Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77
78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99
If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown



Startup Name Process Name Details
UAgere SoftModem Messaging AppletAGRSMMSG.exeInstalled with the drivers for internal software modems based upon Lucent/Agere Systems chipsets - required if you use the SoftModem Assistant to configure the modem
UAModemLockDownModemLockDown.exe"ModemLockDown - allows you to supervise internet access by disabling the modem
UATIModeChangeAti2mdxx.exe"Installed with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. After testing it's exact function isn't known at this time and it doesn't appear to be running even with the startup entry enabled - hence the ""U"" recommendation"
Yazmodemazexe.exe"Aztech Labs modem driver"
XBron-Spizaetus-5118REPMkomodo-6321422.exe"Added by the BRONTOK-R WORM!"
UBTModemProtectionBTModemProtection.exe"BT Privacy Online modem protection software
XCable Modem AdapterWindowsSec.exe"Added by the WOOTBOT.A WORM!"
UComodo FirewallCPF.exe"Comodo Firewall"
YCOMODO Firewall Procfp.exe"Comodo Firewall Pro"
UComodo Launch Pad TrayCLPTray.exe"System Tray access to LaunchPad as bundled with Comodo's freebie offerings such as Comodo Anti-Virus. Some allege that LaunchPad is impossible-to-uninstall adware
YCOMODO Memory Firewallcmf.exe"""Comodo Memory Firewall is a buffer overflow detection and prevention tool which provides the ultimate defence against one of the most serious and common attack types on the Internet - the buffer overflow attack"""
UCompanion Modulecompanion.exe"The AOL Companion is a small window that appears when you connect to the service using verison 8.0 and early builds of version 9.0. ""Use the Companion to quickly get to your favourite features
NCompaq Computer Corp SCCenter ModuleSCCENTER.EXEFor Compaq PC's. Part of Backweb
XCTDrive"rundll32.exe drvmod.dllstartup"
XCtModuleCtModule.exe"Added by the CLICKER-EG TROJAN!"
UCyber Trioshowmode.exe"From G-Tek Technologies. Allows you to set the PC in one of three modes
UDon't Panicdontpanicdemodp.exe"30-day trial version of Don't Panic privacy software from Panicware. "Clean up Internet tracks and quickly hide personal documents with this privacy suite.""
XDriverModulecsrnvrt.exe"Added by the IRCBOT.I TROJAN!"
XeZmmodmmod.exe"eZula TopText adware"
XezulaeZmmod.exe"eZula TopText adware"
XFdr Command Modulesp2.exe"Added by the SDBOT.WP WORM!"
XFramework module libraryinfocard.exe"Added by the BUZUS.AYX TROJAN!"
XFwr Command Modulefwr.exe"Added by the SDBOT-PP WORM!"
XGerenciamento de arquivos do WindowsWinmod32.exe"Added by the DLOADER-WG TROJAN!"
XGetModule18GetModule18.exe"Internet Speed Monitor adware related - see example here"
XGetModule19GetModule19.exe"Internet Speed Monitor adware related - see example here"
XGetModule20GetModule20.exe"Internet Speed Monitor adware related - see example here"
XGetModule21GetModule21.exe"Internet Speed Monitor adware related - see example here"
XGetModule23GetModule23.exe"Internet Speed Monitor adware related"
XGetModule24GetModule24.exe"Internet Speed Monitor adware related - see example here"
XGetModule25GetModule25.exe"Internet Speed Monitor adware related - see example here"
XGetModule27GetModule27.exe"Internet Speed Monitor adware related"
XGetModule29GetModule29.exe"Internet Speed Monitor adware related - see example here"
XGetModule30GetModule30.exe"Internet Speed Monitor adware related"
UioloDelayModuledelay.exe"Part of Iolo System Mechanic. Used to delay the start of an application which loads automatically as Windows loads"
XISMModuleISMModule.exe"Internet Speed Monitor C adware related - see example here"
XISMModule2ISMModule2.exe"Internet Speed Monitor C adware related - see example here"
XISMModule3ISMModule3.exe"Internet Speed Monitor C adware"
XISMModule4ISMModule4.exe"Internet Speed Monitor A adware related"
XISMModule6ISMModule6.exe"Internet Speed Monitor C adware related - see example here"
XISMModule7ISMModule7.exe"Internet Speed Monitor C adware related - see example here"
XISMModule8ISMModule8.exe"Internet Speed Monitor C adware related"
XKernel Safe Modesmss.exe"Added by the 78CRACK-A TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
UKrnlmodKrnlmod.exeKeystroke logger/monitoring program - remove unless you installed it yourself!
XLinksys Modem Driverslinksys.exeAdded by the IRCBOT.VD WORM!
?LLMODCL2"rundll.exe setupx.dll InstallHinfSection ..LLMODCL2.INF"
YLTWinModem1ltmsg.exe"Lucent Technologies (now Alcatel-Lucent) WinModem - which uses software rather than hardware
Xmain_moduledrvmmx32.exe"Added by the DILA TROJAN!"
XMicrosoft Safe Mode Managersafemode.exe"Added by the IRCBOT.HM BACKDOOR!"
XMicrosoft Servicesmodule.exe"Added by the LAVITS WORM!"
XMicrosoft Update Modulerundll24.exe"Added by the RBOT-PS WORM!"
XMicrosoft's System ModuleSysmodule.exe"Added by the BDOOR-FJ BACKDOOR!"
Xmmodmmod.exe"eZula TopText adware"
NMODmuamgr.exe"Using MicroAngelo On Display
XModemlocatesvc.exe"Added by a variant of the SPYBOT WORM!"
XModem Driverz Updatesmdmdrv.exe"Added by a variant of the SDBOT WORM!"
UMODEMBTRMODEMBTR.EXE"Modem Booster from inKline Global to improve ISP connections"
XModeminfModeminf.exe"Added by a variant of the CRYPTER.C TROJAN!"
UModemOnHoldMOH.EXE"NetWaiting/Modem-on-Hold - allows you to place your Internet connection on hold while you take a voice call (if Call Waiting is supported by your phone company). See here for more information"
UModemOnHoldnetWaiting.exe"NetWaiting/Modem-on-Hold - allows you to place your Internet connection on hold while you take a voice call (if Call Waiting is supported by your phone company). See here for more information"
NModemUtilitymdmsetpe.exeSystem Tray configuration icon for Aztech modems
XModifiet Amateur HTPBwuaclt.exe"Added by the IRCBOT.AYS WORM!"
UModPS2ModPS2Key.exe"Hotkey drivers for Chicony keyboard. Required if you use the hotkeys"
XModularConfigsyscnfg.exe"Added by an unidentified VIRUS
XModule Call initialize"RUNDLL32.EXE reg.dll ondll_reg"
XModulo 00FE0F01 Host Internetsyschost.exe"Added by the DELF-KW TROJAN!"
XMSDriverundll32.exe drvmod.dll"Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""drvmod.dll"" file is found in %System%"
Xntsmodntsmod.exe"Adware downloader/installer
?PCIMODEMpcimodem.exe"Associated with Lucent based Aztech MDP7800-U PCI modems. Is it required?"
NPitFrame ModuleReminder.exe"Registration reminder for the PC Pitstop Optimize 2.0 system optimizatoon utility by CA. Located in %ProgramFiles%\PCPitstop\Optimize2"
XPVModulepvmodule.exe"Adperform.com/Adoptim.com adware - located in %ProgramFiles%\PrintView and detected by Avira AntiVir antivirus as the AGENT.ALB TROJAN! NOTE - the 'real' PrintView installs in C:\CBR folder"
XQdrModule10QdrModule10.exe"Internet Speed Monitor adware"
XQdrModule11QdrModule11.exe"Internet Speed Monitor adware related - see example here"
XQdrModule12QdrModule12.exe"Internet Speed Monitor adware related - see example here"
XQdrModule13QdrModule13.exe"Internet Speed Monitor adware related - see example here"
XQdrModule15QdrModule15.exe"Internet Speed Monitor I adware"
XQdrModule16QdrModule16.exe"Internet Speed Monitor adware related - see example here"
XQdrModule17QdrModule17.exe"Internet Speed Monitor I adware"
XQdrModule9QdrModule9.exe"Internet Speed Monitor H adware"
XRecycler DO NOT MODIFYrecyclecl.exe"Added by the RBOT.DDA WORM!"
?SetCacheMode"rundll32.exe ptipbmf.dll SetWriteCacheMode"
Usmodulsmodule.exe"UserMonitor from Neuber. Teachers can broadcast screen to other screens
USoftK56 Modem Drivercarpserv.exe"Associated with Zoltrix and Conexant modems - enables the internal modem speaker
Xsysmodsysmod.exe"Added by the SPYBOT-DU WORM!"
XSystem Document Applicationnmod.exe"Added by the SDBOT-ABB WORM!"
XSystem Setuprpcxcmod.exeAdded by an unidentified WORM or TROJAN!
XTaskManager Load ModuleTSKMNGR32.EXE"Added by the SPYBOT.I WORM!"
Xtgbcdemodule32.exe"Added by the REIGN.R TROJAN!"
UV.92 Modem On HoldLtmoh.exeModem On Hold utility - manages incoming/outgoing voice calls on a single phone line while being connected to the internet
XWin32BaseServiceMODWintask.exe"Added by the NAVIDAD WORM!"
XWIN3S2SNDSwinabsmod.exe"Added by the AGENT.DN TROJAN - known to BOClean as ""CWS/INDEX""
XWindows 128 Modulewin128.exe"Added by the FORBOT-ES WORM!"
XWindows mod VerifierWindows-mod.exe"Added by the RBOT.DSU WORM!"
XWindows modez Verifierw1nz0zz0.exe"Added by a variant of the SDBOT WORM!"
XWindows modez VerifierWindow2.exe"Added by a variant of the RBOT WORM!"
XWindows modez VerifierWindowsLogon.exe"Added by a variant of the SDBOT WORM!"
XWindows modez VerifierWwuamguard.exe"Added by the RBOT.EZJ WORM!"
XWindows modez Verifierwinlogom.exe"Added by a variant of the RBOT WORM!"
XWindows modez VerifierWindows-.exe"Added by the RBOT-DIO WORM!"
XWindows modez Verifiertaskmngr.exe"Added by a variant of the RBOT WORM!"
XWindows modez Verifierwinl0g0z.exe"Added by the RBOT-FNB WORM!"
XWindows modez Verifierwuamguard.exe"Added by the RBOT.EZJ BACKDOOR!"
XWindows Security Modulemodule.exe"Added by a variant of the RBOT WORM!"
XWindows User Mode Driver Managerwdfmrg.exe"Added by the SDBOT-ZN WORM!"
XWindowsXP ModuleDirectX3D.exe"Malware
Ywinmodemwmexe.exe"Software for software based modems. Required if you have one of these. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem information"
XWinSysModule[path to trojan]"Added by the AGENT-DIQ TROJAN!"
NWXProcMgr ModuleWXprocMgr.exe"TVTonic from Wavexpress - ""enjoy 3 full-screen
YXircWinModem4ltcm000c.exe"WinModem drivers. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem information"


DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.

Copyright 2003-2013 iamnotageek &/or Martin Krohn.