winlogon.exe is using 50% of my cpu

  • BigAlnAZ
  • Born
  • Born
  • BigAlnAZ
  • Posts: 4
  • Loc: Arizona

Post 3+ Months Ago

Here is my Hijacker log. Can anyone help me with this?

Logfile of HijackThis v1.99.1
Scan saved at 1:52:23 PM, on 12/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SonicWALL\SonicWALL Continuous Data Protection\CDPAgentService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\kktools\userdump.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://companyweb/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SonicWALLNetExtender] C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PostCopy] C:\WINDOWS\system32\BELKIN\F5D5050\PostCopy.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [Intellipoint] C:\Program Files\Microsoft IntelliPoint\point32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://*.companyweb
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/in ... er_gmn.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa.gov/assessor/gis/pl ... axctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... s/en/x86/c lient/wuweb_site.cab?1182995365817
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... s/en/x86/c lient/muweb_site.cab?1182995318206
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} (NELaunchCtrl Class) - https://67.88.142.84/NELX.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - https://192.168.10.65/Remote/msrdp.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWi ... ontrol.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lizardtech.com/download/file ... install/is etup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://www.icontrol.com/support/downloads/AMC.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Rose.local
O17 - HKLM\Software\..\Telephony: DomainName = Rose.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Rose.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Rose.local
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: ArcGIS License Manager - Unknown owner - \\Gis_division\c_drive_gis\Program Files\ESRI\License\arcgis9x\lmgrd.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: SonicWALL CDP Agent Service (SonicWALLCDPAgent) - SonicWALL Inc. - C:\Program Files\SonicWALL\SonicWALL Continuous Data Protection\CDPAgentService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • ace5p1d0r
  • Expert
  • Expert
  • User avatar
  • Posts: 630
  • Loc: UK

Post 3+ Months Ago

It is normal for this process to be using that amount of your CPU, at least when the computer starts up.

Or does it always use this much?
  • grinch2171
  • Moderator
  • Genius
  • User avatar
  • Posts: 6809
  • Loc: Martinsburg, WV

Post 3+ Months Ago

The following entries can be removed:
Quote:
O2 - BHO: (no name) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - (no file)

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} (NELaunchCtrl Class) - https://67.88.142.84/NELX.cab
  • deathblade
  • Proficient
  • Proficient
  • User avatar
  • Posts: 419
  • Loc: u.k

Post 3+ Months Ago

i found that when some of my processes run ded high it was due to registry
  • grinch2171
  • Moderator
  • Genius
  • User avatar
  • Posts: 6809
  • Loc: Martinsburg, WV

Post 3+ Months Ago

I read your PM. Your log is clean. I didn't think removing those entries would fix anything. What you need to do is download Process Explorer and look into winlogon and see what is causing the spike and go from there.
  • BigAlnAZ
  • Born
  • Born
  • BigAlnAZ
  • Posts: 4
  • Loc: Arizona

Post 3+ Months Ago

grinch2171 wrote:
I read your PM. Your log is clean. I didn't think removing those entries would fix anything. What you need to do is download Process Explorer and look into winlogon and see what is causing the spike and go from there.


I'll give that a try and let you know how I fare. Thanks.....
  • BigAlnAZ
  • Born
  • Born
  • BigAlnAZ
  • Posts: 4
  • Loc: Arizona

Post 3+ Months Ago

Here is the process log from process explorer. Any ideas?

jjjj
jjjj
jjjj
jjjj
jjjj
!This program cannot be run in DOS mode.
[Rich
CS P
.text
`.data
.rsrc
ADVAPI32.dll
AUTHZ.dll
CRYPT32.dll
GDI32.dll
KERNEL32.dll
NTDLL.DLL
msvcrt.dll
NDdeApi.dll
PROFMAP.dll
PSAPI.DLL
REGAPI.dll
RPCRT4.dll
Secur32.dll
SETUPAPI.dll
USER32.dll
USERENV.dll
VERSION.dll
WINSTA.dll
WINTRUST.dll
WS2_32.dll
wyP
wxj
wuw
wea
wDR
wCi
wSw
Flw
Plw
[lw(?lw
Glw
Blw~Blwhclw+Ulw
wPz
wIb
vkE
vIE
vOc
6vVS6v9
S6vY
6vQr6v
n6vIw6v9
qMf
hGS?(
MHH
ohh
nhh
%lee
fDB
m_YY
n_YY
mnYX
sll
@U\VV
!MHH
FBB
gaa
|PKK
voo
5MHH
SNN
Jpii
mff
lee
uRP
FBB
vrkk
IDD
rOM
mQLL
<,mff
vSQ
YTT
@UJJ
qee
KAA
qee
uch\\
KAA
FBB
mQLL
YTT
!MHH
FBB
gaa
|PKK
voo
5MHH
SNN
Jpii
mff
lee
uRP
vrkk
IDD
rOM
<,mff
vSQ
KBB
MDD
OFF
YVLL
@eVLL
pee
PGG
qff
PGG
TKK
ujj
VLL
Z}mbb
xmm
ZQQ
BQHH
cSJJ
odd
pee
IAA
WNN
d)kaa
z_VV
AJBB
vMEE
TLL
vll
cLK
BULL
LDD
1*dZZ
4mWNN
F3SJJ
bXX
zoo
YPP
IMB::
YPP
KAA
R_TT
yxPFF
a^SS
'ZOO
26KAA
dZZ
/mbb
ULL
LCC
0>cXX
ysUKK
PGG
qff
PGG
TKK
pdd
ZPP
JAA
|TJJ
dXX
d)kaa
z_VV
AJBB
vMEE
TLL
vll
cLK
u>SV
wbf
SVW
PQPQ
SVW
PQS
SVW
u$SPQPQ
SVW
RPQPQ
SVW
PQPQS
(SVW
VPQ
Gc`H
0SVW
s HA
(SVW
RQPV
,SVW
4SVW
szS
SVW`
PWW
PSV
PSV
PSV
PSV
SVW3
Rhh
PWW
PSV
PSV
PSV
PSV
RPj
Rhl
SVW`
PWW
PSV
PSV
PSV
PSV
RPj
hrdx
VhBf
Rhp
SVW`
PSV
PSV
PSV
PSV
SVWj
RPj
Rht
SVW`
PWW
PSV
PSV
PSV
PSV
RPj
Pj@VW
v4SW
FG;u
SVW
@H+AD
pPj
pPj
pPj
pPj
pPj
@H+AD
pPj
pPj
pPj
pPj
pPj
pPj
pPj
pPj
pPj
pPj
pPj
pPj
pPj
@H+AD
pPj
pPj
@H+AD
pPj
pPj
Security
Winlogon
(0x%x,0x%x)
OptionValue
system\currentcontrolset\control\safeboot\option
AEPolicy
SOFTWARE\Policies\Microsoft\Cryptography\AutoEnrollment
AutoEnrollmentRefreshTime
Software\Policies\Microsoft\Windows\System
userinit.exe
Default
UserInitAutoEnroll
UserInitAutoEnrollMode
ShellReadyEvent
AUTOENRL:UserEnrollmentShellTimer
AUTOENRL:UserEnrollmentTimer
AUTOENRL:MachineEnrollmentTimer
AUTOENRL:TriggerUserEnrollment
Local\
AUTOENRL:TriggerMachineEnrollment
Global\
Warning Sounds
Control Panel\Accessibility
/Hotkey
UtilMan
utilman.exe /debug
ForceAutoLogon
WINLOGON
AutoAdminLogon
DefaultUserName
DefaultDomainName
Software\Microsoft\Windows NT\CurrentVersion\Winlogon
\Registry\Machine\System\CurrentControlSet\Control\Terminal Server
fSingleSessionPerUser
EnableConcurrentSessions
System\CurrentControlSet\Control\Terminal Server\Licensing Core
%4d:%02d:%02d
Global\TermSrvReadyEvent
unknown
OEM Driver
%dx%d %s
AutoSelectLogon
Container-%lx
Provider-%lx
Reader-%lx
Card-%lx
Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SCLogon
ediskeer.dll
Starter
_CsCapLib
Microsoft Enhanced Cryptographic Provider v1.0
Non-fatal error (%d:%016I64X) occurred.
Error (%d:%016I64X). Rebooting.
Error (%d:%016I64X). Shutting down.
Windows Starter Edition
TMP
TEMP
HOMEPATH
HOMESHARE
HOMEDRIVE
System\CurrentControlSet\Control\Session Manager\Environment
GinaDll
msgina.dll
Key
RASMAN
KeepRasConnections
COMPUTERNAME
vpn
netapi32.dll
IMM32.DLL
Start
SYSTEM\CurrentControlSet\Services\NetDDE
ClipSrv
default
WinSta0
\\.\pipe\NetDDE
WinSta0\Default
NDDE$
NDDEAgnt
WlMprNotifyWinlogonWindow
WlMprNotifyPassword
WlMprNotifyOldPassword
WlMprNotifyOldPasswordValid
WlMprNotifyDomain
WlMprNotifyUserName
WlMprNotifyStationHandle
WlMprNotifyStationName
WlMprNotifyDesktop
WlMprNotifyLogonFlag
WlMprNotifyLogonId
WlMprNotifyProvider
WlMprNotifyPassThrough
WlMprNotifyChangeInfo
%s\Winlogon
ntsd -d %s%s
mpnotify
mpnotify.exe
Class
system\CurrentControlSet\Services\
\NetworkProvider
ProviderOrder
system\CurrentControlSet\Control\NetworkProvider\Order
\cdfs
\fat
\ntfs
AllocateDASD
AllocateCDRoms
AllocateFloppies
AppEvents\Schemes\Apps\PowerCfg\CriticalBatteryAlarm\.Current
AppEvents\Schemes\Apps\PowerCfg\LowBatteryAlarm\.Current
Low Battery Alarm Program
Critical Battery Alarm Program
SnapShot
Maximize
Minimize
RestoreDown
RestoreUp
Close
Open
MenuCommand
MenuPopup
SystemAsterisk
SystemExclamation
SystemQuestion
SystemHand
.Default
SAS window class
sethc %ws
PromptPasswordOnResume
Software\Policies\Microsoft\Windows\System\Power
ShadowFilter
Software\Microsoft\Remote Desktop
__DDrawExclMode__
__DDrawCheckExclMode__
taskmgr.exe
WINSTATIONNAME
Software\Policies\Microsoft\Windows\Control Panel\Desktop
eControl Panel\Desktop
Shell
explorer.exe
AutoRestartShell
SAS Logon Notify
SAS window
scrnsave.scr
(NONE)
SCRNSAVE.EXE
ScreenSaverGracePeriod
Screen-saver
RestrictNonInteractiveAccess
\Sessions\%d\BaseNamedObjects
lsass.exe
System
%SystemRoot%\system32\userinit.exe
nddeagnt
userinit
Nddeagnt.exe
Userinit
\INSTALLATION_SECURITY_HOLD
SetupType
SYSTEM\Setup
SetupShutdownRequired
SystemSetupInProgress
syssetup.dll
Repair
HibernationPreviouslyEnabled
SetWin9xUpgradePasswords
\migpwd.exe
Winsta0\Winlogon
MigPwd
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SYSTEM\CurrentControlSet\Control\MiniNT
dnetplwiz.dll
RunNetAccessWizard
winsta0\Default
ntsd %s %s
Cmdline
\Security\NetworkProviderLoad
Autochk
bootex.log
Fonts
PagingFiles
\temppf.sys
srrstr.dll
RestoreInProgress
Software\Microsoft\Windows NT\CurrentVersion\SystemRestore
System shutting down.
\Sessions\%ld\DosDevices
-winlogon %d
-setup
LsaStart
%SystemRoot%\system32\lsass.exe
SaveDumpStart
%SystemRoot%\system32\savedump.exe
ShutdownStateSnapshot
ShutdownEventPending
SOFTWARE\Microsoft\Windows\CurrentVersion\Reliability
TempDestination
DumpFile
\Registry\Machine\System\CurrentControlSet\Control\CrashControl\MachineCrash
\MEMORY.DMP
EventFlag
SYSTEM\CurrentControlSet\Control\Watchdog\Display
SYSTEM\CurrentControlSet\Control\CrashControl\MachineCrash
ServiceControllerStart
%SystemRoot%\system32\services.exe
InitShutdown
%02d:%02d:%02d
%d days
Win32 Registry/SystemShutdown module
Win32 SystemShutdown module
%u.%u.%u.%u
AllowMultipleTSSessions
DisableIdleLogonTimeout
\\.\Pipe\TerminalServer\AutoReconnect
Global\TS-WPAAE
TermService
winlogon: user logon event
RCommonProgramFiles
CommonFilesDir
ProgramFiles
ProgramFilesDir
Software\Microsoft\Windows\CurrentVersion
APPDATA
shell32.dll
SESSIONNAME
Console
USERDNSDOMAIN
Volatile Environment
USERPROFILE
USERDNSDOMAIN=\NT4
NoPopupsOnBoot
System\CurrentControlSet\Control\Windows
RasAutodialLogoffUserDone
RasAutodialLogoffUser
winlogon: User GPO Event %d
Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableBkGndGroupPolicy
Software\Policies\Microsoft\Windows\System\Scripts\
MaxGPOScriptWait
wlnotify.dll
Software\Policies\Microsoft\Windows NT\Terminal Services
PerSessionTempDir
System\CurrentControlSet\Control\Terminal Server
UserInitGPOScriptType
Startup
winlogon: machine GPO Event %d
RunStartupScriptSync
NETLOGON
NTDS.IndexRecreateEvent
Shutdown
Logoff
RunLogonScriptSync
Logon
Run Group Policy Logon Scripts
Finish User Group Policy
Begin User Group Policy
Finish Machine Group Policy
Begin Machine Group Policy
win9xupg
RunGrpConv
System\CurrentControlSet\Control\SafeBoot\Option
PrimaryDnsSuffix
NV PrimaryDnsSuffix
Software\Policies\Microsoft\System\DNSclient
Domain
NV Domain
Hostname
NV Hostname
System\CurrentControlSet\Services\Tcpip\Parameters
e%windir%\system32\sfc.dll
ALLUSERSPROFILE
Local\WinlogonTSSynchronizeEvent
ntsd -d -p %d
ntdll.dll
WinStationsDisabled
\Sessions\%d\BaseNamedObjects\ReconEvent
\BaseNamedObjects\ReconEvent
Global\SingleSesMutex
Windows setup has completed, and the computer must restart.
UserRequestedUpdate
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate
wuaueng.dll
sbasesrv.dll
Windows Update
Reset ComCtl32
%SystemRoot%\system32\msgina.dll
%windir%\system32\
CLSID
NoDebugThread
DisableLockWorkstation
COMCTL32
powrprof.dll
Shell32.dll
Software\Microsoft\Windows NT\CurrentVersion\Winlogon\LocalUsers
::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
shell32.dll,10
Microsoft.NetDriveReconnectFailed
USERNAME
Owner
Data
GBG
Skew1
System\CurrentControlSet\Control\Lsa
SecureBoot
Impersonate
Asynchronous
MaxWait
DLLName
SafeMode
%SystemRoot%\system32\sfc.dll
sfc.dll
termsrv
Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
tWINSCARD.DLL
DefaultPIN
SCard$AllReaders
\\?PnP?\Notification
O:SYG:SYD:(A;;RC;;;SY)
ncalrpc
%s-%lx
sclogonrpc
VerboseStatus
wkssvc: MUP finished initializing event
lanmanworkstation
WaitForNetwork
MaxRetrySysvolAccess
\\%s\sysvol\*.*
SysVolReadyEvent
SysVolReady
SYSTEM\CurrentControlSet\Services\netlogon\parameters
NtdsDelayedStartupCompletedEvent
RpcSs
SamSs
Winlogon Job %x-%x
\SAM_SERVICE_STARTED
Comctl32.dll
WindowsLogon.manifest
eventlog
\Registry\Machine\System\CurrentControlSet\Control\SecurePipeServers\
ncacn_np
\PIPE\
Remote\%d\GdiPlus
Remote\%d\Control Panel\Desktop
Software\Microsoft\Windows\CurrentVersion\ThemeManager\Remote\%d
Software\Microsoft\Windows\CurrentVersion\Explorer\Remote\%d
UserPreferencesMask
Yes
HighQualityRender
FontSmoothingType
SmoothScroll
DragFullWindows
ThemeActive
Wallpaper
TaskbarAnimations
Force Blank
ActiveDesktop
uxtheme.dll
TSConnectEvent
\Security\WxApiPort
0x%08lX
Smart Card Logon
TypesSupported
EventMessageFile
%SystemRoot%\System32\scarddlg.dll
System\CurrentControlSet\Services\EventLog\Application\Smart Card Logon
.bak
Software\Microsoft\Windows NT\CurrentVersion\ProfileList
NextLogonCacheable
UserPreference
LocalProfile
ShutdownWithoutLogon
OOBE Job
\oobe\msoobe.exe
%s\EmbdTrst.dll
MediaCenter
Installed
Global\WPA_LT_MUTEX
Global\WPA_PR_MUTEX
Global\WPA_HWID_MUTEX
Global\WPA_RT_MUTEX
OOBETimer
Windows Product Activation
\wpabaln.exe
BCDFGHJKMPQRTVWXY2346789
Microsoft Strong Cryptographic Provider
%s\oembios.bin
IDR_WPA_LICSTORE
Global\WPA_LICSTORE_MUTEX
-OEM-
System\WPA\
%s%s-%s
@H+AD
pPj
pPj
pPj
pPj
tGF#
QQS
tNG
xpsp2res.dll
WlxDisconnectNotify
WlxReconnectNotify
WlxGetConsoleSwitchCredentials
WlxRemoveStatusMessage
WlxGetStatusMessage
WlxDisplayStatusMessage
WlxNetworkProviderLoad
WlxScreenSaverNotify
WlxStartApplication
WlxShutdown
WlxLogoff
WlxIsLogoffOk
WlxIsLockOk
WlxWkstaLockedSAS
WlxDisplayLockedNotice
WlxLoggedOnSAS
WlxActivateUserShell
WlxLoggedOutSAS
WlxDisplaySASNotice
WlxInitialize
WlxNegotiate
NetMessageNameDel
NetMessageNameEnum
ImmDisableIme
ScreenSaverIsSecure
NoAutoReturnToWelcome
ScreenSaveActive
RepairStartMenuItems
SetupSetDisplay
NetAccessWizard
ResumeRestore
CTXDOMN
CTXUSRN
CTXSRVR
SHGetFolderPathW
TermsrvCreateTempDir
SfcGetNextProtectedFile
DbgBreakPoint
BaseSrvNewObDirAcls
InitCommonControlsEx
MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Winlogon
SetActivePwrScheme
GetActivePwrScheme
DllGetClassObject
A:\startkey.key
Reconnect
Disconnect
PostShell
StartShell
Unlock
Lock
StopScreenSaver
StartScreenSaver
Shutdown
Startup
Logoff
Logon
SfcWLEventLogon
SfcWLEventLogoff
SCardAccessStartedEvent
SCardIsValidContext
SCardCancel
SCardGetCardTypeProviderNameW
SCardListCardsW
SCardListReadersW
SCardFreeMemory
SCardEstablishContext
SCardGetStatusChangeW
SCardReleaseContext
SCLogonSecurityCallback: AuthzAccessCheck failed - %lx
SCLogonSecurityCallback: RpcGetAuthorizationContextForClient failed - %lx
SclogonInit: ConvertStringSecurityDescriptorToSecurityDescriptorW failed - %lx
SclogonInit: RpcServerRegisterIfEx failed - %lx
SclogonInit: RpcServerUseProtseqEpW failed - %lx
ScHelperInitializeContext failed - %lx
jYIx
HnH
ImageOkToRunOnEmbeddedNT
IKq
KwV
US]CQ
%08x,%08x,%08x,%08x
Hash%03d
HashSize
HashBlocks
Type
yMS
nKl
OEM-5.1
Version
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority0
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority0
Bdy
kzb#
lUa
zmtN
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority
Z38nM
%s%ls
D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)
Global\WPA_LICSTORE_MUTEX
Global\WPA_HWID_MUTEX
Global\WPA_LT_MUTEX
Global\WPA_RT_MUTEX
Global\WPA_PR_MUTEX
CDROM
DiskDrive
Display
hdc
SCSIAdapter
DEST
GetIfTable
\iphlpapi.dll
%02X%02X%02X%02X%02X%02X
GenuineIntel
%s Family %d Model %d
Non-x86
RSA1
VVVV
WSWj
PPPPj
PVh
PSSSSSSSj
PSSSSSSh
PSSSSSS
tqj
SWV
PVht
WWWPW9>t
PWh
WWWW
tch
Vhot
WWWW
WWW
Vhot
PPP9E
Vhot
PPPP
jxYf
PhL
SSSSS
tAIu:f
ZVj
WuK
jxV
PVhR{
PSV
Hu@W
tSSh*|
PPh
ShH
PSh
PSh
Pjd
WjG
PWWj
PWWj
Vhh
t$8hA
PSSj
PSSW
ztE
QWh
PSSW
ztf
Phh
PWh
t$$hm
PVVj
QSVW
PVWj
uBd
WSj
ttWj
SVW
VSj
tgVj
PVhl
WSW
tbh
jjW
WWh
RPh8
PSSj
j hB
zuD
SVW
t$@hc
WWh
WPh
VWS
WWh
j hB
PWS
PSW
FVSS
WWh
PPP
sHh
sHPh
j hB
ChP
WPh
CXQP
tih
WPh
sHh
pHSh
;AHu
SWh
WWh
WWh
t$(hq%
SSh
SPh
WVS
SSh
t$0hl
jxC
VSj
PWh?
WWWhx
Pj j
SSS
Wj0Y3
VWj(Y
QPj
PWWh
PWWh
tfW
tLWW
BBFF
u}jhj
FHu
uXV
j Wh N
v`Sh
vAV
vFV
Ht#Ht
Hu!j
tof
tih
SVW
BFFf9
PPPW
HHu$V
QSVW
toW
t+Hu$f
ShH
YYt%9^0u j
ShX
QVW
SVW
Pj@j
t4Ht
tHd
VVVVVW
VVhX
SVW3
PVVVW
QQSW
PWW
t>Wj
SVW
jW[tY
Shp
vOH;
PWj
WWWW
VVj
PhZ
QSP
SVW
jxV
GWj
XPj
tRh
tKh
PWVh
PPjNP
tWV
PWS
WhSE
PWVhy
tFj
WWV
tgh
PWW
YYt
FFh
PVh$
PSSj
YYt#
t}VVVh
jAVVj
VVP
SVW
VVh
vZh
VVh
QQVW
PWWj
QQS
uoW
QQV
HtbH
SSSSSS
HHj
VRWQ
YYuE
YYu1
VGh
tDSh
t0Sh
uOW
urQ
t`VRQ
tOS
GWh
VVPPPPh
PhT
VVVVV
PQh
Whn
SVV
PWVh
PVh
AAf
PWh$
SVW
Htp-
t+Pj@
SSSSSSSj
|UhH\
SSSSSSh
SSSSSSh#
SSSSSSSSj
PSj
PSSj
t&SSj
PhT
PSSS
HSV3
FSh
QPf
SSP
tuF
@QVQ
WSh
HHt
uaS
PVj
PVV
QPj
gur
uBj
uOj
SVH
SSWh
VSS
VWj
tcd
t$ hT
QSVW
SSj
WWW
PPP
t$(hZ
PWWW
t$$hW#m
Whx"
PWhD"
SVW
PSh
SSQP
uEh<#
t$4hy
SSS
SVW
uI9s
VhH
PVh
GGf
VVh
uH9s
tPj
XPS
PVhL$
PVhL$
jLW
jdW
GWVP
PVj
PVj
VVVj
VVPj
DQMB
RQW
CdP
CdP
CdP
CdP
jLW
VVVVVVh
PPPPPW
QQh
QQh
teV
AAQP
PWhL$
PWhx%
PWh`%
PWhD%
PWhD%
PWhL$
PWhx%
PWhD%
PWhD%
=jBh
SVW
tZSSh
SSh
SSSh
PSj
PSj
bWj
t5Vj
SSSSSSSSj
SSSSSSh
SSSSSSSj
SSSSSSSSj
SSSSSSSj
SSSSSSSSj
QQV
SVW
QPS
t+WV
VWj
VWu>
QQSV
QPj
PWj
t!WV
QVj
PjF
PjL
t!WV
SVW3
QQS
ShH
YYt
YYuU
tqf
YYu
VWj
QVjW^
Vhd'
Vhd'
PVh
tdh
SSj
PSj
SSj
WjG
WhH
uPVWWWW
PVVVh
PVh
VVVV
VhH
tE9u
t;Wh
VVVV
ShH
PSh
PShX(
uBh
SVW
Phd'
PVVh,*
RSSSh
SVW3
VVVWV
QQSW
Phx*
SPh
VWSSh
QPPh
SVW
PSh
WRP
~UNNS
WRP
vNV
uZV
SSh
uCV
BBNu
TSWj
PSSSWS
tgj
tXW
PVW
VhH
PVh
VVP
VVj
VVh
PVh
VhP-
VVVVh$-
VVVVh
uuVh
t6VVV
VhP,
VVj
VVhd&
tch
CCf
YYt
VVV
YYu
u&VW
SSSSSSSj
PhPZ
QVR
CSj
QSVW3
VVj
tOSP
jCWWWWj
PSj
PSSj
zuB
tUf
u$9=XZ
Vul9
SVjW
f9:u5f9z
jWX;
PGh
HHSt
IIt&
t4Ht
WjG
WjF
SVWjGYj
VhH
PVh,1
SVWj*
SVVS
u$Sh
VVV
zukjB
PWh
GWVV
XVV
tkHuzh
FHf
FLf
VWj&
tqVW
SShx3
SSj
Yt-d
Qhh
YYuP
@~ WWu
tVh
tAd
PWu
3WPWV
HHt
jfXPQ
jxX
jfV
uGV
s*Wj
[uEV
FhPh
Nlu
SVW
PSh
SSh
FFf
FFf9
FPF
HHf
FFf
FFf9
HHf
FFf9
Shx3
tqhL3
ujV
WWWWWWh"
SShG
SPhP
ShC
SPhQ
ShC
SPhQ
Y@Y@f9
ShC
WhQ
SWhN
u9f9H
u3f9H
FFf
FFf9>u
Pj WW
PSh<4
WhH
PWh
PWh
PWj
WWWW
t)WP
VWj
Yjh
VhH
PVhx6
PVhx6
SVh
rJVVVh
PSW
VVVSVVj
PShD7
tIh
PWW
QhF
tJh
Wht8
ShH
PSh
PShH8
PSh
PShH8
F<Pj
PSj
SSSS
FHt
FLP
FDt
tej
tHP
WShH
PWj
PWh
PShx6
SSj
WSht
PhP9
SSj
SWj
VhH
PVVh$:
VWj
Hti3
PPP
ZSW
SVW
PFj
tKSSSP
SVW
PSh
PSh
PShl;
PShl;
jjjj
PSh
PSh
jVW
SSSj2SSS
t7Sj
VVS
Phd<
SSS
PSSSSSSSj
tDj
PPVj
SVVS
PSSSSSS
tRh
t>Wh
VPh
VVV
SPV
t[f9;uVf
mret
CdP
FpP
PWPPPh
PWPPPh
jGYj
RPj@
FpP
CdP
VVPV
PVhp>
t?hz
PPShM
ShP:
PSh
tfj
tSj0S
PSS
j h0u
PSSh
9X0WVt
PVW
PVW
SSj
SSj
ShP?
t6It)It
SWu`
VVS
QSVW
RQPj
HuL
QSVjx^Vj@
6jBPS
tFS
QQSWjx_Wj@
thV
u1jB
SVW
QQhl@
QSV
SWj
t$(hY
PSh
QQV
VVVV
PWV
hSS
hLA
Qh<Q
QSV
PSSj
QVW
PWVhC-
jxV
SSj
SSj
u0SV
QQSV
PCS
uBWV
PPPPP
VVVV
SWV
tPh
t$ hi
t$4hb
j Wh0u
PWh
WWj
jxS
WWj
Pj j
AHu
AHu
AHu
AHu
AHu
AHu
WhhA
j h0u
VVS
zsj
x#hw
tkK
m7Jr
bv90R)
P/ns
UELw
Krc#z
eHa;
Qba
bKV
quN,Cm
=un@^p
I"S"B"
'ZaA
txJx
mE|EtEAE
f=f1f
g,g!g
gXg
{+y$y<y4y
ynyfy#{
yTy
xsx
QSV3
HHt
u89~4uAj
t'Ht
XPV
jxS
WWj
WWj
Htd
SVW
u-SV
SShX
SSSS
SPh|
uiV
hN$g
q$PjTP
WWWWWWWWW
WWWWWWWWW
WWWWWWWWW
WWWWWWWWW
FBB
QQSV
WWh
FVS
WjHj@Vh
WPhp
tDHu
PjHj@j
Php
uMh
VWv
PVhTC
PVVh?
SVW
PShHD
PSh8D
uXh
VjTj@
hlD
FD_t
VjTj@
VjTj@
SVW
PWWW
YYt 9=
YYt1
PWWW
j0h`E
JtaJt
JtsJtP
HHu
u"WV
ShV
SWh<F
hlE
jlhXF
PSh?
SSShx
8SjBP
hdF
j~hY
PWW
tJj
j~hY
YYt
j~hY
8jBP
j~hY
jDh
9XXt
PSSj
9HXu
VVh
PhxG
QVVV3
PVVV
Ph(G
PVV
t#Ph
hpH
Ph,H
YtOV
QQS3
VWj
QQV
tZS
QQV
tZS
tsS
QQV
tZS
PhY
SVWu,
HHt
HHt
jfXP
HHt
HHu
jfXP
WtMP
tQV
SVhY
-mret
t%It
IIt
-mret
mret3
PSSj
mret
mret
aWV
PhY
mret
TVW
PhY
mret
mret
mret
mret
-mret
-mret
Wtaj
YYWh
WWW
-mret
mret@
JVW
tEJt%Jt
q,Qt
mret
HVW
Ht#Ht
CdP
mret
tGh
YYt
=SVW
PSj
tqWh
tS9u
VVW
SVW
VhH
PVhXI
VWj
hpJ
hxI
SVW3
WhH
PWhXI
Vht8
jhh
PVVVWV
PVW
mret
RQW
Phh
QVW
hSVW3
PVVV
PVV
VVV
SVW
SSSS
CSV
SVW
QPh
PVh
PVh
SVW
uOj
VWj
PWWh
VWj0j@
PGj
(SVWh
u*SS
tYV
uMV
jph8M
8MZu
XPVSS
SVW
hXM
PWWj
tXj
WWj
QSV
QRPh
QRPh
QRPh
QRPh
B dP
B8PP
BLxN
BP8P
PWWWh|O
QPj
VWh
zuRV
QPPPPPPPj
QQS
VWj
tLj
PVh?
hxN
Ph\Q
hLQ
hxN
Ph\Q
VhLQ
~,WQPR
VPV
wAtp=
PWh
toWW
hLV
dSV3
PSj
QPj
PSj
QPj
PSj
PSj
SVWr|
wUf9|V
wGf9|N
w<f9|F
v'Pj@
SPj
upSVW
t/SWh
SVP
YSj
PVVh
Pj W
PVVVj
QPVVj
VVW
PVVh
tTV
SVW
PSj
PSj
SVW
PSS
Pj W
u SSj
PSS
\SVWj
Pj V
@SVW
Pj W
WSj
PWj
SVW3
PWj
QPj
QQS
t!j j@
tKVj W
QPj
Wt!P
HuqSW
HHuoSW
SSSSj
t.@Pj@
t'SS
QRPh8
QQV
Ph4X
PSj
PSj
QRPhX
mjq
rjB
Nmc
K9X9t9
gAd3
NGHcq
dqZ
puk
Mv]vov
xNG)
>nNu
SVW
Kjf
Pj S
aWy
AAX?
rki
tgyq
*OZx
`Qhh
$urQ
`Qhh
gkvI
Yrh}
kWJ
cHWI*
xsU)g
`fQz
adwHD
&1fAk
UMA
`QhP
vZu
rQp
Jv$w/
Cgpu
>ljk,XWa"
DkUJ
qQDq
WV@x
K|dS?
fmic
QFzQ8
IJ]J~J
"-QIr
LkR
l+k-(p
SAq
AbE
r{YJ
a&U4ZC.
WxO
Cit
8uIK
NdW
jSI
I/ko
MTtC1
cmm
=hHq
clF
HEc
ca]T7
3OzF
Ll5n
_gLM
SAd
A[VSB
DWUJ
ItLv-=
2ar}VSF
YTD
Pvk
qGQ
[nn"j
T&EL
sDo
ELNf
ZOg
Yv~ux
wZv!v
Dtn
`QYQ
ORhR
c$MH
ouZ
OXV
YBjj=
cik
`Qhh5
xl*!+D
XOMVI
e_Zpw
{kxL
r3Fh{
HKi
VSq
ijI<
RV:\.pv
ADY>
|~jYV1
TWJ
vBK
,SYC`U'
\GYF
uRz
NKijT>
B!3x2h5
NwNPN
xPC
K4Ff
i{Sd
uJq
c{cxE
6BbB
BWC
BIB
C5CQC
Sde
QTSI`[
ydU
DaIb
OyR
aFu:
PVK
QIIQ
DrMrQr
rls
VJjH
DzJ{
lK>^S
a-(&McTQ-Q
WWG\
R#aPY <3
,*"Hi@y
dZM
c?Cz
Iqn
qY]d
mTL
JEr
CWtEu
T@Zb|E
buV
gZB
YyQ
"caz
Zx8Dl0t
fLx
M'zI
;FC|K9
EOq
DyH
XYO
{wUCU3
J;JFJWJ
`QhhO
BJf
WFf
BJf
WFf
Pj S
Vj/hX$
Vj/hX$
;aS`Ulk
9uUx
aCP
y<nUh?
yE2Bc-+
F?mg-
dSVW
t-PV
Phni
Ujo
5sOr
|ZAey
~_yWbj
VWS
Vj5h0%
`Qhp
VcIqX#
t)Dn
g"%ze
XE~Ce
G~Cz7
HHg
nc&b,
Npuz
eH=o^
SVW3
cTf
LRf
CYf
Vj9h
PSh?
SSS
bJX
j$r^Dq{
RDP
1xRT
KwG
ooin
NdM
`Qhx
eVY
Inw
jLO
MVuG
ter4
t3cA
bwtS
wbP'
ddX7
iq1g
daJ
if=m8%p
DZ-Y
{rpx
|ejeqe
Dgb
vNcNx
"-Vs6C
Hhs
m.Er
Pe$Hv
WhIT1
"eZD
HoHR
YnJnRn
Mny
DVU
x_pK
Vfg
wED
EX~W`
N{Ql
bOi\jd
Tbo
~Sh{v
yBM
BJ?D
FB/p
VbAwE
Rnw
geA
Udc
PnR
FgH
\vG@I
qJo
tXKn
ntf
\l+r:ms
ekc
a?SQ
sPY
]WC,B
;dSH+
UzY'r0`
R(9$DX5
RSS
ugRt
2xFs&
o<Rk
eGbG#
`Qhh
5InW
Ga{N
uB*G
(I+ft
nqw
"Q#y#F"R"r"'"
SSh
SSh
u*SSSSSS
jGYj
RPh
SSSSSj
jGYj
RPj@
SSSSSj
Sjx
w0SSji
PWV
SSSSh
u5SSSSh
SSji
SSSSh
SSh
SSSSh
SSh
SSh
arU
ClKJ
THH]6|
SFF
#JLr
nU8k
M1Ed
Zl2Y
`QhX
iCnaL
~UC\=Ec
\QxU
%qbs
VN$n)a
R:R{w
ONO4
&avu
noDL
`QhX
ih:KUYCp
N0lSY
Db@Y
R%7XX
NeN
>~sue
XKo
`Qhx
rHq
XSuT
ozVn
Ct:x
GBaBLB
j$,cn7d
yiR
WNVS
SVW
`QhP
/YQ~Vub0&
3v'=UIN9
nyB
JH>Y
?PCZW
x0Ik
NkXSz
NDL
YYn#(
udQK
~?o_xP
`QhX
RAm
nqco_
fxA
havn
AqML
BpT
Z:GG
|vbX
TgJ=
Wkx
ofo
nnn
o,oFo
cbA
jS^t
wHS&
WBQ{
)ZMb
jO)O
tLQ
g?Fm
#CUo
n1ZUc
RwH
fi?Fm?{%
4PAg
i?Fm
nb)j5
",l9Jz(0
N%OM
iEg
n1ZU
Wj9Juk
QC(Uy
8HOB
YFa
a/f-'KEK
c''KE{
$pSz
0XQm
SGc
c'/[eT
ECo
RwP
/n=Ba
Pb-b%
#CUy
EY!r
r7*d)j6
+f-bLD
Psz
c'v_b
d-b%A
Xc<Di
l=Be
=h5RE
e+nz(0
KwK
AHu
r7RE
Kw,]ii
od-b%
i7VM
k7Vb
uQG
j1ZUH
'e/f-s
JDm
L.Ya
ERA
,d)jg
Iss
k7VM%OM
LYS
h1ZU_
>Di&IAP
KJH
UKT
^o5RE
Tj5REk
EY)j5R$
SRV
sfr
X-KK
Cnk
teF
y#j#r#
tYv
rpd
RP"V
sOY
`Qhh
JtD
IaU
yq[q
RkR`
PzaW=
r1:6s3O
Phta
hpa
WPhda
hpa
VhXa
hDa
SSSj
VSj
eLf
SPj
hA]J
AZk
1w#S\!3s#
BDQ3
ty-x
Qx~r
q_aS%
tYmK
v,tYmK
see
vfOYry-
9qWqse
j4kc
qSyc
nME1
fB{g
tyB
fB{g
Ndd
VswmnQ
u[uGu
sLs
qgqBq
}i}b}I}B}
u(uUu
trt
s<sus
p ~x~o~
mje
FgqZN
JI*Gs
(za&w
BYK
SPO
AGC2
Vav
grW
'QLe]
Nvi
xQx
y,yHy
zozFz
UpPu
Ude
?uLN
ab4in
`-WmD
guR
-VKUM
wvf
WVB@
`QhP&
)WLeP&
Q8L8p8
tlC
`QhX,
wtJ
scm
RpF
r<rYr
s'sz
y Kg
jdO
h<J4C(
LzW
`QhX/
69G+F`W
n#rHW
kNRMLi
vrKr
`QhH1
bxr[4
e&kW
jT3T
T]ULUZT
TlU
tSVW
SSSSj
rKt
jBi
Z7F7p7
hTb
tDP
vP?g
UpMr
Lk1[K
g?w\h
qjN[
dep
cb|bTb
Khl
`gFgJg
zW+m
lfh
1wkI;
`QhH=
NiQy
uQhQTQ
EAo
`QhP?
pOw
YJ=l'
T1tU
`QhP@
tOVOBO
`Qh8A
SQkiZ8A
`Qh(B
LXxdz7X}bRM
UJ,9x$
lJnl
4TdCO
RZCZ}Z
Phpb
PSj
jWX_^]
E@DNc
[Avb
`QhXI
jXf
A=R=n=
IPX
COY
EHIw
S#SUS
heE
hxG
O`k#3i
LTQTcT
WHNb
,5WJb
PAPhP
P#P-P
QSQaQ
3X%X8X
`QhhT
FBs(
;yUd.
ALjVNbwy
AXX
$ohF)
rhj
kpV|K
IBH
ZXx
GNL
;TehT
wE{^O&
MbMCM9M
\7Oyn
FXF}F
+'for
[Q7=IA
@QQQ}Q
`QhPY
7a a,a
JVU
)U>U2U
&w-w3w
fbK
+n"n4n
qqZY
`Qhh\
WYd,?<
(dtCq
f;,sL
Bks
`QhX]
'Asf
B,J'L;
Iie
`Qhx`
vn5s
{s#~Kx`
'HmH
`Qhpa
b>pa
`Qh(b
hRt
_gGgPg
wYD
ZywU
*S"S?S
oTp
'<qpyi#=
>aQW
PWVh
hxb
`Qh k
dOk
m'KS8
Cy!Mv
cQa-
xjv
dI,E
#D*Ci
NF!D
EpESE
DmD
EaE
D}DRD
a?M5Y
bJi
WSE
lFq
p4p8p
`QhXp
i@Hln
KGd,
`Qh r
m-E r
`QhHs
ywhYb
oCUaS
rHs
sCI
`Qh8t
`Qh`u
eO}D#1
nq'7K
VM@MLM
lBt
luh
Fgh
X$n&x
SVv
`QhXz
]V$p2z
LyR`
KwJq
UhXrqF
NXz
OvO=O
UEd
nGH*
BPmp
mEe4
mV6G
;?sBM
ubSW
jT^W
toPh
PPh
jAY3
t#jV^
PSSSSSSh
PSSSSSSh#
PSSSSSSSj
0SVW3
PVS
PWj
PWj
VSj
YqR
hfeS=
aRs
RgRMR
uLh
hxg
)TBB
"ipX
sOrU
6jGS
ANESB
BA%xY
`f|fHf
dmy
yCj
`Qhh
HRyT
CM\s,
eGEHMn
qN`Mb
oSZ
uoo
DJg
NWh
EWu
Xr[3eK
aKTW-
lCy
cst
kMlh
CzN
Eos
W2C2O2
m?@JS
FjB
OhR
gUn@
fbD
lKs
mmm
OIns
D#oy
Psh
FcMq`t/
iXk
]#JT0z
bEz
C<X<x<
kgU
zAff
YBP
bjF
wil
sMJ
+A Ue
wBv
e<q<C<
EEi
B(ah
dwb
XCJ
Jzh>
nBYFR4
mFb
mJJ
XNQ2
fY_.#E
hVO
AaL
CDcHso
^tAK
fb'b
`Qhp
MeI
sYE+42
d1nN
H7JPJ
~VqHA(
uDc
cLC
nlz
rIVI
,g?A3As
Nm+Q
~nHe
Joj)
BII
WHE
pJ@u
<_py[id
k`)o;G
Rej
Hqj
fdr'
`QhX
XXa
yFO7q
rEwRSGTJ
CHmH`H
`Qhp
e$a)O
oZj|{
BoLv
GIv
OYR
NId
)gGE
cyk
OlO~OMOZO
Wx&8y
FKP
Gym
KlRqU
`QhH
5bOo
TTEz
&o>.ABE
;W}mx31:
lf\f
>Irz&
UDx
rk&L
QR\6E7b<
WHa
|VMb%
&z*e:J
rrD
`Qhx
3#zB-?B2
NM(O7
`Qhp
fB)l
!aya?
juP
uJ2y
ZtvL>
Mjn
hPP
OpM
?EUv
Vg-l)G
D^CC
%:+t/Nj
yVxW
\p@pup
pUp~p
aA~AHA
HyJ
FWLTj
R&RaRuRDR
:ska
vov
EDEv
qM>M
FlZ
SZ>v
ybN
u4NWtj
Mmock5
XdUn=
{wQw
`QhX
zob
XQk
uOe
fZhFP\
RXd
ejIH
lUv
*GmE
p"p4p
XlJlml
/fAm+
iwC
UJux
OyB
frf
tum
9TLrx
B!Ix
c5Lvp
Y;S"mU
XwH
E4SV
wxj
olxC
bsV
ikf
sN~uD)
dqT
ojg~: i)3
gRm
w]sE
kl{F?
J@+VP
r7./j%V
zR]Y
GsG
FhF
x;q;m;
[xvx
L=lm
2pMR
{AMdY
n]Tr
`Db2R
hPi
FQQVW
<8hyG
qKM
BbL
U~tA
WGA
LaG
nk2`a
Bzw
mAO[{mH
DwF
UZ1z
[BMBPB
iW,B
wOZ'V?
T3x3A3
tq\qyq
`Qhp
O-fY
R=Jb
JaDZ
wsQ;
IWE
RrNJG
aHg#
ssQ;
$bEZ=
CPmk
nov
iT%K
tSRWQP
`Qhx
d0Ae
/I;ud
u^hGS
sOf
Fve
Ow@{&j,
JniZ
SjN!
VFe7
0jgQL
djdyd
`QhH
M~rW|
luU!
Rmt@>
~bPT
{tkM#
L`|NjJ
rGrrr
UUc'
TWx
y4Ys
BfBGB
BzBPB0B
vIv
RVK
HjI
+X0jTnN
nlA
r.xA
sze)
OpS[
m<jog
dqj
rqG
GMu
Exj
EHP
EHP
SVW
VPVP
C0PV
C4PV
vQP
C0WPj
vQPj
C Pj
C$Pj
s@Vj
C@PV
t*Wj
PVP
QPP
K@QP
wvC
F$Vj
F$Vj
F$Vj
C$SW
E4Pj
tUS
ELPP
tBS
ELP
E@PPP
E4PP
tJS
ELPj
E4Pj
ELP
tKS
ELP
ELP
NPt#SVW
PVj
EL9GP
MlS
ETP
ETP
ETP
ETPP
ETP
ETP
ETP
ETPj
tpW
ETP
tZW
ETPj
tBW
ETP
E4PPS
]`A;M0v1S
ETPj
ETP
ETP
E4PP
ETP
ETP
tgS
ETP
M09MHr
E4PP
CPtH
E(SVP
SVW
PSPP
MPu
EDP
E8Pj
EDP
uhS
EPPj
H$Pj
9udu
utP
G@PS
uhS
Mtu
uxj
F$Vj
MDQQ
EDPP
twj
E8PP
F$Vj
M`QS
EPPj
EPP
9Mxw
E\tw
EhP
tc9]ht^
EDP
EDP
9Uxt#
B;Uxu
tCSV
uEH
VW~b;
VWv
SQP
SVW
~Tt!W
H$Pj
SVW
Cks
QVj
F$Vj
QVj
F$Vj
SVW
ud;ul
uDw
uPtx;
M0;Mlr
+ED+EH9E
ULu
E@)EH
+EP+E@9E
EH)E@
PVSW
u0QP
}lWP
upP
udW
uTV
uxP
G$Wj
XQP
t-Wj
QVW
GWQ
K$SP
FVQ
G$WR
SVW
SVW
SVW
PVV
tyWVj
teW
tRWVj
WVj
uDQ
uGQ
w4VV
QPj
VSV
QPW
dRP
QSVW
PWS
PRQ
WV!T
PSP
SPV
PWP
WSW
WSW
PVW
PVS
QPS
PVW
VWWS
GVW
SWV
QQV
Su0W
PVQ
VRS
QPP
VWS
PVWWW
PVW
VWS
WWW
@w=VW
VSP
QQSVW
l$$uY
Y]IX
PUQ
vQRP
u'VW
tb9u
SVW
PVW
QVP
WSV
PWSS
WSSS
VSW
uyV
QSVW
SPP
WSV
VWPu6
VPP
VWW
WSV
QSVW
PSV
SVWV
SVVV
SVWV
SVj
SVV
SVWV
SVj
PWP
t4SV
t%j X+E
SVW
PQj
tJV
w7wB
l{fl+
TRH
D|\hYO
yJo
CnRkd-
Hf~MH
Tag
Y<hkJ_
dxqE.
B2sB'
rnX
1dq#R!0E
6,iLX
"hCV66MW
}2t)n|Sw
LD^q
~E9aX
G6\xq+w
<4=d}wb
XrrG
2Jrw
DJD
Pp(H
Ei&:q
Qa=M
:vkJ(
6Dgw4
NETAPI32.dll
WINMM.dll
ole32.dll
MSGINA.dll
RASAPI32.dll
MPR.dll
WNetClearConnections
WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW
WNetRestoreConnection2W
NetGetJoinInformation
NetEnumerateTrustedDomains
DsGetDcNameW
NetUserGetInfo
NetUserModalsGet
NetApiBufferFree
DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory
CoCreateGuid
CoUninitialize
CoCreateInstance
StringFromGUID2
CoInitialize
RasHangUpW
RasEnumConnectionsW
DwRasUninitialize
RasQuerySharedConnection
WinmmLogon
MigrateSoundEvents
WinmmLogoff
PlaySoundW
ADVAPI32.dll
AUTHZ.dll
CRYPT32.dll
GDI32.dll
KERNEL32.dll
msvcrt.dll
NDdeApi.dll
ntdll.dll
PROFMAP.dll
PSAPI.DLL
REGAPI.dll
RPCRT4.dll
Secur32.dll
SETUPAPI.dll
USER32.dll
USERENV.dll
VERSION.dll
WINSTA.dll
WINTRUST.dll
WS2_32.dll
ConvertStringSecurityDescriptorToSecurityDescriptorA
A_SHAInit
A_SHAUpdate
A_SHAFinal
LsaStorePrivateData
LsaRetrievePrivateData
LsaNtStatusToWinError
CryptGetUserKey
CryptGetKeyParam
CryptEncrypt
CryptSetProvParam
CryptSignHashW
CryptDeriveKey
CryptGetProvParam
RegOpenCurrentUser
RegDeleteKeyW
AddAccessAllowedAceEx
RegSetKeySecurity
I_ScSendTSMessage
MD5Init
MD5Update
MD5Final
SetFileSecurityA
AllocateLocallyUniqueId
LsaOpenPolicy
LsaQueryInformationPolicy
LsaFreeMemory
LsaClose
RegNotifyChangeKeyValue
QueryServiceConfigW
SetKernelObjectSecurity
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumKeyExW
GetCurrentHwProfileW
RegCloseKey
RegQueryValueExW
RegOpenKeyW
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
RegOpenKeyExW
CreateProcessAsUserW
DuplicateTokenEx
CloseServiceHandle
ControlService
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
EqualSid
GetTokenInformation
RegSetValueExW
RegCreateKeyExW
CryptGenRandom
CryptDestroyHash
CryptVerifySignatureW
CryptSetHashParam
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptDecrypt
ReportEventW
RegisterEventSourceW
CryptImportKey
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
RegEnumValueW
RegQueryInfoKeyW
RegDeleteValueW
CredFree
CredDeleteW
CredEnumerateW
CopySid
GetSidLengthRequired
GetSidSubAuthority
GetSidSubAuthorityCount
GetUserNameW
OpenThreadToken
EnumServicesStatusW
ImpersonateLoggedOnUser
RegQueryValueExA
CheckTokenMembership
DeregisterEventSource
LsaGetUserName
RevertToSelf
LookupAccountSidW
IsValidSid
SetTokenInformation
LogonUserW
LookupAccountNameW
OpenProcessToken
SynchronizeWindows31FilesAndWindowsNTRegistry
QueryWindows31FilesMigration
AdjustTokenPrivileges
RegQueryInfoKeyA
AuthzInitializeResourceManager
AuthzAccessCheck
AuthziFreeAuditEventType
AuthziInitializeAuditEvent
AuthziInitializeAuditParams
AuthziInitializeAuditEventType
AuthziLogAuditEvent
AuthzFreeAuditEvent
AuthzFreeResourceManager
AuthzFreeHandle
CryptImportPublicKeyInfo
CryptVerifyMessageSignature
CertCreateCertificateContext
CertSetCertificateContextProperty
CertVerifyCertificateChainPolicy
CryptSignMessage
CertCloseStore
CertComparePublicKeyInfo
CryptExportPublicKeyInfo
CertFindExtension
CryptDecryptMessage
CertGetCertificateContextProperty
CertAddCertificateContextToStore
CertOpenStore
CertVerifySubjectCertificateContext
CertGetIssuerCertificateFromStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertEnumCertificatesInStore
CryptImportPublicKeyInfoEx
RemoveFontResourceW
AddFontResourceW
WTSGetActiveConsoleSessionId
GetTimeFormatW
GetUserDefaultLCID
FileTimeToSystemTime
FileTimeToLocalFileTime
GetProcAddress
LoadLibraryW
GetModuleHandleW
SystemTimeToFileTime
GetSystemTime
SetLastError
TerminateProcess
GetCurrentProcess
CreateTimerQueueTimer
CreateThread
lstrcpynW
GetShortPathNameW
GetProfileStringW
FreeLibrary
ReleaseSemaphore
CreateSemaphoreW
GetSystemInfo
GetComputerNameW
GetEnvironmentVariableW
WaitForSingleObjectEx
LoadResource
FindResourceW
SetThreadExecutionState
DeleteTimerQueueTimer
ResetEvent
GetSystemDirectoryW
TransactNamedPipe
SetNamedPipeHandleState
GetTickCount
CreateFileW
GlobalGetAtomNameW
VirtualLock
VirtualQuery
GetDriveTypeW
Beep
OpenMutexW
QueueUserWorkItem
LeaveCriticalSection
EnterCriticalSection
DisconnectNamedPipe
SearchPathW
lstrcatW
LocalReAlloc
ExpandEnvironmentStringsW
TerminateThread
ResumeThread
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
DeleteFileW
WriteProfileStringW
ReadFile
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
FormatMessageW
SetPriorityClass
MoveFileExW
WaitForMultipleObjectsEx
GetExitCodeProcess
SleepEx
InterlockedExchange
FindClose
FindFirstFileW
GetWindowsDirectoryW
SetTimerQueueTimer
GetComputerNameA
GetVersionExW
VerSetConditionMask
WriteFile
WaitNamedPipeW
WaitForMultipleObjects
ConnectNamedPipe
DuplicateHandle
OpenProcess
GetOverlappedResult
GetVersionExA
lstrcmpW
SetEnvironmentVariableW
UnregisterWait
CreateNamedPipeW
CreateRemoteThread
CreateActCtxW
GetModuleFileNameW
ExitProcess
LoadLibraryExW
SetErrorMode
SetUnhandledExceptionFilter
GetPrivateProfileStringW
LocalSize
VirtualAlloc
VirtualQueryEx
DebugBreak
CreateFileA
InitializeCriticalSection
ProcessIdToSessionId
SetInformationJobObject
AssignProcessToJobObject
TerminateJobObject
PostQueuedCompletionStatus
PulseEvent
GetQueuedCompletionStatus
CreateIoCompletionPort
CreateJobObjectW
ActivateActCtx
DeactivateActCtx
InterlockedCompareExchange
LoadLibraryA
QueryPerformanceCounter
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetModuleHandleA
GetStartupInfoA
GetCurrentProcessId
SetThreadPriority
GetCurrentThreadId
lstrcmpiW
GetProfileIntW
LoadLibraryExA
lstrcpyW
lstrlenW
Sleep
LocalAlloc
CreateEventW
GetExitCodeThread
SetThreadAffinityMask
GetProcessAffinityMask
CreateWaitableTimerW
CreateMutexW
OpenEventW
RegisterWaitForSingleObject
WaitForSingleObject
CreateProcessW
SetWaitableTimer
ReleaseMutex
SetEvent
UnregisterWaitEx
CloseHandle
lstrlenA
lstrcpyA
MultiByteToWideChar
GetACP
WideCharToMultiByte
HeapAlloc
GetProcessHeap
HeapFree
lstrcpynA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
lstrcmpiA
GetFileSize
SetFilePointer
GlobalAlloc
GlobalFree
GetLastError
LocalFree
lstrcatA
lstrcmpA
GetLogicalDriveStringsA
GetDriveTypeA
GetVolumeInformationW
GlobalMemoryStatus
CreateMutexA
FindResourceExW
LockResource
SizeofResource
VerifyVersionInfoW
GetSystemDirectoryA
GetCurrentThread
DelayLoadFailureHook
BaseInitAppcompatCacheSupport
OpenProfileUserMapping
CloseProfileUserMapping
BaseCleanupAppcompatCacheSupport
InitializeCriticalSectionAndSpinCount
VirtualProtect
CreateEventA
TlsSetValue
DeleteCriticalSection
TlsGetValue
TlsAlloc
VirtualFree
TlsFree
_vsnwprintf
wcslen
wcsncpy
wcsstr
atoi
wcstok
memmove
wcschr
swprintf
swscanf
_local_unwind2
_wcslwr
wcscmp
_snwprintf
malloc
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
?3@YAXPAX@Z
?2@YAPAXI@Z
__CxxFrameHandler
_itow
_snprintf
_wtol
_strnicmp
sscanf
wcstombs
sprintf
strchr
strncmp
atof
_ftol
isspace
__set_app_type
wcscpy
_controlfp
wcsncmp
_wcsupr
ceil
wcscat
_except_handler3
free
_wcsicmp
RtlAllocateHeap
NtPowerInformation
NtSetSystemPowerState
NtRaiseHardError
RtlDeleteCriticalSection
NtOpenSymbolicLinkObject
NtReplyPort
NtCompleteConnectPort
NtReplyWaitReceivePort
NtAcceptConnectPort
NtCreatePort
RtlConvertSidToUnicodeString
RtlFreeUnicodeString
NtLockProductActivationKeys
RtlTimeToTimeFields
NtUnmapViewOfSection
NtMapViewOfSection
NtOpenSection
NtQuerySymbolicLinkObject
NtQueryVolumeInformationFile
NtSetSecurityObject
RtlAdjustPrivilege
NtOpenFile
NtFsControlFile
RtlAllocateAndInitializeSid
RtlDestroyEnvironment
RtlFreeHeap
NtQueryInformationToken
NtShutdownSystem
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlCreateEnvironment
RtlQueryEnvironmentVariable_U
RtlSetEnvironmentVariable
RtlInitUnicodeString
NtOpenKey
NtQueryValueKey
RtlSubAuthoritySid
RtlInitializeSid
RtlLengthRequiredSid
NtAllocateLocallyUniqueId
RtlGetDaclSecurityDescriptor
RtlCopySid
RtlLengthSid
NtSetInformationThread
NtDuplicateToken
NtDuplicateObject
RtlEqualSid
RtlSetDaclSecurityDescriptor
NtClose
RtlOpenCurrentUser
RtlCreateSecurityDescriptor
RtlAddAce
RtlCreateAcl
RtlNtStatusToDosError
NtOpenDirectoryObject
NtQuerySystemInformation
NtCreateEvent
NtCreatePagingFile
RtlDosPathNameToNtPathName_U
RtlRegisterWait
NtSetValueKey
NtCreateKey
RtlTimeToSecondsSince1980
NtQuerySystemTime
NtPrivilegeObjectAuditAlarm
NtPrivilegeCheck
NtOpenThreadToken
NtOpenProcessToken
RtlUnhandledExceptionFilter
NtQueryInformationProcess
DbgBreakPoint
RtlCheckProcessParameters
RtlSetThreadIsCritical
RtlSetProcessIsCritical
RtlInitString
NtInitiatePowerAction
DbgPrint
NtFilterToken
NtQueryInformationJobObject
NtOpenEvent
RtlGetAce
RtlQueryInformationAcl
NtQuerySecurityObject
RtlCompareUnicodeString
NtSetInformationProcess
InitializeProfileMappingApi
RemapAndMoveUserW
EnumProcesses
EnumProcessModules
GetModuleBaseNameW
RegDefaultUserConfigQueryW
RegUserConfigQuery
RpcServerRegisterIfEx
RpcServerUseProtseqEpW
RpcImpersonateClient
I_RpcMapWin32Status
RpcServerRegisterIf
RpcGetAuthorizationContextForClient
RpcFreeAuthorizationContext
RpcServerListen
RpcRevertToSelf
NdrServerCall2
UuidCreate
GetUserNameExW
LsaLookupAuthenticationPackage
LsaRegisterLogonProcess
LsaCallAuthenticationPackage
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetFocus
EnumWindows
CreateWindowStationW
RegisterLogonProcess
RecordShutdownReason
LoadLocalFonts
UnhookWindowsHook
SetWindowsHookW
GetWindowTextW
CallNextHookEx
DialogBoxParamW
GetWindowPlacement
GetSystemMenu
DeleteMenu
SetWindowPlacement
SetUserObjectInformationW
GetAsyncKeyState
PostThreadMessageW
SetUserObjectSecurity
CreateDesktopW
KillTimer
GetMessageTime
SetLogonNotifyWindow
UnlockWindowStation
SetTimer
ReplyMessage
UnregisterHotKey
RegisterHotKey
OpenInputDesktop
GetUserObjectInformationW
CloseDesktop
RegisterDeviceNotificationW
SetThreadDesktop
CreateWindowExW
GetMessageW
TranslateMessage
RegisterWindowMessageW
SetCursor
DefWindowProcW
FindWindowW
MessageBoxW
SendNotifyMessageW
PostQuitMessage
MsgWaitForMultipleObjects
GetWindowRect
GetSystemMetrics
PeekMessageW
DispatchMessageW
SetProcessWindowStation
UpdateWindow
ShowWindow
SetWindowPos
PostMessageW
ExitWindowsEx
EnumDisplayMonitors
SystemParametersInfoW
GetDlgItem
SendMessageW
CreateDialogParamW
DestroyWindow
GetWindowLongW
GetDlgItemTextW
EndDialog
SetWindowLongW
LoadStringW
SetWindowTextW
SetDlgItemTextW
wsprintfW
wsprintfA
LockWindowStation
MBToWCSEx
SetWindowStationUser
UpdatePerUserSystemParameters
DialogBoxIndirectParamW
wvsprintfW
SetLastErrorEx
LoadCursorW
CheckDlgButton
IsDlgButtonChecked
RegisterClassW
CloseWindowStation
LoadImageW
GetParent
GetKeyState
GetDesktopWindow
SetForegroundWindow
SwitchDesktop
OpenDesktopW
WaitForUserPolicyForegroundProcessing
GetAllUsersProfileDirectoryW
WaitForMachinePolicyForegroundProcessing
UnloadUserProfile
LoadUserProfileW
GetUserProfileDirectoryW
RegisterGPNotification
CreateEnvironmentBlock
DestroyEnvironmentBlock
UnregisterGPNotification
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
WinStationRequestSessionsList
WinStationQueryLogonCredentialsW
WinStationIsHelpAssistantSession
WinStationAutoReconnect
_WinStationWaitForConnect
WinStationDisconnect
_WinStationCallback
WinStationNameFromLogonIdW
_WinStationFUSCanRemoteUserDisconnect
WinStationEnumerate_IndexedW
WinStationGetMachinePolicy
WinStationQueryInformationW
NDDEAgnt
NetDDE Agent
[none]
NetDDE
NetDDEDSDM
ClipSrv
NetDDEMainWdw
Start NetDDE Services
NetddeAgentExecRtn
NetddeAgentWakeUp
NetddeAgentAlive
NetddeAgentDying
System\CurrentControlSet\Control\Session Manager\Memory Management
TempPageFile
DontWatchSysProcs
Software\Microsoft\Windows NT\CurrentVersion\WPAReminders
DisableReminder
Administrator
System Shutdown
MS Shell Dlg
This system is shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. This shutdown was initiated by %s\%s.
Time before shutdown :
Message
Text
Winlogon generic control dialog
MS Shell Dlg
Shutdown Computer
MS Shell Dlg
It is now safe to turn off your computer.
&Restart
Shutdown in Progress
MS Shell Dlg
Workstation Locked
MS Shell Dlg
Please wait while the current user is logged off.
User Interface Failure
MS Shell Dlg
The Logon User Interface DLL msgina.dll Failed to load
Contact your system administrator to replace the DLL, or restore the original DLL.
&Restart
NetDDE Agent
MS Shell Dlg
Starting NetDDE related services...
System Standing By
MS Shell Dlg
Please wait while the system prepares to stand by.
System Hibernating
MS Shell Dlg
Please wait while the system prepares to hibernate.
Logon Message
MS Shell Dlg
Please authorize this action by entering the password of an account with Administrator privileges.
&User:
&Password:
&Domain:
RC{O
&Cancel
User Interface Failure
MS Shell Dlg
The Logon User Interface DLL msgina.dll Failed to load
To correct this problem, please have the administrator of the remote computer contact the program vendor for a version that is compatible with Windows.
PKD
&End Connection
Windows 3.x Migration
MS Shell Dlg
You have installed Windows NT into an existing Windows 3.x directory. You have the option of migrating portions of your Windows 3.x environment into the Windows NT environment.
Migrate Windows 3.x &WIN.INI and CONTROL.INI
Migrate Windows 3.x &Program Manager group files
Cancel
Please select below the parts you wish to migrate into the Windows NT environment.
The shell stopped unexpectedly and %1 was restarted.
The automatically enrolled certificate of type %1 is being renewed for the following reason(s):
The automatically enrolled certificate of type %1 is being re-enrolled for the following reason(s):
Subject Name:%1
Alternate Subject Name:%1
Automatic enrollment against the certification authority %4 for a certificate of type %3 has
failed. (%1) %2. Another certification authority will be tried.
The certificate returned from an auto-enrollment is incorrect. Subsequent auto-enrollment cycles
will ignore reasons for failure. Please contact your system administrator. The reasons for failure are
listed below:
The certificate does not fulfill the intended usage requirements specified by the certificate template:
Certificate: %1
Certificate Template: %2
The certificate does not fulfill the key usage requirements specified by the certificate template:
Certificate: %1
Certificate Template: %2
The certificate does not fulfill the basic constraints requirements specified by the certificate template:
Certificate: %1
Certificate Template: %2
The certificate does not contain the template name specified by the certificate template:\n
Certificate: %1\n
Certificate Template: %2
The certificate does not contain the any of the principal names specified for this user:
Principal Name(s): %1
The subject name of this certificate does not contain the e-mail name for this user:
User e-mail name(s): %1
The alternate subject name of this certificate does not contain the e-mail name for this user:
User e-mail name(s): %1
This certificate does not contain the e-mail name for this user:
User e-mail name(s): %1
The certificate does not contain the DNS name of the machine:
DNS Name(s): %1
This certificate does not contain the Directory Name of the user or machine:
Directory Name(s): %1
This certificate does not contain the Active Directory object identifier of the user or machine.
This certificate contains an Active Directory object identifier, but should not.
The certificate is no longer trusted for the following reason (0x%1!lx!) %2.
The certificate's issuer is no longer allowed by the autoenrollment object.
The certificate will expire soon.
Execution of GPO scripts has timed out and have been terminated.
Failed to set the user's home directory %1.
Initialization of automatic certificate enrollment has failed. There is possible corruption
of system DLL's required for auto-enrollment. (%1) %2
Verification of an automatically enrolled certificate has failed. (%1) %2
Unknown or unavailable cert type, %3, requested for automatic certificate enrollment.
This enrollment will not be performed. (%1) %2
The enterprise root certificate store could not be updated.
The NT Smartcard authentication certificate store could not be updated.
The automatic certificate enrollment subsystem could not access local resources needed for enrollment.
Enrollment will not be performed. (%1) %2
The automatic certificate enrollment subsystem could not access network resources needed for enrollment.
Enrollment will not be performed. (%1) %2
A security failure is preventing automatic certificate enrollment.
Enrollment will not be performed. (%1) %2
A critical system process, %1, failed with status code %2. The machine
must now be restarted.
Welcome back to the %1 domain. While you were offline, your settings were stored in a local account. Do you want to move them to your %1 account?%0
Your settings cannot be moved because of an error. (Error code %1!u!)%0
%1 (this computer)%0
The system could not validate %1. Check your account name, and type your password again. Letters in passwords must be typed using the correct case. Make sure that Caps Lock is not accidentially on.%0
The system could not validate %1 on %2. Check your account name, and type your password again. Letters in passwords must be typed using the correct case. Make sure that Caps Lock is not accidentially on.%0
The user account you just entered does not have the authority to move settings. Please try another account, such as Administrator.%0
Windows XP Startup Password
MS Shell Dlg
This computer is configured to require a password in order to start up. Please enter the Startup Password below.
&Password:
&Restart
Windows XP Startup Key Disk
MS Shell Dlg
This computer has been configured to require a disk to be present during startup. Please insert the disk and press OK.
If you do not have the disk, contact your administrator or select the Restart button to restart the computer.
&Restart
Connect to existing Remote Desktop
MS Shell Dlg
You already have active Remote Desktop connections on this computer. Please select one of the following:
Mode/Color
Connect Time
Disconnect Time
MS Shell Dlg
Phone number:
Cancel
Callback in Progress
MS Shell Dlg
Please wait for callback.
Terminal Server Sessions Disabled
MS Shell Dlg
Remote logins are currently disabled.
VS_VERSION_INFO
StringFileInfo
CompanyName
Microsoft Corporation
FileDescription
Windows NT Logon Application
FileVersion
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
InternalName
winlogon
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
WINLOGON.EXE
ProductName
Microsoft
Windows
Operating System
ProductVersion
VarFileInfo
Translation
Restart system
[The system can not log you on (%X). Please try again or consult your system administrator.
Windows Message
(It is now safe to turn off the computer.
Shutdown Message/The Logon User Interface DLL %s failed to load.pThe system process '%s' terminated unexpectedly with status code %d. The system will now shut down and restart.EThe account specified does not have permission to move user profiles.XYour settings have been transferred, and you need to log on again to use those settings.;Windows setup has completed, and the computer must restart.dThe dial-up networking connection '%s' is currently active. Would you like to close this connection?hMultiple dial-up networking connections are currently active. Would you like to close these connections?
WINMM
waveOutGetNumDevs
PlaySound
MigrateSoundEvents
WINMM
MigrateMidiUser
Your system has no paging file, or the paging file is too small.
To fix this problem, go to System in Control Panel, click the Advanced tab, and under Performance, click Settings. On the Advanced tab, click Change. Click 'Custom size,' and then type an initial or maximum paging file size.
Limited Virtual Memory
Invalid System Time
The time or date on your system is invalid. Please use the date/time applet in the Control Panel to properly set your system time and date.
;The system is not fully installed. Please run setup again.
aUnable to log you on because your account has been locked out, please contact your administrator.
bYour account does not currently have Administrator privileges. Please specify a different account.
Administrator
!NetDDE Agent unable to initializegCould not start one or more of the NetDDE related services.
Consult your system administrator for help.
You cannot intiate a Remote Desktop Connection because the Windows logon software on the remote computer has been replaced by incompatible software %s.
\The Startup Key File was not found on the disk in drive A:. Please insert the correct disk.
Key File Not Found
cYou should change your battery or switch to outlet power immediately to keep from losing your work.
Critical Battery
Low Battery
system.scr
Logon Connect Failed
WError connecting to existing session for %s (Id %lu)
A new session will be created.
Logon Disconnect Failed
Error disconnecting Id %lu
Disconnect from Windows NTZThis will disconnect your session.
You can reconnect to this session when you Logon again.
Callback Roving Session
Callback Fixed Session^Your interactive logon privilege has been disabled. Please contact your system administrator.
Invalid Phone Number
A callback phone number is not configured for this Session. A callback phone number must be configured for Fixed Callback Sessions. Please notify the system administrator.0You do not have access to logon to this Session.BYou do not have the proper encryption level to access this Session
&Disconnect...
The user %s\%s is currently logged on to this computer. If you continue this user's Windows Session will end and any un-saved data will be lost. Do you want to continue?
~The user %s\%s is currently logged on to this computer. Only the current user or an administrator can log on to this computer.}The requested operation cannot be completed because the Terminal Connection is currently busy processing a connect operation._You are attempting to connect back to your own computer. The requested operation is not allowedKThe terminal server has exceeded the maximum number of allowed connections.
The user %s\%s is currently logged on to this computer. If you continue, %s has to disconnect from this computer. Do you want to continue?M%s\%s is currently logged on this computer, and did not allow you to connect.7Error connecting to existing session for %s (Id %lu).%s7Unable to log you on because of an account restriction.
Logon Message
Preparing network connections...
Applying computer settings...
Running startup scripts...
Running shutdown scripts..."Applying your personal settings...
Running logoff scripts...
Running logon scripts...!Loading your personal settings...
Closing network connections...
Windows is shutting down...
Preparing to stand by...
Preparing to Hibernate...
Saving your settings...3Preparing to Stand By in order to complete eject...;The Active Directory is rebuilding indices. Please wait...
Windows is starting up...
Logging off...
User group policies finished./Waiting for machine group policies to finish... Machine group policies finished.#Stopping Windows File Protection...
Remote logoff in progress...
Restoring network connections...
Executing: %s...
Loading power profile...
Playing logon sound...
Playing logoff sound...
RPCSS is starting...
Active Directory is starting...
MUP is initializing...
Shutting down your computer...,Waiting for user group policies to finish...
&Could not reconnect all network drivesIClick here to open My Computer and see the status of your network drives.
WinStationFreeMemory
WinStationReset
_WinStationNotifyDisconnectPipe
WinStationConnectW
WinStationSetInformationW
WinStationShutdownSystem
WinStationCheckLoopBack
_WinStationNotifyLogon
_WinStationNotifyLogoff
CryptCATCatalogInfoFromContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
WTHelperProvDataFromStateData
WinVerifyTrust
WTHelperGetProvSignerFromChain
CryptCATAdminReleaseContext
getaddrinfo
RSDS
winlogon.PDB
uGt
BOw
=wxr
eJ,HZc<E
IE*^KVnmM
VEx
Dko
RzZ
rID
GhuY/l
U]Q=S
qf!y^'c
6nN@g%oP*
Z?eV
waO
7LXT4
ykm'
eYM<
ZSP
>xMSWz
oxi
rEt\
fsrJ
jaiR
come
="-l_ly*e
h}vn
S?KE
IFs
-ovn
oem
volume
retail
e=rQ
=rld=r
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
name="Microsoft.Windows.Logon"
version="5.1.0.0"
processorArchitecture="x86"
type="win32"
<description>Microsoft Windows Setup</description>
<dependency>
<dependentAssembly>
<assemblyIdentity
name="Microsoft.Windows.SystemCompatible"
version="5.1.0.0"
processorArchitecture="x86"
type="win32"
publicKeyToken="6595b64144ccf1df"
</dependentAssembly>
</dependency>
</assembly>
DDD8
ODD8
DDD8
DDD8
DDD8
DDD8
DDD8
DDD8
DDD8
DOD8
DDD8
DDD8
DHD8
DKD8
DDD8
DDD8
DDC
DDC
wwwww
wwp
wwwwwwwwwww
wwp
wwwwwwwwww
DDDDDD@
wwp
xww
wwwwwwww
wwwwwwwwww
wwwx
wwwwwww
wwwww
wwp
wwwwwwwwwww
wwp
wwwwwwwwww
DDDDDD@
wwp
xww
wwwwwwww
wwwwwwwwww
  • grinch2171
  • Moderator
  • Genius
  • User avatar
  • Posts: 6809
  • Loc: Martinsburg, WV

Post 3+ Months Ago

That log makes no sense whatsoever. What you need to do is run Process Explorer. In the left pane you will see winlogon.exe if it isn't already expanded click the plus sign. Then look to see what is spiking winlogon by looking in the right hand pane.
  • BigAlnAZ
  • Born
  • Born
  • BigAlnAZ
  • Posts: 4
  • Loc: Arizona

Post 3+ Months Ago

grinch2171 wrote:
That log makes no sense whatsoever. What you need to do is run Process Explorer. In the left pane you will see winlogon.exe if it isn't already expanded click the plus sign. Then look to see what is spiking winlogon by looking in the right hand pane.

J

Just winlogon.exe at 50%. Nothing else is spiking.

Post Information

  • Total Posts in this topic: 9 posts
  • Users browsing this forum: No registered users and 42 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.