Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown



Startup Name Process Name Details
X$sys$drv$sys$drv.exe"Added by the RYKNOS TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer"
N1:00hpdrv.exeHP utility for monitoring when and how many recoveries have been done
XAc97Soundsnddrv.exe"Added by the VB.AXG TROJAN!"
XADriverwindrv.exe"Added by the DELF.WG TROJAN!"
Xatapidrvatapidrv.exe"Added by the AGOBOT-SL WORM!"
XAudiodrvaudiodrv.exe"Added by the CRYPTER-C TROJAN!"
XBootCleansmartdrv.exe"Added by the LURKA-A VIRUS!"
XCDriverwindrv.exe"Added by the DELF.WG TROJAN!"
UCPQEASYACCSTARTDRV.exeFor Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys
XDDriverwindrv.exe"Added by the DELF.WG TROJAN!"
XDSystemDriverwindrv.exe"Added by the DELF.WG TROJAN!"
XExplorerdrv.exe"Added by the SMALL-FD TROJAN!"
XFDriverwindrv.exe"Added by the DELF.WG TROJAN!"
NGame DeviceJOYUPDRV.EXEGenius game controller profile activator
Uhpsysdrvhpsysdrv.exe"This item keeps track of how many times the system has been recovered and the times of the first and last recoveries done on the system. Leaving unchecked will sometimes prevent the Keyboard Manager program from detecting that the computer is an HP. Since this program/driver was only made to run on HP
XIBM Keyboard Driverikeybdrv.exe"Added by the SDBOT.IC TROJAN!"
XInterUWINDRV.EXE"Added by the IRCINTER.A TROJAN!"
XMicrosoft Driver Controlwindrv.exe"Added by the SDBOT.FW WORM!"
XMicrosoft Driver Managermswindrv.exe"Added by the FORBOT-EZ WORM!"
XMicrosoft NT Driversntdrv.exeAdded by the SDBOT.AJN TROJAN!
XMicrosoft Video Drivervideodrv.exe"Added by the SDBOT-AGP WORM!"
XMicrosoft Windows Driverswindrv.exe"Added by a variant of the SDBOT WORM!"
Xmicrosystemsnddrv.exe"Added by the VB.AXG TROJAN!"
Xmmemdrvmmemdrv.exe"SecondSight spyware. Note - SecondSight is spyware that captures keystrokes and screen shots
XModem Driverz Updatesmdmdrv.exe"Added by a variant of the SDBOT WORM!"
XMs Sound Driversmsdrv.exe"Added by the SDBOT-WR WORM!"
XMS Windows AOL DriverMSAOLdrv.exe"Added by the RBOT-ASP WORM!"
XMSDosdrvmsdosdrv.exe"Added by the BACROS WORM!"
XMSysDrvmsdrv.exeAdded by the VB.WF TROJAN!
XNDrvNDrv.exe"PurityScan adware"
XNVDispDrvNVDispDRV.EXE"Added by the WINKO.AO WORM!"
NPaperportrunppdrv.exe"Loads the drivers associated with monitoring scanner status associated with PaperPort software. Can be a resource hog - see here"
USBDrvDetSBDrv.exe"Detects the ""Easy Front-Panel Audio Connectivity Drive Internal Drive Bay"" on the Sound Blaster Audigy 2 Platinium eX. Can be disabled if you don't have one"
Xstartdrvstartdrv.exe"Added by the DROPRK-A TROJAN!"
Xstonedrvstonedrv.exe"Added by the COSIMA-K TROJAN!"
Xsyspathdrv.exe"Added by the SOBER WORM!"
XTaskmansysdrv.exe"Added by the AGENT-LRB TROJAN!"
XVideoDrivervideodrv.exe"Added by the MIMAIL.A WORM!"
?Vistadrvvsdrv.exe"Vista Drive - part of ArabLionZ XP Tools. What does it do and is it required?"
XWindows Stand Sound DriversSounddrv.exe"Added by the SDBOT-XF WORM!"
XWindows Updatesysdrv.exe"Added by the AGENT-IYE TROJAN!"
UWireLessKeyboardPS2USBKbdDrv.exe"Related to WireLess Keyboard Multimedia Combo Set by SANSUN Industries"
UWireLessMouseStartAutorun.exe MouseDrv.exe"Related to WireLess Mouse Multimedia Combo Set by SANSUN Industries"


DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.