Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer


NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

If you're not finding what you're looking for please go to this forum and submit a new startup entry.


  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown

Startup Name Process Name Details
U1Srv32SpyAgent4.exe"SpyTech SpyAgent monitoring software. "Spy software that allows you to monitor EVERYTHING users do on your PC.""
XBcvsrv32bcvsrv32.exe"Added by the GAOBOT.BQJ WORM!"
XBcvsrv32he3.exe"Added by the AGOBOT.AKB WORM!"
XBcvsrv32msxml22.exe"Added by the AGOBOT.AKH WORM!"
XBcvsrv32msc32.exe"Added by the AGOBOT.AKD WORM!"
XBcvsrv32msbvd32.exe"Added by the AGOBOT-SR WORM!"
XBcvsrv32system2.exe"Added by the AGOBOT-PU BACKDOOR!"
Xdrmsrv32stmhosts.exe"Added by the AGENT.AGWU TROJAN!"
XHijSrv32hijsrv.exe"Added by the BANKGERM-D TROJAN!"
XInternatmsgsrv32.exe"Added by the NYRUBOT-A BACKDOOR! Note - this is not the legitimate msgsvr32.exe process on a Win9x/Me system which should not appear in MSConfig/startup!"
XKsrv32Ksrv32.exe"Added by the AGOBOT-PI WORM!"
XLTM2MSGSRV32.EXE"Added by the LITMUS.A BACKDOOR! Note - this is not the legitimate msgsvr32.exe process on a Win9x/Me system which should not appear in MSConfig/startup! This one is located in %Windir%\Litmus"
XMicrosoft Driver Setupmslsrv32.exe"Added by the SDBOT-DPF TROJAN!"
YMSGSRV32.exemsgsrv32.exe"Windows 32-bit VxD Message Server. For more information on its function and why it's needed
Xmsvsrv32msvsrv32.exe"Added by the AGOBOT-KM WORM!"
XMSWinSrv32MSWinSrv32.exe"Added by the MTRON-B TROJAN!"
XReg ServiceREGSRV32.EXE"Added by the RBOT.ZW WORM!""Added by the SOUTHGHOST WORM!"
XRegistry Serverregsrv32.exe"Added by the RBOT-GM WORM!"
XRegistry ServiceREGSRV32.EXE"Added by a variant of the RBOT WORM!"
XScvsrv32scvsrv32.exe"Added by the AGOBOT-PM BACKDOOR!"
XServer Registryregsrv32.exe"Added by the VB-EJD TROJAN!"
XSrv32Srv32.exe"Added by the OPASERV.J WORM!"
XSrv32 spool servicerunsrv32.exe" malware - detected by Kaspersky as the SPYRE.B TROJAN!"
XSrv32 spool servicespoolsrv32.exe"Added by the SPYRE-B TROJAN!"
XSrv32 spool service[path to trojan]"Added by the DLOADER-LB TROJAN!"
XSrv325Srv325.exe"Added by the AGOBOT-PR WORM!"
XSrv32Old[worm filename].PIF"Added by the OPASERV.J WORM!"
USrv32WinSpyAgent4.exe"SpyAgent - monitoring software that creates records of everything people do on a computer
USrv32WinSvchost.exe"Realtime-Spy keystroke logger/monitoring program - remove unless you installed it yourself!"
USrv32Winsysdiag.exe"SpyAgent surveillance software. Uninstall this software unless you put it there yourself"
Usrv32winwin16dll.exe"Screenspy captures screenshots silently. If you didn't install this yourself remove it"
XSygate Personal FirewallMSNSRV32.exe"Added by a variant of the RBOT WORM!"
XSystem Managerwinsrv32.exeAdded by an unidentified WORM or TROJAN!
XTmntsrv32Tmntsrv32.exe"Added by the STARTPAGE.O TROJAN!"
XUserinterface Reportersrv32.exe"ISTBar adware"
Xvsrv32vsrv32.exe"Added by the AGOBOT.AIF WORM!"
Xwin32winsrv32.exe"Added by the ADUENT TROJAN! Acts as a hi-jacker redirecting to and adult content sites"
XWindows Servicesavsrv32.exe"Added by a variant of the IRCBOT BACKDOOR!"
XWinMsrv32WinMsrv32.exe"Added by the GAOBOT.AFJ WORM!"
Xwsrv32wsrv32.exe"Detected by Kaspersky as the AGENT.EP TROJAN!"
XxxsrSrv32xxsrsrv.exe"Added by the BANCSDE-E TROJAN!"
X[3 random char]srv32[3 random char]srv.exe"Added by the BANCOS.N TROJAN!"
X[3-4 random letters]Srv32[path to file]"Added by the BANCSADE-A TROJAN!"
X[executed file name]"Added by the SOUTHGHOST WORM!"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.