Newest 100 Entries

Bleeping Computer

Welcome Guide Blogs Chat Help Search RSS

Welcome Guest (Log In | Create Account)

New Member? Join for free.

Have a problem and would like to ask us for help? To learn how to ask your question Click Here!

Do you have popups or other malware infecting your computer? If so, Start Here!

Are you having trouble using this site? Then you should visit the New User Orientation Center!

BleepingComputer.com -> Startup Programs Database -> Newest 100 Entries

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Other

HJT: F0, F1, F2, F3 · O4 · O20 · O21 · O22 · O23

Rootkit List · Submit a Startup · Top Submitters

Startup Index · Newest Entries · Mozilla Search Tools · WebMaster Site Tools · Status Key
Startup Database Forum · Computer Help Forums · How to use the Startup Database

Enter the filename or keyword you would like to search for:

Advanced Search

Name	Filename	Status	Description
achromatic	gtckad.dll	X	Zlob Trojan which installs the AntivirusTrigger rogue anti-spyware program. This program displays fake security alerts stating that your computer has a security problem and then downloads and install AntivirusTrigger onto your computer without permission. This Trojan pretends to be a fake video codec required to watch videos online.
tipguard.exe	tipguard.exe	X	Added by the Privacy Commander rogue security software.
QnX	qnx.exe	X	Added by the W32.Ackantta@mm mass-mailing worm.
Wind River Systems	vxworks.exe	X	Added by the WORM_MYDOOM.CG mass-mailing worm.
star8	svscheld.exe	X	Added by the Troj/DwnLdr-HLK downloading Trojan.
star7	Mscheldncx.exe	X	Added by the Troj/DwnLdr-HLK downloading Trojan.
star6	MscheldB.exe	X	Added by the Troj/DwnLdr-HLK downloading Trojan.
star4	Zred2.exe	X	Added by the Troj/DwnLdr-HLK downloading Trojan.
star3	Xred1.exe	X	Added by the Troj/DwnLdr-HLK downloading Trojan.
star2	ischot.exe	X	Added by the Troj/DwnLdr-HLK downloading Trojan.
star1	Winrun.exe	X	Added by the Troj/DwnLdr-HLK downloading Trojan.
Supports RAS Connections	svhost.exe	X	Added by the W32/Rbot-GXH worm and IRC backdoor.
Windows Service Agent	spoolvs.exe	X	Added by the W32/Rbot-GXI worm and IRC backdoor.
{77520Q86-864L-N81R-0R2W-7U2G0P22436U}	qnx.exe	X	Added by the W32/Autorun-RI removable media worm.
Yahoo Messengger	gphone.exe	X	Added by the W32/Tiotua-AA Trojan.
Perfect Defender 2009	pdfndr.exe	X	Added by the Perfect Defender 2009 rogue anti-spyware program.
fddi	pbhha.dll	X	Zlob Trojan which installs the AntivirusTrigger rogue anti-spyware program. This program displays fake security alerts stating that your computer has a security problem and then downloads and install AntivirusTrigger onto your computer without permission. This Trojan pretends to be a fake video codec required to watch videos online.
AntiVirusProMFCT	StartApp.exe	X	Added by the Antivirus Pro rogue anti-spyware program.
Nano Antivirus	nanoav.exe	X	Added by the Nano Antivirus rogue anti-spyware program.
Last.fm Helper	LastFMHelper.exe	N	Installed by the Last.fm software. This program provides iPod support and is used to detect when an iPod is plugged in.
PMX Daemon	ICO.EXE	U	Mouse software that allows you to change a variety of options for your mouse. May cause problem with some DirectX games if it disabled.
JDe-sign Electronic Signature Capture	dsignature.exe	?	Related to software from John Deere.
sbrige	sbrige.dll	X	Added by a variant of the Goldun.Fam Trojan.
wrapkm	wrapkm.dll	X	Added by a variant of the Goldun.Fam Trojan.
mckwave	mckwave.dll	X	Added by a variant of the Goldun.Fam Trojan.
evacuative	cwegus.dll	X	Zlob Trojan which installs the AntivirusTrigger rogue anti-spyware program. This program displays fake security alerts stating that your computer has a security problem and then downloads and install AntivirusTrigger onto your computer without permission. This Trojan pretends to be a fake video codec required to watch videos online.
AnvTrgr	AnvTrgr.exe	X	Zlob Trojan which installs the AntivirusTrigger rogue anti-spyware program. This program displays fake security alerts stating that your computer has a security problem and then downloads and install AntivirusTrigger onto your computer without permission. This Trojan pretends to be a fake video codec required to watch videos online.
{Y479C6A0-OTRV-U5KH-S1UE-E0BC10B4E666}	UNINSTLV16.exe	X	Added by the TROJ_RANDSOM.A Trojan.
Sysanalysing	myrvc.exe	X	Added by the W32/AutoRun-RD removable media worm.
.Net Recovery	dotnetfx.dll	X	Added by the W32.Delezium virus. W32.Delezium is a virus that infects executable files and deletes certain files on the compromised computer.
<not used>	LOVERAHULSAS.VBS	X	Added by the VBS/Autorun-QO removable media worm.
WinwebSecurity	WinwebSecurity.exe	X	Added by the Winweb Security rogue anti-spyware program.
disaffiliation	eebpj.dll	X	Zlob Trojan which installs the AntivirusTrigger rogue anti-spyware program. This program displays fake security alerts stating that your computer has a security problem and then downloads and install AntivirusTrigger onto your computer without permission. This Trojan pretends to be a fake video codec required to watch videos online.
Generic Host	wauclt.exe	X	Added by the W32/Sdbot-DNL worm and IRC backdoor.
AntiSpywareGuard	asg.exe	X	Added by the AntiSpywareGuard rogue anti-spyware program.
demobilisation	umhzwl.dll	X	Zlob Trojan which installs the AntivirusTrigger rogue anti-spyware program. This program displays fake security alerts stating that your computer has a security problem and then downloads and install AntivirusTrigger onto your computer without permission. This Trojan pretends to be a fake video codec required to watch videos online.
crimsonness	tiltmeo.dll	X	Zlob Trojan which installs the AntivirusTrigger rogue anti-spyware program. This program displays fake security alerts stating that your computer has a security problem and then downloads and install AntivirusTrigger onto your computer without permission. This Trojan pretends to be a fake video codec required to watch videos online.
VirTrigger	virtrigger.exe	X	Added by the VirusTrigger rogue anti-spyware program.
AvirTr	AvirTr.exe	X	Added by the AntivirusTrigger rogue anti-spyware program.
Internet Explorer Sys32	isys32.exe	X	Added by the W32/IRCBot-ADA worm and IRC backdoor.
SpywareRemover2009	SR.exe	X	Added by the SpywareRemover 2009 rogue anti-spyware program.
XP Protection Center	XPProtectionCenter.exe	X	Added by the XP Protection Center rogue anti-spyware program.
priarsz	priarsz.dll	X	Identified as a variant of the Goldun infection.
OEM05Mon.exe	OEM05Mon.exe	U	Program related to the Creative Live! Cam Console. This console allows you to adjust various settings of your webcam. Does not need to be enabled unless you change these options often.
crimsonness	tiltmeo.dll	X	Zlob Trojan which installs the VirusTrigger rogue anti-spyware program. This program displays fake security alerts stating that your computer has a security problem and then downloads and install VirusTrigger onto your computer without permission. This Trojan pretends to be a fake video codec required to watch videos online.
CompuSpy KeyLogger	cswin2008.exe	U	Added by the Spyware.CompuSpy surveillance software. Spyware.CompuSpy is a spyware program that attempts to record keystrokes on the computer. If this software was found on your computer without your knowledge, you should uninstall it.
10.1.08	10.1.08.exe	X	Added by the W32.Redlofs worm.
VMware hptray	hpmon.exe	X	Trojan that is typically bundled with rogue anti-spyware programs and fake codecs. Once installed, this infection will advertise other rogue anti-spyware programs on your computer through the use of fake or misleading security alerts.
QuickTime Task	qttask.exe	X	Trojan that is typically bundled with rogue anti-spyware programs and fake codecs. Once installed, this infection will advertise other rogue anti-spyware programs on your computer through the use of fake or misleading security alerts.
behaves	gowqug.dll	X	Zlob Trojan which installs the VirusTrigger rogue anti-spyware program. This program displays fake security alerts stating that your computer has a security problem and then downloads and install VirusTrigger onto your computer without permission. This Trojan pretends to be a fake video codec required to watch videos online.
Quernt	wntfy.exe	X	Added by the W32/Autorun-PF removable media worm.
MSFox	<random.exe>	X	Added by the Troj/DwnLdr-HKP Trojan.
ish-b.exe	ish-b.exe	X	Added by the Troj/IRCBot-ACZ worm and IRC backdoor.
explozer	exploner.exe	X	Added by the Troj/PWS-AWB password-stealing Trojan.
flaxen	wakjs.dll	X	Zlob Trojan which installs the VirusTrigger rogue anti-spyware program. This program displays fake security alerts stating that your computer has a security problem and then downloads and install VirusTrigger onto your computer without permission. This Trojan pretends to be a fake video codec required to watch videos online.
{BFFC91EE-6600-4F8D-13F4-C91F18F4E130}	Q.BoyZ .exe	X	Added by the Troj/Mdrop-BWT Trojan.
mt49hub	mt49hub.dll	X	A variant of the Haxdoor Trojan. This infection is hidden by the msvtch.sys rootkit.
Kernel Mode SND msvtcher	msvtch.sys	X	A variant of the Haxdoor rootkit.
<not used>	vmmon.exe	X	Added by the W32/AutoRun-NZ removable media worm.
VirusTriggerBin	VirusTriggerBin.exe	X	Added by the VirusTrigger rogue anti-spyware program.
{A797F5CE-088E-F569-4314-616820293A49}	kiral.exe	X	A variant of the Backdoor.Bifrose backdoor Trojan. Backdoor.Bifrose is a Trojan horse that uses a backdoor server to send information to a remote server. It then uploads one or more files and runs them on the compromised system.
{3B5C01D2-3541-080B-0602-050403070505}	msisv.exe	X	Identified as a variant of the Backdoor:Win32/Poison malware.
{28ABC5C0-4FCB-33CF-AAX5-35GX1C642122}	Taquito.exe	X	Identified as a variant of the IRC-Worm.Win32.Small worm.
{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}	vmmgr.exe	X	Identified as a variant of the IRC-Worm.Win32.Small worm.
XP HOT Ops	KB15oooo.exe	X	Identified as a variant of the Worm:Win32/Wootbot.gen worm.
System Update	smss.exe	X	Identified as a variant of the Trojan:Win32/Eson.C Trojan. This infection should not be confused with the legitimate C:\Windows\system32\smss.exe file.
sysmanager.exe	sysmanager.exe.exe	X	Identified as a variant of the Backdoor.Win32.IrcContact malware.
Symantec Boot Config	symbootcfg.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Printer Spooler	spoolsv.exe	X	Identified as a variant of the IRC-Worm.Win32.Small worm.
Windows Update	VNASC.exe	X	A variant of the Rbot family of worms and IRC backdoor Trojans.
Microsoft Agent	sxchost.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
MSn Client Cfg	msnclicfg.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
indows Services	explrer.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
MSN	lsuss.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
MSN	lsas.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Logitech RX	slrhost.exe	X	A variant of the Backdoor.Sdbot family of worms and IRC backdoor Trojans.
MSN	svhost.exe	X	A variant of the Backdoor.Sdbot family of worms and IRC backdoor Trojans.
internet security manager	dll32.exe	X	Identified as a variant of the IRC-Worm.Win32.Small worm.
<not used>	msupdt.exe	X	Identified as a variant of the TR/Downloader.Gen Trojan.
<not used>	Servicess.exe	X	Identified as a variant of the Worm.IM.Sohanad worm.
gadcom	winlogun.exe	X	Identified as a variant of the Trojan:Win32/Matcash.HZ malware. The * in the command represents a random number.
<random name>	winlogun.exe	X	Identified as a variant of the Trojan.Fakealert.ALU malware.
ExploreUpdSched	mcntmtdl.exe	X	Identified as a variant of the AdWare.Win32.ZenoSearch.am malware.
DW_Start	dwwnw64r.exe	X	Identified as a variant of the AdWare.Win32.ZenoSearch.am malware.
status	status.dll	X	A variant of the Haxdoor Trojan. This infection is hidden by the tage32.sys rootkit.
NGate service	tage32.sys	X	A variant of the Haxdoor rootkit.
Vistual PC	vssrvc.exe	X	Added by the Troj/Dloadr-BYZ downloading Trojan.
Java Express	sjehost.exe	X	Added by the W32/Sdbot-DNJ worm and IRC backdoor.
GetModule27	GetModule27.exe	X	Added by the Troj/Agent-IEG keylogging Trojan.
cypselomorphae	ebmkdz.dll	X	Zlob Trojan which installs the VirusResponse Lab 2009 rogue anti-spyware program. This program displays fake security alerts stating that your computer has a security problem and then downloads and install VirusResponse Lab onto your computer without permission. This Trojan pretends to be a fake video codec required to watch videos online.
prunnet	prun.exe	X	Added by the Troj/VBDown-H Trojan.
Wireless Zero Configuration WZCSVCRpcLocator	Setupw.exe	X	Added by the Troj/Kango-F Trojan.
ViRsLab	ViRsLab.exe	X	Added by the VirusResponse Lab 2009 rogue anti-spyware program.
awash	bcxjqr.dll	X	Zlob Trojan which installs the VirusResponse Lab 2009 rogue anti-spyware program. This program displays fake security alerts stating that your computer has a security problem and then downloads and install VirusResponse Lab onto your computer without permission. This Trojan pretends to be a fake video codec required to watch videos online.
ANTIVIRUS	UltraAV.exe	X	Added by the Ultra Antivirus 2009 rogue anti-spyware program.
displume	qfrmwmq.dll	X	Zlob Trojan which installs the VirusResponse Lab 2009 rogue anti-spyware program. This program displays fake security alerts stating that your computer has a security problem and then downloads and install VirusResponse Lab onto your computer without permission. This Trojan pretends to be a fake video codec required to watch videos online.
f1020	f1020.exe	X	Added by the WORM_AUTORUN.MBC removable media worm.
Antivirus Pro 2009	AntivirusPro2009.exe	X	Added by the Antivirus Pro 2009 rogue anti-spyware program.
BDRegion	brs.exe	U	Added by the PowerDVD. This startup allows the user to set the Region on Blu-ray discs.
pep	pep.exe	X	Added by the Troj/Zlob-AQH Trojan.

Status Key

Each entry in the database will have a Status assigned to it. The key to this status is the following:

Y - This status flag means that this entry should be left alone and be allowed to run as if it is unchecked it may break the functionality or use of a particular program.
N - This status flag means it is unnecessary to run this program automatically when Windows starts as you can run it manually when necessary.
U - This status flag means it is up to you whether or not you feel this program needs to run automatically.
X - This status flags means the item should definitely not start up automatically. Items that have this flag are generally malware such as viruses, trojans, hijackers, spyware but could also be programs that are not desirable to run on your computer.
? - This status flag means the status of this entry is unknown at this time and more research is necessary.

If you require assistance in removing one of these files you can ask us in the Startup Database Forum.

Disclaimer

It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. BleepingComputer.com will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.