Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown



Startup Name Process Name Details
?HP Network Registry Agenthpnra.exe"??"
?Intense Registry ServiceIntEdReg.exe /CHECK"Intense Educational Ltd - Language Office Software. Is it required?"
NMass storage check registry"rundll32.exe MSDServ.dll check registry"
XMicrosoft Regestry Managerregistry32.exe"Added by the IRCBOT.ARD WORM!"
XMicrosoft Registrycsrse.exe"Added by the RBOT-PC WORM!"
XMicrosoft Windows Registry Servicewregistry.exe"Added by the AGOBOT.AKG WORM!"
XMS Registry ServiceMSRMS32.exe"Added by the RBOT-AKP WORM!"
XMSN Registry loadermsmnwin.exe"Added by the KELVIR.FK WORM!"
UMyRegistryCleanerMyRegistryCleaner.exe"MyRegistryCleaner from PCSecurityShield - who's reputation is poor"
?PDF Converter Registry ControllerRegistryController.exe"Part of PDF Converter Professional version 2 from Scansoft (now Nuance). what does it do and is it required?"
?PDF4 Registry ControllerRegistryController.exe"Part of PDF Converter Professional version 4 from Scansoft (now Nuance). what does it do and is it required?"
?PDF5 Registry ControllerRegistryController.exe"Part of PDF Converter Professional and PDF Create (both version 5) - from Nuance. what does it do and is it required?"
?PDF6 Registry ControllerRegistryController.exe"Part of PDF Converter Professional version 6 from Nuance. what does it do and is it required?"
XRegister ManagerRegistryManage.exe"Added by the SDBOT.AYH WORM!"
XRegistrywscript.exe ShakiraPics.jpg.vbs"Added by the VBSWG.AQ WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The ""ShakiraPics.jpg.vbs"" file is located in %Windir%"
URegistryclass0117[random].exe"Blackbox captures emails and chat logs
XRegistry CheckerRegrun.exe"Added by the SDBOT TROJAN!"
XRegistry Checkupwinreg.exeAdded by an unidentified WORM or TROJAN!
XRegistry Checkup System326a MonitorWinregs326a.exe"Added by a variant of the SDBOT WORM!"
XRegistry CleanerRegclean.exe"Registry Cleaner misleading security software - not recommended
XRegistry Integrity Checkerregintmon.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XRegistry IntegritycheckWCPDT.EXE"Added by the AGOBOT-RF WORM!"
XRegistry Loaderregloadr.exe"Added by the GAOBOT.AO WORM!"
XRegistry Loaderwinhlpp32.exe"Added by the GAOBOT.AO WORM!"
URegistry MechanicRegMech.exe"Part of Registry Mechanic from PC Tools - which ""is an advanced registry cleaner for Windows that can safely clean
URegistry Mechanic Vista TrayRMTray.exe"Part of Registry Mechanic from PC Tools - which ""is an advanced registry cleaner for Windows that can safely clean
XRegistry Monitorregmon.exe"Added by the BCKDR-QKH BACKDOOR!"
XRegistry oidetwin32.exe"Added by the RBOT.BMT WORM!"
XRegistry Protectorregprotect.exe"Added by the ARIVER.A WORM!"
XRegistry Scannerregscanr.exe"Added by a variant of the OPTIX TROJAN!"
XRegistry Servregsvr.exe"Added by the WEBMONEY-G TROJAN!"
XRegistry Serverregsrv32.exe"Added by the RBOT-GM WORM!"
XRegistry Serverregserv.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XRegistry ServiceREGSRV32.EXE"Added by a variant of the RBOT WORM!"
XRegistry Serviceresvs.exe"Added by the DELBOT-I WORM!"
XRegistry Serviceregsvc.exe"Added by the IRCBOT-ZM BACKDOOR!"
XRegistry ServicesRegistry.exe"Added by the CILE TROJAN!"
XRegistry Startup Checkcheckreg.exe"Added by the REMLOAD-A or DANMEC-B TROJANS!"
XRegistry SystemRegsys.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XRegistry System16 Checkup MonitorSystemReg16.exe"Added by a variant of the RBOT WORM!"
XRegistry System166 Checkup MonitorSystemReg166.exe"Added by a variant of the RBOT WORM!"
XRegistry Value Nameroses.exe"Added by the RBOT-AFT WORM!"
XRegistry Value Nameservice.exe"Added by the RBOT-AHT WORM!"
XRegistry Value Namewinapi32.exe"Added by a variant of the RBOT WORM!"
XRegistry Value Namesyswinxp.exe"Added by the RBOT.BTZWORM!"
XRegistry Value Nameenzxp.exe"Added by the RBOT-BAJ WORM!"
XRegistry Value Name StartMsPMSPSa.exe"Added by a variant of the SDBOT WORM!"
NRegistryBoosterRegistryBooster.exe"RegistryBooster registry optimizer utility from Uniblue Systems Limited - which will ""clean
XRegistryCheck"rundll32.exe chkreg.dll CheckRegistry"
XRegistryChkwinbackup.exe"Added by the MERTIAN WORM!"
XRegistryCleanFixMFCregistrycleanfix.exe"RegistryCleanFix rogue registry cleaner - not recommended"
XRegistryConfigrundll.exe"Added by the AGOBOT-KN WORM! Note - this is NOT the Win9x/Me system file of the same name as described here"
XRegistryDoctor2008registrydoctor.exe"RegistryDoctor2008 rogue registry cleaner - not recommended
XRegistryFix.exeregistryfix.exe"RegistryFix rogue registry cleaner - not recommended
XRegistryGreat.exeRegistryGreat.exe"Registry Great rogue registry cleaner - not recommended"
URegistryMechanicRegMech.exe"Part of Registry Mechanic from PC Tools - which ""is an advanced registry cleaner for Windows that can safely clean
URegistryMechanicRMTray.exe"Part of Registry Mechanic from PC Tools - which ""is an advanced registry cleaner for Windows that can safely clean
XRegistryMonitorregistry.pif"Affilred adware"
XRegistryMonitorsysfade.exe"Added by the SYSFADE TROJAN!"
XRegistryMonitor1mljul1.exe"Added by the SPAMBOT TROJAN!"
XRegistryMonitor1qtplugin.exe"Added by the DELF-EZY TROJAN!"
XRegistryMonitor1igfxpers.exe"Added by the DELF-EZZ TROJAN! Note - this is not the legitimate Intel graphics driver which has the same filename"
XRegistryMonitor1incognito.exe"Added by the BUZUS.DAHY TROJAN!"
Xrun=RegistryReminder.exe"Added by the APSTROJAN.OB TROJAN!"
XScanRegistrynsrvnt.exe"Added by the NERTE TROJAN! Not to be confused with the real ScanRegistry - which is a vital Windows file. This version has the executable as nsrvnt.exe not scanregw.exe"
XScanRegistryscanregv.exe"Added by the MASTERLOCK TROJAN!. Not to be confused with the real ScanRegistry - which is a vital Windows file. This version has the executable as scanregv.exe not scanregw.exe"
YScanRegistryScanregw.exeScans the Win98/Me system registry and makes back-ups at start-up - important should the registry become corrupt. Located in %windir%
XScanRegistryScanregw.exe"Added by the STATOR WORM! Note - this is not legitimate ScanRegistry entry - which is a vital Windows file. The executable ""Scanregw.exe"" is located in %System%. Runs from the registry RunServices key as opposed to the Run key"
XScanRegistryN/A"Added by the DINOXI or DINOXI.B WORMS!"
XScanRegistryscanregw.exe"Added by the NYXEM-D WORM! Note - do not confuse this with the legitimate Windows process scanregw.exe which is always found in the Windows folder on Win9x/ME machines. This worm file is found in %System%"
XScanRegistryupdate.exe"Added by the DWNLDR-FZY TROJAN!"
XServer Registryregscr32.exe"Added by the BIFROSE-ZB TROJAN!"
XServer Registryregsrv32.exe"Added by the VB-EJD TROJAN!"
XService Registry NT Savejdbgmgrnt.exe"Added by the BANCOS-CG TROJAN!"
XService Registry NT Savetaskmgrnt.exe"Added by the BANCOS-BY TROJAN!"
XService Registry NT Saveregeditnt.exe"Added by the BANCOS-BM TROJAN!"
XSvcsys Registry Managersvcsysreg.exe"Detected by Kaspersky as the AGENT.CV TROJAN!"
XSystem Registry Managersysrgmgr.exe"Added by an unidentified WORM or TROJAN! See here"
?TExBUtil RegistryTExBUtil.exe"??"
XThe Registry SentinelThe Registry Sentinel.exe"The Registry Sentinel rogue security software - not recommended
NUniblue Registry BoosterRegistryBooster.exe"RegistryBooster registry optimizer utility from Uniblue Systems Limited - which will ""clean
NUniblue RegistryBooster 2RegistryBooster.exe"RegistryBooster registry optimizer utility from Uniblue Systems Limited - which will ""clean
NUniblue RegistryBooster 2009RegistryBooster.exe"RegistryBooster registry optimizer utility from Uniblue Systems Limited - which will ""clean
XWindows Registrymsnmsg.exe"Added by a variant of the RBOT WORM!"
XWindows Registrywinhost.exe"Added by a variant of the RBOT WORM!"
XWindows Registry Cleanerwinclean.exe"Added by a variant of the SPYBOT WORM!"
XWindows Registry Controlwinreg.exe"Added by a variant of the IRCBOT TROJAN! See here"
XWindows Registry DLLwinregdll.exe"Added by the IRCBOT.FB BACKDOOR!"
XWindows Registry Express Loaderregexpress.exe"Added by the FORBOT-CJ WORM!"
XWindows Registry Managertasksmanagers.exe"Added by the MYTOB.ER WORM!"
XWindows Registry Name[random filename]"Added by the RBOT-AEB WORM!"
XWindows Registry Namewinses.exe"Added by the RBOT-ADB WORM!"
UWindows Registry Repair ProRegistryRepairPro.exe"Registry Repair Pro. ""Scans the Windows Registry for invalid or obsolete information in the registry"""
XWindows Registry Scanregscan32.exe"Added by the RBOT.KE WORM!"
XWindows Registry Scantimeupdate.exe"Added by the SPYBOT.JE WORM!"
XWindows Registry Scansvcdll.exe"Added by the RBOT-TP WORM!"
XWindows Registry Scanregscan23.exe"Added by a variant of the RBOT WORM!"
XWindows Registry Scanregscan.exe"Added by the RBOT-HA WORM!"
XWindows Registry Scanwinmedia.exe"Added by the SPYBOT.GK WORM!"
XWindows Registry Securitycrss.exe"Added by a variant of the IRCBOT TROJAN!"
XWindows Registry Servicesregserv.exe"Added by the SLENFBOT.BB WORM!"
XWindows Registry Startupwind32.exe"Added by the AGOBOT-BZ WORM!"
XWindows Registry XPwinxptdl.exe"Added by the IRCBOT.AUN WORM!"


DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.