| Name | Filename | Status | Description |
|---|---|---|---|
| Usytllhevkt | Usytllhevkt.exe | X | Added by a malware downloader that installs other malicious payloads on your device, including ransomware. |
| Immmsbclaz | Immmsbclaz.exe | X | Added by the SystemBC malware. This malware is used to proxy network traffic for other malware on your computer. |
| SOCKET5 | SOCKET5.exe | X | Launches the SmokeLoader downloader malware in Windows. This malware will download additional malicious payloads on your device, making it important to perform an antivirus scan as soon as possible. |
| Microsoft update | sc.vbs | X | This autostart launches a malicious VBScript automatically that downloads additional malware to the device. |
| QuiteRSS | QuiteRSS.exe | N | Automatically launches the open-source QuiteRSS RSS feed reader. |
| org.whispersystems.signal-desktop | Signal.exe | N | Launches the Signal encrypted messaging application. |
| OneDrive | OneDrive.exe | N | This startup automatically launches Microsoft OneDrive when you log into Windows. Unless you use OneDrive, there is no need to launch this automatically. |
| NordVPN | NordVPN.exe | N | Launches the NordVPN VPN software when you log into Windows. This program is not required to start automatically unless you are using the VPN auto-connect feature. |
| Microsoft Edge Update | MicrosoftEdgeUpdateCore.exe | Y | Background process that checks for and installs new updates for the Microsoft Edge browser. While you can install these updates within Microsoft Edge, as having the latest version installed automatically is better for security, we recommend leaving it enabled. |
| com.squirrel.Teams.Teams | Update.exe | N | Checks for and installs new updates for the Microsoft Teams collaboration and messaging app. |
| com.squirrel.slack.slack | slack.exe | N | Automatically launches the Slack cloud-based team communication platform when you log into Windows. |
| CiscoSpark | Webex.lnk | N | Launches the CiscoCollabHost.exe background process for Cisco Webex meeting and collaboration application. It is not required to start automatically. |
| CiscoMeetingDaemon | WebexHost.exe | N | This startup launches a background process for Cisco Webex that makes it slightly faster to launch the meetings interface. It is not necessary to start automatically. |
| BCClipboard | BCClipboard.exe | N | Launches the Clipboard Compare feature in Beyond Compare on startup. Clipboard Compare runs in the background, keeping track of every time the Windows clipboard is updated with text. |
| Kiddion's Modest Menu | Kiddions Modest Menu.exe | ? | Kiddion’s Mod Menu is a trainer for GTA 5 Online that allows you to enable varioud game cheats in a in-game menu. The program is detected by some antivirus vendors as malicious or risky as it includes games hacks and other tools that may make in-memory modifications. |
| Opera GX Stable | launcher.exe | N | Added by the Opera GX web browser. This web browser has been designed for gamers in mind, by setting limits on CPU, RAM, and Network usage to offer a better gaming experience. However, it is not required to launch at startup. |
| win defender run | winsock.exe | X | Added by a information-stealing malware, likely the QuasarRat malware. It should be removed immediately, and as this malware steals passwords, you should change your passwords at the sites you visit. |
| confuse | chargeable.exe | X | Added by NJRat remote access trojan, which allows threat actors to gain remote access to your device and execute commands. |
| Windows Update | Dllhost.exe | X | Added by the NJRat remote access trojan. This malware provides remote access to infected devices and allows threat actor's to steal data, files, take screenshots, and execute further programs. If Dllhost.exe is found running from the Temp folder, it should be removed immediately and an antivirus scan run on the computer. |
| WebVPN | WebVPN.exe | Y | This startup provides SSLVPN functionality for the MotionPro VPN Client by Array Networks. |
| Standalone_VPN_Auto_Run | MotionPro.exe | Y | This startup launches the MotionPro VPN client by Array Networks. |
| SecurityHealth | SecurityHealthSystray.exe | Y | The SecurityHealth startup entry is a legitimate autorun that launches the Windows Security Center system tray, allowing the operating system to display notifications and alerts about the security health of your computer. Windows Security acts as a management console for all of Windows' built-in security features, including antivirus, account protection, firewall and network protection, app & browser control, device security, and more. Therefore, even if using an alternate antivirus solution, it is not suggested that you disable this feature |
| LaunchMhttpd | MPInit.exe | U | This startup is related to the MotionPro VPN client by Array Networks. |
| egui | ecmds.exe | Y | This launches the graphical user interface for ESET antivirus software. |
| CrashPlanTray | CrashPlanDesktop.exe | Y | Added by the CrashPlan cloud backup software. |
| ProfessionalArchitect | [powershell script] | X | This startup entry is created by malicious PowerShell scripts promoted on fake IT support sites as fixes for common Windows errors, such as the 0x80070643 error. |
| MPgrd | MatchPop.exe | X | Added by the MatchPop CryptoMiner. When running, this application will quietly utilize the system's resources to mine cryptocurrency for the developer. |
| okagncigkfokplmopeninonbibkmpogi | pythonw.exe | X | Added by the Interesting test always on truetest Chrome Extension. This extension injects Russian advertisements into web sites that you are visiting. Please note that Pythonw.exe is a legitimate program and only being used by this extension to inject ads. |
| gppagmpihgceldjoobjbjkcafgacljbd | pythonw.exe | X | Added by the Mini-vini test true Chrome Adware Extension. This extension will inject Russian advertisements into web sites that you visit and redirect you to Russian websites when you click on links on web pages. Please note that pythonw.exe is normally a legitimate program, but in this case is being used by the adware for unwanted purposes. |
| The Desktop Weather Service | WeatherService.exe | X | Added by the The Desktop Weather potentially unwanted program. This program is commonly distributed as a free download that is bundled with adware and potentially unwanted programs. |
