Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

winlogon.exe - application error


  • This topic is locked This topic is locked
2 replies to this topic

#1 cemoore1

cemoore1

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 06 July 2011 - 06:50 PM

I have a Win7 Dell machine at work that has been giving me issues. It will freeze up for no reason during the day and when I try to access the machine from home through VPN and RDP - there is a failure to connect. I have updated the bios, updated all of the hardware drivers, Win7 is up to date, Microsoft Secutiry Essentials is green and happy, I have ran CCleaner, I have cleaned the registry, I have done everything I can think to do. I can not do a restore to a previous point because I believe CCleaner cleared them out. Today I received the winlogon.exe - application error and it froze the machine. I ran HIJACKTHIS and here is the log file:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:19:22 PM, on 7/6/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\PaperMaster Pro 7.0\J2GDllCmd.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe
C:\Users\deana.TBS\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Installation Diagnostics] "C:\Program Files\Brother\Brmfl06d\Brinstck.exe" /I MFC-9450CDN LAN
O4 - Startup: PaperMaster Live Menu 7.0.lnk = C:\Program Files\PaperMaster Pro 7.0\J2GDllCmd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O15 - Trusted Zone: *.ams-benefits.com
O15 - Trusted Zone: *.ams-services.com
O15 - Trusted Zone: *.ams-support.com
O15 - Trusted Zone: *.ams360.com
O15 - Trusted Zone: *.amsservices.com
O15 - Trusted Zone: *.prevailnetwork.com
O15 - Trusted Zone: *.vertafore.com
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://vertaforesupport.webex.com/client/wbs27-vzbprodcn/support/ieatgpc1.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = trianglebenefitservices.local
O17 - HKLM\Software\..\Telephony: DomainName = trianglebenefitservices.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DDEEFAE-1581-4DA7-A8F6-5E3F5896D0BC}: NameServer = 192.168.200.2,192.168.200.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = trianglebenefitservices.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{8DDEEFAE-1581-4DA7-A8F6-5E3F5896D0BC}: NameServer = 192.168.200.2,192.168.200.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = trianglebenefitservices.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{8DDEEFAE-1581-4DA7-A8F6-5E3F5896D0BC}: NameServer = 192.168.200.2,192.168.200.1
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe

--
End of file - 5160 bytes


Does anyone see a problem or can anyone offer a suggestion other than reinstalling the whole machine.

Thank you!

Edited by hamluis, 07 July 2011 - 09:20 AM.
Moved from Win 7 to Malware Removal Logs.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:52 PM

Posted 23 July 2011 - 10:24 AM

Hi,

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:52 PM

Posted 29 July 2011 - 09:04 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users