HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40

41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77

78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99

Key: "Y" - Normally leave to run at start-up "N" - Not required - typically infrequently used tasks that can be started manually if necessary "U" - User's choice - depends whether a user deems it necessary "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs" "?" - Unknown

	Startup Name	Process Name	Details
X	Windows Service Pack2	svchhost.exe	"Added by a variant of the RBOT WORM!"
X	Windows Service Pack2	WIN43.EXE	"Added by the GAOBOT.G WORM!"
X	Windows Service Supply	winsupply.exe	"Added by the SLENFBOT.CZ WORM!"
X	Windows Service Support Call	SVSS32.EXE	"Added by the RBOT-XQ WORM!"
X	Windows Service SV	sv32.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Windows Service Threads	svcthreading.exe	"Added by the SHEUR.AUM TROJAN!"
X	Windows Service Threads	svcthreads.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows Service Update	livecal.exe	"Added by the SDBOT-DEY WORM!"
X	Windows Service Update	crsss.exe	"Added by the SDBOT.CWX WORM!"
X	Windows Service Update	mswsgs.exe	"Added by the RBOT.FQB WORM!"
X	Windows Service Utitity	winsrvc.exe	"Added by the RBOT-ASI WORM!"
X	Windows Service XP	XpFirewall.exe	"Added by the MYTOB.AM WORM!"
X	Windows Servicer	xqobypik.exe	"Added by the SDBOT-DFB WORM!"
X	Windows Services	service.exe	"Added by the RANDEX.R WORM!"
X	Windows Services	svchosts.exe	"Added by the AGOBOT-KL TROJAN!"
X	Windows Services	Explorer.exe	"Added by the SDBOT-WT WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
X	Windows Services	NetworkDriver32.exe	"Added by the RBOT-ACR WORM!"
X	Windows Services	scmsg.exe	"Added by a variant of the SDBOT WORM!"
X	Windows Services	scvhoste.exe	"Added by the SPYBOT.OBZ WORM!"
X	Windows Services	winsvc32.exe	"Added by the MYTOB-CB WORM!"
X	Windows Services	NetworkDrivers.exe	"Added by the SDBOT-YO WORM!"
X	Windows Services	smsc.exe	"Added by a variant of the SDBOT WORM!"
X	Windows Services	spoolsvc.exe	"Added by the SDBOT.CPZ WORM!"
X	Windows Services	iexplore.exe	"Added by the RBOT-WE WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
X	Windows Services	avsrv32.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	Windows Services	servicez.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows Services	w32edus.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows Services	w32service.exe	"Added by the AUTORUN-FU WORM!"
X	Windows Services	w32services.exe	"Added by the AUTORUN-FT WORM!"
X	Windows Services	winlogon.exe	"Added by a variant of the IRCBOT BACKDOOR! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Windows Services	winsysdll.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows Services	winsyssrv.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows Services	winudp.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	Windows Services	filename.exe	"Added by the SDBOT.FSK BACKDOOR!"
X	Windows Services	svhost33.exe	"Added by the RBOT.AFN WORM!"
X	Windows Services	services.exe	"Added by the AGENT-MVC TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Windows Services	wupdate.exe	"Added by the GAOBOT.ZT WORM!"
X	Windows Services Agant	regs32.exe	"Added by the SDBOT-DIK WORM!"
X	Windows Services Aganters	[10 random letters].exe	"Added by the RBOT.CUN WORM!"
X	Windows Services Agent	msngears.exe	"Added by the VB-EMS TROJAN!"
X	Windows Services alges2	[8 random letters].exe	"Added by a variant of the RBOT WORM!"
X	Windows Services B-Runner	svcbrun.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows Services B-Runner	svcbrunner.exe	"Added by the IRCBOT.BYV BACKDOOR!"
X	Windows Services Certification	svccert.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows Services Guide	svcguide.exe	"Added by the SLENFBOT.KQ WORM!"
X	Windows Services Guide	svcguides.exe	"Added by the SHEUR.YS BACKDOOR!"
X	Windows Services Host	svchost.exe	"Added by the CONE or CONE.E WORMS! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!"
X	Windows Services Hosts	svhosts.exe	"Added by the SDBOT-YH TROJAN!"
X	Windows Services Ink Platform Tablet Input Subsystem	wsiptis.exe	"Added by the RBOT.APC WORM!"
X	Windows Services Jog	svcjog.exe	"Added by the AGENT.ALWZ WORM!"
X	Windows Services Jog	svcjogg.exe	"Added by the AGENT.QAF WORM!"
X	Windows Services Joger	svcjoger.exe	"Added by the RBOT.CAT WORM!"
X	Windows Services Jogging	svcjogging.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows Services Joging	svcjoging.exe	"Added by the IRCBOT.AVI BACKDOOR!"
X	Windows Services Layer	winlogz2.exe	"Added by the RBOT-FZE WORM!"
X	Windows Services Layer	winl0g0.exe	"Added by the RBOT-FZQ WORM!"
X	Windows Services Layer	sslms.exe	"Added by the RBOT-GAH WORM!"
X	Windows Services M7	ctfmon32.exe	"Added by the AGENT.WOH TROJAN!"
X	Windows Services Tower	svctowers.exe	"Added by the IRCBOT.AGJ BACKDOOR!"
X	Windows Services Tower	svctowing.exe	"Added by the SLENFBOT.LA WORM!"
X	Windows Services Update	svch0st.exe	"Added by a variant of the RBOT WORM! Note - the filename has the digit 0 rather then the uppercase ""o"""
X	Windows Serviece Agents	[8 random letters].exe	"Added by the AGENT.BHR TROJAN!"
X	Windows Servser	serviser.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows Session Manager	smss32.exe	"Added by a variant of the RBOT WORM!"
X	Windows Session Manager Subsystem	smss.exe	"Added by the KALEL-B WORM! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup!"
?	Windows shell	win70.exe	"??"
X	Windows Shell	shell.exe	"Added by the MYTOB-CA WORM!"
X	Windows Shell	taskgmr.exe	"Added by the MYTOB.BV WORM!"
X	Windows Shell Library Loader	load shell.dll	"CoolWebSearch parasite variant"
X	windows shellext.32	mschost.exe	"Added by the BLASTER.K WORM!"
X	WINDOWS SKY	sky.exe	"Added by the MYTOB.CH WORM!"
X	Windows Smart Manager	smart.exe	"Added by the RBOT-SL WORM!"
X	Windows SMB Manager	smb32.exe	"Added by the RBOT-BHZ WORM!"
X	Windows smss service	service.exe	"Added by the AGENT-FPY TROJAN!"
X	Windows Socket Procedure	WinSock32.exe	"Added by the RBOT-FMX WORM!"
X	Windows Software	hbsppe.exe	"Added by the RBOT-GLL WORM!"
X	Windows Sound	svdhost.exe	"Added by the SDBOT.EFX BACKDOOR!"
X	Windows Sound Driver	SndMon32.exe	"Added by a variant of the SPYBOT WORM!"
X	Windows Sound Emulator	snd32_win.exe	"Added by the ATNAS.A WORM!"
X	Windows Sound Manager	SndMon32.exe	"Added by the FORBOT-BU WORM!"
X	Windows Sound Manager	SndMon16.exe	"Added by a variant of the FORBOT WORM!"
X	Windows Sound Manager	sound.exe	"Added by the AGOBOT-CD WORM!"
X	Windows Sound Manager	gearsec.exe	"Added by the PUSHBOT.DF WORM!"
X	Windows Sound Verifier	WinIp32.exe	"Added by the RBOT-FMO WORM!"
X	Windows SP2 Firewall	wfirewall7.exe	"Added by a variant of the RBOT WORM!"
X	Windows SP2 Update	Sp2update.exe	"Added by the WOOTBOT.BS WORM!"
X	Windows SP2 Version Load	wuauclt32.exe	"Added by the GAOBOT.CX WORM!"
X	Windows SP4	directCC.exe	"Added by the RBOT-ACX WORM!"
X	Windows Spool	winspool.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Windows Spool Server	spoolsrv.exe	"Added by the SDBOT-ACT WORM!"
X	Windows SpoolaPrint Service	spoolasrv.exe	"Added by the SDBOT-AYD WORM!"
X	Windows Spooler	SPOOLSRV.EXE	"Added by the SPYBOT.P WORM!"
X	Windows Spooler	spoolsv32.exe	Added by an unidentified WORM or TROJAN!
X	Windows Spooler	winsplr.exe	"Added by the SHEUR.ANX TROJAN!"
X	Windows Spooler Control Service	qwidh.exe	"Added by a variant of the SPYBOT WORM! See here"
X	Windows Spooler Services	spool.exe	"Added by the AGOBOT-AMO WORM!"
X	Windows SpoolPrint Service	spoolersrv.exe	"Added by the SDBOT-ZT WORM!"
X	Windows Spools SV	winsv.exe	"Added by the RBOT-AUQ WORM!"
X	Windows spoolservr Service	spoolservr.exe	"Added by the SDBOT-AAN WORM!"
X	Windows Spoolsre Service	spoolsre.exe	"Added by the SDBOT-AAE WORM!"
X	Windows Spoolsrv Service	spoolmsv.exe	"Added by the SDBOT-ZS WORM!"
X	windows spoolsrv service	spoolssv.exe	"Added by the SDBOT-AWV WORM!"
X	Windows Spoolsurf Service	spoolsurf.exe	"Added by the SDBOT-ZZ WORM!"
X	Windows SpooltPrint Service	spooltsrv.exe	"Added by the SDBOT-AYE WORM!"
X	Windows Spoolvvv Service	spoolvvv.exe	"Added by the SDBOT-AAW WORM!"
X	Windows spyware remover	Windows-spyware.exe	"Added by the SystemPoser TROJAN!"
X	Windows sq Drivers	winmsn32.exe	"Added by the RBOT-ADI WORM!"
X	Windows SQL management 1.33	scvhost.exe	"Added by the SPYBOT-OB WORM!"
X	Windows Sql Service For Windows 32 Bit	winsql32.exe	"Added by the FORBOT-FC WORM!"
X	Windows SRS Client	winsrs.exe	"Added by the RBOT-BXQ WORM!"
X	Windows SRT Client	winsrt.exe	"Added by the RBOT-BFR WORM!"
X	Windows SSH Client	winssh.exe	"Added by the RBOT-AXC WORM!"
X	Windows SSL File	winssv.exe	"Added by the WOOTBOT.CA WORM!"
X	Windows SSL Secondary Drivers	SSL32Dr.exe	"Added by the SDBOT.ASQ WORM!"
X	Windows Stand Sound Drivers	Sounddrv.exe	"Added by the SDBOT-XF WORM!"
X	Windows Standard Securty	[random 3-letter filename]	"Added by the RBOT-ALF WORM!"
X	Windows Start Server 2000	traficy.exe	"Added by the RBOT-AHM WORM!"
X	Windows Startup	winsta~1.exe	"GoHip foistware"
X	Windows Startup	winstartup.exe	"GoHip foistware"
X	Windows Startup	Wdrun32.exe	"Added by the GAOBOT.AO WORM!"
X	Windows Startup	services21.exe	"Added by the AGOBOT-MX WORM!"
X	Windows Startup	Winsys32.exe	"Added by the RBOT.AAB WORM!"
X	Windows Startup 32 Bits	sysrun32.exe	Added by a variant of the DARKSUN TROJAN!
Y	Windows SteadyState - Bubble Messages	Bubble.exe	"Part of Windows SteadyState
Y	Windows SteadyState - Session Timer Notify (UI)	SCTUINotify.exe	"Part of Windows SteadyState
X	Windows Storm-Memory Drivers	memorystorm.exe	"Added by the SLENFBOT.CO WORM!"
X	Windows Stortup	svchost.exe	"Added by the TOGER-V TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Windows Streams Server	localsrv.exe	"Added by the SDBOT.LN WORM!"
X	Windows Subsys	winload.exe	"Added by the NETSPREE.C WORM!"
U	Windows Supervisor	winspvr.exe	"Windows Supervisor surveillance software. Uninstall this software unless you put it there yourself"
X	WINDOWS SVC	winsvc.exe	"Added by the MYTOB-EY WORM!"
X	Windows svchost	avserv.exe	"Added by the PUSHBOT.FM WORM!"
X	Windows svchost	ctfmon32.exe	"Added by a variant of the SPYBOT WORM! See here"
X	Windows svchost	happy2008.exe	"Added by the PUSHBOT.AM WORM!"
X	Windows svchost	service.exe	"Added by the PUSHBOT.DU WORM!"
X	Windows svchost	serviceaaa.exe	"Added by the PUSHBOT.ER WORM!"
X	Windows svchost	servicean.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows svchost	svchost.exe	"Added by the IRCBOT-ZQ WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Windows svchost	ups.exe	"Added by the PUSHBOT.A WORM!"
X	Windows svchost	upss.exe	"Added by the PUSHBOT.GJ WORM!"
X	Windows svchost	serviceam.exe	"Added by the PUSHBOT.EY WORM!"
X	Windows svchost	svchostx.exe	"Added by the PUSHBOT.CC WORM!"
X	Windows Svchost Authority	slsass.exe	"Added by the RBOT-UA WORM!"
X	Windows Svshost Service Update 32	svcsshost32.exe	"Added by the FORBOT-GD WORM!"
X	Windows SYN Control Center	winmnon32.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows SyncroAd	SyncroAd.exe	Windupdates adware variant
X	Windows SysNotify	mssecc.exe	"Added by the AGENT-GFR TROJAN!"
X	WINDOWS SYSTEM	beta.exe	"Added by the MYTOB.DF WORM!"
X	WINDOWS SYSTEM	dcomuser.exe	"Added by the MYTOB.EO WORM!"
X	WINDOWS SYSTEM	lf66prc.exe	"Added by the MYTOB.GC WORM!"
X	WINDOWS SYSTEM	msdev32.exe	"Added by the MYTOB.EH WORM!"
X	WINDOWS SYSTEM	nec.exe	"Added by the MYTOB-L WORM and variants!"
X	WINDOWS SYSTEM	nibie.exe	"Added by the MYTOB-BY WORM!"
X	WINDOWS SYSTEM	ninfoie.exe	"Added by the MYTOB-EP WORM!"
X	WINDOWS SYSTEM	skybot.exe	"Added by the MYTOB-CX WORM!"
X	WINDOWS SYSTEM	skybotx.exe	"Added by the MYTOB-BY WORM!"
X	WINDOWS SYSTEM	smoc.exe	"Added by the MYTOB.FU WORM!"
X	WINDOWS SYSTEM	smsc.exe	"Added by the MYTOB-BR WORM!"
X	WINDOWS SYSTEM	test.exe	"Added by the MYTOB.DJ WORM!"
X	WINDOWS SYSTEM	test2.exe	"Added by the MYTOB.DJ WORM!"
X	WINDOWS SYSTEM	test3.exe	"Added by the MYTOB.DV WORM!"
X	WINDOWS SYSTEM	wdns33.exe	"Added by the MYTOB-BY WORM!"
X	WINDOWS SYSTEM	win.exe.exe	"Added by the MYTOB.FA WORM!"
X	WINDOWS SYSTEM	winaup.exe	"Added by the MYTOB-DN WORM!"
X	WINDOWS SYSTEM	winligon.exe	"Added by the MYTOB.EP WORM!"
X	WINDOWS SYSTEM	winmon.exe	"Added by the MYTOB.GB WORM!"
X	WINDOWS SYSTEM	winNTsys32.exe	"Added by the MYTOB-DM WORM!"
X	WINDOWS SYSTEM	winsvc32.exe	"Added by the MYTOB.HH WORM!"
X	Windows System	WINSYS.exe	"Added by the RBOT-AEF WORM!"
X	WINDOWS SYSTEM	winsys33.exe	"Added by the MYTOB.EK WORM!"
X	WINDOWS SYSTEM	winvnc.exe	"Added by the MYTOB.EU WORM!"
X	WINDOWS SYSTEM	winxpserv.exe	"Added by the MYTOB-BQ WORM!"
X	WINDOWS SYSTEM	xxx.exe	"Added by the MYTOB.CZ WORM!"
X	Windows System	winsys32.exe	"Added by the MYTOB-IS WORM!"
X	WINDOWS SYSTEM	skybot.exe	"Added by the MYTOB.JU WORM!"
X	WINDOWS SYSTEM	botzor.exe	"Added by the ZOTOB WORM!"
X	WINDOWS SYSTEM	gothica.exe	"Added by the MYTOB.HU WORM!"
X	WINDOWS SYSTEM	msnl.exe	"Added by the MYTOB.IK WORM!"
X	WINDOWS SYSTEM	per.exe	"Added by the ZOTOB.C WORM!"
X	WINDOWS SYSTEM	twunk_65.exe	"Added by the MYTOB-EG WORM!"
X	WINDOWS SYSTEM	servce.exe	"Added by the MYTOB-EI WORM!"
X	WINDOWS SYSTEM	servises.exe	"Added by the ZOTOB-I WORM!"
X	WINDOWS SYSTEM	xpupdate.exe	"Added by the ZOTOB-G WORM!"
X	WINDOWS SYSTEM	expI0rer.exe	"Added by the MYTOB-FI WORM! Note the upper case ""i"" and number ""0"" in the filename"
X	WINDOWS SYSTEM	msn32.exe	"Added by the MYTOB-FX WORM!"
X	WINDOWS SYSTEM	sky.exe	"Added by the MYTOB.LB WORM!"
X	WINDOWS SYSTEM	Win32IMAPSVR.exe	"Added by the MYTOB-FQ or MYTOB-FU WORMS!"
X	WINDOWS SYSTEM	winsvc.exe	"Added by the MYTOB.LM WORM!"
X	WINDOWS SYSTEM	mswins.exe	"Added by the MYTOB.DP WORM!"
X	WINDOWS SYSTEM	mtrnqs.exe	"Added by the MYTOB.IG WORM!"
X	WINDOWS SYSTEM	logic.exe	"Added by the MYTOB.IC WORM!"
X	WINDOWS SYSTEM	ctech.exe	"Added by the MYTOB-KD WORM!"
X	WINDOWS SYSTEM	efefefe.exe	"Added by the MYTOB-KH WORM!"
X	WINDOWS SYSTEM	svchost2.exe	"Added by the MYTOB.OZ WORM!"
X	WINDOWS SYSTEM	skybot.exe	"Added by the MYTOB.EB WORM!"
X	WINDOWS SYSTEM	wupdate.exe	"Added by the MYTOB-HT WORM!"
X	Windows System	system.exe	"Added by the MYTOB-GN WORM!"
X	Windows System 32	winsys_32.exe	"Added by the RBOT-FTR WORM!"
X	Windows System 32-Bat Service	win32bat.exe	"Added by the MYTOB.FI WORM!"
X	Windows System Backup	SysBackup.exe	Unidentified malware
X	WINDOWS SYSTEM By FEnR	windasz-updote.exe	"Added by the MYTOB.LR WORM!"
X	WINDOWS SYSTEM Cleaner	h3.exe	"Added by the MYTOB.EQ WORM!"
X	WINDOWS SYSTEM CLEANER	iexplore.exe	"Added by the MYTOB.ET WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
X	Windows System Configuration	SYSCFG16.EXE	"Added by the WISDOOR-K TROJAN!"
X	Windows System Configuration	Passcfg16.exe	"Added by the DOMWIS-E TROJAN!"
X	Windows System Configuration	Winfrw.exe	"Added by the SOLUFINA TROJAN or the DOMWIS-J WORM!"
X	Windows System Configuration	wincfg.exe	"Added by the AGOBOT.OP WORM!"
X	Windows System Configuration	WINCFG32.EXE	"Added by the AGOBOT-TE WORM!"
X	Windows System Configuration	WinNeth.exe	"Added by the RETHE-A WORM!"
X	Windows System Configuration	nether.exe	"Added by the OPANKI-AB WORM!"
X	Windows System Configuration	WINSYS32.exe	"Added by the SDBOT.AXK WORM!"
X	Windows System Defender	WS[random characters].exe	"Windows System Defender rogue security software - not recommended
X	WINDOWS SYSTEM Dns	windsns.exe	"Added by the MYTOB.EY WORM!"
X	WINDOWS SYSTEM DNSPOOL	hbmail.exe	"Added by the MYTOB.FW WORM!"
X	Windows System Drivers	sysretain.exe	"Added by the SLENFBOT.BY WORM!"
X	Windows System File	cmxp.exe	"Added by the SPYBOT.KHO WORM!"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.

Powered By Pac's Startup list