Replacing winlogon most likely will not fix the problem unless winlogon itself has been corrupted. Possible, but unusuall. Most likely an infected process is being loaded by winlogon. First step is more info..
First:Create a directory on your hardrive to save HijackThis.exe. A directory like c:\hijackthis. If you do not do this, you will not be able to use the backup/restore features.
Download HijackThis from:
HijackThis Download SiteSave this file into the directory you made previously and then run the program named hijackthis.exe. When the program opens click on the
Config button, then click on the
Misc Tools button, and click on the
Check for update online button. When it completes checking/applying updates press the back button.
Now click on the Scan button and when it is finished click on the
Save Log button. A Notepad window will open with the contents of this log. Click on Edit then click on Select all. Then click on Edit and then Click on Copy.
Create a reply to this post here and right click in message area and select paste to paste the log into the post.
Someone will reply to you after reading this post.
DO NOT fix any entries unless you understand what you are doing.
To see a tutorial with screenshots on using HijackThis you can click on the link below:
How to use HijackThis to remove Browser Hijackers, Malware, & SpywareSecond:Would you please use HiJackThis to produce a startup list and post it here:
1. From HJT main screen, click 'Config' button
2. Click 'Misc Tools' button
3. Check both boxes to the right of 'Generate StartupList Log' button
4. Click 'Generate StartupList Log' button
5. Click 'Yes' in the next dialog
6. Save the log and post a copy in this thread.
Note: If you want to check winlogon do this:
Please submit the following file(s) to Jotti.org for analysis:
http://virusscan.jotti.org/
C:\WINNT\system32\winlogon.exe
Be sure to post the results in this thread.