CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

$9736.22 of $21422.68
left sidedonated so farneed $11686.46 donated to reach our goalright side, our goal
Help CastleCops serve the community on new servers, Donate Here to reach our goal.

spacer spacer

StartupList Index

Currently 17175 startuplist entries and growing...
Last updated on 2008-08-21 15:41:23 Eastern.
!! THESE ARE STARTUP PROGRAMS AND NOT TASK MANAGER PROCESS ITEMS !!

For more information on startup programs, including how to identify them and the information required for submitting additions to this list please refer to Content & Info. Reprinted with permission from Paul Collins who owns the copyright to the list. CastleCops also adds additional items that may not be in the original list but attempts are made to ensure the original is also updated. The full HTML list is here.

CastleCops is now hosting the official Pacs-portal forums. CastleCops has also cross-referenced startup entries with our File Hash database where appropriate. Comments or questions can be fielded here.

KEY:
  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown

    •   

    ABC List: A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z




    Full List

    NameStatusFilenameDescription
    XMSPF.EXEAdded by a variant of the SDBOT WORM! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field
    Xsvchost.exeAdded by the DELF-UX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field
    Xmstdmc.exeAdded by Trojan-Downloader.Win32.Banload.cil MALWARE! Note: Located in \%WINDIR%\System32\ The startup name is empty This will make sure that it's start at startup.
    Xmsmapiax32.exeIdentified as a variant of the Rootkit.Win32.Agent.uj rootkit. Note: Located in \%WINDIR%\System32\ Note: Use SDFix under supervision.
    Xmsmapibx32.exeIdentified as a variant of the Rootkit.Win32.Agent.uj rootkit. Note: Located in \%WINDIR%\System32\ Note: Use SDFix under supervision.
    Added by the W32/Sdbot-DHY, Worm! Read the link, allows remote access Note: located in \%WINDIR%\ Note: Use SDFix under supervision.
    hamachiUhamachi.exeRelated to hamachi Instantly connect multiple computers in a VPN from LogMeIn Inc. Note: Located in \%Program Files%\Hamachi\
    Security PatchXscmss.exeAdded by the W32/RBOT-ZW WORM! Read the link, keylogger/password stealing trojan(s) involved.
    WinCheckXservices.exeAdded by the W32.Sober.V WORM! Note: This worm file is found in the Windows\ConnectionStatus\Microsoft or Winnt\ConnectionStatus\Microsoft folder.
    WindowsXservices.exeAdded by the W32.Sober.X WORM! Note: This is not the legitimate Windows process services.exe (Which is always found in the System32 folder.) This worm file is found in the Windows\WinSecurity or Winnt\WinSecurity folder.
    !1_pgaccountYpgaccount.exeDiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. You will see one instant of pgaccount.exe for every active account on your system, and this is essential for PG to work properly
    !1_ProcessGuard_StartupYprocguard.exeDiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks.
    !AVG Anti-SpywareUavgas.exeRelated to AVG_Anti-Spyware from Grisoft. Note: Located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
    !ewidoUewido.exePart of Ewido anti-spyware
    !NoLoadUwinrecon.exe Winrecon Read the link, keylogger/password stealing trojan(s) involved. - Commercial Keylogger
    $EnterNetUEnternet.exeConnection manager for the EnterNet ISP. You can also use RASPPOE
    $sys$cmpX$sys$xp.exeAdded by the Backdoor.Ryknos.B TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder. Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer. Read the link, rootkit type stealth involved.
    $sys$crashX$sys$WeLoveMcCOL.exeAdded by the Welomoch TROJAN! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder. Read the link, rootkit type stealth involved. SONY ROOTKIT, THANKS SONY!
    $sys$crashX$sys$sonyTimer.exeAdded by the Welomoch TROJAN! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder. Read the link, rootkit type stealth involved. SONY ROOTKIT, THANKS SONY!
    $sys$crashX$sys$sos$sys$.exeAdded by the Welomoch TROJAN! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder. Read the link, rootkit type stealth involved. SONY ROOTKIT, THANKS SONY!
    $sys$drvX$sys$drv.exeAdded by the Backdoor.Ryknos TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer. Read the link, rootkit type stealth involved.
    $Volumouse$Uvolumouse.exeRelated to Volumouse from Nirsoft. Provides you a quick and easy way to control the sound volume on your system. Note: Located in C:\Program Files\Volumouse\
    $WindowsRegKey%updateXIEXPLORE.EXEAdded by a W32/Rbot-EZ WORM! Note - this is not the legitimate Internet Explorer iexplorer.exe process, it should not appear in Msconfig/Startup unless you add it manually!
    %cmpmixtitle%?%cmpmixstr%Possibly related to C-Media Mixer Control panel?
    %FP%012-L2TP fts.exe?fts.exe012.Net ISP software - what does it do and is it required?

    This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.
    If you find the information on these pages useful, why not make a donation to help towards its maintenance :- or E-mail me.

    Engine Version 2.0 by CastleCops
    2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved.
    Acceptable Use Policy. Use signifies your agreement.
    104ppm 0.191s (0.035s)
    Making cybercriminals unhappy since 2002*
    In Memory of Trpm
    spacer spacer