Hello everyone

I would characterize my computer knowledge at the intermediate level at best. So I often find my self at a loss when trying to understand some of the more complex ins and outs of computer functions.......Currently I am struggling to understand "winlogon.exe". I recently purchased "ad-aware pro" which includes a real-time feature that monitors all attempts to make registry changes. One name that has come up hundreds of times is "winlogon.exe". I probably would not have given it a second thought but I recently cleaned up my registry with a registry cleaner. What a difference in performance!!......my machine runs as smooth as silk since house cleaning my registry. Consequently, I am suspicious and guarded about any attempts to alter my registry for fear that I will loose the performance I gained. I have thus far blocked all attempts by "winlogon.exe" to make changes to my registry (over 200 blocks thus far)..further, I have noticed no ill affects by doing so. So the questions arise.........how important to the functioning of my computer are these changes that "winlogon.exe so desperately wants to make??.........if I allow them, will this slow down my computer either immediately or over time??............. if I disallow them is there any real consequence??...................I don't use "internet explorer" I use "firefox" exclusively.

any help with this would be much appreciated
thanks

dofrdo,


Information from here

A very good program for you to dowload which attaches itself to your taskmanager is Process Library or Quick Access.

Hope this helps, keep us posted and again welcome to the forum.

kind regards,

Though correct, that is not a good answer for the OPs question.

Yes winlogon controls users logging-in.

in this question there is 'something' wishing to alter winlogon. This purpose would not have anything to do with user logins.

Winlogon also monitors a great many system events that occur.

"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"

to name a few.

Anti-virus programs, place entries here, Anti-spyware programs, (like Ad-aware does now,)
As well as their Nasty counter-parts.
They appear as folders within the "notify" folder of the "winlogon" folder.

It is located in the registry at [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

With a presence here, Nasties can PREVENT a great many of the normal attempts at their removal, and can resurect from the dead.


normal entries in winlogon include:

crypt32chain
cryptnet
cscdll
NavLogon
ScCertProp
Schedule
sclgntfy
SensLogn
termsrv
WgaLogon

This list is not all there are by any means, but most users will have most of these entries.
google anything not on this list, and you will quickly see if it is a legit process or not.

Tallon41

Thank-you both for your input.................I would like to continue this discuss but should I be posting this in another forum??

Hello drfrdo,

Thank you for asking.

Yes, it would be wise to start a new thread in the appropriate forum. Here is a link we often post to newcomers. I hope we can continue to help you when your new thread is posted.

Thanks again.

kind regards,