Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Are Legit Files Not Listed In Startup Database?


  • Please log in to reply
4 replies to this topic

#1 Soze

Soze

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 04 February 2006 - 11:08 PM

This may sound stupid, but the first 2 files listed in autoruns are userinit.exe and Explorer.exe
Both I assume are legit files, as microsft as publisher is verified for both, and there was a post earlier regarding the userinit.exe file.
Neither are listed in startup database-at least not with the same name (there are obviously 4 pages listing explorer.exe files).
In my case the name is also explorer.exe
Am I missing something?
Sorry in advance for my obvious ignorance.
I promise I'll learn...

edit-o.k., had I waited a moment I would have run across legit files in the startup DB.
Please tell me then how I should treat the exploere.exe file with name Explorer.exe
c:\windows\explorer.exe

Edited by Soze, 04 February 2006 - 11:16 PM.

It is one of the blessings of old friends that you can afford to be stupid with them.
Ralph Waldo Emerson

BC AdBot (Login to Remove)

 


m

#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:59 AM

Posted 05 February 2006 - 11:32 AM

Both of those files are legit. And you are right, we have not listed the default valid entries in the database. I will add them in a bit.

#3 Soze

Soze
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 05 February 2006 - 12:17 PM

Thanks Grinler.
I'll have to be very careful in removing startup items.
I removed a few last night, and now it is acting funny-lots of hesitations when using outlook.
I'm going to do system restore and start again.
It is one of the blessings of old friends that you can afford to be stupid with them.
Ralph Waldo Emerson

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:59 AM

Posted 05 February 2006 - 12:18 PM

Do you remember what you removed?

#5 Soze

Soze
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 06 February 2006 - 11:11 AM

I believe I removed ctfmon.exe (name ctfmon) and tbmon.exe (name Network Associates Error Reporting Service).
The first showed uo on the Startup DB as bad, the second as U.
However, ctfmon was a verified MS publisher files, so I kind of thought it might be a valid file.
tbmon.exe was not verified, and as it was listed as U I removed it from startup.

Good thing is, my system restore seems to have taken care of most of it, back almost to the way it was before I "cleaned it up".
I did several scans with Ad aware, spybot, Housecall, Bit Def etc. etc.
The only thing acting "slow" now is Outlook.
But I'm going to go back and attack the startup items in the next few days.

BTW- thanks to this site I have eliminated several trojans and such that were not being detected my my Mcaffee scanner. I am much indebted to BC and the tutorials!
It is one of the blessings of old friends that you can afford to be stupid with them.
Ralph Waldo Emerson




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users