HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40

41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77

78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99

Key: "Y" - Normally leave to run at start-up "N" - Not required - typically infrequently used tasks that can be started manually if necessary "U" - User's choice - depends whether a user deems it necessary "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs" "?" - Unknown

	Startup Name	Process Name	Details
X	System4224411	Systemdll.exe	"Added by the YUSUFALI-B WORM!"
X	system43.exe	system43.exe	"Added by a variant of the SDBOT WORM!"
X	System51616	msnmsgesser.exe	"Added by a variant of the PUSHBOT WORM! A family of worms that spread using MSN Messenger"
X	System64	inet.exe	"Added by the DENGLE-A TROJAN!"
X	SystemAdministration	Wincmp32.exe	"Added by the ASYLUM TROJAN!"
U	SystemAgent	Sage.exe	"""Microsoft Plus! System Agent automatically tunes your system performing tasks such as disk optimization and error correction. It can also run any application at prescheduled times"""
X	SystemB	MessengerStopper.exe	"MessStopper adware"
X	systemb	systemb.exe	"Added by a variant of the IRCBOT TROJAN!"
X	SystemBackup	mtx.exe	"Added by the MTX VIRUS/WORM!"
X	SystemBackup	MicroLog.exe	"Added by the MICROLOG.A TROJAN!"
?	SystemBoot	ladies.htm	"Unknown but sounds very suspicious??"
X	SystemBoot	Mshta.exe ...filename.hta	Adult content dialler
X	SystemBoot	services.exe	"Added by the SOBER-Q TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Help\Help"
X	Systemboot	msnsngr.exe	"Added by a variant of the RBOT WORM!"
X	SystemCheck	Systemcheck.exe	"Added by the LAVITS WORM!"
X	SystemCheck	services.exe	"Added by the SOBER-M WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Configsystem subfolder of the Windows or Winnt folder"
X	SystemCheck	svchost.exe	"Added by the DELF-KR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a C:DriverLoad folder"
X	SystemCheck	SysCheckBop32.exe	"WINBO adware"
X	SystemChecker	Syschk.exe	"Added by the GALIL.F WORM!"
X	SystemCONF98i	SystemCONF98i.exe	"Added by the GLITCH TROJAN!"
X	SystemDebug	Sysdeb32.exe	"Added by the SYSBUG TROJAN!"
X	SystemDefender	SystemDefender.exe	"SystemDefender spyware remover - not recommended see here"
X	SystemDevic	devic.exe	"Detected by Trend Micro as the MIMBOT.A WORM! See here"
X	SystemDll	SystemDll.exe	"Added by the LOXOSCAM TROJAN!"
X	systemdll32.exe	systemdll32.exe	"Added by the FEUTEL-F TROJAN!"
X	SystemDoctor 2006 Free	sd2006.exe	"SystemDoctor misleading security software - not recommended see here"
X	SystemDriver	csrss.exe	"Added by the ASCETIC.B TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\addins\explorer"
X	SystemDriverCheck	svchost.exe	"Added by the DELF-KR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a C:DriverLoad folder"
X	SystemDriverLoad	svchost.exe	"Added by the DELF-KR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a C:DriverLoad folder"
X	systemdrv	ms32sys.exe	"Added by an unidentified WORM or TROJAN - most likely GAOBOT variant"
X	SystemEmergency	[various filenames]	"CoolWebSearch Smartsearch parasite variant"
X	SystemErrorFixer	SysRep.exe	"SystemErrorFixer spyware remover - not recommended see here"
X	SystemExplorer	explore.exe	"Homepage hijacker - file located in the ""Services"" folder in Common Files"
X	SystemFile	SystemFile.exe	"Added by the DULLDOOR-A TROJAN!"
X	SystemFTP	VSENMB.exe	Malware (ie malicious software). Also changes the system.ini Shell line to read Shell=Explorer.exe VSENMB.exe and it hacks the Winstart.bat as well
X	SystemGent	CVT.exe	"Added by the BRONTOK-H WORM!"
?	SystemGuardAlerter	SystemGuardAlerter.exe	"Part of the Iolo System Mechanic maintenance software. What does it do?"
X	SystemHelp	RUNDLL32.EXE SystemHper.dllInstall	"Detected by Kaspersky as the WOW.COK TROJAN! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""SystemHper.dll"" file is found in %System%"
X	SystemInit	iservc.exe	"Added by the FIZZER WORM!"
X	systeminit	systeminit.exe	"Added by the SILLYFDC-AN WORM!"
X	Systemiom Updater	Systemiom.exe	"Added by the SPYBOT.TY WORM!"
U	SystemKey	rundll32.exe [path] SystemKey.dll rdl	"Stealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
X	SystemLoad32	sysload32.exe	"Added by the MIMAIL.E WORM!"
X	SystemLoader	sysldr32.exe	"Added by the DOWNLDR-NS TROJAN!"
X	SystemManager	Sysman32.exe	"Added by the DOWNLOADER-BW.B TROJAN!"
X	SystemMap32	Netisp32.vbs	"Added by the REDIST.C WORM!"
X	SystemMD	md.exe	Homepage hijacker
X	SystemMgr	Ir32_a.exe	"Added by the MAGANIA-OU TROJAN!"
X	SystemMigration	WinMedia.exe	"Added by the KELVIR.EI WORM!"
X	SystemMonitor	Sysmon32.exe	"Added by the AIDID.A WORM!"
X	SystemNetwork	NETSERV.EXE	Added by the NETCONTROL VIRUS!
X	SystemNetwork	sysnet.exe	"Added by a variant of the RBOT WORM!"
X	SystemNT	SystemNT.exe	"Added by the PWSVB-EG TROJAN!"
X	SystemOPsv	scrtvc32.exe	"Added by a variant of the SPYBOT WORM!"
X	SystemProcEvent	csrwnd.exe	"Added by the IRCBOT.I TROJAN!"
X	systemr	d11host.exe	"Added by the VB-GX TROJAN!"
X	systemr	gedit.exe	"Added by the ADCLICK-AQ TROJAN!"
?	SystemReg	PROCES.EXE	"??"
X	SystemReg	svchost.exe	"Added by the DEWIN.E TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder"
X	SystemReg	WINREG.EXE	"Added by the DEWIN.A TROJAN!"
X	Systems	scchost.exe	"Added by the DAEMOZ.A TROJAN!"
X	Systems	svch0st.exe	"Added by the MYDOOM.BI WORM!"
X	Systems	Systems.exe	"Added by the BANKBOA-A TROJAN!"
X	Systems	itDDD.exe	"Added by the DLOADER-PP TROJAN!"
X	Systems	sescmgr.exe	"Added by the DWNLDR-GAH TROJAN!"
X	Systems	spoolsvc.exe	"Added by the DLOADR-SW TROJAN!"
X	Systems	sysmon.exe	"Added by the VIXUP-BI WORM!"
X	Systems Backups	windrives.exe	"Added by the AGOBOT-RB WORM!"
X	Systems Restart	slchost.exe	"Added by the MULTIDROP.C TROJAN!"
X	Systems Restart	spchost.exe	Added by an unidentified WORM or TROJAN!
X	Systems Restart	Rundll32.exe beem.dll DllRegisterServer	"Browser hijacker - the file serves to register a dll implemented as a browser plugin. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
X	Systems Restart	Rundll32.exe snim.dll DllRegisterServer	"Added by the STARTPAGE.I TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
X	Systems Restart	Rundll32.exe zolk.dll DllRegisterServer	"Added by a variant of the STARTPAGE TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
X	Systems Restart	Rundll32.exe boln.dll DllRegisterServer	"Added by the STARTPAGE.J TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
X	Systems Service	drivex.exe	"Added by a variant of the RBOT WORM!"
X	systems usb driver	Windows2.exe	"Added by a variant of the RBOT WORM!"
U	Systems.exe	Systems.exe	"Keyboard Spectator - monitoring software that creates records of everything people do on a computer ie spying or monitoring depending upon how you call it"
U	systems.exe	systems.exe	"KGBSpy is a commercial surveillance software program. It logs keystrokes Web sites visited and clipboard activity. It also has a screen capture logger and can be run automatically in a silent undetectable mode"
U	SystemSafe	Syssafe.exe	"System Safety Monitor - system monitoring tool with additional application firewalling"
X	SYSTEMSars32	csrss.exe	"Added by the AHLEM.A WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	SystemSAS	System32.exe	"Added by the KWBOT.C WORM!"
X	systemscroot	systembin.exe	"Added by a variant of the RBOT WORM!"
X	SystemSearch	regedit.exe -s c:ie.reg	Installs a Seachxl.com browser page hijack
X	SystemSearch	regedit.exe -s c:sys.reg	Installs a i--search.com browser page hijack
X	SystemService	msocfg.exe	Premium rate adult content dialler
X	SystemService	navchk.exe	Premium rate adult content dialler
X	SystemService	qservice.exe	Premium rate adult content dialler
X	SystemService	shman.exe	Premium rate adult content dialler
U	SystemService	nsserver.exe	"NiceSpy keystroke logger/monitoring program - remove unless you installed it yourself!"
X	SystemSettingf	TRUG.vbs	"Added by the TRUG.B MACRO!"
U	SystemSuite Task Manager	MXTASK.EXE	"vcom (nee Ontrack) SystemSuite - PC maintenance and security. Use the program's configuration options to enable only the parts you want running all the time - such as Virusscanner Pro"
X	SystemSv12	newmaxxsv234.exe	"Added by the TIBS-TS TROJAN!"
X	SystemSv121	n2ewma1xxsv234.exe	"Detected by PCTools as the TIBS.JT TROJAN! See here"
X	SystemTasks	filez.exe	Adult content dialler
X	SystemTasks	sexypicz.exe	Adult content dialler
X	SystemTasks	loaded.exe	Adult content dialler
X	SystemTools	kernels32.exe	"Added by the DLOADER-FC TROJAN!"
X	SystemTools	kernels1118.exe	"Added by the SMALL.DGK TROJAN!"
X	SystemTools	kernels8.exe	"Added by the FNG TROJAN!"
X	SystemTools	kernels88.exe	"Added by the TIBS-PP TROJAN!"
X	Systemtra	Systra.exe	"Added by the LOVGATE-W WORM!"
X	SystemTra	CDPlay.EXE	"Added by the LOVGATE.Z WORM!"
X	SystemTra	Video.EXE	"Added by the LOVGATE.E WORM!"
U	SystemTray	SysTray.Exe	"SYSTRAY.EXE - System Tray Services. Provides the Volume Control PC Card Status Power Management and other icons that reside in the System Tray (see here). SYSTRAY.EXE may be disabled if none of these services are required. It will launch as and when required if you later enable the icons. If you need these items they're available via Start -> Settings -> Control Panel"
X	SystemTray	SystemTray.exe	"Added by the BIGFOOT TROJAN! Note - this is not the legitimate systray.exe process"
X	SystemTray	SysTray.exe	"Added by the ALADINZ.P TROJAN! Note - this is not the legitimate systray.exe process. If you right-click on the real systray.exe the ""Properties"" reveal it to be a Microsoft file"
X	SystemTray	lsvhostwinlk.exe	"Added by a variant of the SPYBOT WORM!"
X	SystemTray	mssgl2.exe	"Added by a variant of the IRCBOT TROJAN!"
X	SystemTray	wekls4.exe	"Added by a variant of the IRCBOT TROJAN!"
X	SystemTray	Windowsupd.exe	"Added by a variant of the IRCBOT TROJAN!"
X	SystemTray Monitor	SysTraymon.exe	"Added by a variant of the SPYBOT WORM! See here"
U	SystemTraySD	SDSystemTray.exe	"Spyware Detector - spyware remover. Initially not recommended due to false positives but the later versions have since improved - see here"
U	SystemTraySR	SRSystemTray.exe	"Spyware Detector - spyware remover. Initially not recommended due to false positives but the later versions have since improved - see here"
N	SystemUpd	SystemUpd.exe	Updater for Swapoo.com a kind of Napster for games
X	SystemUpdate	Negdo.exe	"Added by the CULLER-C WORM!"
X	SystemUpdate	Xeyu.exe	"Added by the CULLER-D WORM!"
X	systemw32	systemw32.exe	"Added by a variant of the RBOT WORM!"
U	SystemWeb	rundll32.exe [path] SystemWeb.dll rdl	"StealthWeblog surveillance software. Uninstall this software unless you put it there yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
X	SystemWideHook for Windows NT	%WinHook32.exe	"Added by the MYDOOM.AC WORM!"
U	SystemWizard Sniffer	Sniffer.exe	"SystemWizard for Win98/ME from SystemSoft - diagnoses and solves hardware and software problems on a PC"
X	SystemX	nzm.exe	"Added by a variant of the RBOT WORM!"
X	systemx32	systemx32.exe	"Added by a variant of the RBOT WORM!"
X	systemyom Updater	systemyom.exe	"Added by a variant of the IRCBOT TROJAN!"
X	SYSTEMZ Patch	SYSZ.exe	"Added by the ALADINZ.P TROJAN!"
U	System_Messages	pprsen.exe	"TerminatorX - ""offers an easy and effective method of stopping users running predetermined file sharing programs like KaZaA messenger programs chat rooms and the like"""
X	systen32.exe	systen32.exe	"Added by the DLOADR-AQP TROJAN!"
X	Systes	jrdtifkkxbbsa.exe	"Added by the RBOT-ADC WORM!"
X	Systesms.exe	systesms.exe	"Added by the RBOT-HI WORM!"
U	Systest	Systest.exe	"Clean Space internet evidence eliminator"
X	SysteZ	d1.exe	"Added by the MSNDIABLO.A WORM!"
X	systhread	winkernal.exe	"Added by the LIAMED WORM!"
X	SysTime	systime.exe	"CoolWebSearch parasite variant - also detected as the STARTPA-FL TROJAN!"
X	Systmesy	Systmesy.exe	"Added by the RBOT-KQ WORM!"
X	Systoan32	systoan.exe	Added by an unidentified VIRUS WORM or TROJAN!
X	systr	SYSERVER.exe	"Added by the VB-DQY WORM!"
X	systr2	SERVICE.exe	"Added by the VB-DQY WORM!"
?	systr32	systr32.exe	"??"
X	systrans	[path to trojan]	"Added by the STARTPA-GZ TROJAN!"
?	systrax	systrax.exe	"??"
X	Systray	Systray_.Exe	"Added by the KERGEZ.A WORM!"
X	Systray	[filename.exe]	"Winfavorites adware"
X	SYSTRAY	UNMT.EXE	"Added by the DLOADER-LQ TROJAN!"
U	SysTray	SysTray.Exe	"SYSTRAY.EXE - System Tray Services. Provides the Volume Control PC Card Status Power Management and other icons that reside in the System Tray (see here). SYSTRAY.EXE may be disabled if none of these services are required. It will launch as and when required if you later enable the icons. If you need these items they're available via Start -> Settings -> Control Panel"
X	SysTray	Snnpapi.exe	Added by an unidentified TROJAN!
X	Systray	w32explorer.exe	"Added by the RBOT-AJY WORM!"
X	Systray	SteFanie.vbs	"Added by the STEFAN WORM! Note - make sure you check the hyperlink as this one copies it's self to numerous dirves and folders"
X	Systray	KAT.vbs	"Added by the SOAD-D WORM!"
X	SysTray	svhost.exe	"Added by the RAJILO-A WORM!"
X	SysTray	system.exe	"Added by the DELF.E TROJAN!"
X	Systray driver	systray.exe	"Added by the MUTEBOT TROJAN! Note - this is not the legitimate systray.exe process"
X	SystrayServices	Msxpw.exe	"Added by the CITOR WORM!"
U	SYSTRAYX	SysTrayX.EXE	"""SystrayX helps you hide some of the less used icons from the system tray (the hidden icons can still be seen and used in the special SysTrayX menu but will no longer permanently take precious space from your system tray)"""
X	systree	systree	"Added by the BANCOS.L TROJAN!"
X	Systry	[path to worm]	"Added by the AUTEX WORM!"
X	Systryt	[path to worm]	"Added by the AUTEX WORM!"
X	SystUphes	algesetp.exe	"Added by the QQPASS-AM TROJAN!"
U	Systweak Ad and Popup Blocker	adblock.exe	"Ad and popup blocker part of Advanced System Optimizer from Systweak"
U	Systweak Memory Optimizer	memtuneup.exe	"Part of SysTweak Advanced System Optimizer"
X	sysu	sysu.exe	"Dynamic Desktop Media adware - see here"
X	sysug32.exe	sysug32.exe	Added by an unidentified TROJAN or WORM!
X	SysUpd	Sysupd.exe	"VirtuMonde adware"
X	sysupdate	cmman32.exe	"Added by a variant of the SDBOT WORM!"
X	Sysvupex	Sysvupex.exe	"Added by the MEDIAS TROJAN!"
X	sysvx	sysvx_.exe	"Added by the LOOSKY-BX TROJAN!"
U	SysW8	csta.exe	"Clean Space internet evidence eliminator"
U	SYSWB6	SYSWB6.exe	"Part of We-Blocker - gives parents the opportunity to monitor their children's Internet access and provide them with age-appropriate content while filtering out sites that contain adult content. Works in conjunction with Winkb6 and both files are needed to run We-Blocker"
X	SysWin	SysWin.exe	"Added by the IRCCONTACT TROJAN!"
X	syswin	v6.exe	"Added by the AGENT-ECM TROJAN!"
X	syswin.txt	[3 random letters].exe	"Added by a variant of the SPYBOT WORM! See here"
X	syswin32	syswin32.exe	"Added by a variant of the SPYBOT WORM!"
X	Syswindow	Syswindow.exe	"Added by the COW TROJAN!"
X	SysWy	rundll32.exe	"Added by the LINEAGE-JH TROJAN! Note - this file is found in the C:WindowsSystem folder and is not to be confused with the legitimate rundll32.exe file always located in the Windows folder on Win98/ME systems and in the WinntSystem32 or WindowsSystem32 folder in WinXP/NT/2K!"
X	sysX3	sys22.exe	"Added by the RANTS.C WORM!"
X	sysygm32	syscxd32.exe	"Added by the IRCBOT-PC TROJAN!"
X	sysygm64	winrxd64.exe	"Added by the IRCBOT-RK TROJAN!"
X	SYS_CLEAN	Service.exe	"Added by the FLOPCOPY WORM!"
X	Sys_Run	ghost.exe	"Added by the LINEAGE-N TROJAN!"
X	sys_Runtt1	explorer.exe	"Added by the LINEAGE-M TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles%"
X	sys_up1	svchostsys.exe	"Added by the MULTIDR-FL TROJAN!"
X	SyZ	f1.exe	"Added by the MSNDIABLO.A WORM!"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.

Powered By Pac's Startup list