Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown



Startup Name Process Name Details
Y00PCTFWFirewallGUI.exe"System Tray access to PC Tools Firewall Plus from PC Tools - which ""is a powerful personal firewall for Windows that protects your computer from intruders and controls the network traffic in and out of your PC"""
YAshampoo FireWallFireWall.exe"Ashampoo® Firewall FREE from Ashampoo GmbH & Co. KG"
YAshampoo FireWall PROFireWall.exe"Ashampoo® Firewall PRO from Ashampoo GmbH & Co. KG"
XCGI Firewall ScriptCGIAGENT.EXE"Added by the BROPIA-U WORM!"
UComodo FirewallCPF.exe"Comodo Firewall"
YCOMODO Firewall Procfp.exe"Comodo Firewall Pro"
YCOMODO Memory Firewallcmf.exe"""Comodo Memory Firewall is a buffer overflow detection and prevention tool which provides the ultimate defence against one of the most serious and common attack types on the Internet - the buffer overflow attack"""
XComputing Technologie Firewalllsauth.exe"Added by the SDBOT-WX WORM!"
NdwStartFireWall.exe"The Shield firewall from pcsecurityshield.com. Not recommended by some (see here) and there are better free alternatives out there such as Zone Alarm. Located in %ProgramFiles%\PCSecurityShield\The Shield Firewall"
YeTrust EZ Firewallefpeadm.exe"eTrust EZ Firewall"
YEZ Firewallca.exe"eTrust EZ Armor Internet Security"
Xfirewalfirewal.exe"Added by the BANCBAN-QY TROJAN!"
XFirewallwmlaunch .exe"Added by the ELIPTER.A or ELIPTER.B WORMS! Note the space at the beginning of the filename"
XFirewallwmlaunch .exe"Added by the ELIPTER.D WORM!"
XFirewallSP2 UPDATE.exe"Added by the ELITPER.E WORM!"
XFirewallFirewall.bat"Added by the YPSAN.G WORM!"
Xfirewallfw_304.exe"Added by the BDOOR-JQ BACKDOOR!"
XFirewallctfmon.exe"Added by a variant of the IRCBOT BACKDOOR! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in %Windir%"
Xfirewallspoolsv.exe"Added by the DIZAN.F VIRUS!"
Xfirewallfirewall.exe"Added by the SURO-A TROJAN!"
Xfirewall 2008logoneui.exe"Added by the SILLYFDC WORM!"
XFirewall Administratinginfocard.exe"Added by the AUTORUN-AYV WORM! Note - this is not the valid InfoCard Service which is part of the .NET Framework from Microsoft and uses the same filename"
XFirewall auto setupwinlogon.exe"Added by the AGENT-EDB TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Temp%"
XFirewall auto setup[path to trojan]"Added by the AGENT-GLY TROJAN!"
XFirewall configReadMe.exe"Added by the SILLYFDC.BBT WORM!"
XFirewall Controlssys32.exe"Added by the SDBOT-DGI WORM!"
XFirewall PolicyMidiDef32.exe"Added by the PIEBOT-A TROJAN!"
XFirewall Sp2 systemsys32Conf.exe"Added by the RBOT-ABT WORM!"
XFirewall Update System1WinedowsUpdater1.exe"Added by the RBOT-ARU WORM!"
XFirewall Updatermsnupdateit.exe"Added by the RBOT-AAQ WORM!"
XFirewall.exeFirewall.exe"Added by the AGENT.AGL BACKDOOR! Located in %System%"
YFireWall.exeFireWall.exe"Ashampoo® Firewall PRO and Ashampoo® Firewall FREE from Ashampoo GmbH & Co. KG. Located in an Ashampoo related sub-directory of %ProgramFiles%"
XFirewallActiviescsrss.exe"Added by the BANKER-AQ TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""3041"" subfolder"
YFirewallGUIFirewallGUI.exe"System Tray access to PC Tools Firewall Plus from PC Tools - which ""is a powerful personal firewall for Windows that protects your computer from intruders and controls the network traffic in and out of your PC"""
UFirewallStartupFirewallstartup.exe"Innovative Startup Firewall - ""designed to protect your computer from programs that install themselves in the StartUp area of your Windows without asking for your approval. Innovative StartUp Firewall will help you keep your computer clean
XFirewallSvrFirewallSvr.exe"Added by the NETSKY.X or NETSKY.Y WORMS!"
Xfirewall_antifirewall_anti.exe"Added by the NETDENY-B TROJAN!"
XGate Personal FirewallSystpl.exe"Added by the RBOT.ADC WORM"
YGDFirewallTrayGDFirewallTray.exe"System Tray access to the firewall part of G Data range of internet security products"
XInternet Firewall Layertsqla.exe"Added by a variant of the SPYBOT WORM!"
Yiolo Personal FirewallioloFW.exe"iolo Personal Firewall"
XLife FireWall Update1FireWall-Update1.exe"Added by the RBOT-ARS WORM!"
XLife Personal FirewallFirewallingV10.exe"Added by the RBOT-BKF WORM!"
YMcAfee Desktop Firewall TrayFireTray.exe"McAfee Desktop Firewall"
YMcAfee FirewallCPD.EXEFirewall bundled with McAfee VirusScan 6.*. Can also be listed as CPD_EXE
XMicrosoft Firewallfirewallsp2.exe"Added by the RBOT-MC WORM!"
YMICROSOFT FIREWALL CLIENTISATRAY.EXE"MS Internet Security and Acceleration Server - see here"
XMicrosoft Internet Firewallfirewall.exe"Added by the IRCBOT.MD BACKDOOR! Located in %System%"
XMicrosoft Internet Firewall ManagerGMT16.exe"Added by the RANDEX.AT WORM!"
XMicrosoft Internet Firewall Updateupdater.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft Personal Firewallsbakw.exe"Added by the RBOT-KS WORM!"
XMicrosoft Security Monitor Processfirewall.exe"Added by a variant of the IRCBOT BACKDOOR! Located in %System%"
XMicrosoft Service firewall Managerfirewall.exe"Added by a variant of the SDBOT BACKDOOR! Located in %System%"
XMicrosoft System Firewall 2006.2msmsgr.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft System Firewall 2006.2msnmsgr.exe"Added by a variant of the SDBOT WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%"
XMicrosoft System Firewall 2006.2reg32.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Windows Client Firewallmsclt.exe"Added by the VANEBOT-F WORM!"
XMicrosoftPersonalFirewallspoolsrv.exe"Added by the WOOTBOT.DO BACKDOOR!"
XMS FIREWALLmsfrewall.exe"Added by the SDBOT-PU WORM!"
XMS FIREWALLmsfirewall.exe"Added by the SDBOT-QH WORM!"
Xms_anti_spywaremwfirewall.exe"Added by the GAMQOWI TROJAN!"
Xnetwork device drivermsfirewall.exe"Added by the DELF-LB TROJAN!"
XNorton Firewall[path to trojan]"Added by the BANKER-ET TROJAN!"
XNorton Personal Firewalljah.exe"Added by a variant of the SDBOT WORM!"
XNorton Personal Firewallnpfw.exe"Added by the RBOT-UI WORM!"
XNorton Personal Firewalllah.exe"Added by a variant of the RBOT WORM!"
XNorton Personal Firewallnpfw32.exe"Added by the RBOT-UQ WORM!"
YNorton Personal FirewallIntroWiz.exePart of Norton Personal Firewall or Norton Internet Security
XNorton Personal Firewallwinmpts.exe"Added by the RBOT.ANT WORM!"
YOnline Armor Firewalloaui.exe"System Tray access to and main user interface for the Online Armor range of security tools from Tall Emu Pty Ltd. The free version incorporates a firewall
YOutpost Firewalloutpost.exe"Outpost personal firewall"
YPC Tools Firewall PlusFirewallGUI.exe"System Tray access to PC Tools Firewall Plus from PC Tools - which ""is a powerful personal firewall for Windows that protects your computer from intruders and controls the network traffic in and out of your PC"""
XPersonal Firewall V9Firewall-UpdateV9.exe"Added by the RBOT-BJR WORM!"
XProtectionFirewall.exe"Added by the ELIPTER.A or ELIPTER.B WORMS! Located in %ProgramFiles%\Internet Explorer"
UProxyFirewallProxyFirewall.exe"Proxy Firewall by Unique Internet Services
UQuick Heal Firewall Proqhfw.exe"Quick Heal Firewall Pro"
XSagate Security Firewallsagate.exe"Added by the GAOBOT.BOW WORM!"
XSepate Security Firewallsepate.exe"Added by the RBOT.BLC BACKDOOR!"
XSP2 Firewall/Internet Updatercrssrs.exe"Added by the RBOT.BJO WORM!"
XSPAM FIREWALLmfirewall.exe"Added by the SDBOT.AOU WORM!"
XSpecial Firewall Serviceavguard.exe"Added by the NETSKY.G WORM! Note - do not confuse with AntiVir® antivirus which uses the same filename. This one is located in %Windir%"
XSyga432te Pe432rsonal FirewallMrNo4236.exe"Added by the RBOT-AQY WORM!"
XSygaete Personal FirewallSyGate.exe"Added by the RBOT-GLX WORM!"
XSygate Peral FirewallSyga.exe"Added by the RBOT-AQK WORM!"
XSygate Personal FirewallWin32x.exe"Added by the RBOT-KZ WORM!"
XSygate Personal Firewallsystem32.exe"Added by the RBOT.VI WORM!"
XSygate Personal Firewallsysgut.exe"Added by the SDBOT.WM WORM!"
XSygate Personal FirewallSygate.exe"Added by the RBOT-PN WORM!"
XSygate Personal FirewallMcafeeupdate.exe"Added by the RBOT.YN WORM!"
XSygate Personal FirewallSygate32.exe"Added by the RBOT.ATW WORM!"
XSygate Personal FirewallMSNSRV32.exe"Added by a variant of the RBOT WORM!"
XSygate Personal Firewallservice.exe"Added by a variant of the RBOT WORM!"
XSygate Personal Firewallt1ktik.exe"Added by the RBOT-VP WORM!"
XSygate Personal Firewallhost32.exe"Added by the RBOT.ALD WORM!"
XSygate Personal Firewallsexy.exe"Added by the RBOT-XY WORM!"
XSygate Personal Firewallsys.exe"Added by the RBOT-ZC WORM!"
XSygate Personal Firewallsyserror.exe"Added by the RBOT.UC WORM!"
XSygate Personal Firewallhostserv.exe"Added by the RBOT.BKO WORM!"
XSygate Personal Firewallmsnmsgrs.exe"Added by the RBOT.XN WORM!"
XSygate Personal FirewallSygat.exe"Added by a variant of the RBOT WORM!"
XSygate Personal Firewallwins.exe"Added by the RBOT.AOB WORM!"
XSygate Personal Firewallwinxpstat.exe"Added by a variant of the RBOT WORM!"
XSygate Personal FirewallSyga.exe"Added by the RBOT-AQD WORM!"
XSygate Personal Firewallsvchots.exe"Added by the RBOT.ABT WORM!"
XSygate Personal Firewallwin31243.exe"Added by a variant of the IRCBOT TROJAN!"
XSygate Personal Firewall Startservices32.exe"Added by the RBOT-MB WORM!"
XSygate Personal Firewall Startservic.exe"Added by the RBOT-RY WORM!"
XSygate Personals Firewallsccsrn.exe"Added by a variant of the RBOT WORM!"
XSygates Personal Firewallsygs.exe"Added by the RBOT.XB WORM!"
XSysgate Personal Firewallsyst3ms.exe"Added by a variant of the IRCBOT TROJAN!"
XsysPersonalFirewallmsnmssgr.exe"Added by a variant of the RBOT WORM!"
XsysPersonalFirewallsystem.exe"Added by the WOOTBOT.FH WORM!"
XsysPersonalFirewalltskm0nitor.exe"Added by the SDBOT.APC WORM!"
Xsystem firewallmakeini32.exe"Added by the AGOBOT-PS WORM!"
XSystem Firewallsysfirewall.exe"Added by the AGOBOT-ACY WORM!"
XSystem Firewallscommandprompt32.exe"Added by the RBOT.BJT WORM!"
YTiny Personal Firewallpersfw.exe"Tiny Personal Firewall"
XUSB Updatesmsfirewalls.exe"Added by a variant of the RBOT WORM!"
XUSBDrivesmsfirewalI.exe"Added by the RBOT-ABP WORM!"
YVistaFirewallControlVistaFirewallControl.exe"Vista Firewall Control from Sphinx Software (forerunner to Windows 7 Firewall Control) - ""Protects your applications from undesirable network incoming and outgoing activity
YWebroot Desktop FirewallWDF.exe"Webroot Desktop Firewall"
XWin32 Firewall Driverwinfw.exe"Added by a variant of the RBOT WORM!"
XWin32 Firewall Driverswinfirewall.exe"Added by the WOOTBOT.GX WORM!"
XWindows FirewalLsess.exe"Added by a variant of the RBOT WORM!"
XWindows FirewallWindowsFirewall.exe"Added by the MYTOB.AO WORM!"
XWindows Firewallsvchost.exe"Added by the PROXY-HT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
XWindows Firewallipservice32.exe"Added by a variant of the RBOT WORM!"
XWindows Firewallrundll32.exe"Added by a variant of the IRCBOT BACKDOOR!"
XWindows Firewall Logwinlog.exeAdded by an unidentified WORM or TROJAN!
XWindows Firewall Managermsfw.exe"Added by the RBOT.WR WORM!"
XWindows firewall managerchh.exe"Added by a variant of the RANDEX.GEL WORM!"
XWindows firewall managermsguard.exe"Added by a variant of the RANDEX.GEL WORM!"
XWindows Firewall Servicewfsvc.exe"Added by the IRCBOT-YL WORM!"
XWindows Firewall Updaterupdatees.exe"Added by the RBOT-GBX WORM!"
XWindows Firewall Updatercronos.exe"Added by the RBOT-GBY WORM!"
XWindows Firewall Updaterctfcom.exe"Added by the RBOT-GCB WORM!"
XWindows Firewall Updaterwindowsupdate.exe"Added by the SPYBOT.AVEO WORM!"
XWindows Firewalllscvhost.exe"Added by the RBOT-EK WORM!"
XWindows Firewalllsphost.exe"Added by a variant of the RBOT WORM!"
XWindows Firewalllsvvhost.exe"Added by a variant of the RBOT WORM!"
XWindows Firewalllwinmu.exe"Added by a variant of the RBOT WORM!"
XWindows Network Firewallfirewall.exe"Added by the POEBOT-J WORM! Located in %System%"
XWindows Service XPXpFirewall.exe"Added by the MYTOB.AM WORM!"
XWindows SP2 Firewallwfirewall7.exe"Added by a variant of the RBOT WORM!"
XWindows Update Firewall Systemctfmoom.exe"Added by the RBOT-GAN WORM!"
XWindows Update Firewall Systemwinmsfw.exe"Added by the RBOT-EEO WORM!"
XWindows Update Firewall Systemctfmom.exe"Added by the SPYBOT.ANDM WORM!"
XWindows USBDmsifirewall.exeAdded by an unidentified WORM or TROJAN!
YWindows7FirewallControlWindows7FirewallControl.exe"Windows 7 Firewall Control from Sphinx Software - ""Protects your applications from undesirable network incoming and outgoing activity
XWindowsFirewalllsass.exe"Messenger Blocker rogue security software - not recommended. Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Common Files\System"
XWindowsFirewallSvcwinsvcup.exe"Added by a variant of the SDBOT WORM!"
XWinz Firewall[random filename].exe"Added by a variant of the SDBOT WORM!"
XXPSP2 Firewallxpsp2fw.exe"Added by the SMALL-RN TROJAN!"


DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.