FiL
Premium
join:2005-08-16
Silver Spring, MD
| [WinXP] logonui.exe App Error
My office has encountered a strange occurrence with logging on.
The PC has been very sluggish during the loading of Windows (used to take 30 seconds, now takes close to five minutes)
But the main problem is logging on. Here's what I did to get to these errors:
Turn PC on, got to this part after (during the "Windows is now loading your settings" part)
"Logonui.exe- Application Error"
with the following details:
"The instruction at "0x7c9e868e" referenced memory at "0x00008023", the memory could not be "written". " (-I typed all this verbatim)
Then there's two option stated: Either click Cancel to stop the prog and continue loading XP or click OK to Debug. Click ing either option results in a loud single beep from the PC, then the same window pops up, click any of the 2 options again, still the same; stuck in limbo after about 10 clicks. THEN I get transported to a black background' with what likes like a NT styled log on interface. My "Admin" username is replaced with "HP_Admin", which Ive never seen before, I type the PW of my "Admin" username, and this is what happens:
ANOTHER window pops up, this time its a "User Environment" window with the message "couldn't load user profile, but has logged you on with default profile". There's also a 30 second timer in this window, followed by the loading of ONLY the wallpaper; no icons, no taskman, NOTHING'.
Checking things out with ERD since even SafeMode has the same prob as the one above (Safemode wallpaper, all black with the Safemode writing on top an bottom, but no icons), it seems Ive still got all my progs, docs, etc.
What I'm trying to find out is if I can replace the logonui.exe file with a "legit" one, or have I been OwnZerd to the point that a reformat is needed. These probs happend out of NOWHERE; Ive got AV/SW's installed and running, aswell as a firewall AND router. ANYONES help or suggestions would be most helpful. Hours of googling "logonui.exe app error" brought me to only ONE link that could be of some use, from auditmypc.com. It stated that logonui.exe can also be hacked and made into a Trojan. Looks like this is what happend to me, but Ive yet to hit on anything that will cement that in my mind. Again, ANY help would be much obliged. Thanx in advance and my apologies for the friggin' NOVEL i just posted.
Peace... |
|
auggy
Premium,Mod
join:2001-12-24
Brockville, ON
 ·Bell Sympatico
Host:
Microsoft help
| Have you considered creating a new User Profile?:
»support.microsoft.com/kb/318011/en-us
Also, a few users with similar logonui.exe App Error's did find their computer was infected such as in the following link (click "Show quoted text" in the fourth message):
»groups.google.com/group/microsof···5a0f1e1? |
|
AMDUSER
Premium
join:2003-05-28
Earth
clubs:
 ·RoadRunner Cable
| reply to FiL
said by FiL  :"... "Logonui.exe- Application Error" with the following details: "The instruction at "0x7c9e868e" referenced memory at "0x00008023", the memory could not be "written". " (-I typed all this verbatim).." It sounds like an issue with the RAM, possibly a stick went bad.
To check to see if it is run Memtest86. |
|
FiL
Premium
join:2005-08-16
Silver Spring, MD
edit:
April 27th, @08:25PM
| Thanx for the links guys! You know AMD, it did occur to me to use MemTest, but didnt use it because I thought since i got online with ERD that the RAM's OK. Im gonna run the test, see and PRAY its the stick, because that's easy stuff 
But otherwise, if its not the RAM, its more then likely Auggy's google groups link; trojan infection.
I found it very odd that the the logon screen had someone elses Profile, or was the HP_Administrator the "deafult" profile the error message stated?
I'll get to battle this problem again in the morning, and give updates. But ANY further help is welcomed; this thing has gotten THAT much on my nerves  |
|
AB
Premium
join:2006-04-04
Leesburg, VA
| I had a very similar issue recently. May or may not have had to do with the 4/11 MS updates. My solution ended up being the "taking "back" of ownership of the WINDOWS/Software Distribution folder. Just FYI. Link:
»support.microsoft.com/?kbid=308421
--
Nuke the Whales! |
|
FiL
Premium
join:2005-08-16
Silver Spring, MD
| update:
Memtests showed everything was OK with RAM...still same issue as I previously stated. Still cant get into Safe Mode, my only hope of checking out files is still ERD Commander and Winternals Admin Pack. From in there, the environemnts a lil more friendlier; can and did run a couple AV progs. Some dont work at all though, such as Sysclean.exe(.com) and MultiAV.
Scanned with Stinger, found nothing. Currently got EWido scanning. Wanted to know if theres any other AV/SPy/Scumware progs that can run within Winternals diagnostic environment since Safe Modes out the question.
Tried resetting the ownership of folders, like you did Argle, but to no avail. Did you also have the log on error thing like me or was your error different? I do manual updates, so Im ruling out a fresh update as the possible prob because I havent updated XP in about 2 weeks. And the probs started yesterday. Anyways, all help is still needed and appreciated. Thanx for the link tho Argle:)
Back to the frontlines...feels like this time Im battling a GINORMUS foe |
|
FiL
Premium
join:2005-08-16
Silver Spring, MD | Ewido only found cookies. This is beyond reason in my book, stinger isnt finding jack either. Very frustrating when you cant enter into the relative calm of SafeMode. Troubleshooting through WinInternals takes forever! be back with an update later. |
|
AB
Premium
join:2006-04-04
Leesburg, VA
edit:
April 28th, @02:45PM
| My error was profile-related, I could always get into safe mode however. Sounds to me like the problem is more system-related, vs. virus/spyware. Possibly the edb.logs in Software Distribution are corrupted? A link to a thread in this forum that has some other links:
»[W2K] [W2K] Puzzling Windows Update Error - Edb.logs.
and another:
»search.microsoft.com/results.asp···ndows+xp
Don't know if this is the right direction to be going for your particular problem, just tossing something out there, FiL.
Good luck!
--
Nuke the Whales! |
|
FiL
Premium
join:2005-08-16
Silver Spring, MD
| checked out the links, and reading through some posts I figured I'd take a looksee at my Event Log, and found this the from the day prior to the problems starting:
"Windows saved user WCONCRETE1\HP_Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account."
Event ID 1517...
This was the error message I was trying to type from memory in my first post:
"Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator.
DETAIL - Incorrect function. "
I get this one everytime I try to log on; I get to the login screen then this.
Thought I'd shoot this one out there too.Again, date and time correspond to when the problems started:
"Windows cannot load shell32.dll. (The specified procedure could not be found. )"
Can anyone help me decipher these 3 event log entries? In the mean time, Im heading back over to MS's website...
Peace...
FiL... |
|
AB
Premium
join:2006-04-04
Leesburg, VA
edit:
April 28th, @03:52PM
| I believe the "memory not freed up" error can be fixed by installing UPHClean from the MS site.
LINK:
»support.microsoft.com/default.as···s;837115
The "profile" error is due to a corrupted profile.
LINK:
»search.microsoft.com/results.asp···+profile
You'll have to sift thru & see which one meets your needs.
The "shell32.dll" error-- make sure you have that file in system32. There also needs to be a "shell.dll" (not 32) in both system 32 & system.
Another link:
»search.microsoft.com/results.asp···ll+error
--
Nuke the Whales! |
|
FiL
Premium
join:2005-08-16
Silver Spring, MD | reply to FiL
good looking out again, Argle.:) Checking out the links, reporting back my procedures an results...
Peace
FiL... |
|
FiL
Premium
join:2005-08-16
Silver Spring, MD
| reply to FiL
seems all the research an such was done in vain; couldnt figure out the root of the problem. The cleaner couldnt be run on the pc, safe mode was locked and inside of ERD, the cleaners .exe couldnt be loaded. So a fresh reformat is next in line. Thanx to those that gave advice.
Peace:) |
|
FiL
Premium
join:2005-08-16
Silver Spring, MD
| reply to FiL
quik update:
I didn't actually give up. The hell I look like giving' in to the beast?
Found out my specific problem was a combination of corrupted files/.dll's:
-The event log saved me LOTS of time that would have been committed to figuring this thing out. After cross referencing the error messages with the comments posted in this thread, I caught onto something Argle posted. And as it turns out, hes the hero in my situation; the link for the UPHClean.exe and why to use it cleared up the bad User Profile that wasn't loading. Without that .exe, there was no way for me to enter any kind of troubleshooting mode SANS ErdCommander05. Even safe mode was blocked from loading its own profile strings. UPHClean.exe is recommended for LogonUI.exe errors where the subsequent error messages detail "data or profiles that are still in memory".
-My shell32.dll became corrupted somehow, so I did a cut and paste of the original shell32 using ERD, and that cleared up a subsequent Explorer prob where right clicking and links would cause the desktop to disappear. This method, though worked for me, IS NOT RECOMMENDED. This was just my own tinkering around. 
In conclusion, BBR user comments fuckin' rule!
But foreal, user comments+UPHClean.exe= LogonUI.exe malfunctions CORRECTED. Felt like posting this as a way for other to cross reference their logon issues, as googling this prob didn't really help much. Again, a big thank you goes to the BBR community and the MS Forum.:)
Peace...
FiL... |
|
