Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown



Startup Name Process Name Details
Xregedit.exe /s appboost.reg"Added by the APPIX.D WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run and HKCU\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank. The Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file ""appboost.reg"" is located in %Windir%"
XCcaoregedit.exe"Probably a variant of MediaTickets adware. Note - this is not the valid Windows registry editor which resides in %Windir% and will not figure in Msconfig/Startup! This version resides in a ""mduu"" subfolder
XData789Regedit.exe ....data789.tmpHomepage hijacker
XInternalregedit.exe /s c[month number]"Added by the FORTNIGHT.D TROJAN! Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file ""c[month number]"" is located in %Windir%
XMicrosoft Regestry Edit Managerregedit.exe"Added by the SHEUR.HC TROJAN! Note - this is not the valid Windows registry editor which resides in %Windir% and will not normally figure in Msconfig/Startup! This version resides in %System%"
XNeroCheckregedit.exe"Added by the DOOMJUICE.B WORM! Note - this is not the valid Ahead Nero CD/DVD burning program. Also
XOPQFileregedit.exe /s ...rad03FA6.tmpUnsavoury program that resets your homepage every time you restart - uncheck in MSCONFIG and delete it via a registry edit
?PowerSetRegedit.exe /s ...PowerSet_8100_CU.REG"Appears to be Toshiba power management related"
Xregeditregedit.exe"Added by the BRID.A WORM! Note - this is not the valid Windows registry editor which resides in %Windir$ and will not figure in Msconfig/Startup! This version resides in %System%"
Xregeditregedit.exe"Added by the GANBATE.A WORM! Note that the legitimate Windows registry editor (regedit.exe) is located %Windir% and will not figure in Msconfig/Startup! This one is located in %Windir%\security\Database"
XRegedit32regedit.exeAdded by an unidentified WORM or TROJAN! Note - this is not the valid Windows registry editor which resides in %Windir% and will not normally figure in Msconfig/Startup! This version resides in %System%
Xsetupuserregedit.exe setupuser.log"Regfile in disguise - another CoolWebSearch parasite variant"
XSymantec Antivirus professionalregedit.exe"Added by a variant of the FORBOT WORM! Note - this is not the valid Windows registry editor which resides in %Windir% and will not normally figure in Msconfig/Startup! This version resides in %System%"
XSysSearchRegedit.exe -s pcsearch.reg"Added by the STARTPAGE-FN TROJAN! Note that regedit.exe is a legitimate Microsoft file and shouldn't be deleted. The ""pcsearch.reg"" file is located in %Windir%"
XSysSearchRegedit.exe -s sysreg.reg"Added by the STARTPA-ME TROJAN! Note that regedit.exe is a legitimate Microsoft file and shouldn't be deleted. The ""sysreg.reg"" file is located in %Windir%"
XSystemSearchregedit.exe -s ie.reg"Installs a Seachxl.com browser page hijack. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file ""ie.reg"" is located in the root folder (ie
XSystemSearchregedit.exe -s sys.reg"Installs a i--search.com browser page hijack. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file ""sys.reg"" is located in %Windir%"
XWinSP[path] REGEDIT.EXE -s [path] sysreg.reg"Added by the STARTPA-ME TROJAN!"
X[random name]regedit.exe"PurityScan adware. Note - this is not the valid Windows registry editor which resides in %Windir% and will not figure in Msconfig/Startup!"


DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.