Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Key:

  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown
Startup Name Process Name Details
X SysBoot syskernel.exe"Added by the AUTORUN-EY WORM!"
U Sysbot sysbot.exe"Spector - spying (or monitoring) software to record internet activity"
X syscfg syscfg32.exe"Added by the KWBOT.S WORM!"
X syscfg34.exe syscfg34.exe"Added by the ELECTRON WORM!"
X Syscheck win.htaBrowser hijacker
X syscheck iexplorer.exeAdded by the AGENT.DM TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe)
U SysCheck32 sb32mon.exe"Part of the SpyBuddy keystroke logger/monitoring program - see here. Remove unless you installed it yourself!"
X SysCleaner SysCleaner.exe"SysCleaner rogue cleaning utility - not recommended
X sysclx ntldrt.exe"Added by the JLOK-A WORM!"
X syscm Syscm.exe"Vanish adware"
X SysCom msnmsgr.exe"Added by the BANK-AF TROJAN! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%MSN Messenger or %ProgramFiles%Windows LiveMessenger. This one is located in %Windir%\system"
? SysComp mssdnl.com"Unknown but suspect as *.com are not usually run at start up and the name isn't recognized"
X syscon syscon.exe"Added by the APRILCONE.A WORM!"
X syscon lptt01 syscon.exe"RapidBlaster variant (in a ""Syscon"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
X syscon ml097e syscon.exe"RapidBlaster variant (in a ""Syscon"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
X sysconfig iexplorer.exe"Added by the CULT.C WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
X SysConfig syscfg35.exe"Added by the KAZMOR.C WORM!"
X SysConfig wincfg32.exe"Added by the SDBOT.ZD WORM!"
U Sysconfig Stealth KeySpy.exe"StealthKeySpy - keystroke logger/monitoring program - remove unless you installed it yourself!"
X sysconfig32 sysconfig32.exe"Added by the AGENT-MSP TROJAN!"
X Syscpy Syscpy.exe"Firewall-bypassing
X SysCtl sysctl.exe"Added by the AOK TROJAN!"
X Sysctrls procdll.exe"Added by the WEEDBOTZ.14 TROJAN!"
X Sysctrls winupdate.exeAdded by an unidentified WORM or TROJAN!
X Sysctrls mscntrl.exe"Added by the KOLABC.BB WORM!"
X Sysctrls Sysctrls.exe"Added by the AGENT.AWZ TROJAN!"
X Sysctrls win32dll.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
X Sysctrls32 sevchost.exe"Added by the RBOT.ADF BACKDOOR!"
X SysCVMS.exe SysCVMS.exe"Added by the SMALL.CBA TROJAN!"
X sysdat.dll sysdat.dll.exeAdded by the NISHICA 1.1 TROJAN!
X SysData [path to file]"Added by the RANCK-BA TROJAN!"
X SysDefence.exe SysDefence.exe"SysDefence rogue security software - not recommended
X SysDefenders SysDefenders.exe"SysDefenders rogue security software - not recommended
X SysDepannage SysRep.exe"SysDepannage
X SysDeskqqfx qqfx.exe"Added by the QQPASS.H TROJAN!"
X SysDeskqqfx Runddll32.exe"Added by the CHANGGAME TROJAN!"
X SysDesktop fswanQQ.exe"Added by the QQSEND-A TROJAN!"
X sysdiag64.exe sysdiag64.exe"Added by a the AUTOINF-AB WORM!"
X sysdir winrun.exe"Added by the WINBUR.B WORM!"
X sysdll windll.exe"Added by the AUTORUN.ECT WORM!"
X sysdll [trojan filename]"Added by the HUGESOT TROJAN!"
X Sysdpt sysdpt.exe"CRYPT trojan downloader"
X sysdxvid sysdxvid.exe"Added by the DLUCA-S TROJAN!"
X sysemls sysem.exe"Added by a variant of the SDBOT WORM!"
X SysEQ svclgx32.exe"Added by the IRCBOT-AC TROJAN!"
X sysfbtray bill102.exe"Added by the VB-ENI TROJAN!"
X sysfbtray bill106.exe"Added by the MDROP-CLV TROJAN!"
X sysfiler sysfiler.exe"Added by the RETSAM TROJAN!"
X SYSfit SYSfit.exe"AdShooter adware variant"
X sysflg32 sysflg32.exe"Added by a variant of the CRYPTER.C TROJAN!"
X sysformat sysformat.exe"Added by the BAGLE-BK WORM!"
X sysfrcx sysfrcx.exe"Added by the KEYLOG-SCLOG TROJAN!"
X sysftray2 bolivar19.exe"Added by the KOOBFACE.I WORM!"
X Sysgate Personal Firewall syst3ms.exe"Added by a variant of the IRCBOT TROJAN!"
X sysguard sysguard.exe"Added by the FAKEAV-KI TROJAN!"
X sysguardn s"Spyware Protect 2009 rogue spyware remover - not recommended
X syshelp syshelp.exe"Added by the LOVGATE.C WORM!"
X syshost syshost.exe"Added by the VB-DVZ TROJAN!"
X sysin [path to file]"Added by the DSRC-A TROJAN!"
X sysinfo sysinfo.exe"Added by the BEDRILL TROJAN!"
X sysinfo.exe sysinfo.exe"Added by the BEAGLE.V WORM!"
X SysInit svchost.exe"Added by the STARTPA-BD TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Common Files"
X SysInit wininit32.exe"Added by the XABOT WORM!"
X sysinit services.exe"Added by the NEWLFRM-A TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %System%\golumm"
X Sysino lsess.exe"Added by the FORBOT-BF WORM!"
X sysint16 sysint16.exe"Added by the CRYPTER.A TROJAN!"
X sysinter ADIRSS.EXE"Added by the AGENT.JVJ TROJAN!"
X Syskey sysinit.exe"Added by the BEAGLE.AX WORM!"
X sysldtray ld02.exe"Added by the KOOBFACE.BG WORM!"
X sysldtray ld03.exe"Added by the KOOBFACE.CA WORM!"
X sysldtray ld11.exe"Added by the KOOBFACE.JG WORM!"
X sysLDtray ld08.exe"Added by the AGENT-JSV TROJAN!"
X sysldtray ld09.exe"Added by the AGENT-KFI TROJAN!"
X sysldtray ld10.exe"Added by the FAKEAV-UD TROJAN!"
X sysldtray ld12.exe"Added by the KOOBFACE.V WORM!"
X sysldtray ld01.exe"Added by the KOOBFACE.I WORM!"
X sysldtray ld15.exe"Added by the AGENT-LNH TROJAN!"
X sysldtray ld04.exe"Added by the KOOBFACE WORM!"
X sysldtray ld06.exe"Added by the KOOBFACE WORM!"
X sysldtray ld07.exe"Added by the KOOBFACE WORM!"
X sysldtray ld14.exe"Added by the VIRUT.CE VIRUS!"
X sysldtray ld16.exe"Added by the AGENT-MMO TROJAN!"
X Syslib Syslib.exeAdult content related downloader trojan
X SysLive SysLive.exe"Added by the EXPICHU WORM!"
X Syslog lptt01 Syslog.exe"RapidBlaster variant (in a ""Syslog"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
X Syslog ml097e Syslog.exe"RapidBlaster variant (in a ""Syslog"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
X syslogin.exe syslogin.exe"Added by the BAGZ-B WORM!"
X syslogon syslogon.exe"Added by the SPYBOT-EP WORM!"
X SysMain buff.exe"Added by the AGENT-ECW TROJAN!"
U Sysman Sysman.exe"KeyTrap is a surveillance software program that records all keyboard activities. Uninstall this software unless you put it there yourself"
X SysManager Manager.EXE"Added by the DAGGER.140 TROJAN!"
X sysme sysme.exe"Added by the PSW_STEALER_C TROJAN!"
X sysmem mmsete.exe"Added by the NOPIR.C WORM!"
X sysmem outlookrem.exe"Added by the NOPIR-C WORM!"
X SysMemory manager mdms.exe"Added by the CIMUZ-D TROJAN!"
U SysMetrix SysMetrix.exe"SysMetrix - skinnable clock and metering application. It monitors and reports on a great number of statistics"
X sysMett1 explorer.exe"Added by the LEGMIR-Y TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles%"
X sysmini sysmini.exe"Added by the ADLOAD.DD TROJAN!"
X sysmngr32 sys64mnger.exe"Added by a variant of the RBOT WORM!"
X sysmntrc sysmntrc.exe"Added by the BANCOS-FX TROJAN!"
X sysmod sysmod.exe"Added by the SPYBOT-DU WORM!"
X sysmon sysmon.exe"Added by the BIZEX WORM!"
X Sysmon rpcmon.exe"Added by the RANDEX.ATX WORM!"
X sysmon sysmon44.exe"Added by a variant of the BACKDOOR-CBA TROJAN!"
X SysMon wowexece.exe"Added by the MULAN-A TROJAN!"
X Sysmon SystemMonitor.exe"Added by the NUJAMA-A WORM!"
X Sysmon msnmssgs.exe"Added by the SDBOT.FK WORM!"
X sysmon12 [various filenames]"Wareout - malware masquerading as a spyware and dialer remover"
X SysmonLog mslog.exe"Added by the AGENT.AOV TROJAN!"
X sysmonnt sysmonnt.exe"SearchPounder sends keywords typed into HTML forms and popular Internet search engines to a remote server"
X SysMonXP SysMonXP.exe"Added by the NETSKY.Q WORM!"
X Sysmppcvppp SysTdSvr.dll"Generic2.PQG adware"
X sysmss sysems.exe"Added by a variant of the SLAPER TROJAN!"
X sysnate sysnate.exe"Added by the MEDIAS TROJAN!"
X Sysnet snuninst.exeUnidentified adware
X sysnet sysnet.exe"CasClient adware - also detected as the CMAPP TROJAN!"
X sysobj.exe sysobj.exe"Wareout - malware masquerading as a spyware and dialer remover"
X SysOps SysOps"Added by the MSNCORRUPT TROJAN!"
X syspare syspare.exe"Added by the BIFROSE-AN TROJAN!"
X syspath drv.exe"Added by the SOBER WORM!"
X sysPersonalFirewall msnmssgr.exe"Added by a variant of the RBOT WORM!"
X sysPersonalFirewall system.exe"Added by the WOOTBOT.FH WORM!"
X sysPersonalFirewall tskm0nitor.exe"Added by the SDBOT.APC WORM!"
U SysPilot fdxxl.exe"G Data ""PC Spion"". PC monitoring and surveilling software
X sysPnP bootconf.exe"Homepage hijacker
X SysPnP "rundll32 setupapi InstallHinfSection [varies] oemsyspnp.inf"
Y SysPool Mssvc.exe"StealthDisk - hides folders
X SysPool MSSVC32.EXE"Added by the BANCBAN-IO TROJAN!"
X SySPower [path to trojan]"Added by the BANCBAN-OC TROJAN!"
X SysProtect System.exe"Added by the NETSPY TROJAN!"
X SysProtect syp.exe"SysProtect rogue security software
X SysProtect USYP.exe"SysProtect rogue security software
X SysProtect Free USYP.exe"SysProtect rogue security software
X SysProtector SysProtector.exe"SysProtector rogue security software - not recommended
X syspw32.exe syspw32.exe"Added by the APPFLET.A WORM!"
X Sysqq LSESS.exe"Added by the FORBOT-BF WORM!"
X Sysqq weiba.exe"Added by the DELF-CFX TROJAN!"
X SysR sysmd.exe"Ulubione adult content dialer"
X SysReg SysReg.exe"Added by the CHEKIN TROJAN!"
X SysReg SysReg.exe"SearchSeekFind textual marketing foistware"
X Sysres Sysres.exe"Added by the LOGMOD.A TROJAN!"
X SysRes TASKMANAGER.exe"Added by the ELIPTER.A or ELIPTER.B WORMS!"
X SysRes WWE DIVAS.exe"Added by the ELIPTER.D WORM!"
X SysRes IExpIore .exe"Added by the ELITPER.E WORM!"
X sysrest32.exe sysrest32.exe"Added by the AGENT-GIN TROJAN!"
X sysrestore32.exe sysrestore32.exe"Unknown malware detected by McAfee - see here"
X Syss ehuupdate.exe"EHU adware"
X SysScan bvt.exe"Added by the AUTOUPDER TROJAN!"
X SysSearch Regedit.exe -s pcsearch.reg"Added by the STARTPAGE-FN TROJAN! Note that regedit.exe is a legitimate Microsoft file and shouldn't be deleted. The ""pcsearch.reg"" file is located in %Windir%"
X SysSearch Regedit.exe -s sysreg.reg"Added by the STARTPA-ME TROJAN! Note that regedit.exe is a legitimate Microsoft file and shouldn't be deleted. The ""sysreg.reg"" file is located in %Windir%"
U SysSense SysSense.exe"""SysSense is your personal desktop Google AdSense monitor. It keeps your current Google AdSense information in the Windows system tray"". Google AdSense account required"
X sysser [path to file]"Added by the RAHACK WORM!"
X SysService SysService.exe"Added by the BDFORM-A BACKDOOR!"
U SysService SERVICES.EXE"NSKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself!"
X SysService32 SysService32.exe"Added by the KINDAL VIRUS!"
X SysService32 ln32k.dll"Added by the KINDAL VIRUS!"
X SysService32l systask32l.exe"Added by the THEUG WORM!"
X SysServices SERVICES.EXE"Added by the DELF-EY TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X SYSsfitb SYSsfitb.exe"AdShooter adware"
X SySSL sysl.exe"Added by the RBOT-CKH WORM!"
X SySSL syssl.exe"Added by the RBOT-DAA WORM!"
X SysStart [random filename]"ZenoSearch adware"
X SysStart syswin.exe 1"Added by the AUTORUN-EY WORM!"
X SysStrt systemc.exe"Added by the AGOBOT-QA TROJAN!"
X syst syst.exe"Added by the DUMB.A ""Joke"" virus"
X Systam13 f1r5st83.exe"Added by the IRCBOT-YM WORM!"
X Systam13 exp.exe"Added by the RBOT.ESD BACKDOOR!"
X Systam13 first.exe"Added by the RBOT.GND BACKDOOR!"
X Systam13 resx.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
X Systam13 speedwin.exe"Added by the RBOT.GVH BACKDOOR!"
X System run322.exe"Added by the LANFILT TROJAN!"
X System system.exeAdded by various WORMS and TROJANS!
X system regedit -s system.dllHomepage hijacker
X system systemsearch.htaJetseeker.com hijacker
X System dcomx.exe"Added by the CIREBOT TROJAN!"
X system Explorer.exe"Added by the GRAYBIRD BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
X System YPager.exe"Added by the JUNTADOR.K TROJAN! Note - this is not the older version of Yahoo! Messenger which shares the same filename and is located on %ProgramFiles%\Yahoo!\Messenger"
X system outlook.exe"Added by the MIMAIL.Q WORM! Note that the valid Microsoft Outlook executeable is located in %ProgramFiles%\Microsoft Office\Office whereas this one is located in %Windir%"
X System Atira.exe"Added by the KOTIRA VIRUS!"
X SYSTEM lsas.exe"Added by the SPYBOT.CJ WORM!"
X System kernels32.exe"Added by the DLOADER-FC TROJAN!"
U System sysctrl.exe"Added by WinGuardian. Note - this commercial keylogger is no longer made or sold by Webroot but older copies may still be in existance
X System csrss.exe"Added by the LDPINCH.E TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X System SVCHOST.EXE"Added by the LDPINCH-AU TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X system lsasse.exe"Added by the RBOT-YL WORM!"
X System systray.exe"Added by the PISABOY-A TROJAN! Note - this is not the legitimate systray.exe process"
X System abcdefg.exe"Added by the HARWIG-B WORM!"
X System cber.exeAdded by an unidentified TROJAN!
X System serwin.exe"Added by the LDPINCH-BN TROJAN!"
X System svchst.exe"Added by the LDPINCH-BF TROJAN!"
X System system.exe (74295303)"Added by the VB-IU WORM!"
X System WINL0G0N.EXE"Added by the BANCOS-DB TROJAN!"
X System wumgrd32.exe"Added by a variant of the RBOT WORM!"
X System SPOOLSU.EXE"Added by the BANKER-FC TROJAN!"
X System system23.exe"Added by the LEBREAT-D WORM!"
X System windowsps.exe"Added by a variant of the RBOT WORM!"
X SYSTEM d.exe"Added by the MYTOB.LP WORM!"
X System inetinfo.exe"Added by the PARDROP-A TROJAN!"
X system services.exe"Added by the DELF-LQ TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\HELP"
X SYSTEM VSSMON.exe"Added by the RBOT-AWW TROJAN!"
X SYSTEM wiinlogon.exe"Added by the RBOT-AVG WORM!"
X System kernels64.exe"Added by the VIXUP-S TROJAN!"
X system lsass.exe"Added by the SATILOLER.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Common Files\System"
X System smss.exe"Added by the AGENT.EP BACKDOOR! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X System winupd.exe"Added by a variant of the SDBOT WORM!"
X system messenger.exeAdded by an unidentified WORM or TROJAN!
X System kernels1118.exe"Added by a variant of the SDBOT WORM!"
X System wsscntfy.exe"Added by a variant of the SDBOT WORM!"
X SYSTEM windmupdr.exe"Added by a variant of the RBOT WORM!"
X system svcr.exe"Added by the SPYONE TROJAN!"
X System kernels88.exe"Added by the TIBS-PP TROJAN!"
X System kernels8.exe"Added by the TIBS.AI TROJAN!"
X System OeApi.vbs"Added by the AGUI WORM!"
X System Updaterun.exe"Added by the QQHELP-DX TROJAN!"
X System Zap.exe"Added by the MSNVB-D WORM!"
X System BrO_AcT.exe"Added by the SILLYFDC-AL WORM!"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.

Powered By Pac's Startup list