Newest 100 Entries

bleepingcomputer.com

Welcome Guest (Log In | Create Account)

New Member? Join for free.

BleepingComputer.com -> Startup Programs Database -> Newest 100 Entries

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Other

HJT: F0, F1, F2, F3 · O4 · O20 · O21 · O22 · O23

Rootkit List · Submit a Startup · Top Submitters

Startup Index · Newest Entries · Mozilla Search Tools · WebMaster Site Tools · Status Key
Startup Database Forum · How to use the Startup Database

Enter the filename or keyword you would like to search for:

Advanced Search

Name	Filename	Status	Description
syshost32	syshost.exe	X	Added by the Troj/Agent-UTA Trojan.
gpresultl	gpresultl.exe	X	Added by the Mal/HerpBot-A Malware.
helpermob	helpermob.exe	X	Added by the Troj/DwnLdr-JQU Trojan downloader.
fastnotify	fastnotify.exe	X	Added by the Troj/DwnLdr-JQU Trojan downloader.
Mozilla client	firefox.exe	X	Added by the Troj/Agent-USU Trojan.
Home Security Solutions	HSa76.exe	X	Added by the Home Security Solutions rogue anti-spyware program.
Internet Security Guard	ISa76.exe	X	Added by the Internet Security Guard rogue anti-spyware program.
Malware Protection Center	MPa76.exe	X	Added by the Malware Protection Center rogue anti-spyware program.
Antivirus Smart Protection	ASa76.exe	X	Added by the Antivirus Smart Protection rogue anti-spyware program.
Smart Anti-Malware Protection	SAa76.exe	X	Added by the Smart Anti-Malware Protection rogue.
InetAccelerator	InetAccelerator.exe	X	Added by the Troj/Ransirac-A Trojan.
Microsoft Firevall Engine	mdm.exe	X	Added by the W32/Pushbot-R worm.
ProtectOn	ProtectOn.exe	X	Added by the ProtectOn rogue anti-spyware program.
userlog	userlog.exe	X	Added by the Troj/Luiha-AP Trojan.
sck.exe	sck.exe	X	Added by the Troj/VBInjec-DV Trojan.
zaber0	zaberg.exe	X	Added by the W32/SillyFDC-HC worm.
SrxRwxyu	srxrwxyu.exe	X	Added by the Troj/Agent-URM Trojan.
RegSvc32	svchost.exe	X	Added by the Mal/VB-ABH malware. This infection should not be confused with the legitimate C:\Windows\System32\svchost.exe file.
Internet Security 2012	isecurity.exe	X	Added by the Internet Security 2012 rogue anti-spyware program.
RDSound	NokiaDriveUpdate.exe	X	Added by the Troj/Agent-UOU Trojan.
apocalyps32	apocalyps32.exe	X	Added by the Troj/Agent-UNK Trojan.
HDAudDeck	VDeck.exe	U	Control panel for audio codecs from Via Technology.
HControlUser	HControlUser.exe	U	A utility that enables the Function (FN) key shortcuts on Asus laptops.
iolo Startup	ioloLManager.exe	?	Related to IOBit programs, but am unsure as to what it does.
APSDaemon	APSDaemon.exe	U	Part of Apple iTunes that allows you to wirelessly sync your iPhone, iTouch, or iPad.
ATKMEDIA	DMedia.exe	N	Asus software that is commonly installed on their laptops. This software allows Windows Media Center to be opened when you press the multimedia keys on the laptop.
Lexmark 5000 Series	fm3032.exe	Y	FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Incorporated into software by Lexmark, MCI, Lotus, My Software, Broderbund, Traffic Software and many others.
Akamai NetSession Interface	netsession_win.exe	U	Added by the Akamai NetSession downloader. This is a service launched by the legitimate C:\Windows\System32\svchost.exe program. The actual executable file for the Akamai NetSession Interface service is %ProgramFiles%\common files\akamai\netsession_win_b427739.dll.
Nalpeiron Licensing Service	nlssrv32.exe	Y	Added by the Nalpeiron Licensing Service licensing software.
ZTEMT Legacy Serial Communication	CT_ZTEMT_U_USBSER.sys	Y	Driver for USB broadband modems that contain ZETMT chipsets.
UDisk Monitor	MonServiceUDisk.exe	Y	Application used by broadband modems that contain ZETMT chipsets.
Ambfilt	Ambfilt.sys	Y	Creative WDM 3D Audio sound driver from Creative Labs.
aswFsBlk	aswFsBlk.sys	Y	Part of Avast antivirus.
Akamai NetSession Interface	netsession_win_b427739.dll	U	Added by the Akamai NetSession downloader. This is a service launched by the legitimate C:\Windows\System32\svchost.exe program. The actual executable file for the Akamai NetSession Interface service is %ProgramFiles%\common files\akamai\netsession_win_b427739.dll.
aswSnx	aswSnx.sys	Y	Part of Avast Antivirus.
Mopy Points Collector	GETPOINT.EXE	U	Part of the MOPy Fish freeware cyberpet software.
sbthostyazzz	ctxmon.exe	X	Added by the W32/Yaz-A worm.
System Update	svchost.exe	X	Added by the Troj/Malex-P Trojan. Please note that this infection should not be confused with the legitimate file located at C:\Windows\System32\svchost.exe.
NvCplDaemonTool	qloadAC.dll	X	Added by the Troj/Sinowal-AS Trojan. Please note that C:\Windows\System32\rundll32.exe is a legitimate program and should not be deleted.
WinUpdaterstd	svchost.exe	X	Added by the Troj/VBObfus-E Trojan. This infection should not be confused with the legitimate C:\Windows\System32\svchost.exe file.
MUent	MUsia.exe	X	Added by the W32/Taterf-B worm.
winstep	reader.exe	X	Added by the Troj/Autoit-PC Trojan.
MegaSR	MegaSR.sys	Y	LSI MegaRAID Software Raid driver for Windows.
megasas	megasas.sys	Y	MegaSAS Raid Controller Driver for Windows.
LUA File Virtualization Filter Driver	luafv.sys	Y	LUA File Virtualization Filter Windows driver.
LSI_SCSI	lsi_scsi.sys	Y	Windows SCSI Miniport driver with the description of LSI Fusion-MPT SCSI Driver (StorPort).
LSI_SAS2	lsi_sas2.sys	Y	Windows SCSI Miniport driver with the description of LSI SAS GEN 2 Driver (StorPort).
LSI_SAS	lsi_sas.sys	Y	Windows SCSI Miniport driver with the description of LSI Fusion-MPT SAS Driver (StorPort).
LSI_FC	lsi_fc.sys	Y	Windows SCSI Miniport driver with the description of LSI Fusion-MPT FC Driver (StorPort).
LogMeIn Hamachi Tunneling Engine	hamachi-2.exe	Y	LogMeIn Hamachi is a hosted VPN service that lets you securely extend LAN-like networks to remote networks or users.
LogMeIn Remote File System Driver	LMIRfsDriver.sys	Y	Related to the LogMeIn remote management software.
lmimirr	lmimirr.sys	Y	Video driver for the the LogMeIn remote management software.
LogMeIn Maintenance Service	RaMaint.exe	Y	Related to the LogMeIn remote management software.
LogMeIn Kernel Information Provider	RaInfo.sys	Y	Related to the LogMeIn remote management software.
LMIGuardianSvc	LMIGuardianSvc.exe	Y	Related to the LogMeIn remote management software. This driver supports LogMeIn processes with quality assurance feedback
QQExtrenal	QQExtrenal.exe	X	Unknown malware.
RXY Start	RXY.exe	U	Added by the Ardamax Keylogger surveillance software. If this software is found on your computer without your knowledge, then you should remove it.
Driver Control Manager v7.7	sesnaesttoo.exe	X	Added by the Troj/IRCbot-AJL worm and IRC backdoor.
Security Monitor 2012 Security	securitymanager.exe	X	Added by the Security Monitor 2012 rogue anti-spyware program.
Security Monitor	Security Monitor.exe	X	Added by the Security Monitor 2012 rogue anti-spyware program.
onestep	onestepe.exe	X	Added by the Mal/Uddo-C malware.
serjfsd	fsrjsdks.exe	X	Added by the Mal/VBCheMan-A malware.
Upfsfm	Upfsfm.exe	X	Added by the Troj/Mdrop-DVU Trojan.
ActiveX Update	AxUpdateMS.exe	X	Added by the Troj/Banker-FIX online banking Trojan.
RDSound	Huawei3g.exe	X	Added by the Troj/Luiha-AD Trojan.
Microsoft Driver Setup	psreg.exe	X	Added by the W32/VBMato-C worm.
Service Noits	ranga.exe	X	Added by the Mal/Boom-A malware.
bootstat	csrss.exe	X	Added by the Troj/Swysin-Gen Trojan.
Chipbus	Chipbus.sys	X	Added by the Backdoor.Hackersdoor backdoor. Backdoor.Hackersdoor is a Trojan horse that installs a malicious driver file and then opens a back door on the compromised computer.
Google Update	bot.exe	X	Added by the Troj/Agent-UDF Trojan.
<not used>	dwme.exe	X	Part of the family of the Rogue.WinAVPro family of rogues.
Server2010	Server2010.exe	X	Added by the Troj/Hupigon-UT Trojan.
Microsoft DLL Registration	regsrv64.exe	X	Added by the Troj/VBKrypt-AL Trojan.
SoftThinks Agent Service	sftservice.EXE	U	Added by the SoftThinks backup and recovery software commonly bundled on new computers from various manufacturers.
Intel(R) Rapid Storage Technology	IAStorDataMgrSvc.exe	U	Intel software for managing Raid drives on Intel chipsets.
Dock Login Service	DockLogin.exe	U	Installed by Dell Dock. Only need to start if you use Dell Dock.
Andrea ST Filters Service	AESTSr64.exe	Y	64-bit driver Andrea sound driver.
Virtual WiFi Filter Driver	vwififlt.sys	Y	Driver for various wireless network cards.
NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller	yk62x64.sys	Y	Network driver for Marvell Ethernet controllers that use the Yukon chipset.
Windows Activation Technologies Service	WatAdminSvc.exe	Y	Microsoft service that periodically determines if your Windows Product ID is valid, and if not, displays warnings that your copy of Windows may not be Genuine.
Apple Mobile USB Driver	usbaapl64.sys	Y	Apple Mobile Device USB Driver.
Realtek 8167 NT Driver	Rt64win7.sys	Y	Realtek Ethernet controller network driver.
PxHlpa64	PxHlpa64.sys	Y	Sonic DVD/CD Driver.
win32k.sys	win32k.sys:2	X	The ZeroAccess rootkit. This rootkit terminates any program that scans its processes or files and then changes the permissions on them so you can no longer run them. This infection uses Alternate Data Streams and rootkit technology to hide itself and the service entry.
win32k.sys	win32k.sys:1	X	The ZeroAccess rootkit. This rootkit terminates any program that scans its processes or files and then changes the permissions on them so you can no longer run them. This infection uses Alternate Data Streams and rootkit technology to hide itself and the service entry.
Service_SKYNET<random chars>	SKYNET<random characters>.sys	X	SkyNet Rootkit.
Service_SKYNET<random chars>	SKYNET<random characters>.dat	X	SkyNet Rootkit.
unit	unit.exe	X	Unknown malware.
Intel	csrss.exe	X	Unknown malware.
windows32	smss.exe	X	Identified by Kaspersky Antivirus as a variant of the Trojan.Win32.Autoit.aqh malware.
A40.exe	A40.exe	X	Unknown malware.
WindowsUpdate	winupdate.exe.exe	X	Added by the BKDR_EXDEPH.A backdoor.
Windows	winlogons.exe	X	Added by the W32/AutoIt-OQ worm.
McUpdate	Update.exe	X	Added by the Troj/Agent-TUH Trojan.
cmi4432	cmi4432.sys	X	Added by the RTKT_DUQU.A rootkit.
JmiNET3	jminet7.sys	X	Added by the RTKT_DUQU.A rootkit.
vbc	wdt.exe	X	Added by the Mal/MsilDyn-L malware.
*resbootdev.exe	resbootdev.exe	X	Added by the Troj/Agent-TTQ Trojan. This program will start in Windows Safe Mode as well.
*rescatacct.exe	rescatacct.exe	X	Added by the Troj/FakeAV-EQX Trojan. Please note that this executable will start in Safe Mode as well.
MicrosoftOnlineOnline	MicrosoftOnlineOnline.dll	X	Added by the CXmal/Tracur-C malware. Please note that C:\Windows\System32\rundll32.exe is a legitimate program and should not be deleted.

Status Key

Each entry in the database will have a Status assigned to it. The key to this status is the following:

Y - This status flag means that this entry should be left alone and be allowed to run as if it is unchecked it may break the functionality or use of a particular program.
N - This status flag means it is unnecessary to run this program automatically when Windows starts as you can run it manually when necessary.
U - This status flag means it is up to you whether or not you feel this program needs to run automatically.
X - This status flags means the item should definitely not start up automatically. Items that have this flag are generally malware such as viruses, trojans, hijackers, spyware but could also be programs that are not desirable to run on your computer.
? - This status flag means the status of this entry is unknown at this time and more research is necessary.

If you require assistance in removing one of these files you can ask us in the Startup Database Forum.

Disclaimer

It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. BleepingComputer.com will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.