Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown



Startup Name Process Name Details
X(Default)winhelp.exe"Added by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
UAi Gear HelpGearHelp.exe"Included with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme)
?AsusStartupHelpAsRunHelp.exe"Unknown ASUS motherboard utility. What does it do and is it required?"
UCpu Level Up helpCpuLevelUpHelp.exe"Included with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme)
Xcthelpcthelp.exe"Added by the SDBOT TROJAN!"
Xdllhelpdllhelp.exe"Added by the STARTPAGE.DQ hijacker"
XFCHelpFCHelp.exe"Added by either FCHelp adware or a variant of it"
XGeneric Host Process for WinXP Servicesmshelp.exe"Added by the AGENT-GQP TROJAN!"
?HDhelptbhdhelp.exe"Associated with Philips Edge series soundcards. Is it required?"
Xhosthelp.exeIESearchToolbar parasite. Identified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the DELF.LF TROJAN!
UISHelphelp.exe"ISpy is a security risk that logs keystrokes and captures screenshots. If you didn't install this yourself uninstall it"
XMSDNNhelp.exe"Added by the AGENT-GBK TROJAN!"
XMSNiTuneshelp.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
Xolehelpolehelp.exe"Added by the BOOKMARKER.D or BOOKMARKER.G TROJANS!"
Xoncehelp.exeIESearchToolbar parasite. Identified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the DELF.LF TROJAN!
NRemHelpRemhelp.exeBT Voyager ADSL Modem Help related
XRunhelp.exeIESearchToolbar parasite. Identified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the DELF.LF TROJAN!
USurfHelperSurfHelp.exe"Related to SurfHelper - a free tool to remove popup windows
Xsvchostolehelp.exe"Added by the BOOKMARKER.G TROJAN!"
Xsvchostwinhelp.exe"Added by the GAOBOT.GEN!POLY WORM!"
Xsyshelpsyshelp.exe"Added by the LOVGATE.C WORM!"
XsystemWinhelp.exe"Added by the IMAUT.CN WORM!"
XSYSTEM service helpersyshelp.exe"Added by a variant of the MONKBD-A WORM!"
XWin32 Configurationdllhelp.exe"Added by the SDBOT.UL WORM!"
XWin32 Help32 Servicewin32help.exe"Added by the DELBOT-U WORM!"
XWindows Helperwinhelp.exe"Added by the BANKER.APE TROJAN!"
XWindows Logon Applicationwin32help.exe"Added by the DELBOT-X WORM!"
XWinHelpWinHelp.exe"Added by the LOVGATE.F WORM! Note - this file is located in %System% whereas the valid one is located in %Windir%"
Xwinthelpwinthelp.exe"Associated with the AdvancedCleaner rogue security software - see here. Removal instructions here"
Xws2helpws2help.exe"Added by a variant of the SMALL.AN TROJAN!"
Xziphelpziphelp.exe"CoolWebSearch parasite variant"


DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.