Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer


NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

If you're not finding what you're looking for please go to this forum and submit a new startup entry.


  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown

Startup Name Process Name Details
XDNSmc-58-12-0000080.exe"Shorty adware - also detected as the AGENT.FD TROJAN!"
XDNSmc-58-12-0000093.exe"Shorty adware - also detected as the AGENT.FD TROJAN!"
XDNSmc-110-12-0000079.exe"Shorty adware - also detected as the AGENT.FD TROJAN!"
XDNSmc-58-12-0000120.exe"Shorty adware - also detected as the AGENT.FD TROJAN!"
XDNSmc-58-12-0000140.exe"Shorty adware - also detected as the AGENT.FD TROJAN!"
XDNS[worm filename]"Added by the BCKDR-CQG BACKDOOR!"
XDNS Config servicewin32.exe"Added by the RBOT-TL WORM!"
XDns Resolverdnsrslve.exe"Added by the RBOT-WS WORM!"
XDNS Servicednsresolver.exe"Added by the RBOT-PQ WORM!"
XDNS Servicednssvc.exe"Added by the DELBOT-Z WORM!"
?DNS2GoClientdns2goclient.exe"DNS2Go is a Domain Name System that will make your computer accessible anytime
NDNS7reminderEreg.exe Ereg.ini"Registration reminder for versions of Nuance (ScanSoft) Dragon NaturallySpeaking"
XDnsCacheWscript.exe dns_cache.vbs"Added by the AUTORUN-AWI WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The ""dns_cache.vbs"" file is located in %System%"
XDNSCacheBoostdnsping.exe"Added by the DNSBUST-A TROJAN!"
Xdnscleanerdnscleaner.exe"CoolWebSearch parasite variant"
XDNSEDNSE.exe"Part of rogue security tools
XDomain Name Resolve Servicednsresolver.exe"Added by the KIMAN.A WORM!"
XDynamic Dns Binarydynitora.exe"Added by the RBOT-WT WORM!"
XDynamic Dns BinaryCMD16.EXE"Added by the RBOT-XM WORM!"
XDynamic Dns Binarywinxp34.exe"Added by a variant of the RBOT WORM!"
XDynamic Dns BinaryWinHelpcfn.exe"Added by a variant of the RBOT WORM!"
UDynDNS UpdaterDynDNS.exe"Dynamic DNS IP address updater tool
NDynDNS-Updater Traytoolddutray.exe"DynDNS updater tray icon - allows easy configuration of the Dynamic DNSSM service. Can be run manually"
XDynHttp Dns Binarydynizari.exe"Added by a variant of the RBOT WORM!"
XExFilter"Rundll32.exe [path] cdnspie.dll ExecFilter"
UExtraDNSExtraDNS.exe"ExtraDNS - DNS configuration tool"
XMDNSservice.exe"Mirar adware variant"
XMicrosoft DNS Host Resolutionhostres.exe"Added by the AGOBOT-MK BACKDOOR!"
XMicrosoft DNS Querymsdns.exe"Added by the AGENT-BS TROJAN!"
XMicrosoft DNSxmdnex.exe"Added by the DELBOT-AI WORM!"
XMicrosoft System Servicednservice.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft Update Machinewindns.exe"Added by the RBOT.EF WORM!"
XMircosoft DNS Servicesvchost.exe"Added by the IRCBOT-AK TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""drivers"" subfolder"
XMS Domain Name Server DeamonMSDNSD32.exe"Added by the RBOT-CMZ WORM!"
XMS Domain Name SystemMSWDNS32.exe"Added by the RBOT-GKY WORM!"
XMsn Messengwindns.exe"Added by a variant of the RBOT WORM!"
XNAV Auto Protectdnsserv.exe"Added by a variant of the SDBOT WORM!"
Xntupdatednsvc.exe"Added by the SDBOT-TC WORM!"
UOpenDNS UpdateOpenDNS Updater.exe"Updater for OpenDNS which ""is a free service that works for networks of all sizes
XServiceswindns.exe"Added by a variant of the RBOT WORM!"
XSiS Dnsdnssvc.exe"Added by the DLOADER-UE TROJAN!"
XSymantec Antivirus professionaldyndns.exe"Added by a variant of the FORBOT WORM!"
XSymantec Antivirus professionalf0dns.exe"Added by the FORBOT-GT WORM!"
XSymantec Antivirus professionalflushdns.exe"Added by a variant of the FORBOT WORM!"
XWDNS SYSTEMnibie.exe"Added by the MYTOB-BY WORM!"
XWDNS SYSTEMskybotx.exe"Added by the MYTOB-BY WORM!"
XWDNS SYSTEMwdns33.exe"Added by the MYTOB-BY WORM!"
Xwin98 DNSwingrd.exe"Added by a variant of the RBOT WORM!"
XWinDLL (windns32.dll)"rundll32.exe windns32.dllstart"
XWinDNSwindns32.exe"Added by the GAOBOT.WX WORM!"
XWindows DNSwindns.exe"Added by the SDBOT-XU WORM!"
XWindows DNS Daemonwindnsd.exe"Added by the WOOTBOT.AS WORM!"
XWindows Domain Name Driverswindns.exe"Added by the FORBOT-EP WORM!"
XWINDOWS SYSTEMwdns33.exe"Added by the MYTOB-BY WORM!"
XWINDOWS SYSTEM Dnswindsns.exe"Added by the MYTOB.EY WORM!"
XWindows TaskManager Servicewindns32.exe"Added by the AGOBOT-JP WORM!"
XWindows Updatesw32dns.exe"Added by the SDBOT-BFW WORM!"
XWindowsRegKey updatewindns.exe"Added by the RBOT.IE WORM!"
Xwinhelpdns32.exe"Added by a variant of the RBOT WORM!"
Xwinnt DNS identwuamgrd32.exe"Added by the RBOT-BAU WORM!"
Xwinnt DNS identiexplorer.exe"Added by a variant of the RBOT WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
Xwinnt DNS identpidchk32.exe"Added by the RBOT-ACY WORM!"
Xwinnt DNS identwindowxp.exe"Added by a variant of the RBOT WORM!"
Xwinnt DNS identWinupd32.exe"Added by the RBOT.AVU WORM!"
Xwinnt DNS identwinupdate32.exe"Added by a variant of the RBOT WORM!"
Xwinnt DNS identwuamgrd33.exe"Added by a variant of the RBOT WORM!"
XWinnt DNS identwindowsp.exe"Added by the RBOT.BAL WORM!"
XWinnt DNS identmsnmsrg.exe"Added by the RBOT.BVQ WORM!"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.