Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page 012 3 4 5 6 7 8910 11 12 13 14 15 161718 19 20 21 22 23 242526 27 28 29 30 31 323334 35 36 37 38 39 40
414243 44 45 46 47 48 495051 52 53 54 55 56 575859 60 61 62 63 64 656667 68 69 70 71 72 737475 76 77
78 79 8081 82 83 84 85 8687 88 89 90 91 9293 94 95 96 97 9899

Key:

  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown
Startup Name Process Name Details
N ZuneŽ ZuneLauncher.exe"Automatically launches the Zune software for Microsoft's Zune media players when they're connected to your PC. The software can be used to manage media
X zupacha.exe zupacha.exe"Added by the DROPPER-QL TROJAN!"
X Zupdate Zupdate.exe"Associated with B3d Projector foistware - see here"
X zvb0dl2X8tt NVUKZ.exe"Added by the AGENT-LMN TROJAN!"
X zzb zzb.exe"IAGold adware"
X zzb2 zzb2.exe"IAGold adware"
X zzgshp gshp.vbsHomepage hi-jacker that re-defines your IE or Netscape start page
U zzsecagent newlock.exe login shutdown"Part of Access Manager
X zztp svchost.exe"Added by the TANNICK.B TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!"
? zzz-hpi-boot hpi-boot.exe"Associated with HP Photosmart printers"
? zzzCamlnSuitelll setup.exe 46***"??"
? zzzhpsetup setup.exe"??"
N Z_acamucli wizard csecwiz.exe"Setup wizard for the Client Security Software for IBM\Lenovo notebooks. This entry only runs once
X Z_Start [random filename]"ZenoSearch adware"
X [12 random characters] avifile5.exe"IeDriver adware variant"
X [12 random characters] bootvid4.exe"IeDriver adware variant"
X [12 random characters] browser8.exe"IeDriver adware variant"
X [12 random characters] atitvo32.exe"IeDriver adware variant"
X [12 random characters] autodisc.exe"IeDriver adware variant"
X [12 random characters] cabview1.exe"IeDriver adware variant"
X [12 random characters] advpack1.exe"IeDriver adware variant"
X [12 random characters] batmeter.exe"IeDriver adware variant"
X [12 random characters] bidispl2.exe"IeDriver adware variant"
X [12 random characters] asferror.exe"IeDriver adware variant"
X [12 random characters] catsrvps.exe"IeDriver adware variant"
X [12 random characters] admparse.exe"IeDriver adware variant"
X [12 random characters] audiosrv.exe"IeDriver adware variant"
X [12 random characters] bootvid2.exe"IeDriver adware variant"
X [12 random characters] cmpbk321.exe"IeDriver adware variant"
X [12 random characters] ADPTIF67.exe"IeDriver adware variant"
X [12 random characters] asycfilt.exe"IeDriver adware variant"
X [12 random characters] ati2dvag.exe"IeDriver adware variant"
X [12 random characters] atl91036.exe"IeDriver adware variant"
X [12 random characters] blackbox.exe"IeDriver adware variant"
X [12 random characters] browser5.exe"IeDriver adware variant"
X [12 random characters] bthserv1.exe"IeDriver adware variant"
X [12 random characters] camocx28.exe"IeDriver adware variant"
X [12 random characters] CAMOCX74.exe"IeDriver adware variant"
X [12 random characters] capesnpn.exe"IeDriver adware variant"
X [14 random numbers] mradll.exe"Green AV rogue security software - not recommended
X [14 random numbers] rwg.exe"Green AV rogue security software - not recommended
X [3 random char]srv32 [3 random char]srv.exe"Added by the BANCOS.N TROJAN!"
X [3-4 random letters] nslookup.exe"PurityScan adware. Not to be confused with the legitimate nslookup.exe which is found in the System32 folder"
X [3-4 random letters]Srv32 [path to file]"Added by the BANCSADE-A TROJAN!"
X [32 random hex numbers] tsc.exe"Total Security rogue security software - not recommended
X [32 random hex numbers] badware-protector.exe"Badware Protector rogue security software - not recommended
X [32 random numbers] av2009.exe"AntiVirus 2009 rogue security software - not recommended
X [32 random numbers] av360.exe"Antivirus 360 rogue security software - not recommended
X [32 random numbers] AVS.exe"Antivirus Sentry rogue security software - not recommended
X [32 random numbers] xpa.exe"XP Antivirus rogue security software - not recommended"
X [32 random numbers] total.exe"Total Antivirus rogue security software - not recommended
X [decimal number] [path to worm]"Added by the OPOSSUM-A WORM! The decimal number can be anything
X [default] DrWatson32.exe"Added by the DREMN TROJAN!"
X [Entry name] System.exe"Added by the NETHIEF-N TROJAN!"
X [executed file name] App.exe"Added by the WAXPOW WORM!"
X [executed file name] Regsrv32.com"Added by the SOUTHGHOST WORM!"
X [filename] svchost.scr"Added by the BANKER-CC TROJAN!"
X [original filename] svchost.scr"Added by the BANCBAN-CX TROJAN!"
X [original filename] xphost.scr"Added by the BANCBAN-HM TROJAN!"
X [random characters] securewinload32x.exe"Added by the OPTIXP-N TROJAN!"
X [random characters] rsbmsc.exe"Detected by AntiVir antivirus as the BDS/Agent.adt TROJAN!"
X [random characters] _default[random].pif"Added by the BRONTOK-AI WORM and variants!"
X [random characters] j[random].exe"Added by the BRONTOK-AI WORM and variants!"
X [random characters] sv[random].exe"Added by the BRONTOK-AI WORM and variants!"
X [random characters] yesbron.com"Added by the BRONTOK-AI WORM and variants!"
X [random characters] systs.exe"Added by the AGENT-GDC TROJAN!"
X [random characters] xvassdf.exe"Added by the AUTORUN-BAD WORM!"
X [random filename] slk8x2peu.exe"QuickLinks adware"
X [random names] eee2.exe"MediaMotor adware"
X [random name] wincpu.exe"Added by an unidentified VIRUS
X [random name] m?dtc.exe"PurityScan adware"
X [random name] ping.exe"PurityScan adware. Note - do not confuse with the Microsoft utility of the same name as described here"
X [random name] CXTPLS_LOADER.EXE"AproposMedia adware"
X [random name] ??plorer.exe"PurityScan adware"
X [random name] ?hkdsk.exe"PurityScan adware"
X [random name] ?hkntfs.exe"PurityScan adware"
X [random name] l?gonui.exe"PurityScan adware"
X [random name] m?iexec.exe"PurityScan adware"
X [random name] r?gsvr32.exe"PurityScan adware"
X [random name] t?skmgr.exe"PurityScan adware"
X [random name] w?auboot.exe"PurityScan adware"
X [random name] w?auclt.exe"PurityScan adware"
X [random name] w?crtupd.exe"PurityScan adware"
X [random name] w?wexec.exe"PurityScan adware"
X [random name] ??erinit.exe"PurityScan adware"
X [random name] d?dplay.exe"PurityScan adware"
X [random name] n?tepad.exe"PurityScan adware"
X [random name] ??chost.exe"PurityScan adware"
X [random name] ??oolsv.exe"PurityScan adware"
X [random name] ??xplore.exe"PurityScan adware"
X [random name] r?ndll32.exe"PurityScan adware"
X [random name] se?vices.exe"PurityScan adware"
X [random name] w?nlogon.exe"PurityScan adware"
X [random name] w?nword.exe"PurityScan adware"
X [random name] ??anregw.exe"PurityScan adware"
X [random name] ?ttrib.exe"PurityScan adware"
X [random name] j?vaw.exe"PurityScan adware"
X [random name] l?ass.exe"PurityScan adware"
X [random name] m?config.exe"PurityScan adware"
X [random name] n?lookup.exe"PurityScan adware"
X [random name] n?pdb.exe"PurityScan adware"
X [random name] ??ool32.exe"PurityScan adware"
X [random name] ??rss.exe"PurityScan adware"
X [random name] ??rvices.exe"PurityScan adware"
X [random name] ?ti2evxx.exe"PurityScan adware"
X [random name] d?xplore.exe"PurityScan adware"
X [random name] chkdsk.exe"PurityScan adware. Note - the legitimate Windows chkdsk.exe will always be located in %System% and will NOT figure among the startups!"
X [random name] dvdplay.exe"PurityScan adware"
X [random name] spoolsv.exe"PurityScan adware. Note - this is not the legitimate spoolsv.exe which is always located in %System%"
X [random name] w?aclt.exe"PurityScan adware"
X [random name] wucrtupd.exe"PurityScan adware. Do not confuse with the legitimate Windows Critical Update Notification (wucrtupd.exe) process"
X [random name] charmapnt.exe"Added by the BANCOS-DR TROJAN!"
X [random name] n?tdde.exe"PurityScan adware"
X [random name] r?gedit.exe"PurityScan adware"
X [random name] r?ndll.exe"PurityScan adware"
X [random name] scanregw.exe"PurityScan adware. Note - do not confuse this with the legitimate Windows process scanregw.exe which is always found in the Windows folder on Win9x/ME machines"
X [random name] wuauboot.exe"PurityScan adware. Note - do not confuse with the legitimate wuauboot.exe process which should not figure in Msconfig/Startup!"
X [random name] w?nspool.exe"PurityScan adware"
X [random name] svchost.exe"Added by the BANCBAN-JC TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\config"
X [random name] [random name].dll"SearchNet adware"
X [random name] iexpl0ra.exe"Added by the ULPM.BD TROJAN!"
X [random name] rundl13a.exe"Added by the GAMPASS-L TROJAN!"
X [random name] Servere.exe"Added by the LEGMIR-AQM TROJAN!"
X [random name] twain_32.exe"Added by the AGENT.AM TROJAN! Note - example names include ""XviD""
X [random name] explore3.exe"Added by the DELF.FAN TROJAN!"
X [random name] taskmngr.exe"Added by the AGOBOT-CB WORM!"
X [random name] netdde.exe"PurityScan adware. Do not confuse with the legitimate Network DDE - DDE Communication (netdde.exe) process which is always located in %System% and should not figure in Msconfig/Startup!"
X [random name] chkntfs.exe"PurityScan adware. Do not confuse with the legitimate NTFS Volume Maitenance Utility (chkntfs.exe) process which is always located in %System% and should not figure in Msconfig/Startup!"
X [random name] notepad.exe"PurityScan adware. Note - this is not Windows Notepad which has the same executable name"
X [random name] services.exe"PurityScan adware. Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
X [random name] ntvdm.exe"PurityScan adware. Do not confuse with the legitimate ntvdm.exe process which is always located in %System% and should not figure in Msconfig/Startup!"
X [random name] msiexec.exe"PurityScan adware. Do not confuse with the legitimate Windows® Installer (msiexec.exe) process which is always located in %System% and should not figure in Msconfig/Startup!"
X [random name] userinit.exe"PurityScan adware. Do not confuse with the legitimate Userinit Logon Application (userinit.exe) process which is always located in %System% and should not figure in Msconfig/Startup!"
X [random name] regedit.exe"PurityScan adware. Note - this is not the valid Windows registry editor which resides in %Windir% and will not figure in Msconfig/Startup!"
X [random name] wuauclt.exe"PurityScan adware. Note - this is not the legitimate wuauclt.exe process
X [random name] ?ervices.exe"PurityScan adware"
X [random name] s?chost.exe"PurityScan adware"
X [random name] c?rss.exe"PurityScan adware"
X [random name] mrgdll.exe"Nortel Antivirus rogue security software - not recommended"
X [random name] wox.exe"Nortel Antivirus rogue security software - not recommended"
X [random number] "rundll32.exe shell32.dllControl_RunDLL [random number].cpl"
X [random number] explorer.exe"Added by the KEYLOG-AN TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%\service"
X [Randomly chosen existing folder name] _autorun.exe"Added by the ANTINNY-L WORM!"
X [Randomly chosen existing folder name] _cfg.exe"Added by the ANTINNY-L WORM!"
X [Randomly chosen existing folder name] _config.exe"Added by the ANTINNY-L WORM!"
X [Randomly chosen existing folder name] _env.exe"Added by the ANTINNY-L WORM!"
X [Randomly chosen existing folder name] _loader.exe"Added by the ANTINNY-L WORM!"
X [Randomly chosen existing folder name] _login.exe"Added by the ANTINNY-L WORM!"
X [Randomly chosen existing folder name] _setup.exe"Added by the ANTINNY-L WORM!"
X [Randomly chosen existing folder name] _start.exe"Added by the ANTINNY-L WORM!"
X [random] lsass.scr"Added by the BANCBAN-CW TROJAN!"
X [random] svchost.scr"Added by the BANCBAN-CY TROJAN!"
X [random] [random]tssd.exe"Antivirus Suite and AntiSpyware Soft rogue security software - not recommended
X [random] [random]sysguard.exe"Antivirus Soft
X [random] [random]sftav.exe"Antivirus Soft rogue security software - not recommended
X [trojan filename] Install.exe"Added by the BANCBAN-FS TROJAN!"
X [trojan name] svchost.exe"Added by the BANCBAN-CI TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
X [unknown name] WINBASICS32.EXE"Added by the SDBOT-JH WORM!"
X [unknown] WIN32OP.EXE"Added by the SDBOT-U WORM!"
X [unknown] ADVAP.EXE"Added by the SDBOT-W WORM!"
X [username] config [path to trojan]"Added by the MOSUCK-H TROJAN!"
X [various filenames] qtsks.exeAdded by the WEBDOR.Y TROJAN
X [various names] elf.exe"Elf is a hacker program
X [various names] crsrs.exe"Added by the FORBOT-AK WORM!"
X [various names] Windows32.exeAdded by any of a number of WORM or TROJAN variants
X [various names] bling.exe"Added by the RBOT-NI WORM!"
X [various names] mediaplayer32.exe"Added by a variant of the RBOT WORM!"
X [various names] winlogon32.exeAdded by an unidentified WORM or TROJAN!
X [various names] svchostss.exe"Added by a variant of the RBOT WORM!"
X [various names] win32snd.exe"Added by the RBOT-DQ WORM!"
X [various names] shch.exePremium rate adult content dialler
X [various names] PasswdMon.exe"Wareout - malware masquerading as a spyware and dialer remover"
X [various names] runload32.exe"Wareout - malware masquerading as a spyware and dialer remover"
X [various names] dstart2.exe"Adware - detected by Kaspersky as the SMALL.ALW TROJAN!"
X [various names] msdos32.exeAdded by a variant of the AGENT.AH TROJAN!
X [various names] sitebar.exeAdded by an unidentified TROJAN!
X [various names] backorif.exe"Added by a NTROOTKIT TROJAN variant!"
X [various names] bhoserv.exe"Added by a NTROOTKIT TROJAN variant!"
X [various names] driver32.exe"Added by a variant of the SDBOT WORM!"
X [various names] hyandex.exe"Added by a NTROOTKIT TROJAN variant!"
X [various names] Uint32.exe"Added by a NTROOTKIT TROJAN variant!"
X [various names] Uint32.exe"Added by a NTROOTKIT TROJAN variant!"
X [various names] _ctcp.exe"Wareout - malware masquerading as a spyware and dialer remover"
X [various names] 10010.exe"Wareout - malware masquerading as a spyware and dialer remover"
X [various names] 321102.exe"Wareout - malware masquerading as a spyware and dialer remover"
X [various names] 34763.exe"Wareout - malware masquerading as a spyware and dialer remover"
X [various names] abrek.exe"Wareout - malware masquerading as a spyware and dialer remover"
X [various names] ActionScr.exe"Wareout - malware masquerading as a spyware and dialer remover"
X [various names] AliceSD.exe"Wareout - malware masquerading as a spyware and dialer remover"
X [various names] AppMasterCenter.exe"Wareout - malware masquerading as a spyware and dialer remover"
X [various names] atl_helper.exe"Wareout - malware masquerading as a spyware and dialer remover"
X [various names] ATLIEHELPER.exe"Wareout - malware masquerading as a spyware and dialer remover"
X [various names] avpmondll.exe"Wareout - malware masquerading as a spyware and dialer remover"
X [various names] awinrar.exe"Wareout - malware masquerading as a spyware and dialer remover"
X [various names] backd.exe"Wareout - malware masquerading as a spyware and dialer remover"
X [various names] backorif.exe"Wareout - malware masquerading as a spyware and dialer remover"
X [various names] barint.exe"Wareout - malware masquerading as a spyware and dialer remover"
X [various names] bhoserv.exe"Wareout - malware masquerading as a spyware and dialer remover"
X [various names] bingo9.exe"Wareout - malware masquerading as a spyware and dialer remover"
X [various names] bnui.exe"Wareout - malware masquerading as a spyware and dialer remover"
X [various names] Bogobot.exe"Wareout - malware masquerading as a spyware and dialer remover"
X [various names] borlandg.exe"Wareout - malware masquerading as a spyware and dialer remover"
X [various names] BoundRec.exe"Wareout - malware masquerading as a spyware and dialer remover"
X [various names] br0ken.exe"Wareout - malware masquerading as a spyware and dialer remover"
X [various names] Brong32.exe"Wareout - malware masquerading as a spyware and dialer remover"
X [various names] clamav.exe"Wareout - malware masquerading as a spyware and dialer remover"
X [various names] cmon14.exe"Wareout - malware masquerading as a spyware and dialer remover"
X [various names] cnftips.exe"Wareout - malware masquerading as a spyware and dialer remover"
X [various names] control64.exe"Wareout - malware masquerading as a spyware and dialer remover"
X [various names] corrida.exe"Wareout - malware masquerading as a spyware and dialer remover"
X [various names] CToolBar.exe"Wareout - malware masquerading as a spyware and dialer remover"
X [various names] DCC_send.exe"Wareout - malware masquerading as a spyware and dialer remover"
X [various names] defect08.exe"Wareout - malware masquerading as a spyware and dialer remover"
X [various names] Dest068.exe"Wareout - malware masquerading as a spyware and dialer remover"
X [various names] dialer423.exe"Wareout - malware masquerading as a spyware and dialer remover"
X [various names] diskserv.exe"Wareout - malware masquerading as a spyware and dialer remover"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.

Powered By Pac's Startup list

Copyright 2003-2013 iamnotageek &/or Martin Krohn.