>> AeXNSAgent.exe 1924 Altiris Agent Altiris, Inc.
>> AluSchedulerSvc.exe 524 Automatic LiveUpdate Scheduler Service
>> Symantec Corporation
>> ntmulti.exe 944 IBM Lotus Notes/Domino IBM Corp
>> NMSAccess.exe 968 p4ps.exe 1084 P4Webs.exe
>> 1648 spkrmon.exe 1676 SoundMAX SpeakerMonitor service
>> Rtvscan.exe 1664 Symantec AntiVirus Symantec Corporation
>> vmware-authd.exe 2192 VMware Authorization Service
>> VMware, Inc.
>> vmount2.exe 2704 virtual disk mount service VMware,
>> Inc.
>> vmnat.exe 2904 VMware NAT Service VMware, Inc.
>> vmnetdhcp.exe 3180 VMware VMnet DHCP service VMware,
>> Inc.
>> alg.exe 2996 Application Layer Gateway Service
>> Microsoft Corporation
>> lsass.exe 1292 LSA Shell (Export Version) Microsoft
>> Corporation
>> explorer.exe 3228 Windows Explorer Microsoft Corporation
>> TaskSwitch.exe 3660 ccApp.exe 3100 Symantec User
>> Session Symantec Corporation
>> trillian.exe 1700 Trillian Cerulean Studios
>> OUTLOOK.EXE 2952 Microsoft Office Outlook Microsoft
>> Corporation
>> seamonkey.exe 1012 SeaMonkey mozilla.org
>> taskmgr.exe 1616 Windows TaskManager Microsoft Corporation
>> procexp.exe 3392 Sysinternals Process Explorer 2.94
>> Sysinternals - www.sysinternals.com
>>
>> Process: winlogon.exe Pid: 1236
>>
>> Type Name
>> Desktop \Winlogon
>> Desktop \Disconnect
>> Desktop \Default
>> Desktop \Default
>> Directory \KnownDlls
>> Directory \Windows
>> Directory \BaseNamedObjects
>> Event \BaseNamedObjects\AUTOENRL:TriggerMachineEnrollmen t
>> Event \BaseNamedObjects\crypt32LogoffEvent
>> Event \BaseNamedObjects\userenv: User Profile setup event
>> Event \BaseNamedObjects\userenv: Machine Group Policy has been applied
>> Event \BaseNamedObjects\userenv: Machine Group Policy ForcedRefresh
>> Needs Foreground Processing
>> Event \BaseNamedObjects\userenv: Machine Group Policy Processing is
>> done
>> Event \BaseNamedObjects\userenv: Machine Policy Foreground Done Event
>> Event \BaseNamedObjects\userenv: User Group Policy has been applied
>> Event \BaseNamedObjects\userenv: User Group Policy ForcedRefresh Needs
>> Foreground Processing
>> Event \BaseNamedObjects\userenv: User Group Policy Processing is done
>> Event \BaseNamedObjects\userenv: User Policy Foreground Done Event
>> Event \BaseNamedObjects\WinlogonTSSynchronizeEvent
>> Event \BaseNamedObjects\TS-WPAAE
>> Event \BaseNamedObjects\ReconEvent
>> Event \Security\NetworkProviderLoad
>> Event \BaseNamedObjects\AtiExtEventGSNotificationEvent
>> Event \BaseNamedObjects\jjCSCSharedFillEvent_UM_KM
>> Event \BaseNamedObjects\hardwaremixercallback
>> Event \BaseNamedObjects\WFP_IDLE_TRIGGER
>> Event \BaseNamedObjects\Microsoft Smart Card Resource Manager Started
>> Event \BaseNamedObjects\msgina: ReturnToWelcome
>> Event \BaseNamedObjects\ThemesStartEvent
>> Event \BaseNamedObjects\DINPUTWINMM
>> Event \BaseNamedObjects\winlogon: machine GPO Event 70406
>> Event \BaseNamedObjects\userenv: Machine Group Policy has been applied
>> Event \BaseNamedObjects\userenv: machine policy refresh event
>> Event \BaseNamedObjects\userenv: machine policy force refresh event
>> Event \BaseNamedObjects\userenv: Machine Group Policy has been applied
>> Event \BaseNamedObjects\userenv: Machine Group Policy ForcedRefresh
>> Needs Foreground Processing
>> Event \BaseNamedObjects\userenv: Machine Group Policy Processing is
>> done
>> Event \BaseNamedObjects\AgentExistsEvent
>> Event \BaseNamedObjects\WkssvcToAgentStopEvent
>> Event \BaseNamedObjects\WkssvcToAgentStartEvent
>> Event \BaseNamedObjects\jjCSCSessEvent_UM_KM_0
>> Event \BaseNamedObjects\AgentToWkssvcEvent
>> Event \BaseNamedObjects\PCA_UnlockWksNotify
>> Event \BaseNamedObjects\PCA_LockWksNotify
>> Event \BaseNamedObjects\PCA_TAG_TEAM_0
>> Event \BaseNamedObjects\SENS Started Event
>> Event \BaseNamedObjects\userenv: user policy force refresh event
>> Event \BaseNamedObjects\userenv: User Group Policy has been applied
>> Event \BaseNamedObjects\userenv: User Group Policy has been applied
>> Event \BaseNamedObjects\userenv: User Group Policy Processing is done
>> Event \BaseNamedObjects\userenv: User Group Policy ForcedRefresh Needs
>> Foreground Processing
>> Event \BaseNamedObjects\userenv: user policy refresh event
>> Event \BaseNamedObjects\winlogon: User GPO Event 483671
>> Event \BaseNamedObjects\WlballoonLogoffNotificationEvent Name
>> Event \BaseNamedObjects\AUTOENRL:TriggerUserEnrollment
>> Event \BaseNamedObjects\CscCacheInitCompleteEvent
>> Event \BaseNamedObjects\ShellReadyEvent
>> Event \BaseNamedObjects\WlballoonLogoffNotificationEvent Name
>> Event \BaseNamedObjects\mixercallback
>> Event
>> \BaseNamedObjects\00000000000a359c_WlballoonKerber osNotificationEventName
>> File \Device\NamedPipe\TerminalServer\AutoReconnect
>> File
>> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
>> File \Device\KsecDD
>> File \Device\NamedPipe\InitShutdown
>> File \Device\NamedPipe\InitShutdown
>> File C:\WINDOWS\system32\dllcache
>> File
>> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
>> File C:\WINDOWS\AppPatch
>> File C:\Program Files\Common Files\Microsoft Shared\web server
>> extensions\40\isapi\_vti_adm
>> File C:\Program Files\Common Files\Microsoft Shared\web server
>> extensions\40\_vti_bin\_vti_adm
>> File C:\WINDOWS\system32
>> File C:\WINDOWS\Help
>> File C:\Program Files\Common Files\Microsoft Shared\web server
>> extensions\40\isapi\_vti_aut
>> File C:\Program Files\Common Files\Microsoft Shared\web server
>> extensions\40\_vti_bin\_vti_aut
>> File C:\WINDOWS\system32\inetsrv
>> File C:\Program Files\Common Files\Microsoft Shared\web server
>> extensions\40\bin
>> File C:\WINDOWS\Fonts
>> File C:\WINDOWS\system32\drivers
>> File C:\Program Files\Common Files\Microsoft Shared\web server
>> extensions\40\servsupp
>> File C:\Program Files\Common Files\Microsoft Shared\web server
>> extensions\40\bots\vinavbar
>> File C:\Program Files\microsoft frontpage\version3.0\bin
>> File C:\Program Files\Common Files\Microsoft Shared\web server
>> extensions\40\_vti_bin
>> File C:\Program Files\Common Files\Microsoft Shared\web server
>> extensions\40\bin\1033
>> File C:\Program Files\Common Files\Microsoft Shared\web server
>> extensions\40\isapi
>> File C:\WINDOWS
>> File C:\Program Files\Common Files\Microsoft Shared\DAO
>> File C:\Program Files\Windows Media Player
>> File C:\Program Files\Common Files\System\msadc
>> File C:\Program Files\Common Files\System\ado
>> File C:\Program Files\Common Files\System\Ole DB
>> File C:\WINDOWS\inf
>> File C:\WINDOWS\system
>> File C:\WINDOWS\msagent
>> File C:\WINDOWS\msagent\intl
>> File C:\Program Files\MSN Gaming Zone\Windows
>> File C:\WINDOWS\PCHealth\HelpCtr\Binaries
>> File C:\Program Files\NetMeeting
>> File C:\WINDOWS\system32\drivers\disdn
>> File C:\WINDOWS\ime\CHTIME\Applets
>> File C:\WINDOWS\system32\wbem
>> File C:\WINDOWS\system32\IME\CINTLGNT
>> File C:\WINDOWS\system32\Com
>> File C:\WINDOWS\system32\Setup
>> File C:\WINDOWS\ime\IMJP8_1
>> File C:\Program Files\Common Files\Microsoft Shared\Triedit
>> File C:\Program Files\Windows NT
>> File C:\Program Files\Common Files\System
>> File C:\WINDOWS\system32\1033
>> File C:\Program Files\Common Files\Microsoft Shared\web server
>> extensions\40\admcgi\scripts
>> File C:\Program Files\Common Files\Microsoft Shared\web server
>> extensions\40\admisapi\scripts
>> File C:\WINDOWS\system32\usmt
>> File C:\WINDOWS\ime\IMKR6_1\Dicts
>> File C:\WINDOWS\system32\mui\0009
>> File C:\Program Files\Internet Explorer
>> File C:\WINDOWS\ime\IMJP8_1\APPLETS
>> File C:\WINDOWS\ime\IMKR6_1\Applets
>> File C:\WINDOWS\system32\xircom
>> File C:\Program Files\Internet Explorer\Connection Wizard
>> File C:\Program Files\Common Files\Microsoft Shared\MSInfo
>> File C:\WINDOWS\ime\IMKR6_1
>> File C:\WINDOWS\ime\SHARED
>> File C:\WINDOWS\system32\IME\PINTLGNT
>> File C:\Program Files\Common
>> Files\SpeechEngines\Microsoft\Lexicon\1033
>> File C:\WINDOWS\Resources\Themes\Luna
>> File C:\Program Files\Movie Maker
>> File C:\WINDOWS\ime
>> File C:\WINDOWS\srchasst
>> File C:\Program Files\Outlook Express
>> File C:\WINDOWS\system32\oobe
>> File C:\Program Files\Common Files\MSSoap\Binaries
>> File C:\Program Files\Common Files\MSSoap\Binaries\Resources\1033
>> File C:\WINDOWS\mui
>> File C:\WINDOWS\system32\npp
>> File C:\WINDOWS\ime\SHARED\RES
>> File C:\Program Files\Windows NT\Pinball
>> File C:\WINDOWS\ime\CHSIME\APPLETS
>> File C:\WINDOWS\system32\Restore
>> File C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS\1033
>> File C:\Program Files\Common Files\Microsoft Shared\Speech
>> File C:\WINDOWS\Resources\Themes\Luna\Shell\NormalColor
>> File C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead
>> File C:\WINDOWS\Resources\Themes\Luna\Shell\Metallic
>> File C:\WINDOWS\system32\wbem\snmp
>> File C:\Program Files\Common Files\SpeechEngines\Microsoft
>> File C:\Program Files\Common Files\Microsoft Shared\Speech\1033
>> File C:\WINDOWS\PeerNet
>> File C:\WINDOWS\system32\spool\drivers\color
>> File C:\WINDOWS\system32\IME\TINTLGNT
>> File C:\WINDOWS\Help\Tours\mmTour
>> File C:\WINDOWS\PCHealth\UploadLB\Binaries
>> File C:\Program Files\Common Files\Microsoft Shared\VGX
>> File C:\WINDOWS\system32\wbem\xml
>> File C:\Program Files\Windows NT\Accessories
>> File C:\WINDOWS\system32\mui\0401
>> File C:\WINDOWS\system32\mui\0404
>> File C:\WINDOWS\system32\mui\0405
>> File C:\WINDOWS\system32\mui\0406
>> File C:\WINDOWS\system32\mui\0407
>> File C:\WINDOWS\system32\mui\0408
>> File C:\WINDOWS\system32\mui\040b
>> File C:\WINDOWS\system32\mui\040C
>> File C:\WINDOWS\system32\mui\040D
>> File C:\WINDOWS\system32\mui\040e
>> File C:\WINDOWS\system32\mui\0410
>> File C:\WINDOWS\system32\mui\0411
>> File C:\WINDOWS\system32\mui\0412
>> File C:\WINDOWS\system32\mui\0413
>> File C:\WINDOWS\system32\mui\0414
>> File C:\WINDOWS\system32\mui\0415
>> File C:\WINDOWS\system32\mui\0416
>> File C:\WINDOWS\system32\mui\0419
>> File C:\WINDOWS\system32\mui\041b
>> File C:\WINDOWS\system32\mui\041D
>> File C:\WINDOWS\system32\mui\041f
>> File C:\WINDOWS\system32\mui\0424
>> File C:\WINDOWS\system32\mui\0804
>> File C:\WINDOWS\system32\mui\0816
>> File C:\WINDOWS\system32\mui\0C0A
>> File C:\WINDOWS\system32\mui\0402
>> File C:\WINDOWS\system32\mui\0418
>> File C:\WINDOWS\system32\mui\041a
>> File C:\WINDOWS\system32\mui\041e
>> File C:\WINDOWS\system32\mui\0425
>> File C:\WINDOWS\system32\mui\0426
>> File C:\WINDOWS\system32\mui\0427
>> File C:\Program Files\xerox\nwwia
>> File C:\WINDOWS\WinSxS
>> File \Device\NamedPipe\SfcApi
>> File \Device\NamedPipe\SfcApi
>> File \Device\Tcp
>> File \Device\Tcp
>> File \Device\Ip
>> File \Device\Ip
>> File \Device\Ip
>> File \Device\Afd\Endpoint
>> File \Device\Udp
>> File \Device\Afd\AsyncConnectHlp
>> File
>> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
>> File \Device\LanmanRedirector
>> File \Device\NamedPipe\winlogonrpc
>> File
>> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
>> File \Device\NamedPipe\winlogonrpc
>> File \Device\NamedPipe\winlogonrpc
>> File \Device\KSENUM#00000001\{9B365890-165F-11D0-A195-0020AFD156E4}
>> File C:\WINDOWS\system32
>> Key HKCR
>> Key HKLM\SYSTEM\ControlSet001\Control\Nls\Locale
>> Key HKLM\SYSTEM\ControlSet001\Control\Nls\Locale\Alter nate Sorts
>> Key HKLM\SYSTEM\ControlSet001\Control\Nls\Language Groups
>> Key HKCR
>> Key
>> HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parame ters\Protocol_Catalog9
>> Key
>> HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parame ters\NameSpace_Catalog5
>> Key HKLM\SOFTWARE\Microsoft\Windows
>> NT\CurrentVersion\Winlogon\Notify\crypt32chain
>> Key HKLM\SOFTWARE\Microsoft\Windows
>> NT\CurrentVersion\Winlogon\Notify\cryptnet
>> Key HKCR\CLSID
>> Key HKLM\SOFTWARE\Microsoft\Windows
>> NT\CurrentVersion\Winlogon\Notify\sclgntfy
>> Key HKLM\SYSTEM\ControlSet001\Control\Lsa
>> Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
>> Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
>> Key HKLM\SYSTEM\Setup
>> Key HKLM\SOFTWARE\Microsoft\Windows
>> NT\CurrentVersion\Winlogon\Credentials
>> Key HKU
>> Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
>> Key HKU
>> Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Linkage
>> Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameter s
>> Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameter s\Interfaces
>> Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameter s
>> Key HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet
>> Settings
>> Key HKLM
>> Key HKLM\SYSTEM\ControlSet001\Control\NetworkProvider\ HwOrder
>> Key HKLM\SOFTWARE\Microsoft\Windows
>> NT\CurrentVersion\Winlogon\Notify\WgaLogon
>> Key HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoa m\MUICache
>> Key HKCU
>> Key HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoa m
>> Key HKU\.DEFAULT
>> Key HKCR
>> Key HKCR
>> Key HKCR
>> Key HKLM\SOFTWARE\Microsoft\COM3
>> Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
>> Key HKLM\SOFTWARE\Microsoft\COM3
>> Key HKLM\SOFTWARE\Microsoft\COM3
>> Key HKU
>> Key HKU
>> Key HKLM\SOFTWARE\Microsoft\COM3
>> Key HKCR
>> Key HKLM\SOFTWARE\Microsoft\COM3
>> Key HKLM\SOFTWARE\Microsoft\COM3
>> Key HKCR
>> Key HKCR
>> Key HKCR\CLSID
>> Key HKCR
>> Key HKCR
>> Key HKCR
>> Key HKCR
>> Key HKCR
>> Key HKCR
>> Key HKCR
>> KeyedEvent \KernelObjects\CritSecOutOfMemoryEvent
>> Mutant \BaseNamedObjects\userenv: machine policy mutex
>> Mutant \BaseNamedObjects\userenv: Machine Registry policy mutex
>> Mutant \BaseNamedObjects\userenv: user policy mutex
>> Mutant \BaseNamedObjects\userenv: User Registry policy mutex
>> Mutant \BaseNamedObjects\SingleSesMutex
>> Mutant \BaseNamedObjects\winlogon: Logon UserProfileMapping Mutex
>> Mutant \BaseNamedObjects\ShimCacheMutex
>> Mutant \BaseNamedObjects\WPA_PR_MUTEX
>> Mutant \BaseNamedObjects\WPA_RT_MUTEX
>> Mutant \BaseNamedObjects\WPA_LT_MUTEX
>> Mutant \BaseNamedObjects\WPA_HWID_MUTEX
>> Mutant \BaseNamedObjects\WPA_LICSTORE_MUTEX
>> Port \RPC Control\sclogonrpc
>> Port \RPC Control\IUserProfile
>> Port \RPC Control\OLE273DB90569D049E7BB5A549E0AAA
>> Process services.exe(1280)
>> Process lsass.exe(1292)
>> Section \BaseNamedObjects\ShimSharedMemory
>> Section \BaseNamedObjects\Debug.Memory.4d4
>> Section \BaseNamedObjects\WDMAUD_Callbacks
>> Section \BaseNamedObjects\mmGlobalPnpInfo
>> Semaphore
>> \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
>> Semaphore
>> \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
>> Semaphore
>> \BaseNamedObjects\shell.{7CB834F0-527B-11D2-9D1F-0000F805CA57}
>> Thread winlogon.exe(1236): 1240
>> Thread winlogon.exe(1236): 1644
>> Thread winlogon.exe(1236): 3668
>> Thread winlogon.exe(1236): 1240
>> Thread winlogon.exe(1236): 1260
>> Thread winlogon.exe(1236): 2404
>> Thread winlogon.exe(1236): 1268
>> Thread winlogon.exe(1236): 1276
>> Thread winlogon.exe(1236): 1288
>> Thread winlogon.exe(1236): 1380
>> Thread winlogon.exe(1236): 1380
>> Thread winlogon.exe(1236): 1384
>> Thread winlogon.exe(1236): 1388
>> Thread winlogon.exe(1236): 1420
>> Thread winlogon.exe(1236): 1524
>> Thread winlogon.exe(1236): 2448
>> Thread winlogon.exe(1236): 2212
>> Thread winlogon.exe(1236): 1272
>> Thread winlogon.exe(1236): 2208
>> Thread winlogon.exe(1236): 2004
>> Thread winlogon.exe(1236): 1644
>> Thread winlogon.exe(1236): 2212
>> Thread winlogon.exe(1236): 3516
>> Thread winlogon.exe(1236): 2220
>> Thread winlogon.exe(1236): 1644
>> Thread winlogon.exe(1236): 2220
>> Thread winlogon.exe(1236): 2140
>> Thread winlogon.exe(1236): 2676
>> Thread winlogon.exe(1236): 1644
>> Thread winlogon.exe(1236): 2404
>> Thread winlogon.exe(1236): 2216
>> Thread winlogon.exe(1236): 2404
>> Thread winlogon.exe(1236): 3216
>> Thread winlogon.exe(1236): 328
>> Thread winlogon.exe(1236): 2404
>> Thread winlogon.exe(1236): 3492
>> Timer \BaseNamedObjects\userenv: refresh timer for 1236:1644
>> Timer \BaseNamedObjects\AUTOENRL:MachineEnrollmentTimer
>> Timer \BaseNamedObjects\userenv: refresh timer for 1236:2404
>> Timer \BaseNamedObjects\AUTOENRL:UserEnrollmentShellTime r
>> Timer \BaseNamedObjects\AUTOENRL:UserEnrollmentTimer
>> Token domain\phil:a359c
>> Token NT AUTHORITY\NETWORK SERVICE:3e4
>> Token NT AUTHORITY\SYSTEM:3e7
>> Token NT AUTHORITY\SYSTEM:3e7
>> Token NT AUTHORITY\SYSTEM:3e7
>> Token domain\phil:a359c
>> Token domain\phil:a359c
>> Token domain\phil:a359c
>> Token domain\phil:a359c
>> Token domain\phil:a359c
>> Token NT AUTHORITY\SYSTEM:3e7
>> WindowStation \Windows\WindowStations\WinSta0
>> WindowStation \Windows\WindowStations\WinSta0n
>>
>> Is there a fix for this or a way to calm winlogon.exe down? It doesn't
>> seem to matter how long my session uptime is either since this was only
>> three days old.
>>
>> Thank you in advance. :)
> --
> Phillip Pi
> Senior Software Quality Assurance Analyst
> ISP/Symantec Online Services, Consumer Business Unit
> Symantec Corporation
> www.symantec.com
> -----------------------------------------------------
> Email: phillip_pi@symantec.comSYMC (remove SYMC to reply by e-mail)
> -----------------------------------------------------
> Please do NOT e-mail me for technical support. DISCLAIMER: The views
> expressed in this posting are mine, and do not necessarily reflect the
> views of my employer. Thank you.  |