HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40

41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77

78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99

Key: "Y" - Normally leave to run at start-up "N" - Not required - typically infrequently used tasks that can be started manually if necessary "U" - User's choice - depends whether a user deems it necessary "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs" "?" - Unknown

	Startup Name	Process Name	Details
X	Windows Update Checker	deinst_qfe002.exe	Added by a variant of the Win32.Small TROJAN!
X	Windows Update Client	wuclient.exe	"Added by the SMALL-RN TROJAN!"
X	Windows Update Client Service	windrvl32.exe	"Added by the AGOBOT-MM TROJAN!"
X	Windows update config	svhost.exe	"Added by the SDBOT-PF WORM!"
X	windows update configurator	svghost.exe	"Added by a variant of the SPYBOT WORM!"
X	windows update configurator	explore.exe	"Added by the SDBOT.RY BACKDOOR!"
X	Windows Update Controller	mwoffice.exe	"Added by the BATTRY-A TROJAN!"
X	Windows Update Draven	draven.exe	"Added by a variant of the SDBOT WORM!"
X	Windows Update Drive	updrvs.exe	"Added by a variant of the SDBOT WORM!"
X	Windows Update Files	dnetc.exe	"Added by an unidentified VIRUS
X	Windows Update Firewall System	ctfmoom.exe	"Added by the RBOT-GAN WORM!"
X	Windows Update Firewall System	winmsfw.exe	"Added by the RBOT-EEO WORM!"
X	Windows Update Firewall System	ctfmom.exe	"Added by the SPYBOT.ANDM WORM!"
X	Windows Update GUI Executable x32x	wupdategux32.exe	"Added by the RBOT.CXY WORM!"
X	Windows Update Host	winupsvc.exe	"Added by a variant of the SDBOT WORM!"
X	Windows Update IPv6 Layer	WIN32IPV6.EXE	"Added by the RBOT.DUD WORM!"
X	Windows update loader	xpupdate.exe	"Malware installed by different rogue security software including SpyKillerPro. Also detected as the BRAVE-A TROJAN!"
X	Windows Update Manager	wupdmngr.exe	"Added by the RANDEX.BTB WORM!"
X	Windows Update Manager	Winlog0n.exe	"Added by the AGENT-BO TROJAN!"
X	Windows Update Manager	wupdate.exe	"Added by a variant of the RBOT WORM!"
X	Windows Update Manager	bootwiz.exe	Added by the MYBOT WORM!
X	Windows Update Manager	WindowsUpdateManager.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Windows Update Manager for NT	wupdmgr32.exe	"Added by the SDBOT.AH WORM!"
X	windows update microsoft	updatem.exe	"Added by the RBOT-CHE WORM!"
X	Windows Update Monitoring Service	winupdt.exe	"Added by the RBOT-PL WORM!"
X	Windows Update Process	wmiprvsc.exe	"Added by the SDBOT-CB WORM!"
X	Windows Update Service	csrs.exe	"Added by the AGOBOT-NI WORM!"
X	Windows Update Service	smcg.exe	"Added by the SDBOT.QY WORM!"
X	Windows Update Service	SP00ISS.exe	"Added by the SDBOT-ZH WORM!"
X	Windows Update Service	update32.pif	"Added by the RBOT-ALC WORM!"
X	Windows Update Service	trest.exe	Identified by BitDefender as a variant of the PEED TROJAN!
X	Windows Update Service	wmiprvse32.exe	"Added by the AGOBOT.NI WORM!"
X	Windows Update Service	regscv.exe	"Added by the AGOBOT-AM BACKDOOR!"
X	Windows Update Service	msupdate32.exe	"Added by the DLOADR-CRJ TROJAN!"
X	Windows Update Service 2004/2005	systemupdate.exe	"Added by the RBOT-JE WORM!"
X	Windows Update services	wins32svcs.exe	"Added by a variant of the RBOT WORM!"
X	Windows Update Services	winupdate32.exe	"Added by a variant of the RBOT WORM!"
X	Windows Update Software	system.exe	"TOFGER.BX spyware"
X	Windows Update SP3	Windat.EXE	"Added by the RBOT-GTS WORM!"
X	Windows Update Svc	rundll32.exe xpupdate.dll	"ContraVirus rogue security software - not recommended
X	Windows Update System	mswins.exe	"Added by the IRCBOT.DN WORM!"
X	Windows Update System Shell	svhostcs32.exe	"Added by the RBOT-AAZ WORM!"
X	Windows Update V6	[random filename]	"Added by the RBOT-KT WORM!"
X	Windows Update.exe	N/A	Homepage hijacker
X	Windows Updated	spoolsae.exe	"Added by the RBOT-APM WORM!"
X	Windows Updated	updatr.exe	"Added by the RBOT-AYB WORM!"
X	Windows Updater	wupdmgr32.exe	"Added by a variant of the DOS.AUTOCAT TROJAN!"
X	Windows Updater	iexplorerrs.exe	"Added by the RBOT-TN WORM!"
X	Windows Updater	svigost.exe	"Added by the RBOT-VS WORM!"
X	Windows Updater	wupdate.exe	"Added by the WOOTBOT.AJ WORM!"
X	Windows Updater	sdsys.exe	"Added by the FORBOT-JG WORM!"
X	Windows Updater Online	winupdatexx.exe	"Added by a variant of the RBOT WORM!"
X	Windows Updater Servc	xpuupdate.exe	"ContraVirus rogue security software - not recommended
X	Windows Updater Service Manager	winupdatr.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	Windows Updater Services	msnupdate.exe	"Added by a variant of the RBOT WORM!"
X	windows updaters	winupdats.exe	"Added by the SPYBOT-IS WORM!"
X	Windows Updates	lsassx.exe	"Added by a variant of the SDBOT WORM!"
X	Windows Updates	winupd32.exe	"Added by the MYTOB.CE WORM!"
X	Windows Updates	w32dns.exe	"Added by the SDBOT-BFW WORM!"
X	Windows Updates Agent	winupdate.exe	"Added by the SPYBOT.HW WORM!"
X	Windows Updating Service	updating.pif	"Added by the RBOT-ALW WORM!"
X	Windows Updtee Mgnr	W1NT45K.exe	"Added by the MYTOB.DC WORM!"
X	Windows Upgrate Utility	winulty.exe	"Added by the AUTORUN-ASR WORM!"
X	Windows USB 2.0 Driver	usbtskmgr.exe	"Added by the RBOT-BKG WORM!"
X	Windows USB 2.0 Driver	usb2ctrl.exe	"Added by the RBOT-BIW WORM!"
X	Windows USB 2.0 Driver	usbservice.exe	"Added by the RBOT-BLF WORM!"
X	Windows USB Control Driver	iexplore.exe	"Added by a variant of the IRCBOT BACKDOOR! See here. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Windows USB controler	winusb.exe	"Added by the RBOT-HR WORM!"
X	Windows USB Driver Support	Windowsusb.exe	"Added by a variant of the SPYBOT WORM!"
X	Windows USB Hub Manager	usbhub.exe	"Added by the RBOT-BJX WORM!"
X	Windows USB Monitor	servupdate.exe	"Added by the IRCBRUTE.AQ TROJAN!"
X	Windows USB Printer	exe.exe	"Added by a variant of the RBOT WORM!"
X	Windows USB Printer	unqgod.exe	"Added by the RBOT.BKC BACKDOOR!"
X	Windows USB Printer	xqteby.exe	"Added by a variant of the SPYBOT WORM! See here"
X	Windows USB Service	666.exe	"Added by the MYTOB.AR WORM!"
X	Windows USB v3	wsvc.exe	"Added by a variant of the SDBOT WORM!"
X	Windows USBD	msifirewall.exe	Added by an unidentified WORM or TROJAN!
X	Windows User Mode Driver Manager	wdfmrg.exe	"Added by the SDBOT-ZN WORM!"
X	Windows User Starter	winuser32.exe	"Added by the RBOT.SN WORM!"
N	Windows Version Check	ver_chk.exe	"Version checker for CyberAudioLibrary - ""a new way to exchange information through the Internet"""
X	Windows Version Service	sysvers.exe	"Added by the SLENFBOT.IF WORM!"
X	Windows Version Service	sysvers32.exe	"Added by the SLENFBOT.HZ WORM!"
X	Windows video	vide_32.exe	"Added by a variant of the AGOBOT/GAOBOT WORM!"
X	Windows Video Acquisition (WVA)	wvsvc.exe	"Added by the AGOBOT.YM WORM!"
X	Windows Video Component	wvcsvc.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Windows Video Drivers	videons32.exe	"Added by the GAOBOT.AZT WORM!"
X	Windows Video Drivers	VIDEONS3.EXE	"Added by the AGOBOT-KZ BACKDOOR!"
X	Windows Video Input	viwsvc.exe	"Added by the SLENFBOT.GS WORM!"
X	Windows Virtual Manager	vmnat.exe	"Added by the SILLYFDC.BCB WORM!"
X	Windows Virtual Services	winvirtual.exe	"Added by the SLENFBOT.IE WORM!"
X	Windows Virtual Services	winvirtual32.exe	"Added by the SLENFBOT.IB WORM!"
X	Windows Virus Control	plou.exe	"Added by the SDBOT-ACZ WORM!"
X	Windows Virus Scanner	winvsvc.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows Vista Corparation Agent Services	winxp_sp3.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Windows Vista Transformation	IEXPLORE.exe	"Added by the FORBOT-GV WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
X	Windows Volume Control	ongsvc.exe	"Added by the SLENFBOT.DZ WORM!"
X	Windows Web Services	localsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Web Services	netsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Web Services	spoolsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Web Services	svcadmin.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Web Services	svcman.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Web Services	svcrun.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Web Services	tcpsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Web Services	websvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Winhlp32 Stub Service	winhlp32.pif	"Added by the AIMBOT.AH TROJAN!"
X	Windows WKS	wsass.exe	"Added by the SDBOT-DK WORM!"
X	Windows WKS Services	wkssvr1.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows WMF Fix	winfix.exe	"Added by the RBOT-FTQ WORM!"
X	Windows Workstation	mpci.exe	"Added by a variant of the RBOT WORM!"
X	Windows Workstation	msup32a.exe	"Added by a variant of the SDBOT WORM!"
X	Windows Workstation Service	explore.exe	Added by unknown malware
X	Windows Workstation Service	wkssvc.exe	"Added by the IRCBOT-AAI WORM!"
X	Windows Workstation Service (32-bits)	wkssvc32.exe	"Added by a variant of the SDBOT WORM!"
X	Windows Workstation Service [5.1-2600]	windrm.exe	"Added by the RBOT-CNY WORM!"
X	Windows Workstation Start Service	mslanmgr.exe	"Added by a variant of the RBOT WORM!"
X	Windows Xp	nortonguard.exe	"Added by the MYTOB-DZ WORM!"
X	Windows xp	Wins.exe	"Added by the RBOT.VH BACKDOOR!"
X	Windows XP Automatic Update	wXPupdate.exe	"Added by the RBOT-AFC WORM!"
X	Windows Xp Service Pack 2	svchost.exe	"Added by the XPLOS-A TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!"
X	Windows XP SP2 KeyGen	Windows XP SP2 KeyGen.exe	"Added by the TIBICK-C WORM!"
X	Windows Zero Spooler	nmvcs.exe	"Added by the SLENFBOT.JQ WORM!"
X	Windows-System	System32.exe	"Added by the LOGPOLE.C WORM!"
X	Windows-TCP-IP	rfkampig.exe	"Added by the GIPMA TROJAN!"
X	Windows-Xdate	wuamclt32.exe	"Added by the SPYBOT.AMUV WORM!"
X	Windows-XP-Service-Pack	xpspz.exe	"Added by the SDBOT-AAC WORM!"
X	windows16	windows16.exe	"Added by the VB-XU TROJAN!"
X	Windows32	rundll.exe	"Added by the AGOBOT-LK or AGOBOT-ND WORMS! Note - this is NOT the Win9x/Me system file of the same name as described here"
X	windows32	windows32.exe	"Added by the VB-XU TROJAN!"
X	Windows32	wuuaclt.exe	"Added by the BRATLE.B WORM!"
X	Windows32	win.exe	"Added by the AGOBOT-KN WORM!"
X	Windows32	system.exe	Unknown malware
X	Windows32 Configuration Loader	msrf32.exe	"Added by the SDBOT-ABX WORM!"
X	Windows32 Messenger Service	msmsgv.exe	"Added by the RBOT.ANS WORM!"
X	Windows32 Net Database	msnd32.exe	"Added by the RBOT-AAL WORM!"
X	Windows32 Serivces	winser32.exe	"Added by the SPYBOT.AAF WORM!"
X	Windows32KernelStart	wks.exe	"Added by the LAPURD TROJAN!"
Y	Windows7FirewallControl	Windows7FirewallControl.exe	"Windows 7 Firewall Control from Sphinx Software - ""Protects your applications from undesirable network incoming and outgoing activity
X	WindowsACEbar	acebarupdate.exe	"BarACE adware"
X	WindowsAgent	WindowsAgent.exe	"Added by the GOP.G WORM!"
X	WindowsAgent	sysexhook.exe	"Added by the GOP keyboard logger/TROJAN!"
X	WindowsAPI.DLL	Server5.exe	"Added by the ""Fear and Hope"" TROJAN!"
X	WindowsAudio	systemupd.exe	"Added by the AGENT-TH WORM!"
X	WindowsBackup	WINDOWSBACKUP.EXE	"Added by the STANG WORM!"
X	WindowsBool	aimplg.exe	"Added by the SDBOT-CNG WORM!"
X	WindowsCRC	wscrc.exe	"Added by the SDBOT-VU WORM!"
X	WindowsCriticalUpdate	windows_critical_update.exe	"Added by the ASTEF or RESPAN WORMS!"
X	WindowsD	s1.exe	"Added by the MSNDIABLO.A WORM!"
X	WindowsDiskEvt	svcsvh32.exe	"Added by the NANINF.D TROJAN!"
X	WindowsDiskLog	cstsm.exe	"Added by the STINX-C or STINX-D TROJANS!"
X	WindowsExplorer	csrss.exe	"Messenger Blocker rogue security software - not recommended. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Common Files\System"
X	WindowsExplorer	svchost.exe	"Messenger Blocker rogue security software - not recommended. Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Common Files\System"
X	WindowsFileSystem	winsfs32.exe	"Added by the RBOT-FMQ WORM!"
X	WindowsFileSystem	cidaemon32.exe	"Added by the RBOT-FSP WORM!"
X	WindowsFirewall	lsass.exe	"Messenger Blocker rogue security software - not recommended. Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Common Files\System"
X	WindowsFirewallSvc	winsvcup.exe	"Added by a variant of the SDBOT WORM!"
X	WINDOWSflashbrg	sqldata1.exe	"Added by a variant of the AGENT-IC TROJAN!"
X	WindowsFS	winfs.exe	"Added by the AGOBOT-BO WORM!"
X	Windowsfw	vssmf32.exe	"Added by the SPIGOT BACKDOOR!"
X	Windowsfw	windowsfw.exe	"Added by the AGOBOT-TA WORM!"
X	WindowsFY	wp.exe	"Part of a ""Security IGuard"" parasite infestation - also detected as DESKTOPHIJACK"
X	WindowsFY	bsw.exe	"Added by a variant of the DESKTOPHIJACK TROJAN! For removal see here"
X	WindowsFY	[path to trojan]	"Added by the FAKEALE-E TROJAN!"
X	WindowsFZ	[path to file]	"Added by the DESKTOPHIJACK VIRUS! Also see DESKTOPHIJACK.B TROJAN!"
X	WindowsFZ	A5281300.so	"Variant of the SmitFraud alias FAKEALE-C TROJAN!"
X	WindowsFZ	zloader3.exe	"Variant of the SmitFraud alias FAKEALE-C TROJAN!"
X	WindowsHive	rpcc.exe	"Added by the DLENA-A TROJAN!"
X	WindowsInstaller	[path to file]	"Added by the DEDLER-D TROJAN! The most common filenames seen are ""csmss.exe"" and ""csmrs.exe""
X	WindowsIPRelay	winipsvc.exe	"Added by the IRCBOT-AAA WORM!"
X	Windows�Updates	Update.exe	"Added by the RBOT.TRA BACKDOOR!"
X	WindowsK	a1.exe	"Added by the MSNDIABLO.A WORM!"
X	WindowsKeyUpdate	master.exe	"Added by the JOSAM WORM!"
X	WindowsMGM	Winmgm32.exe	"Added by the SOBIG.A WORM and LALA.C TROJAN!"
X	windowsmp	windowsmp.exe	"Added by the AUTORUN-DP WORM!"
X	WindowsNT CWServices	CWServices.com	"Detected by Bitdefender as the AGENT.AGDK TROJAN! See here"
X	WindowsNT Services	Services.com	"Detected by Bitdefender as the DELF.OFC TROJAN! See here"
X	WindowsProtocolLog	lsadst.exe	"Added by the NANINF.C TROJAN!"
X	WindowsReg% update	[random filename].exe	"Added by the RBOT-HH WORM!"
X	WindowsRegistration	[random filename]	"Added by the RBOT-NO WORM!"
X	WindowsRegKey Autoupdate	[random filename]	"Added by a variant of the RBOT WORM!"
X	WindowsRegKey upd4te2d4te	*********.exe [* = random char]	"Added by the RBOT.XQ WORM!"
X	WindowsRegKey update	winupdate.exe	"Added by the RBOT-QJ WORM!"
X	WindowsRegKey update	windns.exe	"Added by the RBOT.IE WORM!"
X	WindowsRegKey update	winupdatexx.exe	"Added by the RBOT.LW WORM!"
X	WindowsRegKey update	[random filename]	"Added by the RBOT.QT WORM!"
X	WindowsRegKey update	svchoosts.exe	"Added by the RBOT.ADB WORM!"
X	WindowsRegKey update	svchostc.exe	"Added by the RBOT.IF WORM!"
X	WindowsRegKey update	wdnupdate.exe	"Added by the SDBOT.QX WORM!"
X	WindowsRegKey update	Windowsup.exe	"Added by the SDBOT.PU WORM!"
X	WindowsRegKey update	WINUPDATES.EXE	"Added by the RBOT-MM WORM!"
X	WindowsRegKey update	rkbuouoxfl.exe	"Added by the RBOT-OO WORM!"
X	WindowsRegKey update	winsys.exe	"Added by the RBOT-JY WORM!"
X	WindowsRegKey update	winupdat32.exe	"Added by the RBOT-AGW WORM!"
X	WindowsRegKey update XP	windexv1.exe	"Added by the RBOT-ABM WORM!"
X	WindowsRegKey%$ update	msi332.exe	"Added by the RBOT-IX WORM!"
X	WindowsRegKey%update	ethernet32m.exe	"Added by the RBOT-EN WORM!"
X	WindowsRegKeys update	winsysi.exe	"Added by the SDBOT.WE WORM!"
X	Windowss Service Agent	mssngear.exe	"Added by the RBOT.KGU BACKDOOR!"
X	WindowsService	[random name].dll	"Added by the VUNDO-X TROJAN!"
X	WindowsServicesH	servicedhs.exe	"Added by the AGOBOT-JD WORM!"
X	WindowsServicesStartup	svchost.exe	"Added by the ECUP WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Temp%"
X	WindowsSetup	[path to trojan]	"Added by the EZBOT TROJAN!"
X	WindowsSp2	sp2.exe	"Added by the POSSE WORM!"
X	WindowsSystem32	asper.exe	"Added by the AGENT-EFP TROJAN!"
X	WindowsSystem32	svchosts.exe	"Added by the AGENT-EDA TROJAN!"
X	WindowsSystem32	[path to worm]	"Added by the SDBOT-DFG WORM!"
X	WindowsSystem32	msnmssgr.exe	"Added by the AGENT.ALY BACKDOOR!"
X	WindowsSystem32	msn_kilo.exe	"Added by the AGENT.ALY BACKDOOR!"
X	WindowsSystem32	msnmgaer.exe	"Added by the AGENT.ALY BACKDOOR!"
X	windowstime.exe	windowstime.exe	"Added by the DLOADR-AQV TROJAN!"
U	WindowsTranslator	DWinTrsl.exe	"Delta Translator® English < > Portugese (Brazilian) version - ""an automatic
U	WindowsTranslator_Espanhol	DWinTrsl.exe	"Delta Translator® Spanish < > Portugese (Brazilian) version - ""an automatic
X	WindowsUpd	WindowsUpd4.exe	"VirtuMonde adware"
X	WindowsUpd1	WindowsUpd1.exe	"VirtuMonde adware"
X	WindowsUpd2	WindowsUpd2.exe	"VirtuMonde adware"
X	WindowsUpdate	windows_update.exe	"Added by the LOFNI WORM!"
X	WindowsUpdate	svchost.exe	"Added by the ASTEF or RESPAN WORMS or AGENT-V TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.

Powered By Pac's Startup list