Setup

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

"Y" - Normally leave to run at start-up
"N" - Not required - typically infrequently used tasks that can be started manually if necessary
"U" - User's choice - depends whether a user deems it necessary
"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
"?" - Unknown

	Startup Name	Process Name	Details
X	*MS Setup	[random filename]	"Virtumondo adware
Y	36X Raid Configurer	JMRaidSetup.exe	"JMB36x series RAID configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers"
X	AdVantage Setup	AdVantageSetup.exe	"MeMedia.Advantage adware - optionally installed with older versions of the DAEMON Tools Lite CD emulation tool (if you don't uncheck the ""DAEMON Tools sponsor ad module"" option during install) and possibly others"
X	C:WINDOWSsystem32SetupCmd.exe	SetupCmd.exe	"Detected by Kaspersky as the AGENT.AAW TROJAN!"
X	caidiysetup	diynetsetupuni.exe	"DIYNet adware"
?	clnwall	"rundll.exe setupx.dll	InstallHinfSection ..delwall.inf"
N	Compaq Internet Setup	inetwizard.exe	For Compaq PC's. Runs Compaq internet setup wizard and offers you to signup from ISP list
X	configsetup	configsetup32.exe	"Added by the AGOBOT-AFP WORM!"
X	Disk Panel Setup	npcsvc.exe	"Added by a variant of the IRCBOT TROJAN!"
N	Eapcisetup	sbsetup.exe	Rockwell RipTide soundcard application software. Sound works without it
N	EAPCISETUP	wizard.exe	Part of the Creative Sounblaster PIC Installation Wizard. Probably left as a result of a failed installation
X	Firewall auto setup	winlogon.exe	"Added by the AGENT-EDB TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Temp%"
X	Firewall auto setup	[path to trojan]	"Added by the AGENT-GLY TROJAN!"
U	FJTWAIN Setup	FjtwSetup.exe	Fujitsu scanner utility
U	FtLnSOP_setup	FtLnSOP.exe	Fujitsu scanner utility
X	Google service	Googlesetup.exe	"Added by the IRCBOT-RJ WORM!"
?	GSISETUP	[path] GsiInst.exe INSTALL [path] V205Res 13	"BT Voyager ADSL modem related - what does it do and is it required?"
X	Highspeeddownloader	SetupClickHere.EXE	"Homepage hijacker
X	HLcleanup	hlsetup2.exe	"LinkReplacer/FFinder adware"
U	HWSetup	HWSetup.exe hwSetUP	"""Toshiba Hardware Setup is the Toshiba configuration management tool available through Windows."" Allows the user to change BIOS
X	iesetupi.exe	iesetupi.exe	"Added by a variant of the RBOT WORM!"
?	InstallNAIProduct	SETUP.EXE	"Could be related to Network Associates Inc who own the McAfee VirusScan product amongst others. This was found in a directory called "VSC". Could it be an installation that failed and "SETUP.EXE" was left to run at startup as an error?"
Y	JMB36X Configure	JMRaidSetup.exe	"JMB36x series RAID configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers"
U	JMB36X IDE Setup	JMInsIDE.exe	"JMB36x series IDE (or Parallel ATA) configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers"
U	JMB36X IDE Setup	xInsIDE.exe	"JMB36x series IDE (or Parallel ATA) configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers. This is normally located in %Windir%\RaidTool"
X	keymgrldr	"rundll32 setupapi	InstallHinfSection... keymgr3.inf"
?	LanzarL2007	[path] setup.exe	"??"
?	LLMODCL2	"rundll.exe setupx.dll	InstallHinfSection ..LLMODCL2.INF"
N	Logitech Desktop Messenger	setup-8876480.exe	"Installer for Logitech Desktop Messenger included with older versions of the software for Logitech products - which automatically checks for software upgrades and new products
Y	Lusetup	LUSetup.exe	"Symantec LiveUpdate installer - required to install a new version of the application. Will only run once
X	MCAFEEIPS	setup.exe	"Added by the WHITEWELL TROJAN!"
X	MemConfig	SetupIE.com	"Added by the TAPLAK WORM!"
N	MGA_CD_Install	mgasetup.exe	Matrox Millennium video driver. Not required once drivers installed
X	Microsoft Driver Setup	msddrv42.exe	"Added by the PALEVO WORM!"
X	Microsoft Driver Setup	Jwrb.exe	"Added by the AUTORUN-AOB WORM!"
X	Microsoft Driver Setup	dllhost.exe	"Added by the AUTORUN-AOZ WORM!"
X	Microsoft Driver Setup	sysmngsr322.exe	"Added by the BUZUS-AS TROJAN!"
X	Microsoft Driver Setup	w7services.exe	"Added by the AUTORUN-ARJ WORM!"
X	Microsoft Driver Setup	mslsrv32.exe	"Added by the SDBOT-DPF TROJAN!"
X	Microsoft Driver Setup	ccdrive32.exe	"Added by the AGENT-LYL TROJAN!"
X	Microsoft Driver Setup	cidrive32.exe	"Added by the AGENT-NES TROJAN!"
X	Microsoft Setup Initializazion	localhost.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Microsoft Update 32	mssetup32.exe	"Added by a variant of the RBOT WORM!"
?	MigrationVendorSetupCaller	"rundll32.exe migrate.dll	CallVendorSetupDlls"
?	MM Install	setup.exe	"Possibly Money Manager from Moneysoft?"
U	MplSetup	MplSetup.exe	Used by Ricoh network printers to enable network printing from the client
X	MSN Setup	MSN.msn	"Added by the JAMBU WORM!"
X	MS_SETUP.EXE	MS_SETUP.EXE	"Added by the CHARGE TROJAN!"
X	MyVBApp	setup.exe	"Detected by Kaspersky as the VB.KB TROJAN! File location is in the root folder (i.e.
N	NetworkSetup	dlink.exe	"D-Link System Tray icon"
X	NI.UGES_0001_N108M2006	setup_en.exe	"Installer for the MyContentAssistant rogue privacy tool"
Y	NuTCSetupEnviron	ncoeenv.exe	"Used by the MKS Toolkit for Enterprise Developers product. NuTCracker is a Unix runtime environment for Windows
X	OESET	setup60.exe	"Added by the WAREZDL.28672 TROJAN!"
U	PNSetup	PNSetup.exe	"PopNot - pop-up killer"
X	PostSetupCheck	Rundll32.exe atgban.dll	"TrafficSol adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""atgban.dll"" file is found in %System%"
X	postSetupCheck	Rundll32.exe gzmrt.dll	"TrafficSol adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""gzmrt.dll"" file is found in %System%"
X	PostSetupCheck	Rundll32.exe cpmsky.dll	"TrafficSol adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""cpmsky.dll"" file is found in %System%"
U	PPK Setup(Server)	SEServe.exe	"Programmable Power Key on Sony Vaio laptops. "Using the Programmable Power Key (PPK) button
?	RjLyraInstaller	setup.exe	"??"
N	setup	hphprld.exe ....setup.exe	HP DeskJet Setup - printers function normally without it
X	Setup	[path to trojan]	"Added by the DROPPER.EAT TROJAN!"
X	Setup experation	svchost.exe	"Added by the TOFGER-AW TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	setup.exe	setup.exe	"Added by the GOLDUN-GB TROJAN!"
X	setupa	runt32.exe	"Added by the QQPASS-K TROJAN!"
X	setupdata	rnll32.exe	"Added by the QQPASS-AC TROJAN!"
N	SetupICWDesktop	icwconn1.exe	Appears to be the "Internet Connection Wizard" from Internet Explorer being set-up as a desktop shortcut. Appears under the RunOnce registry key but is available under Start -> Programs -> Accessories -> Communication (or similar) anyway
X	setupuser	regedit.exe setupuser.log	"Regfile in disguise - another CoolWebSearch parasite variant"
N	SigmaTel Audio	setup.exe	"Sigmatel audio driver"
U	Smart Connect Setup	SCSetup.exe	Appears on a Sony Vaio. Smart Connect Version 2.1 enables data transfer between Vaios via i.LINK cable. Smart Connect supports File and Printer Sharing for MS networks. You can copy files from your Vaio to another Vaio or print using a printer connected to a remote Vaio
X	Start Xp Setup	msxp.exe	"Added by the RBOT.AKK WORM!"
X	svchost	[path] SETUP.EXE	"Added by the SETCLO WORM!"
?	SynSetup	SynTP.tmp RunOnce.exe	"Probably associated Synaptics touchpads on laptops as for the SynTPEnh and SynTPLpr entries but what does it do and is it required?"
X	SysPnP	"rundll32 setupapi	InstallHinfSection [varies] oemsyspnp.inf"
X	System Setup	rpcxcmod.exe	Added by an unidentified WORM or TROJAN!
X	System Update	mssetupconf.exe	"Added by the RBOT.DLC WORM!"
?	Tango	Setup.exe	"Tango Broadband access software. Is it required?"
X	TASK SETUP	tasksetup.exe	"Added by the RBOT-YR WORM!"
?	TB_setup	TB_ANI~1.EXE	"??"
X	TB_setup	tb_setup.exe	"HuntBar hijacker
X	ToolbarInstall	MirarSetup.exe	"Mirar adware"
U	VAIO Action Setup (Server)	VAServ.exe	"Sony Vaio utility that auto-launches selected applications when you plug in a digital video camera
X	Wifi Setup	wifisetup.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	win32	Setup_32.exe	"Added by the EVILBOT.B TROJAN!"
X	win32	WinSetup.exe	"Added by the EVILBOT.B TROJAN!"
X	Win32	arsetup.exe	Added by the SPAZBOX.A TROJAN!
X	win32serv	servicesetup.exe	"Added by a variant of the PUSHBOT WORM! A family of worms that spread using MSN Messenger"
U	Windows Accelerators	setup.exe	"KeySpy keystroke logger/monitoring program - remove unless you installed it yourself!"
X	Windows Monitor	arsetup.exe	Added by the SPAZBOX.A TROJAN!
X	Windows Pool Setup	poolmc.exe	"Added by the IRCBOT.RU BACKDOOR!"
X	WindowsSetup	[path to trojan]	"Added by the EZBOT TROJAN!"
X	winphonics7536	vbsystem35.exe setups.exe vb.vb	"Added by a variant of the MUTIN-C TROJAN!"
?	zzzCamlnSuitelll	setup.exe 46***	"??"
?	zzzhpsetup	setup.exe	"??"
X	[Randomly chosen existing folder name]	_setup.exe	"Added by the ANTINNY-L WORM!"
X	[various names]	iesetupdll.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	SetupExeDll.exe	"Wareout - malware masquerading as a spyware and dialer remover"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.