Index Introduction Database Detailed Entries Updates Concise List HJT Forums Rogues Message Board

Windows startup programs - Database search

If you're frustrated with the time it takes your Windows 10/8/7/Vista/XP PC to boot and then it seems to be running slowly you may have too many programs running at start-up - and you have come to the right place to identify them. This is the original start-up programs (as opposed to processes/tasks) list - one of the most accurate and comprehensive. Services are not included - see below. For further information on this and how to identify and disable start-up programs please visit the Introduction page.

See here for further information on random entries - which are typically added by viruses and other malware or unwanted programs.

Last database update :- 30th November, 2017
52420 listed

You can search for any of the following terms to find and display entries in the start-up programs database but the minimum search is 3 characters and you must click on the "Search" button. Results are sorted by the Startup Item/Name field.

Alternatively, you can browse the full database (without the search facility) over a number of pages or you can use the alphabetical index below to list the entries for that letter by the Command/Data field, but the results may take longer to appear due to the number of them:

A | B | C | D | E | F | G | H | I | J | K | L | B | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

NOTE: Searching for common words (i.e. "the" or "where") will mean the results take longer to appear due to the number of them.

Please click on the Search button

546 results found for O

Startup Item or Name Status Command or Data Description Tested
My Essentials Wireless USB UtilityUO-Maxwcui.exeBelkin My Essentials Wireless USB UtilityNo
QH Office 2K CheckYO2KCHECK.EXEPart of older versions of the range of internet security products from Quick Heal - including Total Security, Internet Security and AntiVirus. MS Office 2000 documents virus scannerNo
O3GGB0BV03MI.exeXO3GGB0BV03MI.exeDetected by Malwarebytes as Trojan.Banker.E. The file is located in %AppData%No
91DUNMQUUVU3XO4QFE7WZ.exeDetected by Malwarebytes as Trojan.Zbot.AI. The file is located in %AppData%No
O5FQ2FQ0BNX8.exeXO5FQ2FQ0BNX8.exeDetected by Dr.Web as Trojan.PWS.Banker1.5290 and by Malwarebytes as Trojan.BankerNo
s4u9Xo6jv.exeDetected by Kaspersky as Virus.Win32.Virut.ce and by Malwarebytes as Trojan.Downloader. The file is located in %UserTemp%No
O7FYFPNZHGJC.exeXO7FYFPNZHGJC.exeDetected by McAfee as RDN/FakeAV-M.bfr!i and by Malwarebytes as Trojan.Banker.ENo
fSEdRGXjPXO8sPp4MzL.exeDetected by Malwarebytes as Backdoor.Agent.DC. The file is located in %AppData%\38dPMFbXy - see hereNo
OA012Mon?OA012Mon.exeEvent monitor for a Creative webcam. What does it do and is it required?No
XOBLUUXoaCYky.exeDetected by McAfee as RDN/Generic BackDoor!to and by Malwarebytes as Backdoor.Agent.DCENo
oadaemon?oadaemon.exeBackground process that establishes connection with a C3-1000 scanner and watch general status of the device and for scanner button presses. Can it be started manually?No
OADP UtilityUOadpUtil.exePart of the Sabre computer reservations system/global distribution system (GDS) - used by airlines, railways, hotels, travel agents and other travel companies for reservations and ticketing. OADP is the Open Auxiliary Device PlatformNo
kseelyYoahstifr.exeComes with and older version of HyperText Studio. From the supplier - "The Osserver maintains the database for HyperText Studio projects - absolutely vital, it verifies all the links etc in a site. It runs as a service in NT, 2K and XP but needs to start up in Win 9.x so you'll see a DOS box for a short while during boot up."No
OAKSTARTUOAKSTART.EXESets the spindown timeout and access speeds at startup and displays a splash screen for the Oak Technology "SimpliCD" CD-RWNo
OAKTASKNOAKTASK.EXESystem Tray Application Launcher for Oak Technology "SimpliCD" CD-RWNo
Winsocks2 driversXOAQI.EXEDetected by Malwarebytes as Trojan.FakeMS. The file is located in %System%No
McAfee VirusScanYoasclnt.exeOn-access real-time scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files for malware as you access, create, copy or download themYes
OASClntYoasclnt.exeOn-access real-time scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files for malware as you access, create, copy or download themYes
oasi_**_#Uoasi_**_#.exeDetected by Malwarebytes as PUP.Optional.Tuto4PC - where ** represents a 2 letter country code (ie, us, ca, jp, pl) and # represents one or more digits. The file is located in %ProgramFiles%\oasi_**_#. If bundled with another installer or not installed by choice then remove itNo
Online Armor FirewallYoaui.exeSystem Tray access to, and main user interface for the Online Armor range of security tools from Tall Emu Pty Ltd (now Emsi Software GmbH). The free version incorporates a firewall, limited startup manager, tamper protection and keylogger detection whilst paid versions add features such as a mail/web shield, phishing filter and anti-malwareYes
@OnlineArmor GUIYoaui.exeSystem Tray access to, and main user interface for the Online Armor range of security tools from Tall Emu Pty Ltd (now Emsi Software GmbH). The free version incorporates a firewall, limited startup manager, tamper protection and keylogger detection whilst paid versions add features such as a mail/web shield, phishing filter and anti-malwareYes
OnlineArmor GUIYoaui.exeSystem Tray access to, and main user interface for the Online Armor range of security tools from Tall Emu Pty Ltd (now Emsi Software GmbH). The free version incorporates a firewall, limited startup manager, tamper protection and keylogger detection whilst paid versions add features such as a mail/web shield, phishing filter and anti-malwareNo
oauiYoaui.exeSystem Tray access to, and main user interface for the Online Armor range of security tools from Tall Emu Pty Ltd (now Emsi Software GmbH). The free version incorporates a firewall, limited startup manager, tamper protection and keylogger detection whilst paid versions add features such as a mail/web shield, phishing filter and anti-malwareYes
K3A0GXBVFKXOAxqLI9.exe.lnkDetected by McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCENo
OB UpdaterXob.exeDetected by Sophos as W32/Agobot-IHNo
CiscoXobj.exeDetected by Malwarebytes as Trojan.Agent.DL. The file is located in %LocalAppData%\Cisco VPNNo
Stardock ObjectBarUObjectBar.exeObjectBar from Stardock Corporation - "allows users to create their own custom Start bars, finders, pop-up menus, program launchers, wharfs, docks, etc." Required if you want to use the custom ObjectBar theme featuresYes
Stardock ObjectBar SharewareUObjectBar.exeObjectBar from Stardock Corporation - "allows users to create their own custom Start bars, finders, pop-up menus, program launchers, wharfs, docks, etc." Required if you want to use the custom ObjectBar theme features. This is the Windows Defender entryYes
ObjectDock PlusUObjectDock.exeObjectDock Plus from Stardock Corporation - "Organize your shortcuts, programs and running tasks into an attractive and fun animated dock." Required if you want to use standard or custom shortcuts on the dockNo
Stardock ObjectDockUObjectDock.exeObjectDock from Stardock Corporation - "Organize your shortcuts, programs and running tasks into an attractive and fun animated dock." Required if you want to use standard or custom shortcuts on the dockYes
ObjectKernelXobjectpsilog.exeDetected by Sophos as W32/Trite-ANo
Object_Inside.exe NacionalXObject_Inside.exeDetected by Kaspersky as Trojan-Downloader.Win32.Agent.ekmq. The file is located in %CommonAppData%\Object_inside22No
Stardock ObjectBarUOBJECT~1.EXEObjectBar from Stardock Corporation - "allows users to create their own custom Start bars, finders, pop-up menus, program launchers, wharfs, docks, etc." Required if you want to use the custom ObjectBar theme features. This is the XP MSConfig entryYes
Stardock ObjectBar SharewareUOBJECT~1.EXEObjectBar from Stardock Corporation - "allows users to create their own custom Start bars, finders, pop-up menus, program launchers, wharfs, docks, etc." Required if you want to use the custom ObjectBar theme features. This is the 7/Vista MSConfig entryYes
Stardock ObjectDockUOBJECT~1.EXEObjectDock from Stardock Corporation - "Organize your shortcuts, programs and running tasks into an attractive and fun animated dock." Required if you want to use standard or custom shortcuts on the dockYes
obmXobm.exeDetected by Malwarebytes as Trojan.Agent.OBM. The file is located in %AppData%\obmNo
Обнови СофтNObnoviSoft.exeObnovi Soft by AnVir Software - Russian software update managerNo
Obrona Block AdsUObronaBlockAds.exeOBRONA BlockAds by Red Sky LLC - with which "You will never ever see any adverts again - see just the valuable content. Once you try it you will never go back." Detected by Malwarebytes as PUP.Optional.ObronaBlockAds. The file is located in %LocalAppData%\Obrona Block Ads. If bundled with another installer or not installed by choice then remove itNo
Obrona CleanerUObronaCleaner.exeDetected by Malwarebytes as PUP.Optional.ObronaCleaner.PrxySvrRST. The file is located in %LocalAppData%\Obrona Cleaner. If bundled with another installer or not installed by choice then remove itNo
ObronaVPNUObronaVPN.exeFree ad-supported version of Obrona VPN - which "protects your Internet connection and encrypt all the data you sent and received. It prevents hacker attacks, allows anonymous use of the Internet and gives you the freedom of access to blocked content." Detected by Malwarebytes as PUP.Optional.ObronaVPN.PrxySvrRST. Note - this entry loads from the Windows Startup folder and the file is located in %LocalAppData%\ObronaVPN. If bundled with another installer or not installed by choice then remove itNo
ccAppXObsorb.exeDetected by Symantec as Trojan.ObsorbNo
NavScanXObsorb.exeDetected by Symantec as Trojan.ObsorbNo
obsver?obsver.exePart of LingoWare translating softwareNo
obwormXobworm.exeDetected by Dr.Web as Trojan.Siggen5.32997 and by Malwarebytes as Backdoor.Agent.ENo
OCAudioIniNOCAudioIni.exeOne-click Audio Converter - allows you to convert files of multiple audio formats right from Windows Explorer. No longer supportedNo
GUCTGKXocaUmj.exeDetected by McAfee as RDN/Generic.bfr!fg and by Malwarebytes as Backdoor.Agent.ENo
OWCCardbusTrayUocbtray.exeIcon in the system tray for safely removing PCMCIA cards. Only required if you have a laptop or desktop which includes a PCMCIA card interfaceNo
OneCleanXocleanupdate.exeOneClean rogue security software - not recommended, removal instructions hereNo
ocrawareNocraware.exeOptical Character Recognition (OCR) software as part of OmniPage Limited Edition - supplied with some scanners. Scan directly into most word processor applications, such as Word, WordPerfect, etc. Available via Start → ProgramsNo
ZipbrowseXocreg.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\IeinitNo
octopusXoctopus.exeDetected by McAfee as RDN/Generic.bfr!ft and by Malwarebytes as Backdoor.Messa.ENo
Octopus.vbsXOctopus.vbsDetected by Malwarebytes as Trojan.Agent.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Octoshape Streaming ServicesUOctoshapeClient.exeOctoshape Internet media delivery software - as used by customers such as CNN, Deutsche Welle and NASCARNo
Oil ChangeNOCTray32.exeFrom CyberMedia/Network Associates. Checks for updates to software installed on your PCNo
ocx32Xocx32.exeDetected by Symantec as W32.HLLW.AstefNo
Run32dllXocxdll.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
OCXUPDT32Xocxupdt32.exeDetected by Sophos as W32/Agobot-IFNo
od-matrxxXod-matrxx.exeAdult dialer - xx can be any numberNo
od-stndxxXod-stndxx.exeAdult dialer - xx can be any numberNo
od-teenxxXod-teenxx.exeAdult dialer - xx can be any numberNo
odbyXodb.exeDetected by McAfee as Generic Dropper.nu and by Malwarebytes as Trojan.KryptNo
Public Microsoft ODBCXODBC32*.exe [* = random char]Detected by Trend Micro as WORM_MASLAN.DNo
Win32 ServicesXodbc32.exeDetected by Sophos as W32/Spybot-EKNo
ODBCJETXODBCJET.exeDetected by Sophos as Troj/Dloadr-ATSNo
Cn911XODBCJET.exeDetected by Sophos as Troj/Bifrose-PRNo
odnexXodbns.exeDetected by Sophos as Troj/Agent-MPM and by Malwarebytes as Trojan.ClickerNo
odnexyXodbnsy.exeDetected by Kaspersky as Trojan-Clicker.Win32.Vesloruki.dwk. The file is located in %Windir%No
Services Start2Xodcwinst.exeDetected by Sophos as W32/Pykse-DNo
oddworldz.exeXoddworldz.exeDetected by Sophos as Troj/Multidr-EGNo
Odebit Multimedia V2NOdebit.exeOdébit Multimedia - free French multimedia player giving access to the best of television, videos, radio, games and chatNo
Odebit Multimedia V3NOdebit.exeOdébit Multimedia - free French multimedia player giving access to the best of television, videos, radio, games and chatNo
Odebit Multimedia V3 - ServicesNOdebit.exeOdébit Multimedia - free French multimedia player giving access to the best of television, videos, radio, games and chatNo
EDJHOXodfox32A.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %System%No
MS Svasta Pomalo v#Xodjebiav#.exeDetected by Malwarebytes as Trojan.Agent.MSS - where # represents a digit. The file is located in %AppData% - see examples here and hereNo
Microsoft SinsupXodjiwjf.exeDetected by Sophos as W32/Rbot-DNNo
Odkurzacz-MCDNodk_mcd.exeOdkurzacz - Polish system cleaning utilityNo
Open Download ManagerUodm.exe"Open Download Manager is a powerful download manager that promises to accelerate downloads by up to 500 percent." Detected by Malwarebytes as PUP.Optional.DownWare. The file is located in %ProgramFiles%\OpenDownloaderManager. If bundled with another installer or not installed by choice then remove itNo
ODNBSTARTXODNE.EXEDetected by Malwarebytes as Adware.K.ShoppingAd. The file is located in %AppData%\shoppingadNo
odne_84Xodne.exeDetected by Malwarebytes as Adware.K.ShoppingAd. The file is located in %AppData%\shoppingadNo
OdometerNOdometer.exeMouse odometer - tracks how far your pointer/arrow has travelled on the screenNo
TVBroadcastUODSBCApp.exePart of the Tvcentral, AbsolutTV and VistaTV multimedia utilities for TV cards from SceneoNo
ODSPConfigUODSPConfig.exeDsktopSurveil surveillance software. Uninstall this software if you did not install it yourselfNo
OdTray.exeUOdTray.exeSystem Tray access to Odyssey Access Client software from Juniper Networks, Inc (formerly by Funk Software) - which "delivers secure connectivity for global enterprises and government agencies through uncompromised login credentials and quick, easy deployment"No
HotbarOEXOEAddOn.exeHotbar adware. The file is typically located in %ProgramFiles%\Hotbar\Bin\[version]No
SeekmoOEXOEAddOn.exeSeekmo Search Assistant adware. The file is typically located in %ProgramFiles%\Seekmo\bin\[version]No
SpamBlockerUtilityOEXOEAddOn.exeSpam Blocker Utility adware by the people who provide the Hotbar adware. The file is typically located in %ProgramFiles%\SpamBlockerUtility\Bin\[version]No
ZangoOEXOEAddOn.exenCase/Zango adware - detected by Malwarebytes as Adware.Zango. Also see the archived version of Andrew Clover's page. The file is typically located in %ProgramFiles%\Zango\bin\[version]No
SystemXOeApi.vbsDetected by McAfee as VBS/AguiNo
OeloaderXOeloader.exeXupiter OrbitExplorer toolbar related. Drive-by foistware. Use Malwarebytes, Spybot S&D, Ad-Aware or similar to detect and remove and to prevent it re-installing in the futureNo
OEM02Mon.exeNOEM02Mon.exeLauncher for the Creative Live! Cam Console for one of their webcams. You can use the console to toggle Face Tracking ON and OFF, adjust brightness, contrast, colour, burst rate, gain, etcNo
OEM03Mon.exeNOEM03Mon.exeLauncher for the Creative Live! Cam Console for one of their webcams. You can use the console to toggle Face Tracking ON and OFF, adjust brightness, contrast, colour, burst rate, gain, etcNo
OEM04Mon.exeNOEM04Mon.exeLauncher for the Creative Live! Cam Console for one of their webcams. You can use the console to toggle Face Tracking ON and OFF, adjust brightness, contrast, colour, burst rate, gain, etcNo
OEM05Mon.exeNOEM05Mon.exeLauncher for the Creative Live! Cam Console for one of their webcams. You can use the console to toggle Face Tracking ON and OFF, adjust brightness, contrast, colour, burst rate, gain, etcNo
OEM07Mon.exeNOEM07Mon.exeLauncher for the Creative Live! Cam Console for one of their webcams. You can use the console to toggle Face Tracking ON and OFF, adjust brightness, contrast, colour, burst rate, gain, etcNo
OEM08Mon.exeNOEM08Mon.exeLauncher for the Creative Live! Cam Console for one of their webcams. You can use the console to toggle Face Tracking ON and OFF, adjust brightness, contrast, colour, burst rate, gain, etcNo
OEM13Mon.exeNOEM13Mon.exeLauncher for the Creative Live! Cam Console for one of their webcams. You can use the console to toggle Face Tracking ON and OFF, adjust brightness, contrast, colour, burst rate, gain, etcNo
NeuroSpeech OESpeakerNOEMonitor.exePart of the now discontinued OESpeaker by NeuroSpeech - a program that allows you to listen to long E-mails instead of reading them in Outlook Express. OEMonitor.exe checks whether OE is open or notNo
OEMCLEANUPNoemreset.exeResets OEM installation settings at bootup. Not required unless you're new to PC'sNo
OEMResetNOEMReset.exeResets OEM installation settings at bootup. Not required unless you're new to PC'sNo
OEMRUNONCEUoemrun.exeWindows Millennium file - used by setup when installing the OEM 'express' version of the operating system. Uncheck after setup has finishedNo
oeprsrvYoeprsrv.exeOutlook Express Privacy - which "lets you control access to Outlook Express and its email message database. When you enable protection, the program disables access to the message database and address book files. As a result, when you open Outlook Express or Windows Address Book, a password will be asked for authentication." If protection within the program is enabled and this entry is disabled Outlook Express will fail to runYes
oeprsrv.exeYoeprsrv.exeOutlook Express Privacy - which "lets you control access to Outlook Express and its email message database. When you enable protection, the program disables access to the message database and address book files. As a result, when you open Outlook Express or Windows Address Book, a password will be asked for authentication." If protection within the program is enabled and this entry is disabled Outlook Express will fail to runYes
oepsrvYoepsrv.exeOutlook Express Protector from Ixis Research, Ltd - which is "designed for controlling access to Outlook Express and its e-mail and address data bases. Outlook Express Protector does not encrypt protected files and folders, however no programs can get access to them when the program is active." If protection within the program is enabled and this entry is disabled Outlook Express will fail to runYes
oepsrv.exeYoepsrv.exeOutlook Express Protector from Ixis Research, Ltd - which is "designed for controlling access to Outlook Express and its e-mail and address data bases. Outlook Express Protector does not encrypt protected files and folders, however no programs can get access to them when the program is active." If protection within the program is enabled and this entry is disabled Outlook Express will fail to runYes
OESpamTestUOESpamTest.ExEKaspersky Anti-SpamNo
KASPUOESpamTest.exeKaspersky Anti-SpamNo
oe_drop_spamXoesrv.exeDetected by McAfee as Adware-DropSpamNo
oessrvYoessrv.exeOutlook Express Security - which is used "to control access to Outlook Express and its databases. When it is active, Outlook Express becomes locked and no third-party programs can access its message base files and the address book. As a result, when you try to start Outlook Express, open the address book or access the files, a password will be asked to allow access." If protection within the program is enabled and this entry is disabled Outlook Express will fail to runYes
oessrv.exeYoessrv.exeOutlook Express Security - which is used "to control access to Outlook Express and its databases. When it is active, Outlook Express becomes locked and no third-party programs can access its message base files and the address book. As a result, when you try to start Outlook Express, open the address book or access the files, a password will be asked to allow access." If protection within the program is enabled and this entry is disabled Outlook Express will fail to runYes
Windows UpdateXoEy2aXI.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
MicroUpdateXoEy2aXI.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
Enumerate_gtXoEy2aXI.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
Enumerate_gtstXoEy2aXI.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
Microsoft Winedows rpdateXofegmr.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%No
Hobbyist Software On-Off HelperUOff-Helper Configuration.exeOff Remote helper by Hobbyist Software - "lets you turn off, lock, sleep, log off and restart a PC or Mac directly from your iPhone, iPad or iPod touch"No
OffXoff.batDetected by Malwarebytes as Rogue.TechSupportScam. The file is located in %ProgramFiles%\[ComputerName]. Removal instructions hereNo
offc.pifXoffc.pifDetected by Malwarebytes as Trojan.Agent.FD. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
offeceXoffece.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.ENo
windowsmicrosoftXoffece.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.WMNo
OfferBLVDUOfferBLVDW.exeOfferBLVD (SnapDo) by Resoft is an ad-supported "solution for those who browse the web and compare prices in order to get the best possible deals." Detected by Malwarebytes as PUP.Optional.OfferBoulevard. The file is located in %ProgramFiles%\OfferBLVD. If bundled with another installer or not installed by choice then remove itNo
OfferBoulevardUOfferBoulevardW.exeOffer Blvd is a dynamic online tool that automatically offers you relevant deals according to your online searches in real time." Detected by Malwarebytes as PUP.Optional.OfferBoulevard. The file is located in %ProgramFiles%\OfferBoulevard. If bundled with another installer or not installed by choice then remove itNo
OfferBoxNOfferBox.exeOfferBox "personal shopping assistant that gathers the best offers and discounts helping users from France, Italy, Spain and soon Brazil save money on their online shopping"No
Offer CompanionXoffers.exeAdwareNo
OffersXoffers.exeAdwareNo
Installed shell32.dllXOffice.exeDetected by Trend Micro as WORM_LOVGATE.ENo
HKCUXoffice.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\worldNo
ChromeXOffice.exeDetected by McAfee as RDN/Generic.bfr!hp and by Malwarebytes as Backdoor.Agent.DCENo
SVCSHOSTXoffice.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp%No
SVCSHOSTXoffice.exeDetected by Dr.Web as Trojan.DownLoader6.49249. The file is located in %WinTemp%No
darkXOffice.EXEDetected by Trend Micro as TROJ_BANLOAD.GWNo
office.exeXoffice.exeDetected by Symantec as W32.Iteb.A and by Malwarebytes as Trojan.FakeAlert. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
office.exeXoffice.exeDetected by Sophos as Troj/MancSyn-B and by Malwarebytes as Trojan.FakeAlert. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Office2014Xoffice.exeDetected by Malwarebytes as Backdoor.XTRat. The file is located in %AppData%\Office2014No
BallXoffice.exeDetected by Malwarebytes as Spyware.HawkEyeKeyLogger.E. The file is located in %AppData%\schoolNo
HKLMXoffice.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\worldNo
Installed shell32.dllXOffice.exe...Detected by Symantec as W32.Lovgate.AO@mmNo
MS OfficeXOffice10.exeDetected by Microsoft as PWS:Win32/VB.DT and by Malwarebytes as Trojan.Agent.ENo
MS Office1 StartupXOfficeGUI1.exeDetected by Trend Micro as WORM_RBOT.BWRNo
OfficeQuickAccessXOfficeHost.vbsDetected by Symantec as W32.Pexmor@mmNo
Microsoft UpdateXofficeinstl.exeDetected by Sophos as Troj/Gofmice-A and by Malwarebytes as Backdoor.BotNo
FLMOFFICEKEYBOARDUOFFICEKB.exeMultimedia keyboard manager/driver for devices from Trust and maybe others. Required if you use the additional keysNo
Office ToolsXofficetools.exeDetected by Dr.Web as Trojan.Siggen6.31441 and by Malwarebytes as Spyware.KeyLoggerNo
FacebookUpdateXOfficeTools.exeDetected by Dr.Web as Trojan.DownLoader5.63224No
Office UpdateXOfficeUpdate.exeDetected by Sophos as W32/Malas-J. Note - this entry loads from the Windows Startup folderNo
MSOfficeUpdateXOfficeUpdt.exeDetected by Dr.Web as Trojan.DownLoader9.16151 and by Malwarebytes as Trojan.Agent.MSONo
OFFICEXPXOFFICEXP.exeDetected by Trend Micro as WORM_WOOTBOT.HENo
Microsoft OfficeXPXofficeXP.exeDetected by Trend Micro as TROJ_KILLAV.MANo
HostProcessXOFFICE~2.EXEDetected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%\HostProcessNo
OfficeWord MonitorsXOfflce.exeDetected by Trend Micro as BKDR_RIZO.CGNo
OfflineFileSyncUOfflineFileSyn.exeOffline synchronization part of ZANTAZ EAS (Enterprise Archive Solution) - which "is a secure, scalable set of tools for managing the enormous amounts of 'unstructured information' held in corporate e-mails, files and SharePoint content"No
Office MailUoff_mail.exeOffice Mail from Burrotech Ltd - "complete email solution for small/medium businesses, homes, schools and colleges. It is a small email server which forms the perfect gateway between your internal and external email"No
Microsoft Security Monitor ProcessXofice.exeDetected by Kaspersky as Virus.Win32.Virut.n and by Malwarebytes as Trojan.Downloader. The file is located in %Windir%No
LollipopXOGLCache.exeDetected by Malwarebytes as Trojan.Agent.LP. The file is located in %AppData%\AMDNo
OfficeGuard RegCheckerYogrc.exePart of an older version of Kaspersky Anti-Virus from Kaspersky LabsNo
ogrcYogrc.exePart of an older version of Kaspersky Anti-Virus from Kaspersky LabsNo
OhtH2.exeXOhtH2.exeDetected by Malwarebytes as Trojan.Zapchast. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
OmniHTTPdUohttpd.exeOmniHTTPd web server from OmnicronNo
TLWBAPXOIaXtQ.exeDetected by McAfee as RDN/Generic BackDoor!va and by Malwarebytes as Backdoor.Agent.ENo
Openwave Client?oim.exeThe file is located in %ProgramFiles%\Genie\OIMNo
ioioioXoioioi .exeDetected by McAfee as RDN/Generic.bfr!hp and by Malwarebytes as Backdoor.Agent.ENo
kjhXoiu.exeDetected by McAfee as RDN/Generic.bfr!fi and by Malwarebytes as Backdoor.Agent.ENo
oiuyXoiu.exeDetected by McAfee as RDN/Generic.bfr!fi and by Malwarebytes as Backdoor.Agent.ENo
ynujv56vx6f5wodt7m1cc2zbvssd2x03ssXoiygbhsl.exeDetected by Dr.Web as Trojan.DownLoader9.10951No
NetWireXok.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Root%\SANo
StartNameXOK.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.SNGenNo
OKXOK.SCRDetected by McAfee as RDN/Generic BackDoor!pp and by Malwarebytes as Backdoor.Agent.ENo
OKAYFREEDOM_AgentUOkayFreedomClient.exeOkayFreedom VPN by Steganos Software GmbH - "A simple VPN service enabling private, uncensored web surfing"No
jgwmfrrqXokbjvsmh.exeDetected by Malwarebytes as Trojan.Downloader.FW. The file is located in %LocalAppData%No
OKI LPR UtilityUokilpr.exeOKI printer utilityNo
OKMasterXOKMaster.exeOKToolbar adwareNo
OlacaritaUolacarita.exeOlacarita shopping browser add-on. Detected by Malwarebytes as PUP.Optional.Olacarita. The file is located in %ProgramFiles%\Olacarita\Olacarita. If bundled with another installer or not installed by choice then remove itNo
OlasSGXolas.exeDetected by Malwarebytes as Trojan.Crypt. The file is located in %AppData% - see hereNo
MyPC BackupUOLBPre.exeMyPC Backup online backup solution by Just Develop It. Detected by Malwarebytes as PUP.Optional.MyPCBackup. Note - this entry loads from the Windows Startup folder and the file is located in %ProgramFiles%\OLBPre. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
Ci ServsXoldbi.exeDetected by Sophos as W32/Autorun-BNA and by Malwarebytes as Trojan.AgentNo
Ci ServsXoldbin.exeDetected by Sophos as Troj/DwnLdr-IOZ and by Malwarebytes as Trojan.AgentNo
(Default)XOlden.exeDetected by Malwarebytes as Trojan.Agent. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %AppData%No
DESKLOADSXoldlogs.exeDetected by Malwarebytes as Backdoor.Agent.ODL. The file is located in %AppData%\Microsoft - see hereNo
oldxyahsd.exeXoldxyahsd.exeDetected by Dr.Web as Trojan.DownLoader11.31514 and by Malwarebytes as Trojan.Downloader.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
WbdsjjxcaxXole2V.exeDetected by Malwarebytes as Adware.SanctionedMedia. The file is located in %System%No
OleLoaderXole32.exeAdded by the DELF.BR TROJAN!No
Windows OLE Automation ServerXole32aut.vbeCoolWebSearch parasite variantNo
OLE Automation ServerXole32aut.vbeCoolWebSearch parasite variantNo
Ole33_dll.taskXOle33_dll.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
oleaccrcXoleaccrc.exeAdware - detected by Kaspersky as the AGENT.AM TROJAN!No
Windows ExplorerXolecom32.exeAdded by an unidentified WORM or TROJAN!No
svchostXolehelp.exeDetected by Symantec as Trojan.Bookmarker.G and by Malwarebytes as Backdoor.Bot.ENo
olehelpXolehelp.exeDetected by Symantec as Trojan.Bookmarker.G and by Malwarebytes as Trojan.AgentNo
DevicesUolesvr.exePart of an older version of Salfeld's Child Control parental control softwareNo
olesvrUolesvr.exePart of an older version of Salfeld's Child Control parental control softwareNo
Win UpdateXoleupdate.exeDetected by Sophos as Troj/Agent-UYNo
Symantec Fax Starter Edition PortNOLFSNT40.EXEOffers a virtual printer as a fax machine. Can be run via a desktop shortcutNo
OlfVir1AtcXOlfVir1.exeDetected by McAfee as W32/Autorun.worm.gen and by Malwarebytes as Trojan.Agent.OVNo
OlfVir1WindowsXOlfVir1.exeDetected by McAfee as W32/Autorun.worm.gen and by Malwarebytes as Trojan.Agent.OVNo
cdoosoftXolhrwef.exeDetected by Sophos as W32/Autorun-AAG and by Malwarebytes as Spyware.OnlineGamesNo
svhostsXolluuuuuuuuuuullllliiiiiiilllllm7X05T.exeDetected by McAfee as Generic Dropper and by Malwarebytes as Trojan.AgentNo
eqoquqlqXoloppqel.exeDetected by Malwarebytes as Trojan.Injector. The file is located in %Windir%No
olprXolpr.exeDetected by Sophos as Troj/DwnLdr-GWQNo
OLPSYNCHNOlpSynch.exeRelated to the Offline Course Player by Element K CorporationNo
solveXolu.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %AppData%No
Microsoft Update 32Xom4r.exeDetected by Sophos as Troj/Agent-AQP and by Malwarebytes as Backdoor.BotNo
Omega AntiVirXOM83b.exeOmega AntiVir rogue security software - not recommended, removal instructions hereNo
{**-**-**-**-**}Xomdsregk.exeZenoSearch adware variant where ** are random charactersNo
OMESupervisorUomesuperv.exeDetected by Malwarebytes as PUP.Optional.OfferMosquito. The file is located in %LocalAppData% - see here. If bundled with another installer or not installed by choice then remove itNo
Omf4XOMF4.EXEDetected by Symantec as Infostealer.FreemegaNo
OneMoreGameUOMG.exeDetected by Malwarebytes as PUP.Optional.OneMoreGame. The file is located in %AppData%\OneMoreGame. If bundled with another installer or not installed by choice then remove itNo
Microsoft MachinexXomgs.exeDetected by Total Defense as Win32.Rbot.FCL. The file is located in %System%No
OmgStartupNomgstartup.exeSony program called OpenMG Jukebox - player and music organizerNo
Omiga PlusUomigaplus.exeOmiga Plus by Taiwan Shui Mu Chih Ching Technology Limited - "is a program that helps you organize your desktop and hide your icons when they're not in use." Potentially Unwanted Program (PUP) commonly bundled with other free programs - also see hereNo
Prelaunch OmniPageNOmniPage17.exePre-launches parts of OmniPage version 17 from Nuance into memory. It may help if you don't have recent PC but otherwise shouldn't be neededNo
OmniPage PreloadNOmniPage18.exePre-launches parts of OmniPage version 18 from Nuance into memory. It may help if you don't have recent PC but otherwise shouldn't be neededNo
Windows SAXomniscient.exeBLAZEFIND adwareNo
Office Mail AlerterUom_Alerter.exeOffice Mail Alerter - "alert Office Mail users when they receive new emails" via a System Tray iconNo
On.exeXOn.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
OnAccessUonaccess.exeOn access scanner function of eAcceleration Stop-Sign security software - previously not recommended (see here). It has now been delisted, so make sure you have the latest version - hence the "U" recommendationNo
ondiskxsddsaXOndisk_Agent.exeDetected by Malwarebytes as Trojan.Injector.E. The file is located in %AppData%No
OndiskWinSvcbXOndisk_WinSvc.exeDetected by Malwarebytes as Trojan.Injector.E. The file is located in %AppData%No
one.exeXone.exeDetected by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
One10_PC_CleanerXOne10_PC_Cleaner.exeDetected by Malwarebytes as Rogue.TechSupportScam. The file is located in %LocalAppData%\One10_PC_CleanerNo
oneappperdayUoneappperday_widget.exeDetected by Malwarebytes as PUP.Optional.OneAppPerDay. The file is located in %ProgramFiles%\OneAppPerDay. If bundled with another installer or not installed by choice then remove itNo
OneDriveXOneDrive.exeDetected by Sophos as Troj/Banker-GQE and by Malwarebytes as Trojan.Injector. Note - this is not the legitimate Microsoft OneDrive which has the same filename and is located in %LocalAppData%\Microsoft\OneDrive. This one is located in %LocalAppData%\Av_Protection_LabsNo
OneDriveUOneDrive.exeMicrosoft OneDrive (previously SkyDrive, Windows Live SkyDrive and Windows Live Folders) "is a file-hosting service operated by Microsoft as part of its suite of online services. It allows users to store files as well as other personal data like Windows settings or BitLocker recovery keys in the cloud. Files can be synced to a PC and accessed from a web browser or a mobile device, as well as shared publicly or with specific people"No
OneDriveXOneDrive.exeDetected by Malwarebytes as Backdoor.SpyNet. Note - this is not the legitimate Microsoft OneDrive which has the same filename and is located in %LocalAppData%\Microsoft\OneDrive. This one is located in %System%No
OneDriverXOneDriver.exeDetected by Malwarebytes as Trojan.Banker.E. The file is located in %AppData%No
OneDriveSetupYOneDriveSetup.exeSelf-extracting archive and installer to setup Microsoft OneDrive (previously SkyDrive, Windows Live SkyDrive and Windows Live Folders) - which "is a file-hosting service operated by Microsoft as part of its suite of online services. It allows users to store files as well as other personal data like Windows settings or BitLocker recovery keys in the cloud. Files can be synced to a PC and accessed from a web browser or a mobile device, as well as shared publicly or with specific people"No
0AERONXonedrv.exeDetected by Malwarebytes as Trojan.Banker.E. The file is located in %AllUsersProfile% - see hereNo
OneDriveXonedrv.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %LocalAppData%\Google\UpdateNo
Win32XONEHIT.exeDetected by Malwarebytes as Backdoor.Agent.Gen. The file is located in %AppData%\installNo
Win32XONEHIT.exeDetected by Malwarebytes as Backdoor.Agent.Gen. The file is located in %System%\installNo
PoliciesXONEHIT.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %AppData%\installNo
PoliciesXONEHIT.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\installNo
Windows DefenderXONEHIT.exeDetected by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData%\installNo
Windows DefenderXONEHIT.exeDetected by Malwarebytes as Backdoor.SpyNet. The file is located in %System%\installNo
OnehubUOnehubSync.exePart of Onehub storage and sharing - "Onehub Sync creates a special folder on your computer that allows you to keep all of your content up-to-date. Any changes made inside the Onehub folder will automatically be uploaded to the cloud, and vice versa"No
OneKeyReminderNOneKey Reminder.exeRegistration reminder for Lenovo OneKey Recovery (based upon Cyberlink PowerRecover) - pre-installed on supported Lenovo computers and activated by pressing a button directly the right of the power button. Either creates a system back up or restores a previous imageNo
OnekeyStudioUOnekeyStudio.exeSupports the Lenovo OneKey™ Theater button on the Y Series of Lenovo laptops (and maybe others) - such as the Y460 and Y560. This optimizes video and audio quality by switching from "normal" mode to "movie" mode with the press of a button for watching videos or playing gamesNo
onekitUonekit.exeDetected by Malwarebytes as PUP.Optional.PayByAds. The file is located in %AppData%\onekit\onekit\[version]. If bundled with another installer or not installed by choice then remove itNo
OneLinkManagerUonelinkpromgn.exeDock management for the ThinkPad Onelink+ dock - which "transforms your new ThinkPad into a full featured machine in the office or at home. Not only does the new convenient OneLink+ connector deliver super-fast data transfers with USB 3.0 and up to Ultra High Definition (UHD) video but it also charges your notebook, cell phone and tablet while you work or play!"No
OneNote 2010 Bildschirmausschnitt- und StartprogrammNONENOTEM.EXESystem Tray access to MS Office OneNote 2010 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY combinations - such as WINDOWS KEY+N (new Side Note) and WINDOWS KEY+S (insert screen grab into a note). Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when neededNo
OneNote 2010 Screen Clipper and LauncherNONENOTEM.EXESystem Tray access to MS Office OneNote 2010 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY combinations - such as WINDOWS KEY+N (new Side Note) and WINDOWS KEY+S (insert screen grab into a note). Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when neededNo
Recorte de pantalla e Inicio rápido de OneNote 2007NONENOTEM.EXESystem Tray access to MS Office OneNote 2007 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY combinations - such as WINDOWS KEY+N (new Side Note) and WINDOWS KEY+S (insert screen grab into a note). Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when needed. Spanish versionNo
Recorte de tela e Iniciador do OneNote 2007NONENOTEM.EXESystem Tray access to MS Office OneNote 2007 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY combinations - such as WINDOWS KEY+N (new Side Note) and WINDOWS KEY+S (insert screen grab into a note). Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when needed. Portuguese versionNo
Ritaglio schermata e avvio di OneNote 2007NONENOTEM.EXESystem Tray access to MS Office OneNote 2007 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY combinations - such as WINDOWS KEY+N (new Side Note) and WINDOWS KEY+S (insert screen grab into a note). Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when needed. Italian versionNo
Ritaglio schermata e avvio di OneNote 2010NONENOTEM.EXESystem Tray access to MS Office OneNote 2010 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY combinations - such as WINDOWS KEY+N (new Side Note) and WINDOWS KEY+S (insert screen grab into a note). Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when needed. Italian versionNo
Iniciador rápido de Microsoft Office OneNote 2003NONENOTEM.EXESystem Tray access to MS Office OneNote 2003 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY combinations - such as WINDOWS KEY+N (new Side Note) and WINDOWS KEY+S (insert screen grab into a note). Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when needed. Spanish or Portuguese versionNo
Microsoft Office OneNoteNONENOTEM.EXESystem Tray access to MS Office OneNote 2003 & 2007 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY combinations - such as WINDOWS KEY+N (new Side Note - 2007 only) and WINDOWS KEY+S (insert screen grab into a note). Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when neededYes
Microsoft Office OneNote 2003 Quick LaunchNONENOTEM.EXESystem Tray access to MS Office OneNote 2003 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY+S key combination to insert screen grab into a note. Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when neededYes
OneNote 2007 - Capture d'écran et lancementNONENOTEM.EXESystem Tray access to MS Office OneNote 2007 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY combinations - such as WINDOWS KEY+N (new Side Note) and WINDOWS KEY+S (insert screen grab into a note). Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when needed. French versionNo
OneNote 2007 Bildschirmausschnitt- und StartprogrammNONENOTEM.EXESystem Tray access to MS Office OneNote 2007 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY combinations - such as WINDOWS KEY+N (new Side Note) and WINDOWS KEY+S (insert screen grab into a note). Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when needed. German versionNo
OneNote 2007 -näyttöleikkeet ja LauncherNONENOTEM.EXESystem Tray access to MS Office OneNote 2007 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY combinations - such as WINDOWS KEY+N (new Side Note) and WINDOWS KEY+S (insert screen grab into a note). Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when needed. Finnish versionNo
OneNote 2007 Schermopname en Snel startenNONENOTEM.EXESystem Tray access to MS Office OneNote 2007 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY combinations - such as WINDOWS KEY+N (new Side Note) and WINDOWS KEY+S (insert screen grab into a note). Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when needed. Dutch versionNo
OneNote 2007 Screen Clipper and LauncherNONENOTEM.EXESystem Tray access to MS Office OneNote 2007 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY combinations - such as WINDOWS KEY+N (new Side Note) and WINDOWS KEY+S (insert screen grab into a note). Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when neededYes
OneNote 2010 - Capture d'écran et lancementNONENOTEM.EXESystem Tray access to MS Office OneNote 2010 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY combinations - such as WINDOWS KEY+N (new Side Note) and WINDOWS KEY+S (insert screen grab into a note). Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when needed. French versionNo
OnePCOptimizerUOnePCOptimizer.exeDetected by Malwarebytes as PUP.Optional.OnePCOptimizer. Note - this entry loads from the Windows Startup folder and the file is located in %ProgramFiles%\OnePCOptimizer. If bundled with another installer or not installed by choice then remove itNo
OneSave.exeUOneSave.exeDetected by Malwarebytes as PUP.Optional.OneSave. The file is located in %ProgramFiles%\OneSave. If bundled with another installer or not installed by choice then remove itNo
onescanSXonescanU.exeOneScan rogue security software - not recommendedNo
OneStep Search ServiceXonestep.exeOneStep adwareNo
onestepXonestepe.exeDetected by Sophos as Mal/Uddo-C and by Malwarebytes as Adware.OneStep.KNo
MaxtorOneTouchUOneTouch.exeOneTouch backup software for the Maxtor (now Seagate) OneTouch range of external hard drivesNo
CP4HPOTUOneTouch.EXESupports the additional multimedia keys on HP/Compaq laptops which give single button press access to standard functions such as Mail, Search, Internet, Quick Lock and Help and Support or user programmed alternatives. Required if you use these additional keysNo
QT4HPOTUOneTouch.EXESupports the additional multimedia keys on HP/Compaq laptops which give single button press access to standard functions such as Mail, Search, Internet, Quick Lock and Help and Support or user programmed alternatives. Required if you use these additional keysYes
OneTouch MonitorNOneTouchMon.exeFor Visioneer OneTouch scanners. System tray access to the control panel for the scannerNo
ONETOU~2NONETOU~2.EXEFor Visioneer OneTouch scanners. System tray access to the control panel for the scannerNo
OneTouch MonitorNONETOU~2.EXEFor Visioneer OneTouch scanners. System tray access to the control panel for the scannerNo
OnflowXonflow.exeOnflow is a internet company that offers an online advertising program. Not required - uninstallNo
OnfolioStorageUonfserv.exeOnfolio was a "complete solution for collecting, organizing and sharing online content." After Microsoft acquired Onfolio and incorporated it into Windows Live Toolbar it was subsequently discontinuedNo
Windows Volume ControlXongsvc.exeDetected by Microsoft as Worm:Win32/Slenfbot.DZNo
CleanupNonictask.exeInternet Cleanup by Ontrack (which became Aladdin Systems, then Allume Systems and was subsequently acquired by Smith Micro Software) - cleans up tracks left by browsing the internetNo
MICROONLINEXonline.exeDetected by McAfee as RDN/Generic FakeAlert!ep and by Malwarebytes as Backdoor.Agent.DCENo
@BackupSchedulerUOnlineBackup.exeWeb-based file sharing and file storage for backup protection from SwapDrive, Inc - now acquired by Symantec and rebranded and released as Norton Online BackupNo
OnlineGuardXOnlineGuard.exeOnlineGuard rogue security software - not recommended, removal instructions hereNo
OnlineTimeNonlinetime.exeOnlineTimer - monitors your Windows dial-up network and logs the time you spend online as well as the resulting costsNo
onlinevaccinestart.exeXonlinevaccinestart.exeDetected by Malwarebytes as Rogue.K.OnlineVaccine. The file is located in %ProgramFiles%\onlinevaccineNo
online_partyXonline_party.exeAdult content dialerNo
onlysearchUonlysearch.exeOnly-Search by Pay-by-Ads Ltd - "offers a free search and translation utility in exchange for agreement to install the software and receive advertising." Detected by Malwarebytes as PUP.Optional.PayByAds. The file is located in %AppData%\onlysearch\onlysearch\[version]. If bundled with another installer or not installed by choice then remove itNo
Only-searchUonlysearch.exeOnly-Search by Pay-by-Ads Ltd - "offers a free search and translation utility in exchange for agreement to install the software and receive advertising." Detected by Malwarebytes as PUP.Optional.PayByAds. The file is located in %AppData%\onlysearch\onlysearch\[version]. If bundled with another installer or not installed by choice then remove itNo
Only-searchUonlysearch.exeOnly-Search by Pay-by-Ads Ltd - "offers a free search and translation utility in exchange for agreement to install the software and receive advertising." Detected by Malwarebytes as PUP.Optional.OnlySearch.ShrtCln. The file is located in %ProgramFiles%\onlysearch\onlysearch\[version]. If bundled with another installer or not installed by choice then remove itNo
Online News ScreensaverUonsagent.exeOnline News Screensaver - "a unique and informative screensaver tool that delivers the latest news and weather forecast right to the screen of your computer"No
@RegRunOnSecureYOnSecure.exePart of Greatis Software's RegRun security suite which amongst other things replaces MSCONFIG. Part of the Secure Start feature which "analyzes the Windows registry, initialization files and .VXD. And warns the user of the changes occurred"No
SlipStreamYonspeedcore.exeONSPEED customized core module for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
ONSPEEDYonspeedgui.exeONSPEED customized user interface for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
OnSrvrXOnSrvr.exeOnWebMedia adwareNo
onBarXonupdate.exeDetected by McAfee as Generic.dx!vcc and by Malwarebytes as Adware.OnBarNo
6Xoo.exeDetected by McAfee as RDN/Ransom!ec and by Malwarebytes as Backdoor.Agent.GenNo
ooccctrl.exeUooccctrl.exeCleverCache by O&O Software Gmbh - "optimizes your file cache management in Windows. This results in an enormous performance boost, sometimes doubling your original system speed without any additional hardware purchases or restrictions to your system's stability"No
DriveLEDUOODLed.exeO&O DriveLED - hard disk monitoring and crash preventionNo
OodocXOodoc.exeDetected by Dr.Web as Trojan.DownLoader11.22974 and by Malwarebytes as Trojan.Agent.ODCNo
OODefragTrayUoodtray.exeSystem Tray access to O&O Defrag disk defragmentation softwareNo
Store Thread WLAN Error Files HumanXoofssrlzrjr.exeDetected by Malwarebytes as Trojan.Agent.BL. The file is located in %System%No
oolhelpt?oolhelpt.exeThe file is located in %System%No
360Xoolsv.vbsDetected by McAfee as Generic DropperNo
OOMSB2Bl0XOOMSB2Bl0.exeDetected by McAfee as RDN/Generic.bfr!fa and by Malwarebytes as Backdoor.Agent.DCENo
RUNDL32Xoooooooo.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Windir%No
987685879IPOLMKJ8987687UHLXooooooooooooooooooo.exeDetected by McAfee as RDN/Ransom and by Malwarebytes as Backdoor.Agent.ENo
Oops!BackupUOopsBackup.exeOops!Backup backup software by Altaro - "not only allows you to bring back lost, deleted or misplaced files. It also allows you to view past changes made to those files and to undo or adopt those changes"Yes
OopsBackupUOopsBackup.exeOops!Backup backup software by Altaro - "not only allows you to bring back lost, deleted or misplaced files. It also allows you to view past changes made to those files and to undo or adopt those changes"Yes
OopsBackup.ManagerUOopsBackup.exeOops!Backup backup software by Altaro - "not only allows you to bring back lost, deleted or misplaced files. It also allows you to view past changes made to those files and to undo or adopt those changes"Yes
OOTagNOOTag.exeRelated to the "out-of-box experience" (OOBE) on new Windows installations. Typically used by computer suppliers to display product information, upgrades, offers or a tour on the first run of a new systemNo
ooVooNoovoo.exeSystem Tray access to the ooVoo free video chat utility - "you can connect with anyone, anytime, with video calls, video messages, phone calls, text and more. Use ooVoo to get face time with people you can't meet in person". You can also share desktops, phone mobiles/landline, text chat and send large filesYes
oovoo.exeNoovoo.exeSystem Tray access to the ooVoo free video chat utility - "you can connect with anyone, anytime, with video calls, video messages, phone calls, text and more. Use ooVoo to get face time with people you can't meet in person". You can also share desktops, phone mobiles/landline, text chat and send large filesYes
OpAgentUOpAgent.exePart of Nuance (was Scansoft) OmniPage document conversion softwareNo
AaepXopar.exePurityScan/Clickspring adwareNo
RealtekEnhedXOpdatere.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
openXopen.exeDetected by Malwarebytes as Trojan.Agent.MP. The file is located in %Windir%No
ShellXOpen32.exeDetected by Sophos as Troj/Small-DL and by Malwarebytes as Backdoor.Agent.SHLNo
OpenCapXOpenCPTSvc.exeDetected by McAfee as Downloader-CPT and by Malwarebytes as Adware.KraddareNo
OpenDNS UpdateUOpenDNS Updater.exeUpdater for OpenDNS which "is a free service that works for networks of all sizes, from home networks to K-12 schools, SMBs and large enterprises". Automatically updates your OpenDNS account when your IP address changes and should be allowed to run if you use their Dashboard featuresNo
OpenDNS UpdaterYOpenDNSUpdater.exeUpdater for OpenDNS - "the leading provider of Internet security and DNS services". "The OpenDNS Updater will run in your system tray and send updates to your account whenever your IP address changes. This will help ensure that your system preferences are applied to your network at all times"Yes
Local Area NetworkXOpenGL.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Graphic UpdateXopenglx.exeDetected by Trend Micro as WORM_IRCBOT.AMW. The file is located in %System%No
opengl_apiXopengl_api.exeDetected by Malwarebytes as Trojan.Agent.E. Note - this entry loads from the Windows Startup folder and the file is located in %UserTemp%No
Microsoft Office 2010Xopenoffice.exeDetected by McAfee as W32/Spybot.worm.gen and by Malwarebytes as Backdoor.IRCBot.ENo
OpenOffice_banner.exeXOpenOffice_banner.exeDetected by Malwarebytes as Trojan.Agent.JVGen. The file is located in %AppData%\Sun\Java\Deployment\SystemCache\6.0\32No
ccwPinXopenS.exeDetected by Sophos as Troj/Delf-AJENo
opensearchGTXopensearchgt.exeDetected by Malwarebytes as Adware.KorAd. The file is located in %AppData%\opensearchGT - see hereNo
opensearchGTsXopensearchgts.exeDetected by Malwarebytes as Adware.KorAd. The file is located in %AppData%\opensearchGTNo
opensearchGTupdateXopensearchgtu.exeDetected by Malwarebytes as Adware.KorAd. The file is located in %AppData%\opensearchGT - see hereNo
Open SiteXopensite.exeDetected by Symantec as Adware.OpenSiteNo
OpenSoftwareUpdaterUOpenSoftwareUpdater.exeDetected by Malwarebytes as PUP.Optional.OpensoftwareUpdater. The file is located in %ProgramFiles%\OpenSoftwareUpdater. If bundled with another installer or not installed by choice then remove itNo
[various names]Xopenstre.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
OpentabXOpentab.exeDetected by Malwarebytes as Adware.OpenTab. The file is located in %AppData%\OpentabNo
OpentabXOpentab.exeDetected by McAfee as Generic.bfr!de and by Malwarebytes as Adware.OpenTab. The file is located in %ProgramFiles%\OpentabNo
OpentabhperXOpentabhper.exeDetected by Malwarebytes as Adware.K.OpenTab. The file is located in %AppData%\OpentabNo
OpentabhperXOpentabhper.exeDetected by McAfee as Generic.bfr!de and by Malwarebytes as Adware.K.OpenTab. The file is located in %ProgramFiles%\OpentabNo
OpentabupXopentabup.exeDetected by Malwarebytes as Adware.K.OpenTab. The file is located in %AppData%\opentabNo
OpentabupXopentabup.exeDetected by McAfee as Generic.bfr!de and by Malwarebytes as Adware.K.OpenTab. The file is located in %ProgramFiles%\OpentabNo
OpenTalkNOpenTalk.exeOpenTalk - free video and voice conferencing software application that allows you to talk to up to 100 friends in a chat room, using your headset microphone and a WebcamNo
openvXopenv.exeDetected by Sophos as Troj/Agent-AAGS and by Malwarebytes as Trojan.Agent.OPVNo
openvpn-guiUopenvpn-gui.exeGUI for the OpenVPN open-source VPN client. The file is normally located in %ProgramFiles%\[various]\bin and depends upon the implementation - examples include (but are not limited to OpenVPN, WiTopia, Talent Plus VPN, etcNo
AbGameXopera.exeDetected by Symantec as W32.Winiga and by Malwarebytes as Trojan.AgentNo
operaXopera.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\appdataNo
operaXopera.exeDetected by McAfee as RDN/Generic.dx!dbk and by Malwarebytes as Backdoor.Agent.DWNo
chrome updateXopera.exeDetected by Dr.Web as Trojan.DownLoader12.3080 and by Malwarebytes as Trojan.AgentNo
msinfo32msinfo325.1.2600.0.0108171148Xoperatingmsinfo32.exeDetected by Sophos as W32/Trite-ANo
SAPISVR5SAPISVR5Xoperatingsapi5.exeDetected by Sophos as W32/Trite-ANo
OperationSystem.exeXOperationSystem.exeDetected by McAfee as PWS-Banker!gzv and by Malwarebytes as Trojan.BankerNo
Open Service DriversXopiater.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
OpiStatXOpiStat.exeNetRatings Premeter spywareNo
LanguageMonitorUOplmsb01.exeOKI Printer language support monitorNo
Microsoft Update MachineXopmmve.exeDetected by Kaspersky as Net-Worm.Win32.Kolabc.des and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
Open SiteXopnste.exeDetected by Symantec as Adware.OpenSiteNo
LastwordXopomena.txtDetected by ESET as Win32/LastwordNo
oprXopr.exeMediaMotor adwareNo
OpSchedulerUOpScheduler.exePart of Nuance (was Scansoft) OmniPage document conversion softwareNo
opsql update checkXopsql.exeDetected by Sophos as W32/Rbot-ACJNo
OptiCAL StartupNOptiCAL.exeOptiCAL monitor calibration software from ColorVision for advanced amateurs, professionals, animation studios and prepress operationsNo
ReAgdVolXOptilace.exeDetected by Malwarebytes as Trojan.Agent.RVW. The file is located in %AppData%No
DyFuCAXoptimize.exeAdult content dialer - see hereNo
Internet OptimizerXoptimize.exeInternet Optimizer parasite - detected by Sophos as the DLUCA-G TROJAN and variantsNo
WindowsXOptimizer.exeDetected by Sophos as Troj/Ransom-RM and by Malwarebytes as Trojan.Agent.WNONo
1XOption.exeDetected by Dr.Web as Trojan.DownLoader11.21924 and by Malwarebytes as Trojan.Downloader.ENo
OPTMOUSEMOUSEUoptmouse.exeRelated to a Samsung optical mouseNo
Optimizer ProUOptProLauncher.exeOptimizer Pro optimization utility by PC Utilities Pro. Detected by Malwarebytes as PUP.Optional.OptimizePro. The file is located in %ProgramFiles%\Optimizer Pro. If bundled with another installer or not installed by choice then remove itNo
optserveXoptserve.exeOptserve adwareNo
OptusNetUsageUOptusNet Usage Meter.exeDesigned specifically for OptusNet users who wish to have their connection monitored on a frequent basis. It can also estimate when you are going to hit your usage limit, and how far over your suggested limit you should beNo
Opware12NOpware12.exeOmniPage from Nuance (was Scansoft) - version 12. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novicesNo
Opware14NOpware14.exeOmniPage from Nuance (was Scansoft) - version 14. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novicesNo
Opware15NOpware15.exeOmniPage from Nuance (was Scansoft) - version 15. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novicesNo
OmniPageNOpware32.exePart of OmniPage from Nuance (was Scansoft) - "the fastest, easiest way to turn paper documents into digital files you can edit". Links Word, via OLE, with OmniPage. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page". Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novicesNo
OpwareSE2NOpwareSE2.exeHardware bundled version of OmniPage from Nuance (was Scansoft). If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novicesNo
OpwareSE3NOpwareSE3.exeHardware bundled version of OmniPage from Nuance (was Scansoft). If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novicesNo
OpwareSE4NOpwareSE4.exeHardware bundled version of OmniPage from Nuance (was Scansoft). If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novicesNo
OutpostMonitorYop_mon.exeSystem Tray access to, and notifications for the Outpost range of security products from Agnitum Ltd - including Outpost Firewall Pro, Outpost Antivirus Pro and Outpost Security Suite ProYes
op_monYop_mon.exeSystem Tray access to, and notifications for the Outpost range of security products from Agnitum Ltd - including Outpost Firewall Pro, Outpost Antivirus Pro and Outpost Security Suite Pro. Also used by Lavasoft Personal Firewall and Quick Heal FirewallYes
Agnitum OutpostYop_mon.exeSystem Tray access to, and notifications for the Outpost range of security products from Agnitum Ltd - including Outpost Firewall Pro, Outpost Antivirus Pro and Outpost Security Suite ProYes
Lavasoft Personal FirewallYop_mon.exeSystem Tray access to, and notifications for Lavasoft Personal Firewall. Based upon the Outpost Firewall by Agnitum LtdYes
lavasoftMonitorYop_mon.exeSystem Tray access to, and notifications for Lavasoft Personal Firewall. Based upon the Outpost Firewall by Agnitum LtdYes
Quick Heal Firewall ProYop_mon.exeSystem Tray access to, and notifications for Quick Heal Firewall. Based upon the Outpost Firewall by Agnitum LtdYes
Quick Heal MonitorYop_mon.exeSystem Tray access to, and notifications for Quick Heal Firewall. Based upon the Outpost Firewall by Agnitum LtdYes
Diam prlaerXoqedrhg.exeDetected by Sophos as W32/Sdbot-DEUNo
Location Group Propagation TrapXoqnbojqbiewy.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
Complete2XOqusode60.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %LocalAppData%\GForceNVidiaNo
oqwtlhkaXoqwtlhka.exeDetected by McAfee as RDN/Generic.bfr!hu and by Malwarebytes as Backdoor.Agent.RNDNo
oqwtlhka.exeXoqwtlhka.exeDetected by McAfee as RDN/Generic.bfr!hu and by Malwarebytes as Backdoor.Agent.RND. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ORACLE.exeXORACLE.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.SQGen. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
oracle64.exeXoracle64.exeDetected by Dr.Web as Trojan.Inject1.31375 and by Malwarebytes as Trojan.Agent.ENo
Java Platform SE binaryXOracleCorporation.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\MicrosoftNo
PoliciesXOracleCorporation.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\MicrosoftNo
OrangeVXOrangeV.exeDetected by Dr.Web as Troj/DotNet-G and by Malwarebytes as Backdoor.BotNo
OrbUOrbTray.exeOrb streaming software by Orb Networks Inc that enables users to remotely access all their personal digital media files including pictures, music, videos, webcams and television - also used by the Winamp Remote streaming serviceNo
OrcusXOrcus.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %ProgramFiles%\OrcusNo
SoftechXORDER CONFIRMATION LIST.exeDetected by Malwarebytes as Backdoor.Agent.DCE. The file is located in %AppData% - see an example hereNo
orderShellXorder****.exe [* = random char]Detected by Sophos as Troj/Dloadr-UNNo
(Default)XOrder.exeDetected by Malwarebytes as Trojan.Keylogger.MSIL. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %AppData%No
officeXorder.exeDetected by McAfee as W32/Hilin.worm and by Malwarebytes as Trojan.AgentNo
appdataXorder.exeDetected by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData%\MicrosoftNo
orderXorder.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%\Microsoft - see hereNo
ORDER.exeXORDER.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts - see hereNo
ebubechuksXorder.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%\Microsoft - see hereNo
loadXOrderConfirmationPdf.pifDetected by Malwarebytes as Backdoor.Agent.PDL. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "OrderConfirmationPdf.pif" (which is located in %LocalAppData%\Microsoft\Windows)No
OrderReminderNOrderReminder.exeHP Order Reminder utility installed with HP LaserJet printer software which allows you to set specific times for reminders to check the current level of toner in the print cartridge. Also contains an Order Now link to a Web page that helps you order supplies online from a reseller of your choiceNo
order_ShellXorder_****.exe [* = random letter]Detected by Sophos as Troj/Agent-ARONo
order_ShellXorder_glsw.exeDetected by Sophos as Troj/Dloadr-KONo
order_ShellXorder_pgum.exeDetected by Sophos as Troj/Agent-BSQNo
order_ShellXorder_smey.exeDetected by Sophos as Troj/BankSnif-HNo
orec32Uorec32.exeOnlineRecorder surveillance software that records Yahoo! and AOL instant messages, URLs in browsers, and keystrokes. Uninstall this software unless you put it there yourselfNo
Lotus OrganizerUorg5.exeLotus Organizer personal information manager (PIM) - included as part of Lotus SmartSuite but also sold as a single application. Leave enabled if you want to be alerted to appointments and have the program running in the background. Otherwise, you may easily start it manually when requiredNo
Lotus Organizer 5Uorg5.exeLotus Organizer personal information manager (PIM) - included as part of Lotus SmartSuite but also sold as a single application. Leave enabled if you want to be alerted to appointments and have the program running in the background. Otherwise, you may easily start it manually when requiredNo
Lotus Organizer 5.0Uorg5.exeLotus Organizer personal information manager (PIM) - included as part of Lotus SmartSuite but also sold as a single application. Leave enabled if you want to be alerted to appointments and have the program running in the background. Otherwise, you may easily start it manually when requiredNo
Lotus OrganizerUorg6.exeLotus Organizer personal information manager (PIM) - included as part of Lotus SmartSuite but also sold as a single application. Leave enabled if you want to be alerted to appointments and have the program running in the background. Otherwise, you may easily start it manually when requiredNo
Lotus Organizer 6.0Uorg6.exeLotus Organizer personal information manager (PIM) - included as part of Lotus SmartSuite but also sold as a single application. Leave enabled if you want to be alerted to appointments and have the program running in the background. Otherwise, you may easily start it manually when requiredNo
OrganizerUorg6.exeLotus Organizer personal information manager (PIM) - included as part of Lotus SmartSuite but also sold as a single application. Leave enabled if you want to be alerted to appointments and have the program running in the background. Otherwise, you may easily start it manually when requiredNo
IBM Lotus Organizer 6Uorg6.exeLotus Organizer personal information manager (PIM) - included as part of Lotus SmartSuite but also sold as a single application. Leave enabled if you want to be alerted to appointments and have the program running in the background. Otherwise, you may easily start it manually when requiredNo
OrgasmXOrgasm.exeDetected by Sophos as Dial/Porndial-C and by Malwarebytes as Trojan.DialerNo
OrgyCamXOrgyCam.exeAdult content dialerNo
Microsoft Registry Startup ScanXoridedb.exeDetected by Trend Micro as WORM_SDBOT.AKXNo
EADMNOrigin.exeElectronic Arts (EA) digital distribution, digital rights management system that allows users to purchase games on the internet for PC and mobile platforms. "Origin is a free gaming service that lets you connect with your friends and the games you love from anywhere and across multiple devices. Origin also helps you discover great games from some of the world's leading publishers, and keeps you informed of exclusive content and deals you can't get anywhere else."Yes
VerdanaXOrigin.exeDetected by Dr.Web as Trojan.DownLoader8.37134No
OriginalDocument.scrXOriginalDocument.scrDetected by Malwarebytes as Trojan.MSIL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
proxim_orinoco_11abgYorinoco.exeProxim ORiNOCO 11a/b/g PCI Card wireless configuration utilityNo
OrixNeTXorixnet.exeDetected by McAfee as RDN/Generic Proxy!j and by Malwarebytes as Trojan.Banker.ENo
hotdlllXorkss.exeDetected by McAfee as RDN/PWS-Banker!ds and by Malwarebytes as Trojan.Banker.ASDNo
EsphXortu.exeDetected by Symantec as Adware.PurityScan - also see the archived version of Andrew Clover's pageNo
Windows Security Center Notification ApplseXos.exeAdded by a variant of W32/Rbot-GLRNo
SystemRunXos.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Windir%\WebNo
Microsoft quick launchXOSA.exeAdded by a variant of BKDR_VBOT.A. Note that OSA.exe was used in older versions of Office to launch common components to help speed up the launch but it is no longer normally used - see here. This file is located in a valid MS Office 2003 (aka Office 11) directory - %ProgramFiles%\Microsoft Office\OFFICE11 - and may overwrite a valid fileNo
Office StartupNosa.exeOn older versions of MS Office this launches common Office components to help speed up the launch of Office programs. On slower machines it can be a resource hog and some users claim there's no difference with or without it - but it usually isn't required. This must be left enabled if you use the Microsoft Office Shortcut Bar (MSOFFICE.EXE) and have set it to load at startup. Available via Start → All ProgramsYes
Microsoft OfficeNosa.exeOn older versions of MS Office this launches common Office components to help speed up the launch of Office programs. On slower machines it can be a resource hog and some users claim there's no difference with or without it - but it usually isn't required. This must be left enabled if you use the Microsoft Office Shortcut Bar (MSOFFICE.EXE) and have set it to load at startup. Available via Start → All ProgramsYes
Microsoft Office quick launchXOSA.exeDetected by Trend Micro as BKDR_VBOT.A. Note that OSA.exe was used in older versions of Office to launch common components to help speed up the launch but it is no longer normally used - see here. This file is located in a valid MS Office 2003 (aka Office 11) directory - %ProgramFiles%\Microsoft Office\OFFICE11 - and may overwrite a valid fileNo
Office StartupNOsa9.exeOn older versions of MS Office this launches common Office components to help speed up the launch of Office programs. On slower machines it can be a resource hog and some users claim there's no difference with or without it - but it usually isn't required. This must be left enabled if you use the Microsoft Office Shortcut Bar (MSOFFICE.EXE) and have set it to load at startup. Available via Start → All ProgramsNo
Office SturtUpXosa9.exeDetected by Sophos as Troj/Clicker-EC. Note - do not confuse with the legitimate Microsoft office file of the same name which is normally located in %Program Files%\Microsoft Office\Office. This one is located in %Windir%No
Microsoft OfficeNOsa9.exeOn older versions of MS Office this launches common Office components to help speed up the launch of Office programs. On slower machines it can be a resource hog and some users claim there's no difference with or without it - but it usually isn't required. This must be left enabled if you use the Microsoft Office Shortcut Bar (MSOFFICE.EXE) and have set it to load at startup. Available via Start → All ProgramsYes
Yo Mamma Osama InstallerUosama.exeWnad adwareNo
javaXOsbot-jar.scrDetected by Malwarebytes as Trojan.Agent.AI. The file is located in %AppData%No
OscarEditorUOscarEditor.exeA4Tech's X7 Oscar Editor mouse programming utility for their Oscar range of gaming miceNo
OscarX7Mouse5ModeUOscarEditor.exeA4Tech's X7 Oscar Editor mouse programming utility for their Oscar range of gaming miceNo
NSWosCheckUosCheck.exePart of Symantec's now discontinued Norton SystemWorks security and utility suite. Checks at boot-time to see if you are still using the same OS as your last Windows session and terminates if you are. If Windows has been upgraded it will attempt to download the relevant updates for the new OS on the first rebootYes
osCheckUosCheck.exePart of older versions of Symantec's security products including Norton 360, Norton Internet Security, Norton AntiVirus and the now discontinued Norton SystemWorks suite. Checks at boot-time to see if you are still using the same OS as your last Windows session and terminates if you are. If Windows has been upgraded it will attempt to download the relevant updates for the new OS on the first rebootYes
LMgrVolOSDUOSD.EXEDisplays a message or graphic on-screen when you press a corresponding volume "hotkey" - such as increase, decrease or mute. Nice but not required if you don't adjust things regularly - and also known to cause a system freeze in some casesNo
OSDUOSD.exeDisplays a message or graphic on-screen when you press a corresponding "hotkey" - such as volume increase/decrease, display brightness, etc. Nice but not required if you don't adjust things regularly - and also known to cause a system freeze in some casesNo
OsdMaestroUOSD.exeDisplays a message or graphic on-screen when you press a corresponding "hotkey" on some HP machines - such as volume increase/decrease, display brightness, etc. Nice but not required if you don't adjust things regularly - and also known to cause a system freeze in some casesNo
OsdMaestroOSD.exeUOSD.EXEDisplays a message or graphic on-screen when you press a corresponding "hotkey" on some HP machines - such as volume increase/decrease, display brightness, etc. Nice but not required if you don't adjust things regularly - and also known to cause a system freeze in some casesNo
On Screen DisplayUOSD.EXEDisplays a message or graphic on-screen when you press a corresponding "hotkey" - such as volume increase/decrease, display brightness, etc. Nice but not required if you don't adjust things regularly - and also known to cause a system freeze in some casesNo
OsdMaestroUOSD64.exe"Provides an interface to configure onscreen display settings." For HP systems - see hereNo
LMgrOSDUOSDCtrl.exeOSD (on-screen-display) utility - part of Acer Launch Manager. Gives you control to customize the monitor to your liking...from sound, brightness, contrast, horizontal and vertical positions, phase, pixel clock, color and languageNo
Dialog Box AssistantNOSDEx.exeDialog Box Assistant from Duality Software. Helps with the standard Open and Save As dialog boxes by showing recently used files and foldersNo
Lub_KpCexWpDXbvcLulkwVCaLzXOSDIoNByCDRgSS.exeDetected by Sophos as Troj/Ranybus-A and by Malwarebytes as Trojan.AgentNo
ODMDownloaderXosetup.exeOpen Download Manager is a powerful download manager that promises to accelerate downloads by up to 500 percent. Detected by Malwarebytes as PUP.Optional.DownWare. The file is located in %ProgramFiles%\OpenDownloaderManager. If bundled with another installer or not installed by choice then remove itNo
OS FirewallXOSFirewall.exeDetected by Malwarebytes as Trojan.Agent.OSF. The file is located in %AppData%\Microsoft - see hereNo
OsGFVYbT.exeXOsGFVYbT.exeDetected by Malwarebytes as Trojan.FakeCC. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
OrangeSharkNOSharkUpdater.exeOrange Shark updater - online games for all agesNo
osjk8sXosjk8s.exeDetected by Kaspersky as Virus.Win32.Virut.ce. The file is located in %AppData%No
ChromeXosk.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DLHNo
OSK.SER242Xosk.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DLHNo
OSKMACH1H5Xosk.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DLHNo
loadXosk.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DLH. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "osk.exe" (which is located in %System%\dllhost) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" entry pointing to the same fileNo
OSLoaderXOSLoader.exeDetected by Symantec as Backdoor.CamKing. Note - activates your webcam if you have one to allow its author to spy on youNo
FlashXosmax.exeDetected by McAfee as RDN/Generic.dx!dfd and by Malwarebytes as Trojan.Banker.FLGenNo
osmsgXosmsg.exeDetected by Malwarebytes as Adware.Agent.CLK. The file is located in %CommonAppData%\WindowsMsgNo
Windows Communicator for NT/XPXosndyrn.exeDetected by Sophos as W32/Sdbot-CPK. Note - can terminate AV related processesNo
Memory Fox ProUoso.exeMemory Fox Professional browser memory manager that way it will free up system memory from browsers like Firefox that can use too much if left unchecked. Via "Options" on the tray icon you can select how often (from 1 to 60 minutes) the program will request the Windows Memory Manager to relinquish memoryYes
qazxswdfdfXosowsys16.pifDetected by Dr.Web as Trojan.MulDrop5.41385 and by Malwarebytes as Trojan.Agent.ENo
OneSafe PC CleanerUOSPCSchedule.exeOneSafe PC Cleaner by Avanquest Software - which "allows you to both boost your computer's speeds and defrag the hard drive, saving you valuable storage space. It automatically detects errors that cause your computer to slow down by performing a full system scan." Detected by Malwarebytes as PUP.Optional.OneSafePCCleaner. The file is located in %ProgramFiles%\OneSafe PC Cleaner. If bundled with another installer or not installed by choice then remove itNo
DailyPCCleanUOSPCSchedule.exeDaily PC Clean by Tuto4PC - "removes useless files or software that could make your computer less performant." Detected by Malwarebytes as PUP.Optional.DailyPCClean. The file is located in %ProgramFiles%\DailyPCClean. If bundled with another installer or not installed by choice then remove itNo
ospd_**_#Uospd_**_#.exe"Install OneSoftPerDay on your PC and access every day to free apps or at a reduced price of our partners." Detected by Malwarebytes as PUP.Optional.OneSoftPerDay - where ** represents a 2 letter country code (ie, us, ca, jp, pl) and # represents one or more digits. The file is located in %ProgramFiles%\ospd_**_#. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
startXOSPPSVC.EXEDetected by Dr.Web as Trojan.DownLoader11.17259 and by Malwarebytes as Trojan.Agent.MSNo
Svchost.exeXOSRS Main Build.exeDetected by Malwarebytes as Backdoor.Bot.E. The file is located in %AppData%No
ctfnom.exeXOSRSS.exeDetected by Sophos as Troj/Dloader-UQNo
windhost.exeXosrwin32.exeDetected by Sophos as Troj/Banker-CBNo
Object Store ServerYosserver.exeComes with HyperTextStudio. From the supplier - "The Osserver maintains the database for HyperText Studio projects - absolutely vital, it verifies all the links etc in a site. It runs as a service in NT, 2K and XP but needs to start up in Win 9.x so you'll see a DOS box for a short while during boot up."No
tymsetvcXosskhbd.exeDetected by Sophos as Troj/Mailbot-BWNo
OSSUossproxy.exeMarketScore/Netsetter/Relevant Knowledge parasite. Detected by Malwarebytes as PUP.Optional.MarketScoreNo
OSSProxyUOSSPROXY.EXEMarketScore/Netsetter/Relevant Knowledge parasite. Detected by Malwarebytes as PUP.Optional.MarketScoreNo
OsSystemXOsSystem.exeDetected by McAfee as RDN/Generic.dx!ctr and by Malwarebytes as Backdoor.Agent.DCENo
OSSelectorReinstallUoss_reinstall.exeRelated to Acronis Disk Director SuiteNo
OStivityInvAgtUostivity.exeOStivity - "a desktop and server hardware and software asset/inventory solution for small to enterprise sized organizations that need to quickly gain knowledge of 'what's installed' without having to manually touch every computer in the company. The next time the computer logs into the network, a complete inventory (software and hardware) is taken of the system"No
MEIwRDQ1NDlDQjExQTI5QTXosuncs.exeDetected by Dr.Web as Trojan.DownLoader6.44007 and by Malwarebytes as Trojan.AgentNo
EsutitydeXosutityde.exeDetected by Total Defense as Win32.Lioten.LU. The file is located in %System%No
MinecraftXOS_Win.exeDetected by McAfee as RDN/Generic Dropper!vq and by Malwarebytes as Backdoor.Agent.WSONo
OS_WinXOS_Win.exeDetected by McAfee as RDN/Generic Dropper!vq and by Malwarebytes as Backdoor.Agent.WSONo
otcxXotcxxh.exeDetected by Symantec as Backdoor.CaroolNo
Other.exeXOther.exeDetected by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Other.exeXOther.exeDetected by Malwarebytes as Trojan.Urausy.EDCD. Note - the file is located in %UserStartup% and its presence here ensures it runs when Windows startsNo
OtOYnhEyWXjxCmXOtOYnhEyWXjxCm.exeDetected by McAfee as Generic FakeAlert.bx and by Malwarebytes as Rogue.Agent.SANo
OtShotNotshot.exe"OtShot is a free photo application that allows you to edit your photos, add effects, designs and texts and share them with your friends and family!"No
OTUTPRODUCT_*****Uotutnetwork.exeDetected by Malwarebytes as PUP.Optional.Tuto4PC - where * represents a character. The file is located in %ProgramFiles%\[folder]. If bundled with another installer or not installed by choice then remove itNo
HW_OPENEYE_OUC_blueconnectUouc.exeUpdate client for the blueconnect mobile (USB) management tool by Huawei Technologies Co., LtdNo
HW_OPENEYE_OUC_Cricket Broadband EC1705Uouc.exeUpdate client for the Cricket Broadband mobile (USB) management tool by Huawei Technologies Co., LtdNo
HW_OPENEYE_OUC_MegaFon InternetUouc.exeUpdate client for the MegaFon Internet mobile (USB) management tool by Huawei Technologies Co., LtdNo
HW_OPENEYE_OUC_PC SuiteUouc.exeUpdate client for an Android mobile (USB) management tool by Huawei Technologies Co., LtdNo
HW_OPENEYE_OUC_PC Suite For Android HandsetUouc.exeUpdate client for an Android mobile (USB) management tool by Huawei Technologies Co., LtdNo
HW_OPENEYE_OUC_PLAY ONLINEUouc.exeUpdate client for the Play Online mobile (USB) management tool by Huawei Technologies Co., LtdNo
HW_OPENEYE_OUC_Reliance NetconnectUouc.exeUpdate client for the Reliance Netconnect mobile (USB) management tool by Huawei Technologies Co., LtdNo
HW_OPENEYE_OUC_tele.ring VerbindungsmanagerUouc.exeUpdate client for the tele.ring mobile (USB) management tool by Huawei Technologies Co., LtdNo
HW_OPENEYE_OUC_Telekom Internet ManagerUouc.exeUpdate client for the Telekom Internet Manager mobile (USB) management tool by Huawei Technologies Co., LtdNo
HW_OPENEYE_OUC_T-Mobile Internet ManagerUouc.exeUpdate client for the T-Mobile Internet Manager mobile (USB) management tool by Huawei Technologies Co., LtdNo
HW_OPENEYE_OUC_VIVO INTERNETUouc.exeUpdate client for the Vivo Internet mobile (USB) management tool by Huawei Technologies Co., LtdNo
hjdsdseXoukdfgr.exeDetected by McAfee as Generic PWS.ak and by Malwarebytes as Spyware.OnlineGamesNo
SfKg6wIPuSXoulwsv.exeDetected by Dr.Web as Trojan.Siggen2.40405 and by Malwarebytes as Trojan.DownloaderNo
msenngerXournik.comDetected by Trend Micro as BKDR_IRCFLOOD.AL and by Malwarebytes as Backdoor.IRCBot. The file is located in %System%\tttNo
hohohhahaXournik.comDetected by Trend Micro as BKDR_IRCFLOOD.AL and by Malwarebytes as Backdoor.IRCBot. The file is located in %System%\tttNo
WinRegXournik.comDetected by Trend Micro as BKDR_IRCFLOOD.AL and by Malwarebytes as Backdoor.IRCBot. The file is located in %System%\tttNo
OurPicturesNOurPictures.exeRelated to RitzPix Online Photo Print servicesNo
oursearches Uoursearches.exeDetected by Malwarebytes as PUP.Optional.OurSearches. The file is located in %AppData%\onekit\oursearches\[version] and note that there is a space at the end of the "Startup Item" field. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
outbackxxx.exeXoutbackxxx.exeDetected by Microsoft as Trojan:Win32/EyeStye.H and by Malwarebytes as Trojan.SpyeyeNo
OuterinfoXOuterinfo.exeClickspring.Outerinfo adwareNo
OuterinfoUpdateXOuterinfoUpdate.exeClickspring.Outerinfo adwareNo
ccRegVfYXoutIook.exeDetected by Total Defense as Win32.Tactslay.A. The filename has a upper case "i" in it and is located in %Windir%No
MsupdateXoutIook.exeDetected by Total Defense as Win32.Tactslay.A. The filename has a upper case "i" in it and is located in %Windir%No
OfficeAgentXoutIook.exeDetected by Total Defense as Win32.Tactslay.A. The filename has a upper case "i" in it and is located in %Windir%No
SchedulerXoutIook.exeDetected by Total Defense as Win32.Tactslay.A. The filename has a upper case "i" in it and is located in %Windir%No
ccApprXoutIook.exeDetected by Total Defense as Win32.Tactslay.A. The filename has a upper case "i" in it and is located in %Windir%No
HKCUXOUTLO0K.EXEDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note the "0" in place of an upper case "o" in the filename - which is located in %Windir%\SystemNo
PoliciesXOUTLO0K.EXEDetected by Malwarebytes as Backdoor.Agent.PGen. Note the "0" in place of an upper case "o" in the filename - which is located in %Windir%\SystemNo
HKLMXOUTLO0K.EXEDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note the "0" in place of an upper case "o" in the filename - which is located in %Windir%\SystemNo
OutlookXOutlook Express.exeDetected by Sophos as Troj/Spammit-HNo
outlookXoutlook.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCE. Note that the valid Microsoft Outlook executable is located in %ProgramFiles%\Microsoft Office\Office whereas this one is located in %Temp%\OutlookNo
outlookXoutlook.exeDetected by Dr.Web as Trojan.Siggen4.26128 and by Malwarebytes as Worm.P2P. Note that the valid Microsoft Outlook executable is located in %ProgramFiles%\Microsoft Office\Office whereas this one is located in %Windir%No
Outlook Mail ServicesXoutlook.exeDetected by Sophos as W32/Rbot-BKA and by Malwarebytes as Spyware.Imminent. Note that the valid Microsoft Outlook executable is located in %ProgramFiles%\Microsoft Office\Office whereas this one is located in %System%No
systemXoutlook.exeDetected by Symantec as W32.Mimail.Q@mm. Note that the valid Microsoft Outlook executable is located in %ProgramFiles%\Microsoft Office\Office whereas this one is located in %Windir%No
Winrar LibraryXOutlook.exeDetected by McAfee as RDN/Generic.bfr!ic and by Malwarebytes as Trojan.Agent.DXT. Note that the valid Microsoft Outlook executable is located in %ProgramFiles%\Microsoft Office\Office whereas this one is located in %AppData%\OutlookNo
outlookXoutlook.exeDetected by Symantec as W32.Alcra.F and by Malwarebytes as Worm.P2P. Note that the valid Microsoft Outlook executable is located in %ProgramFiles%\Microsoft Office\Office whereas this one is located in %ProgramFiles%\OutlookNo
outlookXoutlook.exeDetected by Sophos as W32/Sdbot-RU and by Malwarebytes as Spyware.Imminent. Note that the valid Microsoft Outlook executable is located in %ProgramFiles%\Microsoft Office\Office whereas this one is located in %System%No
OutlookOnDesktopUOutlookDesktop.exe"Outlook On the Desktop is a program that displays Outlook as a transparent, interactive object embedded in your desktop"No
MS Unix BinaryXoutlookexpressupdate.exeDetected by Sophos as W32/Rbot-YUNo
outlookmail.exeXoutlookmail.exeDetected by Dr.Web as Trojan.DownLoader11.25149 and by Malwarebytes as Trojan.Banker.ENo
OutlookPlus.exeXOutlookPlus.exeDetected by Malwarebytes as Trojan.Agent. Note that the Command field can be either blank or the same as the Name field and located in a sub-folder of %LocalAppData% - see here and hereNo
memoryXoutlookrem.exeDetected by Sophos as W32/Nopir-CNo
sysmemXoutlookrem.exeDetected by Sophos as W32/Nopir-CNo
outpostYoutpost.exeSystem Tray access to, and notifications for older versions of Outpost Firewall and Outpost Security Suite from Agnitum LtdNo
Outpost FirewallYoutpost.exeSystem Tray access to, and notifications for older versions of Outpost Firewall from Agnitum LtdYes
Outpost Security SuiteYoutpost.exeSystem Tray access to, and notifications for older versions of Outpost Security Suite from Agnitum LtdYes
outpostupdateXoutpostupdate.exeDetected by Sophos as Troj/Cosiam-CNo
Ouymbgbmamfkqivx.exeXOuymbgbmamfkqivx.exeDetected by Malwarebytes as Trojan.PWS.IRCBot. The file is located in %AppData%No
OV3_MonitorNOV3Monitor.exeOLYMPUS Viewer 3 management tool for their range of digital cameras - "allows you to quickly find desired images from albums or folders by photo type or timeline. for editing and printing. The software has powerful workflow supporting function, such as Colour Mark, Selection and Light Box to let you select the best shot from amongst a very large number of images." Monitors your computer for when the camera is plugged inNo
share21014Xov535.exeDetected by McAfee as Generic.dx!bgjx and by Malwarebytes as Trojan.BublikNo
OVCJ?OVCJ.exeThe file is located in %Windir%No
Launch Ai BoosterUOverClk.exeIncluded with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme), "AI Booster allows you to overclock the CPU speed in Windows without the hassle of booting the BIOS." Part of AI SuiteNo
OvernetNOvernet.exeOvernet peer-to-peer (P2P) file-sharing program. No longer availableNo
scvhostUOverSpy.exeOverSpy surveillance software. Uninstall this software unless you put it there yourselfNo
BVCZASFCXVGHJNXovertototoe.exeDetected by McAfee as RDN/Generic PWS.y!zx and by Malwarebytes as Backdoor.Agent.ENo
OverwolfNOverwolf.exe"Overwolf adds your favorite apps into your games. Use Facebook, Skype, Video Capture and more to connect with your friends and share your awesomeness!"No
ovidoXovido.exeDetected by McAfee as RDN/PWS-Banker and by Malwarebytes as Trojan.Banker.ENo
ovpntray.exeNovpntray.exeSystem Tray access to the OpenVPN Connect Client for use with web browsers which allow users to securely connect to a private network via VPN. Note that the tray icon will still run if the associated OpenVPN Access Client (capiws.exe) service is set to AutomaticYes
OpenVPN ConnectNovpntray.exeSystem Tray access to the OpenVPN Connect Client for use with web browsers which allow users to securely connect to a private network via VPN. Note that the tray icon will still run if the associated OpenVPN Access Client (capiws.exe) service is set to AutomaticYes
owqwowouXovswmcjtssd.exeDetected by Sophos as Troj/Agent-MZENo
DHKJWZUTXovtd1mjrsmhy.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp%No
owazar.exeXowazar.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
OWMngrXOWMngr.exeDetected by Symantec as Downloader.ChekinNo
{AF13D6C2-E926-01EF-06C8-326F092AAF9D}Xoxadw.exeDetected by Sophos as Troj/MDrop-CVANo
OxigenClientAdminUOxigen.exeOpen University Oxigen screensaver admin client. Downloads the latest information from the net to display in the screen saverNo
oxygenerXoxygener.exeDetected by Dr.Web as Trojan.DownLoader1.51395No
oxy_v0.6.exeXoxy_v0.6.exeDetected by Malwarebytes as Trojan.Inject. The file is located in %LocalAppData%No
OyPmdWWFTJ6T.exeXOyPmdWWFTJ6T.exeDetected by Dr.Web as Trojan.DownLoader8.22321 and by Malwarebytes as Trojan.MSIL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
www.symantec.comXoz11111.exeDetected by Symantec as W32.Mydoom.W@mmNo
oz2Xoz2.exeDetected by Symantec as W32.Mydoom.W@mmNo
loadXozname.exeDetected by Malwarebytes as Trojan.Redlonam. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "ozname.exe" (which is located in %UserTemp%\FolderN)No

Notes & Warnings

If you can help identify new entries and verify/identify those entries with a "?" status (especially hardware specific - such as laptops and motherboards) then please E-mail us (startups_at_pacs-portal_dot_co_dot_uk).

"Status" key:

Variables:

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. We will not be held responsible if changes you make cause a system failure.

WARNING: This is NOT a list of tasks/processes taken from the Task Manager (CTRL+SHIFT+ESC) "Processes" tab. This displays some startup programs AND other background tasks and "Services". These pages are concerned with startup programs from the common startup locations shown above ONLY. Please do not submit entries collected from this method as they will not be used. For a list of tasks/processes you should try the list at PC Pitstop, the Process Library from Uniblue or one of the many others now available.

Therefore, before ending a task/process via CTRL+SHIFT+ESC just because it has an "X" recommendation, please check whether it's in the registry or common startup locations first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+SHIFT+ESC. If in doubt, don't do anything.

To avoid the database becoming too large, all malware entries are only shown using the registry version which is common to all Windows versions. Otherwise there would be multiple entries for popular filenames that viruses often use - such as "svchost.exe" above for example. Multiple malware can also use the same start-up entries, in this case only those with significant differences (such as file location) are repeated in this database.

As more than 25K entries in this database related to malware you should use a quality internet security package. Which ever you choose, keep it updated and get the latest version at least every two years.

There are a number of virus and malware entries listed in this database where specific removal instructions haven't been given. If this is the case then you could try ComboFix, a program written by sUBs that can remove many different types of Trojans and Worms. See here for a tutorial on how to use the program.

NOTE: A number of entries are repeated due to the way that different operating systems display startup items. For example, WinMe lists "POPROXY.EXE" as "Norton eMail Protect" in both MSCONFIG and the registry whereas WinXP lists it as "Poproxy" in MSCONFIG and "Norton eMail Protect" in the registry.

SERVICES: "Services" from the Windows 8/7/Vista/XP/2K/NT operating systems are not included. We fully understand that some programs with these OS's use "Services" as an alternative to load their component parts at startup but these are handled in a different way. We recommend you try BlackViper for information on services for the relevant operating systems.

Copyright

Presentation, format & comments Copyright © 2001 - 2017 Pacman's Portal
Portions Copyright © Peter Forrest, Denny Denham, Sylvain Prevost, Tony Klein, CastleCops & Bleeping Computer
Powered by Malwarebytes
All rights reserved

Valid XHTML 1.0 Transitional

Privacy Policy Site Map Home