Wininit.ini file

Question

Each time I reboot, a wininit.ini text file is produced, which I have to rename before I can use System Restore.  How can I stop this? the file is Nul=C:\Windows\Temp\GLB1A2B.exe

ky331 · Answer

The file WinInit.ini is a 'temporary' file, which is run once on the next bootup, and then it should be automatically deleted.  It contains 'updated' system information.  For example, many setups/installations that force you to reboot will place commands in the wininit.ini file, and then load/access the updated files upon reboot (these files are generally indicated by a REName command).  Other programs, like AVG antivirus, use the wininit.ini to 'clean up' older (backup) files that are no longer needed (these files are generally indicated by a NUL command).  I've never had it (wininit) interfere with my computer, and in fact, as I've just described it, it serves a useful, if not essential, purpose.  Perhaps your problem with system restore lies elsewhere.

Midnight Star · Answer

Ternard,

That particular system file can be used by known 'problems' like adware/spyware and malware. The name of the file looks suspicious to me.

-----

I'd recommend downloading, installing and running the following:

AdAware SE Personal
Spybot S&D

Both these programs are free to download and use. Be sure to check for and download any available updates before beginning each scan.

-----

There's also a free online scan available at:

www.trendmicro.com - click on "Free Online Scan"

-----

You might also want to download HiJackThis v1.98.2 and post us up a log to look at for you. If your not sure how to do this, just post back.

Mike.

Ternard · Answer

kY331

Thanks for your interest. I obtained the information about the Wininit.ini file from MS Knowledge Base article 274092.

I have already got Spy Bot, and Ad Aware SE, I have been to the Ad-aware forum and it seems that the Ad-Aware programme might be the cause of the trouble. I will post a log from Hi-Jack, perhaps tomorrow when I have more time. Thanks for the reply.

Ternard · Answer

Midnight Star

Thanks for your interest.

I am posting a log, as far as I can see, there is nothing here to cause the problem, but I may be wrong.

Logfile of HijackThis v1.98.2

Scan saved at 14:31:54, on 30/11/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\SSDPSRV.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDUL2.EXE

C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE

C:\PROGRAM FILES\REALVNC\WINVNC\WINVNC.EXE

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\FREESERVE\FREESERVECONNECTIONKIT\ATDIALLER1.EXE

C:\USBSTORAGE\USBDETECTOR.EXE

C:\PROGRAM FILES\ACRONIS\TRUEIMAGE\TRUEIMAGEMONITOR.EXE

C:\PROGRAM FILES\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDHLP.EXE

C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE

C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE

C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE

C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE

C:\WINDOWS\LOADQM.EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE

C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE

C:\PROGRAM FILES\WORDWEB\WWEB32.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\WINDOWS\TEMP\TD_0010.DIR\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.freeserve.com/iesearch/default.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Welcome

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.net:8080;ftp=http://www-cache.freeserve.net:8080

F1 - win.ini: run=hpfsched

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL

O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\WANADOO\WSBAR\WSBAR.DLL

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [MicroDialler] C:\Freeserve\FreeserveConnectionKit\atdialler1.exe

O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe

O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"

O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\RunServices: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe"

O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding

O4 - HKLM\..\RunServices: [WinVNC] "C:\PROGRAM FILES\REALVNC\WINVNC\WINVNC.EXE" -service

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - Startup: MICROSOFT WORKS CALENDAR REMINDERS.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

O4 - Startup: WINZIP QUICK PICK.LNK = C:\Program Files\WinZip\WZQKPICK.EXE

O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: Wincrypt Update Client.lnk = C:\Program Files\Wincrypt\UNWISE.EXE

O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: Download using Download &Express - file://C:\WINDOWS\SYSTEM\MetaProducts\Add_Url.htm

O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\WANADOO\WSBAR\WSBAR.DLL/VSearch.htm

O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm

O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.euro.dell.com/countries/uk/enu/gen/default.htm (file missing) (HKCU)

O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe

O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/systemprofiler/SysProfLCD.CAB

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {6FB9FE59-7D3B-483D-9909-C870BE5AFA1F} (DiskHealth Class) - http://www.pcpitstop.com/pcpitstop/diskhealth.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,76/mcinsctl.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab

O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?322

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptodate/bin/1,0,0,7/McUpdatePortal.cab

O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab

O16 - DPF: ChatSpace Full Java Client 3.1.0.246 - http://chat-a2.wanadoo.co.uk/Java/cfs31246.cab

O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab

Midnight Star · Answer

Ternard,

From a quick glance, nothing stood out in your log. But a little GOOGLE research might help. See if this relates to your specific problem:

Re: GLB1A2B.EXE

apparently it turned out to be a residual from AdAware (unpaid version).

Mike.

Midnight Star · Answer

Ternard, You might also try contact Lavasoft via e-mail and see if they can help you that way. Are you using 6.x or AdAware SE Personal? Mike.

Ternard · Answer

Thanks very much for that, I have googled it again.   Trouble is how to get rid of it. I have looked at posts saying it is harmless.  Probably so, but it stops Sytem Restore from working, unless I rename the file each time I reboot.   Hopefully, Lavasoft may come up with a fix on the next rebuild.

Ternard · Answer

I am using SE Personal. Because it is a free programme, I cannot contact their support by e-mail, but there are quite a few references to the problem on the support forum.  One fix recommended, was to delete the icon from the desk top and the quick launch bar, and run it from Start>programmes, so that it runs from a different path.but it did not work for me. I am contemplating removing it from the start menu, and just running it from programme files.   It is possible that it may be generated when the computer boots up. .

Midnight Star · Answer

Ternard, The reason I was asking, I use the same program. I'm not sure why they would do that on an ME system and not XP. Maybe it's a work around for something. Mike.

Ternard · Answer

Mike Yes it would do it on XP according to the reports I have read. Strange why it affects some computers and not others. In the last 2 days, I have uninstalled Ad Aware, and renamed all the wininit.ini files, deleted all other references to Ad-Aware, including the recycle bin, then downloaded from a different site.  But the result is still the same.  The wininit.ini file is created again. It may be possible to go into the Advanced Tool section on the programme and do something there, but I do not really understand those tools, so will leave well alone. I have a back up of the disk on external hard drive, so it is not vital, but will still keep trying to clear the bug.

Midnight Star · Answer

Ternard,   Ok. I look forward to seeing how it turns out!   You know, what might be interesting is to download a program like ' Strings' and use it on the AdAware executable. This program will display all the text strings that exists in an executable. I'm wondering if that particular file name will be reported.   Mike.

Virus & Spyware

Wininit.ini file

Was this post helpful?