HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40

41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77

78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99

Key: "Y" - Normally leave to run at start-up "N" - Not required - typically infrequently used tasks that can be started manually if necessary "U" - User's choice - depends whether a user deems it necessary "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs" "?" - Unknown

	Startup Name	Process Name	Details
X	WinAVX	WinAvXX.exe	"Added by the FAKEAVALERT TROJAN!"
X	WinAwk	WinAwk.exe	"Added by the SDBOT-AYF WORM!"
U	WinBackup Scheduler	Wbsched.exe	"LIUtilities WinBackup scheduler - backup software"
U	WinBar	WinBar.exe	""WinBar is a free and compact program that lets you monitor your system and provides easy access to frequently used controls""
X	winbar.pif	packe.pif	"Added by the RBOT-AVI WORM!"
X	Winbed	winbed.exe	Hijacker
X	Winbin	swchost.exe	"Added by the RBOT.CLS WORM!"
X	winbin32	win32exe.exe	"Added by the RBOT-ZL WORM!"
X	winbo32	winbo32.exe	"Added by the RBOT-GRU WORM!"
X	winboot	winboot.exe	"Added by the BANLOAD-W TROJAN!"
X	winbot	winbot.exe	"Added by the MIDRUG-A TROJAN!"
U	WinBrush	winbrush.exe	"WinBrush - ""handy tool that keep your privacy and make your system clean. It works by cleaning up your tracks (document histories recent opened files from popular software cookies temporary internet files etc)"""
X	WinButler	WinButler.exe	Identified as a variant of the Trojan-Dropper.Agent.DKN malware
X	WinCheck	WinCheck.exe	"Added by the PWS-CY TROJAN!"
X	WinCheck	services.exe	"Added by the SOBER.S WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\ConnectionStatus\Microsoft"
X	WinCheck	services.exe	"Added by the SOBER.V WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\ConnectionStatus\Microsoft and note the space at the beginning of the ""Startup Item"" field"
X	WinCheck	check.exe	"Added by the DELBOT-Y WORM!"
X	winchost	winchost.exe	"Added by the DLOADER-PO TROJAN!"
N	WINCINEMAMGR	WINCIN~1.EXE	"WinCinema_Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs"
N	WinCinemaMgr	WinCinemaMgr.exe	"WinCinema_Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs"
U	WINCINEMAMGR	WinRemote.exe	"InterVideo WinCinema Manager - needed for the use of WinDVD Remote Control"
X	winclean	winclean.exe	"Added by the AGENT.GXR TROJAN!"
X	wincls	rundll32.exe wincls.dllstart	"Added by the AKBOT-AR WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""wincls.dll"" file is found in %System%"
X	wincmap	wincmapp.exe	"CasClient adware variant - also detected as the CMAPP TROJAN!"
U	WinColorReminder	WinColorReminder.exe	"The Microsoft Color Control Panel Applet for Windows XP ""helps you manage Windows color settings in one place."" Part of the Pro Imaging Powertoys"
X	WinCore32.exe	WinCore32.exe	"Added by the CLICKER-EN TROJAN!"
X	wincrt.exe	[path to worm]	"Added by the STRATIO-HA WORM!"
X	WinCRT32	wincrt32.exe	"Added by the DOGBOT-D WORM!"
X	WinCSRSS	MSGRT32.EXE	"Added by the REWINDO-A TROJAN!"
X	winctl	winctl.exe	"Added by the IRCBOT-YI TROJAN!"
X	WINCX	wincore332.exe	"Added by the AGOBOT-MG WORM!"
X	Wind Logd File	servicelogd.exe	"Added by a variant of the RBOT WORM!"
X	Wind Security	mswi32.pif	"Added by the RBOT-ARH WORM!"
X	wind.exe	wind.exe	"Added by the MITGLIEDER.BD TROJAN!"
X	WIND0WS	WIND0WS.exe	"Added by the SPYBOT.DQ WORM!"
X	WIND0WS	mella.bat	"Added by the ALLEM WORM!"
X	Wind0ws	wordpad.exe	"Added by the AGOBOT-TL WORM! Note - this is not the legitimate Windows application wordpad.exe (which is found in the Program FilesAccessories folder) which should not normally be seen in Msconfig or as a Startup item. This file is loacted in the System (9x/Me) or System32 (NT/2K/XP) folder"
X	Wind0ws Ser7ice Agent	colwindos.exe	"Added by the RBOT-GQO TROJAN!"
X	Wind0ws Sharing	ssprotecter.exe	"Added by the RBOT-AHW WORM!"
X	Wind32	Wind32.exe	Identified as a variant of the Backdoor.Win32.Poison.avs malware
X	WinData	services.exe	"Added by the SOBER.AA WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a ""PoolData"" subfolder of the Windows or Winnt folder"
N	WinDates	windates.exe	WinDates is a calendar date organizer and event reminder program from Rockin' Software
X	windbs	winxtc.exe	"Added by the AGOBOT-WD WORM!"
X	Winde	winde.exe	"Added by the DLUCA TROJAN!"
X	windef	Win32sp.vbs	"Added by the ANPES WORM!"
X	windef	windef.exe	"Added by the WURMARK-O WORM!"
X	windefender	windefender.exe	"Added by the AGENT.BYH TROJAN!"
X	Windeows NetStart Service2	tesakrmger.exe	"Added by the RBOT-AMY WORM!"
X	WinDevils	WinDevils.exe	"Added by the BRONTOK-BS WORM!"
X	windhost.exe	osrwin32.exe	"Added by the BANKER-CB TROJAN!"
X	windhost.exe	windhost.exe	"Added by the BANKER-BV TROJAN!"
X	windhost.exe	winos.exe	"Added by the PWSAGENT-A WORM!"
X	windir	winrun.exe	"Added by the WINBUR.B WORM!"
X	Windir Working	wuaumqr1.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Windll	Windll.exe	"Added by the TRYNOMA TROJAN!"
U	WINDLL	WSYS.EXE	STARR key logger. "It logs almost everything that goes through the box. It logs all key strokes all passwords transacted even if they weren't keyed in all web sites visited every program launched including the path to that program and more"
X	windll	windll32.exe	"Added by the ASTEF or RESPAN WORMS!"
X	WinDLL (algs.exe)	rundll32.exe algs.exestart	"Detected by Kaspersky as the AKBOT.E BACKDOOR! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""algs.exe"" file is found in %System%"
X	WinDLL (aqls32.exe)	aqls32.exe	"Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""aqls32.exe"" file is found in %System%"
X	WinDLL (asdfsa.exe)	rundll32.exe asdfsa.exestart	"Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""asdfsa.exe"" file is found in %System%"
X	WinDLL (bee.dll)	rundll32.exe bee.dllstart	"Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""bee.dll"" file is found in %System%"
X	WinDLL (bix.exe)	rundll32.exe bix.exestart	"Detected by Kaspersky as the KOLAB.OL WORM! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""bix.exe"" file is found in %System%"
X	WinDLL (csmss.exe)	rundll32.exe CSMSS.EXEstart	"Added by the AKBOT.U WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""CSMSS.EXE"" file is found in %System%"
X	WinDLL (ctfmonm.exe)	rundll32.exe ctfmonm.exestart	"Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""ctfmonm.exe"" file is found in %System%"
X	WinDLL (dasda.com)	rundll32.exe dasda.comstart	"Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""dasda.com"" file is found in %System%"
X	WinDLL (diem.exe)	rundll32.exe diem.exestart	"Added by the AKBOT.E WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""diem.exe"" file is found in %System%"
X	WinDLL (dlfksdld.exe)	rundll32.exe dlfksdld.exestart	"Detected by Kaspersky as the IRCBOT.BPM TROJAN! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""dlfksdld.exe"" file is found in %System%"
X	WinDLL (jbi32.dll)	rundll32.exe jbi32.dllstart	"Added by the AKBOT.E WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""jbi32.dll"" file is found in %System%"
X	WinDLL (lcass.exe)	rundll32.exe lcass.exestart	"Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""lcass.exe"" file is found in %System%"
X	WinDLL (mysnlive.exe)	rundll32.exe mysnlive.exestart	"Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""mysnlive.exe"" file is found in %System%"
X	WinDLL (ProsFix.exe)	ProsFix.exe	"Added by a variant of the IRCBOT BACKDOOR! The ""ProsFix.exe"" file is found in %System%"
X	WinDLL (qwex.dll)	rundll32.exe qwex.dllstart	"Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""qwex.dll"" file is found in %System%"
X	WinDLL (redyLive.exe)	rundll32.exe redyLive.exestart	"Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""redyLive.exe"" file is found in %System%"
X	WinDLL (scvhost32.dll)	rundll32.exe scvhost32.dllstart	"Added by the AKBOT.M WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""scvhost32.dll"" file is found in %System%"
X	WinDLL (service.exe)	service.exe	"Detected by Kaspersky as the AGENT.BX WORM! See here. The ""service.exe"" file is found in %System%"
X	WinDLL (slmss.exe)	rundll32.exe slmss.exestart	"Added by the AKBOT.AW WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""slmss.exe"" file is found in %System%"
X	WinDLL (slsass.exe)	rundll32.exe slsass.exestart	"Detected by Kaspersky as the AKBOT.E TROJAN! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""slsass.exe"" file is found in %System%"
X	WinDLL (smaprnter.exe)	rundll32.exe smaprnter.exestart	"Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""smaprnter.exe"" file is found in %System%"
X	WinDll (sslms.exe)	rundll32.exe sslms.exestart	"Added by the AKBOT-AS WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""sslms.exe"" file is found in %System%"
X	WinDLL (start0s.exe)	rundll32.exe start0s.exestart	"Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""start0s.exe"" file is found in %System%"
X	WinDLL (steam.dll)	rundll32.exe steam.dllstart	"Added by the AKBOT.M WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""steam.dll"" file is found in %System%"
X	WinDLL (svc.exe)	rundll32.exe svc.exestart	"Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""svc.exe"" file is found in %System%"
X	WinDLL (svchost.dll)	rundll32.exe svchost.dllstart	"Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""svchost.dll"" file is found in %System%"
X	WinDLL (sysx32.dll)	rundll32.exe sysx32.dllstart	"Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""sysx32.dll"" file is found in %System%"
X	WinDLL (tepmlayer.exe)	rundll32.exe tepmlayer.exestart	"Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""tepmlayer.exe"" file is found in %System%"
X	WinDLL (tmp.exe)	rundll32.exe tmp.exestart	"Detected by Kaspersky as the KOLAB.L WORM! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""tmp.exe"" file is found in %System%"
X	WinDLL (tock24.dll)	rundll32.exe tock24.dllstart	"Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""tock24.dll"" file is found in %System%"
X	WinDLL (tqurity.exe)	rundll32.exe tqurity.exestart	"Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""tqurity.exe"" file is found in %System%"
X	WinDLL (v4mon.dll)	rundll32.exe v4mon.dllstart	"Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""v4mon.dll"" file is found in %System%"
X	WinDLL (vdm32.dll)	rundll32.exe vdm32.dllstart	"Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""vdm32.dll"" file is found in %System%"
X	WinDLL (vxd32.dll)	rundll32.exe vxd32.dllstart	"Added by the AKBOT.R WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""vxd32.dll"" file is found in %System%"
X	WinDLL (wchshield.exe)	rundll32.exe wchshield.exestart	"Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""wchshield.exe"" file is found in %System%"
X	WinDLL (wimimi.exe)	rundll32.exe wimimi.exestart	"Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""wimimi.exe"" file is found in %System%"
X	WinDLL (windns32.dll)	rundll32.exe windns32.dllstart	"Detected by Kaspersky as the AKBOT.E WORM! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""windns32.dll"" file is found in %System%"
X	WinDLL (wingatey32.exe)	rundll32.exe wingatey32.exestart	"Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""wingatey32.exe"" file is found in %System%"
X	WinDLL (wintmp.exe)	rundll32.exe wintmp.exestart	"Detected by Kaspersky as the AKBOT.E BACKDOOR! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""wintmp.exe"" file is found in %System%"
X	WinDLL (wsync32.dll)	rundll32.exe wsync32.dllstart	"Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""wsync32.dll"" file is found in %System%"
X	WinDLL (xvd32.dll)	rundll32.exe xvd32.dllstart	"Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""xvd32.dll"" file is found in %System%"
X	Windll.exe	Windll.exe	"Added by the STEALER TROJAN!"
X	Windll32	Windll32.exe	"Added by the MSNPWS TROJAN!"
X	WinDll32	_WIN32.EXE	"Added by the LEGMIR.AQ TROJAN!"
X	windllsys32.exe	windllsys32.exe	"Added by a variant of the MITGLIE-A TROJAN!"
X	WinDNS	windns32.exe	"Added by the GAOBOT.WX WORM!"
X	Windo Servic Agen	alirexe.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	Windo Servic Agent 32	xagw.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	Windoes Kernel	kernel32.exe	"Added by the KICKIN.A (or CYDOG.C) WORM!"
X	Windos Seres Agnts	[worm filename].exe	"Added by the RBOT-GUN WORM!"
X	Window	explore.exe	"Added by the GAOBOT.ADW WORM!"
X	Window Loader	Dos32.exe	"Added by the GAOBOT.AO WORM!"
X	Window Monitor	winmon32.exe	"Added by the SDBOT.RT WORM!"
X	Window Msn Live Messanger	msnmsgsls.exe	"Detected by Kaspersky as the RBOT.BJD WORM! See here"
X	Window service	[random filename]	"Added by the RBOT-ACH WORM!"
X	Window upadate	pe2.exe	"Added by a variant of the RBOT WORM!"
U	Window Washer	wwDisp.exe	"Window Washer from Webroot Software. Useful utility that deletes safe to remove files cookies browsing history etc. Available via from Start -> Programs. Disable within the program options - otherwise it is re-enabled in MSCONFIG"
X	window.exe	window.exe	"Added by the MITGLIEDER.H or MITGLIEDER.J TROJANS!"
X	window2	ssvchost.exe	"Added by the IRCBOT.H TROJAN!"
U	WindowBlinds	wbload.exe	"WindowBlinds from Stardock. Skin application to change the appearence on Windows desktops. Available as an individual download or as part of Object Desktop. Required to restore settings if you use it. Available via right-click on the Desktop -> Properties -> Skins"
X	WindowEnhancer	Winex.exe	"SCBar foistware variant"
X	Windowfdgfds DasdLL Verifier	winupdatr.exe	"Detected by Trend Micro as the AGOBOT.HZ WORM! See here"
X	Windowfdgfds DasdLL Verifiew	[path to worm]	"Added by the RBOT-GGX WORM!"
X	Windowfdgfds DLL fgfdg Verifier	Windowsdldfglcheckkk.exe	"Added by the RBOT.CSP WORM!"
X	Windowfdgfds DLL fgfdg Verifier	winsecure.exe	"Added by a variant of the RBOT WORM!"
U	WindowFX	wfxload.exe	"Stardock WindowFX - ""Allows you to add an unprecedented number of special effects to windows"""
X	windown	wiusyt.exe	"Added by the QQPASS-M TROJAN!"
X	WindowRegKey update	wins.exe	"Added by the SPYBOT.I WORM!"
X	Windows	Kernel32.exe	"Added by the TENDOOLF.A WORM!"
X	Windows	msdos98.exe	Added by the PWSTEAL TROJAN!
X	Windows	Windows.exe	"Added by the KAZMOR.A BOBBINS & ALADINZ.D TROJANS!"
X	Windows	explorer.exe	"Added by the POEBOT-J WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
X	windows	[path to trojan]	"Added by the AIMWIN TROJAN!"
X	windows	hkey.exe	"Added by the GAOBOT.AFW WORM!"
X	windows	system copy.exe	"Added by the SALGA.A WORM!"
X	Windows	gearsec.exe	"Added by the STUBBOT-B WORM!"
X	Windows	run.exe	"Added by the SPYBOT.OFN WORM!"
X	Windows	system.exe	"Added by the SPYBOT.OBB WORM!"
X	WINDOWS	windows.exe	"Added by the MONBOT-A TROJAN!"
X	Windows	services.exe	"Added by the SOBER.X WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\WinSecurity and note the space at the beginning of the ""Startup Item"" field"
X	Windows	services.exe	"Added by the SOBER-Z WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! ! This file is located in a ""WinSecurity"" subfolder of the Windows or Winnt folder"
X	WINDOWS	jif.exe	"Added by the MYTOB.MK WORM!"
X	windows	iexplore.exe	"Added by the RBOT-UM WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
X	Windows	services.exe	"Added by the DLOADR-GW TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""Windows"" subfolder"
X	Windows	smss.exe	"Added by the BANCBAN-QF TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder"
X	windows	svchost.exe	"Added by the SLOMIRC-A WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder"
X	WINDOWS	ymssgr.exe	"Added by the BCKDR-PS BACKDOOR! Note - deactivates the Microsoft\Internet Connection Firewall (ICF)"
X	Windows	taskmngr.exe	"Added by a variant of the SDBOT WORM!"
X	Windows	Cfreer.exe	"Added by the CULLER-C WORM!"
X	Windows	Zser.exe	"Added by the CULLER-D WORM!"
X	Windows	spoovlss.exe	"Added by an unidentified WORM or TROJAN! See here"
U	Windows & Internet Cleaner Pro	WICleaner.exe	"Windows & Internet Cleaner Pro - ""Powerful and easy to use internet surfing privacy protection & PC security software"""
X	Windows (ICS) Spooler	crtss.exe	"Added by a variant of the RBOT WORM!"
X	Windows (random character)	diskcheck.exe	"Added by the SINGU.B TROJAN!"
X	Windows .Net Manager	localsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows .Net Manager	netsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows .Net Manager	spoolsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows .Net Manager	svcadmin.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows .Net Manager	svcman.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows .Net Manager	svcrun.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows .Net Manager	tcpsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows .Net Manager	websvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows 128 Module	win128.exe	"Added by the FORBOT-ES WORM!"
X	Windows 2004	csrss.exe	"Added by the BANKER-DY TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Windows 2004\Tools"
X	Windows 32 Editor	Win32edit.exe	"Added by the WOOTBOT.GQ WORM!"
X	Windows 32 Rescue	win32resc.exe	"Added by the FORBOT-EU WORM!"
X	Windows 32 Update	Windows-Update.exe	"Added by a variant of the RBOT WORM!"
X	Windows 32-bit DLL Integrity Verifier	dllrun.exe	"Added by Remote Storm - a remote control tool that is a network application that allows users to manage and control PCs or networks from a remote location"
U	Windows Accelerators	setup.exe	"KeySpy keystroke logger/monitoring program - remove unless you installed it yourself!"
X	Windows Account Alternation	wauclt.exe	"Added by a variant of the IRCBOT TROJAN! See here"
X	Windows Acer Service	acersv.exe	"Detected by PCTools as the IRCBOT.YFQ BACKDOOR! See here"
X	Windows Action	csrs.exe	"Added by the SECCMU-A WORM!"
X	Windows Activate System	syssv.exe	"Added by a variant of the SPYBOT WORM!"
X	Windows AdControl	WinAdCtl.exe	Windupdates adware variant
X	Windows AdService	WinAdServ.exe	Windupdates adware variant
X	Windows AdStatus	WinStat.exe	"Added by the BLESHARE!DR VIRUS!"
X	Windows AdTools	WinAdTools.exe	Windupdates adware variant
X	Windows Anti Verifier	Windows-Anti.exe	"Added by the RBOT.ETT WORM!"
X	Windows Anti Virus Control Center	avrscan.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	Windows Anti Virus Control Center	winavscan.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	Windows Anti-Virus Built 32	AntiVirus32.exe	"Added by the SDBOT-BG WORM!"
X	Windows APCI Verifier	dhcpserv.exe	"Added by the RBOT-FON WORM! Note - Disables the automatic startup of other software and deactivates the Microsoft Internet Connection Firewall (ICF)"
X	Windows API Control Task	apitsk32.exe	"Added by the MYTOB.HI WORM!"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.

Powered By Pac's Startup list