wr

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

"Y" - Normally leave to run at start-up
"N" - Not required - typically infrequently used tasks that can be started manually if necessary
"U" - User's choice - depends whether a user deems it necessary
"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
"?" - Unknown

	Startup Name	Process Name	Details
X	*windows update	wrauclt.exe	"Added by the RBOT-QU WORM!"
U	AlwaysReady Power Message APP	ARPWRMSG.EXE	"""Away Mode"" feature added with Update Rollup 2 for Windows XP Media Center Edition 2005 that allows the computer to appear off to the user while it continues to perform tasks that do not require user input
U	ARPWRMSG	ARPWRMSG.EXE	"""Away Mode"" feature added with Update Rollup 2 for Windows XP Media Center Edition 2005 that allows the computer to appear off to the user while it continues to perform tasks that do not require user input
U	BMMGAG	"RunDll32 [path] pwrmonit.dll	StartPwrMonitor"
X	cwriter	ucookw.exe	"Part of the ErrClean rogue system error and cleaning utility and other members of this family. See here for more examples"
X	cwriter	cwriter.exe	"Part of PcRaiser
X	dwqblwrsq.exe	[random].exe	"Okcashbackmall adware"
X	educational writer	[random filename]	"Added by the RBOT-LZ WORM!"
X	ewrgetuj	geurge.exe	"Added by the AUTOINF-AK WORM!"
X	Framework Windows	frmwrk32.exe	"Added by the FAKEAV-KS TROJAN!"
X	Fwr Command Module	fwr.exe	"Added by the SDBOT-PP WORM!"
N	fwrastrc	fwrastrc.exe	Dial-up software for Friendly Technologies/1NationOnLine free ISP
N	Greetings Workshop	GWREMIND.EXE	You really want to be reminded about somebody's birthday at the expense of resources?
N	HP CD Writer	hpcdtray.exe	System Tray access to a HP CD-Writer's functions. Available via Start -> Programs
N	HP CD-Writer	hpcdtray.exe	System Tray access to a HP CD-Writer's functions. Available via Start -> Programs
U	HPPWRSAV	HPPWRSAV.EXE	"Power save related for HP Scanners. Many users have complained of system freezes with it running but it stops the light from remaining on all the time. Try www.hp.com
Y	IntelWireless	ifrmewrk.exe	Associated with the Intel PRO/Set Wireless software
X	kvasoft	kva8wr.exe	"Added by the ONLINEG.ICC WORM!"
X	lanmanwrk.exe	lanmanwrk.exe	"Added by the AGENT.AIA TROJAN!"
U	LidPolicy	pwrschem.exe	A utility for configuring certain HP notebook models to enter Standby mode when the lid is closed only when running on battery
U	LoadPowerProfile	Rundll32.exe powrprof.dll	"Power management specifics such as monitor shut-off
X	Logitech Desktop Controller	wrcam.exe	"Added by a variant of the RBOT WORM!"
N	LowRateVoip	LowRateVoip.exe	"LowRateVoip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype"
X	LowRiskFileTypes	sysguard.exe	"Added by the FAKEAV-UY TROJAN!"
X	Microsoft Driver Setup	Jwrb.exe	"Added by the AUTORUN-AOB WORM!"
N	Microsoft Greetings Workshop Reminder	Gwremind.exe	You really want to be reminded about somebody's birthday at the expense of resources?
X	Microsoft Updating	syswr.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Windows Registry Service	wregistry.exe	"Added by the AGOBOT.AKG WORM!"
X	Microsoft Winsock Wrapper	ws2_32s.exe	"Added by a variant of the SPYBOT WORM!"
X	MS Java Service Wrapper Windows NT & XP	wrapper.exe	"Added by the VANEBOT-D WORM!"
X	MSNavWH	MSWkwrH.exe	"Added by the ANAV-A WORM!"
U	mspwr	pupstman.exe	"""Transparent icon background"" feature of Ashampoo'sPowerUp XP (WinNT/2K/XP) and PowerUp Deluxe (Win98/Me)"
U	mspwr	pupxpman.exe	"Related to Ashampoo's PowerUp XP"
U	mspwr	pwrupst.exe	"Ashampoo's PowerUp XP is a ""tool for fine-tuning your Windows NT4
U	mspwr	PuXpMan2.exe	"System Tray access to the Ashampoo® PowerUp XP Platinum 2 tweaking utility from Ashampoo GmbH & Co. KG - which includes (amongst others) one-click tuning
X	Nod29 Service	nodwr.exe	"Added by a variant of the RBOT WORM!"
U	nwrecmsg	nwrecmsg.exe	"Broadcast message handler part of Novell Netware that displays server
X	Pixelpwr32	Pixelpwr32.exe	"Added by the GEMA TROJAN!"
X	pm32ctrl	pwr32crtl.exe	"Added by the CRYPTER.A TROJAN!"
Y	PowerChute	Pwrchute.exe	""During a power outage
X	PowerChute	Pwrchute.exe	"Added by the LAZAR-A TROJAN! Note - this is located in %ProgramFiles%\APC_Power"
X	pshower	pshwr.exe	"SafeSurfing adware variant"
X	Pwr32ctr	Pwr32ctr.exe	"Added by the GEMA TROJAN!"
X	Pwr32ctrl	Pwr32ctrl.exe	"Added by the GEMA TROJAN!"
X	Pwr32mgt	Pwr32mgt.exe	"Added by the GEMA TROJAN!"
U	PWRESET	pwreset.exe	"Related to the Avaya IP Softphone"
N	PWRISOVM.EXE	PWRISOVM.EXE	"PowerISO - a powerful CD/DVD image file processing tool"
Y	PWRMGRTR	PWRMGRTR.DLL	"Power Manager - background monitor module for IBM ThinkPad laptops. Leave it alone to ensure proper power management functions"
U	pwrmonit	"RunDll32 [path] pwrmonit.dll	StartPwrMonitor"
X	Pwroff	Pwroff.exe	"Added by the GEMA TROJAN!"
U	Pwrsave	Pwrsave.exe	Toshiba Power Saver utilities. Required on a laptop if you run of a battery and want to conserve power
?	Pwruplogin	pulogin.exe	"??"
U	PwrUpManager	PuXpMan2.exe	"System Tray access to the Ashampoo® PowerUp XP Platinum 2 tweaking utility from Ashampoo GmbH & Co. KG - which includes (amongst others) one-click tuning
U	PwrUpSwDesk	SwitchDesk.exe	"PowerUp SwitchDesk - virtual desktop manager which allows ""you have the possibility to launch games
U	PwrupTweakMe	PUPXPTWK.EXE	"Ashampoo's PowerUp XP is a ""tool for fine-tuning your Windows NT4
X	RegWrite	csrss.exe	"Added by the SOKACAPS TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Media"
U	RivaTuner	RivaTunerWrapper.exe	"RivaTuner is a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This startup entry is for Vista and can appear twice - with registry key names of ""RivaTuner"" and ""RivaTunerStartupDaemon"" respectively. Both load the main application (RivaTuner.exe). The former minimizes it to the System Tray and is primarily required only if you want to use the ""Launcher"" or monitoring options. The latter applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more information"
U	RivaTunerStartupDaemon	RivaTunerWrapper.exe	"Part of RivaTuner - a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This entry is for Vista and loads the main application (RivaTuner.exe) to apply overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more information"
U	RivaTunerWrapper Application	RivaTunerWrapper.exe	"RivaTuner is a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This startup entry is for Vista and can appear twice - with registry key names of ""RivaTuner"" and ""RivaTunerStartupDaemon"" respectively. Both load the main application (RivaTuner.exe). The former minimizes it to the System Tray and is primarily required only if you want to use the ""Launcher"" or monitoring options. The latter applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more information"
N	SourcePath	gwreg.exe	Used to update Gateway registry settings for System Restoration Kit and Web update programs
U	TabletWizard	SPLSHWRP.EXE	Microsoft Tablet PC Component
Y	TPwrMain	TPwrMain.EXE	Power management software for Toshiba laptops
?	TPwrMgr	TPwrMgr.exe	"Found on a Toshiba laptop. Related to power management?"
Y	Tpwrtray	TPWRTRAY.EXE	Toshiba laptop's own Advanced Power Management system which disables Windows APM (greyed-out in Control Panel). You can't choose which of the 2 systems to use
X	usrgtway.exe	syswrun4x.exe	"Added by the MITGLIEDER.E TROJAN!"
N	Willow Road	WillowRoad.exe	Willow Road Screen Saver
X	WindowRegKey update	wins.exe	"Added by the SPYBOT.I WORM!"
X	Windows Console Component	wrasvc.exe	"Added by a variant of the IRCBOT TROJAN! See here"
X	Windows Frame Works	frmwrks32.exe	"Added by a variant of the RBOT WORM!"
X	Windows Framework	frmwrk.exe	"Added by the DWNLDR-GWV TROJAN!"
X	Windows NetDDe	wrmana32.exe	"Added by the MYTOB.IM WORM!"
X	Windows Offical Netvvorks	mywriter32.exe	"Added by a variant of the SDBOT WORM! See here"
X	Windows Runtime Help	WinRunHelp.wrh	"Added by a variant of the AIMVISION TROJAN!"
X	Windows Service Find	wrfkuk.exe	"Added by the IRCBOT-XZ TROJAN!"
X	Windows Task Manager Emulator	kennewr.exe	"Added by the SPYBOT-FA WORM!"
X	WinFixer helper	wfxcwr.exe	"WinFixer web installer - ""foistware""
X	Workstation Services	wrkstn.exe	"Added by the RBOT-OJ WORM!"
?	wr	WR.EXE	"??"
?	WR Command	wr.exe	"??"
X	wrclib	"rundll32.exe wrclib.dll	start"
N	WrCtrl	WrCtrl.exe	"Win-Route 4.27 NAT engine on Win2k Pro for connection sharing and security using Win-Route by Tiny Software. A connection sharing/Firewall Application. If service is disabled the program does not work
X	WRDialer	WrDialer.exe	WinPoet DSL dialler
?	WRECK GUARD	??	"??"
?	WregBios	wregbios.exe	"Desktop Management BIOS (DMI BIOS) related. Apparently invokes the DosBios.exe file. Is it required?"
U	wrexec	wrexec.exe	"Watch Right - monitoring program
?	wriste	wriste.exe	"??"
U	Write DVD-R!	saimon.exe	"Saimon's WriteDVD! ""gives total support for DVD-RAM drives. It provides many functions such as setting partitions on DVD-RAM disks and FixDVD! can diagnose and repair UDF formatted disks"""
U	WrtMon.exe	WrtMon.exe	"Related to Presto PageManager which is bundled with Canon Scanners"
U	z-WrDialer	WrDialer.exe	WinPoet DSL dialer

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.