Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77
78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99
If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown



Startup Name Process Name Details
X*WinLogon[trojan path] ren time:[random number]"Added by the VUNDO TROJAN!"
Xavpwin*.tmp.exe [* is a number]Added by a variant of the ALPHABET TROJAN!
Xcftmon32taskmgr*.exe [* = number]"Added by the SOWSAT.C and SOWSAT.J WORMS!"
Xctfmontaskmgr32*.exe [* = number]"Added by the SOWSAT.B WORM!"
XDxsys*.exe [* = random number]"Added by the DEXTER.A WORM!"
UE_S[numbers][path] E_[various].EXE [path] E_S[numbers].tmp"Temporary entry related to Epson Status Monitor 3 for their range of printer and AIO devices - for monitoring printer status
UImageDrive-{hex numbers}ImageDrive.exe"Nero ImageDrive from Ahead - virtual CD/DVD drive software"
UIntel Product Number UtilityIntelProcNumUtility.exe"Intel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information here"
UIntelProcNumUtilitycpunumber.exe"Intel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information here"
XInternalregedit.exe /s c[month number]"Added by the FORTNIGHT.D TROJAN! Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file ""c[month number]"" is located in %Windir%
Xkeyboardkeyboard*.exe [* = number]"Detected by Kaspersky as the VB.ZG TROJAN!"
XMalware Cleaner[random numbers].exe"Malware Cleaner rogue security software - not recommended
XNumberOneMP3"rundll32.exe MSA64CHK.dllDllMostrar"
XOptim[NUMBER][path] egdtopt.exe"Added by the RAMVICRYPE TROJAN!"
XPAV.EXE%Number%"Added by the KITRO.D (or ARGEN.A) WORM! %Number% can be any number"
XSearchSquire[number]SearchSquire[number].exe"SearchSquire adware"
USecureOnlineAccountNumbersSOAN.exe"Related to Secure Online Account Numbers by Discover(R) Card from Orbiscom Ltd. Secure and innovative payment solutions"
XShellExplorer.exe [path] ibm[RANDOM 5 DIGIT NUMBER].exe"Added by the ANSERIN TROJAN! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files"
Xttool[random numbers].exe"Added by the BCKDR-QII BACKDOOR! The filename seen most often is ""9129837.exe"""
Xx[Number from 1 to 7]x[Number from 1 to 7].exe"Added by the DADOBRA-A TROJAN!"
X[14 random numbers]mradll.exe"Green AV rogue security software - not recommended
X[14 random numbers]rwg.exe"Green AV rogue security software - not recommended
X[32 random hex numbers]tsc.exe"Total Security rogue security software - not recommended
X[32 random hex numbers]badware-protector.exe"Badware Protector rogue security software - not recommended
X[32 random numbers]av2009.exe"AntiVirus 2009 rogue security software - not recommended
X[32 random numbers]av360.exe"Antivirus 360 rogue security software - not recommended
X[32 random numbers]AVS.exe"Antivirus Sentry rogue security software - not recommended
X[32 random numbers]xpa.exe"XP Antivirus rogue security software - not recommended"
X[32 random numbers]total.exe"Total Antivirus rogue security software - not recommended
X[decimal number][path to worm]"Added by the OPOSSUM-A WORM! The decimal number can be anything
X[random number]"rundll32.exe shell32.dllControl_RunDLL [random number].cpl"
X[random number]explorer.exe"Added by the KEYLOG-AN TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%\service"


DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.

Copyright 2003-2013 iamnotageek &/or Martin Krohn.