Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77
78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99
If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown



Startup Name Process Name Details
NBing Barmswinext.exe"Bing Bar - the latest incarnation of the MSN Toolbar from version 5.* onwards. This entry loads the toolbar into memory at start-up before you open your internet browser. Not required - it will load with the browser and remains in memory after the browser is closed"
XMicrosoft Driver Managermswindrv.exe"Added by the FORBOT-EZ WORM!"
XMicrosoft SDKP3mswinsdq.exe"Added by the RBOT-ARY WORM!"
XMicrosoft Update Servicemswin32.exe"Added by a variant of the SPYBOT WORM!"
XMicrosoft Win Corp TLS Verificationmswintls.exe"Added by the RBOT-GCT WORM!"
XMicrosoft Windows 16Bitmswinn16.exe"Added by a variant of the SPYBOT WORM!"
XMicrosoft Windows 32Bitmswinn32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Windows 64 Bitmswin32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Winsockmswinsck.exe"Added by the RBOT-ANK WORM!"
Xmmxrunmswinindex.exe"TwoSeven spyware"
XMS Config LoaderMSWin32bck.exe"Added by the GAOBOT.AA WORM!"
XMS Network Controlmswin.exe"Added by the DUMBA TROJAN!"
XMS Sys Securitymswin.pif"Added by the RBOT-APJ WORM!"
XMS System Securitymswin32.pif"Added by the RBOT-AOX WORM!"
NMSN Toolbarmswinext.exe"MSN Toolbar from version 4.* onwards (now known as Bing Bar from version 5.* onwards). This entry loads the toolbar into memory at start-up before you open your internet browser. Not required - it will load with the browser and remains in memory after the browser is closed"
NMSNŽ Toolbarmswinext.exe"MSN Toolbar from version 4.* onwards (now known as Bing Bar from version 5.* onwards). This entry loads the toolbar into memory at start-up before you open your internet browser. Not required - it will load with the browser and remains in memory after the browser is closed"
XMSWinmswin.exe"Added by the BANKER-CU TROJAN!"
XMswincfgMswincfg32.exe"Added by the CYBRSPY.D TROJAN!"
XMsWindows DRT Driverswsdrt32.exe"Added by the RBOT.ALT WORM!"
XMsWindows SSL Driversmssl32.exe"Added by the SPYBOT.API WORM!"
XMSWindows SysClmscl32.exe"Added by the RBOT.AHI WORM!"
XMsWindows SysDatesysmsvc.exe"Added by the SPYBOT.FCD WORM!"
XMSWindows Syspgmspg32.exe"Added by the RBOT-TB WORM!"
XMSWindowsUpdateSystern.exe"Added by the RBOT-AFD WORM!"
XMSWindowsUpdatemswinup.exe"Added by a variant of the SDBOT WORM!"
Nmswinextmswinext.exe"MSN Toolbar from version 4.* onwards (now known as Bing Bar from version 5.* onwards). This entry loads the toolbar into memory at start-up before you open your internet browser. Not required - it will load with the browser and remains in memory after the browser is closed"
XMSWinlogonSynCor.exe"Added by the AGENT-FZL TROJAN!"
XMSWinlogonwinlogon.exe"Added by the AGENT-FZM TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
XMswinpid32mswinpid32.exeAdded by the LAPOS.A TROJAN! This is a keylogger which emails back to China PayPal passwords and account information - thus allowing the perpetrators to steal PayPal funds in the name of the victim!
XMSWinSrvMSWinSrv.exe"Added by the MTRON TROJAN!"
XMSWinSrv32MSWinSrv32.exe"Added by the MTRON-B TROJAN!"
XMSWinupdwinupd.exe"Added by the DLOADER-YE or DLOADR-AAA or DLOADER-ZF TROJANS - and others"
XMSWinupdatewinupdate.exe"Added by the DLOADR-AAW TROJAN!"
XMsWinVgrmsvgr.exe"Added by the MYTOB.LE WORM!"
XName Servermswins.exe"Added by a variant of the SDBOT WORM!"
XOS Securitymswind32.pif"Added by the RBOT-ASU WORM!"
XRemote Procedure Callsmswinrpc.exe"Added by the RBOT.KJ WORM!"
XRemote Procedure Callsmswinc.exe"Added by the RBOT-IT WORM!"
XWINDOWS SYSTEMmswins.exe"Added by the MYTOB.DP WORM!"
XWindows UDP Control Centermswinudpmgr32.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XWindows Update Systemmswins.exe"Added by the IRCBOT.DN WORM!"


DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.

Copyright 2003-2013 iamnotageek &/or Martin Krohn.