Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown



Startup Name Process Name Details
XDynamic Dns Binarywinxp34.exe"Added by a variant of the RBOT WORM!"
XGeneric Host Process for WinXP Servicesmshelp.exe"Added by the AGENT-GQP TROJAN!"
XJufualtwinxp2.exe"Added by the SDBOT-AAB WORM!"
Xkeywinxp.exe"Added by the BEAGLE.AG WORM!"
XMicrosoft Machinewinxp43.exe"Added by the RBOT-IA WORM!"
XMicrosoft Update Machinewinxpini.exe"Added by the RBOT-OB WORM!"
XMSDN for Windows NT & WinXPmsdnxp.exe"Added by the IRCBOT-PE WORM!"
XOffica Monitor Secura Systemewinxp_sp3.exe"Added by a variant of the RBOT WORM!"
Xregdiitwinxp.exe"Added by the RUNAUTO.F WORM!"
XRegistry Value Namesyswinxp.exe"Added by the RBOT.BTZWORM!"
XService Monitorwinxpser.exe"Added by the RBOT-BDF WORM!"
XSygate Personal Firewallwinxpstat.exe"Added by a variant of the RBOT WORM!"
XVsamplewinxpsock.exe"Added by the SDBOT.BLK WORM!"
XWin32 USB Driverwinxpinit.exe"Added by the SDBOT.AA TROJAN!"
XWindows Driverwinxpdriver.exe"Added by the WOOTBOT.EE WORM!"
XWindows Network ControllerWinxPupd.exe"Added by the FORBOT-DK WORM!"
XWindows Registry XPwinxptdl.exe"Added by the IRCBOT.AUN WORM!"
XWINDOWS SYSTEMwinxpserv.exe"Added by the MYTOB-BQ WORM!"
XWindows Vista Corparation Agent Serviceswinxp_sp3.exe"Added by a variant of the IRCBOT TROJAN!"
XWinsock32driverwinXPupdate.exe"Added by the HACKARMY.9728 TROJAN!"
XWINTASKSwinxpro.exe"Added by the MYTOB.EZ WORM!"
XWinupdate Servicewinxp.exe"Added by the SPYBOT.IR WORM!"
XwinXP33.exe"Added by the ANPES WORM!"
XWinXPplugin1.exeAdded by the Downloader-JW TROJAN!
XWinXPcsrss.exe"Added by the BANCOS-AG TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\WinXP\Tools"
Xwinxpwinxp.exe"Added by the BRONTOK-DN WORM!"
XWinXP fix[path to file]"Added by the RANKY.P TROJAN!"
XWinXP Processor Generator v1.2intspnsr32.exe"Added by the SDBOT.LP WORM!"
XWinxp updateCappp.exe"Added by the RBOT.DKO WORM!"
XWinXp Updaterwinxp32.exe"Added by the RBOT-HG WORM!"
XWinXP-98CSRSS.exe"Added by the BANKER-DS TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\WinXP-98\Tools"
Xwinxpdll32.exewinxpdll32.exeAdded by a variant of the SMALL downloader TROJAN!
XWinXPHomeplugin2.exe"Added by the malicious INOR.T SCRIPT!"
UWinXPLoad"Rundll32 LoadDll LoadExe WinXPLoad.exe"
XWinXProtectorWinXProtector.exe"WinXProtector rogue security software - not recommended
XWinXPServicelsass.exe"Added by the ZAPCHAS-AS TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""Lavan"" subfolder"
XWinXPServicetaksmgr.exeIdentified as a variant of the IRC/Flood.tool malware
XWinXPServiceTskdbg.exe"Added by the MDROP-BPQ TROJAN!"
XWinXPServicectfmon.exe"Added by a variant of the IRCBOT BACKDOOR! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in a ""ctf"" sub-folder"
XWinXPServicemirc.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XWinXPServicenero.exe"Added by the IRCFLOOD.AG BACKDOOR! Note - this is not the Nero CD/DVD burning software by Ahead Software which is normally located in %ProgramFiles%\Ahead\Nero. This file is found in %System%"
XWinXPServicetaksmgr.exe"Added by the KIRSUN.A BACKDOOR! The file is located in %System%"
XWinXPServicetaksmgr.exe"Added by the KIRSUN.A BACKDOOR! The file is located in the root directory
XWinXPServicewacult.exe"Added by the KIRSUN.A BACKDOOR! The file is located in %Windir%\Fonts"
XWinXPServicewacult.exe"Added by the KIRSUN.A BACKDOOR! The file is located in %System%\mnut"
XWinXpUpdate32WinXpUpdate32.exe"Added by the AGENT.YWL WORM!"
Xwinxpusbdwinxp64.exe"Added by a variant of the RBOT WORM!"


DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.