Windows Startup Item Database

HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page

Key:

"Y" - Normally leave to run at start-up
"N" - Not required - typically infrequently used tasks that can be started manually if necessary
"U" - User's choice - depends whether a user deems it necessary
"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
"?" - Unknown

	Startup Name	Process Name	Details
X	Generic Host Process326a System Backup	scvhost326a.exe	"Added by a variant of the SDBOT WORM!"
X	Generic Host Service	lshost.exe	"Added by the RBOT.LU WORM!"
X	Generic Service Process	regsvc32.exe	"Added by the GAOBOT.UJ or GAOBOT.UL WORMS!"
X	Generic Service Process	serv1ces.exe	"Added by the AGOBOT-JK WORM!"
X	Generic Service Process	nvsvc.exe	"Added by the AGOBOT.BY WORM! Note - this is not the valid NVIDIA Driver Helper Service and is located in the System (9x/Me) or System32 (NT/2K/XP) folder"
X	Generic Services Process	regsvc32.exe	"Added by the GAOBOT.SY WORM!"
Y	Genie USB Monitor	USBmonitor.exe	Port monitor for an external USB hard drive. Required to enable access to the drive
X	Geography TX 1.0 NT	CompuSpeed.vbs	"Added by the NEWLEY-A WORM!"
X	Gerenciamento de arquivos do Windows	Winmod32.exe	"Added by the DLOADER-WG TROJAN!"
X	german.exe	winsystems.exe	"Added by the BAGLEDl-AE TROJAN!"
X	german.exe	wintems.exe	"Added by the BAGLE-AS TROJAN!"
X	Gestionnaire de disques universel	sysoobe.exe	"Added by the TOADER-A TROJAN!"
N	Get Smile	getsmile.exe	Puts smilie faces in your E-mail. Run manually when required
N	GetRight Tray Icon	GETRIGHT.EXE	GetRight from Headlight Software - download manager for resuming downloads and choosing multiple download locations. The freeware version is/was spyware. The registered version isn't if you don't install the Aureate/Radiate software. Available via Start -> Programs
X	GetTheMusic	"rundll32.exe MSA64CHK.dll	DllMostrar"
X	getwin	winB_.exe	"Added by the BANKER-HS TROJAN!"
U	GhostSecuritySuite	gss.exe	"Ghost Security Suite - protect the registry from unauthorized reading and modification and other tools"
N	GhostStartService	GhostStartService.exe	"Required to run the Windows based wizard in Norton Ghost - added from the 2003 version. Will start automatically when you run the wizard"
N	GhostStartTrayApp	GhostStartTrayApp.exe	"System Tray access to Norton Ghost - added from the 2003 version"
?	GhostSurfDelSatellite	DeleteSatellite.exe	"SpyCatcher spyware remover related. What does it do and is it required?"
Y	GhostSurfDelSatellite	DeleteSatellite.exe	"Part of SpyCatcher spyware remover from Tenebril. Prevents rogue programs from sending personal information to a remote user via the Internet. If you use SpyCatcher with real time scanning
X	gigabit.exe	gigabit.exe	"Added by the BEAGLE.U WORM!"
X	GigaByte	Cheatle.exe	"Added by the SHODI.B VIRUS!"
Y	Gilat SOM Enumerator	dllhost.exe	For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system
Y	GilatFTC	ftc.exe	For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system
X	gimmygames	[path to trojan]	"Added by the DLOADR-LN TROJAN!"
X	gimmysmileys	gimmysmileys.exe	"GimmySmileys adware"
X	GinaDll	ntgina.dll	"Added by the ANIG.A WORM!"
?	GisdnLog	gisdnlog.exe	"BT Digital Access USB"
U	Glass2k	Glass2k.exe	""Glass2k is a small little program that allows Win2K/XP users to make any window transparent""
X	GLF Network Lan Monitor	NPFMNTOR.exe	"Added by the RBOT-AGY WORM!"
Y	Glide	Glidew32.exe	"Cirque touchpad driver"
X	Global Startup	WinDash.EXE	"Recognized by Kaspersky antivirus as IM-Worm.Win32.VB.q
X	GlobalSCAPE	[random filename]	"Added by the RBOT-AYM WORM!"
X	GLSetIT32	msiexec16.exe	"Added by the OPTIX PRO TROJAN!"
X	GLSetIT32	isass.exe	"Added by a variant of the OPTIX PRO TROJAN!"
X	GLSetT32	smsiexec.exe	"Added by the OPTIX-D TROJAN!"
?	gluon	gluon.exe	"In a gluon/bin sub-directory"
X	glv	glv.exe	"Added by the DLOADER-NG TROJAN!"
X	GMedia2	GSM2.exe	"Malware downloader - recognized by Kaspersky antivirus as Trojan.Win32.VB.ux"
X	GMedia2	GSMedia3.exe	"Malware downloader - recognized by Kaspersky antivirus as Trojan.Win32.VB.ux"
Y	Gmouse	Gmouse.exe	Amouse mouse driver - required if you use non-standard Windows driver features
U	Gnetmous	gnetmous.exe	"Genius NetScroll+ mouse driver - required if you use non-standard Windows driver features"
U	GNETMOUSE	gnetmouse.exe	Genius mouse driver - required if you use non-standard Windows driver features
X	GNP Generic Host Process	svchost.exe	"Added by the ZAPCHAS TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!"
X	GNP Generic Host Process	svchost.exe	"Added by the ZAPCHAS-R TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup and is always located in the System32 folder. This worm file is found in the System folder"
X	GNP Generic Host Process	svchost.exe	"Added by the ZAPCHAS-AA TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This one replaces svchost.exe in the System32 folder with a copy of Mirc on (NT/2K/XP) systems and just adds svchost.exe to the System folder on (9x/Me) systems"
?	gnub	gnub.exe	"??"
X	Go!Zilla	gozilla.exe	Download manager for resuming downloads and choosing multiple download locations. Advertising spyware
X	Go!Zilla Monster Downloads	Go.exe	Download manager for resuming downloads and choosing multiple download locations. Advertising spyware
U	GoBack	GBMenu.exe	"Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users
U	GoBack	GBTray.exe	"System Tray icon access to Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users
U	GoBack Polling Service	GBPoll.exe	"Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users
U	GoBack Tray Icon	GBTray.exe	"System Tray icon access to Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users
X	GOG	GOG.exe	"Added by the PHILIS.B VIRUS!"
X	goidr	goidr.exe	"Goidr adware"
U	Goldensoft_MndlSvr	MndlSvr.exe	"Goldensoft CD Ghost related - turns a computer into a 200X-speed CD-ROM tower. Working from the hard drive
X	Golum	services.exe	"Added by the GOLUM.A TROJAN! Note - this is not the legitimate services.exe process
X	golumm	services.exe	"Added by the DLOADER-ET TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a ""golumm"" subfolder"
X	google	google.exe	"Added by the RBOT-AMW WORM!"
N	Google Desktop Search	GoogleDesktop.exe	"Google Desktop Search - ""a desktop search application that provides full text search over your email
X	Google Earth	[random filename]	"Added by the RBOT-AXK TROJAN!"
N	Google Earth Viewer	GOOGLEMAPS.EXE	"Google Earth ""combines satellite imagery
X	google Intrenet Explorer	google.pif	"Added by the RBOT-ARA WORM!"
X	Google service	Googlesetup.exe	"Added by the IRCBOT-RJ WORM!"
X	google toolbar	ggtb32.exe	"Added by the AGOBOT-RR WORM!"
N	GoogleDCClient	GoogleDCC.exe	"Google Compute Client - only present if you installed the Google Toolbar with ""Google Compute"" client active. Does complex calculations in the background when idle. If you want to turn it off go to your browser
U	googletalk	googletalk.exe	"Google Talk ""enables you to call or send instant messages to your friends for free-anytime
U	GoToMyPC	g2svc.exe	"ExpertCity GoToMyPc logon - web-based remote-access solution that allows individuals and companies to register their computers online and then securely access those computers from any web browser"
U	GotSmiley	GotSmiley.exe	"GotSmiley - ad supported program that provides the user with smileys for use in emails. Not recommended"
X	gouday.exe	readme.exe	"Added by the BEAGLE.C WORM!"
N	GRA	gra.exe	"Looks at system resources at startup and warns you if they have dropped. Contains links to the Disk Clean Up
?	gramdate	2Stop.exe	"??"
X	Graphic Driver	smss32.exe	"Added by a variant of the RBOT WORM!"
X	Graphic Loader	ntvdm32.exe	"Added by a variant of the RBOT WORM!"
U	Gravis Appawareloader	dbserver.exe	"Looks like it's associated with Gravis game controllers and the Keyset Manager
U	Gravis Xperience Driver Support	Grxp4exe.exe	"Driver for Gravis game controllers such as the Eliminator Aftershock. Must be loaded if you run the supplied application software for the controller to be recognized. Start it manually via a shortcut if not used"
?	GrdSys32	GrdSys32.exe	"X-Stream ISP software. Offers free Net access funded by on-screen ads. Is it required or can you create your own dial-up networking connection to use on demand?"
N	Greetings Workshop	GWREMIND.EXE	You really want to be reminded about somebody's birthday at the expense of resources?
X	gremier	wscript.exe gpremier.vbs	"Added by the GPREMIER WORM!"
X	Gremlin	intrenat.exe	"Added by the DOOMJUICE WORM!"
N	Grokster	Grokster.exe	"Grokster Peer-To-Peer File Sharing program"
N	GrpConv	grpconv.exe	"Microsoft Windows Program Group Converter - used by installers (ONLY in the RunOnce keys) - provides the translation of groups and group items to folders and links. Also see this MS Knowledge Base article"
X	GsAds	gms2.exe	"PacerD_Media/Pacimedia.com adware"
?	Gscbc	Gscbc.exe	"??"
X	gshp	zzgshp.vbs	Homepage hi-jacker
N	Gsiconexe	Gsicon.exe	"ADSL modem monitor from Eicon Networks (as used by BT for its Broadband internet service for example). Can safely be disabled without affecting the connection - all this does is give an indication of connectivity and access to the diagnostic facilities"
?	GsiFinal	"rundll32 gspndll.dll	postInstall final"
?	GSISETUP	[path] GsiInst.exe INSTALL [path] V205Res 13	"BT Voyager ADSL modem related - what does it do and is it required?"
N	GSOrganizer	GSOrganizer.exe	"GoldenSection Organizer - personal information manager"
X	gssomatic	gssomatic.exe	"Searchcentrix hijacker"
X	GStartup	GMT.exe	"Gator spyware component - see here"
X	gsv	gsv.exe	Added by the ROBAL 1.0 backdoor TROJAN!
U	GTVEpg	GTVEpg.exe	"Part of Got All Media - control your TV tuner and other utilities from your PC"
X	GTVRec	GTVRec.exe	"Part of Got All Media - control your TV tuner and other utilities from your PC"
N	Gtwatch	gtwatch.exe	Associated with a Mustec scanner and not required
U	Guard	Guard.exe	"Related to Phoenix Technologies Core Managed Environment (cME) Integration and Certification program"
N	Guardian	CMGrdian.exe	"McAfee's QuickClean
U	Guardian PC Security Tools	Pfft.exe	"Boomerang Software's Guardian PC Security Tools - now rebranded as the eXtendia Security Suite"
X	guarnset	guarnset.exe	"Adlogix adware"
U	GuruNet	GuruNet.exe	"GuruNet lets you click on any word on your screen to get the relevant information you want"
X	GustavVED	[filename].exe	"Added by the OPASERV.H WORM!"
X	gvagfxj	rundll32 ...gvagfxj.dll	"Unidentified adware
Y	gw port controller	PORTCT95.EXE	"From a visitor - "I must keep it active in start up or my Lexmark printer and RCA Cam program cannot discover a working port to work". From the file properties
N	GWInkMonitor	GWInkMonitor.exe	"Gateway ink monitor - makes an annoying popup that says your printer may be running out of ink
N	GWMDMMSG	GWMDMMSG.exe	Used with internal modems on Gateway and vprMatrix PCs. This is the "GTW modem messaging applet" and is not required for the modem to work correctly
U	GWMDMpi	GWMDMpi.exe	"Used with internal modems on Gateway PCs such as the 450SX Notebook. Required for audio settings to be maintained and does not remain in memory once run. See here for more information"
U	gwum	gwum.exe	"Gigabyte utility manager. Loads if you have a Gigabyte motherboard and got a full bundle of utilities installed. Monitors CPU
?	gyy	gyy.exe	"Possibly Gator (and therefore spyware) related?"
X	G_Server.exe	G_Server.exe	"Added by the FEUTEL-C TROJAN!"
X	G_Server1.2.exe	G_Server1.2.exe	"Added by the GRAYBIRD-Z TROJAN!"
U	H/PC Connection Agent	WCESCOMM.EXE	Active sync for use with Windows CE based palm PC
U	H2OWIBU	CXWibu.exe	"Related to CodeMeter from WIBU-SYSTEMS AG. Software protection hardware"
X	h4te Service Drivers	h4te.exe	"Added by a variant of the RBOT WORM!"
X	hachimitsu-lemon	hachimitsu-lemon.exe	"Added by the HACHILEM TROJAN!"
X	hagent	avp.exe	"Added by the ""Herman Agent"" remote access TROJAN!"
U	HalifaxHowardCluster	skinkers.exe	"Howard the Weatherman desktop client from Halifax by Skinkers - marketing/messaging tool. Leave enabled if you want to receive messages"
U	HaMFrontPanel	hampanel.exe	"Displays a panel simulating modem lights for the Intel HaM internal modem. The lights are useful as a reminder to disconnect from the net if you are likely to forget
U	Handy Backup 3.9	hbagent.exe	"Handy Backup - automatic backup of your critical data to virtually any type of storage media including CD-RW devices and remote FTP servers"
X	Hard drive Controller	hdcontroller.exe	"Added by the KIMAN.B WORM!"
U	Hardware Doctor	Hwdoctor.exe	"Winbond Hardware Doctor - as included on some motherboard using Winbond's hardware monitoring chips. Displays fan speeds
X	Hardware Monitor Service	mshms.exe	"Added by the WOLLF-A TROJAN!"
X	Hardware Profile	hxdef.exe	"Added by a variant of the LOVGATE WORM!"
X	Hardware Profile	hxdef.exe...	"Added by a variant of the LOVGATE WORM!"
U	Hardware Sensors Monitor	hmonitor.exe	Utility to monitor fan speed and temperatures - similar to Motherboard Monitor. Only required if you're concerned about your system temperature - typically for "overclocked" systems
U	Hare	hare.exe	"Hare - improve and optimize performance of desktop/laptop PCs"
X	HATAPE	[path to trojan]	"Added by the BANKER-QF TROJAN!"
U	HawkEye	HAWK_95.EXE	"Control Panel application for the old Number Nine graphics cards to change resolution
U	HawkEye IV Control Panel	HAWK_32.EXE	"Control Panel application for the old Number Nine graphics cards to change resolution
X	Hbinst	Hbinst.exe	"Hotbar enhances the surfing experience offering a variety of innovative and fresh skins to the browser while providing users worldwide with access to various services of added value and fun. Also regarded as adware/spyware due to it's adds and browsing habits information gathering - see here"
N	HC Reminder	hc.exe	"For Compaq PC's. Help Compiler
N	HCDetect	HCDetect.exe	"MS HomeClick Network - simple home network setup and configuration program included with 3Com HomeConnect home networking products. Runs in the background for network printer notification
U	hcenter	tgcmd.exe	"See also TgAddServer. This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the ""U"" recommendation"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.