On each boot the Event Viewer records the following warning (see below). I have checked the registry key at:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
and the REG_SZ value is blank. This is where the list of custom DLL's should be. The event viewer records a String Count of "0". With no DLL's being loaded via AppInit, why am I getting this warning?
| User: SYSTEM
Computer: OEM-PC
Description:
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206F6DEA-D3C5-4D10-BC72-989F03C8B84B}" />
<EventID>11</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2011-08-05T20:25:27.200853900Z" />
<EventRecordID>328706</EventRecordID>
<Correlation />
<Execution ProcessID="464" ThreadID="500" />
<Channel>System</Channel>
<Computer>OEM-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="StringCount">0</Data>
<Data Name="String">
</Data>
</EventData>
</Event> |
| The warning is removed by restoring the following registry key to the default value of "0"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs
If a program loads a DLL via AppInit it will set LoadAppInit_DLLs to "1". Problem is that when the program is uninstalled it may not change it back to "0" thus the error, regardless of whether any DLLs are actually being loaded via AppInit. |
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.