ThE

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

"Y" - Normally leave to run at start-up
"N" - Not required - typically infrequently used tasks that can be started manually if necessary
"U" - User's choice - depends whether a user deems it necessary
"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
"?" - Unknown

	Startup Name	Process Name	Details
X		pathex.exe	"Added by the MKMOOSE-A WORM! Note - has a blank entry under the Startup Item/Name field"
	Note the filename has a ""0"" rather than an upper case ""o"""
	Access Controller (and maybe othe.html" title="Access Controller (and maybe othe">Access Controller (and maybe othe
	Access Controller (and maybe othe.html" title="Access Controller (and maybe othe">Access Controller (and maybe othe
	Access Controller (and maybe othe.html" title="Access Controller (and maybe othe">Access Controller (and maybe othe
	Access Controller (and maybe othe.html" title="Access Controller (and maybe othe">Access Controller (and maybe othe
	Access Lock (and maybe others) -.html" title="Access Lock (and maybe others) -">Access Lock (and maybe others) -
	Access Lock (and maybe others) -.html" title="Access Lock (and maybe others) -">Access Lock (and maybe others) -
Y	a-winpoet-service	winpppoverethernet.exe	"WinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion
N	AccuWeather.com� Desktop	AccuWeatherDesktop.exe	"Desktop weather from AccuWeather"
N	AccuWeatherDesktopAlerts	AccuWeatherDesktopAlerts.exe	"Weather alerts for AccuWeather.com Desktop which ""provides you with the most accurate
U	Another Internet Explorer Popup Killer	aiepk2.exe	"Another IE Popup Killer - pop-up stopper"
X	ASDPLUGIN	netherlands.exe	"AsdPlug premium rate adult content dialer"
Y	Authentic-ID Toolbar	wintmr.exe	"System Tray access to Child Control parental control software by Salfield"
Y	Authentic-ID Toolbar	"rundll32.exe [path] ToolbarATL.dll	LoadTrayIcon"
N	Automatically launches the United Devices Agent when you start your computer	UD.EXE	The United Devices Agent can recycle your PC's unused resources and use them to perform valuable scientific and medical research without disturbing your usual computer use - similar to SETI@home but for medical research. Available via Start > Programs
X	BarTheme	bartent32.exe	"Added by the AGOBOT-UG WORM!"
U	BluetoothAuthenticationAgent	"rundll32.exe irprops.cpl
U	BluetoothAuthenticationAgent	"rundll32.exe bthprops.cpl
X	ClickTheButton	CTB.EXE	"ClickTheButton adware"
X	ClickTheButton	csrss.exe	"ClickTheButton adware. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""drivers"" subfolder"
X	ClickTheButton	cd_load.exe	"Added by the DOWNLOADER-MY TROJAN!"
N	cssauthe	cssauthe.exe	"Part of Thinkvantage Client Security Solution for IBM/Lenovo ThinkPad notebooks and ThinkCentre desktops. Once configured via the associated setup screens this loads via winlogon.exe (and loads the password manager) and therefore disabling this entry has no effect"
X	cthelp	cthelp.exe	"Added by the SDBOT TROJAN!"
U	CTHELPER	CTHELPER.EXE	"CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers
X	CTHelper	cthelper.exe	"Added by the RBOT-XB WORM! Note - do not confuse with the Creative application of the same name described here"
X	CTHELPER	svhost.exe	"Added by the SDBOT-RZ WORM!"
X	Daily Weather Forecast	weather.exe	"Added by the DLOADER-IP TROJAN!"
N	Desktop Weather	THE WEATHER CHANNEL.exe	"Desktop Weather by The Weather Channel - provides current temperature
N	Desktop Weather 3	THE WEATHER CHANNEL.exe	"Desktop Weather 3 by The Weather Channel - provides current temperature
N	Desktop Weather 3	THEWEA~1.EXE	"Desktop Weather 3 by The Weather Channel - provides current temperature
U	display	The_Eye.exe	"ComSpySysSvr surveillance software. Uninstall this software unless you put it there yourself"
N	Dulux WeatherShield WeatherDesk	weather.exe	"Dulux WeatherShield WeatherDesk - latest weather information from across Australia"
N	DW4	Weather.exe	"Desktop Weather 4 by The Weather Channel - provides current temperature
N	DW4	DesktopWeather.exe	"Desktop Weather 4 by The Weather Channel - provides current temperature
N	DW6	DesktopWeather.exe	"Desktop Weather 6 by The Weather Channel - provides current temperature
X	erthegdr	windll2.exe	"Added by the BEAGLE.CG WORM!"
N	Ethernet	tcaudiag.exe	3Com NIC Installation/Diagnostic MFC application. Diagnostics may be run from the Start -> Programs
X	ethernet	airftp.exe	"Added by a variant of the SDBOT WORM!"
X	ethernet	msnger.exe	"Added by a variant of the SDBOT WORM!"
X	ethernet	msftp.exe	"Added by the SDBOT.BXJ WORM!"
X	ethernet adapter	csrmss.exe	"Added by a variant of the RBOT WORM!"
X	Ethernet Driver	cmsrrs.exe	"Added by a variant of the RBOT WORM!"
X	Ethernet Drivers	smrrs.exe	"Added by the RBOT-AAK WORM!"
X	Ethernet Drivers	ethernet.exe	"Added by the GAOBOT.CEZ WORM!"
X	Ethernet Linking	ethernet.exe	"Added by a variant of the IRCBOT TROJAN!"
X	GetTheMusic	"rundll32.exe MSA64CHK.dll	DllMostrar"
X	HELPER	Netherlands.exe	"AsdPlug premium rate adult content dialer variant"
N	Home Theater SchSvr	SchSvr.exe	"WinScheduler is installed with Home Theater Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card
X	mark the service	xxtra32.exe	"Added by the SDBOT.APP WORM!"
X	Microsoft DLL Authentification	dllsecure.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Microsoft Update Machine	ubthec.exe	"Added by the AGENT.AWZ TROJAN!"
X	Motherboard Config	Ati2xxx.exe	"Added by the RBOT-AIK WORM!"
X	MotherBoard Sounds	Sounds.exe	"Added by the RBOT-AAP WORM!"
N	Motive SmartBridge	BTHelpNotifier.exe	"System tray icon for help from BT Broadband
X	MP3Themes	"rundll32.exe MSA64CHK.dll	DllMostrar"
X	MP3ToTheMax	"rundll32.exe MSA64CHK.dll	DllMostrar"
N	Push The Freakin' Button	ptfb.exe	"Push the Freakin' Button - "When a dialog causes irritation
X	RBOT v2 with NetAPI exploit traded with billgates I gave my mother Greetz - OG - Bluehell Irc Server	glossary.exe	"Added by the VANEBOT-J WORM!"
U	Say The Time 5.0	SAYTIME.EXE	"This program has audio cues for the system clock in male and female voices
X	Start aThe Roll	enotxa2.exe	"Added by the RBOT-PV BACKDOOR!"
X	Start The Roll	enotax2.exe	"Added by the RBOT.XO WORM!"
N	Subtract the Ads	AdSub.exe	Removes adverts from web pages. Although useful - not required
U	Sureshotpopupkiller	Stopthepop.exe	"Stop-the-Pop-Up popup blocker"
X	ThE	wind0s.exe	Added by an unidentified WORM or TROJAN!
N	The Assistant	eSched.exe	"Related to WinTotal from a la mode inc. FormFiller for appraisers"
U	The Easy Bee's Hive	ATCEgSvr.exe	"The Easy Bee is a software that allows you to record Internet navigation sequences
X	The Ethernet	ethernet.exe	"Added by a variant of the SDBOT WORM!"
X	The Ethernet	intranet.exe	"Added by a variant of the SDBOT WORM!"
X	The Intranet	intranet.exe	"Added by a variant of the SDBOT WORM!"
N	The Proxomitron	Proxomitron.exe	"A free
X	The Registry Sentinel	The Registry Sentinel.exe	"The Registry Sentinel rogue security software - not recommended
X	The Service Pack Loader	spxp.exe	"Added by the RBOT-BYM WORM!"
X	The Spy Guard	spyguard.exe	"The SpyGuard rogue spyware remover - not recommended
X	The Spy Guard Monitor	spyguard_monitor.exe	"The SpyGuard rogue spyware remover - not recommended
X	The Web Sentinel	The Web Sentinel.exe	"The Web Sentinel rogue security software - not recommended
X	TheBestMP3	"rundll32.exe MSA64CHK.dll	DllMostrar"
X	TheDefend.exe	TheDefend.exe	"TheDefend rogue security software - not recommended
X	TheLastDefender	LastDefender.exe	"The Last Defender rogue security software - not recommended
?	TheMainStart	N/A	"??"
X	ThemeMP3	"rundll32.exe MSA64CHK.dll	DllMostrar"
X	TheMonitor	[path to trojan]	"Added by the DLOADR-LO TROJAN!"
X	TheMonitor	Duce6.exe	"YourEnhancement downloader"
X	TheSpyBot	TheSpyBot.exe	"TheSpyBot rogue security software - not recommended
N	Tray Temperature	Weatherbug.exe	"Weatherbug provides current outdoor temperature in the System Tray
U	UCmore XP - The Search Accelerator	"rundll32.exe UCMTSAIE.dll	DllShowTB"
U	ViStart - The Vista Start Menu	ViStart.exe	"ViStart (Vista Start Menu for XP) adds a Vista style Start Menu for Windows XP users and can be loaded at boot time or started manually"
N	WEATHER	WEATHER.EXE	"Weatherbug provides current outdoor temperature in the System Tray
U	Weather Pulse	weatherpulse.exe	"Weather Pulse from Tropic Designs. ""Display popular Satellite images and video from around the globe
N	WeatherCast	Weather.exe	Weather reporting in the System Tray. Available via Start -> Programs. Installed via Radlight
N	WeatherEye	WeatherEye.exe	"WeatherEye - desktop weather from TheWeatherNetwork"
X	WeatherOnTray	WeatherOnTray.exe	"Hotbar adware"
X	WeatherOnTray	SbWeatherOnTray.exe	"Hotbar adware"
N	Weatherscope	Weatherscope.exe	"WeatherScope - ""displays your current local temperature in the system tray of your computer (near the clock) whenever you are online!"" Not recommended as it bundles GAIN adware. You can get the adware free version for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here"
X	WeatherStudio Desktop	WeatherStudio Desktop.exe	"WeatherStudio adware"
N	WeatherWatcher	ww.exe	"WeatherWatcher - weather reporting in the System Tray"
X	WeirdOnTheWeb	WeirdOnTheWeb.exe	"WeirdOnTheWeb adware"
X	Win32 FireWire Driver	CTHELPER32.EXE	"Added by the WOOTBOT TROJAN!"
U	Windows Guardian	thehel1iawgrd32.exe	Part of First Aid by Cybermedia who were subsequently bought by McAfee (Network Associates). Protects your Windows system from application failure and crashes
X	Windows Java Update	weatherBug32.exe	"Added by a variant of the RBOT WORM!"
X	Windows System Configuration	nether.exe	"Added by the OPANKI-AB WORM!"
X	WindowsRegKey%update	ethernet32m.exe	"Added by the RBOT-EN WORM!"
U	WINDVDpatch	CTHELPER.EXE	"CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers
Y	WinPoet	WinPPPoverEthernet.exe	"WinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion
X	winthelp	winthelp.exe	"Associated with the AdvancedCleaner rogue security software - see here. Removal instructions here"
?	xBrotherMeCom	BrMeCom.exe	"Related to Brother MFC-9200c printer. What does it do and is it required?"
X	Yahoo!	ethernet.exe	"Added by the PROSTI.AA BACKDOOR!"
X	[various names]	MsNetHelper.exe	"Wareout - malware masquerading as a spyware and dialer remover"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.