Index Introduction Database Detailed Entries Updates Concise List HJT Forums Rogues Message Board

Windows startup programs - Browse database

If you're frustrated with the time it takes your Windows 8/7/Vista/XP PC to boot and then it seems to be running slowly you may have too many programs running at start-up - and you have come to the right place to identify them. This is the original start-up programs (as opposed to processes/tasks) list - one of the most accurate and comprehensive. Services are not included - see below. For further information on this and how to identify and disable start-up programs please visit the Introduction page.

See here for further information on random entries - which are typically added by viruses and other malware or unwanted programs.

Last database update :- 27th August, 2015
46115 items listed

Entries are sorted by the Command/Data field. Alternatively, you can search the full database or use the alphabetical index on that page.

FIRST PREV ( Page 507 of 923 ) NEXT LAST

You can also manually change the page number in the address bar.

Startup Item or Name Status Command or Data Description Tested
RegmanXRegistrySweeperPro.exeRegistrySweeper rogue registry cleaner - not recommendedNo
REGIST~1UREGIST~1.EXEPart of the OCR software TextBridge Pro 9.0 (and possibly earlier versions). Typically used with imaging devices such as scanners and digital cameras for creating text documents from images. This item will probably be displayed twice and will re-instate itself whenever you start the main program so leave it - once started it frees the memory it used. Its purpose and an explanation of how to correct a problem it creates for "Send To" can be found here. Note that you don't have to uninstall TextBridge for this fix to work and the program works fine afterwards. Not used on later versions of the software - hence the 'U' recommendationNo
RegisterDropHandlerUREGIST~1.EXEPart of the OCR software TextBridge Pro 9.0 (and possibly earlier versions). Typically used with imaging devices such as scanners and digital cameras for creating text documents from images. This item will probably be displayed twice and will re-instate itself whenever you start the main program so leave it - once started it frees the memory it used. Its purpose and an explanation of how to correct a problem it creates for "Send To" can be found here. Note that you don't have to uninstall TextBridge for this fix to work and the program works fine afterwards. Not used on later versions of the software - hence the 'U' recommendationNo
Mircrosoft Technic HelpXRegKey.exeAdded by a variant of the SPYBOT WORM! See hereNo
DVD Region KillerNRegKillTray.exeElaborate Bytes' now discontinued DVD Region Killer utility enables you to play DVD titles made for different regions on your PC, without the hassle to switch the regionYes
RegKillTrayNRegKillTray.exeElaborate Bytes' now discontinued DVD Region Killer utility enables you to play DVD titles made for different regions on your PC, without the hassle to switch the regionYes
CheckScan32Xregload16.exeDetected by Trend Micro as WORM_AEBOT.KNo
Registry LoaderXregloadr.exeDetected by Symantec as W32.HLLW.Gaobot.AONo
RegmonitorXregmaping.exeAdded by the BEAGLE.DO WORM!No
Registry MechanicNRegMech.exePart of Registry Mechanic from PC Tools - which "is an advanced registry cleaner for Windows that can safely clean, repair and optimize your registry in a few simple mouse clicks!". This entry is created when Registry Mechanic is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabled. Run manually at regular intervalsYes
RegistryMechanicNRegMech.exePart of Registry Mechanic from PC Tools - which "is an advanced registry cleaner for Windows that can safely clean, repair and optimize your registry in a few simple mouse clicks!". This entry is created when Registry Mechanic is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabled. Run manually at regular intervalsYes
RegMechNRegMech.exePart of Registry Mechanic from PC Tools - which "is an advanced registry cleaner for Windows that can safely clean, repair and optimize your registry in a few simple mouse clicks!". This entry is created when Registry Mechanic is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabled. Run manually at regular intervalsYes
Registry MonitorXregmon.exeAdded by the BCKDR-QKH BACKDOOR!No
CheckRegDefragOnceYregopt.exeRegistry Defragger and Optimizer from the Advanced System Optimizer utility suite by Systweak IncNo
wininet.dllXregperf.exeDetected by Symantec as Trojan.ZlobNo
RegPowerCleanXRegPowerClean.exeRegistry Power Cleaner rogue registry cleaner - not recommendedNo
AUTOPROPNREGPROP.EXE WMPADDIN.DLLBoth the files are in the MS Office/Bots/FP_WMP directory. Apparently, it registers the FrontPage WiMP extensionNo
RegProtYRegprot.exeRegistryProt from Diamond Computer Systems - protects the system registry against changesNo
Registry ProtectorXregprotect.exeDetected by Trend Micro as WORM_ARIVER.ANo
RegptmensXRegptmens.exeDetected by Sophos as Troj/Bancos-EDNo
Registry CheckerXRegrun.exeDetected by Symantec as Backdoor.SdbotNo
Windows Services AgantXregs32.exeAdded by the SDBOT-DIK WORM!No
RegScanXRegscan.exeAdded by the TALEX TROJAN!No
Windows Registry ScanXregscan.exeAdded by the RBOT-HA WORM!No
Windows Registry ScanXregscan23.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Windows Registry ScanXregscan32.exeDetected by Trend Micro as WORM_RBOT.KENo
RegscanXregscanr.exeDetected by Sophos as Troj/Optix-SENo
Server RegistryXregscr32.exeAdded by the BIFROSE-ZB TROJAN!No
Windows Update ServiceXregscv.exeDetected by Sophos as W32/Agobot-AMNo
Registry ServerXregserv.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
Windows Registry ServicesXregserv.exeAdded by the SLENFBOT.BB WORM!No
WindowsUpdateRXregserv.exeAdded by the Nurech trojan!No
RegServer?regserve.exeRelated to XGI Technology's Volari graphics cards - what does it do and is it required?No
regservices.exeXregservices.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
RegShaveNregshave.exePart of the USB driver for your Fuji digital cameras - used when uninstalling the USB drivers, erasing all entries from the registry. Only required BEFORE attempting to uninstall the Fuji software or the uninstall may not work correctlyNo
regsrv.exeXregsrv.exeDetected by Malwarebytes Anti-Malware as PasswordStealer.Agent. The file is located in %System%No
System ProfileXregsrv.exeDetected by Trend Micro as BKDR_OPTIX.12BNo
[executed file name]XRegsrv32.comAdded by the SOUTHGHOST WORM!No
REGEDITXRegsrv32.comAdded by the SOUTHGHOST WORM!No
Microsoft DLL RegistrationXregsrv32.exeDetected by Trend Micro as TROJ_VICENOR.AE and by Malwarebytes Anti-Malware as Backdoor.Agent.MDRNo
Reg ServiceXREGSRV32.EXEAdded by the RBOT.ZW WORM!No
Registry ServerXregsrv32.exeAdded by the RBOT-GM WORM!No
Server RegistryXregsrv32.exeAdded by the VB-EJD TROJAN!No
Windows Primary LoginXregsrv32.exeDetected by Microsoft as Worm:Win32/Pushbot and by Malwarebytes Anti-Malware as Backdoor.Agent. The file is located in %AppData%\O-858454-6314-2-64No
Microsoft DLL RegistrationsXregsrv34.exeDetected by Malwarebytes Anti-Malware as Trojan.Agent.AQM. The file is located in %AppData%No
Microsoft DLL RegistrationXregsrv64.exeDetected by Sophos as Troj/VBKrypt-AL and by Malwarebytes Anti-Malware as Backdoor.Agent.MDRNo
RegSrv64DXRegSrv64D.exEAdded by the WINKO.AO WORM!No
HControlUserXRegSrvc.exeDetected by Dr.Web as Trojan.MulDrop4.3133No
regsrvcXregsrvc.exeDetected by Sophos as Troj/Stoped-ANo
Windows UpdateXRegSrvc32.exeDetected by Dr.Web as Trojan.DownLoader8.703 and by Malwarebytes Anti-Malware as Worm.InjectNo

 

FIRST PREV ( Page 507 of 923 ) NEXT LAST

You can also manually change the page number in the address bar.

Notes & Warnings

If you can help identify new entries and verify/identify those entries with a "?" status (especially hardware specific - such as laptops and motherboards) then please E-mail us (startups_at_pacs-portal_dot_co_dot_uk).

"Status" key:

Variables:

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. We will not be held responsible if changes you make cause a system failure.

WARNING: This is NOT a list of tasks/processes taken from the Task Manager (CTRL+SHIFT+ESC) "Processes" tab. This displays some startup programs AND other background tasks and "Services". These pages are concerned with startup programs from the common startup locations shown above ONLY. Please do not submit entries collected from this method as they will not be used. For a list of tasks/processes you should try the list at PC Pitstop, the Process Library from Uniblue or one of the many others now available.

Therefore, before ending a task/process via CTRL+SHIFT+ESC just because it has an "X" recommendation, please check whether it's in the registry or common startup locations first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+SHIFT+ESC. If in doubt, don't do anything.

To avoid the database becoming too large, all malware entries are only shown using the registry version which is common to all Windows versions. Otherwise there would be multiple entries for popular filenames that viruses often use - such as "svchost.exe" above for example. Multiple malware can also use the same start-up entries, in this case only those with significant differences (such as file location) are repeated in this database.

As more than 25K entries in this database related to malware you should use a quality internet security package. Which ever you choose, keep it updated and get the latest version at least every two years.

There are a number of virus and malware entries listed in this database where specific removal instructions haven't been given. If this is the case then you could try ComboFix, a program written by sUBs that can remove many different types of Trojans and Worms. See here for a tutorial on how to use the program.

NOTE: A number of entries are repeated due to the way that different operating systems display startup items. For example, WinMe lists "POPROXY.EXE" as "Norton eMail Protect" in both MSCONFIG and the registry whereas WinXP lists it as "Poproxy" in MSCONFIG and "Norton eMail Protect" in the registry.

SERVICES: "Services" from the Windows 8/7/Vista/XP/2K/NT operating systems are not included. We fully understand that some programs with these OS's use "Services" as an alternative to load their component parts at startup but these are handled in a different way. We recommend you try BlackViper for information on services for the relevant operating systems.

Copyright

Presentation, format & comments Copyright © 2001 - 2015 Pacman's Portal
Portions Copyright © Peter Forrest, Denny Denham, Sylvain Prevost, Tony Klein, CastleCops & Bleeping Computer
Powered by Malwarebytes
All rights reserved

Valid XHTML 1.0 Transitional

Privacy Policy Site Map Home