Windows startup programs - Database search

Message Board

Windows startup programs - Database search

If you're frustrated with the time it takes your Windows 7/Vista/XP PC to boot and then it seems to be running slowly you may have too many programs running at start-up - and you have come to the right place to identify them. This is the original start-up programs (as opposed to processes/tasks) list - one of the most accurate and comprehensive. Services are not included - see below. For further information on this and how to identify and disable start-up programs please visit the Introduction page.

See here for further information on random entries - which are typically added by viruses and other malware or unwanted programs.

Last database update :- 29th Apr, 2013
31819 items listed

You can search for any of the following terms to find and display entries in the start-up programs database but the minimum search is 3 characters and you must click on the "Search" button. Results are sorted by the Startup Item/Name field.

From MSConfig (Start → Run → msconfig → Startup): Startup Item, Command
From Registry Editor (Start → Run → regedit): Name, Data
From SysInternals free AutoRuns utility: AutoRun Entry, Filename from "Image Path"
From Windows Defender for XP/Vista (Tools → Software Explorer): Display Name, Filename
O4 entries from Trend Micro's HijackThis or similar logging utilities: Text highlighted here - [this text] or here - "Startup: this text.lnk", Filename
Any other text

Alternatively, you can browse the full database (without the search facility) over a number of pages or you can use the alphabetical index below to list the entries for that letter by the Command/Data field, but the results may take longer to appear due to the number of them:

A | B | C | D | E | F | G | H | I | J | K | L | B | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

NOTE: Searching for common words (i.e. "the" or "where") will mean the results take longer to appear due to the number of them.

Please click on the Search button

153 results found for Z

Startup Item or Name	Status	Command or Data	Description	Tested
7f8e	X	z****.exe 9idf	Detected by Eset's NOD32 antivirus as the SMALL.ALI TROJAN! Note - it creates a number of extra z****.dll files in the %System% folder	No
647c21069130d325f036ca21984e0414	X	z.exe	Detected by Dr.Web as Trojan.DownLoader8.21159 and by Malwarebytes Anti-Malware as Trojan.FakeMedia	No
winui	X	z.exe	Added by the KONDELI TROJAN!	No
zaber0	X	zaberg.exe	Detected by Sophos as Troj/VB-FOV and Malwarebytes Anti-Malware as Backdoor.IRCBot	No
Zacker	X	Zacker.exe	Added by the GEMEL WORM!	No
Solutions Diagnostic Launcher Usermode	X	zajlcqvvvg.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent.SDL. The file is located in %System%	No
king_za	X	zaking.exe	Added by the TATERF-AY WORM!	No
jqeh	X	zamnifrj.exe	Detected by Malwarebytes Anti-Malware as Trojan.FakeMS. The file is located in %AppData%\Microsoft\Zamnifrj	No
!1_ProcessGuard_Startup	X	zamnifrj.exe /c procguard.exe	Detected by Malwarebytes Anti-Malware as Trojan.FakeMS. Note - this is not the legitimate DiamondCS ProcessGuard which loads directly from %ProgramFiles%\ProcessGuard - this one copies "zamnifrj.exe" from %AppData%\Microsoft\Zamnifrj as %ProgramFiles%\ProcessGuard\procguard.exe and then runs it	No
Windows Config	X	ZANBOR.EXE	Added by the SPYBOT-MH WORM!	No
zango	X	zango.exe	180solutions adware	No
ZangoSA	X	ZangoSA.exe	Zango Search Assistant adware	No
Zango SiteFinder	X	ZangoSiteFinder.exe	ZangoSearch adware variant	No
Zango TvTimes	X	ZangoTVTimes.exe	ZangoSearch adware	No
Zango TvTimes	X	ZANGOT~1.EXE	ZangoSearch adware	No
[various names]	X	zantu.exe	Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page	No
zanu	X	zanu.exe	ZangoSearch adware	No
System	X	Zap.exe	Added by the MSNVB-D WORM!	No
ZoneAlarm Plus	Y	zaplus.exe	Older enhanced version of the ZoneAlarm firewall which was superseded by ZoneAlarm Pro and ZoneAlarm Internet Security Suite	No
Zapro	Y	zapro.exe	Older version of the ZoneAlarm Pro firewall	No
ZoneAlarm Pro	Y	zapro.exe	Older version of the ZoneAlarm Pro firewall	No
Win32	X	zaq.exe	Added by the RBOT-GCE WORM!	No
zatray	Y	Zatray.exe	System Tray access to and notifications for ZoneAlarm security products - including Extreme Security, Internet Security Suite and Firewall. If this entry is disabled, the core product functions will work properly but the user will lose quick access to the main window and may miss notifications of potential problems and updates	Yes
ZoneAlarm	Y	Zatray.exe	System Tray access to and notifications for ZoneAlarm security products - including Extreme Security, Internet Security Suite and Firewall. If this entry is disabled, the core product functions will work properly but the user will lose quick access to the main window and may miss notifications of potential problems and updates	Yes
zauerad	X	zauerad.exe	Added by the VBKRYPT.AKRJ TROJAN!	No
fe32e6b321a15a20570ae15a1efc1f36	X	zaza.exe	Detected by Dr.Web as Trojan.DownLoader7.21667 and by Malwarebytes Anti-Malware as Trojan.MSIL	No
Zboard	U	Zboard.exe	SteelSeries (was Ideazon) Zboard gaming software - allows you to customise keyboard functions	No
ZboardTray	U	ZboardTray.exe	SteelSeries (was Ideazon) Zboard gaming software - allows you to customise keyboard functions	No
zcb	?	zcb.exe	??	No
IntelZeroConfig	U	ZCfgSvc.exe	Zero Config MFC Application, part of Intel's ProSET utilities and installed by the drivers for many of Intel wireless network cards - essential to the proper functioning of many of the Intel ProSET utilities (but not all) and these System Tray ProSET utilities are a must if you are using your wireless connection, if only so you know when the signal is fading or dropping. The problem is that, in some PCs, ZCFGSVC can be incredibly badly behaved : taking up to 100% of CPU time and therefore resulting in an extremely slow PC, preventing the installation of software or Windows updates, or causing "Not Responding" or "End this Program" shutdown problems. If you experience this, try first the very latest drivers from Intel or your laptop manufacturer. If that still does not solve the problem and you have WinXP/2003, try setting the "Wireless Zero Configuration" service to disabled	No
Zcfgsvc	U	ZCfgSvc.exe	Zero Config MFC Application, part of Intel's ProSET utilities and installed by the drivers for many of Intel wireless network cards - essential to the proper functioning of many of the Intel ProSET utilities (but not all) and these System Tray ProSET utilities are a must if you are using your wireless connection, if only so you know when the signal is fading or dropping. The problem is that, in some PCs, ZCFGSVC can be incredibly badly behaved : taking up to 100% of CPU time and therefore resulting in an extremely slow PC, preventing the installation of software or Windows updates, or causing "Not Responding" or "End this Program" shutdown problems. If you experience this, try first the very latest drivers from Intel or your laptop manufacturer. If that still does not solve the problem and you have WinXP/2003, try setting the "Wireless Zero Configuration" service to disabled	No
ZCfgSvc.exe	U	ZCfgSvc.exe	Zero Config MFC Application, part of Intel's ProSET utilities and installed by the drivers for many of Intel wireless network cards - essential to the proper functioning of many of the Intel ProSET utilities (but not all) and these System Tray ProSET utilities are a must if you are using your wireless connection, if only so you know when the signal is fading or dropping. The problem is that, in some PCs, ZCFGSVC can be incredibly badly behaved : taking up to 100% of CPU time and therefore resulting in an extremely slow PC, preventing the installation of software or Windows updates, or causing "Not Responding" or "End this Program" shutdown problems. If you experience this, try first the very latest drivers from Intel or your laptop manufacturer. If that still does not solve the problem and you have WinXP/2003, try setting the "Wireless Zero Configuration" service to disabled	No
Zcxaxz	X	Zcxaxz.exe	Detected by Kaspersky as Worm.Win32.Ngrbot.dpl and by Malwarebytes Anti-Malware as Backdoor.Agent. The file is located in %AppData%	No
ZDConfig	?	ZDConfig.exe	Related to various brands of Wireless USB LAN Adapter - what does it do and is it required?	No
Zinio DLM	N	ZDLM.EXE	Zinio - used to read magazines in digital rather than paper format	No
802.11b+g USB Wireless LAN Utility	U	ZDWlan.exe	Wireless LAN configuration utility for ZyDAS (now acquired by Qualcomm Atheros) based chipsets	No
Acer WLAN 11g USB Dongle	U	ZDWlan.exe	Wireless LAN configuration utility for an Acer wireless USB dongle based upon a ZyDAS (now acquired by Qualcomm Atheros) chipset	No
ICIDU Wireless Utility	U	ZDWlan.exe	Wireless LAN configuration utility for an ICIDU wireless USB dongle based upon a ZyDAS (now acquired by Qualcomm Atheros) chipset	No
Wireless 802.11g USB Adapter	U	ZDWlan.exe	Wireless LAN configuration utility for ZyDAS (now acquired by Qualcomm Atheros) based chipsets	No
Wireless Adapter Manager	U	ZDWlan.exe	Wireless LAN configuration utility for ZyDAS (now acquired by Qualcomm Atheros) based chipsets	No
Wireless LAN USB Dongle	U	ZDWlan.exe	Wireless LAN configuration utility for ZyDAS (now acquired by Qualcomm Atheros) based chipsets	No
XPC 802.11b+g Wireless Utility	U	ZDWlan.exe	Wireless LAN configuration utility for a Shuttle XPC Wireless LAN Kit - which is based upon ZyDAS (now acquired by Qualcomm Atheros) chipsets	No
ZDWlan	U	ZDWlan.exe	Wireless LAN configuration utility for ZyDAS (now acquired by Qualcomm Atheros) based chipsets	No
ZDWLan Utility	U	ZDWlan.exe	Wireless LAN configuration utility for ZyDAS (now acquired by Qualcomm Atheros) based chipsets	No
ZyAIR G-220 Utility	U	ZDWlan.exe	ZyXEL ZyAIR G-220 wireless LAN configuration utility - which is based upon ZyDAS (now acquired by Qualcomm Atheros) chipsets	No
yahoo	X	zebi.exe	Detected by Malwarebytes Anti-Malware as Backdoor.Turkojan. The file is located in %Windir%	No
zeluz	X	zeluz.exe	Added by the SILLYFDC-N MALWARE!	No
Remote Management Agent	U	zenrc32.exe	Part of Novell's ZENworks - "Complete End-to-End Directory-enabled Network Management". Installed on a managed workstation fo an administrator to remotely manage the workstation. Required if the PC is a managed workstation	No
ZENRC	Y	zenrc32.exe	The main component of Novell's ZenWorks - "Complete End-to-End Directory-enabled Network Management". Leave well alone	No
Zentimo xStorage Manager	U	Zentimo.exe	Zentimo xStorage Manager by Crystal Rich Ltd - "offers you an innovative approach to manage your USB & eSATA drives. While it solves many external drive related problems in Windows, it also gives more control on your devices and just makes working with external drives fun & pleasure"	No
ZENRC Tray Icon	Y	zentray.exe	Part of Novell's ZenWorks - "Complete End-to-End Directory-enabled Network Management". Best left alone	No
zepmypvomohy	X	zepmypvomohy.exe	Detected by McAfee as RDN/Generic BackDoor!dk and by Malwarebytes Anti-Malware as Trojan.Agent.US	No
ZeroAds	U	Zeroads.exe	ZeroAds by FBM Software, Inc - culls ads, cookies and pop-ups. No longer available	No
ZeroBoan	X	ZeroBoan.exe	ZeroBoan rogue security software - not recommended, removal instructions here	No
ZeroClean	X	zerocup.exe	ZeroClean rogue security software - not recommended, removal instructions here	No
ZeroSpyware	U	ZeroSpyware.exe	FBM Software ZeroSpyware 2004 spyware detector and remover	No
ZeroVaccineMain	X	ZeroVaccine.exe	ZeroVaccine rogue security software - not recommended, removal instructions here	No
ZipGenius Clean	N	zg.exe	ZipGenius file compression utility	No
*zggjmyd	X	zggjmyd.exe	Added by the AFCORE.O BACKDOOR!	No
zggjmyd	X	zggjmyd.exe	Added by the AFCORE.O BACKDOOR!	No
ZGNUBI	?	ZGNUBI.exe	??	No
CHotKey	U	zHotkey.exe	Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol , vol-, mute, etc. Only required for extended features	No
ÏµÍ³×¢ï¿½ï½ï¿½ï¿½	X	zhuruqi.exe	Added by the QHOST.V TROJAN!	No
zied	X	zied.exe	Detected by Malwarebytes Anti-Malware as Backdoor.Agent. The file is located in %Windir%	No
zigwomzodupd	X	zigwomzodupd.exe	Detected by Trend Micro as TROJ_JORIK.DMV and by Malwarebytes Anti-Malware as Trojan.Phex.THAGen6	No
Zinaps7	X	Zinaps7.exe	Zinaps Anti-Spyware 2008 rogue security software - not recommended, removal instructions here	No
ZingSpooler	U	ZingSpooler.exe	Was used for a drag and drop program to upload pictures to www.zing.com but Zing has gone out of business. Now used for Sony ImageStation's upload photos to online albums	No
Zinio DLM	N	ZinioDeliveryManager.exe	Related to Zinio used to read magazines in digital rather than paper format	No
Agent5	X	Zip01.exe	Detected by Trend Micro as WORM_MYPICS.C and by Malwarebytes Anti-Malware as Worm.MyPics	No
ziphelp	X	ziphelp.exe	CoolWebSearch parasite variant	No
Zip Driver Loader	X	ZipLoad32.exe	Detected by Kaspersky as Backdoor.Win32.Oblivion.01.a	No
ZipLoader32.exe	X	ZipLoader32.exe	Detected by Trend Micro as BKDR_OBLIVION.A	No
pps	X	ziqidong.exe	Detected by Dr.Web as Trojan.StartPage.45465 and by Malwarebytes Anti-Malware as Trojan.Agent.CN	No
test	X	zistro.exe	Added by the KIMAT-C TROJAN!	No
ZENworks Imaging Service	Y	ZISWin.exe	Imaging Agent. Part of Novell's ZenWorks - "Complete End-to-End Directory-enabled Network Management"	No
-FreedomNeedsReboot	Y	ZkRunOnceR.exe	Part of internet security suites sourced by Radialpoint for ISP customers such as Virgin Media, AT&T, Bell Canada, TELUS Corporation and Verizon Online. The exact purpose is unknown at this time and it shows no ill effects if disabled, but as the purpose is unknown and it's security related it should be left enabled	Yes
ZkRunOnceR	Y	ZkRunOnceR.exe	Part of internet security suites sourced by Radialpoint for ISP customers such as Virgin Media, AT&T, Bell Canada, TELUS Corporation and Verizon Online. The exact purpose is unknown at this time and it shows no ill effects if disabled, but as the purpose is unknown and it's security related it should be left enabled	Yes
zlclient	X	zlclient.exe	Detected by Symantec as Trojan.Syginre. Note - this is not the legitimate file used by older versions of the ZoneAlarm security products by Check Point Software Technologies Ltd and is located in %Root%	No
zlclient	Y	zlclient.exe	System Tray access to and notifications for older versions of ZoneAlarm security products - including Extreme Security, Internet Security Suite and Firewall. If this entry is disabled, the core product functions will work properly but the user will lose quick access to the main window and may miss notifications of potential problems and updates	Yes
Zone Labs Client	Y	zlclient.exe	System Tray access to and notifications for older versions of ZoneAlarm security products - including Internet Security Suite and Firewall. If this entry is disabled, the core product functions will work properly but the user will lose quick access to the main window and may miss notifications of potential problems and updates	Yes
ZoneAlarm Client	Y	zlclient.exe	System Tray access to and notifications for older versions of ZoneAlarm security products - including Extreme Security, Internet Security Suite and Firewall. If this entry is disabled, the core product functions will work properly but the user will lose quick access to the main window and may miss notifications of potential problems and updates	Yes
zone alarm security	X	zlclint.exe	Added by the NIRBOT WORM!	No
Norman ZANDA	U	ZLH.EXE	System Tray icon for Norman Antivirus	No
ZLH	U	ZLH.EXE	System Tray icon for Norman Antivirus	No
zli1lidy80	X	zli1lidy80.exe	Added by the DWNLDR-JMW TROJAN!	No
topat	X	zlip.exe	Added by the FLOOD-IG TROJAN!	No
ZipMagic	N	zm32.exe	Zip utility by Ontrack. Preloading ZipMagic allows you to access files within a zip archive without unzipping them first	No
Z	X	zmon.exe	Added by the DELBOT-AO WORM!	No
Zmover	U	ZMover.exe	Zmover by Basta Computing, Inc - "helps you manage your desktop layout by enabling you to set the size, position and layering of application windows. Instead of wasting time rearranging windows across your single or multiple monitor display, you can configure ZMover to do the job for you"	No
Zekio Startups	X	znksvc32.exe	Added by the AGOBOT-AGI WORM!	No
ZNN	X	znnsvc.exe	Added by the SDBOT-DAA WORM!	No
Zolero Translator	X	ZoleroTranslator.exe	Zolero Translator - added by Clickspring, the makers of Purityscan, products and are bundled with the Outer Info Network Client, or OIN client	No
Microsoft Update Machine	X	zonealarm.exe	Added by the RBOT-BZ WORM! Note - this is not the valid Zone Labs firewall program!	No
Winsock2 driver	X	ZONEALARM.EXE	Added by the SDBOT.T TROJAN! Note - ZONEALARM.EXE is not the valid Zone Labs firewall program	No
ZoneAlarm	Y	zonealarm.exe	Older version of the ZoneAlarm Free firewall	No
Winsock32driver	X	ZoneAlarmPr0.exe	Added by the HACKARMY-B TROJAN!	No
Winsock32driver	X	ZoneLockup.exe	Added by the HACARMY.D TROJAN!	No
Zoom	U	zoom.exe	Zoom - speeds up Windows startup and manages startup applications	No
Zooming	U	ZoomingHook.exe	Toshiba Zooming Utility - found on Toshiba laptops and Tablet PCs. It allows users to zoom in (or magnify) text	No
ZoomingHook	U	ZoomingHook.exe	Toshiba Zooming Utility - found on Toshiba laptops and Tablet PCs. It allows users to zoom in (or magnify) text	No
zoorfat	X	zoorfat.exe	Added by the INHOO TROJAN!	No
ZPLED	Y	ZPKBDLED.exe	Driver for the Advent ADE-AD2 Wireless Keyboard	No
Zero PoPup Killer XP	U	zpk_xp.exe	Intelligent anti-pop-up software product by Ax-Soft	No
ZPOINT32	Y	ZPOINT32.exe	USB graphics/writing tablet driver	No
SystemSecurity	X	zprot32.exe	Added by the AGENT-FK TROJAN!	No
Terminate Popup	X	ZPU.exe	Free Popup Killer - foistware proven to install the Regsvc32 homepage hijacker. Also see here	No
Intel Common User Interface	X	zpyemhvct.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent.ICU. The file is located in %CommonAppData%\Intel0	No
star4	X	Zred2.exe	Detected by Trend Micro as TSPY_BANCOS.SMAM and by Malwarebytes Anti-Malware as Trojan.Banker	No
StreamZap Remote	U	zremote.exe	StreamZap PC Remote - control Windows Media Player, iTunes, RealPlayer, Winamp, PowerPoint, MusicMatch Jukebox, and many other multimedia applications	No
Flash Media	X	zrpkï¿½ï¿½'ï¿½'%''msn'ï¿½%'fix''.exe	Added by a variant of the IRCBOT BACKDOOR!	No
OpenApizs	X	zrscbm.exe	Added by the AGENT.RLH TROJAN!	No
MoveSearch	X	zsearch.exe	Detected by Symantec as Adware.PigSearch and by Malwarebytes Anti-Malware as Adware.PigSearch. The file is located in %ProgramFiles%\HuaCi\huaci	No
Windows	X	Zser.exe	Added by the CULLER-D WORM!	No
Andware Defence	X	Zsoft32.exe	Added by the GAOBOT.OO WORM!	No
ZSScheduler	U	zsscheduler.dll	ZeroSpyware from FBM Software	No
ZSSnp211	N	ZSSnp211.exe	Vimicro based webcam driver - as used by both internal (laptop) and external webcams from Vimicro themselves, A4tech, Canon and others	No
zSearch	X	Zstb.exe	TotalVelocity zSearch parasite	No
Adobe	X	zteam.exe	Added by an unidentified TROJAN!	No
Jun Lozada	X	ztescd32.exe	Detected by Sophos as W32/AutoRun-XU	No
Microsoft Autorun14	X	ztinetzt.exe	Detected by Symantec as W32.Ogleon.A	No
zts2.exe	X	zts2.exe	Detected by Trend Micro as TSPY_ONLINEGA.ZP and by Malwarebytes Anti-Malware as PasswordStealer.Lmir	No
Zune Launcher	N	ZuneLauncher.exe	Automatically launches the Zune software for Microsoft's Zune media players when they're connected to your PC. The software can be used to manage media, rip and burn CDs/DVDs, create playlists, sync your player to your computer, etc	Yes
Zune®	N	ZuneLauncher.exe	Automatically launches the Zune software for Microsoft's Zune media players when they're connected to your PC. The software can be used to manage media, rip and burn CDs/DVDs, create playlists, sync your player to your computer, etc	Yes
ZuneLauncher	N	ZuneLauncher.exe	Automatically launches the Zune software for Microsoft's Zune media players when they're connected to your PC. The software can be used to manage media, rip and burn CDs/DVDs, create playlists, sync your player to your computer, etc	Yes
zunzudwekagy	X	zunzudwekagy.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent.US. The file is located in %UserProfile% - see here	No
zupacha.exe	X	zupacha.exe	Added by the DROPPER-QL TROJAN!	No
b3dUpdate	X	Zupdate.exe	Associated with B3d Projector foistware - see here	No
Update	X	Zupdate.exe	Associated with B3d Projector foistware - see here	No
Zupdate	X	Zupdate.exe	Associated with B3d Projector foistware - see here	No
OvisLink WL-5430USB	U	ZUtility.exe	Wireless LAN configuration utility for the OvisLink WL-5430USB 802.11g Pen-Size WLAN USB Adapter	No
zuuijuq	X	zuuijuq.exe	Added by the SILLYFDC-T MALWARE!	No
MSConfig	X	zvgzlwvo.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %UserProfile%	No
Zvmtiezxgpnpyxnw.exe	X	Zvmtiezxgpnpyxnw.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %AppData%	No
icrosoft Visual InterDevc	X	zvslmqb.exe	Added by the RBOT-AYP WORM!	No
chrome	X	zVZYJlTnrl.exe	Detected by Dr.Web as Trojan.DownLoader4.23314. Note - this is not a legitimate Google Chrome browser file	No
Windows Recylinder Check	X	zwdomsgemw.exe	Added by the RBOT-EGJ WORM!	No
ksrlnhm	X	zxatgso.exe	Added by the DLOADER-LI TROJAN!	No
[various names]	X	zxc.exe	Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page	No
win_drivr32	X	zxhstn.exe	Detected by Trend Micro as TROJ_SMALL.CXO	No
cdca408e3cbf7b0daaa425b5705221a4	X	zxvbnmasfhjlqertyuiop.exe	Detected by McAfee as RDN/Generic.dx!bb3 and by Malwarebytes Anti-Malware as Backdoor.Agent.TRJ	No
VasddwDg	X	zxXZwd.exe	Added by the SDBOT-SN WORM!	No
ZyAIR B-122 Utility	U	ZyAIR.exe	ZyXEL ZyAIR B-122 wireless LAN configuration utility	No
ZyAIR PCcard Utility	U	ZyAIR.exe	ZyXEL ZyAIR PCcard wireless LAN configuration utility	No
ZyAIR USB Utility	U	ZyAIR.exe	ZyXEL ZyAIR wireless LAN configuration utility	No
zyblasqumwan	X	zyblasqumwan.exe	Detected by McAfee as RDN/Generic.tfr!a and by Malwarebytes Anti-Malware as Trojan.Agent.US	No
ZynExplore	X	ZynExplore.exe	Detected by Malwarebytes Anti-Malware as Adware.Agent. The file is located in %UserTemp%	No
zytyzykquldy	X	zytyzykquldy.exe	Detected by McAfee as RDN/Downloader.a!g and by Malwarebytes Anti-Malware as Trojan.Agent.US	No
dsd	X	zz.exe	Added by the RBOT-FOX WORM!	No
zzb	X	zzb.exe	IAGold adware	No
zzb2	X	zzb2.exe	IAGold adware	No
MSMSGNER	X	zzgf.exe	Added by the PWS-CCB TROJAN!	No
gshp	X	zzgshp.vbs	Homepage hi-jacker	No
Microsoft Security Panagers	X	zzoboony.exe	Added by the RBOT-AOI WORM!	No

Notes & Warnings

If you can help identify new entries and verify/identify those entries with a "?" status (especially hardware specific - such as laptops and motherboards) then please E-mail us (startups_at_pacs-portal_dot_co_dot_uk).

"Status" key:

"Y" - Normally leave to run at start-up
"N" - Not required or not recommended - typically infrequently used tasks that can be started manually if necessary
"U" - User's choice - depends whether a user deems it necessary
"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
"?" - Unknown

Variables:

%System% - refers to the System folder; by default this is
- C:\Windows\System32 (7/Vista/XP)
- C:\Winnt\System32 (2K)
- C:\Windows\System (Me/9x)
%Windir% - refers to the Windows installation folder; by default this is
- C:\Windows (7/Vista/XP/Me/9x)
- C:\Winnt (2K)
%ProgramFiles% - refers to the Program Files folder; typically the path is C:\Program Files
%CommonFiles% - refers to the Common Program Files folder; typically the path is C:\Program Files\Common Files
%Root% - refers to the highest directory level on a hard drive - i.e., C:\, D:\
%UserProfile% - refers to the current user's profile folder; by default this is
- C:\Users\{user} (7/Vista)
- C:\Documents and Settings\{user} (XP/2K)
%AllUsersProfile% - refers to the common profile folder for all users; by default this is
- C:\Users\All Users (7/Vista)
- C:\Documents and Settings\All Users (XP/2K)
%AppData% - refers to the current user's Application Data folder; by default this is
- C:\Users\{user}\AppData\Roaming (7/Vista)
- C:\Documents and Settings\{user}\Application Data (XP/2K)
%CommonAppData% - refers to the common Application Data folder for all users; by default this is
- C:\ProgramData (7/Vista - Note: this directory is hidden by default)
- C:\Documents and Settings\All Users\Application Data (XP/2K)
%LocalAppData% - refers to the current user's Local Application Data folder; by default this is
- C:\Users\{user}\AppData\Local (7/Vista)
- C:\Documents and Settings\{user}\Local Settings\Application Data (XP/2K)
%MyDocuments% - refers to the current user's Documents folder; by default this is
- C:\Users\{user}\Documents (7/Vista)
- C:\Documents and Settings\{user}\My Documents (XP/2K)
%CommonDocuments% - refers to the current user's Documents folder; by default this is
- C:\Users\Public\Documents (7/Vista)
- C:\Documents and Settings\All Users\Documents (XP/2K)
%UserTemp% - refers to the current user's Temp folder; by default this is
- C:\Users\{user}\AppData\Local\Temp (7/Vista)
- C:\Documents and Settings\{user}\Local Settings\Temp (XP/2K)
%WinTemp% - refers to the Windows Temp folder; typically the path is C:\Windows\Temp
%Temp% - refers to either or both of the %UserTemp% and %WinTemp% folders where the location isn't specified, or %Root%\Temp
%Templates% - refers to the current user's Templates folder; by default this is
- C:\Users\{user}\AppData\Roaming\Microsoft\Windows\Templates (7/Vista)
- C:\Documents and Settings\{user}\Templates (XP/2K)
%UserStartup% - refers to the current user's Startup folder; by default this is
- C:\Users\{user}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup (7/Vista)
- C:\Documents and Settings\{user}\Start Menu\Programs\Startup (XP/2K)
%AllUsersStartup% - refers to the All User Startup folder; by default this is
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup (7/Vista - Note: this directory is hidden by default)
- C:\Documents and Settings\All Users\Start Menu\Programs\Startup (XP/2K)

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. We will not be held responsible if changes you make cause a system failure.

WARNING: This is NOT a database of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a database of start-up applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at start-up. For a list of tasks/processes you should try the Process Library from Uniblue, the list at PC Pitstop or one of the many others now available. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSConfig or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.

To avoid the database becoming too large, all malware entries are only shown using the registry version which is common to all Windows versions. Otherwise there would be multiple entries for popular filenames that viruses often use - such as "svchost.exe" above for example. Multiple malware can also use the same start-up entries, in this case only those with significant differences (such as file location) are repeated in this database.

As more than 15K entries in this database related to malware you should use a quality internet security package. Which ever you choose, keep it updated and get the latest version at least every two years.

There are a number of virus and malware entried listed in this database where specific removal instructions haven't been given. If this is the case then you could try ComboFix, a program written by sUBs that can remove many different types of Trojans and Worms. See here for a tutorial on how to use the program

NOTE: A number of entries are repeated due to the way that different operating systems display startup items. For example, WinMe lists "POPROXY.EXE" as "Norton eMail Protect" in both MSCONFIG and the registry whereas WinXP lists it as "Poproxy" in MSCONFIG and "Norton eMail Protect" in the registry.

SERVICES: "Services" from the NT/2K/XP/Vista/7 operating systems are not included. We fully understand that some programs with these OS's use "Services" as an alternative to load their component parts at startup but these are handled in a different way. We recommend you try BlackViper for information on services for the relevant operating systems.

Copyright

Presentation, format & comments Copyright © 2001 - 2012 Pacman's Portal
Portions Copyright © Peter Forrest, Denny Denham, Sylvain Prevost, Tony Klein, CastleCops & Bleeping Computer
Powered by Malwarebytes
All rights reserved

Site Map

Home