Systems

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

"Y" - Normally leave to run at start-up
"N" - Not required - typically infrequently used tasks that can be started manually if necessary
"U" - User's choice - depends whether a user deems it necessary
"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
"?" - Unknown

	Startup Name	Process Name	Details
Inc."	"Miramar Systems	U	atmsg.exe
X	Cisco Systems	[path to worm]	"Added by the AUTORUN.UHR WORM!"
U	Cisco Systems VPN Client	ipsecdialer.exe	"Cisco VPN Client - lets local users gain Administrator privileges on the operating system"
U	Cisco Systems VPN Client	vpngui.exe	"Sets up IPSec communications for Cisco's VPN Client"
X	german.exe	winsystems.exe	"Added by the BAGLEDl-AE TROJAN!"
X	IISADMINS	systems.exe	"Added by the AGOBOT.U WORM!"
X	Kernell	systems.exe	"Added by the TARNO.C TROJAN!"
X	Microsoft Internal AntiVirus Systems	dIlhost.exe	"Added by the RBOT-AEV WORM!"
X	Microsoft Macro Protection Subsystems	msmacroprotxz.exe	"Added by a variant of the SPYBOT WORM!"
X	Microsoft Macro Protection Subsystems	Msmacroprot32.exe	"Added by the RBOT.KN WORM!"
X	Microsoft Update Machine	systemse.exe	"Added by the RBOT-BD WORM!"
X	Microsoft Xp Systems loader	winsystem32xp.exe	"Added by the KELVIR.W WORM!"
X	Microsoft Xp Systems loaders	win32xpsys.exe	"Added by the SPYBOT.NYT WORM!"
X	MSN	systems.exe	Identified as a variant of the Backdoor.PosionIvy keylogging malware
X	NAV Agent	systems.exe	"Added by the TARNO.C TROJAN! Note - this is not the valid Norton Antivirus entry of the same name"
X	Nortons AVS Systems	arse.exe	"Added by the RBOT.AWY WORM!"
X	Recoveru systems	svchost.exe	"Added by the SMALL.DDX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Temp%"
X	ssgrate.exe	winsystems.exe	"Added by the BAGLEDL-J TROJAN!"
X	system	systemsearch.hta	Jetseeker.com hijacker
X	System Loader	systems.exe	"Added by the AGOGBOT-FI WORM!"
X	System Service	systems.exe	"Added by the AGOBOT.VZ WORM!"
X	System Stats	SystemStats.exe	"Added by a variant of the WOOTBOT WORM!"
X	Systems	scchost.exe	"Added by the DAEMOZ.A TROJAN!"
X	Systems	svch0st.exe	"Added by the MYDOOM.BI WORM!"
X	Systems	Systems.exe	"Added by the BANKBOA-A TROJAN!"
X	Systems	itDDD.exe	"Added by the DLOADER-PP TROJAN!"
X	Systems	sescmgr.exe	"Added by the DWNLDR-GAH TROJAN!"
X	Systems	spoolsvc.exe	"Added by the DLOADR-SW TROJAN!"
X	Systems	sysmon.exe	"Added by the VIXUP-BI WORM!"
X	Systems Backups	windrives.exe	"Added by the AGOBOT-RB WORM!"
X	Systems Restart	slchost.exe	"Added by the MULTIDROP.C TROJAN!"
X	Systems Restart	spchost.exe	Added by an unidentified WORM or TROJAN!
X	Systems Restart	"Rundll32.exe beem.dll	DllRegisterServer"
X	Systems Restart	"Rundll32.exe snim.dll	DllRegisterServer"
X	Systems Restart	"Rundll32.exe zolk.dll	DllRegisterServer"
X	Systems Restart	"Rundll32.exe boln.dll	DllRegisterServer"
X	Systems Service	drivex.exe	"Added by a variant of the RBOT WORM!"
X	systems usb driver	Windows2.exe	"Added by a variant of the RBOT WORM!"
U	Systems.exe	Systems.exe	"Keyboard Spectator - monitoring software that creates records of everything people do on a computer
U	systems.exe	systems.exe	"KGBSpy is a commercial surveillance software program. It logs keystrokes
U	SystemSafe	Syssafe.exe	"System Safety Monitor - system monitoring tool with additional application firewalling"
X	SYSTEMSars32	csrss.exe	"Added by the AHLEM.A WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	SystemSAS	System32.exe	"Added by the KWBOT.C WORM!"
X	systemscroot	systembin.exe	"Added by a variant of the RBOT WORM!"
X	SystemSearch	regedit.exe -s ie.reg	"Installs a Seachxl.com browser page hijack. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file ""ie.reg"" is located in the root folder (ie
X	SystemSearch	regedit.exe -s sys.reg	"Installs a i--search.com browser page hijack. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file ""sys.reg"" is located in %Windir%"
X	SystemSecurity	zprot32.exe	"Added by the AGENT-FK TROJAN!"
X	SystemService	msocfg.exe	Premium rate adult content dialler
X	SystemService	navchk.exe	Premium rate adult content dialler
X	SystemService	qservice.exe	Premium rate adult content dialler
X	SystemService	shman.exe	Premium rate adult content dialler
U	SystemService	nsserver.exe	"NiceSpy keystroke logger/monitoring program - remove unless you installed it yourself!"
X	SystemSettingf	TRUG.vbs	"Added by the TRUG.B MACRO!"
U	SystemSuite Task Manager	MXTASK.EXE	"vcom (nee Ontrack) SystemSuite - PC maintenance and security. Use the program's configuration options to enable only the parts you want running all the time - such as Virusscanner Pro"
X	SystemSv12	newmaxxsv234.exe	"Added by the TIBS-TS TROJAN!"
X	SystemSv121	n2ewma1xxsv234.exe	"Added by the TIBS.TJ TROJAN!"
X	userd	systems.com	"Added by the OUTLAW-A WORM!"
X	Wind River Systems	vxworks.exe	"Added by the ACKANTTA WORM! Note that this is not related to the VxWorks platform from Wind River"
X	Windows backup	systemss.exe	"Added by a variant of the SPYBOT WORM!"
X	Windows Fixes Systems	elite.exe	"Added by the MYTOB.EG WORM!"
X	Windows Systems16	winjews16.exe	"Added by the SDBOT-CXT WORM!"
U	WinSystem	WinSystems.exe	"CMKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself!"
X	WinSystems	winsystems16.exe	"Added by the SDBOT-CZT WORM!"
X	winsystems25	winsystems.exe	"Added by the RBOT-CNZ WORM!"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.