HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40

41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77

78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99

Key: "Y" - Normally leave to run at start-up "N" - Not required - typically infrequently used tasks that can be started manually if necessary "U" - User's choice - depends whether a user deems it necessary "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs" "?" - Unknown

	Startup Name	Process Name	Details
X	SysBoot	syskernel.exe	"Added by the AUTORUN-EY WORM!"
U	Sysbot	sysbot.exe	"Spector - spying (or monitoring) software to record internet activity"
X	syscfg	syscfg32.exe	"Added by the KWBOT.S WORM!"
X	syscfg34.exe	syscfg34.exe	"Added by the ELECTRON WORM!"
X	Syscheck	win.hta	Browser hijacker
X	syscheck	iexplorer.exe	Added by the AGENT.DM TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe)
U	SysCheck32	sb32mon.exe	"Part of the SpyBuddy keystroke logger/monitoring program - see here. Remove unless you installed it yourself!"
X	SysCleaner	SysCleaner.exe	"SysCleaner rogue cleaning utility - not recommended
X	sysclx	ntldrt.exe	"Added by the JLOK-A WORM!"
X	syscm	Syscm.exe	"Vanish adware"
X	SysCom	msnmsgr.exe	"Added by the BANK-AF TROJAN! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%MSN Messenger or %ProgramFiles%Windows LiveMessenger. This one is located in %Windir%\system"
?	SysComp	mssdnl.com	"Unknown but suspect as *.com are not usually run at start up and the name isn't recognized"
X	syscon	syscon.exe	"Added by the APRILCONE.A WORM!"
X	syscon lptt01	syscon.exe	"RapidBlaster variant (in a ""Syscon"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
X	syscon ml097e	syscon.exe	"RapidBlaster variant (in a ""Syscon"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
X	sysconfig	iexplorer.exe	"Added by the CULT.C WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
X	SysConfig	syscfg35.exe	"Added by the KAZMOR.C WORM!"
X	SysConfig	wincfg32.exe	"Added by the SDBOT.ZD WORM!"
U	Sysconfig	Stealth KeySpy.exe	"StealthKeySpy - keystroke logger/monitoring program - remove unless you installed it yourself!"
X	sysconfig32	sysconfig32.exe	"Added by the AGENT-MSP TROJAN!"
X	Syscpy	Syscpy.exe	"Firewall-bypassing
X	SysCtl	sysctl.exe	"Added by the AOK TROJAN!"
X	Sysctrls	procdll.exe	"Added by the WEEDBOTZ.14 TROJAN!"
X	Sysctrls	winupdate.exe	Added by an unidentified WORM or TROJAN!
X	Sysctrls	mscntrl.exe	"Added by the KOLABC.BB WORM!"
X	Sysctrls	Sysctrls.exe	"Added by the AGENT.AWZ TROJAN!"
X	Sysctrls	win32dll.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Sysctrls32	sevchost.exe	"Added by the RBOT.ADF BACKDOOR!"
X	SysCVMS.exe	SysCVMS.exe	"Added by the SMALL.CBA TROJAN!"
X	sysdat.dll	sysdat.dll.exe	Added by the NISHICA 1.1 TROJAN!
X	SysData	[path to file]	"Added by the RANCK-BA TROJAN!"
X	SysDefence.exe	SysDefence.exe	"SysDefence rogue security software - not recommended
X	SysDefenders	SysDefenders.exe	"SysDefenders rogue security software - not recommended
X	SysDepannage	SysRep.exe	"SysDepannage
X	SysDeskqqfx	qqfx.exe	"Added by the QQPASS.H TROJAN!"
X	SysDeskqqfx	Runddll32.exe	"Added by the CHANGGAME TROJAN!"
X	SysDesktop	fswanQQ.exe	"Added by the QQSEND-A TROJAN!"
X	sysdiag64.exe	sysdiag64.exe	"Added by a the AUTOINF-AB WORM!"
X	sysdir	winrun.exe	"Added by the WINBUR.B WORM!"
X	sysdll	windll.exe	"Added by the AUTORUN.ECT WORM!"
X	sysdll	[trojan filename]	"Added by the HUGESOT TROJAN!"
X	Sysdpt	sysdpt.exe	"CRYPT trojan downloader"
X	sysdxvid	sysdxvid.exe	"Added by the DLUCA-S TROJAN!"
X	sysemls	sysem.exe	"Added by a variant of the SDBOT WORM!"
X	SysEQ	svclgx32.exe	"Added by the IRCBOT-AC TROJAN!"
X	sysfbtray	bill102.exe	"Added by the VB-ENI TROJAN!"
X	sysfbtray	bill106.exe	"Added by the MDROP-CLV TROJAN!"
X	sysfiler	sysfiler.exe	"Added by the RETSAM TROJAN!"
X	SYSfit	SYSfit.exe	"AdShooter adware variant"
X	sysflg32	sysflg32.exe	"Added by a variant of the CRYPTER.C TROJAN!"
X	sysformat	sysformat.exe	"Added by the BAGLE-BK WORM!"
X	sysfrcx	sysfrcx.exe	"Added by the KEYLOG-SCLOG TROJAN!"
X	sysftray2	bolivar19.exe	"Added by the KOOBFACE.I WORM!"
X	Sysgate Personal Firewall	syst3ms.exe	"Added by a variant of the IRCBOT TROJAN!"
X	sysguard	sysguard.exe	"Added by the FAKEAV-KI TROJAN!"
X	sysguardn	s	"Spyware Protect 2009 rogue spyware remover - not recommended
X	syshelp	syshelp.exe	"Added by the LOVGATE.C WORM!"
X	syshost	syshost.exe	"Added by the VB-DVZ TROJAN!"
X	sysin	[path to file]	"Added by the DSRC-A TROJAN!"
X	sysinfo	sysinfo.exe	"Added by the BEDRILL TROJAN!"
X	sysinfo.exe	sysinfo.exe	"Added by the BEAGLE.V WORM!"
X	SysInit	svchost.exe	"Added by the STARTPA-BD TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Common Files"
X	SysInit	wininit32.exe	"Added by the XABOT WORM!"
X	sysinit	services.exe	"Added by the NEWLFRM-A TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %System%\golumm"
X	Sysino	lsess.exe	"Added by the FORBOT-BF WORM!"
X	sysint16	sysint16.exe	"Added by the CRYPTER.A TROJAN!"
X	sysinter	ADIRSS.EXE	"Added by the AGENT.JVJ TROJAN!"
X	Syskey	sysinit.exe	"Added by the BEAGLE.AX WORM!"
X	sysldtray	ld02.exe	"Added by the KOOBFACE.BG WORM!"
X	sysldtray	ld03.exe	"Added by the KOOBFACE.CA WORM!"
X	sysldtray	ld11.exe	"Added by the KOOBFACE.JG WORM!"
X	sysLDtray	ld08.exe	"Added by the AGENT-JSV TROJAN!"
X	sysldtray	ld09.exe	"Added by the AGENT-KFI TROJAN!"
X	sysldtray	ld10.exe	"Added by the FAKEAV-UD TROJAN!"
X	sysldtray	ld12.exe	"Added by the KOOBFACE.V WORM!"
X	sysldtray	ld01.exe	"Added by the KOOBFACE.I WORM!"
X	sysldtray	ld15.exe	"Added by the AGENT-LNH TROJAN!"
X	sysldtray	ld04.exe	"Added by the KOOBFACE WORM!"
X	sysldtray	ld06.exe	"Added by the KOOBFACE WORM!"
X	sysldtray	ld07.exe	"Added by the KOOBFACE WORM!"
X	sysldtray	ld14.exe	"Added by the VIRUT.CE VIRUS!"
X	sysldtray	ld16.exe	"Added by the AGENT-MMO TROJAN!"
X	Syslib	Syslib.exe	Adult content related downloader trojan
X	SysLive	SysLive.exe	"Added by the EXPICHU WORM!"
X	Syslog lptt01	Syslog.exe	"RapidBlaster variant (in a ""Syslog"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
X	Syslog ml097e	Syslog.exe	"RapidBlaster variant (in a ""Syslog"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
X	syslogin.exe	syslogin.exe	"Added by the BAGZ-B WORM!"
X	syslogon	syslogon.exe	"Added by the SPYBOT-EP WORM!"
X	SysMain	buff.exe	"Added by the AGENT-ECW TROJAN!"
U	Sysman	Sysman.exe	"KeyTrap is a surveillance software program that records all keyboard activities. Uninstall this software unless you put it there yourself"
X	SysManager	Manager.EXE	"Added by the DAGGER.140 TROJAN!"
X	sysme	sysme.exe	"Added by the PSW_STEALER_C TROJAN!"
X	sysmem	mmsete.exe	"Added by the NOPIR.C WORM!"
X	sysmem	outlookrem.exe	"Added by the NOPIR-C WORM!"
X	SysMemory manager	mdms.exe	"Added by the CIMUZ-D TROJAN!"
U	SysMetrix	SysMetrix.exe	"SysMetrix - skinnable clock and metering application. It monitors and reports on a great number of statistics"
X	sysMett1	explorer.exe	"Added by the LEGMIR-Y TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles%"
X	sysmini	sysmini.exe	"Added by the ADLOAD.DD TROJAN!"
X	sysmngr32	sys64mnger.exe	"Added by a variant of the RBOT WORM!"
X	sysmntrc	sysmntrc.exe	"Added by the BANCOS-FX TROJAN!"
X	sysmod	sysmod.exe	"Added by the SPYBOT-DU WORM!"
X	sysmon	sysmon.exe	"Added by the BIZEX WORM!"
X	Sysmon	rpcmon.exe	"Added by the RANDEX.ATX WORM!"
X	sysmon	sysmon44.exe	"Added by a variant of the BACKDOOR-CBA TROJAN!"
X	SysMon	wowexece.exe	"Added by the MULAN-A TROJAN!"
X	Sysmon	SystemMonitor.exe	"Added by the NUJAMA-A WORM!"
X	Sysmon	msnmssgs.exe	"Added by the SDBOT.FK WORM!"
X	sysmon12	[various filenames]	"Wareout - malware masquerading as a spyware and dialer remover"
X	SysmonLog	mslog.exe	"Added by the AGENT.AOV TROJAN!"
X	sysmonnt	sysmonnt.exe	"SearchPounder sends keywords typed into HTML forms and popular Internet search engines to a remote server"
X	SysMonXP	SysMonXP.exe	"Added by the NETSKY.Q WORM!"
X	Sysmppcvppp	SysTdSvr.dll	"Generic2.PQG adware"
X	sysmss	sysems.exe	"Added by a variant of the SLAPER TROJAN!"
X	sysnate	sysnate.exe	"Added by the MEDIAS TROJAN!"
X	Sysnet	snuninst.exe	Unidentified adware
X	sysnet	sysnet.exe	"CasClient adware - also detected as the CMAPP TROJAN!"
X	sysobj.exe	sysobj.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	SysOps	SysOps	"Added by the MSNCORRUPT TROJAN!"
X	syspare	syspare.exe	"Added by the BIFROSE-AN TROJAN!"
X	syspath	drv.exe	"Added by the SOBER WORM!"
X	sysPersonalFirewall	msnmssgr.exe	"Added by a variant of the RBOT WORM!"
X	sysPersonalFirewall	system.exe	"Added by the WOOTBOT.FH WORM!"
X	sysPersonalFirewall	tskm0nitor.exe	"Added by the SDBOT.APC WORM!"
U	SysPilot	fdxxl.exe	"G Data ""PC Spion"". PC monitoring and surveilling software
X	sysPnP	bootconf.exe	"Homepage hijacker
X	SysPnP	"rundll32 setupapi	InstallHinfSection [varies] oemsyspnp.inf"
Y	SysPool	Mssvc.exe	"StealthDisk - hides folders
X	SysPool	MSSVC32.EXE	"Added by the BANCBAN-IO TROJAN!"
X	SySPower	[path to trojan]	"Added by the BANCBAN-OC TROJAN!"
X	SysProtect	System.exe	"Added by the NETSPY TROJAN!"
X	SysProtect	syp.exe	"SysProtect rogue security software
X	SysProtect	USYP.exe	"SysProtect rogue security software
X	SysProtect Free	USYP.exe	"SysProtect rogue security software
X	SysProtector	SysProtector.exe	"SysProtector rogue security software - not recommended
X	syspw32.exe	syspw32.exe	"Added by the APPFLET.A WORM!"
X	Sysqq	LSESS.exe	"Added by the FORBOT-BF WORM!"
X	Sysqq	weiba.exe	"Added by the DELF-CFX TROJAN!"
X	SysR	sysmd.exe	"Ulubione adult content dialer"
X	SysReg	SysReg.exe	"Added by the CHEKIN TROJAN!"
X	SysReg	SysReg.exe	"SearchSeekFind textual marketing foistware"
X	Sysres	Sysres.exe	"Added by the LOGMOD.A TROJAN!"
X	SysRes	TASKMANAGER.exe	"Added by the ELIPTER.A or ELIPTER.B WORMS!"
X	SysRes	WWE DIVAS.exe	"Added by the ELIPTER.D WORM!"
X	SysRes	IExpIore .exe	"Added by the ELITPER.E WORM!"
X	sysrest32.exe	sysrest32.exe	"Added by the AGENT-GIN TROJAN!"
X	sysrestore32.exe	sysrestore32.exe	"Unknown malware detected by McAfee - see here"
X	Syss	ehuupdate.exe	"EHU adware"
X	SysScan	bvt.exe	"Added by the AUTOUPDER TROJAN!"
X	SysSearch	Regedit.exe -s pcsearch.reg	"Added by the STARTPAGE-FN TROJAN! Note that regedit.exe is a legitimate Microsoft file and shouldn't be deleted. The ""pcsearch.reg"" file is located in %Windir%"
X	SysSearch	Regedit.exe -s sysreg.reg	"Added by the STARTPA-ME TROJAN! Note that regedit.exe is a legitimate Microsoft file and shouldn't be deleted. The ""sysreg.reg"" file is located in %Windir%"
U	SysSense	SysSense.exe	"""SysSense is your personal desktop Google AdSense monitor. It keeps your current Google AdSense information in the Windows system tray"". Google AdSense account required"
X	sysser	[path to file]	"Added by the RAHACK WORM!"
X	SysService	SysService.exe	"Added by the BDFORM-A BACKDOOR!"
U	SysService	SERVICES.EXE	"NSKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself!"
X	SysService32	SysService32.exe	"Added by the KINDAL VIRUS!"
X	SysService32	ln32k.dll	"Added by the KINDAL VIRUS!"
X	SysService32l	systask32l.exe	"Added by the THEUG WORM!"
X	SysServices	SERVICES.EXE	"Added by the DELF-EY TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	SYSsfitb	SYSsfitb.exe	"AdShooter adware"
X	SySSL	sysl.exe	"Added by the RBOT-CKH WORM!"
X	SySSL	syssl.exe	"Added by the RBOT-DAA WORM!"
X	SysStart	[random filename]	"ZenoSearch adware"
X	SysStart	syswin.exe 1	"Added by the AUTORUN-EY WORM!"
X	SysStrt	systemc.exe	"Added by the AGOBOT-QA TROJAN!"
X	syst	syst.exe	"Added by the DUMB.A ""Joke"" virus"
X	Systam13	f1r5st83.exe	"Added by the IRCBOT-YM WORM!"
X	Systam13	exp.exe	"Added by the RBOT.ESD BACKDOOR!"
X	Systam13	first.exe	"Added by the RBOT.GND BACKDOOR!"
X	Systam13	resx.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Systam13	speedwin.exe	"Added by the RBOT.GVH BACKDOOR!"
X	System	run322.exe	"Added by the LANFILT TROJAN!"
X	System	system.exe	Added by various WORMS and TROJANS!
X	system	regedit -s system.dll	Homepage hijacker
X	system	systemsearch.hta	Jetseeker.com hijacker
X	System	dcomx.exe	"Added by the CIREBOT TROJAN!"
X	system	Explorer.exe	"Added by the GRAYBIRD BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
X	System	YPager.exe	"Added by the JUNTADOR.K TROJAN! Note - this is not the older version of Yahoo! Messenger which shares the same filename and is located on %ProgramFiles%\Yahoo!\Messenger"
X	system	outlook.exe	"Added by the MIMAIL.Q WORM! Note that the valid Microsoft Outlook executeable is located in %ProgramFiles%\Microsoft Office\Office whereas this one is located in %Windir%"
X	System	Atira.exe	"Added by the KOTIRA VIRUS!"
X	SYSTEM	lsas.exe	"Added by the SPYBOT.CJ WORM!"
X	System	kernels32.exe	"Added by the DLOADER-FC TROJAN!"
U	System	sysctrl.exe	"Added by WinGuardian. Note - this commercial keylogger is no longer made or sold by Webroot but older copies may still be in existance
X	System	csrss.exe	"Added by the LDPINCH.E TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	System	SVCHOST.EXE	"Added by the LDPINCH-AU TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	system	lsasse.exe	"Added by the RBOT-YL WORM!"
X	System	systray.exe	"Added by the PISABOY-A TROJAN! Note - this is not the legitimate systray.exe process"
X	System	abcdefg.exe	"Added by the HARWIG-B WORM!"
X	System	cber.exe	Added by an unidentified TROJAN!
X	System	serwin.exe	"Added by the LDPINCH-BN TROJAN!"
X	System	svchîst.exe	"Added by the LDPINCH-BF TROJAN!"
X	System	system.exe (74295303)	"Added by the VB-IU WORM!"
X	System	WINL0G0N.EXE	"Added by the BANCOS-DB TROJAN!"
X	System	wumgrd32.exe	"Added by a variant of the RBOT WORM!"
X	System	SPOOLSU.EXE	"Added by the BANKER-FC TROJAN!"
X	System	system23.exe	"Added by the LEBREAT-D WORM!"
X	System	windowsps.exe	"Added by a variant of the RBOT WORM!"
X	SYSTEM	d.exe	"Added by the MYTOB.LP WORM!"
X	System	inetinfo.exe	"Added by the PARDROP-A TROJAN!"
X	system	services.exe	"Added by the DELF-LQ TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\HELP"
X	SYSTEM	VSSMON.exe	"Added by the RBOT-AWW TROJAN!"
X	SYSTEM	wiinlogon.exe	"Added by the RBOT-AVG WORM!"
X	System	kernels64.exe	"Added by the VIXUP-S TROJAN!"
X	system	lsass.exe	"Added by the SATILOLER.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Common Files\System"
X	System	smss.exe	"Added by the AGENT.EP BACKDOOR! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	System	winupd.exe	"Added by a variant of the SDBOT WORM!"
X	system	messenger.exe	Added by an unidentified WORM or TROJAN!
X	System	kernels1118.exe	"Added by a variant of the SDBOT WORM!"
X	System	wsscntfy.exe	"Added by a variant of the SDBOT WORM!"
X	SYSTEM	windmupdr.exe	"Added by a variant of the RBOT WORM!"
X	system	svcr.exe	"Added by the SPYONE TROJAN!"
X	System	kernels88.exe	"Added by the TIBS-PP TROJAN!"
X	System	kernels8.exe	"Added by the TIBS.AI TROJAN!"
X	System	OeApi.vbs	"Added by the AGUI WORM!"
X	System	Updaterun.exe	"Added by the QQHELP-DX TROJAN!"
X	System	Zap.exe	"Added by the MSNVB-D WORM!"
X	System	BrO_AcT.exe	"Added by the SILLYFDC-AL WORM!"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.

Powered By Pac's Startup list