If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
winlogon:userinit
what is it?
tx, Paul |
Ads |
#2
|
|||
|
|||
How can one tell? You've not posted enough info. When and how does =
this crop up? Before, during, or after Windows loads? Are you having a problem logging in? --=20 Maurice N MVP Windows - Shell / User ----- Paul Mars wrote: what is it? =20 tx, Paul |
#3
|
|||
|
|||
my winpatrol which monitors for new startup items warned me and since I have
not installed or made any changes I chose to not allow this item, but then every few minutes winpatrol notifies me again, which is not how it usually works. So something keeps trying to put this in my startup. Maybe I should allow it, but I need to know what it is first. p "Maurice N ~ MVP" wrote in message ... How can one tell? You've not posted enough info. When and how does this crop up? Before, during, or after Windows loads? Are you having a problem logging in? -- Maurice N MVP Windows - Shell / User ----- Paul Mars wrote: what is it? tx, Paul |
#4
|
|||
|
|||
Paul,
Since I've never used WinPatrol, I'm taking the liberty of quoting Bob = Dietz=20 quote 1) Open WinPatrol.=20 2) Click on the Report button in the bottom right corner of the window.=20 3) After a moment, Internet Explore (or your default browser) will open=20 with a report. Click on a blank part of that page and press the CTRL = and A keys at the same time to select everything.=20 4) Press the CTRL and C keys at the same time to copy everything to=20 the clip board.=20 5) Start a reply to this message, then press CTRL and V keys at the=20 same time to paste the report into the message.=20 --=20 Bob Dietz=20 /end quote Also, here is a tool from SysInternals that may help you get an insight = on what's running. Autoruns (checks & shows what's set to auto-load at Windows startup) http://www.sysinternals.com/ntw2k/fr...autoruns.shtml --=20 Maurice N MVP Windows - Shell / User ----- Paul Mars wrote: my winpatrol which monitors for new startup items warned me and since I have not installed or made any changes I chose to not allow this item, but then every few minutes winpatrol notifies me again, which is not how it usually works. =20 So something keeps trying to put this in my startup. Maybe I should allow it, but I need to know what it is first. =20 p =20 "Maurice N ~ MVP" wrote=20 =20 How can one tell? You've not posted enough info. When and how does this crop up? Before, during, or after Windows loads? Are you having a problem logging in? =20 =20 Paul Mars wrote: what is it? =20 tx, Paul |
#5
|
|||
|
|||
Hi Paul,
One of the new features of WinPatrol is to monitor some additional startup registry entries not typically listed by Startup monitors. Many of these locations have been abused lately by spyware/adware people. The one you're seeing is Winlogon Shell which by default should be = userinit.exe, You should not be seeing multiple warning unless some other program is trying to change this value. A common one lately is something called nail.exe. If you see this, then you have a bigger problem. It may be that you've found a bug which others haven't experienced. This is most likely since it is a new feature. Maurice has provided the best advice which is to post or Email the WinPatrol report file. Click on the WinPatrol Options tab and you'll see a Full Report button. This button will create a file called WinPatrolLog.html. You can post this file or better yet, Email a copy to . We'll see you're taken care of. For information on other new startup locations see http://www.winpatrol.com/upgrade.html. If you haven't already, I'd also recommend downloading the most current version which is 9.7.0.18. Thanks! Bill Pytlovany BillP Studios |
#6
|
|||
|
|||
And for anyone else who viewed this topic and wondered here's what we
have in our PLUS knowledgebase on Userinit.exe. ----- Userinit.exe is a process in Windows NT 3.x or later, Windows 2000, and Windows XP. It specifies the programs that Winlogon runs when a user logs on. By default, Winlogon runs Userinit.exe, which runs logon scripts, reestablishes network connections, and then starts Explorer.exe, the Windows user interface. This file can be configured to add, remove, or substitute programs. We'd recommend against removal. For more information you read what Microsoft says at: http://www.microsoft.com/resources/d...ntry/12330.asp Thanks again, Bill |
#7
|
|||
|
|||
WinPatrol Report Log
Report created by WinPatrol version 9.7.0.18:9.7.0.18 at 6:02:41 PM, on 8/27/2005 Platform: Windows XP Professional Service Pack 2 (Build 2600) Browser: Microsoft® Windows® Operating System - Internet Explorer version 6.00.2900.2180 Memory currently in use: 64% MSIE: Internet Explorer (6.00.2900.2180) IE Cookie Path: C:\Documents and Settings\Paul\Cookies\ HKCU Default_Page_URL = www.intergate.com/startpage HKLM Default_Page_URL = www.intergate.com/startpage HKCU Start Page = about:blank HKLM Start Page = www.intergate.com/startpage WinLogon DefaultUserName=Paul WinLogon DefaultDomainName=P-ZMO6JQ0FT7HCX WinLogon Shell=Explorer.exe WinLogon UserInit=C:\WINDOWS\system32\Userinit.exe, .. Startup Programs . a.. Mirabilis ICQ ICQNet.exe Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Path: C:\Program Files\ICQ\ICQNet.exe Click for Plus Info a.. ccApp CCAPP.EXE Symantec User Session Version: 103.0.5.2 Copyright (c) 2000-2004 Symantec Corporation. All rights reserved. Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Path: C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE Click for Plus Info a.. Symantec NetDriver Monitor SNDMon.exe /Consumer Symantec Security Drivers Install Monitor Version: 5.5 Copyright 2002, 2003, 2004 Symantec Corporation Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Path: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer Click for Plus Info a.. InCD InCD.exe InCD Version: 4, 3, 14, 1 Copyright 1995-2005 Nero AG and its licensors. All Rights Reserved. Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Path: C:\Program Files\Ahead\InCD\InCD.exe Click for Plus Info a.. Zone Labs Client zlclient.exe Zone Labs Client Version: 6.0.631.003 Copyright © 1998-2005, Zone Labs, LLC Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Path: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe Click for Plus Info a.. SpybotSD TeaTimer TeaTimer.exe Location: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Path: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe Click for Plus Info a.. GetRight® www.getright.com getright.exe GetRight® www.getright.com Version: 5.2a Copyright © 1997-2004 Headlight Software, Inc. Location: Windows Startup Group Path: C:\Program Files\GetRight\getright.exe Click for Plus Info a.. Sends and receives e-mail and newsgroup messages. msimn.exe Outlook Express Version: 6.00.2900.2180 © 2004 Microsoft Corporation. All rights reserved. Location: Windows Startup Group Path: C:\Program Files\Outlook Express\msimn.exe Click for Plus Info a.. QuickNotes Qcknotes.exe QuickNotes Version: 1.31.0044 Copyright 1997-98 Matias Pelenur Location: Windows Startup Group Path: C:\Program Files\QuickNotes\Qcknotes.exe Click for Plus Info a.. Yahoo! Messenger YPager.exe Yahoo! Messenger Version: 6,0,0,1750 Copyright 1998-2004 Location: Windows Startup Group Path: C:\Program Files\Yahoo!\Messenger\YPager.exe Click for Plus Info a.. NeroFilterCheck NeroCheck.exe NeroCheck Version: 1, 0, 0, 2 Copyright © 2001 Location: * Disabled * HKLM\Software\Microsoft\Windows\CurrentVersion\Run Path: C:\WINDOWS\system32\NeroCheck.exe Click for Plus Info a.. QuickTime Task qttask.exe -atboottime Version: QuickTime 6.5.1 © Apple Computer, Inc. 2001-2004 Location: * Disabled * HKLM\Software\Microsoft\Windows\CurrentVersion\Run Path: C:\Program Files\QuickTime\qttask.exe -atboottime Click for Plus Info a.. Winlogon Userinit userinit.exe Userinit Logon Application Version: 5.1.2600.2180 © Microsoft Corporation. All rights reserved. Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit Path: C:\WINDOWS\system32\userinit.exe Click for Plus Info a.. Winlogon Shell Explorer.exe Windows Explorer Version: 6.00.2900.2180 © Microsoft Corporation. All rights reserved. Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Shell Path: Explorer.exe Click for Plus Info .. Active Tasks . a.. Windows NT Session Manager smss.exe Windows NT Session Manager Version: 5.1.2600.2180 © Microsoft Corporation. All rights reserved. Path: C:\WINDOWS\system32\smss.exe Click for Plus Info a.. Windows NT Logon Application winlogon.exe Windows NT Logon Application Version: 5.1.2600.2180 © Microsoft Corporation. All rights reserved. Path: C:\WINDOWS\system32\winlogon.exe Click for Plus Info a.. Services and Controller app services.exe Services and Controller app Version: 5.1.2600.2180 © Microsoft Corporation. All rights reserved. Path: C:\WINDOWS\system32\services.exe Click for Plus Info a.. LSA Shell (Export Version) lsass.exe LSA Shell (Export Version) Version: 5.1.2600.2180 © Microsoft Corporation. All rights reserved. Path: C:\WINDOWS\system32\lsass.exe Click for Plus Info a.. Generic Host Process for Win32 Services svchost.exe Generic Host Process for Win32 Services Version: 5.1.2600.2180 © Microsoft Corporation. All rights reserved. Path: C:\WINDOWS\system32\svchost.exe Click for Plus Info a.. incdsrv InCDsrv.exe incdsrv Version: 4, 3, 14, 1 Copyright 1995-2005 Nero AG and its licensors. All Rights Reserved. Path: C:\PROGRAM FILES\Ahead\InCD\InCDsrv.exe Click for Plus Info a.. Symantec Settings Manager Service CCSETMGR.EXE Symantec Settings Manager Service Version: 103.0.5.2 Copyright (c) 2000-2004 Symantec Corporation. All rights reserved. Path: C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE Click for Plus Info a.. Network Driver Service SNDSrvc.exe Network Driver Service Version: 5.5 Copyright 2002, 2003, 2004 Symantec Corporation Path: C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSrvc.exe Click for Plus Info a.. SPBBC Service SPBBCSvc.exe SPBBC Service Version: 1,0,1,47 Copyright (c) 2004 Symantec Corporation. All rights reserved. Path: C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SPBBC\SPBBCSvc.exe Click for Plus Info a.. Symantec Event Manager Service CCEVTMGR.EXE Symantec Event Manager Service Version: 103.0.5.2 Copyright (c) 2000-2004 Symantec Corporation. All rights reserved. Path: C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE Click for Plus Info a.. Spooler SubSystem App spoolsv.exe Spooler SubSystem App Version: 5.1.2600.2696 © Microsoft Corporation. All rights reserved. Path: C:\WINDOWS\system32\spoolsv.exe Click for Plus Info a.. Internet Information Services inetinfo.exe Internet Information Services Version: 5.1.2600.2180 © Microsoft Corporation. All rights reserved. Path: C:\WINDOWS\system32\inetsrv\inetinfo.exe Click for Plus Info a.. Machine Debug Manager mdm.exe Machine Debug Manager Version: 7.10.3077 Copyright© Microsoft Corporation. All rights reserved. Path: C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7Debug\mdm.exe Click for Plus Info a.. Norton AntiVirus Auto-Protect Service NAVAPSVC.EXE Norton AntiVirus Auto-Protect Service Version: 11.0.9 Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved. Path: C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPSVC.EXE Click for Plus Info a.. Norton AntiVirus Firewall Install Monitor NPFMNTOR.EXE Norton AntiVirus Firewall Install Monitor Version: 11.0.9 Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved. Path: C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE Click for Plus Info a.. Symantec Core Component symlcsvc.exe Symantec Core Component Version: 1, 8, 54, 419 Copyright (C) 2003 Path: C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\symlcsvc.exe Click for Plus Info a.. TrueVector Service vsmon.exe TrueVector Service Version: 6.0.631.003 Copyright © 1998-2005, Zone Labs, LLC Path: C:\WINDOWS\system32\ZoneLabs\vsmon.exe Click for Plus Info a.. Symantec User Session CCAPP.EXE Symantec User Session Version: 103.0.5.2 Copyright (c) 2000-2004 Symantec Corporation. All rights reserved. Path: C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE Click for Plus Info a.. InCD InCD.exe InCD Version: 4, 3, 14, 1 Copyright 1995-2005 Nero AG and its licensors. All Rights Reserved. Path: C:\PROGRAM FILES\Ahead\InCD\InCD.exe Click for Plus Info a.. Zone Labs Client zlclient.exe Zone Labs Client Version: 6.0.631.003 Copyright © 1998-2005, Zone Labs, LLC Path: C:\PROGRAM FILES\ZONE LABS\ZONEALARM\zlclient.exe Click for Plus Info a.. Unspecified Title TeaTimer.exe Path: C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TeaTimer.exe Click for Plus Info a.. GetRight® www.getright.com getright.exe GetRight® www.getright.com Version: 5.2a Copyright © 1997-2004 Headlight Software, Inc. Path: C:\PROGRAM FILES\GetRight\getright.exe Click for Plus Info a.. Outlook Express msimn.exe Outlook Express Version: 6.00.2900.2180 © 2004 Microsoft Corporation. All rights reserved. Path: C:\PROGRAM FILES\OUTLOOK EXPRESS\msimn.exe Click for Plus Info a.. QuickNotes Qcknotes.exe QuickNotes Version: 1.31.0044 Copyright 1997-98 Matias Pelenur Path: C:\PROGRAM FILES\QUICKNOTES\Qcknotes.exe Click for Plus Info a.. Ad-Aware SE Core application Ad-Aware.exe Ad-Aware SE Core application Version: SE 106 Copyright © Lavasoft AB Sweden Path: C:\PROGRAM FILES\Lavasoft\AD-AWARE SE PERSONAL\Ad-Aware.exe Click for Plus Info a.. NTVDM.EXE ntvdm.exe NTVDM.EXE Version: 5.1.2600.2180 © Microsoft Corporation. All rights reserved. Path: C:\WINDOWS\system32\ntvdm.exe Click for Plus Info a.. Windows Win16 Application Launcher wowexec.exe Windows Win16 Application Launcher Version: 3.10 Copyright © Microsoft Corp. 1981-1996 Path: C:\WINDOWS\system32\wowexec.exe Click for Plus Info a.. WinPatrol System Monitor WINPATROL.EXE WinPatrol System Monitor Version: 9.7.0.18 Copyright © 1997- 2005 BillP Studios Path: C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE Click for Plus Info a.. Unspecified Title YMSGR_TRAY.EXE Path: C:\PROGRAM FILES\Yahoo!\MESSENGER\YMSGR_TRAY.EXE Click for Plus Info a.. Windows Explorer explorer.exe Windows Explorer Version: 6.00.2900.2180 © Microsoft Corporation. All rights reserved. Path: C:\WINDOWS\explorer.exe Click for Plus Info a.. WinPatrol Explorer WINPATROLEX.EXE WinPatrol Explorer Version: 9.7.0.18 Copyright © 2004-2005 BillP Studios Path: C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE Click for Plus Info a.. Windows Messenger msmsgs.exe Windows Messenger Version: Version 4.7.3001 Copyright (c) Microsoft Corporation 2004 Path: C:\PROGRAM FILES\MESSENGER\msmsgs.exe Click for Plus Info .. Scheduled Tasks . a.. Symantec NetDetect.job NDETECT.EXE Symantec NetDetect Version: 2.6.14.0 Copyright © 1996-2004 Symantec Corporation Path: C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE 08/27/2005 4:58 PM Click for Plus Info a.. Norton AntiVirus - Scan my computer - Paul.job NAVW32.EXE Norton AntiVirus Scanner Module Version: 11.0.9 Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved. Path: C:\Program Files\Norton AntiVirus\NAVW32.EXE 08/26/2005 8:00 PM Click for Plus Info .. IE Helpers . a.. AcroIEHelper Library AcroIEHelper.dll Adobe Acrobat IE Helper Version 7.0 for ActiveX Version: 7, 0, 0, 0 Copyright 1984-2004 Adobe Systems Incorporated and its licensors. All rights reserved. Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll 7, 0, 0, 0 Location: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects" Click for Plus Info a.. GetRight xx2gr.dll GetRight's IE & NS Click Monitoring. www.getright.com Version: 5.2 Copyright © 2004 Headlight Software, Inc. Path: C:\Program Files\GetRight\xx2gr.dll 5.2 Location: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects" Click for Plus Info a.. SDHelper.dll SDHelper.dll Path: C:\Program Files\Spybot - Search & Destroy\SDHelper.dll Location: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects" Click for Plus Info a.. Norton AntiVirus NAVSHEXT.DLL Norton AntiVirusNAVShellExt Module Version: 11.0.9 Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved. Path: C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL 11.0.9 Location: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects" Click for Plus Info a.. Norton AntiVirus NAVSHEXT.DLL Norton AntiVirusNAVShellExt Module Version: 11.0.9 Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved. Path: C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL 11.0.9 Location: "HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar" Click for Plus Info a.. ICQ Icq.exe ICQ Version: 2003b Copyright © 1996 - 2001 ICQ Inc. All Rights Reserved. Path: C:\Program Files\ICQ\Icq.exe C:\PROGRA~1\ICQ\ICQ.exe,1001 Location: "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions" Click for Plus Info .. File Types . a.. Video Clip wmplayer.exe /prefetch:8 /Open %L Windows Media Player Version: 10.00.00.3646 (C) Microsoft Corporation. All rights reserved. Path: C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:8 /Open %L .AVI Click for Plus Info a.. MS-DOS Batch File %1 %* Path: %1 %* .BAT Click for Plus Info a.. Bitmap Image shimgvw.dll,ImageView_Fullscreen %1 Run a DLL as an App Version: 5.1.2600.2180 © Microsoft Corporation. All rights reserved. Path: rundll32.exe C:\WINDOWS\System32\shimgvw.dll,ImageView_Fullscre en %1 .BMP Click for Plus Info a.. CD Audio Track wmplayer.exe /Open %L Windows Media Player Version: 10.00.00.3646 (C) Microsoft Corporation. All rights reserved. Path: C:\Program Files\Windows Media Player\wmplayer.exe /Open %L .CDA Click for Plus Info a.. Compiled HTML Help file hh.exe %1 Microsoft® HTML Help Executable Version: 5.2.3790.2453 © Microsoft Corporation. All rights reserved. Path: C:\WINDOWS\hh.exe %1 .CHM Click for Plus Info a.. MS-DOS Application %1 %* Path: %1 %* .COM Click for Plus Info a.. Windows NT Command Script %1 %* Path: %1 %* .CMD Click for Plus Info a.. Cascading Style Sheet Document FRONTPG.EXE %1 Path: C:\PROGRA~1\MICROS~2\Office10\FRONTPG.EXE %1 .CSS Click for Plus Info a.. Microsoft Word Document WINWORD.EXE /n /dde Microsoft Word Version: 10.0.6764 Copyright© Microsoft Corporation 1983-2001. All rights reserved. Path: C:\Program Files\Microsoft Office\Office10\WINWORD.EXE /n /dde .DOC Click for Plus Info a.. Internet E-Mail Message msimn.exe /eml:%1 Outlook Express Version: 6.00.2900.2180 © 2004 Microsoft Corporation. All rights reserved. Path: C:\Program Files\Outlook Express\msimn.exe /eml:%1 .EML Click for Plus Info a.. Application %1 %* Path: %1 %* .EXE Click for Plus Info a.. GIF Image shimgvw.dll,ImageView_Fullscreen %1 Run a DLL as an App Version: 5.1.2600.2180 © Microsoft Corporation. All rights reserved. Path: rundll32.exe C:\WINDOWS\System32\shimgvw.dll,ImageView_Fullscre en %1 .GIF Click for Plus Info a.. HTML Document iexplore.exe -nohome Internet Explorer Version: 6.00.2900.2180 © Microsoft Corporation. All rights reserved. Path: C:\Program Files\Internet Explorer\iexplore.exe -nohome .HTML Click for Plus Info a.. Setup Information NOTEPAD.EXE %1 Notepad Version: 5.1.2600.2180 © Microsoft Corporation. All rights reserved. Path: C:\WINDOWS\System32\NOTEPAD.EXE %1 .INF Click for Plus Info a.. JPEG Image shimgvw.dll,ImageView_Fullscreen %1 Run a DLL as an App Version: 5.1.2600.2180 © Microsoft Corporation. All rights reserved. Path: rundll32.exe C:\WINDOWS\System32\shimgvw.dll,ImageView_Fullscre en %1 .JPG Click for Plus Info a.. JScript Script File WScript.exe %1 %* Microsoft (r) Windows Based Script Host Version: 5.6.0.8820 Copyright © Microsoft Corp. 2002 Path: C:\WINDOWS\System32\WScript.exe %1 %* .JS Click for Plus Info a.. Text Document NOTEPAD.EXE %1 Notepad Version: 5.1.2600.2180 © Microsoft Corporation. All rights reserved. Path: C:\WINDOWS\system32\NOTEPAD.EXE %1 .LOG Click for Plus Info a.. MIDI Sequence wmplayer.exe /Open %L Windows Media Player Version: 10.00.00.3646 (C) Microsoft Corporation. All rights reserved. Path: C:\Program Files\Windows Media Player\wmplayer.exe /Open %L .MID Click for Plus Info a.. MP3 Format Sound wmplayer.exe /prefetch:6 /Open %L Windows Media Player Version: 10.00.00.3646 (C) Microsoft Corporation. All rights reserved. Path: C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:6 /Open %L .MP3 Click for Plus Info a.. QuickTime Movie QuickTimePlayer.exe %1 QuickTime Player Version: QuickTime 6.5.2 © Apple Computer, Inc. 1992-2004 Path: C:\PROGRA~1\QUICKT~1\QuickTimePlayer.exe %1 .MOV Click for Plus Info a.. Shortcut to MS-DOS Program %1 %* Path: %1 %* .PIF Click for Plus Info a.. Adobe Acrobat 7.0 Document AcroRd32.exe %1 Adobe Reader 7.0 Version: 7.0.2.2005060200 Copyright 1984-2005 Adobe Systems Incorporated and its licensors. All rights reserved. Path: C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe %1 Click for Plus Info a.. RealPlayer Presentation RealPlay.exe %1 RealPlayer Version: 6.0.12.1212 Copyright © RealNetworks, Inc. 1995-2004 Path: C:\Program Files\Real\RealPlayer\RealPlay.exe %1 .RAM Click for Plus Info a.. Registration Entries regedit.exe %1 Registry Editor Version: 5.1.2600.2180 © Microsoft Corporation. All rights reserved. Path: regedit.exe %1 .REG Click for Plus Info a.. Rich Text Format WINWORD.EXE /n /dde Microsoft Word Version: 10.0.6764 Copyright© Microsoft Corporation 1983-2001. All rights reserved. Path: C:\Program Files\Microsoft Office\Office10\WINWORD.EXE /n /dde .RTF Click for Plus Info a.. Spyware supplemental file SpybotSD.exe %1 Spybot - Search & Destroy Version: 1, 4, 0, 3 © 2000-2005 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten. Path: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe %1 .SBS Click for Plus Info a.. Screen Saver %1 /S Path: %1 /S .SCR Click for Plus Info a.. Text Document NOTEPAD.EXE %1 Notepad Version: 5.1.2600.2180 © Microsoft Corporation. All rights reserved. Path: C:\WINDOWS\system32\NOTEPAD.EXE %1 .TXT Click for Plus Info a.. Internet Shortcut rundll32.exe shdocvw.dll,OpenURL %l Run a DLL as an App Version: 5.1.2600.2180 © Microsoft Corporation. All rights reserved. Path: rundll32.exe shdocvw.dll,OpenURL %l .URL Click for Plus Info a.. VBScript Script File WScript.exe %1 %* Microsoft (r) Windows Based Script Host Version: 5.6.0.8820 Copyright © Microsoft Corp. 2002 Path: C:\WINDOWS\System32\WScript.exe %1 %* .VBS Click for Plus Info a.. VBScript Encoded Script File WScript.exe %1 %* Microsoft (r) Windows Based Script Host Version: 5.6.0.8820 Copyright © Microsoft Corp. 2002 Path: C:\WINDOWS\System32\WScript.exe %1 %* .VBE Click for Plus Info a.. Wave Sound wmplayer.exe /Open %L Windows Media Player Version: 10.00.00.3646 (C) Microsoft Corporation. All rights reserved. Path: C:\Program Files\Windows Media Player\wmplayer.exe /Open %L .WAV Click for Plus Info a.. Windows Script File WScript.exe %1 %* Microsoft (r) Windows Based Script Host Version: 5.6.0.8820 Copyright © Microsoft Corp. 2002 Path: C:\WINDOWS\System32\WScript.exe %1 %* .WSF Click for Plus Info a.. Windows Script Host Settings File WScript.exe %1 %* Microsoft (r) Windows Based Script Host Version: 5.6.0.8820 Copyright © Microsoft Corp. 2002 Path: C:\WINDOWS\System32\WScript.exe %1 %* .WSH Click for Plus Info a.. Windows Media Audio/Video file wmplayer.exe /prefetch:7 /Open %L Windows Media Player Version: 10.00.00.3646 (C) Microsoft Corporation. All rights reserved. Path: C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:7 /Open %L .WMV Click for Plus Info a.. Microsoft Excel Worksheet EXCEL.EXE /e Microsoft Excel Version: 10.0.6501 Copyright© Microsoft Corporation 1985-2001. All rights reserved. Path: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE /e .XLS Click for Plus Info "Maurice N ~ MVP" wrote in message ... Paul, Since I've never used WinPatrol, I'm taking the liberty of quoting Bob Dietz quote 1) Open WinPatrol. 2) Click on the Report button in the bottom right corner of the window. 3) After a moment, Internet Explore (or your default browser) will open with a report. Click on a blank part of that page and press the CTRL and A keys at the same time to select everything. 4) Press the CTRL and C keys at the same time to copy everything to the clip board. 5) Start a reply to this message, then press CTRL and V keys at the same time to paste the report into the message. -- Bob Dietz /end quote Also, here is a tool from SysInternals that may help you get an insight on what's running. Autoruns (checks & shows what's set to auto-load at Windows startup) http://www.sysinternals.com/ntw2k/fr...autoruns.shtml -- Maurice N MVP Windows - Shell / User ----- Paul Mars wrote: my winpatrol which monitors for new startup items warned me and since I have not installed or made any changes I chose to not allow this item, but then every few minutes winpatrol notifies me again, which is not how it usually works. So something keeps trying to put this in my startup. Maybe I should allow it, but I need to know what it is first. p "Maurice N ~ MVP" wrote How can one tell? You've not posted enough info. When and how does this crop up? Before, during, or after Windows loads? Are you having a problem logging in? Paul Mars wrote: what is it? tx, Paul |
#8
|
|||
|
|||
so why did winpartol never warn be about it before, just yesterday after
upgrading to latest winpatrol, it warns me of this new entry, but it is not new, from what u say. "BillP Studios" wrote in message oups.com... And for anyone else who viewed this topic and wondered here's what we have in our PLUS knowledgebase on Userinit.exe. ----- Userinit.exe is a process in Windows NT 3.x or later, Windows 2000, and Windows XP. It specifies the programs that Winlogon runs when a user logs on. By default, Winlogon runs Userinit.exe, which runs logon scripts, reestablishes network connections, and then starts Explorer.exe, the Windows user interface. This file can be configured to add, remove, or substitute programs. We'd recommend against removal. For more information you read what Microsoft says at: http://www.microsoft.com/resources/d...ntry/12330.asp Thanks again, Bill |
#9
|
|||
|
|||
win patrol new program alert
a new auto startup program has been detected. this program will run each time you login or restart your nachine. do you approve the addition of this program startup setting? Press yes if this program is expected and acceptable. winlogon:userinit C:\WINDOWS\system32\userinit.exe version 5.1.2600.2180 |
#10
|
|||
|
|||
Hi Paul,
Thank you for sending along your WinPatrol Log. I'm not sure why suddenly you should see this message but it is one of the new locations we monitor with WinPatrol 9.7. ( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ) Some of our early versions of WinPatrol 9.7 did have some problems so like Scotty may be confused about if he's already ok'd this file already. If WinPatrol continues to give you this message I would recommend is going to the Startup Program list and when you see Winlogon Userinit select it. The Remove button should now say Reset. Go ahead and click on Reset and you should be ok and no longer see this message. Everything else in your log looks ok. If you continue to experience problems it would be due to another security program also messing with this program or locking the registry entry so we're not able to update it. If that's the case we'll do some more testing with Teatimer, ZoneLabs and others. Thanks again, Bill Pytlovany BillP Studios |
Thread Tools | |
Display Modes | |
|
|