Index Introduction Database Detailed Entries Updates Concise List HJT Forums Rogues Message Board

Windows startup programs - Database search

If you're frustrated with the time it takes your Windows 10/8/7/Vista/XP PC to boot and then it seems to be running slowly you may have too many programs running at start-up - and you have come to the right place to identify them. This is the original start-up programs (as opposed to processes/tasks) list - one of the most accurate and comprehensive. Services are not included - see below. For further information on this and how to identify and disable start-up programs please visit the Introduction page.

See here for further information on random entries - which are typically added by viruses and other malware or unwanted programs.

Last database update :- 29th September, 2017
52090 listed

You can search for any of the following terms to find and display entries in the start-up programs database but the minimum search is 3 characters and you must click on the "Search" button. Results are sorted by the Startup Item/Name field.

Alternatively, you can browse the full database (without the search facility) over a number of pages or you can use the alphabetical index below to list the entries for that letter by the Command/Data field, but the results may take longer to appear due to the number of them:

A | B | C | D | E | F | G | H | I | J | K | L | B | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

NOTE: Searching for common words (i.e. "the" or "where") will mean the results take longer to appear due to the number of them.

Please click on the Search button

244 results found for Z

Startup Item or Name Status Command or Data Description Tested
7f8eXz****.exe 9idfDetected by Eset's NOD32 antivirus as the SMALL.ALI TROJAN! Note - it creates a number of extra z****.dll files in the %System% folderNo
winuiXz.exeAdded by the KONDELI TROJAN!No
z2cSAS5YVC.exeXz2cSAS5YVC.exeDetected by McAfee as RDN/Generic.dx!cq3 and by Malwarebytes as Trojan.Agent.RNSNo
z2epveXz2epve.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserProfile% - see hereNo
AudioClientXZ32Adobe.exeDetected by Malwarebytes as Trojan.Agent.ADB. The file is located in %CommonAppData%No
zaber0Xzaberg.exeDetected by Sophos as Troj/VB-FOV and by Malwarebytes as Worm.DorkBotNo
ZackerXZacker.exeDetected by Symantec as W32.HLLW.GemelNo
zahykqunwupuXzahykqunwupu.exeDetected by Dr.Web as Trojan.DownLoad3.35821 and by Malwarebytes as Trojan.Agent.USNo
startupsXzain.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%\seedboxNo
Solutions Diagnostic Launcher UsermodeXzajlcqvvvg.exeDetected by Malwarebytes as Trojan.Agent.SDL. The file is located in %System%No
ShellXzakato.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "zakato.exe" (which is located in %AppData%)No
ZAKATOTOXzakato.exeDetected by Malwarebytes as Trojan.Dropped.AI. The file is located in %AppData%No
king_zaXzaking.exeDetected by Sophos as W32/Taterf-AY and by Malwarebytes as Spyware.OnlineGames.KinggenNo
ZAMYZAM.exeZemana AntiMalware is an effective malware detection and removal software that protects you from malware, spyware, adware, ransomware, rootkits & bootkits"No
jqehXzamnifrj.exeDetected by Malwarebytes as Trojan.FakeMS. The file is located in %AppData%\Microsoft\ZamnifrjNo
!1_ProcessGuard_StartupXzamnifrj.exe /c procguard.exeDetected by Malwarebytes as Trojan.FakeMS. Note - this is not the legitimate DiamondCS ProcessGuard which loads directly from %ProgramFiles%\ProcessGuard - this one copies "zamnifrj.exe" from %AppData%\Microsoft\Zamnifrj as %ProgramFiles%\ProcessGuard\procguard.exe and then runs itNo
Windows ConfigXZANBOR.EXEDetected by Sophos as W32/Spybot-MHNo
zangoXzango.exenCase/180adsolution adware - detected by Malwarebytes as Adware.180Solutions. Also see the archived version of Andrew Clover's page. The file is typically located in %ProgramFiles%\zangoNo
ZangoSAXZangoSA.exenCase/Zango adware - detected by Malwarebytes as Adware.Zango. Also see the archived version of Andrew Clover's page. The file is typically located in %ProgramFiles%\Zango\bin\[version]No
Zango SiteFinderXZangoSiteFinder.exeZangoSearch adware variantNo
Zango TvTimesXZangoTVTimes.exeZangoSearch adwareNo
Zango TvTimesXZANGOT~1.EXEZangoSearch adwareNo
[various names]Xzantu.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
zanuXzanu.exeZangoSearch adwareNo
SystemXZap.exeDetected by Sophos as W32/MSNVB-DNo
ZoneAlarm PlusYzaplus.exeOlder enhanced version of the ZoneAlarm firewall which was superseded by ZoneAlarm Pro and ZoneAlarm Internet Security SuiteNo
ZoneAlarm ProYzapro.exeOlder version of the ZoneAlarm Pro firewallNo
ZaproYzapro.exeOlder version of the ZoneAlarm Pro firewallNo
Win32Xzaq.exeDetected by Sophos as W32/Rbot-GCE and by Malwarebytes as Backdoor.Agent.GenNo
ZoneAlarmYZatray.exeSystem Tray access to, and notifications for ZoneAlarm security products - including Extreme Security, Internet Security Suite and Firewall. If this entry is disabled, the core product functions will work properly but the user will lose quick access to the main window and may miss notifications of potential problems and updatesYes
zatrayYZatray.exeSystem Tray access to, and notifications for ZoneAlarm security products - including Extreme Security, Internet Security Suite and Firewall. If this entry is disabled, the core product functions will work properly but the user will lose quick access to the main window and may miss notifications of potential problems and updatesYes
zaueradXzauerad.exeDetected by Kaspersky as Trojan.Win32.VBKrypt.akrj and by Malwarebytes as Worm.SFDC. The file is located in %UserProfile%No
zaujifXzaujif.exeDetected by Malwarebytes as Worm.SFDC. The file is located in %UserProfile%No
zavupd32.exeXzavupd32.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts - see hereNo
ZaxarGameBrowserUZaxarGameBrowser.exeZaxar Game Browser - with which you "Stay in touch with friends and family, play only in the newest games. To do this, use the Zaxar Game Browser, new games are added to it every day automatically". Detected by Malwarebytes as PUP.Optional.Zaxar. The file is located in %ProgramFiles%\Zaxar. If bundled with another installer or not installed by choice then remove itNo
ZaxarGamesUZaxarGames.exeOlder version of the Zaxar Game Browser - with which you "Stay in touch with friends and family, play only in the newest games. To do this, use the Zaxar Game Browser, new games are added to it every day automatically". The file is located in %AppData%\ZaxarGames. If bundled with another installer or not installed by choice then remove it. The current version ZaxarLoader (ZaxarLoader.exe) is detected by Malwarebytes as PUP.Optional.ZaxarNo
ZaxarLoaderUZaxarLoader.exeZaxar Game Browser - with which you "Stay in touch with friends and family, play only in the newest games. To do this, use the Zaxar Game Browser, new games are added to it every day automatically". Detected by Malwarebytes as PUP.Optional.Zaxar. The file is located in %ProgramFiles%\Zaxar. If bundled with another installer or not installed by choice then remove itNo
ZboardUZboard.exeSteelSeries (was Ideazon) Zboard gaming software - allows you to customise keyboard functionsNo
ZboardTrayUZboardTray.exeSteelSeries (was Ideazon) Zboard gaming software - allows you to customise keyboard functionsNo
HideXzCash.exeDetected by Dr.Web as Trojan.MulDrop7.27679 and by Malwarebytes as Trojan.DownloaderNo
ZcfgsvcUZCfgSvc.exeZero Config MFC Application, part of Intel's ProSET utilities and installed by the drivers for many of Intel wireless network cards - essential to the proper functioning of many of the Intel ProSET utilities (but not all) and these System Tray ProSET utilities are a must if you are using your wireless connection, if only so you know when the signal is fading or dropping. The problem is that, in some PCs, ZCFGSVC can be incredibly badly behaved : taking up to 100% of CPU time and therefore resulting in an extremely slow PC, preventing the installation of software or Windows updates, or causing "Not Responding" or "End this Program" shutdown problems. If you experience this, try first the very latest drivers from Intel or your laptop manufacturer. If that still does not solve the problem and you have WinXP/2003, try setting the "Wireless Zero Configuration" service to disabledNo
ZCfgSvc.exeUZCfgSvc.exeZero Config MFC Application, part of Intel's ProSET utilities and installed by the drivers for many of Intel wireless network cards - essential to the proper functioning of many of the Intel ProSET utilities (but not all) and these System Tray ProSET utilities are a must if you are using your wireless connection, if only so you know when the signal is fading or dropping. The problem is that, in some PCs, ZCFGSVC can be incredibly badly behaved : taking up to 100% of CPU time and therefore resulting in an extremely slow PC, preventing the installation of software or Windows updates, or causing "Not Responding" or "End this Program" shutdown problems. If you experience this, try first the very latest drivers from Intel or your laptop manufacturer. If that still does not solve the problem and you have WinXP/2003, try setting the "Wireless Zero Configuration" service to disabledNo
IntelZeroConfigUZCfgSvc.exeZero Config MFC Application, part of Intel's ProSET utilities and installed by the drivers for many of Intel wireless network cards - essential to the proper functioning of many of the Intel ProSET utilities (but not all) and these System Tray ProSET utilities are a must if you are using your wireless connection, if only so you know when the signal is fading or dropping. The problem is that, in some PCs, ZCFGSVC can be incredibly badly behaved : taking up to 100% of CPU time and therefore resulting in an extremely slow PC, preventing the installation of software or Windows updates, or causing "Not Responding" or "End this Program" shutdown problems. If you experience this, try first the very latest drivers from Intel or your laptop manufacturer. If that still does not solve the problem and you have WinXP/2003, try setting the "Wireless Zero Configuration" service to disabledNo
ZclientXZClient.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%\SubDirRegNo
ZcxaxzXZcxaxz.exeDetected by Kaspersky as Worm.Win32.Ngrbot.dpl and by Malwarebytes as Backdoor.Agent. The file is located in %AppData%No
ZDConfig?ZDConfig.exeWireless LAN configuration utility for ZyDAS (now acquired by Qualcomm) based chipsetsNo
Zinio DLMNZDLM.EXEZinio - used to read magazines in digital rather than paper formatNo
ZyAIR G-220 UtilityUZDWlan.exeZyXEL ZyAIR G-220 wireless LAN configuration utility - which is based upon ZyDAS (now acquired by Qualcomm Technologies) chipsetsNo
Wireless 802.11g USB AdapterUZDWlan.exeWireless LAN configuration utility for ZyDAS (now acquired by Qualcomm) based chipsetsNo
Wireless Adapter ManagerUZDWlan.exeWireless LAN configuration utility for ZyDAS (now acquired by Qualcomm) based chipsetsNo
Wireless LAN USB DongleUZDWlan.exeWireless LAN configuration utility for ZyDAS (now acquired by Qualcomm) based chipsetsNo
ZDWlanUZDWlan.exeWireless LAN configuration utility for ZyDAS (now acquired by Qualcomm) based chipsetsNo
ZDWLan UtilityUZDWlan.exeWireless LAN configuration utility for ZyDAS (now acquired by Qualcomm) based chipsetsNo
ICIDU Wireless UtilityUZDWlan.exeWireless LAN configuration utility for an ICIDU wireless USB dongle based upon a ZyDAS (now acquired by Qualcomm) chipsetNo
XPC 802.11b+g Wireless UtilityUZDWlan.exeWireless LAN configuration utility for a Shuttle XPC Wireless LAN Kit - which is based upon ZyDAS (now acquired by Qualcomm) chipsetsNo
802.11b+g USB Wireless LAN UtilityUZDWlan.exeWireless LAN configuration utility for ZyDAS (now acquired by Qualcomm Technologies) based chipsetsNo
Acer WLAN 11g USB DongleUZDWlan.exeWireless LAN configuration utility for an Acer wireless USB dongle based upon a ZyDAS (now acquired by Qualcomm Technologies) chipsetNo
CDRXzdzrfk.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
zeabeiXzeabei.exeDetected by Malwarebytes as Worm.SFDC. The file is located in %UserProfile% - see hereNo
zeapomsamusoXzeapomsamuso.exeDetected by McAfee as Downloader.gen.a and by Malwarebytes as Trojan.Agent.USNo
zeaxizlyllylXzeaxizlyllyl.exeDetected by McAfee as RDN/Downloader.a!ms and by Malwarebytes as Trojan.AgentNo
zeazemXzeazem.exeDetected by Malwarebytes as Trojan.FakeAlert. The file is located in %UserProfile% - see hereNo
yahooXzebi.exeDetected by Malwarebytes as Backdoor.Turkojan. The file is located in %Windir%No
ZebraStarterXZebraStarter.exeDetected by Malwarebytes as Adware.HPDefender. The file is located in %AppData%\HPZebraNo
csrss.exeXzed.exeDetected by Malwarebytes as Worm.AutoRun. The file is located in %AppData%No
zegasbacrudzXzegasbacrudz.exeDetected by McAfee as RDN/Generic.tfr!eb and by Malwarebytes as Trojan.Agent.USNo
zegcelojezzeXzegcelojezze.exeDetected by McAfee as RDN/Downloader.a!tl and by Malwarebytes as Trojan.Agent.USNo
zeluzXzeluz.exeAdded by unidentified malware. The file is located in %UserProfile%No
Zen10plusXZen10plus.exeDetected by Sophos as Troj/VBdrop-BR and by Malwarebytes as Trojan.Logger.ZNPNo
Zen10plus.exeXZen10plus.exeDetected by Sophos as Troj/VBdrop-BR and by Malwarebytes as Trojan.Logger.ZNP. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
zenilXzenil.exeDetected by Sophos as Troj/Agent-MZZ and by Malwarebytes as Worm.SFDCNo
ZENworks Remote Control AgentYzenrc32.exePart of Novell's ZENworks - "a family of IT management products that tracks, manages and protects an organization's client devices and their respective applications." Installed on a managed workstation for an administrator to remotely control the workstationNo
Remote management AgentYzenrc32.exePart of Novell's ZENworks - "a family of IT management products that tracks, manages and protects an organization's client devices and their respective applications." Installed on a managed workstation for an administrator to remotely manage the workstationNo
Zentimo xStorage ManagerUZentimo.exeZentimo xStorage Manager by Crystal Rich Ltd - "offers you an innovative approach to manage your USB & eSATA drives. While it solves many external drive related problems in Windows, it also gives more control on your devices and just makes working with external drives fun & pleasure"No
ZENRC Tray IconYzentray.exePart of Novell's ZENworks - "a family of IT management products that tracks, manages and protects an organization's client devices and their respective applications"No
zepmypvomohyXzepmypvomohy.exeDetected by McAfee as RDN/Generic BackDoor!dk and by Malwarebytes as Trojan.Agent.USNo
RUNDLL#.exeXZer0cculT#.exeDetected by Sophos as W32/Kenny-A - where # represents 0 to 3No
Dark ZeroXZero.exeDetected by Dr.Web as Trojan.StartPage1.4709 and by Malwarebytes as Backdoor.Agent.ENo
keyXzero32.exeDetected by Malwarebytes as Trojan.Backdoor. The file is located in %Windir%No
ZeroAdsUZeroads.exeZeroAds by FBM Software, Inc - culls ads, cookies and pop-ups. No longer availableNo
ZeroBoanXZeroBoan.exeZeroBoan rogue security software - not recommended, removal instructions hereNo
ZeroCleanXzerocup.exeZeroClean rogue security software - not recommended, removal instructions hereNo
FileRescueXZeroRescue.exeDetected by Symantec as Trojan.Ransomcrypt.N and by Malwarebytes as Trojan.ZeroLockerNo
ZeroSpywareUZeroSpyware.exeFBM Software ZeroSpyware 2004 spyware detector and removerNo
ZeroVaccineMainXZeroVaccine.exeZeroVaccine rogue security software - not recommended, removal instructions hereNo
zerzer8989Xzerzer899e.exeDetected by Dr.Web as BackDoor.Comet.1794 and by Malwarebytes as Backdoor.Agent.DCENo
ZipGenius CleanNzg.exeZipGenius file compression utilityNo
zggjmydXzggjmyd.exeDetected by Kaspersky as Backdoor.Win32.Afcore.m. The file is located in %System%No
*zggjmydXzggjmyd.exeDetected by Kaspersky as Backdoor.Win32.Afcore.m. The file is located in %System%No
ZGNUBI?ZGNUBI.exeThe file is located in %Windir%No
ZG CheckerUZGUpdateChecker.exeUpdater for an older version of the Zaxar Game Browser - with which you ""Stay in touch with friends and family, play only in the newest games. To do this, use the Zaxar Game Browser, new games are added to it every day automatically". The file is located in %AppData%\ZaxarGames. If bundled with another installer or not installed by choice then remove it. The current version ZaxarLoader (ZaxarLoader.exe) is detected by Malwarebytes as PUP.Optional.ZaxarNo
CHotKeyUzHotkey.exeEnables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol , vol-, mute, etc. Only required for extended featuresNo
(Default)XZhuDongFangYu.exeDetected by Malwarebytes as Trojan.Agent. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %Windir%\2No
ITURQWIIXzhuojuqwii.exeDetected by McAfee as RDN/Generic.dx!dg3 and by Malwarebytes as Trojan.Agent.EAJNo
ϵͳע�ï½ï¿½ï¿½Xzhuruqi.exeDetected by Microsoft as Trojan:Win32/Qhost.V. The file is located in %System%No
zidypbervigcXzidypbervigc.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile%No
ziedXzied.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %Windir%No
zigwomzodupdXzigwomzodupd.exeDetected by Trend Micro as TROJ_JORIK.DMV and by Malwarebytes as Trojan.Phex.THAGen6No
zimfocbykofiXzimfocbykofi.exeDetected by McAfee as RDN/Downloader.a!mi and by Malwarebytes as Trojan.Agent.USNo
Zinaps7XZinaps7.exeZinaps Anti-Spyware 2008 rogue security software - not recommended, removal instructions hereNo
ZingSpoolerUZingSpooler.exeWas used for a drag and drop program to upload pictures to www.zing.com but Zing has gone out of business. Now used for Sony ImageStation's upload photos to online albumsNo
Zinio DLMNZinioDeliveryManager.exeZinio - used to read magazines in digital rather than paper formatNo
zipXzip.exeDetected by Dr.Web as BackDoor.Siggen.53169No
Agent5XZip01.exeDetected by Trend Micro as WORM_MYPICS.C and by Malwarebytes as Worm.MyPicsNo
zip32.exeXzip32.exeDetected by Malwarebytes as Trojan.Banker. Note - the file is located in %AllUsersStartup% and/or %UserStartup% and its presence there ensures it runs when Windows startsNo
zip7.exeXzip7.exeDetected by Malwarebytes as Trojan.Dropper.FR. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts - see hereNo
zip7.exeXzip7.exeDetected by Malwarebytes as Trojan.Dropper.FR. The file is located in %UserTemp% - see hereNo
ZipAppCodecXZipAppCodec.exeDetected by Dr.Web as Trojan.DownLoader11.23788 and by Malwarebytes as Trojan.AgentNo
ZipCloudUZipCloud.exeZipCloud online backup solution by Just Develop It - "Simple Cloud Storage for your documents, photos, music and more. Backup your computer, backup your life!" Detected by Malwarebytes as PUP.Optional.ZipCloud. Note - this entry loads from the Windows Startup folder and the file is located in %ProgramFiles%\ZipCloud. If bundled with another installer or not installed by choice then remove itNo
ziphelpXziphelp.exeCoolWebSearch parasite variantNo
chrome.exeXZipIt.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCENo
Zip Driver LoaderXZipLoad32.exeDetected by Kaspersky as Backdoor.Win32.Oblivion.01.a. The file is located in %Windir%No
ZipLoader32.exeXZipLoader32.exeDetected by Trend Micro as BKDR_OBLIVION.ANo
zipodyXzipody.exeDetected by Malwarebytes as Trojan.Agent.KS. The file is located in %LocalAppData%\zipodyNo
IDDLE SERVICEXzipper.exeDetected by McAfee as Backdoor.Agent.Z and by Malwarebytes as Backdoor.Agent.ZNo
zipxatofbegzXzipxatofbegz.exeDetected by McAfee as Generic Dropper and by Malwarebytes as Trojan.Agent.USNo
ppsXziqidong.exeDetected by Dr.Web as Trojan.StartPage.45465 and by Malwarebytes as Trojan.Agent.CNNo
ziran.exeXziran.exeDetected by Dr.Web as Trojan.DownLoader10.17113 and by Malwarebytes as Trojan.Downloader.E. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
testXzistro.exeDetected by Sophos as Troj/Kimat-CNo
ZENworks Imaging ServiceYZISWin.exeImaging Agent. Part of Novell's ZENworks - "a family of IT management products that tracks, manages and protects an organization's client devices and their respective applications"No
-FreedomNeedsRebootYZkRunOnceR.exePart of internet security suites sourced by Radialpoint for ISP customers such as Virgin Media, AT&T, Bell Canada, TELUS Corporation and Verizon Online. The exact purpose is unknown at this time and it shows no ill effects if disabled, but as the purpose is unknown and it's security related it should be left enabledYes
ZkRunOnceRYZkRunOnceR.exePart of internet security suites sourced by Radialpoint for ISP customers such as Virgin Media, AT&T, Bell Canada, TELUS Corporation and Verizon Online. The exact purpose is unknown at this time and it shows no ill effects if disabled, but as the purpose is unknown and it's security related it should be left enabledYes
Zone Labs ClientYzlclient.exeSystem Tray access to, and notifications for older versions of ZoneAlarm security products - including Internet Security Suite and Firewall. If this entry is disabled, the core product functions will work properly but the user will lose quick access to the main window and may miss notifications of potential problems and updatesYes
ZoneAlarm ClientYzlclient.exeSystem Tray access to, and notifications for older versions of ZoneAlarm security products - including Extreme Security, Internet Security Suite and Firewall. If this entry is disabled, the core product functions will work properly but the user will lose quick access to the main window and may miss notifications of potential problems and updatesYes
zlclientYzlclient.exeSystem Tray access to, and notifications for older versions of ZoneAlarm security products - including Extreme Security, Internet Security Suite and Firewall. If this entry is disabled, the core product functions will work properly but the user will lose quick access to the main window and may miss notifications of potential problems and updatesYes
zlclientXzlclient.exeDetected by Symantec as Trojan.Syginre. Note - this is not the legitimate file used by older versions of the ZoneAlarm security products by Check Point Software Technologies Ltd and is located in %Root%No
Zone Alarm SecurityXzlclint.exeDetected by McAfee as W32/Nirbot.wormNo
Program ManagerYZLH.EXESystem Tray access to, and notifications for Norman (now part of AVG Technologies) security productsYes
Program Manager StubYZLH.EXESystem Tray access to, and notifications for Norman (now part of AVG Technologies) security productsYes
Norman ZANDAYZLH.EXESystem Tray access to, and notifications for Norman (now part of AVG Technologies) security productsYes
ZLHYZLH.EXESystem Tray access to, and notifications for Norman (now part of AVG Technologies) security productsYes
JzHxreXKzEEJAePpEskuSqLCPHXzlhdNePSmDbffh.exeDetected by McAfee as RDN/Spybot.bfr!o and by Malwarebytes as Trojan.Passwords.OBNo
zli1lidy80Xzli1lidy80.exeAdded by the DWNLDR-JMW TROJAN!No
VFK8567CQHLGPUXZLIA3452WSk.exe.lnkDetected by McAfee as RDN/Generic PWS.y and by Malwarebytes as Backdoor.Agent.RNDNo
VFLDRIMHQVXZLIBXTl.exe.lnkDetected by McAfee as RDN/Generic BackDoor!tj and by Malwarebytes as Backdoor.Agent.DCENo
topatXzlip.exeDetected by Sophos as Troj/Flood-IGNo
ZipMagicNzm32.exeZipMagic file compression utility by OnTrack (who acquired the originators Mijenix Corporation). Preloading ZipMagic allows you to access files within a zip archive without unzipping them firstNo
4OLM0IVHZ4XzmjbxtU.exeDetected by McAfee as RDN/Generic BackDoor!tm and by Malwarebytes as Backdoor.Agent.RNDNo
XODNVVXzmNjvL.exeDetected by McAfee as RDN/Generic.bfr!fd and by Malwarebytes as Backdoor.Agent.DCENo
ZXzmon.exeDetected by Sophos as W32/Delbot-AONo
ZmoverUZMover.exeZmover by Basta Computing, Inc - "helps you manage your desktop layout by enabling you to set the size, position and layering of application windows. Instead of wasting time rearranging windows across your single or multiple monitor display, you can configure ZMover to do the job for you"No
Zekio StartupsXznksvc32.exeDetected by Sophos as W32/Agobot-AGINo
ZNNXznnsvc.exeDetected by Sophos as W32/Sdbot-DAANo
WinupdXzod32.exeDetected by Symantec as W32.DozicNo
zofmyhadaryzXzofmyhadaryz.exeDetected by Malwarebytes as Trojan.Inject. The file is located in %UserProfile%No
zohirodwumvaXzohirodwumva.exeDetected by Dr.Web as Trojan.DownLoader9.61184 and by Malwarebytes as Trojan.Agent.USNo
Zolero TranslatorXZoleroTranslator.exeZolero Translator - added by Clickspring, the makers of Purityscan, products and are bundled with the Outer Info Network Client, or OIN clientNo
zoloftXzoloft.exeDetected by Dr.Web as Trojan.DownLoader13.2007 and by Malwarebytes as Trojan.Injector.AutoItNo
ZoneAlarmYzonealarm.exeOlder version of the ZoneAlarm Free firewallNo
Winsock2 driverXZONEALARM.EXEDetected by Symantec as Backdoor.Sdbot.T and by Malwarebytes as Backdoor.BotNo
Microsoft Update MachineXzonealarm.exeDetected by Sophos as W32/Rbot-BZ and by Malwarebytes as Backdoor.Bot. Note - this is not the valid Zone Labs firewall program!No
Winsock32driverXZoneAlarmPr0.exeDetected by Sophos as Troj/Hackarmy-BNo
Winsock32driverXZoneLockup.exeDetected by Symantec as Backdoor.Hacarmy.DNo
ZoomUzoom.exeZoom - speeds up Windows startup and manages startup applicationsNo
ZoomingUZoomingHook.exeToshiba Zooming Utility - found on Toshiba laptops and Tablet PCs. It allows users to zoom in (or magnify) textNo
ZoomingHookUZoomingHook.exeToshiba Zooming Utility - found on Toshiba laptops and Tablet PCs. It allows users to zoom in (or magnify) textNo
zoorfatXzoorfat.exeDetected by McAfee as Generic PWS.akNo
monangeXzorder.exeDetected by Dr.Web as Trojan.Siggen6.1061 and by Malwarebytes as Backdoor.Agent.ENo
zorpihofjixzXzorpihofjixz.exeDetected by McAfee as RDN/Generic Dropper!va and by Malwarebytes as Trojan.Agent.USNo
zorsaccudazoXzorsaccudazo.exeDetected by McAfee as RDN/Generic.tfr!eb and by Malwarebytes as Trojan.Agent.USNo
ZPLEDYZPKBDLED.exeWireless keyboard driverNo
Zero PoPup Killer XPUzpk_xp.exeIntelligent anti-pop-up software product by Ax-SoftNo
ZPOINT32YZPOINT32.exeUSB graphics/writing tablet driverNo
SystemSecurityXzprot32.exeDetected by Sophos as Troj/Agent-FKNo
Zoner Photo Studio Service 16UZPSService.exePart of Zoner Photo Studio version 16 from Zoner Inc. - which "handles your full photo workflow, from import all the way to publishing. Amateurs won't get flooded, and power users will find what they need"No
Zoner Photo Studio Service 16?ZPSService.exePart of Zoner Photo Studio version 16 by ZONER, Inc. - which "will help you with your photos. Everything from downloading them onto your computer to editing and sharing them, all in one place"No
Zoner Photo Studio AutoupdateNZPSTRAY.EXEUpdater for Zoner Photo Studio by ZONER, Inc. - which "will help you with your photos. Everything from downloading them onto your computer to editing and sharing them, all in one place"No
Zoner Photo Studio AutoupdateNZPSTRAY.EXEUpdates for Zoner Photo Studio from Zoner Inc. - which "handles your full photo workflow, from import all the way to publishing. Amateurs won't get flooded, and power users will find what they need"No
Terminate PopupXZPU.exeFree Popup Killer - foistware proven to install the Regsvc32 homepage hijacker. Also see hereNo
Intel Common User InterfaceXzpyemhvct.exeDetected by Malwarebytes as Trojan.Agent.ICU. The file is located in %CommonAppData%\Intel0No
[random]Xzqhkkangs.exeDetected by Malwarebytes as Trojan.Agent.HQZGen. The file is located in %CommonFiles%\[folder] - see examples here and hereNo
zqosys32.exeXzqosys32.exeDetected by Malwarebytes as Trojan.Downloader. Note - the file is located in %AllUsersStartup% and/or %UserStartup% and its presence there ensures it runs when Windows startsNo
star4XZred2.exeDetected by Trend Micro as TSPY_BANCOS.SMAM and by Malwarebytes as Trojan.BankerNo
StreamZap RemoteUzremote.exeStreamZap PC Remote - control Windows Media Player, iTunes, RealPlayer, Winamp, PowerPoint, MusicMatch Jukebox, and many other multimedia applicationsNo
Flash MediaXzrpk��'�'%''msn'�%'fix''.exeAdded by a variant of the IRCBOT BACKDOOR!No
OpenApizsXzrscbm.exeDetected by Trend Micro as TROJ_AGENT.RLHNo
ishigoXzs.exeDetected by Malwarebytes as Trojan.Ranver. The file is located in %AppData%\DirectoryNo
MoveSearchXzsearch.exeDetected by Symantec as Adware.PigSearch and by Malwarebytes as Adware.PigSearch. The file is located in %ProgramFiles%\HuaCi\huaciNo
WindowsXZser.exeDetected by Sophos as W32/Culler-DNo
Andware DefenceXZsoft32.exeDetected by Symantec as W32.Gaobot.OONo
SlipStreamYzspeedycore.exeZspeedy Web Accelerator customized core module for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
Zspeedy Web AcceleratorYzspeedygui.exeZspeedy Web Accelerator customized user interface for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
ZSSchedulerUzsscheduler.dllZeroSpyware from FBM SoftwareNo
ZSSnp211NZSSnp211.exeVimicro based webcam driver - as used by both internal (laptop) and external webcams from Vimicro themselves, A4tech, Canon and othersNo
zSearchXZstb.exeTotalVelocity zSearch parasiteNo
LiGAaXZsUres.exeDetected by Dr.Web as Trojan.Siggen5.12076 and by Malwarebytes as Trojan.LVBP.RVNo
zte32.exeXzte32.exeDetected by Malwarebytes as Trojan.VBKrypt. The file is located in %UserTemp%No
AdobeXzteam.exeAdded by an unidentified TROJAN!No
Jun LozadaXztescd32.exeDetected by Sophos as W32/AutoRun-XU and by Malwarebytes as Worm.AutoRunNo
Microsoft Autorun14Xztinetzt.exeDetected by Symantec as W32.Ogleon.ANo
zts2.exeXzts2.exeDetected by Trend Micro as TSPY_ONLINEGA.ZP and by Malwarebytes as PasswordStealer.LmirNo
zukoxydylunyXzukoxydyluny.exeDetected by McAfee as RDN/Downloader.a!rj and by Malwarebytes as Trojan.Agent.USNo
ZulrahPluginXZulrahPlugin.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %AppData%\Microsoft\Windows\Cookies\MSDCSCNo
ZumoDriveUZumoLauncher.lnkZumoDrive cloud-based file synchronization and storage service operated by Zecter, Inc is now owned by Motorola Motobility (MotoCast). HP also use the service for their Cloud Drive product (on supported machines) and their service is unaffected. The target file of "ZumoLauncher.lnk" is "zumodrive.exe" - located in either %LocalAppData%\ZumoDrive\app or %ProgramFiles%\Hewlett-Packard\HP CloudDriveNo
Zune LauncherNZuneLauncher.exeAutomatically launches the Zune software for Microsoft's Zune media players when they're connected to your PC. The software can be used to manage media, rip and burn CDs/DVDs, create playlists, sync your player to your computer, etcYes
Zune®NZuneLauncher.exeAutomatically launches the Zune software for Microsoft's Zune media players when they're connected to your PC. The software can be used to manage media, rip and burn CDs/DVDs, create playlists, sync your player to your computer, etcYes
ZuneLauncherNZuneLauncher.exeAutomatically launches the Zune software for Microsoft's Zune media players when they're connected to your PC. The software can be used to manage media, rip and burn CDs/DVDs, create playlists, sync your player to your computer, etcYes
zunzudwekagyXzunzudwekagy.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile% - see hereNo
Microsoft CorporationXzuoms.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %Windir%No
%Windir%\zupacha.exeXzupacha.exeDetected by Sophos as Troj/Dropper-QLNo
b3dUpdateXZupdate.exeAssociated with B3d Projector foistware - see hereNo
UpdateXZupdate.exeAssociated with B3d Projector foistware - see hereNo
ZupdateXZupdate.exeAssociated with B3d Projector foistware - see hereNo
OvisLink WL-5430USBUZUtility.exeWireless LAN configuration utility for the OvisLink WL-5430USB 802.11g Pen-Size WLAN USB AdapterNo
zuuijuqXzuuijuq.exeDetected by Sophos as Mal/SillyFDC-TNo
Zvmtiezxgpnpyxnw.exeXZvmtiezxgpnpyxnw.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
icrosoft Visual InterDevcXzvslmqb.exeDetected by Sophos as W32/Rbot-AYPNo
chromeXzVZYJlTnrl.exeDetected by Dr.Web as Trojan.DownLoader4.23314. Note - this is not a legitimate Google Chrome browser fileNo
Windows Recylinder CheckXzwdomsgemw.exeDetected by Sophos as W32/Rbot-EGJNo
zwy0nta1odi0zdlUzwi0mzb2ohm0bdl.exeDetected by Malwarebytes as PUP.Optional.Hades. The file is located in %ProgramFiles%\Szwy0nta1odi0zdl. If bundled with another installer or not installed by choice then remove itNo
LUOMZXXZX.exeDetected by Dr.Web as Trojan.MulDrop5.1170 and by Malwarebytes as Trojan.Agent.ENo
[various names]Xzxc.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
zxdllXzxdll.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%No
win_drivr32Xzxhstn.exeDetected by Trend Micro as TROJ_SMALL.CXONo
Global Updates AT - zuc0bdbvogi0ytlUzxu0cdbkoge0ddl.exeDetected by Malwarebytes as PUP.Optional.BSoDinator. The file is located in %LocalAppData%\zuc0bdbvogi0ytl. If bundled with another installer or not installed by choice then remove itNo
Maintenance Service-zuq0tzbtoei0ltlUzxu0cdbkoge0ddl.exeDetected by Malwarebytes as PUP.Optional.BSoDinator. The file is located in %LocalAppData%\zuc0bdbvogi0ytl. If bundled with another installer or not installed by choice then remove itNo
VasddwDgXzxXZwd.exeDetected by Sophos as W32/Sdbot-SNNo
zhghghgXzxzz.exeDetected by Dr.Web as Trojan.MulDrop5.3603 and by Malwarebytes as Trojan.Agent.ENo
ZyAIR B-122 UtilityUZyAIR.exeZyXEL ZyAIR B-122 wireless LAN configuration utility - which is based upon ZyDAS (now acquired by Qualcomm Technologies) chipsetsNo
ZyAIR PCcard UtilityUZyAIR.exeZyXEL ZyAIR PCcard wireless LAN configuration utility - which is based upon ZyDAS (now acquired by Qualcomm Technologies) chipsetsNo
ZyAIR USB UtilityUZyAIR.exeZyXEL ZyAIR wireless LAN configuration utility - which is based upon ZyDAS (now acquired by Qualcomm Technologies) chipsetsNo
zyblasqumwanXzyblasqumwan.exeDetected by McAfee as RDN/Generic.tfr!a and by Malwarebytes as Trojan.Agent.USNo
zycpuckipujaXzycpuckipuja.exeDetected by Dr.Web as Trojan.MulDrop3.14959No
zylybgididejXzylybgididej.exeDetected by Dr.Web as Trojan.DownLoader9.61122 and by Malwarebytes as Trojan.Agent.USNo
ZynExploreXZynExplore.exeDetected by Malwarebytes as Adware.Agent. The file is located in %UserTemp%No
zyqurlyhaqtaXzyqurlyhaqta.exeDetected by McAfee as RDN/Generic BackDoor!rl and by Malwarebytes as Backdoor.PushdoNo
zyrgimgypypxXzyrgimgypypx.exeDetected by Malwarebytes as Spyware.Passwords. The file is located in %UserProfile%No
zytyzykquldyXzytyzykquldy.exeDetected by McAfee as RDN/Downloader.a!g and by Malwarebytes as Trojan.Agent.USNo
zyvydcytjeahXzyvydcytjeah.exeDetected by Sophos as Troj/Inject-AIH and by Malwarebytes as Trojan.Agent.USNo
dsdXzz.exeDetected by Sophos as W32/Rbot-FOXNo
ZZZAAAXZZAA.exeDetected by Malwarebytes as Trojan.Hoster. The file is located in %AppData%\Folder NamNo
y478hjdjkdkgeXzzangohj.exeDetected by McAfee as Generic.dx!kwv and by Malwarebytes as Trojan.AgentNo
TaskmanXzzangohj.exeDetected by McAfee as Generic.dx!kwv. Note - this entry adds a HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Taskman" entry which loads the file "zzangohj.exe" (which is located in %AppData%)No
zzbXzzb.exeIAGold adwareNo
zzb2Xzzb2.exeIAGold adwareNo
aksjbnveytr6gfghdhurhXzzbrenkzx.exeDetected by Malwarebytes as Trojan.Agent.ZBE. The file is located in %AppData% - see hereNo
ShellXzzfile.exeDetected by Malwarebytes as Trojan.Agent.MTA. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "zzfile.exe" (which is located in %UserTemp%\FolderName)No
gshpXzzgshp.vbsHomepage hi-jackerNo
Microsoft Security PanagersXzzoboony.exeDetected by Sophos as W32/Rbot-AOINo
zzrftjg.exeXzzrftjg.exeDetected by Malwarebytes as Trojan.FakeMS.MSIL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
svhostXzzrftjg.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %AppData%\zgfsggNo
zzz.exeXzzz.exeDetected by Dr.Web as Trojan.MulDrop5.17442 and by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
WinNetDDEXzzzx[random].exeDetected by Symantec as Trojan.Netdepix.BNo
svchostXZZ[random].exeDetected by Malwarebytes as Backdoor.Bot.E. The file is located in %AppData%\ZZ[random]No

Notes & Warnings

If you can help identify new entries and verify/identify those entries with a "?" status (especially hardware specific - such as laptops and motherboards) then please E-mail us (startups_at_pacs-portal_dot_co_dot_uk).

"Status" key:

Variables:

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. We will not be held responsible if changes you make cause a system failure.

WARNING: This is NOT a list of tasks/processes taken from the Task Manager (CTRL+SHIFT+ESC) "Processes" tab. This displays some startup programs AND other background tasks and "Services". These pages are concerned with startup programs from the common startup locations shown above ONLY. Please do not submit entries collected from this method as they will not be used. For a list of tasks/processes you should try the list at PC Pitstop, the Process Library from Uniblue or one of the many others now available.

Therefore, before ending a task/process via CTRL+SHIFT+ESC just because it has an "X" recommendation, please check whether it's in the registry or common startup locations first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+SHIFT+ESC. If in doubt, don't do anything.

To avoid the database becoming too large, all malware entries are only shown using the registry version which is common to all Windows versions. Otherwise there would be multiple entries for popular filenames that viruses often use - such as "svchost.exe" above for example. Multiple malware can also use the same start-up entries, in this case only those with significant differences (such as file location) are repeated in this database.

As more than 25K entries in this database related to malware you should use a quality internet security package. Which ever you choose, keep it updated and get the latest version at least every two years.

There are a number of virus and malware entries listed in this database where specific removal instructions haven't been given. If this is the case then you could try ComboFix, a program written by sUBs that can remove many different types of Trojans and Worms. See here for a tutorial on how to use the program.

NOTE: A number of entries are repeated due to the way that different operating systems display startup items. For example, WinMe lists "POPROXY.EXE" as "Norton eMail Protect" in both MSCONFIG and the registry whereas WinXP lists it as "Poproxy" in MSCONFIG and "Norton eMail Protect" in the registry.

SERVICES: "Services" from the Windows 8/7/Vista/XP/2K/NT operating systems are not included. We fully understand that some programs with these OS's use "Services" as an alternative to load their component parts at startup but these are handled in a different way. We recommend you try BlackViper for information on services for the relevant operating systems.

Copyright

Presentation, format & comments Copyright © 2001 - 2017 Pacman's Portal
Portions Copyright © Peter Forrest, Denny Denham, Sylvain Prevost, Tony Klein, CastleCops & Bleeping Computer
Powered by Malwarebytes
All rights reserved

Valid XHTML 1.0 Transitional

Privacy Policy Site Map Home