msm

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

"Y" - Normally leave to run at start-up
"N" - Not required - typically infrequently used tasks that can be started manually if necessary
"U" - User's choice - depends whether a user deems it necessary
"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
"?" - Unknown

	Startup Name	Process Name	Details
X	27	msm32.exe	"Added by the SLSORVE-E TROJAN!"
X	afmsmsgs	afmsmsgs.exe	"Added by the DLOADR-CUX TROJAN!"
U	AntiWindowsMessenger	AntiMsMsg.exe	"Anti-Windows_Messenger is a small application that prevents Windows Messenger from remaining resident in memory"
X	avnort	msmbw.exe	"Added by the SERFLOG.A WORM!"
X	AvSer	msmpatch.exe	"Added by the SERFLOG.B WORM!"
X	b99	msmm.exe	"ClientMan parasite variant"
Y	BCMSMMSG	BCMSMMSG.exe	BCM voicemodem driver. Required for dial-up if you have one of these modems
U	ChangeICON	SPMSMON.EXE	Card reader related program. Note - may cause problems with My Computer loading at startup. Disabling through MsConfig seems to solve the problem
N	COMSMDEXE	comsmd.exe	3Com tray icon
X	csrss	msmsgs.exe	"Added by the CHODE-J BACKDOOR! Note - this malware uses MSN Messenger (which is located in %Program Files%\Messenger) in the background to propogate itself"
X	DsmSer	msmpatch.exe	"Added by the SERFLOG.B WORM!"
X	Intec Service Drivers	msmsgrs.exe	"Added by the SDBOT-ADN WORM!"
X	Intec Service Drivers	msmsgredss.exe	"Added by the SDBOT-AGL WORM!"
X	ltwob	msmbw.exe	"Added by the SERFLOG.A WORM!"
X	mackfy.exe	msms.exe	"Added by the SDBOT-DID WORM!"
X	Message Queuing	msmqs.exe	"Added by the FREEFORS TROJAN!"
N	Messenger	msmsgs.exe	"Windows Messenger instant messenger utility included with Windows 2K/XP. Available via the Start menu. Go to Windows Messenger → Tools → Options → Preferences and uncheck ""Run this program when Windows starts"""
X	Messenger Gateway	msmgs.exe	"Added by the AGENT-IGK TROJAN!"
X	Messenger Service	msmsgs.exe	"Added by the SDBOT-ZB WORM! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger"
X	Microsoft	msmsger.exe	"Added by a variant of the SDBOT WORM!"
X	Microsoft Excele	msmsgs.exe	"Added by the AGENT.AJQG TROJAN! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger"
X	Microsoft Macro Protection Subsystems	msmacroprotxz.exe	"Added by a variant of the SPYBOT WORM!"
X	Microsoft Macro Protection Subsystems	Msmacroprot32.exe	"Added by the RBOT.KN WORM!"
X	Microsoft Manager	msmanager.exe	"Added by the MYTOB.LF WORM!"
X	Microsoft Media player 9	msmedia32.exe	"Added by the RBOT-ADO WORM!"
X	Microsoft Message Machine	msmesg32.exe	"Added by the SPYBOT.BI WORM!"
X	Microsoft Messenger Management Controls	msmgmctl.exe	"Added by the RBOT-APA WORM!"
X	Microsoft Messenger Service	msmsg32.exe	"Added by the RBOT.BOK WORM!"
X	Microsoft Messenger XP	MSMSN32.exe	"Added by the RBOT-ZP WORM!"
X	Microsoft Msn Messenger	msmsgs.exe	"Added by the BUZUS.AYX TROJAN! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger"
X	Microsoft Office	MSMSGR.exe	"Added by the GAOBOT.BB WORM!"
X	Microsoft Office	msmsgr.exe	"Added by the GAOBOT.BB WORM!"
X	Microsoft Oftice	msmsgs.exe	"Added by the IRCBOT.ALT WORM! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger"
X	Microsoft Security Monitor Process	msmp.exe	"Added by the RBOT.GKQ WORM!"
X	Microsoft Services	msmpserv.exe	"Added by the IRCBOT.BKA BACKDOOR!"
X	Microsoft System Firewall 2006.2	msmsgr.exe	"Added by a variant of the SDBOT WORM!"
X	Microsoft System Services	msmsgr.exe	"Added by the RBOT-ZH WORM!"
X	Microsoft Windows GUI	msmonk32.exe	"Added by the SDBOT-PE WORM!"
X	MS MSN Menssenger 7.0	MSMSN7.exe	"Added by the RBOT-ACA WORM!"
X	MS Unix Binary	msmq2inst.exe	"Added by the RBOT-YF WORM!"
X	msm	msm.scr	"Added by the BANKER-EHJ TROJAN!"
X	msmacro32	msmacro32.exe	Identified as a variant of the AGENT.QB TROJAN!
X	msmacro32	msmacro64.exe	"Added by a variant of the BACKDOOR-DOQ TROJAN!"
X	MsManager	msmgr32.exe	"Added by the YAHA.AF WORM!"
X	msmanager32	msmngr32.exe	"Added by the RANDON-R (or WOMANIZ.A) WORM!"
X	msmautoprotect	msmssgs.exe	"Added by the BIFROSE-AJ TROJAN!"
X	msmc	mscpbo.exe	"ClientMan parasite variant"
X	msmc	msgdmf.exe	"ClientMan parasite variant"
X	msmc	msongn.exe	"ClientMan parasite variant"
X	msmc	msmc.exe	"ClientMan parasite variant"
X	msmc	ms***.exe [ = random char]	"ClientMan parasite variant"
X	MSMcAfeee	Avsynmgr32e.exe	"Added by the FRAMAR TROJAN!"
X	MSMcAfeeh	Avsynmgr32h.exe	"Added by the FRANGO TROJAN!"
X	MSMcAfeeS	Avsynmgr32S.exe	"Added by the VOLAC or VOLAC.DR TROJANS!"
X	MSMessnger	msnupd.exe	"Added by the RBOT-ADY WORM!"
?	msmgr	msmgr.exe	"??"
X	msMGR	rtkmsg.exe	"Added by the SDBOT-BPY WORM!"
X	Msmgt	msmgt.exe	"Total Velocity adware/hijacker"
X	msmmi	msmmi.exe	"Added by the AGENT.RFR TROJAN!"
X	MSMNTGNT	MSMNTGNT.EXE	"Added by the BANKER-IE TROJAN!"
X	MSMNTJBE	MSMNTJBE.EXE	"Added by the BANCOS-EF TROJAN!"
X	MSMNTJNG	MSMNTJNG.EXE	"Added by the GRABER-G TROJAN!"
X	MSMNTMTS	MSMNTMTS.EXE	"Added by the BANKER-GZ TROJAN!"
X	msmon	msmon.exe	"Added by a variant of the GEMA.D TROJAN!"
X	MsMon32	MsMon32b.exe	"Added by the SDBOT.O BACKDOOR!"
X	MsMovies	MsMovies.exe	"Added by the ALCRA-E WORM!"
?	MsmqIntCert	regsvr32 /s mqrt.dll	"Microsoft Message Queue Server - Internal Certificate - see here for more info and here for a potential problem. Is it required?"
X	MSMSGNER	[4-8 random letters].exe	"Added by the FOWLDO-GEN TROJAN!"
X	MSMSGNER	zzgf.exe	"Added by the PWS-CCB TROJAN!"
X	MSMSGNER	fgozmox.exe	"Added by the AGENT-EBJ BACKDOOR!"
X	msmsgr	msmsgss.exe	"Detected by Kaspersky as the RBOT.AJJ WORM!"
N	MSMSGS	msmsgs.exe	"Windows Messenger instant messenger utility included with Windows 2K/XP. Available via the Start menu. Go to Windows Messenger → Tools → Options → Preferences and uncheck ""Run this program when Windows starts"""
X	Msmsgs	Msmsgs.exe	"Added by the SILLYFDC-AP WORM! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger"
X	MSMsgs	msmessgs.exe	"Added by the SMALL-EW TROJAN!"
X	msmsgs	msmsgs.exe	"Added by the SCLOG-AL TROJAN! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger"
X	MSMSGS	winlogon.exe	"Added by the BRONTOK-BS WORM! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS"
X	msmsgs.exe	IEXPLORE.EXE	"Added by the VB.FQX TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
X	MsMsgSrv	msmsgsrv.exe	"Added by the CQO TROJAN!"
X	msmsgss	[path to trojan]	"Added by the RANKY.G BACKDOOR!"
X	MSMsgSvc	MSMSGSVC.exe	"Browser hijacker
X	msmsngr	msmsngr.exe	"Added by the DOPBOT-B WORM!"
X	MSN Configuration Loader	msmsncfg.exe	"Added by the AGOBOT-KX BACKDOOR!"
X	MSN MESSENGER	msmmsgr.exe	"Added by the KELVIR.Q WORM!"
X	MSN Messenger	msmsgs.exe	"Added by the ZLOB TROJAN! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger"
X	MSN Messenger User Controls	msmsgr.exe	"Added by the KELVIR.HI WORM!"
X	MSN Registry loader	msmnwin.exe	"Added by the KELVIR.FK WORM!"
X	MSN Serv	msmsnserv.exe	"Added by the IRCBOT.AVF BACKDOOR!"
X	MSN Server	msmsnserver.exe	"Added by the IRCBOT.AUS BACKDOOR!"
X	Msn Update Manager (Sp2)	MSMSGS.EXE	"Added by the AGOBOT-NL WORM! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger"
X	mssoul	msmscc2.exe	"Added by the DAPIZL.A banker WORM! (A ""banker worm"" is designed to pillage banking information and send it back to the perpetrators!)"
X	mssoul	msmscc.exe	"Added by the BANCOS.HKT TROJAN!"
X	mssyslanhelper	msmsgri32.exe	"Added by the RANDEX.D WORM!"
X	Network Host Service	msmnart32.exe	"Added by the RBOT-CJV WORM!"
X	notepad.exe	msmsgs.exe	"Added by the ZLOB TROJAN and variants! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger"
X	NvCplDaemon	msmsgrs.exe	"Added by the DLOADER-YI TROJAN!"
X	RegSvr32	msmsgs.exe	"Added by the ZLOB.B TROJAN! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger"
X	rollbk	msmpatch.exe	"Added by the SERFLOG.B WORM!"
?	Roxio Engine	MSMNGR32.EXE	"Not believed to be a valid Roxio program - more likely a variant on the WOMANIZ.A TROJAN!"
X	Scheduler	MSMSGS.EXE	"Added by the HOSTBANK-A TROJAN! Note - this particular msmsgs.exe file is located in %System%\Config and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger"
X	Security Accounts Manager SM	samsm.exe	"Added by the SPYBOT.JE WORM!"
X	serpe	msmbw.exe	"Added by the SERFLOG.A WORM!"
U	SMS Win9x Message Agent	SMSMsg.exe	This program assigns a user to a Systems Management Server site
X	smsm	smsm.exe	"Added by the BANKER-CO TROJAN!"
X	System Initialization	msmsgri32.exe	"Added by the RANDEX.D WORM or ROXY or ROXY.B TROJANS!"
X	Windows Live Messenger Servicer	msmgslive.exe	"Added by a variant of the IRCBOT TROJAN! See here"
X	Windows Rundll Center	msmsgrs.exe	"Added by the IRCBOT-AFA WORM!"
X	Windows32 Messenger Service	msmsgv.exe	"Added by the RBOT.ANS WORM!"
X	WINTASK	msmgrxp.exe	"Added by the MYTOB.AQ WORM!"
X	YhooUpdates	ymsmsgs.exe	"Added by the SMALL_K TROJAN!"
X	_Cat3	msmsgrxp.exe	"Added by a variant of the SMALL-DT downloader TROJAN"
X	_Cat4	msmsgr2.exe	"Added by the SMALL-EB TROJAN!"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.