Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77
78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99
If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown



Startup Name Process Name Details
X3d_sound3d_sound.exe"Added by the RIADOS-A TROJAN!"
XAc97Soundsnddrv.exe"Added by the VB.AXG TROJAN!"
UAtiSoundcsrss.exe"WinSpy surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the same file as the csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""ComRoot"" subfolder"
XAUDIOSOUND.exe"Added by the PLOYB-A TROJAN!"
Xcmsoundvcpdll.exe"Added by the TCXMEDI-D downloader TROJAN!"
Xcmsoundvcsystem.exe"Added by the TCXMEDI-D downloader TROJAN!"
XCompaq Sound Drivers For WINDOWSsounddr.exe"Added by the SDBOT-XG WORM!"
XConfiguration Loadersoundconf.exe"Added by the AGOBOT-MH WORM!"
XDigiDDigitalSound.exeAdware downloader
?IBMUltraBayHotSwapSoundIBMBAYSN.EXE"Supports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops. Is it needed though - does it just play a sound?"
XLogitech CameraSoundcane.exe"Added by the SDBOT.MUC WORM!"
XMicr Updatesoundblaster.exe"Added by the SDBOT.NP WORM!"
XMicrosoftsoundvol32.exe"Added by the RBOT.CIJ BACKDOOR!"
XMicrosoft Intrenet ExplorerSoundsyst.exe"Added by the RBOT-AQU WORM!"
XMicrosoft Server ApplicationSound.exe"Added by the RBOT-NE WORM!"
XMicrosoft Sound Driversound32.exe"Added by a variant of the SPYBOT WORM!"
XMicrosoft Sound Technologywinsound.exe"Added by the RBOT-AGG WORM!"
NMicrosoft Sound Volume Toolmssvol.exeThis is a Blue version of the yellow speaker icon on the system tray and is used to edit advanced Sound Features that the MS DSS80 Speakers add. Should be accessible via Start -> Settings -> Control Panel
XMicrosoft Soundssoundman.exe"Added by the RBOT-GCI WORM!"
XMicrosoft Windows Soundsvghost.exe"Added by a variant of the SPYBOT WORM! See here"
XMicrosoft Windows Soundsvshost.exe"Added by the RBOT.RNE BACKDOOR!"
XMicrosoft Windows Soundsvuhost.exe"Added by the KOLAB.XC WORM!"
XMicrosoft Windows Sound Driverssounddrivers.exe"Added by the SLENFBOT.ABU WORM!"
XMicrosoft WinSound[random filename]"Added by a variant of the RBOT WORM!"
NMonstersoundtrayFreectrl.exeDiamond Multimedia sound card control panel
XMotherBoard SoundsSounds.exe"Added by the RBOT-AAP WORM!"
UMount Safe & SoundFbmount.exeFrom McAfee VirusScan version 5.x. Creates back-up sets of critical files in a separate area of a hard drive. If you make regular back-ups it's not needed and can be painful during system start
XMS DirectX Sound Driversmsdrvdx.exe"Added by the RBOT.BCX WORM!"
XMS DVD DirectX Sound Driversmsdrvdx.exe"Added by the SDBOT-XJ WORM!"
XMS Sound Config 16bitsndcfg16.exe"Added by the SDBOT.MB TROJAN!"
XMs Sound Driversmsdrv.exe"Added by the SDBOT-WR WORM!"
XPex Sound DriverToday's Results.vbs"Added by the TRODE-A WORM!"
Xpex Sound driver 2Today's Results.vbs"Added by the TRODE-A WORM!"
UPsSoundPsSound.exe"On a Toshiba laptop. Operates your sound in one of 4 modes
NRealtek HD Audio Sound Effect ManagerRTHDCPL.EXE"Realtek HD Audio Control Panel
URealtek HD Sound ManagerSOUNDMAN.EXE"Realtek Sound Manager
XRealtek Sound ManagerTecompntwx.exe"Added by a variant of the IRCBOT BACKDOOR!"
XService Managerdxsound.exe"Added by the PROXY-GRIC TROJAN!"
XShellExplorer.exe sound_drive16.exe"Added by the GP BACKDOOR! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The ""sound_drive16.exe"" file is located in %System%"
?SISSoundmanSoundman.exe"Related to a Silicon Integrated Systems Corp (SiS) product?"
XSound[path to trojan]"Added by the DROPPER.EAT TROJAN!"
XSound Loadersndloader.exe"Added by the AGOBOT-BV WORM!"
XSound servicesSOUND32.EXE"Added by the AGOBOT.GG WORM!"
XSound SystemWinSound1.exe"Added by an unidentified VIRUS
XSound VolumesvchosI.exe"Added by a variant of the IRCBOT TROJAN! See here"
Xsoundcontrlsoundcontrl.exe"Added by the GAOBOT.AFJ WORM!"
Xsounddrvsndbdrv3104.exe"CoolWebSearch parasite variant"
?SoundFusionrundll32 cwcprops.cpl"Control panel item for the Terratec DMX Xfire 1024 soundcard (Start -> Settings -> Control Panel) based upon a Cirrus Logic "SoundFusion" DSP. Does it need to run at start-up every time?"
?SoundFusion"rundll32 hercplgs.cpl BootEntryPoint"
?SoundFusion"RunDll32 cwaprops.cpl C25CrystalControlWnd"
XSoundMamSVOHOST.exe"Added by the QQROB-AAL TROJAN!"
USoundManSOUNDMAN.EXE"Realtek Sound Manager
XSoundMansoundman.exe"Added by the AGOBOT.HM WORM! Note - this is not the legitimate SiS or Realtek file of the same name that is located in the Windows or WINNT directory"
XSOUNDMAN Microsoft Helpsoun.pif"Added by the RBOT-AIU WORM!"
NSoundMAXSmax4.exe"System Tray icon for Analog Devices SoundMax integrated soundcards. Sound properties can be accessed through the Start Menu or Control Panel"
XSoundMAXSoundMAX.exe"Added by the RIZON-A WORM! Note - this file is placed in the Startup folder itself
NSoundMAXsoundmax.exe"System Tray icon for Analog Devices SoundMax integrated soundcards. Sound properties can be accessed through the Start Menu or Control Panel"
XSoundMax Audio DriversSndMAX.exe"Added by a variant of the SDBOT WORM!"
NSoundMAX Control PanelSmax4.exe"System Tray icon for Analog Devices SoundMax integrated soundcards. Sound properties can be accessed through the Start Menu or Control Panel"
NSoundMAX Integrated Digital AudioSmtray.exe"System Tray icon for Analog Devices SoundMax integrated soundcards. Sound properties can be accessed through the Start Menu or Control Panel"
USoundMAXPnPSMax4PNP.exe"Analog Devices SoundMax integrated soundcard utility. Brings up the SoundMAX Control Panel when it detects if new audio devices (such as microphones
Xsoundmixsoundmix.exe"Added by the AGENT.PGV WORM!"
XSoundMixersmvss.exe"Added by the DEDLER-G TROJAN!"
XSoundMnEx32[path to worm]"Added by the STRATION-FW WORM!"
XSoundmxSoundmx.exe"CoolWebSearch Tapicfg parasite variant"
Xsoundtasksoundtask.exe"Added by the AGOBOT-MD WORM!"
Xsoundtaskssoundtasks.exe"Added by a variant of the CRYPTER.C TROJAN!"
Xsoundtctrlssoundtctrls.exe"Added by the AGOBOT-ZV WORM!"
XSoundViewmsdview32.exeTrojan downloader
XWindows Soundsvdhost.exe"Added by the SDBOT.EFX BACKDOOR!"
XWindows Sound DriverSndMon32.exe"Added by a variant of the SPYBOT WORM!"
XWindows Sound Emulatorsnd32_win.exe"Added by the ATNAS.A WORM!"
XWindows Sound ManagerSndMon32.exe"Added by the FORBOT-BU WORM!"
XWindows Sound ManagerSndMon16.exe"Added by a variant of the FORBOT WORM!"
XWindows Sound Managersound.exe"Added by the AGOBOT-CD WORM!"
XWindows Sound Managergearsec.exe"Added by the PUSHBOT.DF WORM!"
XWindows Sound VerifierWinIp32.exe"Added by the RBOT-FMO WORM!"
XWindows Stand Sound DriversSounddrv.exe"Added by the SDBOT-XF WORM!"
XWinsock2 driverWINSOUND.EXE"Added by the SPYBOT-H WORM!"
X[various names]sound64.exe"Wareout - malware masquerading as a spyware and dialer remover"


DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.

Copyright 2003-2013 iamnotageek &/or Martin Krohn.