Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

REG:system.ini: UserInit: userinit.exe is it normal?


  • This topic is locked This topic is locked
2 replies to this topic

#1 behzatc

behzatc

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 21 November 2011 - 04:23 PM

Hi All,
I was checking my Hijack log and notice that there was an item: REG:system.ini: UserInit:userinit.exe (userinit.exe not showing absolute path) is it normal? Also there was some more items, I have copied below, I will be glad if you can help/comment. Thank you for your time!

REG:system.ini: UserInit=userinit.exe
Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1165\6.6.1081\TmIEPlg32.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Client Server Security Agent\UIFramework\ProToolbarIMRatingActiveX.dll
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

***Sorry I am new in the forum and just notice that I open under wrong category.

Edited by behzatc, 21 November 2011 - 04:26 PM.


BC AdBot (Login to Remove)

 


#2 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:28 AM

Posted 22 November 2011 - 04:01 PM

Hi behzatc,

The 6 items you posted are all legitimate.

Was that all you wanted to know? Or do you think your PC is infected and you want my help with removing the infection?

If it's the latter, please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue. Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button. :thumbup2:

Edited by Gammo, 22 November 2011 - 04:03 PM.

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#3 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:28 AM

Posted 21 December 2011 - 05:57 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users