Windows Startup Item Database

HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page

Key:

"Y" - Normally leave to run at start-up
"N" - Not required - typically infrequently used tasks that can be started manually if necessary
"U" - User's choice - depends whether a user deems it necessary
"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
"?" - Unknown

	Startup Name	Process Name	Details
X	System Information Manager	win.exe	"Added by the SDBOT-MU WORM!"
X	System Information Manager	windowsNt.com	"Added by the SDBOT-ND WORM!"
X	System Init	systeminit.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	System Initialization	msmsgri32.exe	"Added by the RANDEX.D WORM or ROXY or ROXY.B TROJANS!"
X	System Initialization	payload.dat	"Added by the RANDEX.D WORM or ROXY or ROXY.B TROJANS!"
X	System IP	systemip.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	System Kernal Support	system.exe	"Added by the SDBOT.BWV WORM!"
X	System Kernel	lsass.exe	"Added by the VBBOT-G TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder"
U	System LifeGuard Scheduler	Slsched.exe	"System LifeGuard scheduler"
X	System Loader	systems.exe	"Added by the AGOGBOT-FI WORM!"
X	System Log Event	csrss32.exe	"Added by the AGOBOT-JI WORM!"
X	System Management Service	smsc.exe	"Added by the RBOT-ANN WORM!"
X	System Manager	svchost.exe	"Added by the BANKER-AE TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder"
X	system manager	System.exe	"Added by the FORBOT-BO WORM!"
X	System Manager	winsrv32.exe	Added by an unidentified WORM or TROJAN!
X	System Manager	sysmng.exe	"Added by the TAME-C WORM!"
X	System Manager	sysmngr.exe	"Added by a variant of the IRCBOT TROJAN! See here"
X	System Manager	ncvs32.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	System Manager Updates	winsvc.exe	"Added by the AGOBOT.AEM WORM!"
U	System Mechanic Popup Blocker	PopupBlocker.exe	"Popup blocker part of Iolo System Mechanic utility suite"
U	System Mechanic Popup Stopper	Popupstopper.exe	"Popup stopper part of Iolo System Mechanic utility suite"
N	System Mechanic Professional Update [Incinerator.dll]	SysMech4.exe /REREG: [path] Incinerator.dll	"Iolo System Mechanic ""Incinerator"" feature securely deletes files and folders from your PC so they can never be recovered again"
U	System Mechanic Startup Guard	StartupGuard.exe	"System Mechanic Startup Guard protects the Window's startup locations from being modified by viruses spyware malware and other annoying programs"
X	SYSTEM MESSAGER	wmisg.exe	"Added by the MYTOB.ES WORM!"
X	System Messaging Queue	SMCSS.EXE	"Added by a variant of the RBOT WORM!"
X	System Messenger	SYSMSG32.EXE	"Added by the SPYBOT-DK WORM!"
X	System Messenger32	systgmgr32.exe	"Added by the SDBOT.DF WORM!"
X	System Microsoft Core	smc.exe	"Added by the RIZO.A TROJAN!"
U	System Monitor	SYSMON.EXE	Comes with some Aopen motherboards. Monitors CPU temp voltage and fan speed. Warns if any become abnormal
X	System Monitor	Sysmon16.exe	"Added by the SDBOT TROJAN!"
X	System Monitoring	cute.exe	"Added by the RAHIWI.A WORM!"
X	System Monitoring	Mooks.EXE	"Added by the BHARAT.A WORM!"
X	System Monitoring	lsass.exe	"Added by the BRONTOK-BS WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS"
X	System MScvb	mscvb32.exe	"Added by the SOBIG.C WORM!"
X	System Net	sys32.exe	"Added by the FORBOT-FX WORM!"
X	System Net Database	sysnd.exe	"Added by the RBOT-AAW WORM!"
X	System Networking	sysnet.exe	"Added by the RBOT.API WORM!"
X	System Power Managment	svcnost.exe	"Added by the DREF-I WORM!"
X	System Presets	[temp name].exe	"Added by the HOSTINF-A WORM!"
X	System Process	csrss.exe	"Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	System Process	lsass.exe	"Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder"
X	System Process	svchost.exe	"Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder"
X	System Process	CSRSR.exe	"Added by the AGOBOT-SQ WORM!"
X	System Process Analization	sysproc.exe	"Added by a variant of the RBOT WORM!"
X	System Process Analization Thread	system.exe	"Added by a variant of the RBOT WORM!"
X	System Profile	Regsrv.exe	"Added by a variant of the OPTIX TROJAN!"
X	System Reboot	rebootsys.exe	"Added by the RBOT-WU WORM!"
X	System Redirect	sysbho.exe	"Downloader trojan ""Melkosoft"" adware related"
X	System Registry Manager	sysrgmgr.exe	"Added by an unidentified WORM or TROJAN! See here"
X	System Restore	svcnet.exe	"Added by the TIBICK WORM!"
X	System Restore Data	[path] repcale.exe [path] beird.exe	"Added by the RANDON.AN WORM!"
X	System Security Checker	ssc.exe	"Added by the IRCBOT-WI TROJAN!"
X	System Service	MSREXE.EXE	"Added by the AML TROJAN!"
X	system service	spoolcrv.cpl	Added by the INSPIR.11 TROJAN!
X	System Service	systems.exe	"Added by the AGOBOT.VZ WORM!"
X	System Service	coderxt.exe	"Added by the RBOT-ALD WORM!"
X	System Service	exp0lrer.exe	"Added by a variant of the RBOT WORM!"
X	System Service	servicent.exe	"Added by the RBOT-AJI WORM!"
X	System service	system.exe	"Added by the BANCOS.AA TROJAN!"
X	System Service	msnwindows.exe	"Added by the SPYBOT.YCL WORM!"
X	System Service	servicez.exe	"Added by the RBOT-AOY WORM!"
X	System Service	msnxpexe.exe	"Added by the RBOT-AUA WORM!"
X	System Service	teskmangr.exe	"Added by the RBOT-AUV WORM!"
X	System Service	backup.exe	Added by the PACKBOT.AA WORM!
X	System Service	serious.exe	"Added by the RBOT-FMV WORM! Note - deactivates the Microsoft Internet Connection Firewall (ICF)"
X	SYSTEM service helper	svchelper.exe	"Added by the MONKBD-A WORM!"
X	SYSTEM service helper	syshelp.exe	"Added by a variant of the MONKBD-A WORM!"
X	System Service Manager Device	svho.exe	"Detected by Kaspersky as the RBOT.GCG BACKDOOR! See here"
X	System service**	pokapoka**.exe	"EliteBar adware - where ** represents the numbers 61 to 79"
X	System service78	[path to file]	"Added by the ELITEBAR-T and ELITEBAR-U TROJANS!"
X	System service79	[path to file]	"Added by the ELITEBAR-V TROJAN!"
X	System Services	[random file name]	"Added by a variant of the RBOT WORM!"
X	System Services	connection.exe	Added by an unidentified WORM or TROJAN!
X	System Services	svcsenes.exe	"Added by a variant of the RBOT WORM!"
X	System Services	svcsenes32a.exe	"Added by the RBOT-AFG WORM!"
X	System Services	ssms.exe	"Added by a variant of the RBOT WORM!"
X	System Services Monitor	server.exe	"Bifrost malware"
X	System Session Manager	smss.exe	"Added by the KALEL-E WORM! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup!"
X	System settings	burndl32.exe	"Added by the SDBOT-ZO WORM!"
X	System Setup	rpcxcmod.exe	Added by an unidentified WORM or TROJAN!
X	System Soap Pro	soap.exe	"System Soap Pro internet cleaning software. Bundles foistware like Httper and Zipclix - best avoided"
X	system spool	syspools.exe	"Added by the DREF-T WORM/VIRUS!"
U	System startup	charmapx.exe	Only required if using an oriental language
X	System Startup	Voltio.exe	"Added by the RBOT.NJ WORM!"
X	System Startup	kimochi.exe	"Added by a variant of the RBOT WORM!"
X	System Startup	sys.exe	"Added by a variant of the IRCBOT TROJAN!"
X	System Startup Manager	smcss.exe	"Added by the RBOT.AMD WORM!"
X	System Stats	SystemStats.exe	"Added by a variant of the WOOTBOT WORM!"
X	System Support	syscfg.exe	"Added by the RBOT-AGQ WORM!"
X	System Support	system32.exe	"Added by the RBOT-AHA WORM!"
X	System Support	syssql.exe	"Added by the RBOT-AUH WORM!"
X	System Support	torrent.exe	"Added by a variant of the RBOT WORM!"
X	System Task Manager	taskmrg.exe	"Added by a variant of the SPYBOT WORM! See here"
X	System Terminal	SYSTEM2.EXE	"Added by the SPYBOT-BZ TROJAN!"
X	System time updator	CSysTime.exe	"Added by the RANDEX.S WORM!"
X	System Toolkit	Systools.exe	"Added by the RONOPER-G WORM!"
X	System Tray	msccn32.exe	"Added by the SOBIG.B WORM! Warning - spreading via infected E-mail attachments with the sender address faked as support@microsoft.com! Note - this is not the legitimate systray.exe process"
X	System Tray	systray.exe	"Added by the FAN-A WORM!"
X	System Tray Monitor	tray.exe	"Detected by PCTools as the RBOT.UXR WORM! See here"
X	System Tray Services	spooles32.exe	"Added by the AGOBOT.ZH WORM!"
X	System Tray32	SysTray32.exe	"Added by the REPAD WORM!"
X	System Unix	syscfg32.exe	"Added by the RBOT-ZD WORM!"
X	system updata	updata.exe	"Added by the LINEAGE-C TROJAN!"
X	System Update	[filename].exe	"CoolWebSearch parasite variant"
X	System Update	[random filename]	"Added by the KORGO.W or KORGO.X WORMS!"
X	System Update	wupdmgr.exe	"Added by the SOROMO-A TROJAN!"
X	System Update	[random filename]	"Added by the SOROMO-A TROJAN!"
X	System Update	wauluclt.exe	"Added by the SDBOT.EF WORM!"
X	System Update	[path to trojan]	"Added by the AUTOTROJ-D TROJAN!"
X	System Update	mssetupconf.exe	"Added by the RBOT.DLC WORM!"
X	System Update Application	msbuffer.exe	"Added by the SDBOT.AFF WORM!"
X	System Update Service	wmiprvsa.exe	"Added by the AGOBOT-RG TROJAN!"
X	System Update Service	winupd32.exe	"Added by the ADTODA-A TROJAN!"
X	System Update Service	system.pif	"Added by the RBOT-ALL WORM!"
X	System Update Service	update.pif	"Added by the SPYBOT.WOE WORM!"
X	System Update Service	wmiprvsv.exe	"Added by the AGOBOT.YG WORM!"
X	System Update2	explorer.exe	"Added by the AUTOTROJ-C TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
X	System Update2	services.exe	"Added by the AUTOTROJ-C TROJAN!Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!"
X	System Update2	svchost.exe	"Added by the AUTOTROJ-C TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!"
X	System Update2	system.exe	"Added by the AUTOTROJ-C TROJAN!"
X	System Update2	taskman.exe	"Added by the AUTOTROJ-C TROJAN!"
X	System Update2	taskmon.exe	"Added by the AUTOTROJ-C TROJAN!"
X	System Update2	update.exe	"Added by the AUTOTROJ-C TROJAN!"
X	System Update2	webcheck.exe	"Added by the AUTOTROJ-C TROJAN!"
X	System Update2	wininet.exe	"Added by the AUTOTROJ-C TROJAN!"
X	System Update2	winlogon.exe	"Added by the AUTOTROJ-C TROJAN! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup!"
X	System Update2	winspool.exe	"Added by the AUTOTROJ-C TROJAN!"
X	System Update2	wupdmgr.exe	"Added by the AUTOTROJ-C TROJAN!"
X	System Updater Machine	crhwss.exe	"Added by the CIADOOR-DQ TROJAN!"
X	System Updater Machine	system.exe	"Detected by Kaspersky as the CIADOOR.GN BACKDOOR! See here"
X	System Updater Service	wmiprvsw.exe	"Added by the GAOBOT.AFC WORM!"
X	System Updates	winsci.exe	"Added by a variant of the RBOT WORM!"
X	System Updates	szwi.exe	"Added by the RBOT-AXE WORM!"
X	System Updates	unve.exe	"Added by the RBOT-AWG TROJAN!"
X	System Updates	wmkl.exe	"Added by the RBOT-AYJ WORM!"
X	System Updates 4	mssysfix.exe	"Added by the RBOT-ADU WORM!"
X	System Updates Manager	winserv32.exe	"Added by the AGOBOT-AGA WORM!"
X	System Updates Service	updates.pif	"Added by the RBOT-AMA WORM!"
X	System Uptime Server	SYSENTRY.EXE	"Added by the RBOT.LK WORM!"
X	System Uptime Server	SYSENTRY32.EXE	"Added by the RBOT.LK WORM!"
X	system xp	acdsee demo.exe	"Added by the SALGA.A WORM!"
X	System-Config	msptmf32.com	"Added by the LIOTEN.FA WORM!"
X	System-Service	EXPLORER.SCR	"Added by the BENJAMIN.A WORM! KaZaA file-sharing users beware!"
X	System-Stat	systats.exe	"Added by the SDBOT.RA WORM!"
X	system.	system..exe	"Added by the OPTIXPRO.13.C TROJAN!"
X	system...	system...exe	"Added by the OPTIXPRO.13.C TROJAN!"
X	System.exe	System.exe	Added by various WORMS and TROJANS!
X	system.exe	system.exe	"Added by the JAMPORK.E WORM!"
X	system.exe	system.exe	"Added by a variant of the IRCBOT BACKDOOR! Located in %WINDIR%\pchealth\helpctr\binaries"
X	System132	Csrtss.exe	"Added by the LANFILT-I TROJAN!"
X	system23	notPad.exe	"Added by the ESTEEMS.D TROJAN!"
X	System32	system.exe	"Added by the BUSHTRO122 TROJAN!"
X	System32	System32.exe	Added by any number of WORMS or TROJANS!
U	System32	sysdiag.exe	"SpyAgent surveillance software. Uninstall this software unless you put it there yourself"
X	System32	system321.exe	Added by an unidentified VIRUS WORM or TROJAN!
X	system32	NeT-BoT.exe	"Added by the AGOBOT-LJ WORM!"
X	System32	lsasss.exe	"Added by the RBOT-XW WORM!"
X	System32	crsvvc.exe	"Added by the RBOT.BLY WORM!"
X	system32	QQGame.exe	"Added by the QQPASS-AC TROJAN!"
X	System32	[worm filename]	"Added by the NAUTICAL-A WORM!"
X	System32	winds32.exe	"Added by the DWNLDR-HFY TROJAN!"
X	System32 PCI Manager	syspci32.exe	"Added by the RBOT-AFR WORM!"
X	System32 Runtime StartUp	sysrs.exe	"Added by the AGOBOT.ANW WORM!"
X	System32 TCP Manager	systcpm.exe	"Added by a variant of the RBOT WORM!"
X	System32 TCP Manager	systerm.exe	"Added by the RBOT.AFD WORM!"
X	System32 Temp Service	systmp.exe	"Added by the RBOT-AET WORM!"
X	system32.dll	systeminit.exe	"CoolWebSearch parasite variant - re-directing to your-search.info"
X	system32.dll	sysdll32.exe	"CoolWebSearch parasite variant. Redirecting to wholeworldmarket.com most likely other domains as well"
X	system32.exe	services32.exe	"Added by a variant of the IRCBOT TROJAN!"
X	system32.exe	system32.exe	"Added by the GRAYBIRD.P TROJAN!"
X	System32BLSJ Agent	System32BLSJ.exe	"Added by the MDROP-BPT TROJAN!"
X	System32Check	[random].exe	"Added by the CHAST-A TROJAN!"
X	System32Dll	DLL32SYS.EXE	"Added by the SPYBOT-CZ WORM!"
X	System32Ex	System32Ex.exe	"Added by the IRCCONTACT TROJAN!"
U	System32kfvw	sysdiag.exe	"SpyAgent surveillance software. Uninstall this software unless you put it there yourself"
X	System32Root	Gadu-Gadu.exe	"Added by a variant of the IRCBOT TROJAN! Note - doe not confuse with the Polish language Instant Messaging client also called Gadu-Gadu"
X	system32WXBP Agent	system32WXBP.exe	"Detected by Trend Micro as TSPY_ARDAMAX.HR spyware. See here"
X	System33	FB_PNU.EXE	"Added by the NICHELLO-A WORM!"
X	system34.exe	system34.exe	"Added by the DWNLDR-FXY TROJAN!"
X	System4224411	Virus	"Added by the CAGER.A WORM!"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.