Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown



Startup Name Process Name Details
XMicrosoft Windows Systemsrwhost.exe"Added by the RBOT-AWU WORM!"
XMicrosoft Windows Systemsyshost.exe"Added by the RBOT-ASW WORM!"
XMicrosoft Windows SystemSystem.exe"Added by the VB.KV WORM!"
XMicrosoft Windows System Kernelkernel32.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft Windows System Service Managerwinsvc.exe"Added by the SPYBOT.LR WORM!"
XMS Windows System AlertMSWSA32.exe"Added by the RBOT-BFN WORM!"
XNT Windows System Manager Loadercsrlss.exe"Added by the AGOBOT.OX WORM!"
XWINDOWS SYSTEMbeta.exe"Added by the MYTOB.DF WORM!"
XWINDOWS SYSTEMdcomuser.exe"Added by the MYTOB.EO WORM!"
XWINDOWS SYSTEMlf66prc.exe"Added by the MYTOB.GC WORM!"
XWINDOWS SYSTEMmsdev32.exe"Added by the MYTOB.EH WORM!"
XWINDOWS SYSTEMnec.exe"Added by the MYTOB-L WORM and variants!"
XWINDOWS SYSTEMnibie.exe"Added by the MYTOB-BY WORM!"
XWINDOWS SYSTEMninfoie.exe"Added by the MYTOB-EP WORM!"
XWINDOWS SYSTEMskybot.exe"Added by the MYTOB-CX WORM!"
XWINDOWS SYSTEMskybotx.exe"Added by the MYTOB-BY WORM!"
XWINDOWS SYSTEMsmoc.exe"Added by the MYTOB.FU WORM!"
XWINDOWS SYSTEMsmsc.exe"Added by the MYTOB-BR WORM!"
XWINDOWS SYSTEMtest.exe"Added by the MYTOB.DJ WORM!"
XWINDOWS SYSTEMtest2.exe"Added by the MYTOB.DJ WORM!"
XWINDOWS SYSTEMtest3.exe"Added by the MYTOB.DV WORM!"
XWINDOWS SYSTEMwdns33.exe"Added by the MYTOB-BY WORM!"
XWINDOWS SYSTEMwin.exe.exe"Added by the MYTOB.FA WORM!"
XWINDOWS SYSTEMwinaup.exe"Added by the MYTOB-DN WORM!"
XWINDOWS SYSTEMwinligon.exe"Added by the MYTOB.EP WORM!"
XWINDOWS SYSTEMwinmon.exe"Added by the MYTOB.GB WORM!"
XWINDOWS SYSTEMwinNTsys32.exe"Added by the MYTOB-DM WORM!"
XWINDOWS SYSTEMwinsvc32.exe"Added by the MYTOB.HH WORM!"
XWindows SystemWINSYS.exe"Added by the RBOT-AEF WORM!"
XWINDOWS SYSTEMwinsys33.exe"Added by the MYTOB.EK WORM!"
XWINDOWS SYSTEMwinvnc.exe"Added by the MYTOB.EU WORM!"
XWINDOWS SYSTEMwinxpserv.exe"Added by the MYTOB-BQ WORM!"
XWINDOWS SYSTEMxxx.exe"Added by the MYTOB.CZ WORM!"
XWindows Systemwinsys32.exe"Added by the MYTOB-IS WORM!"
XWINDOWS SYSTEMskybot.exe"Added by the MYTOB.JU WORM!"
XWINDOWS SYSTEMbotzor.exe"Added by the ZOTOB WORM!"
XWINDOWS SYSTEMgothica.exe"Added by the MYTOB.HU WORM!"
XWINDOWS SYSTEMmsnl.exe"Added by the MYTOB.IK WORM!"
XWINDOWS SYSTEMper.exe"Added by the ZOTOB.C WORM!"
XWINDOWS SYSTEMtwunk_65.exe"Added by the MYTOB-EG WORM!"
XWINDOWS SYSTEMservce.exe"Added by the MYTOB-EI WORM!"
XWINDOWS SYSTEMservises.exe"Added by the ZOTOB-I WORM!"
XWINDOWS SYSTEMxpupdate.exe"Added by the ZOTOB-G WORM!"
XWINDOWS SYSTEMexpI0rer.exe"Added by the MYTOB-FI WORM! Note the upper case ""i"" and number ""0"" in the filename"
XWINDOWS SYSTEMmsn32.exe"Added by the MYTOB-FX WORM!"
XWINDOWS SYSTEMsky.exe"Added by the MYTOB.LB WORM!"
XWINDOWS SYSTEMWin32IMAPSVR.exe"Added by the MYTOB-FQ or MYTOB-FU WORMS!"
XWINDOWS SYSTEMwinsvc.exe"Added by the MYTOB.LM WORM!"
XWINDOWS SYSTEMmswins.exe"Added by the MYTOB.DP WORM!"
XWINDOWS SYSTEMmtrnqs.exe"Added by the MYTOB.IG WORM!"
XWINDOWS SYSTEMlogic.exe"Added by the MYTOB.IC WORM!"
XWINDOWS SYSTEMctech.exe"Added by the MYTOB-KD WORM!"
XWINDOWS SYSTEMefefefe.exe"Added by the MYTOB-KH WORM!"
XWINDOWS SYSTEMsvchost2.exe"Added by the MYTOB.OZ WORM!"
XWINDOWS SYSTEMskybot.exe"Added by the MYTOB.EB WORM!"
XWINDOWS SYSTEMwupdate.exe"Added by the MYTOB-HT WORM!"
XWindows Systemsystem.exe"Added by the MYTOB-GN WORM!"
XWindows System 32winsys_32.exe"Added by the RBOT-FTR WORM!"
XWindows System 32-Bat Servicewin32bat.exe"Added by the MYTOB.FI WORM!"
XWindows System BackupSysBackup.exeUnidentified malware
XWINDOWS SYSTEM By FEnRwindasz-updote.exe"Added by the MYTOB.LR WORM!"
XWINDOWS SYSTEM Cleanerh3.exe"Added by the MYTOB.EQ WORM!"
XWINDOWS SYSTEM CLEANERiexplore.exe"Added by the MYTOB.ET WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
XWindows System ConfigurationSYSCFG16.EXE"Added by the WISDOOR-K TROJAN!"
XWindows System ConfigurationPasscfg16.exe"Added by the DOMWIS-E TROJAN!"
XWindows System ConfigurationWinfrw.exe"Added by the SOLUFINA TROJAN or the DOMWIS-J WORM!"
XWindows System Configurationwincfg.exe"Added by the AGOBOT.OP WORM!"
XWindows System ConfigurationWINCFG32.EXE"Added by the AGOBOT-TE WORM!"
XWindows System ConfigurationWinNeth.exe"Added by the RETHE-A WORM!"
XWindows System Configurationnether.exe"Added by the OPANKI-AB WORM!"
XWindows System ConfigurationWINSYS32.exe"Added by the SDBOT.AXK WORM!"
XWindows System DefenderWS[random characters].exe"Windows System Defender rogue security software - not recommended
XWINDOWS SYSTEM Dnswindsns.exe"Added by the MYTOB.EY WORM!"
XWINDOWS SYSTEM DNSPOOLhbmail.exe"Added by the MYTOB.FW WORM!"
XWindows System Driverssysretain.exe"Added by the SLENFBOT.BY WORM!"
XWindows System Filecmxp.exe"Added by the SPYBOT.KHO WORM!"
XWINDOWS SYSTEM FILEwinload.exe"Added by the MYTOB.DK WORM!"
XWindows System GatewaySPOOLER.EXE"Added by a variant of the RBOT WORM!"
XWindows System Guardegun.exe"Added by the AGENT-NHY TROJAN!"
XWindows System Guardmsdn.exe"Added by the FAKEAV-BJD TROJAN!"
XWindows System Guardmsng.exe"Added by the EGGDROP-BO WORM!"
XWindows System Guardmsns.exe"Added by the DWNLDR-IGD TROJAN!"
XWindows System Initwinit32.exe"Added by a variant of the RBOT WORM!"
XWindows System Managerwinsystem.exe"Added by the RBOT-AN WORM!"
XWindows System ManagerCRSL.EXE"Added by the SDBOT.MG WORM!"
XWindows System Managersysconf.exe"Added by the MYTOB.AL WORM!"
XWindows System Managersmsc.exe"Added by a variant of the RBOT WORM!"
XWindows System Managercrssm.exe"Added by the RBOT-AFH WORM!"
XWINDOWS SYSTEM MANAGERspoolsvc.exe"Added by the MYTOB-LY WORM!"
XWindows System Managerwinsysmgr.exe"Added by the IRCBOT.BJG BACKDOOR!"
XWindows System Manager Loadersmsls.exe"Added by the AGOBOT.TF WORM!"
XWindows System Manager Procwinsmc.exe"Added by the RBOT.JH WORM!"
XWINDOWS SYSTEM MEMORY LOADERmemloader.exe"Added by the MYTOB-IN WORM!"
XWINDOWS SYSTEM mscdvvsmscdvvs.exe"Added by the MYTOB.MD WORM!"
Xwindows system notepadwnpsm.exe"Added by a variant of the RBOT WORM!"
XWindows System Restore ConfigurationSblhost.exe"Added by a variant of the SPYBOT WORM!"
XWindows System RestorerSystemRestorer.exe"Added by the DULOAD.C WORM!"
XWINDOWS SYSTEM SCALPEscalpe91.exe"Added by the MYTOB-HI WORM!"
XWindows System Securitywinmp.exe"Added by the RBOT.IV WORM!"
XWindows System Securitysys32.pif"Added by the RBOT-AOL WORM!"
XWindows System Security Monitor[4 random letters].exe"Added by the PINKTON.A WORM!"
XWindows System Serivcewinserv.exe"Added by the RBOT.ACA WORM!"
Xwindows system servicewinsock.exe"Added by the RBOT-MR WORM!"
XWindows System Servicewnuserv.exe"Added by the SPYBOT.ANDM WORM!"
XWindows System Service[worm filename]"Added by the RBOT.XG WORM!"
XWindows System SuiteWS[random characters].exe"Windows System Suite rogue security software - not recommended
UWindows System Traymsni.exe"Iambigbrother monitoring software"
XWindows System Trayswhost.exe"Added by an unidentified VIRUS
XWINDOWS SYSTEM UPDATExDcc.exe"Added by the MYOTB-EH WORM!"
XWindows System Update Toolsupds.exe"Added by the VANBOT.CX BACKDOOR!"
XWindows System-Control Driverssyscontrl.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XWindows System32windowsp.exe"Added by the MYTOB.GD WORM!"
XWindows System32winsys32.exe"Added by the SDBOT-AHS WORM!"
XWindows System32clsas32.exe"Added by the RBOT-AZO WORM!"
XWindows System32explorer.exe"Added by the OPANKI-V WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is also copied to %System%"
XWindows System32System32.exe"Added by the SDBOT-ALI WORM!"
XWindows SYSTEM32Realplayer.exe"Added by the SPYBOT.ZH WORM!"
XWindows System32wingrd32.exe"Added by a variant of the RBOT WORM!"
XWindows System32windows32.exe"Added by the RBOT-FPB WORM!"
XWindows System32 Driverclsass32.exe"Added by the SDBOT-AGG WORM!"
XWindows System32 Kernelsystem32.exe"Added by the SDBOT-AAT WORM!"
XWindows SystemDllSYSTEMDLL.EXE"Added by the AGOBOT-LP WORM!"
XWINDOWS SYSTEMnservicces.exe"Added by the MYTOB-EL WORM!"
XWindows Systemnmgstagmr.exe"Added by the MYTOB.S WORM!"
XWindows Systems16winjews16.exe"Added by the SDBOT-CXT WORM!"


DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.