Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Winlogon.exe encountered a problem and needed to close.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Winlogon.exe encountered a problem and needed to close.

Unread postby irene64 » March 18th, 2007, 11:36 am

A major problem that I have been having for some months now is that I cannot restart my computer. I get a message:

Winlogon.exe encountered a problem and needed to close.
(I thought it was related to the coolWWWSearch.leftovers) I got rid of recently.
CPU also does not turn off - only my monitor shuts down.

A few days back, on starting the computer, a window pop up alert wrote:
Data Execution Prevention
To help protect your computer, Windows has closed this program:
Indexing Service filter daemon

Help would be greatly appreciated!!!
Panda
Incident Status Location

Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.5.inf
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
Potentially unwanted tool:application/myway Not disinfected hkey_classes_root\clsid\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\CITIZEN B.SIK-4MRPMM81QT3\Application Data\Mozilla\Firefox\Profiles\skc25go3.default\cookies.txt[.2o7.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\CITIZEN B.SIK-4MRPMM81QT3\Application Data\Mozilla\Firefox\Profiles\skc25go3.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\CITIZEN B.SIK-4MRPMM81QT3\Application Data\Mozilla\Firefox\Profiles\skc25go3.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\CITIZEN B.SIK-4MRPMM81QT3\Application Data\Mozilla\Firefox\Profiles\skc25go3.default\cookies.txt[.atwola.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\CITIZEN B.SIK-4MRPMM81QT3\Application Data\Mozilla\Firefox\Profiles\skc25go3.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\CITIZEN B.SIK-4MRPMM81QT3\Application Data\Mozilla\Firefox\Profiles\skc25go3.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CITIZEN B.SIK-4MRPMM81QT3\Application Data\Mozilla\Firefox\Profiles\skc25go3.default\cookies.txt[.com.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\CITIZEN B.SIK-4MRPMM81QT3\Application Data\Mozilla\Firefox\Profiles\skc25go3.default\cookies.txt[.overture.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\CITIZEN B.SIK-4MRPMM81QT3\Application Data\Mozilla\Firefox\Profiles\skc25go3.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\CITIZEN B.SIK-4MRPMM81QT3\Application Data\Mozilla\Firefox\Profiles\skc25go3.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\CITIZEN B.SIK-4MRPMM81QT3\Application Data\Mozilla\Firefox\Profiles\skc25go3.default\cookies.txt[.weborama.fr/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\CITIZEN B.SIK-4MRPMM81QT3\Application Data\Mozilla\Firefox\Profiles\skc25go3.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\CITIZEN B.SIK-4MRPMM81QT3\Application Data\Mozilla\Firefox\Profiles\skc25go3.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\CITIZEN B.SIK-4MRPMM81QT3\Application Data\Mozilla\Firefox\Profiles\skc25go3.default\cookies.txt[server.iad.liveperson.net/hc/73403369]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\CITIZEN B.SIK-4MRPMM81QT3\Application Data\Mozilla\Firefox\Profiles\skc25go3.default\cookies.txt[www.myaffiliateprogram.com/]

Logfile of HijackThis v1.99.1
Scan saved at 9:17:13 AM, on 16-Mar-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FAPIEXE.EXE
C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
C:\WINDOWS\LogWatNT.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\CA\eTrust\InoculateIT\Realmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\LevelOne\Common\RaUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (disabled by BHODemon)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (disabled by BHODemon)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CallControl 4.5] C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe /autoload
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [realmon] C:\Program Files\CA\eTrust\InoculateIT\Realmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: LevelOne Wireless Utility.lnk = C:\Program Files\LevelOne\Common\RaUI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} - http://sp.ask.com/docs/toolbar/download/AskBar-inst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1097604704472
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: eTrust InoculateIT RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
O23 - Service: eTrust InoculateIT Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
O23 - Service: eTrust InoculateIT Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
irene64
Active Member
 
Posts: 3
Joined: March 18th, 2007, 11:28 am
Advertisement
Register to Remove

Unread postby tashi » March 18th, 2007, 12:04 pm

Hello.

Where do you wish to be assisted: http://forums.spybot.info/showthread.php?t=12258
User avatar
tashi
Visiting Staff
 
Posts: 2845
Joined: February 11th, 2005, 6:44 pm

Winlogon.exe encountered a problem and needed to close.

Unread postby irene64 » March 19th, 2007, 5:01 am

whoever - any help I can get, I'd appreciate it immensely. have a great day.
irene64
Active Member
 
Posts: 3
Joined: March 18th, 2007, 11:28 am

Winlogon.exe encountered a problem and needed to close.

Unread postby irene64 » March 20th, 2007, 4:39 am

I got your site from Spybot forum. I obviously thought I could use both. Is there a problem?
irene64
Active Member
 
Posts: 3
Joined: March 18th, 2007, 11:28 am

Unread postby NonSuch » April 3rd, 2007, 3:32 am

I'm sorry, you seem to have received help from neither site at which you posted. If you still require help. Please post a fresh HijackThis log in a new topic at one forum or another.

While we appreciate that you very likely posted at multiple forums in order to ensure a response, that only serves to tie up the time of multiple helpers who could be using that time to help someone else who also has problems. Although there are many forums that handle HijackThis logs, there are not so many helpers; most of us help out at several forums.

In addition, the results may not work out so well when you're following different instructions from different helpers. They may suggest different approaches for the same problem, all of which may be good; however, system conflicts may arise if different fixes for the same problem are applied simultaneously.

In the future, for your sake as well as ours, please refrain from requesting help from multiple forums. Choose one, and stick with that one until they've resolved your problem.

This topic is now closed.

You can help support this site from this link :
Donations For Malware Removal
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27221
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware