Restore

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

"Y" - Normally leave to run at start-up
"N" - Not required - typically infrequently used tasks that can be started manually if necessary
"U" - User's choice - depends whether a user deems it necessary
"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
"?" - Unknown

	Startup Name	Process Name	Details
Y	*Restore	rstrui.exe	Part of Windows System Restore and added as a RunOnce registry entry. Leave alone
X	crash0001	restorecrashwin32.bat	"Added by the AGENT-ZC TROJAN!"
X	Data Restore Service	prq8.exe	"Added by the KELVIR.AI WORM!"
U	EDRestore	??	"Set Point from Easy Desk Software - ""small utility that automatically sets System Restore points for WinME/XP"""
Y	Image & Restore	IMAGE32.exe	"Part of McAfee Nuts & Bolts. Image/Restore can recover from drives that have been accidentally formatted or completely erased
N	Mania Win Restore	RESWIN.EXE	Pinball Mania for Windows from 21st Century Entertainment LTD (1995). Runs briefly at start-up then terminates. Available via Start -> Programs
U	McAfee Backup and Restore	McAfeeDataBackup.exe	"McAfee Online Backup (formerly Data Backup) - ""takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos"". Available as a stand-alone product or included in Internet Security and Total Protection"
X	Microsoft Restore	scrgrd.exe	"Added by the SPYBOT.BR WORM!"
X	Microsoft System Restore Configuration	CBRSS.EXE	"Added by a variant of the SPYBOT WORM!"
X	MS SyS Restore	sysrestore.exe	"Added by the RBOT.XM WORM!"
X	MSNSysRestore	pc32.exe	Added by a variant of the MASTAK VIRUS!
X	PrinterSpool	[path] RESTORE.EXE [path] SPOOL.EXE	"Added by the ALADINZ.K TROJAN!"
U	Rapid Restore	rrpcsb.exe	"XPoint ""Rapid Restore PC"" - ""a Managed Recovery solution that enables IT Administrators to protect the corporate image
X	Restore	restore.exe	"Antispyware Shield Pro rogue security software - not recommended
X	Restore Operation	svchots.exe	"Added by a variant of the RBOT WORM!"
U	RestoreDesktop	RestoreDesktop.exe	"Softwarium Restore Desktop ""is a Windows Context Menu addition that automatically saves and restores the icons' positions on the Windows desktop after a resolution change"""
Y	RestoreIT!	VBPTASK.EXE	"RestoreIT! from FarStone - ""automatically backs up all files on your computer to a protected partition on your hard drive"""
X	restorer32_a	restorer32_a.exe	"Added by the AGENT.CQQB TROJAN!"
X	restorer64_a	restorer64_a.exe	"Added by the DLDR-BY TROJAN!"
X	SvcManager	restore3.exe	"Added by the AGENT-DSS TROJAN!"
X	sysrestore32.exe	sysrestore32.exe	"Unknown malware detected by McAfee - see here"
X	System Restore	svcnet.exe	"Added by the TIBICK WORM!"
X	System Restore Data	[path] repcale.exe [path] beird.exe	"Added by the RANDON.AN WORM! Both files are located in %System%\frbyjed"
X	Windows System Restore Configuration	Sblhost.exe	"Added by a variant of the SPYBOT WORM!"
X	Windows System Restorer	SystemRestorer.exe	"Added by the DULOAD.C WORM!"
X	winrestore1	winrestore.exe	"Added by the KILLFIL-Q TROJAN!"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.