Startup Applications List
Unfortunately, due to a change in my circumstances, the startup programs database here at Sysinfo.org will no longer be updated and the off-line downloads are no longer available. The version at Pacman's Portal will, however, continue to be updated and it's recommended that you refer to that site for more up to date information. The reason for this change in policy cannot be disclosed at this time but I hope you have enjoyed using the database here and thank you for your support and kind comments over the years.
Paul Collins
If you're frustrated with the time it takes your Windows 7/Vista/XP PC to boot and then it seems to be running slowly you may have too many programs running at start-up - and you have come to the right place to identify them. This is the original startup programs (as opposed to processes/tasks) list - one of the most accurate and comprehensive. Services are not included - see below. The database is mirrored in a slightly different format at Pacman's Portal.
"Name or Startup Item" in the table below refers to how an entry is displayed in MSConfig, Windows Defender or the registry "Run" keys. "Command or Data" refers to the program the entry runs. For further information on this and how to identify and disable startup programs you may want to also visit this page.
For further information on random startup entries please visit the Startups Info page.
Last update :- 29th July, 2011
24133 items listed
"Status" key:
| Name or Startup Item | Status | Command or Data | Description | Tested? |
|---|---|---|---|---|
| WinInit | X | Win86.exe | Added by the SMALL-PB TROJAN! | No |
| winint | X | winint.exe | Added by the SDBOT-ADA WORM! | No |
| winIogom | X | winIogom.exe | Added by the BANCBAN-ML TROJAN! | No |
| winipsec | X | winipsec.exe | Unidentified malware | No |
| WinIRXHelper | U | WinIRXHelper.exe | MSI Media Center Deluxe software - see here | No |
| winis | X | winis.exe | Added by the RBOT-WI WORM! | No |
| WiniShield | X | WiniShield.exe | WiniShield rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| Wink*.exe | X | Wink*.exe [* = random char] | Added by a variant of the KLEZ WORM! | No |
| Winkb6 | U | winkb6.exe | Part of We-Blocker - gives parents the opportunity to monitor their children's Internet access and provide them with age-appropriate content, while filtering out sites that contain adult content. Works in conjunction with Winkb6 and both files are needed to run We-Blocker | No |
| WinKernel | X | WinKer.exe | Added by the MIRAB or SERVIDOR TROJANS! | No |
| winkernel32 | X | wWin32.com | Added by the BANSAP TROJAN! | No |
| WinKey | U | winkey.exe | Loads Copernic's WinKey. Used to map out Windows key hotkey combinations. Not required for the system, but is necessary for this to be running if you use these hotkey combos | No |
| winla | X | winla.exe | Added by the DLOADR-AQL TROJAN! | No |
| winlgn | U | winsplg.exe | Related to the Sentry Parental Controls software | No |
| winlgz2 | X | winlgz2.exe | Added by the KILLFIL-Q TROJAN! | No |
| winlibs.exe | X | winlibs.exe | Added by the EVAMAN.C WORM! | No |
| Winlink | X | winlink32.exe | Added by the GAOBOT.AAY WORM! | No |
| winllogon | X | winllogon.exe | Added by the DELF-KK TROJAN! | No |
| Winlme | X | windll.exe | Added by the GOP.F WORM! | No |
| WinLoad | U | Winload.exe | PCTattletale is a surveillance software program that monitors user activity, logs keystrokes, and takes screenshots. Uninstall this software unless you put it there yourself. Note - do not remove this file if you use Vista, a legitimate file with the same name and location (%Windir%\System32) is used during bootup. Removing this file can cause problems with your OS | No |
| winload | X | winload.exe | Added by the AGENT-GNY TROJAN! Note - the file is located in %ProgramFiles%\Internet Explorer | No |
| winlog | X | winlog.exe | Added by the GAOBOT.DF WORM! | No |
| winlog | X | windowxs.exe | Added by the SDBOT-KT BACKDOOR! | No |
| winlog | X | winsx.exe | Added by the SDBOT-MH BACKDOOR! | No |
| winlog | X | wintask.exe | Added by the SDBOT-GR BACKDOOR! | No |
| winlog manager | X | winlog.exe | Added by the DONBOMB.A TROJAN! | No |
| winlog.exe | X | winlog.exe | Added by the BCKDR-RBJ TROJAN! | No |
| WINLOG0N | X | WINLOG0N.EXE | Added by the MYDOOM.BI WORM! | No |
| WinLogin | X | winlogin.exe | Added by the AGOBOT-IX WORM! | No |
| winlogin | X | win32x.exe | Added by the STARTPA-DF TROJAN! | No |
| winlogins.exe | X | winlogins.exe | Added by the OPTIX.H BACKDOOR! | No |
| winlogoff | X | winlogoff.exe | Added by the AGOBOT-TR WORM! | No |
| winlogon | X | winlogin.exe | Added by the RANDEX.E WORM! | No |
| winlogon | X | winlogon.exe | Added by the TRODAL TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| winlogon | X | winlogon32.exe | Added by the MASLAN.C WORM! | No |
| winlogon | X | wpwlogon.exe | Added by an unidentified WORM or TROJAN! | No |
| WINLOGON | X | wscript.exe WINLOGON.vbs | Added by the YSPAN.F WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "WINLOGON.vbs" file is found in %System% | No |
| Winlogon | X | WINLOGON.EXE | Added by the PUNYA-B WORM! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in C:\Documents and Settings\Administrator\Local Settings\Application Data\WINDOWS | No |
| WinLogonnd | X | winlogonnd.exe | Added by the AGENT-NNQ TROJAN! | No |
| Winlogun | X | winlogin.exe | Added by the P2LOAD-C WORM! | No |
| winltmpv | X | winln.exe | Added by the TCXMEDI-C TROJAN! | No |
| winltmpv | X | wutop.exe | Added by the TCXMEDI-C TROJAN! | No |
| Winmain | X | winmain.exe | One of the first of a new breed of malware. When run it immediately loads MSHTA.EXE from the Windows folder, placing it on "hot standby", ready to accept HTA scripting within a web page and then EXECUTE what is embedded IN the page as a program! In other words, it's possible for a "rogue" website to actually embed trojans, worms and/or viruses directly into a web page. NSClean's HTA Stop offers an easy way to toggle this capabiltity, or rather vulnerability, on and off. I suggest you leave it disabled! | No |
| WinManage | X | wmanage.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| winmatrix.exe | U | WinMatrixXP.exe | WinMatrix XP - wallpaper replacement that shows different matrix effects (including flowing matrix codes from 'The Matrix' movie) on your desktop | No |
| WinMed | X | winmed.exe | Added by the AGENT.AIRF TROJAN! | No |
| WinMedia32 | X | winmedia32.exe | Added by the YABE.F TROJAN! | No |
| WinMem | U | WinMem.exe | WinMem Cleaner - part of Ultra WinCleaner Utility Suite. Makes more memory available for your programs and the Operating System. It also defragments your system | No |
| WinMenssage | X | winmax.exe | Added by the BANCOS.B TROJAN! | No |
| WinMenssage | X | winmaxy.exe | Added by the BANCOS TROJAN! | No |
Notes & Warnings
Variables:
DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. We will not be held responsible if changes you make cause a system failure.
WARNING: This is NOT a database of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a database of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try the Process Library from Uniblue, the list at PC Pitstop or one of the many others now available. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSConfig or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.
To avoid the database becoming too large, all virus entries are only shown using the registry version which is common to all Windows versions. Otherwise there would be multiple entries for popular filenames that viruses often use - such as "svchost" above for example. Multiple viruses can also use the same startup entries, in this case only those with significant differences (such as file location) are repeated in this database.
NOTE: There are a number of virus and malware entries listed in this database where specific removal instructions haven't been given. If this is the case then you could try ComboFix, a program written by sUBs that can remove many different types of Trojans and Worms. See here for a tutorial on how to use the program
IMPORTANT: A number of entries are repeated due to the way that different operating systems display startup items. For example, WinMe lists "POPROXY.EXE" as "Norton eMail Protect" in both MSCONFIG and the registry whereas WinXP lists it as "Poproxy" in MSCONFIG and "Norton eMail Protect" in the registry.
SERVICES: "Services" from the NT/2K/XP/Vista/7 operating systems are not included. I fully understand that some programs with these OS's use "Services" as an alternative to load their component parts at startup but these are handled in a different way. We recommend you try BlackViper for information on services for the relevant operating systems.
RECOMMENDATIONS:
If you're looking for a startup manager then why not try Spybot - Search & Destroy (by Safer Networking Ltd) as the startup programs section (select the Advanced mode) includes descriptions from this database. You might also want to try their RunAlyzer and FileAlyzer tools.
As there are more than 10,000 entries in this database related to viruses, trojans, worms and other malware we recommend you use a quality internet security package. Which ever you choose, keep it updated.
Copyright
Presentation, format & comments Copyright © 2001 - 2011 Pacman's Portal
Portions Copyright © Peter Forrest, Denny Denham, Sylvain Prevost, Tony Klein, CastleCops & Bleeping Computer
Database creation and support by Patrick Kolla
Software support by John Mayer
All rights reserved