Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help Forums Windows Startup Programs Database Virus, Spyware, and Malware Removal Guides Computer Tutorials Uninstall Database File Database Computer Glossary Computer Resources
 

Alert!  Have a problem and would like to ask us for help? To learn how to ask your question Click Here!
Stop!  Do you have popups or other malware infecting your computer? If so, Start Here!
Question?  Are you having trouble using this site? Then you should visit the New User Orientation Center!



A    B    C    D    E    F    G    H    I    J    K    L    M    N    O    P    Q    R    S    T    U    V    W    X    Y    Z    Other   
HJT: F0, F1, F2, F3 · O4 · O20 · O21 · O22 · O23
Rootkit List  · Submit a Startup  · Top Submitters
 Startup Index · Newest Entries · Mozilla Search Tools · WebMaster Site Tools · Status Key
Startup Database Forum · Computer Help Forums · How to use the Startup Database

Enter the filename or keyword you would like to search for:
Advanced Search

Name Filename Status Description
odnexy odbnsy.exe
X
Identified by Sophos as a variant of the Mal/FakeAV-BT malware.
Remote System Protection <random.dll
X
Unknown malware.
sysconfig32 sysconfig32.exe
X
Added by the Troj/Agent-MSP Trojan.
User Protection usrprot.exe
X
Added by the User Protection rogue anti-spyware program.
winlog.exe winlog.exe
X
Added by the Troj/Bckdr-RBJ backdoor Trojan.
Security Guard SG345d.exe
X
Added by the Security Guard rogue anti-spyware program.
Server for NFS nfssvc.exe
X
Added by the Troj/ServU-FZ backdoor FTP program.
PersSecurity personalsecurity.exe
X
Added by the Personal Security rogue anti-spyware program.
Print Spooler spoolsv.exe
Y
Windows service that loads files to memory for later printing.
Net Logon lsass.exe
Y
Microsoft service that supports pass-through authentication of account logon events for computers in a domain.
<not used> Explorer.exe
Y
Explorer.exe is the user shell of Windows. This program loads the desktop, Start Menu, taskbar and user interface for Windows.
mshmail mshmail.exe
X
Added by the TROJ_INJECT.JDT Trojan.
AV7 antivirus7.exe
X
Added by the Antivirus7 rogue anti-spyware program.
SmartSecurity SmartSecurity.exe
X
Added by the Smart Security rogue anti-spyware program.
CleanUp Antivirus CU345d.exe
X
Added by the Cleanup Antivirus rogue anti-spyware program.
SysCom msnmsgr.exe
X
Added by the Troj/Bank-AF information stealing trojan for online banks.
Windows Update klass.exe
X
Added by the Troj/Bifrose-ZH backdoor Trojan.
RTHDBPL lsass.exe
X
Added by the Troj/Mdrop-CKT malware dropping Trojan. This infection should not be confused with the legitimate C:\Windows\System32\lsass.exe file.
odnex odbns.exe
X
Added by the Troj/Agent-MPM Trojan.
<random characters> xvassdf.exe
X
Added by the W32/AutoRun-BAD removable media worm.
asr64_ldm.exe asr64_ldm.exe
X
Added by the Dr. Guard rogue anti-spyware program.
Dr. Guard drguard.exe
X
Added by the Dr. Guard rogue anti-spyware program.
Windows Firewall Updater windowsupdate.exe
X
Added by the W32.Spybot.AVEO worm. W32.Spybot.AVEO is a worm that attempts to exploit a number of vulnerabilities in order to spread. It may also spread through network shares protected by weak passwords.
sioco sioco.exe
X
Added by the Troj/Agent-MOD Trojan.
PersSecurity psecurity.exe
X
Added by the Personal Security rogue anti-spyware program.
smess smess.exe
X
Identified by Nod32 as a variant of the Win32/TrojanDownloader.Delf.PCZ malware.
GoogleUpdater3 GoogleMapper.exe
X
Added by the Troj/VBInj-F Trojan.
sysfbtray bill102.exe
X
Added by the Troj/VB-ENI Trojan.
Antimalware Doctor.exe Antimalware Doctor.exe
X
Added by the Antimalware Doctor rogue anti-spyware program.
<not used> Antispyware.exe
X
Added by the PC Defender rogue anti-spyware program.
NVIDIA Media Center Library winlogon.exe
X
Added by the W32/AutoRun-AZK removable media worm.
%Temp%\delInstavp2009.bat delInstavp2009.bat
X
Added by the registered version of the Personal Anti Malware Center rogue anti-spyware program.
%Temp%\delUpdav2009.bat delUpdav2009.bat
X
Added by the registered version of the Personal Anti Malware Center rogue anti-spyware program.
%Temp%\delav2009.bat delav2009.bat
X
Added by the registered version of the Personal Anti Malware Center rogue anti-spyware program.
Personal Anti Malware Center AMC.exe
X
Added by the registered version of the Personal Anti Malware Center rogue anti-spyware program.
%Temp%\delInstav2009.bat delInstav2009.bat
X
Added by the unregistered version of the Personal Anti Malware Center rogue anti-spyware program.
Windows applications server SysShield.exe
X
Added by the unregistered version of the Personal Anti Malware Center rogue anti-spyware program.
Personal Anti Malware PAM.exe
X
Added by the unregistered version of the Personal Anti Malware Center rogue anti-spyware program.
Security essentials 2010 SE2010.exe
X
Added by the Security Essentials 2010 rogue anti-spyware program.
A_M_P_NET AntiMalwarePro.exe
X
Added by the AntiMalwarePro rogue anti-spyware program.
winwvv32 winwvv32.dll
X
Added by the Troj/Nebuler-U Trojan.
winakd32 winakd32.dll
X
Added by the Troj/Nebuler-V Trojan.
scssrr.exe Services.exe
X
Added by the Troj/VB-EMX Trojan. This infection should not be confused with the legitimate C:\Windows\System32\services.exe.
Windows Mobile-based device managemen wmdSync.exe
U
Added by the Windows Mobile Device Center is a program for Windows Vista and Windows 7 that allows you to manage device settings, media, and programs on Windows mobile devices.
My Security Wall MS339.exe
X
Added by the My Security Wall rogue anti-spyware program.
Virtual PC Host Bus Service vpchbus.sys
Y
Virtual PC Host Bus Service driver.
Storage volumes volsnap.sys
Y
Windows driver related to Storage volumes.
@%SystemRoot%\system32\drivers\volmgrx.sys,-100 volmgrx.sys
Y
Windows driver related to volume management.
Volume Manager Driver volmgr.sys
Y
Windows driver for managing Windows volumes.
VMware vmx86 vmx86.sys
Y
VMware Virtualization Driver.
VMware NAT Service vmnat.exe
Y
VMware service that provides Network address translation for virtual networks.
VMware USB Arbitration Service vmware-usbarbitrator.exe
Y
VMware USB Arbitration Service. Allows USB devices plugged into the HOST to be usable by the guest.
VMware VMparport VMparport.sys
Y
VMware Parallel Port Driver. Allows VMware guests to print through the host's printer.
VMware Network Application Interface vmnetuserif.sys
Y
Allows VMware applications to use virtual networks.
VMware DHCP Service vmnetdhcp.exe
Y
Vmware DHCP service for virtual networks. This allows your Vmware guests to receive an IP address via DHCP.
VMware Bridge Protocol vmnetbridge.sys
Y
VMware Bridge Protocol driver.
VMware kbd VMkbd.sys
Y
VMware Keyboard Driver.
VMware vmci vmci.sys
Y
VMware Virtual Machine Communication Interface (VMCI) Driver.
VMware Authorization Service vmware-authd.exe
Y
Vmware Driver that acts as a authorization and authentication service for starting and accessing virtual machines.
LAN dhcp.exe
X
Added by the W32/Rbot-GYI worm and IRC backdoor.
<not used> mspdb30.dll
X
Added by the Generic Dropper.lr Trojan.
MSSE msseces.exe
Y
Added by the Microsoft Security Essentials anti-virus program.
Security Antivirus SA345d.exe
X
Added by the Security Antivirus rogue anti-spyware program.
Tibiabot calc.exe
X
Added by the BackDoor-CEP!ic backdoor Trojan. This infection uses Alternate Data Streams to hide itself. In order to remove these files you will need to use ADSSpy. Do not delete the C:\Windows\ folder as it is required to run Windows.
wuweb wuweb.exe
X
Added by the Trojan.Wuwo Trojan. Trojan.Wuwo is a Trojan horse that drops more malware on to the compromised computer.
Taskman ufxw.exe
X
Added by the Troj/VBInj-D Trojan.
autoMe samok.vbs
X
Added by the VBS/Samok-A worm. Please note that C:\Windows\System32\wscript.exe is a legitimate program and should not be deleted.
dispenter dispenter.exe
X
Added by the Troj/Agent-MKK Trojan.
ClipMate7 ClipMate.exe
N
Added by the Clipmate 7 clipboard extender.
Adobe ARM AdobeARM.exe
N
Adobe Arm, otherwise known as Adobe Reader and Acrobat Manager, is an autoupdate utility that notifies you, downloads, and installs new updates for these products. If you install these updates manually then you do not need this program to start up automatically.
Google Quick Search Box GoogleQuickSearchBox.exe
N
This startup adds a Google search box to your Windows taskbar.
SecurePcAv SecurePcAv.exe
X
Added by the SecurePcAv rogue anti-spyware program.
advanceddefender advanceddefender.exe
X
Added by the Advanced Defeder rogue security program.
Paladin Antivirus pav.exe
X
Added by the Paladin Antivirus rogue security program.
VRT1 VRT1.EXE
X
Identified as a variant of the W32/Virut.n.gen virus.
peersvc Service PeerSvc.exe
X
Identified as a variant of the W32/Virut.n.gen virus.
notepad ntload.dll
X
Identified as a variant of the Trojan:Win32/Opachki.A malware. Please note that c:\Windows\System32\rundll32.exe is a legitimate program and should not be deleted.
notepad notepad.dll
X
Identified as a variant of the Trojan:Win32/Opachki.A malware. Please note that c:\Windows\System32\rundll32.exe is a legitimate program and should not be deleted.
exec services.exe
X
Unidentified malware. This infection should not be confused with the legitimate C:\Windows\System32\services.exe file.
y'z shadow YzShadow.exe
U
Y'z Shadow adds a shadow effect to the windows in pursuit of the "beauty of a shadow".
SafePcAv SafePcAv.exe
X
Added by the SavePcAv rogue anti-spyware program.
Windows Services Agent msngears.exe
X
Added by the Troj/VB-EMS Trojan.
SystemCleaner Clean2.exe
X
Added by the W32/Autorun-AZE removable media worm.
Update Service svchost.exe
X
Added by the Your PC Protector rogue anti-spyware program. This infection should not be confused with the legitimate C:\Windows\System32\svchost.exe
GuardWWW GuardWWW.exe
X
Added by the GuardWWW rogue anti-spyware program.
Firewall Administrating infocard.exe
X
Added by the W32/Autorun-AYV removable media worm.
imPlayok imPlayok.ex
X
Added by the Cutwail.gen.o Trojan. This malware attempts to perform SSL DDOS attacks at various sites.
PIXMA Extended Survey Program IJPLMSVC.EXE
N
Added by Canon printer software. This software will collect information such as printer's id number, installation date and time, ink use information, number of sheets printers, etc. It will then send this information to Canon after a certain amount of time.
Inkjet Printer/Scanner Extended Survey Program IJPLMSVC.EXE
N
Added by Canon printer software. This software will collect information such as printer's id number, installation date and time, ink use information, number of sheets printers, etc. It will then send this information to Canon after a certain amount of time.
Kaspersky Anti-Virus avp.exe
Y
Added by Kaspersky Anti-virus.
MyPcSecure MyPcSecure.exe
X
Added by the MyPcSecure rogue anti-spyware program.
<not used> hivie.vbe
X
Added by the VBS/Autorun-AYI worm that spreads via USB keys. Please C:\Windows\System32\wscript.exe is a legitimate program and should not be deleted.
System antivirus.vbe
X
Added by the VBS/Autorun-AYI worm that spreads via USB keys.
Intel Management Services v32 mstime32.exe
X
Added by the W32/AutoRun-AYG removable media worm.
Host Process for Windows Tasks taskhost.exe
X
Added by the W32/Bredo-AI worm.
incognito incognito,exe
X
Added by the Troj/Inject-LR Trojan.
PcSecureNet PcSecureNet.exe
X
Added by the PcSecureNet rogue anti-spyware program.
Live Enterprise Suite IAPro.exe
X
Added by the Live Enterprise Suite rogue anti-spyware program.
Guard Service services.exe
X
Added by the Live Enterprise Suite rogue anti-spyware program.
Mseu Mseu.sys
X
Added by the W32.Zimuse.B worm. W32.Zimuse.B is a worm that deletes files and overwrites the master boot record of the compromised computer.


> Status Key
Each entry in the database will have a Status assigned to it. The key to this status is the following:
  • Y - This status flag means that this entry should be left alone and be allowed to run as if it is unchecked it may break the functionality or use of a particular program.
  • N - This status flag means it is unnecessary to run this program automatically when Windows starts as you can run it manually when necessary.
  • U - This status flag means it is up to you whether or not you feel this program needs to run automatically.
  • X - This status flags means the item should definitely not start up automatically. Items that have this flag are generally malware such as viruses, trojans, hijackers, spyware but could also be programs that are not desirable to run on your computer.
  • ? - This status flag means the status of this entry is unknown at this time and more research is necessary.
If you require assistance in removing one of these files you can ask us in the Startup Database Forum.

> Disclaimer
It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. BleepingComputer.com will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.


Advertise   |   About Us   |   Terms of Use   |   Privacy Policy   |   Contact Us   |   Site Map   |   Chat   |   Tutorials   |   Uninstall List
Discussion Forums   |   The Computer Glossary   |   Resources   |   RSS Feeds   |   Startups   |   The File Database   |   Virus Removal Guides


Portions of this database © Paul Collins
© 2003-2010 All Rights Reserved Bleeping Computer LLC.
PGT: 0.21662 Queries: 5