Start Up Applications W

X	WinGate	WinGate.exe	Added by a variant of the LOVGATE WORM!
U	WinGate Engine Monitor	wgengmon.exe	WinGate Internet Client Dialup Monitor - component of WinGate proxy server software. Displays the status of the WinGate engine, and appears in the system tray of each workstation on the network reassuring clients that their workstations have connectivity with the WinGate Server
X	WinGate initialize	WinGate.exe	Added by a variant of the LOVGATE WORM!
X	wingo	wingo.exe	Added by the BEAGLE.AW or BEAGLE.AV WORMS!
X	wingo	[various filenames]	Added by the BAGLE-AU WORM!
N	WinGuage Pro	WGPRO32.EXE	Part of McAfee Nuts & Bolts. "WinGauge is a dynamic reporting tool that constantly monitors your use of Windows and your applications, to alert you to potential problems before they become serious". Resource hog. Available via Start -> Programs
Y	Winguard	WGFE95.EXE	Dr Solomon's Virex antivirus
U	WinGuard Pro	wgp.exe	Winguard Pro
N	WinHacker	rundll32.exe wh95.dll, HackMe	Tweaking utility by Wedge Software. There are far better tweakers and, unlike WinHacker, most are free
X	Winhelp	winhe1p.exe	Added by the QQPASS.E TROJAN!
X	WinHelp	WinHelp.exe	Added by a variant of the LOVGATE WORM! Note - "winhelp.exe" resides in C:WindowsSystem (Win9x/Me), C:WinntSystem32 (WinNT/2K), or C:WindowsSystem32 (WinXP) whereas the valid "winhelp.exe" resides in C:Windows or C:Winnt
X	WinHelp	realsched.exe	Added by a variant of the LOVGATE WORM! Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name
X	Winhelp	TkBellExe.exe...	Added by a variant of the LOVGATE WORM!
X	winhlp.exe	winhlp.exe	Added by the FORMGLIEDER TROJAN!
X	winhlp3.exe	winhlp3.exe	Added by a variant of the EASTO.A TROJAN!
X	Winhlp32	Wscript.exe ..Msexec32.vbs	Added by the GANT.B WORM!
X	winhlp32.exe	winhlp32.exe	Added by a variant of the EASTO.A TROJAN!
X	winhlpp32.exe	winhlpp32.exe	Added by the GAOBOT.SY WORM!
X	Winhost	wintt.exe	Added by the LOLAWEB.B TROJAN!
X	Winhost	win.exe	Added by the DLOADER-AP TROJAN!
X	winhost32.exe	winhost32.exe	Added by the TABDIM TROJAN!
X	wininet32	wininet32.exe	Added by the RAZNEW-A TROJAN!
X	wininetd	wininetd.exe	Added by the WINET TROJAN!
X	wininit	wininit.exe	Added by the WOLLF.16 TROJAN!
X	winis	winis.exe	Added by the RBOT-WI WORM!
X	Wink*.exe	Wink.exe [ = random char]	Added by a variant of the KLEZ WORM!
U	Winkb6	winkb6.exe	Part of We-Blocker, works in tandem with syswb6. Both files are needed to run WeBlocker. Required if We-Blocker is installed
X	WinKernel	WinKer.exe	Added by the MIRAB or SERVIDOR TROJANS!
X	WinKernel	[path to worm]	Added by the PLEA VIRUS!
X	winkernel32	wWin32.com	Added by the BANSAP TROJAN!
U	WinKey	winkey.exe	Loads Copernic's WinKey. Used to map out Windows key hotkey combinations. Not required for the system, but is necessary for this to be running if you use these hotkey combos
X	winlibs.exe	winlibs.exe	Added by the EVAMAN.C WORM!
X	WinLibUpdate	libupdate.exe	Added by the BIONET series of TROJANS such as BIONET.31 or BIONET.310
X	WinLibUpdate32	libupdate32.exe	Added by the BIONET.405 TROJAN!
X	WinLibUpdte	libupdte.exe	Added by the BIONET.318 TROJAN!
X	Winlink	winlink32.exe	Added by the GAOBOT.AAY WORM!
X	Winlme	windll.exe	Added by the GOP.F WORM!
X	WinLoader	[random filename]	Added by variants of the SUBSEVEN TROJAN!
X	winlocatorupdate	updatewinlocator.exe	Locator adult content toolbar related
X	WinLogin	winlogin.exe	Added by the AGOBOT-IX WORM!
X	Winlogin.exe	log.exe	Added by a variant of the AGENT.AH downloader TROJAN!
X	winlogin.exe	logfile.exe	Added by the AGENT.AH TROJAN!
X	winlogin.exe	mspaint.exe	Added by a variant of the AGENT.AH TROJAN!
X	Winlogin.exe	steam.exe	Added by a variant of the AGENT.AH TROJAN!
Y	winlogon	winlogon.exe	Windows Logon Process - handles user logons described here
X	winlogon	winlogon.exe	Hijacker or adult content dialler - file is located in C:Windows or C:Winnt, and not in it's System or System32 subdirectory, as is the case with the legitimate Windows Logon (winlogon.exe) process
X	winlogon	winlogin.exe	Added by the RANDEX.E WORM!
X	winlogon	winlogon.exe	Added by the TRODAL TROJAN! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! File is located in C:Windows or C:Winnt, and not in it's System or System32 subdirectory
X	winlogon	msreg32.exe	Added by the SDBOT.EO WORM!
X	winlogon service	urx.exe	Added by the SPYBOT.EN WORM!
X	Winlogon Shell	Explorer.exe svchost.exe	Added by the KIPIS.M WORM!
X	Winlogon.exe	N/A	CoolWebSearch parasite related - resets home page to an adult material site
X	WinLsass	servicec.exe	Added by the SCANE WORM!
X	WinLsass	[path to trojan]	Added by the SCANE WORM!
X	winltmpv	winln.exe	Added by the TCXMEDI-C TROJAN!
X	winltmpv	wutop.exe	Added by the TCXMEDI-C TROJAN!
X	Winmain	winmain.exe	One of the first of a new breed of malware. When run it immediately loads MSHTA.EXE from the Windows folder, placing it on "hot standby", ready to accept HTA scripting within a web page and then EXECUTE what is embedded IN the page as a program! In other words, it's possible for a "rogue" website to actually embed trojans, worms and/or viruses directly into a web page. BOClean's HTA Stop offers an easy way to toggle this capabiltity, or rather vulnerability, on and off. I suggest you leave it disabled!
?	WinManager	schost.exe	??
U	winmatrix.exe	WinMatrixXP.exe	WinMatrix XP - wallpaper replacement that shows different matrix effects (including flowing matrix codes from 'The Matrix' movie) on your desktop
U	WinMem	WinMem.exe	WinMem Cleaner - part of Ultra WinCleaner Utility Suite. Makes more memory available for your programs and the Operating System. It also defragments your system
X	WinMenssage	winmax.exe	Added by the BANCOS.B TROJAN!
N	WinMgmt	WinMgmt.exe	Used for Enterprise Management. If you are not an IT Administrator you don't need it to be running. Also runs from the PCHealth "scheduler" - refer here
X	Winmgr.exe	scvhost.exe	Added by the AGOBOT.AFG WORM!
X	WinMgr32	winmgr32.exe	Added by the MIMAIL.P WORM!
X	WinMine	D4NG3.vbs	Added by the BISCUIT.A WORM!
Y	winmodem	wmexe.exe	Software for software based modems. Required if you have one of these. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem information
X	WinMsrv32	WinMsrv32.exe	Added by the GAOBOT.AFJ WORM!
N	WinMX	WinMX.exe	WinMX file sharing application
N	winmysqladmin	winmysqladmin.exe	Starts the MySQL database admin tool
N	WinMySQLadmin Tool	winmysqladmin.exe	Starts the MySQL database admin tool
X	winnet	winnet.exe	CommonName Toolbar spyware. To uninstall see here
X	WinNetDDE	[random characters].exe	Added by the NETDEPIX.B TROJAN!
?	Winnov Menu	WnvMenu.Exe	Winnov Video Capture Card related. What does it do and is it required?
?	Winnov Remote	WnvRsvr.Exe	Winnov Video Capture Card related. What does it do and is it required?
?	Winnov Status	WvStatus.Exe	Winnov Video Capture Card related. What does it do and is it required?
X	WinNtBB	WinntBB.exe	Added by the DULOAD.C WORM!
X	Winnup	win32nls.exe	Added by a variant of the SPYBOT WORM!
X	winocx32	winocx32.exe	Added by the PROTORIDE.I WORM!
X	Winpack	winpack.exe	Adware downloader - recognized by Kaspersky antivirus as Trojan-Downloader.Win32.Agent.gg
U	WinPatrol	WinPatrol.exe	WinPatrol - "Manage Startup programs, tasks, cookies; will sniff out Worms, Trojan horses, Cookies, Adware, Spyware, Klez, Assumption and other malicious programs"
X	winphonics7536	vbsystem35.exe setups.exe vb.vb	Added by a variant of the MUTIN-C TROJAN!
X	winpipe	winpipe.exe	Browser hijacker redirecting to wow-access.com
Y	WinPoet	WinPPPoverEthernet.exe	WinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs and ISPs. For more info read here. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networking
N	WinPopup	WINPOPUP.EXE	Intranet chat software provided by windows for chat on small networks. Handy little LAN messaging utility. Has been included in Windows since 95, and maybe in WFWG 3.11. Normally it won't set itself up to run unless the user specifically adds it to startup
X	winpopup	winupie.exe	Adware by Tradeexit.com
X	WinProfile	Command.exe	Added by the BUDDY TROJAN!
X	WinProfile	sndcfg16.exe	Added by the SNDC.A WORM!
X	WinProt	Winprot.exe	Added by the CHUPACABRA TROJAN!
X	WinProt	server.exe	Added by the CHUPACABRA TROJAN!
X	winprotect	win32.exe	Added by the MUGLY.E WORM!
U	WinProxy	WinProxy.EXE	"WinProxy is the world-first proxy server and a firewall with integrated mail server for Windows 95/98/ME/NT/2000/XP"
X	winpsd	winpsd.exe	Added by the MYDOOM.Q WORM!
X	winrar	winrar.exe	CoolWebSearch parasite variant. Note - this is not the file zipping utility also known as WinRAR and it's located in C:Winnt or C:Windows
X	winrarshell	winrarshell32.exe	Added by the SALIRA TROJAN!
X	winReg	winReg.exe	Added by the YAHA.H or YAHA.J WORMS!
X	winregsrv	winregsrv.exe	Added by the SYNRG TROJAN!
X	Winres32vis	[path to worm]	Added by the THRAX.A WORM!
N	winroute	winroute.exe	Win-Route 4.27. WinRoute Tray Icon for starting and stopping the WrCtrl.exe process, also to log in to the console to view logs and change settings. Can be unchecked and the engine still runs and functions normally. Can then use provided shortcuts for administration of the program. Loaded in SERVICES on Windows 2k
X	winrun	msconfig.exe	Added by the WINUR.A WORM! Note - this is not the real msconfig.exe as it's located in C:winrun
X	winrun	winrun.exe	Added by the WINBUR.B WORM!