Windows Startup Item Database

HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page

Key:

"Y" - Normally leave to run at start-up
"N" - Not required - typically infrequently used tasks that can be started manually if necessary
"U" - User's choice - depends whether a user deems it necessary
"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
"?" - Unknown

	Startup Name	Process Name	Details
U	SysSense	SysSense.exe	"""SysSense is your personal desktop Google AdSense monitor. It keeps your current Google AdSense information in the Windows system tray"". Google AdSense account required"
X	sysser	[path to file]	"Added by the RAHACK WORM!"
X	SysService	SysService.exe	"Added by the DELF family of TROJANS!"
U	SysService	SERVICES.EXE	"NSKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself!"
X	SysService32	SysService32.exe	"Added by the KINDAL VIRUS!"
X	SysService32	ln32k.dll	"Added by the KINDAL VIRUS!"
X	SysService32l	systask32l.exe	"Added by the THEUG WORM!"
X	SYSsfitb	SYSsfitb.exe	Searchforit browser hijacker
X	SySSL	sysl.exe	"Added by the RBOT-CKH WORM!"
X	SysStart	**sysi6.exe [ = random char]	"ZenoSearch adware. Note - the most frequent filenames appear to be jdisysi6.exe
X	SysStart	1.exe	"ZenoSearch adware"
X	SysStart	[adware filename]	"ZenoSearch adware"
X	SysStrt	systemc.exe	"Added by the AGOBOT-QA TROJAN!"
X	syst	syst.exe	"Added by the DUMB.A ""Joke"" virus"
X	System	run322.exe	"Added by the LANFILT TROJAN!"
X	System	system.exe	Added by various WORMS and TROJANS!
X	system	regedit -s system.dll	Homepage hijacker
X	system	systemsearch.hta	Jetseeker.com hijacker
X	System	dcomx.exe	"Added by the CIREBOT TROJAN!"
X	system	Explorer.exe	"Added by the GRAYBIRD TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder"
X	System	YPager.exe	"Added by the JUNTADOR.K TROJAN! Note - this is not Yahoo! Messenger"
X	system	outlook.exe	"Added by the MIMAIL.Q WORM! Note that the valid MS Outlook executeable is located in the Program FilesMicrosoft OfficeOffice directory wheras this one is found in the Windows or Winnt directory"
X	System	Atira.exe	"Added by the KOTIRA VIRUS!"
X	SYSTEM	lsas.exe	"Added by the SPYBOT.CJ WORM!"
X	System	kernels32.exe	"Added by the DLOADER-FC TROJAN!"
U	System	sysctrl.exe	"Added by WinGuardian. Note - this commercial keylogger is no longer made or sold by Webroot but older copies may still be in existance
X	System	csrss.exe	"Added by the LDPINCH.E TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder"
X	System	svchost.exe	"Added by the LDPINCH-AU TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder"
X	system	lsasse.exe	"Added by the RBOT-YL WORM!"
X	System	systray.exe	"Added by the PISABOY-A TROJAN! Note - this is not the legitimate systray.exe process"
X	System	abcdefg.exe	"Added by the HARWIG-B WORM!"
X	System	cber.exe	Added by an unidentified TROJAN!
X	System	serwin.exe	"Added by the LDPINCH-BN TROJAN!"
X	System	svch�st.exe	"Added by the LDPINCH-BF TROJAN!"
X	System	system.exe (74295303)	"Added by the IU WORM!"
X	System	WINL0G0N.EXE	"Added by the BANCOS-DB TROJAN!"
X	System	wumgrd32.exe	"Added by a variant of the RBOT WORM!"
X	System	SPOOLSU.EXE	"Added by the BANKER-FC TROJAN!"
X	System	system23.exe	"Added by the LEBREAT-D WORM!"
X	System	windowsps.exe	"Added by a variant of the RBOT WORM!"
X	SYSTEM	d.exe	"Added by the MYTOB.LP WORM!"
X	System	inetinfo.exe	"Added by the PARDROP-A TROJAN!"
X	system	services.exe	"Added by the DELF-LQ TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a ""HELP"" subfolder of the Windows or Winnt folder"
X	SYSTEM	VSSMON.exe	"Added by the RBOT-AWW TROJAN!"
X	SYSTEM	wiinlogon.exe	"Added by the RBOT-AVG WORM!"
X	System	kernels64.exe	"Added by the VIXUP-S TROJAN!"
X	system	lsass.exe	"Added by the SATILOLER.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Program FilesCommon Filessystem folder"
X	System	smss.exe	"Added by the AGENT.AEP TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!"
X	System	winupd.exe	"Added by a variant of the SDBOT WORM!"
X	system	messenger.exe	Added by an unidentified WORM or TROJAN!
X	System 64 Driver for Games	sys64dvr.exe	"Added by the SDBOT TROJAN!"
X	System Applications Profile	sap.exe	"Added by the RBOT-QF WORM!"
X	System Backup	msystem.exe	Adult content dialler
X	System backup	[random filename]	"Added by the ADMINCASH.B TROJAN! Note - multiple different file names have been spotted
X	System Backup Services	backups32.exe	"Added by a variant of the RBOT WORM!"
X	System Buffer Application	buffer32.exe	"Added by the SDBOT-UD WORM!"
X	System Cache	SysCache.exe	"Added by an unidentified VIRUS
U	System Check	"Rundll32.exe SysDll32.dll	SystemCheck"
X	system check	updater.exe	Unidentified adware downloader
X	System Checking	wasul.exe	"Added by the RBOT.BHM WORM!"
X	System Config	BF3.EXE	"Added by the SPYBOT-DT WORM!"
X	System Config Manager	crss.exe	"Added by the AGOBOT.GH WORM!"
X	System Config Manager	smssl.exe	"Added by the AGOBOT-ZJ WORM!"
X	System Configuration	iexplore.exe	"Added by the RANDEX.AD WORM! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program FilesInternet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder"
X	System Configuration	syscfg32.exe	"Added by the MYTOB.EA WORM!"
X	system configure	svchost.exe	"Added by the LINEAGE-C TROJAN! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup!"
X	System CPL manager	[random filename]	"Added by the RBOT-SR WORM!"
X	System CSRSS Patch	scrtkfg.exe	"Added by the RBOT-ADA WORM!"
X	System Database administration	systemDA.exe	"Added by the DERDERO.B WORM!"
X	System Database Administration Support Process	sysdasp.exe	"Added by the DERDERO.C WORM!"
X	System Diagnostics	sysdiag32.exe	"Added by the SDBOT.GEN TROJAN!"
N	System DLF	cpqdiaga.exe	Compaq Diagnostic record system utility which allow you to view information about your computer's hardware and software configuration. Available via Start -> Programs
U	System DLL Resources	sysdll.exe	"Added by the SnapKey is a surveillance software program that records all keyboard activities. If you didn't install it yourself remove it"
X	System Document Application	nmod.exe	"Added by the SDBOT-ABB WORM!"
X	System Document Application	msdocument.exe	"Added by the RANDEX.COX WORM!"
X	System Document Application	wins.exe	"Added by the SDBOT.AUB WORM!"
X	System Download Manager	SysMgr.exe	"Added by the RBOT.CIG WORM!"
X	System driver	Messenger.exe	"Added by the WOOTBOT.GI WORM!"
X	System Drivers	wingmt.exe	"Added by the SDBOT-MG WORM!"
X	System Drivers	cpsq32.exe	"Added by the SDBOT.AXH WORM!"
X	System Efficiency Monitor	mscedit32.exe	"Added by the SDBOT.P TROJAN!"
X	System Efficiency Monitor	mscommand.exe	"Added by the KWBOT.P WORM!"
X	System Event Manager	secsvc.exe	"Added by the RBOT.BMY WORM!"
X	System Executable DLL Library	EXECDLL32.exe	"Added by the RANDEX.AZ WORM!"
X	System Failure Statistic	cnstat.exe	"Added by the RBOT-LF WORM!"
X	System File Drivers	nvsysvc32.exe	"Added by the AGOBOT.WJ WORM!"
X	system firewall	makeini32.exe	"Added by the AGOBOT-PS WORM!"
X	System Firewalls	commandprompt32.exe	"Added by the RBOT.BJT WORM!"
X	System Guard	mhguard.exe	"Added by the RBOT-AGU WORM!"
X	System Handler	LSASS.EXE	"Added by the NIMOS WORM! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder"
X	system handler	srvhandle.exe	"Added by the REDPLUT VIRUS!"
X	System Host Manager	syshost.exe	"Added by the BANWORM-C WORM!"
X	System Host Service	svchost.exe	"Added by the CONE.F WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a ""tasks"" subfolder of the Winnt or Windows folder"
X	System Information Manager	Navcpe.exe	"Added by the SDBOT-QB WORM!"
X	System Information Manager	Msbb.exe	"Added by a variant of the BACKDOOR.IRC.BOT TROJAN!"
X	System Initialization	msmsgri32.exe	"Added by the RANDEX.D WORM or ROXY or ROXY.B TROJANS!"
X	System Initialization	payload.dat	"Added by the RANDEX.D WORM or ROXY or ROXY.B TROJANS!"
X	System Kernal Support	system.exe	"Added by the SDBOT.BWV WORM!"
X	System Kernel	lsass.exe	"Added by the VBBOT-G TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder"
U	System LifeGuard Scheduler	Slsched.exe	"System LifeGuard scheduler"
X	System Log Event	csrss32.exe	"Added by the AGOBOT-JI WORM!"
X	System Management Service	smsc.exe	"Added by the RBOT-ANN WORM!"
X	System Manager	svchost.exe	"Added by the BANKER-AE TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder"
X	system manager	System.exe	"Added by the FORBOT-BO WORM!"
X	System Manager	winsrv32.exe	Added by an unidentified WORM or TROJAN!
X	System Manager	sysmng.exe	"Added by the TAME-C WORM!"
X	System Manager Updates	winsvc.exe	"Added by the AGOBOT.AEM WORM!"
U	System Mechanic Popup Blocker	PopupBlocker.exe	"Related to System Mechanic utility suite from iolo Technologies"
U	System Mechanic Popup Stopper	Popupstopper.exe	"Iolo ""System Mechanic"" popup stopper"
N	System Mechanic Professional Update [Incinerator.dll]	SysMech4.exe /REREG: [path] Incinerator.dll	"System Mechanic's ""Incinerator"" feature securely deletes files and folders from your PC so they can never be recovered again"
X	SYSTEM MESSAGER	wmisg.exe	"Added by the MYTOB.ES WORM!"
X	System Messaging Queue	SMCSS.EXE	"Added by a variant of the RBOT WORM!"
X	System Messenger	SYSMSG32.EXE	"Added by the SPYBOT-DK WORM!"
U	System Monitor	SYSMON.EXE	"Comes with some Aopen motherboards. Monitors CPU temp
X	System Monitor	Sysmon16.exe	"Added by the SDBOT TROJAN!"
X	System MScvb	mscvb32.exe	"Added by the SOBIG.C WORM!"
X	System Net	sys32.exe	"Added by the FORBOT-FX WORM!"
X	System Net Database	sysnd.exe	"Added by the RBOT-AAW WORM!"
X	System Networking	sysnet.exe	"Added by the RBOT.API WORM!"
X	System Power Managment	svcnost.exe	"Added by the DREF-I WORM!"
X	System Process	csrss.exe	"Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder"
X	System Process	lsass.exe	"Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder"
X	System Process	svchost.exe	"Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder"
X	System Process	CSRSR.exe	"Added by the AGOBOT-SQ WORM!"
X	System Profile	Regsrv.exe	"Added by a variant of the OPTIX TROJAN!"
X	System Reboot	rebootsys.exe	"Added by the RBOT-WU WORM!"
X	System Redirect	sysbho.exe	"Downloader trojan
X	System Restore	svcnet.exe	"Added by the TIBICK WORM!"
X	System Restore Data	[path] repcale.exe [path] beird.exe	"Added by the RANDON.AN WORM!"
X	System Service	MSREXE.EXE	"Added by the AML TROJAN!"
X	system service	spoolcrv.cpl	Added by the INSPIR.11 TROJAN!
X	System Service	systems.exe	"Added by the AGOBOT.VZ WORM!"
X	System Service	coderxt.exe	"Added by the RBOT-ALD WORM!"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.