Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown



Startup Name Process Name Details
UAsioRegregsvr32.exe ctasio.dll"ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality"
UAsioThk32Regrregsvr32.exe ctasio.dll"ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality"
XGeneric Service Processregsvr32.exe"Added by the AGOBOT-AGD WORM!"
UHREF.OCXregsvr32.exe ....HREF.OCX"HREF.OCX is an ActiveX control developed by xFX JumpStart and used to provide HTML-alike clickable links on Windows-based programs such as PopUpKiller"
UIr41_32.axregsvr32.exe Ir41_32.ax"Intel® Indeo® video 4.4 Decompression Filter related. The ""Ir41_32.ax"" file is located in %System%"
XKazaa Download Accelerator Updater (required)regsvr32 kdp****.dll [* = random char]"SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%"
Xkvern16.dllregsvr32.exe kvern16.dll"DailyWinner adware. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The ""kvern16.dll"" file is found in %System%"
XLoadHTML"rundll32.exe regsvr32.exeMShtmpre"
Xmfhsornwnduyregsvr32.exe gisyflngpshcvuakv.dll"Pro AntiSpyware 2009 rogue spyware remover - not recommended
?MsmqIntCertregsvr32 /s mqrt.dll"Microsoft Message Queue Server - Internal Certificate - see here for more info and here for a potential problem. Is it required?"
XPCShieldregsvr32 sfg_****.dll [* = random char]"SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%"
XPopup Blocker Updaterregsvr32 veev****.dll [* = random char]"SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%"
XPopup Defence Updaterregsvr32 pdfupd.dll"SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%"
?Register SeqChkregsvr32.exe ..csseqchk.dll"??"
UREGSVR32regsvr32.exe ctasio.dll"ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality"
XRegSvr32msmsgs.exe"Added by the ZLOB.B TROJAN! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger"
Urmoc3260.dll OCXregsvr32.exe rmoc3260.dll"A module that contains COM components for media playback used by both RealPlayer and Windows Media Player - see here. The ""rmoc3260.dll"" file is found in %System%"
XSafeGuard Popup Blocker Updaterregsvr32 sfgupd.dll"SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%"
XSafeGuard Popup Blocker Updater (required)regsvr32 sfg****.dll [* = ramdom char]"SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%"
XSafeGuard Popup Updater (required)regsvr32 sfg****.dll [* = random char]"SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%"
XSafeGuard Popup Updater (required)regsvr32 PDF****.dll [* = random char]"SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%"
Xsupdate2.dllregsvr32.exe /s supdate2.dll"Added by the ZLOB-VL TROJAN! Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The ""supdate2.dll"" file is found in %System%"
Xuninstalregsvr32 image.dll"CoolWebSearch parasite variant. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The ""image.dll"" file is found in %System%"
Xvern16.dllregsvr32.exe vernn16.dll"DailyWinner adware. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The ""vernn16.dll"" file is found in %System%"
?WUx_RegSvrRegSvr32.exe"x is any number??"


DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.