O4 HijackThis Entries

Bleeping Computer

Welcome Guide Blogs Chat Help

RSS

Welcome Guest (Log In | Create Account)

New Member? Join for free.

Have a problem and would like to ask us for help? To learn how to ask your question Click Here!

Do you have popups or other malware infecting your computer? If so, Start Here!

Are you having trouble using this site? Then you should visit the New User Orientation Center!

BleepingComputer.com -> Startup Programs Database -> O4 HijackThis Entries

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Other

HJT: F0, F1, F2, F3 · O4 · O20 · O21 · O22 · O23

Rootkit List

· Submit a Startup

· Top Submitters

Startup Index · Newest Entries · Mozilla Search Tools · WebMaster Site Tools · Status Key
Startup Database Forum · Computer Help Forums · How to use the Startup Database

Enter the filename or keyword you would like to search for:

Advanced Search

Pages: (122) [1] 2 3 ... Last »

Name	Filename	Status	Description
Windows Messenger User Agent	msnmsrg.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Ms System Config	xplsass.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Windows ARP Detectioncx	winlogon.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
OS Boot Loader	bootloader.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
MSN Update Client	msnupdcli.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
MSN Auto-Updater	msnaupdater.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
MSN	systems.exe	X	Identified as a variant of the Backdoor.PosionIvy keylogging malware.
some	wcs.exe	X	Identified as a variant of the Adware/Netproject malware. Typically bundled with rogue anti-spyware programs and fake codecs.
start	iebtm.exe	X	Identified as a variant of the Adware/Netproject malware. Typically bundled with rogue anti-spyware programs and fake codecs.
msvecurity	msvecurity.exe	X	Added by the W32/Dorf-BO worm.
STW	stw.exe	X	Added by the WebHelper Startpage adware.
NPFValue	NPFMONTR.exe	X	Added by the W32/Rbot-GWZ worm and IRC backdoor.
Windows Anti Virus Control Center	avrscan.exe	X	Identified as a variant of the IRCBot worm and IRC backdoor.
Microsoft Update Machine	rBot.exe	X	Added by the Troj/Drop-AF Trojan.
Smss Host	smhost.exe	X	Added by the Troj/IRCBot-ACC worm and IRC backdoor.
PHIME2002ASync	dumprep.exe	X	Added by the W32/Puress-B worm. This infection should not be confused with the legitimate C:\Windows\System32\dumprep.exe.
PHIME2002A	svchost.exe	X	Added by the W32/Puress-B worm. This infection should not be confused with the legitimate C:\Windows\System32\svchost.exe.
pestsweeper	pestsweeper.exe	X	Added by the PestSweeper rogue anti-spyware program.
WinAntispyware2008	WinAntispyware2008.exe	X	Added by the WinAntispyware2008 rogue anti-spyware program.
spywarescanner	spywarescanner.exe	X	Added by the SpywareScanner 2008 rogue anti-spyware program.
secdrive.exe	secdrive.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
MSN Client Manager	msnclimgr.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Windows Services	w32service.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Windows Services	w32services.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Windows Service Controller Agent	taksmgr.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Sakora	Sakora.exe	X	Identified as a variant of the Trojan.Downloader Matcash malware.
InstallProgram	lprn32.exe	X	Identified as a variant of the Win32/Adware.WinSpywareProtect malware.
WindowsUpdate	wupdmgr98.exe	X	Identified as a variant of the MIRC/Backdoor malware.
Windows Update	McAfee3.exe	X	Identified as a variant of the Trojan.Win32.Buzus.izj malware.
WinX Security Center	WinX Security Center.exe	X	Added by the WinX Security Center rogue anti-spyware program.
antispy	ANTIVIR.exe	X	Added by the IE AntiVirus rogue anti-spyware program.
dllcache32.exe	dllcache32.exe	X	Added by the W32/SillyFD-S removable media worm.
Microsoft Manage Services	schost.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Microsoft SQL Services	scvhost.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Microsoft Windows Sound	svshost.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Microsoft Windows Sound	svrhost.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Microsoft Windows Sound	svghost.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
MSN	SexyMama.JPG.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Srv32Win	csrss.exe	X	Identified as a variant of the Trojan-Downloader.Win32.SpyAgent.r malware. This infection should not be confused with the legitimate C:\Windows\System32\csrss.exe file.
ieguide_plus	ieguideupdate.exe	X	Added by the IEGuide Plus adware.
DeltaIITaskbarApp	DeltaIITray.exe	U	Software to manage M-Audio Delta audio cards.
M-Audio Taskbar Icon	DeltaIITray.exe	U	Software to manage M-Audio Delta audio cards.
SmartRAM	MemCleaner.exe	U	Memory Optimizer found in the Iobit's Advanced WindowsCare software.
AVG8_TRAY	avgtray.exe	Y	Windows traybar management icon for AVG Antivirus 8.
Windows Update	livesrvs.exe	X	A variant of the Rbot family of worms and IRC backdoor Trojans.
Windows Anti Virus Control Center	winavscan.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Network maneger	svchost.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans. This infection should not be confused with the legitimate C:\Windows\System32\svchost.exe file.
Microsoft Update	SetPoints.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
GP Updater	gpupdater.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
kiss	pingy.exe	X	Identified as a variant of the W32/Cult.worm.gen malware.
SDMSSplash	SDMSSplash.exe	?	Related to the HP Smart Desktop Management System support software.
NokKernel install	Nok_install.exe	U	Added by the Spyware.NokKernel surveillance software. This software should be uninstalled if found on your computer without your knowledge.
MYloVe	EjaMyVE.exe	X	Added by the WORM_SANKEZU.A worm.
DesSys	system.exe	X	Added by the WORM_SANKEZU.A worm.
240985	Isass.exe	X	Added by the WORM_SANKEZU.A worm.
explorer	main.vbe	X	Added by the VBS/Shush-A worm.
System Restore	SysRes.vbs	X	Added by the VBS/Autorun-FM worm. Please note that C:\Windows\System32\wscript.exe is a valid application.
My Web Search Bar Search Scope Monitor	m3SrchMn.exe	X	Related to the Added by the MyWebSearch adware.
COMODO Memory Firewall	cmf.exe	Y	Comodo Memory Firewall attempts to protect you from exploits that use buffer overflows.
Windows Configure Tool	i386-winconf.exe	X	Added by the Troj/Agent-HCP Trojan.
Winsock2 driver	CFTMON.EXE	X	A variant of the W32.Spybot.Worm family of worms and IRC backdoor Trojans. This family of worms spread via mIRC and the Kazaa file sharing network.
Windows svchost	avserv.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
MSN	wkssvrs.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
msvupdater	msvupdater.exe	X	Added by the Email-Worm.Zhelatin malware. Email-Worm.Zhelatin normally received as an email attachment; may consist of a rootkit, a peer-to-peer client, and a mass-mailing worm component. Its code may be injected and run from the legitimate services.exe process in order to bypass firewalls.
mssysif	(Random Name).tmp	X	Identified as a variant of the Trojan-Downloader.Win32.Agent.pnv malware.
mssysif	(Random Name).exe	X	Identified as a variant of the Trojan-Downloader.Win32.Agent.pnv malware.
Antivirus	aav.exe	X	Added by the Advanced Antivirus rogue anti-spyware program.
MSN Booter	msnbootcf.exe	X	Added by the Troj/Delf-FAS Trojan.
Antivirus2008y	antvrs.exe	X	Added by the Antivirus 2008 rogue anti-spyware program.
MicrosoftUpdate	RBuilder.exe	X	Added by the Troj/Dloadr-BMV Trojan.
MSServer	<random>.dll	X	Unknown malware. Please note that C:\Windows\System32\rundll32.exe is a legitimate file.
C:\Documents and Settings\All Users\Application Data\ADSL Software Limited\WinSpywareProtect\winspywareprotect.exe	winspywareprotect.exe	X	Added by the WinSpywareProtect rogue anti-spyware program.
AntiSpyCheck 2.1	AntiSpyCheck 2.1.exe	X	Added by the AntiSpyCheck rogue anti-spyware program. AntiSpyCheck is a misleading application that may give exaggerated reports of threats on the computer.
AUTORUN_VAL	AntiSpyCheck 2.1.exe	X	Added by the AntiSpyCheck rogue anti-spyware program. AntiSpyCheck is a misleading application that may give exaggerated reports of threats on the computer.
Windows svchost	servicean.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Windows UDP Control Center	winudpmgrs.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Windows svchost	ctfmon32.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Windows Acer Service	acersv.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Image Remote Players	sysvn.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
[system]	services.exe	X	Identified as a variant of the W32.Mandaph worm.
windows	windowssys.exe	X	Added by the Troj/Banloa-FK Trojan.
msupdater	msupdater.exe	X	Added by a variant of the Worm.DR.Zhelatin malware. This family of malware spams email messages used to entice users into visiting sites hosting exploits that would result in a drive-by download. On visiting the link, a cocktail of browser and application exploits that attempts a drive-by install of malware on the users machine is performed.
helloserv	helloserv.exe	X	Added by a variant of the Worm.DR.Zhelatin malware. This family of malware spams email messages used to entice users into visiting sites hosting exploits that would result in a drive-by download. On visiting the link, a cocktail of browser and application exploits that attempts a drive-by install of malware on the users machine is performed.
grinders	grinders.exe	X	Added by a variant of the Worm.DR.Zhelatin malware. This family of malware spams email messages used to entice users into visiting sites hosting exploits that would result in a drive-by download. On visiting the link, a cocktail of browser and application exploits that attempts a drive-by install of malware on the users machine is performed.
fastsmell	fastsmell.exe	X	Added by a variant of the Worm.DR.Zhelatin malware. This family of malware spams email messages used to entice users into visiting sites hosting exploits that would result in a drive-by download. On visiting the link, a cocktail of browser and application exploits that attempts a drive-by install of malware on the users machine is performed.
biglow	biglow.exe	X	Added by a variant of the Worm.DR.Zhelatin malware. This family of malware spams email messages used to entice users into visiting sites hosting exploits that would result in a drive-by download. On visiting the link, a cocktail of browser and application exploits that attempts a drive-by install of malware on the users machine is performed.
Microsoft WinUpdate	msupdte.exe	X	Unknown Malware.
MicroSoft Legal Syst3m32	Syst3m32.exe	X	A variant of the Backdoor.Sdbot family of worms and IRC backdoor Trojans.
Windowfdgfds DasdLL Verifier	winupdatr.exe	X	Identified as a variant of the WORM_AGOBOT.HZ worm.
Win32 SubSystem	lsass.exe	X	Identified as a variant of the Trojan-Downloader.Win32.Agent.sgl malware.
ExploreUpdSched	scntqkdm.exe	X	Identified as a variant of the Adware-Zeno malware.
Deewoo	scntqkdm.exe	X	Identified as a variant of the Adware-Zeno malware.
<not used>	iftuyszv.exe	X	Identified as a variant of the TrojanDownloader:Win32/Renos.CR malware.
Modifiet Amateur HTPB	wuaclt.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
mceipww	(Random 8 Letter).exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
kdmsx	(Random 8 Letter).exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
idlesam	(Random 8 Letter).exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
icccomp	(Random 8 Letter).exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
eMessenger	emsn.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
reszrv	(Random 8 Letter).exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.

Pages: (122) [1] 2 3 ... Last »

Disclaimer

It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. BleepingComputer.com will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from Uniblue Systems. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides