Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown



Startup Name Process Name Details
XA New Windows Updaterw32NTupdt.exe"Added by the MYTOB.BM WORM!"
?aauclientACNUpdater.exe"Appears to be related to software from Accenture.com"
NAdobeUpdaterAdobeUpdater.exeAutomatic updater for Adobe software - run manually
XAdUpdatersysupudt.exeUnidentified adware downloader/updater
Xaolupdater.exeaolupdater.exe"Added by a variant of the IRCBOT TROJAN!"
XATIUpdateratiupdxx.exe"Added by the RBOT-ABX WORM!"
XAttuneContentUpdaterattune_cu.exe"Aveo Attune automated helpdesk software - adware/spyware"
XAuto Updaterasclt.exe"Added by the SLINBOT.CJ BACKDOOR!"
XAutoLoaderEnvoloAutoUpdaterauto_update_loader.exe"Envolo/AproposMedia adware updater"
XAutomatic Microsoft Windows Updatersuchost.exe"Added by the RBOT-EQ WORM!"
XAutomatic Windows UpdaterUpdate.exe"Added by the GAOBOT.AO WORM!"
XAutoUpdateraupdate.exe"Tinybar variant"
XAutoUpdaterAutoUpdate.exe"PeopleonPage foistware"
XAVG AntiVirus Updateravgwusv.exe"Added by the SILLYFDC.BAX WORM! Note - this is not a legitimare AVG entry"
XAVG Grisoft Updaterupdater.exe"Added by the AGOBOT-OT WORM!"
XDivX UpdaterDivX.Exe"Added by the NALDEM TROJAN or MASTAK VIRUS!"
XDRam rar procwinupdaterar.exe"Added by a variant of the IRCBOT TROJAN!"
XDRam rare procupdaterarwin.exe"Added by the RBOT-GQW WORM!"
UDynDNS UpdaterDynDNS.exe"Dynamic DNS IP address updater tool
NDynDNS-Updater Traytoolddutray.exe"DynDNS updater tray icon - allows easy configuration of the Dynamic DNSSM service. Can be run manually"
UeScan UpdaterTrayicos.exe"MicroWorld eScan antivirus updater - allows users to automatically download updates and set the auto time interval for downloads"
Xewupdaterewupdater.exe"EasyWebSearch adware updater"
XExplorer UpdaterIEXPLORE.exe"Added by the SDBOT-WO WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
XFirewall Update System1WinedowsUpdater1.exe"Added by the RBOT-ARU WORM!"
XFirewall Updatermsnupdateit.exe"Added by the RBOT-AAQ WORM!"
UGoogle IME AutoupdaterGooglePinyinDaemon.exe"Google Pinyin Input Method Editor (IME) - allows a user to input Chinese characters by entering the pinyin of a Chinese character (with or without tone
NGoogle UpdaterGOOGLE~1.EXE"Downloads and installs updates for Google applications (Google Earth
NGoogle UpdaterGoogleUpdater.exe"Downloads and installs updates for Google applications (Google Earth
XGoogleUpdater3GoogleMapper.exe"Added by the ROUTROBOT WORM!"
XGP Updatergpupdater.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XInternet Explorer Updaterlexbac.exe"Added by the DOWNLOAD TROJAN!"
XInternet Explorer Updateriexplorer.exe"Added by the REUR.B WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
NiRiver UpdaterUpdater.exe"Updates for the iRiver Music Manager - used with their digital music players"
NJava(TM) Platform SE Auto Updater 2 0jusched.exe"Checks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now"
XKazaa Download Accelerator Updater (required)regsvr32 kdp****.dll [* = random char]"SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%"
NKodak Software Updaterbackweb*****.exe"Software updater for Kodak Easyshare digital cameras"
NKODAK Software UpdaterKodak Software Updater.exe"Software updater for Kodak Easyshare digital cameras"
XLzioMediaUpdaterLzioMediaUpdater.exe"LZIO.com adware downloader"
XMacromedia Critical Updaterrarww.exe"Added by a variant of the RBOT WORM!"
YMcAfeeUpdaterUIUpdaterUI.exeMcAfee common updater user interface
YMcAfeeUpdaterUIUdaterUI.exeUpdater user interface for McAfee's VirusScan Enterprise corporate anti-virus and anti-spyware security tool
XMedia Software UPdatersscs.exe"Added by the RBOT-ABE WORM!"
XMessenger Service Updatersvshost.exe"Added by the MYTOB.GC WORM!"
XMicrosoftupdater.exe"Added by the RBOT-GHP WORM!"
XMicrosoft 64 Bit Runtime Updaterwupdt64.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Automatic UpdaterExplorer.exe"Added by the RBOT-SG WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
XMicrosoft AutoUpdatersvhost.exe"Added by the RBOT.QG WORM!"
XMicrosoft Internet Firewall Updateupdater.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft Taskmanager Updaterkeyboard.exe"Added by the RBOT-ALU WORM!"
XMicrosoft Updatewinupdater.exe"Added by the RBOT.BIN WORM!"
XMicrosoft Updaterwinsys32.exe"Added by the RBOT.RL WORM!"
XMicrosoft Updatermsconsole.exe"Added by a variant of the IRCBOT TROJAN!"
XMicrosoft Updatersvhost.exe"Added by the AGENT.CDF TROJAN!"
XMicrosoft Updatervbcjlg.exe"Added by a variant of the SPYBOT WORM! See here"
XMicrosoft Updaterwuamgrds.exe"Added by the RBOT.A WORM!"
XMicrosoft Updaterwinupdate.exe"Added by the AGENT-KIR TROJAN!"
XMicrosoft Updater ResourcesWinFixd32.exe"Added by the SPYBOT.CA WORM!"
XMicrosoft Updater v2[path to worm]"Added by the AUTORUN-BCI WORM!"
XMicrosoft UPDATER32lsass.exe"Added by the RANDEX.AR WORM! Note - this is not the legitimate Lsass.exe system file should normally NOT figure in Msconfig/Startup!"
XMicrosoft UPDATER32LSASS32.EXE"Added by the RANDEX.AR WORM!"
XMicrosoft Updaterstskmgr.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Updaterssysconfigs.exe"Added by the RBOT-DF TROJAN!"
XMicrosoft Updaters ProsWINDLL32XP.EXEAdded by the SPYBOTTER.GEN VIRUS!
XMicroSoft Wind0ws Updaterwinsupdater.exe"Added by a variant of the RBOT WORM!"
XMicroSoft Window Updaterwinsupdater.exe"Added by the RBOT-ZZ WORM!"
XMicrosoft Windows Game Updatermsgame32.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Windows Updaterwinupdgm.exe"Added by the GAOBOT.BI WORM!"
XMicrosoft Windows UpdaterWINIUPDATES.EXE"Added by the RBOT-KK WORM!"
XMicrosoft Windows UpdaterWINUPDATE.EXE"Added by the RBOT-LI WORM!"
XMicrosoft Windows UpdaterTMNTSrv.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Windows Updaterwin32upd.exe"Added by the RBOT-EC WORM!"
XMicrosoft Windows Updatermsnupdateit.exe"Added by the AGOBOT-RL WORM!"
XMicrosoft Windows Updaterwindates.exe"Added by the SDBOT.TE WORM!"
XMicrosoft Windows Updaterspoolvs.exe"Added by the RBOT.ACQ WORM!"
XMicrosoft Windows Updatersuvhost.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Windows Updaterwinfix.exe"Added by the RBOT-CM WORM!"
XMicrosoft Windows updaterDlog32zx.exe"Added by the MYDOOM.W WORM!"
XMicrosoft winsupdaterWINSUPDATER.EXE"Added by the SPYBOTER.FB BACKDOOR!"
XMS UPDATERupdate.exe"Added by the RBOT-VC WORM!"
XMS Updating Utilitymsupdater.exe"Added by the RBOT-XR WORM!"
XMS Windows Security Updaterupdater.pif"Added by the RBOT-AKY WORM!"
XMSN Auto-Updatermsnaupdater.exe"Added by a variant of the IRCBOT BACKDOOR!"
XMSN Auto-Updatermsnupdates.exe"Added by the AUTORUN.WORM.GEN WORM!"
XMsn Plus Updatermsnplus.exe"Added by the RBOT-MU WORM!"
XMSN Update Clientmsnupdater.exe"Added by a variant of the IRCBOT BACKDOOR!"
XMSN Updatermsnms.exe"Added by the FORBOT-CG WORM!"
XMsn Updatermsnplugins.exe"Added by the RBOT-HS WORM!"
XMsn Updaterwindatemanager.exe"Added by the SDBOT.TS WORM!"
XMSN UPDATERSvirtualmemory.exe"Added by the RBOT-JK WORM!"
XMSN6.1 Auto-Updaterv6msn.exe"Added by the AUTORUN-MM WORM!"
Xmsoft-updater23mssysstems.exe"Added by the RBOT-ATU WORM!"
Xmsoft-updater23slssystem.exe"Added by the RBOT-ASR WORM!"
Xmsoupdatermsoupdater.exe"Added by the DLOADER.GBD TROJAN!"
Xmsupdatermsupdater.exe"Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example"
XMsUpdater Systemudpsys32.exe"Added by the RBOT.AAA WORM!"
XMSupdater.exeN/A"CoolWebSearch parasite variant. Installs the Winshow.dll browser plugin"
Xmsupdater25lsasser.exe"Added by the RBOT-ATS WORM!"
Xmsvupdatermsvupdater.exe"Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example"
XNAV Auto Updatesnavupdaterx.exe"Added by a variant of the RBOT WORM!"
XNero Updater.6.12wmp9.exe"Added by the AGOBOT-AAG WORM!"
XNeroUpdater6.8winjava.exe"Added by the AGOBOT.AMK WORM!"
YNokia Software Updaternsu_ui_client.exe"Utility that only runs once after installing the Nokia Software Updater which is used to update the operating system (or firmware) for selected Nokia mobile devices"
XNorton Antivirus Updaternortonav.exe"Added by the DELBOT-T WORM! Note - this is not the real Norton AV!"
XNorton Live UpdaterCavapsvc.exe"Added by the GAOBOT.AO WORM!"
XNorton Live UpdaterSochost.exe"Added by the GAOBOT.AO WORM!"
XNorton Live UpdaterAvapsvc.exe"Added by the AGOBOT-BG BACKDOOR!"
XNorton Updaterwinset.exe"Added by a variant of the SPYBOT WORM!"
XNorton Updaterlsa.exe"Added by a variant of the RBOT WORM!"
XNorton UpdaterNortonUpdate.exeAdded by an unidentified WORM or TROJAN!
XNorton UpdaterccUpdate.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XNorton Updaternavupdtr.exe"Added by the SDBOT.AXV WORM!"
XNTupdater[path to trojan]"Added by the DIGARIX-D TROJAN!"
XNvUpdaternwiz32.exe"Added by a variant of the RBOT WORM!"
XOB Updaterob.exe"Added by the AGOBOT-IH WORM!"
XOffice MonitorsGoogleUpdater.exe"Added by the RBOT-GKZ WORM! Note - this is not the updater for the popular Google tools"
UOpenDNS UpdateOpenDNS Updater.exe"Updater for OpenDNS which ""is a free service that works for networks of all sizes
NOrangeSharkOSharkUpdater.exe"Orange Shark updater - online games for all ages"
NPluckSvrPluckUpdater.exe"Pluck Toolbar updater"
XPopup Blocker Updaterregsvr32 veev****.dll [* = random char]"SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%"
XPopup Defence Updaterregsvr32 pdfupd.dll"SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%"
UPPUpdateppupdater.exe"PPUpdater - updater that used to be part of PestPatrol before CA's acquisition"
XPrinter Spoolupdater.exe"Added by a variant of the RBOT WORM!"
XReal player updaterrealupd.exe"Added by the PARLAY TROJAN!"
XRealPlayerUpdaterrealupd32.exe"Added by the LOHAV-T TROJAN!"
XRealUpdaterrealupd.exe"Added by the PARLAY or MITGLIEDER.I TROJANS!"
Xrunner1updater.exeAdded by the CRYPT.ULPM.GEN TROJAN!
XSafeGuard Popup Blocker Updaterregsvr32 sfgupd.dll"SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%"
XSafeGuard Popup Blocker Updater (required)regsvr32 sfg****.dll [* = ramdom char]"SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%"
XSafeGuard Popup Updater (required)regsvr32 sfg****.dll [* = random char]"SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%"
XSafeGuard Popup Updater (required)regsvr32 PDF****.dll [* = random char]"SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%"
XSGPUpdatersgpUpdaters.exe"Fast Browser Search/Search Guard Plus parasite - installed with ""Make the Web Better"" applications such as My Web Tattoo
XSP2 Firewall/Internet Updatercrssrs.exe"Added by the RBOT.BJO WORM!"
XSun Java Updaterstacsv.exe"Added by the BUZUS.DBFM TROJAN!"
XSun Java Updater v5javajre.exe"Added by the AUTORUN-XI WORM!"
XSun Java Updater v7.4javawx.exe"Added by the ACKANTTA.B WORM!"
XSunJava Updater v7javale.exe"Added by the ACKANTTA.B WORM!"
XSunJavaSched Updateravamx.exe"Added by the RBOT-ABJ WORM!"
XSunJavaUpdaterjavaw.exe"Added by the MYTOB.QR WORM!"
XSunJavaUpdaterv13javaupdater.exe"Added by the ROUTROBOT WORM!"
XSVCHOSTupdater32.exe"Added by the RANTS.A WORM!"
XSystemUpdaterun.exe"Added by the QQHELP-DX TROJAN!"
Xsystem checkupdater.exeUnidentified adware downloader
USystem Files UpdaterSystem Files Updater.exe"System Files Updater from Flyakiteosx ""will transform the look of an ordinary Windows XP system to resemble the look of Mac OS X"""
XSystem Security Updatersvsmons.exe"Added by the RBOT-OW WORM!"
XSystem Updater Machinecrhwss.exe"Added by the CIADOOR-DQ TROJAN!"
XSystem Updater Machinesystem.exe"Added by the CIADOOR.GN BACKDOOR!"
XSystem Updater Processwmiprvsw.exe"Added by the AGOBOT-IL WORM!"
XSystem Updater Servicewmiprvsw.exe"Added by the GAOBOT.AFC WORM!"
XSystemBooster2009sbr_updater.exe"SystemBooster2009 rogue system suite - not recommended
XSystemiom UpdaterSystemiom.exe"Added by the SPYBOT.TY WORM!"
Xsystemyom Updatersystemyom.exe"Added by a variant of the IRCBOT TROJAN!"
Xtcupdatertcupdater.exeTopconverting.com/180Search adware updater
Xtpcupdaterupdatetc.exe"Antivirus XP 2008 rogue security software - not recommended"
XUpdateCDUpdater.exe"""Carpe Diem"" adult premium rate dialler related"
XUPDATEWinUpdater5.0.vbs"Added by the GORMLEZ-A WORM!"
Xupdate mon sysupdaterar.exe"Added by a variant of the RBOT WORM!"
Xupdaterwupdater.exe"KeenVal adware"
?updaterupdater.exe"??"
XUpdateradservernow.exe"AdServerNow adware"
Xupdaterwisvc.exe"Added by the ORSE-A TROJAN!"
XUpDaTercsrss.exe"Added by the AUTORUN.DIB WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~� subfolder"
XUpdater Service Processsvhost32.exe"Added by the AGOBOT.TY WORM!"
XUpdater Service Processcsrss32.exe"Added by the AGOBOT-GP BACKDOOR!"
Xupdater32winload32.exe"Added by the CULT.M WORM!"
Xupdaterealrealupdate.exeChinese originated adware
XUpdaterUIUpdaterUI.exe"Added by the AGENT-TM TROJAN!"
XvirusbyevirusbyeUpdater.exe"VirusBye rogue security software - not recommended"
XWebSUpdaterwupda.exe"Added by the STARTPAGE.C TROJAN!"
UWildTangent Web Driver updaterwcmdmgrl.exe"Web Driver delivery system for WildTangent on-line games. Periodically checks for updates - can be disabled within the programs control panel. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case"
XWin UpdaterWINUPDATER.EXE"Added by the RBOT.IP WORM!"
XWin32 Ms Auto UpdaterAutomsUPD.exe"Added by a variant of the RBOT WORM!"
XWin32UpdaterKERNAL32.EXE"Added by the SPYBOT-OK WORM!"
XWindows Auto Updatewinupdater.exe"Added by the SDBOT.TF WORM!"
XWindows Auto UpdaterWINDOWSUPDATE.EXE"Added by the SDBOT.PB WORM! Note the space at the beginning of the filename"
XWindows Automatic Updaterwindrg.exe"Added by a variant of the RBOT WORM!"
XWindows Automatical Updaterdcz.exe"Added by the RBOT.CXS WORM!"
XWindows AutomaticUpdaterrunddls.exe"Added by a variant of the RBOT WORM!"
XWindows Defender Updaterwdu*.exe"Added by a variant of the FakeAlert TROJAN! This infection displays fake Windows Defender alerts which link to spyware-kicker.com"
XWindows Firewall Updaterupdatees.exe"Added by the RBOT-GBX WORM!"
XWindows Firewall Updatercronos.exe"Added by the RBOT-GBY WORM!"
XWindows Firewall Updaterctfcom.exe"Added by the RBOT-GCB WORM!"
XWindows Firewall Updaterwindowsupdate.exe"Added by the SPYBOT.AVEO WORM!"
XWindows Media Updatercrease.exe"Added by the RBOT-ATI WORM!"
XWindows Online Updaterdllman.exe"Added by the RBOT-TE WORM!"
XWindows Updaterwupdmgr32.exe"Added by a variant of the DOS.AUTOCAT TROJAN!"
XWindows Updateriexplorerrs.exe"Added by the RBOT-TN WORM!"
XWindows Updatersvigost.exe"Added by the RBOT-VS WORM!"
XWindows Updaterwupdate.exe"Added by the WOOTBOT.AJ WORM!"
XWindows Updatersdsys.exe"Added by the FORBOT-JG WORM!"
XWindows Updater Onlinewinupdatexx.exe"Added by a variant of the RBOT WORM!"
XWindows Updater Servcxpuupdate.exe"ContraVirus rogue security software - not recommended
XWindows Updater Service Managerwinupdatr.exe"Added by a variant of the IRCBOT BACKDOOR!"
XWindows Updater Servicesmsnupdate.exe"Added by a variant of the RBOT WORM!"
Xwindows updaterswinupdats.exe"Added by the SPYBOT-IS WORM!"
XWindowsUpdateRregserv.exe"Added by the COBFINN_B TROJAN!"
XWindowz Update V2.0updater.exe"Added by the YODO-C WORM!"
Xwinsupdaterwinsupdater.exe"Added by the ALCRA-F WORM!"
XWinUpdaterupdate.exe"Added by the STARTPAGE.C TROJAN!"
XWinXp Updaterwinxp32.exe"Added by the RBOT-HG WORM!"
XxDRam rar procxxwinupdaterarx.exe"Added by the RILER-W TROJAN!"
Xxp32winxpupdater02.exe"Added by the MOSUCK-A TROJAN!"
XYahoo UpdaterMessenger.exe"Added by the FORBOT-FE WORM!"


DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.