Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page 012 3 4 5 6 7 8910 11 12 13 14 15 161718 19 20 21 22 23 242526 27 28 29 30 31 323334 35 36 37 38 39 40
414243 44 45 46 47 48 495051 52 53 54 55 56 575859 60 61 62 63 64 656667 68 69 70 71 72 737475 76 77
78 79 8081 82 83 84 85 8687 88 89 90 91 9293 94 95 96 97 9899

Key:

  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown
Startup Name Process Name Details
X winlogon_user ccIsass.exe"Added by the SILLYFDC.BBT WORM!"
X Winlogun winlogin.exe"Added by the P2LOAD-C WORM!"
X WinLsass servicec.exe"Added by the SCANE WORM!"
X WinLsass [path to trojan]"Added by the SCANE WORM!"
X winltmpv winln.exe"Added by the TCXMEDI-C TROJAN!"
X winltmpv wutop.exe"Added by the TCXMEDI-C TROJAN!"
X Winmain winmain.exe"One of the first of a new breed of malware. When run it immediately loads MSHTA.EXE from the Windows folder
X WinManage wmanage.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
? WinManager schost.exe"??"
U winmatrix.exe WinMatrixXP.exe"WinMatrix XP - wallpaper replacement that shows different matrix effects (including flowing matrix codes from 'The Matrix' movie) on your desktop"
X WinMed winmed.exe"Added by the AGENT.AIRF TROJAN!"
X WinMedia [path to trojan]"Added by the ZEROBE-A TROJAN!"
X WinMedia msupd******.exe [*= random digit]Added by the INJECT.163 TROJAN!
X WinMedia32 winmedia32.exe"Added by the YABE.F TROJAN!"
U WinMem WinMem.exe"WinMem Cleaner - part of Ultra WinCleaner Utility Suite. Makes more memory available for your programs and the Operating System. It also defragments your system"
X WinMenssage winmax.exe"Added by the BANCOS.B TROJAN!"
X WinMenssage winmaxy.exe"Added by the BANCOS TROJAN!"
X WinMessenger syshost.exe"Added by the OPANKI-E WORM!"
N WinMgmt WinMgmt.exe"Used for Enterprise Management. If you are not an IT Administrator you don't need it to be running. Also runs from the PCHealth ""scheduler"" - refer here"
X winmgmt wmiprvse.exe"Added by the AGENT-GHP TROJAN!"
X winmgmt32.exe winmgmt32.exe"Added by the LUZIA.AD TROJAN!"
X WINMGR taskgmgr.exe"Added by the MYTOB.AN WORM!"
X WinMgr winmgr32.exe"Added by the VB-EDY TROJAN!"
X Winmgr.exe scvhost.exe"Added by the AGOBOT.AFG WORM!"
X WinMgr32 winmgr32.exe"Added by the MIMAIL.P WORM!"
X WinMine D4NG3.vbs"Added by the BISCUIT.A WORM!"
X WinMngn dllhost.exe"Added by the SIVION-A TROJAN! Note - this is not the legitimate dllhost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %System%\system"
X winmngr.exe [path to trojan]"Added by the AGENT-ZB TROJAN!"
Y winmodem wmexe.exe"Software for software based modems. Required if you have one of these. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem information"
X Winmon32 winmon32.exe"Added by the RBOT-OQ WORM!"
X WinMoviePlugIn WinMoviePlugIn.exe"Sfonditalia adult content premium rate dialer"
X Winmsg winwork.exe"Added by the GAOBOT.GEN!POLY WORM!"
X WinMsg winmsgr.exe"Added by the DLOADR-AS TROJAN!"
X Winmsg winwork8.exe"Added by the AGOBOT-GC WORM!"
X WinMsrv32 WinMsrv32.exe"Added by the GAOBOT.AFJ WORM!"
N WinMX WinMX.exe"WinMX file sharing application"
N winmysqladmin winmysqladmin.exeStarts the MySQL database admin tool
N WinMySQLadmin Tool winmysqladmin.exeStarts the MySQL database admin tool
X winnet winnet.exe"CommonName Toolbar spyware. To uninstall see here"
X WinNetDDE [random characters].exe"Added by the NETDEPIX.B TROJAN!"
X WinNite niteaim.exe"Added by the OPANKI.B WORM!"
X winnload winnload.COM"Added by the DOWNLD-ABG TROJAN!"
? Winnov Menu WnvMenu.Exe"Winnov Video Capture Card related. What does it do and is it required?"
? Winnov Remote WnvRsvr.Exe"Winnov Video Capture Card related. What does it do and is it required?"
? Winnov Status WvStatus.Exe"Winnov Video Capture Card related. What does it do and is it required?"
X winnsvc msvc.exe"Added by the PWS.O TROJAN!"
X winnt winnt.exe"Added by the MONA-E WORM!"
X WinNT WinNT.com"Added by the AUTOSKY WORM!"
X winnt DNS ident wuamgrd32.exe"Added by the RBOT-BAU WORM!"
X winnt DNS ident iexplorer.exe"Added by a variant of the RBOT WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
X winnt DNS ident pidchk32.exe"Added by the RBOT-ACY WORM!"
X winnt DNS ident windowxp.exe"Added by a variant of the RBOT WORM!"
X winnt DNS ident Winupd32.exe"Added by the RBOT.AVU WORM!"
X winnt DNS ident winupdate32.exe"Added by a variant of the RBOT WORM!"
X winnt DNS ident wuamgrd33.exe"Added by a variant of the RBOT WORM!"
X Winnt DNS ident windowsp.exe"Added by the RBOT.BAL WORM!"
X Winnt DNS ident msnmsrg.exe"Added by the RBOT.BVQ WORM!"
X winNT updatc wupgrd.exe"Added by a variant of the RBOT WORM!"
X winnt2 winnt2.exe"Added by the AGENT.CJZO TROJAN and variants"
X winnt3 winnt3.exe"Added by the AGENT.CJZO TROJAN and variants"
X winnt4 winnt4.exe"Added by the AGENT.CJZO TROJAN and variants"
X winnt5 winnt5.exe"Added by the AGENT.CJZO TROJAN and variants"
X winnt6 winnt6.exe"Added by the AGENT.CJZO TROJAN and variants"
X WinNtBB WinntBB.exe"Added by the DULOAD.C WORM!"
X winntR1 winntR1.exe"Added by the AGENT.CJZO TROJAN and variants"
X winntR2 winntR2.exe"Added by the AGENT.CJZO TROJAN and variants"
X Winnup win32nls.exe"Added by a variant of the SPYBOT WORM!"
X winocx32 winocx32.exe"Added by the PROTORIDE.I WORM!"
X WINOWS SYSTEM winnt.exe"Added by the MYTOB.ID WORM!"
X WINP winmic.exe"Added by the SPYBOT-EB WORM!"
X Winpack winpack.exe"Adware - detected by Kaspersky as the AGENT.GG TROJAN!"
X WinPatch Protection winpatch.exeAdded by an unidentified WORM or TROJAN!
U WinPatrol winpatrol.exe"WinPatrol - ""Manage Startup programs
Y WinPatrol Explorer WinPatrolEx.exe"Part of WinPatrol"
U WinPatrol Monitor winpatrol.exe"WinPatrol - ""Manage Startup programs
X WinPCDoctor SysRep.exe"WinPCDoctor rogue system error and cleaning utility - not recommended
X WinPerformance WinPerformance.lnk"Windows Performance rogue optimization utility - not recommended"
X winphonics7536 vbsystem35.exe setups.exe vb.vb"Added by a variant of the MUTIN-C TROJAN!"
X winpipe winpipe.exeBrowser hijacker redirecting to wow-access.com
U WinPLOSION WinPlosion.exe"""WinPLOSION allows you to immediately view and select from all the windows running on your computer
X WinPN32 winpn32.exe"Added by the AGOBOT-FJ WORM!"
Y WinPoet WinPPPoverEthernet.exe"WinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion
X winpol winpol.exe"Added by the AGENT.IWD TROJAN!"
Y Winpooch Winpooch.exe"""Winpooch is a Windows watchdog
X WinPop winpop.exe"Brudevic A adware"
N WinPopup WINPOPUP.EXE"Intranet chat software provided by windows for chat on small networks. Handy little LAN messaging utility. Has been included in Windows since 95
X winpopup winupie.exeAdware by Tradeexit.com
N Winpower Winpower.exe"Part of InstallAnywhere from Zero G Software
X WinProc32 winproc32.exe"Added by the AGOBOT-4 WORM!"
X Winprocer32 Update winprocer32.exe"Added by the RBOT.GW WORM!"
X winprocessor Update winprocessor.exe"Added by the RBOT.IO WORM!"
X WinProfile Command.exe"Added by the BUDDY.E TROJAN!"
X WinProfile sndcfg16.exe"Added by the SNDC.A WORM!"
X winprofile iexpiore.exeAdded by a variant of the MONCHER WORM!
X WinProfile iexpIore.exe"Added by the CHUM-C TROJAN!"
X WinProt Winprot.exe"Added by the CHUPACABRA TROJAN!"
X WinProt server.exe"Added by the CHUPACABRA TROJAN!"
X winprotect win32.exe"Added by the MUGLY.E WORM!"
X winprotect winprotect.exe"Added by the SDBOT-SB WORM!"
X winprotection ccsrss.exe"Added by the SILLYFDC.BBT WORM!"
X WinProtector WinProtector.exe"WinProtector rogue security software - not recommended
U WinProxy WinProxy.EXE""WinProxy is the world-first proxy server and a firewall with integrated mail server for Windows 95/98/ME/NT/2000/XP""
X Winproxy Personal WINPROXY.EXE"Added by the SDBOT.BMF WORM!"
X winpsd winpsd.exe"Added by the MYDOOM.Q WORM!"
X WinPWD Manager wpwdmgr.exe"Added by the RBOT-AUT WORM!"
X winrapid winrapid.exe"Added by a variant of the RBOT WORM!"
X winrar winrar.exe"CoolWebSearch Therealsearch parasite variant. Note - this is not the file zipping utility also known as WinRAR!"
X WinRaR Service WinrarCO.comAdded by an unidentified WORM/TROJAN!
X winrarshell winrarshell32.exe"Added by the SALIRA TROJAN!"
X WinReader read.exe"Added by the DELBOT-V WORM!"
X WinReanimator WinReanimator.exe"WinReanimator rogue security software - not recommended
X winReg winReg.exe"Added by the YAHA.H or YAHA.J WORMS!"
X WinReg ournik.com"Added by the IRCFLOOD.AL BACKDOOR!"
X WinReg32 service holqdnoxpmeu.exe"Added by a variant of the SDBOT WORM!"
X winregsrv winregsrv.exe"Added by the SYNRG TROJAN!"
X winreg_32 svchosst.exe"Added by the BANCOS-CE TROJAN!"
X winreg_32 [path to trojan]"Added by the BANKER-DB TROJAN!"
X winreg_32 sysdll.exe"Added by the DLOADER-IJ TROJAN!"
X winreg_32 Vc030405.exe"Added by the BANCOS-CT TROJAN!"
U WINREMOTE WinRemote.exe"InterVideo WinCinema Manager - needed for the use of WinDVD Remote Control"
X Winres32vis [path to worm]"Added by the THRAX.A WORM!"
X winrestore1 winrestore.exe"Added by the KILLFIL-Q TROJAN!"
X winreups winreups.exe"Added by a variant of the RBOT WORM!"
U WinRoll winroll.exe"WinRoll - a small utility that allows you to ""make a window roll into its title bar
X winroot winsn.exe"Added by the QQPASS.IA WORM!"
N winroute winroute.exe"Win-Route 4.27. WinRoute Tray Icon for starting and stopping the WrCtrl.exe process
X WinRPC winrpcmx.exe"Added by the BANKER-EEI TROJAN!"
X winrun msconfig.exe"Added by the WINUR WORM! Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in c:\winrun"
X winrun winrun.exe"Added by the WINBUR.B WORM!"
X WINRUN taskgmr32.exe"Added by the MYTOB.AP WORM!"
X WINRUN svchost32.exe"Added by the MYTOB-AI WORM!"
X WINRUN taskgmr.exe"Added by the MYTOB-BX WORM!"
X WinRun AutoRun.ini"Added by the LOVELET-AD WORM!"
X WINRUN TASKMGR32.exe"Added by the MYTOB.AX WORM!"
X WINRUN z W1NT45K.exe"Added by the MYTOB.BL WORM!"
X WinRunners WinDrivers.exe"Added by the DULOAD.C WORM!"
X Wins Loader5 Gadu-Gadu.exe"Added by a variant of the IRCBOT TROJAN! Note - doe not confuse with the Polish language Instant Messaging client also called Gadu-Gadu"
X Wins Service Driver winet.exe"Added by the RBOT-APV WORM!"
X Wins Update 32 services32.exe"Added by the FORBOT-FN WORM!"
X Wins32 Online cfgpwnz.exe"Added by the BROPIA.R WORM!"
X WinScMngr winsmc.exe"Added by the SDBOT-BPZ WORM!"
X WinSec winsec16.exe"Added by the AGOBOT.ZF WORM!"
X winsecure winsecure.exe"Browser hijacker
X WinSecure [random].exe"Added by the AGENT-LR TROJAN!"
X Winsecure Antivirus Secureantivirus.exe"Added by a variant of the SPYBOT WORM!"
X WinSecureAv pgs.exe"WinSecureAv rogue security software - not recommended
X WinSecured32 ssmr.exe"Added by a variant of the FORBOT WORM!"
X WinSecurity uninstall.exe"Added by the SILLYFDC.BCJ WORM!"
X Winserv Winserv.ila"Added by the NODMIN WORM!"
X winserver Server.txt.vbs"Added by the DELTAD.A WORM!"
X Winservice winmain.exeAdult content related malware
X winservice svchost.exe"Added by the CVK BACKDOOR! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""services"" sub-folder"
X WinService hosth.exe"Added by the DWNLDR-FUX TROJAN!"
X WinService Ttt.exe"Added by the MSNVB-D WORM!"
X WinService WinServ.exe"Added by the SKOWOR-O WORM!"
U WinService32 ssmgr.exe"007 Spy Software - ""stealthy monitoring program which allows you to secretly track all activities of computer users and automatically deliver logs to you via Email or FTP"""
U WinService32 svchost.exe"007 Spy Software - ""stealthy monitoring program which allows you to secretly track all activities of computer users and automatically deliver logs to you via Email or FTP"""
X WinServices WinServices.exe"Added by the YAHA.K or YAHA.M WORMS!"
X winservices bootvfy.exeAdded by an unidentified WORM or TROJAN!
X winservit cassl.exe"Added by the RBOT.ASG WORM!"
X winservn winservn.exe"PurityScan adware"
X winservs winservs.exe"PurityScan adware"
X WinSetBrowse BasicUpdate.dll.vbs"Added by the BISCUIT.A WORM!"
X winsfc winsfc.exe"Added by the WISFC VIRUS!"
X Winshell remote.exe"Added by the MYTOB.LJ WORM!"
X winshell windll32lib.exe"Added by the BAGLE-DM WORM!"
? Winshoe wuadfdqr.exe"Probably an unidentified VIRUS! Adds itself to 3 registry ""Run"" keys and prevents Task Manager being displayed. This is not the Winshoe IRC Client as the visitor did not have it installed"
X winshost.exe winshost.exe"Added by the TOOSO WORM and variants!"
X winshow [path to trojan]"Added by the VB-DXP TROJAN!"
X WinShowUpdate copy [path] winshow.new [path] winshow.dll"Winshow parasiate related - from the ""RunOnce"" keys it replaces ""winshow.dll"" with a new version"
X WinSig NetXP.exe"Added by the BANKER-FN TROJAN!"
X WinSistem Tunggul.vbs"Added by the VBS.STEMCLOVER WORM!"
X Winsk system Loader winsk.exe"Added by the AGOBOT-IZ WORM!"
X winskype winskype.exe"Added by the BROGGER-C TROJAN!"
U WinSL WinSL.exe"StarLogger keystroke logger/monitoring program - remove unless you installed it yourself!"
X winsock svch0st.exe"Added by the SAGE-A WORM! Note - the filename has the digit 0 rather then the uppercase ""o"""
X Winsock driver winnt update.exe"Added by the SPYBOT-DM TROJAN!"
X Winsock driver winnt64.exe"Added by the SPYBOT-DR WORM!"
X Winsock Driver nvscv32.exe"Added by the AGOBOT-FD WORM!"
X Winsock Driver scvhost.exe"Added by the RBOT.AEU BACKDOOR!"
X Winsock driver win.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
X Winsock driver tcpmngr.exe"Added by the SPYBOT-CK WORM!"
X Winsock driver winupdate32.exe"Added by the SPYBOT-JZ TROJAN!"
X Winsock Startup Main2.exe"Added by a variant of the SDBOT WORM!"
X winsock.client winsock.exe"Added by the DIABLO-M TROJAN!"
X winsock2 netsvr.exe"Added by the AGOBOT.LY WORM!"
X Winsock2 dlls W32DLL.EXE"Added by the SPYBOT-CS BACKDOOR!"
X Winsock2 driver SDJOIJE.EXE"Added by the SPYBOT.DR TROJAN!"
X Winsock2 driver MIRC32.exe"Added by the SPYBUZZ TROJAN!"
X Winsock2 driver kgzgjkpcw.exe"Added by the SDBOT.T TROJAN!"
X Winsock2 driver ZONEALARM.EXE"Added by the SDBOT.T TROJAN! Note - ZONEALARM.EXE is not the valid Zone Labs firewall program"
X Winsock2 driver wincfg.scr"Added by the SPYBOT-E TROJAN!"
X Winsock2 driver winupdate.exe"Added by the SPYBOT-BX WORM!"
X Winsock2 driver SPOLSV.EXE"Added by the SPYBOT-CM WORM!"
X Winsock2 driver [random filename]"Added by members of the SPYBOT family of WORMS! Note - the random filename is located in %System%"
X Winsock2 driver sysreq.exe"Added by the SPYBOT-CC WORM!"
X Winsock2 driver WUAUMQR.EXE"Added by the SPYBOT-DP WORM!"
X Winsock2 driver wincfg.exe"Added by the SPYBOT.CO WORM!"
X Winsock2 driver svchorsst.exe"Added by the SPYBOT-EE WORM!"
X Winsock2 driver SYSTEM32.EXE"Added by the SPYBOT-EG WORM!"
X Winsock2 driver dllcfg32.exe"Added by the SPYBOT.AG WORM!"
X Winsock2 driver CFTMON.EXE"Added by a variant of the IRCBOT BACKDOOR!"
X Winsock2 driver ntsys32.exe"Added by the SPYBOT-DD WORM!"
X Winsock2 driver WINNT32.EXE"Added by the SPYBOT-CN WORM!"
X Winsock2 driver PAC.EXE"Added by the SPYBOT-ET WORM!"
X Winsock2 driver winsock2.exe"Added by the SPYBOT-CT BACKDOOR!"
X Winsock2 driver mmtask5.exe"Added by the SPYBOT-CD WORM!"
X Winsock2 driver WWEUMQR.EXE"Added by the SPYBOT-BY WORM!"
X Winsock2 driver IEXPLORE .EXE"Added by the SPYBOT-AU WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process as there is a space before the "".exe"""
X Winsock2 driver WINSOUND.EXE"Added by the SPYBOT-H WORM!"
X Winsock2 Loader WICONF.EXE"Added by the SDBOT-LA WORM!"
X Winsock2 wqr1s WUAUMQR1.EXE"Added by the SPYBOT.KD WORM!"
X Winsock2.dll WINLODR.SCR"Added by an unidentified VIRUS
X Winsock32 driver TESTING.EXE"Added by the SPYBOT-B WORM!"
X Winsock32 driver system32.exe"Added by the IRCBOT-VT TROJAN!"
X Winsock32driver win32server.scr"Added by the HACARMY TROJAN!"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.

Powered By Pac's Startup list

Copyright 2003-2013 iamnotageek &/or Martin Krohn.