Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer


NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

If you're not finding what you're looking for please go to this forum and submit a new startup entry.


  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown

Startup Name Process Name Details
X..ABC2007.exe"Added by the DLOADR-ASH TROJAN!"
XASP.NET State Serviceservicos..exe"Added by the DADOBRA-I TROJAN!"
XCOM++ Systemsvchost.exe..."Added by a variant of the LOVGATE WORM!"
XData789Regedit.exe ....data789.tmpHomepage hijacker
Xdrvupdrundll32 ..drvupd.inf"Hijacker - drvupd.inf file installs a """" hijack"
XEbatesMoeMoneyMakerwjview ...Code"Ebates adware"
Xgvagfxjrundll32 ...gvagfxj.dll"Unidentified adware
XHardware Profilehxdef.exe..."Added by the LOVGATE.Z WORM!"
XHostSrvsachostx.exe..."Added by the LOOKSKY.E WORM!"
UHREF.OCXregsvr32.exe ....HREF.OCX"HREF.OCX is an ActiveX control developed by xFX JumpStart and used to provide HTML-alike clickable links on Windows-based programs such as PopUpKiller"
XInstalled shell32.dllOffice.exe..."Added by the LOVGATE.AO WORM!"
Nlhttseng"rundll32.exe ..lhttseng.inf RemoveCabinet"
XMicrosoft Inc.iexplorer.exe..."Added by the LOVGATE.AO WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
XMicrosoft Inet Xp..teekids.exe"Added by the BLASTER.C WORM!"
XMSN Explorerexplorer..exe"Dropper for the Ciadoor.cb TROJAN!"
XMSN Messengerexplorer..exe"Dropper for the Ciadoor.cb TROJAN!"
XMyPointsPointAlertwjview ...MyPointsPointAlertrun.exe"""With MyPoints you can earn rewards from name-brand merchants. You can even earn vacations and frequent flyer miles"". Dubious privacy policy"
XNewtonKnowsUpd"NewtKnow.exe ...NewtnUpd.dll runkey"
XOPQFileregedit.exe /s ...rad03FA6.tmpUnsavoury program that resets your homepage every time you restart - uncheck in MSCONFIG and delete it via a registry edit
?PowerSetRegedit.exe /s ...PowerSet_8100_CU.REG"Appears to be Toshiba power management related"
?Register SeqChkregsvr32.exe ..csseqchk.dll"??"
Xrundl332math.exe ...pluged.exe"Added by the DOOMJUICE WORM!"
XServicesback32.exe ...service.exe"Added by an unidentified VIRUS
Nsetuphphprld.exe ....setup.exeHP DeskJet Setup - printers function normally without it
XSoft Profile Inchxdef.exe..."Added by the LOVGATE.AO WORM!"
Xspregedit-s .... sp.dll"Malicious javascript annoyance that changes the default search engine in IE to one of many including ""topsearcher"". See here for more and a fix"
Xsystem.system..exe"Added by the OPTIXPRO.13.C TROJAN!"
Xsystem...system...exe"Added by the OPTIXPRO.13.C TROJAN!"
XSystemBootMshta.exe ...filename.htaAdult content dialler
Ntourregedit ..tour.regEdits registry values to keep the WinMe tour in Task Scheduler
UUpromiseRemindUwjview ...Code"Part of the Upromise saving scheme but associated with Ebates MoneyMaker adware so the choice is yours"
Xwebsearchwjview ...websearch.exe"""Web Savings"" From Ebates Software
XWinhelpTkBellExe.exe..."Added by the LOVGATE.Z WORM!"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.