Thread: Once in a while, winlogon.exe will hog CPU and makes my Windows unresponsive.
View Single Post
  #6 (permalink)  
Old 07-14-2008, 12:30 PM
Phillip Pi
Newsgroup Contributor
  
Posts: n/a
Re: Once in a while, winlogon.exe will hog CPU and makes my Windowsunresponsive.
Yep: 5.1.2600.2180. So far so good after uninstalling K-Lite Codec Full
Pack. It might be causing my audio to go wacky to make winlogon.exe go
nuts. We'll see...


On 7/14/2008 10:27 AM PT, JS wrote:

> Current version of winmm.dll for Windows SP2 is: "5.1.2600.2180"
> Located in C:\Windows\sytem32
>
> JS
>
> "Phillip Pi" <phillip_pi@symantec.comSYMC> wrote in message
> news:%234aDdIU5IHA.2348@TK2MSFTNGP06.phx.gbl...
>> I did more research today since I had another one earlier today. :(
>> According to Process Explorer v11.20's winlogon.exe's threads properties,
>> WINMM.dll!PlaySoundW+0x77f was the one hogging the CPU (not sure if this
>> was the same as before since I never went this deep). Here's Process
>> Explorer exported log: http://pastebin.ca/1071193 (no wordwrapping since
>> this is wide and expires in 30 days). That sounds like audio so I check my
>> headphones and heard NO sounds. I tried disabling and enabling SoundMAX
>> Integrated Digital Audio in device manager, but that didn't help. I believe
>> I have the latest drivers (2004).
>>
>>
>> On 7/11/2008 1:23 PM PT, Phillip Pi wrote:
>>
>>> Hello.
>>>
>>> I have a strange rare and annoying Windows XP Pro. SP2 (IE6.0 SP2; all
>>> critical updates and optional softwares for SP2) issue that had been
>>> around for three years or so, and I can't figure out what's going on.
>>>
>>> Once in a while (very rare -- maybe once every one/two months?), I
>>> winlogon.exe decides to go nuts and take one of my CPU (have a dual core
>>> Intel P4 Prescott machine). From there, softwares don't respond and some
>>> can't be shut down (e.g., SeaMonkey.exe, Trillian.exe, Outlook.exe) even
>>> if I force end task. When I try to shut down Windows to reboot, it gets
>>> stuck forever and I need to do a force shut down on the power switch on
>>> the Dell Optiplex GX280 case.
>>>
>>> I tried viewing Process Explorer, Process Monitor, event logs, services
>>> via cmd.exe (administrative method freezes/doesn't respond), etc. and
>>> found nothing interesting. Here are the Process Explorer exports:
>>>
>>> From Process Explorer v11.20:
>>>
>>>
>>> Process PID Description CPU Company Name
>>> System Idle Process 0 39.13 Interrupts n/a Hardware
>>> Interrupts DPCs n/a Deferred Procedure Calls System
>>> 4 smss.exe 1160 Windows NT Session Manager
>>> Microsoft Corporation
>>> csrss.exe 1208 Client Server Runtime Process Microsoft
>>> Corporation
>>> winlogon.exe 1236 Windows NT Logon Application 50.00
>>> Microsoft Corporation
>>> services.exe 1280 Services and Controller app 0.72
>>> Microsoft Corporation
>>> svchost.exe 1480 Generic Host Process for Win32 Services
>>> Microsoft Corporation
>>> svchost.exe 1536 Generic Host Process for Win32 Services
>>> Microsoft Corporation
>>> svchost.exe 456 Generic Host Process for Win32 Services
>>> Microsoft Corporation
>>> Smc.exe 724 Symantec CMC Smc 0.72 Symantec Corporation
>>> SmcGui.exe 2168 Symantec CMC SmcGui 4.35 Symantec
>>> Corporation
>>> svchost.exe 780 Generic Host Process for Win32 Services
>>> Microsoft Corporation
>>> svchost.exe 892 Generic Host Process for Win32 Services
>>> Microsoft Corporation
>>> SNAC.EXE 904 Symantec Network Access Control 0.72
>>> Symantec Corporation
>>> ccSvcHst.exe 1968 Symantec Service Framework Symantec
>>> Corporation
>>> spoolsv.exe 1916 Spooler SubSystem App Microsoft
>>> Corporation
>>> AeXNSAgent.exe 1924 Altiris Agent Altiris, Inc.
>>> AluSchedulerSvc.exe 524 Automatic LiveUpdate Scheduler Service
>>> Symantec Corporation
>>> ntmulti.exe 944 IBM Lotus Notes/Domino IBM Corp
>>> NMSAccess.exe 968 p4ps.exe 1084 P4Webs.exe
>>> 1648 spkrmon.exe 1676 SoundMAX SpeakerMonitor service
>>> Rtvscan.exe 1664 Symantec AntiVirus Symantec Corporation
>>> vmware-authd.exe 2192 VMware Authorization Service
>>> VMware, Inc.
>>> vmount2.exe 2704 virtual disk mount service VMware,
>>> Inc.
>>> vmnat.exe 2904 VMware NAT Service VMware, Inc.
>>> vmnetdhcp.exe 3180 VMware VMnet DHCP service VMware,
>>> Inc.
>>> alg.exe 2996 Application Layer Gateway Service
>>> Microsoft Corporation
>>> lsass.exe 1292 LSA Shell (Export Version) Microsoft
>>> Corporation
>>> explorer.exe 3228 Windows Explorer Microsoft Corporation
>>> TaskSwitch.exe 3660 ccApp.exe 3100 Symantec User
>>> Session Symantec Corporation
>>> trillian.exe 1700 Trillian Cerulean Studios
>>> OUTLOOK.EXE 2952 Microsoft Office Outlook Microsoft
>>> Corporation
>>> seamonkey.exe 1012 SeaMonkey mozilla.org
>>> taskmgr.exe 1616 Windows TaskManager Microsoft Corporation
>>> procexp.exe 3392 Sysinternals Process Explorer 4.35
>>> Sysinternals - www.sysinternals.com
>>>
>>> Process: winlogon.exe Pid: 1236
>>>
>>> Name Description Company Name Version
>>> ACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation
>>> 5.01.2600.2180
>>> adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation
>>> 5.01.2600.2180
>>> ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation
>>> 5.01.2600.2180
>>> Apphelp.dll Application Compatibility Client Library Microsoft
>>> Corporation 5.01.2600.2180
>>> Ati2evxx.dll ATI External Event Utility DLL Module ATI Technologies
>>> Inc. 6.14.0010.4123
>>> ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation
>>> 3.05.2284.0000
>>> AUTHZ.dll Authorization Framework Microsoft Corporation
>>> 5.01.2600.2622
>>> Cabinet.dll Microsoft® Cabinet File API Microsoft Corporation
>>> 5.01.2600.2180
>>> CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0308
>>> COMCTL32.dll Common Controls Library Microsoft Corporation
>>> 5.82.2900.2982
>>> comctl32.dll User Experience Controls Library Microsoft Corporation
>>> 6.00.2900.2982
>>> comdlg32.dll Common Dialogs DLL Microsoft Corporation
>>> 6.00.2900.2180
>>> COMRes.dll Microsoft Corporation 2001.12.4414.0258
>>> CRYPT32.dll Crypto API32 Microsoft Corporation 5.131.2600.2180
>>> cryptdll.dll Cryptography Manager Microsoft Corporation
>>> 5.01.2600.2180
>>> cscdll.dll Offline Network Agent Microsoft Corporation
>>> 5.01.2600.2180
>>> cscui.dll Client Side Caching UI Microsoft Corporation
>>> 5.01.2600.2180
>>> ctype.nls DNSAPI.dll DNS Client API DLL Microsoft
>>> Corporation 5.01.2600.3394
>>> fastprox.dll WMI Microsoft Corporation 5.01.2600.2180
>>> GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.3316
>>> hnetcfg.dll Home Networking Configuration Manager Microsoft
>>> Corporation 5.01.2600.2180
>>> icmp.dll ICMP DLL Microsoft Corporation 5.01.2600.2180
>>> IMAGEHLP.dll Windows NT Image Helper Microsoft Corporation
>>> 5.01.2600.2180
>>> IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation
>>> 5.01.2600.2180
>>> iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.2912
>>> kerberos.dll Kerberos Security Package Microsoft Corporation
>>> 5.01.2600.2698
>>> kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation
>>> 5.01.2600.3119
>>> locale.nls LPK.DLL Language Pack Microsoft Corporation
>>> 5.01.2600.2180
>>> midimap.dll Microsoft MIDI Mapper Microsoft Corporation
>>> 5.01.2600.2180
>>> MPR.dll Multiple Provider Router DLL Microsoft Corporation
>>> 5.01.2600.2180
>>> MPRAPI.dll Windows NT MP Router Administration DLL Microsoft
>>> Corporation 5.01.2600.2180
>>> MSACM32.dll Microsoft ACM Audio Filter Microsoft Corporation
>>> 5.01.2600.2180
>>> msacm32.drv Microsoft Sound Mapper Microsoft Corporation
>>> 5.01.2600.0000
>>> MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation
>>> 5.01.2600.2180
>>> msctfime.ime Microsoft Text Frame Work Service IME Microsoft
>>> Corporation 5.01.2600.2180
>>> MSGINA.dll Windows NT Logon GINA DLL Microsoft Corporation
>>> 5.01.2600.2180
>>> msv1_0.dll Microsoft Authentication Package v1.0 Microsoft
>>> Corporation 5.01.2600.2180
>>> MSVCP60.dll Microsoft (R) C++ Runtime Library Microsoft Corporation
>>> 6.02.3104.0000
>>> MSVCR70.dll Microsoft® C Runtime Library Microsoft Corporation
>>> 7.00.9466.0000
>>> msvcrt.dll Windows NT CRT DLL Microsoft Corporation
>>> 7.00.2600.3085
>>> mswsock.dll Microsoft Windows Sockets 2.0 Service Provider
>>> Microsoft Corporation 5.01.2600.3394
>>> msxml3.dll MSXML 3.0 SP9 Microsoft Corporation 8.90.1101.0000
>>> msxml3r.dll XML Resources Microsoft Corporation 8.20.8730.0001
>>> NavLogon.dll Symantec AntiVirus Logon Notification Symantec
>>> Corporation 10.01.0000.0401
>>> NDdeApi.dll Network DDE Share Management APIs Microsoft Corporation
>>> 5.01.2600.2180
>>> NETAPI32.dll Net Win32 API DLL Microsoft Corporation
>>> 5.01.2600.2976
>>> ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.2180
>>> NTDSAPI.DLL NT5DS Microsoft Corporation 5.01.2600.2180
>>> NTMARTA.DLL Windows NT MARTA provider Microsoft Corporation
>>> 5.01.2600.2180
>>> ODBC32.dll Microsoft Data Access - ODBC Driver Manager Microsoft
>>> Corporation 3.525.1117.0000
>>> odbcint.dll Microsoft Data Access - ODBC Resources Microsoft
>>> Corporation 3.525.1117.0000
>>> ole32.dll Microsoft OLE for Windows Microsoft Corporation
>>> 5.01.2600.2726
>>> OLEAUT32.dll Microsoft Corporation 5.01.2600.3266
>>> PCANotify.dll Winlogon Notification package Symantec Corporation
>>> 11.00.0001.0764
>>> PROFMAP.dll Userenv Microsoft Corporation 5.01.2600.2180
>>> PSAPI.DLL Process Status Helper Microsoft Corporation
>>> 5.01.2600.2180
>>> REGAPI.dll Registry Configuration APIs Microsoft Corporation
>>> 5.01.2600.2180
>>> RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation
>>> 5.01.2600.3173
>>> rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft
>>> Corporation 5.01.2600.2161
>>> rtutils.dll Routing Utilities Microsoft Corporation
>>> 5.01.2600.2180
>>> SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180
>>> SASWINLO.dll SUPERAntiSpyware WinLogon Processor
>>> SUPERAntiSpyware.com 1.00.0000.1046
>>> Secur32.dll Security Support Provider Interface Microsoft
>>> Corporation 5.01.2600.2180
>>> SETUPAPI.dll Windows Setup API Microsoft Corporation
>>> 5.01.2600.2180
>>> sfc.dll Windows File Protection Microsoft Corporation
>>> 5.01.2600.2180
>>> sfc_os.dll Windows File Protection Microsoft Corporation
>>> 5.01.2600.2180
>>> SHELL32.dll Windows Shell Common Dll Microsoft Corporation
>>> 6.00.2900.3241
>>> SHLWAPI.dll Shell Light-weight Utility Library Microsoft
>>> Corporation 6.00.2900.3354
>>> SHSVCS.dll Windows Shell Services Dll Microsoft Corporation
>>> 6.00.2900.3051
>>> sortkey.nls sorttbls.nls sxs.dll Fusion 2.5
>>> Microsoft Corporation 5.01.2600.3019
>>> unicode.nls USER32.dll Windows XP USER API Client DLL
>>> Microsoft Corporation 5.01.2600.3099
>>> USERENV.dll Userenv Microsoft Corporation 5.01.2600.2180
>>> USP10.dll Uniscribe Unicode script processor Microsoft Corporation
>>> 1.420.2600.2180
>>> uxtheme.dll Microsoft UxTheme Library Microsoft Corporation
>>> 6.00.2900.2180
>>> VERSION.dll Version Checking and File Installation Libraries
>>> Microsoft Corporation 5.01.2600.2180
>>> wbemcomn.dll WMI Microsoft Corporation 5.01.2600.2180
>>> wbemprox.dll WMI Microsoft Corporation 5.01.2600.2180
>>> wbemsvc.dll WMI Microsoft Corporation 5.01.2600.2180
>>> wdmaud.drv WDM Audio driver mapper Microsoft Corporation
>>> 5.01.2600.2180
>>> WgaLogon.dll Windows Genuine Advantage Notification Microsoft
>>> Corporation 1.07.0018.0007
>>> WININET.dll Internet Extensions for Win32 Microsoft Corporation
>>> 6.00.2900.3354
>>> winlogon.exe Windows NT Logon Application Microsoft Corporation
>>> 5.01.2600.2180
>>> WINMM.dll MCI API DLL Microsoft Corporation 5.01.2600.2180
>>> WINSCARD.DLL Microsoft Smart Card API Microsoft Corporation
>>> 5.01.2600.2180
>>> WINSPOOL.DRV Windows Spooler Driver Microsoft Corporation
>>> 5.01.2600.2180
>>> WINSTA.dll Winstation Library Microsoft Corporation
>>> 5.01.2600.2180
>>> WINTRUST.dll Microsoft Trust Verification APIs Microsoft
>>> Corporation 5.131.2600.2180
>>> WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation
>>> 5.01.2600.2180
>>> WlNotify.dll Common DLL to receive Winlogon notifications Microsoft
>>> Corporation 5.01.2600.2180
>>> WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation
>>> 5.01.2600.2180
>>> WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft
>>> Corporation 5.01.2600.2180
>>> wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation
>>> 5.01.2600.2180
>>> wsock32.dll Windows Socket 32-Bit DLL Microsoft Corporation
>>> 5.01.2600.2180
>>> WTSAPI32.dll Windows Terminal Server SDK APIs Microsoft Corporation
>>> 5.01.2600.2180
>>> xpsp2res.dll Service Pack 2 Messages Microsoft Corporation
>>> 5.01.2600.2180
>>>
>>> --
>>>
>>> Process PID Description CPU Company Name
>>> System Idle Process 0 41.18 Interrupts n/a Hardware
>>> Interrupts DPCs n/a Deferred Procedure Calls System
>>> 4 smss.exe 1160 Windows NT Session Manager
>>> Microsoft Corporation
>>> csrss.exe 1208 Client Server Runtime Process Microsoft
>>> Corporation
>>> winlogon.exe 1236 Windows NT Logon Application 50.00
>>> Microsoft Corporation
>>> services.exe 1280 Services and Controller app 0.74
>>> Microsoft Corporation
>>> svchost.exe 1480 Generic Host Process for Win32 Services
>>> 0.74 Microsoft Corporation
>>> svchost.exe 1536 Generic Host Process for Win32 Services
>>> Microsoft Corporation
>>> svchost.exe 456 Generic Host Process for Win32 Services
>>> Microsoft Corporation
>>> Smc.exe 724 Symantec CMC Smc 0.74 Symantec Corporation
>>> SmcGui.exe 2168 Symantec CMC SmcGui 2.94 Symantec
>>> Corporation
>>> svchost.exe 780 Generic Host Process for Win32 Services
>>> Microsoft Corporation
>>> svchost.exe 892 Generic Host Process for Win32 Services
>>> Microsoft Corporation
>>> SNAC.EXE 904 Symantec Network Access Control Symantec
>>> Corporation
>>> ccSvcHst.exe 1968 Symantec Service Framework 0.74
>>> Symantec Corporation
>>> spoolsv.exe 1916 Spooler SubSystem App Microsoft
>>> Corporation
>>> AeXNSAgent.exe 1924 Altiris Agent Altiris, Inc.
>>> AluSchedulerSvc.exe 524 Automatic LiveUpdate Scheduler Service
>>> Symantec Corporation
>>> ntmulti.exe 944 IBM Lotus Notes/Domino IBM Corp
>>> NMSAccess.exe 968 p4ps.exe 1084 P4Webs.exe
>>> 1648 spkrmon.exe 1676 SoundMAX SpeakerMonitor service
>>> Rtvscan.exe 1664 Symantec AntiVirus Symantec Corporation
>>> vmware-authd.exe 2192 VMware Authorization Service
>>> VMware, Inc.
>>> vmount2.exe 2704 virtual disk mount service VMware,
>>> Inc.
>>> vmnat.exe 2904 VMware NAT Service VMware, Inc.
>>> vmnetdhcp.exe 3180 VMware VMnet DHCP service VMware,
>>> Inc.
>>> alg.exe 2996 Application Layer Gateway Service
>>> Microsoft Corporation
>>> lsass.exe 1292 LSA Shell (Export Version) Microsoft
>>> Corporation
>>> explorer.exe 3228 Windows Explorer Microsoft Corporation
>>> TaskSwitch.exe 3660 ccApp.exe 3100 Symantec User
>>> Session Symantec Corporation
>>> trillian.exe 1700 Trillian Cerulean Studios
>>> OUTLOOK.EXE 2952 Microsoft Office Outlook Microsoft
>>> Corporation
>>> seamonkey.exe 1012 SeaMonkey mozilla.org
>>> taskmgr.exe 1616 Windows TaskManager Microsoft Corporation
>>> procexp.exe 3392 Sysinternals Process Explorer 2.94
>>> Sysinternals - www.sysinternals.com
>>>
>>> Process: winlogon.exe Pid: 1236
>>>
>>> Type Name
>>> Desktop \Winlogon
>>> Desktop \Disconnect
>>> Desktop \Default
>>> Desktop \Default
>>> Directory \KnownDlls
>>> Directory \Windows
>>> Directory \BaseNamedObjects
>>> Event \BaseNamedObjects\AUTOENRL:TriggerMachineEnrollmen t
>>> Event \BaseNamedObjects\crypt32LogoffEvent
>>> Event \BaseNamedObjects\userenv: User Profile setup event
>>> Event \BaseNamedObjects\userenv: Machine Group Policy has been applied
>>> Event \BaseNamedObjects\userenv: Machine Group Policy ForcedRefresh
>>> Needs Foreground Processing
>>> Event \BaseNamedObjects\userenv: Machine Group Policy Processing is
>>> done
>>> Event \BaseNamedObjects\userenv: Machine Policy Foreground Done Event
>>> Event \BaseNamedObjects\userenv: User Group Policy has been applied
>>> Event \BaseNamedObjects\userenv: User Group Policy ForcedRefresh Needs
>>> Foreground Processing
>>> Event \BaseNamedObjects\userenv: User Group Policy Processing is done
>>> Event \BaseNamedObjects\userenv: User Policy Foreground Done Event
>>> Event \BaseNamedObjects\WinlogonTSSynchronizeEvent
>>> Event \BaseNamedObjects\TS-WPAAE
>>> Event \BaseNamedObjects\ReconEvent
>>> Event \Security\NetworkProviderLoad
>>> Event \BaseNamedObjects\AtiExtEventGSNotificationEvent
>>> Event \BaseNamedObjects\jjCSCSharedFillEvent_UM_KM
>>> Event \BaseNamedObjects\hardwaremixercallback
>>> Event \BaseNamedObjects\WFP_IDLE_TRIGGER
>>> Event \BaseNamedObjects\Microsoft Smart Card Resource Manager Started
>>> Event \BaseNamedObjects\msgina: ReturnToWelcome
>>> Event \BaseNamedObjects\ThemesStartEvent
>>> Event \BaseNamedObjects\DINPUTWINMM
>>> Event \BaseNamedObjects\winlogon: machine GPO Event 70406
>>> Event \BaseNamedObjects\userenv: Machine Group Policy has been applied
>>> Event \BaseNamedObjects\userenv: machine policy refresh event
>>> Event \BaseNamedObjects\userenv: machine policy force refresh event
>>> Event \BaseNamedObjects\userenv: Machine Group Policy has been applied
>>> Event \BaseNamedObjects\userenv: Machine Group Policy ForcedRefresh
>>> Needs Foreground Processing
>>> Event \BaseNamedObjects\userenv: Machine Group Policy Processing is
>>> done
>>> Event \BaseNamedObjects\AgentExistsEvent
>>> Event \BaseNamedObjects\WkssvcToAgentStopEvent
>>> Event \BaseNamedObjects\WkssvcToAgentStartEvent
>>> Event \BaseNamedObjects\jjCSCSessEvent_UM_KM_0
>>> Event \BaseNamedObjects\AgentToWkssvcEvent
>>> Event \BaseNamedObjects\PCA_UnlockWksNotify
>>> Event \BaseNamedObjects\PCA_LockWksNotify
>>> Event \BaseNamedObjects\PCA_TAG_TEAM_0
>>> Event \BaseNamedObjects\SENS Started Event
>>> Event \BaseNamedObjects\userenv: user policy force refresh event
>>> Event \BaseNamedObjects\userenv: User Group Policy has been applied
>>> Event \BaseNamedObjects\userenv: User Group Policy has been applied
>>> Event \BaseNamedObjects\userenv: User Group Policy Processing is done
>>> Event \BaseNamedObjects\userenv: User Group Policy ForcedRefresh Needs
>>> Foreground Processing
>>> Event \BaseNamedObjects\userenv: user policy refresh event
>>> Event \BaseNamedObjects\winlogon: User GPO Event 483671
>>> Event \BaseNamedObjects\WlballoonLogoffNotificationEvent Name
>>> Event \BaseNamedObjects\AUTOENRL:TriggerUserEnrollment
>>> Event \BaseNamedObjects\CscCacheInitCompleteEvent
>>> Event \BaseNamedObjects\ShellReadyEvent
>>> Event \BaseNamedObjects\WlballoonLogoffNotificationEvent Name
>>> Event \BaseNamedObjects\mixercallback
>>> Event
>>> \BaseNamedObjects\00000000000a359c_WlballoonKerber osNotificationEventName
>>> File \Device\NamedPipe\TerminalServer\AutoReconnect
>>> File
>>> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
>>> File \Device\KsecDD
>>> File \Device\NamedPipe\InitShutdown
>>> File \Device\NamedPipe\InitShutdown
>>> File C:\WINDOWS\system32\dllcache
>>> File
>>> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
>>> File C:\WINDOWS\AppPatch
>>> File C:\Program Files\Common Files\Microsoft Shared\web server
>>> extensions\40\isapi\_vti_adm
>>> File C:\Program Files\Common Files\Microsoft Shared\web server
>>> extensions\40\_vti_bin\_vti_adm
>>> File C:\WINDOWS\system32
>>> File C:\WINDOWS\Help
>>> File C:\Program Files\Common Files\Microsoft Shared\web server
>>> extensions\40\isapi\_vti_aut
>>> File C:\Program Files\Common Files\Microsoft Shared\web server
>>> extensions\40\_vti_bin\_vti_aut
>>> File C:\WINDOWS\system32\inetsrv
>>> File C:\Program Files\Common Files\Microsoft Shared\web server
>>> extensions\40\bin
>>> File C:\WINDOWS\Fonts
>>> File C:\WINDOWS\system32\drivers
>>> File C:\Program Files\Common Files\Microsoft Shared\web server
>>> extensions\40\servsupp
>>> File C:\Program Files\Common Files\Microsoft Shared\web server
>>> extensions\40\bots\vinavbar
>>> File C:\Program Files\microsoft frontpage\version3.0\bin
>>> File C:\Program Files\Common Files\Microsoft Shared\web server
>>> extensions\40\_vti_bin
>>> File C:\Program Files\Common Files\Microsoft Shared\web server
>>> extensions\40\bin\1033
>>> File C:\Program Files\Common Files\Microsoft Shared\web server
>>> extensions\40\isapi
>>> File C:\WINDOWS
>>> File C:\Program Files\Common Files\Microsoft Shared\DAO
>>> File C:\Program Files\Windows Media Player
>>> File C:\Program Files\Common Files\System\msadc
>>> File C:\Program Files\Common Files\System\ado
>>> File C:\Program Files\Common Files\System\Ole DB
>>> File C:\WINDOWS\inf
>>> File C:\WINDOWS\system
>>> File C:\WINDOWS\msagent
>>> File C:\WINDOWS\msagent\intl
>>> File C:\Program Files\MSN Gaming Zone\Windows
>>> File C:\WINDOWS\PCHealth\HelpCtr\Binaries
>>> File C:\Program Files\NetMeeting
>>> File C:\WINDOWS\system32\drivers\disdn
>>> File C:\WINDOWS\ime\CHTIME\Applets
>>> File C:\WINDOWS\system32\wbem
>>> File C:\WINDOWS\system32\IME\CINTLGNT
>>> File C:\WINDOWS\system32\Com
>>> File C:\WINDOWS\system32\Setup
>>> File C:\WINDOWS\ime\IMJP8_1
>>> File C:\Program Files\Common Files\Microsoft Shared\Triedit
>>> File C:\Program Files\Windows NT
>>> File C:\Program Files\Common Files\System
>>> File C:\WINDOWS\system32\1033
>>> File C:\Program Files\Common Files\Microsoft Shared\web server
>>> extensions\40\admcgi\scripts
>>> File C:\Program Files\Common Files\Microsoft Shared\web server
>>> extensions\40\admisapi\scripts
>>> File C:\WINDOWS\system32\usmt
>>> File C:\WINDOWS\ime\IMKR6_1\Dicts
>>> File C:\WINDOWS\system32\mui\0009
>>> File C:\Program Files\Internet Explorer
>>> File C:\WINDOWS\ime\IMJP8_1\APPLETS
>>> File C:\WINDOWS\ime\IMKR6_1\Applets
>>> File C:\WINDOWS\system32\xircom
>>> File C:\Program Files\Internet Explorer\Connection Wizard
>>> File C:\Program Files\Common Files\Microsoft Shared\MSInfo
>>> File C:\WINDOWS\ime\IMKR6_1
>>> File C:\WINDOWS\ime\SHARED
>>> File C:\WINDOWS\system32\IME\PINTLGNT
>>> File C:\Program Files\Common
>>> Files\SpeechEngines\Microsoft\Lexicon\1033
>>> File C:\WINDOWS\Resources\Themes\Luna
>>> File C:\Program Files\Movie Maker
>>> File C:\WINDOWS\ime
>>> File C:\WINDOWS\srchasst
>>> File C:\Program Files\Outlook Express
>>> File C:\WINDOWS\system32\oobe
>>> File C:\Program Files\Common Files\MSSoap\Binaries
>>> File C:\Program Files\Common Files\MSSoap\Binaries\Resources\1033
>>> File C:\WINDOWS\mui
>>> File C:\WINDOWS\system32\npp
>>> File C:\WINDOWS\ime\SHARED\RES
>>> File C:\Program Files\Windows NT\Pinball
>>> File C:\WINDOWS\ime\CHSIME\APPLETS
>>> File C:\WINDOWS\system32\Restore
>>> File C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS\1033
>>> File C:\Program Files\Common Files\Microsoft Shared\Speech
>>> File C:\WINDOWS\Resources\Themes\Luna\Shell\NormalColor
>>> File C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead
>>> File C:\WINDOWS\Resources\Themes\Luna\Shell\Metallic
>>> File C:\WINDOWS\system32\wbem\snmp
>>> File C:\Program Files\Common Files\SpeechEngines\Microsoft
>>> File C:\Program Files\Common Files\Microsoft Shared\Speech\1033
>>> File C:\WINDOWS\PeerNet
>>> File C:\WINDOWS\system32\spool\drivers\color
>>> File C:\WINDOWS\system32\IME\TINTLGNT
>>> File C:\WINDOWS\Help\Tours\mmTour
>>> File C:\WINDOWS\PCHealth\UploadLB\Binaries
>>> File C:\Program Files\Common Files\Microsoft Shared\VGX
>>> File C:\WINDOWS\system32\wbem\xml
>>> File C:\Program Files\Windows NT\Accessories
>>> File C:\WINDOWS\system32\mui\0401
>>> File C:\WINDOWS\system32\mui\0404
>>> File C:\WINDOWS\system32\mui\0405
>>> File C:\WINDOWS\system32\mui\0406
>>> File C:\WINDOWS\system32\mui\0407
>>> File C:\WINDOWS\system32\mui\0408
>>> File C:\WINDOWS\system32\mui\040b
>>> File C:\WINDOWS\system32\mui\040C
>>> File C:\WINDOWS\system32\mui\040D
>>> File C:\WINDOWS\system32\mui\040e
>>> File C:\WINDOWS\system32\mui\0410
>>> File C:\WINDOWS\system32\mui\0411
>>> File C:\WINDOWS\system32\mui\0412
>>> File C:\WINDOWS\system32\mui\0413
>>> File C:\WINDOWS\system32\mui\0414
>>> File C:\WINDOWS\system32\mui\0415
>>> File C:\WINDOWS\system32\mui\0416
>>> File C:\WINDOWS\system32\mui\0419
>>> File C:\WINDOWS\system32\mui\041b
>>> File C:\WINDOWS\system32\mui\041D
>>> File C:\WINDOWS\system32\mui\041f
>>> File C:\WINDOWS\system32\mui\0424
>>> File C:\WINDOWS\system32\mui\0804
>>> File C:\WINDOWS\system32\mui\0816
>>> File C:\WINDOWS\system32\mui\0C0A
>>> File C:\WINDOWS\system32\mui\0402
>>> File C:\WINDOWS\system32\mui\0418
>>> File C:\WINDOWS\system32\mui\041a
>>> File C:\WINDOWS\system32\mui\041e
>>> File C:\WINDOWS\system32\mui\0425
>>> File C:\WINDOWS\system32\mui\0426
>>> File C:\WINDOWS\system32\mui\0427
>>> File C:\Program Files\xerox\nwwia
>>> File C:\WINDOWS\WinSxS
>>> File \Device\NamedPipe\SfcApi
>>> File \Device\NamedPipe\SfcApi
>>> File \Device\Tcp
>>> File \Device\Tcp
>>> File \Device\Ip
>>> File \Device\Ip
>>> File \Device\Ip
>>> File \Device\Afd\Endpoint
>>> File \Device\Udp
>>> File \Device\Afd\AsyncConnectHlp
>>> File
>>> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
>>> File \Device\LanmanRedirector
>>> File \Device\NamedPipe\winlogonrpc
>>> File
>>> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
>>> File \Device\NamedPipe\winlogonrpc
>>> File \Device\NamedPipe\winlogonrpc
>>> File \Device\KSENUM#00000001\{9B365890-165F-11D0-A195-0020AFD156E4}
>>> File C:\WINDOWS\system32
>>> Key HKCR
>>> Key HKLM\SYSTEM\ControlSet001\Control\Nls\Locale
>>> Key HKLM\SYSTEM\ControlSet001\Control\Nls\Locale\Alter nate Sorts
>>> Key HKLM\SYSTEM\ControlSet001\Control\Nls\Language Groups
>>> Key HKCR
>>> Key
>>> HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parame ters\Protocol_Catalog9
>>> Key
>>> HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parame ters\NameSpace_Catalog5
>>> Key HKLM\SOFTWARE\Microsoft\Windows
>>> NT\CurrentVersion\Winlogon\Notify\crypt32chain
>>> Key HKLM\SOFTWARE\Microsoft\Windows
>>> NT\CurrentVersion\Winlogon\Notify\cryptnet
>>> Key HKCR\CLSID
>>> Key HKLM\SOFTWARE\Microsoft\Windows
>>> NT\CurrentVersion\Winlogon\Notify\sclgntfy
>>> Key HKLM\SYSTEM\ControlSet001\Control\Lsa
>>> Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
>>> Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
>>> Key HKLM\SYSTEM\Setup
>>> Key HKLM\SOFTWARE\Microsoft\Windows
>>> NT\CurrentVersion\Winlogon\Credentials
>>> Key HKU
>>> Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
>>> Key HKU
>>> Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Linkage
>>> Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameter s
>>> Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameter s\Interfaces
>>> Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameter s
>>> Key HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet
>>> Settings
>>> Key HKLM
>>> Key HKLM\SYSTEM\ControlSet001\Control\NetworkProvider\ HwOrder
>>> Key HKLM\SOFTWARE\Microsoft\Windows
>>> NT\CurrentVersion\Winlogon\Notify\WgaLogon
>>> Key HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoa m\MUICache
>>> Key HKCU
>>> Key HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoa m
>>> Key HKU\.DEFAULT
>>> Key HKCR
>>> Key HKCR
>>> Key HKCR
>>> Key HKLM\SOFTWARE\Microsoft\COM3
>>> Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
>>> Key HKLM\SOFTWARE\Microsoft\COM3
>>> Key HKLM\SOFTWARE\Microsoft\COM3
>>> Key HKU
>>> Key HKU
>>> Key HKLM\SOFTWARE\Microsoft\COM3
>>> Key HKCR
>>> Key HKLM\SOFTWARE\Microsoft\COM3
>>> Key HKLM\SOFTWARE\Microsoft\COM3
>>> Key HKCR
>>> Key HKCR
>>> Key HKCR\CLSID
>>> Key HKCR
>>> Key HKCR
>>> Key HKCR
>>> Key HKCR
>>> Key HKCR
>>> Key HKCR
>>> Key HKCR
>>> KeyedEvent \KernelObjects\CritSecOutOfMemoryEvent
>>> Mutant \BaseNamedObjects\userenv: machine policy mutex
>>> Mutant \BaseNamedObjects\userenv: Machine Registry policy mutex
>>> Mutant \BaseNamedObjects\userenv: user policy mutex
>>> Mutant \BaseNamedObjects\userenv: User Registry policy mutex
>>> Mutant \BaseNamedObjects\SingleSesMutex
>>> Mutant \BaseNamedObjects\winlogon: Logon UserProfileMapping Mutex
>>> Mutant \BaseNamedObjects\ShimCacheMutex
>>> Mutant \BaseNamedObjects\WPA_PR_MUTEX
>>> Mutant \BaseNamedObjects\WPA_RT_MUTEX
>>> Mutant \BaseNamedObjects\WPA_LT_MUTEX
>>> Mutant \BaseNamedObjects\WPA_HWID_MUTEX
>>> Mutant \BaseNamedObjects\WPA_LICSTORE_MUTEX
>>> Port \RPC Control\sclogonrpc
>>> Port \RPC Control\IUserProfile
>>> Port \RPC Control\OLE273DB90569D049E7BB5A549E0AAA
>>> Process services.exe(1280)
>>> Process lsass.exe(1292)
>>> Section \BaseNamedObjects\ShimSharedMemory
>>> Section \BaseNamedObjects\Debug.Memory.4d4
>>> Section \BaseNamedObjects\WDMAUD_Callbacks
>>> Section \BaseNamedObjects\mmGlobalPnpInfo
>>> Semaphore
>>> \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
>>> Semaphore
>>> \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
>>> Semaphore
>>> \BaseNamedObjects\shell.{7CB834F0-527B-11D2-9D1F-0000F805CA57}
>>> Thread winlogon.exe(1236): 1240
>>> Thread winlogon.exe(1236): 1644
>>> Thread winlogon.exe(1236): 3668
>>> Thread winlogon.exe(1236): 1240
>>> Thread winlogon.exe(1236): 1260
>>> Thread winlogon.exe(1236): 2404
>>> Thread winlogon.exe(1236): 1268
>>> Thread winlogon.exe(1236): 1276
>>> Thread winlogon.exe(1236): 1288
>>> Thread winlogon.exe(1236): 1380
>>> Thread winlogon.exe(1236): 1380
>>> Thread winlogon.exe(1236): 1384
>>> Thread winlogon.exe(1236): 1388
>>> Thread winlogon.exe(1236): 1420
>>> Thread winlogon.exe(1236): 1524
>>> Thread winlogon.exe(1236): 2448
>>> Thread winlogon.exe(1236): 2212
>>> Thread winlogon.exe(1236): 1272
>>> Thread winlogon.exe(1236): 2208
>>> Thread winlogon.exe(1236): 2004
>>> Thread winlogon.exe(1236): 1644
>>> Thread winlogon.exe(1236): 2212
>>> Thread winlogon.exe(1236): 3516
>>> Thread winlogon.exe(1236): 2220
>>> Thread winlogon.exe(1236): 1644
>>> Thread winlogon.exe(1236): 2220
>>> Thread winlogon.exe(1236): 2140
>>> Thread winlogon.exe(1236): 2676
>>> Thread winlogon.exe(1236): 1644
>>> Thread winlogon.exe(1236): 2404
>>> Thread winlogon.exe(1236): 2216
>>> Thread winlogon.exe(1236): 2404
>>> Thread winlogon.exe(1236): 3216
>>> Thread winlogon.exe(1236): 328
>>> Thread winlogon.exe(1236): 2404
>>> Thread winlogon.exe(1236): 3492
>>> Timer \BaseNamedObjects\userenv: refresh timer for 1236:1644
>>> Timer \BaseNamedObjects\AUTOENRL:MachineEnrollmentTimer
>>> Timer \BaseNamedObjects\userenv: refresh timer for 1236:2404
>>> Timer \BaseNamedObjects\AUTOENRL:UserEnrollmentShellTime r
>>> Timer \BaseNamedObjects\AUTOENRL:UserEnrollmentTimer
>>> Token domain\phil:a359c
>>> Token NT AUTHORITY\NETWORK SERVICE:3e4
>>> Token NT AUTHORITY\SYSTEM:3e7
>>> Token NT AUTHORITY\SYSTEM:3e7
>>> Token NT AUTHORITY\SYSTEM:3e7
>>> Token domain\phil:a359c
>>> Token domain\phil:a359c
>>> Token domain\phil:a359c
>>> Token domain\phil:a359c
>>> Token domain\phil:a359c
>>> Token NT AUTHORITY\SYSTEM:3e7
>>> WindowStation \Windows\WindowStations\WinSta0
>>> WindowStation \Windows\WindowStations\WinSta0n
>>>
>>> Is there a fix for this or a way to calm winlogon.exe down? It doesn't
>>> seem to matter how long my session uptime is either since this was only
>>> three days old.
>>>
>>> Thank you in advance. :)
--
Phillip Pi
Senior Software Quality Assurance Analyst
ISP/Symantec Online Services, Consumer Business Unit
Symantec Corporation
www.symantec.com
-----------------------------------------------------
Email: phillip_pi@symantec.comSYMC (remove SYMC to reply by e-mail)
-----------------------------------------------------
Please do NOT e-mail me for technical support. DISCLAIMER: The views
expressed in this posting are mine, and do not necessarily reflect the
views of my employer. Thank you.
Reply With Quote

 
Old 07-14-2008, 12:30 PM