Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.3.9600.16384 (winblue_rtm.130821-1623) 4.55%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.10%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.24%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.05%
6.2.9200.16384 (win8_rtm.120725-1247) 2.47%
6.2.9200.16384 (win8_rtm.120725-1247) 14.12%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.10%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.10%
6.2.8250.0 (winmain_win8beta.120217-1520) 0.05%
6.2.8102.0 (winmain_win8m3.110823-1455) 0.10%
6.1.7600.16385 (win7_rtm.090713-1255) 24.90%
6.1.7600.16385 (win7_rtm.090713-1255) 44.10%
6.0.6000.16386 (vista_rtm.061101-2205) 7.21%
6.0.6000.16386 (vista_rtm.061101-2205) 1.50%
6.0.6000.16386 (vista_rtm.061101-2205) 0.39%
6.0.6000.16386 (vista_rtm.061101-2205) 0.05%

Relationships

Parent processes
Child process
Related files

PE structurePE file structure

Show functions
Import table
advapi32.dll
TraceMessage, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, RegCloseKey, RegDeleteValueW, RegOpenKeyExW, RegSetValueExW, RegQueryValueExW, EventRegister, EventUnregister, EventWrite, EventEnabled, RegOpenKeyW, LsaGetUserName, EventWriteEndScenario, EventWriteStartScenario, EventActivityIdControl, CheckTokenMembership, RevertToSelf, ImpersonateLoggedOnUser, EqualSid, GetTokenInformation, DeregisterEventSource, RegisterEventSourceW, RegEnumValueW, RegQueryInfoKeyW, RegQueryInfoKeyA, RegQueryValueExA, QueryTraceW, EnableTrace, ControlTraceW, StartTraceW, OpenSCManagerW, OpenServiceW, QueryServiceStatus, NotifyServiceStatusChangeW, CloseServiceHandle, NotifyBootConfigStatus, OpenProcessToken, CreateWellKnownSid, LookupAccountSidW, RegDeleteTreeW, CreateProcessAsUserW, DuplicateTokenEx, I_ScSendTSMessage, ReportEventW, SetNamedSecurityInfoW, GetSecurityDescriptorSacl, GetSecurityDescriptorDacl, GetSecurityDescriptorGroup, GetSecurityDescriptorOwner, GetSecurityDescriptorControl, ConvertStringSecurityDescriptorToSecurityDescriptorW
api-ms-win-core-apiquery-l1-1-0.dll
ApiSetQueryApiSetPresence
api-ms-win-core-datetime-l1-1-1.dll
GetDateFormatW, GetTimeFormatW
api-ms-win-core-delayload-l1-1-1.dll
ResolveDelayLoadedAPI, DelayLoadFailureHook
api-ms-win-core-errorhandling-l1-1-0.dll
GetLastError, SetLastError, SetErrorMode, SetUnhandledExceptionFilter, UnhandledExceptionFilter
api-ms-win-core-errorhandling-l1-1-1.dll
GetLastError, SetLastError, UnhandledExceptionFilter, SetErrorMode, SetUnhandledExceptionFilter
api-ms-win-core-file-l1-1-1.dll
FindFirstVolumeW, GetDriveTypeW, DeleteFileW, FindNextVolumeW, FindVolumeClose, CreateFileW, CreateDirectoryW, GetShortPathNameW, FileTimeToSystemTime, FindFirstFileW, ReadFile, FindClose, GetFileAttributesW
api-ms-win-core-file-l1-2-0.dll
GetDriveTypeW, DeleteFileW, FindNextVolumeW, FindVolumeClose, FindFirstVolumeW, CreateFileW, CreateDirectoryW, GetShortPathNameW, FindFirstFileW, ReadFile, FindClose, GetFileAttributesW
api-ms-win-core-file-l1-2-1.dll
DeleteFileW, FindNextVolumeW, FindVolumeClose, GetDriveTypeW, ReadFile, CreateFileW, CreateDirectoryW, FindClose, FindFirstVolumeW, FindFirstFileW, GetFileAttributesW, GetShortPathNameW
api-ms-win-core-file-l2-1-0.dll
MoveFileExW
api-ms-win-core-file-l2-1-1.dll
MoveFileExW
api-ms-win-core-handle-l1-1-0.dll
CloseHandle
api-ms-win-core-heap-l1-1-0.dll
HeapSetInformation, HeapDestroy, HeapCreate, HeapFree, GetProcessHeap, HeapAlloc
api-ms-win-core-heap-l1-2-0.dll
HeapCreate, GetProcessHeap, HeapFree, HeapDestroy, HeapSetInformation, HeapAlloc
api-ms-win-core-heap-obsolete-l1-1-0.dll
LocalAlloc, LocalFree, LocalReAlloc, LocalSize
api-ms-win-core-interlocked-l1-1-0.dll
InterlockedCompareExchange, InterlockedExchange
api-ms-win-core-interlocked-l1-1-1.dll
InterlockedExchange, InterlockedCompareExchange
api-ms-win-core-interlocked-l1-2-0.dll
InterlockedExchange, InterlockedCompareExchange
api-ms-win-core-kernel32-legacy-l1-1-0.dll
WTSGetActiveConsoleSessionId, GetStartupInfoA
api-ms-win-core-kernel32-legacy-l1-1-1.dll
GetStartupInfoA, WTSGetActiveConsoleSessionId
api-ms-win-core-libraryloader-l1-1-1.dll
GetProcAddress, FindResourceExW, LoadLibraryExW, GetModuleHandleW, GetModuleHandleA, LoadResource, FreeLibrary, LockResource
api-ms-win-core-libraryloader-l1-2-0.dll
LoadLibraryExW, GetModuleHandleA, LoadResource, FindResourceExW, GetModuleHandleW, LockResource, FreeLibrary, GetProcAddress
api-ms-win-core-localregistry-l1-1-0.dll
RegDeleteValueW, RegQueryValueExA, RegQueryInfoKeyA, RegQueryInfoKeyW, RegEnumValueW, RegGetValueW, RegQueryValueExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey
api-ms-win-core-processenvironment-l1-1-0.dll
SetEnvironmentVariableW, ExpandEnvironmentStringsW
api-ms-win-core-processenvironment-l1-1-1.dll
SetEnvironmentVariableW, ExpandEnvironmentStringsW
api-ms-win-core-processenvironment-l1-2-0.dll
ExpandEnvironmentStringsW, SetEnvironmentVariableW
api-ms-win-core-processthreads-l1-1-1.dll
SetThreadPriority, OpenProcess, GetCurrentProcess, SetPriorityClass, OpenProcessToken, TerminateProcess, GetCurrentThreadId, CreateProcessAsUserW, CreateRemoteThread, CreateThread, ResumeThread, GetExitCodeProcess, CreateProcessW, GetCurrentThread, GetCurrentProcessId, IsProcessorFeaturePresent
api-ms-win-core-processthreads-l1-1-2.dll
UpdateProcThreadAttribute, DeleteProcThreadAttributeList, CreateThread, InitializeProcThreadAttributeList, GetCurrentProcess, SetThreadPriority, GetCurrentThread, GetExitCodeProcess, GetCurrentProcessId, ResumeThread, SetPriorityClass, CreateRemoteThread, OpenProcessToken, CreateProcessW, OpenProcess, CreateProcessAsUserW, TerminateProcess, GetCurrentThreadId
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter
api-ms-win-core-psapi-obsolete-l1-1-0.dll
K32GetModuleFileNameExW
api-ms-win-core-registry-l1-1-0.dll
RegEnumValueW, RegDeleteTreeW, RegOpenKeyExW, RegGetValueW, RegCloseKey, RegQueryValueExW, RegQueryValueExA, RegSetValueExW, RegDeleteValueW, RegQueryInfoKeyA, RegQueryInfoKeyW
api-ms-win-core-string-obsolete-l1-1-0.dll
lstrcmpiW, lstrlenW
api-ms-win-core-synch-l1-1-1.dll
WaitForSingleObjectEx, TryEnterCriticalSection, Sleep, SetEvent, CreateEventW, InitializeCriticalSection, LeaveCriticalSection, ResetEvent, DeleteCriticalSection, EnterCriticalSection, SleepEx, WaitForMultipleObjectsEx, WaitForSingleObject
api-ms-win-core-synch-l1-2-0.dll
ResetEvent, CreateEventW, SetEvent, WaitForSingleObjectEx, InitializeCriticalSection, LeaveCriticalSection, SleepEx, DeleteCriticalSection, TryEnterCriticalSection, WaitForMultipleObjectsEx, EnterCriticalSection, Sleep, WaitForSingleObject
api-ms-win-core-sysinfo-l1-1-1.dll
GetSystemTimeAsFileTime, GetLocalTime, GetWindowsDirectoryW, SystemTimeToFileTime, GetVersionExW, GetComputerNameExW, GetTickCount
api-ms-win-core-sysinfo-l1-2-0.dll
GetComputerNameExW, GetSystemTimeAsFileTime, GetLocalTime, GetWindowsDirectoryW, GetTickCount, GetVersionExW
api-ms-win-core-sysinfo-l1-2-1.dll
GetWindowsDirectoryW, GetComputerNameExW, GetSystemTimeAsFileTime, GetTickCount, GetLocalTime, GetVersionExW
api-ms-win-core-threadpool-l1-1-1.dll
CreateTimerQueueTimer, DeleteTimerQueueTimer, QueueUserWorkItem
api-ms-win-core-threadpool-legacy-l1-1-0.dll
QueueUserWorkItem, DeleteTimerQueueTimer, CreateTimerQueueTimer
api-ms-win-core-timezone-l1-1-0.dll
SystemTimeToFileTime, FileTimeToSystemTime
api-ms-win-core-version-l1-1-0.dll
GetFileVersionInfoSizeExW, GetFileVersionInfoExW, VerQueryValueW
api-ms-win-eventing-controller-l1-1-0.dll
StartTraceW, ControlTraceW, EnableTraceEx2
api-ms-win-legacy-kernel32-l1-1-0.dll
GetStartupInfoA
api-ms-win-obsolete-kernelbase-l1-1-0.dll
LocalFree, LocalAlloc, lstrlenW, lstrcmpiW
api-ms-win-security-base-l1-1-0.dll
ImpersonateLoggedOnUser, EqualSid, RevertToSelf, GetTokenInformation, GetSecurityDescriptorOwner, GetSecurityDescriptorControl, SetFileSecurityW, GetSecurityDescriptorSacl, CheckTokenMembership, GetSecurityDescriptorDacl, CreateWellKnownSid, SetTokenInformation, DuplicateTokenEx, GetSecurityDescriptorGroup
api-ms-win-security-base-l1-2-0.dll
ImpersonateLoggedOnUser, EqualSid, GetSecurityDescriptorOwner, GetSecurityDescriptorControl, SetFileSecurityW, CheckTokenMembership, CreateWellKnownSid, SetTokenInformation, GetSecurityDescriptorSacl, DuplicateTokenEx, GetSecurityDescriptorDacl, RevertToSelf, GetTokenInformation, GetSecurityDescriptorGroup
api-ms-win-security-lsalookup-l1-1-0.dll
LookupAccountSidLocalW
kernel32.dll
SetEvent, CreateTimerQueueTimer, SetErrorMode, GetTickCount, GetWindowsDirectoryW, FindFirstFileW, FindClose, HeapSetInformation, CreateProcessW, InterlockedExchange, CreateThread, SleepEx, GetCurrentProcessId, SetThreadExecutionState, Sleep, ResetEvent, WaitForSingleObject, QueueUserWorkItem, WaitForSingleObjectEx, HeapFree, HeapAlloc, HeapDestroy, HeapCreate, LoadLibraryW, GetProcAddress, GetFileAttributesW, SetTimerQueueTimer, OpenProcess, GetModuleHandleW, CreateRemoteThread, ResumeThread, DeleteTimerQueueTimer, RegDeleteTreeW, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentThreadId, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, GetStartupInfoA, LoadLibraryExA, InterlockedCompareExchange, DelayLoadFailureHook, MoveFileExW, LocalSize, LocalReAlloc, FindFirstVolumeW, GetDriveTypeW, DeleteFileW, FindNextVolumeW, FindVolumeClose, lstrcmpiW, GetShortPathNameW, CreateFileW, LocalAlloc, ReadFile, CreateDirectoryW, LocalFree, SetLastError, lstrlenW, GetVersionExW, CreateEventW, GetDateFormatW, GetTimeFormatW, FileTimeToSystemTime, SystemTimeToFileTime, GetLocalTime, LockResource, LoadResource, FindResourceExW, GetProcessHeap, FreeLibrary, GetComputerNameW, SetEnvironmentVariableW, GetLastError, GetCurrentProcess, SetPriorityClass, GetCurrentThread, SetThreadPriority, GetExitCodeProcess, CloseHandle, WaitForMultipleObjectsEx, ExpandEnvironmentStringsW, GetSystemDirectoryW, LoadLibraryA
msvcrt.dll
DllMain
ntdll.dll
RtlNtStatusToDosError, RtlInitUnicodeString, NtShutdownSystem, RtlDeregisterWaitEx, RtlFreeHeap, RtlAllocateHeap, EtwEventEnabled, EtwEventWrite, EtwEventUnregister, EtwEventRegister, NtOpenProcessToken, RtlRemovePrivileges, NtClose, EtwUnregisterTraceGuids, EtwRegisterTraceGuidsW, EtwGetTraceLoggerHandle, EtwGetTraceEnableLevel, EtwGetTraceEnableFlags, EtwTraceMessage, RtlRegisterWait, RtlDestroyEnvironment, NtSetValueKey, NtReplyPort, NtCreateKey, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCreatePort, NtAllocateLocallyUniqueId, TpSimpleTryPost, RtlFreeSid, RtlSetSaclSecurityDescriptor, RtlAddMandatoryAce, RtlCreateAcl, RtlCreateSecurityDescriptor, RtlGetDaclSecurityDescriptor, RtlCopySid, RtlLengthSid, RtlSetDaclSecurityDescriptor, RtlAddAce, RtlUnhandledExceptionFilter, NtQueryInformationProcess, NtQuerySystemInformation, RtlSetThreadIsCritical, RtlSetProcessIsCritical, RtlLeaveCriticalSection, RtlEnterCriticalSection, RtlCompareUnicodeString, NtPrivilegeObjectAuditAlarm, EtwEventWriteEndScenario, EtwEventWriteStartScenario, EtwEventActivityIdControl, NtPrivilegeCheck, NtOpenThreadToken, RtlAllocateAndInitializeSid, RtlInitializeCriticalSection, NtQueryInformationToken, RtlSetEnvironmentVariable, RtlQueryEnvironmentVariable_U, RtlInitUnicodeStringEx, RtlCreateEnvironment, NtCreateEvent, RtlAdjustPrivilege, NtSystemDebugControl, NtCompleteConnectPort, NtCreatePagingFile, RtlDosPathNameToNtPathName_U, DbgBreakPoint, RtlConnectToSm, RtlSendMsgToSm, NtDelayExecution, RtlDeregisterWait, NtPowerInformation, NtSetThreadExecutionState, NtSetInformationProcess, WinSqmAddToStream, WinSqmIsOptedIn, CsrClientCallServer, NtQuerySystemEnvironmentValueEx
rpcrt4.dll
RpcBindingFree, RpcStringBindingParseW, RpcBindingToStringBindingW, RpcBindingServerFromClient, RpcRevertToSelf, RpcImpersonateClient, RpcServerInqCallAttributesW, RpcServerListen, RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcExceptionFilter, RpcServerInqDefaultPrincNameW, RpcServerRegisterAuthInfoW, RpcStringFreeW, RpcServerInqBindings, UuidFromStringW, RpcEpRegisterW, RpcServerUnregisterIf, RpcEpUnregister, RpcBindingVectorFree, NdrAsyncServerCall, RpcServerTestCancel, RpcAsyncAbortCall, I_RpcBindingIsClientLocal, NdrAsyncClientCall, RpcBindingCopy, RpcBindingCreateW, RpcBindingBind, RpcServerUseProtseqW, RpcAsyncInitializeHandle, RpcAsyncCancelCall, RpcAsyncCompleteCall, RpcBindingUnbind, NdrClientCall2, NdrServerCall2, I_RpcExceptionFilter, RpcBindingSetAuthInfoExW, RpcBindingFromStringBindingW, RpcStringBindingComposeW, RpcMgmtIsServerListening
user32.dll
SetWindowStationUser, SwitchDesktopWithFade, LoadLocalFonts, SetWindowsHookExW, RegisterLogonProcess, SetProcessWindowStation, CreateDesktopW, CloseDesktop, CloseWindowStation, SetUserObjectSecurity, SwitchDesktop, UpdatePerUserSystemParameters, RecordShutdownReason, GetAsyncKeyState, ExitWindowsEx, UnhookWindowsHookEx, SetThreadDesktop, CreateWindowStationW
userenv.dll
GetAllUsersProfileDirectoryW, GetUserProfileDirectoryW

wininit.exe

Windows Start-Up Application by Microsoft

Remove wininit.exe
Version:   6.3.9600.16384 (winblue_rtm.130821-1623)
MD5:   48cfa7be561a7be144c29bb912055016
SHA1:   2263bdf440400904669706e48ae5ac0fae25762a
This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is wininit.exe?

The Wininit file is an .ini file that lists all of the changes to be made to Windows when you restart the computer after installing a program. The Wininit.exe file is the program file that starts the .ini file. It can be run only when the computer restarts so that the changes can be made while Windows is not running.

Overview

wininit.exe executes as a process with the local user's privileges typically within the context of its parent svchost.exe (Host Process for Windows Services by Microsoft Corporation). It has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. and is compiled as a 64 bit program.

DetailsDetails

File name:wininit.exe
Publisher:Microsoft Corporation
Product name:Windows Start-Up Application
Description:Microsoft® Windows® Operating System
Typical file path:C:\Windows\System32\wininit.exe
Original name:WinInit.exe.mui
File version:6.3.9600.16384 (winblue_rtm.130821-1623)
Product version:6.3.9600.16384
Size:141 KB (144,384 bytes)
Build date:8/22/2013 5:58 AM
Digital DNA
Entropy:6.266439
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

BehaviorsBehaviors

Windows firewall allowed program
Exceptions allow programs to access to the Internet through an outbound connections
  • Firewall exception for 'C:\Windows\system32\wininit.exe'

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00064933%
0.028634%
Kernel CPU:0.00063825%
0.013761%
User CPU:0.00001108%
0.014873%
Kernel CPU time:19,826 ms/min
100,923,805ms/min
CPU cycles:11,455/sec
17,470,203/sec
Context switches:1/sec
284/sec
Memory
Private memory:961.91 KB
21.59 MB
Private (maximum):3.85 MB
Private (minimum):2.52 MB
Non-paged memory:961.91 KB
21.59 MB
Virtual memory:42.22 MB
140.96 MB
Virtual memory (peak):46.62 MB
169.69 MB
Working set:2.73 MB
18.61 MB
Working set (peak):4.33 MB
37.95 MB
Page faults:2,509/min
2,039/min
I/O
I/O read transfer:14 Bytes/sec
1.02 MB/min
I/O read operations:1/sec
343/min
I/O other transfer:12 Bytes/sec
448.09 KB/min
I/O other operations:2/sec
1,671/min
Resource allocations
Threads:1
12
Handles:78
600

BehaviorsProcess properties

Integrety level:System
Platform:64-bit
Command lines:
  • wininit.exe
Owner:User
Parent processes:

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 33.00%
Windows 8.1 17.50%
Windows 7 Ultimate 14.00%
Windows 8.1 Pro 7.50%
Windows 7 Professional 6.00%
Windows 8.1 Single Language 4.50%
Windows 8 3.50%
Windows 8 Single Language 3.00%
Windows 8 Pro 3.00%
Windows 7 Home Basic 2.50%
Windows 8.1 Pro with Media Center 2.00%
Windows 8 Enterprise N 1.00%
Windows 8.1 N 0.50%
Windows Seven Black Edition 0.50%
Windows 8.1 Enterprise Evaluation 0.50%
Windows Vista Home Premium 0.50%
Windows 8 Enterprise 0.50%

Distribution by countryDistribution by country

United States installs about 44.72% of Windows Start-Up Application.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 18.97%
ASUS 18.18%
Hewlett-Packard 17.79%
Acer 14.23%
Toshiba 10.28%
Lenovo 8.70%
Sony 3.95%
Intel 2.37%
GIGABYTE 1.98%
Samsung 1.58%
Alienware 1.19%
Medion 0.79%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE