HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40

41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77

78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99

Key: "Y" - Normally leave to run at start-up "N" - Not required - typically infrequently used tasks that can be started manually if necessary "U" - User's choice - depends whether a user deems it necessary "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs" "?" - Unknown

	Startup Name	Process Name	Details
X	Windows Process	win_update.exe	"Added by the LASTWORD WORM!"
X	Windows Process Manager	winproc.exe	Added by an unidentified WORM or TROJAN!
X	Windows Processe Manager	mspn32.exe	"Added by the RBOT.AXO WORM!"
X	Windows Proffesional Security	WinSecure32.exe	"Added by the AGOBOT.VA WORM"
X	Windows Protected Storage	npssvc.exe	"Added by the IRCBOT.AUL BACKDOOR!"
X	Windows Protection Suite	WI[random characters].exe	"Windows Protection Suite rogue security software - not recommended
X	Windows Protectot	boxide.exe	"Added by a variant of the WOOTBOT WORM!"
X	Windows Recavery Adware	lsass.exe	"Added by an unidentified TROJAN - see here. Note - this is not the legitimate lsass.exe process
X	Windows Recovery Console	recovery.exe	"Added by the RANSOM.FD WORM!"
X	Windows Recylinder Check	zwdomsgemw.exe	"Added by the RBOT-EGJ WORM!"
X	Windows Reg Services	ffservice.exe	"Added by the DLOADER-PL or DLOADER-XM TROJANS!"
X	Windows Reg Services	dservice.exe	"Added by the PRORAT-D TROJAN!"
X	Windows Reg Services	fservice.exe	"Added by the PRORAT-D TROJAN!"
X	Windows Reg Services	ssservice.exe	"Added by the PRORAT-D TROJAN!"
X	Windows Reg Services	lncom.exe	"Added by the PRORAT-O TROJAN!"
X	Windows Reg Services	lservice.exe	"Added by the PRORAT-O TROJAN!"
X	Windows Reg Services	wservice.exe	"Added by the PRORAT-O TROJAN!"
X	WINDOWS REGISTER EDIT	registr32.exe	Added by an unidentified WORM or TROJAN!
X	Windows Register Settings	svmhost.exe	"Added by a variant of the FORBOT WORM!"
X	Windows Registers	winservicess.exe	"Added by a variant of the SDBOT WORM!"
X	Windows Registery Center	svhchosts.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows Registry	msnmsg.exe	"Added by a variant of the RBOT WORM!"
X	Windows Registry	winhost.exe	"Added by a variant of the RBOT WORM!"
X	Windows Registry Cleaner	winclean.exe	"Added by a variant of the SPYBOT WORM!"
X	Windows Registry Control	winreg.exe	"Added by a variant of the IRCBOT TROJAN! See here"
X	Windows Registry DLL	winregdll.exe	"Added by the IRCBOT.FB BACKDOOR!"
X	Windows Registry Express Loader	regexpress.exe	"Added by the FORBOT-CJ WORM!"
X	Windows Registry Manager	tasksmanagers.exe	"Added by the MYTOB.ER WORM!"
X	Windows Registry Name	[random filename]	"Added by the RBOT-AEB WORM!"
X	Windows Registry Name	winses.exe	"Added by the RBOT-ADB WORM!"
U	Windows Registry Repair Pro	RegistryRepairPro.exe	"Registry Repair Pro. ""Scans the Windows Registry for invalid or obsolete information in the registry"""
X	Windows Registry Scan	regscan32.exe	"Added by the RBOT.KE WORM!"
X	Windows Registry Scan	timeupdate.exe	"Added by the SPYBOT.JE WORM!"
X	Windows Registry Scan	svcdll.exe	"Added by the RBOT-TP WORM!"
X	Windows Registry Scan	regscan23.exe	"Added by a variant of the RBOT WORM!"
X	Windows Registry Scan	regscan.exe	"Added by the RBOT-HA WORM!"
X	Windows Registry Scan	winmedia.exe	"Added by the SPYBOT.GK WORM!"
X	Windows Registry Security	crss.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Windows Registry Services	regserv.exe	"Added by the SLENFBOT.BB WORM!"
X	Windows Registry Startup	wind32.exe	"Added by the AGOBOT-BZ WORM!"
X	Windows Registry XP	winxptdl.exe	"Added by the IRCBOT.AUN WORM!"
X	Windows Relay Service	ipcbind.exe	"Added by the DELFINJECT.F TROJAN!"
X	Windows Relay Service	irfnga.exe	"Added by the DROPPER.ACO TROJAN!"
X	Windows Remote Addressing	wnpcgs.exe	"Added by the DELF-EZN TROJAN!"
X	Windows Remote Launcher	wnpmcs.exe	"Added by the IRCBOT.ASX BACKDOOR!"
X	Windows Repair	toxikx.exe	"Added by the SDBOT-ADL WORM!"
X	Windows report	swchost.exe	"Added by the SMALL-BD TROJAN!"
X	Windows Rescue System	winsto.exe	"Added by the SUURCH.CG TROJAN!"
X	Windows Reverse Preperation	winrvp.exe	"Added by the SLENFBOT.CB WORM!"
X	Windows Reversed Virus Protection	winrsvp.exe	"Added by the SLENFBOT.HX WORM!"
X	windows run	system.exe	"Added by the ICPASS-A WORM!"
X	Windows Run-Time 64bit	win64rt.exe	"Added by a variant of the RBOT WORM!"
X	Windows Rundll Center	msnsmgr.exe	"Added by the AGENT-LLB TROJAN!"
X	Windows Rundll Center	msmsgrs.exe	"Added by the IRCBOT-AFA WORM!"
X	Windows Running DLL Service	rundll128.exe	"Added by the IRCBOT.XDH BACKDOOR!"
X	Windows Running DLL Service	rundll64.exe	"Added by the SLENFBOT.HV WORM!"
X	Windows Runtime Help	win32hlp.exe	"Added by a variant of the AIMVISION TROJAN!"
X	Windows Runtime Help	WinRunHelp.wrh	"Added by a variant of the AIMVISION TROJAN!"
X	Windows Runtime Proccess	32RUNdll.exe	"Added by the SDBOT.QW WORM!"
X	Windows SA	omniscient.exe	"BLAZEFIND adware"
X	Windows Scheduler	wmscheduler.exe	"Added by a variant of the SDBOT WORM! See here"
X	Windows Scheduler!	scheduler.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows Screensaver	Service.exe	"Added by the KELVIR.P WORM!"
X	WINDOWS SCREENSAVER	ssaver.scr	"Added by the SDBOT-YZ WORM!"
N	Windows Search	WindowsSearch.exe	"System Tray access to Windows Search 4.0 for XP from Microsoft - which adds additional search options including a search box on the Taskbar. This version also includes the Windows Search (WSearch) service which indexes files and e-mails items so you can quickly find words and phrases. Disabling this entry does not affect the normal operation"
X	Windows secure	setver32.exe	"Added by the SPYBOT.EP WORM!"
X	Windows Secure Connection	winsc.exe	"Added by the SDBOT.BTN WORM!"
X	Windows Secure Fix	iPodFixer.exe	"Added by the WOOTBOT.BM BACKDOOR!"
X	Windows Secure Layer	[random filename]	"Added by the RBOT.DRF WORM!"
X	Windows Secure Messaging System	msnmsgrsrvc.exe	"Added by the RBOT-RE WORM!"
X	Windows Secure Services	ssms.exe	"Added by the RBOT-GAR WORM!"
X	Windows Secure talal32	[7 random letters].exe	"Added by the RBOT.HTP TROJAN!"
X	Windows Secure Update	winupser.exe	"Added by the RBOT-GCG WORM!"
X	Windows Secure Update	WinSecUp.exe	"Added by the RBOT-GCD WORM!"
X	Windows Secure Update	load.exe	"Added by the FORBOT-GU WORM!"
X	Windows Secure Update	WinSecure.exe	"Added by the RBOT-GDO WORM!"
X	Windows Securety	wurger.exe	"Added by the AGOBOT-NC BACKDOOR!"
X	WINDOWS SECURITY	wingrd.exe	"Added by a variant of the RBOT WORM!"
X	Windows Security	win.pif	"Added by the RBOT-APT WORM!"
X	Windows Security	ms32.pif	"Added by the RBOT-ARN WORM!"
X	Windows Security	winscure.exe	"Added by the RBOT-BAF WORM!"
X	Windows Security Assistant	rundll32.vbe	"CoolWebSearch Alfasearch parasite variant - also detected as the STARTPA-U TROJAN!"
X	Windows Security Assistant	winsec.exe	"CoolWebSearch parasite variant"
X	Windows Security Authority Service	lsass.exe	"Added by the KALEL-A WORM! Note - this is not the legitimate lsass.exe process
X	Windows Security Center Notification App	wscnfty.exe	"Added by a variant of the RBOT WORM!"
X	Windows Security Center Notification Appls	sxe.exe	"Added by the RBOT-GKX WORM!"
X	Windows Security Center Notification Applse	sxes.exe	"Added by the RBOT-GLR WORM!"
X	Windows Security Center Notification Applse	os.exe	"Added by a variant of the RBOT-GLR WORM!"
X	Windows Security Center Notification Applsee	sysecurex.exe	"Added by a variant of the RBOT-GKX WORM!"
X	Windows Security Control	wuaucls.exe	"Added by the FORBOT-V WORM!"
X	Windows Security Manager	winsecurity.exe	"Added by the AGOBOT-KI WORM!"
X	Windows Security Manager	winsecure.exe	"Affilred adware"
X	Windows Security Manager	svchost.exe	"Added by the ANTINNY.AX WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""Microsoft"" subfolder"
X	Windows Security Manager	svhost.exe	"Added by the GAOBOT.ALU WORM!"
X	Windows Security Module	module.exe	"Added by a variant of the RBOT WORM!"
X	Windows Security Policy	lsass32.exe	"Added by the AGOBOT-CR WORM!"
X	Windows Security Service	[random file name]	"Added by the RBOT-ALV WORM!"
X	Windows Security Service	arrdt.exe	"Added by a variant of the RBOT WORM!"
X	Windows Security Service	windows.pif	"Added by the RBOT-AMG WORM!"
X	Windows Security Suite	WI[random characters].exe	"Windows Security Suite rogue security software - not recommended
X	Windows Security Survy	svchosl.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows Security Tool	WinSecure.exe	"Added by the AGENT-GPY TROJAN!"
X	Windows Security Update	security32.exe	"Affilred adware"
X	Windows Security Update	ndsass.exe	"Added by the RBOT.ESM BACKDOOR!"
X	Windows Serv Patch	Mcaffe2005.exe	"Added by a variant of the RBOT WORM!"
X	Windows Servce Agent	[random filename]	"Added by a variant of the IRCBOT TROJAN!"
X	Windows Servcesc	[9 random letters].exe	"Added by a variant of the SDBOT WORM! See here"
X	Windows ServeAd	WinServAd.exe	Windupdates adware variant
X	Windows Server	winserv.exe	"Added by the IRCBOT.AVM BACKDOOR!"
X	Windows Server Client Verification Service	wscvs.exe	"Added by the AGENT.AWC TROJAN!"
X	Windows Server Drivers	syssrv.exe	"Added by a variant of the IRCBOT TROJAN! See here"
X	Windows Server Information	servinfo.exe	"Added by the FORBOT-EN WORM!"
X	Windows Server IP Verification Service	wsivs.exe	"Added by an unidentified WORM or TROJAN! See here"
X	Windows Server Peer Verification Service	wspvs.exe	"Added by a variant of the RANKY TROJAN!"
X	Windows Server!	winsvr.exe	"Added by the IRCBOT.AYC BACKDOOR!"
X	Windows Servic2	winsy.exe	"Added by the RBOT-AIA WORM!"
X	Windows service	wuamgrd.exe	"Added by the RBOT-QW WORM!"
X	Windows Service	dddd.exe	"Detected by Kaspersky as Dialer.Salc
X	Windows Service	prvdi.exe	"Malware - detected by Kaspersky as the SMALL.RD TROJAN!"
X	Windows Service	video.exe	Added by an unidentified TROJAN!
X	Windows Service	svvhost.exe	"Added by the AGOBOT-HL WORM!"
X	Windows Service	private-zone.exe	Added by an unidentified WORM or TROJAN!
X	Windows Service	pd7.exe	"Added by the SMALL.VZ TROJAN!"
X	Windows Service	dstart4.exe	Added by an unidentified TROJAN!
X	Windows Service	pd14.exe	"Adware - detected by DiamondCS TDS-3 anti-trojan as the DELF.DG TROJAN!"
X	Windows Service	video2.exe	Added by the DOWNLOADER.SMALL.MY TROJAN!
X	Windows Service	services.exe	"Added by the KALEL-A WORM! Note - this is not the legitimate services.exe process
X	Windows Service	WINSVC.EXE	"Added by the SPYBOT-DH TROJAN!"
X	Windows Service	r.exe	"Added by a variant of the SMALL.VZ TROJAN!"
X	Windows Service	windowz.exe	"Added by the SDBOT-AYI WORM! Note - dissables the automatic startup of other software and deactivates the Microsoft Internet Connection Firewall (ICF)"
X	Windows service	iexpl0rer.exe	"Added by the SDBOT.RO WORM!"
X	Windows Service	service.exe	"Added by the IRCBOT-ACV WORM!"
X	Windows Service	svchost.exe	"Added by the SPYBOT-AW TROJAN! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup!"
X	Windows Service Ag3nt	[6 random letters].exe	"Added by the SDBOT.EZX TROJAN!"
X	Windows Service Agccnt	jeqcfyo.exe	"Added by the RBOT-GST WORM!"
X	Windows Service Agccnt	[random].exe	"Added by the SDBOT-DHL WORM!"
X	Windows Service Agccnt	rmizjgz.exe	"Added by the SDBOT-SIM WORM!"
X	Windows Service Agent	czf.exe	"Added by the RBOT-GAJ WORM!"
X	Windows Service Agent	[random filename].exe	"Added by the IRCBOT-XE TROJAN!"
X	Windows Service Agent	agl23.exe	"Added by the RBOT-GQU WORM!"
X	Windows Service Agent	co0l.exe	"Added by the RBOT-GQY WORM!"
X	Windows Service Agent	dsass.exe	"Added by the RBOT.MIRCO.BNG WORM!"
X	Windows Service Agent	msnmagr.exe	"Added by a variant of the SLAPER TROJAN!"
X	Windows Service Agent	taskmgr32.exe	"Added by the RBOT-GMN WORM!"
X	Windows Service Agent	win32wins.exe	"Added by the RBOT-LOL WORM!"
X	Windows Service Agent	winup32.exe	"Added by the RBOT-GQX WORM!"
X	Windows Service Agent	winupds32.exe	"Added by the RBOT-GQT WORM!"
X	Windows Service Agent	wit.exe	"Added by the RBOT-GQV WORM!"
X	Windows Service Agent	wmscc.exe	"Added by the RBOT-GQP WORM!"
X	Windows Service Agent	spoolvs.exe	"Added by the RBOT-GXI WORM!"
X	Windows Service Agent	spools.exe	"Added by the AGENT-GJF TROJAN!"
X	Windows Service Agent	msngear.exe	"Added by the RBOT.AHW BACKDOOR!"
X	Windows Service Agent	msngerr.exe	"Added by the RBOT.EOZ WORM!"
X	Windows Service Agent	[3 random letters].exe	"Added by the AGENT.AMEB TROJAN - see examples here and here"
X	Windows Service Agent	cxfrru.exe	"Added by the SDBOT.GAV WORM!"
X	Windows Service Agent	izszbayz.exe	"Added by the KOLAB.TC WORM!"
X	Windows Service Agent	jnxrcyc.exe	"Added by the RBOT.XAT BACKDOOR!"
X	Windows Service Agent	kafdprs.exe	"Added by the IRCBOT.HDE BACKDOOR!"
X	Windows Service Agent	krqbs.exe	"Added by the IRCBRUTE.AZ TROJAN!"
X	Windows Service Agent	lcaqmsp.exe	"Added by the RBOT.WFR BACKDOOR!"
X	Windows Service Agent	msnmsgr.exe	"Added by the RBOT.ABIK BACKDOOR! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%"
X	Windows Service Agent	mxjunj.exe	"Added by the RBOT.EMC BACKDOOR!"
X	Windows Service Agent	ndibbeu.exe	"Added by the RBOT.XVD BACKDOOR!"
X	Windows Service Agent	nimcoo.exe	"Added by the RBOT.EWV WORM!"
X	Windows Service Agent	nod32.exe	"Added by the RBOT.BNG BACKDOOR!"
X	Windows Service Agent	sjbsm.exe	"Added by the SMALLTRO.II TROJAN!"
X	Windows Service Agent	sjbsmgm.exe	"Added by the IRCBOT.AHX WORM!"
X	Windows Service Agent	tjybssd.exe	"Added by the RBOT.XVD BACKDOOR!"
X	Windows Service Agent	umvcnm.exe	"Added by the RBOT.EMC BACKDOOR!"
X	Windows Service Agent	uqgpq.exe	"Added by the SMALLTRO.II TROJAN!"
X	Windows Service Agent	vbsxkhk.exe	"Added by the IRCBOT.AHX WORM!"
X	Windows Service Agent	wge23.exe	"Added by the RBOT.HHK BACKDOOR!"
X	Windows Service Agent	Windo.exe	"Added by the RBOT.NQS WORM!"
X	Windows Service Agent	ywgma.exe	"Added by the RBOT.DZT BACKDOOR!"
X	Windows Service Agent	winupd32.exe	"Added by the SDBOT.SYM WORM!"
X	Windows Service Agent	WinTcpip.exe	"Added by the SPYBOT.AP WORM!"
X	Windows Service Agent	idvcqv.exe	"Added by the AGOBOT-AJB WORM!"
X	Windows Service Agent 32	mrthd.exe	"Added by the AGENT-GAQ TROJAN!"
X	Windows Service Agnts	[8 random letters].exe	"Added by the SDBOT.BCQ WORM!"
X	Windows Service Ajav	java128.exe	"Added by the RBOT.BNG WORM!"
X	Windows Service alge	[random filename]	"Added by the RBOT.GJO TROJAN!"
X	Windows Service Controller	services.exe	"Added by the KALEL-B WORM! Note - this is not the legitimate services.exe process
X	Windows Service Controller Agent	taksmgr.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows Service DC	uhpnjcjl.exe	"Added by the RBOT-GLY WORM!"
X	Windows Service Exec	ServiceLayer.exe	"Added by the SPYBOT-OI WORM! Note - do not confuse this with the Nokia service of the same name which resides in %ProgramFiles%\Common Files\PCSuite\Services or %Program Files%\PC Connectivity Solution. This one is located in %Windir%"
X	Windows Service Find	wrfkuk.exe	"Added by the IRCBOT-XZ TROJAN!"
X	Windows Service help	winservices.exe	"Added by the DROPPER.TT TROJAN!"
X	Windows Service Host	scvhost.exe	"Added by the SDBOT.N TROJAN!"
X	Windows Service Host	svchost.exe	"Added by the CONE.B WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Windows Service Host	svchost.exe	"Added by the KALEL-C WORM! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!"
X	Windows Service Host	schost.exe	"Added by the GAOBOT.AO WORM!"
X	Windows Service Host Process	[path to file]	"Added by the EZIO-A WORM!"
X	Windows Service Hosting	USERINIT.exe	"Added by the GOMMER-A WORM!"
X	Windows Service Layer	config.exe	"Added by the RBOT.DDJ WORM!"
X	Windows Service Loader	Window.exe	"Added by the RBOT-XO WORM!"
X	Windows Service Management	svcmngmt.exe	"Added by the AGOBOT-NM WORM!"
X	Windows Service Manager	userint32.exe	"Added by the OSCABOT-C WORM!"
X	Windows Service Manager	localsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Service Manager	msgs.exe	"Added by the OSCABOT-E WORM!"
X	Windows Service Manager	msnmrg.exe	"Added by the OSCABOT-G WORM!"
X	Windows Service Manager	netsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Service Manager	spoolsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Service Manager	svcadmin.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Service Manager	svcman.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Service Manager	svcmgr32.exe	"Added by the OSCABOT-D WORM!"
X	Windows Service Manager	svcrun.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Service Manager	tcpsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Service Manager	websvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Service Manager	taskmgr.exe	"Detected by Kaspersky as the IAMBIGBROTHER.91 TROJAN! Note - this is not the legitimate taskmgr.exeprocess which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""fonts\svc"" sub-folder"
X	Windows Service Manager	initsvc.exe	"Added by the RBOT-BWT WORM!"
X	Windows Service oi worms	[6 random letters].exe	"Added by the SYSTEMHI.OS TROJAN!"
X	Windows Service Pack 2	WindowsSP2.exe	"Added by the SDBOT-TQ WORM!"
X	Windows Service Pack Auto Update	winworks.exe	"Adware downloader - detected by eScan antivirus as the AGENT.BT TROJAN!"
X	Windows Service Pack Auto Update	figgaz.exe	"Detected by Kaspersky as the AGENT.BT TROJAN!"
X	Windows Service Pack Auto Update	ballin.exe	Added by an unidentified WORM or TROJAN!
X	Windows Service Pack Auto Update	del-me.exe	"Adware

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.

Powered By Pac's Startup list