Newest 100 Entries

Bleeping Computer

Welcome Guide Blogs Chat Help Search RSS

Welcome Guest (Log In | Create Account)

New Member? Join for free.

Have a problem and would like to ask us for help? To learn how to ask your question Click Here!

Do you have popups or other malware infecting your computer? If so, Start Here!

Are you having trouble using this site? Then you should visit the New User Orientation Center!

BleepingComputer.com -> Startup Programs Database -> Newest 100 Entries

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Other

HJT: F0, F1, F2, F3 · O4 · O20 · O21 · O22 · O23

Rootkit List · Submit a Startup · Top Submitters

Startup Index · Newest Entries · Mozilla Search Tools · WebMaster Site Tools · Status Key
Startup Database Forum · Computer Help Forums · How to use the Startup Database

Enter the filename or keyword you would like to search for:

Advanced Search

Name	Filename	Status	Description
odnexy	odbnsy.exe	X	Identified by Sophos as a variant of the Mal/FakeAV-BT malware.
Remote System Protection	<random.dll	X	Unknown malware.
sysconfig32	sysconfig32.exe	X	Added by the Troj/Agent-MSP Trojan.
User Protection	usrprot.exe	X	Added by the User Protection rogue anti-spyware program.
winlog.exe	winlog.exe	X	Added by the Troj/Bckdr-RBJ backdoor Trojan.
Security Guard	SG345d.exe	X	Added by the Security Guard rogue anti-spyware program.
Server for NFS	nfssvc.exe	X	Added by the Troj/ServU-FZ backdoor FTP program.
PersSecurity	personalsecurity.exe	X	Added by the Personal Security rogue anti-spyware program.
Print Spooler	spoolsv.exe	Y	Windows service that loads files to memory for later printing.
Net Logon	lsass.exe	Y	Microsoft service that supports pass-through authentication of account logon events for computers in a domain.
<not used>	Explorer.exe	Y	Explorer.exe is the user shell of Windows. This program loads the desktop, Start Menu, taskbar and user interface for Windows.
mshmail	mshmail.exe	X	Added by the TROJ_INJECT.JDT Trojan.
AV7	antivirus7.exe	X	Added by the Antivirus7 rogue anti-spyware program.
SmartSecurity	SmartSecurity.exe	X	Added by the Smart Security rogue anti-spyware program.
CleanUp Antivirus	CU345d.exe	X	Added by the Cleanup Antivirus rogue anti-spyware program.
SysCom	msnmsgr.exe	X	Added by the Troj/Bank-AF information stealing trojan for online banks.
Windows Update	klass.exe	X	Added by the Troj/Bifrose-ZH backdoor Trojan.
RTHDBPL	lsass.exe	X	Added by the Troj/Mdrop-CKT malware dropping Trojan. This infection should not be confused with the legitimate C:\Windows\System32\lsass.exe file.
odnex	odbns.exe	X	Added by the Troj/Agent-MPM Trojan.
<random characters>	xvassdf.exe	X	Added by the W32/AutoRun-BAD removable media worm.
asr64_ldm.exe	asr64_ldm.exe	X	Added by the Dr. Guard rogue anti-spyware program.
Dr. Guard	drguard.exe	X	Added by the Dr. Guard rogue anti-spyware program.
Windows Firewall Updater	windowsupdate.exe	X	Added by the W32.Spybot.AVEO worm. W32.Spybot.AVEO is a worm that attempts to exploit a number of vulnerabilities in order to spread. It may also spread through network shares protected by weak passwords.
sioco	sioco.exe	X	Added by the Troj/Agent-MOD Trojan.
PersSecurity	psecurity.exe	X	Added by the Personal Security rogue anti-spyware program.
smess	smess.exe	X	Identified by Nod32 as a variant of the Win32/TrojanDownloader.Delf.PCZ malware.
GoogleUpdater3	GoogleMapper.exe	X	Added by the Troj/VBInj-F Trojan.
sysfbtray	bill102.exe	X	Added by the Troj/VB-ENI Trojan.
Antimalware Doctor.exe	Antimalware Doctor.exe	X	Added by the Antimalware Doctor rogue anti-spyware program.
<not used>	Antispyware.exe	X	Added by the PC Defender rogue anti-spyware program.
NVIDIA Media Center Library	winlogon.exe	X	Added by the W32/AutoRun-AZK removable media worm.
%Temp%\delInstavp2009.bat	delInstavp2009.bat	X	Added by the registered version of the Personal Anti Malware Center rogue anti-spyware program.
%Temp%\delUpdav2009.bat	delUpdav2009.bat	X	Added by the registered version of the Personal Anti Malware Center rogue anti-spyware program.
%Temp%\delav2009.bat	delav2009.bat	X	Added by the registered version of the Personal Anti Malware Center rogue anti-spyware program.
Personal Anti Malware Center	AMC.exe	X	Added by the registered version of the Personal Anti Malware Center rogue anti-spyware program.
%Temp%\delInstav2009.bat	delInstav2009.bat	X	Added by the unregistered version of the Personal Anti Malware Center rogue anti-spyware program.
Windows applications server	SysShield.exe	X	Added by the unregistered version of the Personal Anti Malware Center rogue anti-spyware program.
Personal Anti Malware	PAM.exe	X	Added by the unregistered version of the Personal Anti Malware Center rogue anti-spyware program.
Security essentials 2010	SE2010.exe	X	Added by the Security Essentials 2010 rogue anti-spyware program.
A_M_P_NET	AntiMalwarePro.exe	X	Added by the AntiMalwarePro rogue anti-spyware program.
winwvv32	winwvv32.dll	X	Added by the Troj/Nebuler-U Trojan.
winakd32	winakd32.dll	X	Added by the Troj/Nebuler-V Trojan.
scssrr.exe	Services.exe	X	Added by the Troj/VB-EMX Trojan. This infection should not be confused with the legitimate C:\Windows\System32\services.exe.
Windows Mobile-based device managemen	wmdSync.exe	U	Added by the Windows Mobile Device Center is a program for Windows Vista and Windows 7 that allows you to manage device settings, media, and programs on Windows mobile devices.
My Security Wall	MS339.exe	X	Added by the My Security Wall rogue anti-spyware program.
Virtual PC Host Bus Service	vpchbus.sys	Y	Virtual PC Host Bus Service driver.
Storage volumes	volsnap.sys	Y	Windows driver related to Storage volumes.
@%SystemRoot%\system32\drivers\volmgrx.sys,-100	volmgrx.sys	Y	Windows driver related to volume management.
Volume Manager Driver	volmgr.sys	Y	Windows driver for managing Windows volumes.
VMware vmx86	vmx86.sys	Y	VMware Virtualization Driver.
VMware NAT Service	vmnat.exe	Y	VMware service that provides Network address translation for virtual networks.
VMware USB Arbitration Service	vmware-usbarbitrator.exe	Y	VMware USB Arbitration Service. Allows USB devices plugged into the HOST to be usable by the guest.
VMware VMparport	VMparport.sys	Y	VMware Parallel Port Driver. Allows VMware guests to print through the host's printer.
VMware Network Application Interface	vmnetuserif.sys	Y	Allows VMware applications to use virtual networks.
VMware DHCP Service	vmnetdhcp.exe	Y	Vmware DHCP service for virtual networks. This allows your Vmware guests to receive an IP address via DHCP.
VMware Bridge Protocol	vmnetbridge.sys	Y	VMware Bridge Protocol driver.
VMware kbd	VMkbd.sys	Y	VMware Keyboard Driver.
VMware vmci	vmci.sys	Y	VMware Virtual Machine Communication Interface (VMCI) Driver.
VMware Authorization Service	vmware-authd.exe	Y	Vmware Driver that acts as a authorization and authentication service for starting and accessing virtual machines.
LAN	dhcp.exe	X	Added by the W32/Rbot-GYI worm and IRC backdoor.
<not used>	mspdb30.dll	X	Added by the Generic Dropper.lr Trojan.
MSSE	msseces.exe	Y	Added by the Microsoft Security Essentials anti-virus program.
Security Antivirus	SA345d.exe	X	Added by the Security Antivirus rogue anti-spyware program.
Tibiabot	calc.exe	X	Added by the BackDoor-CEP!ic backdoor Trojan. This infection uses Alternate Data Streams to hide itself. In order to remove these files you will need to use ADSSpy. Do not delete the C:\Windows\ folder as it is required to run Windows.
wuweb	wuweb.exe	X	Added by the Trojan.Wuwo Trojan. Trojan.Wuwo is a Trojan horse that drops more malware on to the compromised computer.
Taskman	ufxw.exe	X	Added by the Troj/VBInj-D Trojan.
autoMe	samok.vbs	X	Added by the VBS/Samok-A worm. Please note that C:\Windows\System32\wscript.exe is a legitimate program and should not be deleted.
dispenter	dispenter.exe	X	Added by the Troj/Agent-MKK Trojan.
ClipMate7	ClipMate.exe	N	Added by the Clipmate 7 clipboard extender.
Adobe ARM	AdobeARM.exe	N	Adobe Arm, otherwise known as Adobe Reader and Acrobat Manager, is an autoupdate utility that notifies you, downloads, and installs new updates for these products. If you install these updates manually then you do not need this program to start up automatically.
Google Quick Search Box	GoogleQuickSearchBox.exe	N	This startup adds a Google search box to your Windows taskbar.
SecurePcAv	SecurePcAv.exe	X	Added by the SecurePcAv rogue anti-spyware program.
advanceddefender	advanceddefender.exe	X	Added by the Advanced Defeder rogue security program.
Paladin Antivirus	pav.exe	X	Added by the Paladin Antivirus rogue security program.
VRT1	VRT1.EXE	X	Identified as a variant of the W32/Virut.n.gen virus.
peersvc Service	PeerSvc.exe	X	Identified as a variant of the W32/Virut.n.gen virus.
notepad	ntload.dll	X	Identified as a variant of the Trojan:Win32/Opachki.A malware. Please note that c:\Windows\System32\rundll32.exe is a legitimate program and should not be deleted.
notepad	notepad.dll	X	Identified as a variant of the Trojan:Win32/Opachki.A malware. Please note that c:\Windows\System32\rundll32.exe is a legitimate program and should not be deleted.
exec	services.exe	X	Unidentified malware. This infection should not be confused with the legitimate C:\Windows\System32\services.exe file.
y'z shadow	YzShadow.exe	U	Y'z Shadow adds a shadow effect to the windows in pursuit of the "beauty of a shadow".
SafePcAv	SafePcAv.exe	X	Added by the SavePcAv rogue anti-spyware program.
Windows Services Agent	msngears.exe	X	Added by the Troj/VB-EMS Trojan.
SystemCleaner	Clean2.exe	X	Added by the W32/Autorun-AZE removable media worm.
Update Service	svchost.exe	X	Added by the Your PC Protector rogue anti-spyware program. This infection should not be confused with the legitimate C:\Windows\System32\svchost.exe
GuardWWW	GuardWWW.exe	X	Added by the GuardWWW rogue anti-spyware program.
Firewall Administrating	infocard.exe	X	Added by the W32/Autorun-AYV removable media worm.
imPlayok	imPlayok.ex	X	Added by the Cutwail.gen.o Trojan. This malware attempts to perform SSL DDOS attacks at various sites.
PIXMA Extended Survey Program	IJPLMSVC.EXE	N	Added by Canon printer software. This software will collect information such as printer's id number, installation date and time, ink use information, number of sheets printers, etc. It will then send this information to Canon after a certain amount of time.
Inkjet Printer/Scanner Extended Survey Program	IJPLMSVC.EXE	N	Added by Canon printer software. This software will collect information such as printer's id number, installation date and time, ink use information, number of sheets printers, etc. It will then send this information to Canon after a certain amount of time.
Kaspersky Anti-Virus	avp.exe	Y	Added by Kaspersky Anti-virus.
MyPcSecure	MyPcSecure.exe	X	Added by the MyPcSecure rogue anti-spyware program.
<not used>	hivie.vbe	X	Added by the VBS/Autorun-AYI worm that spreads via USB keys. Please C:\Windows\System32\wscript.exe is a legitimate program and should not be deleted.
System	antivirus.vbe	X	Added by the VBS/Autorun-AYI worm that spreads via USB keys.
Intel Management Services v32	mstime32.exe	X	Added by the W32/AutoRun-AYG removable media worm.
Host Process for Windows Tasks	taskhost.exe	X	Added by the W32/Bredo-AI worm.
incognito	incognito,exe	X	Added by the Troj/Inject-LR Trojan.
PcSecureNet	PcSecureNet.exe	X	Added by the PcSecureNet rogue anti-spyware program.
Live Enterprise Suite	IAPro.exe	X	Added by the Live Enterprise Suite rogue anti-spyware program.
Guard Service	services.exe	X	Added by the Live Enterprise Suite rogue anti-spyware program.
Mseu	Mseu.sys	X	Added by the W32.Zimuse.B worm. W32.Zimuse.B is a worm that deletes files and overwrites the master boot record of the compromised computer.

Status Key

Each entry in the database will have a Status assigned to it. The key to this status is the following:

Y - This status flag means that this entry should be left alone and be allowed to run as if it is unchecked it may break the functionality or use of a particular program.
N - This status flag means it is unnecessary to run this program automatically when Windows starts as you can run it manually when necessary.
U - This status flag means it is up to you whether or not you feel this program needs to run automatically.
X - This status flags means the item should definitely not start up automatically. Items that have this flag are generally malware such as viruses, trojans, hijackers, spyware but could also be programs that are not desirable to run on your computer.
? - This status flag means the status of this entry is unknown at this time and more research is necessary.

If you require assistance in removing one of these files you can ask us in the Startup Database Forum.

Disclaimer

It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. BleepingComputer.com will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.