Init

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

"Y" - Normally leave to run at start-up
"N" - Not required - typically infrequently used tasks that can be started manually if necessary
"U" - User's choice - depends whether a user deems it necessary
"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
"?" - Unknown

	Startup Name	Process Name	Details
N	AHQInit	ahqinit.exe	Part of AudioHQ for the Soundblaster Live!. Appears as though it makes the AudioHW toolbar drop down from the top of the desktop and isn't required
X	AppletINIT	INITIATE.EXE	"Added by the AGOBOT.XV TROJAN!"
Y	Aureal A3D Interactive Audio Init	A3dInit.exe	For Aureal based 3D soundcards. A3D sound features won't work with this disabled
Y	avinit	AVINIT9X.EXE	"Command Antivirus related"
Y	avxlni	avxinit.exe	"Anti-virus part of BitDefender virus scanner/firewall"
Y	BitDefender Live! Init	bdinit.exe	"BitDefender antivirus"
Y	BullGuardInit	AVXINIT.EXE	"Part of Bullguard antivirus"
X	Bymer.Scanner	Wininit.exe	"Added by the BYMER WORM!"
X	Bymer.Scanner	Msinit.exe	"Added by the BYMER WORM!"
Y	CertStoreInit	CertStoreInit	"Aladdin eToken authentication and password management"
?	ChronitelInitTV	CHTVINIT.EXE	"??"
N	DocuMagix Init	PWATCH.EXE	"PaperMaster is an application for the PC designed to automate the process of organizing
Y	DvpInitExe	Dvpinit.exe	"Command Antivirus related"
?	eSupInit	eSupCmd.exe	"Related to SupportSoft (aka Support.com) ""Real-Time Service Management software"". What does it do and is it required?"
U	High Definition Audio Property Page Shortcut	CHDAudPropShortcut.exe	"Realtek audio card related. Probably adds the odd feature to one of the ""Sounds"" Control Panel applet tabs - doesn't appear to be required"
N	High Definition Audio Property Page Shortcut	HDAShCut.exe	High definition audio page shortcut for Realtek audio devices - not required
U	High Definition Audio Property Page Shortcut	CHDAudPropShortcut.exe	"Realtek audio card related. Probably adds the odd feature to one of the ""Sounds"" Control Panel applet tabs - doesn't appear to be required"
?	HP Visualize Init	HpVisIni.exe	"HP Visualize software related. What does it do and is it required?"
X	Init	[path to trojan]	"Added by the DROPPER.EAT TROJAN!"
X	Init32	Init32.exe	"Added by the WINEX.A TROJAN!"
X	Initial Page	install.exe	EasySearch browser hijack installer
Y	Initialize8x8	8x8_init.exe	Tool that initializes a Pinnacle PCTV card - maybe in capture or in showing overlay
U	JobHisInit	JobHisInit.exe	Used by Ricoh network printers to enable network printing from the client
X	logonUiInit	Rundll32.exe rgtndz.dll	"Identified as a variant of the Trojan-Clicker.Win32.Agent.bqy malware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""rgtndz.dll"" file is found in %System%"
N	MHINIT	MHINIT.EXE	Part of the Cybermedia Clean Sweep package
X	Microsoft Initialization Service	initsvc.exe	"Added by the IRCBOT.AXK BACKDOOR!"
X	Microsoft Initialization Services	initserv.exe	"Added by the IRCBOT-ABO TROJAN!"
X	Microsoft Security Process	wininit.exe	"Added by the RBOT-FKM WORM!"
X	Microsoft Setup Initializazion	localhost.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Microsoft System Init	mtmnr0.exe	"Added by the SDBOT.BR TROJAN!"
X	Microsoft Update	wininit.exe	"Added by the RBOT-AKR WORM!"
X	Microsoft Update 32	wininit.exe	"Added by the RBOT-ANY WORM!"
X	Microsoft Update 32	wininit32.exe	"Added by the RBOT-AKJ WORM!"
X	Microsoft Update 32	winitXP32.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Update 32	wuinit.exe	"Added by the AGOBOT-UE WORM!"
X	Microsoft Update 33	init.exe	"Added by the RBOT-ATT WORM!"
X	Microsoft Update 64 BIT	wininit32.exe	"Added by the RBOT-AHE WORM!"
X	Microsoft Updates	winit.exe	"Added by the SDBOT-CSB WORM!"
X	Microsoft WinUpdate	WinNTinit32.exe	"Added by the RBOT.VS WORM!"
X	Microsotufed Update 32	windinit.exe	"Added by the RBOT-CTJ WORM!"
X	Module Call initialize	"RUNDLL32.EXE reg.dll	ondll_reg"
X	MS Initial	mstinitial.exe	"Added by the IRCBOT.ASP BACKDOOR!"
X	MS Windows Process Init	MSWPI32.exe	"Added by the RBOT-ASQ WORM!"
U	MultiCAM Initializer	MCamBoot.exe	"The MultiCAM Initializer is part of the MultiCAM software package provided by Vista Imaging in order to run up to 10 USB ViCAM or 3Com Home Connect PC Digital cameras on a single computer. Clears itself from memory once initialized but can also be safely disabled"
N	NInit	NInit.exe	Norton Uninstall Deluxe. Monitors programs being installed and logs them for removing later. Available via Start -> Programs for manual logging - not required
?	NvColorInit	"rundll32.exe NvQtwk.dll	NvColorInit"
N	NvInitialize	"rundll32.exe NvQtwk.dll	NvXTInit"
?	OEPowerPlugs	winoeinit.exe	"??"
X	PC	userinity.exe	"Added by the PROVIS-A TROJAN!"
X	PC2X	initial.bat	"Added by the DWNLDR-FZZ TROJAN!"
U	PMXInit	pmxinit.exe	Restores user display preferences Kyro2 based graphics cards. Not required unless you change the default settings - such as gamma
N	PowerQuest Startup Utility	PQINIT.EXE	"From a visitor - "This seems to be installed when you install Power Quest Partition Magic. I think that it implements the changes when you use the magic mover app. If you don't have any mappings set up
X	run=	svcinit.exe	"CoolWebSearch parasite variant"
U	scheduler_monitor	init_scheduler.exe	"Scheduler for ReaConverter advanced image converter"
U	SchedulingAgent	mstinit.exe	"MS Scheduling Agent in WinNT - displayed as a box with a stopwatch in the System Tray that is only needed if you have regular scheduled disk defragmenting
X	Shell	Explorer.exe init32m.exe	"Added by the DLSW-B TROJAN! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The ""init32m.exe"" file is located in %System%"
?	SHINITV	shinitv.exe	"??"
N	Shockwave Init	SWINIT.EXE	Part of Macromedia Shockwave. Controls the Shockwave Remote Control Panel. The Remote Control can be activated manually from the Start Menu by locating and selecting Shockwave and then Shockwave Remote under Programs
X	softIce Update 32	wininits.exe	"Added by the RBOT-ANB WORM!"
X	SVC Service	svcinit.exe	"Added by the SINIT TROJAN!"
X	SVC Service	svcinit.exe	"CoolWebSearch parasite variant"
X	SysInit	svchost.exe	"Added by the STARTPA-BD TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Common Files"
X	SysInit	wininit32.exe	"Added by the XABOT WORM!"
X	sysinit	services.exe	"Added by the NEWLFRM-A TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %System%\golumm"
X	Syskey	sysinit.exe	"Added by the BEAGLE.AX WORM!"
X	System Init	systeminit.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	System Initialization	msmsgri32.exe	"Added by the RANDEX.D WORM or ROXY or ROXY.B TROJANS!"
X	System Initialization	payload.dat	"Added by the RANDEX.D WORM or ROXY or ROXY.B TROJANS!"
X	system32.dll	systeminit.exe	"CoolWebSearch parasite variant - re-directing to your-search.info"
X	SystemInit	iservc.exe	"Added by the FIZZER WORM!"
X	systeminit	systeminit.exe	"Added by the SILLYFDC-AN WORM!"
U	TrojanShield	Init.exe	"TrojanShield"
X	Unix File Support	init3.exe	"Added by the RBOT-ZN WORM!"
X	upddateit	winit.exe	"Added by the RBOT-MS WORM!"
X	Userinit	lsass.exe	"Added by the VIRAN-A TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Program Files%\Common Files%\System"
X	userinit	winlogon.exe	"Added by the DLOADER-TP TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	userinit	smss.exe	"Added by the DLOADR-B TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	userinit	choo_003956f4	"Added by the PEED.16896 TROJAN!"
X	userinit	ntos.exe	"Added by the AGENT-ECU TROJAN!"
X	Userinit	cologsver.exe	"Added by the DROPPER.DJO TROJAN!"
X	UserInit StartUp	rpcxuisu.exe	"Added by a variant of the SDBOT WORM!"
X	userinit.exe	userinit.exe	"Added by the HAXDOOR-DP TROJAN!"
X	virtual	winit.exe	"Added by the MUGLY.A or MUGLY.B WORMS!"
X	VxD Driver Initialization	ntsvxd.exe	"Added by the SDBOT-LW WORM!"
X	Win32 USB Driver	winxpinit.exe	"Added by the SDBOT.AA TROJAN!"
X	Win32 Wmls Driver	winitr32.exe	"Added by the WOOTBOT.B WORM!"
X	Windows Global Init	ngpsvc.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows Service Hosting	USERINIT.exe	"Added by the GOMMER-A WORM!"
X	Windows Service Manager	initsvc.exe	"Added by the RBOT-BWT WORM!"
X	Windows System Init	winit32.exe	"Added by a variant of the RBOT WORM!"
X	WindowsUpdate	USRINIT.EXE	"Added by the MADDIS.B WORM!"
X	WinGate initialize	WinGate.exe	"Added by the LOVGATE.F WORM!"
X	wininit	wininit.exe	"Added by the WOLLF.16 TROJAN!"
X	WinInit	Win86.exe	"Added by the SMALL-PB TROJAN!"
X	xccinit	rundll33.exe xccdf16_090131a.dll	"Added by the BUZUS-AD TROJAN! Note - the ""rundll33.exe"" file is located in %System%\inf and the ""xccdf16_090131a.dll"" file is located in %Windir%"
X	xccinit	rundll33.exe xccdf16_090305a.dll	"Added by the BUZUS-AF TROJAN! Note - the ""rundll33.exe"" file is located in %System%\inf and the ""xccdf16_090305a.dll"" file is located in %Windir%"
X	[random name]	??erinit.exe	"PurityScan adware"
X	[random name]	userinit.exe	"PurityScan adware. Do not confuse with the legitimate Userinit Logon Application (userinit.exe) process which is always located in %System% and should not figure in Msconfig/Startup!"
X	[various names]	init32.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	WinInitDll.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	XTermInit.exe	"Wareout - malware masquerading as a spyware and dialer remover"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.