HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40

41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77

78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99

Key: "Y" - Normally leave to run at start-up "N" - Not required - typically infrequently used tasks that can be started manually if necessary "U" - User's choice - depends whether a user deems it necessary "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs" "?" - Unknown

	Startup Name	Process Name	Details
X	WINDOWS SYSTEM FILE	winload.exe	"Added by the MYTOB.DK WORM!"
X	Windows System Gateway	SPOOLER.EXE	"Added by a variant of the RBOT WORM!"
X	Windows System Guard	egun.exe	"Added by the AGENT-NHY TROJAN!"
X	Windows System Guard	msdn.exe	"Added by the FAKEAV-BJD TROJAN!"
X	Windows System Guard	msng.exe	"Added by the EGGDROP-BO WORM!"
X	Windows System Guard	msns.exe	"Added by the DWNLDR-IGD TROJAN!"
X	Windows System Init	winit32.exe	"Added by a variant of the RBOT WORM!"
X	Windows System Manager	winsystem.exe	"Added by the RBOT-AN WORM!"
X	Windows System Manager	CRSL.EXE	"Added by the SDBOT.MG WORM!"
X	Windows System Manager	sysconf.exe	"Added by the MYTOB.AL WORM!"
X	Windows System Manager	smsc.exe	"Added by a variant of the RBOT WORM!"
X	Windows System Manager	crssm.exe	"Added by the RBOT-AFH WORM!"
X	WINDOWS SYSTEM MANAGER	spoolsvc.exe	"Added by the MYTOB-LY WORM!"
X	Windows System Manager	winsysmgr.exe	"Added by the IRCBOT.BJG BACKDOOR!"
X	Windows System Manager Loader	smsls.exe	"Added by the AGOBOT.TF WORM!"
X	Windows System Manager Proc	winsmc.exe	"Added by the RBOT.JH WORM!"
X	WINDOWS SYSTEM MEMORY LOADER	memloader.exe	"Added by the MYTOB-IN WORM!"
X	WINDOWS SYSTEM mscdvvs	mscdvvs.exe	"Added by the MYTOB.MD WORM!"
X	windows system notepad	wnpsm.exe	"Added by a variant of the RBOT WORM!"
X	Windows System Restore Configuration	Sblhost.exe	"Added by a variant of the SPYBOT WORM!"
X	Windows System Restorer	SystemRestorer.exe	"Added by the DULOAD.C WORM!"
X	WINDOWS SYSTEM SCALPE	scalpe91.exe	"Added by the MYTOB-HI WORM!"
X	Windows System Security	winmp.exe	"Added by the RBOT.IV WORM!"
X	Windows System Security	sys32.pif	"Added by the RBOT-AOL WORM!"
X	Windows System Security Monitor	[4 random letters].exe	"Added by the PINKTON.A WORM!"
X	Windows System Serivce	winserv.exe	"Added by the RBOT.ACA WORM!"
X	windows system service	winsock.exe	"Added by the RBOT-MR WORM!"
X	Windows System Service	wnuserv.exe	"Added by the SPYBOT.ANDM WORM!"
X	Windows System Service	[worm filename]	"Added by the RBOT.XG WORM!"
X	Windows System Suite	WS[random characters].exe	"Windows System Suite rogue security software - not recommended
U	Windows System Tray	msni.exe	"Iambigbrother monitoring software"
X	Windows System Tray	swhost.exe	"Added by an unidentified VIRUS
X	WINDOWS SYSTEM UPDATE	xDcc.exe	"Added by the MYOTB-EH WORM!"
X	Windows System Update Tools	upds.exe	"Added by the VANBOT.CX BACKDOOR!"
X	Windows System-Control Drivers	syscontrl.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows System32	windowsp.exe	"Added by the MYTOB.GD WORM!"
X	Windows System32	winsys32.exe	"Added by the SDBOT-AHS WORM!"
X	Windows System32	clsas32.exe	"Added by the RBOT-AZO WORM!"
X	Windows System32	explorer.exe	"Added by the OPANKI-V WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is also copied to %System%"
X	Windows System32	System32.exe	"Added by the SDBOT-ALI WORM!"
X	Windows SYSTEM32	Realplayer.exe	"Added by the SPYBOT.ZH WORM!"
X	Windows System32	wingrd32.exe	"Added by a variant of the RBOT WORM!"
X	Windows System32	windows32.exe	"Added by the RBOT-FPB WORM!"
X	Windows System32 Driver	clsass32.exe	"Added by the SDBOT-AGG WORM!"
X	Windows System32 Kernel	system32.exe	"Added by the SDBOT-AAT WORM!"
X	Windows SystemDll	SYSTEMDLL.EXE	"Added by the AGOBOT-LP WORM!"
X	WINDOWS SYSTEMn	servicces.exe	"Added by the MYTOB-EL WORM!"
X	Windows Systemnmg	stagmr.exe	"Added by the MYTOB.S WORM!"
X	Windows Systems16	winjews16.exe	"Added by the SDBOT-CXT WORM!"
X	Windows SYStry	spoolsvr.exe	"Added by the SDBOT.GN BACKDOOR!"
X	Windows SYStry	systry.exe	"Added by the SDBOT-E WORM!"
X	Windows Sz Host	winshvc.exe	"Added by a variant of the SDBOT WORM!"
X	Windows Task Manager	ACCOUNT_DETAILS.DOC.exe	"Added by the QUATERS.A WORM!"
X	Windows Task Manager	taskmgn.exe	"Added by the AGENT-CIP BACKDOOR!"
X	Windows Task Manager	taskmrg.exe	"Added by the MYTOB.AV WORM!"
X	Windows Task Manager	taskgmr.exe	"Added by the MYTOB.BJ WORM!"
X	Windows Task Manager	taskmg.exe	"Browser hijacker - identified by DrWeb antivirus as ""Trojan.StartPage.601"""
X	Windows Task Manager	taskmngr.exe	"Added by the RBOT-ANM WORM!"
X	Windows Task Manager Emulator	kennewr.exe	"Added by the SPYBOT-FA WORM!"
X	Windows Task Mgr	mstasks.exe	"Added by the IRCBOT.UN BACKDOOR!"
X	Windows Task Mgr!	mstasker.exe	"Added by the IRCBOT.OE BACKDOOR!"
X	Windows Task Scheduler	asijdie.exe	Added by an unidentified WORM or TROJAN!
X	Windows Task Service (32-bits)	tasksys.exe	"Added by the DREFIR.D WORM!"
X	Windows TaskAd	Wintaskad.exe	Windupdates adware variant
X	Windows Taskbar Manager	internat.exe	"Added by the PROTORIDE-H WORM!"
X	Windows Taskbar Manager	[path to file]	"Added by the PROTORIDE.B WORM!"
X	Windows Taskbar System	tasksys.exe	"Added by a variant of the SDBOT WORM!"
X	Windows Taskmanager	lsassx.exe	"Added by the KELVIR.E WORM!"
X	Windows Taskmanager	iexplorer.exe	"Added by a variant of the IRCBOT BACKDOOR! See here. Note - this is not the legitimate Internet Explorer (iexplore.exe)"
X	Windows Taskmanager	service.exe	"Added by the PUSHBOT.OR WORM!"
X	Windows Taskmanager	svchost.exe	"Added by the IMBOT.AC WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Windows Taskmanager	taskmrg.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows Taskmanager	taskngr.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	Windows Taskmanager	tskmngr.exe	"Added by the IRCBOT.DHR BACKDOOR!"
X	Windows Taskmanager	wdtsvc.exe	"Added by the PUSHBOT.AU WORM!"
X	Windows Taskmanager	winpifviewer.exe	"Added by the PUSHBOT.BB WORM!"
X	Windows Taskmanager	winrl.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows Taskmanager	taskxphost.exe	"Added by the PUSHBOT.BI WORM!"
X	Windows Taskmanager Data	csrrss.exe	"Added by the RBOT-BBH WORM!"
X	Windows TaskManager Service	windns32.exe	"Added by the AGOBOT-JP WORM!"
X	Windows TCP/IP	wintcp.exe	"Added by the AGOBOT-ZH WORM!"
X	Windows Telnet Server	wintel.exe	"Added by the AGOBOT-MW WORM!"
X	Windows Temperate Services	wintmp.exe	"Added by the SLENFBOT.ZW WORM!"
X	Windows Terminal Manager	rmbsvc.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Windows Time	tmservice.exe	"Added by a variant of the RBOT-YK WORM!"
X	Windows Time	winmgr.exe	"Added by the RBOT-XC WORM!"
X	Windows Time Server	TimeSRV.exe	"Added by the SPYBOT.DNC WORM!"
X	Windows Time Service Diagnostic Tool	winscrvs.exe	"Added by the RBOT.FTV BACKDOOR!"
X	Windows TM	SVPHOST.exe	"Added by a variant of the RBOT WORM!"
X	Windows TM	rundlI32.exe	"Added by the RBOT.EL BACKDOOR!"
X	Windows TM	windowssys32.exe	"Added by a variant of the RBOT WORM!"
X	Windows TM	WinxSys.exe	"Added by a variant of the RBOT WORM!"
X	Windows TM	pdpatbcyj.exe	"Added by the RBOT.FEF WORM!"
X	Windows TM	Syss.exe	"Added by the RBOT.ADF BACKDOOR!"
X	Windows Tracking Client	ctwsvc.exe	"Added by the AGENT-GMB TROJAN!"
X	Windows UDP	winudp.exe	"Added by the IRCBOT.GAT WORM!"
X	Windows UDP Control	winudspm.exe	"Added by a variant of the SDBOT WORM! See here"
X	Windows UDP Control Center	auth.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows UDP Control Center	ehSched.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows UDP Control Center	fxstaller.exe	"Added by the AGENT-IEE TROJAN!"
X	Windows UDP Control Center	installer.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	Windows UDP Control Center	msnmngs.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows UDP Control Center	msnpd.exe	"Added by the SDBOT.EBA BACKDOOR!"
X	Windows UDP Control Center	mswinudpmgr32.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows UDP Control Center	scvhost.exe	"Added by the PUSHBOT.EH WORM!"
X	Windows UDP Control Center	taksmrg.exe	"Added by the AGENT.WOH TROJAN!"
X	Windows UDP Control Center	tmps.exe	"Added by the SDBOT.EBA BACKDOOR!"
X	Windows UDP Control Center	winlive32.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows UDP Control Center	winmsn.exe	"Added by the SDBOT.EBA BACKDOOR!"
X	Windows UDP Control Center	winrofl32.exe	"Added by the LDPINCH-RZ TROJAN!"
X	Windows UDP Control Center	winudpmg.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows UDP Control Center	winudpmgrs.exe	"Added by the DROPPER.CMV TROJAN!"
X	Windows UDP Control Center	winudpmsgr.exe	"Added by the SDBOT.GAV WORM!"
X	Windows UDP Control Center	winupmgr.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows UDP Control Center	winuscn32.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows UDP Control Center	wksvcsc.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows UDP Control Center	winudpmgr.exe	"Added by the DLOADR-HQL TROJAN!"
X	Windows UDP Control Center	fxsteller.exe	"Added by the IRCBOT-J BACKDOOR!"
X	Windows UDP Control Center	msnsmsgrs.exe	"Added by the PUSHBOT.MF WORM!"
X	Windows UDP Control Center	winmgrs.exe	"Added by the PUSHBOT.MY WORM!"
X	Windows UDP Control Manager	winudpmgr.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows UDP Control Services	wksvcsc.exe	"Added by the ANTIAV-C TROJAN!"
X	Windows Upate	rundll.exe	"Added by the HAKO TROJAN! Note - this is NOT the Win9x/Me system file of the same name as described here"
X	Windows Update	[filename]	"Added by the NORIO TROJAN! Acts as a hi-jacker redirecting to adult content sites"
X	Windows Update	iexplorere.exe	"Added by the GAOBOT.AP WORM!"
X	windows update	uddater.exe	"Added by the LEOX TROJAN!"
X	Windows Update	wudate.exe	"Added by the AGOBOT.ML WORM!"
X	Windows Update	wupdate.exe	"Wengs adware"
X	windows update	sychost.exe	"Added by the LEOX.B WORM!"
X	Windows Update	Wuamgrd.exe	"Added by a variant of the SPYBOT WORM!"
X	Windows Update	inetinf.exe	"Added by a variant of the AGOBOT/GAOBOT WORM!"
X	Windows Update	WindowsUpdate.exe	"Added by the BAYROB-A TROJAN!"
X	Windows Update	host32.exe	"Added by the RBOT-GU WORM!"
X	windows update	wuraclt.exe	"Added by the RBOT-PO WORM!"
X	windows update	Wuanclt.exe	"Added by the RBOT.XZ WORM!"
X	Windows Update	svchosts.exe	"Added by the FRUCTA TROJAN!"
X	Windows Update	ebay.exe	"Added by the GAOBOT.BUU WORM!"
X	Windows Update	windows.exe	"Added by the RBOT-RB WORM!"
X	windows update	wuaurlt.exe	"Added by the RBOT.ADG WORM!"
X	Windows Update	Update.exe	"Added by the DELF-FN TROJAN!"
X	Windows Update	winmguard.exe	"Added by the RBOT-EM WORM!"
X	Windows Update	wuampd.exe	"Added by the RBOT.UM WORM!"
X	windows update	wuarclt.exe	"Added by the RBOT-OF WORM!"
X	Windows Update	winupdate.exe	"Added by the SDBOT-WS WORM!"
X	Windows Update	msnwinsb.exe	"Added by the RBOT-AAH WORM!"
X	Windows Update	scvhost.exe	"Added by the SDBOT-XT WORM!"
X	windows update	Microsoft.exe	"Added by the LMIR.A TROJAN!"
X	Windows Update	mplupdate.exe	"Added by the MOEGA WORM!"
X	windows update	msnsever.exe	"Added by the RBOT-AHN WORM!"
X	Windows Update	taskmr.exe	"Added by the MYTOB-GZ WORM!"
X	Windows Update	update32.exe	"Added by a variant of the RBOT WORM!"
X	Windows Update	wininfo.exe	"Added by the MYTOB.GA WORM!"
X	Windows Update	winlogin.exe	"Added by the BANKER-DV TROJAN!"
X	Windows Update	msnupdates.exe	"Added by the RBOT-ALK WORM! Note - this file has nothing to do with Windows updates or MSN"
X	Windows Update	qtask.exe	"Added by the RBOT-AKU WORM! Note - do not confuse with the Quicken file of the same name as described here"
X	windows update	real.exe	"Added by the LEGMIR-AU WORM!"
X	Windows Update	windowsx.exe	"Added by the BANCD-A TROJAN!"
X	Windows update	wudupdate.exe	"ISTBar adware related"
X	Windows Update	wupdmgr.exe	"Added by the BANCBAN-FC TROJAN and variants!"
X	Windows Update	csrss.exe	"Added by the BANKER-HM TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Windows Update	msnsupdate.exe	"Added by the RBOT-AXS WORM!"
X	Windows Update	XPLoogNT.exe	"Added by the BANCD-B TROJAN!"
X	Windows Update	install.exe	"Added by the BANKER-IB TROJAN!"
X	Windows Update	msi.exe	"Added by the BANKER-XB TROJAN!"
X	Windows Update	Sqltob.exe	"Added by the DASHER.A WORM!"
X	windows update	logonuit.exe	"Added by the LEGMIR-AO TROJAN!"
X	Windows Update	avkir.exe	"Added by the RBOT-GJP WORM!"
X	Windows Update	easypwnt.exe	"Added by a variant of the SDBOT WORM!"
X	Windows Update	MSDEVS30.exe	Added by the SPYBOT.AHC WORM!
X	Windows Update	SecretStub.exe	"Added by the SRAMLER.C WORM!"
X	Windows Update	Winload.exe	"Added by the DEDMIR-A WORM!"
X	Windows Update	taskngr.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows Update	usnsvc.exe	"Added by the KOBOT-C WORM!"
X	Windows Update	win32update.exe	"Added by the SDBOT.FTK WORM!"
X	Windows Update	livesrvs.exe	"Added by a variant of the RBOT WORM!"
X	Windows Update	McAfee.exe	"Added by a variant of the IRCBOT BACKDOOR! See here. Note - this is not a valid McAfee program"
X	Windows Update	McAfee3.exe	"Added by an unidentified WORM or TROJAN! See here"
X	Windows Update	msconfig32.exe	"Added by a variant of the SPYBOT WORM! See here"
X	Windows Update	msnsa32.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows Update	scrigz.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	Windows Update	winsc.exe	"Added by the BUZUS.RYI TROJAN!"
X	Windows Update	wuauclt32.exe	"Added by the SDBOT.DHY WORM!"
X	Windows Update	dllhostup.exe	"Added by the BANCBAN-NB TROJAN!"
X	Windows Update	explored.exe	"Added by the GAOBOT.MF WORM!"
X	Windows Update	smsscr.exe	"Added by the BANKER-DK TROJAN!"
X	Windows Update	sysdrv.exe	"Added by the AGENT-IYE TROJAN!"
X	Windows Update	winupupdate1.exe	"Added by the RBOT-UV WORM!"
X	Windows Update	klass.exe	"Added by the BIFROSE-ZH TROJAN!"
X	Windows Update	winlogonEvt.exe	"Added by the VB-DXM TROJAN!"
X	Windows update	explore.exe	"Added by the GAOBOT.AL WORM!"
X	Windows Update	fdos.exe	"Added by the RBOT-COG WORM!"
X	Windows Update	leak32x.exe	"Added by the AGENT.ALY BACKDOOR!"
X	Windows update	msb32.exe	"Added by the GAOBOT.CG WORM!"
X	Windows update	svdhost.exe	"Added by the GAOBOT.CG WORM!"
X	Windows Update	tskmngr.exe	"Added by the AGENT.ALY BACKDOOR!"
X	Windows Update	windb32.exe	"Added by the AGENT.ALY BACKDOOR!"
X	Windows update 2005	[random filename]	"Added by the RBOT.ARP WORM!"
X	Windows Update 32	winlogons.exe	"Added by the FORBOT-FI WORM!"
X	Windows Update 32	rempss.exe	"Added by the FORBOT-FW WORM!"
X	Windows Update 32	slsys.exe	"Added by the FORBOT-FT WORM!"
X	Windows update 32bit	winupd32.exe	"Added by the SDBOT.BE WORM!"
X	Windows Update 63	shupd64.exe	"Added by the FORBOT-GA WORM!"
X	Windows Update 64	nbupd64.exe	"Added by a variant of the FORBOT WORM!"
X	Windows Update 64	WinV.exe	"Added by the FORBOT-FP WORM!"
X	Windows Update Auto Update	wuaumgr.exe	"Added by a variant of the SPYBOT WORM!"
X	Windows Update Automatic Updates	[path to backdoor]	"Added by the VBBOT.AM BACKDOOR!"
X	Windows Update Automation	winuptdate.exe	"Added by a variant of the RBOT WORM!"
X	Windows Update AutoUpdate Client	waucult.exe	"Added by a variant of the RBOT WORM!"
X	Windows Update AutoUpdate Client	wuauclt.exe	"Added by the LAZAR.B TROJAN! Note - this is not the legitimate wuauclt.exe process
X	Windows Update AutoUpdate Client Product	wuauct.exe	"Added by the AGOBOT.ACL WORM!"
X	Windows Update Center	svthx.exe	"Added by the STUBBOT.A WORM!"
X	Windows Update Center	W32RSA.exe	Added by an unidentified WORM or TROJAN!
X	Windows Update Check	syslodr.exe	"Added by the SMALL.LU TROJAN!"
X	Windows Update Checker	[random filename]	Adware downloader trojan
X	Windows Update Checker	msupdte32.exe	"Added by the SDBOT-AEF WORM!"
X	Windows Update Checker	deinst_qfe001.exe	Added by a variant of the Win32.Small TROJAN!

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.

Powered By Pac's Startup list