/s

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

"Y" - Normally leave to run at start-up
"N" - Not required - typically infrequently used tasks that can be started manually if necessary
"U" - User's choice - depends whether a user deems it necessary
"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
"?" - Unknown

	Startup Name	Process Name	Details
X		regedit.exe /s appboost.reg	"Added by the APPIX.D WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run and HKCU\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank. The Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file ""appboost.reg"" is located in %Windir%"
N	/s	N/A	"Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup
N	DJRegFix	regedit /s c:hpdjregfix.reg	"DJRegFix showed up first in WinME as a ""clever"" way to ensure that all Hewlett-Packard DeskJet printers actually worked with WinME - since most were having major problems. This ""utility"" adds the functionality and compatibility HP forgot to add in its WinME drivers"
X	Internal	regedit.exe /s c[month number]	"Added by the FORTNIGHT.D TROJAN! Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file ""c[month number]"" is located in %Windir%
X	Microsoft Client/Server Runtime Server Subsystem	csrs.exe	"Added by a variant of the AGOBOT/GAOBOT WORM!"
X	Microsoft Client/Server Runtime Server Subsystem	csrssa.exe	"Added by a variant of the AGOBOT/GAOBOT WORM!"
?	MsmqIntCert	regsvr32 /s mqrt.dll	"Microsoft Message Queue Server - Internal Certificate - see here for more info and here for a potential problem. Is it required?"
X	OPQFile	regedit.exe /s ...rad03FA6.tmp	Unsavoury program that resets your homepage every time you restart - uncheck in MSCONFIG and delete it via a registry edit
?	PowerSet	Regedit.exe /s ...PowerSet_8100_CU.REG	"Appears to be Toshiba power management related"
X	supdate2.dll	regsvr32.exe /s supdate2.dll	"Added by the ZLOB-VL TROJAN! Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The ""supdate2.dll"" file is found in %System%"
X	sys	regedit /s sys.reg	"Raxmus adware. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file ""sys.reg"" is located in %Windir%"
N	tourpath	regedit /s [path] tour.reg	"Edits registry values to keep the Win 2000 ""tour"" in Task Scheduler"
X	Windows Client/Server Runtime Server	csrs.exe	"Added by the RBOT.KD WORM!"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.