Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer


NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

If you're not finding what you're looking for please go to this forum and submit a new startup entry.


  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown

Startup Name Process Name Details
X27slsorve.exe"Added by the SLSORVE-A TROJAN!"
X27csrss32.exe"Added by the SLSORVE-D TROJAN!"
X27msm32.exe"Added by the SLSORVE-E TROJAN!"
X55278grepclient1.exe"Added by the LINEAGE-S TROJAN!"
XAtomic-x27Atomic-x27.exe"Added by the KATOMIK-A WORM!"
XAtomic-x27CAtomicpartC.exe"Added by the KATOMIK-A WORM!"
Xavguard3876000b09274b.exe"AntiVirus ransomware security software - not recommended
YBOC-427BOC427.exe"Comodo BOClean anti-malware software - ""Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely"". Version 4.27"
XBT00003*hiklmnop27.exe"Added by the VB-VT TROJAN where * = 2
XDanBtR270414DanBtR270414.exe"Added by the VB-NIB WORM!"
XGetModule27GetModule27.exe"Internet Speed Monitor adware related"
XIExplorer7 Java ScriptingIExplore327.exe"Added by a variant of the SDBOT WORM!"
Xkgjdi27kgjdie27.exe"Added by the SDBOT.AP BACKDOOR!"
XNI.GA6P_0001_N105E2704[path to file]"Installer for the AVSystemCare rogue security software - see here"
XNI.UGA6P_0001_N105M2704[path to file]"Installer for the AVSystemCare rogue security software - see here"
?PLFFAPHotfixQ0306270.exe"Prolific Technology Inc. USB Flash Disk driver - is it required in startup?"
UQWS3270 Sessionssessions.exeQWS3270 Secure terminal emulation software
Xstup138762763.exe"Added by the FIRESPY-A TROJAN! It will attempt to register the dropped component as a Firefox plugin and begin monitoring the user's browsing habits
Xtlz47681727.exeAdded by an unidentified TROJAN!
XTok-Cirrhatus-2784br6591on.exe"Added by the BRONTOK-L WORM!"
XTok-Cirrhatus-2784smss.exe"Added by the BRONTOK-S WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%"
X{157627A6-2A10-4aa1-B97F-90B8DC6F24AC}sysqkmwfedz.exe"Added by the FAKEALERT-AH TROJAN!"
X{2C70168B-97CE-4f31-B85D-1FEC5002721D}sxpgknrwva.exe"Added by the FAKEALERT-AM TROJAN!"
X{2C70168B-97CE-4f31-B85D-1FEC5002721D}sysavxjgdu.exe"Added by the FAKEALERT-AM TROJAN!"
X{2C70168B-97CE-4f31-B85D-1FEC5002721D}sysawpbkvnq.exe"Added by the FAKEALERT-AH TROJAN!"
X{2C70168B-97CE-4f31-B85D-1FEC5002721D}sysxhtcwbse.exe"Added by the FAKEALERT-AM TROJAN!"
X{357AA41A-B7A8-4632-A27D-5B980B25CF43}[path to svchost.exe]"Added by the SMALL-AQ TROJAN!"
X{357AA41A-B7A8-4632-A27D-5B980B25CF43}services.exe"FakeMessage/AdRotator adware. Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in an ""Inetsrv"" subfolder"
X{357AA41A-B7A8-4632-A27D-5B980B25CF43}[path to trojan]"Added by the SMALL-EP TROJAN!"
X{9754B85A-3B34-4969-BE1F-CD03227E9470}syszweuas.exe"Added by the FAKEALERT-AM TROJAN!"
X{9754B85A-3B34-4969-BE1F-CD03227E9470}sysatjsicj.exe"Added by the FAKEALERT-AM TROJAN!"
X{BAAA759D-56F0-428c-B8DA-827EA3B08C2C}sysawechod.exe"Added by the FAKEALERT-AH TROJAN!"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.