Newest 100 Entries

Bleeping Computer

Welcome Guide Blogs Chat Help Search RSS

Welcome Guest (Log In | Create Account)

New Member? Join for free.

Have a problem and would like to ask us for help? To learn how to ask your question Click Here!

Do you have popups or other malware infecting your computer? If so, Start Here!

Are you having trouble using this site? Then you should visit the New User Orientation Center!

BleepingComputer.com -> Startup Programs Database -> Newest 100 Entries

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Other

HJT: F0, F1, F2, F3 · O4 · O20 · O21 · O22 · O23

Rootkit List · Submit a Startup · Top Submitters

Startup Index · Newest Entries · Mozilla Search Tools · WebMaster Site Tools · Status Key
Startup Database Forum · Computer Help Forums · How to use the Startup Database

Enter the filename or keyword you would like to search for:

Advanced Search

Name	Filename	Status	Description
Taskman	ufxw.exe	X	Added by the Troj/VBInj-D Trojan.
autoMe	samok.vbs	X	Added by the VBS/Samok-A worm. Please note that C:\Windows\System32\wscript.exe is a legitimate program and should not be deleted.
dispenter	dispenter.exe	X	Added by the Troj/Agent-MKK Trojan.
ClipMate7	ClipMate.exe	N	Added by the Clipmate 7 clipboard extender.
Adobe ARM	AdobeARM.exe	N	Adobe Arm, otherwise known as Adobe Reader and Acrobat Manager, is an autoupdate utility that notifies you, downloads, and installs new updates for these products. If you install these updates manually then you do not need this program to start up automatically.
Google Quick Search Box	GoogleQuickSearchBox.exe	N	This startup adds a Google search box to your Windows taskbar.
SecurePcAv	SecurePcAv.exe	X	Added by the SecurePcAv rogue anti-spyware program.
advanceddefender	advanceddefender.exe	X	Added by the Advanced Defeder rogue security program.
Paladin Antivirus	pav.exe	X	Added by the Paladin Antivirus rogue security program.
VRT1	VRT1.EXE	X	Identified as a variant of the W32/Virut.n.gen virus.
peersvc Service	PeerSvc.exe	X	Identified as a variant of the W32/Virut.n.gen virus.
notepad	ntload.dll	X	Identified as a variant of the Trojan:Win32/Opachki.A malware. Please note that c:\Windows\System32\rundll32.exe is a legitimate program and should not be deleted.
notepad	notepad.dll	X	Identified as a variant of the Trojan:Win32/Opachki.A malware. Please note that c:\Windows\System32\rundll32.exe is a legitimate program and should not be deleted.
exec	services.exe	X	Unidentified malware. This infection should not be confused with the legitimate C:\Windows\System32\services.exe file.
SafePcAv	SafePcAv.exe	X	Added by the SavePcAv rogue anti-spyware program.
Windows Services Agent	msngears.exe	X	Added by the Troj/VB-EMS Trojan.
SystemCleaner	Clean2.exe	X	Added by the W32/Autorun-AZE removable media worm.
Update Service	svchost.exe	X	Added by the Your PC Protector rogue anti-spyware program. This infection should not be confused with the legitimate C:\Windows\System32\svchost.exe
GuardWWW	GuardWWW.exe	X	Added by the GuardWWW rogue anti-spyware program.
Firewall Administrating	infocard.exe	X	Added by the W32/Autorun-AYV removable media worm.
imPlayok	imPlayok.ex	X	Added by the Cutwail.gen.o Trojan. This malware attempts to perform SSL DDOS attacks at various sites.
PIXMA Extended Survey Program	IJPLMSVC.EXE	N	Added by Canon printer software. This software will collect information such as printer's id number, installation date and time, ink use information, number of sheets printers, etc. It will then send this information to Canon after a certain amount of time.
Inkjet Printer/Scanner Extended Survey Program	IJPLMSVC.EXE	N	Added by Canon printer software. This software will collect information such as printer's id number, installation date and time, ink use information, number of sheets printers, etc. It will then send this information to Canon after a certain amount of time.
Kaspersky Anti-Virus	avp.exe	Y	Added by Kaspersky Anti-virus.
MyPcSecure	MyPcSecure.exe	X	Added by the MyPcSecure rogue anti-spyware program.
<not used>	hivie.vbe	X	Added by the VBS/Autorun-AYI worm that spreads via USB keys. Please C:\Windows\System32\wscript.exe is a legitimate program and should not be deleted.
System	antivirus.vbe	X	Added by the VBS/Autorun-AYI worm that spreads via USB keys.
Intel Management Services v32	mstime32.exe	X	Added by the W32/AutoRun-AYG removable media worm.
Host Process for Windows Tasks	taskhost.exe	X	Added by the W32/Bredo-AI worm.
incognito	incognito,exe	X	Added by the Troj/Inject-LR Trojan.
PcSecureNet	PcSecureNet.exe	X	Added by the PcSecureNet rogue anti-spyware program.
Live Enterprise Suite	IAPro.exe	X	Added by the Live Enterprise Suite rogue anti-spyware program.
Guard Service	services.exe	X	Added by the Live Enterprise Suite rogue anti-spyware program.
Mseu	Mseu.sys	X	Added by the W32.Zimuse.B worm. W32.Zimuse.B is a worm that deletes files and overwrites the master boot record of the compromised computer.
Mstart	Mstart.sys	X	Added by the W32.Zimuse.B worm. W32.Zimuse.B is a worm that deletes files and overwrites the master boot record of the compromised computer.
Self extract service	Mseus.exe	X	Added by the W32.Zimuse.B worm. W32.Zimuse.B is a worm that deletes files and overwrites the master boot record of the compromised computer.
Cftmon32	afd.exe	X	Identified by Kaspersky Antivirus as a variant of the Trojan.Win32.Scar.aywk malware.
{2bf41072-b2b1-21c1-b5c1-0305f4155515}	Ma0ya0.exe	X	Identified by Kaspersky Antivirus as a variant of the Trojan.Win32.Scar.bfdk malware.
Dump	Dump.exe	X	Added by the W32.Zimuse worm. W32.Zimuse is a worm that spreads by copying itself to removable drives
PcsSecure	PcsSecure.exe	X	Added by the PcsSecure rogue anti-spyware program.
SecurityCenter	securitycenter.exe	X	Added by the Desktop Security 2010 rogue anti-spyware program.
Desktop Security 2010	Desktop Security 2010.exe	X	Added by the Desktop Security 2010 rogue anti-spyware program.
APcSecure	APcSecure.exe	X	Added by the APcSecure rogue anti-spyware program.
ProtectSoldier	ProtectSoldier.exe	X	Added by the ProtectSoldier rogue anti-spyware program.
dpzProtect	n.vbe	X	Added by the VBS.Runauto.H worm. VBS.Runauto.H is a worm that spreads through removable drives.
Acroread	GoogleUpdate.exe	X	Added by the Troj/Agent-JGI Trojan.
Java Update	hostwww.exe.exe	X	Added by the Troj/Agent-MFH Trojan.
<not used>	ntsvc32.exe	X	Added by the Troj/Stealth-S Trojan.
ProtectDefender	ProtectDefender.exe	X	Added by the ProtectDefender rogue anti-spyware program.
ArmorDefender	ArmorDefender.exe	X	Added by the ArmorDefender rogue anti-spyware program.
Win Security 360	WinSecurity360.exe	X	Added by the Win Security 360 rogue anti-spyware program.
DefendAPc	DefendAPc.exe	X	Added by the DefendAPc rogue anti-spyware program.
Machine Works, Inc	aecces.exe	X	Added by the Troj/VB-ELW Trojan.
MS Virtual CLS	msvmcls64.exe	X	Added by the Troj/Tedroo-C Trojan.
<random>onin	<random>onin.exe	X	Added by the Ghost Antivirus rogue anti-spyware program.
Ghost Antivirus	GhostAV.exe	X	Added by the Ghost Antivirus rogue anti-spyware program.
smss32.exe	smss32.exe	X	Unknown malware.
winvtv32	winvtv32.dll	X	Identified by Kaspersky as a variant of the Trojan.Win32.Agent.qt Trojan.
Policies	server.exe	X	Added by the W32.Spyrat worm. W32.Spyrat is a worm that copies itself using removable drives and file-sharing networks. It also opens a back door on the computer.
SysDefenders	SysDefenders.exe	X	Added by the SysDefenders rogue anti-spyware program.
System Error Notification	senr32.exe	X	Added by the Troj/Poison-BT Trojan.
InSysSecure	InSysSecure.exe	X	Added by the InSysSecure rogue anti-spyware program.
SysProtector	SysProtector.exe	X	Added by the SysProtector rogue anti-spyware program.
orec32	orec32.exe	U	Added by the Spyware.OnlineRecorder surveillance software. Spyware.OnlineRecorder is a spyware program that records Yahoo! and AOL instant messages, URLs in browsers, and keystrokes. If you find this software on your machine without your knowledge, we suggest that you remove it.
Kernel Debug Service	kernelx86.sys	X	Added by the W32.Rixobot worm. W32.Rixobot is a worm that spreads through removable drives and instant messaging programs. It also opens a back door on the compromised computer.
SYS1	explorar.exe	X	Added by the W32.SillyFDC.BDJ removable media worm.
ctfmon.exe	wmisqst.exe	X	Added by the Troj/VBInj-B Trojan.
ttool	sr882388.exe	X	Added by the Troj/Backdr-AX backdoor Trojan.
<not used>	winlogon32.exe	X	Fake AV Trojan. When fixing this entry, please be careful. If you do not change the userinit key to point back to userinit.exe, then your computer will not boot up properly.
Guard Pro	VH339.exe	X	Added by the Guard Pro rogue anti-spyware program.
APcDefender	APcDefender.exe	X	Added by the APcDefender rogue anti-spyware program.
Font	boot.exe	X	Added by the Troj/Agent-LZW Trojan.
PcsProtector	PcsProtector.exe	X	Added by the PcsProtector rogue anti-spyware program.
Antivirus PC 2009	avpc2009.exe	X	Added by the Antivirus PC 2009 rogue anti-spyware program.
PersonalSec	psecurity.exe	X	Added by the Personal Security rogue anti-spyware program.
ccagent.exe	ccagent.exe	X	Added by the Control Center rogue anti-spyware program.
GreatDefender	GreatDefender.exe	X	Added by the GreatDefender rogue anti-spyware program.
SystemCleanerPRO	sysclpro.exe	X	Added by the SystemCleanPRO rogue anti-spyware program.
Restore	restore.exe	X	Added by the AntiSpyware Shield Pro rogue anti-spyware program.
Antispyware Shield Pro	/antispyshield.exe	X	Added by the AntiSpyware Shield Pro rogue anti-spyware program.
Total PC Defender	C:\Program Files\Total PC Defender\Total PC Defender.exe	X	Added by the Total PC Defender rogue anti-spyware program.
APCProtect.exe	APCProtect.exe	X	Added by the APCProtect rogue anti-spyware program.
javawsa.exe	javawsa.exe	X	Added by the Troj/Bank-Y Trojan.
SysUtils	smss.exe	X	Added by the W32/Autorun-AWW removable media worm. This infection should not be confused with the legitimate C:\Windows\System32\smss.exe file.
svhost32	svhost32.exe	X	Added by the W32/Autorun-AWY removable media worm.
CsimPlayer	CsimPlayer.exe	X	Added by the W32/Koobface-AD Worm.
BisonInst0402	BR040286.exe	Y	Driver provided by Bison Electronics corp for built-in webcams such as the Acer Crystal Eye Camera.
ProtectPcs.exe	ProtectPcs.exe	X	Added by the ProtectPcs rogue anti-spyware program.
Firevall Administrating	rndll.exe	X	Added by the W32/Pushbot-B worm.
Malware Defense	mdefense.exe	X	Added by the Malware Defense rogue anti-spyware program.
Microsoft Driver Setup	ccdrive32.exe	X	Added by the Troj/Agent-LYL Trojan.
ZagrebLand	b.exe	X	Added by the Troj/Renos-EA Trojan associated with rogue security programs.
SysDefence.exe	SysDefence.exe	X	Added by the SysDefence rogue anti-spyware program.
TheDefend.exe	TheDefend.exe	X	Added by the TheDefend rogue anti-spyware program.
GuardPcs.exe	GuardPcs.exe	X	Added by the GuardPcs rogue anti-spyware program.
Syesm	Syesm.exe	X	Added by the W32.Buzus worm. W32.Buzus is a worm that spreads by copying itself to removable drives and attempts to steal confidential information from the compromised computer.
auto	auto.exe	X	Added by the BackDoor-DOQ.gen.y backdoor Trojan.
IGuardPc.exe	IGuardPc.exe	X	Added by the IGuardPc rogue anti-spyware program.
<not used>	winlogon86.exe	X	Identified by BitDefender as a variant of the Gen:Trojan.Heur.PT.cqW@bCL2Eje malware.
Internet Security 2010	IS2010.exe	X	Added by the Internet Security 2010 rogue security program.

Status Key

Each entry in the database will have a Status assigned to it. The key to this status is the following:

Y - This status flag means that this entry should be left alone and be allowed to run as if it is unchecked it may break the functionality or use of a particular program.
N - This status flag means it is unnecessary to run this program automatically when Windows starts as you can run it manually when necessary.
U - This status flag means it is up to you whether or not you feel this program needs to run automatically.
X - This status flags means the item should definitely not start up automatically. Items that have this flag are generally malware such as viruses, trojans, hijackers, spyware but could also be programs that are not desirable to run on your computer.
? - This status flag means the status of this entry is unknown at this time and more research is necessary.

If you require assistance in removing one of these files you can ask us in the Startup Database Forum.

Disclaimer

It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. BleepingComputer.com will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.