Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.3.9600.16384 (winblue_rtm.130821-1623) 4.55%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.10%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.24%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.05%
6.2.9200.16384 (win8_rtm.120725-1247) 2.47%
6.2.9200.16384 (win8_rtm.120725-1247) 14.12%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.10%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.10%
6.2.8250.0 (winmain_win8beta.120217-1520) 0.05%
6.2.8102.0 (winmain_win8m3.110823-1455) 0.10%
6.1.7600.16385 (win7_rtm.090713-1255) 24.90%
6.1.7600.16385 (win7_rtm.090713-1255) 44.10%
6.0.6000.16386 (vista_rtm.061101-2205) 7.21%
6.0.6000.16386 (vista_rtm.061101-2205) 1.50%
6.0.6000.16386 (vista_rtm.061101-2205) 0.39%
6.0.6000.16386 (vista_rtm.061101-2205) 0.05%

Relationships

Parent process
Child processes
Related files

PE structurePE file structure
Show functions
Import table
advapi32.dll
TraceMessage, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, RegCloseKey, RegDeleteValueW, RegOpenKeyExW, RegSetValueExW, RegQueryValueExW, EventRegister, EventUnregister, EventWrite, EventEnabled, RegOpenKeyW, LsaGetUserName, EventWriteEndScenario, EventWriteStartScenario, EventActivityIdControl, CheckTokenMembership, RevertToSelf, ImpersonateLoggedOnUser, EqualSid, GetTokenInformation, DeregisterEventSource, RegisterEventSourceW, RegEnumValueW, RegQueryInfoKeyW, RegQueryInfoKeyA, RegQueryValueExA, QueryTraceW, EnableTrace, ControlTraceW, StartTraceW, OpenSCManagerW, OpenServiceW, QueryServiceStatus, NotifyServiceStatusChangeW, CloseServiceHandle, NotifyBootConfigStatus, OpenProcessToken, CreateWellKnownSid, LookupAccountSidW, RegDeleteTreeW, CreateProcessAsUserW, DuplicateTokenEx, I_ScSendTSMessage, ReportEventW, SetNamedSecurityInfoW, GetSecurityDescriptorSacl, GetSecurityDescriptorDacl, GetSecurityDescriptorGroup, GetSecurityDescriptorOwner, GetSecurityDescriptorControl, ConvertStringSecurityDescriptorToSecurityDescriptorW
api-ms-win-core-apiquery-l1-1-0.dll
ApiSetQueryApiSetPresence
api-ms-win-core-datetime-l1-1-1.dll
GetDateFormatW, GetTimeFormatW
api-ms-win-core-delayload-l1-1-1.dll
ResolveDelayLoadedAPI, DelayLoadFailureHook
api-ms-win-core-errorhandling-l1-1-0.dll
GetLastError, SetLastError, SetErrorMode, SetUnhandledExceptionFilter, UnhandledExceptionFilter
api-ms-win-core-errorhandling-l1-1-1.dll
GetLastError, SetLastError, UnhandledExceptionFilter, SetErrorMode, SetUnhandledExceptionFilter
api-ms-win-core-file-l1-1-1.dll
FindFirstVolumeW, GetDriveTypeW, DeleteFileW, FindNextVolumeW, FindVolumeClose, CreateFileW, CreateDirectoryW, GetShortPathNameW, FileTimeToSystemTime, FindFirstFileW, ReadFile, FindClose, GetFileAttributesW
api-ms-win-core-file-l1-2-0.dll
GetDriveTypeW, DeleteFileW, FindNextVolumeW, FindVolumeClose, FindFirstVolumeW, CreateFileW, CreateDirectoryW, GetShortPathNameW, FindFirstFileW, ReadFile, FindClose, GetFileAttributesW
api-ms-win-core-file-l1-2-1.dll
DeleteFileW, FindNextVolumeW, FindVolumeClose, GetDriveTypeW, ReadFile, CreateFileW, CreateDirectoryW, FindClose, FindFirstVolumeW, FindFirstFileW, GetFileAttributesW, GetShortPathNameW
api-ms-win-core-file-l2-1-0.dll
MoveFileExW
api-ms-win-core-file-l2-1-1.dll
MoveFileExW
api-ms-win-core-handle-l1-1-0.dll
CloseHandle
api-ms-win-core-heap-l1-1-0.dll
HeapSetInformation, HeapDestroy, HeapCreate, HeapFree, GetProcessHeap, HeapAlloc
api-ms-win-core-heap-l1-2-0.dll
HeapCreate, GetProcessHeap, HeapFree, HeapDestroy, HeapSetInformation, HeapAlloc
api-ms-win-core-heap-obsolete-l1-1-0.dll
LocalAlloc, LocalFree, LocalReAlloc, LocalSize
api-ms-win-core-interlocked-l1-1-0.dll
InterlockedCompareExchange, InterlockedExchange
api-ms-win-core-interlocked-l1-1-1.dll
InterlockedExchange, InterlockedCompareExchange
api-ms-win-core-interlocked-l1-2-0.dll
InterlockedExchange, InterlockedCompareExchange
api-ms-win-core-kernel32-legacy-l1-1-0.dll
WTSGetActiveConsoleSessionId, GetStartupInfoA
api-ms-win-core-kernel32-legacy-l1-1-1.dll
GetStartupInfoA, WTSGetActiveConsoleSessionId
api-ms-win-core-libraryloader-l1-1-1.dll
GetProcAddress, FindResourceExW, LoadLibraryExW, GetModuleHandleW, GetModuleHandleA, LoadResource, FreeLibrary, LockResource
api-ms-win-core-libraryloader-l1-2-0.dll
LoadLibraryExW, GetModuleHandleA, LoadResource, FindResourceExW, GetModuleHandleW, LockResource, FreeLibrary, GetProcAddress
api-ms-win-core-localregistry-l1-1-0.dll
RegDeleteValueW, RegQueryValueExA, RegQueryInfoKeyA, RegQueryInfoKeyW, RegEnumValueW, RegGetValueW, RegQueryValueExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey
api-ms-win-core-processenvironment-l1-1-0.dll
SetEnvironmentVariableW, ExpandEnvironmentStringsW
api-ms-win-core-processenvironment-l1-1-1.dll
SetEnvironmentVariableW, ExpandEnvironmentStringsW
api-ms-win-core-processenvironment-l1-2-0.dll
ExpandEnvironmentStringsW, SetEnvironmentVariableW
api-ms-win-core-processthreads-l1-1-1.dll
SetThreadPriority, OpenProcess, GetCurrentProcess, SetPriorityClass, OpenProcessToken, TerminateProcess, GetCurrentThreadId, CreateProcessAsUserW, CreateRemoteThread, CreateThread, ResumeThread, GetExitCodeProcess, CreateProcessW, GetCurrentThread, GetCurrentProcessId, IsProcessorFeaturePresent
api-ms-win-core-processthreads-l1-1-2.dll
UpdateProcThreadAttribute, DeleteProcThreadAttributeList, CreateThread, InitializeProcThreadAttributeList, GetCurrentProcess, SetThreadPriority, GetCurrentThread, GetExitCodeProcess, GetCurrentProcessId, ResumeThread, SetPriorityClass, CreateRemoteThread, OpenProcessToken, CreateProcessW, OpenProcess, CreateProcessAsUserW, TerminateProcess, GetCurrentThreadId
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter
api-ms-win-core-psapi-obsolete-l1-1-0.dll
K32GetModuleFileNameExW
api-ms-win-core-registry-l1-1-0.dll
RegEnumValueW, RegDeleteTreeW, RegOpenKeyExW, RegGetValueW, RegCloseKey, RegQueryValueExW, RegQueryValueExA, RegSetValueExW, RegDeleteValueW, RegQueryInfoKeyA, RegQueryInfoKeyW
api-ms-win-core-string-obsolete-l1-1-0.dll
lstrcmpiW, lstrlenW
api-ms-win-core-synch-l1-1-1.dll
WaitForSingleObjectEx, TryEnterCriticalSection, Sleep, SetEvent, CreateEventW, InitializeCriticalSection, LeaveCriticalSection, ResetEvent, DeleteCriticalSection, EnterCriticalSection, SleepEx, WaitForMultipleObjectsEx, WaitForSingleObject
api-ms-win-core-synch-l1-2-0.dll
ResetEvent, CreateEventW, SetEvent, WaitForSingleObjectEx, InitializeCriticalSection, LeaveCriticalSection, SleepEx, DeleteCriticalSection, TryEnterCriticalSection, WaitForMultipleObjectsEx, EnterCriticalSection, Sleep, WaitForSingleObject
api-ms-win-core-sysinfo-l1-1-1.dll
GetSystemTimeAsFileTime, GetLocalTime, GetWindowsDirectoryW, SystemTimeToFileTime, GetVersionExW, GetComputerNameExW, GetTickCount
api-ms-win-core-sysinfo-l1-2-0.dll
GetComputerNameExW, GetSystemTimeAsFileTime, GetLocalTime, GetWindowsDirectoryW, GetTickCount, GetVersionExW
api-ms-win-core-sysinfo-l1-2-1.dll
GetWindowsDirectoryW, GetComputerNameExW, GetSystemTimeAsFileTime, GetTickCount, GetLocalTime, GetVersionExW
api-ms-win-core-threadpool-l1-1-1.dll
CreateTimerQueueTimer, DeleteTimerQueueTimer, QueueUserWorkItem
api-ms-win-core-threadpool-legacy-l1-1-0.dll
QueueUserWorkItem, DeleteTimerQueueTimer, CreateTimerQueueTimer
api-ms-win-core-timezone-l1-1-0.dll
SystemTimeToFileTime, FileTimeToSystemTime
api-ms-win-core-version-l1-1-0.dll
GetFileVersionInfoSizeExW, GetFileVersionInfoExW, VerQueryValueW
api-ms-win-eventing-controller-l1-1-0.dll
StartTraceW, ControlTraceW, EnableTraceEx2
api-ms-win-legacy-kernel32-l1-1-0.dll
GetStartupInfoA
api-ms-win-obsolete-kernelbase-l1-1-0.dll
LocalFree, LocalAlloc, lstrlenW, lstrcmpiW
api-ms-win-security-base-l1-1-0.dll
ImpersonateLoggedOnUser, EqualSid, RevertToSelf, GetTokenInformation, GetSecurityDescriptorOwner, GetSecurityDescriptorControl, SetFileSecurityW, GetSecurityDescriptorSacl, CheckTokenMembership, GetSecurityDescriptorDacl, CreateWellKnownSid, SetTokenInformation, DuplicateTokenEx, GetSecurityDescriptorGroup
api-ms-win-security-base-l1-2-0.dll
ImpersonateLoggedOnUser, EqualSid, GetSecurityDescriptorOwner, GetSecurityDescriptorControl, SetFileSecurityW, CheckTokenMembership, CreateWellKnownSid, SetTokenInformation, GetSecurityDescriptorSacl, DuplicateTokenEx, GetSecurityDescriptorDacl, RevertToSelf, GetTokenInformation, GetSecurityDescriptorGroup
api-ms-win-security-lsalookup-l1-1-0.dll
LookupAccountSidLocalW
kernel32.dll
SetEvent, CreateTimerQueueTimer, SetErrorMode, GetTickCount, GetWindowsDirectoryW, FindFirstFileW, FindClose, HeapSetInformation, CreateProcessW, InterlockedExchange, CreateThread, SleepEx, GetCurrentProcessId, SetThreadExecutionState, Sleep, ResetEvent, WaitForSingleObject, QueueUserWorkItem, WaitForSingleObjectEx, HeapFree, HeapAlloc, HeapDestroy, HeapCreate, LoadLibraryW, GetProcAddress, GetFileAttributesW, SetTimerQueueTimer, OpenProcess, GetModuleHandleW, CreateRemoteThread, ResumeThread, DeleteTimerQueueTimer, RegDeleteTreeW, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentThreadId, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, GetStartupInfoA, LoadLibraryExA, InterlockedCompareExchange, DelayLoadFailureHook, MoveFileExW, LocalSize, LocalReAlloc, FindFirstVolumeW, GetDriveTypeW, DeleteFileW, FindNextVolumeW, FindVolumeClose, lstrcmpiW, GetShortPathNameW, CreateFileW, LocalAlloc, ReadFile, CreateDirectoryW, LocalFree, SetLastError, lstrlenW, GetVersionExW, CreateEventW, GetDateFormatW, GetTimeFormatW, FileTimeToSystemTime, SystemTimeToFileTime, GetLocalTime, LockResource, LoadResource, FindResourceExW, GetProcessHeap, FreeLibrary, GetComputerNameW, SetEnvironmentVariableW, GetLastError, GetCurrentProcess, SetPriorityClass, GetCurrentThread, SetThreadPriority, GetExitCodeProcess, CloseHandle, WaitForMultipleObjectsEx, ExpandEnvironmentStringsW, GetSystemDirectoryW, LoadLibraryA
msvcrt.dll
DllMain
ntdll.dll
RtlNtStatusToDosError, RtlInitUnicodeString, NtShutdownSystem, RtlDeregisterWaitEx, RtlFreeHeap, RtlAllocateHeap, EtwEventEnabled, EtwEventWrite, EtwEventUnregister, EtwEventRegister, NtOpenProcessToken, RtlRemovePrivileges, NtClose, EtwUnregisterTraceGuids, EtwRegisterTraceGuidsW, EtwGetTraceLoggerHandle, EtwGetTraceEnableLevel, EtwGetTraceEnableFlags, EtwTraceMessage, RtlRegisterWait, RtlDestroyEnvironment, NtSetValueKey, NtReplyPort, NtCreateKey, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCreatePort, NtAllocateLocallyUniqueId, TpSimpleTryPost, RtlFreeSid, RtlSetSaclSecurityDescriptor, RtlAddMandatoryAce, RtlCreateAcl, RtlCreateSecurityDescriptor, RtlGetDaclSecurityDescriptor, RtlCopySid, RtlLengthSid, RtlSetDaclSecurityDescriptor, RtlAddAce, RtlUnhandledExceptionFilter, NtQueryInformationProcess, NtQuerySystemInformation, RtlSetThreadIsCritical, RtlSetProcessIsCritical, RtlLeaveCriticalSection, RtlEnterCriticalSection, RtlCompareUnicodeString, NtPrivilegeObjectAuditAlarm, EtwEventWriteEndScenario, EtwEventWriteStartScenario, EtwEventActivityIdControl, NtPrivilegeCheck, NtOpenThreadToken, RtlAllocateAndInitializeSid, RtlInitializeCriticalSection, NtQueryInformationToken, RtlSetEnvironmentVariable, RtlQueryEnvironmentVariable_U, RtlInitUnicodeStringEx, RtlCreateEnvironment, NtCreateEvent, RtlAdjustPrivilege, NtSystemDebugControl, NtCompleteConnectPort, NtCreatePagingFile, RtlDosPathNameToNtPathName_U, DbgBreakPoint, RtlConnectToSm, RtlSendMsgToSm, NtDelayExecution, RtlDeregisterWait, NtPowerInformation, NtSetThreadExecutionState, NtSetInformationProcess, WinSqmAddToStream, WinSqmIsOptedIn, CsrClientCallServer, NtQuerySystemEnvironmentValueEx
rpcrt4.dll
RpcBindingFree, RpcStringBindingParseW, RpcBindingToStringBindingW, RpcBindingServerFromClient, RpcRevertToSelf, RpcImpersonateClient, RpcServerInqCallAttributesW, RpcServerListen, RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcExceptionFilter, RpcServerInqDefaultPrincNameW, RpcServerRegisterAuthInfoW, RpcStringFreeW, RpcServerInqBindings, UuidFromStringW, RpcEpRegisterW, RpcServerUnregisterIf, RpcEpUnregister, RpcBindingVectorFree, NdrAsyncServerCall, RpcServerTestCancel, RpcAsyncAbortCall, I_RpcBindingIsClientLocal, NdrAsyncClientCall, RpcBindingCopy, RpcBindingCreateW, RpcBindingBind, RpcServerUseProtseqW, RpcAsyncInitializeHandle, RpcAsyncCancelCall, RpcAsyncCompleteCall, RpcBindingUnbind, NdrClientCall2, NdrServerCall2, I_RpcExceptionFilter, RpcBindingSetAuthInfoExW, RpcBindingFromStringBindingW, RpcStringBindingComposeW, RpcMgmtIsServerListening
user32.dll
SetWindowStationUser, SwitchDesktopWithFade, LoadLocalFonts, SetWindowsHookExW, RegisterLogonProcess, SetProcessWindowStation, CreateDesktopW, CloseDesktop, CloseWindowStation, SetUserObjectSecurity, SwitchDesktop, UpdatePerUserSystemParameters, RecordShutdownReason, GetAsyncKeyState, ExitWindowsEx, UnhookWindowsHookEx, SetThreadDesktop, CreateWindowStationW
userenv.dll
GetAllUsersProfileDirectoryW, GetUserProfileDirectoryW

wininit.exe

Windows Start-Up Application by Microsoft

Remove wininit.exe
Version:   6.0.6000.16386 (vista_rtm.061101-2205)
MD5:   d4385b03e8cccee6f0ee249f827c1f3e
SHA1:   a832ced7749d8d6973117a78dfb3b6d0c0545459
SHA256:   ae9040704a7cefebfddc776f08ab41aafda9d353bf3f4749bbbee7137ed042f2
This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is wininit.exe?

The Wininit file is an .ini file that lists all of the changes to be made to Windows when you restart the computer after installing a program. The Wininit.exe file is the program file that starts the .ini file. It can be run only when the computer restarts so that the changes can be made while Windows is not running.

Overview

wininit.exe executes as a process under the SYSTEM account with extensive privileges (the system and the administrator accounts have the same file privileges) typically within the context of its parent ccSvcHst.exe (Symantec Security Technologies by Symantec Corporation). It has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. This version is designed to run on Windows Vista and is compiled as a 32 bit program.

DetailsDetails

File name:wininit.exe
Publisher:Microsoft Corporation
Product name:Windows Start-Up Application
Description:Microsoft® Windows® Operating System
Typical file path:C:\Windows\System32\wininit.exe
Original name:WinInit.exe.mui
File version:6.0.6000.16386 (vista_rtm.061101-2205)
Product version:6.0.6000.16386
Size:93.5 KB (95,744 bytes)
Digital DNA
Entropy:6.266439
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

BehaviorsBehaviors

Windows firewall allowed program
Exceptions allow programs to access to the Internet through an outbound connections
  • Firewall exception for 'C:\Windows\system32\wininit.exe'

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00176050%
0.028634%
Kernel CPU:0.00160663%
0.013761%
User CPU:0.00015388%
0.014873%
Kernel CPU time:351,198 ms/min
100,923,805ms/min
CPU cycles:17,390/sec
17,470,203/sec
Memory
Private memory:1.46 MB
21.59 MB
Private (maximum):2.42 MB
Private (minimum):1.31 MB
Non-paged memory:1.46 MB
21.59 MB
Virtual memory:31.53 MB
140.96 MB
Virtual memory (peak):55.14 MB
169.69 MB
Working set:1.36 MB
18.61 MB
Working set (peak):4.07 MB
37.95 MB
Page faults:2,114/min
2,039/min
I/O
I/O read transfer:0 Bytes/sec
1.02 MB/min
I/O read operations:1/sec
343/min
I/O write transfer:0 Bytes/sec
274.99 KB/min
I/O write operations:1/sec
227/min
I/O other transfer:1.59 KB/sec
448.09 KB/min
I/O other operations:5/sec
1,671/min
Resource allocations
Threads:3
12
Handles:106
600

BehaviorsProcess properties

Integrety level:System
Platform:32-bit
Command line:wininit.exe
Owner:SYSTEM
Parent process:ccSvcHst.exe (Symantec Security Technologies by Symantec Corporation)

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 33.00%
Windows 8.1 17.50%
Windows 7 Ultimate 14.00%
Windows 8.1 Pro 7.50%
Windows 7 Professional 6.00%
Windows 8.1 Single Language 4.50%
Windows 8 3.50%
Windows 8 Single Language 3.00%
Windows 8 Pro 3.00%
Windows 7 Home Basic 2.50%
Windows 8.1 Pro with Media Center 2.00%
Windows 8 Enterprise N 1.00%
Windows 8.1 N 0.50%
Windows Seven Black Edition 0.50%
Windows 8.1 Enterprise Evaluation 0.50%
Windows Vista Home Premium 0.50%
Windows 8 Enterprise 0.50%

Distribution by countryDistribution by country

United States installs about 44.72% of Windows Start-Up Application.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 18.97%
ASUS 18.18%
Hewlett-Packard 17.79%
Acer 14.23%
Toshiba 10.28%
Lenovo 8.70%
Sony 3.95%
Intel 2.37%
GIGABYTE 1.98%
Samsung 1.58%
Alienware 1.19%
Medion 0.79%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE