Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77
78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99
If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown



Startup Name Process Name Details
X7X29C2X78Ysyss_.exe"Added by the AGENT-GMS TROJAN!"
XInSysSecureInSysSecure.exe"InSysSecure rogue security software - not recommended
XMicrosoft Security Monitor Processwinsyss32.exe"Added by the RBOT.AEU BACKDOOR!"
XMicrosoft Startup Managersysservice.exe"Added by the AVALANEC TROJAN!"
XMicrosoft Windows Updatesyssinfos.exe"Added by the RBOT-FWR WORM!"
Xmsgserv_Syss.exe"Added by the FANTA TROJAN!"
Xmsoft-updater23mssysstems.exe"Added by the RBOT-ATU WORM!"
Xsck121helpsyss.exeAdded by a variant of the MAILBOT TROJAN!
Xsecurity servicesyss.exeAdded by an unidentified WORM or TROJAN!
XSyssehuupdate.exe"EHU adware"
XSysScanbvt.exe"Added by the AUTOUPDER TROJAN!"
XSysSearchRegedit.exe -s pcsearch.reg"Added by the STARTPAGE-FN TROJAN! Note that regedit.exe is a legitimate Microsoft file and shouldn't be deleted. The ""pcsearch.reg"" file is located in %Windir%"
XSysSearchRegedit.exe -s sysreg.reg"Added by the STARTPA-ME TROJAN! Note that regedit.exe is a legitimate Microsoft file and shouldn't be deleted. The ""sysreg.reg"" file is located in %Windir%"
USysSenseSysSense.exe"""SysSense is your personal desktop Google AdSense monitor. It keeps your current Google AdSense information in the Windows system tray"". Google AdSense account required"
Xsysser[path to file]"Added by the RAHACK WORM!"
XSysServiceSysService.exe"Added by the BDFORM-A BACKDOOR!"
USysServiceSERVICES.EXE"NSKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself!"
XSysService32SysService32.exe"Added by the KINDAL VIRUS!"
XSysService32ln32k.dll"Added by the KINDAL VIRUS!"
XSysService32lsystask32l.exe"Added by the THEUG WORM!"
XSysServicesSERVICES.EXE"Added by the DELF-EY TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
XSYSsfitbSYSsfitb.exe"AdShooter adware"
XSySSLsysl.exe"Added by the RBOT-CKH WORM!"
XSySSLsyssl.exe"Added by the RBOT-DAA WORM!"
XSysStart[random filename]"ZenoSearch adware"
XSysStartsyswin.exe 1"Added by the AUTORUN-EY WORM!"
XSysStrtsystemc.exe"Added by the AGOBOT-QA TROJAN!"
XSystem Supportsyssql.exe"Added by the RBOT-AUH WORM!"
USystemSafeSyssafe.exe"System Safety Monitor - system monitoring tool with additional application firewalling"
?tsyssmontsyssmon.exe"Found in a Toshiba\sysstability directory"
XWindows Activate Systemsyssv.exe"Added by a variant of the SPYBOT WORM!"
XWindows applications serverSysShield.exe"Added by the unregistered version of Personal Anti Malware rogue security software - not recommended
XWindows Server Driverssyssrv.exe"Added by a variant of the IRCBOT TROJAN! See here"
XWindows Serviceswinsyssrv.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XWindows TMSyss.exe"Added by the RBOT.ADF BACKDOOR!"
XWinsSystemsyssmss.exe"Added by the DELF.IG TROJAN!"
XWinSysStartUpWKbLwTaskSystemDll.Exe"Added by the BACKZAT.G WORM!"
X[various names]SysSupport.exe"Wareout - malware masquerading as a spyware and dialer remover"
X{78B578D7-BCE1-4d83-9CD4-195BC34D8CB3}syssfzvakqg.exe"Added by the FAKEALERT-AM TROJAN!"
X{B081DB1F-4EE6-4021-9DD4-8B300F0D636D}syssngbeh.exe"Added by the FAKEALERT-AH TROJAN!"


DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.

Copyright 2003-2013 iamnotageek &/or Martin Krohn.