Arcade File Downloads UsenetGeeks
Email
Confirm email
Articles Spyware Removal File Help Startup DB Tips Service DB News Hijack This! Analyzer

 

HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page 012 3 4 5 6 7 8910 11 12 13 14 15 161718 19 20 21 22 23 242526 27 28 29 30 31 323334 35 36 37 38 39 40
414243 44 45 46 47 48 495051 52 53 54 55 56 575859 60 61 62 63 64 656667 68 69 70 71 72 737475 76 77
78 79 8081 82 83 84 85 8687 88 89 90 91 9293 94 95 96 97 9899

Key:

  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown
Startup Name Process Name Details
X Win32 Svchosts Driver svchosts.exe"Added by the FORBOT-FO WORM!"
X win32 system server winserver.exe"Added by the DERMON-A TROJAN!"
X Win32 System Spool spoolsvc.exe"Added by the SDBOT.UK WORM!"
X Win32 Test bleatest.exe"Added by a variant of the RBOT WORM!"
X win32 update service svchostt.exe"Added by a variant of the SDBOT WORM!"
X Win32 USB Driver winxpinit.exe"Added by the SDBOT.AA TROJAN!"
X Win32 USB Driver mvsecn.exe"Added by the FORBOT-BK WORM!"
X Win32 Usb Driver svhosint32.exe"Added by the FORBOT-BE or FORBOT-J WORMS!"
X Win32 Usb Driver usb32.exe"Added by the SDBOT-OV WORM!"
X Win32 Usb Driver AvpG.exe"Added by the FORBOT-BX WORM!"
X Win32 USB2 wins32.exe"Added by a variant of the RBOT WORM!"
X Win32 USB2 Driver win32usb.exe"Added by the SPYBOT.DHV WORM!"
X Win32 USB2 Driver smsc.exe"Added by the SDBOT.FO WORM!"
X Win32 USB2 Driver svchosting.exe"Added by the FORBOT.J or SDBOT.HU WORM!"
X Win32 USB2 Driver sys32.exe"Added by the WOOTBOT.X WORM!"
X Win32 USB2 Driver sys32snd.exe"Added by the FORBOT-AN WORM!"
X Win32 USB2 Driver wind32.exe"Added by the FORBOT-AH WORM!"
X Win32 USB2 Driver winupdate.exe"Added by the AGOBOT.YE WORM!"
X Win32 USB2 Driver updatemgr.exe"Added by a variant of the FORBOT WORM!"
X Win32 USB2 Driver winsnd32.exe"Added by a variant of the SDBOT WORM!"
X Win32 USB2 Driver msn.exe"Added by the FORBOT-EX WORM!"
X Win32 USB2 Driver syscfg32.exe"Added by the FORBOT-R WORM!"
X Win32 USB2.0 Driver 386.exe"Added by the IRCBOT.D WORM!"
X Win32 USB2.0 Driver rundll16.exe"Added by the WOOTBOT.H WORM!"
X Win32 USB2.0 Driver w32usb2.exe"Added by the SPYBOT.DN WORM!"
X Win32 USB2.0 Driver service.exe"Added by the SDBOT-QF WORM!"
X Win32 USB3 Driver win32tool.exe"Added by a variant of the RBOT WORM!"
X Win32 Wmls Driver winitr32.exe"Added by the WOOTBOT.B WORM!"
X Win32 Word Services msword32.exe"Added by a variant of the RBOT WORM!"
X win32.exe win32.exe"Added by the STARTPAGE TROJAN!"
X Win32.exe Win32.exe"Added by the AWQ.A TROJAN!"
X Win32.Exploit.mzH mzrun.exe"Added by the PAINTER TROJAN!"
X Win32.Trojan.Downloader netstat2.exe"Added by the PAINTER TROJAN!"
X Win32BaseServiceMOD Wintask.exe"Added by the NAVIDAD WORM!"
X win32beta win32sys4.exe"Added by the BANKER-DA TROJAN!"
X win32clf win32clf.exe"Added by an unidentified VIRUS
X win32debug win32debug.exe"Added by the GUDEB WORM!"
X Win32DLL Win32DLL.vbs"Added by the LOVELETTER (I LOVE YOU) VIRUS!"
X Win32dll Win32dll.exe"Added by the BANPAES TROJAN!"
X WIN32DS clienttimer.exe"Added by Eziin adware"
X Win32G Kernel32.com"Added by the ESTRELLA TROJAN!"
X Win32G Scandisk.com"Added by the ESTRELLA TROJAN!"
X win32gb win32gb.exeAll-In-One-Telcom (adult content dialler) variant
X Win32Host Process webemir.exe"Added by the TURGEN -A TROJAN!"
X win32info win32info.exeAdult content dialler
X win32ini systroy.exe"Added by the IRC.ALADINZ.C TROJAN!"
X WIN32io clienttimer.exe"Added by Eziin adware"
X Win32R Server.com"Added by the ESTRELLA TROJAN!"
X WIn32S Java DLL kavsvx.exe"Added by the AGOBOT-RZ WORM!"
X win32servv load.exe"iSearch adware"
X win32servv ms1.exe"iSearch adware"
Y WIN32SL Win32sl.exe"Part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about
X WIN32SNDS banc.exeAdded by an unidentified WORM or TROJAN!
X Win32system [random filename]"Added by the DDV.B WORM!"
X Win32System win32s.exe"Added by the MYDOOM.V WORM!"
X Win32SystemMonitor ***.exe [* = random char]Browser hijacker
X Win32SysV xin.exe"Added by the FORBOT-EO WORM!"
X win32us win32us.exeAll-In-One-Telcom (adult content dialler) variant
X win32usbd ssrs.exe"Added by the RBOT-RA WORM!"
X WIN32WN system_wc.exe"Added by Eziin adware"
X win32_i lptt01 win32_i.exe"RapidBlaster variant (in a ""win32_i"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
X win32_i ml097e win32_i.exe"RapidBlaster variant (in a ""win32_i"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
X Win386 Win386.exe"Added by the GOSUSUB VIRUS!"
X Win386 sp32.dllHomepage hijacker. Not a dll but a regfile in disguise
X WIN3S2SNDS winabsmod.exe"Added by the AGENT.DN TROJAN - known to BOClean as ""CWS/INDEX""
X WIN3S2SNDS winiprtx.exe"Added by the AGENT.DN TROJAN - known to BOClean as ""CWS/INDEX""
X Win64 Compatibility Check load win64.drv"CoolWebSearch parasite variant"
X WIN95DEFVIEW [path to file]"Added by the DEDLER-D TROJAN!"
X WIN95DEFVIEW csmss.exe"Added by the DEDLER-D TROJAN!"
X win98 DNS wingrd.exe"Added by a variant of the RBOT WORM!"
X winabc "rundll32.exe [Temp][ORIGFILENAME].DLL InstallLaunchEv"
X WinAC v4 klsuicbn.exe"Added by the FORBOT-CS WORM!"
U Winacsr Winacsr.exe"AceScreenSpy keystroke logger/monitoring program - remove unless you installed it yourself!"
X winactive WINACTIVE.EXE"WinActive of the LOP.com hijacker"
X WinActiveJ WinActiveJ.exeAdded by the ROTARRAN VIRUS!
X Winad Client Winad.exeWinAd adware by eXact Advertising
X WinAdCnt.exe WinAdCnt.exe"Added by the BANKER-BU TROJAN!"
X winadm winadm.exe"Browser hijacker - redirecting to Search-World.net. Related to the SMALL.AEX TROJAN!"
? WinAgent WinAgent.exe"Standard Life Insurance program. Is it required at startup?"
X Winahlp.exe Winahlp.exe"Added by a variant of the VAGRNOCKER TROJAN!"
X winallap winallap.exe"Added by the DELF.E TROJAN!"
X winallapu winallapu.exe"Added by the DELF.E TROJAN!"
X Winamp winamp.htaHijacker - re-directing to adult content sites. Note - this isn't the real Winamp
X Winamp winamp.exe"Added by the AGOBOT-MC WORM! Note - this is NOT the popular Winamp media player which has the filename ""winampa.exe"""
X WinAMP winamp62.exe"Added by the SDBOT-WN WORM!"
N Winamp winamp.exe"Popular Winamp media player by Nullsoft"
X Winamp Agent winamp.exe"Added by the POEBOT-I WORM! Note - this is NOT the popular Winamp media player which has the filename ""winampa.exe"""
X Winamp media player winapa.exe"Added by an unidentified VIRUS
X WinAmp Player winampp.exe"Added by the RBOT-AQI WORM! Note - this is NOT the popular Winamp media player which has a different filename"
U Winamp to Google Talk winamptogoogletalk.exe"Winamp to Google Talk
X Winamp Update yhn.exe"Added by the SDBOT-ACR WORM!"
U Winampa WINAMPa.exeLoads the System Tray icon for the WinAmp media player. Can be used to mantain file associations so programs like QuickTime and RealPlayer don't take over as default player for various media types. Available via Start -> Programs
X Winampa winampa.exe"Added by the AGOBOT-GS WORM! Note - this is NOT the popular Winamp media player which has the same filename"
X Winampa Agent WINAMPA.EXE"Added by the SPYBOT-BR WORM! Note - this is NOT the popular Winamp media player which has the same filename"
U WinampAgent WINAMPa.exeLoads the System Tray icon for the WinAmp media player. Can be used to mantain file associations so programs like QuickTime and RealPlayer don't take over as default player for various media types. Available via Start -> Programs
X WinAmpAgent Msexploren.exe"Added by the EB TROJAN! Note - this is NOT the popular Winamp media player which has a different filename"
X WinAmpAgent Shch.exe"Added by the EB TROJAN! Note - this is NOT the popular Winamp media player which has a different filename"
X WinAmpAgent svchst.exe"Added by the EB TROJAN! Note - this is NOT the popular Winamp media player which has a different filename"
X WinAmpAgent Winagent.exe"Added by the EB TROJAN! Note - this is NOT the popular Winamp media player which has a different filename"
N WinAntiSpyware 2005 was5.exe"Spyware remover - not recommended
X WinApi winapix.exeAdded by a variant of the TIBSER.A downloader TROJAN!
X WINAPLOGUPD WINAPLOGUPD.EXE"Added by the CAPSIDE-C WORM!"
X Winapp winpup32.exeProduces popup ads to adult content sites
X WinApp32 msapp.exe"Added by the RSBOT TROJAN!"
U WinAppLog svchost.exe"StingKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself! Note - this is not the svchost.exe process that normally doesn't appear in Msconfig/Startup!"
X WinAuth winlogon.exe"Hijacker
X WinAwk WinAwk.exe"Added by the SDBOT-AYF WORM!"
U WinBackup Scheduler Wbsched.exe"LIUtilities WinBackup scheduler - backup software"
U WinBar WinBar.exe""WinBar is a free and compact program that lets you monitor your system and provides easy access to frequently used controls""
X winbar.pif packe.pif"Added by the RBOT-AVI WORM!"
X winbas12 winbas12.exe"Adware
X Winbed winbed.exeHijacker
X Winbin swchost.exe"Added by the RBOT.CLS WORM!"
X winbin32 win32exe.exe"Added by the RBOT-ZL WORM!"
X winbot winbot.exe"Added by the MIDRUG-A TROJAN!"
X WinCheck services.exe"Added by the SOBER-S WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a ""ConnectionStatusMicrosoft"" subfolder of the Windows or Winnt folder"
X WinCheck WinCheck.exe"Added by the PWS-CY TROJAN!"
X WinCheck services.exe"Added by the SOBER.S WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a ""ConnectionStatusMicrosoft"" subfolder of the Windows or Winnt folder"
X winchost winchost.exe"Added by the DLOADER-PO TROJAN!"
N WINCINEMAMGR WINCIN~1.EXE"WinCinema_Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs"
N WinCinemaMgr WinCinemaMgr.exe"WinCinema_Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs"
X wincmap wincmapp.exe"CasClient adware variant - also detected as the CMAPP TROJAN!"
X wincms wincms.exe"Added by the RBOT.CBR WORM! Note - this malware actually changes the default value data of the Registry ""Run"" key in order to force Windows to launch it at boot. Name field may be empty"
X WinCRT32 wincrt32.exe"Added by the DOGBOT-D WORM!"
X WinCSRSS MSGRT32.EXE"Added by the REWINDO-A TROJAN!"
X WINCX wincore332.exe"Added by the AGOBOT-MG WORM!"
X Wind Logd File servicelogd.exe"Added by a variant of the RBOT WORM!"
X Wind Security mswi32.pif"Added by the RBOT-ARH WORM!"
X wind.exe wind.exe"Added by the MITGLIEDER.BD TROJAN!"
X WIND0WS WIND0WS.exe"Added by the SPYBOT.DQ WORM!"
X WIND0WS mella.bat"Added by the ALLEM WORM!"
X Wind0ws wordpad.exe"Added by the AGOBOT-TL WORM! Note - this is not the legitimate Windows application wordpad.exe (which is found in the Program FilesAccessories folder) which should not normally be seen in Msconfig or as a Startup item. This file is loacted in the System (9x/Me) or System32 (NT/2K/XP) folder"
X Wind0ws Sharing ssprotecter.exe"Added by the RBOT-AHW WORM!"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.

Powered By Pac's Startup list

Copyright 2005 I Am Not A Geek Inc.