Darn winlogin.exe

Printable View

January 12th, 2006, 10:03 AM
jpw2ch

Darn winlogin.exe

I just can't get rid of winlogin.exe. It shows up in the hijack this log as:

04 - Global Startup: winlogin.exe

One other questionable log file:

020 - Winlogon Notify: igfxcui - C:\Windows\System32\igfxsrvc.dll

I have gotten mixed reviews on this one. Doing a Google search it comes up as an Intel graphics dll file.

I have tried deleting the winlogin.exe from hijack this in safe mode but it says I can not delete it because it is a running process. Stop the process in Task Manager and then try to delete it. Nothing shows up in Task Manager.

It shows up in two places when I do a search.

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogin.exe

and

C:\Windows\pss\winlogin.exeCommon Startup

Doing a search in the registry it shows up in:

HKLM\Software\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^winlogin.exe

I also had a bout with WorldAntiSpy and right underneath the winlogin.exe in the registry is:

HKLM\Software\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WorldAntiSpy.Ink

I have run multiple virus scans as well as Adaware, Spybot and Ccleaner all in safe mode.

Can I delete both strings (winlogin and WorldAntiSpy) from the registry and then delete the winlogin.exe files from Windows?
January 12th, 2006, 03:05 PM
jpw2ch

Ok, I deleted both strings in the registry. The WorldSpy one is now gone but presto, the winlogin.exe is back in the registry after a reboot. What is this damn thing?
January 13th, 2006, 04:07 AM
crunchie

Download HijackThis self-extracting zip version from here. Once downloaded, double click on the file & it will install into it's own, permanent folder.
Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you the option of where to save it. Save it to desktop where it is easy to access. Open the log file and copy the entire contents of the file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.