Analysis of startup processes (Startup Manager)

Switch to Startup Tab. The startup manager shows all processes that run on Windows startup. The startup items will be sorted by their status (rating of danger). The program shows properties of each item: item name, file name, status, type, state, company, description.



The program examines each startup item and assignes status (rating of danger). Unsafe startup processes can be determined by rating of danger. The highest possible rating of danger is red. The red startup process is dangerous. The yellow process is suspicious. Highly rated startup processes is not always dangerous. It can just contain similar code of virus or spyware. You have to decide is what to do with this startup item: delete it or mark as safe.

Current version of the program can assign statuses:
  • Dangerous - the startup item or the process is hidden or uses virus/spy technologies. For example, "Hijack" startup item is Trojan (shown as red on screenshot above). Its startup item has Dangerous status. The trojan file has empty "Company" field, but it can be signed by any name.
  • Altered - File hash (checksum) has been changed or a thread has been created by another process in the startup process. The process contains and executes alien code of another process. This process is potentially dangerous. System process hash can be changed when you install Service Pack or Windows Hotfixes.
  • Suspicious - suspicious startup method or the startup process has not a visible windows and icons. Drivers (hardware utilities) only runs in the backround with no visible windows. You can see several suspicious startup items (shown as yellow on screenshot above). Almoust all of them are drivers. Processes of Advanced Micro Devices are mother board drivers. Processes of C-Media Electronic are audio card drivers. Processes of NVIDIA Corporation are video card drivers. Processes of Lexmark International are printer drivers. One suspicious item "swg" is not driver. It is "Google Toolbar" update program. If You don't want it, you can delete it.
  • Normal - the startup item is not suspicious and the process has visible windows and don't use virus/spy technologies.
  • System - Operating System doesn't work correctly without the main system processes. Each system process has to be signed by Microsoft.
  • Safe - the startup item or process was marked as Safe.
  • Good - the process was found in database of good processes.
  • New - the startup item is new. This status can combine with other statuses.
Do double-click on a item or select 'Item Information' in menu for detailed information about selected startup item.




You can mark a item as Safe or delete it and you can do other commands in the context menu or in "Item Information" window.

Item Information - To open the information window of selected startup item.
Process Information - To open the information window of process related with this item.
Mark as Safe - Mark the startup item as Safe.
Check this file for viruses with Virustotal.com - Download and install VirusTotal Uploader (vtsetup.exe 80KB) to upload files to www.virustotal.com. This is a useful, free and small program that enables you upload files to www.virustotal.com and determine the presence of viruses or malicious software that could do considerable damage to your computer. Please visit www.virustotal.com/metodos.html to download.
Run new process - Run this startup process.
Add to startup - Add the new file to startup. The files will run on Windows startup, or on user login.
Delete the startup item - Delete the selected startup item. Warning: be careful when you delete the system startup processes or drivers. If you delete it, Operating System can crash.
Delete the startup item and file - Delete the startup item and its file. Warning: be careful when you delete the system startup processes or drivers. If you delete it, Operating System can crash.
Block starting of the process by filename - It is works permanently, when SPD is not running or even deleted. Warning: be careful when you block the system processes. If you block it, Operating System can reboot.
Block starting of the process by filepath - It is works only when SPD is running. Warning: be careful when you block the system processes. If you block it, Operating System can reboot.


Copyright (C) 2006-2009, System SoftLab
Last update of this page: October 3, 2009.