Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown



Startup Name Process Name Details
Xsystem32.exe"Added by the AGOBOT-KU WORM! Note - has a blank entry under the Startup Item/Name field"
U00THotkeysystem32THotkey.exe"For Toshiba Satellite notebook series to use the front buttons
XC:WINDOWSsystem32SetupCmd.exeSetupCmd.exe"Detected by Kaspersky as the AGENT.AAW TROJAN!"
XCall Function System32sddriver.exe"Added by a variant of the SDBOT TROJAN!"
XDriverPathsystem32.exe"Added by the PRORAT-S TROJAN!"
Xioroxxo microsoft suxsystem32.exe"Added by a variant of the RBOT WORM!"
XMcafee Antivirus Monitoring System326VSStatmn326.exe"Added by a variant of the SDBOT WORM!"
XMcafee Antivirus Monitoring System32mnVSStatmn32.exe"Added by a variant of the RBOT WORM!"
XMicrosofot x386 System Monitorsystem32.exe"Added by the WOOTBOT.M WORM!"
XMicrosoftsystem32.exe"Added by the IRCBOT-ZZ WORM!"
XMicrosoft System32 Updatecmsrg.exe"Added by the RBOT-GN WORM!"
XMicrosoft Updatesystem32.exe"Added by the RBOT.IS WORM!"
XMicrosoft Update Loaders 2006winusersystem32.exe"Added by a variant of the AGOBOT/GAOBOT WORM!"
XMicrosoft Xp Systems loaderwinsystem32xp.exe"Added by the KELVIR.W WORM!"
Xmsnsystem32.exe"Added by the KITRO.A WORM!"
XNVSystem32nvscv32.exe"Added by the AGOBOT-NO WORM!"
XPopup Blocker System326a MonitoringPopUpBlocker6a.exe"Added by the RBOT.AUH WORM!"
XRegistry Checkup System326a MonitorWinregs326a.exe"Added by a variant of the SDBOT WORM!"
Xruinsystem32.exe"Added by the DELF-JM TROJAN!"
XRundllsystem32Rundllsystem32.exe"Added by the NETDEVIL.B TROJAN!"
XSms System32SmsSystem32.exeUnidentified malware
XSygate Personal Firewallsystem32.exe"Added by the RBOT.VI WORM!"
XSystem Supportsystem32.exe"Added by the RBOT-AHA WORM!"
XSystem32system.exe"Added by the BUSHTRO122 TROJAN!"
XSystem32System32.exeAdded by any number of WORMS or TROJANS!
USystem32sysdiag.exe"SpyAgent surveillance software. Uninstall this software unless you put it there yourself"
XSystem32"system321.exe"
Xsystem32NeT-BoT.exe"Added by the AGOBOT-LJ WORM!"
XSystem32lsasss.exe"Added by the RBOT-XW WORM!"
XSystem32crsvvc.exe"Added by the RBOT.BLY WORM!"
Xsystem32QQGame.exe"Added by the QQPASS-AC TROJAN!"
XSystem32[worm filename]"Added by the NAUTICAL-A WORM!"
XSystem32winds32.exe"Added by the DWNLDR-HFY TROJAN!"
XSystem32csrss.exe"Added by the SILLYFDC WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""drivers"" subfolder"
Xsystem32lowinplay.exe"Added by the VB.FVJ TROJAN!"
USystem32sb32mon.exe"Part of the SpyBuddy keystroke logger/monitoring program - see here. Remove unless you installed it yourself!"
XSystem32svchost.exe"Added by the ZAPCHAS-V TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""drivers"" subfolder"
XSystem32 PCI Managersyspci32.exe"Added by the RBOT-AFR WORM!"
XSystem32 Runtime StartUpsysrs.exe"Added by the AGOBOT.ANW WORM!"
XSystem32 Spoolwinint.exe"Added by the FORBOT-N WORM!"
XSystem32 TCP Managersystcpm.exe"Added by a variant of the RBOT WORM!"
XSystem32 TCP Managersysterm.exe"Added by the RBOT.AFD WORM!"
XSystem32 Temp Servicesystmp.exe"Added by the RBOT-AET WORM!"
XSystem32-Drivercsrs32.exe"Added by the SDBOT-CP BACKDOOR!"
Xsystem32.dllsysteminit.exe"CoolWebSearch parasite variant - re-directing to your-search.info"
Xsystem32.dllsysdll32.exe"CoolWebSearch parasite variant. Redirecting to wholeworldmarket.com
Xsystem32.exeservices32.exe"Added by a variant of the IRCBOT TROJAN!"
Xsystem32.exesystem32.exe"Added by the GRAYBIRD.P TROJAN!"
XSystem32BLSJ AgentSystem32BLSJ.exe"Added by the MDROP-BPT TROJAN!"
XSystem32Check[random].exe"Added by the CHAST-A TROJAN!"
XSystem32DllDLL32SYS.EXE"Added by the SPYBOT-CZ WORM!"
XSystem32ExSystem32Ex.exe"Added by the IRCCONTACT TROJAN!"
USystem32kfvwsysdiag.exe"SpyAgent surveillance software. Uninstall this software unless you put it there yourself"
XSystem32RootGadu-Gadu.exe"Added by a variant of the IRCBOT TROJAN! Note - doe not confuse with the Polish language Instant Messaging client also called Gadu-Gadu"
Xsystem32WXBP Agentsystem32WXBP.exe"ARDAMAX.HR spyware"
XSystemSASSystem32.exe"Added by the KWBOT.C WORM!"
XTorrent Management Servicesystem32.exe"Added by a variant of the IRCBOT TROJAN! See here"
XWin32system32.vbs"Added by the SWERUN VIRUS!"
XWindows Drive CompatibilitySystem32Driver32.exe"Added by the SUPOVA.Z WORM!"
XWindows Explorersystem32.exe"Added by the RBOT-AJH WORM!"
XWindows System32windowsp.exe"Added by the MYTOB.GD WORM!"
XWindows System32winsys32.exe"Added by the SDBOT-AHS WORM!"
XWindows System32clsas32.exe"Added by the RBOT-AZO WORM!"
XWindows System32explorer.exe"Added by the OPANKI-V WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is also copied to %System%"
XWindows System32System32.exe"Added by the SDBOT-ALI WORM!"
XWindows SYSTEM32Realplayer.exe"Added by the SPYBOT.ZH WORM!"
XWindows System32wingrd32.exe"Added by a variant of the RBOT WORM!"
XWindows System32windows32.exe"Added by the RBOT-FPB WORM!"
XWindows System32 Driverclsass32.exe"Added by the SDBOT-AGG WORM!"
XWindows System32 Kernelsystem32.exe"Added by the SDBOT-AAT WORM!"
XWindows-SystemSystem32.exe"Added by the LOGPOLE.C WORM!"
XWindowsSystem32asper.exe"Added by the AGENT-EFP TROJAN!"
XWindowsSystem32svchosts.exe"Added by the AGENT-EDA TROJAN!"
XWindowsSystem32[path to worm]"Added by the SDBOT-DFG WORM!"
XWindowsSystem32msnmssgr.exe"Added by the AGENT.ALY BACKDOOR!"
XWindowsSystem32msn_kilo.exe"Added by the AGENT.ALY BACKDOOR!"
XWindowsSystem32msnmgaer.exe"Added by the AGENT.ALY BACKDOOR!"
XWinsock2 driverSYSTEM32.EXE"Added by the SPYBOT-EG WORM!"
XWinsock32 driversystem32.exe"Added by the IRCBOT-VT TROJAN!"


DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.