?
Solved

duplicate userinit.exe prevents logoff or shutdown

Posted on 2004-08-25
16
Medium Priority
?
582 Views
Last Modified: 2012-06-27
After booting and logging on, I notice two instances of the userinit.exe process.  The first terminates normally.  The second hangs on, without any child processes, for an indeterminate period of time.  Sometimes it exits after a few minutes, sometimes never.   When the second instance is running, a shutdown or logoff takes several minutes (>5 mins, when all other applications are already shutdown).   The is only one mention of userinit.exe is in the  registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit.

Any ideas?

Thanks.


0
Comment
Question by:robrien99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
16 Comments
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11897266
Hello robrien99 =)

Not sure what is causing this,,,,, may be any junk item or wrong registry entry,,, can u Download HijackThis v1.98.2, run it, Save the LOG file and Post it here:
http://tools.radiosplace.com/HijackThis.exe

so that i can check if there is any entry present for this process on ur system or not ??
0
 

Author Comment

by:robrien99
ID: 11903557
Thanks SheharyaarSaahil :->

Here's the Hijack this log...

Logfile of HijackThis v1.98.2
Scan saved at 10:50:09 AM, on 8/26/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\msdtc.exe
C:\WINNT\System32\svchost.exe
C:\ePOAgent\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\system32\mqsvc.exe
C:\WINNT\system32\userinit.exe
C:\WINNT\Explorer.EXE
C:\ePOAgent\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\rko\sysinternals\procexpnt\procexp.exe
C:\Documents and Settings\rko\Desktop\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\ePOAgent\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Launch Microsoft Outlook.lnk = C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
O4 - Startup: procexp.lnk = C:\rko\sysinternals\procexpnt\procexp.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with &XML Spy - C:\Program Files\Altova\xmlspy\spy.htm
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\xmlspy\spy.htm (HKCU)
O9 - Extra 'Tools' menuitem: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\xmlspy\spy.htm (HKCU)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = i-nj.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = i-nj.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = i-nj.com
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: qrev - {9DE24BAC-FC3C-42C4-9FC4-76B3FAFDBD90} - C:\PROGRA~1\QUESTS~1\TOAD\RNetPin.dll

0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11905057
im not sure but one thing is confuing me...... see the value for this line >> UserInit=C:\WINNT\system32\userinit.exe
and as far as i know, this shud be >> UserInit=C:\WINNT\system32\userinit.exe,

note the comma thing.... i mean i admit its a tiny thing,,, but really its the Correct and Real Value
why there is not a comma included in ur registry entry ??
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 

Author Comment

by:robrien99
ID: 11905400

i took the comma out based on a hunch i got from another soulution.  the comma's since been replaced.  problem continues.

0
 

Author Comment

by:robrien99
ID: 11906272

ok, this may be self induced.  looks like zonealarm was preventing a subprocess of userinit (started  by a logon script?) from accepting connections from a domain controller.  i reduced the zonealarm internet protection level to medium and the problem goes away.  set the protection level to high, problem returns.

does any of this make sense to anyone?


0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11906889
i dont think that zone alarm shud do this.... try an uninstall and reinstall of xone alram.... may be it has some corruption and that's why behaving like this :-?
0
 

Author Comment

by:robrien99
ID: 11922083
reinstalled zonealarm as suggested.  seems work for now...
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11922095
great =)

so as te problem is solved,,, u can close this question.... as u can see the ACCEPT button infront of each comment,,,,, hit the button for that comment which solved ur problem and then assign a grade, that's all :)
for more info. on how to close a Question, plzz refer here >> http://www.experts-exchange.com/help.jsp#hs5
0
 

Author Comment

by:robrien99
ID: 11931102
problem still exists after 2nd zonealarm uninstall/reinstall cycle.... and the reason seems to be a lack of understanding on my part.   lowering the internet protection level to med.  does the trick for now.

0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11934196
that's strange indeed :-o

tell me have u tet tries a SFC scan ??
Goto START>RUN and type  sfc /scannow
u will need ur WinXP CD in order to fix the corrupted windows system files, if found by scan.
0
 

Author Comment

by:robrien99
ID: 11968375

i did the sfc /scannow and it does ask for several files, but our IT dept won't fork over the win2k disk.  so the case is closed (for now).   if i do without zonealarm the problem is gone.  although, zonealarm has saved me from the last two worms that bored thier way through here.

SheharyaarSaahil:  Many thanks for the help!  



0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11968440
hmmmmmmm.... i can understand that !!

so if the case is closed for u,,,,, then u can close this question also.... if u think someone helped u, u can hit the Accept button infront of his comment, and can assing a grade... that's all :)

and if u think u didn't get help or solution to ur poblem, u can goto support area and can ask a moderator to close this qeustion and refund ur points.... as u wish =)
for more info. on how to close a Question, plzz refer here >> http://www.experts-exchange.com/help.jsp#hs5

!! Good Luck !!
0
 

Author Comment

by:robrien99
ID: 12201127
i've abandoned this issue.  it appears that the company's policies and tools for pc software mgmt are incompatible with zonealarm.  can't get past that.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 12438885
PAQed, with points refunded (500)

Computer101
E-E Admin
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Learn how to use the free Acronis True Image app to easily transfer data between iPhones and Android phones.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question