Index Introduction Database Detailed Entries Updates Concise List HJT Forums Rogues Message Board

Windows startup programs - Browse database

If you're frustrated with the time it takes your Windows 10/8/7/Vista/XP PC to boot and then it seems to be running slowly you may have too many programs running at start-up - and you have come to the right place to identify them. This is the original start-up programs (as opposed to processes/tasks) list - one of the most accurate and comprehensive. Services are not included - see below. For further information on this and how to identify and disable start-up programs please visit the Introduction page.

See here for further information on random entries - which are typically added by viruses and other malware or unwanted programs.

Last database update :- 29th September, 2017
52090 listed

Entries are sorted by the Command/Data field. Alternatively, you can search the full database or use the alphabetical index on that page.

FIRST PREV ( Page 507 of 1042 ) NEXT LAST

You can also manually change the page number in the address bar.

Startup Item or Name Status Command or Data Description Tested
ODSPConfigUODSPConfig.exeDsktopSurveil surveillance software. Uninstall this software if you did not install it yourselfNo
OdTray.exeUOdTray.exeSystem Tray access to Odyssey Access Client software from Juniper Networks, Inc (formerly by Funk Software) - which "delivers secure connectivity for global enterprises and government agencies through uncompromised login credentials and quick, easy deployment"No
ZangoOEXOEAddOn.exenCase/Zango adware - detected by Malwarebytes as Adware.Zango. Also see the archived version of Andrew Clover's page. The file is typically located in %ProgramFiles%\Zango\bin\[version]No
HotbarOEXOEAddOn.exeHotbar adware. The file is typically located in %ProgramFiles%\Hotbar\Bin\[version]No
SpamBlockerUtilityOEXOEAddOn.exeSpam Blocker Utility adware by the people who provide the Hotbar adware. The file is typically located in %ProgramFiles%\SpamBlockerUtility\Bin\[version]No
SeekmoOEXOEAddOn.exeSeekmo Search Assistant adware. The file is typically located in %ProgramFiles%\Seekmo\bin\[version]No
SystemXOeApi.vbsDetected by McAfee as VBS/AguiNo
OeloaderXOeloader.exeXupiter OrbitExplorer toolbar related. Drive-by foistware. Use Malwarebytes, Spybot S&D, Ad-Aware or similar to detect and remove and to prevent it re-installing in the futureNo
OEM02Mon.exeNOEM02Mon.exeLauncher for the Creative Live! Cam Console for one of their webcams. You can use the console to toggle Face Tracking ON and OFF, adjust brightness, contrast, colour, burst rate, gain, etcNo
OEM03Mon.exeNOEM03Mon.exeLauncher for the Creative Live! Cam Console for one of their webcams. You can use the console to toggle Face Tracking ON and OFF, adjust brightness, contrast, colour, burst rate, gain, etcNo
OEM04Mon.exeNOEM04Mon.exeLauncher for the Creative Live! Cam Console for one of their webcams. You can use the console to toggle Face Tracking ON and OFF, adjust brightness, contrast, colour, burst rate, gain, etcNo
OEM05Mon.exeNOEM05Mon.exeLauncher for the Creative Live! Cam Console for one of their webcams. You can use the console to toggle Face Tracking ON and OFF, adjust brightness, contrast, colour, burst rate, gain, etcNo
OEM07Mon.exeNOEM07Mon.exeLauncher for the Creative Live! Cam Console for one of their webcams. You can use the console to toggle Face Tracking ON and OFF, adjust brightness, contrast, colour, burst rate, gain, etcNo
OEM08Mon.exeNOEM08Mon.exeLauncher for the Creative Live! Cam Console for one of their webcams. You can use the console to toggle Face Tracking ON and OFF, adjust brightness, contrast, colour, burst rate, gain, etcNo
OEM13Mon.exeNOEM13Mon.exeLauncher for the Creative Live! Cam Console for one of their webcams. You can use the console to toggle Face Tracking ON and OFF, adjust brightness, contrast, colour, burst rate, gain, etcNo
NeuroSpeech OESpeakerNOEMonitor.exePart of the now discontinued OESpeaker by NeuroSpeech - a program that allows you to listen to long E-mails instead of reading them in Outlook Express. OEMonitor.exe checks whether OE is open or notNo
OEMCLEANUPNoemreset.exeResets OEM installation settings at bootup. Not required unless you're new to PC'sNo
OEMResetNOEMReset.exeResets OEM installation settings at bootup. Not required unless you're new to PC'sNo
OEMRUNONCEUoemrun.exeWindows Millennium file - used by setup when installing the OEM 'express' version of the operating system. Uncheck after setup has finishedNo
oeprsrvYoeprsrv.exeOutlook Express Privacy - which "lets you control access to Outlook Express and its email message database. When you enable protection, the program disables access to the message database and address book files. As a result, when you open Outlook Express or Windows Address Book, a password will be asked for authentication." If protection within the program is enabled and this entry is disabled Outlook Express will fail to runYes
oeprsrv.exeYoeprsrv.exeOutlook Express Privacy - which "lets you control access to Outlook Express and its email message database. When you enable protection, the program disables access to the message database and address book files. As a result, when you open Outlook Express or Windows Address Book, a password will be asked for authentication." If protection within the program is enabled and this entry is disabled Outlook Express will fail to runYes
oepsrvYoepsrv.exeOutlook Express Protector from Ixis Research, Ltd - which is "designed for controlling access to Outlook Express and its e-mail and address data bases. Outlook Express Protector does not encrypt protected files and folders, however no programs can get access to them when the program is active." If protection within the program is enabled and this entry is disabled Outlook Express will fail to runYes
oepsrv.exeYoepsrv.exeOutlook Express Protector from Ixis Research, Ltd - which is "designed for controlling access to Outlook Express and its e-mail and address data bases. Outlook Express Protector does not encrypt protected files and folders, however no programs can get access to them when the program is active." If protection within the program is enabled and this entry is disabled Outlook Express will fail to runYes
KASPUOESpamTest.exeKaspersky Anti-SpamNo
OESpamTestUOESpamTest.ExEKaspersky Anti-SpamNo
oe_drop_spamXoesrv.exeDetected by McAfee as Adware-DropSpamNo
oessrvYoessrv.exeOutlook Express Security - which is used "to control access to Outlook Express and its databases. When it is active, Outlook Express becomes locked and no third-party programs can access its message base files and the address book. As a result, when you try to start Outlook Express, open the address book or access the files, a password will be asked to allow access." If protection within the program is enabled and this entry is disabled Outlook Express will fail to runYes
oessrv.exeYoessrv.exeOutlook Express Security - which is used "to control access to Outlook Express and its databases. When it is active, Outlook Express becomes locked and no third-party programs can access its message base files and the address book. As a result, when you try to start Outlook Express, open the address book or access the files, a password will be asked to allow access." If protection within the program is enabled and this entry is disabled Outlook Express will fail to runYes
MicroUpdateXoEy2aXI.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
Enumerate_gtXoEy2aXI.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
Enumerate_gtstXoEy2aXI.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
Windows UpdateXoEy2aXI.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
Microsoft Winedows rpdateXofegmr.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%No
Hobbyist Software On-Off HelperUOff-Helper Configuration.exeOff Remote helper by Hobbyist Software - "lets you turn off, lock, sleep, log off and restart a PC or Mac directly from your iPhone, iPad or iPod touch"No
OffXoff.batDetected by Malwarebytes as Rogue.TechSupportScam. The file is located in %ProgramFiles%\[ComputerName]. Removal instructions hereNo
offc.pifXoffc.pifDetected by Malwarebytes as Trojan.Agent.FD. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
windowsmicrosoftXoffece.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.WMNo
offeceXoffece.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.ENo
OfferBLVDUOfferBLVDW.exeOfferBLVD (SnapDo) by Resoft is an ad-supported "solution for those who browse the web and compare prices in order to get the best possible deals." Detected by Malwarebytes as PUP.Optional.OfferBoulevard. The file is located in %ProgramFiles%\OfferBLVD. If bundled with another installer or not installed by choice then remove itNo
OfferBoulevardUOfferBoulevardW.exeOffer Blvd is a dynamic online tool that automatically offers you relevant deals according to your online searches in real time." Detected by Malwarebytes as PUP.Optional.OfferBoulevard. The file is located in %ProgramFiles%\OfferBoulevard. If bundled with another installer or not installed by choice then remove itNo
OfferBoxNOfferBox.exeOfferBox "personal shopping assistant that gathers the best offers and discounts helping users from France, Italy, Spain and soon Brazil save money on their online shopping"No
Offer CompanionXoffers.exeAdwareNo
OffersXoffers.exeAdwareNo
ChromeXOffice.exeDetected by McAfee as RDN/Generic.bfr!hp and by Malwarebytes as Backdoor.Agent.DCENo
darkXOffice.EXEDetected by Trend Micro as TROJ_BANLOAD.GWNo
BallXoffice.exeDetected by Malwarebytes as Spyware.HawkEyeKeyLogger.E. The file is located in %AppData%\schoolNo
SVCSHOSTXoffice.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp%No
SVCSHOSTXoffice.exeDetected by Dr.Web as Trojan.DownLoader6.49249. The file is located in %WinTemp%No
HKLMXoffice.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\worldNo
Installed shell32.dllXOffice.exeDetected by Trend Micro as WORM_LOVGATE.ENo

 

FIRST PREV ( Page 507 of 1042 ) NEXT LAST

You can also manually change the page number in the address bar.

Notes & Warnings

If you can help identify new entries and verify/identify those entries with a "?" status (especially hardware specific - such as laptops and motherboards) then please E-mail us (startups_at_pacs-portal_dot_co_dot_uk).

"Status" key:

Variables:

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. We will not be held responsible if changes you make cause a system failure.

WARNING: This is NOT a list of tasks/processes taken from the Task Manager (CTRL+SHIFT+ESC) "Processes" tab. This displays some startup programs AND other background tasks and "Services". These pages are concerned with startup programs from the common startup locations shown above ONLY. Please do not submit entries collected from this method as they will not be used. For a list of tasks/processes you should try the list at PC Pitstop, the Process Library from Uniblue or one of the many others now available.

Therefore, before ending a task/process via CTRL+SHIFT+ESC just because it has an "X" recommendation, please check whether it's in the registry or common startup locations first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+SHIFT+ESC. If in doubt, don't do anything.

To avoid the database becoming too large, all malware entries are only shown using the registry version which is common to all Windows versions. Otherwise there would be multiple entries for popular filenames that viruses often use - such as "svchost.exe" above for example. Multiple malware can also use the same start-up entries, in this case only those with significant differences (such as file location) are repeated in this database.

As more than 25K entries in this database related to malware you should use a quality internet security package. Which ever you choose, keep it updated and get the latest version at least every two years.

There are a number of virus and malware entries listed in this database where specific removal instructions haven't been given. If this is the case then you could try ComboFix, a program written by sUBs that can remove many different types of Trojans and Worms. See here for a tutorial on how to use the program.

NOTE: A number of entries are repeated due to the way that different operating systems display startup items. For example, WinMe lists "POPROXY.EXE" as "Norton eMail Protect" in both MSCONFIG and the registry whereas WinXP lists it as "Poproxy" in MSCONFIG and "Norton eMail Protect" in the registry.

SERVICES: "Services" from the Windows 8/7/Vista/XP/2K/NT operating systems are not included. We fully understand that some programs with these OS's use "Services" as an alternative to load their component parts at startup but these are handled in a different way. We recommend you try BlackViper for information on services for the relevant operating systems.

Copyright

Presentation, format & comments Copyright © 2001 - 2017 Pacman's Portal
Portions Copyright © Peter Forrest, Denny Denham, Sylvain Prevost, Tony Klein, CastleCops & Bleeping Computer
Powered by Malwarebytes
All rights reserved

Valid XHTML 1.0 Transitional

Privacy Policy Site Map Home