Arcade File Downloads Support Forum
Email
Confirm email
Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page 012 3 4 5 6 7 8910 11 12 13 14 15 161718 19 20 21 22 23 242526 27 28 29 30 31 323334 35 36 37 38 39 40
414243 44 45 46 47 48 495051 52 53 54 55 56 575859 60 61 62 63 64 656667 68 69 70 71 72 737475 76 77
78 79 8081 82 83 84 85 8687 88 89 90 91 9293 94 95 96 97 9899

Key:

  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown
Startup Name Process Name Details
X ruin system32.exe"Added by the DELF-JM TROJAN!"
U RuLaunch RuLaunch.exeInstant Updater for McAfee's VirusScan Internet Security Quick Clean Uninstaller and Firewall products. In the case of VirusScan leave it enabled unless you update manually on a regular basis
X Run real.exe"Added by the LOVGATE.E WORM!"
X run Autoexec.com"Added by the HOLCAS.A WORM!"
X run inetinfo.exe"Added by the BINGHE TROJAN!"
X Run help.exe"Identified as the DELF.LF by Ewido Security Suite"
X run rundll32.exe rsrc.dll"Chinese originated browser hijacker - redirecting to 4199.com Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
X run cchost.exe"Added by the SQUATBOT-C TROJAN!"
X run e.exe"Added by the IMONI-E TROJAN!"
X Run Manager.exe"Detected by Kaspersky as the DELF.EUN TROJAN! See here. The file is found in %AppData%\Adobe - see the link for more information"
U Run Google Web Accelerator GoogleWebAccWarden.exe"Google Web Accelerator"
X Run Msn Messenger msnmgr.exe"Added by the AGOBOT.HA WORM!"
X Run MSupdt32 wscript MSupdt32.vbs"Added by the CASER WORM!"
U Run Nintendo Wi-Fi USB Connector Registration Tool NintendoWFCReg.exe"Related to Wi-Fi USB Connector from Nintendo"
U Run POPFile in background perl.exe"POPFile - E-mail spam blocker"
U Run POPFile in background wperl.exe"POPFile - E-mail spam blocker"
X Run Services as Application localsvc.exe"Added by the DLOADER-NY TROJAN!"
X Run Services as Application netsvc.exe"Added by the DLOADER-NY TROJAN!"
X Run Services as Application spoolsvc.exe"Added by the DLOADER-NY TROJAN!"
X Run Services as Application svcadmin.exe"Added by the DLOADER-NY TROJAN!"
X Run Services as Application svcman.exe"Added by the DLOADER-NY TROJAN!"
X Run Services as Application svcrun.exe"Added by the DLOADER-NY TROJAN!"
X Run Services as Application tcpsvc.exe"Added by the DLOADER-NY TROJAN!"
X Run Services as Application websvc.exe"Added by the DLOADER-NY TROJAN!"
U Run StartupMonitor StartupMonitor.exe"Mike Lin's StartupMonitor throws up an alert and asks your permission every time any change is made to your start-up configuration either in the registry or start menu"
X run windows servic.bat"Added by the REBOOT-AP TROJAN!"
X Run05 rundll_32.exe"Added by the BANCOS-DT TROJAN!"
X run32 run32dll.exe"Added by the SDBOT-CWB WORM!"
X run32dll WINClock.exeAdded by an unidentified VIRUS WORM or TROJAN!
X run32dll task32.exeAdded by an unidentified VIRUS WORM or TROJAN!
X Run32dll ocxdll.exeAdded by an unidentified VIRUS WORM or TROJAN!
N run= cmmpu.exeMIDI emulator driver for the integrated sound chip by C-Media based on the CMI-8330 chip set normally found in cheap motherboards. Also installed as part of the software for a Guillemot Maxi Muse sound card (PCI)
N run= hpfschedHPFSCHED is a small TSR that will remind you to clean the cartridges in your DeskJet from time to time in order to keep print quality high. It can be removed from the run line in win.ini if you do not want that feature
N run= lxdboxcp.exeLexmark DOS-Printing Control Program for the Lexmark 2050. Only required if you need to print from DOS
N run= pcfix2k.exepcfix2k splash screen
X run= ptlseq.cpl"PhoenixNet BIOS adware. See here"
U run= ramsys.exe"Advanced Startup Manager from Rays Lab"
? run= wallflip.exe"Desktop wallpaper changer?"
X run= svcinit.exe"CoolWebSearch parasite variant"
X run= fntldr.exe"CoolWebSearch Tapicfg parasite variant"
Y run= smsrun16.exeMicrosoft Systems Management Server (SMS) related - program that reads SMSRUN16.INI on clients running Win 3.1 Windows for Workgroups Win95 or OS/2 to create program groups on the client and then launch SMS client programs
? run= win.ini"??"
X run= RAVMOND.exe"Added by the LOVGATE-F WORM!"
X run= dec25.exe"Added by the ATAK.F WORM!"
? run= LXBTppls.exe"Reportedly part of Lexmark printer software - what does it do and is it required?"
N run= fmedia.exeFMedia FaxWorks related - can be run manually
Y run= wswpd.exeUsed with some models of Panasonic Epson and NEC printers - required for printer to work
X run= cyxid98.exeUnidentified malware
X run= info32.exe"CoolWebSearch Tapicfg parasite variant"
X run= mouse_configurator.win"Added by the GAGGLE.E WORM!"
X run= RegistryReminder.exe"Added by the APSTROJAN.OB TROJAN!"
X run= sec5dec.exe"Added by the ATAK.G WORM!"
X run= wmplayer.exe"CoolWebSearch Smartsearch parasite variant"
X run= Autoexec.com"Added by the HOLCAS.A WORM!"
X run= htmlsync.exeSearchforfree.info browser hijacker
X run= msoffice.exe"Added by the ADWARELOADER TROJAN! Note - do not confuse with the legitimate Microsoft Office file which would typically be located in the Program FilesMicrosoft OfficeOffice folder!"
X run= DRDOOM.EXE"Added by the SEMAPI-A WORM!"
X run= svhost.exe"Added by the ADMINCASH.B TROJAN!"
X run= dllreg.exe"Added by the DUMARU-L TROJAN!"
X run= Celine.scr"Added by the CELINE-A TROJAN!"
X run= services.exe"Added by the KREPPER-N TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a ""inet10066"" subfolder of the Windows or Winnt folder"
U RunAlert AService.exe"PC Alert III - MSI motherboard monitoring software. Only required if you ""overclock"" your system. Appears as a service in XP/Vista and under the ""RunServices"" registry key in Win98/2K"
N runAP runAP.exe"Not required but what is it?"
X runapp icqchk.exe"Added by the BOMKA TROJAN!"
X Runapp32 Runapp32.exe"Added by the NEODURK TROJAN!"
Y RunCA InvokeSvc3.exeWireless-G USB Wireless Network Adapter related - would appear to be required
X Rund11 Rund11.EXE"Added by the MARIO-C WORM!"
X rund1132 rund1132.exe"Added by the DOPBOT-A WORM!"
X Rund1132.exe Rund1132.exe"Added by the STARTPA-HS TROJAN!"
X Rund1l32 Winfi1e32.exe"Added by the MERTIAN WORM!"
X runddlfile runddl.exe"Added by the DELF.D TROJAN!"
X Rundil32 runlli32.exe"Added by the QQPASS-U TROJAN!"
X Rundil32 Updadv.exe"Added by the QQPASS-N TROJAN!"
X rundl332 math.exe ...pluged.exe"Added by the DOOMJUICE WORM!"
X rundli32 rundli32.exe"Added by the LADE WORM!"
X RunDLL rundll32.exe [path] Bridge.dllLoad"Flingstone.com browser hijacker. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
X Rundll Rundll~.exe"Added by the DELF-KT TROJAN!"
X Rundll rundll32.exe [random filename].dll"Added by the MYTOB.IG WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folder"
X RunDll RunDll.exe"Added by the QQPASS-AH TROJAN! Note - this is NOT the Windows system file of the same name as described here"
X RunDLL Kernel File Core rundll.exe"Added by a variant of the SLAPER TROJAN!"
X rundll*** die.exe [path] mdll.exe"Added by the SUMTAX TROJAN! where *** is 134 569 777 or 946"
X rundll*** die.exe [path] secure.bat"Added by the SUMTAX TROJAN! where *** is 134 569 777 or 946"
X rundll*** die.exe [path] secure.exe"Added by the SUMTAX TROJAN! where *** is 134 569 777 or 946"
X rundll*** die.exe [path] ttg.exe"Added by the SUMTAX TROJAN! where *** is 134 569 777 or 946"
X Rundll16 Rundll16.exeAdded by a number of VIRUSES WORMS and TROJANS!
X Rundll32 Rundll32.exe"Added by the DVLDR TROJAN! Note - this is not the valid ""Rundll32.exe"" as it's in the WindowsFonts directory"
N RUNDLL32 RUNDLL32.EXE NvQtwk NvCplDaemon"System Tray icon used to change display settings change the clock rate and memory speed for nVidia based graphics cards. This is unnecessary since you can easily configure these settings the way you want them in the Display Properties and not have to mess with them again. Also disable the ""NVIDIA Driver Helper Service"" if enabled as it can cause this entry to be re-enabled on re-boot (note that this service can also cause extreme shutdown delays if enabled - see here)"
N RunDLL32 RunDLL32.exe NvMCTray.dll NvTaskbarInit"System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game ""Everquest"". Otherwise settings can be changed manually via Display Properties"
X RunDLL32 winupdate.exe"Added by an unidentified TROJAN! - possibly a BMBOT variant"
X Rundll32 Windows.exe"Added by the QQPASS.E TROJAN!"
U Rundll32 Rundll32.exe ptipbm.dll SetWriteBack"Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. Tells the drivers that the connected Drives should use the ""Write Back"" Caching. You can disable this if you don't want to use ""Write Back"" Caching or if you have not connected any driver to your Promise Controller"
X rundll32 [path to worm]"Added by the AUTEX WORM!"
? rundll32 rundll32.exe ptipbmf.dll SetWriteCacheMode"Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. May be necessary in order to maintain preferences applied to the RAID array connected to the Promise controller"
X rundll32 rundll32.exe"Added by the SANKER WORM! Note - this is not the legitimate rundll32.exe process which is found in the Windows folder (98ME) or the System32 folder(NT2000XP). This one is is located in the Winnt or Windows folder"
X rundll32 csrss.exe"Added by the GUTTA TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
U rundll32 RunDLL32.exe irprops.cpl BluetoothAuthenticationAgent"Associated with BlueTooth software and registers the ""Infrared Port properties"" Control Panel applet. Should you get the error message ""Rundll irprops.cpl missing entry Bluetooth authentication agent"" click here here for more information. In case you no longer have BlueTooth support installed and don't need it simply uncheck the entry in Msconfig > Startup"
X RUNDLL32 rundl32.exe"Added by the DEMOTRY-A WORM!"
X rundll32 rundll32.exe"Added by the AGENT-EZ TROJAN! Note - the real rundll32.exe resides in the System (9x/Me) or System32 (NT/2K/XP) folder whereas this file is found in a ""SHELLEXT"" subfolder"
X Rundll32 RUNDDLL32.EXEAdded by the STARTPAGE.AXH TROJAN!
X rundll32 kernel32.exe"Added by the STAP-C WORM!"
X rundll32 kernel33.exe"Added by the STAP-D WORM!"
X rundll32 MSDTC.exe"Added by the STAP-E WORM!"
X rundll32 rookie.vbs"Added by the ROOKIE-A TROJAN!"
X rundll32 rundll64.exe"Added by the DELF.BKC TROJAN!"
N Rundll32 cmicnfg Rundll32 cmicnfg.cpl CMICtrlWndSystem tray control panel for C-Media based soundcards - often included on popular motherboards with in-built audio. Available via Start -> Settings -> Control Panel
Y RunDll32 essprops RunDll32 essprops.cpl TaskbarIconWndAssociated with a Logitech mouse - required for proper operation
U Rundll32 P17 Rundll32 P17.dll P17Helper"ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality"
X Rundll32.exe Proyecto1.exe"Added by the GRUEL WORM!"
X Rundll32.exe Root.exe"Added by the GRUEL WORM!"
X Rundll32_7 rundll32.exe MSIEFR40.DLL DllRunServer"BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
X Rundll32_8 rundll32.exe inetp60.dll DllRunServer"BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
X Rundll32_8 rundll32.exe 1.dll DllRunServer"BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
X rundll64 [path to worm]"Added by the AUTEX WORM!"
X RundllSvr Rundll.exe"Added by the HUAYU WORM! Note - this is NOT the Windows system file of the same name as described here"
X Rundllsystem32 Rundllsystem32.exe"Added by the NETDEVIL.B TROJAN!"
X Rundnm Rundnm.exe"Added by the DELF-HA TROJAN!"
X RUNGogoTools LaunchAdware.exe"GoGoTools adware"
X RUNGogoTools GoGoLaunch.exe"GoGoTools adware"
X RUNHYPER hyperx.exe"PurityScan/Clickspring adware"
X runing win.exe"Added by the DELF-LC TROJAN!"
X RUNLOAD l0ad.exe"PurityScan/Clickspring adware"
X RUNLOUD loud.exe"PurityScan/Clickspring adware"
U Runmarc8mManager marc8m95.exe"MARC Sound System Manager for the Marc 8 MIDI sound card - allows for easy adjustment of the settings"
U RunNarrator Narrator.exeAssociated with the Narrator accessibility feature on Windows XP. It is used to convert text to speech
X Runner lsass.exe [trojan filename]"Added by the DROWSY-B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located the Winnt or Windows folder"
X Runner csrss.exe"Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X Runner lsass.exe"Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder"
X Runner svchost.exe"Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder"
X runner1 updater.exeAdded by the CRYPT.ULPM.GEN TROJAN!
X runner1 retadpu.exe"Added by the AGENT.SLZ TROJAN!"
X runner1 mrofinu.exe"Added by the AGENT.CZC TROJAN!"
X runner1 retadpu[random digits].exe"Added by the SMALL.CTV TROJAN!"
X runner1 tsitra.exe"Added by the AGENT.ABFQ TROJAN!"
U RunOnce RUNONCE.EXEPart of MS Data Access Components - only required if you use these
X Runonce runouce.exe"Added by the CHIR-B WORM!"
X RunOnceEx sms.exe"Identified as the DELF.LF by Ewido Security Suite"
X RunProg Server.exe"Added by the OPTIX.04.A TROJAN!"
X RunProg wini.exe"Added by the OPTIX.04.D TROJAN!"
X runreper viewer.exe"Added by the REPER.A VIRUS!"
X runs run.exe"Added by the RBOT-BWF WORM!"
X RunSearvices tread.exe"Identified as the DELF.LF by Ewido Security Suite"
X RunServices runsvc32.exe"Added by the AGOBOT.QJ WORM!"
X runservices services.exe"Identified as a variant of the SMALL.QO TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X runsql runsql.exe"Detected by PCTools as the DELF.ZWK TROJAN! See here"
X runSubvalues [path to file]"Added by the DLOADER-QY TROJAN!"
X runsvc runsvc.exe"Added by the SMALL-CF TROJAN!"
U RunSysd32 RunSysd32.exeDesktopShield2000 by St?phane Groleau. Locks the desktop at bootup so that users cannot bypass the Windows screensaver password. Only essential if using the program and is an optional setting. It can be disabled from within
X Runtime Process Csrss.exe"Added by the CIADOOR-J BACKDOOR! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X Runtime Server Subsystem csrss.exe"Added by the IRCBOT-XV WORM!"
X runtime.exe runtime.exeAdded by a variant of the Tibs malware
X Runtt1 Internat.exe"Added by the LINEAGE-R TROJAN!"
X Runtt1 Internet.exe"Added by the LINEAGE-Q TROJAN!"
X RunWin [path to file]"Added by the BANKER-ES TROJAN!"
X runwin32 runwin32.exe"Added by the ESEARCH-A TROJAN!"
X RUNWIN32 runwin32.exe"Added by the VB-AET TROJAN!"
X RunWindowsUpdate uptodate.exe"BrowserAid/BrowserPal foistware"
X runwinlogon winlogon.exe"Detected by Trend Micro as the AGENT.TQY TROJAN! See here. Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup!"
X Run[0] syscnfg.exe"Added by an unidentified VIRUS WORM or TROJAN! ""syscnfg.exe"" is found in C:windowsfonts (or C:winntfonts) directory where no *.exe files should reside"
X Run_cd Run_cd.exe"Added by the GHOST.23 TROJAN!"
Y run_pbnext PBNext.exe"PBNext is virtual phone system which offers the same functionality as expensive PBX hardware"
U Rupsw32 Rupsw32.exe"MegaTec Rups UPS monitoring software - monitor and control DB9 UPS running on either Windows & Novell NetWare (with RUPS 2000) or Unix (with RUPS for Unix / Plus) operating systems"
? RUSBHOLoader rundll32.exe RUSBHOLoader.dll AutoRegister"??"
X RVC6Player tskdbg.exe"Added by the ZAPCHAS-M TROJAN!"
X rvde N/ARelated to li-speed****
X RVP bpc.exe"BroadcastPC adware"
X rw service alg32.exe"LOOPAD.A adware"
X rx rundll32.exe"Added by the LINEAGE-BP TROJAN! Note - this is not the legitimate rundll32.exe process which is found in the Windows folder (98ME) or the System32 folder(NT2000XP). This file is found in the Windows or Winnt folder"
X rx explore.exe"Added by the ZHENGTU-A TROJAN!"
N RxMon rxmon9x.exe"Part of Dell Resolution Assistant - ""a diagnostic program that allows you to contact Dell. When factory-installed by Dell it allowed you to perform hardware and software diagnostics that provided alerts to potential problems and enabled real-time communication with Dell RA techs. You can now use RA only to contact Dell by e-mail"""
N RxUser RxUser.exe"Part of Dell Resolution Assistant - ""a diagnostic program that allows you to contact Dell. When factory-installed by Dell it allowed you to perform hardware and software diagnostics that provided alerts to potential problems and enabled real-time communication with Dell RA techs. You can now use RA only to contact Dell by e-mail"""
X ryan1918 servidevice.exe"Added by the RBOT-GVR WORM!"
X rydanmxe.exe rydanmxe.exe"Added by the DLOADR-AZZ TROJAN!"
X ryy rundl132.exe"Added by the PWS-ANA TROJAN!"
X rzt rundll32.exe"Added by the LINEAGE.BDP TROJAN! Note - this is not the legitimate rundll32.exe process which is found in the Windows folder (98ME) or the System32 folder(NT2000XP). This file is found in an ""Intel"" sub-folder of the Windows or Winnt folder"
Y r_server r_server.exe"Radmin - remote admistrator server"
X r_server service.exe"Added by the MULTIDR-CP TROJAN!"
X S svhost.exe"Added by the AGOBOT-LN WORM!"
X S0undMan svch0st.exe"Added by the LOVGATE.AB WORM! Note - the filename has the digit 0 rather then the uppercase ""o"""
? S24EvMon S24EvMon.exe"Event Monitor - supports driver extensions to NIC Driver for wireless adapters. Is it required?"
X S3 Internal Chip s3serv.exe"Added by the AGOBOT-DD WORM!"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.

Powered By Pac's Startup list

Copyright 2003-2009 I Am Not A Geek Inc.