Install

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

"Y" - Normally leave to run at start-up
"N" - Not required - typically infrequently used tasks that can be started manually if necessary
"U" - User's choice - depends whether a user deems it necessary
"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
"?" - Unknown

	Startup Name	Process Name	Details
X	180ClientStubInstall	stubinstaller***.exe [ = digit]	"180Solutions adware related"
X	180ClientStubInstall	[path to trojan]	"180Solutions adware related"
X	180ClientStubInstall	*****.tmp [ = random digit/char]	"180Solutions adware related"
X	3P_UDEC_IA	IAInstall.exe	"Installer for the Internet Antivirus and Internet Antivirus Pro rogue security software - not recommended
X	AddClass	[Installation_Path]	"Added by the STARTPAGE.F hijacker"
?	ADSL_A2	A2Installed	"Associated with an Integrated Telecom Express (ITeX) ADSL driver installation. What does it do and is it required?"
U	Advanced Uninstaller PRO Installation Monitor	monitor.exe	"Innovative Solutions Advanced Uninstaller PRO - ""easy-to-use suite for uninstalling applications and keeping your computer fast
N	AIMWDInstall	AIMWDInstall.exe	"Version of the WildTangent on-line games installer that came with versions of AOL Instant Messenger. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case"
X	Antivirus Installer	[path to trojan]	"Added by the BADGENT-A TROJAN!"
X	AntivirusBEST	Installer.exe	"Installer for the AntivirusBEST rogue security software - not recommended. Removal instructions here"
N	ashampoo Magical UnInstall	MagicalUnInstall.exe	"Ashampoo® Magical UnInstall from Ashampoo GmbH & Co. KG - which monitors each new program installation
N	ashampoo UnInstaller Watcher	UIWatcher.exe	"Part of the Ashampoo® UnInstaller series from Ashampoo GmbH & Co. KG - including UnInstaller Platinum 2
X	atf_reinstall	atf.exe	"Part of the AVSystemCare rogue security software - not recommended. See here"
X	b3d	BDEsecureinstall.exe	"B3d Projector foistware - periodically trys to access the internet. (1) Uninstall it via Start -> Settings -> Control Panel -> Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in the ""System"" directory. (3) Disable and ideally delete it from the registry. (4) Remove the ""BDE"" directory and all its contents"
X	Back Updates	Uninstall.log.vbs	"Added by the YPSAN.D WORM!"
N	BMail Installation	FTP_back.exe	"Part of iMesh - a file sharing system. Reported by Norton AntiVirus as a trojan. Once deleted does not prevent file sharing working. Older versions of iMesh re-instate this but the newer versions do not"
X	BootCfg	Install.log.vbs	"Added by the YPSAN.D WORM!"
X	BootsCfg	wscript.exe Install.log.vbs	"Added by the YPSAN.E WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The ""Install.log.vbs"" file is located in %System%"
X	CABCInstall	CABCInstall.exe	"Ignite Technologies (was CABC) content delivery software"
X	ContinueInstall	bpsinstall.exe	"BrowserAid/BrowserPal foistware"
N	Data LifeGuard LifeLine Lite installer	DLGLI.EXE	"Backweb installer - see here"
?	Eac_rnvdl	ANTIVIRUS_INSTALL.EXE	"??"
U	eanthology_install.exe	eanthology_install.exe	"eAcceleration Stop-Sign security software related. Previously not recommended
X	explorer	Yinstall.exe	"PurityScan/Clickspring adware"
X	f2install.exe	f2install.exe	"Added by the IEFEAT-I TROJAN!"
X	Flash_Player_Install	ying.exe	"Constructor VC2000 malware"
?	FridaysInHellInstaller	FridaysInHellInstaller.exe	"??"
?	GSISETUP	[path] GsiInst.exe INSTALL [path] V205Res 13	"BT Voyager ADSL modem related - what does it do and is it required?"
X	Initial Page	install.exe	EasySearch browser hijack installer
X	Install	Install.exe	"Added by the BANCBAN-HG TROJAN!"
X	Install part II	updates.exe	"Added by the RELFEERWORM!"
?	Install Pending Files	sifxinst.exe	"Uninstall program for Lanovation's Prism Deploy and Prism Pack adminstrators software deployement tools. For specific information see here. Is it required?"
x	install32	install32.exe	"Added by the NUCLEAR.DG BACKDOOR!"
N	InstallAurealDemos	InstallAurealDemos.js	Used to initialize the Aureal A3D demos InstallShield wizard
U	InstallBuddy	Ibtna.exe	"InstallBuddy - automatically translates and installs your desktop documents
X	InstallCleaner	InstallCleaner.exe	"Added by the ANYHOMB.F TROJAN!"
X	Installed shell32.dll	Office.exe...	"Added by the LOVGATE.AO WORM!"
X	Installed shell32.dll	Office.exe	"Added by the LOVGATE.E WORM!"
X	Installer	dial.exe	"Malware - detected by Kaspersky as the AGENT.MM TROJAN!"
?	InstallNAIProduct	SETUP.EXE	"Could be related to Network Associates Inc who own the McAfee VirusScan product amongst others. This was found in a directory called "VSC". Could it be an installation that failed and "SETUP.EXE" was left to run at startup as an error?"
X	InstallProgram	[path to trojan]	"Added by the AGENT-HHU TROJAN!"
X	InstallProvider	newsoftware2007install.exe	"Part of WinAntiVirusPro 2007 and Privacy Protector rogue security software (and possibly others) - not recommended"
X	Installs SP2	[path] repcale.exe [path] palsp.exe	"Added by a variant of the RANDON.AN WORM! Both files are located in %System%\qpalsp"
X	Installs SP4	[path] repcale.exe [path] p0rd.exe	"Added by the RANDON-AK WORM! Both files are located in %System%\ekrlgc"
U	Installstub	installstub.exe	"Tool for Outlook and Outlook Express from Plaxo for organising and keeping contacts organised and updated and providing online access to your contacts and access from PDA or mobile phone"
X	Internet Loader1	MSInstall61.exe	"Added by the KWBOT.B WORM!"
X	ist service uninstall	[random filename]	"ISTBar adware related"
X	istinstall zazzer.exe	istinstall zazzer.exe	Unidentified adware downloader/installer
Y	LogitechRegisterVideoApplications	InstallHelper.exe	Entry added when you install versions of the Logitech QuickCam webcam software and used to register video applications that can use the webcam on the first reboot after installing the software
U	LogitechVideo[inspector]	InstallHelper.exe	Entry added when you install versions of the Logitech QuickCam webcam software and used to monitor and register video applications that can use the webcam. It isn't normally running but you could disable it and re-enable it before you install supported applications
?	M Player Post Installer	postinstallm.exe	"??"
X	M3Development_WhenUSave_Installer	M3Development_WhenUSave_Installer.exe	"WhenU.Save adware"
N	MagicalUnInstall	MagicalUnInstall.exe	"Ashampoo® Magical UnInstall from Ashampoo GmbH & Co. KG - which monitors each new program installation
N	MagUninstall	MagicalUnInstall.exe	"Ashampoo® Magical UnInstall from Ashampoo GmbH & Co. KG - which monitors each new program installation
X	MbarInstall	[random filename]	"Mirar adware"
Y	McAfee Application Installer	mcappins.exe	Used by older versions of McAfee internet security related products to clean up installation files that are no longer required once the product is installed. This entry will normally only appear once the product has been installed before the system is rebooted
X	MediaLoads Installer	dw.exe	"Medialoads adware"
N	MGA_CD_Install	mgasetup.exe	Matrox Millennium video driver. Not required once drivers installed
X	Microsoft	install.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	Microsoft Install Shield Services	rundll64	"Added by the RBOT-FSH WORM!"
X	Microsoft Installshield	nundll32.exe	"Added by the AGOBOT-AHZ WORM!"
?	MM Install	setup.exe	"Possibly Money Manager from Moneysoft?"
N	Movielink Manager Uninstall	msvcmm32.exe	"Auto-update for Movielink - internet movie rental System Tray access"
X	MSInstall	smvss.exe	"Added by the DEDLER-G TROJAN!"
X	MSN	install.exe	"Added by the AGENT-GDO TROJAN!"
X	MyVBApp	install.exe	"Detected as Generic Downloader.s by McAfee
X	NBInstall	MBDownloader_876919.exe	"Added by the MIRAR_D TROJAN!"
U	Netscape	InstallService.exe	Related to Netscape installation
X	NI.USYP	SysProtectScannerInstall.exe	"Installer for the SysProtect rogue security software
X	NI.UWA6P_0001_N56M1001	WinAntiVirusPro2006Installer.exe	"Installer for the WinAntiVirus Pro 2006 rogue security software"
X	NI.UWA6P_0001_N69M0303	WinAntiVirusPro2006Installer[1].exe	"Installer for the WinAntiVirus Pro 2006 rogue security software"
X	NI.UWA6P_0001_N73M1004	WinAntiVirusPro2006FreeInstall.exe	"Installer for the WinAntiVirus Pro 2006 rogue security software"
X	NI.UWA6P_0001_N91M1807	WinAntiVirusPro2006FreeInstall[1].exe	"Installer for the WinAntiVirus Pro 2006 rogue security software"
X	NI.UWA7P_0001_N91M0809	WinAntiVirusPro2007FreeInstall.exe	"Installer for the WinAntiVirus Pro 2007 rogue security software - see here"
X	NI.UWAS5LP_0001_0811	UWAS5LP_0001_0811NetInstaller.exe	"Installer for the WinAntiSpyware 2005 rogue spyware remover - not recommended
X	NI.UWAS6_0001_N57M1312	WinAntiSpyware2006FreeInstall.exe	"Installer for the WinAntiSpyware 2006 rogue spyware remover - not recommended
X	NI.UWAS6_0001_N68M2301	UWAS6_0001_N68M2301NetInstaller.exe	"Installer for the WinAntiSpyware 2006 rogue spyware remover - not recommended
X	NI.UWFX5	UWFX5NetInstaller.exe	"WinFixer 2005 web installer - ""foistware""
X	NI.UWFX5	WinFixer2005ScannerInstall.exe	"WinFixer 2005 web installer - ""foistware""
X	NI.UWFX5LP_0001_0614	UWFX5LP_0001_0614NetInstaller.exe	"WinFixer 2005 web installer - ""foistware""
X	NI.UWFX5LP_0001_0715	UWFX5LP_0001_0715NetInstaller.exe	"WinFixer 2005 web installer - ""foistware""
X	NI.UWFX5LP_0001_0802	UWFX5LP_0001_0802NetInstaller.exe	"WinFixer 2005 web installer - ""foistware""
X	NI.UWFX5LP_0001_0803	UWFX5LP_0001_0803NetInstaller.exe	"WinFixer 2005 web installer - ""foistware""
X	NI.UWFX5T	UWFX5TNetInstaller.exe	"Added by the DOWNLDR-BO TROJAN!"
X	NI.UWFX5V_0001_0802	UWFX5V_0001_0802NetInstaller.exe	"WinFixer 2005 web installer - ""foistware""
X	NI.UWFX6_0001_N68M2301	UWFX6_0001_N68M2301NetInstaller.exe	"WinFixer 2006 web installer - ""foistware""
U	NokKernel install	Nok_install.exe	"Installer for the NokNet Workstation Monitor surveillance software. Uninstall this software unless you put it there yourself"
U	NSHelper	aexnsinstallhelper.exe	Altiris Express Notification Server Install helper - monitors integrity of the installation
U	NUAgentInstallPath	NU_Install.exe	"Installer associated with Chily Employee Activity Monitoring surveillance software. Uninstall this software unless you put it there yourself"
U	OSSelectorReinstall	oss_reinstall.exe	"Related to Acronis Disk Director Suite"
X	overinstall	pgs.exe	"Part of VirtualPCGuard
X	PreInstall Windows	[path] repcale.exe [path] beird.exe	"Added by a variant of the RANDON.AN WORM! Both files are located in %System%\detr"
Y	QCDriverInstaller	Lqdsw.exe	"Launches the camera driver setup wizard on the first reboot after installing Logitech's ClickSmart
X	QuickInstallPack	QuickInstallPack.exe	"Installed and used by rogue security products such as Cleaner2009
X	QuickInstallPack	CLN_2009FreeInstall.exe	"Installed and used by rogue security products such as Cleaner2009
?	RjLyraInstaller	setup.exe	"??"
X	RPCInstall	[path to trojan]	"Added by the AGENT-DQM TROJAN!"
N	SafeInstall.exe	SAFEIN~1.EXE	Monitors a download and ensures an newer version of a file isn't replaced by an older one
X	SBI	install_sbd_**.exe	"Installer for a number of rogue security products and error fixing tools - where ** represents a 2 letter language code
X	SNInstall	[various filenames]	"Spy Sheriff/SpywareNO malware
U	Spyware Nuker Installer	SpywareNukerInstaller.exe	"Spyware remover by TrekBlue. Previously not recommended but the latest version was delisted here"
X	SQInstaller	SQInstaller.exe	"Xupiter SQWire toolbar related. Use Spybot S&D
U	SRUUninstall	msiexec.exe	Symantec Network Driver Update - part of LiveUpdate
X	stcinstaller	id53.exe	"Added by the SCTHOUGHT.L TROJAN!"
X	TClock.exe	tclock_install.exe	"TClock - distributed and installed without user permission by other rogue software or malware. TClock contains no uninstall facility through Windows. As TClock is of dubious origin and usefulness
X	ToolbarInstall	MirarSetup.exe	"Mirar adware"
U	TSClientMSIUninstaller	tscuinst.vbs	"Related to Terminal Services Client Remote Desktop Connection Software from Microsoft"
X	Uninstall****	upd.exe	Adult content based screen saver where **** can be any number
N	UninstallAbility	uability.exe	"UninstallAbility free uninstaller"
X	UninstallHL	PreUninstallHL.exe	"LinkReplacer/FFinder adware"
X	UninstallQL	PreUninstallQL.exe	"LinkReplacer/FFinder adware"
X	Uninstall_TBPS	TBuninst.exe	"WebSearch Toolbar - HuntBar hijacker
X	Update Install	Schost.exe	"Added by the GAOBOT.AO WORM!"
X	UpdateCheck	winstall.exe	"Added by the SPYBOT-CY WORM!"
Y	USB SECURITY DEVICE CoInstaller	JupitCo.exe	"ButterflyMedia USB Flash drive related - required for the password security feature to work"
?	Verizon Custom Uninstall Tracking	InstallHelper.exe	"Verizon related installation tracker. What does it do and is it required?"
X	WebInstall	WebInstall.exe	ClipGenie adware downloader
X	WebInstall2	WebInstall.exe	ClipGenie adware downloader
X	Windows installer	winstall.exe	"SpySheriff malware. For more information on registry key changes see SPYWAD-E"
X	Windows Installer	ntdll.exe	Added by an unidentified WORM or TROJAN!
X	Windows Installer 1	msnconfig.exe	"Added by the PURITYSCN.B TROJAN!"
X	Windows UDP Control Center	installer.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	Windows Update	install.exe	"Added by the BANKER-IB TROJAN!"
X	WindowsInstaller	[path to file]	"Added by the DEDLER-D TROJAN! The most common filenames seen are ""csmss.exe"" and ""csmrs.exe""
X	WinSecurity	uninstall.exe	"Added by the SILLYFDC.BCJ WORM!"
X	xpsp2install	xpsp2Update.exe	"Added by the AGENT-DPK BACKDOOR!"
X	[trojan filename]	Install.exe	"Added by the BANCBAN-FS TROJAN!"
X	[various names]	install2.exe	"Wareout - malware masquerading as a spyware and dialer remover"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.