Whenever I boot up, there is a flurry of hard drive activity when I arrive at the desktop. In the Task Manager, the culprit is at first Explorer, only briefly, but then followed by WINLOGON.EXE for an extended period. Is there any way to prevent this? I'm sure it's a service running at startup but I don't want to try and find it by process of elimination, in case I disable something essential and then can't boot. This is on Windows 2000 Pro.

More RAM or a faster hard drive. That's the only way - unless the PC is infested with crapware of course.

While I feel that BPB has a point, I'm wondering if you've loaded SP4 for Win2k? It has drastically improved my boot up time and cut down on the amount of time the computer needs to shut down.:t

Yah - SP4 fixed that slow logon/logoff stuff. :)

SP4 was the first thing I installed; this was a clean install. I'm certain there's no crapware on the drive, I ran Ad-Aware the other day and Spybot tonight, and SpywareBlaster is always on. For giggles I ran a virus scan but it blue-screened after about 90,000 files.

Hmm...blue-screened? I'm thinking some hard drive corruption. Surface-scan it.

Eureka!

(and bump)

I've found it - it's NAV Alert that causes this Winlogon.exe activity at startup. I disabled the service, then on reboot got a message saying it could not start (this was at the password screen). Made it to the desktop and checked Task Manager. Memory usage was about 64MB, processes I think was 20 or 21. Auto-Protect in the system tray had a red X on it, I tried to enable it but got a message saying NAV couldn't start. So I re-enabled it and Auto-Protect, and watched my memory usage climb by 15MB.

:eek:

The initial problem was with a full install (as it is now) of NSW 2001. On my latest reinstall of Windows (2000, SP2) I went the first couple of weeks with none of it installed. Surfing naked, I was :D Anyway I liked how I'd boot up to 20 processes and 64MB of RAM used. Now it's 23 and anywhere from 80-86MB :mad:

So, are later versions of NAV more resource-friendly? Or is it time to invest in something different?

Why don't you simply uninstall NAV and use AVG? It's free.

Good suggestion, I will give it a try. I was at its website last week but I must have not noticed the free part - I only saw paying versions, but I wasn't looking hard either.

http://www.grisoft.com/us/us_dwnl_free.php

Yup, got it and am about to try it out now. I just uninstalled NAV (kept CleanSweep and Utilities) and I'm back to 64MB used at startup. :)

Unfortunately, Winlogon is still into its old habits. I'm guessing that NSW is the culprit, despite not using NAV and disabling all its services. I'll uninstall it all and report back if it helps any. Never had this problem while it wasn't installed so.....

Well, I uninstalled all of NSW, but nothing's changed. According to this thread (http://forums.techguy.org/t150428/s1ac4f43496e64e08325c727e236e969f.html) a hijacker may be the culprit....what do you think? I'll give Spybot & Ad-Aware a go first, then I'll try Hijack This like they suggest.

Could be. Do me a favor and pull up the properties of your Local Area Connection. I want to see the components installed.

Originally posted by sm8000
Whenever I boot up, there is a flurry of hard drive activity when I arrive at the desktop. In the Task Manager, the culprit is at first Explorer, only briefly, but then followed by WINLOGON.EXE for an extended period. Is there any way to prevent this? I'm sure it's a service running at startup but I don't want to try and find it by process of elimination, in case I disable something essential and then can't boot. This is on Windows 2000 Pro.

Ahh Grasshopper, Please read this thread here:http://www.sysopt.com/forum/showthread.php?s=&threadid=143127
---------------------------------------------------------------------------
Ok. I found the problem......
Windows 2000 - hosts file system slowdown conflict

This report was written and submitted by Daniel McCoy September 13, 2000 from a solution he received fifth-hand from its originator, Robert Egea of France, who posted the procedure in one of Steve Gibson's newsgroups.



Numerous Windows 2000 users have reported and attempted to resolve a consistent problem with large host files in any Windows 2000 environment.

This [report] provides a solution for the single PC setting. For those who are networked, even with one other PC in a LAN, and especially LANs that use a dial-up connection to the Internet, this offers no solution, although it may clarify the problem and offer hints toward one.

The problem is dual. When a large hosts file is established on a Win2k system, there is a problem of a dramatic slowdown of Win2K and the inability to obtain an ISP verification and registration after a dial-up connection is made. Even if a hosts file has only four URL redirectives, ISP verification can be interrupted.

Bill, it's the weirdest thing, but there's nothing there!

Last night I did stop and disable DNS service and DHCP service, because I am using a static IP. This was before I saw your thread, Baddog.

I'm going for lunch now, but I'll be back in a bit to do some more reading and troubleshooting.

In the meantime, I ran HijackThis and eliminated a few unnecessary entries, one of which was NeroCheck. Upon reboot I had to reinstall it, probably because it's an OEM version.

Anyways it didn't fix anything :(

Man - that's weird.

The host file is the problem.....windows 2000 can not handle the large host file installed by sybot. Go to My computer >>C>>>winnt>>>>system 32>>>>>Drivers>>>>etc>>>delete the "Host" File>>>Rename the backedup Host file to "Host">>>exit out and you are finished . This will free up your CPU:t

Originally posted by BipolarBill
Man - that's weird.

He disabled one service to many. I have done that one before but have forgotten which one. He may have to enable all services and start over.:(

It was the Network Connections service. It's up and running now.

I've done the host file swap as you outlined, Baddog. I'm about to reboot and see if it's fixed. The only files in there were "hosts" (907kb) and lmhosts.sam (3+kb) but I deleted hosts and replaced it with lmhosts.sam, renamed to hosts.

forgot the pic. here it is:

Baddog - it didn't work. Nothing's changed :(

And now back to you Bill. LOL

You could have reinstalled by now - or used System Restore.

There's no System Restore in Windows 2000. I'm sick of reinstalling all the time, especially when the problem just returns.

The problem is obviously specific to your hardware. I have never seen it in all of the times I've installed Win2K.

If you haven't formatted and then set up a firewall/router, you can't be certain that this is not a hack/virus that keeps returning. You really need a clean slate.

Well, this is off a format/reinstall, but the format was a couple of installs ago (I've had some time on my hands this summer). I will give delpart and fdisk/format a go sometime this weekend. There was some other reason I wanted to do it anyway but I can't remember what it was. Oh well, anyway I'll let you know how it goes.

Oh yeah I remember now, trying to get DMA to work :rolleyes: I understand it's only available if the proper settings in BIOS are used when Windows is installed.

How old is this motherboard? Does it have UDMA IDE controllers? Those settings are in Integrated Peripherals, usually. Update the BIOS at any rate. Apply SP4 right away. You can even slipstream SP4 into the setup is you like:

http://www.winsupersite.com/showcase/sp1_slipstream.asp

This BIOS is old, but there are no further updates for it. This is an Acer motherboard from an IBM Aptiva. The BIOS has the option to go up to Ultra Mode 2. Anyway I'll go for SP4 this time. No need to slipstream, I just copy the contents of the Windows CD to my D: partition and run Setup from the hard drive. I can even do it in DOS :) At any rate it's about as fast as an install gets. The chipset is SiS 530, so I assume UDMA is possible.

DMA 2 and 3 are not Ultra DMA. You will need a Promise card if you want Ultra. :(

Well, it can do Multiword Mode 0 thru 4 and the Ultra Modes 0 thru 2, the best of which is 33MB/s. But I happen to have this card (http://www.************.com/access/sil_udma133_cont.php) lying around. Think it'll do the trick? Hope so. ;) Man I was at a computer show last weekend and I saw the board I wanted, but I bought my first burner instead. Oh well! :(

That card will work fine. :) Don't forget to load the drivers with the F6 trick.

Well, after a reformat and reinstall (with the card) winlogon is back to its old tricks, but not so badly. I'm going to try and narrow it down in the services. In the meantime I still can't do DMA so I'm going to start another thread on that.

Have a Look.>>>>
http://www.experts-exchange.com/Operating_Systems/Q_20338445.html

Interesting answers. I don't have Norton installed at all (this is after a zap) but it sounds like it could be AVG's startup load. Checked the registry and there was nothing suspicious there. The swapfile though - that may be the culprit as they explained.

FWIW (bump :) ) I think I have it figured out. I re-enabled TCP/IP NetBIOS Helper service (My connection is set to use NetBIOS setting from DHCP server) and winlogon has become nice and passive again. Winmgmt calls attention to itself, but only briefly.

Im having issue with WINLOGON.EXE right now. I run 3D Studio Max and then when I exit, Winlogon explodes to over 20megs is size and runs about at 40% of my total CPU usage. Ive been told its a Norton Anti-Virus issue but I tried it with running NAV and having NAV not running both times it explodes and totally lags my computer down HP has no answers nor does MS. Anyone got any idea? I dont need multiple users so I would think I could have XP autodefault to 'Owner' without even needing winlogon to be even used nor loaded up. Thanks anyone for any hints or suggestions.

First off, you should start your own thread.

Secondly, WINLOGON is not some "POS program". It's absolutely vital and cannot be bypassed. If I were you , I would visit Windows Update and scan vigorously for viruses.

Thirdly, who cares if WINLOGON hogs resources on shutdown? You are not using the PC, right? Try using the power button to shut down if you're impatient.

It seems to me that an update of 3D Studio Max is the correct path.