Windows Startup Item Database

HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page

Key:

"Y" - Normally leave to run at start-up
"N" - Not required - typically infrequently used tasks that can be started manually if necessary
"U" - User's choice - depends whether a user deems it necessary
"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
"?" - Unknown

	Startup Name	Process Name	Details
X	WebSpecials	rundll32 [path] webspec.dll	WebSpecials spyware
X	Websx	Int*****.exe	Adult content dialler - where ***** are random
Y	Webtrap	webtrap.exe	Part of PC-Cillin anti-virus software. Checks web-sites for malicious Java and ActiveX elements in a similar way to McAfee WebScanX. A few users find it infuriating
Y	WebTrapNT.exe	WebTrapNT.exe	Part of PC-Cillin Anti-Virus software. Checks visited web-sites for malicious Java and ActiveX elements
U	WebWasher	wwasher.exe	"Free Pop-up/ad/javascript filter program from Siemens. If not running then browsers will not be protected but will still work. Available via Start -> Programs"
X	WeirdOnTheWeb	WeirdOnTheWeb.exe	"Added by the WeirdOnTheWeb adware"
N	Welcome	Welcome.exe	Launches the Welcome to Windows tutorial on boot up
?	WEPstat	Wepstat.exe	"Cisco Aironet 340 Series PC Card driver. If it can be started manually it shouldn't be required if you don't use the PC card facility regularily - hence the status could be ""U"". Can anybody confirm this?"
X	wersds	doriot.exe	"Added by the JECT.C TROJAN!"
X	wersds.exe	doriot.exe	"Added by the BAGLEDI-A TROJAN!"
X	wesumu	wiustv.exe	"Added by the QQPASS-L TROJAN!"
N	WetSock	wetsock.exe	"RoboMagic Wetsock - weather reporting in the System Tray"
N	wextract_cleanup0	"advpack.dll	DelNodeRunDLL32 [path] [filename].TMP"
N	WFGStartup	WFGStartup.exe	"wfips	iphider.exe	"ICQ (messaging/chat program) anti-bomb software. "WFIPS is anti-bomb software for safeguarding ICQ Bomb before the bombing. 'ICQ Defoolder' is a tool for removing ICQ bomb after being exposed." For more information about ICQ bombs see here"
N	WFXCTL32.EXE	WFXCTL32.EXE	From WinFax 10.0 and possibly earlier versions. Appears if you chose to have WinFax appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start -> Programs
Y	wfxsnt40	wfxsnt40.exe	WinFax 10.0 and maybe earlier versions. The program that opens the port for WinFax and not normally in the start menu. Needed if you want to run WinFax
?	WFXSwtch	WFXSWTCH.exe	"Related to WinFax. What does it do and is it required?"
U	WG111v2 Smart Wizard Wireless Setting	RtlWake.exe	"Configuration utility for the Netgear WG111 54 Mbps Wireless USB 2.0 Adapter that ""provides wireless access to your desktop or notebook PC through the computer's USB port"""
Y	WG511WLU	WG511WLU.exe	Netgear configuration programme for the 54g wireless lan card - required to monitor and manage the lan card
U	WGWLocalManager	WGWLocalManager.exe	"Part of Flash-Networks NettGain2000 product. NettGain 2000 is a combined hardware/software networking solution
Y	WgwMngr	WgwMngr.exe	"Part of Flash-Networks NettGain2000 product. NettGain 2000 is a combined hardware/software networking solution
X	whagent	whagent.exe	"System Tray application that starts up Webhancer software. Software that optimizes your web browser and is also advertising spyware that you can find out about here"
U	WhatPulse	WHATPU~1.EXE	"WhatPulse keeps track of your keystrokes
U	WheelMouse	4DMAIN.EXE	Mouse software for "Fellowes" Wheelman mouse. Has caused some users problems but shouldn't be needed if you don't use any enhanced features it may provide
U	WheelMouse	AMOUMAIN.EXE	"A4Tech wireless mouse driver and utility - required if you use non-standard Windows driver features"
X	WheelsMouse	[path to trojan]	"Added by the SOCKSPR-D TROJAN!"
X	WhenUSave	Save.exe	"WhenU.Save adware"
X	WhenUSearch	Search.exe	"WhenU.Save adware"
X	WhenUSearchWHSE	whse.exe	"WhenU.Save adware"
X	Whistler	whismng.exe	"Added by the WHISTLER-F TROJAN!"
X	Whitechix	brightx.exe	"Added by a variant of the SDBOT WORM!"
X	Whvlxd	Whvlxd.exe	"Added by the LXD.MIRC TROJAN!"
N	WIAWizardMenu	"RUNDLL32.EXE sti_ci.dll	WiaCreateWizardMenu"
X	Widnows Xp Web scan	xpscan.exe	"Added by a variant of the SDBOT WORM!"
X	wifeman	wifeman.exe	Unidentified malware
X	WildFlics	WildFlics.exe	"Added by the Direct-B premium rate adult content dialler"
?	WildTangent CDA	"RUNDLL32.exe cdaEngine0400.dll	cdaEngineMain"
U	WildTangent Web Driver updater	wcmdmgrl.exe	"Web Driver delivery system for WildTangent on-line games. Periodically checks for updates - can be disabled within the programs control panel. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case"
N	Wildwire Monitor	WWMon.exe	This places a status icon on the taskbar for the DSL WildWire Tiger Modem. This is also a shortcut to the diagnostics utility for the DSL modem
N	Willow Road	WillowRoad.exe	Willow Road Screen Saver
X	win	regedit -s ..win.dll	"Added by the SEEKER.K TROJAN!"
X	win	xwinxrpc32.exe	"Added by the AGOBOT-MV WORM!"
X	win	xwinxrpc.exe	"Added by the AGOBOT-MV WORM!"
X	WIN	ehshell.exe	"Added by the MYTOB-CQ WORM!"
X	WIN	windows.exe	"Added by the REATLE.C WORM!"
U	Win Chimes	winchi~1.exe	"WinChimes - enhancement software for the system clock that runs in the system tray"
X	Win Comm	WinComm.exe	"Added by the WINCOM TROJAN!"
X	Win Command	command32.exe	"Added by the AGOBOT.XQ WORM!"
X	Win CPU	sysin.pif	"Added by the RBOT-AXL WORM!"
X	win ctl app	wuctl.exe	"Added by a variant of the SDBOT WORM!"
X	Win Drivers SSL	hpws.exe	"Added by the IRCBOT.67098 WORM!"
X	Win Drivers SSL	TASKMAN4.exe	"Added by a variant of the RBOT WORM!"
X	Win Drivers SSL	hpws.exe	"Added by the IRCBOT.67098 WORM!"
X	Win Drivers SSL32	hpwsnnsbc.exe	"Added by the SPYBOT.MAR WORM!"
X	WIN HOST PROCESS	WIN HOST PROCESS.EXE	"Added by the KEYLOGGER.CLONE TROJAN!"
X	Win l5oahder	winampa.exe	"Added by a variant of the AGOBOT/GAOBOT WORM! Note - this is NOT the popular Winamp media player which has the same filename"
X	Win Login	winlogin.exe	"Added by the RBOT-AWE WORM! Note - this trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder"
X	Win Microsoft 98	win14.exe	"Added by the RBOT-AKX WORM!"
?	win name	stat.exe	"??"
X	Win Patch	ntldr.exe	"Added by the SDBOT-GS WORM!"
X	WIN prosessor16	[random filename].exe	"Added by a variant of the SDBOT WORM!"
X	Win Secure Update	[random filename]	"Added by the RBOT-AGI WORM!"
X	Win Security	msw32.pif	"Added by the RBOT-AQT WORM!"
X	Win Server	winserv.exe	"Added by the IMISERV.A TROJAN!"
X	Win Server Updt	wupdt.exe	"Added by the IMISERV.A TROJAN!"
X	Win Server Updt	winserver.exe	"Added by a variant of the IMISERV TROJAN!"
X	Win Server Updt	pxckdla.exe	"IEPlugin adware"
X	Win TaskLoader	msgmr.exe	"Added by the MYTOB.L WORM!"
X	win update	wupda32.exe	"Added by the SDBOT.J WORM!"
X	win update	wapdate.exe	"Added by a variant of the RBOT WORM!"
X	Win Update	SysUpdate.exe	"Added by the AGOBOT-TN WORM!"
X	Win Update	oleupdate.exe	"Added by the AGENT-UY TROJAN!"
X	Win Updater	WINUPDATER.EXE	"Added by the RBOT.IP WORM!"
X	Win Updator Services	ctfnom.exe	"Added by a variant of the WOOTBOT WORM!"
X	WIN USB 2.0	usbsystem.exe	Added by an unidentified WORM of TROJAN!
X	WIN USB 2.0	winusb.exe	"Added by a variant of the RBOT WORM!"
X	Win USB 2.0 USB Driver	HPPrint.exe	"Added by the SPYBOT.DNB WORM!"
X	WIN USB SUPPORT	grxsrv.exe	"Added by a variant of the RBOT WORM!"
X	Win Validation Application	DBExecCom.exe	"Added by the VBSILLY-A WORM!"
X	Win WinAmp	winamp.exe	"Added by the RBOT.AGF WORM! Note - this is not the Winamp media player executable (WinAmpa.exe)"
X	win************* [* = random digit]	win************.exe [ = random digit]	"WINBO adware"
X	WIN-BUGSFIX	WIN-BUGSFIX.EXE	"Added by the LOVELETTER (I LOVE YOU) VIRUS!"
X	win-xp	nvsc32.exe	"Added by the BROPIA.N WORM!"
X	win-xp	winis.exe	"Added by the BROPIA.N WORM!"
X	win-xp	winis.exe	"Added by the BROPIA.N WORM!"
X	win.exe	win.exe	"Added by the PODROP-C TROJAN!"
U	win16.dll	win16dll.exe	"Screenspy captures screenshots silently. If you didn't install this yourself
X	Win2Drv	[worm filename]	"Added by the WINTOO WORM!"
X	WIN32	WIN32.EXE	"Added by the RATEGA TROJAN!"
X	win32	Shakira_1997_Part_1_.Mpeg_.scr	"Added by the MYLIFE.N WORM!"
X	win32	Setup_32.exe	"Added by the EVILBOT.B TROJAN!"
X	Win32	Win32.exe	"Added by the ISRAZ.A WORM!"
X	win32	winsrv32.exe	"Added by the ADUENT TROJAN! Acts as a hi-jacker redirecting to Surferbar.com and adult content sites"
X	win32	WinSetup.exe	"Added by the EVILBOT.B TROJAN!"
X	Win32	system32.vbs	"Added by the SWERUN VIRUS!"
X	Win32	Game.exe.vbs	"Added by the SCAFENE WORM!"
X	Win32	arsetup.exe	Added by the SPAZBOX.A TROJAN!
X	win32	winhost.exe	"Added by the BROPIA.J WORM!"
X	Win32 Bios	Winbios.exe	"Added by the SEMAPI-A WORM!"
X	Win32 Configuration	videosd32.exe	"Added by the SDBOT.TT WORM!"
X	Win32 Configuration	dllhelp.exe	"Added by the SDBOT.UL WORM!"
X	Win32 Configuration	mplayer.exe	"Added by the FORBOT-BZ WORM!"
X	WIN32 DDOSSER	dos.exe	"Added by the KELVIR.F WORM!"
X	Win32 Debug Manager	Win32Debug.exe	"Added by a variant of the WOOTBOT WORM!"
X	Win32 Debug Manager	microsoftupd.exe	"Added by a variant of the WOOTBOT WORM!"
X	Win32 Device Loader	Win32ldr.exe	"Added by a variant of the AGOBOT/GAOBOT WORM!"
X	Win32 Driver	svchosts.exe	"Added by the FORBOT-FD WORM!"
X	Win32 Drivers	winlogons.exe	"Added by the FORBOT-FG WORM!"
X	Win32 DRK Driver	wdrk32.exe	"Added by the WOOTBOT.CY WORM!"
X	Win32 exe file	winstr32.exe	"Added by a variant of the SPYBOT WORM!"
X	Win32 Explorer	Explorer32.exe	"StartPa-MN homepage hijacker"
X	Win32 Firewall Driver	winfw.exe	"Added by a variant of the RBOT WORM!"
X	Win32 FRT Driver	msfr32.exe	"Added by a variant of the FORBOT WORM!"
X	win32 internet server	winserver.exe	"Added by the DERMON-D TROJAN!"
X	Win32 Kernel core component	Kernel32.pif	"Added by the MOKS VIRUS!"
X	Win32 LSA Driver	lsa.exe	"Added by the FORBOT-FJ WORM!"
X	Win32 Ms Auto Updater	AutomsUPD.exe	"Added by a variant of the RBOT WORM!"
X	Win32 NDIS Driver	xpndis.exe	"Added by a variant of the RBOT WORM!"
X	Win32 Network Driver	crss.exe	"Added by a variant of the AGOBOT/GAOBOT WORM!"
X	Win32 NT Adv Services	taskmngr.exe	"Added by the RBOT-ADE WORM!"
X	Win32 nvc	nvcva.exe	"Added by the RBOT-ABF WORM!"
X	Win32 NVIDIA Driver	MSPMSPSU.EXE	"Added by a variant of the WOOTBOT.Y WORM!"
X	win32 regedit	msn32.exe	Added by an unidentified WORM or TROJAN!
X	Win32 Rundll Loader	Rundll32.exe	"Added by the SDBOT.A TROJAN! Note: Rundll32.exe is a valid Windows application called "Run a DLL as an App" and stored in the C:Windows directory. The version created by this virus is saved in the C:WindowsSystem directory"
X	Win32 Secure	msconfigsvc.exe	"Added by a variant of the SDBOT WORM!"
X	Win32 Security Protocol	secure32.exe	"Added by the RBOT-ETI WORM!"
X	Win32 Service	bazzi.exe	"Added by the AHKER.E WORM!"
X	Win32 Services	odbc32.exe	"Added by the SPYBOT-EK WORM!"
X	Win32 Services Config	winwkys.exe	"Added by the RBOT.BKY WORM!"
X	Win32 Services1	wuamngr1.exe	"Added by the SDBOT-PV WORM!"
X	Win32 Src Service	win32src.exe	"Added by the RBOT-SX WORM!"
X	Win32 SSL Driver	winssv.exe	"Added by the FORBOT-BH WORM!"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.