HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40

41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77

78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99

Key: "Y" - Normally leave to run at start-up "N" - Not required - typically infrequently used tasks that can be started manually if necessary "U" - User's choice - depends whether a user deems it necessary "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs" "?" - Unknown

	Startup Name	Process Name	Details
X	[various names]	driver64.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	DTOURS.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	ERTYDF.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	ExchangeMaster.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	EXE32EXE.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	expoler.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	FLKPT.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	forces_elite.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	ftbar.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	gabber.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	hyandex.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	iehelper.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	iesetupdll.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	init32.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	InpriseMon.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	install2.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	jopplerg.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	Kargo.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	keybdll.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	KeywordFinder.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	killall.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	LOPTCON.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	media64.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	MNTP.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	MON76234.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	moniter.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	mozilla-text.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	msag.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	ms-its.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	MsNetHelper.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	new32.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	newbreed.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	nmdllw.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	NopeZ.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	NsCplTray.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	NSYSCPLSTR.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	NukeSpan.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	openstre.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	panel_its.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	ParisM.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	pizda.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	powerdll.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	PrcIdle.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	prcmon.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	Preliminary.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	prgsys0984.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	progmen.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	qwe.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	RtlFindVal.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	SAPSTR.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	sbin.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	scanSYS.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	Serviceprocess.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	SetupExeDll.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	Shaitan1678.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	slamm.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	sound64.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	SpyElim.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	srbho.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	ssweeper.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	StartCpl.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	startman.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	StatusCheck.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	stuffmon.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	sysconf16.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	SysEntry.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	sysmon12.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	syspanel.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	SysSupport.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	SYSTRAV.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	TemplateDongle.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	teqq32.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	Testimonials.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	TForm1.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	TorontoMail.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	Trayz.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	TRPT.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	trycrt.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	typeconf.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	Uint32.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	uio.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	UserSp1.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	utsgmon.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	vxdman.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	WhatsNewBot.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	WinInitDll.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	wormexe.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	WTFCTF.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	XTermInit.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	xwiz.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	xxtoolbar.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	zantu.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	zxc.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	ABCXYZ.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	dePloy.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	JAguAr.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	80d0.exe	"MediaMotor adware"
X	[various names]	exe81.exe	"MediaMotor adware"
X	[various names]	exe82.exe	"MediaMotor adware"
X	[various names]	MSTCPDLL.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	seli.exe	"MediaMotor adware"
X	^`d}qZxu	~`d}qzxu3zYF	"Added by the GAOBOT.GEN!POLY WORM!"
X	_	mzqdd.exe	"Added by the AGENT.BZB TROJAN!"
Y	_AntiSpyware	MssCli.exe	"Part of McAfee AntiSpyware"
Y	_AntiSpyware	masalert.exe	"Part of McAfee AntiSpyware"
X	_Cat1	nmmst.exe	"Added by the SMALL.SD TROJAN!"
X	_Cat2	nmstt.exe	"Added by the SMALL-DT TROJAN!"
X	_Cat3	msmsgrxp.exe	"Added by a variant of the SMALL-DT downloader TROJAN"
X	_Cat4	msmsgr2.exe	"Added by the SMALL-EB TROJAN!"
X	_explore manager	_explore.exe	"Added by the SPEXTA-C TROJAN!"
X	_Hazafibb	[path to file]	"Added by the ZAFI.B WORM!"
X	_mzu_stonedrv2	_mzu_stonedrv2.exe	"Added by a variant of the DWNLDR-FTB TROJAN!"
X	_mzu_stonedrv3	_mzu_stonedrv3.exe	"Added by the DWNLDR-FTB TROJAN!"
X	_mzu_stonedrv7	_mzu_stonedrv7.exe	"Added by a variant of the DWNLDR-FTB TROJAN!"
X	_mzu_stonedrv8	_mzu_stonedrv8.exe	"Added by the DOWNLOADER-MZU TROJAN!"
X	_ntrdlhost	_Ntrdlhost.exe	"Added by the DLOADER-JV TROJAN!"
X	_ntrRescueService	_ntrrs.exe	"Added by the DLOADER-JV TROJAN!"
X	_pnd_Panda Antivirus	_pnd_*****.exe [* = random char/digit]	Added by the AGENT.NAK TROJAN!
X	_rx	rundll32.exe	"Added by the LINEAG-B TROJAN!! Note - this is not the legitimate rundll32.exe process
X	_Services.dll	smss.exe	"Added by the SOBER-L WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\system"
X	_Setv	Setv.com	"Added by the BESAM WORM!"
X	_svchost.con	svchost.com	"Added by the ERKEZ.C WORM!"
X	_SystemBoot	services.exe	"Added by the SOBER-Q TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Help\Help"
X	_SystemDriver	csrss.exe	"Added by the ASCETIC.B TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\addins\explorer"
X	_System_Run	_svchost_.exe	"Added by the LINEAGE-Z TROJAN!"
X	_tdiserv_	_tdicli_.exe	"Added by the TDISERV.A WORM!"
U	_winadm	winadm.exe	"Parents Friend - ""Log any activity and protect programs with a password. Further more you can lock the pc any hour in the week you want with the main password. You can also give users allowed programs in their program-lists and you can limit the maximal daily hours and maximal weekly hours user spend on the PC"""
X	_WinCheck	services.exe	"Added by the SOBER.V WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\ConnectionStatus\Microsoft"
X	_WinData	services.exe	"Added by the SOBER-AD WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\PoolData"
X	_Windows	services.exe	"Added by the SOBER.X WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %windir%\WinSecurity"
X	_WinINet	services.exe	"Added by the SOBER.R WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\ConnectionStatus"
X	_WinMain	winexec.exe	"Added by the DLOADER-XX TROJAN!"
X	_WinStart	services.exe	"Added by the SOBER.O WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Connection Wizard\Status"
X	_winsystem.sys	smss.exe	"Added by the SOBER.K WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\win32"
X	_x-Finder	_x-Finder.exe	Disconnects and redials an ISP modem to an adult content site
X	{**-**-**-**-**}	mrdsregp.exe	"Zenosearch adware
X	{**-**-**-**-**}	rwwnw64d.exe	"Identified as a variant of the AdWare.Win32.ZenoSearch.am malware
U	{0228e555-4f9c-4e35-a3ec-b109a192b4c2}	gnotify.exe	"Google Gmail Notifier. Alerts you when you have new Gmail messages"
X	{05CD0D77-4947-4a56-94FA-0DF0DC644D7B}	sysqyzwud.exe	"Added by the FAKEALERT-AM TROJAN!"
U	{1290A33C-85F5-4164-A1BE-7DD299D4986A}	PBKScheduler.exe	"Scheduler for CyberLink PowerBackup - archiving/backup utility"
X	{12EE7A5E-0674-42f9-A76B-000000004D00}	"rundll32.exe stlb2.dll	DllRunMain"
X	{157627A6-2A10-4aa1-B97F-90B8DC6F24AC}	sysqkmwfedz.exe	"Added by the FAKEALERT-AH TROJAN!"
X	{1C-CC-C5-54-ZN}	dwdsregt.exe	"ZenoSearch adware"
X	{29123221-3AF8-488c-85DE-6B3EC59E8074}	netmedia.exe	"NetMedia adware"
X	{2C70168B-97CE-4f31-B85D-1FEC5002721D}	sxpgknrwva.exe	"Added by the FAKEALERT-AM TROJAN!"
X	{2C70168B-97CE-4f31-B85D-1FEC5002721D}	sysavxjgdu.exe	"Added by the FAKEALERT-AM TROJAN!"
X	{2C70168B-97CE-4f31-B85D-1FEC5002721D}	sysawpbkvnq.exe	"Added by the FAKEALERT-AH TROJAN!"
X	{2C70168B-97CE-4f31-B85D-1FEC5002721D}	sysxhtcwbse.exe	"Added by the FAKEALERT-AM TROJAN!"
X	{2CF0B992-5EEB-4143-99C0-5297EF71F444}	"rundll32.exe stlbdist.dll	DllRunMain"
X	{2CF0B992-5EEB-4143-99C2-5297EF71F44B}	"rundll32.exe stlbupdt.DLL	DllRunMain"
X	{2F-FF-F4-4C-ZN}	omdsregk.exe	"ZenoSearch adware"
X	{357AA41A-B7A8-4632-A27D-5B980B25CF43}	[path to svchost.exe]	"Added by the SMALL-AQ TROJAN!"
X	{357AA41A-B7A8-4632-A27D-5B980B25CF43}	services.exe	"FakeMessage/AdRotator adware. Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in an ""Inetsrv"" subfolder"
X	{357AA41A-B7A8-4632-A27D-5B980B25CF43}	[path to trojan]	"Added by the SMALL-EP TROJAN!"
X	{42562052-EE17-4197-82C7-91CB2E4B0666}	sysrswva.exe	"Added by the FAKEALERT-AH TROJAN!"
X	{52-28-8E-E8-ZN}	thinksnet.exe	"Zeno Think-Adz adware"
X	{78B578D7-BCE1-4d83-9CD4-195BC34D8CB3}	sxjecknqhu.exe	"Added by the FAKEALERT-AM TROJAN!"
X	{78B578D7-BCE1-4d83-9CD4-195BC34D8CB3}	syspyukrazv.exe	"Added by the FAKEALERT-AH TROJAN!"
X	{78B578D7-BCE1-4d83-9CD4-195BC34D8CB3}	syssfzvakqg.exe	"Added by the FAKEALERT-AM TROJAN!"
X	{7DD4A7AC-A3F1-4495-884A-7947C5B89108}	sysahbecjh.exe	"Added by the FAKEALERT-AM TROJAN!"
X	{8C-C4-4A-A4-ZN}	dwdsregt.exe	"ZenoSearch adware"
U	{914C5BF8-EEDD-4F3A-A8BE-34EE71CF1B29}	XPlay.exe	"Xplay 3 from Mediafour Corporation - ""expands what you can do with any iPod
X	{9754B85A-3B34-4969-BE1F-CD03227E9470}	syszweuas.exe	"Added by the FAKEALERT-AM TROJAN!"
X	{9754B85A-3B34-4969-BE1F-CD03227E9470}	sysatjsicj.exe	"Added by the FAKEALERT-AM TROJAN!"
X	{A4C928E8-0ABA-4fd3-83DF-23BE54ADF9A4}	sxnwhbvrzc.exe	"Added by the FAKEALERT-AM TROJAN!"
X	{A4C928E8-0ABA-4fd3-83DF-23BE54ADF9A4}	sysqrnxstju.exe	"Added by the FAKEALERT-AM TROJAN!"
X	{B081DB1F-4EE6-4021-9DD4-8B300F0D636D}	syssngbeh.exe	"Added by the FAKEALERT-AH TROJAN!"
U	{B179023B-6238-4499-8F26-CD73E9D90E0A}	MacDrive.exe	"MacDrive 7 from Mediafour Corporation - ""enables anyone using Windows Vista
X	{B3B48B54-C0EC-4705-8EE8-1981AEF656A7}	sysjcyrq.exe	"Added by the FAKEALERT-AH TROJAN!"
X	{B7-7D-D0-08-ZN}	dwdsregt.exe	"Added by the AGENT-GBC TROJAN!"
X	{BAAA759D-56F0-428c-B8DA-827EA3B08C2C}	sysawechod.exe	"Added by the FAKEALERT-AH TROJAN!"
X	{C0FB7D08-056E-1033-0501-03020730002c}	Update.exe	"Added by the AGENT-EOG TROJAN!"
X	{C2220120-1C24-4a79-BA7A-DDCBFC209DB3}	sysfbdgv.exe	"Added by the FAKEALERT-AM TROJAN!"
X	{C599792D-C6D9-461d-93CA-B48BFF8E37B1}	sysfdyev.exe	"Added by the FAKEALERT-AM TROJAN!"
X	{DD651081-A909-45ad-BD71-2335B0ADE043}	sysutrnez.exe	"Added by the FAKEALERT-AH TROJAN!"
X	{DD651081-A909-45ad-BD71-2335B0ADE043}	sysabmpmfr.exe	"Added by the FAKEALERT-AH TROJAN!"
X	{DD651081-A909-45ad-BD71-2335B0ADE043}	sysnxcphmgy.exe	"Added by the FAKEALERT-AH TROJAN!"
X	{E4785213-3EFE-4c26-A9B4-332440E31F6F}	sysrxmfdksp.exe	"Added by the FAKEALERT-AH TROJAN!"
X	{F758F78B-0885-490e-AA3C-4A38D28B0240}	sxpjbwvahn.exe	"Added by the FAKEALERT-AM TROJAN!"
X	{F758F78B-0885-490e-AA3C-4A38D28B0240}	sysyeabdgfp.exe	"Added by the FAKEALERT-AM TROJAN!"
N	µTorrent	uTorrent.exe	"µTorrent - file sharing client for Windows sporting a very small footprint from BitTorrent
N	µTorrent	bittorrent.exe	"BitTorrent file sharing client - from BitTorrent

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.

Powered By Pac's Startup list