Solved

duplicate userinit.exe prevents logoff or shutdown

Posted on 2004-08-25
16
557 Views
Last Modified: 2012-06-27
After booting and logging on, I notice two instances of the userinit.exe process.  The first terminates normally.  The second hangs on, without any child processes, for an indeterminate period of time.  Sometimes it exits after a few minutes, sometimes never.   When the second instance is running, a shutdown or logoff takes several minutes (>5 mins, when all other applications are already shutdown).   The is only one mention of userinit.exe is in the  registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit.

Any ideas?

Thanks.


0
Comment
Question by:robrien99
  • 7
  • 6
16 Comments
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11897266
Hello robrien99 =)

Not sure what is causing this,,,,, may be any junk item or wrong registry entry,,, can u Download HijackThis v1.98.2, run it, Save the LOG file and Post it here:
http://tools.radiosplace.com/HijackThis.exe

so that i can check if there is any entry present for this process on ur system or not ??
0
 

Author Comment

by:robrien99
ID: 11903557
Thanks SheharyaarSaahil :->

Here's the Hijack this log...

Logfile of HijackThis v1.98.2
Scan saved at 10:50:09 AM, on 8/26/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\msdtc.exe
C:\WINNT\System32\svchost.exe
C:\ePOAgent\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\system32\mqsvc.exe
C:\WINNT\system32\userinit.exe
C:\WINNT\Explorer.EXE
C:\ePOAgent\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\rko\sysinternals\procexpnt\procexp.exe
C:\Documents and Settings\rko\Desktop\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\ePOAgent\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Launch Microsoft Outlook.lnk = C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
O4 - Startup: procexp.lnk = C:\rko\sysinternals\procexpnt\procexp.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with &XML Spy - C:\Program Files\Altova\xmlspy\spy.htm
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\xmlspy\spy.htm (HKCU)
O9 - Extra 'Tools' menuitem: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\xmlspy\spy.htm (HKCU)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = i-nj.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = i-nj.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = i-nj.com
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: qrev - {9DE24BAC-FC3C-42C4-9FC4-76B3FAFDBD90} - C:\PROGRA~1\QUESTS~1\TOAD\RNetPin.dll

0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11905057
im not sure but one thing is confuing me...... see the value for this line >> UserInit=C:\WINNT\system32\userinit.exe
and as far as i know, this shud be >> UserInit=C:\WINNT\system32\userinit.exe,

note the comma thing.... i mean i admit its a tiny thing,,, but really its the Correct and Real Value
why there is not a comma included in ur registry entry ??
0
 

Author Comment

by:robrien99
ID: 11905400

i took the comma out based on a hunch i got from another soulution.  the comma's since been replaced.  problem continues.

0
 

Author Comment

by:robrien99
ID: 11906272

ok, this may be self induced.  looks like zonealarm was preventing a subprocess of userinit (started  by a logon script?) from accepting connections from a domain controller.  i reduced the zonealarm internet protection level to medium and the problem goes away.  set the protection level to high, problem returns.

does any of this make sense to anyone?


0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11906889
i dont think that zone alarm shud do this.... try an uninstall and reinstall of xone alram.... may be it has some corruption and that's why behaving like this :-?
0
 

Author Comment

by:robrien99
ID: 11922083
reinstalled zonealarm as suggested.  seems work for now...
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11922095
great =)

so as te problem is solved,,, u can close this question.... as u can see the ACCEPT button infront of each comment,,,,, hit the button for that comment which solved ur problem and then assign a grade, that's all :)
for more info. on how to close a Question, plzz refer here >> http://www.experts-exchange.com/help.jsp#hs5
0
 

Author Comment

by:robrien99
ID: 11931102
problem still exists after 2nd zonealarm uninstall/reinstall cycle.... and the reason seems to be a lack of understanding on my part.   lowering the internet protection level to med.  does the trick for now.

0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11934196
that's strange indeed :-o

tell me have u tet tries a SFC scan ??
Goto START>RUN and type  sfc /scannow
u will need ur WinXP CD in order to fix the corrupted windows system files, if found by scan.
0
 

Author Comment

by:robrien99
ID: 11968375

i did the sfc /scannow and it does ask for several files, but our IT dept won't fork over the win2k disk.  so the case is closed (for now).   if i do without zonealarm the problem is gone.  although, zonealarm has saved me from the last two worms that bored thier way through here.

SheharyaarSaahil:  Many thanks for the help!  



0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11968440
hmmmmmmm.... i can understand that !!

so if the case is closed for u,,,,, then u can close this question also.... if u think someone helped u, u can hit the Accept button infront of his comment, and can assing a grade... that's all :)

and if u think u didn't get help or solution to ur poblem, u can goto support area and can ask a moderator to close this qeustion and refund ur points.... as u wish =)
for more info. on how to close a Question, plzz refer here >> http://www.experts-exchange.com/help.jsp#hs5

!! Good Luck !!
0
 

Author Comment

by:robrien99
ID: 12201127
i've abandoned this issue.  it appears that the company's policies and tools for pc software mgmt are incompatible with zonealarm.  can't get past that.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 12438885
PAQed, with points refunded (500)

Computer101
E-E Admin
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In this article, I will show you HOW TO: Suppress Configuration Issues and Warnings Alert displayed in Summary status for ESXi 6.5 after enabling SSH or ESXi Shell.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now