Computer Support Forum

Winlogon process using 100% cpu (urgent)

Question: Winlogon process using 100% cpu (urgent)

A few hours ago, my computer started running extremely slow. Every few seconds the computer freezes (i can still move the mouse around but not do anything else). So, ctrl-alt-del, i see the winlogon.exe is using 99-100% of the cpu. Apart from that, it is using about 3-4mb of memory whereas just after i reboot it uses about 700kb. Also, though i'm not sure about this, the process priority is set to High as well as the csrss.exe process.

This afternoon I was playing Battlefront 2. Everything was fine, but then it stated to jerk badly. So i quit to windows, and as i clicked on the button, the pc reset itself with a brief blue screen of death before going to black. I discovered all of the above after the reset.
I'm still, at this moment, trying to use my pc. It is proving to be virtually impossible.

I am desperate, i've been forum hopping (with difficulty), and everybody either talks a lot of junk/implies a virus/trojan etc...

I have AntivirXP Personal Edition, Xoftspy, Spybot S&D all updated with the current definition files. I ran all three and they came back with no results.

I suspect a virus, because i have no idea what else it can be, and i have no clue what sparked it off. I have measured a great deal of self-control not including expletives in this post, I will be greatly appreciative if someone could help me fix this.

Relevance 100%
Preferred Solution: Winlogon process using 100% cpu (urgent)

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Winlogon process using 100% cpu (urgent)

15 more replies
Relevance 57.81%


By chance, in Windows 8, there are some registry keys and entries that allow to customize the winlogon process during the logoff of the users sessions and during the system restart or shutdown?



Answer:Customize the winlogon process

By chance, in Windows 8, there are some registry keys and entries that allow to customize the winlogon process during the logoff of the users sessions and during the system restart or shutdown?

For what specific purposes?

There are many registry entries that influence these processes but they are not intended for casual use. Many of these settings are hidden in the registry for a good reason, to prevent modification by people who do not understand the implications and cause serious harm in the process.

3 more replies
Relevance 57.81%

I was given a laptop with XP with no SP's installed or any AV, after logging on with the Admin user after about 30-45 seconds winlogon goes to 99% cpu usage and the system is nothing but a paper weight at that point.
After first logging on I get a message stating that the registry editor has been disabled, also "unable to load LUFUYUKO.DLL module not found.
As mentioned the computer is worthless, no networking capability, won't recognize anything on the USB port, can't run Spybot, HJT etc.
Thought I'd try this forum before reformatting and reloading XP.

Thanks Much

Answer:winlogon process 99% cpu usage

Hello -

With as many symptoms you've described this machine is showing, and since it was not originally yours, I would be inclined to format and start over. No SPs. No AV. Lack of core functions. All this points to a format and clean install being the best solution.

No this a legit OS? There's no reason in 2009 for an XP machine to be at at least Service Pack 2.

2 more replies
Relevance 57.81%

I'm looking for a complete list of the registry keys and entries
to customize the winlogon process in Windows 8.


More replies
Relevance 56.58%

I think I just got a virus today. I was browsing through a forum and all of a sudden, a file named "getfile.pdf" automatically opens! First I was going to simply ignore it but the pdf doesn't open completly and Adobe PDF reader hangs... maybe it was just a bug in adobe reader but maybe, with a low chance, it could have been a local Adobe reader exploit. So I fired up IceSword and saw a new connection established in the WinLogon.exe process! It was connected to so I did a simple lookup on the IP address and it said
source: APNIC
inetnum: -
netname: SINNET
descr: Beijing GuangHuanXinWang Digital Technology Co. Ltd
descr: National Internet Registry
descr: Dongcheng District Beijing
descr: Fengtai District Beijing
descr: Dongcheng District Beijing
country: CN

Connected to somewhere in China. Not such a good sign.
I did another reverse domain name look up and the result :
The IP-address is known as: 1688u 51t51 920world Aktkd Cqzj Csjnc Dingzhou Dtlxgs Dzhydq Fang6 Fjadx Flydreams Foot521 Fxxt
f... Read more

More replies
Relevance 56.58%

Logfile of HijackThis v1.99.1Scan saved at 5:07:03 PM, on 3/30/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exeC:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exeC:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exeC:\WINDOWS\system32\ZoneLabs\avsys\Monitor.exeC:\WINDOWS\system32\drwtsn32.exeC:\WINDOWS\system32\spoolsv.exeC:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exeC:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exeC:\ARQUIV~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\system32\oodag.exec:\WINDOWS\system32\o2flash.exeC:\Arquivos de programas\Inte... Read more

Answer:Drwatson Wanna Open Winlogon.exe Process

Hello pidr1nhu and welcome to the BC HijackThis forum. The only thing I see int he log is a missing file for Webroot Spysweeper that is leftover from a previous installation that was not removed when the application was removed. Let's get rid of that.Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.Other than that the log is clean. Drwatson is a Microsoft application that reports on system errors. In most instances these system errors are not caused by malware but rather conflicts with installed applications and the system. I suggest posting a quesiton in the XP forum here: . They can assist in alanyzing the errors and making any recommendations to resolve the issue. Let them know that you have been to this forum and that no malware was found.Cheers.OT

1 more replies
Relevance 55.76%


i get occasional blue screen with stop c000021a (Fatal System Error) Windows Logon Process System Process Terminated when windows start, but after i switch it off for 10 sec and then switch it back on it starts normal??? i was thinking this might be due to my recent vundo trojan attack that was removed (thanks to this site)

another thing is when i do a scan on using Avira i get two hidden objects on my rootkit processes

HKEY_USERS\S-1-5-21-1606980848-1770027372-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1FBFD3FC-90FF-AAD1-D5E9-59CA72D46E09}\abbinmjogjdkmihhjolipibcjijemfalji
[INFO] The registry entry is invisible.
HKEY_USERS\S-1-5-21-1606980848-1770027372-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1FBFD3FC-90FF-AAD1-D5E9-59CA72D46E09}\bbbinmjogjdkmihhjociolacjepiafmkmjgb
[INFO] The registry entry is invisible.
'329146' objects were checked, '2' hidden objects were found.

and i dont know if this might be causing the problems or what?

Answer:Hidden Objects And Occasional Bsod Winlogon Process

Hello and welcome. I am deleting the other post as a duplicate. Please run this scan...Rootkits are a dangerous item,I will give you more on that after the scan.Is this an XP machine?Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' ... Read more

4 more replies
Relevance 54.53%


We have some sort of malware which I attributed to the Confickr worm because it blocked any site with in the url, or common security busting sites in the url (including this one!), but the issue was not found when I eventually managed to try tools to remove it.

We were using Kaspersky Internet Security, but this stopped working, and I now believe this was due to the malware getting on the system, because we have been unable to get it to work again despite several uninstalls and reinstalls with registry cleans etc. in between.

I have managed to whittle down to a process running at boot using the valid svchost.exe file but no extended instructions in the command line such that there are two versions showing in Task Manager, one legitimate, one not. This I established by using AutoRuns and ProcessManager of Sysinternals Suite, via which I can suspend the problematic version of the process, and delete one version of the problematic startup entry and edit the userinit back to it's original state.

However, I have no idea how to remove the process from running at boot and do not want to get us locked out of the system by deleting the svchost.exe file on the next reboot, but think that there is something else calling up the initial process in the first place.

Any ideas?

Answer:Userinit Winlogon SvcHost process hijacked (and blocks cleanup attempts)

Below is a copy of the current Trend Micro HijackThis log, where the main thing you will notice that should not be there is where the UserInit entry contains the additional instruction pointing to jbaadiuj.exe which is a entry and process that keeps re-creating itself, and appears a few times in the log... and I have attached a copy of the StartupList also configured via HijackThis...[attachment=113779:startuplist 2011-12-12_1.txt]...
Running processes:
D:\Program Files\Toshiba\Power Saver\TPwrMain.exe
D:\Program Files\Toshiba\SmoothView\SmoothView.exe
D:\Program Files\Toshiba\Utilities\KeNotify.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\Program Files\Citrix\ICA Client\concentr.exe
D:\Program Files\Toshiba\FlashCards\TCrdMain.exe
D:\Program Files\Windows Sidebar\sidebar.exe
D:\Program Files\GPSoftware\Directory Opus\dopus.exe
D:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
D:\Program Files\Toshiba\TOSCDSPD_CD-DVD Drive Acoustic Silencer\TOSCDSPD.exe
D:\Windows\System32\taskmgr.ex... Read more

35 more replies
Relevance 50.02%

Apologies - the Urgent in this is only because I'm unsure whether any action may need to be done before I close down in about 6 hours or so.

Basically my problem began in Picasa 3 where I watched a short vid then decided to change the filename. That done I closed the preview & went back to the main program where I discovered that Picasa had somehow decided I wanted the entire folder of images renamed so it has worked through the 500+ images and renamed each one as Filename001, Filename002, Filename003 and so on which as you can appreciate is now causing somewhat of a major headache for me. It would take me a good few hours I would rarely have to go through and rename each one manually, so my question basically is - is there any method or program that can undo the action as I can't find any means of doing so from within Picasa. All other options I've found in my searches are mainly to achieve pretty much the same i.e. bulk rename as Name1, Name2 etc so are of little help.

Anyone any suggestions what else I could try?

Answer:Urgent help needed - how to revert a bulk image name process?

I assume you don't have a Backup to fall back on. I use these two bulk renaming tools. You can see if they help. This is drop dead simple to use -
This one has a more complicated interface but a couple other options -

3 more replies
Relevance 49.61%

Hello guys i need help!!! i accidentaly clicked on the Next Button and start the process from the ASUS Preload Wizard!!! i basically wanted to start windows in safe mode but when i do that, this Recovery Wizard just poped i click on Recover Windows to entire HDwith two partitions...i havent read the WARNING and the process started to 1 pecent...then i realized that somethings was wrong and i turned off the laptop inmediatly because my goalwas to only logn in the safe mode..what can i do to normally start windows?!?!?!?!?!?! or i just fu*k everything and lost all my data!?!?!?!?!?

Answer:URGENT!!!!!!!!!!Windows Recovery Wizard Process Started by Accident

Try to boot in the normal fashion. If you cannot try this
If you create a recovery DVD, you may be able to boot to recovery options
Create Recovery DVD

The Vista recovery disk is used to boot Vista when it won't boot - to run Startup Repair, System Restore, access a Command Line, Recover using a Vista Backup Image, etc.
System Recovery Options. Choose an option tht will not cause you to lose your stuff.

If Vista will not start now, boot the Recovery CD to run Startup Repair which automates System Restore as well as numerous other tests including System File Checker which can repair system files which are not corrupted beyond repair.

If Vista still will not start, try booting into Safe Mode to run sfc /scannow to repair System files.
Special Thanks Given to Seven Forums.

Below is a bulletin distributed by MS to explain the start up procedure when Windows will not boot.
Startup Repair. Startup Repair is a Windows recovery tool that can fix certain problems, such as missing or damaged system files, that might prevent Windows from starting. Startup Repair is located on the System Recovery Options menu, which is on the Windows Vista installation disc. If your computer has preinstalled recovery options, it might also be stored on your computer's hard disk. For more information, see Startup Repair: frequently asked questions and What are the system recovery options in Windows Vista? If your computer does not include Startup Repair, your computer manufacturer might... Read more

13 more replies
Relevance 47.15%

Hello Sir,

Yesterday, my HDD broke down and I had changed new HDD and got new XP installed.
When I tried Windows Update, I got the message " you may be a victum of counterfeit XP" everytime I turn on my notebook. Anyway I still can use it with the option "resolve it later" but when I turn off, it doesn't turn off for an hour and I have to turn of by pressing power button all the time now.

I'm a seaman without computer knowledge and I'm now stuck in a hotel waiting to join ship and I can't even go back to the computer shop where I changed my HDD and new XP.
One of my friends advised me to check virus with free Kaspersky software online and I found any sign of viruses.

So, you are my only hope to solve my problem now.
Please help me.
Thanks in advance.

Troubled user.

Answer:winlogon.exe encountered a problem and needed to close. Error signature : szAppName:winlogon.exe szAppVer0.0.0.0 szModName:n...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 40.18%

so i got my gts, and was gonna just install it, then i wanted to clean some wires and install another case fan.
Next thing you know...the yelow sata cable is not attached to the hdd, i take alook and...THE BLACK THING IS GONE...only the pins are there.

WTF WTF WTF should i do???? I cant afford to loose ANY DATA.
All my music, movies, games, GAMES SAVES, ETC ETC.

IDK HOW IT BROKE, pls in desperate need here.
I need someway to get the data out...idc about the hdd, i need the data..i can get an rma for the hdd but i need that data.

Im on way way to bb to get a 320gb sata hdd for 60 bucks..yeah i know...great deal.

But pls..ill even pay someone to do this.
Im having hope on you apok, your good with this stuff.

thank you so much.

Answer:Big Big Urgent Urgent Urgent Help Needed...plssssss

What broke? Can you provide pics? But really, the chance of data loss should be low if you just leave it alone and fix it when you are given instructions.

9 more replies
Relevance 38.54%

My desktop computer, upon boot-up, shows this message:

"CMOS/GPNV Checksum bad
CMOS Date/Time Not Set"

Thank you for any help

This post is part of my college assignment on troubleshooting and repair so I only need a very vague answer just as proof that I have used a forum to ask the question. After you have answered I will edit this part out.

Thank you in advance,

Jordan Reynolds

Answer:Urgent computer problem (urgent as for college assignment, details inside)


Originally Posted by Jordan101644

This post is part of my college assignment on troubleshooting and repair

We don't answer school questions, you have to do that yourself.


Originally Posted by Jordan101644

just as proof that I have used a forum to ask the question.

Your original post is proof that you used a forum to ask the question.

Thread Closed

1 more replies
Relevance 38.13%

Hey Guys and Gurus, Can anybody tell 800 MHz DDR2 works on 3000 y410 or not? My config is below:Core2Duo 1.;86 GHz1GB DDR2 533/667 MHz (Which one I? not sure...!!) DRAM with Dual Channel160 GB SATA HDDIntel 965 Series M/B............................................................................................................ Recently I have tried with a 800 MHz 2GB DDR2 along with my existing 1GB, it:a. Shows well of 3 GB in the BIOSb. Couldn see the BUS Speed as there is no option for that in the Phoniex BIOSc. Problem arises with my existing Windows 7 that was running well before I installed the new 2GB but now it JUST stopped working....Simply it boots up but shows various error masseges which are related to memory locations. The reseaons I thought over is maybe......    1.  Windows 7, onced installed issues all instructions to the memory locations for what it boots up faster than Windows VIsta literally...    2. As my Windows 7 was installed with 1GB RAM installed in the system, thus new config or changes in the memory locations are creating problems to the OS In this condition I? totally helpless.... Seeking help and suggestions and technical informations regarding this RAM issue......It? really URGENT...........................................PLZ HELP ME OUT..................................................... NOTE : Advanced Thnx to the suggestions and comments.......

Answer:URGENT !!! 800 MHz DDR2 2GB Works on 3000 Y410???? URGENT !!! Please help......

You need to test your new memory setup.While the combo of 800 memory and slower memory ispossible, not all combinations work correctly. Search web for memtest86 or memtest86+ You will need to make a bootable cd, or usb stick and boot from that.Let memtest run for a couple of passes at least, unlesserrors show up. Then you know the chips will not work together.

2 more replies
Relevance 38.13%

OK So I was installing something and Avira popped up and said it found a virus, I went deny access, around about 5 seconds latter the same thing came up for the same file, this went on about ten times and then I saw a BSOD screen for about 1/2 a second then my computer rebooted, Now its stuck in a BSOD then reboot loop, I pressed F8 and turned on Don't reboot after error and I got the error code which is: STOP: 0x0000024 I looked up the code it was the NTFS_FILE_SYS Error Code It said to run chkdsk /r and it said Another Process is using the drive, Cannot do chkdsk. Would you like to do chkdsk at next boot? I said Y for yes, Problem is, The BSOD is in the way so it can't do the chkdsk, Please help.

all who help

Answer:*URGENT* Blue screen of death problem *URGENT*

shes a gonner
if you want to save some of your data you might be able to access your hardrive from an another computor and then reinstall in your computor and format

4 more replies
Relevance 38.13%


I have recently noticed that i am missing alot of disk space i have a 160gb hd (actual size 149gb) divided into 2 partitions a primary drive (Windows 25gb) and a extended partition (123 GB). I am missing 10gb of space on my Primary drive and 6gb on my extended partition. I mean misisng by when i higlight all the data in my c:/d: drive it shows 4gb on C and 7Gb on D but when i go to disk properties or disk manager it shows i have used twice the amount of space. I have hidden files shown and i do not have any norton product installed. I have ZoneALarm and System Mechanic.

My computer is a Hpdx5150:

250w psu
Amd AThlon 64 3000+ (1.79ghz) cpu
Ati XPress 200 mobo
Nvidia 7600 GS gpu
1.25 gb ram
Microsoft WIndows XP Pro SP3.

PLease Help,

Answer:Urgent! Missing Space on Hard Drive!!Urgent!

Using SequoiaView and other progarms i can't ind anything to show where the space has gone!

12 more replies
Relevance 38.13%

Hello I had viruses on my Acer Aspire 5024WLMI so I stopped them running on startup via MSCONFIG and also deleted the registrys that came up from the search I did. One of the registrys I most assume userinit.exe got deleted and now when i start my system it automatically logs me off when I log on. I have tryed everything I can think of, booting from CD windows xp installed, booting from USB a bootable registry editor so I can make userinit.exe run again. When I boot from either CD or USB I have no option to press any key to load the application. I have tryed reordering boot prioreties and using F12 for advanced boot and non of that works. Please someone help me I need this fixed urgently :(. Thanks in advance.


More replies
Relevance 37.72%

Hello all. I've tried several things to no avail. I need some extra help.A friends PC is getting this error: STOP: c000021a [fatal system error]Windows Logon Process system process terminated unexpectedly with a status of 0x00000080' (0x00000000 0x00000000).The System has been shut down.What occurred before this error popped up:1. Upgraded dvd43 software, booted, and this error came up.I have tried multiple things.1. Ran the bootfix2. Tried the Recovery Console with their diagnostics3. Tried to get to Safe Mode and it will not load, goes back to this message.4. Tried to overlay the XP image (refresh it), no avail, back to the same message.I haven't found anything on the web that can help me so far. Looking to take the next step and ask for help.

Answer:Windows Logon Process system process terminated unexpectedly with a status of 0x00000080

0xC000021A: STATUS_SYSTEM_PROCESS_TERMINATEDThis occurs when Windows switches into kernel mode and a user-mode subsystem, such as Winlogon or the Client Server Runtime Subsystem (CSRSS), is compromised. Security can no longer be guaranteed. Because Win XP can?t run without Winlogon or CSRSS, this is one of the few situations where the failure of a user-mode service can cause the system to stop responding. This Stop message also can occur as a result of malware infestation or when the computer is restarted after a system administrator has modified permissions so that the SYSTEM account no longer has adequate permissions to access system files and folders.I've never gotten this particular error...but if I did, i would treat it as a malware situation until proven otherwise.Louis

3 more replies
Relevance 37.72%

Advanced cyberattacks emphasize stealth and persistence: the longer they stay under the radar, the more they can move laterally, exfiltrate data, and cause damage. To avoid detection, attackers are increasingly turning to cross-process injection.

Cross-process injection gives attackers the ability to run malicious code that masquerades as legitimate programs. With code injection, attackers don?t have to use custom processes that can quickly be detected. Instead, they insert malicious code into common processes (e.g., explorer.exe, regsvr32.exe, svchost.exe, etc.), giving their operations an increased level of stealth and persistence.

Windows Defender Advanced Threat Protection (Windows Defender ATP) uncovers this type of stealth attack, including ones that use newer forms of injection. In Windows 10 Creators Update, we enhanced Windows Defender ATP?s instrumentation and detection of in-memory injection methods like process hollowing and atom bombing.

Windows Defender ATP is a post-breach solution that alerts security operations (SecOps) teams about hostile activity. As the nature of attacks evolve, Windows Defender ATP continues to advance to help SecOps personnel detect and respond effectively to attacks.

This blog post is the next in a series of blogs about how Windows Defender ATP detects code injection techniques. We tackle process hollowing and atom bombing attacks to illustrate how Windows Defender ATP detects a broad spectrum of nefarious activity, from commodi... Read more

More replies
Relevance 37.72%


I've got a quicklaunch shortcut to:

%windir%\explorer.exe shell:::{323CA680-C24D-4099-B94D-446DD2D7249E}

That takes me straight to my explorer favourites. What I notice is that when I launch that, I get a new explorer.exe thread appear in the task manager. When I close it though, that thread remains active. It's not doing anything, but it's still there. Anyone know why it wouldn't terminate? Is it to do with how I'm launching it (using the shell parameter) ?

Here are some tests I did, in each case I started out with only my main explorer instance (the one that holds the systray, quicklaunch etc).

1. Click my shortcut from quicklaunch shown above.
2. Click the red "X" to close it.
3. Repeat steps 1 & 2 four more times.


After closing all those explorers, so I was back to having only my main explorer, I did this sequence:

1. Click Start->Run-> and typed explorer and enter.
2. Click the red "X" to close it.
3. Repeat steps 1 & 2 four more times.


Also, after a while that one single extra explorer disappeared. I guess it stuck around a minute or so, maybe in case I decided to start explorer again, it would save me a few milliseconds by not having to re-launch fully.

The shortcut ones do also disappear eventually sometimes, but other times they don't.

It's not at all unusual for me to start task manager, despite having no explorer windows open and not having had any open for quite a... Read more

Answer:open explorer, starts new process, close it, process remains active

Don't use the shell command. Just use
%windir%\explorer.exe :{323CA680-C24D-4099-B94D-446DD2D7249E}

7 more replies
Relevance 37.72%

On my Windows 7 32-bit I receive Process initialization failure. Interactive logon process failed message. Please help.

Answer:Process initialization failure. Interactive logon process failed Windows 7

Try this fix.

1 more replies
Relevance 37.72%

I am running a Dell computer with Windows XP home with 4 users. I have no access to a Boot CD or Windows install disc. I don't believe they ever sent one. Here are my problems.

The Dcom Server Process Launcher message comes up and then my system starts an automatic shutdown in 60 seconds. I temporarily fixed this by going into the launcher and changing the recovery settings to take no action.

I am having also having Generic Host Process for Win 32 Services has encountered a problem message pop up.

Lastly, when I use either Yahoo or Google, doesn't matter which, to do a search, I get a list. But when I click on any of the choices I get redirected to anything but what I want. If I copy and past the link I'm fine.

Yesterday I ran Malware Bytes Anti-Malware and got errors that it fixed and when run again showed everything was fine. However, today I was the only one of the four users who could log on. The others just got a blue screen. So I ran the MBA again and it found 147 errors. Again I corrected. Still having issues so I did a system restore ... didn't help. Restored back to now and come to you. Here is the dds log.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Sue at 20:44:47.21 on Sun 01/24/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

============== Pseudo HJT Re... Read more

Answer:Dcom Server Process Launcher & Generic host Process Errors

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.


Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.


Please uninstall the following via Start->(or My Computer)->Control Panel->Add or Remove Programs if it still exists:

My Way Search Assistant<<Please read this


Please visit this webpage for download links, and instructions for running ComboFix:

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting th... Read more

9 more replies
Relevance 37.72%

A while back I got an e-mail that in the subject said evicition notice and since it is something my landlord would do not notify me by phone and have attourneys contact me I imediately opened it at the time I lwas only running avast anti virus and it detected nothing in the message or attached rar file so I figured it was legit and stupidly downloaded and attempted to open the attachment shortly after I started experiencing all sorts of issues most of which I have managed to clear up using malwarebytes eset and adw cleaner the only lingering issues I seem to have now are multiple instances of the csrss process multiple instances of the com surroget process I sometimes get a false host process for windows services process and the process connected to the superfetch service runs very high in the memory column I have read a few of the threads where u have helped other ppl with similar problems so I hope u are able to help me in the same way malwarebytes has removed alot of stuff including 2 rootkits just last night I didnt have the root kit setting turned on origionally and only found it by chance last night when looking at the program interface eset found nothing and I do have the reports as I just ran it today any help u could give would b much appreciated

Answer:Multiple csrs process, com surroget process & fluxuating cpu usage superfetch running very high

I also have multiple host precess for windows services that are not connected to any service and do not appear in the process list where they should and when I end them it opens multple com surroget processes on top of the 2 that I already have so I wind up with 3 sometimes 4 com surroget processes and one that appears then goes away periodically eset detectsdetects nothing malwarebytes on the other hand detects 2 rootki

threat type location

Cidox.J.vbr phyical sector master boot sector on volume #0

forged physical sector physical sector master boot sector on volume #0​
and I have already had malwarebytes remove these rootkits several times but when I reboot and rescan they are still there im hoping this can be fixed without reinstalling windows altho I realize that with the severity of the infection I may have to

77 more replies
Relevance 37.72%

We religiously track Windows Application fault events in our environment.

Recently we have noticed that when, Word 2013 x86 version (15.0.4823.1000, 15.0.4805.1001) running on Windows 8.1 x64,  crashes due to corrupted heap, we find suspended winword process that have no running threads.  the ccorrupt heap crashes are of
the type  exception c0000374 in Ntdll.dll at offset 0x000e6054.  We have two different situations in which we can trigger a crash that will produce the corrupted heap.

The problem is after the App crash the Windows Error Reporting service, attaches the WerFault.exe to the crashed process and saves the WER Dump file.  The problem is after this process is finished we are left with Winword.exe process that are in suspended
state.  They are not visible in the TaskManager but they show-up in Procexp,  these process have no running threads and the End task or end task tree have no impact.  The only way to exit the suspended process is to log off the user session. 

The suspended Winword.exe process cause problems when we re-launch a clean word, we have an add-in that detect's the suspended Winword and will not run.

On a test machine we disabled the WER service and of course we no longer see suspended threads, this is not an option for use because stopping the WER service stops logging of all Application Fault event ID 1000 and Application hang 1001 entries from the Application

We also tried to ex... Read more

More replies
Relevance 37.72%

<script src="" type="text/javascript"> </script> I have created and compressed a dump file of the offending svchost process with WinRAR 32 bit version and posted it on my OneDrive account for analysis.  Here is the link to the DUMP FILE.
DCOM Server Process Launcher and Plug and Play link directly to this svchost process that is like a BLACK HOLE for CPU cycles.
I hope someone can spot what is causing this drain on my cpu resources.  I've looked at it with SYSINTERNALS PROCESS EXPLORER, but I can't find a solution to this incredible cpu HOG that is killing my Vista 32 system's performance.  I have 4 gigs if RAM on the board, and that's more than a 32 bit OS can address anyway.  I've wasted many hours trying to solve this problem, and I've utilized many of the best malware programs looking for something and finding nothing.  I hope someone on the forum can help me out.  I've given it a good shot but I've gotten nowhere.

More replies
Relevance 37.72%

So I have Windows 10 PRO and this morning I did a fresh install. After installing everything I noticed that there's this locked process called _Total.exe and there was another one called LLD Power. Wintools Pro could see these files but nothing else could. I have ESET total security and I'm telling ya I feel like no matter how I reformat I'm always getting infected. No matter what. 
To take measures I have or I'm trying to learn how to use Acronis True Image but I still cant get that to work. Also, I only use this computer to play games now. Total waste if you ask me. That's all have done I tried running scans with my AV software ...nothing.  Help.

Answer:Hidden locked process _Total.exe process and some Power thing

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scr... Read more

1 more replies
Relevance 37.72%

Hi fooks,

I hope you all can read this, i'm from Belgium so my Englsich is not as good as it might be.

I have bought last year a little notebook with Windows 7 Home Premium on it.
On this machine i am the Administrator, and there are no other people on that, or guestaccounts made.

On my desktop i have the utility Process Explorer 15.3 {the executable only} from the site below
Process Explorer

When i dubbelclick the Process Explorer is see al the services and processes on my machine.

A friend of Peter, came to me with his Desktop PC with a death harddrive, so i bought a new one.
I have a DVD with Windows 7 Home Premium that i bought with that other notebook to help other
people and if my computer have a problem. I use to register than the serial on the case of the people that need help.

When i install a new copy of Windows 7 Home Premiun on his computer, and also unpack the Process Explorer.exe on the desktop and lauch that also as admin i see several services or processes with a Patch: [Opening error process] For exsample winlogon does not link to the normal directory, normaly c:/windows/system32/winlogon.exe { i think that is the right one}

See this screenshot i made:

I did some Google search on came on this website:
process explorer shows "error opening process" -

Somebody there says: "Right click on process explorer and select run as administrator"

When i do that t... Read more

Answer:Windows 7 + Process Explorer + Patch: [Opening error process]

You probably have UAC turned off on your computer but not on the your friends computer.

5 more replies
Relevance 37.31%

New dell n7110/win7sp1x64.At startup on new machine from dell, process explorer (procexp64.exe) lists 81 processes running (seems like way too many - compared to xp with maybe 25 at startup). But which processes I can turn off is a question for another day. OK, read carefully, at least 15 processes in PE show " Path: error opening process". PID, CPU, Private Bytes, and working set columns are shown for these "problem" processes, but nothing after that, ie, description, company name etc. For all other listed running processes (with known paths), all info is shown in all columns. The problem processes include some important ones, services, crss, ism, wininit, winlogon, that must to be working for the computer to work, and everything seems to be working properly, and no cpu spikes or other weird stuff is happening. Right clicking properties on these problem processes, properties window pops up as normal, but shows "version: n/a, build: n/a, path: error opening process, no command line, no current directory, autostart location: n/a, Parent: non existent process (708), user: access denied. Again, this info can not be correct since the computer is working. And then, after a few minutes, another window pops up and says PE has stopped working, and closes the program. Now, if this was the whole story, I would go to sysinternals with this, but read on... Task manager running simultaneously with PE lists 83 processes running, more processes than PE, and al... Read more

Answer:process explorer shows "error opening process"

Its not a glitch.

Right click on process explorer and select run as administrator

3 more replies
Relevance 37.31%

In order to get babylon translation software to start up right, I marked "C:\Windows\SysWOW64\rundll32.exe"
as a safe parent process.
(It was not enough to just mark babylon.exe as a safe parent process.)
Is this a security risk, and if so, what's the better way to do it?

Answer:NVT ERP -- mark vulnerable process as safe parent process?

shmu26 said:

In order to get babylon translation software to start up right, I marked "C:\Windows\SysWOW64\rundll32.exe"
as a safe parent process.
(It was not enough to just mark babylon.exe as a safe parent process.)
Is this a security risk, and if so, what's the better way to do it?Click to expand...

White-list the rundll32.exe commandline when Babylon starts instead of the rundll32.exe process.

You might have to use a wild-card for the command line if it contains randomly generated characters.

0 more replies
Relevance 37.31%

hi, the cpu usage jump from process to process, randomly.
one process is using 50 percent of cpu, for example icq, i close it.
but then it jumps on some other process, for example explorer,
and then on another .... randomly.
what can be problem. i have windows vista

here is log from hijackthis, thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:27:39, on 24. 6. 2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SpeedFan\speedfan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Expl... Read more

More replies
Relevance 37.31%

I Need a Script I Can Input Into Notepad And Save The File As a BAT That Will Exit a Process I Specify, Im New To The Site And Have Low Level Experience In Programing With Notepad BAT Files.
Thanks, -Digital.

Answer:[BAT FILE] Using BAT To Exit a Process From Task Manager's Process

7 more replies
Relevance 37.31%

iPhone Truncating Attachments, the attachments are usually displayed as follows:
ATT157946.dat and ATT456921.htm
Please HELP - this happens when I reply or forwardan email on my iPhone.


More replies
Relevance 37.31%

ok i have a couple of things going wrong
i just installed vista ultimate 64 bit

the message keep poping up:desktop window manager stopped working and closed
also my game dont seem to be runnig very well and ive got the saphier x1600xt 256 and 2gb of dual channel ram

also it wil never save my default medie player i want to put i tunes and i do but i always changes it when i reboot

and its alsow runnig a bit slow for a 64 on amd athlon x2 4800+

and my sound wont work i installed the driver but it start to soundlag after a bit and it never did that before

Answer:(_) Urgent Vista Promble Very Ugrent Urgent(_)

6 more replies
Relevance 37.31%

Hi Guys,

This is quite a long story, So let me get straight to the point.

On my Dell Optiplex 360 Computer (Windows 7-Ultimate) I partitioned the hard drive to make space for another windows installation. I then installed Windows Vista Ultimate on it.

All of that went successfully but after a while it became useless for me and my computer.
I then uninstalled Window Vista and deleted the partition so i would have one partition on my hard drive (Windows 7).

So then every time i started up the PC it would load boot manager and it would ask me if i would like to boot to Windows Vista or Windows 7. I had deleted Windows Vista from my computer so i thought it shouldn't be there.

Then, i found this program that deletes the boot option (As in it deletes Windows Vista off from the boot manager). So then i went ahead and deleted Windows Vista from the boot list. After, i just tested to see it would work, So i restarted my computer and it loaded the boot manager again.

And the problem is that i only have Windows Vista as an option instead of Windows 7 !
I tried to do everything to fix this but it never worked, and when i try to boot to Windows Vista it says that the boot file is missing (Thats because i deleted Windows Vista!!).

So then i put my Window 7 Install Disk in the CD drive and the CD Drive was making a loud buzzing noise. I opened the case and it was literally broken.

So all i need to know is how i can get my option to boot to Windows 7 on my Boot Manager !!?

I ca... Read more


Hello adam, welcome to Seven Forums!

If Windows 7 is still there you need to make sure it's the Active partition and if it is do the 3 separate startup repairs discussed in this tutorial to recreate the "System" boot files (back) to Windows 7.

Start by having a look at Option Two #3, to see if it's active.

Startup Repair - Run 3 Separate Times

You can use the outline in this tutorial at the link below to make a bootable USB of the Windows 7 installer and be sure to post back with any further questions you may have and to keep us informed.

USB Windows 7 Installation Key Drive - Create

3 more replies
Relevance 37.31%

Its sort of a long post, so i'm going to just jump right in.

I recently upgraded my hard drive to a Western Digital Cavier SE 160 G. I had windows on another HD but thought it would go smoothly, so just disgarded it. The HD was a RMA so it didn't come with a boot disc like the previous one, but I lost the origanal. I went to western digitals site and downloaded the files that are apperently on the floppy and made a floppy. When I booted off the windows XP OEM disc everything went fine untill it ask if I had any raid drivers or anything to install, press 's', so I do. After I hit 's' is says that it cant find file txtsetup.oem. To make a long story short I went to MSI, motherboard, and downloaded some files that it apperently needed for drivers, but the problem is both manufactures files cant fit in the same floppy, problem. So I mix and match files on the floppy to satisfy setup so it can find all the files. So, when i'm at the same instal of man. drivers I press 's' and I choose the Windows XP controller and hit 'enter'. Then it goes back to the same 'to install drivers page' saying that windows will load the following ***, to continue hit enter, i do. Then it starts to load files and finally says 'starting windows' then windows displayes that it cant find any hard discs and setup cannot continue, press F3 to exit....WTF is happening here, and WTF can I do to get past this, shouldnt you partitio... Read more

Answer:*urgent-clean Install Of Windows Xp-urgent*

Have you tried to install windows with out specifying a driver for the hard drive? It doesn't sound like you are using raid or anything special. Just let the install go past that part to see if that will work.

51 more replies
Relevance 37.31%

The problem occurred when I made a standard user account and through that i redirected to the admin profile under c:/Users/xxxx and i right clicked the profile>properties>security> and i removed the standard account access to that admin folder and got some "Access denied error". After i logged off and login into the admin account, i got the error "settings.ini is being used by another process" from windows sidebar and windows sidebar was not working. After realizing that, i login with the standard account and wasn't having that problem........then i went to system restore and noticed "all my system restore points are gone". I got pissed and boot into safe mode and still the same thing, there was no system restore. I was able to get rid of the settings.ini problem by disabling UAC. So i was wondering what the hell happened and how can i get everything back to normal!! Please reply fast!!

Answer:[URGENT] All System Restore Point Gone!![/URGENT]

You can do a repair install.

Try from an elevated command prompt first:

sfc /scannow

3 more replies
Relevance 37.31%

I have this video due tommorow that i made in movie maker. i had 25 individual videos in the whole thing so movie maker kept crashing. so i did the movie in 3 parts. i tryed to save them and it says-

Movie maker cannot save the movie to the specific location. Verify That the original source files used in your movie are still available, that the saving location is still available, and that there is enough free space available, and then try again.

I haven't moved the files that i imported into movie maker. I have enough space and the location is available. so the only thing left that could be wrong is the source files. how can i get the movie maker to recognized the files.

I did edit the beginning and ends of some files so they blend together in movie maker. the files in movie maker are around 1 second shorter then the files that it is associated with in the folder.

PLEASE i need thing done by tonight!!!! thank you for your help!!!

Answer:*URGENT* can't save Movie maker *URGENT*

Welcome to TSF!

Try reading this article.

1 more replies
Relevance 37.31%

Hey everyone, I'm new to the forum, but I have a very pressing issue with my windows 7 laptop. It is a HP DV7 Entertainment PC. It is a little more than three years old (i think).

Anyway. So here's the issue:

Recently, I was going through my Registry on my personal account. On my computer I have two different accounts. One for me, which has admin privileges, while the other is a standard account, that I let my family use.

When I was in my registry, I noticed that the username for my account under Computer\HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\Names was different from the one on my directory. The name shown when I log into Windows is my first name, however the directory name (the same one for the registry) is a nickname of mine.

So what I wanted to do was to make name under the registry (and hopefully the one under the directory the same), so I renamed the Key Name to the name shown when I log on.

Afterwards, I logged off my computer, and when I got to the Logon Screen, my account, the one with admin privileges, was not there. Only the second account, the standard.

I have longed on to the standard account, and tried to rename the registry key back to the original name, however, I don't have admin privileges, and I am unable to do so.

Normally, I would have just restored my registry to an earlier time, using a registry backup from a couple days ago, however, those we all saved under the documents of my admin account, which I can not access thro... Read more

Answer:URGENT URGENT! Can't Access Administrator Account

6 more replies
Relevance 36.49%

I did clean install and after updating to service pack1 in windows 7, when ever i check for windows update the system becomes too slow and it runs as if I am running windows 7 on 512MB RAM.
What can be possible solutions?


More replies
Relevance 36.49%

I have a few apps running, incl. Firefox, Outlook. I took down their PID and then exit those programs.

I run the following command:

netstat -a -o -b -p tcp

It will list many connections like below

TCP xx.xx.xx.xx:http ESTABLISHED 4184 [System]
TCP xx.xx.xx.xx:http ESTABLISHED 1245 [System]

The PID 4184 is the PID of Firefox. Yet it exited and no longer shows up in Task Manager. This remains true even after 30 min.

How long does Windows 7 keep the half-open the connection? I thought the timeout is 5 min.

The other group of PID never existed before and does not show up in TaskManager either. Since it shows System, I have no way to find out which process it belongs to. How can I find out?


Answer:connection by the system process and killed process

you could try TCPView. it has lots of info on what is connecting in your comp.
TCPView for Windows

1 more replies
Relevance 36.49%

I have trend micro protecting win xp. This generic host process is trying to connect out or in, i dont know but if i tighten the firewall up, and ask Trend micro to warn me about all connections, that generic process goes at it like 14 times. Ive tried to look up for myself, but i haven't find info.
My questions are
what are these process'?
can i find out why it wants to connect to the internet?
Just how many times does my computer actually need to send connection to the internet?
Much thanks for this shared knowledge...

Answer:Q: generic host process for win32 process?

6 more replies
Relevance 36.49%

Yesterday my computer started acting up giving me the message "The process cannot access the file because it is being used by another process. ". This happens when I try and install a program or copy a file over itself. I have tried the following measures:1: System Restore (multiple dates)2. avast! full system anti-virus scan3. Windows Defender full system spyware scan4. Webroot Spy Sweeper full system scan5. Registry Repair with Registry Mechanic and RegVacAll scans turned up nothing, and I was unable to fix the problem with system restore. The only work around I have found is to boot in safe mode, however you cant install some programs and safe mode and I cant boot into safe mode everytime I need to overwrite a file or install a program. Does anyone have any clue what could be going on? Thanks in advance for your help! -ClayLogfile of HijackThis v1.99.1Scan saved at 12:21:39 PM, on 7/24/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\DigitalPersona\Bin\DPWinLct.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Fi... Read more

Answer:Error: The Process Cannot Access The File Because It Is Being Used By Another Process.

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis Log

1 more replies
Relevance 36.49%

Anyone tried both? What's the difference?


I plan to install one of these on a 1.8GHz Dual Core laptop with 2.5GB of RAM. My goal is simply to restrict certain apps to one processor only thereby avoiding or minimizing the occasional 100% CPU freeze. Plus I want to give Dragon voice recognition software, AutoHotkey, and several other programs that have to respond quickly to be useful, a high or real-time priority, and non-essential apps low priority.

Also, sometimes a scheduled virus scan or something starts to run when I'm working on the computer, and that's fine if it runs, or can be made to run, in the unobtrusively, and use little CPU (low priority, one processor only) - but I'd like these same apps to then run at full speed if I leave the computer otherwise idle... And real-time protections should of course always function when not disabled; does it matter what priority they are set to?

Finally, the utility should help me take over the world: So Bill2 or the Lasso?

Answer:Process Lasso or Bill2's Process Manager?


Both look as if they do the same thing, not used them but did use another app I cannot remember name of for the moment, I did play around with Priority and Affinity a while back, but decided to revert back, with some apps that I thought where non important and a setting of low priority I noticed that those became a bit sluggish, others set to high or Above Normal took over the CPU, and I personally wouldnt set anything to realtime.

Kind of like the GUI of Process Lasso, but maybe like all things worth trying both out to see which one you prefer.

Dont think off hand you can have both in having the apps set to low when your using the PC and then when in idle they run at full speed.

I would leave any security apps at "normal" someone in work changed an AVs process to high and it bogged the PC down, maybe different with various AVs, but changing its affinity to one CPU sounds a good idea for those times in which you are using the PC and it starts scanning.

5 more replies
Relevance 36.49%

In the last 2 days I have noticed that the process "iexplore.exe" is always running, and when I end the process, it restarts itself. There is no visible Internet Explorer window associated with this process. I know this is not normal, so I examined the running processes a little closer. When I end the iexplore.exe process, there is about a 1 second pause, then a new process is automatically started (named " which is IMMEDIATELY replaced by the "iexplore.exe" process again. I managed to do a QUICK screen shot while the msgfpk process showed up, which is how I identified it. I went through all the steps listed in the thread titled "Basic Spyware, Trojan and Virus Removal", but none of them seemed to catch it. I'm hoping someone may know what this is. Thanks in advance and please let me know if you need more information.

I'm running XP Pro.

Many thanks! process seems to start iexplore.exe process over and over

Hi Yrrot,

If you have exhausted the options in the Cleanup Tutorial, then please send us a HijackThis Log.

Note that your HijackThis should be up-to-date (v1.98.2) and MUST be extracted to its own safe folder - C:\Program Files\HijackThis
If you need a Fresh Download of HJT, get it HERE: HijackThis 1.98.2

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt file and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

--Are you noticing any symptoms? How is the computer running?

Send us a log and we'll go from there


19 more replies
Relevance 36.08%


I have a network running, which I manage. I am stumped on this one and maybe anyone can hel p me.

Here is the situation:

I ahve a network running through different OS from 98 and above. When I try and connect form 98 to a 2000 XP or server 2003 networkworked PC it asks for the network password so I put in one of the admins password son the computers. It doe snto work it says incorrect Password or something. And it only happens on the 98 machine. How do I fix this problem form the 98 PC to login to the 2000 PC as I ahve no problems with the others just this,

Any Ideas please give all the help the better.

Thanks A lot

Answer:URGENT Win 98 connecting to XP and 200 Network URGENT

10 more replies
Relevance 36.08%

last night I updated SUPERAntispyware and ran it. this morning, when I got up, I've found it's reporting a mountain of stuff; adware, malware, trojans, and more, but the thing is THE THINGS IT'S SHOWING DON'T EXIST! desktop shortcuts, files, bookmarks, all manner of stuff, but it's not there ! hijackthis! 1.99.1 finds nothing, reanimator finds nothing, AVG antispyware comes up clean, there's nothing showing in Autoruns that's not supposed to be there, finding nothing wrong in ProcessExplorer, and while some things turned up on spybot, none of them are in SAS' list. I'm also not finding any of it when looking by hand, and if it was there in the amounts SAS is reporting, it'd be visible. if I had as much stuff on my system as it's saying, it probably wouldn't even be running well enough to make this post.working with winXPSP2.sorry that the images are so whackin' huge, but it was either make a huge image or have an army of small ones to show the entire list of stuff it's would have been up sooner, but spybot and company take a while to run, particularly on my older hardware.wait, how do I attach stuff again? maybe I'll have to pass the images along some other means, a PM or something... what a pain.

Answer:*urgent* Superantispyware Went Nuts! *urgent*

In SAS under preferences view logs just copy and paste into a replycookies are the least importantanother scanner MBAM gives some more detailed infection information;#entry811062

11 more replies
Relevance 36.08%

HOW to remove the virus ?
I am a newbie can anyone help me how to solve my problem.
The problem I met is that the window sercuity alert kept popping up and it written that window has detected an internet attack attempt. somebody's trying to infect your PC with spyware and harmful virus. Run full system scan now to protect your PC from internet attacks, hijacking attempts and spyware! Click here to download spyware remover for total protection and then it leds me to the website :
On top of that, the spyware alert kept popping up and it written that the TROJAN W.32.LOOKSKY is detected in my machine. which is a VIRUS!!!
Currently I am using window XP.
How should I go about in removing this virus asap cos I am in need of rushing my project?
Furthermore I did alot of my virus scan and here are the two name virus that I can scan in my Mcfree software.
JS/Downloader-AUD and Exploit-ByteVerify Trojans
Appreciating your help !!!

Answer:did I get virus attack ? HELP HELP URGENT VERY URGENT!!!

7 more replies
Relevance 36.08%

I just got a new PC. Everything seemed to boot up normal until this morning. I heard a really loud whirring noise so I restarted. Then an error message came up and it said my Radeon 9800 PRO's power cable wasn't connected properly. I restarted twice and the error message came up twice. I waited about 10 minutes and that error was gone, but I got a new error. Now it says "System is running in Fail-Safe State.Please recheck BIOS CMOS SETUP.Press F1 to continue, DEL to enter setup"I pressed F1 and everything seemed to run normal, but those issues are still bugging me. HELP!

Answer:Help!! Urgent Boot-Up Problems!! URGENT!!

Do not double-post. That's a fast track to being banned.

1 more replies
Relevance 36.08%

I just got a new PC. Everything seemed to boot up normal until this morning. I heard a really loud whirring noise so I restarted. Then an error message came up and it said my Radeon 9800 PRO's power cable wasn't connected properly. I restarted twice and the error message came up twice. I waited about 10 minutes and that error was gone, but I got a new error. Now it says "System is running in Fail-Safe State.Please recheck BIOS CMOS SETUP.Press F1 to continue, DEL to enter setup"I pressed F1 and everything seemed to run normal, but those issues are still bugging me. HELP!

Answer:Help!! Urgent Boot-Up Problems!! URGENT!!

yea i always stick with invidia imo ati wrots

9 more replies
Relevance 36.08%

HOW to remove the virus ?
I am a newbie can anyone help me how to solve my problem.
The problem I met is that the window sercuity alert kept popping up and it written that window has detected an internet attack attempt. somebody's trying to infect your PC with spyware and harmful virus. Run full system scan now to protect your PC from internet attacks, hijacking attempts and spyware! Click here to download spyware remover for total protection and then it leds me to the website :
On top of that, the spyware alert kept popping up and it written that the TROJAN W.32.LOOKSKY is detected in my machine. which is a VIRUS!!!
Currently I am using window XP.
How should I go about in removing this virus asap cos I am in need of rushing my project?
Furthermore I did alot of my virus scan and here are the two name virus that I can scan in my Mcfree software.
JS/Downloader-AUD and Exploit-ByteVerify Trojans
Appreciating your help !!!

Answer:Did I get virus attack ?? HELP!! HELP HELP!!! URGENT VERY URGENT !!!

It is a trojan rather than a virus. The file gets stored on C:\ root as an .exe called Sys<something>.exe. Before deleting it, disable System Restore to clear that out and then delete that file, and then run a full scan of HD.


3 more replies
Relevance 35.26%

Logfile of HijackThis v1.99.1Scan saved at 8:31:39 PM, on 23/09/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5700.0006)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\WINDOWS\stsystra.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\Program Files\CyberLink\Power... Read more

Answer:Ad-aware Crashes Into A Blue Screen With Message: Stop:c000021a (fatal System Error) The Window Logon Process System Process Te...

Hi george_527,

We're studying your log right now and will be back to you a.s.a.p.

Thanks for your patience.

4 more replies
Relevance 35.26%

I got a virus in Winlongon.exe AVG clean it up then I got the message. My Thinkpad is showing a message "c000021a {Fatal System Error}The Windows Logon Process system process terminated unexpectedly with a status of....." I have no backups. I don't want to do a fresh install I have the IBM Product Recovery CDs .  I also have a utility that get me to a dos prompt and allows me access to the C drive through DOS. I'd like the option to repair the current Windows XP installaltion but I don't get that option through the IBM Rescue and Recovery Interface.  Is there a way to do this without out the Microsoft XP disks?   

Answer:R52 (c000021a {Fatal System Error} The Windows Logon Process system process terminated unexpectedly

here is something you might try

_______________________________Thinkpad R61 7733-1GUThinkpad X61T 7762-54UThinkpad X60T 6363-4GU_______________________________Did a member help you today? Thank them with a Kudo!If a post answers your question, please mark it as an "Accepted Solution"!Regards,GMAC

1 more replies
Relevance 35.26%

:( I dont know how to fix this blue screen error. The last thing i did was install outpost firewall. Then i rebooted and it went to the welcome screen. And something detected Winspy2.0 and i removed it. Then i got the BLUE screen message and i cant go into safe mode or "last known good config"
Please! help. Thanks.

Answer:stop c000021a {fatal system error} the windows logon process system process terminate

does this help your issue with the system.

1 more replies
Relevance 35.26%

Hey I just recently finished my new computer
amd x2 3800+
dfi lanparty sli-dr
evga 7800gtx
2 gig (1 gig x2) of ozc RAM
2x 250gb seagates

But for some reason recently the system process and no it's no the system idle process is using as much cpu as possible like 99% and really slows everything down and I have no clue as to whats causing it so if you have any ideas of what the system process is or why its using all that cpu please let me know because this stinks that a new computer is going this slow but it doesn't stay like that all the time sometimes it uses 50 or barely anything like 1 or 0

Edit: w00t 100th post :beard:

Answer:System (not the idle process) process use too much cpu

can you post a screen shot of your task manager please.

9 more replies
Relevance 35.26%

This only happens on my Toshiba laptop, occasionally I get this, and only a system restore or fresh re-install works, on to the explanation.

I run dial-up, so it is especially bad for me! What happens is, randomly, two files (possibly more, but I've located only two for now) gets created on my computer, and their whereabouts are unknown. I use the latest Mozilla Firefox and Thunderbird, and I have NOD32 expired anti-virus. (Though I have the latest update, the last update that was applied was yesterday before it expired.) I've scanned my entire system with it, no viruses found, great! Then, when those two files appeared randomly, (I know, because for some reason it eats up my dial-up connection), I scanned them too. Again, no virus detected.

t2.exe is created in C:\, and I see has really no purpose, but seems to get bigger as time passes by. I replace it with a dummy file, replaces fine, and stays at 0kb. Now, NOTEPAD.exe is another small file, invisible, running as a SYSTEM process, and is located in C:\WINDOWS\system. Now, that shouldn't be, as a NOTEPAD.exe file shouldn't exist there, and more importantly, shouldn't be running as a SYSTEM process! (Take note that NOTEPAD.exe doesn't auto-run when Windows is started in safemode.

I can replace NOTEPAD.exe by first terminating the process, and then quickly replacing it with a dummy file. I don't understand how I got these files on my drive, as I am a safe browser, and ... Read more

Answer:Notepad.exe System Process With T2.exe Non Process

Sounds like "The Qaz Trojan - Notepad.exe trojan".Download and scan with AVG Anti-Spyware 7.5 in "SAFE MODE".(This is Ewdio 4.0 renamed and updated with a special "clean driver" for removing persistent malware.)Be sure to print out and follow the AVG Anti-Spyware Install-Scan Instructions.Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.Then perform at least one of these online Virus scans:(The following require Internet Explorer to work. Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.)BitDefender Online Scanner <- Add a check by "Autoclean".F-Secure Online Scanner <- Be sure to follow the directions on the F-Secure page for proper Installation. (also checks for rootkits).

5 more replies
Relevance 35.26%

I did and extensive anti virus / malware removal of a svchost.exe trojan a while ago, yet there is STILL a notepad.exe process running in my process list. Notepad is not running. It seems to take up no resource, and whenever I stop it, it is there upon reboot.
What can I do? Is this a problem?
I'm running Win 7 Pro 64 bit. Memory is inexplicably high too, perhaps I should update my drivers manually? I never use windows update for that, I do them manually direct from manufacturer.

Answer:notepad.exe process STILL in win 7 Pro process list

Hello there,
This might help:
Best of luck!

2 more replies
Relevance 35.26%

I have been working on a new program that writes information to a custom file associated text file and for some reason I keep getting this error, here is the exact error information:
System.IO.IOException was unhandled
Message="The process cannot access the file 'C:\lc-set.lct' because it is being used by another process."
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at System.IO.StreamWriter.CreateFile(String path, Boolean append) at System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding, Int32 bufferSize) at System.IO.StreamWriter..ctor(String path) at LCTwitter.Open.OK_Button_Click(Object sender, EventArgs e) in C:\Documents and Settings\Travis James\Desktop\Programming\Current Programs\LCTwitter\LCTwitter\Open.vb:line 12 at System.Windows.Forms.Control.OnClick(EventArgs e) at System.Windows.Forms.Button.OnClick(EventArgs e) at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent) at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, I... Read more

Answer:The process cannot access the file because it is being used by another process

This sounds like a classic concurrent readers/writers problem for shared data, i.e. the file in this case. In a locking scheme that will resolve the issue, create read and write locks that are grabbed in one machine cycle (like a test & set instruction), and if the lock is not obtainable, put the request on a queue. Reading should not be a problem and you can simply add and subtract a lock count. Writing is another matter, since when a write lock is acquired, it should immediately block all reads until the write is completed, and the lock released.

That's off the top of my head. You can google for readers/writers problem or look here at Wikipedia for an explanation in greater detail of it.

-- Tom

3 more replies
Relevance 35.26%

Hi everyone,
Last night I checked Process Explorer on my Windows 8.1 computer and I was very surprised to see a process with a Google logo and chinese characters for a name running at the bottom. Furthermore the other fields like company name where blank. As soon as I opened PE and saw this, PE crashed. I was so surprised that I didn't get a screenshot, and now I can't find any trace of anything strange with my system!
I've tried GMER, process hacker and Comodo Killswitch, but my system comes up as perfectly clean. I'm starting to wonder wheter it was just  bug in PE that caused it, but I'd like to hear everyones thoughts on the matter. Has something similar ever happened to any of you?

Answer:Very strange process in Process Explorer

Welcome to BC...
I doubt anyone will respond that has experienced the same.
You can check to see if there is anything unusual in your Google Chrome add-ons...assuming you have Google Chrome installed.
You can find and remove malware and adware using the programs below.
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.
CCleaner - PC Optimization and Cleaning - Free Download
Download Malwarebytes' Anti-Malware from Here
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
When MBAM is finish... Read more

0 more replies
Relevance 35.26%

im using microsoft visual studio 2010 in c#

im trying to upload,save the image and then want to move the image to another folder...
only when the control goes to move function i get this error (The process cannot access the file because it is being used by another process.)
//this is my code

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using OnBarcode.Barcode.BarcodeScanner;
using System.Drawing.Imaging;
using System.Diagnostics;
using System.IO;

namespace AutoImageProcessing
public partial class Form1 : Form
public Form1()
private void Form1_Load(object sender, EventArgs e)

private void label1_Click(object sender, EventArgs e)


private void button1_Click(object sender, EventArgs e)

OpenFileDialog ofd = new OpenFileDialog();
ofd.Filter = "*.jpg|*.jpg";
ofd.Multiselect = false;
ofd.Title = "Select JPEG File";
if (ofd.ShowDialog() == DialogResult.OK)
textBox1.Text = ofd.FileName;



private void button2_Click(object sender, EventArgs e)
string path = textBox1.Text;
//->if (textBox1.Text != string.Empty)
if (path != string.Empty)

pictureBox1.Image = Image.FromFile(path);

//->String[] barcodes = BarcodeScanner.Scan(textBox1.Text, BarcodeType.All);
String[] barcodes = BarcodeScanner.Scan(path, BarcodeType.All);
// MessageBox.Show(barcodes[0]);

/... Read more

Answer:The process cannot access the file because it is being used by another process.

Can you wrap your code in a tag?

[ code][/ code]


1 more replies
Relevance 34.85%

Hi! I got this message of malware (I clicked to remove) during some surfing on firefox and after a while the explorer.exe closes with an error. I try to open it on task manager and it says that explorer can't be found!
I rebooted and then I got this message "c000021A {Fatal System Error}, The initial session process or system process terminated unexpectedly with the status of 0x00000000 (0xc0000034 0x001008ac) The system has been shut down" and can't get anywhere.
I can't even go in safe mode, the same error messages appears!

More replies
Relevance 34.85%

Multiple variations of this warning cause computer to lock up, as well as be inaccessible to Remote Desktopm

Answer:The protocol host process 1444 did not respond and is being forcibly terminated {filter host process 0}.

Can you try uninstalling the latest Windows Defender upgrade ?
Else you can try stopping the entire service itself.

Sumesh P - Microsoft Online Community Support

7 more replies
Relevance 34.03%

Hi Everyone
I recently did a System Restore on a Windows 7 Pro 64 bit system to correct a strange problem I was having with IE. It seems to have solved the problem, but now Process Explorer is displaying the messages in the screen shot below, and I'm not sure why. The computer is functioning fine, in fact, since the System Restore it is running like new. Is this something I need to worry about? The computer is a pretty old Dell Optiplex 760 with a 3.0GHz CoreII Duo CPU, a 140GB harddrive, with integrated graphics. I'm not sure what other info might be pertinent

Answer:"Error opening process" message in Process Explorer

Sorry everyone, I found the answer in another post. Ran Process Explorer as Admin, and the messages disappeared. Thanks for being here

1 more replies
Relevance 33.21%

Good Evening All,

I have had this PC since Boxing Day and it kept on fezzing. So I manged to get the freezing to stop for a few days and now it si abck. I do not believe it is a software issue, and it is not a hardware sisue either. Does anyone know the problem it may be? I cannot format my PC as I have data on here I need to keep which I must not lose. Aby ideas or suggestions it would be great.

I ahve an AMD Athlon XP 2800
1 GB Of Ram
DVD +/- Burner , Cd Burner COombo
DVD Rom and CD Burner Combo
Wireless Card
ATI 9200 AGP Video Card
USB and Firewire Ports
Card Reader
I believe it is a 250 Watt Power Supply

I think the power supply is starting to go or I need a more pwerfull Power SUpply. Does anyone else agree (Which do you agree to?) or have any ideas?

Answer:URGENT PC Keeps Freezeing URGENt

Some things you can try.

First pull the drive and slave it to the system you are using now. Copy any data you need.

Check your ram with a ram tester like memtest86.
Check your temps in the bios; post the results.
Run the system in safe mode; see if it still locks up. If it still locks up, you have a hardware problem. If it runs fine in safe mode, you have a software, driver, type of problem.

A 250W ps is too small for your system. I would install a QUALITY 350W ps. Make sure the ps you install is of good quality. Post the brand you are going to use before you buy it.

3 more replies
Relevance 33.21%

Well basically this is happening as i type so i will make this short, i needed room on my c: drive to install a new game so i unstalled oblivion and the expansions, oblivion freed up about 5 gbs and the expansion didnt free up anything! thats not the issue the issue is my c drive space is being drained slowly for some reason! it was at 20.1 and every few seconds it goes down by .1 its gone from 20.1 to 19.0 slowly .1 at a time please help!! im not downloading or torrenting!!

update: its at 18.7 now, could it be system restore making a restore point? how do i disable restore in vista

Answer:URGENT* What in the world is going on? URGENT*

Open Task Manager (Ctrl-Shift-Escape or Ctrl-Alt-Delete and select Task Manager), go to Processes tab, click View -> Choose Columns, and check IO Reads, IO Writes, IO Read Bytes, IO Write Bytes, and IO Other. These show what processes are transferring data. This usually means hard drive (but it might mean network, not sure, I use it to find out why my hard drive is clicking like crazy when I'm not doing anything). Look at ones that have the number constantly changing (getting bigger), as those are doing the most read/write operations.

3 more replies
Relevance 33.21%


Answer:Urgent!!! Need Help Asap Urgent!!!

You appear to have a faulty keyboard as well, the Caps lock is sticking.
It is equivalent to shouting, so may bring little good help your way.

Also it's against the rules to multiple post

The message that you quote "power-line exceeds normal operating tolerance", is that message appearing on your PC, and if so from what application. Or is it as above from "some other people" and not a warning that you are getting.

Stick to one thread, don't use all capitals and it may be easier for people to help.
Also explain what hardware you have, and what Windows version. We cannot read minds unfortunately...

1 more replies
Relevance 33.21%

What changes when I press the "End Process" button besides the obvious stopping of the process, or likewise if I press "End Process Tree".
The next obvious question is, what is the relationship between a process and a process tree?
(I tried to take a screenshot of the context menu which contains the choices "End Process Tree" and "End Process Tree", but the menu disappears the moment I try to click on anything else.)
I drive a laptop with only a single-core processor and Win 7.  It's so overburdened that, even if I wanted to upgrade to Win 10 or better, I don't have the horsepower to do that, either.
I spend hours trying to get things done, when the CPU Usage reading is at a consistent 100% for several minutes at a time.  There are moments of desperation when I end one of the CPU hogs -- a browser... anti-browser/security package...  most frequently
one/more of the svchost.exe pieces...  by "End Process".  Otherwise I never get the point of meaningful action.  And in these circumstances, it takes even longer if I save file, shut down apps, restart, and bring up everything!
Thus this question!
      Win 7 Home Premium SP1 Build 7601, licensed to me; last successful update:  4/28/2016, KB 3141092
No images attached...

More replies
Relevance 32.8%
Question: Winlogon

Hi all.

I am new here, so please bear with me as i try to do this right.

Everytime i turn on my pc, i get this message when the desktop appears:

Windows cannot find 'C:\WINDOWS\winlogon.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start Button, and then click Search.

It doesn't seem to affect the speed of my pc too much. Mainly the start up speed.

I have been on other forums and been passed in the malware direction. Done sweeps with Malwarebytes'Anti Malware and found nothing. Here is my HJT log for you to view.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:13:12, on 05/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Analog Devices\Core\smax4... Read more


Hello Jeeves1983 and welcome to TSG. Let's see what we can find. Please follow the steps below in order:

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.

Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
If you use Firefox browser, do this also:

Click Firefox at the top and choose Select All from the list.
Click the Empty Selected button.
NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:

Click Opera at the top and choose Select All from the list.
NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Close ALL Internet browsers (very important).
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
[*]In the Drivers section click on Non-Microsoft.
[*]Under Additional Scans click the checkboxes in front of the following items to sel... Read more

1 more replies
Relevance 32.8%
Question: Winlogon.exe

Hi everyone. I hope you can help me with this because its a real irritating S.O.B! i will try and describe the problem as best i can. Basically my computer started to slow down recently a lot and it smelled rather like a virus to me. So i opened up the task manager to look for any suspicious activity and boy did i find some. Winlogon.exe is spiking my processor power (thats the best way i can describe it) It starts at about 02, and then every second it moves up by an integer of about 30 until it is using 95% of the processor. Then it starts all over agian at 02. Ive run SpyBot S&D And AVG scans, which picks up a few trojan horse viruses everytime but it doesn't seem to cure the problem. I had this problem just a week ago and ended up reinstalling XP. Im running SP3 and im using Comodo Firewall Pro. Any and all replys welcome. Just for the record i really want to avoid re-installing XP again.

PS ive run a scan in safe mode to no-avail.

all replys appreciated.


Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


1 more replies
Relevance 32.8%

winlogon.exe was using 50% of my CPU.
I've been through

Please take a while and have a look at my logs.

thank you.

Answer:winlogon.exe was using 50% of my CPU

4 more replies
Relevance 32.8%
Question: winlogon.exe

Hello, I was curious about this file. I'm probably being overcautious, but I have two copies. one in the system32 folder & one in the servicepackfiles\i386 folder.

I noticed its eating a chunk of memory in the windows task manager. Is one needed and the other not? i searched around and found a disguised virus spelled winiogon.exe with capital I. could this be what i have?



Hello Sober, to BC

You have nothing to worry about, the two files you have are Microsoft files and are in their correct places. If you had found a file of that name in the Windows/WinNT folder instead of where you did, then you would have an infection.

For more information click the link in my signature and look up winlogon in the task list.

5 more replies
Relevance 32.8%

hey guys i used this guide
to disable some start up programs and when i rebooted my computer i get this message that winlogon.exe wasn't found in memory and now i cant get booted into my computer it just keeps restarting please help.but i didnt disable winlogon. thanks

Answer:help!!!! with winlogon.exe

Do you know what the exact error message is?

Can you start in Safe Mode or Last Known Good Configuration? (repeatedly tap F8 as it's booting for menu)

7 more replies
Relevance 32.8%


Long time viewer - first time poster!

Since Friday, my PC has been running dead, slow and stops as winlogon.exe is using 100% of the CPU time all the time, only dipping down to about 85% when another application can force its way in! When I start Windows, it sits at "Windows is starting up...." and does nothing, so I have to restart it three times before it finally starts Windows up correctly. I'm running XP Home SP2, 3.2 GHz processor; 1 GB RAM on a home built configuration, no new hardware or software installed in the week the problem first started.

This heavy CPU usage only happens when the internet connection (Belkin Wireless ADSL with USB adapter) is running - as soon as I disconnect, Winlogon.exe goes from about a 3mb size down to about 500k and stops hammering the CPU...only then is the PC usable again.

I've scanned for viruses using AVG and Norton's on-line scanner (that took a day to run!!) but nothing was found; I've scanned for Spyware using Ad-Aware, S&D, and even Microsoft Spyware software! Nothing found other than wayward cookies which I deleted anyway.

I ran Registry Mechanic and it found about 90 "problems" but that was due to me uninstalling and deleting files and not do a restart afterwards.

I've know that some spyware creates another version of winlogon.exe for its own purposes, but I've looked for winlogin, winLogin, winlog0n and winl0gon and all other permutations of that but... Read more

Answer:Winlogon Using 100% Cpu

Does winlogon.exe appear in Msconfig/Startup? If so, then post your log in the Hijackthis forum for assistance. this is not malware related then try System File Checker. The main reason for using the SFC utility is when you suspect there may be a problem with a Windows XP system file. SFC allows you to check for any corrupt system files.Go to Start > Run and type: sfc /scannowMake sure that you include a space between the c and /. This command will immediately initiate the Windows File Protection service to scan all protected files, verify their integrity, and replace any problem files. If sfc discovers that a protected file has been overwritten, it retrieves the correct version of the file from the %systemroot%\system32\dllcache folder, and then replaces the incorrect file. You must be logged on as a member of the Administrators group to run sfc and it may ask you to insert your Windows Installation CD so have it available.

14 more replies
Relevance 32.8%
Question: Winlogon.exe

In the middle of rolling back system my daughter shut down system, now I'm receiving the following error message:WINLOGON.EXE unable to locate component, this application has failed to start because SHLWAP.D11 was not found re-installing the application may fix this problem.I tried to install driver disk but system continue with the above message and won't go back to main screen.


Go to run type sfc /scannow click ok have your windows CD by you will need it -That will put all your files back in  HTHS

1 more replies
Relevance 32.8%
Question: winlogon

xp proI now have to wait when I shut down, and after a while the end programme caption comes up with winlogon not respondimg. Any ideas what's causing this, and any solution?Thanks in advance.


Not sure but could perhaps tryrun from a boot to CD and Recovery Console (press 'r' for Repair), thecommand:(cd drive letter here):/i386/expand.exe (cd drive letterhere):/i386/winlogon.ex_ %windir%/system32/winlogon.exe(all one line)Got that from click here

1 more replies
Relevance 32.8%
Question: winlogon.exe

I've received the dreaded winlogon.exe error. The computer will boot into XP and then receive the error. After I click OK or cancel, it goes to a blue screen. It used to happen occasionally but now it's happening more and more and I've never actually been able to come to a conclusion about the problem with this bug.

I recently installed the GRUB loader to dual boot Fedora and I started receiving it more and more. I'm sure that wasn't a coincidence. Any help would be appreciated.




here's my hijack this log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:55:40 PM, on 3/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20978)
Boot mode: Normal

Running processes:
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Documents and Settings\matt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Documents and Settings\matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\sy... Read more

2 more replies
Relevance 32.8%
Question: Winlogon.exe

how do i stop this process from running it is not the virus version it is a genuine one but i don't want or need it to run i don't log on too my system and i am the only one who uses my PC.
what is its point and how do i disable it safely thanks Dan


winlogon.exe (Windows NT/2000/XP Logon Application) The process "winlogon.exe" runs in the background. It's a part of the Windows Login subsystem. Winlogon is necessary for user authorization and checks the Windows XP activation code.Note: The winlogon.exe file is located in the folder C:\Windows\System32. In other cases, winlogon.exe is a virus, spyware, trojan or worm! is a process belonging to the Windows login manager. It handles the login and logout procedures on your system. This program is important for the stable and secure running of your computer and should not be terminated.

1 more replies
Relevance 32.8%
Question: Winlogon

Windows 2000 here.

I can't for the life of me remember how to kill the run-on of winlogon when booting. Once the desktop loads, Winlogon will use up to 65% of CPU and cause the HDD to grind on for a good 5 minutes. I know there is a hack to stop it but I've lost my notes. While it grinds away it will cause any programs (including browser) to crash.

Any help will be greatly appreciated.


16 more replies
Relevance 32.8%

My task manager, regedit, and msconfig are all history. Please help...

Here is the HJ log:
Running processes:
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\CW4\cw4.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Documents and Settings\Mark\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\... Read more

Answer:Winlogon.exe ????? Help

first of all repost with a full HJT log including all the bits at the top

they are vital in fixing these pests

3 more replies
Relevance 32.8%
Question: Winlogon.exe Help

Hello all,I'm hoping you can help me with this error.When the laptop starts,windows boots up and I log into my account as normal,then I get the error winlogon.exe needs to close,the computer shuts down after this.Its the very same in safe mode,except that I dont even get the error.I am aware that sometimes winlogon can be a trojan,What can I do about this?What I really want to is install windows again,but I'm unable to do this as my cd/dvd rom drive will not work,please view this topic for more on that.I have since purchased an exteranl hard drive,but thats no good either!!Thanks for any feedback

Answer:Winlogon.exe Help

Hello, Without a good cd drive you are stuck with out a paddle to row with, and the new external hard drive you bought I seriously doubt that it is defective. Try it in another Windows XP computer and then if it does into work I might agree that it might be defective. It sounds like you have several problems with your computer and one of them might be the USB ports.

I suggest that you take your laptop into a repair shop even though it is going to cost you some bucks and have it repaired there. First you might need a new cd/dvd Rom drive and more than likely a burner and for a laptop going to be a bit costly. I really do not think you will get it fixed here because we do not have the parts and you are the only way to get them.

I do apologize for the reply and wish I could do better and wish you the best in your repairs.

2 more replies
Relevance 32.8%
Question: Winlogon.exe

I have a big problem. My brother's does as well. Our computers are running REALLY slow. Both brand new processors. The thing we have in common is we both recently tried to download a certain file, and ended up getting a lot of viruses. through numerous virus scans, I thought I had removed them all. buth the way they're acting now, it has to be a virus. I've run virus scan and it hasn't found anything, but on both of our comps, the process winlogon.exe is constantly putting the cpue usage at 100%. When I say slow, I mean slower than my old 600 mhz processor. The words I'm typing right now can't even keep up with the speed of my typing. I've read some stuff about a possible virus attached to this file. Windows won't let me end the process because it is vital. I really don't know what to do. any help would be greatly appreciated. I really don't want to have to reinstall windows.


I suggest you post a HijackThis log for examination.A member of the HijackThis Team will walk you through, step by step, how to disinfect your computer.Read How to post a HijackThis Log. Please read, and follow, all directions carefully.Then, run a log, and post it in the HijackThis forum, at this link. Do not, fix anything, yet.A member, of the HJT Team, will help you out.It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.NOTE:Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.

1 more replies
Relevance 32.8%
Question: Two Winlogon.exe's

There is two winlogon.exe's running in task manager, am I keylogged or RATTED?
Screenshot: Screenshot by Lightshot

Answer:Two Winlogon.exe's

I have multiple winlogon.exe files on my machine, and one's taking up a lot of memory - what do I do?

may give some useful info. On another page a user noted when someone logged on, then off, a copy of winlogon.exe remained in memory. If true it may have to do with fast user switching.

3 more replies
Relevance 32.8%
Question: winlogon.exe

I have winlogon.exe imbeded in my computer (windows XP operating system) and that little bugger won't come out.

I have spyware doctor, and it blocks the application, but doesn't remove it. So there's a constant battle going on inside my computer. A Spyware Doctor pop up window says a malicious action has been blocked. But then the trojan trys again within a second and it starts all over again. The spyware doctor says it's a trojan.virtuemonde.


Can someone please help me get rid of winlogon.exe?


Go to here and download 'Hijack This!' self installer.
Save it to the desktop or other suitable place. DO NOT just press run from the website
Double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu.
Click on the entry in start menu to run HijackThis
Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
so do NOT fix anything yet.

1 more replies
Relevance 32.8%
Question: Two Winlogon.exe's

I just noticed there is two Winlogon.exe's and I also noticed a 'LogonUI.exe' in task manager, am I infected?

Answer:Two Winlogon.exe's

Do you have a Guest account ?

7 more replies
Relevance 32.8%
Question: Winlogon.exe

For the past two days I have been getting my zone alarm alert to allow or deny winlogon.exe to access the internet. I did not allow it because I am unsure if it is a virus or not. I know the winlogon file should only be in the Windows/System32 folder and I did a search and found the following:
It was found in Windows/prefetch. Any suggestions? Thanks in advance.


The prefetch copy is a cached copy used to speed up Windows processes. Winlogon is a normal process.

6 more replies
Relevance 32.8%

On my Windows XP PC, I noticed winlogon.exe is using up a lot of CPU. I ran TrendMicro scan and it hasn't picked up anthing. Note sure what I should do next.


Answer:Winlogon.exe using 50-70% CPU

The best way to find out if this is due to malware is for you to follow the instructions in the below link and attach the requested logs when you finish these instructions. If something does not run, write down the info to explain to us later but keep on going. Do not assume that because one step does not work that they all will not.

READ & RUN ME FIRST. Malware Removal Guide

3 more replies
Relevance 32.8%
Question: Winlogon.exe ??

So, I recently updated my COMODO firewall and it made a malware scan and found a Trojan in C:/Windows/system32/winlogon.exe .
It couldn't remove it so It quarantined it and after that I couldnt reboot into windows, I would get a blue screen stop error.
So I uninstalled comodo thorugh safe mode and now It booted just fine.No other scan recognizes this file as trojan so I dont really know what I can do.
Any thoughts?

Answer:Winlogon.exe ??

Bump, Plx

12 more replies
Relevance 32.8%
Question: winlogon.exe

XP Home Laptop
operating system loads. avast comes up with 3 error windows
a window opens and says
winlogon.exe encountered a problem and needed to close

task bar turns white

computer shuts down and restarts

In safe mode computer functions- I ran spyware doctor- came up with rogue antispyware ie defender and deleted it

I am currently running superantispyware.

The problem started on Monday. Ran good on Saturday. On Friday did windows updates - sp3


Sounds like you solved the problem with Spyware Doctor, right?

3 more replies
Relevance 32.8%
Question: Winlogon.exe

Hi there! hopefully you guys can help me...
This is my girlfriend's computer (ACER 4002wlmi), she works with autocad and 3ds, but latetly the computer was really slow. I checked the taskmanager and there were two apps winlogon.exe (one, winlogon.exe by system and the other WINLOGON.exe by user) and a couple of other strange things that an AVG, ewido and ad-aware scans resolve (at least i suppose...). the fake winlogon is supposed locatated at Windows dir, but i canīt find it. this is really slowing down the computer and prevents Aston shell from loading in the startup, what makes my girlfriend very angry... and you know women when they are angry... so please help me...

here is the hijack log:

Edit by chaslang: Inline HJT log removed. READ & RUN ME sticky not followed.



new hijackthis log...

49 more replies
Relevance 32.8%
Question: winlogon ???

Ive got a toshiba laptop with windows xp
When I turn on my laptop on this message appears

Windows cannot find 'C:\WINDOWS\system32\wtrqqhcsw\winlogon.exe' Make sure you typed the name correctly, and then try again. To search for a file, click the start button, and then click search.

I then press OK
Then this appears

Could not load or run 'C:\WINDOWS/system32\wtrqqhcsw\winlogon.exe' specified in the registry. Make sure the file exists on your computer or remove the reference to it in the registry.

I press ok again and this whole sequence is repeated again

My laptop is very slow and I downloaded the free version of AVG and that says I have no viruses but my laptop has been slow for weeks now.

I thought it was to do with my memory as I only have 7gb left but I took some gb off to an external hardrive and this has not made a difference.

Any help would be very grateful.

More replies
Relevance 32.8%
Question: Winlogon.exe

Sorry to bother you guys, but I run a pc with a 350 MHz processor, 38 meg ram, with Windows 98SE. I have this program writting/running to my drive preventing me from running programs, and interfering with my internet. I downloaded a progam from here called Task Info. It revealed to me that Winlogon.exe was the program in question, and it said the are 3 of them running. I saw that it is a part of Windows, and it's a hidden file. So I marked it a viewable in it's properties option, and clicked all 3 to view them. Only to find 1 listed in my windows folder. Is it possible that I had a virus that cloned this program? Is it necessary to have the program running? Is there a way of de-cloning it? Or is there a way to just get rid of it? Please help!!! Thank you very much.


Panther270 said:

38 meg ramClick to expand...

I sure hope that's a typo... might you mean 384MB RAM?

Winlogon.exe was the program in question, and it said the are 3 of them running.Click to expand...

What exact folder is it running in?

33 more replies
Relevance 32.8%
Question: winlogon.exe

If the winlogon.exe gets corrupted or deleted or infected with a virus, can I copy one from C:\windows\system32\... on a healthy PC to the corrupted PC? Can I copy it from the install CD (in the I386 folder, it's called WINLOGON.EX_)?


As long as its the same service pack level version as the OS, yes.

1 more replies