Mdm

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

"Y" - Normally leave to run at start-up
"N" - Not required - typically infrequently used tasks that can be started manually if necessary
"U" - User's choice - depends whether a user deems it necessary
"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
"?" - Unknown

	Startup Name	Process Name	Details
N	3ComDMIAgent	3CDMINIC.EXE	3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards
Y	Application	mdmsetsp.exe	"Aztech Labs modem driver"
Y	BCMDMMSG	bcmdmmsg.exe	BCM voicemodem driver. Required for dial-up if you have one of these modems
N	csaRem	spqmdmui.exe	Compaq modem country selection
N	GWMDMMSG	GWMDMMSG.exe	Used with internal modems on Gateway and vprMatrix PCs. This is the "GTW modem messaging applet" and is not required for the modem to work correctly
U	GWMDMpi	GWMDMpi.exe	"Used with internal modems on Gateway PCs such as the 450SX Notebook. Required for audio settings to be maintained and does not remain in memory once run. See here for more information"
X	load	mdm.exe	"Added by the BINGHE TROJAN! Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %ProgramFiles%\Common Files\Microsoft Shared\VS7Debug (98/Me/XP/Vista) or C:\WINDOWS\SYSTEM (Me only)"
U	Machine Debug Manager	MDM.EXE	"Used by developers for debugging and is a component of several MS products including Office and Visual Studio. Those who have encountered it have unchecked it with no degradation in performance. It may cause your computer to ""hang"" if you have Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendation. For this entry it loads under the ""RunServices"" key in Me (located in C:\WINDOWS\SYSTEM). It also loads a service in XP/Vista (located in %ProgramFiles%\Common Files\Microsoft Shared\VS7Debug)"
X	Machine Debug Manager	mdm.exe	"Added by the SDBOT-APE WORM! Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %ProgramFiles%\Common Files\Microsoft Shared\VS7Debug (98/Me/XP/Vista) or %System% (Me only). This one is located in %Windir%"
X	Machine Debug Manager	mdms.exe	"Added by the SDBOT-CH WORM!"
X	machine-debugger	mdmsv.exe	"Added by the AGOBOT-BR WORM!"
X	Mdm	Mdm.vbs	"Added by the WHITEHO VIRUS or TRAPPY WORM!"
X	mdm	mdm.exe	"Added by the LYDRA-F TROJAN! ! Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %ProgramFiles%\Common Files\Microsoft Shared\VS7Debug (98/Me/XP/Vista) or C:\WINDOWS\SYSTEM (Me only). This one is located in %Windir%"
X	MDM Rock 4	[8 random letters].exe	"Added by the SDBOT.CHG BACKDOOR!"
U	MDM7	MDM.EXE	"Used by developers for debugging and is a component of several MS products including Office and Visual Studio. Those who have encountered it have unchecked it with no degradation in performance. It may cause your computer to ""hang"" if you have Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendation. For this entry it loads under the ""RunServices"" key in 98/Me. It also loads as a service in XP/Vista. In both cases it's located in %ProgramFiles%\Common Files\Microsoft Shared\VS7Debug"
X	Mdmdll	mdmdll.exe	"Added by the CRYPTER TROJAN!"
X	Mdmdll32	mdmdll32.exe	"Added by a variant of the CRYPTER.C TROJAN!"
X	mdwmdmsp	mdwmdmsp.exe	"Adware - detected by Kaspersky as the AGENT.AM TROJAN!"
X	melg34	mdmd.exe	"Added by an unidentified WORM or TROJAN - see here"
X	melg3445	mdmdd.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft	mdms.exe	"Added by the AGENT-GHY TROJAN!"
X	Microsoft Debug Manager Console	mdm32.exe	"Added by the AGOBOT-AQ WORM!"
X	Microsoft Office	mdm.exe	"Added by the IBOT-A TROJAN! Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %ProgramFiles%\Common Files\Microsoft Shared\VS7Debug (98/Me/XP/Vista) or C:\WINDOWS\SYSTEM (Me only)"
X	Microsoft Visual Debuger	mdm.exe	"Added by the SDBOT-DOO WORM! Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %ProgramFiles%\Common Files\Microsoft Shared\VS7Debug (98/Me/XP/Vista) or C:\WINDOWS\SYSTEM (Me only)"
X	mmsass	mmdmm.exe	"Added by the SDBOT.SO WORM!"
X	Modem Driverz Updates	mdmdrv.exe	"Added by a variant of the SDBOT WORM!"
N	ModemUtility	mdmsetpe.exe	System Tray configuration icon for Aztech modems
X	SVCHOST	MDM.EXE	"Added by the LCJUMP-A WORM! Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %ProgramFiles%\Common Files\Microsoft Shared\VS7Debug (98/Me/XP/Vista) or %System% (Me only). This one is located in %Windir%"
X	SvcManager	mdmex2.exe	"Added by the ZALON-B BACKDOOR!"
X	SysMemory manager	mdms.exe	"Added by the CIMUZ-D TROJAN!"
U	wcmdmgr	wcmdmgrl.exe	"Web Driver delivery system for WildTangent on-line games. Periodically checks for updates - can be disabled within the programs control panel. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case"
N	wcmdmgr.exe	wcmdmgr.exe	"Web Driver delivery system for WildTangent on-line games. Periodically checks for updates - can be disabled within the programs control panel. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case"
U	wcmdmgrl	wcmdmgrl.exe	"Web Driver delivery system for WildTangent on-line games. Periodically checks for updates - can be disabled within the programs control panel. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case"
U	WildTangent Web Driver updater	wcmdmgrl.exe	"Web Driver delivery system for WildTangent on-line games. Periodically checks for updates - can be disabled within the programs control panel. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case"
X	Windows Networking Monitor	mdm.exe	"Added by a variant of the IRCBOT BACKDOOR! Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %ProgramFiles%\Common Files\Microsoft Shared\VS7Debug (98/Me/XP/Vista) or C:\WINDOWS\SYSTEM (Me only)"
X	Windows Networking Monitorin	xmdmx.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows Networking Monitoring	mdm.exe	"Added by the IRCBOT.AKZ WORM! Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %ProgramFiles%\Common Files\Microsoft Shared\VS7Debug (98/Me/XP/Vista) or C:\WINDOWS\SYSTEM (Me only)"
X	Windows Office Monitor	emdm.exe	"Added by the RBOT.AFV BACKDOOR!"
X	WMDM PMSP Service	cssrss.exe	"Added by the KNOCKIT-A TROJAN!"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.