cms

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

"Y" - Normally leave to run at start-up
"N" - Not required - typically infrequently used tasks that can be started manually if necessary
"U" - User's choice - depends whether a user deems it necessary
"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
"?" - Unknown

	Startup Name	Process Name	Details
X	@	wincms.exe	"Added by the RBOT.CBR WORM!"
X	audlmne32	dcmsxe.exe	"Added by the MAILBOT-CF TROJAN!"
Y	BCMSMMSG	BCMSMMSG.exe	BCM voicemodem driver. Required for dial-up if you have one of these modems
X	cms	iserver.exe	"Added by the DLOADER-WK TROJAN!"
X	CMSally	callmesally.exe	"Added by the CASAL.A TROJAN!"
U	CMSETTINGS	ctmn.exe	"Part of NetNanny
X	cmsound	vcpdll.exe	"Added by the TCXMEDI-D downloader TROJAN!"
X	cmsound	vcsystem.exe	"Added by the TCXMEDI-D downloader TROJAN!"
X	cmss	system.exe	"Added by a variant of the RBOT WORM!"
X	cmssapp	iexplore_.exe	"Added by the BANCBAN-CQ TROJAN!"
X	cmssapp	iexplore.exe	"Added by the BANCBAN-GF TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	cmssSystemProcess	csmss.exe	"Added by the AGENT-CO TROJAN!"
X	cmssSystemProcess	mcsmss.exe	"Added by the PROXYSER-F TROJAN!"
X	cmssSystemProcess	csms.exe	"Added by the AGENT-Y TROJAN!"
X	CMSystem	CMSystem.exe	"CASClient adware"
X	CPCmscl0ck	CPCmsclock.ExE	"Added by the IRCFLOOD.BF TROJAN!"
U	Creative MediaSource Go	CTCMSGo.exe	"Creative MediaSource Go! is a combination of a short-cut bar and launcher for the Creative MediaSource™ player/organizer - which ""enables you to manage your entire digital music collection on both your computer and your Creative portable music player effortlessly"""
U	Creative MediaSource Go	CTCMSGoU.exe	"Creative MediaSource Go! is a combination of a short-cut bar and launcher for the Creative MediaSource™ player/organizer - which ""enables you to manage your entire digital music collection on both your computer and your Creative portable music player effortlessly"""
N	Cyberlink PowerCinema 3.0	PCMService.exe	"Part of Cyberlink's PowerCinema - which can be used to watch movies
N	DataViz Inc Messenger	DvzIncMsgr.exe	"Installed with DataViz ""Documents to Go"" software"
X	Ethernet Driver	cmsrrs.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft System32 Update	cmsrg.exe	"Added by the RBOT-GN WORM!"
X	Microsoft Update	cmss.exe	"Added by the RBOT-ATQ WORM!"
X	Microsofts Updatez	cmsssr.exe	"Added by an unidentified VIRUS
X	mscms	mscms.exe	"Added by the AGENT-MS TROJAN!"
U	nwrecmsg	nwrecmsg.exe	"Broadcast message handler part of Novell Netware that displays server
N	PCMService	PCMService.exe	"Part of Cyberlink's PowerCinema - which can be used to watch movies
X	Security Patch	scmss.exe	"Added by the RBOT-ZW WORM!"
X	Windows Generic Proc	procmsg.exe	"Added by the ALLIM.B WORM!"
X	Windows Services	scmsg.exe	"Added by a variant of the SDBOT WORM!"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.