|Index||Introduction||Database||Detailed Entries||Updates||Concise List||HJT Forums||Rogues||Message Board|
If you're frustrated with the time it takes your Windows 7/Vista/XP PC to boot and then it seems to be running slowly you may have too many programs running at start-up - and you have come to the right place to identify them. This is the original start-up programs (as opposed to processes/tasks) list - one of the most accurate and comprehensive. Services are not included - see below. For further information on this and how to identify and disable start-up programs please visit the Introduction page.
See here for further information on random entries - which are typically added by viruses and other malware or unwanted programs.
Last database update :- 30th November, 2013
37165 items listed
Alternatively, you can search the full database or use the alphabetical index on that page.FIRST PREV ( Page 507 of 744 ) NEXT LAST
You can also manually change the page number in the address bar.
|Startup Item or Name||Status||Command or Data||Description||Tested|
|Norton SystemWorks||N||SrtStub.exe sysdoc32.exe||Part of the version of Norton Utilities included with the now discontinued Norton SystemWorks 2009 (12.0) suite. This is the Vista MSConfig/Windows Defender entry for the launcher for Norton System Doctor - which "continuously monitors your computer to keep it free of problems and running at peak efficiency. It can alert you immediately when conditions require attention, and can fix many problems automatically, without interrupting your work"||Yes|
|Norton Utilities||N||SrtStub.exe sysdoc32.exe||Part of the version of Norton Utilities included with the now discontinued Norton SystemWorks 2008 (11.0) suite. This is the Vista MSConfig/Windows Defender entry for the launcher for Norton System Doctor - which "continuously monitors your computer to keep it free of problems and running at peak efficiency. It can alert you immediately when conditions require attention, and can fix many problems automatically, without interrupting your work"||Yes|
|nominghost||X||sRUEnghost.exe||Detected by Malwarebytes Anti-Malware as Trojan.Agent.APLGen. The file is located in %MyDocuments%\Windows\AppLoc||No|
|Classes||X||srv.exe||First2Enter or Plus18Point - Switch dialer and hijacker variants, see here. Also detected as the SWITCH-A TROJAN!||No|
|Classes||X||srv2.exe||Plus18Point - Switch dialer and hijacker variant, see here. Also detected as the SWITCH-A TROJAN!||No|
|Srv32||X||Srv32.exe||Added by the OPASERV.J WORM!||No|
|Userinterface Reporter||X||srv32.exe||ISTBar adware||No|
|Srv325||X||Srv325.exe||Added by the AGOBOT-PR WORM!||No|
|Live update monitor||X||srvany32.exe||Detected by Trend Micro as WORM_AGOBOT.AFM||No|
|johnj315||X||srvc.exe||Added by a variant of the MAILBOT-BI TROJAN!||No|
|Local runole service||X||srvc32.exe||Added by the SMALL-DP TROJAN!||No|
|johnj3155||X||srvcc.exe||Added by a variant of the MAILBOT-BI TROJAN!||No|
|johkjh||X||srvd.exe||Added by a variant of the SLAPER TROJAN!||No|
|johnj3cd||X||srvdc.exe||Added by a variant of the SLAPER TROJAN!||No|
|Services DLL Loader||X||srvdll.exe||Added by the SLENFBOT.ZS WORM!||No|
|srvexc.exe||X||srvexc.exe||Added by the SERVSAX TROJAN!||No|
|Pluto! Pager||X||srvhandle.exe||Added by the REDPLUT VIRUS!||No|
|system handler||X||srvhandle.exe||Added by the REDPLUT VIRUS!||No|
|Generic Service Process||X||srvhost.exe||Detected by Sophos as W32/Agobot-FX and by Malwarebytes Anti-Malware as Backdoor.IRCBot.Gen||No|
|Srv Host||X||srvhost.exe||Added by a variant of the IRCBOT BACKDOOR! See here||No|
|srvhost||X||srvhost.exe||Added by the LIVUP.A BACKDOOR!||No|
|srvprc||U||srvprc.exe||ActMon surveillance software. Uninstall this software unless you put it there yourself||No|
|srwatch.exe||Y||srwatch.exe||Check Point SecuRemote VPN client - "dynamic and fixed IP addressing for all ISP services - dial-up, cable modem, or DSL - the ideal solution for telecommuters and mobile workers"||No|
|Microsoft Windows System||X||srwhost.exe||Added by the RBOT-AWU WORM!||No|
|SrxRwxyu||X||srxrwxyu.exe||Added by the RAMNIT-U TROJAN!||No|
|srxTray||N||srxTray.exe||Titan FTP Server - FTP server||No|
|sm||X||sr_exe.exe||Added by the LUKUSPAM TROJAN!||No|
|3722b7e8aa30d0dfc5fe9f8b6f0a227e||X||ss.exe||Detected by Malwarebytes Anti-Malware as Trojan.MSIL.GenX. The file is located in %UserProfile%||No|
|OnlinePCfix SmoothSurfer||U||SS.exe||Smooth-Surfer - blocks banners, ads, popups, and cleans MRU and Recent file lists||No|
|SecretSmileys||U||ss.exe||Secret Smileys add-on for AIM "that provides users access to 1000's of new Smileys that can be viewed by anyone using a current version of AIM. Secret Smileys also adds other features such as logging of IM conversations, and it gets rid of that annoying advertisement on your buddy list window"||No|
|SurfSecret||U||ss2-full.exe||Privacy Protector from SurfSecret - internet history and file cleaner "is an easy and powerful tool for users who hold their online privacy sacred"||No|
|SecurityScanner||X||ss2008.exe||Security Scanner 2008 rogue security software - not recommended, removal instructions here||No|
|SSA.exe||Y||SSA.exe||Bell Sympatico Security Advisor tool installed when you choose to install their internet security suite - sourced by Radialpoint. Apart from downloading the suite installation files, the exact purpose is unknown at this time but it may be used to source critical updates and alerts so should therefore be left enabled||No|
|SsAAD||N||SsAAD.exe||Starts Sony's SonicStage CP digital music manager automatically when an ATRAC audio device is connected - such as a Walkman MP3 player or a PlayStation® Portable||Yes|
|SsAAD.exe||N||SsAAD.exe||Starts Sony's SonicStage CP digital music manager automatically when an ATRAC audio device is connected - such as a Walkman MP3 player or a PlayStation® Portable||Yes|
|SS Admin 32||X||ssadm32.exe||Added by the RBOT.OZ WORM!||No|
|yjocojww||X||ssahorjuerb.exe||Added by the FAKEAV-CJN TROJAN!||No|
|WINDOWS SCREENSAVER||X||ssaver.scr||Added by the SDBOT-YZ WORM!||No|
|MSConfig||X||ssbamyln.exe||Detected by Malwarebytes Anti-Malware as Trojan.Agent.Gen. The file is located in %UserProfile%||No|
|SSBkgdUpdate||N||SSBkgdupdate.exe||Automatic updates for ScanSoft (now Nuance) products such as OmniPage and PaperPort. Can be disabled using the main program's options. Note - if you have a Soundblaster Audigy2 ZS soundcard installed on your computer and the volume of your sound system is turned on extremely high disabling this will solve the problem||No|
|System Security Checker||X||ssc.exe||Added by the IRCBOT-WI TROJAN!||No|
|ushli||X||sscbltqu.exe||Obtained from an MP3 search list site. Also generates random processes on reboot||No|
|sixer566||X||sscc.exe||Added by a variant of the MAILBOT TROJAN!||No|
|SSCFBTN.EXE||U||SSCFBTN.EXE||Samsung smarthru software,used with Lexmark Z82 or Samsung multifunction printers||No|
|system||X||ssclie.exe||Detected by Kaspersky as Backdoor.Win32.Agent.lw||No|
|Media Software UPdater||X||sscs.exe||Added by the RBOT-ABE WORM!||No|
|Yahoo Messengger||X||SSCVIHOST.exe||Added by the SOHANA-W WORM!||No|
|Yahoo Messengger||X||SSCVIIHOST.exe||Added by the SOHANA-Y WORM!||No|
|SSC Service Utility||U||ssc_serv.exe||SSC Service Utility printer utility will "allow you to do many amazing things with Your Epson printer"||No|
FIRST PREV ( Page 507 of 744 ) NEXT LAST
You can also manually change the page number in the address bar.
If you can help identify new entries and verify/identify those entries with a "?" status (especially hardware specific - such as laptops and motherboards) then please E-mail us (startups_at_pacs-portal_dot_co_dot_uk).
DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. We will not be held responsible if changes you make cause a system failure.
WARNING: This is NOT a database of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a database of start-up applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at start-up. For a list of tasks/processes you should try the Process Library from Uniblue, the list at PC Pitstop or one of the many others now available. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSConfig or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.
To avoid the database becoming too large, all malware entries are only shown using the registry version which is common to all Windows versions. Otherwise there would be multiple entries for popular filenames that viruses often use - such as "svchost.exe" above for example. Multiple malware can also use the same start-up entries, in this case only those with significant differences (such as file location) are repeated in this database.
As more than 15K entries in this database related to malware you should use a quality internet security package. Which ever you choose, keep it updated and get the latest version at least every two years.
There are a number of virus and malware entried listed in this database where specific removal instructions haven't been given. If this is the case then you could try ComboFix, a program written by sUBs that can remove many different types of Trojans and Worms. See here for a tutorial on how to use the program
NOTE: A number of entries are repeated due to the way that different operating systems display startup items. For example, WinMe lists "POPROXY.EXE" as "Norton eMail Protect" in both MSCONFIG and the registry whereas WinXP lists it as "Poproxy" in MSCONFIG and "Norton eMail Protect" in the registry.
SERVICES: "Services" from the NT/2K/XP/Vista/7 operating systems are not included. We fully understand that some programs with these OS's use "Services" as an alternative to load their component parts at startup but these are handled in a different way. We recommend you try BlackViper for information on services for the relevant operating systems.
Presentation, format & comments Copyright © 2001 - 2012 Pacman's Portal
Portions Copyright © Peter Forrest, Denny Denham, Sylvain Prevost, Tony Klein, CastleCops & Bleeping Computer
Powered by Malwarebytes
All rights reserved