HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40

41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77

78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99

Key: "Y" - Normally leave to run at start-up "N" - Not required - typically infrequently used tasks that can be started manually if necessary "U" - User's choice - depends whether a user deems it necessary "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs" "?" - Unknown

	Startup Name	Process Name	Details
X	Windows Logon Application	WinIogon.exe	"Added by the LINKBOT.M WORM!"
X	Windows Logon Application	logon.exe	"Added by the POEBOT-J WORM!"
X	Windows Logon Application	services.exe	"Added by the CIADOOR-L TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder"
X	Windows Logon Manager	logon.exe	"Added by a variant of the RBOT WORM!"
X	Windows Logon Procedure	Svchoste.exe	"Added by a variant of the SPYBOT WORM!"
X	Windows Logon Procedure	Svchosta.exe	"Added by a variant of the SPYBOT WORM!"
X	windows logon procedure	winlogonpc.exe	"Added by the WINLOGON TROJAN!"
X	Windows Logon Service	winlogon.pif	"Added by the RBOT-AOU WORM!"
X	Windows Management Instrumentation	mwd.exe	"Added by the GRAPS WORM!"
X	Windows Management Instrumentation	[path to file]	"Added by the QEDS-A VIRUS!"
X	WINDOWS MANAGEMENT SYSTEM	wm1exe.exe	"Added by the RBOT-VT WORM!"
X	Windows Manager	winmants.exe	"Added by the MANTAS WORM!"
X	Windows Manager	winsrv.exe	"Added by a variant of the AGOBOT/GAOBOT WORM!"
X	Windows Manager Update Inc	tgb.exe	"Added by the SDBOT-ACM WORM!"
X	Windows mangement	winlogonn.exe	"Added by the RANDEX.FC WORM!"
X	Windows Media AP	winmapp.exe	Added by an unidentified WORM or TROJAN!
X	Windows Media APP	wmapp.exe	Added by an unidentified WORM or TROJAN!
N	Windows Media Connect 2	WMCCFG.exe	"Windows Media Connect from Microsoft - stream digital media files on your computer to digital media receivers (DMRs) that are connected to your home network"
X	Windows Media Driver	msnger.exe	"Added by a variant of the RBOT WORM!"
X	Windows Media Loader	wmloader.exe	"Added by a variant of the GAOBOT WORM!"
X	Windows Media Player	wmediaplayer.exe	"Added by the AGOBOT-NQ WORM!"
X	Windows Media Player	MediaPIayer.exe	"Added by the SDBOT-QO TROJAN! - note
X	Windows Media Player	[random filename]	"Added by a variant of the RBOT WORM!"
X	Windows Media Player	msa.exe	"Added by the RBOT-SI WORM!"
X	Windows Media Player	mcafe32.exe	"Added by the RBOT-YO WORM!"
X	Windows Media Player	wmplayer.exe	"Added by the KELVIR.G WORM or variants! Note - this is not the valid Windows Media Player as the executeable resides is C:WindowsSystem (Win9x/Me)
X	Windows Media Player	50cent.exe	"Added by a variant of the RBOT WORM!"
X	Windows Media Player	mpwe.exe	"Added by the RBOT-TT WORM!"
X	Windows Media Player	msams.exe	"Added by the RBOT.AHR WORM!"
X	Windows Media Player 3.6	wmpa36.exe	"Added by a variant of the RBOT WORM!"
X	Windows Media Player 3.6b	WMPA36B.EXE	"Added by the RBOT-VV WORM!"
X	Windows Media Player 3.6d	wmpa36d.exe	"Added by the RBOT-YA WORM!"
X	Windows Media Player 3.9	wmpa36.exe	"Added by a variant of the RBOT WORM!"
X	Windows Media Player Service	wmedia.exe	"Added by the RBOT.213504 WORM!"
X	Windows Media Player Update	[random filename]	"Added by the RBOT-ET WORM!"
N	Windows Media Powerpoint Helper	NSPPTHLP.EXE	German software (comes with some Toshiba CD writers) that helps convert Powerpoint files to ASF (Streaming Media) files. Available via Start -> Programs
X	Windows media service	crvss.exe	"Added by the SDBOT.VP WORM!"
X	Windows media service	crsss.exe	"Added by the RBOT.ACY WORM!"
X	Windows media services	cvrsss.exe	"Added by the RBOT-MW WORM!"
X	Windows Media SP.2.37	[random filename]	"Added by the LEMIR.C TROJAN!"
X	Windows Media Updater	crease.exe	"Added by the RBOT-ATI WORM!"
X	Windows Media Utility	wmediautil.exe	"Added by a variant of the SPYBOT WORM!"
X	Windows messenger	messengers.exe	"Added by the MYTOB.EI WORM!"
X	Windows Messenger	msnsmgs.exe	"Added by the RBOT-ANJ WORM!"
X	Windows Messenger Messenger	winmsg.exe	"Added by VELKBOT.A WORM!"
X	Windows Messenger Service	winsmsgr.exe	"Added by the RBOT-VW WORM!"
X	Windows Messenger Service	kaspersky.exe	"Added by the MYTOB.HY WORM!"
X	Windows MeTaLRoCk service	metalrock.exe	"Added by the TASTYRED TROJAN!"
X	Windows Micro Drivers	wupdates32.exe	"Added by the RBOT-AEH WORM!"
X	Windows mod Verifier	Windows-mod.exe	"Added by the RBOT.DSU WORM!"
X	Windows Monitor	winmon.exe	"Added by the SDBOT.VB WORM!"
X	Windows Monitor	arsetup.exe	Added by the SPAZBOX.A TROJAN!
X	Windows Monitor Services	winmonitor.exe	"Added by the RBOT-XX WORM!"
X	Windows Monitoring Service	winmon.exe	"Added by a variant of the SDBOT WORM!"
X	Windows More Choice	TopContext.exe	"ZQuest adware"
X	Windows Mouse Utilities	mouseutils.exe	"Added by the RBOT-ABU WORM!"
X	Windows ms Drivers	msnup32.exe	"Added by the SDBOT-AAL WORM!"
X	Windows MSConfig Startup Logger	winlog.exe	"Added by the RBOT.BCU WORM!"
X	Windows MSX drivers	winmsx.exe	"Added by the RBOT-AYG TROJAN!"
X	Windows NetDDe	wrmana32.exe	"Added by the MYTOB.IM WORM!"
X	Windows Nets	WinNET.exe	"Added by the RBOT-MO WORM!"
X	Windows NetStart Service	winsN2S.exe	"Added by the RBOT-ZX WORM!"
X	Windows NetStart Service2	winsN2S.exe	"Added by the RBOT-ABN WORM!"
X	Windows NetStart Service2	winsN2SD.exe	"Added by a variant of the RBOT WORM!"
X	Windows Network Controller	Mqguard.exe	"Added by the FORBOT-CL WORM!"
X	Windows Network Controller	WinxPupd.exe	"Added by the FORBOT-DK WORM!"
X	Windows Network Controller	winmms32.exe	"Added by the FORBOT-ED WORM!"
X	Windows Network Controller	wingmt.exe	"Added by a variant of the SDBOT WORM!"
X	Windows Network Controller	Win9x.exe	"Added by the WOOTBOT.I WORM!"
X	Windows Network Firewall	firewall.exe	"Added by the POEBOT-J WORM!"
X	Windows Network Service	winvc32.exe	"Added by the RBOT.RY WORM!"
X	Windows Networking	winsys32.exe	"Added by the GAOBOT.FL WORM!"
X	Windows Networks	netcog.exe	"Added by the MYTOB.FH WORM!"
X	Windows Nivedia Driver	sysMGT.exe	"Added by a variant of the RBOT WORM!"
X	Windows NNT	[path to trojan]	"Added by the RANKY.E TROJAN!"
X	Windows NT 32	ntlogin32.exe	"Added by the RANDEX.BRD WORM!"
X	Windows NT Login	ntlogin32.exe	"Added by the SDBOT.WG WORM!"
X	Windows NT Login Session Manager	WNSM.EXE	"Added by the RBOT.BIV WORM!"
X	Windows NT Logon Application	winlogon.scr	"Added by the RBOT-ALP WORM!"
X	Windows NT Service Name	winshock.exe	"Added by the RBOT-PK WORM!"
X	Windows NT Update Manager	WINL0G0N.exe	"Added by the AGOBOT-NU WORM! Note that those are zeroes in the filename and not capital ""o"""
X	Windows OEM Tools	winres32.exe	"Added by the SPYBOT.FD WORM!"
X	Windows OLE Automation Server	ole32aut.vbe	"CoolWebSearch parasite variant"
X	Windows Online Updater	dllman.exe	"Added by the RBOT-TE WORM!"
X	Windows Pc	winmgr.exe	"Added by the BIBOT-A WORM!"
X	Windows PDG	winpdg.exe	"Added by the RBOT-ADW WORM!"
X	Windows Performance Monitor	wmscupd.exe	"Added by the IRCBOT_GEN WORM!"
X	Windows PNP	winpnp.exe	"Added by the RBOT-AKN WORM!"
X	Windows PNP Server	pnpsrv.exe	"Added by this variant of the SDBOT WORM!"
X	Windows Print Monitor Daemon	[random filename].exe	"Added by a variant of the SDBOT WORM!"
?	Windows Print Spooler	SCVHOSTS.EXE	"Suspicious due to the similarity to the valid ""svchost.exe"" file"
X	Windows Print Spooler	NavAgent32.exe	"Added by an unidentified VIRUS
X	Windows Print Spooler	SVEHOST.EXE	"Added by the SPYBOT.H WORM!"
X	Windows Process Manager	winproc.exe	Added by an unidentified WORM or TROJAN!
X	Windows Processe Manager	mspn32.exe	"Added by a variant of the RBOT WORM!"
X	Windows Proffesional Security	WinSecure32.exe	"Added by the AGOBOT.VA WORM"
X	Windows Protectot	boxide.exe	"Added by a variant of the WOOTBOT WORM!"
X	Windows Recylinder Check	zwdomsgemw.exe	"Added by the RBOT-EGJ WORM!"
X	Windows Reg Services	ffservice.exe	"Added by the DLOADER-PL or DLOADER-XM TROJANS!"
X	Windows Reg Services	dservice.exe	"Added by the PRORAT-D TROJAN!"
X	Windows Reg Services	fservice.exe	"Added by the PRORAT-D TROJAN!"
X	Windows Reg Services	ssservice.exe	"Added by the PRORAT-D TROJAN!"
X	Windows Reg Services	lncom.exe	"Added by the PRORAT-O TROJAN!"
X	Windows Reg Services	lservice.exe	"Added by the PRORAT-O TROJAN!"
X	Windows Reg Services	wservice.exe	"Added by the PRORAT-O TROJAN!"
X	WINDOWS REGISTER EDIT	registr32.exe	Added by an unidentified WORM or TROJAN!
X	Windows Register Settings	svmhost.exe	"Added by a variant of the FORBOT WORM!"
X	Windows Registers	winservicess.exe	"Added by a variant of the SDBOT WORM!"
X	Windows Registry	msnmsg.exe	"Added by a variant of the RBOT WORM!"
X	Windows Registry	winhost.exe	"Added by a variant of the RBOT WORM!"
X	Windows Registry Cleaner	winclean.exe	"Added by a variant of the SPYBOT WORM!"
X	Windows Registry Express Loader	regexpress.exe	"Added by the FORBOT-CJ WORM!"
X	Windows Registry Manager	tasksmanagers.exe	"Added by the MYTOB.ER WORM!"
X	Windows Registry Name	[random filename]	"Added by the RBOT-AEB WORM!"
X	Windows Registry Name	winses.exe	"Added by the RBOT-ADB WORM!"
U	Windows Registry Repair Pro	RegistryRepairPro.exe	"Registry Repair Pro. ""Scans the Windows Registry for invalid or obsolete information in the registry"""
X	Windows Registry Scan	regscan32.exe	"Added by the RBOT.KE WORM!"
X	Windows Registry Scan	timeupdate.exe	"Added by the SPYBOT.JE WORM!"
X	Windows Registry Scan	svcdll.exe	"Added by the RBOT-TP WORM!"
X	Windows Registry Scan	regscan23.exe	"Added by a variant of the RBOT WORM!"
X	Windows Registry Security	crss.exe	"Added by a variant of the IRC.BOT TROJAN!"
X	Windows Registry Startup	wind32.exe	"Added by the AGOBOT-BZ WORM!"
X	Windows Repair	toxikx.exe	"Added by the SDBOT-ADL WORM!"
X	Windows report	swchost.exe	"Added by the SMALL-BD TROJAN!"
X	windows run	system.exe	"Added by the ICPASS-A WORM!"
X	Windows Run-Time 64bit	win64rt.exe	"Added by a variant of the RBOT WORM!"
X	Windows Runtime Help	win32hlp.exe	"Added by a variant of the AIMVISION TROJAN!"
X	Windows Runtime Help	WinRunHelp.wrh	"Added by a variant of the AIMVISION TROJAN!"
X	Windows Runtime Proccess	32RUNdll.exe	"Added by the SDBOT.QW WORM!"
X	Windows SA	omniscient.exe	"BLAZEFIND adware"
X	Windows Screensaver	Service.exe	"Added by the KELVIR.P WORM!"
X	WINDOWS SCREENSAVER	ssaver.scr	"Added by the SDBOT-YZ WORM!"
X	Windows secure	setver32.exe	"Added by the SPYBOT.EP WORM!"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.

Powered By Pac's Startup list