Windows XP misspelled at Logoff

I have a Dell Dimension E520 computer running windows xp service pack 3. Fully updated.

There are three Users registered .

A couple of days ago I wanted to Log off one User and Log on as one of the others.

The normal Log off screen came up but the lower left hand corner of the screen displayed a misspelling of the words WINDOWS XP. It was spelled WINDOES XP . I used a digital camera to take two pictures of the screen , see attached images.

I suspected malware or a virus so I ran Malwarebytes, Windows defender offline and Norton power eraser. They removed a few minor issues, but the misspelling persists. The screen with the misspelling works normally.

Can anyone suggest what's happening

Thanks

 

This can be done by modifying logonui.exe located in the system32 directory. You'll need to display hidden files and folders (the option is in Control Panel > Folder Options > View - Advanced settings) to locate the file. Upload logonui.exe to VirusTotal https://www.virustotal.com/ and provide a link for the scan result, so we can verify the file hash value.

 

Just a few simple questions:

Where did you get the install CDs or .iso files for this version of XP?

How long have you personally owned this PC?

 

I bought it from Dell about five years ago. Windows was preinstalled and they supplied product recovery disks. I reinstalled a couple of times using he original product recovery disks.

One of the other replies posted asked if I edited the image . No I didn't edit it.

 

I bought the computer from Dell, and I am the only user. I am a computer technician and have repaired and maintained computers for 20 plus years.
Never came across anything like this .

I'm puzzled by the misspelling.

Maybe I should just reload windows and go on to something more productive.

Thanks anyway.

 

If it's malware holed up in the MBR, a reinstall won't make any difference.

 

If i decide to re-install Windows xp, I will be sure to use fdisk or something else like fixmbr to create a new mbr.

thanks

 

Check the computers machine name/hostname.

 

Thanks

I uploaded and scanned and the result came back detection ratio 0/50 and with the following information. I cut and pasted it here.
SHA256: 032b6d1f541f180a2fe619664ef180d3fd748aef7e311ba925fced74e7ed4713
File name: logonui.exe
Detection ratio: 0 / 50

 

That file hash is legitimate.

If you're comfortable with going into the windows registry, Go to Start > Run > regedit
Navigate to the key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Then check the value named UIHost.
It should be of type REG_EXPAND_SZ with a data value of logonui.exe
Also look if there's a value named ginaDLL under the same registry key.

 

If you have repaired and maintained computers for so long, I'm really surprised you've never seen something like this. Don't know about the newer operating systems, but in the "olden days" of Win 95/98/2000 it was fairly easy to change such things as what you're seeing. There were various "tweaking" programs, or savvy users could do it by making simple edits to the registry. Did it myself a few times.

 

I have been programming since 1960.
At that time bits were flat,


In earlier versions of Windows It was easy to locate and modify the Windows Welcome, Logon, Logoff, etc, etc image files . They were ordinary jpg or bmp files.

It's a little more difficult now.

Right now the Windows XP computer is running in a command prompt window.

Starting in the root directory, I am running the this command:
dir log*.* /s > result.txt

It's kind of brute force, but let's see what comes up.
That should identify and locate every filename that begins with log .
Hopefully it will identify the logon and logoff image files.

No luck there.

Quoting Inspector Harry Callahan ( Clint Eastwood, Dirty Harry, Magnum force), "A man's got to know his limitations" ...

I quit.

Thank one and all.

 

What account type are the other users of this machine? If things such as this are a concern, perhaps fewer permissions would be in order. No telling what else one of them might try.

 

There are several users , but all of them are me.