WINLOGON.EXE and Dependency Walker

Discussion in 'Software' started by hutchfred, May 16, 2008.

  1. hutchfred

    hutchfred Private First Class

    Using the Mircosoft Dependency Walker on WINLOGON.EXE, I found the following messages: (See attached thumbnail)

    Error: At least one module has an unresolved import due to a missing export function in an implicitly dependent module.
    Error: At least one module has an unresolved import due to a missing export function in a delay-load dependent module.

    There were three files that showed red boxes, NTDLL.DLL, KERNEL.DLL, and MPR.DLL.

    Upon higlighting each of those files, the following export functions were had a red box.

    NTDLL.DLL
    RtlDuplicateUnicodeString
    RtlNtPathNameToDosPathName
    RtlpEnsureBufferSize

    KERNEL32.DLL
    BaseCheckAppcompatCache
    BaseDumpAppcompatCache
    BaseFlushAppcompatCache
    BaseUpdateAppcompatCache

    MPR.DLL
    WNetRestoreConnectionA

    Can anyone explain what is wrong and how to correct the problem?
     

    Attached Files:

    hutchfred, May 16, 2008
    #1
  2. hutchfred

    hutchfred Private First Class

    A little more information as I have been looking at this problem.

    In reviewing the log file wbemprox.log, the following log entry appears for today:

    NTLMLogin resulted in hr = 0x8004100e(Sun May 18 08:06:22 2008) :
    Error loading module {F7CE2E13-8C90-11D1-9E7B-00C04FC324A8}, return code is 0x8004100e

    I have googled both 0x8004100e and {F7CE2E13-8C90-11D1-9E7B-00C04FC324A8} and have not been able to find anything that helps.

    In reviewing log file winlogon.log, the following log entry appears for today:
    05/18/2008 08:06:13
    Invoke Registry Value Delay Filter.
    Analyze machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\securitylevel.
    Analyze machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\setcommand.
    Analyze machine\software\microsoft\windows nt\currentversion\winlogon\allocatecdroms.
    Analyze machine\software\microsoft\windows nt\currentversion\winlogon\allocatedasd.
    Analyze machine\software\microsoft\windows nt\currentversion\winlogon\allocatefloppies.
    Analyze machine\software\microsoft\windows nt\currentversion\winlogon\cachedlogonscount.
    Analyze machine\software\microsoft\windows nt\currentversion\winlogon\passwordexpirywarning.
    Analyze machine\software\microsoft\windows nt\currentversion\winlogon\scremoveoption.
    Analyze machine\software\microsoft\windows\currentversion\policies\system\dontdisplaylastusername.
    Analyze machine\software\microsoft\windows\currentversion\policies\system\legalnoticecaption.
    Analyze machine\software\microsoft\windows\currentversion\policies\system\legalnoticetext.
    Analyze machine\software\microsoft\windows\currentversion\policies\system\shutdownwithoutlogon.
    Analyze machine\system\currentcontrolset\control\lsa\auditbaseobjects.
    Analyze machine\system\currentcontrolset\control\lsa\crashonauditfail.
    Analyze machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
    Analyze machine\system\currentcontrolset\control\lsa\restrictanonymous.
    Analyze machine\system\currentcontrolset\control\print\providers\lanman print services\servers\addprinterdrivers.
    Analyze machine\system\currentcontrolset\control\session manager\memory management\clearpagefileatshutdown.
    Analyze machine\system\currentcontrolset\control\session manager\protectionmode.
    Analyze machine\system\currentcontrolset\services\lanmanserver\parameters\autodisconnect.
    Analyze machine\system\currentcontrolset\services\lanmanserver\parameters\enableforcedlogoff.
    Analyze machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecuritysignature.
    Analyze machine\system\currentcontrolset\services\lanmanserver\parameters\requiresecuritysignature.
    Analyze machine\system\currentcontrolset\services\lanmanworkstation\parameters\enableplaintextpassword.
    Analyze machine\system\currentcontrolset\services\lanmanworkstation\parameters\enablesecuritysignature.
    Analyze machine\system\currentcontrolset\services\lanmanworkstation\parameters\requiresecuritysignature.
    Analyze machine\system\currentcontrolset\services\netlogon\parameters\disablepasswordchange.
    Analyze machine\system\currentcontrolset\services\netlogon\parameters\requiresignorseal.
    Analyze machine\system\currentcontrolset\services\netlogon\parameters\requirestrongkey.
    Analyze machine\system\currentcontrolset\services\netlogon\parameters\sealsecurechannel.
    Analyze machine\system\currentcontrolset\services\netlogon\parameters\signsecurechannel.
    Analyze MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TCPMaxPortsExhausted.
    Analyze MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxDataRetransmissions.
    Analyze MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxConnectRetransmissions.
    Analyze MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxConnectResponseRetransmissions.
    Analyze MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\SynAttackProtect.
    Analyze MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\PerformRouterDiscovery.
    Analyze MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\KeepAliveTime.
    Analyze MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\EnablePMTUDiscovery.
    Analyze MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\EnableICMPRedirect.
    Analyze MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\EnableDeadGWDetect.
    Analyze MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting.
    Analyze MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\LDAPServerIntegrity.
    Analyze MACHINE\System\CurrentControlSet\Services\Netbt\Parameters\NoNameReleaseOnDemand.
    Analyze MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity.
    Analyze MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\parameters\RestrictNullSessAccess.
    Analyze MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\parameters\Hidden.
    Analyze MACHINE\SYSTEM\CurrentControlSet\Services\IPSEC\NoDefaultExempt.
    Analyze MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\WarningLevel.
    Analyze MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Autorun.
    Analyze MACHINE\SYSTEM\CurrentControlSet\Services\Alerter\parameters\AlertNames.
    Analyze MACHINE\System\CurrentControlSet\Control\Session Manager\SubSystems\optional.
    Analyze MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SafeDllSearchMode.
    Analyze MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl.
    Analyze MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash\NoLMHash.
    Analyze MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec.
    Analyze MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec.
    Analyze MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing.
    Analyze MACHINE\System\CurrentControlSet\Control\FileSystem\NtfsDisable8dot3NameCreation.
    Analyze MACHINE\SYSTEM\ CurrentControlSet\Services\LanmanServer\parameters\NullSessionShares.
    Analyze MACHINE\SYSTEM\ CurrentControlSet\Services\LanmanServer\parameters\NullSessionPipes.
    Analyze MACHINE\Software\Policies\Microsoft\Windows\Control Panel\Desktop\BlockSendInputResets.
    Analyze MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD.
    Analyze MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun.
    Analyze MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView.
    Analyze MACHINE\Software\Microsoft\Non-Driver Signing\Policy.
    Analyze MACHINE\Software\Microsoft\Driver Signing\Policy.
    Copy local policy.
    ----Configuration engine is initialized successfully.----

    ----Reading Configuration template info...


    ----Configure User Rights...
    Configure S-1-5-32-544.
    Configure S-1-5-32-551.
    Configure S-1-5-21-1757981266-436374069-1957994488-1000.
    Configure S-1-5-18.
    Configure S-1-5-21-1757981266-436374069-1957994488-500.
    Configure S-1-5-32-547.
    Configure S-1-5-32-545.
    Configure S-1-1-0.
    Configure S-1-5-6.
    Configure S-1-5-21-1757981266-436374069-1957994488-501.
    Configure S-1-5-32-4294967295.

    User Rights configuration completed successfully.


    ----Configure Security Policy...
    Configure password information.

    System Access configuration completed successfully.
    Configure event audit settings.

    Audit/Log configuration completed successfully.
    Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\securitylevel.
    Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\setcommand.
    Configure machine\software\microsoft\windows nt\currentversion\winlogon\allocatecdroms.
    Configure machine\software\microsoft\windows nt\currentversion\winlogon\allocatedasd.
    Configure machine\software\microsoft\windows nt\currentversion\winlogon\allocatefloppies.
    Configure machine\software\microsoft\windows nt\currentversion\winlogon\cachedlogonscount.
    Configure machine\software\microsoft\windows nt\currentversion\winlogon\passwordexpirywarning.
    Configure machine\software\microsoft\windows nt\currentversion\winlogon\scremoveoption.
    Configure machine\software\microsoft\windows\currentversion\policies\system\dontdisplaylastusername.
    Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticecaption.
    Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticetext.
    Configure machine\software\microsoft\windows\currentversion\policies\system\shutdownwithoutlogon.
    Configure machine\system\currentcontrolset\control\lsa\auditbaseobjects.
    Configure machine\system\currentcontrolset\control\lsa\crashonauditfail.
    Configure machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
    Configure machine\system\currentcontrolset\control\lsa\restrictanonymous.
    Configure machine\system\currentcontrolset\control\print\providers\lanman print services\servers\addprinterdrivers.
    Configure machine\system\currentcontrolset\control\session manager\memory management\clearpagefileatshutdown.
    Configure machine\system\currentcontrolset\control\session manager\protectionmode.
    Configure machine\system\currentcontrolset\services\lanmanserver\parameters\autodisconnect.
    Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enableforcedlogoff.
    Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecuritysignature.
    Configure machine\system\currentcontrolset\services\lanmanserver\parameters\requiresecuritysignature.
    Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enableplaintextpassword.
    Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enablesecuritysignature.
    Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\requiresecuritysignature.
    Configure machine\system\currentcontrolset\services\netlogon\parameters\disablepasswordchange.
    Configure machine\system\currentcontrolset\services\netlogon\parameters\requiresignorseal.
    Configure machine\system\currentcontrolset\services\netlogon\parameters\requirestrongkey.
    Configure machine\system\currentcontrolset\services\netlogon\parameters\sealsecurechannel.
    Configure machine\system\currentcontrolset\services\netlogon\parameters\signsecurechannel.

    Registry values configuration completed successfully.


    ----Configure available attachment engines...

    Attachment engines configuration completed successfully.


    ----Un-initialize configuration engine...

    In reviewing log file wmiadap.log, the following log entry appears for today:

    (Sun May 18 08:06:31 2008) : Performance library netfxperf.dll will be ignored as it was previously disabled (WbemAdapStatus = -1).
    (Sun May 18 08:06:31 2008) : Performance library netfxperf.dll will be ignored as it was previously disabled (WbemAdapStatus = -1).
    (Sun May 18 08:06:31 2008) : Performance library netfxperf.dll will be ignored as it was previously disabled (WbemAdapStatus = -1).
    (Sun May 18 08:06:31 2008) : Performance library netfxperf.dll will be ignored as it was previously disabled (WbemAdapStatus = -1).
    (Sun May 18 08:06:38 2008) : Performance library c:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.dll status is in an invalid state (ADAP_PERFLIB_OK).
    (Sun May 18 08:06:40 2008) : Performance library c:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.dll status is in an invalid state (ADAP_PERFLIB_OK).
    (Sun May 18 08:06:57 2008) : Performance library perfproc.dll will be ignored as it was previously disabled (WbemAdapStatus = -1).
    (Sun May 18 08:06:58 2008) : Performance library perfproc.dll will be ignored as it was previously disabled (WbemAdapStatus = -1).
    (Sun May 18 08:07:02 2008) : Performance library winspool.drv will be ignored as it was previously disabled (WbemAdapStatus = -1).
    (Sun May 18 08:07:02 2008) : Performance library winspool.drv will be ignored as it was previously disabled (WbemAdapStatus = -1).
    (Sun May 18 08:07:03 2008) : Performance library Perfctrs.dll status is in an invalid state (ADAP_PERFLIB_OK).

    Can anyone help in explaining some of these things. I don't want to call them a problem, because I don't know what they mean.

    Please help.
     
    hutchfred, May 18, 2008
    #2
  3. hutchfred

    hutchfred Private First Class

    Can anyone give me any clues on this issue??
     
    hutchfred, May 20, 2008
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds