Windows startup programs - Database search

Message Board

Windows startup programs - Database search

If you're frustrated with the time it takes your Windows 7/Vista/XP PC to boot and then it seems to be running slowly you may have too many programs running at start-up - and you have come to the right place to identify them. This is the original start-up programs (as opposed to processes/tasks) list - one of the most accurate and comprehensive. Services are not included - see below. For further information on this and how to identify and disable start-up programs please visit the Introduction page.

See here for further information on random entries - which are typically added by viruses and other malware or unwanted programs.

Last database update :- 31st May, 2013
32700 items listed

You can search for any of the following terms to find and display entries in the start-up programs database but the minimum search is 3 characters and you must click on the "Search" button. Results are sorted by the Startup Item/Name field.

From MSConfig (Start → Run → msconfig → Startup): Startup Item, Command
From Registry Editor (Start → Run → regedit): Name, Data
From SysInternals free AutoRuns utility: AutoRun Entry, Filename from "Image Path"
From Windows Defender for XP/Vista (Tools → Software Explorer): Display Name, Filename
O4 entries from Trend Micro's HijackThis or similar logging utilities: Text highlighted here - [this text] or here - "Startup: this text.lnk", Filename
Any other text

Alternatively, you can browse the full database (without the search facility) over a number of pages or you can use the alphabetical index below to list the entries for that letter by the Command/Data field, but the results may take longer to appear due to the number of them:

A | B | C | D | E | F | G | H | I | J | K | L | B | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

NOTE: Searching for common words (i.e. "the" or "where") will mean the results take longer to appear due to the number of them.

Please click on the Search button

380 results found for O

Startup Item or Name	Status	Command or Data	Description	Tested
My Essentials Wireless USB Utility	U	O-Maxwcui.exe	Belkin My Essentials Wireless USB Utility	No
QH Office 2K Check	Y	O2KCHECK.EXE	Part of older versions of the range of internet security products from Quick Heal - including Total Security, Internet Security and AntiVirus. MS Office 2000 documents virus scanner	No
91DUNMQUUVU3	X	O4QFE7WZ.exe	Detected by Malwarebytes Anti-Malware as Trojan.Zbot.AI. The file is located in %AppData%	No
O5FQ2FQ0BNX8.exe	X	O5FQ2FQ0BNX8.exe	Detected by Dr.Web as Trojan.PWS.Banker1.5290 and by Malwarebytes Anti-Malware as Trojan.Banker	No
s4u9	X	o6jv.exe	Detected by Kaspersky as Virus.Win32.Virut.ce and by Malwarebytes Anti-Malware as Trojan.Downloader. The file is located in %UserTemp%	No
fSEdRGXjP	X	O8sPp4MzL.exe	Detected by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %AppData%\38dPMFbXy - see here	No
oadaemon	?	oadaemon.exe	Background process that establishes connection with a C3-1000 scanner and watch general status of the device and for scanner button presses. Can it be started manually?	No
OADP Utility	U	OadpUtil.exe	Part of the Sabre computer reservations system/global distribution system (GDS) - used by airlines, railways, hotels, travel agents and other travel companies for reservations and ticketing. OADP is the Open Auxiliary Device Platform	No
oahstifr	Y	oahstifr.exe	Comes with HyperTextStudio. From the supplier - "The Osserver maintains the database for HyperText Studio projects - absolutely vital, it verifies all the links etc in a site. It runs as a service in NT, 2K and XP but needs to start up in Win 9.x so you'll see a DOS box for a short while during boot up."	No
OAKSTART	U	OAKSTART.EXE	Sets the spindown timeout and access speeds at startup and displays a splash screen for CD-RW.	No
OAKTASK	N	OAKTASK.EXE	Taskbar utility for a "control panel" for a CD-RW	No
Winsocks2 drivers	X	OAQI.EXE	Detected by Malwarebytes Anti-Malware as Trojan.FakeMS. The file is located in %System%	No
McAfee VirusScan	Y	oasclnt.exe	On-access real-time scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files for malware as you access, create, copy or download them	Yes
OASClnt	Y	oasclnt.exe	On-access real-time scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files for malware as you access, create, copy or download them	Yes
@OnlineArmor GUI	Y	oaui.exe	System Tray access to and main user interface for the Online Armor range of security tools from Tall Emu Pty Ltd (now Emsi Software GmbH). The free version incorporates a firewall, limited startup manager, tamper protection and keylogger detection whilst paid versions add features such as a mail/web shield, phishing filter and anti-malware	Yes
oaui	Y	oaui.exe	System Tray access to and main user interface for the Online Armor range of security tools from Tall Emu Pty Ltd (now Emsi Software GmbH). The free version incorporates a firewall, limited startup manager, tamper protection and keylogger detection whilst paid versions add features such as a mail/web shield, phishing filter and anti-malware	Yes
Online Armor Firewall	Y	oaui.exe	System Tray access to and main user interface for the Online Armor range of security tools from Tall Emu Pty Ltd (now Emsi Software GmbH). The free version incorporates a firewall, limited startup manager, tamper protection and keylogger detection whilst paid versions add features such as a mail/web shield, phishing filter and anti-malware	Yes
OnlineArmor GUI	Y	oaui.exe	System Tray access to and main user interface for the Online Armor range of security tools from Tall Emu Pty Ltd (now Emsi Software GmbH). The free version incorporates a firewall, limited startup manager, tamper protection and keylogger detection whilst paid versions add features such as a mail/web shield, phishing filter and anti-malware	No
OB Updater	X	ob.exe	Added by the AGOBOT-IH WORM!	No
MSConfig	X	obgtylem.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent.Gen. The file is located in %UserProfile%	No
Stardock ObjectBar	U	ObjectBar.exe	ObjectBar from Stardock Corporation - "allows users to create their own custom Start bars, finders, pop-up menus, program launchers, wharfs, docks, etc." Required if you want to use the custom ObjectBar theme features	Yes
Stardock ObjectBar Shareware	U	ObjectBar.exe	ObjectBar from Stardock Corporation - "allows users to create their own custom Start bars, finders, pop-up menus, program launchers, wharfs, docks, etc." Required if you want to use the custom ObjectBar theme features. This is the Windows Defender entry	Yes
ObjectDock Plus	U	ObjectDock.exe	ObjectDock Plus from Stardock Corporation - "Organize your shortcuts, programs and running tasks into an attractive and fun animated dock." Required if you want to use standard or custom shortcuts on the dock	No
Stardock ObjectDock	U	ObjectDock.exe	ObjectDock from Stardock Corporation - "Organize your shortcuts, programs and running tasks into an attractive and fun animated dock." Required if you want to use standard or custom shortcuts on the dock	Yes
ObjectKernel	X	objectpsilog.exe	Added by the TRITE-A WORM!	No
Object_Inside.exe Nacional	X	Object_Inside.exe	Detected by Kaspersky as Trojan-Downloader.Win32.Agent.ekmq	No
Stardock ObjectBar	U	OBJECT~1.EXE	ObjectBar from Stardock Corporation - "allows users to create their own custom Start bars, finders, pop-up menus, program launchers, wharfs, docks, etc." Required if you want to use the custom ObjectBar theme features. This is the XP MSConfig entry	Yes
Stardock ObjectBar Shareware	U	OBJECT~1.EXE	ObjectBar from Stardock Corporation - "allows users to create their own custom Start bars, finders, pop-up menus, program launchers, wharfs, docks, etc." Required if you want to use the custom ObjectBar theme features. This is the Vista/7 MSConfig entry	Yes
Stardock ObjectDock	U	OBJECT~1.EXE	ObjectDock from Stardock Corporation - "Organize your shortcuts, programs and running tasks into an attractive and fun animated dock." Required if you want to use standard or custom shortcuts on the dock	Yes
objtjprx	?	objtjprx.exe	??	No
Обнови Софт	N	ObnoviSoft.exe	Obnovi Soft by AnVir Software - Russian software update manager	No
ccApp	X	Obsorb.exe	Detected by Symantec as Trojan.Obsorb	No
NavScan	X	Obsorb.exe	Detected by Symantec as Trojan.Obsorb	No
obsver	?	obsver.exe	Part of LingoWare translating software - what does it do and is it required?	No
MSConfig	X	obyipiwb.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %UserProfile%	No
OCAudioIni	N	OCAudioIni.exe	One-click Audio Converter - allows you to convert files of multiple audio formats right from Windows Explorer	No
OWCCardbusTray	U	ocbtray.exe	Icon in the system tray for safely removing PCMCIA cards. Only required if you have a laptop or desktop which includes a PCMCIA card interface	No
OneClean	X	ocleanupdate.exe	OneClean rogue security software - not recommended, removal instructions here	No
ocraware	N	ocraware.exe	Optical Character Recognition (OCR) software as part of OmniPage Limited Edition - supplied with some scanners. Scan directly into most word processor applications, such as Word, WordPerfect, etc. Available via Start → Programs	No
Octoshape Streaming Services	U	OctoshapeClient.exe	Octoshape Internet media delivery software - as used by customers such as CNN, Deutsche Welle and NASCAR	No
Oil Change	N	OCTray32.exe	From CyberMedia/Network Associates. Checks for updates to software installed on your PC. Available via Start → Programs	No
ocx32	X	ocx32.exe	Added by the ASTEF or RESPAN WORMS!	No
Run32dll	X	ocxdll.exe	Added by an unidentified VIRUS, WORM or TROJAN!	No
OCXUPDT32	X	ocxupdt32.exe	Added by the AGOBOT-IF WORM!	No
od-matrxx	X	od-matrxx.exe	Adult dialler - xx can be any number	No
od-stndxx	X	od-stndxx.exe	Adult dialler - xx can be any number	No
od-teenxx	X	od-teenxx.exe	Adult dialler - xx can be any number	No
odby	X	odb.exe	Detected by McAfee as Generic Dropper.nu and by Malwarebytes Anti-Malware as Trojan.Krypt	No
Public Microsoft ODBC	X	ODBC32.exe [ = random char]	Detected by Trend Micro as WORM_MASLAN.D	No
Win32 Services	X	odbc32.exe	Added by the SPYBOT-EK WORM!	No
Cn911	X	ODBCJET.exe	Added by the BIFROSE-PR TROJAN!	No
ODBCJET	X	ODBCJET.exe	Added by the DLOADR-ATS TROJAN!	No
odnex	X	odbns.exe	Added by the AGENT-MPM TROJAN!	No
odnexy	X	odbnsy.exe	Added by the VESLORUKI.DWJ TROJAN!	No
Services Start2	X	odcwinst.exe	Added by the PYSKE-D WORM!	No
oddworldz.exe	X	oddworldz.exe	Added by the MULTIDR-EG TROJAN!	No
Odebit Multimedia V2	N	Odebit.exe	Odébit Multimedia - free French multimedia player giving access to the best of television, videos, radio, games and chat	No
Odebit Multimedia V3	N	Odebit.exe	Odébit Multimedia - free French multimedia player giving access to the best of television, videos, radio, games and chat	No
Odebit Multimedia V3 - Services	N	Odebit.exe	Odébit Multimedia - free French multimedia player giving access to the best of television, videos, radio, games and chat	No
EDJHO	X	odfox32A.exe	Detected by Malwarebytes Anti-Malware as Trojan.Downloader. The file is located in %System%	No
Microsoft Sinsup	X	odjiwjf.exe	Added by the RBOT-DN WORM!	No
Odkurzacz-MCD	N	odk_mcd.exe	Odkurzacz - Polish system cleaning utility	No
ODNBSTART	X	ODNE.EXE	Detected by Malwarebytes Anti-Malware as Adware.K.ShoppingAd. The file is located in %AppData%\shoppingad	No
odne_84	X	odne.exe	Detected by Malwarebytes Anti-Malware as Adware.K.ShoppingAd. The file is located in %AppData%\shoppingad	No
Odometer	N	Odometer.EXE	Mouse odometer - tracks how far your pointer/arrow has traveled on the screen. Shortcut available	No
TVBroadcast	U	ODSBCApp.exe	Part of the Tvcentral, AbsolutTV and VistaTV multimedia utilities for TV cards from Sceneo	No
ODSPConfig	U	ODSPConfig.exe	DsktopSurveil surveillance software. Uninstall this software if you did not install it yourself	No
OdTray.exe	U	OdTray.exe	System Tray access to Odyssey Access Client software from Juniper Networks, Inc (formerly by Funk Software) - which "delivers secure connectivity for global enterprises and government agencies through uncompromised login credentials and quick, easy deployment"	No
HotbarOE	X	OEAddOn.exe	Hotbar adware	No
SeekmoOE	X	OEAddOn.exe	Seekmo Search Assistant adware	No
SpamBlockerUtilityOE	X	OEAddOn.exe	Spam Blocker Utility adware by the people who provide the Hotbar adware	No
ZangoOE	X	OEAddOn.exe	Zango Search Assistant adware	No
System	X	OeApi.vbs	Detected by McAfee as VBS/Agui	No
Oeloader	X	Oeloader.exe	Xupiter OrbitExplorer toolbar related. Drive-by foistware. Use Malwarebytes, Spybot S&D, Ad-Aware or similar to detect and remove and to prevent it re-installing in the future	No
OEM02Mon.exe	U	OEM02Mon.exe	Creative Live! Cam Console Auto Launcher. You can use the console to toggle Face Tracking ON and OFF, adjust brightness, contrast, colour, burst rate, gain, etc	No
OEM03Mon.exe	U	OEM03Mon.exe	Creative Live! Cam Console Auto Launcher. You can use the console to toggle Face Tracking ON and OFF, adjust brightness, contrast, colour, burst rate, gain, etc	No
OEM04Mon.exe	U	OEM04Mon.exe	Creative Live! Cam Console Auto Launcher. You can use the console to toggle Face Tracking ON and OFF, adjust brightness, contrast, colour, burst rate, gain, etc	No
OEM05Mon.exe	U	OEM05Mon.exe	Creative Live! Cam Console Auto Launcher. You can use the console to toggle Face Tracking ON and OFF, adjust brightness, contrast, colour, burst rate, gain, etc	No
OEM07Mon.exe	U	OEM07Mon.exe	Creative Live! Cam Console Auto Launcher. You can use the console to toggle Face Tracking ON and OFF, adjust brightness, contrast, colour, burst rate, gain, etc	No
OEM08Mon.exe	U	OEM08Mon.exe	Creative Live! Cam Console Auto Launcher. You can use the console to toggle Face Tracking ON and OFF, adjust brightness, contrast, colour, burst rate, gain, etc	No
NeuroSpeech OESpeaker	N	OEMonitor.exe	Part of OESpeaker - a program that allows you to listen to long E-mails instead of reading them in Outlook Express. OEMonitor.exe checks whether OE is open or not	No
OEMCLEANUP	N	oemreset.exe	Resets OEM installation settings at bootup. Not required unless you're new to PC's	No
OEMReset	N	OEMReset.exe	Resets OEM installation settings at bootup. Not required unless you're new to PC's	No
OEMRUNONCE	U	oemrun.exe	Windows Millennium file - used by setup when installing the OEM 'express' version of the operating system. Uncheck after setup has finished	No
oeprsrv	Y	oeprsrv.exe	Outlook Express Privacy - which "lets you control access to Outlook Express and its email message database. When you enable protection, the program disables access to the message database and address book files. As a result, when you open Outlook Express or Windows Address Book, a password will be asked for authentication." If protection within the program is enabled and this entry is disabled Outlook Express will fail to run	Yes
oeprsrv.exe	Y	oeprsrv.exe	Outlook Express Privacy - which "lets you control access to Outlook Express and its email message database. When you enable protection, the program disables access to the message database and address book files. As a result, when you open Outlook Express or Windows Address Book, a password will be asked for authentication." If protection within the program is enabled and this entry is disabled Outlook Express will fail to run	Yes
oepsrv	Y	oepsrv.exe	Outlook Express Protector from Ixis Research, Ltd - which is "designed for controlling access to Outlook Express and its e-mail and address data bases. Outlook Express Protector does not encrypt protected files and folders, however no programs can get access to them when the program is active." If protection within the program is enabled and this entry is disabled Outlook Express will fail to run	Yes
oepsrv.exe	Y	oepsrv.exe	Outlook Express Protector from Ixis Research, Ltd - which is "designed for controlling access to Outlook Express and its e-mail and address data bases. Outlook Express Protector does not encrypt protected files and folders, however no programs can get access to them when the program is active." If protection within the program is enabled and this entry is disabled Outlook Express will fail to run	Yes
KASP	U	OESpamTest.exe	Kaspersky Anti-Spam	No
OESpamTest	U	OESpamTest.ExE	Kaspersky Anti-Spam	No
oe_drop_spam	X	oesrv.exe	Detected by McAfee as Adware-DropSpam	No
oessrv	Y	oessrv.exe	Outlook Express Security - which is used "to control access to Outlook Express and its databases. When it is active, Outlook Express becomes locked and no third-party programs can access its message base files and the address book. As a result, when you try to start Outlook Express, open the address book or access the files, a password will be asked to allow access." If protection within the program is enabled and this entry is disabled Outlook Express will fail to run	Yes
oessrv.exe	Y	oessrv.exe	Outlook Express Security - which is used "to control access to Outlook Express and its databases. When it is active, Outlook Express becomes locked and no third-party programs can access its message base files and the address book. As a result, when you try to start Outlook Express, open the address book or access the files, a password will be asked to allow access." If protection within the program is enabled and this entry is disabled Outlook Express will fail to run	Yes
OfferBox	N	OfferBox.exe	OfferBox "personal shopping assistant that gathers the best offers and discounts helping users from France, Italy, Spain and soon Brazil save money on their online shopping"	No
Offer Companion	X	offers.exe	Adware	No
Offers	X	offers.exe	Adware	No
dark	X	Office.EXE	Added by the BANLOAD.GW TROJAN!	No
Installed shell32.dll	X	Office.exe	Detected by Trend Micro as WORM_LOVGATE.E	No
Office	X	Office.exe	Detected by Kaspersky as Trojan-Spy.Win32.Kraimer.12	No
Office2014	X	office.exe	Detected by Malwarebytes Anti-Malware as Backdoor.XTRat. The file is located in %AppData%\Office2014	No
SVCSHOST	X	office.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %UserTemp%	No
SVCSHOST	X	office.exe	Detected by Dr.Web as Trojan.DownLoader6.49249. The file is located in %WinTemp%	No
Installed shell32.dll	X	Office.exe...	Added by the LOVGATE.AO WORM!	No
MS Office	X	Office10.exe	Detected by Microsoft as PWS:Win32/VB.DT	No
MS Office1 Startup	X	OfficeGUI1.exe	Added by the RBOT.BWR WORM!	No
OfficeQuickAccess	X	OfficeHost.vbs	Added by the PEXMOR WORM!	No
Microsoft Update	X	officeinstl.exe	Added by the GOFMICE-A TROJAN!	No
FacebookUpdate	X	OfficeTools.exe	Detected by Dr.Web as Trojan.DownLoader5.63224	No
Office Update	X	OfficeUpdate.exe	Detected by Sophos as W32/Malas-J. Note - this entry loads from the Windows Startup folder	No
Microsoft OfficeXP	X	officeXP.exe	Added by the KILLAV.MA WORM!	No
OFFICEXP	X	OFFICEXP.exe	Added by the WOOTBOT.HE WORM!	No
OfficeWord Monitors	X	Offlce.exe	Added by the IRCBOT.JZ TROJAN!	No
OfflineFileSync	U	OfflineFileSyn.exe	Offline synchronization part of ZANTAZ EAS (Enterprise Archive Solution) - which "is a secure, scalable set of tools for managing the enormous amounts of 'unstructured information' held in corporate e-mails, files and SharePoint content"	No
Office Mail	U	off_mail.exe	Office Mail from Burrotech Ltd - "complete email solution for small/medium businesses, homes, schools and colleges. It is a small email server which forms the perfect gateway between your internal and external email"	No
Microsoft Security Monitor Process	X	ofice.exe	Added by the VIRUT.N VIRUS!	No
OfficeGuard RegChecker	Y	ogrc.exe	Part of an older version of Kaspersky Anti-Virus from Kaspersky Labs	No
ogrc	Y	ogrc.exe	Part of an older version of Kaspersky Anti-Virus from Kaspersky Labs	No
OmniHTTPd	U	ohttpd.exe	OmniHTTPd web server from Omnicron	No
OIM	?	oim.exe	Related to the O2 (was "genie") mobile phone service. What does it do and is it required?	No
ynujv56vx6f5wodt7m1cc2zbvssd2x03ss	X	oiygbhsl.exe	Detected by Dr.Web as Trojan.DownLoader9.10951	No
jgwmfrrq	X	okbjvsmh.exe	Detected by Malwarebytes Anti-Malware as Trojan.Downloader.FW. The file is located in %LocalAppData%	No
OKI LPR Utility	U	okilpr.exe	OKI printer utility	No
OKMaster	X	OKMaster.exe	OKToolbar adware	No
Ci Servs	X	oldbi.exe	Added by the AUTORUN-BNA WORM!	No
Ci Servs	X	oldbin.exe	Added by the DWNLDR-IOZ TROJAN!	No
Wbdsjjxcax	X	ole2V.exe	Detected by Malwarebytes Anti-Malware as Adware.SanctionedMedia. The file is located in %System%	No
OleLoader	X	ole32.exe	Added by the DELF.BR TROJAN!	No
OLE Automation Server	X	ole32aut.vbe	CoolWebSearch parasite variant	No
Windows OLE Automation Server	X	ole32aut.vbe	CoolWebSearch parasite variant	No
Ole33_dll.task	X	Ole33_dll.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %System%	No
oleaccrc	X	oleaccrc.exe	Adware - detected by Kaspersky as the AGENT.AM TROJAN!	No
Windows Explorer	X	olecom32.exe	Added by an unidentified WORM or TROJAN!	No
olehelp	X	olehelp.exe	Added by the BOOKMARKER.D or BOOKMARKER.G TROJANS!	No
svchost	X	olehelp.exe	Added by the BOOKMARKER.G TROJAN!	No
Devices	U	olesvr.exe	Part of an older version of Salfeld's Child Control parental control software	No
olesvr	U	olesvr.exe	Part of an older version of Salfeld's Child Control parental control software	No
Win Update	X	oleupdate.exe	Detected by Sophos as Troj/Agent-UY	No
Symantec Fax Starter Edition Port	N	OLFSNT40.EXE	Offers a virtual printer as a fax machine. Can be run via a desktop shortcut	No
cdoosoft	X	olhrwef.exe	Added by the AUTORUN-AAG WORM!	No
olpr	X	olpr.exe	Added by the DWNLDR-GWQ TROJAN!	No
OLPSYNCH	N	OlpSynch.exe	Related to Offline Course Player from Element K Corp. Provider of the Technology, Compliance, Management and Business training content for effective programs	No
Microsoft Update 32	X	om4r.exe	Added by the RBOT-AQP WORM!	No
Omega AntiVir	X	OM83b.exe	Omega AntiVir rogue security software - not recommended, removal instructions here	No
{----**}	X	omdsregk.exe	ZenoSearch adware variant where ** are random characters	No
Omf4	X	OMF4.EXE	Added by the FREEMEGA TROJAN!	No
Microsoft Machinex	X	omgs.exe	Added by the RBOT.FCL BACKDOOR!	No
OmgStartup	N	omgstartup.exe	Sony program called OpenMG Jukebox - player and music organizer	No
Prelaunch OmniPage	N	OmniPage17.exe	Pre-launches parts of OmniPage version 17 from Nuance into memory. It may help if you don't have recent PC but otherwise shouldn't be needed	No
OmniPage Preload	N	OmniPage18.exe	Pre-launches parts of OmniPage version 18 from Nuance into memory. It may help if you don't have recent PC but otherwise shouldn't be needed	No
Windows SA	X	omniscient.exe	BLAZEFIND adware	No
Tdrb	X	ompa.exe	PurityScan adware	No
Office Mail Alerter	U	om_Alerter.exe	Office Mail Alerter - "alert Office Mail users when they receive new emails" via a System Tray icon	No
OnAccess	U	onaccess.exe	On access scanner function of eAcceleration Stop-Sign security software - previously not recommended (see here). It has now been delisted, so make sure you have the latest version - hence the "U" recommendation	No
Eye Tide Launcher	N	oneeyetideone.exe	Nascar wallpaper	No
Iniciador rápido de Microsoft Office OneNote 2003	N	ONENOTEM.EXE	System Tray access to MS Office OneNote 2003 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY combinations - such as WINDOWS KEY+N (new Side Note) and WINDOWS KEY+S (insert screen grab into a note). Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when needed. Spanish or Portuguese version	No
Microsoft Office OneNote	N	ONENOTEM.EXE	System Tray access to MS Office OneNote 2003 & 2007 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY combinations - such as WINDOWS KEY+N (new Side Note - 2007 only) and WINDOWS KEY+S (insert screen grab into a note). Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when needed	Yes
Microsoft Office OneNote 2003 Quick Launch	N	ONENOTEM.EXE	System Tray access to MS Office OneNote 2003 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY+S key combination to insert screen grab into a note. Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when needed	Yes
OneNote 2007 - Capture d'écran et lancement	N	ONENOTEM.EXE	System Tray access to MS Office OneNote 2007 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY combinations - such as WINDOWS KEY+N (new Side Note) and WINDOWS KEY+S (insert screen grab into a note). Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when needed. French version	No
OneNote 2007 Bildschirmausschnitt- und Startprogramm	N	ONENOTEM.EXE	System Tray access to MS Office OneNote 2007 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY combinations - such as WINDOWS KEY+N (new Side Note) and WINDOWS KEY+S (insert screen grab into a note). Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when needed. German version	No
OneNote 2007 -näyttöleikkeet ja Launcher	N	ONENOTEM.EXE	System Tray access to MS Office OneNote 2007 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY combinations - such as WINDOWS KEY+N (new Side Note) and WINDOWS KEY+S (insert screen grab into a note). Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when needed. Finnish version	No
OneNote 2007 Screen Clipper and Launcher	N	ONENOTEM.EXE	System Tray access to MS Office OneNote 2007 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY combinations - such as WINDOWS KEY+N (new Side Note) and WINDOWS KEY+S (insert screen grab into a note). Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when needed	Yes
OneNote 2010 - Capture d'écran et lancement	N	ONENOTEM.EXE	System Tray access to MS Office OneNote 2010 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY combinations - such as WINDOWS KEY+N (new Side Note) and WINDOWS KEY+S (insert screen grab into a note). Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when needed. French version	No
OneNote 2010 Bildschirmausschnitt- und Startprogramm	N	ONENOTEM.EXE	System Tray access to MS Office OneNote 2010 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY combinations - such as WINDOWS KEY+N (new Side Note) and WINDOWS KEY+S (insert screen grab into a note). Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when needed	No
OneNote 2010 Screen Clipper and Launcher	N	ONENOTEM.EXE	System Tray access to MS Office OneNote 2010 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY combinations - such as WINDOWS KEY+N (new Side Note) and WINDOWS KEY+S (insert screen grab into a note). Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when needed	No
Recorte de pantalla e Inicio rápido de OneNote 2007	N	ONENOTEM.EXE	System Tray access to MS Office OneNote 2007 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY combinations - such as WINDOWS KEY+N (new Side Note) and WINDOWS KEY+S (insert screen grab into a note). Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when needed. Spanish version	No
Recorte de tela e Iniciador do OneNote 2007	N	ONENOTEM.EXE	System Tray access to MS Office OneNote 2007 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY combinations - such as WINDOWS KEY+N (new Side Note) and WINDOWS KEY+S (insert screen grab into a note). Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when needed. Portuguese version	No
Ritaglio schermata e avvio di OneNote 2007	N	ONENOTEM.EXE	System Tray access to MS Office OneNote 2007 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY combinations - such as WINDOWS KEY+N (new Side Note) and WINDOWS KEY+S (insert screen grab into a note). Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when needed. Italian version	No
Ritaglio schermata e avvio di OneNote 2010	N	ONENOTEM.EXE	System Tray access to MS Office OneNote 2010 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY combinations - such as WINDOWS KEY+N (new Side Note) and WINDOWS KEY+S (insert screen grab into a note). Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when needed. Italian version	No
onescanS	X	onescanU.exe	OneScan rogue security software - not recommended	No
OneStep Search Service	X	onestep.exe	OneStep adware	No
onestep	X	onestepe.exe	Added by the UDDO-C MALWARE!	No
CP4HPOT	U	OneTouch.EXE	Supports the additional multimedia keys on HP/Compaq laptops which give single button press access to standard functions such as Mail, Search, Internet, Quick Lock and Help and Support or user programmed alternatives. Required if you use these additional keys	No
MaxtorOneTouch	U	OneTouch.exe	Maxtor OneTouch Hard Drives/OneTouch Family hard disk backup software	No
QT4HPOT	U	OneTouch.EXE	Supports the additional multimedia keys on HP/Compaq laptops which give single button press access to standard functions such as Mail, Search, Internet, Quick Lock and Help and Support or user programmed alternatives. Required if you use these additional keys	Yes
OneTouch Monitor	N	OneTouchMon.exe	For Visioneer OneTouch scanners. System tray access to the control panel for the scanner	No
One Touch Monitor	N	OneTouchMonitor.exe	For Visioneer OneTouch scanners. System tray access to the control panel for the scanner	No
ONETOU~2	N	OneTouchMonitor.exe	For Visioneer OneTouch scanners. System tray access to the control panel for the scanner	No
OneTouchMonitor	N	OneTouchMonitor.exe	For Visioneer OneTouch scanners. System tray access to the control panel for the scanner	No
One Touch Monitor	N	ONETOU~2.EXE	For Visioneer OneTouch scanners. System tray access to the control panel for the scanner	No
ONETOU~2	N	ONETOU~2.EXE	For Visioneer OneTouch scanners. System tray access to the control panel for the scanner	No
OneTouchMonitor	N	ONETOU~2.EXE	For Visioneer OneTouch scanners. System tray access to the control panel for the scanner	No
Onflow	X	onflow.exe	Onflow is a internet company that offers an online advertising program. Not required - uninstall	No
OnfolioStorage	U	onfserv.exe	Onfolio was a "complete solution for collecting, organizing and sharing online content." After Microsoft acquired Onfolio and incorporated it into Windows Live Toolbar it was subsequently discontinued	No
Windows Volume Control	X	ongsvc.exe	Added by the SLENFBOT.DZ WORM!	No
Cleanup	N	ONICTASK.EXE	Internet Cleanup from Allume Systems (used to be by OnTrack) - cleans up tracks left by browsing the internet	No
@BackupScheduler	U	OnlineBackup.exe	Web-based file sharing and file storage for backup protection from SwapDrive, Inc - now acquired by Symantec and rebranded and released as Norton Online Backup	No
OnlineGuard	X	OnlineGuard.exe	OnlineGuard rogue security software - not recommended, removal instructions here	No
OnlineTime	N	onlinetime.exe	OnlineTimer - monitors your Windows dial-up network and logs the time you spend online as well as the resulting costs	No
onlinevaccinestart.exe	X	onlinevaccinestart.exe	Detected by Malwarebytes Anti-Malware as Rogue.K.OnlineVaccine. The file is located in %ProgramFiles%\onlinevaccine	No
online_party	X	online_party.exe	Adult content dialler	No
Online News Screensaver	U	onsagent.exe	Online News Screensaver - "a unique and informative screensaver tool that delivers the latest news and weather forecast right to the screen of your computer"	No
OnSrvr	X	OnSrvr.exe	OnWebMedia adware	No
onBar	X	onupdate.exe	Detected by McAfee as Generic.dx!vcc and by Malwarebytes Anti-Malware as Adware.OnBar	No
ooccctrl.exe	U	ooccctrl.exe	CleverCache by O&O Software Gmbh - "optimizes your file cache management in Windows. This results in an enormous performance boost, sometimes doubling your original system speed without any additional hardware purchases or restrictions to your system's stability"	No
Uate	X	oocs.exe	PurityScan adware	No
DriveLED	U	OODLed.exe	O&O DriveLED - hard disk monitoring and crash prevention	No
OODefragTray	U	oodtray.exe	System Tray access to O&O Defrag disk defragmentation software	No
Store Thread WLAN Error Files Human	X	oofssrlzrjr.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent.BL. The file is located in %System%	No
OOLHELPT	?	OOLHELPT.exe	??	No
RUNDL32	X	oooooooo.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %Windir%	No
Oops!Backup	U	OopsBackup.exe	Oops!Backup backup software by Altaro - "not only allows you to bring back lost, deleted or misplaced files. It also allows you to view past changes made to those files and to undo or adopt those changes"	Yes
OopsBackup	U	OopsBackup.exe	Oops!Backup backup software by Altaro - "not only allows you to bring back lost, deleted or misplaced files. It also allows you to view past changes made to those files and to undo or adopt those changes"	Yes
OopsBackup.Manager	U	OopsBackup.exe	Oops!Backup backup software by Altaro - "not only allows you to bring back lost, deleted or misplaced files. It also allows you to view past changes made to those files and to undo or adopt those changes"	Yes
OOTag	N	OOTag.exe	Related to the "out-of-box experience" (OOBE) on new Windows installations. Typically used by computer suppliers to display product information, upgrades, offers or a tour on the first run of a new system	No
ooVoo	N	oovoo.exe	System Tray access to the ooVoo free video chat utility - "you can connect with anyone, anytime, with video calls, video messages, phone calls, text and more. Use ooVoo to get face time with people you can't meet in person". You can also share desktops, phone mobiles/landline, text chat and send large files	Yes
oovoo.exe	N	oovoo.exe	System Tray access to the ooVoo free video chat utility - "you can connect with anyone, anytime, with video calls, video messages, phone calls, text and more. Use ooVoo to get face time with people you can't meet in person". You can also share desktops, phone mobiles/landline, text chat and send large files	Yes
MSConfig	X	ooxwiuhj.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %UserProfile%	No
OpAgent	U	OpAgent.exe	Part of Nuance (was Scansoft) OmniPage document conversion software	No
Aaep	X	opar.exe	PurityScan/Clickspring adware	No
RealtekEnhed	X	Opdatere.exe	Detected by Malwarebytes Anti-Malware as Trojan.MSIL. The file is located in %AppData%	No
Shell	X	Open32.exe	Added by the SMALL-DL TROJAN!	No
OpenDNS Update	U	OpenDNS Updater.exe	Updater for OpenDNS which "is a free service that works for networks of all sizes, from home networks to K-12 schools, SMBs and large enterprises". Automatically updates your OpenDNS account when your IP address changes and should be allowed to run if you use their Dashboard features	No
OpenDNS Updater	Y	OpenDNSUpdater.exe	Updater for OpenDNS - "the leading provider of Internet security and DNS services". "The OpenDNS Updater will run in your system tray and send updates to your account whenever your IP address changes. This will help ensure that your system preferences are applied to your network at all times"	No
424a10bb12946b2402a59646e761fbc7	X	Opengel32.exe	Detected by Malwarebytes Anti-Malware as Backdoor.Bot. The file is located in %UserTemp%	No
Local Area Network	X	OpenGL.exe	Added by a variant of the RBOT WORM!	No
Graphic Update	X	openglx.exe	Added by the IRCBOT.AMU WORM!	No
ccwPin	X	openS.exe	Added by the DELF-AJE TROJAN!	No
Open Site	X	opensite.exe	OpenSite adware	No
[various names]	X	openstre.exe	Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page	No
Opentab	X	Opentab.exe	Detected by Malwarebytes Anti-Malware as Adware.OpenTab. The file is located in %AppData%\Opentab	No
Opentab	X	Opentab.exe	Detected by McAfee as Generic.bfr!de and by Malwarebytes Anti-Malware as Adware.OpenTab. The file is located in %ProgramFiles%\Opentab	No
Opentabhper	X	Opentabhper.exe	Detected by Malwarebytes Anti-Malware as Adware.K.OpenTab. The file is located in %AppData%\Opentab	No
Opentabhper	X	Opentabhper.exe	Detected by McAfee as Generic.bfr!de and by Malwarebytes Anti-Malware as Adware.K.OpenTab. The file is located in %ProgramFiles%\Opentab	No
Opentabup	X	opentabup.exe	Detected by Malwarebytes Anti-Malware as Adware.K.OpenTab. The file is located in %AppData%\opentab	No
Opentabup	X	opentabup.exe	Detected by McAfee as Generic.bfr!de and by Malwarebytes Anti-Malware as Adware.K.OpenTab. The file is located in %ProgramFiles%\Opentab	No
OpenTalk	N	OpenTalk.exe	OpenTalk - free video and voice conferencing software application that allows you to talk to up to 100 friends in a chat room, using your headset microphone and a Webcam	No
openv	X	openv.exe	Detected by Sophos as Troj/Agent-AAGS and by Malwarebytes Anti-Malware as Trojan.Agent.OPV	No
openvpn-gui	U	openvpn-gui.exe	"OpenVPN is a full-featured SSL VPN solution which can accomodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls"	No
msinfo32msinfo325.1.2600.0.0108171148	X	operatingmsinfo32.exe	Added by the TRITE-A WORM!	No
SAPISVR5SAPISVR5	X	operatingsapi5.exe	Added by the TRITE-A WORM!	No
Open Service Drivers	X	opiater.exe	Added by a variant of Win32/Rbot. The file is located in %System%	No
OpiStat	X	OpiStat.exe	NetRatings Premeter spyware	No
LanguageMonitor	U	Oplmsb01.exe	OKI Printer language support monitor	No
Microsoft Update Machine	X	opmmve.exe	Added by the KOLABC.DES WORM!	No
Open Site	X	opnste.exe	OpenSite adware	No
Lastword	X	opomena.txt	Detected by ESET as Win32/Lastword	No
opr	X	opr.exe	MediaMotor adware	No
OpScheduler	U	OpScheduler.exe	Part of Nuance (was Scansoft) OmniPage document conversion software	No
opsql update check	X	opsql.exe	Added by the RBOT-ACJ WORM!	No
OptiCAL Startup	N	OptiCAL.exe	OptiCAL monitor calibration software from ColorVision for advanced amateurs, professionals, animation studios and prepress operations	No
DyFuCA	X	optimize.exe	Adult content dialler - see here	No
Internet Optimizer	X	optimize.exe	Internet Optimizer parasite - detected by Sophos as the DLUCA-G TROJAN and variants	No
Windows	X	Optimizer.exe	Detected by Sophos as Troj/Ransom-RM and by Malwarebytes Anti-Malware as Trojan.Agent.WNO	No
OPTMOUSEMOUSE	U	optmouse.exe	Related to a Samsung optical mouse	No
Optimizer Pro	N	OptProLauncher.exe	Optimizer Pro optimization utility by PC Utilities Pro	No
optserve	X	optserve.exe	Optserve adware	No
OptusNetUsage	U	OptusNet Usage Meter.exe	Designed specifically for OptusNet users who wish to have their connection monitored on a frequent basis. It can also estimate when you are going to hit your usage limit, and how far over your suggested limit you should be	No
Opware12	N	Opware12.exe	OmniPage from Nuance (was Scansoft) - version 12. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start → Programs	No
Opware14	N	Opware14.exe	OmniPage from Nuance (was Scansoft) - version 14. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start → Programs	No
Opware15	N	Opware15.exe	OmniPage from Nuance (was Scansoft) - version 15. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start → Programs	No
OmniPage	N	Opware32.exe	Part of OmniPage from Nuance (was Scansoft) - "the fastest, easiest way to turn paper documents into digital files you can edit". Links Word, via OLE, with OmniPage. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page". Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is Available via Start → Programs	No
OpwareSE2	N	OpwareSE2.exe	Hardware bundled version of OmniPage from Nuance (was Scansoft). If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start → Programs	No
OpwareSE3	N	OpwareSE3.exe	Hardware bundled version of OmniPage from Nuance (was Scansoft). If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start → Programs	No
OpwareSE4	N	OpwareSE4.exe	Hardware bundled version of OmniPage from Nuance (was Scansoft). If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start → Programs	No
Agnitum Outpost	Y	op_mon.exe	System Tray access to and notifications for the Outpost range of security products from Agnitum Ltd - including Outpost Firewall Pro, Outpost Antivirus Pro and Outpost Security Suite Pro	Yes
Lavasoft Personal Firewall	Y	op_mon.exe	System Tray access to and notifications for Lavasoft Personal Firewall. Based upon the Outpost Firewall by Agnitum Ltd	Yes
lavasoftMonitor	Y	op_mon.exe	System Tray access to and notifications for Lavasoft Personal Firewall. Based upon the Outpost Firewall by Agnitum Ltd	Yes
op_mon	Y	op_mon.exe	System Tray access to and notifications for the Outpost range of security products from Agnitum Ltd - including Outpost Firewall Pro, Outpost Antivirus Pro and Outpost Security Suite Pro. Also used by Lavasoft Personal Firewall and Quick Heal Firewall	Yes
OutpostMonitor	Y	op_mon.exe	System Tray access to and notifications for the Outpost range of security products from Agnitum Ltd - including Outpost Firewall Pro, Outpost Antivirus Pro and Outpost Security Suite Pro	Yes
Quick Heal Firewall Pro	Y	op_mon.exe	System Tray access to and notifications for Quick Heal Firewall. Based upon the Outpost Firewall by Agnitum Ltd	Yes
Quick Heal Monitor	Y	op_mon.exe	System Tray access to and notifications for Quick Heal Firewall. Based upon the Outpost Firewall by Agnitum Ltd	Yes
Diam prlaer	X	oqedrhg.exe	Added by the SDBOT-DEU WORM!	No
Location Group Propagation Trap	X	oqnbojqbiewy.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %System%	No
OrangeV	X	OrangeV.exe	Detected by Dr.Web as Troj/DotNet-G and by Malwarebytes Anti-Malware as Backdoor.Bot	No
Orb	U	OrbTray.exe	Orb streaming software by Orb Networks Inc that enables users to remotely access all their personal digital media files including pictures, music, videos, webcams and television - also used by the Winamp Remote streaming service	No
orderShell	X	order***.exe [ = random char]	Added by the DLOADR-UN TROJAN!	No
office	X	order.exe	Detected by McAfee as W32/Hilin.worm and by Malwarebytes Anti-Malware as Trojan.Agent	No
OrderReminder	N	OrderReminder.exe	The HP Order Reminder utility is installed with the HP LaserJet printer software and allows you to set specific times for reminders to check the current level of toner in the print cartridge - it also contains an Order Now link to a Web page that helps you order supplies online from a reseller of your choice	No
order_Shell	X	order_***.exe [ = random letter]	Added by the AGENT.ARO TROJAN!	No
order_Shell	X	order_glsw.exe	Added by the DLOADR-KO TROJAN!	No
order_Shell	X	order_pgum.exe	Added by the AGENT-BSQ TROJAN!	No
order_Shell	X	order_smey.exe	Added by the BANKSNIF-H TROJAN!	No
orec32	U	orec32.exe	OnlineRecorder surveillance software that records Yahoo! and AOL instant messages, URLs in browsers, and keystrokes. Uninstall this software unless you put it there yourself	No
org5.exe	?	org5.exe	Lotus Organizer 5 application file, Lotus Organizer software. What does it do and is it required?	No
Orgasm	X	Orgasm.exe	Detected by Sophos as Dial/Porndial-C and by Malwarebytes Anti-Malware as Trojan.Dialer	No
OrgyCam	X	OrgyCam.exe	Adult content dialler	No
Microsoft Registry Startup Scan	X	oridedb.exe	Added by the SDBOT.AKX WORM!	No
Verdana	X	Origin.exe	Detected by Dr.Web as Trojan.DownLoader8.37134	No
proxim_orinoco_11abg	Y	orinoco.exe	Proxim ORiNOCO 11a/b/g PCI Card wireless configuration utility	No
Esph	X	ortu.exe	PurityScan adware	No
SystemRun	X	os.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %Windir%\Web	No
Windows Security Center Notification Applse	X	os.exe	Added by a variant of the RBOT-GLR WORM!	No
Microsoft Office	N	osa.exe	On older versions of MS Office this launches common Office components to help speed up the launch of Office programs. On slower machines it can be a resource hog and some users claim there's no difference with or without it - but it usually isn't required. This must be left enabled if you use the Microsoft Office Shortcut Bar (MSOFFICE.EXE) and have set it to load at startup. Available via Start → All Programs	Yes
Microsoft Office quick launch	X	OSA.exe	Added by the VBOT.A BACKDOOR! Note that OSA.exe was used in older versions of Office to launch common components to help speed up the launch but it is no longer normally used - see here. This file is located in a valid MS Office 2003 (aka Office 11) directory - %Program Files%\Microsoft Office\OFFICE11 - and may overwrite a valid file	No
Microsoft Office Startup	N	osa.exe	On older versions of MS Office this launches common Office components to help speed up the launch of Office programs. On slower machines it can be a resource hog and some users claim there's no difference with or without it - but it usually isn't required. This must be left enabled if you use the Microsoft Office Shortcut Bar (MSOFFICE.EXE) and have set it to load at startup. Available via Start → All Programs	No
Microsoft quick launch	X	OSA.exe	Added by a variant of the VBOT.A BACKDOOR! Note that OSA.exe was used in older versions of Office to launch common components to help speed up the launch but it is no longer normally used - see here. This file is located in a valid MS Office 2003 (aka Office 11) directory - %Program Files%\Microsoft Office\OFFICE11 - and may overwrite a valid file	No
Office Startup	N	osa.exe	On older versions of MS Office this launches common Office components to help speed up the launch of Office programs. On slower machines it can be a resource hog and some users claim there's no difference with or without it - but it usually isn't required. This must be left enabled if you use the Microsoft Office Shortcut Bar (MSOFFICE.EXE) and have set it to load at startup. Available via Start → All Programs	Yes
Microsoft Office	N	Osa9.exe	On older versions of MS Office this launches common Office components to help speed up the launch of Office programs. On slower machines it can be a resource hog and some users claim there's no difference with or without it - but it usually isn't required. This must be left enabled if you use the Microsoft Office Shortcut Bar (MSOFFICE.EXE) and have set it to load at startup. Available via Start → All Programs	Yes
Microsoft Office Startup	N	Osa9.exe	On older versions of MS Office this launches common Office components to help speed up the launch of Office programs. On slower machines it can be a resource hog and some users claim there's no difference with or without it - but it usually isn't required. This must be left enabled if you use the Microsoft Office Shortcut Bar (MSOFFICE.EXE) and have set it to load at startup. Available via Start → All Programs	No
Microsoft Utility Startup	N	OSA9.exe	On older versions of MS Office this launches common Office components to help speed up the launch of Office programs. On slower machines it can be a resource hog and some users claim there's no difference with or without it - but it usually isn't required. This must be left enabled if you use the Microsoft Office Shortcut Bar (MSOFFICE.EXE) and have set it to load at startup. Available via Start → All Programs	No
Office Startup	N	Osa9.exe	On older versions of MS Office this launches common Office components to help speed up the launch of Office programs. On slower machines it can be a resource hog and some users claim there's no difference with or without it - but it usually isn't required. This must be left enabled if you use the Microsoft Office Shortcut Bar (MSOFFICE.EXE) and have set it to load at startup. Available via Start → All Programs	No
Office SturtUp	X	osa9.exe	Added by the CLICKER-EC TROJAN! Note - this trojan is located in %Windir% and should not be confused with the Microsoft office program, located in %Program Files%\Microsoft Office\Office	No
Yo Mamma Osama Installer	U	osama.exe	Wnad adware	No
OscarEditor	U	OscarEditor.exe	A4Tech's X7 Oscar Editor mouse programming utility for their Oscar range of gaming mice	No
OscarX7Mouse5Mode	U	OscarEditor.exe	A4Tech's X7 Oscar Editor mouse programming utility for their Oscar range of gaming mice	No
NSWosCheck	U	osCheck.exe	Part of Symantec's now discontinued Norton SystemWorks security and utility suite. Checks at boot-time to see if you are still using the same OS as your last Windows session and terminates if you are. If Windows has been upgraded it will attempt to download the relevant updates for the new OS on the first reboot	Yes
osCheck	U	osCheck.exe	Part of older versions of Symantec's security products including Norton 360, Norton Internet Security, Norton AntiVirus and the now discontinued Norton SystemWorks suite. Checks at boot-time to see if you are still using the same OS as your last Windows session and terminates if you are. If Windows has been upgraded it will attempt to download the relevant updates for the new OS on the first reboot	Yes
LMgrVolOSD	U	OSD.EXE	Displays a message or graphic on-screen when you press a corresponding volume "hotkey" - such as increase, decrease or mute. Nice but not required if you don't adjust things regularly - and also known to cause a system freeze in some cases	No
On Screen Display	U	OSD.EXE	Displays a message or graphic on-screen when you press a corresponding "hotkey" - such as volume increase/decrease, display brightness, etc. Nice but not required if you don't adjust things regularly - and also known to cause a system freeze in some cases	No
OSD	U	OSD.exe	Displays a message or graphic on-screen when you press a corresponding "hotkey" - such as volume increase/decrease, display brightness, etc. Nice but not required if you don't adjust things regularly - and also known to cause a system freeze in some cases	No
OsdMaestro	U	OSD.exe	Displays a message or graphic on-screen when you press a corresponding "hotkey" on some HP machines - such as volume increase/decrease, display brightness, etc. Nice but not required if you don't adjust things regularly - and also known to cause a system freeze in some cases	No
OsdMaestroOSD.exe	U	OSD.EXE	Displays a message or graphic on-screen when you press a corresponding "hotkey" on some HP machines - such as volume increase/decrease, display brightness, etc. Nice but not required if you don't adjust things regularly - and also known to cause a system freeze in some cases	No
OsdMaestro	U	OSD64.exe	"Provides an interface to configure onscreen display settings." For HP systems - see here	No
LMgrOSD	U	OSDCtrl.exe	OSD (on-screen-display) utility - part of Acer Launch Manager. Gives you control to customize the monitor to your liking...from sound, brightness, contrast, horizontal and vertical positions, phase, pixel clock, color and language	No
Dialog Box Assistant	N	OSDEx.exe	Dialog Box Assistant from Duality Software. Helps with the standard Open and Save As dialog boxes by showing recently used files and folders	No
OrangeShark	N	OSharkUpdater.exe	Orange Shark updater - online games for all ages	No
osjk8s	X	osjk8s.exe	Detected by Kaspersky as Virus.Win32.Virut.ce. The file is located in %AppData%	No
OSLoader	X	OSLoader.exe	Added by the CAMKING BACKDOOR! Note - activates your webcam if you have one to allow its author to spy on you	No
Windows Communicator for NT/XP	X	osndyrn.exe	Added by the SDBOT-CPK WORM! Note - can terminate AV related processes	No
Memory Fox Pro	U	oso.exe	Memory Fox Professional browser memory manager that way it will free up system memory from browsers like Firefox that can use too much if left unchecked. Via "Options" on the tray icon you can select how often (from 1 to 60 minutes) the program will request the Windows Memory Manager to relinquish memory	Yes
Ncao	X	osoa.exe	PurityScan adware	No
ctfnom.exe	X	OSRSS.exe	Added by the DLOADER-UQ TROJAN!	No
windhost.exe	X	osrwin32.exe	Detected by Sophos as Troj/Banker-CB	No
Object Store Server	Y	osserver.exe	Comes with HyperTextStudio. From the supplier - "The Osserver maintains the database for HyperText Studio projects - absolutely vital, it verifies all the links etc in a site. It runs as a service in NT, 2K and XP but needs to start up in Win 9.x so you'll see a DOS box for a short while during boot up."	No
tymsetvc	X	osskhbd.exe	Added by the MAILBOT-BW TROJAN!	No
OSS	X	ossproxy.exe	MarketScore parasite - ActiveX control used to download premium-rate diallers	No
OSSProxy	X	OSSPROXY.EXE	MarketScore parasite - ActiveX control used to download premium-rate diallers	No
OSSelectorReinstall	U	oss_reinstall.exe	Related to Acronis Disk Director Suite	No
OStivityInvAgt	U	ostivity.exe	OStivity - "a desktop and server hardware and software asset/inventory solution for small to enterprise sized organizations that need to quickly gain knowledge of 'what's installed' without having to manually touch every computer in the company. The next time the computer logs into the network, a complete inventory (software and hardware) is taken of the system"	No
MEIwRDQ1NDlDQjExQTI5QT	X	osuncs.exe	Detected by Dr.Web as Trojan.DownLoader6.44007 and by Malwarebytes Anti-Malware as Trojan.Agent	No
Esutityde	X	osutityde.exe	Added by the LIOTEN.LU WORM!	No
otcx	X	otcxxh.exe	Added by the CAROOL TROJAN!	No
HW_OPENEYE_OUC_blueconnect	U	ouc.exe	Update client for the blueconnect mobile (USB) management tool by Huawei Technologies Co., Ltd	No
HW_OPENEYE_OUC_Cricket Broadband EC1705	U	ouc.exe	Update client for the Cricket Broadband mobile (USB) management tool by Huawei Technologies Co., Ltd	No
HW_OPENEYE_OUC_MegaFon Internet	U	ouc.exe	Update client for the MegaFon Internet mobile (USB) management tool by Huawei Technologies Co., Ltd	No
HW_OPENEYE_OUC_PC Suite	U	ouc.exe	Update client for a mobile (USB) management tool by Huawei Technologies Co., Ltd	No
HW_OPENEYE_OUC_PLAY ONLINE	U	ouc.exe	Update client for the Play Online mobile (USB) management tool by Huawei Technologies Co., Ltd	No
HW_OPENEYE_OUC_Reliance Netconnect	U	ouc.exe	Update client for the Reliance Netconnect mobile (USB) management tool by Huawei Technologies Co., Ltd	No
HW_OPENEYE_OUC_tele.ring Verbindungsmanager	U	ouc.exe	Update client for the tele.ring mobile (USB) management tool by Huawei Technologies Co., Ltd	No
HW_OPENEYE_OUC_Telekom Internet Manager	U	ouc.exe	Update client for the Telekom Internet Manager mobile (USB) management tool by Huawei Technologies Co., Ltd	No
HW_OPENEYE_OUC_T-Mobile Internet Manager	U	ouc.exe	Update client for the T-Mobile Internet Manager mobile (USB) management tool by Huawei Technologies Co., Ltd	No
HW_OPENEYE_OUC_VIVO INTERNET	U	ouc.exe	Update client for the Vivo Internet mobile (USB) management tool by Huawei Technologies Co., Ltd	No
MSConfig	X	oumy.exe	Detected by Sophos as Troj/Agent-NGD and by Malwarebytes Anti-Malware as Trojan.Agent	No
hohohhaha	X	ournik.com	Added by the IRCFLOOD.AL BACKDOOR!	No
msennger	X	ournik.com	Detected by Trend Micro as BKDR_IRCFLOOD.AL and by Malwarebytes Anti-Malware as Backdoor.IRCBot	No
WinReg	X	ournik.com	Added by the IRCFLOOD.AL BACKDOOR!	No
OurPictures	N	OurPictures.exe	Related to RitzPix Online Photo Print services	No
outbackxxx.exe	X	outbackxxx.exe	Detected by Microsoft as Trojan:Win32/EyeStye.H	No
Outerinfo	X	Outerinfo.exe	Clickspring.Outerinfo adware	No
OuterinfoUpdate	X	OuterinfoUpdate.exe	Clickspring.Outerinfo adware	No
ccAppr	X	outIook.exe	Added by the TACTSLAY.A TROJAN! Note that the filename has a capital "i" in it	No
ccRegVfY	X	outIook.exe	Added by the TACTSLAY.A TROJAN! Note that the filename has a capital "i" in it	No
Msupdate	X	outIook.exe	Detected by Total Defense as Win32/Tactslay.A and by Malwarebytes Anti-Malware as Trojan.Agent. Note that the filename has a capital "i" in it	No
OfficeAgent	X	outIook.exe	Added by the TACTSLAY.A TROJAN! Note that the filename has a capital "i" in it	No
Scheduler	X	outIook.exe	Added by the TACTSLAY.A TROJAN! Note that the filename has a capital "i" in it	No
HKCU	X	OUTLO0K.EXE	Detected by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen. Note the "0" in place of an upper case "o" in the filename - which is located in %Windir%\System	No
HKLM	X	OUTLO0K.EXE	Detected by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen. Note the "0" in place of an upper case "o" in the filename - which is located in %Windir%\System	No
Policies	X	OUTLO0K.EXE	Detected by Malwarebytes Anti-Malware as Backdoor.Agent.PGen. Note the "0" in place of an upper case "o" in the filename - which is located in %Windir%\System	No
outlook	X	outlook.exe	Added by the ALCRA.F WORM! Note that the valid Microsoft Outlook executeable is located in %ProgramFiles%\Microsoft Office\Office whereas this one is located in %ProgramFiles%\Outlook	No
outlook	X	outlook.exe	Added by the SDBOT-RU WORM! Note that the valid Microsoft Outlook executeable is located in %ProgramFiles%\Microsoft Office\Office whereas this one is located in %System%	No
Outlook Mail Services	X	outlook.exe	Added by the RBOT-BKA TROJAN! Note that the valid Microsoft Outlook executeable is located in %ProgramFiles%\Microsoft Office\Office whereas this one is located in %System%	No
system	X	outlook.exe	Added by the MIMAIL.Q WORM! Note that the valid Microsoft Outlook executeable is located in %ProgramFiles%\Microsoft Office\Office whereas this one is located in %Windir%	No
OutlookOnDesktop	U	OutlookDesktop.exe	"Outlook On the Desktop is a program that displays Outlook as a transparent, interactive object embedded in your desktop"	No
MS Unix Binary	X	outlookexpressupdate.exe	Added by the RBOT-YU WORM!	No
OutlookPlus.exe	X	OutlookPlus.exe	Detected by Malwarebytes Anti-Malware as Trojan.Banker. Note that the Command field can be either blank or the same as the Name field and located in a sub-folder of %LocalAppData% - see here and here	No
memory	X	outlookrem.exe	Added by the NOPIR.C WORM!	No
sysmem	X	outlookrem.exe	Added by the NOPIR-C WORM!	No
outpost	Y	outpost.exe	System Tray access to and notifications for older versions of Outpost Firewall and Outpost Security Suite from Agnitum Ltd	No
Outpost Firewall	Y	outpost.exe	System Tray access to and notifications for older versions of Outpost Firewall from Agnitum Ltd	Yes
Outpost Security Suite	Y	outpost.exe	System Tray access to and notifications for older versions of Outpost Security Suite from Agnitum Ltd	Yes
outpostupdate	X	outpostupdate.exe	Added by the COSIAM-C TROJAN!	No
Ouymbgbmamfkqivx.exe	X	Ouymbgbmamfkqivx.exe	Detected by Malwarebytes Anti-Malware as Trojan.PWS.IRCBot. The file is located in %AppData%	No
share21014	X	ov535.exe	Detected by McAfee as Generic.dx!bgjx and by Malwarebytes Anti-Malware as Trojan.Bublik	No
OVCJ	?	ovcj.exe	??	No
Launch Ai Booster	U	OverClk.exe	Included with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme), "AI Booster allows you to overclock the CPU speed in Windows without the hassle of booting the BIOS." Part of AI Suite	No
Overnet	N	Overnet.exe	Overnet peer-to-peer (P2P) file-sharing program. No longer available	No
scvhost	U	OverSpy.exe	OverSpy surveillance software. Uninstall this software unless you put it there yourself	No
Overwolf	N	Overwolf.exe	"Overwolf adds your favorite apps into your games. Use Facebook, Skype, Video Capture and more to connect with your friends and share your awesomeness!"	No
OpenVPN Connect	N	ovpntray.exe	System Tray access to the OpenVPN Connect Client for use with web browsers which allow users to securely connect to a private network via VPN. Note that the tray icon will still run if the associated OpenVPN Access Client (capiws.exe) service is set to Automatic	Yes
ovpntray.exe	N	ovpntray.exe	System Tray access to the OpenVPN Connect Client for use with web browsers which allow users to securely connect to a private network via VPN. Note that the tray icon will still run if the associated OpenVPN Access Client (capiws.exe) service is set to Automatic	Yes
owqwowou	X	ovswmcjtssd.exe	Added by the AGENT-MZE TROJAN!	No
DHKJWZUT	X	ovtd1mjrsmhy.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %UserTemp%	No
OWMngr	X	OWMngr.exe	OnWebMedia/SearchSeekFind advertising foistware	No
MSConfig	X	owyq.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %UserProfile%	No
{AF13D6C2-E926-01EF-06C8-326F092AAF9D}	X	oxadw.exe	Added by the MDROP-CVA TROJAN!	No
OxigenClientAdmin	U	Oxigen.exe	Open University Oxigen screensaver admin client. Downloads the latest information from the net to display in the screen saver	No
oxygener	X	oxygener.exe	Added by the BHO.ARGT TROJAN!	No
OyPmdWWFTJ6T	X	OyPmdWWFTJ6T.exe	Detected by Dr.Web as Trojan.DownLoader8.22321 and by Malwarebytes Anti-Malware as Trojan.MSIL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
www.symantec.com	X	oz11111.exe	Detected by Symantec as W32.Mydoom.W@mm	No
oz2	X	oz2.exe	Detected by Symantec as W32.Mydoom.W@mm	No

Notes & Warnings

If you can help identify new entries and verify/identify those entries with a "?" status (especially hardware specific - such as laptops and motherboards) then please E-mail us (startups_at_pacs-portal_dot_co_dot_uk).

"Status" key:

"Y" - Normally leave to run at start-up
"N" - Not required or not recommended - typically infrequently used tasks that can be started manually if necessary
"U" - User's choice - depends whether a user deems it necessary
"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
"?" - Unknown

Variables:

%System% - refers to the System folder; by default this is
- C:\Windows\System32 (7/Vista/XP)
- C:\Winnt\System32 (2K)
- C:\Windows\System (Me/9x)
%Windir% - refers to the Windows installation folder; by default this is
- C:\Windows (7/Vista/XP/Me/9x)
- C:\Winnt (2K)
%ProgramFiles% - refers to the Program Files folder; typically the path is C:\Program Files
%CommonFiles% - refers to the Common Program Files folder; typically the path is C:\Program Files\Common Files
%Root% - refers to the highest directory level on a hard drive - i.e., C:\, D:\
%UserProfile% - refers to the current user's profile folder; by default this is
- C:\Users\{user} (7/Vista)
- C:\Documents and Settings\{user} (XP/2K)
%AllUsersProfile% - refers to the common profile folder for all users; by default this is
- C:\Users\All Users (7/Vista)
- C:\Documents and Settings\All Users (XP/2K)
%AppData% - refers to the current user's Application Data folder; by default this is
- C:\Users\{user}\AppData\Roaming (7/Vista)
- C:\Documents and Settings\{user}\Application Data (XP/2K)
%CommonAppData% - refers to the common Application Data folder for all users; by default this is
- C:\ProgramData (7/Vista - Note: this directory is hidden by default)
- C:\Documents and Settings\All Users\Application Data (XP/2K)
%LocalAppData% - refers to the current user's Local Application Data folder; by default this is
- C:\Users\{user}\AppData\Local (7/Vista)
- C:\Documents and Settings\{user}\Local Settings\Application Data (XP/2K)
%MyDocuments% - refers to the current user's Documents folder; by default this is
- C:\Users\{user}\Documents (7/Vista)
- C:\Documents and Settings\{user}\My Documents (XP/2K)
%CommonDocuments% - refers to the common Documents folder; by default this is
- C:\Users\Public\Documents (7/Vista)
- C:\Documents and Settings\All Users\Documents (XP/2K)
%UserTemp% - refers to the current user's Temp folder; by default this is
- C:\Users\{user}\AppData\Local\Temp (7/Vista)
- C:\Documents and Settings\{user}\Local Settings\Temp (XP/2K)
%WinTemp% - refers to the Windows Temp folder; typically the path is C:\Windows\Temp
%Temp% - refers to either or both of the %UserTemp% and %WinTemp% folders where the location isn't specified, or %Root%\Temp
%Templates% - refers to the current user's Templates folder; by default this is
- C:\Users\{user}\AppData\Roaming\Microsoft\Windows\Templates (7/Vista)
- C:\Documents and Settings\{user}\Templates (XP/2K)
%UserStartup% - refers to the current user's Startup folder; by default this is
- C:\Users\{user}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup (7/Vista)
- C:\Documents and Settings\{user}\Start Menu\Programs\Startup (XP/2K)
%AllUsersStartup% - refers to the All User Startup folder; by default this is
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup (7/Vista - Note: this directory is hidden by default)
- C:\Documents and Settings\All Users\Start Menu\Programs\Startup (XP/2K)
%Recycled% - refers to the Recyled Bin; by default this is
- %Root%\$RECYCLE.BIN (7/Vista)
- %Root%\RECYCLER (XP)

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. We will not be held responsible if changes you make cause a system failure.

WARNING: This is NOT a database of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a database of start-up applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at start-up. For a list of tasks/processes you should try the Process Library from Uniblue, the list at PC Pitstop or one of the many others now available. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSConfig or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.

To avoid the database becoming too large, all malware entries are only shown using the registry version which is common to all Windows versions. Otherwise there would be multiple entries for popular filenames that viruses often use - such as "svchost.exe" above for example. Multiple malware can also use the same start-up entries, in this case only those with significant differences (such as file location) are repeated in this database.

As more than 15K entries in this database related to malware you should use a quality internet security package. Which ever you choose, keep it updated and get the latest version at least every two years.

There are a number of virus and malware entried listed in this database where specific removal instructions haven't been given. If this is the case then you could try ComboFix, a program written by sUBs that can remove many different types of Trojans and Worms. See here for a tutorial on how to use the program

NOTE: A number of entries are repeated due to the way that different operating systems display startup items. For example, WinMe lists "POPROXY.EXE" as "Norton eMail Protect" in both MSCONFIG and the registry whereas WinXP lists it as "Poproxy" in MSCONFIG and "Norton eMail Protect" in the registry.

SERVICES: "Services" from the NT/2K/XP/Vista/7 operating systems are not included. We fully understand that some programs with these OS's use "Services" as an alternative to load their component parts at startup but these are handled in a different way. We recommend you try BlackViper for information on services for the relevant operating systems.

Copyright

Presentation, format & comments Copyright © 2001 - 2012 Pacman's Portal
Portions Copyright © Peter Forrest, Denny Denham, Sylvain Prevost, Tony Klein, CastleCops & Bleeping Computer
Powered by Malwarebytes
All rights reserved

Site Map

Home