NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40

41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77

78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

• "Y" - Normally leave to run at start-up
• "N" - Not required - typically infrequently used tasks that can be started manually if necessary
• "U" - User's choice - depends whether a user deems it necessary
• "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
• "?" - Unknown

	Startup Name	Process Name	Details
N	!NoLoad	winrecon.exe	"WinRecon keystroke logger/monitoring program - remove unless you installed it yourself!"
ME & XP	"MS Java Applets for Windows NT	U	javaapplets.exe
NT	"Ms Java for Windows 98	ME & XP"	X
NT	"Ms Java for Windows 98	XP & ME"	X
XP & ME	"MS Java for Windows NT	X	xpjavams.exe
X	$WindowsRegKey%update	IEXPLORE.EXE	"Added by the RBOT-EZ WORM! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program FilesInternet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder"
X	(*)API Machine	winSOCKS.exe	"Homepage hijacker
X	(*)Run	win32API.exe	"Homepage hijacker
X	*windows update	wrauclt.exe	"Added by the RBOT-QU WORM!"
X	*windows update	wuanclt.exe	"Added by the RBOT-PG WORM!"
X	*windows update	wuaucrlt.exe	"Added by the SPYBOT.HUR WORM!"
X	*windows update	wuraclt.exe	"Added by the RBOT-PO WORM!"
X	*windows update	wurauclt.exe	"Added by the RBOT-SY WORM!"
X	*windows update	wsctl.exe	"Added by the SPYBOT.PR WORM!"
X	*windows update	wkmst.exe	"Added by the SDBOT.AVD WORM!"
X	*windows update	wscxt.exe	"Added by the RBOT.AOS WORM!"
X	*windows update	waurclt.exe	"Added by a variant of the RBOT WORM!"
X	*Windows [filename] Checker	[filename]	"Added by the KEDEBE-B WORM!"
X	*WindowsAudio	systemupd.exe	"Added by the AGENT-TH WORM!"
X	*WinLogon	[trojan path] ren time:[random number]	"Added by the VUNDO TROJAN!"
X	*winstats	winstats.exe	"Added by the GARGAFX TROJAN!"
X	.Prog	winlogon.exe	"Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process
U	1Win32Cfg	SpyBuddy.exe	"SpyBuddy keystroke logger/monitoring program - remove unless you installed it yourself!"
U	1Win32Cfg	Keyloggerpro.exe	"Keyloggerpro keystroke logger/monitoring program - remove unless you installed it yourself!"
X	1WinCfg32	WebMailSpy.exe	"WebMailSpy spyware"
X	252	winmgr.exe	"Added by the LEGMIR-AT TROJAN!"
X	@	regedit -s ..win.dll	"Added by the SEEKER.K TROJAN!"
X	A New Windows Updater	w32NTupdt.exe	"Added by MYTOB.BM WORM!"
Y	a-winpoet-service	winpppoverethernet.exe	"WinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion
X	Abrada WIN32	abrada.exe	"Added by the DERMON-G TROJAN!"
U	Actual Window Minimizer	ActualWindowMinimizerCenter.exe	"Actual Window Minimizer - ""allows minimizing any window to task tray notification area or to the edge of the screen"""
X	AdAware	wini.exe	"Added by the RBOT-XN WORM!"
X	ADriver	windrv.exe	"Added by the DELF.WG TROJAN!"
U	AFAFilter	windefault.exe	"AFAFilter - internet filter software"
X	AKEYNAME	WinServ.exe	"Added by the EVILBOT.C TROJAN!"
U	All Aboard Status	stswin.exe	"All Aboard! Internet Connection Sharing status icon"
U	AMP WinOFF	winoff.exe	"WinOFF is "" a utility designed to shut down Windows computers automatically
X	Anti-Virus Update Scheduler	winsp3.exe	"Malware - recognized by Kaspersky antivirus as TrojanProxy.Agent.fp - A Proxy Trojan is a backdoor which allows a remote hacker to connect to other systems via the compromised system"
Y	AntiVir XP	AVwin.exe	"AntiVir® PersonalEdition Classic - antivirus"
U	AntiWindowsMessenger	AntiMsMsg.exe	"Anti-Windows_Messenger is a small application that prevents Windows Messenger from remaining resident in memory"
X	APIMon	winapix.exe	Added by a variant of the TIBSER.A downloader TROJAN!
Y	Apvxd	APVXDWIN.EXE	"Part of Panda Anti-Virus. Required to enable permanent virus protection"
Y	Apvxdwin	APVXDWIN.EXE	"Part of Panda Anti-Virus. Required to enable permanent virus protection"
X	asdx	xwinrpc32.exe	"Added by the AGOBOT.VO WORM!"
X	atisrc2	windfind.exe	"Added by the WINDFIND-A TROJAN!"
X	Auto Updat	WindowsSys32.exe	"Added by a variant of the FORBOT WORM!"
X	Auto WinUpdate	taskmrg.exe	"Added by the RBOT-AFA WORM!"
X	Automatic Microsoft Windows Updater	suchost.exe	"Added by the RBOT-EQ WORM!"
X	Automatic Windows Updater	Update.exe	"Added by the GAOBOT.AO WORM!"
X	autoupdate	"WINUP2DATE.DLL	SHStart"
X	bawindo	bawindo.exe	"Added by the BEAGLE.AR or BEAGLE.AU WORMS!"
X	blah service	winupdate.exe	"Added by the GAOBOT.BIA WORM!"
X	blah service	winsysengine.exe	"Added by the RBOT-KI WORM!"
X	blah service	win32.exe	"Added by the RBOT-AXO WORM!"
X	BossIdea	winlogin.exe	"Added by the LINEAGE-I TROJAN!"
X	BrowserUpdateSched	qwinnsap.exe	"ZenoSearch adware"
X	BrowserUpdateSched	twinorag.exe	"ZenoSearch adware"
X	BuildLab	winlogon.exe	"Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process
X	Bymer.Scanner	Wininit.exe	"Added by the BYMER WORM!"
X	c	c:archiv~1win.com	"Added by the CUYDOC TROJAN!"
X	C:WINDOWSIEXPLOR.EXE	IEXPLOR.EXE	"""Pop Marketing"" adware"
X	C:WINDOWSVCMnet11.exe	VCMnet11.exe	"Windows AFA Internet Enhancement - a browser hijacker
X	C:WINDOWSWinTask.exe	WinTask.exe	"""Pop Marketing"" adware"
X	Calc Microsoft Windows	wincalc.exe	Added by an unidentied WORM or TROJAN!
?	Canon PC1200 iC D600 iR1200G Status Window	CAPM1LAK.EXE	"Cannon printer related - is it required in startup?"
X	ccApps	winlogon.exe	"Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process
X	CDriver	windrv.exe	"Added by the DELF.WG TROJAN!"
X	CFDStart	WinMuschi.exe	"WINMUSCHI dialler"
X	Cgywin	cgywin32.exe	"Added by the RBOT-AEI WORM!"
Y	ClamWin	ClamTray.exe	"ClamWin antivirus"
X	Compaq Jes Drivers	winjes.exe	"Added by the SDBOT-XR WORM!"
X	Compaq Service Drivers	wincmd.exe	"Added by the RBOT.ATV WORM!"
X	Compaq Service Drivers	wind32.exe	"Added by a variant of the SDBOT WORM!"
X	Compaq Service Drivers	winmsn.exe	"Added by a variant of the SDBOT WORM!"
X	Compaq Sound Drivers For WINDOWS	sounddr.exe	"Added by the SDBOT-XG WORM!"
X	Config Loader for Microsoft Windows	mwincfg32.exe	"Added by the AGOBOT.BD WORM!"
X	Config Loadr	winsys32.exe	"Added by the AGOBOT-HN WORM!"
X	Configuration File	Winset32.exe	Added by the FLUX.101 TROJAN!
X	Configuration Loader	wincrt32.exe	"Added by the GAOBOT.BF WORM!"
X	Configuration Loader	windex.exe	"Added by the GAOBOT.BZ WORM!"
X	Configuration Loader	Winreg.exe	"Added by the GAOBOT.AO WORM!"
X	configuration loader	winicfg32.exe	"Added by the GAOBOT.RQ WORM!"
X	Configuration Loader	wincffg.exe	"Added by the AGOBOT.A3 WORM!"
X	Configuration Loader	WinHelper.exe	"Added by a variant of the AGOBOT/GAOBOT WORM!"
X	Configuration Loader	wincore.exe	"Added by the SDBOT.BHE WORM!"
X	Configuration Loader Service	Winsys32.exe	"Added by the RBOT-YV WORM!"
X	Configuration Servecie	sewins.exe	"Added by the SDBOT-COH WORM!"
X	Configuration32 Loader32	winamp32.exe	"Added by the SDBOT-BIC WORM!"
X	ContentService	winservn.exe	Homepage hijacker
X	cpntmgc	wincomp.exe	"Added by the WINTRIM_A TROJAN!"
X	cpntmgc	winmgts.exe	"Added by the WINTRIM-B TROJAN!"
X	CPU Windows Status	cpustats.exe	"Added by a variant of the RBOT WORM!"
U	cracked_windows1	cracked_windows1.exe	"Cracked Windows popup killer"
X	csm Win Updates	csm.exe	"Added by the ZOTOB.B WORM!"
X	CSRSWIN	[trojan filename]	"Added by the WINSHELL.50 TROJAN!"
X	ctfmon	WinConst.exe	"Added by the ASSASIN-G TROJAN!"
X	DDriver	windrv.exe	"Added by the DELF.WG TROJAN!"
X	Devicewin	[path to trojan]	"Added by the BANKER-AEV TROJAN!"
X	DirectX For Microsoft Windows	dtxservice.exe	"Added by the PROGENT TROJAN!"
X	DirectX for Microsoft Windows	Fservice.exe	"Added by the PRORAT TROJAN!"
X	DirectX for Microsoft Windows	Sservice.exe	"Added by the PRORAT TROJAN!"
X	DirectX For Microsoft® Windows	fservice.exe	"Added by the PRORAT-P TROJAN!"
U	Distributed File System	win.exe	"Added by the MYFIP.AB WORM!"
X	DLINK dfe drivers for Windows NT	windfe.exe	"Added by the RANDEX.AK WORM!"
X	Dos Prompt Loader	cygwin.exe	"Added by the SDBOT-VV WORM!"
X	DsplObjects	windspl.exe	"Added by the BEAGLE.DN WORM!"
X	DSystemDriver	windrv.exe	"Added by the DELF.WG TROJAN!"
X	dvd98	windvd98.exe	"Added by the CULT.P WORM!"
X	Dynamic Dns Binary	winxp34.exe	"Added by a variant of the RBOT WORM!"
X	Dynamic Dns Binary	WinHelpcfn.exe	"Added by a variant of the RBOT WORM!"
U	ELSA WINman Suite	Winmsuit.exe	"Allows you to totally customize your ELSA graphics card settings
?	encapsulated command tool	wintr.com	"??"
X	Enh Win Updt	enhupdt.exe	"Adware downloader - recognized by Kaspersky antivirus as Trojan-Downloader.Win32.OneClickNetSearch.h"
X	erfgddfk	wind2ll2.exe	"Added by the BEAGLE.CQ WORM!"
X	erghgjhgdr	windlhhl.exe	"Added by the BEAGLE.BG WORM!"
X	erghgjhjgdr	windlhhl.exe	"Added by the BEAGLE.BG or BEAGLE.BH or BEAGLE.BI or BEAGLE.BJ WORMS!"
X	erthegdr	windll2.exe	"Added by the BEAGLE.CG WORM!"
X	erthgdr	windll.exe	"Added by the BEAGLE.AO or BEAGLE.AQ WORMS!"
X	eTunnel	winfw.exe	Added by an unidentified TROJAN!
X	exporet	winset.exe	"Added by the QQPASS-I TROJAN!"
X	Fantasia injector	wincfg.exe	"Added by the AGOBOT.US WORM!"
X	FDriver	windrv.exe	"Added by the DELF.WG TROJAN!"
X	Firewall Update System1	WinedowsUpdater1.exe	"Added by the RBOT-ARU WORM!"
X	FIX	WinFIX1.0.vbs	"Added by the GORMLEZ-A WORM!"
N	Folding@home	WINFAH.EXE	"Folding@Home is a distributed computing project which studies protein folding
Y	FoolProof	fpwinldr.exe	"FoolProof Security PC security software from SmartStuff"
X	FriendlyTypeName	winlogon.exe	"Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process
N	Fromine WinPopup	winpopup.exe	Instant Messenger program
X	FTP FOR WINDOWS	ftpwin32.exe	"Added by a variant of the RBOT WORM!"
N	Gadwin PrintScreen	PrintScreen.exe	"Gadwin PrintScreen - utility to capture
X	Generic host proccess for windows	SVCHOSTS.EXE	"Added by the SPYBOT-GQ WORM!"
X	Generic Host Process for Win32 Services	ntspcv.exe	"Added by the SDBOT.S TROJAN!"
X	Generic Host Process for Win32 Services	intspvc.exe	"Added by the DINFOR.D WORM!"
X	Generic Host Process for Win32 Services	winsvc.exe	"Added by the SDBOT-O WORM!"
X	Generic Host Process for Win32 Services	bazzi.exe	"Added by the AHKER.E WORM!"
X	Generic Host Process for Win32 Services	winsvc32.exe	"Added by the SDBOT-P WORM!"
X	Gerenciamento de arquivos do Windows	Winmod32.exe	"Added by the DLOADER-WG TROJAN!"
X	german.exe	winsystems.exe	"Added by the BAGLEDl-AE TROJAN!"
X	german.exe	wintems.exe	"Added by the BAGLE-AS TROJAN!"
X	getwin	winB_.exe	"Added by the BANKER-HS TROJAN!"
X	Global Startup	WinDash.EXE	"Recognized by Kaspersky antivirus as IM-Worm.Win32.VB.q
N	GWInkMonitor	GWInkMonitor.exe	"Gateway ink monitor - makes an annoying popup that says your printer may be running out of ink
X	HKLMRun	windowsupdate.exe	"Added by the FORBOT-BJ WORM! (where HKLMRun represents HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun)"
X	HWINFO*	HWINFO*	"Added by the PUROL WORM! where * is a random character"
Y	HWinst	N/A	For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out
X	I am not Ranky. I am eTunnel!	winsys.exe	Added by an unidentified WORM or TROJAN!
U	IBWin Background process	IBackground.exe	"IBackup for Windows"
U	IBWin Monitor	IBMonitor.exe	"IBackup for Windows"
X	ICQ Net	winlogon.exe	"Added by variants of the NETSKY WORMS! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup!"
X	ICQNet	winlogon.exe	"Added by the NETSKY-C WORM! Note - this is not the legitimate winlogon.exe process
X	icrosoft Windows DLL Services Configuration	poker3.exe	"Added by the SDBOT-AER WORM!"
U	IE New Window Maximizer	iemaximizer.exe	"IE New Window Maximizer - automatically maximize new Internet Explorer and Outlook Express windows"
X	IE Runtime	wini.exe	"Added by the PICRATE.B WORM!"
X	IE Runtimes	winis.exe	"Added by the a href=""http://www.sophos.com/virusinfo/analyses/w32rbotadz.html"" target=_blank>RBOT-ADZ TROJAN!"
X	infwin	infwin.exe	"VX2.Transponder parasite updater/installer related"
X	Intel system tool	winnook.exe	"Added by the SPYRE-C TROJAN!"
X	Internal	regedit.exe /s %windir%c:[month number]	"Added by the FORTNIGHT.D TROJAN!"
X	internct	WinSocks5.exe	"Added by the GRAYBIRD.F TROJAN!"
X	INTERNET SERVISES	winz32.exe	"Added by the KWBOT.Z WORM!"
X	INTERNET_SERVISES	winz32.exe	"Added by the SDBOT.Q TROJAN!"
X	InterU	WINDRV.EXE	"Added by the IRCINTER.A TROJAN!"
N	Intervideo Win Cinema Manager	WinCinemaMgr.exe	"WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs"
N	Intervideo Win Cinema Manager	WINCIN~1.EXE	"WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs"
N	Intervideo WinCinema Manager	WinCinemaMgr.exe	"WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs"
N	Intervideo WinCinema Manager	WINCIN~1.EXE	"WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs"
N	Intervideo WinScheduler	WinScheduler.exe	"WinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card
N	Intervideo WinScheduler	SchSvr.exe	"WinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card
X	IPC Spool Manager	winspec.exe	"Added by the SDBOT-BLU WORM!"
X	IPTable Configuration	Winipcfgs.exe	"Added by a variant of the RBOT WORM!"
X	IpWins	ipwins.exe	"Added by Maxfiles adware"
N	iRis Active Monitor	winmon32.exe	"Iris Antivirus - discontinued
X	Jufualt	winxp2.exe	"Added by the SDBOT-AAB WORM!"
X	KAVFOX	win1ogoin.exe	"Added by GWGHOST-M TROJAN!"
X	KavRuns	Windll.exe	"Added by the TRYNOMA TROJAN!"
X	Kernel32	Kernel32.win	"Added by the GAGGLE.D or GAGGLE.E WORMS!"
X	key	winxp.exe	"Added by the BEAGLE.AG WORM!"
X	key2	winlog.exe	"Added by the BAGLEDI-AL TROJAN!"
N	Launch YahooPOPs! at Windows startup	YAHOOPOPS.EXE	"YahooPOPs - enables free POP3/SMTP access to Yahoo! Mail through a service on localhost that emulates the web interface. Available via Start -> Programs"
X	LiveUpdate	[Windows username]05.exe	"Added by the LINEAGE TROJAN!"
X	load32	winldra.exe	"Added by the BACKDOOR.NIBU.J or DUMARU-BI TROJANS! Note - also known as Srv.SSA-KeyLogger by Sunbelt Software which has developed a free removal tool for this keylogger"
?	load=	WINOSCFG.EXE	"Could it be something to do with configuring Windows on a new PC from an OEM supplier?"
X	load=	win32exec.exe	"Added by the BITTER WORM!"
X	loadwin	winset.exe	"Added by the QQPASS-I TROJAN!"
X	loadwin	winsys.exe	"Added by the QQPASS-J TROJAN!"
X	LoadWindowsFile	[filename]	"Added by the DELF.B TROJAN! where [filename] is the infected file"
X	LOCAL INTERNET WEB DRIVERS FOR WIN32	phqghume.exe	"Added by a variant of the RBOT WORM!"
U	Login	winlog.exe	"Salfeld Child Control 2003 - parental control software"
X	LogService	wincalc.exe	"Added by the PAPROXY TROJAN!"
X	LTM2	winupdate.exe	"Added by the LITMUS.203 TROJAN!"
X	LTM2	winscan.exe	"Added by the LITMUS-B TROJAN!"
Y	LTWinModem1	ltmsg.exe	"One of the ""popular"" WinModem series. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem information"
N	Lwinst Run Profiler	lwtest.exe	Logitech Wingman Profiler for the Logitech joysticks. Available via Start -> Programs
X	Major Microsoft Windows Driver Boot loader	bpool.exe	"Added by the MYTOB.AJ WORM!"
N	Mania Win Restore	RESWIN.EXE	Pinball Mania for Windows from 21st Century Entertainment LTD (1995). Runs briefly at start-up then terminates. Available via Start -> Programs
X	MC	wintrims.exe	"Added by the WINTRIM TROJAN!"
X	MC	WINTRIM.EXE	"Added by the WINTRIM_A TROJAN!"
X	McAfee Windows Protection	mcafee32.exe	"Added by a variant of the SPYBOT WORM!"
N	McAfee Winguage	??	"Part of McAfee Nuts & Bolts. "WinGuage is a dynamic reporting tool that constantly monitors your use of Windows and your applications
X	MD IE Plugin	winy.exe	Adware
X	Microfot Update	winldx32.exe	"Added by a variant of the RBOT WORM!"
X	Microft Update 32	winssx.exe	"Added by the RBOT-AQS WORM!"
X	MICROSFT MX UPDATE SUPPORT	winmx32.EXE	"Added by the IRCBOT-FD WORM!"
X	microsft windows updates	mwupdate32.exe	"Added by a variant of the TOXBOT/CODBOT WORM!"
X	Microsof Windows Host	svhost32.exe	"Added by the RBOT.ADY WORM!"
X	Microsof Winlog Host	wilogon32.exe	"Added by the RBOT.XC WORM!"
X	Microsoft	win32.exe	"Added by the DARKMOON TROJAN!"
X	Microsoft auto update	winupdate.exe	"Added by the BMBOT TROJAN!"
X	Microsoft Command Line	wincmd.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Crs Fix Serv	wincrs.exe	"Added by the SDBOT.BWF WORM!"
X	Microsoft DirktorWin	[random filename]	"Added by the SPYBOT.GEN3 TROJAN!"
X	Microsoft Dll Management	windll.exe	"Added by the RBOT-MT WORM!"
X	Microsoft Driver Control	windrv.exe	"Added by the SDBOT.FW WORM!"
X	Microsoft Driver Manager	mswindrv.exe	"Added by the FORBOT-EZ WORM!"
X	Microsoft Hosting Service	WINHOSTING.EXE	"Added by the RBOT.AEV WORM!"
X	Microsoft Internet	windows32.exe	"Added by the SDBOT-F WORM!"
X	Microsoft Internet	wincfg16.exe	"Added by a variant of the SDBOT WORM!"
X	Microsoft IT Update	win64.exe	"Added by the RBOT.GA WORM!"
X	Microsoft IT Update	winn43.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft IT Update	win43.exe	"Added by the RBOT-SA WORM!"
X	Microsoft IT Update	windows.exe	"Added by the RBOT-GL WORM!"
X	Microsoft IT Update	winsyst32.exe	"Added by the RBOT-FC WORM!"
X	Microsoft Java Virtual Machine	winscr32.exe	"Added by a variant of the WOOTBOT WORM!"
X	Microsoft Java Windows Update	[filename]	"Added by the RBOT-DZ WORM!"
X	Microsoft Kernel	Windows_kernel32.exe	"Added by the NETSKY.AE WORM!"
X	Microsoft Login	winlogin.exe	"Added by the RBOT-AJP WORM!"
X	Microsoft Machine	winjava.exe	"Added by a variant of the AGOBOT/GAOBOT WORM!"
X	Microsoft media	winmplayers.exe	"Added by a variant of the SPYBOT WORM!"