What does it do and is it required?
Source=Paul Collins Startup list
[MxRunner]
Number=6918
Confirmed=U
Filename=MxRunner.exe
Description=EasyUninstall from Aladdin Systems (formerly by Ontrack)
Source=Paul Collins Startup list
[My Agent]
Number=6919
Confirmed=X
Filename=msagent.exe
Description=Added by the NEGASMS.A TROJAN!
Source=Paul Collins Startup list
[My App]
Number=6920
Confirmed=X
Filename=SMSSvc.exe
Description=Added by the NEGASMS.A TROJAN!
Source=Paul Collins Startup list
[My Search Bar Eq]
Number=6921
Confirmed=X
Filename=S4BAREQ.EXE
Description=MySearch parasite
Source=Paul Collins Startup list
[My Web Search Bar]
Number=6922
Confirmed=X
Filename=MWSBAR.DLL
Description=MyWay - an IE Browser Helper Object used by adware WebSearch to add an IE toolbar to provide search features, and hijack browser search requests to its controlling servers run by MyWay
Source=Paul Collins Startup list
[My-disgo]
Number=6923
Confirmed=U
Filename=MyKey disgo.exe
Description=Related to disgo pro. Program will synchronize data
Source=Paul Collins Startup list
[MyAccessMedia]
Number=6924
Confirmed=X
Filename=tmp**.exe [* = random char/digit]
Description=My AccessMedia toolbar related, stealth installed!
Source=Paul Collins Startup list
[MyAgtTry]
Number=6925
Confirmed=U
Filename=MyAgtTry.exe
Description=System tray notification for McAfee VirusScan ASaP on-line scanner. Not required to be protected but you lose notifications
Source=Paul Collins Startup list
[Myapp]
Number=6926
Confirmed=X
Filename=[filename]
Description=Added by the FATEE.B WORM!
Source=Paul Collins Startup list
[Myapp]
Number=6927
Confirmed=X
Filename=service.exe
Description=Homepage hijacker
Source=Paul Collins Startup list
[MyAV]
Number=6928
Confirmed=X
Filename=avpguard.exe
Description=Added by the NETSKY.J WORM!
Source=Paul Collins Startup list
[MyCIO Agent Service]
Number=6929
Confirmed=Y
Filename=myagtsvc.exe
Description=McAfee VirusScan ASaP Agent service
Source=Paul Collins Startup list
[myCIO.com ASaP]
Number=6930
Confirmed=U
Filename=MyAgtTry.exe
Description=System tray notification for McAfee VirusScan ASaP on-line scanner. Not required to be protected but you lose notifications
Source=Paul Collins Startup list
[myCIO.com Splash]
Number=6931
Confirmed=N
Filename=Splash.exe
Description=Splash screen for McAfee VirusScan ASaP on-line scanner
Source=Paul Collins Startup list
[MyCometCursor]
Number=6932
Confirmed=X
Filename=MYCOME~1.EXE
Description=Comet Cursor adware
Source=Paul Collins Startup list
[MyDailyHoroscope]
Number=6933
Confirmed=X
Filename=MYDAIL~1.EXE
Description=MyDailyHoroscope foistware
Source=Paul Collins Startup list
[MyDailyHoroscope]
Number=6934
Confirmed=X
Filename=MyDailyHoroscope.exe
Description=MyDailyHoroscope foistware
Source=Paul Collins Startup list
[MyEmoticons]
Number=6935
Confirmed=U
Filename=MYEMOTICONS.EXE
Description=MyEmoticons from Persona Ltd - add icons (emoticons) to your E-mail
Source=Paul Collins Startup list
[MyFastAccess]
Number=6936
Confirmed=X
Filename=myfastupdate.exe
Description=My-Fast-Access toolbar updater
Source=Paul Collins Startup list
[myhuy]
Number=6937
Confirmed=X
Filename=huy.exe
Description=Added by the BLASTER-C WORM!
Source=Paul Collins Startup list
[myhuy]
Number=6938
Confirmed=X
Filename=huy2.exe
Description=Added by the BLASTER-L WORM!
Source=Paul Collins Startup list
[MyIE.exe]
Number=6939
Confirmed=U
Filename=MyIE.exe
Description=MyIE2/Maxthon browser related
Source=Paul Collins Startup list
[MyLife]
Number=6940
Confirmed=X
Filename=CmdServ.exe
Description=Added by the HOLAR.A WORM!
Source=Paul Collins Startup list
[myMh2]
Number=6941
Confirmed=X
Filename=iexpl0re.exe
Description=Added by the DELF.FAI TROJAN!
Source=Paul Collins Startup list
[myNetWatchman]
Number=6942
Confirmed=U
Filename=nwclient.exe
Description=Sends your firewall alerts to a website, which then filters them and forwards details of suspicious activities to the host ISP they originated from. Only needs to be running when your firewall is running
Source=Paul Collins Startup list
[MyPointsPointAlert]
Number=6943
Confirmed=X
Filename=wjview ...MyPointsPointAlertrun.exe
Description="With MyPoints you can earn rewards from name-brand merchants. You can even earn vacations and frequent flyer miles". Dubious privacy policy
Source=Paul Collins Startup list
[MyPopupKiller]
Number=6944
Confirmed=U
Filename=mpk.exe
Description=MyPopupKiller - popup killer
Source=Paul Collins Startup list
[myprint mileage]
Number=6945
Confirmed=U
Filename=mpm.exe
Description=Reports battery status on a portable printer
Source=Paul Collins Startup list
[Mysee Alert]
Number=6946
Confirmed=X
Filename=Mysee Alert.exe
Description=MySee Alert adware
Source=Paul Collins Startup list
[MyShares]
Number=6947
Confirmed=X
Filename=MyShares.exe
Description=EHU adware
Source=Paul Collins Startup list
[MySLScan]
Number=6948
Confirmed=X
Filename=msvc32.exe
Description=Added by the FORBOT-EH WORM!
Source=Paul Collins Startup list
[mysoft]
Number=6949
Confirmed=X
Filename=winexplor.exe
Description=Browser hijacker, also detected as the STARTPA-JR TROJAN!
Source=Paul Collins Startup list
[MySoftware NewsFlash]
Number=6950
Confirmed=N
Filename=Newsflsh.exe
Description=Runs in your task bar and receives alerts and release information on MySoftware products from Avenquest
Source=Paul Collins Startup list
[MySpaceIM]
Number=6951
Confirmed=N
Filename=MySpaceIM.exe
Description=MySpaceIM internet messenger
Source=Paul Collins Startup list
[mysvcig38]
Number=6952
Confirmed=X
Filename=mysvcc.exe
Description=Added by the RBOT-FOU WORM!
Source=Paul Collins Startup list
[mysvcig38]
Number=6953
Confirmed=X
Filename=recsl.exe
Description=Added by a variant of the RBOT-FOU WORM!
Source=Paul Collins Startup list
[MyTam]
Number=6954
Confirmed=X
Filename=MyTam.exe
Description=Covert Sys Exec malware variant
Source=Paul Collins Startup list
[MytekSystrayExePath]
Number=6955
Confirmed=U
Filename=MyTekSystray.exe
Description=MyTek system tray - web site providing computer tech support in Australia
Source=Paul Collins Startup list
[MyTotalSearch Email Plugin]
Number=6956
Confirmed=X
Filename=mtsoemon.exe
Description=MyTotalSearchBar adware
Source=Paul Collins Startup list
[MyVBApp]
Number=6957
Confirmed=X
Filename=SysNT.exe
Description=ReferAd adware
Source=Paul Collins Startup list
[MyVBApp]
Number=6958
Confirmed=X
Filename=install.exe
Description=Detected as Generic Downloader.s by McAfee, probable variant of ReferAd adware!
Source=Paul Collins Startup list
[MyVBApp]
Number=6959
Confirmed=X
Filename=setup.exe
Description=Recognized by Kaspersky antivirus as the Clicker.Win32.VB.kb TROJAN! File location is in the Root folder (C:\), (D:\), etc
Source=Paul Collins Startup list
[MyVirt.exe]
Number=6960
Confirmed=X
Filename=MyVirt.exe
Description=Added by the REMADM-C TROJAN!
Source=Paul Collins Startup list
[MyVitalAgent]
Number=6961
Confirmed=U
Filename=VtlAgent.exe
Description=MyVitalAgent from Lucent Technologies. Replacement for Net.Medic, monitoring all popular internet transactions and alerting the user of the location of connection problems. Available via Start -> Programs
Source=Paul Collins Startup list
[MyWebSearch Email Plugin]
Number=6962
Confirmed=X
Filename=mwsoemon.exe
Description=MyWebSearch parasite
Source=Paul Collins Startup list
[N2PTray]
Number=6963
Confirmed=U
Filename=Net2fone.exe
Description=An Internet telephony application. Needed only if you have an account at Net2Phone, Inc
Source=Paul Collins Startup list
[NADaemon]
Number=6964
Confirmed=N
Filename=NADAEMON.EXE
Description=Program by NetActive which appears to be piggybacked onto some Nvidia graphics cards software. They seem to look after "digital rights management". One user reports disabling it has no detrimental affect - not required
Source=Paul Collins Startup list
[Naggerrunkey]
Number=6965
Confirmed=N
Filename=nagger.exe
Description=Packard Bell Free Internet Signup screen
Source=Paul Collins Startup list
[Naimagent_service]
Number=6966
Confirmed=Y
Filename=EPOAgentnaimas32.exe
Description=Networked version of McAfee VirusScan. Installs, configures and updates the software and DAT (virus definition) files on local computers from a network server. A resource hog but required for DAT updates and if disabled can also cause random freezes and error messages
Source=Paul Collins Startup list
[Naimagent_UI]
Number=6967
Confirmed=Y
Filename=EPOAgentnaimag32.exe
Description=Workstation background program for Network Associates McAfee ePolicy Orchestrator - a network management tool for enforcing antivirus protection of the workstations using system policies. Works with both McAfee and Norton AntiVirus. NAIMAG32 and NAIMAS32 communicate with the ePolicy Orchestrator processes on the network fileserver to check for virus updates or for the need to perform a virus scan
Source=Paul Collins Startup list
[Naimagent_UI]
Number=6968
Confirmed=Y
Filename=naimag32.exe
Description=Workstation background program for Network Associates McAfee ePolicy Orchestrator - a network management tool for enforcing antivirus protection of the workstations using system policies. Works with both McAfee and Norton AntiVirus. NAIMAG32 and NAIMAS32 communicate with the ePolicy Orchestrator processes on the network fileserver to check for virus updates or for the need to perform a virus scan
Source=Paul Collins Startup list
[Name]
Number=6969
Confirmed=X
Filename=Iexplorer0.exe
Description=Added by the THREADSYS TROJAN!
Source=Paul Collins Startup list
[Name Server]
Number=6970
Confirmed=X
Filename=mswins.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[NAMEDPIPE SYSTEM]
Number=6971
Confirmed=X
Filename=namedpipe.exe
Description=Added by the MYTOB-FH TROJAN!
Source=Paul Collins Startup list
[nano]
Number=6972
Confirmed=X
Filename=svchost.exe
Description=Added by the NANO-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[NAP32]
Number=6973
Confirmed=X
Filename=NAP32.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[Narrator]
Number=6974
Confirmed=X
Filename=******.exe [* = random char]
Description=Added by the QOOLOGIC TROJAN!
Source=Paul Collins Startup list
[Narrator]
Number=6975
Confirmed=U
Filename=Narrator.exe
Description=Associated with the Narrator accessibility feature on Windows XP. It is used to convert text to speech
Source=Paul Collins Startup list
[Natal]
Number=6976
Confirmed=X
Filename=Natal.scr
Description=Added by the OPASERV.AE WORM!
Source=Paul Collins Startup list
[NAV]
Number=6977
Confirmed=X
Filename=RuxDLL32.exe
Description=Added by the MAPSON.D WORM!
Source=Paul Collins Startup list
[NAV Agent]
Number=6978
Confirmed=Y
Filename=navapw32.exe
Description=Norton Anti-Virus's background scanning process
Source=Paul Collins Startup list
[nAv AGENT]
Number=6979
Confirmed=X
Filename=N/A
Description=Added by the RIOSYS MACRO! Note the lower-case "n" and "v" in the name as this is not the valid Norton AntiVirus entry of the same name - indeed it closes Norton AV processes
Source=Paul Collins Startup list
[NAV Agent]
Number=6980
Confirmed=X
Filename=systems.exe
Description=Added by the TARNO.C TROJAN! Note - this is not the valid Norton Antivirus entry of the same name
Source=Paul Collins Startup list
[NAV Agent]
Number=6981
Confirmed=X
Filename=winsnav.vbs
Description=Added by the ANPES WORM!
Source=Paul Collins Startup list
[NAV Agent]
Number=6982
Confirmed=X
Filename=wmilib32.exe
Description=Added by the VB-XU TROJAN!
Source=Paul Collins Startup list
[NAV Auto Prot]
Number=6983
Confirmed=X
Filename=navprot1.exe
Description=Added by the RBOT.ZAC WORM!
Source=Paul Collins Startup list
[NAV Auto Protect]
Number=6984
Confirmed=X
Filename=msfwe1.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[NAV Auto Protect]
Number=6985
Confirmed=X
Filename=navprotect.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[NAV Auto Protect]
Number=6986
Confirmed=X
Filename=dnsserv.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[NAV Auto Protect]
Number=6987
Confirmed=X
Filename=mcafee32.exe
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[NAV Auto Update]
Number=6988
Confirmed=X
Filename=Navautoupdate.exe
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[NAV Auto Updates]
Number=6989
Confirmed=X
Filename=csrssp.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[NAV Auto Updates]
Number=6990
Confirmed=X
Filename=navwindows.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[NAV Auto Updates]
Number=6991
Confirmed=X
Filename=slserves.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[NAV Auto Updates]
Number=6992
Confirmed=X
Filename=navupdaters.exe
Description=Added by the RBOT-UN WORM!
Source=Paul Collins Startup list
[NAV Auto Updates]
Number=6993
Confirmed=X
Filename=navupdaterx.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[NAV CfgWiz]
Number=6994
Confirmed=N
Filename=cfgwiz.exe
Description=Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it
Source=Paul Collins Startup list
[NAV Configuration Wizard]
Number=6995
Confirmed=N
Filename=cfgwiz.exe
Description=Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it
Source=Paul Collins Startup list
[NAV DefAlert]
Number=6996
Confirmed=U
Filename=DefAlert.exe
Description=Norton Anti-Virus Definitions Alert. Warns you if virus definitions are out of date. Leave enabled unless you manually update virus definitions on a regular basis
Source=Paul Collins Startup list
[NAV Live Update]
Number=6997
Confirmed=X
Filename=[path to worm]
Description=Added by the DEBORMS.C WORM! Note - this is not a valid Norton Anti-Virus (NAV) function from Symantec
Source=Paul Collins Startup list
[NAV Scan Service]
Number=6998
Confirmed=X
Filename=NAVSCAN32.EXE
Description=Added by the SDBOT.VG WORM!
Source=Paul Collins Startup list
[NavAgent32]
Number=6999
Confirmed=X
Filename=lasvr32.exe
Description=Added by the FEMOT.D WORM!
Source=Paul Collins Startup list
[NavAgent32]
Number=7000
Confirmed=X
Filename=SCardSvr32.Exe
Description=Added by the MOFEI.B WORM!
Source=Paul Collins Startup list
[navapp]
Number=7001
Confirmed=X
Filename=navapp.exe
Description=NavExcel adware variant
Source=Paul Collins Startup list
[navapw32]
Number=7002
Confirmed=Y
Filename=navapw32.exe
Description=Norton Anti-Virus's background scanning process
Source=Paul Collins Startup list
[NAVCheck]
Number=7003
Confirmed=X
Filename=navchk.exe
Description=Premium rate adult content dialer
Source=Paul Collins Startup list
[NAVCheck]
Number=7004
Confirmed=X
Filename=shman.exe
Description=Premium rate adult content dialer
Source=Paul Collins Startup list
[Naviscope]
Number=7005
Confirmed=U
Filename=naviscope.exe
Description=Naviscope is a multipurpose browser enhancement that can speed up Web searches, lock out cookies, examine HTML send/receive headers, provide single-click network diagnostics, and much more
Source=Paul Collins Startup list
[NaviSearch]
Number=7006
Confirmed=X
Filename=nls.exe
Description=NaviSearch, eXact Advertising variant
Source=Paul Collins Startup list
[NavLoad]
Number=7007
Confirmed=N
Filename=NAVBrowser.exe
Description=Registration reminder for CorelDRAW 10
Source=Paul Collins Startup list
[navman_20]
Number=7008
Confirmed=X
Filename=sysnav32.exe
Description=Hijacker, possibly a CoolWebSearch parasite variant
Source=Paul Collins Startup list
[NAVMD25]
Number=7009
Confirmed=?
Filename=UpdtNv28.exe
Description=Added by Symantec for updating the MicroDefs for their AV products - is it required?
Source=Paul Collins Startup list
[NAVNet]
Number=7010
Confirmed=X
Filename=***.tmp [* = random digit]
Description=Unidentified adware
Source=Paul Collins Startup list
[navp.exe]
Number=7011
Confirmed=X
Filename=navp.exe
Description=Added by the AGOBOT-OE WORM!
Source=Paul Collins Startup list
[NavPass]
Number=7012
Confirmed=X
Filename=NavPass.exe
Description=Free system for gaining access to and downloading from adult content web-sites
Source=Paul Collins Startup list
[NavScan]
Number=7013
Confirmed=X
Filename=[filename]
Description=Added by the OBSORB TROJAN!
Source=Paul Collins Startup list
[NAVSCAN32.EXE]
Number=7014
Confirmed=X
Filename=NAVSCAN32.exe
Description=Added by the SDBOT-DO WORM!
Source=Paul Collins Startup list
[NAVSCANNER32]
Number=7015
Confirmed=X
Filename=NAVSCANNER32.EXE
Description=Added by the RBOT.QC WORM!
Source=Paul Collins Startup list
[NAVUpd]
Number=7016
Confirmed=X
Filename=rundll32.exe navupd.dll, Startup
Description=Added by the NAVU TROJAN!
Source=Paul Collins Startup list
[NAV_Update]
Number=7017
Confirmed=X
Filename=NAV_Update.exe
Description=Unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[nawadll32]
Number=7018
Confirmed=X
Filename=nawadll32.exe
Description=Added by the SDBOT-ZI WORM!
Source=Paul Collins Startup list
[nawdll32]
Number=7019
Confirmed=X
Filename=nawdll32.exe
Description=Added by the SDBOT-ZM WORM!
Source=Paul Collins Startup list
[NB Common Dialog Enhancements]
Number=7020
Confirmed=N
Filename=COMDLGEX.EXE
Description=Part of McAfee Nuts & Bolts. With Common Dialog Enhancements, you can add MRU list box to open dialogs
Source=Paul Collins Startup list
[NB Start Menu]
Number=7021
Confirmed=N
Filename=STARTM.EXE
Description=Part of McAfee Nuts & Bolts. Provides the same control as MSCONFIG and can be used instead if you have N&B
Source=Paul Collins Startup list
[NB Windows Patterns]
Number=7022
Confirmed=N
Filename=WINDBKGND.EXE
Description=Part of McAfee Nuts & Bolts. With Background Patterns, you can change background patterns of wizard and dialog windows
Source=Paul Collins Startup list
[NBJ]
Number=7023
Confirmed=U
Filename=NBJ.exe
Description=Ahead Nero BackItUp - backup program. Only required for if you have scheduled back-ups
Source=Paul Collins Startup list
[NbkCtrl]
Number=7024
Confirmed=U
Filename=NbkCtrl.exe
Description=Scheduling engine of NovaSTOR Backup Service. Only required if scheduling is enabled and wanted - see here
Source=Paul Collins Startup list
[NBKeyScan]
Number=7025
Confirmed=U
Filename=NBKeyScan.exe
Description=This tool comes with a special version of Nero BackItUp for some external harddisks. Controls two buttons on the drive - one button power off the drive and the other directly calls Nero BackItUp to make a quick backup
Source=Paul Collins Startup list
[NBT System alias]
Number=7026
Confirmed=X
Filename=[path] repcale.exe [path] beird.exe
Description=Added by a variant of the RANDON.AN WORM!
Source=Paul Collins Startup list
[nbustrce1D]
Number=7027
Confirmed=?
Filename=nbustrce1D.exe
Description=Device driver, possibly CD/DVD - what exactly is it and is it required in startup?
Source=Paul Collins Startup list
[NC1565]
Number=7028
Confirmed=X
Filename=winntsrv -l -p10001 -d -e cmd.exe -L
Description=Added by the NEWLEY-A WORM!
Source=Paul Collins Startup list
[Ncao]
Number=7029
Confirmed=X
Filename=osoa.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[Ncao]
Number=7030
Confirmed=X
Filename=urpo.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[NCClient]
Number=7031
Confirmed=?
Filename=N/A
Description=??
Source=Paul Collins Startup list
[NCD]
Number=7032
Confirmed=N
Filename=ncd.exe
Description=Norton Change Directory - from the DOS days that allows the user to change directories on their machine without typing the complete path
Source=Paul Collins Startup list
[NCLAUNCH]
Number=7033
Confirmed=?
Filename=NCLAUNCH.exe
Description=Part of SWF Studio from Northcode Inc. - an extension to Flash. Bundled when you create a self-installing screen-saver on Win2K/XP. Is it required?
Source=Paul Collins Startup list
[nClient]
Number=7034
Confirmed=X
Filename=cnen.exe
Description=Added by the DELBOT-AL WORM!
Source=Paul Collins Startup list
[NCS_SS]
Number=7035
Confirmed=N
Filename=Csinsm32.exe
Description=Same as CleanSweep Smart Sweep-Internet Sweep
Source=Paul Collins Startup list
[NDAv]
Number=7036
Confirmed=X
Filename=csnss.exe
Description=Added by the SERFLOG.C WORM!
Source=Paul Collins Startup list
[NDAv]
Number=7037
Confirmed=X
Filename=svhost.exe
Description=Added by the SERFLOG.C WORM!
Source=Paul Collins Startup list
[NDDEAGNT]
Number=7038
Confirmed=?
Filename=NDDEAGNT.EXE
Description=WinNT default process. Network Dynamic Data Exchange (DDE) Agent, handles requests for network DDE services
Source=Paul Collins Startup list
[NDIS Adapter]
Number=7039
Confirmed=X
Filename=ndis.exe
Description=Added by the SDBOT.VF WORM!
Source=Paul Collins Startup list
[NDIS Adapter]
Number=7040
Confirmed=X
Filename=windows.exe
Description=Added by the FORBOT-BR WORM!
Source=Paul Collins Startup list
[NDIS Adapter]
Number=7041
Confirmed=X
Filename=lsass2.exe
Description=Added by the WOOTBOT.CW WORM!
Source=Paul Collins Startup list
[NDIS Adapter]
Number=7042
Confirmed=X
Filename=servenxpp.exe
Description=Added by the FORBOT-GP WORM!
Source=Paul Collins Startup list
[ndlhosta]
Number=7043
Confirmed=X
Filename=uiremsyl.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Ndpldaemon]
Number=7044
Confirmed=X
Filename=[path to trojan]
Description=Added by the RPCSDBOT-A TROJAN!
Source=Paul Collins Startup list
[NDplDeamon]
Number=7045
Confirmed=X
Filename=nstask32.exe
Description=Added by the RANDEX.E WORM!
Source=Paul Collins Startup list
[NDplDeamon]
Number=7046
Confirmed=X
Filename=winlogin.exe
Description=Added by the RANDEX.E WORM!
Source=Paul Collins Startup list
[NDPS]
Number=7047
Confirmed=U
Filename=DPMW32.EXE
Description=Novell Distributed Printer Services - part of Novell's Netware Client and Groupwise products. Not required if you don't use this feature
Source=Paul Collins Startup list
[NDrv]
Number=7048
Confirmed=X
Filename=NDrv.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[NDSTray]
Number=7049
Confirmed=U
Filename=NDSTray.exe
Description=ConfigFree Tray on a Toshiba laptop. Tray utility for their network switching application which permits switching network devices and settings with a click on the tray icon. While it is not required, for people who span multiple networks and want an easy way to go from wired to wireless and change addresses and other network settings, it's a must have
Source=Paul Collins Startup list
[NDSTray.exe]
Number=7050
Confirmed=U
Filename=NDSTray.exe
Description=ConfigFree Tray on a Toshiba laptop. Tray utility for their network switching application which permits switching network devices and settings with a click on the tray icon. While it is not required, for people who span multiple networks and want an easy way to go from wired to wireless and change addresses and other network settings, it's a must have
Source=Paul Collins Startup list
[Ndtstat]
Number=7051
Confirmed=X
Filename=Ndtstat.exe
Description=Added by a variant of the BANLOAD family of TROJANS!
Source=Paul Collins Startup list
[Necbar]
Number=7052
Confirmed=N
Filename=Necbar.exe
Description=Nec Assistant; Ark's Navigator, a graphical interface for NEC computers
Source=Paul Collins Startup list
[NECMFK]
Number=7053
Confirmed=Y
Filename=necmfk.exe
Description=NEC wireless keyboard driver
Source=Paul Collins Startup list
[Necutray]
Number=7054
Confirmed=U
Filename=Necutray.exe
Description=Driver for external USB storage devices (hard drives, flsh disks, etc)
Source=Paul Collins Startup list
[neqprvfy.exe]
Number=7055
Confirmed=?
Filename=neqprvfy.exe
Description=Appears to be related to the downloading of some application - possibly verifying updates?
Source=Paul Collins Startup list
[Nero]
Number=7056
Confirmed=X
Filename=shch.exe
Description=Added by a variant of the EB TROJAN!
Source=Paul Collins Startup list
[Nero Checker]
Number=7057
Confirmed=X
Filename=nerocheck.exe
Description=Added by the PROXY-X TROJAN! Note - this is not related to "Nero Burning Rom" CD writing software
Source=Paul Collins Startup list
[Nero DriveSpeed]
Number=7058
Confirmed=N
Filename=DRIVESPEED.EXE
Description=Ahead Nero DriveSpeed - set the CD reading speed of a CD/DVD drive on-the-fly to reduce the noise on high-speed drives
Source=Paul Collins Startup list
[Nero Updater.6.12]
Number=7059
Confirmed=X
Filename=wmp9.exe
Description=Added by the AGOBOT-AAG WORM!
Source=Paul Collins Startup list
[Nero.ma]
Number=7060
Confirmed=X
Filename=***.exe [*** = 2 to 3 digits]
Description=Added by the JONBARR.D WORM!
Source=Paul Collins Startup list
[NeroAutoStartClient]
Number=7061
Confirmed=X
Filename=NeroASM.exe
Description=Added by the AGOBOT.VG WORM!
Source=Paul Collins Startup list
[NeroCheck]
Number=7062
Confirmed=U
Filename=nerocheck.exe
Description=Associated with "Nero Burning Rom" CD writing software. Checks for driver issues
Source=Paul Collins Startup list
[NeroCheck]
Number=7063
Confirmed=X
Filename=regedit.exe
Description=Added by the DOOMJUICE.B WORM! Note - this is not the valid Ahead Nero CD/DVD burning program. Also, it is not the valid Windows registry editor which resides in Windows or Winnt and will not figure in Msconfig/Startup! This version resides in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list
[NeroFil]
Number=7064
Confirmed=X
Filename=NeroFil.EXE
Description=Added by the RBOT.EAM TROJAN!
Source=Paul Collins Startup list
[NeroFilterCheck]
Number=7065
Confirmed=U
Filename=NeroCheck.exe
Description=Associated with "Nero Burning Rom" CD writing software. Checks for driver issues
Source=Paul Collins Startup list
[NeroHomeFirstStart]
Number=7066
Confirmed=U
Filename=NMFirstStart.exe
Description=Associated with Nero Scout, added by version 7 of the Nero digital media suite (CD & DVD burning, authoring, etc). Thanks to Help2Go.com, if you feel this is draining more resources that necessary you can disable it by clicking here
Source=Paul Collins Startup list
[NeroLoader]
Number=7067
Confirmed=X
Filename=NeroLoader.exe
Description=Added by the BANCBAN-EJ TROJAN!
Source=Paul Collins Startup list
[NeroNETTrayIcon]
Number=7068
Confirmed=N
Filename=NNServiceCtrl.exe
Description=System tray access to NeroNET - Ahead Software's network-capable extension of their CD/DVD burning program. NeroNET allows a burner to be shared across a network
Source=Paul Collins Startup list
[NeroUpdater6.8]
Number=7069
Confirmed=X
Filename=winjava.exe
Description=Added by the AGOBOT.AMK WORM!
Source=Paul Collins Startup list
[Net]
Number=7070
Confirmed=X
Filename=WINREG.EXE
Description=Added by the ASSASIN.D TROJAN!
Source=Paul Collins Startup list
[Net Accelerator]
Number=7071
Confirmed=U
Filename=NetAccelerator.exe
Description=Rizal NetAccelerator - "Optimizing Dial-Up, Lan, Cable, DSL, and Satellite connections do you want to speed up your Internet access up to 200% - 300% ???". Only required if you find it helps improve your performance
Source=Paul Collins Startup list
[Net Activity Diagram]
Number=7072
Confirmed=U
Filename=nad.exe
Description=Net Activity Diagram from MetaProducts. Monitors your computer internet activity. Available via Start -> Programs
Source=Paul Collins Startup list
[NET Bios Stats]
Number=7073
Confirmed=X
Filename=ntbstats.exe
Description=Added by the SDBOT-ZX WORM!
Source=Paul Collins Startup list
[NET DEMON]
Number=7074
Confirmed=X
Filename=ndemon.exe
Description=Added by the AGOBOT-LA WORM!
Source=Paul Collins Startup list
[Net iD]
Number=7075
Confirmed=U
Filename=iid.exe
Description="With the Net_iD program, you can easily and securely logon with a smart card into a domain, a virtual private network (VPN) or in Citrix and Terminal Server environments"
Source=Paul Collins Startup list
[Net**.exe [* = random char]]
Number=7076
Confirmed=X
Filename=Net**.exe [* = random char]
Description=CoolWebSearch/HomeSearch adware - for examples, see this log
Source=Paul Collins Startup list
[Net**32.exe [* = random char]]
Number=7077
Confirmed=X
Filename=Net**32.exe [* = random char]
Description=CoolWebSearch/HomeSearch adware - for examples, see this log
Source=Paul Collins Startup list
[Net-It Launcher]
Number=7078
Confirmed=N
Filename=NILaunch.exe
Description=Net-It - web publishing software
Source=Paul Collins Startup list
[NetAccelerator]
Number=7079
Confirmed=U
Filename=NetAccel.exe
Description=NetAccelerator is a "software utility that optimizes your internet access up to 1200% faster!. NetAccelerator speeds all modems allowing you to download faster, browse faster, surf faster!. Only required if you find it helps improve your performance
Source=Paul Collins Startup list
[NetAdm7]
Number=7080
Confirmed=X
Filename=NETADM7.EXE
Description=Added by the BANCOS.F TROJAN!
Source=Paul Collins Startup list
[Netapi]
Number=7081
Confirmed=X
Filename=Netapi.exe
Description=Added by the NETDEVIL.14 TROJAN!
Source=Paul Collins Startup list
[netapi32]
Number=7082
Confirmed=X
Filename=netapi32.exe
Description=Added by an unidentified TROJAN!
Source=Paul Collins Startup list
[NetApp]
Number=7083
Confirmed=X
Filename=winserv.exe
Description=Added by the SHADOWTHIEF TROJAN!
Source=Paul Collins Startup list
[Netbeans]
Number=7084
Confirmed=X
Filename=netbeans.exe
Description=Added by the DELBOT-R WORM!
Source=Paul Collins Startup list
[Netbios Helper]
Number=7085
Confirmed=X
Filename=nbthlp.exe
Description=Added by the BANKER.Y TROJAN!
Source=Paul Collins Startup list
[NetBiosSrvc]
Number=7086
Confirmed=X
Filename=HPSrvPrt.exe
Description=Added by the SDBOT-COL WORM!
Source=Paul Collins Startup list
[netconfig]
Number=7087
Confirmed=X
Filename=netconfig.exe
Description=Added by the NETWARE TROJAN!
Source=Paul Collins Startup list
[NetCruiser Dialer]
Number=7088
Confirmed=U
Filename=NCDialer.exe
Description=NetCruiser Dialer from NetCruiser Software. "An Internet dialer and connection monitor with features to launch applications when a connection is detected, dial and hangup at predefined times and automatic redialing of dropped connections"
Source=Paul Collins Startup list
[netdaemon]
Number=7089
Confirmed=X
Filename=netdaemon /v
Description=Malware designed to "kill" a number of antispyware applications (SpyBot, Giant, SpyDoctor, SpySweeper, SpyHunter, Anvir, WinPatrol, and more)
Source=Paul Collins Startup list
[netdll32]
Number=7090
Confirmed=X
Filename=netdll32.exe
Description=Added by the CRYPTER.A TROJAN!
Source=Paul Collins Startup list
[netdllex]
Number=7091
Confirmed=X
Filename=netdllex.Exe
Description=Added by the CRYPTER.A TROJAN!
Source=Paul Collins Startup list
[NetDy]
Number=7092
Confirmed=X
Filename=VisualGuard.exe
Description=Added by the NETSKY.N or NETSKY.W WORMS!
Source=Paul Collins Startup list
[NETFP32.EXE]
Number=7093
Confirmed=X
Filename=NETFP32.EXE
Description=Added by the AGENT.CD TROJAN!
Source=Paul Collins Startup list
[netfxupdate]
Number=7094
Confirmed=?
Filename=netfxupdate.exe
Description=Would appear to be a valid Microsoft .NET file (see here) but other sources suggest it could be a trojan
Source=Paul Collins Startup list
[NetFxUpdate_v1.0.3705]
Number=7095
Confirmed=?
Filename=netfxupdate.exe
Description=Would appear to be a valid Microsoft .NET file (see here) but other sources suggest it could be a trojan
Source=Paul Collins Startup list
[NETGEAR WG111T Smart Wizard]
Number=7096
Confirmed=U
Filename=wlan111t.exe
Description=Configuration utility for the Netgear WG111T multi-rate Wireless USB 2.0 Adapter that "provides wireless access to your desktop or notebook PC through the computer's USB port"
Source=Paul Collins Startup list
[NetGuard]
Number=7097
Confirmed=U
Filename=NetGuard.exe
Description=FBM Software ZeroSpyware 2004 spyware detector and remover - real time monitor
Source=Paul Collins Startup list
[nethost.exe]
Number=7098
Confirmed=X
Filename=[path to file]
Description=Added by the PERDA-J TROJAN!
Source=Paul Collins Startup list
[Netlimiter]
Number=7099
Confirmed=U
Filename=Netlimiter.exe
Description=Netlimiter - "An internet traffic control tool to monitor applications which access the internet and actively control their internet traffic. Use it o set (download/upload) speed limits for applications or even single connection. NetLimiter also allows you to share your internet connection bandwidth among all applications running on your PC."
Source=Paul Collins Startup list
[Netline User]
Number=7100
Confirmed=N
Filename=netchk.exe
Description=Netline supplies internet related products and services and this program identifies user ID and IP information. Found installed along with the Falcon 4 game, for example
Source=Paul Collins Startup list
[NetLink]
Number=7101
Confirmed=X
Filename=netlink32.exe
Description=Added by the GAOBOT.WO WORM!
Source=Paul Collins Startup list
[NetLogon]
Number=7102
Confirmed=X
Filename=userint.exe
Description=Added by the SDBOT-BC WORM!
Source=Paul Collins Startup list
[NetManageImport]
Number=7103
Confirmed=U
Filename=nmcpdata.exe
Description=NetManage business software related
Source=Paul Collins Startup list
[NetManagerService]
Number=7104
Confirmed=X
Filename=ntss.exe
Description=Added by the BESTPICS.A TROJAN!
Source=Paul Collins Startup list
[NetMeter]
Number=7105
Confirmed=X
Filename=NetMeter.exe
Description=NetRatings Premeter spyware
Source=Paul Collins Startup list
[NetMeter]
Number=7106
Confirmed=X
Filename=NielsenOnline.exe
Description=Appears to have possible Malware functions, for more information see here
Source=Paul Collins Startup list
[NetMon]
Number=7107
Confirmed=X
Filename=netmon.exe
Description=Added by the MIMAIL.M WORM!
Source=Paul Collins Startup list
[Netmonw]
Number=7108
Confirmed=X
Filename=Netmonw.exe
Description=Added by the BDOOR-FX TROJAN!
Source=Paul Collins Startup list
[netmsg]
Number=7109
Confirmed=U
Filename=netmsg.exe
Description=Net_Message is a small tool to send messages across the network, using the Windows Messenger Service, so there is no client install required to receive the messages. It has a number of other features as well
Source=Paul Collins Startup list
[NetPatrol]
Number=7110
Confirmed=U
Filename=winclient.exe
Description=NetPatrol network monitoring software
Source=Paul Collins Startup list
[netpc32.exe]
Number=7111
Confirmed=X
Filename=netpc32.exe
Description=Malware, probably a CoolWebSearch parasite variant
Source=Paul Collins Startup list
[NetPerSec]
Number=7112
Confirmed=N
Filename=NetPerSec.exe
Description=NetPerSec - measures the real-time speed of your Internet connection
Source=Paul Collins Startup list
[NetPumper]
Number=7113
Confirmed=N
Filename=NetPumperIEProxy.exe
Description=NetPumper download manager - bundles Cydoor and SaveNow adware, see here
Source=Paul Collins Startup list
[NetReach]
Number=7114
Confirmed=X
Filename=nrcheck.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[Netropa Internet Receiver]
Number=7115
Confirmed=X
Filename=Netropa.exe
Description=Netropa Internet Receiver. Shows a scrolling bar with the news. Major resource hog and flagged as spyware
Source=Paul Collins Startup list
[NetRun]
Number=7116
Confirmed=U
Filename=NetRun.exe
Description=NetRun - will 'RUN' a 'List' of programs only when a internet connection is detected, and close/kill the same 'List' when the connection is lost
Source=Paul Collins Startup list
[Netscape Messenger]
Number=7117
Confirmed=N
Filename=NETSCAPE.EXE
Description=In Netscape 6 (I know for sure with 6.2.1, maybe with 6.0) Netscape.exe is the main executable file for Netscape Navigator, Netscape Mail and News, and Netscape Messenger (the new name for the embedded AIM, no doubt to make it sound like Windows Messenger, the XP version of MSN Messenger). Basically, netscape.exe can be more than just Netscape Messenger, and Messenger can be more then just AIM in disguise, depending on the version of Netscape installed
Source=Paul Collins Startup list
[Netscp6]
Number=7118
Confirmed=N
Filename=Netscp6.exe
Description=Netscape 6
Source=Paul Collins Startup list
[NetScreen-Remote]
Number=7119
Confirmed=U
Filename=SafeCfg.exe
Description=NetScreen Remote VPN client software
Source=Paul Collins Startup list
[NetService]
Number=7120
Confirmed=X
Filename=ntsvc.exe
Description=Added by the QQPASS-DU TROJAN!
Source=Paul Collins Startup list
[netservices]
Number=7121
Confirmed=X
Filename=recall.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[netservices]
Number=7122
Confirmed=X
Filename=svchostn.exe
Description=Added by the SDBOT.GI WORM!
Source=Paul Collins Startup list
[NETServices]
Number=7123
Confirmed=X
Filename=csxrs.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[NetShow Powerpoint Helper]
Number=7124
Confirmed=U
Filename=NSPPTHLP.EXE
Description=If disabled, user created fonts can no longer be seen by other programs
Source=Paul Collins Startup list
[NetStart]
Number=7125
Confirmed=X
Filename=svchost.exe
Description=Added by the MKAR-A VIRUS! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a NETSTART subfolder
Source=Paul Collins Startup list
[NetStat Live]
Number=7126
Confirmed=N
Filename=Nsl.exe
Description=AnalogX NetStat Live - TCP/IP protocol monitor which can be used to see your exact throughput on both incoming and outgoing data
Source=Paul Collins Startup list
[netsv32]
Number=7127
Confirmed=X
Filename=netsv32.exe
Description=Added by the SDBOT-PX WORM!
Source=Paul Collins Startup list
[NettGain2000]
Number=7128
Confirmed=Y
Filename=WgwMngr.exe
Description=Part of Flash-Networks NettGain2000 product. NettGain 2000 is a combined hardware/software networking solution, which is designed to improve performance of satellite networks by increasing data transmission speeds and maximizing the existing bandwidth for complete utilization when sending TCP/IP applications over a satellite. It is needed when connecting to the internet via satellite to provide speed faster than 60k or so
Source=Paul Collins Startup list
[NettGain2000 Verifier]
Number=7129
Confirmed=Y
Filename=NettGain2000 Verifier.exe
Description=Part of the Starband satellite client that attempts to optimize your satellite connection to increase speed
Source=Paul Collins Startup list
[NetTime]
Number=7130
Confirmed=U
Filename=NETTIME.EXE
Description=From a visitor - "This is the executable for NetTime. It is started from the registry when you check the box to start at startup. NetTime allows you to synchronize your computers' clock with a server on your local net or the internet using any of several protocols, e.g. NTP."
Source=Paul Collins Startup list
[NetTurbo]
Number=7131
Confirmed=U
Filename=netturbo.exe
Description=NetTurbo from SharewareOnline.com. "Accelerate Your Internet Connections by up to 600%". If you find it helps your connectivity leave it enabled
Source=Paul Collins Startup list
[Netunit32]
Number=7132
Confirmed=X
Filename=wunit32.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[NETVISIONAdulti]
Number=7133
Confirmed=X
Filename=[random filename]
Description=Trafficadvance dialer
Source=Paul Collins Startup list
[NETVISIONPasse-partout]
Number=7134
Confirmed=X
Filename=Passe-partout.exe
Description=Added by the DIALCAR-M DIALER!
Source=Paul Collins Startup list
[NetWatch32]
Number=7135
Confirmed=X
Filename=netwatch.exe
Description=Added by the MIMAIL.C WORM!
Source=Paul Collins Startup list
[Netword Agent]
Number=7136
Confirmed=N
Filename=nwant33.exe
Description=An interesting browser utility that allows you to navigate by typing a single word or phrase (a "NetWord") related to what you're looking for into your browser's location field. It also puts an icon in the system tray icon that is a circle with the letter N in the center to access the menu faster. Available via Start -> Programs
Source=Paul Collins Startup list
[NetWork]
Number=7137
Confirmed=X
Filename=csrs.exe
Description=Added by the AGOBOT.JJ WORM!
Source=Paul Collins Startup list
[Network Access]
Number=7138
Confirmed=X
Filename=winssh.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Network Administration]
Number=7139
Confirmed=X
Filename=NAS.exe
Description=Added by the ANTILAM.20.Q TROJAN!
Source=Paul Collins Startup list
[Network Administration Service]
Number=7140
Confirmed=X
Filename=rsvc32.exe
Description=Added by the RBOT.ABH WORM!
Source=Paul Collins Startup list
[Network Associates Error Reporting Service]
Number=7141
Confirmed=U
Filename=TBMon.exe
Description=Network Associates Error Reporting Tool - tool traps errors and requests submission to NAI for the purpose of betatesting new software
Source=Paul Collins Startup list
[Network Connections]
Number=7142
Confirmed=X
Filename=internat.exe
Description=Added by the ZD TROJAN!
Source=Paul Collins Startup list
[network device driver]
Number=7143
Confirmed=X
Filename=msfirewall.exe
Description=Added by the DELF-LB TROJAN!
Source=Paul Collins Startup list
[NetWork Device Switch]
Number=7144
Confirmed=U
Filename=NetDevSW.exe
Description=Toshiba laptops with built-in Wi-Fi. Allows switching between Wi-Fi and internal ethernet. Only necessary if you have regular need to switch back and forward between these network interfaces. Located in Startup folder so make own shortcut to it and disable if not really necessary
Source=Paul Collins Startup list
[Network Host Controller]
Number=7145
Confirmed=X
Filename=[path to trojan]
Description=Added by the WHISPER TROJAN!
Source=Paul Collins Startup list
[Network Host Service]
Number=7146
Confirmed=X
Filename=msmnart32.exe
Description=Added by the RBOT-CJV WORM!
Source=Paul Collins Startup list
[Network Host Service]
Number=7147
Confirmed=X
Filename=[random]32.exe
Description=Added by the RBOT-BAB WORM!
Source=Paul Collins Startup list
[Network Protocol Service]
Number=7148
Confirmed=X
Filename=wuamgrd.exe
Description=Added by the RBOT.EA WORM!
Source=Paul Collins Startup list
[Network protocol service]
Number=7149
Confirmed=X
Filename=wintcp.exe
Description=Added by a variant of the AGOBOT/GAOBOT WORM!
Source=Paul Collins Startup list
[Network Security]
Number=7150
Confirmed=X
Filename=secsvc.exe
Description=Added by the RBOT-ALX WORM!
Source=Paul Collins Startup list
[Network Security Guard]
Number=7151
Confirmed=X
Filename=**********.exe [* = random char]
Description=CoolWebSearch parasite variant
Source=Paul Collins Startup list
[Network Security Guard]
Number=7152
Confirmed=X
Filename=[path to trojan]
Description=Added by the COLEM-A TROJAN!
Source=Paul Collins Startup list
[Network Service]
Number=7153
Confirmed=X
Filename=svchost.exe
Description=Added by the STARTPA-CC TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[Network Service]
Number=7154
Confirmed=X
Filename=svhost.exe
Description=Added by the HACDEF-K TROJAN!
Source=Paul Collins Startup list
[Network Service]
Number=7155
Confirmed=X
Filename=MccTrayApp.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Network Service Manager]
Number=7156
Confirmed=X
Filename=netsvc.exe
Description=Added by a variant of the AGOBOT/GAOBOT WORM!
Source=Paul Collins Startup list
[Network Service Manager]
Number=7157
Confirmed=X
Filename=netsvc.exe
Description=Added by a variant of the GAOBOT/AGOBOT WORM!
Source=Paul Collins Startup list
[NetworkAssociates Inc]
Number=7158
Confirmed=X
Filename=internet.exe
Description=Added by the LOVGATE WORM!
Source=Paul Collins Startup list
[NetworkClient]
Number=7159
Confirmed=X
Filename=NetworkClient.exe
Description=Added by the LEMUR WORM!
Source=Paul Collins Startup list
[NetworkKey]
Number=7160
Confirmed=X
Filename=netkey.exe
Description=Added by the IRCBOT-AJ TROJAN!
Source=Paul Collins Startup list
[Networks Configurator]
Number=7161
Confirmed=X
Filename=NetConfs.exe
Description=Added by the RBOT-OX WORM!
Source=Paul Collins Startup list
[Networks Controler]
Number=7162
Confirmed=X
Filename=Netsis.exe
Description=Added by the RBOT-NG WORM!
Source=Paul Collins Startup list
[NetworkSetup]
Number=7163
Confirmed=N
Filename=dlink.exe
Description=D-Link System Tray icon
Source=Paul Collins Startup list
[Netzip Smart Downloader]
Number=7164
Confirmed=X
Filename=npnzdad.exe
Description=Advertising spyware
Source=Paul Collins Startup list
[NetZIPFolders]
Number=7165
Confirmed=N
Filename=nzfprop.exe
Description=Netzip Classic zip file manager
Source=Paul Collins Startup list
[NeuroMedia(IESpeaker)]
Number=7166
Confirmed=X
Filename=NeuroMedia.exe
Description=Part of an older freeware version of IESpeaker - a program that allows you to listen to web pages. NeuroMedia.exe only downloads advertisments. Not included in the paid-for version currently available
Source=Paul Collins Startup list
[NeuroSpeech OESpeaker]
Number=7167
Confirmed=N
Filename=OEMonitor.exe
Description=Part of OESpeaker - a program that allows you to listen to long E-mails instead of reading them in Outlook Express. OEMonitor.exe checks whether OE is open or not
Source=Paul Collins Startup list
[New Csnm Manager]
Number=7168
Confirmed=X
Filename=csmn.exe
Description=Added by the SDBOT.BZS WORM!
Source=Paul Collins Startup list
[New.net]
Number=7169
Confirmed=X
Filename=rundll32.exe NewDotNetStartup Newdot~2.exe
Description=NewDotNet foistware
Source=Paul Collins Startup list
[New.net Startup]
Number=7170
Confirmed=X
Filename=rundll32 [path], NewDotNetStartup -s
Description=NewDotNet foistware
Source=Paul Collins Startup list
[NEWDOT~1]
Number=7171
Confirmed=X
Filename=rundll32.exe NewDotNetStartup Newdot~2.exe
Description=NewDotNet foistware
Source=Paul Collins Startup list
[Newman]
Number=7172
Confirmed=X
Filename=playavi.exe
Description=Added by the LINEAGE-AT TROJAN! Note - This trojan file is found in the Windows\java or Winnt\java folder
Source=Paul Collins Startup list
[newname]
Number=7173
Confirmed=X
Filename=[path to trojan]
Description=Added by the DRSMARTL-S TROJAN!
Source=Paul Collins Startup list
[News Service]
Number=7174
Confirmed=?
Filename=ispnews.exe
Description=F-Secure antivirus related. However, is this particular item required?
Source=Paul Collins Startup list
[Newsalrt]
Number=7175
Confirmed=N
Filename=NEWSALRT.EXE
Description=MSNBC News system tray utility to alert you to new news
Source=Paul Collins Startup list
[Newsgroup lptt01]
Number=7176
Confirmed=X
Filename=newsgroup.exe
Description=RapidBlaster variant (in a "newsgroup" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
Source=Paul Collins Startup list
[Newsgroup ml097e]
Number=7177
Confirmed=X
Filename=newsgroup.exe
Description=RapidBlaster variant (in a "newsgroup" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
Source=Paul Collins Startup list
[NewsUpd]
Number=7178
Confirmed=N
Filename=newsupd.exe
Description=For Creative Soundblaster Live! series soundcards. System tray application for News updates. Available via Start -> Programs. Also spyware - see here.
Source=Paul Collins Startup list
[NewtonKnowsUpd]
Number=7179
Confirmed=X
Filename=NewtKnow.exe ...NewtnUpd.dll, runkey
Description=NewtonKnows hijacker
Source=Paul Collins Startup list
[NexusServer]
Number=7180
Confirmed=U
Filename=PNXSERVR.exe
Description=Related to ProCoder 2.0 from Canopus. "ProCoder 2.0 software combines speed and flexibility into a streamlined video conversion tool for professionals. Featuring, extensive input/output options, advanced filtering, batch processing and an easy-to-use interface, ProCoder 2.0 is the ideal solution for high-quality multi-format video creation"
Source=Paul Collins Startup list
[NFM Service]
Number=7181
Confirmed=U
Filename=NPDOR9x.exe
Description=Appears in startup if you have chosen to participate in on survey by NPD Online Research. Required for the survey to work correctly. Otherwise not required
Source=Paul Collins Startup list
[Nfo]
Number=7182
Confirmed=X
Filename=nfomon.exe
Description=Delfin Media Viewer adware related
Source=Paul Collins Startup list
[nForce Tray Options]
Number=7183
Confirmed=N
Filename=sstray.exe
Description=nVidia nForce Taskbar Utility - quick access to the nForce2 "Sound Storm" control panel and related utilitys
Source=Paul Collins Startup list
[NGClient]
Number=7184
Confirmed=U
Filename=ngctw32.exe
Description=Symantec Ghost Server software - needed for a "a Ghost multicast" (transfer images to multiple machines). Can be launched manually
Source=Paul Collins Startup list
[ngpw36]
Number=7185
Confirmed=X
Filename=ngpw36.exe
Description=AdBlaster adware variant
Source=Paul Collins Startup list
[NGServer]
Number=7186
Confirmed=N
Filename=ngserver.exe
Description=Symantec/Norton Ghost Console service
Source=Paul Collins Startup list
[NI.UERSM_0001_N68M1602]
Number=7187
Confirmed=N
Filename=UERSM_0001_N68M1602NetInstaller.exe
Description=ErrorSafe security risk that may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported threats
Source=Paul Collins Startup list
[NI.UWA6P_0001_N56M1001]
Number=7188
Confirmed=X
Filename=WinAntiVirusPro2006Installer.exe
Description=WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here
Source=Paul Collins Startup list
[NI.UWA6P_0001_N69M0303]
Number=7189
Confirmed=U
Filename=WinAntiVirusPro2006Installer[1].exe
Description=WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here
Source=Paul Collins Startup list
[NI.UWA6P_0001_N73M1004]
Number=7190
Confirmed=N
Filename=WinAntiVirusPro2006FreeInstall.exe
Description=WinAntiVirus Pro 2006 virus software - not recommended, see here
Source=Paul Collins Startup list
[NI.UWA6P_0001_N91M1807]
Number=7191
Confirmed=N
Filename=winantiviruspro2006freeinstall[1].exe
Description=WinAntiVirus Pro 2006 virus software - not recommended, see here
Source=Paul Collins Startup list
[NI.UWA7P_0001_N91M0809]
Number=7192
Confirmed=N
Filename=winantiviruspro2007freeinstall[1].exe
Description=WinAntiVirus Pro 2007 virus software - not recommended, see here
Source=Paul Collins Startup list
[NI.UWAS6_0001_N68M2301]
Number=7193
Confirmed=X
Filename=UWAS6_0001_N68M2301NetInstaller.exe
Description=WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here
Source=Paul Collins Startup list
[NI.UWFX5]
Number=7194
Confirmed=X
Filename=UWFX5NetInstaller.exe
Description=WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here
Source=Paul Collins Startup list
[NI.UWFX5T]
Number=7195
Confirmed=X
Filename=UWFX5TNetInstaller.exe
Description=Added by the DOWNLDR-BO TROJAN!
Source=Paul Collins Startup list
[NI.UWFX5[various]]
Number=7196
Confirmed=X
Filename=[various filenames]
Description=WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here. Example filenames are UWFX5LP_0001_0802NetInstaller.exe, UWFX5V_0001_0802NetInstaller.exe, UWFX5_0001_N66M1101NETINSTALLER.EXE, 1D7C.tmp, WinFixerScannerInstall[1].exe
Source=Paul Collins Startup list
[NiceDownloads]
Number=7197
Confirmed=X
Filename=rundll32.exe MSA64CHK.dll, DllMostrar
Description=MatrixDialer related
Source=Paul Collins Startup list
[Nielsen NetRatings]
Number=7198
Confirmed=X
Filename=insight.exe
Description=NetRatings Premeter spyware
Source=Paul Collins Startup list
[NIHomeAM]
Number=7199
Confirmed=U
Filename=LiteClientAM.exe
Description=A managed web based internet security service that provides comprehensive & total protection for laptops/desktops - regardless of how, when or where they connect to the Internet. Made by Netintelligence Ltd
Source=Paul Collins Startup list
[nikLaus]
Number=7200
Confirmed=X
Filename=nikLaus.exe
Description=Added by the NIKLAS WORM!
Source=Paul Collins Startup list
[NInit]
Number=7201
Confirmed=N
Filename=NInit.exe
Description=Norton Uninstall Deluxe. Monitors programs being installed and logs them for removing later. Available via Start -> Programs for manual logging - not required
Source=Paul Collins Startup list
[nisserv]
Number=7202
Confirmed=Y
Filename=NISSERV.EXE
Description=Norton Personal Firewall
Source=Paul Collins Startup list
[Nisum]
Number=7203
Confirmed=Y
Filename=NISUM.EXE
Description=Norton Personal Firewall
Source=Paul Collins Startup list
[niSvcLoc]
Number=7204
Confirmed=U
Filename=niSvcLoc.exe
Description=Related to National Instruments Corp. LabView
Source=Paul Collins Startup list
[NJG40]
Number=7205
Confirmed=X
Filename=NJG40.EXE
Description=Added by the BANCOS.D TROJAN!
Source=Paul Collins Startup list
[NkbMonitor]
Number=7206
Confirmed=N
Filename=NkbMonitor.exe
Description=Part of Nikon PictureProject - image management for Nikon digital cameras
Source=Paul Collins Startup list
[NkvMon.exe]
Number=7207
Confirmed=N
Filename=NkvMon.exe
Description=Nikon View 5 - for transferring pictures from Nikon digital cameras
Source=Paul Collins Startup list
[NkVwMon.exe]
Number=7208
Confirmed=N
Filename=NkVwMon.exe
Description=Nikon View - for transferring pictures from Nikon digital cameras
Source=Paul Collins Startup list
[NliaClient]
Number=7209
Confirmed=U
Filename=Netpia.exe
Description=Netpia NLIA System - "In the existing Internet address system, the Domain Name System (DNS) layer runs on the IP address layer. In the NLIA system, however, the upper layer is implemented on DNS"
Source=Paul Collins Startup list
[NLS Keyboard]
Number=7210
Confirmed=X
Filename=keyboard.exe
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[NLS Monitor]
Number=7211
Confirmed=X
Filename=nlsmon.exe
Description=Added by the RBOT-AXJ WORM!
Source=Paul Collins Startup list
[nmapp]
Number=7212
Confirmed=U
Filename=nmapp.exe
Description=Pure Networks "Network Magic eliminates common frustrations and saves time by simplifying and automating set up, management and repair of home networks, and makes printer and file sharing effortless"
Source=Paul Collins Startup list
[NMBgMonitor]
Number=7213
Confirmed=U
Filename=NMBgMonitor.exe
Description=Associated with Nero Scout, added by version 7 of the Nero digital media suite (CD & DVD burning, authoring, etc). Thanks to Help2Go.com, if you feel this is draining more resources that necessary you can disable it by clicking here
Source=Paul Collins Startup list
[NMFirstStart]
Number=7214
Confirmed=U
Filename=NMFirstStart.exe
Description=Associated with Nero Scout, added by version 7 of the Nero digital media suite (CD & DVD burning, authoring, etc). Thanks to Help2Go.com, if you feel this is draining more resources that necessary you can disable it by clicking here
Source=Paul Collins Startup list
[nmgr]
Number=7215
Confirmed=X
Filename=nnmgr.exe
Description=Added by the Adware.FFToolBar adware toolbar
Source=Paul Collins Startup list
[NMSSvc]
Number=7216
Confirmed=?
Filename=NMSSVC.EXE
Description=NIC Management Service - diagnostics program for Intel Pro family network cards
Source=Paul Collins Startup list
[NMSVC]
Number=7217
Confirmed=Y
Filename=nmSvc.exe
Description=Covenant Eyes - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it. Disabling it means loss of internet connection until renabled - therefore required if you use it
Source=Paul Collins Startup list
[nMTaskBarService]
Number=7218
Confirmed=?
Filename=nMtsk.exe
Description=Taskbar control for ISDN NetMod modem. What does it do and is it required?
Source=Paul Collins Startup list
[NNLL]
Number=7219
Confirmed=U
Filename=nnll.exe
Description=Net Nanny internet filter
Source=Paul Collins Startup list
[nnqcouu]
Number=7220
Confirmed=X
Filename=nnqcouu.exe
Description=The Abi Network adware
Source=Paul Collins Startup list
[NNSvc]
Number=7221
Confirmed=U
Filename=nnsvc.exe
Description=Net Nanny internet filter
Source=Paul Collins Startup list
[No Credit Card]
Number=7222
Confirmed=X
Filename=plugin-[random].exe
Description=Adult content pop-up dialler
Source=Paul Collins Startup list
[No-IP DUC]
Number=7223
Confirmed=U
Filename=DUC20.exe
Description=Part of http://www.no-ip.com provided service. Keeps No-IP's dynamic nameserver (DNS) updated if and when your computer's (network's) dynamic IP-address changes so that you can run servers on computers with dynamic IP. Shortcut available
Source=Paul Collins Startup list
[NoAds]
Number=7224
Confirmed=U
Filename=NoAds.exe
Description=Blocks advertisement banners in Internet Explorer
Source=Paul Collins Startup list
[NoAdware]
Number=7225
Confirmed=U
Filename=NoAdware.exe
Description=NoAdware - spyware remover. This version is not recommended - see here
Source=Paul Collins Startup list
[NoAdware3]
Number=7226
Confirmed=U
Filename=NoAdware3.exe
Description=NoAdware - spyware remover. Initially not recommended due to false positives and aggressive advertising but the later versions have since improved - see here
Source=Paul Collins Startup list
[NoAdware4]
Number=7227
Confirmed=U
Filename=NoAdware4.exe
Description=NoAdware - spyware remover. Initially not recommended due to false positives and aggressive advertising but the later versions have since improved - see here
Source=Paul Collins Startup list
[Nocana]
Number=7228
Confirmed=X
Filename=[path to worm]
Description=Added by the ANACON-B WORM!
Source=Paul Collins Startup list
[NOD32 FiX]
Number=7229
Confirmed=X
Filename=regedt32.exe
Description=NodFix is a is a potentially unwanted application. This application is given an (X) status because we does not and will not support Cracks or Warez. Do not delete the regedt32.exe as it is the legitimate Windows application. NodFix interferes with the default settings of the NOD32 AV application allowing to bypass its free using period as well as changes the default update server to that eval signatures thus allowing to update NOD32 without password. Note - to avoid interfering with the NOD32 application original settings no full cleanup can be provided
Source=Paul Collins Startup list
[Nod32 Free antivirus]
Number=7230
Confirmed=X
Filename=nod32krn.exe
Description=Added by the RBOT-AAO WORM! Note - not the popular free NOD32 antivirus software, which shares the same filename
Source=Paul Collins Startup list
[Nod32 Service]
Number=7231
Confirmed=X
Filename=nod64.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Nod32 Service]
Number=7232
Confirmed=X
Filename=alserv32.exe
Description=Added by the RBOT.DHN WORM!
Source=Paul Collins Startup list
[Nod32CC]
Number=7233
Confirmed=U
Filename=nod32cc.exe
Description=Control Center part of Eset's NOD32 virus-scanner. Leave this enabled if you want to update your virus data files via the click of a button
Source=Paul Collins Startup list
[NOD32kernel]
Number=7234
Confirmed=Y
Filename=Nod32krn.exe
Description=NOD32 antivirus
Source=Paul Collins Startup list
[nod32kui]
Number=7235
Confirmed=Y
Filename=nod32kui.exe
Description=NOD32 antivirus
Source=Paul Collins Startup list
[NOD32POP3]
Number=7236
Confirmed=Y
Filename=Pop3scan.exe
Description=POP3 E-mail part of Eset's NOD32 virus-scanner
Source=Paul Collins Startup list
[Nod3d2 Free antivirus]
Number=7237
Confirmed=X
Filename=N0D32KRN.EXE
Description=Added by the RBOT-ABQ WORM!
Source=Paul Collins Startup list
[NodeMnger]
Number=7238
Confirmed=?
Filename=Nodemngr.exe
Description=Part of the Dell OpenManage Client installation - to allow Dell representatives to remote logon?
Source=Paul Collins Startup list
[nodriver]
Number=7239
Confirmed=X
Filename=AUEKXRZ.EXE
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[Noha]
Number=7240
Confirmed=X
Filename=aasd.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[Nokia Check]
Number=7241
Confirmed=X
Filename=nokiacheck.exe
Description=Added by the WORM_RBOT.CDC WORM!
Source=Paul Collins Startup list
[Nokia Connection Monitor]
Number=7242
Confirmed=N
Filename=NclConf.exe
Description=Monitors the infrared port, the serial ports and the Bluetooth for a Nokia phone connection. It is installed by the Nokia PC Suite (and Nokia PC Connectivity SDK), and the tray icon shows if a phone has been connected. If you have a conflict with another program, such as TV tuner card remote control monitor, you can disable it, and run only when needed. Available via a desktop shortcut or Start -> Programs - not required
Source=Paul Collins Startup list
[Nokia Tray Application]
Number=7243
Confirmed=U
Filename=NclTray.exe
Description=Nokia PC Suite 5 - "A collection of powerful tools that you can use to manage your phone features and data." Synchronize the phone with, for example Outlook. You can also use it to browse your phone, edit the phone list and so on
Source=Paul Collins Startup list
[NOMAD Detector]
Number=7244
Confirmed=U
Filename=ctnmrun.exe
Description=Detects the Creative NOMAD jukebox/MP3 player at the time it is attached to USB and starts the needed application (Creative PlayCentre 2) that you use to copy MP3 files to and from it. This is required if you want PlayCentre 2 to take control of the NOMAD once connected
Source=Paul Collins Startup list
[NomdCheck]
Number=7245
Confirmed=N
Filename=nomdchek.exe
Description=Part of Intel's Native Audio
Source=Paul Collins Startup list
[nomtray]
Number=7246
Confirmed=U
Filename=nomtray.exe
Description=System Tray access to NetMotion Wireless options - including connectivity status (see here)
Source=Paul Collins Startup list
[Nord]
Number=7247
Confirmed=X
Filename=nordsys.exe
Description=Added by the DREF-S WORM!
Source=Paul Collins Startup list
[Norman ZANDA]
Number=7248
Confirmed=U
Filename=ZLH.EXE
Description=System Tray icon for Norman Antivirus
Source=Paul Collins Startup list
[NortE Antivirus]
Number=7249
Confirmed=X
Filename=norte.exe
Description=Added by the RBOT.BQQ WORM!
Source=Paul Collins Startup list
[NortE Antivirus]
Number=7250
Confirmed=X
Filename=norten.exe
Description=Added by the RBOT-AFF WORM!
Source=Paul Collins Startup list
[norten Software Intrenet]
Number=7251
Confirmed=X
Filename=norten.pif
Description=Added by the RBOT-AWA WORM!
Source=Paul Collins Startup list
[Norton Antiviral Scanner]
Number=7252
Confirmed=X
Filename=navscnr.exe
Description=Added by the DELBOT-K WORM!
Source=Paul Collins Startup list
[Norton Antivirus]
Number=7253
Confirmed=X
Filename=nortonav.exe
Description=Added by the RBOT-AYE TROJAN! Note - this is not the real Norton AV!
Source=Paul Collins Startup list
[Norton Antivirus 2004]
Number=7254
Confirmed=X
Filename=SYMANTECAV2.EXE
Description=Added by the SPYBOT-DY WORM! Note - this is not the real Norton AV!
Source=Paul Collins Startup list
[Norton Antivirus 7.0a]
Number=7255
Confirmed=X
Filename=[path to file]
Description=Added by the PERDA-B or RANCK-CT TROJANS!
Source=Paul Collins Startup list
[Norton Antivirus AV]
Number=7256
Confirmed=X
Filename=FVProtect.exe
Description=Added by the NETSKY.P WORM! Note - this is not the popular AV software!
Source=Paul Collins Startup list
[Norton AntiVirus Sys]
Number=7257
Confirmed=X
Filename=NAVsys32.exe
Description=Added by a variant of the WOOTBOT WORM!
Source=Paul Collins Startup list
[Norton Antivirus Updater]
Number=7258
Confirmed=X
Filename=nortonav.exe
Description=Added by the DELBOT-T WORM! Note - this is not the real Norton AV!
Source=Paul Collins Startup list
[Norton Auto Protect]
Number=7259
Confirmed=X
Filename=nava.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Norton Auto Protect]
Number=7260
Confirmed=X
Filename=crss32.exe
Description=Added by the SDBOT.ATF WORM!
Source=Paul Collins Startup list
[Norton Auto-Protect]
Number=7261
Confirmed=Y
Filename=navapw32.exe
Description=Norton Anti-Virus's background scanning process
Source=Paul Collins Startup list
[Norton Auto-Protect]
Number=7262
Confirmed=X
Filename=ccApp.exe
Description=Added by the AKHER.D WORM! Note - for the valid Norton AV entry the filename is "navapexe". This is also not the valid Norton AV file with the same filename
Source=Paul Collins Startup list
[Norton Auto-Protect]
Number=7263
Confirmed=X
Filename=SERVICES.exe
Description=Added by the Ahker.B WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder. Also, this is not part of Norton AV
Source=Paul Collins Startup list
[Norton AV Preload]
Number=7264
Confirmed=?
Filename=Premend.exe
Description=Norton Antivirus related. What does it do and is it required
Source=Paul Collins Startup list
[Norton AV Protection Startup]
Number=7265
Confirmed=X
Filename=Ati2xxx.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Norton Crashguard Monitor]
Number=7266
Confirmed=N
Filename=cgmenu.exe
Description=Troublesome program that doesn't actually work with WinME so Norton removed it from SystemWorks 2001
Source=Paul Collins Startup list
[Norton Disk Doctor]
Number=7267
Confirmed=N
Filename=Ndd32.exe
Description=Norton Disk Doctor from Norton Utilities. Automatically runs at start-up, checking for disk errors. Better than ScanDisk but can be started manually via Start -> Programs. Delete the shortcut in the Start -> Programs -> Startup folder as well
Source=Paul Collins Startup list
[Norton Drive Protection]
Number=7268
Confirmed=X
Filename=msdt32.exe
Description=Added by the FORBOT-GB WORM! Note - this not a valid Norton program!
Source=Paul Collins Startup list
[Norton eMail Protect]
Number=7269
Confirmed=Y
Filename=POPROXY.EXE
Description=Proxy E-mail protection from Norton Anti-Virus (prior to 2002). If you have it installed, leave it enabled to automatically check for suspect attachments in E-mails that may contain viruses. It downloads the E-mail into poproxy, which serves as a proxy server on the local machine, before scanning it
Source=Paul Collins Startup list
[Norton Firewall]
Number=7270
Confirmed=X
Filename=[path to trojan]
Description=Added by the BANKER-ET TROJAN!
Source=Paul Collins Startup list
[Norton Ghost 9.0]
Number=7271
Confirmed=N
Filename=GhostTray.exe
Description=Norton Ghost tray icon - the application can be launched manually
Source=Paul Collins Startup list
[Norton Guard 32]
Number=7272
Confirmed=X
Filename=ntguard32.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Norton Live Update Server]
Number=7273
Confirmed=X
Filename=cpsdv.exe
Description=Added by the AGOBOT.EW TROJAN!
Source=Paul Collins Startup list
[Norton Live Updater]
Number=7274
Confirmed=X
Filename=Cavapsvc.exe
Description=Added by the GAOBOT.AO WORM!
Source=Paul Collins Startup list
[Norton Live Updater]
Number=7275
Confirmed=X
Filename=Sochost.exe
Description=Added by the GAOBOT.AO WORM!
Source=Paul Collins Startup list
[Norton Navigator Loader]
Number=7276
Confirmed=N
Filename=nnloader.exe
Description=An older Norton utility for file management under Windows 95. More information here
Source=Paul Collins Startup list
[Norton Personal Firewall]
Number=7277
Confirmed=X
Filename=jah.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Norton Personal Firewall]
Number=7278
Confirmed=X
Filename=npfw.exe
Description=Added by the RBOT-UI WORM!
Source=Paul Collins Startup list
[Norton Personal Firewall]
Number=7279
Confirmed=X
Filename=lah.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Norton Personal Firewall]
Number=7280
Confirmed=X
Filename=npfw32.exe
Description=Added by the RBOT-UQ WORM!
Source=Paul Collins Startup list
[Norton Personal Firewall]
Number=7281
Confirmed=Y
Filename=IntroWiz.exe
Description=Part of Norton Personal Firewall or Norton Internet Security
Source=Paul Collins Startup list
[Norton Program Scheduler]
Number=7282
Confirmed=U
Filename=nsched32.exe
Description=Installed on a Windows system where the Windows Task Scheduler isn't used as part of the OS (Win95, WinNT(?), Win2K(?)) to schedule automatic tasks such as Norton Anti-Virus scans
Source=Paul Collins Startup list
[Norton Program Scheduler]
Number=7283
Confirmed=U
Filename=NPSsvc.exe
Description=Installed on a Windows system where the Windows Task Scheduler isn't used as part of the OS (Win95, WinNT(?), Win2K(?)) to schedule automatic tasks such as Norton Anti-Virus scans
Source=Paul Collins Startup list
[Norton Program Scheduler Event Checker]
Number=7284
Confirmed=?
Filename=npscheck.exe
Description=Part of Norton Anti-Virus. What does it do? Apparently it can safely be disabled without causing problems. Can also be listed as NPS Event Checker
Source=Paul Collins Startup list
[Norton Protect]
Number=7285
Confirmed=X
Filename=npprotect.exe
Description=Added by the RBOT-WW WORM!
Source=Paul Collins Startup list
[Norton protect]
Number=7286
Confirmed=X
Filename=nvsvc.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Norton Protect Activies]
Number=7287
Confirmed=X
Filename=csrss.exe
Description=Added by the BANKER-CZ TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "D5133" subfolder
Source=Paul Collins Startup list
[Norton Service Driver]
Number=7288
Confirmed=X
Filename=wsul.exe
Description=Added by the RBOT-ABI WORM!
Source=Paul Collins Startup list
[Norton Service Process]
Number=7289
Confirmed=X
Filename=navapvc.exe
Description=Added by a variant of the AGOBOT/GAOBOT WORM!
Source=Paul Collins Startup list
[Norton SpySweeper AutoUpdate]
Number=7290
Confirmed=X
Filename=navsw.exe
Description=Added by the FORBOT-AS WORM!
Source=Paul Collins Startup list
[Norton System]
Number=7291
Confirmed=X
Filename=csrs.scr
Description=Added by the BANLOA-AFM TROJAN!
Source=Paul Collins Startup list
[Norton System Doctor]
Number=7292
Confirmed=N
Filename=Sysdoc32.exe
Description=Norton Disk Doctor from Norton Utilities. Automatically runs at start-up, major resource hog and best started manually form Start -> Programs. Delete the shortcut in the Start -> Programs -> Startup folder as well
Source=Paul Collins Startup list
[Norton SystemWorks]
Number=7293
Confirmed=N
Filename=cfgwiz.exe
Description=Norton System Works configuration wizard. Reportedly a resource hog. Many users find they can live without loading it
Source=Paul Collins Startup list
[Norton Update]
Number=7294
Confirmed=X
Filename=ccUpdate.exe
Description=Added by a variant of the AGOBOT/GAOBOT WORM!
Source=Paul Collins Startup list
[Norton Update]
Number=7295
Confirmed=X
Filename=winsvc.exe
Description=Added by the AGOBOT.ALP WORM!
Source=Paul Collins Startup list
[Norton Update]
Number=7296
Confirmed=X
Filename=cUpdate.exe
Description=Added by the AGOBOT.APP WORM!
Source=Paul Collins Startup list
[Norton updated]
Number=7297
Confirmed=X
Filename=NVSV32.EXE
Description=Added by the SDBOT.ABH WORM!
Source=Paul Collins Startup list
[Norton Updater]
Number=7298
Confirmed=X
Filename=winset.exe
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[Norton Updater]
Number=7299
Confirmed=X
Filename=lsa.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Norton Updater]
Number=7300
Confirmed=X
Filename=NortonUpdate.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Norton Updater]
Number=7301
Confirmed=X
Filename=ccUpdate.exe
Description=Added by a variant of the AGOBOT/GAOBOT WORM!
Source=Paul Collins Startup list
[Norton Updater]
Number=7302
Confirmed=X
Filename=navupdtr.exe
Description=Added by the SDBOT.AXV WORM!
Source=Paul Collins Startup list
[Norton Wizzard]
Number=7303
Confirmed=X
Filename=nwiz.exe
Description=Added by the GAOBOT.ADV WORM! Note - this is not the valid nVidia application that shares the same name
Source=Paul Collins Startup list
[norton32]
Number=7304
Confirmed=X
Filename=norton32.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[NortonAntivirus]
Number=7305
Confirmed=X
Filename=LSASS.exe
Description=Added by the PEXMOR WORM! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Temp" subfolder of the Winnt or Windows folder. It also has nothing to do with Norton AV
Source=Paul Collins Startup list
[NortonAV]
Number=7306
Confirmed=X
Filename=norton_antivirus.exe
Description=Added by the NETJOE TROJAN! Note - this is not the legitimate Symantec AV program
Source=Paul Collins Startup list
[nortonav]
Number=7307
Confirmed=X
Filename=CCUPD32.EXE
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[nortonp]
Number=7308
Confirmed=X
Filename=nortonp.exe
Description=Added by the JD-A TROJAN!
Source=Paul Collins Startup list
[Nortons AV SYSTEM]
Number=7309
Confirmed=X
Filename=scvchost.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Nortons AVS Systems]
Number=7310
Confirmed=X
Filename=arse.exe
Description=Added by the RBOT.AWY WORM!
Source=Paul Collins Startup list
[nortonsantivirus]
Number=7311
Confirmed=X
Filename=ccEvtMngr.exe
Description=Added by the HZDOOR-A TROJAN!
Source=Paul Collins Startup list
[NortonVPlus]
Number=7312
Confirmed=X
Filename=svchost.exe
Description=Added by the ROAMER-A TROJAN! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup!
Source=Paul Collins Startup list
[Notebook Maximizer]
Number=7313
Confirmed=U
Filename=maximizer_startup.exe
Description=Toshiba Notebook Maximizer software - adjust settings to save battery power and increase efficiency
Source=Paul Collins Startup list
[NotebookManager]
Number=7314
Confirmed=?
Filename=nbm.exe
Description=Associated with Acer notebook PCs. What does it do and is it required?
Source=Paul Collins Startup list
[NOTEPAD]
Number=7315
Confirmed=X
Filename=NOTEPAD.exe
Description=Added as the result of the RUSTY VIRUS! Note - not to be confused with the valid Windows "NOTEPAD" text editor! This malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
Source=Paul Collins Startup list
[NotePad]
Number=7316
Confirmed=X
Filename=[worm filename]
Description=Added by the SILLYFDC-G WORM!
Source=Paul Collins Startup list
[Notepad]
Number=7317
Confirmed=X
Filename=ntoepad.exe
Description=Added by the DELBOT-AK WORM!
Source=Paul Collins Startup list
[Notepad lptt01]
Number=7318
Confirmed=X
Filename=notepad.exe
Description=RapidBlaster variant (in a "Notepad" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not Windows Notepad which has the same executable name
Source=Paul Collins Startup list
[Notepad ml097e]
Number=7319
Confirmed=X
Filename=notepad.exe
Description=RapidBlaster variant (in a "Notepad" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not Windows Notepad which has the same executable name
Source=Paul Collins Startup list
[notepad.exe]
Number=7320
Confirmed=X
Filename=upx.exe
Description=Added by a variant of the AGENT.AH TROJAN!
Source=Paul Collins Startup list
[notepad.exe]
Number=7321
Confirmed=X
Filename=msmsgs.exe
Description=Added by a variant of the FAKESPY-B TROJAN! Note - this particular msmsgs.exe file is located in the Windows\System32 or Winnt\System32 folder, and should not be mistaken for the MSN Messenger file of the same name!
Source=Paul Collins Startup list
[notepad.exe]
Number=7322
Confirmed=X
Filename=msmsgs.exe
Description=Added by the ZLOB-I TROJAN!
Note - not be mistaken for the MSN Messenger file of the same name!
Source=Paul Collins Startup list
[notepad.exe]
Number=7323
Confirmed=X
Filename=msmsgs.exe
Description=Added by the ZLOB-I and ZLOB-H TROJANS! Note - not to be confused with msmsgs.exe, the well known MSN Instant Messaging application!
Source=Paul Collins Startup list
[notepad2.exe]
Number=7324
Confirmed=X
Filename=popuper.exe
Description=Added by the PUPER-E TROJAN!
Source=Paul Collins Startup list
[notes]
Number=7325
Confirmed=X
Filename=notepaad.exe
Description=Added by the RBOT.BME WORM!
Source=Paul Collins Startup list
[Notification Utility]
Number=7326
Confirmed=X
Filename=altpayV2.exe
Description=Reported by Ewido Security Suite as WeirWeb adware
Source=Paul Collins Startup list
[Notn]
Number=7327
Confirmed=X
Filename=Eber.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[Notn]
Number=7328
Confirmed=X
Filename=wtta.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[NovaBackup * Tray Control]
Number=7329
Confirmed=U
Filename=NbkCtrl.exe
Description=Scheduling engine of NovaSTOR Backup Service. Only required if scheduling is enabled and wanted - see here. * represents the version number
Source=Paul Collins Startup list
[NovaPortal Single User Service]
Number=7330
Confirmed=?
Filename=NPSU.exe
Description=??
Source=Paul Collins Startup list
[NovastorSchedulerd]
Number=7331
Confirmed=U
Filename=SCHENGD.EXE
Description=NovaStor NovaBACKUP Scheduler - back-up utility. If you don't have regularly scheduled back-ups you don't need it
Source=Paul Collins Startup list
[NOYPI_KANG_ASTIG]
Number=7332
Confirmed=X
Filename=Exit to DosPrompt.pif
Description=Added by the FILUKIN.A WORM!
Source=Paul Collins Startup list
[np]
Number=7333
Confirmed=X
Filename=upnp.exe
Description=Added by the YABE.AE TROJAN!
Source=Paul Collins Startup list
[NPF Value]
Number=7334
Confirmed=X
Filename=NPFMONTR.exe
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[NPFMonitor]
Number=7335
Confirmed=?
Filename=NPFMntor.exe
Description=Norton AntiVirus Firewall Install Monitor. What does it do and is it required?
Source=Paul Collins Startup list
[NPROTECT]
Number=7336
Confirmed=U
Filename=nprotect.exe
Description=Norton Protected Recycle Bin from Norton Utilities. Adds an extra layer of safety before you remove deleted files from the Recycled Bin. Can be listed twice which is valid
Source=Paul Collins Startup list
[NPS Event Checker]
Number=7337
Confirmed=?
Filename=npscheck.exe
Description=Part of Norton Anti-Virus. What does it do? Apparently it can safely be disabled without causing problems. Can also be listed as Norton Program Scheduler Event Checker
Source=Paul Collins Startup list
[NS]
Number=7338
Confirmed=X
Filename=ns.exe
Description=Added by the AGOBOT-HS WORM!
Source=Paul Collins Startup list
[NSCheck]
Number=7339
Confirmed=X
Filename=NSCHECK.EXE
Description=MarketScore parasite - ActiveX control used to download premium-rate dialers
Source=Paul Collins Startup list
[nscntrl]
Number=7340
Confirmed=X
Filename=nscntrl.exe
Description=Added by the DLOAD-DC TROJAN!
Source=Paul Collins Startup list
[nsdcmd services]
Number=7341
Confirmed=X
Filename=nsdcmdav.exe
Description=Added by a variant of the AGOBOT/GAOBOT WORM!
Source=Paul Collins Startup list
[nsdcmd vid process]
Number=7342
Confirmed=X
Filename=nsdcmdwin.exe
Description=Added by a variant of the AGOBOT/GAOBOT WORM!
Source=Paul Collins Startup list
[nsdlua]
Number=7343
Confirmed=X
Filename=nsdlua.exe
Description=All-In-One Telcom - adult content dialler
Source=Paul Collins Startup list
[nsdriver]
Number=7344
Confirmed=X
Filename=nssys32.exe
Description=NetShagg adware
Source=Paul Collins Startup list
[nse]
Number=7345
Confirmed=X
Filename=nse.exe
Description=Added by the AGOBOT-ML WORM!
Source=Paul Collins Startup list
[Nsengine]
Number=7346
Confirmed=U
Filename=Nsengine.exe
Description=Scheduling engine of NovaSTOR Backup Service. Only required if scheduling is enabled and wanted - see here
Source=Paul Collins Startup list
[NSHelper]
Number=7347
Confirmed=U
Filename=aexnsinstallhelper.exe
Description=Altiris Express Notification Server Install helper - monitors integrity of the installation
Source=Paul Collins Startup list
[nssysconf]
Number=7348
Confirmed=X
Filename=[random filename]
Description=Added by the VIVIA.A TROJAN!
Source=Paul Collins Startup list
[nstat]
Number=7349
Confirmed=X
Filename=netstat.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[NSupdate]
Number=7350
Confirmed=X
Filename=NSupdate.exe
Description=Added by the Dial/Laet-B premium rate dialer!
Source=Paul Collins Startup list
[Nsv]
Number=7351
Confirmed=X
Filename=nsvsvc.exe
Description=Delfin Promulgate adware
Source=Paul Collins Startup list
[nsvcin]
Number=7352
Confirmed=X
Filename=n20050308.exe
Description=Delfin Media Viewer adware related
Source=Paul Collins Startup list
[Nsvdr]
Number=7353
Confirmed=X
Filename=nsvdr.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[nsys]
Number=7354
Confirmed=U
Filename=nsys.exe
Description=NetSpy keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list
[nsys32]
Number=7355
Confirmed=X
Filename=nsys32.exe
Description=Added by the AGOBOT-SU WORM!
Source=Paul Collins Startup list
[NSystemMonitor]
Number=7356
Confirmed=N
Filename=Symmon.exe
Description=Norton Uninstall Deluxe - monitors programs being installed and logs them for removing later. Available via Start -> Programs for manual logging
Source=Paul Collins Startup list
[NT Kernel Patch]
Number=7357
Confirmed=N
Filename=ntkrnlpt.exe
Description=FaxServe network fax software
Source=Paul Collins Startup list
[NT Logging Service]
Number=7358
Confirmed=X
Filename=Syslog32.exe
Description=Added by the DONK.B WORM and variants!
Source=Paul Collins Startup list
[NT MICROSOFT SVCD]
Number=7359
Confirmed=X
Filename=ntvsvcd.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[NT security]
Number=7360
Confirmed=X
Filename=rundll32.com
Description=Added by the RBOT-AJC WORM!
Source=Paul Collins Startup list
[NT Service]
Number=7361
Confirmed=X
Filename=NTOKSRNL.EXE
Description=Added by the RBOT-AAG WORM!
Source=Paul Collins Startup list
[NT Services]
Number=7362
Confirmed=X
Filename=ntsvc.exe
Description=Added by the AGOBOT.VJ WORM!
Source=Paul Collins Startup list
[Nt System Protocol]
Number=7363
Confirmed=X
Filename=ntsystem.exe
Description=Added by the RBOT.DSB TROJAN!
Source=Paul Collins Startup list
[NT Virtual Machine]
Number=7364
Confirmed=X
Filename=[path to file]
Description=Added by the SCAERBOT-A WORM!
Source=Paul Collins Startup list
[Nt**.exe [* = random char]]
Number=7365
Confirmed=X
Filename=Nt**.exe [* = random char]
Description=CoolWebSearch/HomeSearch adware - for examples, see this log
Source=Paul Collins Startup list
[Nt**32.exe [* = random char]]
Number=7366
Confirmed=X
Filename=Nt**32.exe [* = random char]
Description=CoolWebSearch/HomeSearch adware - for examples, see this log
Source=Paul Collins Startup list
[NT-Virtual Device Manager]
Number=7367
Confirmed=X
Filename=ntvdmn.exe
Description=Added by the SDBOT-AAA WORM!
Source=Paul Collins Startup list
[Ntcheck]
Number=7368
Confirmed=X
Filename=mapserver.exe
Description=Added by the TOMPAI-B WORM!
Source=Paul Collins Startup list
[NTCommLib3]
Number=7369
Confirmed=X
Filename=NTCommLib3.exe
Description=Admess adware variant
Source=Paul Collins Startup list
[ntddetect]
Number=7370
Confirmed=X
Filename=ntddetect.exe
Description=Added by the AGENT-CU TROJAN!
Source=Paul Collins Startup list
[NTdhcp]
Number=7371
Confirmed=X
Filename=NTdhcp.exe
Description=Added by the QQROB-C TROJAN!
Source=Paul Collins Startup list
[NTdhcp]
Number=7372
Confirmed=X
Filename=CiKewl.exe
Description=Added by the QQROB-N TROJAN!
Source=Paul Collins Startup list
[ntdll]
Number=7373
Confirmed=X
Filename=ntdll.exe
Description=Added by the BIONET.404 TROJAN!
Source=Paul Collins Startup list
[ntdll.dll]
Number=7374
Confirmed=X
Filename=TrustCleaner.exe
Description=Smitfraud variant
Source=Paul Collins Startup list
[NTDLM]
Number=7375
Confirmed=X
Filename=csrss.exe
Description=Added by the HALE TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Qossrv" subfolder
Source=Paul Collins Startup list
[Ntech.patchs]
Number=7376
Confirmed=X
Filename=[trojan filename]
Description=Added by the LEMIR.G TROJAN!
Source=Paul Collins Startup list
[ntechin]
Number=7377
Confirmed=X
Filename=n20050308.exe
Description=Delfin Media Viewer adware related
Source=Paul Collins Startup list
[nternet Explorer]
Number=7378
Confirmed=X
Filename=iexplore.exe
Description=Added by the FORBOT-CT WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup unless you add it manually! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list
[NTFS16]
Number=7379
Confirmed=X
Filename=ntfs16.exe
Description=Added by the RBOT-LY WORM!
Source=Paul Collins Startup list
[NTFSCLUP]
Number=7380
Confirmed=Y
Filename=NTFSCLUP.EXE
Description=Part of ConfigSafe- "checks if an ntfssos restore has been performed since it was last run. It exits immediately after running. 99+% of the time it will only execute about a dozen instructions before exiting"
Source=Paul Collins Startup list
[ntfsmonitorpro]
Number=7381
Confirmed=X
Filename=ntfs64.exe
Description=Added by the FORBOT-EB WORM!
Source=Paul Collins Startup list
[NTFSS Microsoft System]
Number=7382
Confirmed=X
Filename=filees.exe
Description=Added by the RBOT.GAB WORM!
Source=Paul Collins Startup list
[NTFSS MICROSOFT SYSTEM]
Number=7383
Confirmed=X
Filename=filess.exe
Description=Added by the RBOT.AXZ WORM!
Source=Paul Collins Startup list
[ntl Netguard]
Number=7384
Confirmed=Y
Filename=RPS.exe
Description=ntl Netguard - anti-virus a package of services, specifically designed to keep you safe and secure with their ntlworld online services
Source=Paul Collins Startup list
[ntldr]
Number=7385
Confirmed=X
Filename=ntldr.exe
Description=Browser hijacker to search-control.com (TrojanDropper.Win32.Small.ig). In addition to Registry changes found by HijackThis, also creates the following system files: C:\WINDOWS\SYSTEM\ntldr.exe, C:\m.exe, C:\WINDOWS\Search-For-You.url, C:\n.bat, C:\q.exe, C:\r.bat
Source=Paul Collins Startup list
[ntlfreedom]
Number=7386
Confirmed=N
Filename=rundll32 [path] RyDial.dll, QuickStart
Description=NTL Freedom dial-up ISP software - not required
Source=Paul Collins Startup list
[ntmsevt]
Number=7387
Confirmed=X
Filename=ntmsevt.exe
Description=Added by the STOPED-B TROJAN
Source=Paul Collins Startup list
[NTP Server]
Number=7388
Confirmed=X
Filename=[path to trojan]
Description=Added by the RANKY.F TROJAN!
Source=Paul Collins Startup list
[nTrayFw]
Number=7389
Confirmed=Y
Filename=ntrayfw.exe
Description=Software interface for NVIDIA ActiveArmor - hardware firewall built into nVidia nForce motherboard chipsets
Source=Paul Collins Startup list
[NTrtc]
Number=7390
Confirmed=N
Filename=ntrtc.exe
Description=Dell year 2000 tool to deal with non-standard applications. Only required on older Dell PCs that may need this support
Source=Paul Collins Startup list
[NTSet32]
Number=7391
Confirmed=X
Filename=services.exe
Description=Added by the WINSPY-C TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "dll32" subfolder of the Windows or Winnt folder
Source=Paul Collins Startup list
[NTSF Microsoft System]
Number=7392
Confirmed=X
Filename=fylez.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[NTSF MICROSOFT SYSTEM]
Number=7393
Confirmed=X
Filename=wntsf.exe
Description=Added by the RBOT.ATC WORM!
Source=Paul Collins Startup list
[NTSF MICROSOFT SYSTEM]
Number=7394
Confirmed=X
Filename=fufffy.exe
Description=Added by the RBOT-AEL WORM!
Source=Paul Collins Startup list
[NTSF MICROSOFT SYSTEM]
Number=7395
Confirmed=X
Filename=ntssf.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[NTSF MICROSOFT SYSTEM]
Number=7396
Confirmed=X
Filename=scvhost.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[NTSF MICROSOFT SYSTEM]
Number=7397
Confirmed=X
Filename=winsis32.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[NTSF MICROSOFT SYSTEM]
Number=7398
Confirmed=X
Filename=marya.exe
Description=Added by the RBOT-AXY WORM!
Source=Paul Collins Startup list
[NTSF MICROSOFT SYSTEM]
Number=7399
Confirmed=X
Filename=sysman.exe
Description=Added by the RBOT.EDP WORM!
Source=Paul Collins Startup list
[ntsmod]
Number=7400
Confirmed=X
Filename=ntsmod.exe
Description=Adware downloader/installer, probably VX2/Look2Me related - also detected as the WIN32.VB.RL TROJAN!
Source=Paul Collins Startup list
[NTsocket]
Number=7401
Confirmed=X
Filename=NoeWinnt.exe
Description=Added by the ATAKA-E TROJAN!
Source=Paul Collins Startup list
[NTsrv.exe]
Number=7402
Confirmed=X
Filename=NTsrv.exe
Description=Added by a variant of the SERVU-O TROJAN!
Source=Paul Collins Startup list
[Ntsysv]
Number=7403
Confirmed=X
Filename=ntsysv.exe
Description=Added by the MIFENG-E TROJAN!
Source=Paul Collins Startup list
[nTune]
Number=7404
Confirmed=U
Filename=nTune.exe
Description=nVidia nTune - motherboard monitoring and overclocking utility for nVidia nForce chipset based motherboards
Source=Paul Collins Startup list
[ntupd32]
Number=7405
Confirmed=X
Filename=ntupd32.exe
Description=Unidentified adware/spyware
Source=Paul Collins Startup list
[ntupdate]
Number=7406
Confirmed=X
Filename=dnsvc.exe
Description=Added by the SDBOT-TC WORM!
Source=Paul Collins Startup list
[NTupdater]
Number=7407
Confirmed=X
Filename=[path to trojan]
Description=Added by the DIGARIX-D TROJAN!
Source=Paul Collins Startup list
[NTVDM]
Number=7408
Confirmed=U
Filename=NTVDM.EXE
Description=Windows NT Virtual DOS Machine (NTVDM) for running 16-bit tasks on the 32-bit OS's (Windows NT, 2K and XP). Required if hardware on a machine with these OS's needs 16-bit DOS drivers. You can find a bit more about NTVDM here
Source=Paul Collins Startup list
[ntvdmd]
Number=7409
Confirmed=X
Filename=ntvdmd.exe
Description=Adware downloader - also detected as the DLOADER-YP TROJAN!
Source=Paul Collins Startup list
[ntvdscm]
Number=7410
Confirmed=X
Filename=ntvdscm.exe
Description=Added by the SCKEYLOG-I TROJAN!
Source=Paul Collins Startup list
[ntx32]
Number=7411
Confirmed=X
Filename=ntx32.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Numerical Xterm Agent]
Number=7412
Confirmed=X
Filename=0x32.exe
Description=Added by the RBOT-FWP WORM!
Source=Paul Collins Startup list
[Numerical Xterm Agents]
Number=7413
Confirmed=X
Filename=2x32.exe
Description=Added by the RBOT-FWY WORM!
Source=Paul Collins Startup list
[Numerical Xtermz Agent]
Number=7414
Confirmed=X
Filename=1x32.exe
Description=Added by the RBOT-FWX WORM!
Source=Paul Collins Startup list
[NuTCSetupEnviron]
Number=7415
Confirmed=Y
Filename=ncoeenv.exe
Description=Used by the MKS Toolkit for Enterprise Developers product. NuTCracker is a Unix runtime environment for Windows, so disabling this would be unwise if you are using NuTCracker or any 3rd party package that is using it. Since you might not know what is actually using it it's probably best left alone
Source=Paul Collins Startup list
[NvagNT]
Number=7416
Confirmed=X
Filename=nvagNT.exe
Description=Added by the AGOBOT-RV WORM!
Source=Paul Collins Startup list
[nvc Win32]
Number=7417
Confirmed=X
Filename=nvcvc.exe
Description=Added by the RBOT-ADD WORM!
Source=Paul Collins Startup list
[nvchost]
Number=7418
Confirmed=X
Filename=winlogon.exe
Description=Added by the KLONE-J TROJAN! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder
Source=Paul Collins Startup list
[NvClipRsv]
Number=7419
Confirmed=X
Filename=svchost.exe
Description=Added by the DUMARU-K WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list
[NvClipRsv]
Number=7420
Confirmed=X
Filename=swchost.exe
Description=Added by the DUMARU-AK WORM!
Source=Paul Collins Startup list
[NVCLOCK]
Number=7421
Confirmed=?
Filename=rundll32 nvclock.dll, fnNvclock
Description=Overclocking utility for nVidia based graphics cards?
Source=Paul Collins Startup list
[NvColorInit]
Number=7422
Confirmed=?
Filename=rundll32.exe NvQtwk.dll, NvColorInit
Description=Associated with Nvidia based graphics cards
Source=Paul Collins Startup list
[NVCOM]
Number=7423
Confirmed=X
Filename=NVCOM.exe
Description=Added by the AGOBOT-SB WORM!
Source=Paul Collins Startup list
[NvCpl]
Number=7424
Confirmed=U
Filename=rundll32.exe NvCpl.dll, NvStartup
Description=Intializes the clock and memory settings on nVidia based graphics cards. Enable if you overclock your card
Source=Paul Collins Startup list
[NvCpl]
Number=7425
Confirmed=X
Filename=NvCpl.EXE
Description=Added by the YANZ.B WORM!
Source=Paul Collins Startup list
[NvCpl]
Number=7426
Confirmed=X
Filename=[random filename]
Description=Added by the AGOBOT-APJ WORM!
Source=Paul Collins Startup list
[NvCpl]
Number=7427
Confirmed=X
Filename=windowsp.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[NvCpl]
Number=7428
Confirmed=X
Filename=rundl32.exe
Description=Added by the AGOBOT-TO WORM! Note - the valid version of this entry has the command line as "rundll32.exe NvCpl.dll,NvStartup"
Source=Paul Collins Startup list
[NvCpl32Deamon]
Number=7429
Confirmed=X
Filename=nvcpl.exe
Description=Added by the RPCSDBOT.B WORM!
Source=Paul Collins Startup list
[NvCplD]
Number=7430
Confirmed=X
Filename=m2gr32.exe
Description="Switch" premium rate adult content dialler
Source=Paul Collins Startup list
[NvCplD]
Number=7431
Confirmed=X
Filename=ntcpl.exe
Description=Switch adult content dialler
Source=Paul Collins Startup list
[NvCplDaemon]
Number=7432
Confirmed=N
Filename=rundll32.exe NvQtwk.dll, NvCplDaemon
Description=System Tray icon used to change display settings, change the clock rate and memory speed for nVidia based graphics cards. This is unnecessary since you can easily configure these settings the way you want them in the Display Properties and not have to mess with them again. Also disable the "NVIDIA Driver Helper Service" if enabled as it can cause this entry to be re-enabled on re-boot (note that this service can also cause extreme shutdown delays if enabled - see here)
Source=Paul Collins Startup list
[NvCplDaemon]
Number=7433
Confirmed=U
Filename=rundll32.exe NvCpl.dll, NvStartup
Description=Intializes the clock and memory settings on nVidia based graphics cards. Enable if you overclock your card
Source=Paul Collins Startup list
[NvCplDaemon]
Number=7434
Confirmed=X
Filename=msmsgrs.exe
Description=Added by the DLOADER-YI TROJAN!
Source=Paul Collins Startup list
[NvCplDaemon32]
Number=7435
Confirmed=X
Filename=anvshell32.exe
Description=Added by the XU TROJAN!
Source=Paul Collins Startup list
[NvCplDeamon]
Number=7436
Confirmed=X
Filename=nvdisp.exe
Description=Added by the PEEPVIE-I TROJAN!
Source=Paul Collins Startup list
[NvCplDmn]
Number=7437
Confirmed=X
Filename=NAVSVC.EXE
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[NvCplScan]
Number=7438
Confirmed=X
Filename=msc32.exe
Description=Added by the FORBOT-DD WORM!
Source=Paul Collins Startup list
[NvCplScan]
Number=7439
Confirmed=X
Filename=winasp.exe
Description=Added by the FORBOT.BZ WORM!
Source=Paul Collins Startup list
[NvCplScan]
Number=7440
Confirmed=X
Filename=nvsc32.exe
Description=Added by the BROPIA.N WORM!
Source=Paul Collins Startup list
[NvCplScan]
Number=7441
Confirmed=X
Filename=kav32.exe
Description=Added by the FORBOT-EW WORM!
Source=Paul Collins Startup list
[nvctrl.exe]
Number=7442
Confirmed=X
Filename=nvctrl.exe
Description=Added by the ZLOB.G TROJAN!
Source=Paul Collins Startup list
[nvd32 lptt01]
Number=7443
Confirmed=X
Filename=nvd32.exe
Description=RapidBlaster variant (in a "nvd32" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
Source=Paul Collins Startup list
[nvd32 ml097e]
Number=7444
Confirmed=X
Filename=nvd32.exe
Description=RapidBlaster variant (in a "nvd32" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
Source=Paul Collins Startup list
[NVHotkey]
Number=7445
Confirmed=U
Filename=rundll32.exe [path] nvHotkey.dll
Description=Enables the use of "hot keys" for changing setting on Nvidia graphics
Source=Paul Collins Startup list
[Nvid]
Number=7446
Confirmed=X
Filename=[8 random charachters]
Description=Unidentified adware
Source=Paul Collins Startup list
[Nvid32]
Number=7447
Confirmed=X
Filename=Nvid32.exe
Description=Added by the GEMA TROJAN!
Source=Paul Collins Startup list
[Nvidex32]
Number=7448
Confirmed=X
Filename=Nvidex32.exe
Description=Added by the GEMA TROJAN!
Source=Paul Collins Startup list
[NVIDIA ActiveArmor]
Number=7449
Confirmed=Y
Filename=ntrayfw.exe
Description=Software interface for NVIDIA ActiveArmor - hardware firewall built into nVidia nForce motherboard chipsets
Source=Paul Collins Startup list
[Nvidia Control Daemon]
Number=7450
Confirmed=X
Filename=nksvc32.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Nvidia Control Panel]
Number=7451
Confirmed=X
Filename=ncsvc32.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[NVIDIA Driver]
Number=7452
Confirmed=X
Filename=MSPMSPSU.EXE
Description=Added by the WOOTBOT.Y WORM!
Source=Paul Collins Startup list
[nVidia Drivers]
Number=7453
Confirmed=X
Filename=nVidiaDrvers.exe
Description=Added by the SDBOT-AFX WORM! Note - this is not related to any nVidia based motherboard or graphics card
Source=Paul Collins Startup list
[NVIDIA nForce APU1 Utilities]
Number=7454
Confirmed=N
Filename=NVATray.exe
Description=nVidia's nForce Audio Processing Unit (APU)- "provides 3D positional audio and DirectX 8.0 compatibility, and encodes and decodes Dolby Digital 5.1 audio in real time"
Source=Paul Collins Startup list
[NVIDIA nTune]
Number=7455
Confirmed=U
Filename=nTune.exe
Description=nVidia nTune - motherboard monitoring and overclocking utility for nVidia nForce chipset based motherboards
Source=Paul Collins Startup list
[NVidia System Utility]
Number=7456
Confirmed=U
Filename=NVSystemUtility.exe
Description=NVidia System Utility (now nTune) lets you adjust bus speeds, hardware voltages, memory controller timings, and fan speed as well as additional settings to increase performance aggressiveness and hardware voltages. Will also display a dynamic graph of CPU and system temperatures, hardware voltages, and memory bus speeds
Source=Paul Collins Startup list
[NVIDIA Video drivers]
Number=7457
Confirmed=X
Filename=video_32D.exe
Description=Added by the AGOBOT.KV WORM!
Source=Paul Collins Startup list
[NVIDIA Video drivers]
Number=7458
Confirmed=X
Filename=video_32sD.exe
Description=Added by the RBOT-BB WORM!
Source=Paul Collins Startup list
[Nvidia32]
Number=7459
Confirmed=X
Filename=nvidia32.exe
Description=CoolWebSearch parasite variant - also detected as the HOSTS-B TROJAN!
Source=Paul Collins Startup list
[NvidiaQuickTweak]
Number=7460
Confirmed=N
Filename=rundll32.exe NvQtwk.dll, NvTaskbarInit
Description=System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties
Source=Paul Collins Startup list
[nvidll32]
Number=7461
Confirmed=X
Filename=nvidll32.exe
Description=Added by the RBOT-XK WORM!
Source=Paul Collins Startup list
[NVIEW]
Number=7462
Confirmed=U
Filename=rundll32.exe nview.dll, nViewLoadHook
Description=This is a DLL to enable multiple display monitors on a single computer. It can be a cause of numerous problems on some computers
Source=Paul Collins Startup list
[nviload32]
Number=7463
Confirmed=X
Filename=nviload32.exe
Description=Added by the SDBOT-VT WORM!
Source=Paul Collins Startup list
[NvInitialize]
Number=7464
Confirmed=N
Filename=rundll32.exe NvQtwk.dll, NvXTInit
Description=Thought to enable the clock frequency option on nVidia control panels. You can overclock without leaving this enabled
Source=Paul Collins Startup list
[nvirundll]
Number=7465
Confirmed=X
Filename=nvirundll.exe
Description=Added by the SPYBOT.NPS WORM!
Source=Paul Collins Startup list
[nvjxue]
Number=7466
Confirmed=X
Filename=nvjxue.exe
Description=Added by the EYEVEG-J WORM!
Source=Paul Collins Startup list
[NVmax]
Number=7467
Confirmed=Y
Filename=NVmax.exe
Description=NVmax is a old tweaking utility for NVidia graphics cards. In the startup list if the user chooses to overclock their card
Source=Paul Collins Startup list
[NVMCTRAY]
Number=7468
Confirmed=N
Filename=RUNDLL32.EXE ...NVMCTRAY.DLL, NvTaskbarInit
Description=System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties
Source=Paul Collins Startup list
[NvMediaCenter]
Number=7469
Confirmed=U
Filename=RunDLL32.exe NvMCTray.dll, NvTaskbarInit
Description=System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties
Source=Paul Collins Startup list
[NVMixerTray]
Number=7470
Confirmed=N
Filename=NVMixerTray.exe
Description=System Tray access to audio controls from nVidia's motherboard ForceWare software
Source=Paul Collins Startup list
[nvmsgdwn]
Number=7471
Confirmed=X
Filename=NVMSGDWN.EXE
Description=Added by the GRABER-D TROJAN!
Source=Paul Collins Startup list
[nvpatch]
Number=7472
Confirmed=X
Filename=napatch.exe
Description=Added by the SASSER-F WORM!
Source=Paul Collins Startup list
[NvPvrNetMon]
Number=7473
Confirmed=U
Filename=NvPvrNetMon.exe
Description=Network monitor for the Personal Video Recorder function of the NVIDIA ForceWare Multimedia application - "makes sure you don’t miss your favorite show. If you won’t be home to watch the show, just use the PVR to set future recordings"
Source=Paul Collins Startup list
[NVQuickTweak]
Number=7474
Confirmed=N
Filename=rundll32.exe NvQtwk.dll, NvTaskbarInit
Description=System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties
Source=Paul Collins Startup list
[NVRaidService]
Number=7475
Confirmed=N
Filename=nvraidservice.exe
Description=nVidia NVRaid - hard disk striping/mirroring utility for increased performance and reliability. Doesn't seem to be required if you have a RAID setup as there is no performance difference without it
Source=Paul Collins Startup list
[NVRotateSysTray]
Number=7476
Confirmed=?
Filename=nvsysrot.dll
Description=Related to NVIDIA nView Control Panel. What does it do and is it required?
Source=Paul Collins Startup list
[NVRT]
Number=7477
Confirmed=N
Filename=nvrt.exe
Description=NVRefreshTool is a utility that will automatically detect the maximum refresh rate at each resolution that your monitor supports
Source=Paul Collins Startup list
[NVRTClk]
Number=7478
Confirmed=?
Filename=NVRTClk.exe
Description=Related to a Gigabyte video card. What does it do, and is it required?
Source=Paul Collins Startup list
[nvsv32.exe]
Number=7479
Confirmed=X
Filename=nvsv32.exe
Description=Added by the FORBOT-DI WORM!
Source=Paul Collins Startup list
[nvsv32.exe]
Number=7480
Confirmed=X
Filename=cstr.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[nvsv32.exe]
Number=7481
Confirmed=X
Filename=asr_fnt.exe
Description=Added by the WOOTBOT.GE WORM!
Source=Paul Collins Startup list
[nvsv32.exe]
Number=7482
Confirmed=X
Filename=nvsv33.exe
Description=Added by the WOOTBOT.FP WORM!
Source=Paul Collins Startup list
[NvSvc]
Number=7483
Confirmed=N
Filename=nvsvc.exe
Description=NVIDIA Driver Helper Service - installed when you change from the WDM drivers to nVidia's latest versions but not requied. Extreme shutdown delays can be encountered with this service active, but no adverse side effects with it disabled. NOTE: If using drivers other than nVidia's, such as Asus, this service may have been renamed to reflect that
Source=Paul Collins Startup list
[nvsvc]
Number=7484
Confirmed=X
Filename=nvsvc.exe
Description=Added by the BANKER-HQ TROJAN! Note - this is not the valid NVIDIA Driver Helper Service and is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list
[NVSVC]
Number=7485
Confirmed=X
Filename=nvsvc.exe
Description=Added by the AGOBOT.ALX WORM! Note - this is not the valid NVIDIA Driver Helper Service and is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list
[nvsvca32]
Number=7486
Confirmed=X
Filename=nvsvca32.exe
Description=Added by the TACTSLAY.E TROJAN!
Source=Paul Collins Startup list
[nvsvca32]
Number=7487
Confirmed=X
Filename=clfmon.exe
Description=Added by the TACTSLAY.E TROJAN!
Source=Paul Collins Startup list
[NVSystem32]
Number=7488
Confirmed=X
Filename=nvscv32.exe
Description=Added by the AGOBOT-NO WORM!
Source=Paul Collins Startup list
[NvUpdater]
Number=7489
Confirmed=X
Filename=nwiz32.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[NvXplDeamon]
Number=7490
Confirmed=X
Filename=xstyles.exe
Description=Added by the SMALL.AJ VIRUS!
Source=Paul Collins Startup list
[NWEReboot]
Number=7491
Confirmed=?
Filename=dummy.exe
Description=??
Source=Paul Collins Startup list
[nwiz]
Number=7492
Confirmed=U
Filename=nwiz.exe
Description=Nvidia nView Wizard - present with the newer versions of nVidia graphics cards drivers. Allows you to immensely improve desktop layouts by setting preferences and optimizations. If you use any of the special nView features available in the control panel leave this alone - otherwise you can disable it
Source=Paul Collins Startup list
[nwiz32]
Number=7493
Confirmed=X
Filename=nwiz32.exe
Description=Added by the SINBANK-A TROJAN!
Source=Paul Collins Startup list
[Nwpopup]
Number=7494
Confirmed=Y
Filename=Nwpopup.exe
Description=Broadcast message handler part of Novell Netware that displays server, printer and other messages
Source=Paul Collins Startup list
[nwrecmsg]
Number=7495
Confirmed=U
Filename=nwrecmsg.exe
Description=Broadcast message handler part of Novell Netware that displays server, printer and other messages - can cause crashes
Source=Paul Collins Startup list
[nwss]
Number=7496
Confirmed=U
Filename=Sp0.exe
Description=SpyOutside surveillance software. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list
[NWTRAY]
Number=7497
Confirmed=Y
Filename=nwtray.exe
Description=Novell Netware. Displays the red "N" tray icon which can be disabled (by right-click on the icon) but is also needed by the client
Source=Paul Collins Startup list
[oadaemon]
Number=7498
Confirmed=?
Filename=oadaemon.exe
Description=Background process that establishes connection with a C3-1000 scanner and watch general status of the device and for scanner button presses. Can it be started manually?
Source=Paul Collins Startup list
[oahstifr]
Number=7499
Confirmed=Y
Filename=oahstifr.exe
Description=Comes with HyperTextStudio. From the supplier - "The Osserver maintains the database for HyperText Studio projects - absolutely vital, it verifies all the links etc in a site. It runs as a service in NT, 2K and XP but needs to start up in Win 9.x so you'll see a DOS box for a short while during boot up."
Source=Paul Collins Startup list
[OAKSTART]
Number=7500
Confirmed=U
Filename=OAKSTART.EXE
Description=Sets the spindown timeout and access speeds at startup and displays a splash screen for CD-RW.
Source=Paul Collins Startup list
[OAKTASK]
Number=7501
Confirmed=N
Filename=OAKTASK.EXE
Description=Taskbar utility for a "control panel" for a CD-RW
Source=Paul Collins Startup list
[OASClnt]
Number=7502
Confirmed=U
Filename=oasclnt.exe
Description=McAfee VirusScan On-Access Scan Client service
Source=Paul Collins Startup list
[Object Store Server]
Number=7503
Confirmed=Y
Filename=osserver.exe
Description=Comes with HyperTextStudio. From the supplier - "The Osserver maintains the database for HyperText Studio projects - absolutely vital, it verifies all the links etc in a site. It runs as a service in NT, 2K and XP but needs to start up in Win 9.x so you'll see a DOS box for a short while during boot up."
Source=Paul Collins Startup list
[objtjprx]
Number=7504
Confirmed=?
Filename=objtjprx.exe
Description=??
Source=Paul Collins Startup list
[obsver]
Number=7505
Confirmed=?
Filename=obsver.exe
Description=Part of LingoWare translating software - what does it do and is it required?
Source=Paul Collins Startup list
[OCAudioIni]
Number=7506
Confirmed=N
Filename=OCAudioIni.exe
Description=One-click Audio Converter - allows you to convert files of multiple audio formats right from Windows Explorer
Source=Paul Collins Startup list
[ocraware]
Number=7507
Confirmed=N
Filename=ocraware.exe
Description=Optical Character Recognition software as part of OmniPage Limited Edition - supplied with some scanners. Scan directly into most word processor applications, such as Word, WordPerfect, etc. Available via Start -> Programs
Source=Paul Collins Startup list
[Octoshape Streaming Services]
Number=7508
Confirmed=U
Filename=OctoshapeClient.exe
Description=Octoshape Live Streaming - "is a revolutionary technology that will reduce your bandwidth cost and improve the quality in sound and picture"
Source=Paul Collins Startup list
[ocx32]
Number=7509
Confirmed=X
Filename=ocx32.exe
Description=Added by the ASTEF or RESPAN WORMS!
Source=Paul Collins Startup list
[OCXUPDT32]
Number=7510
Confirmed=X
Filename=ocxupdt32.exe
Description=Added by the AGOBOT-IF WORM!
Source=Paul Collins Startup list
[OD]
Number=7511
Confirmed=X
Filename=SYSCNTR.EXE
Description=HotVideo dialler
Source=Paul Collins Startup list
[od-matrxx]
Number=7512
Confirmed=X
Filename=od-matrxx.exe
Description=Adult dialler - xx can be any number
Source=Paul Collins Startup list
[od-stndxx]
Number=7513
Confirmed=X
Filename=od-stndxx.exe
Description=Adult dialler - xx can be any number
Source=Paul Collins Startup list
[od-teenxx]
Number=7514
Confirmed=X
Filename=od-teenxx.exe
Description=Adult dialler - xx can be any number
Source=Paul Collins Startup list
[ODBC BackUp]
Number=7515
Confirmed=U
Filename=fdxxl.exe
Description=G Data "PC Spion". PC monitoring and surveilling software, captures all users activity on the PC, see here. Disable/remove if you didn't install it yourself!
Source=Paul Collins Startup list
[oddworldz.exe]
Number=7516
Confirmed=X
Filename=oddworldz.exe
Description=Added by the MULTIDR-EG TROJAN!
Source=Paul Collins Startup list
[Odometer]
Number=7517
Confirmed=N
Filename=Odometer.EXE
Description=Mouse odometer - tracks how far your pointer/arrow has traveled on the screen. Shortcut available
Source=Paul Collins Startup list
[ODSPConfig]
Number=7518
Confirmed=U
Filename=ODSPConfig.exe
Description=DsktopSurveil surveillance software. Uninstall this software if you did not install it yourself
Source=Paul Collins Startup list
[Oeloader]
Number=7519
Confirmed=X
Filename=Oeloader.exe
Description=Xupiter OrbitExplorer toolbar related. Drive-by foistware. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see here
Source=Paul Collins Startup list
[OEM Tools 32]
Number=7520
Confirmed=X
Filename=tres32.exe
Description=Added by the RBOT.QB WORM!
Source=Paul Collins Startup list
[OEM32 Tools]
Number=7521
Confirmed=X
Filename=sres32.exe
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[OEMCLEANUP]
Number=7522
Confirmed=N
Filename=oemreset.exe
Description=Resets OEM installation settings at bootup. Not required unless you're new to PC's
Source=Paul Collins Startup list
[OEMRESET]
Number=7523
Confirmed=U
Filename=oemreset.exe
Description=Resets OEM installation settings at bootup. Not required unless you're new to PC's
Source=Paul Collins Startup list
[OEMRUNONCE]
Number=7524
Confirmed=U
Filename=oemrun.exe
Description=Windows Millennium file - used by setup when installing the OEM 'express' version of the operating system. Uncheck after setup has finished
Source=Paul Collins Startup list
[oeplugin]
Number=7525
Confirmed=U
Filename=bxOEPlugin.exe
Description=noHTML for Outlook Express is an add-on that protects Outlook Express from email viruses and email scripts by converting incoming email messages from HTML format to simple text
Source=Paul Collins Startup list
[OEPowerPlugs]
Number=7526
Confirmed=?
Filename=winoeinit.exe
Description=??
Source=Paul Collins Startup list
[oepsrv]
Number=7527
Confirmed=U
Filename=oepsrv.exe
Description=Outlook Express Protector is designed for controlling access to Outlook Express and its e-mail and address data bases
Source=Paul Collins Startup list
[OESET]
Number=7528
Confirmed=X
Filename=setup60.exe
Description=Added by the WAREZDL.28672 TROJAN!
Source=Paul Collins Startup list
[OESpamTest]
Number=7529
Confirmed=U
Filename=OESpamTest.ExE
Description=Kaspersky Anti-Spam
Source=Paul Collins Startup list
[OEXCheck]
Number=7530
Confirmed=N
Filename=EA2Check.exe
Description=Express Assist from AJSystems.com. Utility for use with Outlook Express to backup, restore, synchronize amongst others
Source=Paul Collins Startup list
[oe_drop_spam]
Number=7531
Confirmed=X
Filename=oesrv.exe
Description=Dropspam adware
Source=Paul Collins Startup list
[OE_OEM]
Number=7532
Confirmed=Y
Filename=TMAS_OEMon.exe
Description=Related to Trend Micro PC-cillin - Internet Security 12
Source=Paul Collins Startup list
[Offer Companion]
Number=7533
Confirmed=X
Filename=offers.exe
Description=Adware
Source=Paul Collins Startup list
[Offers]
Number=7534
Confirmed=X
Filename=offers.exe
Description=Adware
Source=Paul Collins Startup list
[Office]
Number=7535
Confirmed=X
Filename=Office.exe
Description=Added by the KRAIMER.12 TROJAN!
Source=Paul Collins Startup list
[Office Mail]
Number=7536
Confirmed=U
Filename=off_mail.exe
Description=Office Mail from Burrotech Ltd - "complete email solution for small/medium businesses, homes, schools and colleges. It is a small email server which forms the perfect gateway between your internal and external email"
Source=Paul Collins Startup list
[Office Mail Alerter]
Number=7537
Confirmed=U
Filename=om_Alerter.exe
Description=Office Mail Alerter - "alert Office Mail users when they receive new emails" via a System Tray icon
Source=Paul Collins Startup list
[Office Monitor]
Number=7538
Confirmed=X
Filename=adv32.exe
Description=Added by the SDBOT-CWO WORM!
Source=Paul Collins Startup list
[Office Monitorse]
Number=7539
Confirmed=X
Filename=[path to worm]
Description=Added by the SDBOT-CZX WORM!
Source=Paul Collins Startup list
[Office Startup]
Number=7540
Confirmed=N
Filename=Osa.exe
Description=Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show
Source=Paul Collins Startup list
[Office Startup]
Number=7541
Confirmed=X
Filename=Exploer.exe
Description=Added by the GAOBOT.BV WORM! Note the different filename to the valid MS Office entries
Source=Paul Collins Startup list
[Office Startup]
Number=7542
Confirmed=N
Filename=Osa9.exe
Description=Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show
Source=Paul Collins Startup list
[Office SturtUp]
Number=7543
Confirmed=X
Filename=osa9.exe
Description=Added by the CLICKER-EC TROJAN! Note - this trojan is located in the Windows or Winnt folder and should not be confused with the Microsoft office program, located in Program Files\Microsoft Office\...
Source=Paul Collins Startup list
[OfficeAgent]
Number=7544
Confirmed=X
Filename=expIorer.exe
Description=Added by the TACTSLAY.A TROJAN!
Source=Paul Collins Startup list
[OfficeAgent]
Number=7545
Confirmed=X
Filename=outIook.exe
Description=Added by the TACTSLAY.A TROJAN!
Source=Paul Collins Startup list
[OfficeAgent]
Number=7546
Confirmed=X
Filename=svcrhost.exe
Description=Added by the TACTSLAY.A TROJAN!
Source=Paul Collins Startup list
[OfficeAgent]
Number=7547
Confirmed=X
Filename=svcshost.exe
Description=Added by the TACTSLAY.A TROJAN!
Source=Paul Collins Startup list
[OfficeDeamon]
Number=7548
Confirmed=X
Filename=msorunner.exe
Description=Added by a variant of the TACTSLAY TROJAN!
Source=Paul Collins Startup list
[OfficeGuard RegChecker]
Number=7549
Confirmed=Y
Filename=ogrc.exe
Description=Kaspersky Labs anti-virus
Source=Paul Collins Startup list
[OfficeGuardUI]
Number=7550
Confirmed=X
Filename=svcss.exe
Description=Added by the DEDLER-C TROJAN!
Source=Paul Collins Startup list
[officejet 6100]
Number=7551
Confirmed=?
Filename=hposol08.exe
Description=Associated with a HP PSC2110 (and maybe others) all-in-one machine
Source=Paul Collins Startup list
[OFFICEKB]
Number=7552
Confirmed=U
Filename=kbdap32a.EXE
Description=Micro Innovations keyboard management
Source=Paul Collins Startup list
[OfficeQuickAccess]
Number=7553
Confirmed=X
Filename=OfficeHost.vbs
Description=Added by the PEXMOR WORM!
Source=Paul Collins Startup list
[Offices]
Number=7554
Confirmed=X
Filename=msnmgd32.exe
Description=Added by the FORBOT-DV WORM!
Source=Paul Collins Startup list
[Offices Monitors]
Number=7555
Confirmed=X
Filename=[path to worm]
Description=Added by the RBOT-GKO WORM!
Source=Paul Collins Startup list
[Offices Monitorse]
Number=7556
Confirmed=X
Filename=[path to worm]
Description=Added by the RBOT-GKO WORM!
Source=Paul Collins Startup list
[Offices Monitorse]
Number=7557
Confirmed=X
Filename=algose32.exe
Description=Added by the RBOT-GDD WORM!
Source=Paul Collins Startup list
[OfficeScan95]
Number=7558
Confirmed=Y
Filename=pccwin97.exe
Description=Trend Micro antivirus OfficeScan
Source=Paul Collins Startup list
[OfficeScanNT Monitor]
Number=7559
Confirmed=Y
Filename=pccntmon.exe
Description=Trend Micro OfficeScan Antivirus real-time scan monitor
Source=Paul Collins Startup list
[OFFICEXP]
Number=7560
Confirmed=X
Filename=OFFICEXP.exe
Description=Added by the WOOTBOT.HE WORM!
Source=Paul Collins Startup list
[office_update]
Number=7561
Confirmed=X
Filename=[path to trojan]
Description=Added by the DLOADER-ZB TROJAN!
Source=Paul Collins Startup list
[OfotoNow USB Detection]
Number=7562
Confirmed=N
Filename=Rundll32.exe OFUSBS.DLL, WatchForConnection OfotoNow
Description=Autodetects when a digital camera is attached to a USB port and launches OfotoNow image software. Available via Start -> Programs
Source=Paul Collins Startup list
[ogrc]
Number=7563
Confirmed=Y
Filename=ogrc.exe
Description=Kaspersky Labs anti-virus
Source=Paul Collins Startup list
[Oil Change]
Number=7564
Confirmed=N
Filename=OCTray32.exe
Description=From CyberMedia/Network Associates. Checks for updates to software installed on your PC. Available via Start -> Programs
Source=Paul Collins Startup list
[OIM]
Number=7565
Confirmed=?
Filename=oim.exe
Description=Related to the O2 (was "genie") mobile phone service. What does it do and is it required?
Source=Paul Collins Startup list
[OKI LPR Utility]
Number=7566
Confirmed=U
Filename=okilpr.exe
Description=OKI printer utility
Source=Paul Collins Startup list
[OLE]
Number=7567
Confirmed=X
Filename=[filename]
Description=Added by the STAWIN or TARNO.D TROJANS!
Source=Paul Collins Startup list
[OLE Automation Server]
Number=7568
Confirmed=X
Filename=ole32aut.vbe
Description=CoolWebSearch parasite variant
Source=Paul Collins Startup list
[oleaccrc]
Number=7569
Confirmed=X
Filename=oleaccrc.exe
Description=Adware downloader - recognized by Kaspersky antivirus as TrojanDownloader.Agent.am
Source=Paul Collins Startup list
[OLEDb Service]
Number=7570
Confirmed=X
Filename=runoledb32.exe
Description=Added by a variant of the SPYRE.B TROJAN!
Source=Paul Collins Startup list
[olehelp]
Number=7571
Confirmed=X
Filename=olehelp.exe
Description=Added by the BOOKMARKER.D or BOOKMARKER.G TROJANS!
Source=Paul Collins Startup list
[OleLoader]
Number=7572
Confirmed=X
Filename=ole32.exe
Description=Added by the DELF.BR TROJAN!
Source=Paul Collins Startup list
[olesvr]
Number=7573
Confirmed=U
Filename=olesvr.exe
Description=Salfeld Child Control - parental control software
Source=Paul Collins Startup list
[Olive System]
Number=7574
Confirmed=X
Filename=Szchost.exe
Description=Added by the MERCURYCAS.A TROJAN!
Source=Paul Collins Startup list
[Olympic]
Number=7575
Confirmed=X
Filename=IE4321.exe
Description=Adult content premium rate dialer - also detected as SMALL.CZ
Source=Paul Collins Startup list
[Omf4]
Number=7576
Confirmed=X
Filename=OMF4.EXE
Description=Added by the FREEMEGA TROJAN!
Source=Paul Collins Startup list
[OmgStartup]
Number=7577
Confirmed=N
Filename=omgstartup.exe
Description=Sony program called OpenMG Jukebox - player and music organizer
Source=Paul Collins Startup list
[OmniHTTPd]
Number=7578
Confirmed=U
Filename=ohttpd.exe
Description=OmniHTTPd web server from Omnicron
Source=Paul Collins Startup list
[OmniPage]
Number=7579
Confirmed=N
Filename=Opware32.exe
Description=Part of OmniPage from Nuance (was Scansoft) - "the fastest, easiest way to turn paper documents into digital files you can edit". Links Word, via OLE, with OmniPage. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page". Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is Available via Start -> Programs
Source=Paul Collins Startup list
[OmniPass]
Number=7580
Confirmed=U
Filename=scureapp.exe
Description=OmniPass from Softex Inc. - secure password management software
Source=Paul Collins Startup list
[OM_Monitor]
Number=7581
Confirmed=U
Filename=FirstStart.exe
Description=Olympus Master - digital camera management tools
Source=Paul Collins Startup list
[OM_Monitor]
Number=7582
Confirmed=U
Filename=MONITOR.EXE
Description=Olympus Master - digital camera management tools
Source=Paul Collins Startup list
[On Screen Display]
Number=7583
Confirmed=U
Filename=OSD.EXE
Description=By Netropa for HP and other brands. Same group as KBD MediaCenter & Touch Manager. Pressing a "hot key" on such a keyboard brings a corresponding panel on the screen for volume, etc. Nice but not required if you don't adjust things regularly - can also freeze
Source=Paul Collins Startup list
[once]
Number=7584
Confirmed=X
Filename=help.exe
Description=Identified as the DELF.LF by Ewido Security Suite
Source=Paul Collins Startup list
[One Touch Monitor]
Number=7585
Confirmed=N
Filename=OneTouchMonitor.exe
Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
Source=Paul Collins Startup list
[One Touch Monitor]
Number=7586
Confirmed=N
Filename=1tou~2.exe
Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
Source=Paul Collins Startup list
[One Touch Monitor]
Number=7587
Confirmed=N
Filename=ONETOU~2.EXE
Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
Source=Paul Collins Startup list
[OneCareUI]
Number=7588
Confirmed=Y
Filename=winssnotify.exe
Description=Related to Windows OneCare Live from Microsoft
Source=Paul Collins Startup list
[OneTouch Monitor]
Number=7589
Confirmed=N
Filename=OneTouchMon.exe
Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
Source=Paul Collins Startup list
[OneTouchMonitor]
Number=7590
Confirmed=N
Filename=OneTouchMonitor.exe
Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
Source=Paul Collins Startup list
[OneTouchMonitor]
Number=7591
Confirmed=N
Filename=1tou~2.exe
Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
Source=Paul Collins Startup list
[OneTouchMonitor]
Number=7592
Confirmed=N
Filename=ONETOU~2.EXE
Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
Source=Paul Collins Startup list
[ONETOU~2]
Number=7593
Confirmed=N
Filename=OneTouchMonitor.exe
Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
Source=Paul Collins Startup list
[ONETOU~2]
Number=7594
Confirmed=N
Filename=1tou~2.exe
Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
Source=Paul Collins Startup list
[ONETOU~2]
Number=7595
Confirmed=N
Filename=ONETOU~2.EXE
Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
Source=Paul Collins Startup list
[Onflow]
Number=7596
Confirmed=X
Filename=onflow.exe
Description=Onflow is a internet company that offers an online advertising program. Not required - uninstall
Source=Paul Collins Startup list
[OnfolioStorage]
Number=7597
Confirmed=U
Filename=onfserv.exe
Description="Onfolio is the complete solution for collecting, organizing and sharing online content"
Source=Paul Collins Startup list
[online cdrom]
Number=7598
Confirmed=?
Filename=Active acid.exe
Description=??
Source=Paul Collins Startup list
[Online Service]
Number=7599
Confirmed=X
Filename=svchost.exe
Description=Added by the HOSTIDEL.B or HOSTIDEL.C or TARNO.B TROJANS! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[OnlinePCfix SmoothSurfer]
Number=7600
Confirmed=U
Filename=SS.exe
Description=Smooth-Surfer - blocks banners, ads, popups, and cleans MRU and Recent file lists
Source=Paul Collins Startup list
[OnlineTime]
Number=7601
Confirmed=N
Filename=onlinetime.exe
Description=OnlineTimer - monitors your Windows dial-up network and logs the time you spend online as well as the resulting costs
Source=Paul Collins Startup list
[online_party]
Number=7602
Confirmed=X
Filename=online_party.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[Onluna Sarvice]
Number=7603
Confirmed=X
Filename=sachost.exe
Description=Added by the TOFGER-AA TROJAN!
Source=Paul Collins Startup list
[Onlune Sarvice]
Number=7604
Confirmed=X
Filename=sachost.exe
Description=Added by the DAEMONI-J TROJAN!
Source=Paul Collins Startup list
[only23]
Number=7605
Confirmed=X
Filename=SCVHOST.exe
Description=Added by the PUQ TROJAN!
Source=Paul Collins Startup list
[OnSrvr]
Number=7606
Confirmed=X
Filename=OnSrvr.exe
Description=OnWebMedia adware
Source=Paul Collins Startup list
[oo4]
Number=7607
Confirmed=X
Filename=RunDLL32.EXE [path] oo4.dll, DllRun
Description=BookedSpace parasite
Source=Paul Collins Startup list
[OOLHELPT]
Number=7608
Confirmed=?
Filename=OOLHELPT.exe
Description=??
Source=Paul Collins Startup list
[OP12 Reminder]
Number=7609
Confirmed=N
Filename=Ereg.exe
Description=Registration reminder for OmniPage from Nuance (was Scansoft)
Source=Paul Collins Startup list
[OpAgent]
Number=7610
Confirmed=U
Filename=OpAgent.exe
Description=Part of Nuance (was Scansoft) OmniPage Pro document conversion software
Source=Paul Collins Startup list
[Open Service Drivers]
Number=7611
Confirmed=X
Filename=opiater.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Open Site]
Number=7612
Confirmed=X
Filename=opnste.exe
Description=OpenSite adware
Source=Paul Collins Startup list
[Open Site]
Number=7613
Confirmed=X
Filename=opensite.exe
Description=OpenSite adware
Source=Paul Collins Startup list
[Open2Enter]
Number=7614
Confirmed=X
Filename=runme.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[Open2Enter]
Number=7615
Confirmed=X
Filename=runme2.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[OpenGL Drivers]
Number=7616
Confirmed=X
Filename=0penGLD.exe
Description=Added by the YIMP-A WORM!
Source=Paul Collins Startup list
[OpenMstart]
Number=7617
Confirmed=X
Filename=mcmgr32.exe
Description="Switch" adult content dialler
Source=Paul Collins Startup list
[OpenMstart]
Number=7618
Confirmed=X
Filename=mmgr32.exe
Description="Switch" adult content dialler
Source=Paul Collins Startup list
[OpenMstart]
Number=7619
Confirmed=X
Filename=Snt.exe
Description="Switch" premium rate adult content dialler
Source=Paul Collins Startup list
[OpenOffice.org *.*.*]
Number=7620
Confirmed=N
Filename=quickstart.exe
Description=OpenOffice.org office suite quick start (where "*.*.*" is the version number)
Source=Paul Collins Startup list
[OpenOffice.org x]
Number=7621
Confirmed=N
Filename=QUICKS~1.EXE
Description=Displays OpenOffice quick start applet in System tray. Right clicking on the icon allows rapid starting up of components of the OpenOffice suite. Available via Start -> Programs. Will automatically be started when any OpenOffice component is started from Start -> Programs. A resource hog (takes > 16 MB of memory). "x" represents the version number
Source=Paul Collins Startup list
[openvpn-gui]
Number=7622
Confirmed=U
Filename=openvpn-gui.exe
Description="OpenVPN is a full-featured SSL VPN solution which can accomodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls"
Source=Paul Collins Startup list
[Openwares LiveUpdate]
Number=7623
Confirmed=U
Filename=LiveUpdate.exe
Description=Web-update utility as used by various types of software - see here
Source=Paul Collins Startup list
[Operations Typhoon Rising Registration]
Number=7624
Confirmed=N
Filename=NOVG.EXE
Description=Joint Operations registration reminder
Source=Paul Collins Startup list
[Operator]
Number=7625
Confirmed=N
Filename=??
Description=Media Pilot operator, in Win.ini. Locks port open
Source=Paul Collins Startup list
[Operator]
Number=7626
Confirmed=U
Filename=xtmop.exe
Description=Fax/Phone answering facility for Extreem Machine - as supplied with the old Diamond SupraExpress modems. No longer supported
Source=Paul Collins Startup list
[OpiStat]
Number=7627
Confirmed=N
Filename=OPISTAT.EXE
Description=OpiStat is a European Research Institute whose goal is to understand consumer needs and opinions better
Source=Paul Collins Startup list
[OPQFile]
Number=7628
Confirmed=X
Filename=regedit.exe /s ...rad03FA6.tmp
Description=Unsavoury program that resets your homepage every time you restart - uncheck in MSCONFIG and delete it via a registry edit
Source=Paul Collins Startup list
[opr]
Number=7629
Confirmed=X
Filename=opr.exe
Description=MediaMotor adware
Source=Paul Collins Startup list
[OpScheduler]
Number=7630
Confirmed=U
Filename=OpScheduler.exe
Description=Part of Nuance (was Scansoft) OmniPage Pro document conversion software
Source=Paul Collins Startup list
[opsql update check]
Number=7631
Confirmed=X
Filename=opsql.exe
Description=Added by the RBOT-ACJ WORM!
Source=Paul Collins Startup list
[OPTIMIZER]
Number=7632
Confirmed=X
Filename=iexplore.exe
Description=Added by the EVEVINC TROJAN! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list
[Optimum Online]
Number=7633
Confirmed=X
Filename=Netsurf.exe
Description=OptimumOnline ISP software related spyware - displays advertising popups and collects information about user activity
Source=Paul Collins Startup list
[Optional Web Drivers For WIN32]
Number=7634
Confirmed=X
Filename=phqghume.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[OPTMOUSEMOUSE]
Number=7635
Confirmed=U
Filename=optmouse.exe
Description=Related to a Samsung optical mouse
Source=Paul Collins Startup list
[Optus Cable Data Monitor]
Number=7636
Confirmed=U
Filename=datamonitor.exe
Description=Allows Optus customers to monitor their actual data usage against Optus' "data allowance limits"
Source=Paul Collins Startup list
[OptusNetUsage]
Number=7637
Confirmed=U
Filename=OptusNet Usage Meter.exe
Description=Designed specifically for OptusNet users who wish to have their connection monitored on a frequent basis. It can also estimate when you are going to hit your usage limit, and how far over your suggested limit you should be
Source=Paul Collins Startup list
[Opware12]
Number=7638
Confirmed=N
Filename=Opware12.exe
Description=OmniPage from Nuance (was Scansoft) - version 12. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start -> Programs
Source=Paul Collins Startup list
[Opware14]
Number=7639
Confirmed=N
Filename=Opware14.exe
Description=OmniPage from Nuance (was Scansoft) - version 14. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start -> Programs
Source=Paul Collins Startup list
[Opware15]
Number=7640
Confirmed=N
Filename=Opware15.exe
Description=OmniPage from Nuance (was Scansoft) - version 14. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start -> Programs
Source=Paul Collins Startup list
[OpwareSE2]
Number=7641
Confirmed=N
Filename=OpwareSE2.exe
Description=Hardware bundled version of OmniPage from Nuance (was Scansoft). If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start -> Programs
Source=Paul Collins Startup list
[OpwareSE4]
Number=7642
Confirmed=N
Filename=OpwareSE4.exe
Description=Hardware bundled version of OmniPage from Nuance (was Scansoft). If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start -> Programs
Source=Paul Collins Startup list
[Oracle Web-to-Go]
Number=7643
Confirmed=U
Filename=webtogo.exe
Description="Oracle Web-to-go, a component of Oracle9i Lite, consists of a collection of modules and services that facilitate development, deployment, and management of mobile Web applications"
Source=Paul Collins Startup list
[OrbitUpdate]
Number=7644
Confirmed=X
Filename=update.exe
Description=Xupiter OrbitExplorer toolbar related. Drive-by foistware. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see here
Source=Paul Collins Startup list
[OrbitView]
Number=7645
Confirmed=X
Filename=view.exe
Description=Xupiter OrbitExplorer toolbar related. Drive-by foistware. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see here
Source=Paul Collins Startup list
[OrderReminder]
Number=7646
Confirmed=N
Filename=OrderReminder.exe
Description=The HP Order Reminder utility is installed with the HP LaserJet printer software and allows you to set specific times for reminders to check the current level of toner in the print cartridge - it also contains an Order Now link to a Web page that helps you order supplies online from a reseller of your choice
Source=Paul Collins Startup list
[orderShell]
Number=7647
Confirmed=X
Filename=order****.exe [* = random char]
Description=Added by the DLOADR-UN TROJAN!
Source=Paul Collins Startup list
[order_Shell]
Number=7648
Confirmed=X
Filename=order_smey.exe
Description=Added by the BANKSNIF-H TROJAN!
Source=Paul Collins Startup list
[org5.exe]
Number=7649
Confirmed=?
Filename=org5.exe
Description=Lotus Organizer 5 application file, Lotus Organizer software. What does it do and is it required?
Source=Paul Collins Startup list
[OrgyCam]
Number=7650
Confirmed=X
Filename=OrgyCam.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[OrigRage128Tweaker]
Number=7651
Confirmed=U
Filename=RAGE128TWEAK.EXE
Description=Third party tweaker for ATI Rage 128 Video cards from http://www.rageunderground.com
Source=Paul Collins Startup list
[ORiNOCO]
Number=7652
Confirmed=U
Filename=Cmluc.exe
Description=Client Manager software for a Proxim ORiNOCO 11a/b/g wireless LAN PCI card
Source=Paul Collins Startup list
[OS Security]
Number=7653
Confirmed=X
Filename=mswind32.pif
Description=Added by the RBOT-ASU WORM!
Source=Paul Collins Startup list
[OSA]
Number=7654
Confirmed=X
Filename=winword.exe
Description=Added by the KANGAROO-A TROJAN!
Source=Paul Collins Startup list
[Osa32]
Number=7655
Confirmed=X
Filename=NTOSA32.exe
Description=Added by the ANIG WORM!
Source=Paul Collins Startup list
[osCheck]
Number=7656
Confirmed=?
Filename=osCheck.exe
Description=Part of Norton Antivirus. What does it do and is it required?
Source=Paul Collins Startup list
[OSD]
Number=7657
Confirmed=U
Filename=OSD.exe
Description=By Netropa for HP and other brands. Same group as KBD MediaCenter & Touch Manager. Pressing a "hot key" on such a keyboard brings a corresponding panel on the screen for volume, etc. Nice but not required if you don't adjust things regularly - can also freeze
Source=Paul Collins Startup list
[OSS]
Number=7658
Confirmed=X
Filename=ossproxy.exe
Description=MarketScore parasite - ActiveX control used to download premium-rate dialers
Source=Paul Collins Startup list
[OSS]
Number=7659
Confirmed=X
Filename=rk.exe
Description=MarketScore parasite - ActiveX control used to download premium-rate dialers
Source=Paul Collins Startup list
[OSS]
Number=7660
Confirmed=X
Filename=rlvknlg.exe
Description=MarketScore parasite - ActiveX control used to download premium-rate dialers
Source=Paul Collins Startup list
[OSSProxy]
Number=7661
Confirmed=X
Filename=OSSPROXY.EXE
Description=MarketScore parasite - ActiveX control used to download premium-rate dialers
Source=Paul Collins Startup list
[OStivityInvAgt]
Number=7662
Confirmed=U
Filename=ostivity.exe
Description=OStivity - "a desktop and server hardware and software asset/inventory solution for small to enterprise sized organizations that need to quickly gain knowledge of 'what's installed' without having to manually touch every computer in the company. The next time the computer logs into the network, a complete inventory (software and hardware) is taken of the system"
Source=Paul Collins Startup list
[Osus]
Number=7663
Confirmed=X
Filename=acao.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[Osus]
Number=7664
Confirmed=X
Filename=rrup.exe
Description=PurityScan/Clickspring adware. The executable is located in the user's "Application Data" folder or the Program Files\htwu folder
Source=Paul Collins Startup list
[otcx]
Number=7665
Confirmed=X
Filename=otcxxh.exe
Description=Added by the CAROOL TROJAN!
Source=Paul Collins Startup list
[outlook]
Number=7666
Confirmed=X
Filename=outlook.exe
Description=Added by the SDBOT-RU WORM!
Source=Paul Collins Startup list
[outlook]
Number=7667
Confirmed=X
Filename=outlook.exe
Description=Added by the ALCRA.F WORM! Note - this is not the valid MS Office program which is found in Program Files\Microsoft Office\Office. This file is found in Program Files\Outlook
Source=Paul Collins Startup list
[Outlook Express Config]
Number=7668
Confirmed=X
Filename=*****.exe [* = random char]
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Outlook Express Protocol]
Number=7669
Confirmed=X
Filename=look.exe
Description=Added by the RBOT-ACS WORM!
Source=Paul Collins Startup list
[Outlook Mail Services]
Number=7670
Confirmed=X
Filename=express.exe
Description=Added by the RBOT.CJN WORM!
Source=Paul Collins Startup list
[Outlook Mail Services]
Number=7671
Confirmed=X
Filename=outlook.exe
Description=Added by the RBOT-BKA TROJAN! Note that the valid MS Outlook executeable is located in the Program Files\Microsoft Office\Office directory wheras this one is found in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list
[OutLooks]
Number=7672
Confirmed=X
Filename=InSane.exe
Description=Added by the SWOOP TROJAN!
Source=Paul Collins Startup list
[Outpost Firewall]
Number=7673
Confirmed=Y
Filename=outpost.exe
Description=Outpost personal firewall
Source=Paul Collins Startup list
[OutpostFeedBack]
Number=7674
Confirmed=Y
Filename=feedback.exe
Description=Part of Outpost firewall by Agnitum. The feedback service is for reporting issues directly to Agnitum from within OP
Source=Paul Collins Startup list
[outpostupdate]
Number=7675
Confirmed=X
Filename=outpostupdate.exe
Description=Added by the COSIAM-C TROJAN!
Source=Paul Collins Startup list
[Outwar]
Number=7676
Confirmed=X
Filename=syslaunch.exe
Description=Outwar adware downloader
Source=Paul Collins Startup list
[OVCJ]
Number=7677
Confirmed=?
Filename=ovcj.exe
Description=??
Source=Paul Collins Startup list
[Overnet]
Number=7678
Confirmed=N
Filename=Overnet.exe
Description=Overnet peer-to-peer (P2P) file sharing program
Source=Paul Collins Startup list
[ovyriwi]
Number=7679
Confirmed=X
Filename=telace.exe
Description=Added by the SDBOT.BVS WORM!
Source=Paul Collins Startup list
[OWCCardbusTray]
Number=7680
Confirmed=U
Filename=ocbtray.exe
Description=Icon in the system tray for safely removing PCMCIA cards. Only required if you have a laptop or desktop which includes a PCMCIA card interface
Source=Paul Collins Startup list
[OWCWebCamDV]
Number=7681
Confirmed=U
Filename=wcdvtray.exe
Description=WebCamDV from Orange Micro, Inc - enables the user to use a DV camera connected via Firewire as a Webcam
Source=Paul Collins Startup list
[OWMngr]
Number=7682
Confirmed=X
Filename=OWMngr.exe
Description=OnWebMedia/SearchSeekFind advertising foistware
Source=Paul Collins Startup list
[OxigenClientAdmin]
Number=7683
Confirmed=U
Filename=Oxigen.exe
Description=Open University Oxigen screensaver admin client. Downloads the latest information from the net to display in the screen saver
Source=Paul Collins Startup list
[oz2]
Number=7684
Confirmed=X
Filename=oz2.exe
Description=Added by the MYDOOM.W WORM!
Source=Paul Collins Startup list
[P0w3rF1Y]
Number=7685
Confirmed=X
Filename=svchost.exe
Description=Added by the MM TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[P17Helper]
Number=7686
Confirmed=U
Filename=Rundll32 P17.dll, P17Helper
Description=ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality
Source=Paul Collins Startup list
[P2P NETWORKING]
Number=7687
Confirmed=N
Filename=P2P Networking.exe
Description=Peer to Peer (P2P) sharing of files on the internet
Source=Paul Collins Startup list
[P2P Networking]
Number=7688
Confirmed=N
Filename=P2P
Description=Peer to Peer (P2P) sharing of files on the internet
Source=Paul Collins Startup list
[p2p networking]
Number=7689
Confirmed=X
Filename=p2pnetworking.exe
Description=Added by the RBOT-ECP WORM!
Source=Paul Collins Startup list
[P2P Networking2]
Number=7690
Confirmed=X
Filename= P2P Networking2.exe
Description=P2P Networking2.exe is an advertising program by Joltid. This process monitors your browsing habits and distributes the data back to the author's servers for analysis. This also prompts advertising popups. This program is a registered security risk and should be removed immediately
Source=Paul Collins Startup list
[P2P Networking3]
Number=7691
Confirmed=N
Filename=P2P Networking3.exe
Description=P2P Networking, a component bundled with Kazaa that enables other applications to use Peer-to-Peer functionality. Not required - see here
Source=Paul Collins Startup list
[p2pnetwork]
Number=7692
Confirmed=X
Filename=p2pnetwork.exe
Description=Added by the ALCAN.A WORM!
Source=Paul Collins Startup list
[p2pnetworking]
Number=7693
Confirmed=X
Filename=p2pnetworking.exe
Description=Added by the RBOT-AFL WORM!
Source=Paul Collins Startup list
[P3p4chk]
Number=7694
Confirmed=X
Filename=P3p4chk.exe
Description=Added by the GEMA TROJAN!
Source=Paul Collins Startup list
[p4mx4]
Number=7695
Confirmed=X
Filename=p4mx4.exe
Description=Added by the CRYPTER.A TROJAN!
Source=Paul Collins Startup list
[PaciSoft]
Number=7696
Confirmed=X
Filename=pacis.exe
Description=PacerD Media/Pacimedia.com adware installer
Source=Paul Collins Startup list
[Packard Bell EverSafe Tray Control]
Number=7697
Confirmed=?
Filename=TrayControl.exe
Description=Packard Bell EverSafe software. What does it do, and is it required?
Source=Paul Collins Startup list
[PadTouch]
Number=7698
Confirmed=N
Filename=PadExe.exe
Description=Toshiba Touch and Launch - offers easy movement and freedom of programs navigation with TouchPad
Source=Paul Collins Startup list
[Pagekeeper Jobs]
Number=7699
Confirmed=U
Filename=pkjobs.exe
Description=PageKeeper Jobs is a separate PageKeeper program that handles the analysis of new documents and keeps track of the location and content of current documents in PageKeeper. Pagekeeper comes bundled with scanners such has HP, Microtek, etc
Source=Paul Collins Startup list
[Pagekeeper Lite]
Number=7700
Confirmed=U
Filename=pkjobs.exe
Description=PageKeeper Jobs is a separate PageKeeper program that handles the analysis of new documents and keeps track of the location and content of current documents in PageKeeper. Pagekeeper comes bundled with scanners such has HP, Microtek, etc
Source=Paul Collins Startup list
[PAgent]
Number=7701
Confirmed=X
Filename=PAgent.exe
Description=Scans your hard drive for the popular P2P file-sharing applications BearShare, Grokster, Kazaa, Limewire and Morpheus. After searching the entire local filesystem for any files with those names it connects to the DownloadWare servers and tells it what, if anything, is found
Source=Paul Collins Startup list
[Pagis Scheduler]
Number=7702
Confirmed=N
Filename=Monitor.exe
Description=Scheduler for the Pagis scanning suite from Scansoft (now Nuance)
Source=Paul Collins Startup list
[pagmstart]
Number=7703
Confirmed=?
Filename=client.exe
Description=??
Source=Paul Collins Startup list
[Pagoo]
Number=7704
Confirmed=N
Filename=PAGOO.EXE
Description=Pagoo - internet call waiting. Intercepts telephone calls like an answering machine and plays the voice message on your PC. Only required when you're on-line and via dial-up modem
Source=Paul Collins Startup list
[paint.exe]
Number=7705
Confirmed=X
Filename=shnlog.exe
Description=Added by the PUPER-A TROJAN!
Source=Paul Collins Startup list
[PaintingRoom evidence monitor]
Number=7706
Confirmed=X
Filename=paintingroom.exe
Description=Paintingroom.com smiley software - not recommended as the site tries to drop a trojan on you...
Source=Paul Collins Startup list
[PaintingRoom smile monitor]
Number=7707
Confirmed=X
Filename=paintingroom.exe
Description=Paintingroom.com smiley software - not recommended as the site tries to drop a trojan on you...
Source=Paul Collins Startup list
[PAL Evidence Eliminator]
Number=7708
Confirmed=N
Filename=Cleaner.exe
Description=PAL Evidence Eliminator - cover the tracks of your browsing habits and E-mails if you think you need to. Run manually on a regular basis
Source=Paul Collins Startup list
[Palm Desktop]
Number=7709
Confirmed=N
Filename=Palm.exe
Description=Palm Desktop Software for use with Palm handheld devices. Available via Start -> Programs
Source=Paul Collins Startup list
[Palm MultiUser Config]
Number=7710
Confirmed=?
Filename=Configtool.exe
Description=MultiUser configuration for a Palm PDA device?. Is it required?
Source=Paul Collins Startup list
[palmOne Registration]
Number=7711
Confirmed=N
Filename=register.exe
Description=Registration reminder for Palm products
Source=Paul Collins Startup list
[PalNetaware]
Number=7712
Confirmed=X
Filename=pnetaware.exe
Description=PalTalk adware - as included in Morpheus
Source=Paul Collins Startup list
[PaltalkNetaware.exe]
Number=7713
Confirmed=N
Filename=PALNETAW~1.EXE
Description=Voice chat program. This program stores all buddy list info apparently on the server itself so you never lose your buddy list should you need to reinstall the program due for whatever reason or even reformat. Available via Start -> Programs. Delete the shortcut in Start -> Programs -> StartUp as well otherwise it will be reinstated
Source=Paul Collins Startup list
[pamela.exe]
Number=7714
Confirmed=U
Filename=pamela.exe
Description=Pamela is a plug-in or add-on that adds features to Skype peer to peer voice service
Source=Paul Collins Startup list
[Panasonic Communications Utility]
Number=7715
Confirmed=U
Filename=Mfpscdl.exe
Description=Port manager for Panasonic Panafax fax_machines
Source=Paul Collins Startup list
[Panasonic HotKey Manager]
Number=7716
Confirmed=U
Filename=HKEYAPP.EXE
Description=HotKey management for Panasonic rugged mobile PCs
Source=Paul Collins Startup list
[Panda Antispam Server Service]
Number=7717
Confirmed=U
Filename=PasSrv.exe
Description=AntiSpam software, part of Panda Platinum Internet Security
Source=Paul Collins Startup list
[Panda Cleaner]
Number=7718
Confirmed=Y
Filename=pavdr.exe
Description=Panda software related - possibly Panda ActiveScan
Source=Paul Collins Startup list
[Panda Preventium+ Service]
Number=7719
Confirmed=Y
Filename=PREVSRV.EXE
Description=Panda Antivirus
Source=Paul Collins Startup list
[Panda Scheduler]
Number=7720
Confirmed=U
Filename=pavsched.exe
Description=Panda Antivirus scan scheduler. Required if this is your virus scanner program and you have scans scheduled on a regular basis. I recommend that you scan manually so you don't need this but if you tend to forget then leave it
Source=Paul Collins Startup list
[Panda Software Intrenet]
Number=7721
Confirmed=X
Filename=panda.pif
Description=Added by the RBOT-ATZ WORM!
Source=Paul Collins Startup list
[PandaAVEngine]
Number=7722
Confirmed=X
Filename=PandaAVEngine.exe
Description=Added by the NETSKY.R WORM!
Source=Paul Collins Startup list
[PandaScheduler]
Number=7723
Confirmed=U
Filename=pavsched.exe
Description=Panda Antivirus scan scheduler. Required if this is your virus scanner program and you have scans scheduled on a regular basis. I recommend that you scan manually so you don't need this but if you tend to forget then leave it
Source=Paul Collins Startup list
[Pando]
Number=7724
Confirmed=U
Filename=Pando.exe
Description="Pando is free software that lets you send and receive files and folders of any size* with your existing email address"
Source=Paul Collins Startup list
[Pantera]
Number=7725
Confirmed=X
Filename=pantera.exe
Description=Added by the SDBOT.AYN WORM!
Source=Paul Collins Startup list
[Paperport]
Number=7726
Confirmed=N
Filename=runppdrv.exe
Description=Loads the drivers associated with monitoring scanner status associated with PaperPort software. Can be a resource hog - see here
Source=Paul Collins Startup list
[PaperPort PTD]
Number=7727
Confirmed=N
Filename=pptd40nt.exe
Description="PaperPort" software associated with scanners
Source=Paul Collins Startup list
[PaperQuote System Tray Icon]
Number=7728
Confirmed=N
Filename=PQTRAY.EXE
Description=PaperQuote is a "wallpaper" changer with daily quotes that are either for inspiration or motivation
Source=Paul Collins Startup list
[Parallel Tasking]
Number=7729
Confirmed=X
Filename=ptask.exe
Description=Added by the SMALL-CJ TROJAN!
Source=Paul Collins Startup list
[ParetoLogic Anti-Spyware]
Number=7730
Confirmed=U
Filename=Pareto_AS.exe
Description="ParetoLogic Anti-Spyware delivers Active Protection in the form of real-time blocking"
Source=Paul Collins Startup list
[PartSeal]
Number=7731
Confirmed=U
Filename=PartSeal.exe
Description=System backup for Sony Vaio PCs. Adds a recovery mechanism for users over and above any System Restore features - allowing users to revert a drive back to the state it was when bought form the factory by hitting F10. The user obviously loses any data stored if not backed-up elsewhere
Source=Paul Collins Startup list
[Password Door Loader]
Number=7732
Confirmed=U
Filename=PDMonitor.exe
Description=Password Door - password protection software
Source=Paul Collins Startup list
[Password Tracker Deluxe]
Number=7733
Confirmed=U
Filename=PwTrkr.exe
Description="Password Tracker Deluxe stores passwords and usernames neatly and securely (encrypted) on your computer"
Source=Paul Collins Startup list
[PasteLister]
Number=7734
Confirmed=N
Filename=plister.exe
Description=PasteLister - clipboard extender. Start manually when required
Source=Paul Collins Startup list
[PAS_Check]
Number=7735
Confirmed=N
Filename=udcpas.exe
Description=DriveCleaner is a security assesment tool which gives exaggerated reports of security and privacy risks on a computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported risks
Source=Paul Collins Startup list
[pas_check]
Number=7736
Confirmed=N
Filename=pasmon.exe
Description=SystemDoctor is a security risk that may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported threats
Source=Paul Collins Startup list
[Patch]
Number=7737
Confirmed=X
Filename=patch.exe
Description=Added by the NETBUS WORM!
Source=Paul Collins Startup list
[Patches Value]
Number=7738
Confirmed=X
Filename=WinGamed.exe
Description=Added by the SDBOT.BR WORM!
Source=Paul Collins Startup list
[Path]
Number=7739
Confirmed=?
Filename=lide.exe
Description=??
Source=Paul Collins Startup list
[pathname]
Number=7740
Confirmed=X
Filename=pathname.exe
Description=Added by the IRCCONTACT TROJAN!
Source=Paul Collins Startup list
[PathNvidiaTV]
Number=7741
Confirmed=?
Filename=patchnvidiaTVout.exe
Description=Appears to be related to Nvidia Gigabyte Video card. Typical file location is the Program Files\Gigabyte\Nvidia folder
Source=Paul Collins Startup list
[PAV.EXE]
Number=7742
Confirmed=X
Filename=%Number%
Description=Added by the KITRO.D (or ARGEN.A) WORM! %Number% can be any number
Source=Paul Collins Startup list
[PAV.EXE]
Number=7743
Confirmed=Y
Filename=PAV.EXE
Description=PER Antivirus
Source=Paul Collins Startup list
[PAVFIRES]
Number=7744
Confirmed=Y
Filename=PavFires.exe
Description=Panda Antivirus
Source=Paul Collins Startup list
[PAVFNSVR]
Number=7745
Confirmed=Y
Filename=PavFnSvr.exe
Description=Panda Antivirus
Source=Paul Collins Startup list
[Pavkre9x]
Number=7746
Confirmed=Y
Filename=pavkre9x.exe
Description=Panda Antivirus
Source=Paul Collins Startup list
[PavProc]
Number=7747
Confirmed=Y
Filename=PavPrS9x.exe
Description=Panda Antivirus
Source=Paul Collins Startup list
[PavProt]
Number=7748
Confirmed=Y
Filename=PavProt.exe
Description=Panda Antivirus
Source=Paul Collins Startup list
[Pavprot9]
Number=7749
Confirmed=Y
Filename=Pavprot9.exe
Description=Panda Antivirus
Source=Paul Collins Startup list
[PayTime]
Number=7750
Confirmed=X
Filename=paytime.exe
Description=Added by the STARTPA-YR TROJAN!
Source=Paul Collins Startup list
[pbagent]
Number=7751
Confirmed=U
Filename=pbagent.exe
Description=Probot keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list
[PBKScheduler]
Number=7752
Confirmed=U
Filename=PBKScheduler.exe
Description=Scheduler for CyberLink PowerBackup - archiving/backup utility
Source=Paul Collins Startup list
[PC Alert III]
Number=7753
Confirmed=U
Filename=alert.exe
Description=MSI PC Alert III - allows you to view your system and cpu temperature, fan rpm and more. Only required if you overclock
Source=Paul Collins Startup list
[PC Booster]
Number=7754
Confirmed=U
Filename=pcbooster.exe
Description=PC Booster from inKline Global - "easy-to-use computer system optimizer that gives your system the extra speed and stability you want while ensuring that your computer is kept clean and in tip-top condition"
Source=Paul Collins Startup list
[PC Doc Pro - 3.1]
Number=7755
Confirmed=U
Filename=pcdocpro.exe
Description=PC Doc Pro (now Win Doc Pro) - system health check and fix utility
Source=Paul Collins Startup list
[PC Dynamics SdwMon32]
Number=7756
Confirmed=U
Filename=sdwmon32.exe
Description=SafeHouse "Personal Privacy" protects and hides your private and personal photos, videos, files and folders by making them "invisible" and encrypted
Source=Paul Collins Startup list
[PC Pitstop Optimize Scheduler]
Number=7757
Confirmed=U
Filename=PCPOptimize.exe
Description=PC Pitstop Optimize - "an application that will make your PC run faster, make it more stable, and clean up hard drive space"
Source=Paul Collins Startup list
[PC Spy Keylogger]
Number=7758
Confirmed=U
Filename=ToolKeylogger.exe
Description=PCSpyKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list
[PC-Config32]
Number=7759
Confirmed=X
Filename=corona.exe
Description=Added by the CORONEX.A WORM!
Source=Paul Collins Startup list
[PC2X]
Number=7760
Confirmed=X
Filename=initial.bat
Description=Added by the DWNLDR-FZZ TROJAN!
Source=Paul Collins Startup list
[pcAnywhere Agent]
Number=7761
Confirmed=U
Filename=pcamgt.exe
Description=Part of pcAnywhere 9.0 or later. This process listens for incoming PC Anywhere connections if your PC is configured as a PC Anywhere host
Source=Paul Collins Startup list
[PCBG]
Number=7762
Confirmed=Y
Filename=PCBODYGUARD.EXE
Description=PC Bodyguard from Calluna - protects system files and settings from being deleted, modified, etc
Source=Paul Collins Startup list
[PCBODYGUARD]
Number=7763
Confirmed=Y
Filename=PCBODYGUARD.EXE
Description=PC Bodyguard from Calluna - protects system files and settings from being deleted, modified, etc
Source=Paul Collins Startup list
[PcBoost]
Number=7764
Confirmed=U
Filename=PcBoost.exe
Description=PCBoost from PGWARE, LLC increases computer performance by allocating higher portions of CPU power to active applications and games
Source=Paul Collins Startup list
[PCCClient.exe]
Number=7765
Confirmed=Y
Filename=PCCClient.exe
Description=PC-Cillin 2002 antivirus software
Source=Paul Collins Startup list
[pccguide.exe]
Number=7766
Confirmed=Y
Filename=pccguide.exe
Description=PC-Cillin 2002 antivirus software
Source=Paul Collins Startup list
[PCCIOMON.EXE]
Number=7767
Confirmed=Y
Filename=PCCIOMON.EXE
Description=PC-Cillin 2000 antivirus software. This is the actual virus-scanner
Source=Paul Collins Startup list
[PCClient.exe]
Number=7768
Confirmed=Y
Filename=PCClient.exe
Description=Trend Micro PC-Cillin Internet Security
Source=Paul Collins Startup list
[PccPfw]
Number=7769
Confirmed=Y
Filename=PccPfw.exe
Description=Trend Micro PC-Cillin Internet Security
Source=Paul Collins Startup list
[PcCtlCom]
Number=7770
Confirmed=Y
Filename=Pcctlcom.exe
Description=Trend Micro PC-cillin Internet Security
Source=Paul Collins Startup list
[PCDRealtime]
Number=7771
Confirmed=N
Filename=realtime.exe
Description=Apparently the monitoring device for PC Doctor Online. It provides a "free" examination on system files (i.e. registry), reports the number of errors it finds, and invites you to "order" the fee-based fixes from its web site
Source=Paul Collins Startup list
[PcEXPLODE]
Number=7772
Confirmed=X
Filename=specialfile.exe
Description=Added by the RBOT.RH WORM!
Source=Paul Collins Startup list
[PCHbutton]
Number=7773
Confirmed=N
Filename=PCHbutton.exe
Description=Used by HP Instant Support
Source=Paul Collins Startup list
[PCHealth]
Number=7774
Confirmed=N
Filename=pchschd.exe
Description=This is a "scheduler" and does not turn off PC Health. For more information refer here
Source=Paul Collins Startup list
[PCHEasySearch]
Number=7775
Confirmed=X
Filename=STUpdate.exe
Description=PCH EasySearch bar
Source=Paul Collins Startup list
[PCIMODEM]
Number=7776
Confirmed=?
Filename=pcimodem.exe
Description=Associated with Lucent based Aztech MDP7800-U PCI modems. Is it required?
Source=Paul Collins Startup list
[PCLEPCI]
Number=7777
Confirmed=U
Filename=ppe.exe
Description=Pinnacle Systems PCI Performance Enhancer. "This tool helps to increase the PCI Busmaster performance of all Pinnacle PCI boards."
Source=Paul Collins Startup list
[PClK]
Number=7778
Confirmed=X
Filename=PClK.exe
Description=Added by the LEGMIR-BL TROJAN!
Source=Paul Collins Startup list
[PCMCIA Resource Monitor]
Number=7779
Confirmed=?
Filename=nvp2pmon.exe
Description=NVIDIA nForce P2P Driver. What does it do and is it required?
Source=Paul Collins Startup list
[PCMMRealtime]
Number=7780
Confirmed=U
Filename=pcmm.exe
Description=PC MightyMax - diagnostic program that identifies and fixes problems. However, some users report it does the opposite and messes up their systems (see here) and they also have problems removing it (see here)
Source=Paul Collins Startup list
[PCMService]
Number=7781
Confirmed=U
Filename=PCMService.exe
Description=Part of Cyberlink's Power Cinema. Commonly distributed with the Dell MultiMedia software suite. It is used to watch movies, play music and even watch TV in a central location
Source=Paul Collins Startup list
[PCPitStopEraser]
Number=7782
Confirmed=U
Filename=PCPitStopErase.exe
Description="PC PitStop Erase is both a free privacy scanner and paid tracks cleaner"
Source=Paul Collins Startup list
[PCPOptimize]
Number=7783
Confirmed=U
Filename=PCPOptimize.exe
Description=PC Pitstop Optimize - "an application that will make your PC run faster, make it more stable, and clean up hard drive space"
Source=Paul Collins Startup list
[PCprot]
Number=7784
Confirmed=X
Filename=crcss.exe
Description=Added by an unidentified WORM!
Source=Paul Collins Startup list
[pcqmqgn.exe]
Number=7785
Confirmed=?
Filename=pcqmqgn.exe
Description=??
Source=Paul Collins Startup list
[PCRecSA]
Number=7786
Confirmed=U
Filename=PCRecSA.exe
Description=Part of the IBM/XPoint Rapid Restore backup utility. If you choose, you can use it to create a "clean" backup of your hard drive. The process involves the software partitioning your hard drive, making a compressed image of the working drive which will then allow you to revert to that should you need to
Source=Paul Collins Startup list
[pcServer]
Number=7787
Confirmed=X
Filename=server.exe
Description=Ssppyy spyware
Source=Paul Collins Startup list
[PCShield]
Number=7788
Confirmed=X
Filename=regsvr32 [path] sfg_****.dll [* = random char]
Description=SafeguardProtect/Veevo hijacker
Source=Paul Collins Startup list
[PCStart]
Number=7789
Confirmed=N
Filename=Pcm25.exe
Description=Runs as part of PCMonitor which is a program for monitoring your activity on your system. It makes screen dumps and key logging. It can hang-up your system because the screen dump page gets VERY big
Source=Paul Collins Startup list
[PCSuiteTrayApplication]
Number=7790
Confirmed=N
Filename=TrayApplication.exe
Description=System Tray icon for Nokia PC Suite. PC Suite lets you synchronize, edit, and back up many of your phone's files on a compatible PC through a wireless or cable connection. PC Suite can also be launched through Start Menu
Source=Paul Collins Startup list
[PCSuiteTrayApplication]
Number=7791
Confirmed=N
Filename=LaunchApplication.exe
Description=System Tray icon for Nokia PC Suite. PC Suite lets you synchronize, edit, and back up many of your phone's files on a compatible PC through a wireless or cable connection. PC Suite can also be launched through Start Menu
Source=Paul Collins Startup list
[Pcsv]
Number=7792
Confirmed=X
Filename=pcsvc.exe
Description=Delfin Media Viewer or "Promulgate" adware
Source=Paul Collins Startup list
[PcSync]
Number=7793
Confirmed=N
Filename=PcSync.exe
Description=If a Nokia phone has been connected, synchronises the phone with MS Outlook or other organiser software. It is installed by the Nokia PC Suite, and the tray icon shows if a phone has been connected. Available via a desktop shortcut or Start -> Programs
Source=Paul Collins Startup list
[PcSync]
Number=7794
Confirmed=X
Filename=PcSync.exe
Description=Added by the RBOT-XJ WORM! Note - do not confuse with the Nokia application described here
Source=Paul Collins Startup list
[PCTAVApp]
Number=7795
Confirmed=Y
Filename=PCTAV.exe
Description=Related to PC TOOLS Antivirus software
Source=Paul Collins Startup list
[PcThrust]
Number=7796
Confirmed=U
Filename=PcThrust.exe
Description=PCThrust from SwiftDog - "increases computer performance by allocating higher portions of CPU power to active applications and games"
Source=Paul Collins Startup list
[pctspk]
Number=7797
Confirmed=U
Filename=pctspk.exe
Description=Used for modems based upon PC-TEL chipsets. Normally used for some Voice and Speakerphone functions and also for some Power management options. If you remove it you may not be able to use any of those functions
Source=Paul Collins Startup list
[PCTVOICE]
Number=7798
Confirmed=U
Filename=pctvoice.exe
Description=The program PCTVoice is used by the modem to interface with your computer and also used for some V.80 functions for Video Conferencing. if you uncheck it, it comes back. It's better to leave it
Source=Paul Collins Startup list
[PCTVRemote]
Number=7799
Confirmed=U
Filename=remoterm.exe
Description=Controls the remote control on some Pinnacle TV tuners
Source=Paul Collins Startup list
[PCWatch]
Number=7800
Confirmed=U
Filename=pcwatch.exe
Description=PCWatch surveillance software. Uninstall this software if you did not install it yourself
Source=Paul Collins Startup list
[PDA Commander]
Number=7801
Confirmed=X
Filename=stisvc32.exe
Description=Added by the AGOBOT-TX WORM!
Source=Paul Collins Startup list
[PdaNet Desktop]
Number=7802
Confirmed=U
Filename=PdaNetPC.exe
Description=PdaNet from June Fabrics Technology Inc. Use Windows Mobile Smartphone or PocketPC Phone as wireless modem for your PC
Source=Paul Collins Startup list
[PDASCAN]
Number=7803
Confirmed=X
Filename=pdascan.exe
Description=Added by the AGOBOT-QY WORM!
Source=Paul Collins Startup list
[PDDM]
Number=7804
Confirmed=U
Filename=pddm.exe
Description=Patchlink Update - "core product of the leading patch and vulnerability management software solution for medium and large enterprise network security"
Source=Paul Collins Startup list
[PDEngine]
Number=7805
Confirmed=U
Filename=PDEngine.exe
Description=PerfectDisk from Raxco - disk defragmenter. Only required if you schedule disk defragmenting at re-boot
Source=Paul Collins Startup list
[pdexplo]
Number=7806
Confirmed=N
Filename=PDEXPLO.EXE
Description=PowerDesk Pro by PowerDesk Pro by Ontrack. Enhanced desktop and file manager. Available via Start -> Programs
Source=Paul Collins Startup list
[PDF Converter Registry Controller]
Number=7807
Confirmed=?
Filename=RegistryController.exe
Description=Nuance (was Scansoft) PDF Converter Registry Controller
related - what does it do and is it required?
Source=Paul Collins Startup list
[pdfFactory Dispatcher v1]
Number=7808
Confirmed=U
Filename=fppdis1a.exe
Description=FinePrint pdfFactory Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory printer. Version 1.x of the software. "pdfFactory products offer a unique approach to PDF creation that is simpler, more effective and less expensive than that offered by other programs"
Source=Paul Collins Startup list
[pdfFactory Dispatcher v2]
Number=7809
Confirmed=U
Filename=fppdis2a.exe
Description=FinePrint pdfFactory Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory printer. Version 2.x of the software. "pdfFactory products offer a unique approach to PDF creation that is simpler, more effective and less expensive than that offered by other programs"
Source=Paul Collins Startup list
[pdfFactory Pro Dispatcher v1]
Number=7810
Confirmed=U
Filename=fppdis1.exe
Description=FinePrint pdfFactory Pro Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory PRO printer. Version 1.x of the software. "pdfFactory products offer a unique approach to PDF creation that is simpler, more effective and less expensive than that offered by other programs"
Source=Paul Collins Startup list
[pdfFactory Pro Dispatcher v3]
Number=7811
Confirmed=U
Filename=fppdis3a.exe
Description=FinePrint pdfFactory Pro Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory Pro printer. Version 3.x of the software. "pdfFactory products offer a unique approach to PDF creation that is simpler, more effective and less expensive than that offered by other programs"
Source=Paul Collins Startup list
[pdfMachine dispatcher]
Number=7812
Confirmed=U
Filename=mapisnd.exe
Description=pdfMachine Windows print driver
Source=Paul Collins Startup list
[pdfSaver3]
Number=7813
Confirmed=N
Filename=pdfSaver3.exe
Description=PDF-XChange - create Adobe compatible PDF files from virtually any Windows software such as MS Word, Excel, AutoCAD, MS Publisher etc
Source=Paul Collins Startup list
[PDirect]
Number=7814
Confirmed=N
Filename=PDirect.exe
Description=IBM Presentation Director software
Source=Paul Collins Startup list
[pdp Server]
Number=7815
Confirmed=U
Filename=ctpdpsrvr.exe
Description=Included and setup with the drivers for my Compaq A3000 all-in-one printer/scanner - maybe for networking. Works fine without it - but may be needed when used over a network
Source=Paul Collins Startup list
[PDService.exe]
Number=7816
Confirmed=U
Filename=pdservice.exe
Description=Related to Utimaco Safeware Easy. "Your electronic safe for protecting confidential data"
Source=Paul Collins Startup list
[PDVDServ]
Number=7817
Confirmed=U
Filename=PDVDServ.exe
Description=Remote Control background application for Cyberlink's PowerDVD version 5 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one
Source=Paul Collins Startup list
[Pe2ckfnt SE]
Number=7818
Confirmed=N
Filename=chkfont.exe
Description=Used to check whether the fonts are installed properly on your computer or not for a scanner. If you don't want to execute it, you can uncheck it in the startup menu
Source=Paul Collins Startup list
[PECarlin]
Number=7819
Confirmed=X
Filename=PECarlin.exe
Description=Adware - see here
Source=Paul Collins Startup list
[Peeramid]
Number=7820
Confirmed=?
Filename=PService.exe
Description=In a "Koptimizer" folder in Program Files. What does it do and is it required?
Source=Paul Collins Startup list
[PeerGuardian]
Number=7821
Confirmed=U
Filename=PeerGuardian_1.99b_pr14.exe
Description=PeerGuardian - IP blocker for Windows. Used to protect privacy on P2P networks by blocking IP addresses specified in blocklists. Features support for multiple lists, a list editor, automatic blocklist updates, and blocking all of IPv4 (TCP, UDP, ICMP, etc)
Source=Paul Collins Startup list
[PeerGuardian]
Number=7822
Confirmed=U
Filename=pg2.exe
Description=PeerGuardian - IP blocker for Windows. Used to protect privacy on P2P networks by blocking IP addresses specified in blocklists. Features support for multiple lists, a list editor, automatic blocklist updates, and blocking all of IPv4 (TCP, UDP, ICMP, etc)
Source=Paul Collins Startup list
[Pent@VALUE 3.2]
Number=7823
Confirmed=U
Filename=Pent@VALUE.exe
Description=Pent@VALUE Digital Satellite Internet PC Receiver
Source=Paul Collins Startup list
[PeqBL100]
Number=7824
Confirmed=X
Filename=PEQBL100.exe
Description=Added by the ENVID.D WORM!
Source=Paul Collins Startup list
[PER Email Protection]
Number=7825
Confirmed=Y
Filename=pavmail.exe
Description=PER Antivirus
Source=Paul Collins Startup list
[PerfectPrint]
Number=7826
Confirmed=N
Filename=pfppop70.exe
Description=Print engine used by Corel WordPerfect 7 and Presentations 7
Source=Paul Collins Startup list
[PerfFont (Performance True Type Font)]
Number=7827
Confirmed=X
Filename=perfont.exe
Description=Added by the MUTECH-E TROJAN!
Source=Paul Collins Startup list
[perfmon]
Number=7828
Confirmed=U
Filename=perfmon.vbs
Description=MindStorm AnalyzerPro from Secure Associates. "A security management tool for customers easy to manage report and analyze security events across heterogeneous security devices"
Source=Paul Collins Startup list
[Perfomance Monitor]
Number=7829
Confirmed=X
Filename=davcsync.exe
Description=Added by the LAMUD-A WORM!
Source=Paul Collins Startup list
[Perfomance Settings]
Number=7830
Confirmed=X
Filename=svchost.exe
Description=Added by the TOFGER-AP TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list
[Performance]
Number=7831
Confirmed=X
Filename=MyHeart.exe
Description=Added by the PESIN-D WORM!
Source=Paul Collins Startup list
[Performs peer to peer connection]
Number=7832
Confirmed=X
Filename=WinPTTP.exe
Description=Added by the RBOT-GMI WORM!
Source=Paul Collins Startup list
[PersFw]
Number=7833
Confirmed=Y
Filename=PersFw.exe
Description=Kerio or Tiny Personal Firewall
Source=Paul Collins Startup list
[Persistence]
Number=7834
Confirmed=N
Filename=igfxpers.exe
Description=Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. Not known exactly what it does but apparently it isn't required
Source=Paul Collins Startup list
[Personal Computer]
Number=7835
Confirmed=X
Filename=scvhost.exe
Description=Added by the RBOT-AJE WORM!
Source=Paul Collins Startup list
[Personal Firwall]
Number=7836
Confirmed=X
Filename=ptmedsrv.exe
Description=Added by the SDBOT.XY WORM!
Source=Paul Collins Startup list
[Pervasive.SQL Workgroup Engine]
Number=7837
Confirmed=U
Filename=W3dbsmgr.exe
Description=Database Service Manager for Pervasive SQL 2000 Workgroup edition. Required if you use Pervasive SQL but it's recommended you start it manually before using it as it has a tendancy to crash/freeze if loaded with other applications at startup
Source=Paul Collins Startup list
[PestPatrol Control Center]
Number=7838
Confirmed=U
Filename=PPControl.exe
Description=PestPatrol Control Terminal - utility that launched PestPatrol features such as PPMemCheck and CookiePatrol before CA's acquisition
Source=Paul Collins Startup list
[PestPatrolCL]
Number=7839
Confirmed=?
Filename=PestPatrolCL.exe
Description=PestPatrol's command line scanner, combines with the Windows Task scheduler and is required in cases where schedules for regular scanning are set
Source=Paul Collins Startup list
[PestTrap]
Number=7840
Confirmed=N
Filename=PestTrap.exe
Description=Spyware remover - not recommended, see here
Source=Paul Collins Startup list
[Petit Larousse 2001]
Number=7841
Confirmed=U
Filename=HIPL2000Popup.exe
Description=Popup dictionary tool
Source=Paul Collins Startup list
[Pex Sound Driver]
Number=7842
Confirmed=X
Filename=Today's Results.vbs
Description=Added by the TRODE-A WORM!
Source=Paul Collins Startup list
[pex Sound driver 2]
Number=7843
Confirmed=X
Filename=Today's Results.vbs
Description=Added by the TRODE-A WORM!
Source=Paul Collins Startup list
[PFW_CfgEngine]
Number=7844
Confirmed=?
Filename=PFWCFG~1.EXE
Description=Personal Firewall related?
Source=Paul Collins Startup list
[PFW_PullSrv]
Number=7845
Confirmed=?
Filename=PULL.EXE
Description=Personal Firewall related?
Source=Paul Collins Startup list
[PgMonitr]
Number=7846
Confirmed=X
Filename=PgMonitr.exe
Description=Delfin Promulgate adware variant
Source=Paul Collins Startup list
[PGPSDKSVC]
Number=7847
Confirmed=Y
Filename=pgpsdkserv.exe
Description=PGPsdkServ.exe is the new SDK service which is responsible for performing all PGP key management and cryptographic functions. This functionality was moved into a service to allow multiple modules simultaneous read/write access to the keyrings, among other things. As you can imagine, it is necessary for PGPsdkServ to be running in order to perform practically any PGP functionality
Source=Paul Collins Startup list
[PGPSERVICE]
Number=7848
Confirmed=U
Filename=pgpservice.exe
Description=PGPservice.exe has two main purposes: (1) it handles a large part of the PGPnet functionality (along with the PGPnet driver) and (2) it allows efficient access to the PGP preferences database. The individual PGP modules normally access the preferences through PGPservice, but they are capable of a "fall-back" mode where they can handle such access on their own. Thus, if you are not running PGPnet, you may not immediately notice much of a difference if you disable PGPservice. If you are running PGPnet, you will notice a big difference
Source=Paul Collins Startup list
[PGPtray]
Number=7849
Confirmed=N
Filename=pgptray.exe
Description=PGP 7.x. Provides icon tray shortcuts to PGP programs from Network Associates. Available via Start -> Programs
Source=Paul Collins Startup list
[PGQL]
Number=7850
Confirmed=X
Filename=pgql.exe
Description=Added by the PQN TROJAN!
Source=Paul Collins Startup list
[PGStub.exe]
Number=7851
Confirmed=X
Filename=[various filenames]
Description=Unidentified adware
Source=Paul Collins Startup list
[pgtaff]
Number=7852
Confirmed=X
Filename=pgtaff.exe
Description=AdRotator adware variant
Source=Paul Collins Startup list
[phc700]
Number=7853
Confirmed=U
Filename=vphc700.exe
Description=Related to the Philips SPC700NC web camera
Source=Paul Collins Startup list
[PhiBtn]
Number=7854
Confirmed=Y
Filename=PhiBtn.exe
Description=Snapshot and Launch button application from Philips belonging to Philips SPC 900NC Camera
Source=Paul Collins Startup list
[Phime2002a]
Number=7855
Confirmed=N
Filename=TINTSETP.EXE
Description=Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word
Source=Paul Collins Startup list
[PHIME2002ASync]
Number=7856
Confirmed=N
Filename=TINTSETP.EXE
Description=Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word
Source=Paul Collins Startup list
[PHIME2004C]
Number=7857
Confirmed=X
Filename=CTFMDN.exe
Description=Added by the DLOADR-AMV TROJAN!
Source=Paul Collins Startup list
[PHIME2OO2ASyst]
Number=7858
Confirmed=X
Filename=[path to trojan]
Description=Added by the DBDOOR-B TROJAN!
Source=Paul Collins Startup list
[PhoneFree version 6.2]
Number=7859
Confirmed=U
Filename=PHONEF??.EXE
Description=An Internet telephony application. Complicated registration and ad banners tailored to your profile - see here
Source=Paul Collins Startup list
[Photo Express Calendar Checker SE]
Number=7860
Confirmed=N
Filename=CALCHECK.EXE
Description=If you create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper, Photo Express will replace the wallpaper automatically. Photo Express 2.0 has a calendar checker which checks the date on your system and updates your wallpaper accordingly
Source=Paul Collins Startup list
[Photo Loader supervisory]
Number=7861
Confirmed=N
Filename=Plauto.exe
Description=Casio's Photo Loader software. Hook up your camera to the USB port, and it pops up and asks you if you want to load your pictures
Source=Paul Collins Startup list
[Photoshop]
Number=7862
Confirmed=X
Filename=svchost.exe
Description=Added by the CDOPEN-E TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the "Program Files" folder
Source=Paul Collins Startup list
[PhotoShow Deluxe Media Manager]
Number=7863
Confirmed=N
Filename=mssysmgr.exe
Description=Simple Star PhotoShow Deluxe photo editing and organizing software, makes it easy to send and share digital photos. Bundled with software from Nero, ComCast, SnapFish, MacroMedia and others
Source=Paul Collins Startup list
[PhotoWise QuickLink]
Number=7864
Confirmed=N
Filename=quicklnk.exe
Description=Agfa PhotoWise - "PhotoWise QuickLinkTM lets you drag and drop photos right from the camera into your document (applications must be OLE-compliant). Use PhotoWise to print contact sheets and photographic prints. Create slide shows, screen savers, wallpaper and more."
Source=Paul Collins Startup list
[PhraseExpress]
Number=7865
Confirmed=U
Filename=phrase.exe
Description="PhraseExpress organizes your frequently used text phrases and allows pasting them into any application"
Source=Paul Collins Startup list
[PIC SYSTEM]
Number=7866
Confirmed=X
Filename=picx.exe
Description=Added by the MYTOB.LL WORM!
Source=Paul Collins Startup list
[Picasa Media Detector]
Number=7867
Confirmed=N
Filename=PicasaMediaDetector.exe
Description=Media detector for Picasa's automatic photo organizer
Source=Paul Collins Startup list
[PicasaNet]
Number=7868
Confirmed=N
Filename=Hello.exe
Description=Hello is an application that allows Blogger users to post digital photos and captions directly to their personal weblogs, or blogs
Source=Paul Collins Startup list
[Pickatag]
Number=7869
Confirmed=N
Filename=pickatag.exe
Description=Pick-a-tag - "freeware utility for random selection of your taglines. This utility randomly picks a tagline out of a list of taglines. It will create a signature file which your mailer can use to place under your messages"
Source=Paul Collins Startup list
[PICPRTR]
Number=7870
Confirmed=N
Filename=PICPRTR.EXE
Description=Program for viewing and measuring a variety of 3D CAD data formats
Source=Paul Collins Startup list
[picsvr]
Number=7871
Confirmed=X
Filename=picsvr.exe
Description=Delfin Promulgate adware
Source=Paul Collins Startup list
[pictureBUZZTray]
Number=7872
Confirmed=N
Filename=swtray.exe
Description=System Tray access to PictureBUZZ on-line printing software from Streetwise Software. If you use the software set the page you use as a favourite in your browser and run it manually
Source=Paul Collins Startup list
[PiDunHK]
Number=7873
Confirmed=U
Filename=PIDUNHK.EXE
Description=Part of the Prodigy Internet software - part of the dialer/DUN. Presumably needed for users of that service otherwise you may not be able to connect, although you may try creating your own shortcut and see what happens
Source=Paul Collins Startup list
[pigglett]
Number=7874
Confirmed=X
Filename=pigglett.exe
Description=Added by a variant of the SMALL.EP TROJAN!
Source=Paul Collins Startup list
[piiserviceOE]
Number=7875
Confirmed=U
Filename=N/A
Description=Spam Inspector (nee Postal Inspector) from The Giant Company or iHateSpam from Sunbelt Software - spam filter add-ons for OE
Source=Paul Collins Startup list
[pilif]
Number=7876
Confirmed=X
Filename=pilif.exe
Description=Added by the FILI WORM!
Source=Paul Collins Startup list
[Pinger]
Number=7877
Confirmed=N
Filename=pinger.exe
Description=Pinger is the resident program for Toshiba updates. Periodically checks to see if there are any software/driver upgrades for your particular computer model. If it finds any, it posts a notification
Source=Paul Collins Startup list
[PingTimeout Institution]
Number=7878
Confirmed=X
Filename=pingchek.exe
Description=Added by the SDBOT-VY WORM!
Source=Paul Collins Startup list
[PingTimeout Institution]
Number=7879
Confirmed=X
Filename=internal.exe
Description=Added by the SDBOT.BMH WORM!
Source=Paul Collins Startup list
[PinnacleDriverCheck]
Number=7880
Confirmed=Y
Filename=PSDrvCheck.exe
Description=Part of Pinnacle Systems InstantCD/DVD and InstantCopy CD/DVD copying software that verifies drive settings. Once loaded it doesn't use any resources so you can leave it enabled
Source=Paul Collins Startup list
[Piolet]
Number=7881
Confirmed=N
Filename=piolet.exe
Description=Piolet - peer-to-peer file sharing client
Source=Paul Collins Startup list
[PIPE SYSTEM]
Number=7882
Confirmed=X
Filename=pipe.exe
Description=Added by the MYTOB-FF WORM!
Source=Paul Collins Startup list
[Piracy]
Number=7883
Confirmed=N
Filename=SysUtil.exe
Description=Software Piracy Alert feature bundled with PGWare software. Cries foul when it detects an 'illegal' version. The alerts are reported to disappear as soon as the software is correctly registered. There are privacy issues though: "The Software includes a feature that assigns a unique order number to GameGain based on purchase information. The Software reports this number to us via the internet either when you run the Software or enter the registration number, or both. The Software may also identify and report to us your IP address, date and time of installation, registration and/or use. We use this information strictly to count the number of installations, detect unauthorized access or piracy of the Software, and develop rough statistical data regarding the geographic location of our users"
Source=Paul Collins Startup list
[PivotSoftware]
Number=7884
Confirmed=N
Filename=wpctrl.exe
Description=PivotPro from Portrait Studios - allows a screen to be rotated to match rotated LCD screens, for example). Shortcut available via Display Properties
Source=Paul Collins Startup list
[Pixel32]
Number=7885
Confirmed=X
Filename=Pixel32.exe
Description=Added by the GEMA TROJAN!
Source=Paul Collins Startup list
[Pixelpwr32]
Number=7886
Confirmed=X
Filename=Pixelpwr32.exe
Description=Added by the GEMA TROJAN!
Source=Paul Collins Startup list
[Pixelsvr]
Number=7887
Confirmed=X
Filename=Pixelsvr.exe
Description=Added by the GEMA TROJAN!
Source=Paul Collins Startup list
[pjWebCam]
Number=7888
Confirmed=U
Filename=pjWebCam.exe
Description=Webcam automation software that saves regular photos from webcam and can also act as HTTP server
Source=Paul Collins Startup list
[PK Guard]
Number=7889
Confirmed=X
Filename=pkguard32.exe
Description=Added by the GUAPIM WORM!
Source=Paul Collins Startup list
[PK Services]
Number=7890
Confirmed=X
Filename=pksvc.exe
Description=Added by the FORBOT-BW WORM!
Source=Paul Collins Startup list
[PktAnything]
Number=7891
Confirmed=U
Filename=PocketCompanion.exe
Description=PocketAnything lets you save anything on your computer to your mobile, with one click
Source=Paul Collins Startup list
[Planlćgningsagent]
Number=7892
Confirmed=U
Filename=mstask.exe
Description=Windows Task Scheduler (on Danish language versions of Windows) - displayed as a box with a stopwatch in the System Tray. Required if you have regularly scheduled tasks like defragmenting, ScanDisk, weekly virus scans and so on
Source=Paul Collins Startup list
[Plasdll service]
Number=7893
Confirmed=X
Filename=[random filename]
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Playboy]
Number=7894
Confirmed=X
Filename=playavi.exe
Description=Added by the GAMANLOCK TROJAN!
Source=Paul Collins Startup list
[PLEAPCPUCPL]
Number=7895
Confirmed=U
Filename=pleapu.exe
Description=CPU Control Panel for the Powerleap CPU upgrade
Source=Paul Collins Startup list
[PLFFAP]
Number=7896
Confirmed=?
Filename=HotfixQ0306270.exe
Description=Prolific Technology Inc. USB Flash Disk driver - is it required in startup?
Source=Paul Collins Startup list
[Plguni]
Number=7897
Confirmed=N
Filename=Plguni.exe
Description=McAfee QuickClean 3.0 - removes internet clutter and unwanted programs
Source=Paul Collins Startup list
[plmg.exe]
Number=7898
Confirmed=U
Filename=plmg.exe
Description=Paragon Last Minute Bidder - auction assistant software
Source=Paul Collins Startup list
[PLoader]
Number=7899
Confirmed=?
Filename=umsd.exe
Description=USB Mass Storage Disk related tray icon. Is it required?
Source=Paul Collins Startup list
[Plob]
Number=7900
Confirmed=X
Filename=kernel.com
Description=Added by the OPTIXPRO.12 TROJAN!
Source=Paul Collins Startup list
[Plook]
Number=7901
Confirmed=X
Filename=plook.exe
Description=AffiliateTarget.com alias PLook adware
Source=Paul Collins Startup list
[Pluck Tray]
Number=7902
Confirmed=U
Filename=PluckTray.exe
Description=RSS (XML TAGS) reader program
Source=Paul Collins Startup list
[PluckSvr]
Number=7903
Confirmed=?
Filename=PluckUpdater.exe
Description=Pluck Toolbar updater
Source=Paul Collins Startup list
[Plug And Play]
Number=7904
Confirmed=X
Filename=msnmsg.exe
Description=Added by the RBOT-ID WORM!
Source=Paul Collins Startup list
[Pluto! Pager]
Number=7905
Confirmed=X
Filename=srvhandle.exe
Description=Added by the REDPLUT VIRUS!
Source=Paul Collins Startup list
[PLXSTART]
Number=7906
Confirmed=U
Filename=PLXSTART.EXE
Description=Sets the spindown timeout and access speeds at startup and displays the "Plextor Manager 2000" splash screen for Plextor CD-RW.
Source=Paul Collins Startup list
[PLXTASK]
Number=7907
Confirmed=N
Filename=PLXTASK.EXE
Description=Taskbar utility for a "control panel" for a Plextor CD-RW. Has MVP 2000 (audio CD player), DiscDupe 2000 (self explanatory CD copying program) and AudioCapture 2000 (rips audio CDs into MP3 or WAV files)
Source=Paul Collins Startup list
[pm32ctrl]
Number=7908
Confirmed=X
Filename=pwr32crtl.exe
Description=Added by the CRYPTER.A TROJAN!
Source=Paul Collins Startup list
[pm32info]
Number=7909
Confirmed=X
Filename=pm32info.exe
Description=Added by the CRYPTER.A TROJAN!
Source=Paul Collins Startup list
[pmc]
Number=7910
Confirmed=X
Filename=764.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[pmcqt]
Number=7911
Confirmed=X
Filename=pmcqt.exe
Description=Added by the DLUCA-V TROJAN!
Source=Paul Collins Startup list
[Pmedia]
Number=7912
Confirmed=X
Filename=winsrvc.exe
Description=Internet marketing sofware from Permissioned Media Inc as used in E-Card FriendGreetings foistware - see here. Treated by Trend as the FRIENDGRT.B WORM!
Source=Paul Collins Startup list
[PmProxy]
Number=7913
Confirmed=?
Filename=PmProxy.exe
Description=Associated with Analog Devices "SoundMAX" audio chipset - often built-in to motherboards. What does it do and is it required?
Source=Paul Collins Startup list
[pmr]
Number=7914
Confirmed=X
Filename=pmr.exe
Description=PowerStrip foistware. Note - this is not the same as the video tweaking utility of the same name here
Source=Paul Collins Startup list
[PMT]
Number=7915
Confirmed=U
Filename=personalmoneytree.exe
Description=According to the web site Personal Money Tree is an automatic cash rebate program. Note: Not recommended
Source=Paul Collins Startup list
[PMTSHOOT]
Number=7916
Confirmed=N
Filename=pmtshoot.exe
Description=MS tool for troubleshooting power management problems
Source=Paul Collins Startup list
[PMXInit]
Number=7917
Confirmed=U
Filename=pmxinit.exe
Description=Restores user display preferences Kyro2 based graphics cards. Not required unless you change the default settings - such as gamma
Source=Paul Collins Startup list
[PNAgent]
Number=7918
Confirmed=N
Filename=PNAgent.exe
Description=PhatNoise Music Manager - manages WMA, MP3, WAV, etc music files
Source=Paul Collins Startup list
[PNP]
Number=7919
Confirmed=X
Filename=wuaaclt.exe
Description=Added by the LILBRE-A WORM!
Source=Paul Collins Startup list
[PnP Driver]
Number=7920
Confirmed=X
Filename=playboy.exe
Description=Added by the FORBOT-FR WORM!
Source=Paul Collins Startup list
[PNP FIX]
Number=7921
Confirmed=X
Filename=[worm filename]
Description=Added by the RBOT-AKQ WORM!
Source=Paul Collins Startup list
[Pnpchk]
Number=7922
Confirmed=U
Filename=Pnpchk.exe
Description=Aztech Labs Sound 3 PnP driver
Source=Paul Collins Startup list
[pnpsvc_lock]
Number=7923
Confirmed=X
Filename=******.exe [* = random digit]
Description=Browser hijacker
Source=Paul Collins Startup list
[pnpsvc_lock]
Number=7924
Confirmed=X
Filename=startsvs.exe
Description=Browser hijacker
Source=Paul Collins Startup list
[PNSetup]
Number=7925
Confirmed=U
Filename=PNSetup.exe
Description=PopNot - pop-up killer
Source=Paul Collins Startup list
[PNtask Services]
Number=7926
Confirmed=X
Filename=pntask.exe
Description=Added by the LALA.C TROJAN!
Source=Paul Collins Startup list
[pnvifj]
Number=7927
Confirmed=X
Filename=jusodl.exe
Description=Added by the QQPASS.48436 TROJAN!
Source=Paul Collins Startup list
[Pocket Sheet Sync]
Number=7928
Confirmed=U
Filename=PSXLTRAY.EXE
Description=Casio Pocket Sheet synchronization software
Source=Paul Collins Startup list
[Poet]
Number=7929
Confirmed=X
Filename=Poet.exe
Description=Added by the DOEP.A WORM!
Source=Paul Collins Startup list
[Pofatch]
Number=7930
Confirmed=X
Filename=nstrue.exe
Description=Added by the RANDEX.Z WORM!
Source=Paul Collins Startup list
[point32]
Number=7931
Confirmed=U
Filename=point32.exe
Description=Microsoft Intellipoint software for their Intellimouse series of mice - required if you use non-standard Windows driver features
Source=Paul Collins Startup list
[POINTER]
Number=7932
Confirmed=U
Filename=point32.exe
Description=Microsoft Intellipoint software for their Intellimouse series of mice - required if you use non-standard Windows driver features
Source=Paul Collins Startup list
[Points Manager]
Number=7933
Confirmed=X
Filename=points manager.exe
Description=Altnet TopSearch adware
Source=Paul Collins Startup list
[Pollon]
Number=7934
Confirmed=X
Filename=pollone.exe
Description=Added by the SPYBOT.FW WORM!
Source=Paul Collins Startup list
[polo.exe]
Number=7935
Confirmed=X
Filename=polo.exe
Description=Added by the AGENT-PE TROJAN!
Source=Paul Collins Startup list
[POP]
Number=7936
Confirmed=X
Filename=PopSrv***.exe
Description=PeopleonPage foistware, bundled with Grokster where *** are random digits
Source=Paul Collins Startup list
[POP Manager]
Number=7937
Confirmed=X
Filename=popmgr.exe
Description=Added by the BCKDR-PYV TROJAN!
Source=Paul Collins Startup list
[Pop-Up Smasher]
Number=7938
Confirmed=U
Filename=PopupSmasher.exe
Description=Pop-Up Smasher - pop-up killer
Source=Paul Collins Startup list
[Pop-Up Stopper]
Number=7939
Confirmed=U
Filename=dpps2.exe
Description=Pop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group
Source=Paul Collins Startup list
[Pop-Up_Blocker]
Number=7940
Confirmed=U
Filename=Popup.exe
Description=A Tweak-XP component, blocks advertisement pop-up windows in Internet Explorer. Can be enabled/disabled via Tweak-XP -> Internet Tweaks
Source=Paul Collins Startup list
[Pop-Up_Scanner]
Number=7941
Confirmed=U
Filename=Popupscn.exe
Description=Panicware popup blocker
Source=Paul Collins Startup list
[pop06ap]
Number=7942
Confirmed=X
Filename=pop06ap2.exe
Description=MediaMotor adware
Source=Paul Collins Startup list
[pop06apelt]
Number=7943
Confirmed=X
Filename=thiselt.exe
Description=ZenoSearch adware
Source=Paul Collins Startup list
[pop3 Server]
Number=7944
Confirmed=U
Filename=config.cfg
Description=Part of HTML2POP3 - "Convert Webmail to POP3.Is also included a SMTP/POP3 tunneling system that allow send and receive email in a private network HTTP PROXY based. All connection are plugin based. Over 250 email server supported and tested"
Source=Paul Collins Startup list
[pop3trap.exe]
Number=7945
Confirmed=Y
Filename=pop3trap.exe
Description=PC-Cillin 2000 antivirus software -> E-mail scanner
Source=Paul Collins Startup list
[PopeSvr]
Number=7946
Confirmed=X
Filename=PopeSvr.exe
Description=Added by the LEGMIR-AJ TROJAN!
Source=Paul Collins Startup list
[PopMark]
Number=7947
Confirmed=X
Filename=WinTask.exe
Description="Pop Marketing" adware
Source=Paul Collins Startup list
[PopNot]
Number=7948
Confirmed=U
Filename=PopNot.exe
Description=PopNot - pop-up killer
Source=Paul Collins Startup list
[PopOops]
Number=7949
Confirmed=U
Filename=PopOops.exe
Description=PopOops - pop-up killer
Source=Paul Collins Startup list
[Popopen]
Number=7950
Confirmed=U
Filename=popopen.exe
Description=PopOpen makes your windows spring open with animation effects
Source=Paul Collins Startup list
[Poproxy]
Number=7951
Confirmed=Y
Filename=POPROXY.EXE
Description=Proxy E-mail protection from Norton Anti-Virus (prior to 2002). If you have it installed, leave it enabled to automatically check for suspect attachments in E-mails that may contain viruses. It downloads the E-mail into poproxy, which serves as a proxy server on the local machine, before scanning it
Source=Paul Collins Startup list
[popsrv146]
Number=7952
Confirmed=X
Filename=popsrv146.exe
Description=AproposMedia adware
Source=Paul Collins Startup list
[PopSubtract]
Number=7953
Confirmed=U
Filename=PopSub.exe
Description=PopSubtract - pop-up killer
Source=Paul Collins Startup list
[Popup Ad Filter]
Number=7954
Confirmed=U
Filename=PopFilter.exe
Description=Popup Ad Filter - pop-up killer
Source=Paul Collins Startup list
[Popup and Advertisement Killers]
Number=7955
Confirmed=U
Filename=adkillers.exe
Description=Added by the RBOT-DDH WORM!
Source=Paul Collins Startup list
[Popup Blocker System]
Number=7956
Confirmed=X
Filename=PopUpBlocker.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Popup Blocker System326a Monitoring]
Number=7957
Confirmed=X
Filename=PopUpBlocker6a.exe
Description=Added by the RBOT.AUH WORM!
Source=Paul Collins Startup list
[Popup Blocker System8 Monitoring]
Number=7958
Confirmed=X
Filename=PopUpBlocker8.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Popup Blocker Updater]
Number=7959
Confirmed=X
Filename=regsvr32 [path] veev****.dll [* = random char]
Description=SafeguardProtect/Veevo hijacker
Source=Paul Collins Startup list
[PopUp Buster+]
Number=7960
Confirmed=U
Filename=popupbuster.exe
Description=PopUp Buster - free Pop-up blocker
Source=Paul Collins Startup list
[Popup Defence Updater]
Number=7961
Confirmed=X
Filename=regsvr32 [path] pdf****.dll [* = random char]
Description=SafeguardProtect/Veevo hijacker
Source=Paul Collins Startup list
[Popup Defender]
Number=7962
Confirmed=U
Filename=PD.exe
Description=Popup Defender - pop-up killer
Source=Paul Collins Startup list
[Popup Terminator]
Number=7963
Confirmed=U
Filename=GLADManager.exe
Description=Popup Terminator - pop-up killer
Source=Paul Collins Startup list
[PopupEliminator]
Number=7964
Confirmed=U
Filename=Popup Eliminator.exe
Description=Popup Eliminator - pop-up killer
Source=Paul Collins Startup list
[PopUpKiller]
Number=7965
Confirmed=U
Filename=PopUpKiller.exe
Description=PopUpKiller - pop-up killer
Source=Paul Collins Startup list
[popuppers]
Number=7966
Confirmed=X
Filename=newpop63.exe
Description=Medload adware
Source=Paul Collins Startup list
[popuppers64]
Number=7967
Confirmed=X
Filename=a64sddd.exe
Description=Popuppers adware, also detected as the LOWZONE-AA TROJAN!
Source=Paul Collins Startup list
[popuppers65]
Number=7968
Confirmed=X
Filename=[path to file]
Description=Medload adware
Source=Paul Collins Startup list
[PopUpStopperCompanion]
Number=7969
Confirmed=U
Filename=PSComp.exe
Description=PopupStopper Companion popup blocker
Source=Paul Collins Startup list
[PopUpStopperFreeEdition]
Number=7970
Confirmed=U
Filename=PSFREE.EXE
Description=Panicware's Pop-Up Stopper - free limited features version
Source=Paul Collins Startup list
[PopUpStopperProfessional]
Number=7971
Confirmed=U
Filename=PopUpStopperProfessional.exe
Description=Panicware's Pop-Up Stopper - paid for version
Source=Paul Collins Startup list
[PopupVanish]
Number=7972
Confirmed=U
Filename=PopupVanish.exe
Description=Pop-up blocker
Source=Paul Collins Startup list
[PopUpWasher]
Number=7973
Confirmed=U
Filename=PopUpWasher.exe
Description=PopUpWasher pop-up killer
Source=Paul Collins Startup list
[PopUpWatch]
Number=7974
Confirmed=N
Filename=PopUpWatch.exe
Description=BPS spyware remover - not recommended, see here
Source=Paul Collins Startup list
[POS-Partnerbatchprocessor]
Number=7975
Confirmed=?
Filename=BATCH.EXE
Description=VISA credit card batch processing related to Appcon. Is it needed or can it be started manually via Start -> Programs or a manually created shortcut?
Source=Paul Collins Startup list
[Post-It(r) Software]
Number=7976
Confirmed=N
Filename=Psnotes.exe
Description=Pop-up "yellow" notes on screen. Available via Start -> Programs
Source=Paul Collins Startup list
[POW!]
Number=7977
Confirmed=U
Filename=pow.exe
Description=Pop-up killer
Source=Paul Collins Startup list
[Power Scan]
Number=7978
Confirmed=X
Filename=powerscan.exe
Description=Foistware by Integrated Search Technologies - the people behind ISTBar adware
Source=Paul Collins Startup list
[Power2GoExpress]
Number=7979
Confirmed=U
Filename=Power2GoExpress.exe
Description=Power2GoExpress - all media disc burning software
Source=Paul Collins Startup list
[PowerBar]
Number=7980
Confirmed=N
Filename=Powerbar.exe
Description=Part of Cyberlink's PowerDVD software. Not sure what exactly it does, but not required in startup
Source=Paul Collins Startup list
[PowerChute]
Number=7981
Confirmed=Y
Filename=Pwrchute.exe
Description="During a power outage, if you're not available to save your files & close down Windows....PowerChute will do that for you. PowerChute will save your application files, close your applications and shut down your computer just like you would...otherwise, the APC UPS (Uninterruptible Power Supply) unit would go to battery until it wore down, then your computer would shutoff"
Source=Paul Collins Startup list
[PowerChute]
Number=7982
Confirmed=X
Filename=Pwrchute.exe
Description=Added by the LAZAR-A TROJAN! Note - this is located in the Program Files\APC_Power directory
Source=Paul Collins Startup list
[PowerDOCSAPIHost]
Number=7983
Confirmed=U
Filename=papihost.exe
Description=Hummingbird PowerDOCS - "delivers powerful enterprise document management functionality via a tightly integrated Microsoft WinNT/98/2K environment"
Source=Paul Collins Startup list
[PowerDVD]
Number=7984
Confirmed=N
Filename=PowerDVD.exe
Description=Launches Cyberlink's PowerDVD software and creates a system tray icon. If enabled, PowerDVD will open automatically when a DVD movie is inserted. Launch manually
Source=Paul Collins Startup list
[PowerKey]
Number=7985
Confirmed=U
Filename=PowerKey.exe
Description=Part of Acer Launch Manager - programmable keys on such laptops as the TravelMate 610
Source=Paul Collins Startup list
[PowerManagement]
Number=7986
Confirmed=X
Filename=Rundlll.exe
Description=Added by the SURDUX TROJAN!
Source=Paul Collins Startup list
[PowerManager]
Number=7987
Confirmed=X
Filename=Svchost.exe
Description=Added by the JEEFO VIRUS! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list
[PowerPanel]
Number=7988
Confirmed=Y
Filename=POWPANEL.EXE
Description=Power management utility on notebooks/laptops - automatically switches modes when running on battery
Source=Paul Collins Startup list
[PowerPanel Personal Edition User Interaction]
Number=7989
Confirmed=U
Filename=pppeuser.exe
Description=CyberPower PowerPanel Personal Edition UPS Monitoring & Control Software - "is included with CyberPower's products. This exclusive software allows control and monitoring of your UPS to provide protection for your computer system, components, peripherals, and most importantly, your data"
Source=Paul Collins Startup list
[PowerPrifile]
Number=7990
Confirmed=X
Filename=rundl132 kenel.dll, PowerProfileEnable
Description=Added by the INMOTA WORM!
Source=Paul Collins Startup list
[PowerPro]
Number=7991
Confirmed=U
Filename=powerpro.exe
Description=Part of the power professional program that loads the floating menu bar. Can be accessed from Start -> Programs, but I'd leave it alone if you use this program
Source=Paul Collins Startup list
[PowerProf]
Number=7992
Confirmed=X
Filename=PowerProf.exe
Description=Added by the LOREX.B TROJAN!
Source=Paul Collins Startup list
[PowerProfile]
Number=7993
Confirmed=X
Filename=mfcp30.exe
Description=Added by the RINDAS-A TROJAN!
Source=Paul Collins Startup list
[PowerQuest Startup Utility]
Number=7994
Confirmed=N
Filename=PQINIT.EXE
Description=From a visitor - "This seems to be installed when you install Power Quest Partition Magic. I think that it implements the changes when you use the magic mover app. If you don't have any mappings set up, it does nothing (except waste bytes and cycles). I disabled it using msconfig.exe with no problems"
Source=Paul Collins Startup list
[PowerReg Scheduler]
Number=7995
Confirmed=N
Filename=PowerReg Scheduler.exe
Description=PowerREGISTER from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst others
Source=Paul Collins Startup list
[PowerReg SchedulerV2]
Number=7996
Confirmed=N
Filename=PowerReg SchedulerV2.exe
Description=PowerREGISTER from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst others
Source=Paul Collins Startup list
[PowerReg SchedulerV3]
Number=7997
Confirmed=N
Filename=PowerReg SchedulerV3.exe
Description=PowerREGISTER from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst others
Source=Paul Collins Startup list
[POWERR~1]
Number=7998
Confirmed=?
Filename=POWERR~1.exe
Description=Power monitoring?
Source=Paul Collins Startup list
[PowerS]
Number=7999
Confirmed=?
Filename=PowerS.exe
Description=ProlinkTest for either their AGP graphics card or TV/FM capture card. Is it required?
Source=Paul Collins Startup list
[PowerSet]
Number=8000
Confirmed=?
Filename=Regedit.exe /s ...PowerSet_8100_CU.REG
Description=Appears to be Toshiba power management related
Source=Paul Collins Startup list
[PowerStrip]
Number=8001
Confirmed=N
Filename=powerstrip.exe
Description=PowerStrip is a Video Mode Editor to allow special Refresh Rates and Tweaking of Video Settings
Source=Paul Collins Startup list
[PowerStrip]
Number=8002
Confirmed=N
Filename=PSTRIP.EXE
Description=PowerStrip is a Video Mode Editor to allow special Refresh Rates and Tweaking of Video Settings
Source=Paul Collins Startup list
[PowerTools Tray Icon]
Number=8003
Confirmed=U
Filename=pttray.exe
Description=PowerTools - add-on for AOL
Source=Paul Collins Startup list
[Powertweak]
Number=8004
Confirmed=U
Filename=PT2.EXE
Description="Powertweak is designed to configure your system in the best way. A processor, the core of the system, or a chipset (a set of components that manage the data flows between the different parts of the system) can be configured." This item is added to startup if 'Use predefined settings' is enabled in the programs options
Source=Paul Collins Startup list
[Powertweak]
Number=8005
Confirmed=U
Filename=PTCTRL.EXE
Description="Powertweak is designed to configure your system in the best way. A processor, the core of the system, or a chipset (a set of components that manage the data flows between the different parts of the system) can be configured." This item is added to startup if 'Configure system at logon' is enabled in the programs options
Source=Paul Collins Startup list
[Power_Gear]
Number=8006
Confirmed=U
Filename=BatteryLife.exe
Description=Power management for all Asus notebook. Useful but not critical
Source=Paul Collins Startup list
[PP Gamma]
Number=8007
Confirmed=U
Filename=ppgamma.exe
Description=Profile Prism software that allows monitor calibration and can generate ICC profiles for digital cameras
Source=Paul Collins Startup list
[PP****usb]
Number=8008
Confirmed=N
Filename=FBDirect.exe
Description=Software that monitors the status of a Visioneer OneTouch scanner button and allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop!. The **** represents the model, 5300, 7600, etc. Available via Start -> Programs
Source=Paul Collins Startup list
[PP2000 Instaupdate]
Number=8009
Confirmed=U
Filename=PPInupdt.exe
Description=Protector Plus anti-virus software - instant update program for virus data updates. Not required if you regularly update virus data manually
Source=Paul Collins Startup list
[PP2000 Real Time Scan]
Number=8010
Confirmed=Y
Filename=PPVstop.exe
Description=Protector Plus anti-virus software - real time scanner
Source=Paul Collins Startup list
[PP2000 Taskbar Control]
Number=8011
Confirmed=Y
Filename=PPTbc.exe
Description=Protector Plus anti-virus software - system tray access
Source=Paul Collins Startup list
[PP3100b]
Number=8012
Confirmed=N
Filename=flatbed.exe
Description=Twain driver for the Visioneer PaperPort 3100b scanner that allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop
Source=Paul Collins Startup list
[ppass]
Number=8013
Confirmed=U
Filename=Antispy.exe
Description=AntiSpy firewall - "program designed to combat against various types of intrusion and monitoring programs currently in use or presently being developed worldwide"
Source=Paul Collins Startup list
[PPControl]
Number=8014
Confirmed=U
Filename=PPControl.exe
Description=PestPatrol Control Terminal - utility that launched PestPatrol features such as PPMemCheck and CookiePatrol before CA's acquisition
Source=Paul Collins Startup list
[PPCRunonce]
Number=8015
Confirmed=U
Filename=PPCRunOnce.exe
Description=Related to PeoplePC ISP software - may display advertising, see here
Source=Paul Collins Startup list
[PPHIDPAD]
Number=8016
Confirmed=U
Filename=pphidpad.exe
Description=PenPower Chinese handwriting recognition software
Source=Paul Collins Startup list
[PPK Setup(Server)]
Number=8017
Confirmed=U
Filename=SEServe.exe
Description=Programmable Power Key on Sony Vaio laptops. "Using the Programmable Power Key (PPK) button, collect your e-mail automatically with one key stroke. You can also program your PPK to turn on your SuperSlim Notebook at a predetermined time and perform simple tasks - completely unattended"
Source=Paul Collins Startup list
[PPMemCheck]
Number=8018
Confirmed=U
Filename=ppmemcheck.exe
Description=PPMemCheck - used to be part of PestPatrol before CA's acquisition
Source=Paul Collins Startup list
[PPPOEO]
Number=8019
Confirmed=X
Filename=pingppac.exe
Description=Added by the SPYBOT.KHC WORM!
Source=Paul Collins Startup list
[PProTray]
Number=8020
Confirmed=N
Filename=pprotray.exe
Description=Part of the power professional program. Loads the System Tray control
Source=Paul Collins Startup list
[PPScheduler]
Number=8021
Confirmed=?
Filename=PPScheduler.exe
Description=Nuance (was ScanSoft) PaperPort Scheduler - what does it do and is it required?
Source=Paul Collins Startup list
[PPSVC]
Number=8022
Confirmed=U
Filename=[path to file]
Description=PC Police surveillance software that logs keystrokes, files looked at, applications used, and chats on either MSN, Yahoo, ICQ or AOL. This information can then be transmitted to a remote user. Uninstall this software if you did not install it yourself
Source=Paul Collins Startup list
[PPSYS]
Number=8023
Confirmed=U
Filename=ppsys.exe
Description=PC Police commercial keystroke logger. Uninstall this software if you did not install it yourself
Source=Paul Collins Startup list
[pptd40nt]
Number=8024
Confirmed=N
Filename=pptd40nt.exe
Description="PaperPort" software associated with scanners
Source=Paul Collins Startup list
[PPUpdate]
Number=8025
Confirmed=U
Filename=ppupdater.exe
Description=PPUpdater - updater that used to be part of PestPatrol before CA's acquisition
Source=Paul Collins Startup list
[PPWWebCap]
Number=8026
Confirmed=N
Filename=PPWebCap.exe
Description="PaperPort" software associated with scanners
Source=Paul Collins Startup list
[pqhelper]
Number=8027
Confirmed=X
Filename=pqhelper.exe
Description=Searchcentrix hijacker
Source=Paul Collins Startup list
[PractiSearch]
Number=8028
Confirmed=U
Filename=PSearch.exe
Description=PractiSearch web search software
Source=Paul Collins Startup list
[Praize Messenger]
Number=8029
Confirmed=U
Filename=itLoad.exe
Description=Praize IM Christian chat instant messenger
Source=Paul Collins Startup list
[Prayer]
Number=8030
Confirmed=U
Filename=PTW.EXE
Description=Islamic Adhan program (call fpr daily prayers)
Source=Paul Collins Startup list
[prdtect]
Number=8031
Confirmed=X
Filename=prdtect.exe
Description=Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list
[PreAnnotate]
Number=8032
Confirmed=?
Filename=PreAnntt.exe
Description=Genius Wizard Pen Tablet driver related. Is it required?
Source=Paul Collins Startup list
[Precision Time Clock Checker]
Number=8033
Confirmed=N
Filename=PrecisionTime.exe
Description=Precision Time 2.0. Checks your computer clock time against the Naval Observatory or some other source to assure accurate time
Source=Paul Collins Startup list
[PrecisionTime]
Number=8034
Confirmed=X
Filename=PrecisionTime.exe
Description=PrecisionTime - clock synchronizing software containg spyware by Claria/GAIN. Please note that Claria Corporation no longer support GAIN-Supported software - see here
Source=Paul Collins Startup list
[precpop2]
Number=8035
Confirmed=X
Filename=starter.exe
Description=PrecisionPop adware
Source=Paul Collins Startup list
[Prein]
Number=8036
Confirmed=X
Filename=APP****.tmp [* = random char or digit]
Description=Unidentified adware
Source=Paul Collins Startup list
[Preload]
Number=8037
Confirmed=Y
Filename=Preload.exe
Description=Millenium Multi-Function Keyboard driver
Source=Paul Collins Startup list
[PreloadApp]
Number=8038
Confirmed=?
Filename=hphprld.exe
Description=HP PhotoSmart printers related. What does it do and is it required?
Source=Paul Collins Startup list
[Premeter]
Number=8039
Confirmed=X
Filename=nrpr.exe
Description=NetRatings Premeter spyware
Source=Paul Collins Startup list
[Premeter]
Number=8040
Confirmed=X
Filename=prmt.exe
Description=NetRatings Premeter spyware
Source=Paul Collins Startup list
[Preview AdService]
Number=8041
Confirmed=X
Filename=PrevAdServ.exe
Description=Windupdates adware variant
Source=Paul Collins Startup list
[PrevX]
Number=8042
Confirmed=X
Filename=prevx.exe
Description=Added by the IRCBOT-TF WORM! Note - this worm is located in the System (Win9x/Me) or System32 (XP/WinNT/2K) directory and is not the PrevX Home intrusion prevention software
Source=Paul Collins Startup list
[PrevxHome]
Number=8043
Confirmed=Y
Filename=SAGUI.exe
Description=PrevX Home intrusion prevention software
Source=Paul Collins Startup list
[PrevxOne]
Number=8044
Confirmed=Y
Filename=PXConsole.exe
Description=Prevx intrusion prevention software
Source=Paul Collins Startup list
[PrevxPro]
Number=8045
Confirmed=Y
Filename=SAGUI.exe
Description=PrevX Home intrusion prevention software
Source=Paul Collins Startup list
[prgtect]
Number=8046
Confirmed=X
Filename=prgtect.exe
Description=Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list
[Price Patrol]
Number=8047
Confirmed=N
Filename=neo.exe
Description=Price Patrol by Half.com - internet shopping companion for finding the best on-line prices
Source=Paul Collins Startup list
[PrimaLauncher]
Number=8048
Confirmed=?
Filename=Launcher.exe
Description=Associated with PrimaScan scanners. Is it required?
Source=Paul Collins Startup list
[Primax 3D Mouse]
Number=8049
Confirmed=U
Filename=3dmoused.exe
Description=Enables the scroll button on the Primax 3-D Scroll mouse
Source=Paul Collins Startup list
[Primsta]
Number=8050
Confirmed=?
Filename=Primsta.exe
Description=Linksys Wireless CompactFlash Card driver related. Is it required?
Source=Paul Collins Startup list
[Print Driver Helper Service]
Number=8051
Confirmed=X
Filename=crsrr.exe
Description=Added by the AGENT-BC TROJAN!
Source=Paul Collins Startup list
[Print Master Event Reminder]
Number=8052
Confirmed=N
Filename=PMremind.exe
Description=Print Master Gold - calander feature that pops up reminders, such as birthdays
Source=Paul Collins Startup list
[Print Screen Deluxe]
Number=8053
Confirmed=N
Filename=psdeluxe.exe
Description=Utility allows "Print Scrn" or "Print Screen" key to capture, print or save the current window
Source=Paul Collins Startup list
[Print Services]
Number=8054
Confirmed=X
Filename=spolserv32.exe
Description=Added by the RBOT.ZP WORM!
Source=Paul Collins Startup list
[print sharing]
Number=8055
Confirmed=X
Filename=start.bat
Description=Added by the ZCREW TROJAN!
Source=Paul Collins Startup list
[print sharing]
Number=8056
Confirmed=X
Filename=[path] hidden32.exe [path] explorer.exe
Description=Added by the ZCREW.B TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually!
Source=Paul Collins Startup list
[Print Spooler]
Number=8057
Confirmed=X
Filename=Spoolsv.exe
Description=Added by the CIADOOR.B TROJAN! Note - "Spoolsv.exe" is located in the Windows or Winnt directory, and not in System32, like the legitimate Spoolsv.exe system file
Source=Paul Collins Startup list
[Print Spooler]
Number=8058
Confirmed=X
Filename=spoolsvc32.exe
Description=Added by the SDBOT.BB TROJAN!
Source=Paul Collins Startup list
[Print Spooler]
Number=8059
Confirmed=X
Filename=spools.exe
Description=Added by the RBOT-LD WORM!
Source=Paul Collins Startup list
[Print Spooler]
Number=8060
Confirmed=X
Filename=spool.exe
Description=Added by the IS TROJAN!
Source=Paul Collins Startup list
[Print Spooler]
Number=8061
Confirmed=X
Filename=spoolsv32.exe
Description=Added by the RBOT.SW WORM!
Source=Paul Collins Startup list
[Printer]
Number=8062
Confirmed=N
Filename=Spyassault.exe
Description=Spyware remover - not recommended, see here
Source=Paul Collins Startup list
[Printer]
Number=8063
Confirmed=X
Filename=[path to file]
Description=Added by the LOWTAPER TROJAN!
Source=Paul Collins Startup list
[Printer]
Number=8064
Confirmed=X
Filename=dipset.exe
Description=Added by a variant of the FBSR TROJAN!
Source=Paul Collins Startup list
[printer]
Number=8065
Confirmed=U
Filename=SpyAssaultScanner.exe
Description=SpyAssault keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list
[printer]
Number=8066
Confirmed=N
Filename=SpyAssaultScanner.exe
Description=Spyware remover - not recommended, see here
Source=Paul Collins Startup list
[Printer]
Number=8067
Confirmed=X
Filename=vmmon32.exe
Description=Added by the RBOT-CSB WORM!
Source=Paul Collins Startup list
[Printer Monitor]
Number=8068
Confirmed=X
Filename=webprinter.exe
Description=Added by the IRCBOT-Z TROJAN!
Source=Paul Collins Startup list
[Printer Spool]
Number=8069
Confirmed=X
Filename=updater.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Printer spool Service]
Number=8070
Confirmed=X
Filename=spool.exe
Description=Added by the RBOT-ACP WORM!
Source=Paul Collins Startup list
[printer spooler]
Number=8071
Confirmed=X
Filename=commonaccess.exe
Description=Added by the DELF-LB TROJAN!
Source=Paul Collins Startup list
[Printer Spooler Subsystem]
Number=8072
Confirmed=X
Filename=spoolss.exe
Description=Added by a variant of the RBOT WORM! - Note - this is NOT the legitimate Windows spoolss.exe process, located in the Winnt/System32 or Windows\System32 folder, and which should NOT figure in Msconfig/Startup!
Source=Paul Collins Startup list
[Printer Update]
Number=8073
Confirmed=?
Filename=CFGREG.EXE
Description=Maybe a registration reminder or automatically updates drivers or application software for a printer?
Source=Paul Collins Startup list
[PrinterSpool]
Number=8074
Confirmed=X
Filename=[path] RESTORE.EXE [path] SPOOL.EXE
Description=Added by the ALADINZ.K TROJAN!
Source=Paul Collins Startup list
[Printing Driver]
Number=8075
Confirmed=X
Filename=msprint.exe
Description=Added by the RBOT.JH WORM!
Source=Paul Collins Startup list
[Printkey2000]
Number=8076
Confirmed=N
Filename=printkey2000.exe
Description=Screen grabber that intercepts the pressing of the Print Screen (Prn Scrn) key. Start manually when required
Source=Paul Collins Startup list
[PrintMngr]
Number=8077
Confirmed=X
Filename=system.exe
Description=Added by an unidentified TROJAN!
Source=Paul Collins Startup list
[printnow]
Number=8078
Confirmed=N
Filename=printnow.exe
Description=PrintNow - a utility that primarily allows "Print Srceen" or "Alt+Print Screen" screenshots to be sent directly to a printer
Source=Paul Collins Startup list
[PrinTray]
Number=8079
Confirmed=N
Filename=Printray.exe
Description=Lexmark/Compaq printer icon in the System Tray for quick access. Not required - uncheck via Printer configuration rather than MSCONFIG. See also LexmarkPrintray and CompaqPrinTray
Source=Paul Collins Startup list
[PrintScreen]
Number=8080
Confirmed=N
Filename=UNWISE.EXE
Description=Gadwin PrintScreen - utility to capture, print or save the current window
Source=Paul Collins Startup list
[Printscreen 95]
Number=8081
Confirmed=N
Filename=PRT95MIN.EXE
Description=Printscreen 95 - utility to capture, print or save the current window
Source=Paul Collins Startup list
[PrintSpoolSv]
Number=8082
Confirmed=X
Filename=System.exe
Description=Added by the BDOOR-S TROJAN!
Source=Paul Collins Startup list
[PRISMSTA.EXE]
Number=8083
Confirmed=U
Filename=PRISMSTA.EXE
Description=Creates a system tray icon for accessing information about Intersil Prism Wireless Settings. Intersil silicon is used by Trendware/Trendnet for example
Source=Paul Collins Startup list
[PRISMSVR]
Number=8084
Confirmed=U
Filename=PRISMSVR.EXE
Description=Configuration and settings utility for PRISM chipset based wireless modems such as the 2Wire Wireless Gateway (2701HG) and Siemens Gigaset USB Adapter
Source=Paul Collins Startup list
[Privacy Eraser Pro]
Number=8085
Confirmed=N
Filename=PrivacyEraser.exe
Description=Privacy Eraser Pro - protects your Internet privacy by cleaning up all Internet history tracks and past computer activities
Source=Paul Collins Startup list
[PrivacyKeyboard]
Number=8086
Confirmed=U
Filename=PrivacyKeyboard.exe
Description=PrivacyKeyboard is a product "that can provide every computer with strong protection against ALL types of keylogging programs and keylogging hardware devices, both known and unknown, currently in use or presently being developed worldwide"
Source=Paul Collins Startup list
[PrivacyScanner]
Number=8087
Confirmed=X
Filename=pscan.exe
Description=Privacy Champion, a stealth installed 'Privacy Scanner'. It purportedly scans your PC for links to adult content websites, and then offers to "clean" them. Produces loads of False Positives as goad to purchase
Source=Paul Collins Startup list
[PrivateNet]
Number=8088
Confirmed=X
Filename=[various filenames]
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[Privoxy]
Number=8089
Confirmed=U
Filename=privoxy.exe
Description=Privoxy - web proxy with advanced filtering capabilities for protecting privacy, filtering web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk
Source=Paul Collins Startup list
[PrizeSurfer]
Number=8090
Confirmed=X
Filename=prizesurfer.exe
Description="PrizeSurfer is the free software that automatically enters you to win cash and prizes just for surfing the web and shopping online!" Stealth installed malware
Source=Paul Collins Startup list
[prjtect]
Number=8091
Confirmed=X
Filename=prjtect.exe
Description=Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list
[prktect]
Number=8092
Confirmed=X
Filename=prktect.exe
Description=Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list
[prltect]
Number=8093
Confirmed=X
Filename=prltect.exe
Description=Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list
[prmt]
Number=8094
Confirmed=X
Filename=prmt.exe
Description=NetRatings Premeter spyware
Source=Paul Collins Startup list
[prmtect]
Number=8095
Confirmed=X
Filename=prmtect.exe
Description=Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list
[PrnSys Executable]
Number=8096
Confirmed=U
Filename=PrnSys.exe
Description=Print screen utility bundled with some HP printer software - not required, but your choice if you like that feature
Source=Paul Collins Startup list
[pro]
Number=8097
Confirmed=X
Filename=[path to file]
Description=Added by the SPYWAD-F TROJAN!
Source=Paul Collins Startup list
[pro]
Number=8098
Confirmed=X
Filename=SpySheriff.exe
Description=Added by the SPYWAD-I TROJAN!
Source=Paul Collins Startup list
[Pro PCL Status Monitor]
Number=8099
Confirmed=U
Filename=PENGSS.EXE
Description=Xerox printer/fax/copier status monitor (PCL = printer control language)
Source=Paul Collins Startup list
[ProAntiVirus]
Number=8100
Confirmed=X
Filename=ProAntiVirus.exe
Description=Added by the RBOT-FTP WORM!
Source=Paul Collins Startup list
[ProArt]
Number=8101
Confirmed=?
Filename=ProArt.exe
Description=??
Source=Paul Collins Startup list
[Proc992]
Number=8102
Confirmed=X
Filename=[path to file]
Description=Added by the IXBOT-C WORM!
Source=Paul Collins Startup list
[Proc993]
Number=8103
Confirmed=X
Filename=wqxfne.exe
Description=Added by the IXBOT-D WORM!
Source=Paul Collins Startup list
[process.exe]
Number=8104
Confirmed=X
Filename=process.exe
Description=Added by the BANCOS.P TROJAN!
Source=Paul Collins Startup list
[ProcessGovernor]
Number=8105
Confirmed=U
Filename=processgovernor.exe
Description=ProcessGuvernor "helps regulate the CPU load on a computer running Microsoft Windows. It keeps single programs from hijacking the computer's performance and effectively causing a freeze for several minutes. ProcessGovernor automatically adjusts process priorities according to a predefined ruleset"
Source=Paul Collins Startup list
[ProcessSupervisorGUI]
Number=8106
Confirmed=U
Filename=ProcessSupervisor.exe
Description=Process Supervisor "is a technology designed to automatically configure and manage processes on one or more computers for the goal of maintaining system stability and responsiveness, restricting executables from running, and logging of program executions"
Source=Paul Collins Startup list
[ProcessTamer]
Number=8107
Confirmed=U
Filename=ProcessTamerTray.exe
Description=Mouser's Software Process Tamer "is a tiny (140k) and super efficient utility for Microsoft Windows XP/2K/NT that runs in your system tray and constantly monitors the cpu usage of other processes"
Source=Paul Collins Startup list
[procmon]
Number=8108
Confirmed=X
Filename=procmon.exe
Description=Added by the BIONET.40A TROJAN!
Source=Paul Collins Startup list
[Prodigy DSL]
Number=8109
Confirmed=?
Filename=EnterNetDUN.Exe
Description=Prodigy EnterNet DUN PPPoE Client - is it required?
Source=Paul Collins Startup list
[ProdikeysAutorun]
Number=8110
Confirmed=N
Filename=Prodload.exe
Description=Creative Prodikeys software. "an interactive music entertainment device which not only functions as a full-featured, ergonomic “QWERTY” keyboard but also comes equipped with 37 touch-sensitive music keys and accessible music controls for endless entertainment at your desktop. Coupled with the Sound Blaster audio card, you can explore a wide array of realistic instrument sounds and have non-stop fun making music right at your desktop"
Source=Paul Collins Startup list
[ProDsl]
Number=8111
Confirmed=N
Filename=ProDsl.exe
Description=Intel Pro/DSL 2100 modem connection manager. Available via Start -> Programs
Source=Paul Collins Startup list
[Profile]
Number=8112
Confirmed=X
Filename=Profile.vbs
Description=Added by the WHITEHO VIRUS or TRAPPY WORM!
Source=Paul Collins Startup list
[Profiler]
Number=8113
Confirmed=N
Filename=Profiler.exe
Description=Enables the "Profiler" to be launched from a System Tray icon for Saitek's game controllers. Available via Start -> Programs
Source=Paul Collins Startup list
[profiler]
Number=8114
Confirmed=X
Filename=liteout.exe
Description=Added by the ZAPCHAS-G WORM!
Source=Paul Collins Startup list
[profiler]
Number=8115
Confirmed=X
Filename=prof.exe
Description=Added by the ZAPCHAS-G WORM!
Source=Paul Collins Startup list
[Prog]
Number=8116
Confirmed=X
Filename=csrss.exe
Description=Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Prog]
Number=8117
Confirmed=X
Filename=lsass.exe
Description=Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
Source=Paul Collins Startup list
[Program File]
Number=8118
Confirmed=X
Filename=Progmon.exe
Description=Added by the PEEPER TROJAN!
Source=Paul Collins Startup list
[Program in Windows]
Number=8119
Confirmed=X
Filename=iexplore.exe
Description=Added by the LOVGATE-W WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup unless you add it manually! This file is located in the System32 folder
Source=Paul Collins Startup list
[Program Neighborhood Agent]
Number=8120
Confirmed=U
Filename=pnagent.exe
Description=Citrix Program Neighborhood Agent
Source=Paul Collins Startup list
[ProgramWindow]
Number=8121
Confirmed=?
Filename=more comp.exe
Description=??
Source=Paul Collins Startup list
[projselector]
Number=8122
Confirmed=N
Filename=projselector.exe
Description=Roxio Project Selector - can be started manually
Source=Paul Collins Startup list
[Promon.exe]
Number=8123
Confirmed=N
Filename=promon.exe
Description=System Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic features
Source=Paul Collins Startup list
[PromulGate]
Number=8124
Confirmed=X
Filename=PgMonitr.exe
Description=Delfin Promulgate adware variant
Source=Paul Collins Startup list
[PRONoMgr.exe]
Number=8125
Confirmed=N
Filename=PRONoMgr.exe
Description=System Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic features
Source=Paul Collins Startup list
[PRONoMgrWired]
Number=8126
Confirmed=U
Filename=PRONoMgr.exe
Description=Intel's Pro 100 Ethernet card manager
Source=Paul Collins Startup list
[Propel Accelerator]
Number=8127
Confirmed=U
Filename=PropelAC.exe
Description=Propel Internet Accelerator
Source=Paul Collins Startup list
[ProPort Startup]
Number=8128
Confirmed=U
Filename=ProPort.exe
Description=Proport is a port monitor/protector. Monitors an infinite amount of ports for trojans and nukes. Some additional features are auto connection-kill, and IP resolving
Source=Paul Collins Startup list
[ProSiteFinder]
Number=8129
Confirmed=X
Filename=prositefinder.exe
Description=180Solutions adware related
Source=Paul Collins Startup list
[Proteçăo de tela]
Number=8130
Confirmed=X
Filename=ssmaze.scr
Description=Added by the BANCBAN-FB TROJAN!
Source=Paul Collins Startup list
[Protect]
Number=8131
Confirmed=U
Filename=SHVRTF.EXE
Description=PC Angel takes a 5-second snapshot of the current system registry each time the PC boots up. In the event of a crash, PC ANGEL will retrieve everything up to the minute before the crash or the last known stable registry
Source=Paul Collins Startup list
[protect]
Number=8132
Confirmed=X
Filename=protect.scr
Description=Added by the DLOADER-TQ TROJAN!
Source=Paul Collins Startup list
[Protected Storage]
Number=8133
Confirmed=X
Filename=RUNDLL32.EXE MSSIGN30.DLL ondll_reg
Description=Added by the LOVGATE-W WORM!
Source=Paul Collins Startup list
[Protection]
Number=8134
Confirmed=X
Filename=[path] runtask.exe [path] protection.exe
Description=Added by a variant of the AGENT.3.AU TROJAN!
Source=Paul Collins Startup list
[Protection]
Number=8135
Confirmed=X
Filename=Protection.exe
Description=Added by the FEBELNECK-A WORM!
Source=Paul Collins Startup list
[Protection]
Number=8136
Confirmed=X
Filename=Firewall.exe
Description=Added by the ELIPTER.A or ELIPTER.B WORMS!
Source=Paul Collins Startup list
[Protection]
Number=8137
Confirmed=X
Filename=IExplore .exe
Description=Added by the ELIPTER.D WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process as there is a space before the ".exe"
Source=Paul Collins Startup list
[Protection]
Number=8138
Confirmed=X
Filename=Norton Internet Security.exe
Description=Added by the ELITPER.E WORM!
Source=Paul Collins Startup list
[ProtocolDiskChk]
Number=8139
Confirmed=X
Filename=ssrms.exe
Description=Added by the ML TROJAN!
Source=Paul Collins Startup list
[ProtocolDiskChk]
Number=8140
Confirmed=X
Filename=svcvlw32.exe
Description=Added by the STINX-Y TROJAN!
Source=Paul Collins Startup list
[ProtocolEventTsk]
Number=8141
Confirmed=X
Filename=csrwjd.exe
Description=Added by STINX-N TROJAN!
Source=Paul Collins Startup list
[Provan Security]
Number=8142
Confirmed=X
Filename=psecure.exe
Description=Added by the RBOT.BRV WORM!
Source=Paul Collins Startup list
[proxim_orinoco_11abg]
Number=8143
Confirmed=Y
Filename=orinoco.exe
Description=Proxim ORiNOCO 11a/b/g PCI Card wireless configuration utility
Source=Paul Collins Startup list
[PROXOMITRON]
Number=8144
Confirmed=N
Filename=PROXOMITRON.EXE
Description=HTML proxy
Source=Paul Collins Startup list
[PROXOMITRON]
Number=8145
Confirmed=N
Filename=PROXOM~1.EXE
Description=HTML proxy
Source=Paul Collins Startup list
[ProxyWay]
Number=8146
Confirmed=U
Filename=proxyway.exe
Description=ProxyWay anonymous proxy surfing software
Source=Paul Collins Startup list
[PRPCMonitor]
Number=8147
Confirmed=U
Filename=PRPCUI.exe
Description=Intel® SpeedStep™ interface. This automatically detects whether a mobile PC is using battery or AC power. When using battery power, SpeedStep scales the processor clock frequency and voltage to reduce the power it needs by 40%
Source=Paul Collins Startup list
[prqtect]
Number=8148
Confirmed=X
Filename=prqtect.exe
Description=Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list
[prrtect]
Number=8149
Confirmed=X
Filename=prrtect.exe
Description=Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list
[prstect]
Number=8150
Confirmed=X
Filename=prstect.exe
Description=Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list
[prtcct]
Number=8151
Confirmed=X
Filename=prtcct.exe
Description=Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list
[prttect]
Number=8152
Confirmed=X
Filename=prttect.exe
Description=Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list
[PrU Async Service]
Number=8153
Confirmed=X
Filename=[path to worm]
Description=Added by the IRCBot-UG WORM!
Source=Paul Collins Startup list
[prutcct]
Number=8154
Confirmed=X
Filename=prutcct.exe
Description=Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list
[prutdct]
Number=8155
Confirmed=X
Filename=prutdct.exe
Description=Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list
[prutgct]
Number=8156
Confirmed=X
Filename=prutgct.exe
Description=Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list
[pruthct]
Number=8157
Confirmed=X
Filename=pruthct.exe
Description=Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list
[prutict]
Number=8158
Confirmed=X
Filename=prutict.exe
Description=Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list
[prutlct]
Number=8159
Confirmed=X
Filename=prutlct.exe
Description=Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list
[prutpct]
Number=8160
Confirmed=X
Filename=prutpct.exe
Description=Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list
[prutsct]
Number=8161
Confirmed=X
Filename=prutsct.exe
Description=Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list
[prvtect]
Number=8162
Confirmed=X
Filename=prvtect.exe
Description=Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list
[prxtect]
Number=8163
Confirmed=X
Filename=prxtect.exe
Description=Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list
[ps1]
Number=8164
Confirmed=X
Filename=ps1.exe
Description=PacerD Media/Pacimedia.com adware
Source=Paul Collins Startup list
[PS2]
Number=8165
Confirmed=U
Filename=ps2.exe
Description=Multimedia Keyboard companion on HP computers. If this is prevented from starting, then some keyboard functionality will be lost.
Source=Paul Collins Startup list
[psaload32]
Number=8166
Confirmed=X
Filename=psaload32.exe
Description=Added by the RBOT-ADL WORM!
Source=Paul Collins Startup list
[PSC main]
Number=8167
Confirmed=X
Filename=sttool32.exe
Description=Added by the OBFUSCATED.EV TROJAN!
Source=Paul Collins Startup list
[PSCastor]
Number=8168
Confirmed=X
Filename=PSCastor.exe
Description=Added by the PSCastor TROJAN!
Source=Paul Collins Startup list
[PSCMain]
Number=8169
Confirmed=X
Filename=pscmain2.exe
Description=Added by the OBFUSCATED.EV TROJAN!
Source=Paul Collins Startup list
[PSD Tools Channel]
Number=8170
Confirmed=X
Filename=ChannelUp.exe
Description=BuddyLinks adware
Source=Paul Collins Startup list
[PSDrvCheck]
Number=8171
Confirmed=Y
Filename=PSDrvCheck.exe
Description=Part of Pinnacle Systems InstantCD/DVD and InstantCopy CD/DVD copying software that verifies drive settings. Once loaded it doesn't use any resources so you can leave it enabled
Source=Paul Collins Startup list
[PService]
Number=8172
Confirmed=X
Filename=svcnow32.exe
Description=Added by the SPYBOT-DJ TROJAN!
Source=Paul Collins Startup list
[PSFree]
Number=8173
Confirmed=U
Filename=PSFree.exe
Description=Pop-Up Stopper Free from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group
Source=Paul Collins Startup list
[PSGuard]
Number=8174
Confirmed=X
Filename=PSGuard.exe
Description=Variant of the SmitFraud alias FAKEALE-C TROJAN!
Source=Paul Collins Startup list
[PSGuard spyware remover]
Number=8175
Confirmed=X
Filename=PSGuard.exe
Description=Variant of the SmitFraud alias FAKEALE-C TROJAN!
Source=Paul Collins Startup list
[pshower]
Number=8176
Confirmed=X
Filename=pshwr.exe
Description=SafeSurfing adware variant
Source=Paul Collins Startup list
[PSIMSVC]
Number=8177
Confirmed=Y
Filename=PSIMSVC.exe
Description=Panda Antivirus
Source=Paul Collins Startup list
[PSIWin2.3 Connection Server]
Number=8178
Confirmed=N
Filename=Psconsv.exe
Description=Allows connectivity between a PC and a Psion device. Access can be gained from the Desktop or Start -> Programs
Source=Paul Collins Startup list
[pskl]
Number=8179
Confirmed=U
Filename=keyspy.exe
Description=KeyboardLogger keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list
[PSLister]
Number=8180
Confirmed=X
Filename=PSLister.exe
Description=Added by PurityScan C adware
Source=Paul Collins Startup list
[PsMFCard]
Number=8181
Confirmed=U
Filename=PsMFCard.exe
Description=Component of the Toshiba Controls. Provides power-saving functions for the PCMCIA slots. Through the Power Save Mode Properties dialogue, the user can select from 3 PCMCIA power options - On, Auto1 and Auto2. Disabling this item has no adverse effects, except disabling the ability to reduce power consumption by powering-down the PCMCIA slots when not in use
Source=Paul Collins Startup list
[PSNotify]
Number=8182
Confirmed=Y
Filename=psnotify.exe
Description=Pharos SignUp Vx - "PC reservation and management application that addresses the PC scheduling needs of public libraries and higher education labs and libraries"
Source=Paul Collins Startup list
[PSof1]
Number=8183
Confirmed=X
Filename=PSof1.exe
Description=PacerD Media/Pacimedia.com adware installer
Source=Paul Collins Startup list
[PSoft1]
Number=8184
Confirmed=X
Filename=psoft1.exe
Description=PacerD Media/Pacimedia.com adware installer
Source=Paul Collins Startup list
[PsPCCard]
Number=8185
Confirmed=Y
Filename=PsPCCard.EXE
Description=Background Power Saving task found on Toshiba laptops and which handles turning Power Saving ON and OFF on any inserted PC Card (PCMCIA card). Only ever disable if you do not use any power saving or hibernation settings (ie: they are all OFF)
Source=Paul Collins Startup list
[PspContr]
Number=8186
Confirmed=U
Filename=pspcontr.exe
Description=Driver/controller for the Philips SpeechMike 6174. As the Philips FreeSpeech application is no longer supported it can be disabled but the Mike can still be used for certain functions using this driver
Source=Paul Collins Startup list
[PSQLLauncher]
Number=8187
Confirmed=Y
Filename=launcher.exe
Description=IBM ThinkVantage Fingerprint Software
Source=Paul Collins Startup list
[PsSound]
Number=8188
Confirmed=U
Filename=PsSound.exe
Description=On a Toshiba laptop. Operates your sound in one of 4 modes, off, on , on only with powerr, same as #3 but longer delay
Source=Paul Collins Startup list
[pst]
Number=8189
Confirmed=U
Filename=memaker2.exe
Description=SpymodePCSpy surveillance software. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list
[PSTORES]
Number=8190
Confirmed=?
Filename=PSTORES.EXE
Description=Part of Windows Services Protected Storage?
Source=Paul Collins Startup list
[ptfb]
Number=8191
Confirmed=N
Filename=ptfb.exe
Description=Push the Freakin' Button - "When a dialog causes irritation, you simply tell PTFB which button should be pressed, and it will handle the dialog in future"
Source=Paul Collins Startup list
[Ptipbmf]
Number=8192
Confirmed=?
Filename=rundll32.exe ptipbmf.dll, SetWriteCacheMode
Description=Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. May be necessary in order to maintain preferences applied to the RAID array connected to the Promise controller
Source=Paul Collins Startup list
[PtiuPbmd]
Number=8193
Confirmed=U
Filename=Rundll32.exe ptipbm.dll, SetWriteBack
Description=Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. Tells the drivers that the connected Drives should use the "Write Back" Caching. You can disable this if you don't want to use "Write Back" Caching or if you have not connected any driver to your Promise Controller
Source=Paul Collins Startup list
[PTRGMYGK]
Number=8194
Confirmed=X
Filename=rundll32.exe ptmg1v.dll, DllRunMain
Description=Added by an unidentified TROJAN, WORM or other malware!
Source=Paul Collins Startup list
[ptrun32]
Number=8195
Confirmed=U
Filename=ptrun32.exe
Description=Parent Tools for AIM
Source=Paul Collins Startup list
[PTRUN32]
Number=8196
Confirmed=U
Filename=ptr32w.exe
Description=ParentTools surveillance software. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list
[Ptsnoop]
Number=8197
Confirmed=N
Filename=Ptsnoop.exe
Description=These descriptions I've come across - all valid as far as I can see :- (1) Program installed with some modems that monitors the COM ports for the modem driver. Not required from what I've read - may need a registry edit to get rid of it (2) Backdoor trojan virus that copies itself as PTSNOOP.EXE -see here for more info(3) Apparently the people who put it out claim it's a driver for a Voice modems (don't know who they are though - Ed) Note: If using AOL and you disable this you may lose your connection or lock up (4) Can also be an older Logitech scanner program. Remove from the Win.ini tab under Load='path'PTSNOOP and the System.ini tab under drivers='path'ptrtkr.drb. Can cause parallel port conflicts big time dragging system resources way down when a conflict exists (5) Allows audio monitoring of modem phone dialling tones and can be useful if you have connection problems (6) Karen Kenworthy's Snooper - "logs the start and stop time of all programs run under Windows"
Source=Paul Collins Startup list
[pttrun]
Number=8198
Confirmed=U
Filename=pttrun.exe
Description=Transmeta Crusoe processor related. Reduces application launch times and makes the computer "more responsive"
Source=Paul Collins Startup list
[PtUDFApp]
Number=8199
Confirmed=N
Filename=PtUDFApp.exe
Description=Sony abCD program, included on the CD Xtreme install CD, used to format CD-RWs for packet writing (similar to DirectCD). Available via Start -> Programs. Note that you must add a /T switch to the command line to get it to load to the taskbar
Source=Paul Collins Startup list
[PUAC v2.0.7]
Number=8200
Confirmed=U
Filename=Puac.exe
Description="Peter's Ultimate Alarm Clock"
Source=Paul Collins Startup list
[Public Microsoft ODBC]
Number=8201
Confirmed=X
Filename=ODBC32*.exe [* = random char]
Description=Added by the MASLAN.D WORM!
Source=Paul Collins Startup list
[pumcfgp]
Number=8202
Confirmed=U
Filename=proxycfg.exe
Description="GuardWare iShield blocks pornographic images when you surf the Internet on your computer using a web browser"
Source=Paul Collins Startup list
[Pure Networks Port Magic]
Number=8203
Confirmed=N
Filename=PortAOL.exe
Description=Pure Networks Port Magic, as available in the latest version of the AOL® 9.0 Optimized SE software; automatically configures most in-home Internet gateways, improving access and performance for applications such as instant messaging, online gaming, and streaming music and video. See here
Source=Paul Collins Startup list
[Purgative]
Number=8204
Confirmed=U
Filename=PURGATIVE100.EXE
Description=AIM (AOL Instant Messenger) Ad Remover Using Active Memory Edits instead of a patch/crack
Source=Paul Collins Startup list
[Purgatory]
Number=8205
Confirmed=X
Filename=Purga.exe
Description=Added by the PORGORY-B WORM!
Source=Paul Collins Startup list
[Push Client]
Number=8206
Confirmed=N
Filename=pull.exe
Description=Client software from Interwise that MS use for their webcasts
Source=Paul Collins Startup list
[Push The Freakin' Button]
Number=8207
Confirmed=N
Filename=ptfb.exe
Description=Push the Freakin' Button - "When a dialog causes irritation, you simply tell PTFB which button should be pressed, and it will handle the dialog in future"
Source=Paul Collins Startup list
[PUSH6599]
Number=8208
Confirmed=N
Filename=PUSH6599.EXE
Description=Scan button monitor for Relysis Episode MF6599 USB scanner as you can start scanning manually via the scanning software
Source=Paul Collins Startup list
[PutA!!]
Number=8209
Confirmed=X
Filename=PutA!!.exe
Description=Added by the OPASERV.L WORM!
Source=Paul Collins Startup list
[PutAS!]
Number=8210
Confirmed=X
Filename=PutA!!.com
Description=Added by the OPASERV.Z WORM!
Source=Paul Collins Startup list
[putil]
Number=8211
Confirmed=X
Filename=[filename]
Description=Added by the LDPINCH TROJAN!
Source=Paul Collins Startup list
[PV92TRAY]
Number=8212
Confirmed=U
Filename=PV92Tray.exe
Description=PCtel HSP V.92 modem configuration utility
Source=Paul Collins Startup list
[PVModule]
Number=8213
Confirmed=X
Filename=pvmodule.exe
Description=Adperform.com/adoptim.com adware, file located in a Program Files\PrintView folder and detected by AntiVir antivirus as TR/Dldr.Agent.alb. NOTE: the 'real' PrintView installs in a C:\CBR folder instead!
Source=Paul Collins Startup list
[PVR]
Number=8214
Confirmed=N
Filename=PVR.exe
Description=Pocket Voice Recorder - freeware sound recorder that records from microphone and any other input line available with your sound card
Source=Paul Collins Startup list
[PVUnInst1]
Number=8215
Confirmed=U
Filename=PVUnInst1.exe
Description=Privacy View - privacy software that ensures that all your private computer files, photos, documents, and websites remain secure from prying eyes
Source=Paul Collins Startup list
[Pwr32ctr]
Number=8216
Confirmed=X
Filename=Pwr32ctr.exe
Description=Added by the GEMA TROJAN!
Source=Paul Collins Startup list
[Pwr32ctrl]
Number=8217
Confirmed=X
Filename=Pwr32ctrl.exe
Description=Added by the GEMA TROJAN!
Source=Paul Collins Startup list
[Pwr32mgt]
Number=8218
Confirmed=X
Filename=Pwr32mgt.exe
Description=Added by the GEMA TROJAN!
Source=Paul Collins Startup list
[PWRESET]
Number=8219
Confirmed=U
Filename=pwreset.exe
Description=Related to the Avaya IP Softphone
Source=Paul Collins Startup list
[PWRISOVM.EXE]
Number=8220
Confirmed=N
Filename=PWRISOVM.EXE
Description=PowerISO - a powerful CD/DVD image file processing tool
Source=Paul Collins Startup list
[PWRMGRTR]
Number=8221
Confirmed=Y
Filename=PWRMGRTR.DLL
Description=Power Manager - background monitor module for IBM ThinkPad laptops. Leave it alone to ensure proper power management functions
Source=Paul Collins Startup list
[Pwrmonit]
Number=8222
Confirmed=Y
Filename=Rundll32 PwrMonit.dll
Description=IBM's proprietary 'battery maximiser' and power monitoring software for laptops
Source=Paul Collins Startup list
[Pwroff]
Number=8223
Confirmed=X
Filename=Pwroff.exe
Description=Added by the GEMA TROJAN!
Source=Paul Collins Startup list
[Pwrsave]
Number=8224
Confirmed=U
Filename=Pwrsave.exe
Description=Toshiba Power Saver utilities. Required on a laptop if you run of a battery and want to conserve power
Source=Paul Collins Startup list
[Pwruplogin]
Number=8225
Confirmed=?
Filename=pulogin.exe
Description=??
Source=Paul Collins Startup list
[PwrupTweakMe]
Number=8226
Confirmed=U
Filename=PUPXPTWK.EXE
Description=Ashampoo's PowerUp XP is a "tool for fine-tuning your Windows NT4, 2000, 2003 Server and XP configuration". Boot-up options won't work if disabled
Source=Paul Collins Startup list
[PWS Tray]
Number=8227
Confirmed=U
Filename=PwsTray.exe
Description=Microsoft's Personal Web Server, an application which allows PCs to behave as web servers (allows you to test your .asp pages on your own PC without having to load them onto the internet). Available via Start -> Programs
Source=Paul Collins Startup list
[p_981116]
Number=8228
Confirmed=N
Filename=p_981116.exe
Description=Win32 cabinet self extractor. More info here
Source=Paul Collins Startup list
[Q152404]
Number=8229
Confirmed=N
Filename=wsript.exe Q152404.VBS
Description=Appears to run Scandisk at bootup on NEC PCs
Source=Paul Collins Startup list
[q36i36O]
Number=8230
Confirmed=X
Filename=lms2cenu.exe
Description=Added by the SECONDTHOUGHT VIRUS!
Source=Paul Collins Startup list
[QAGENT]
Number=8231
Confirmed=N
Filename=qagent.exe
Description=Quicken program is controlled by a separate utility program called the Quicken Download Manager (also known as Qagent). When Quicken Download Manager option is enabled, background downloading takes advantage of unused bandwidth to download current financial information anytime your computer is connected to the Internet
Source=Paul Collins Startup list
[qappsrvc32.exe]
Number=8232
Confirmed=X
Filename=qappsrvc32.exe
Description=Recognized by Kaspersky antivirus as Trojan-Proxy.Win32.Webber.m
Source=Paul Collins Startup list
[QBCD autorun]
Number=8233
Confirmed=N
Filename=autorun.exe
Description=Quick Books CD
Source=Paul Collins Startup list
[qbkupdbs]
Number=8234
Confirmed=X
Filename=mqbkup.exe
Description=Added by the OPASERV.K WORM!
Source=Paul Collins Startup list
[qbotd]
Number=8235
Confirmed=X
Filename=[random filename]
Description=Added by the BOTTEN TROJAN!
Source=Paul Collins Startup list
[qBrowse]
Number=8236
Confirmed=?
Filename=qbrowse.exe
Description=??
Source=Paul Collins Startup list
[QBRSR]
Number=8237
Confirmed=X
Filename=QuickBrowser.exe
Description=top-banners.com adware
Source=Paul Collins Startup list
[Qchex Tray Icon]
Number=8238
Confirmed=U
Filename=Qchex.exe
Description=Related to G7 Productivity Systems Check Software
Source=Paul Collins Startup list
[QCTRAY]
Number=8239
Confirmed=U
Filename=Qctray.exe
Description=System Tray icon providing access to the "IBM Access Connections" wizard on ThinkPad laptops and also allows to change the network environment. Not the same as QCWLIcon, which is pertinent only to the Wireless LAN
Source=Paul Collins Startup list
[QCWLICON]
Number=8240
Confirmed=U
Filename=Qcwlicon.exe
Description=Used by IBM Thinkpad laptops with built-in wireless card (802.11). System Tray icon that provides a shortcut to "Wireless Connection Status" and allows to turn WL on and off
Source=Paul Collins Startup list
[QD FastAndSafe]
Number=8241
Confirmed=N
Filename=QDCSFS.exe
Description=Automatically runs Fast & Safe clean-up from Norton/Quarterdeck Cleansweep. Deletes safe to remove files such as Temporary Internet Files (cache). Recommended you run it manually
Source=Paul Collins Startup list
[QDM]
Number=8242
Confirmed=U
Filename=QdmStart.exe
Description=QDM (QDI Desktop Manager) - part of QDI ManageEasy for QDI's series of motherboards for monitoring PSU, temperatures, BIOS information, etc. Only required if you overclock system components and need to monitor temperatures, etc
Source=Paul Collins Startup list
[QDMStart]
Number=8243
Confirmed=U
Filename=QdmStart.exe
Description=QDM (QDI Desktop Manager) - part of QDI ManageEasy for QDI's series of motherboards for monitoring PSU, temperatures, BIOS information, etc. Only required if you overclock system components and need to monitor temperatures, etc
Source=Paul Collins Startup list
[Qdsafe]
Number=8244
Confirmed=?
Filename=??
Description=??
Source=Paul Collins Startup list
[Qexplo]
Number=8245
Confirmed=?
Filename=Qexplo.exe
Description=??
Source=Paul Collins Startup list
[qgqqft]
Number=8246
Confirmed=X
Filename=[path to Trojan]
Description=Added by the RANKY.T TROJAN!
Source=Paul Collins Startup list
[QH Live Update Scheduler]
Number=8247
Confirmed=Y
Filename=UPSCHD.EXE
Description=Quick Heal Anti-Virus
Source=Paul Collins Startup list
[QH Office 2K Check]
Number=8248
Confirmed=Y
Filename=O2KCHECK.EXE
Description=Quick Heal Anti-Virus MS Office documents virus checker
Source=Paul Collins Startup list
[QlbCtrl]
Number=8249
Confirmed=U
Filename=QlbCtrl.exe
Description=HP Quick Launch Buttons control center on their laptops
Source=Paul Collins Startup list
[QMusic]
Number=8250
Confirmed=?
Filename=QMAgent.exe
Description=??
Source=Paul Collins Startup list
[QNPlus]
Number=8251
Confirmed=N
Filename=QNPlus.exe
Description=Quick Notes Plus by Conceptworld - sticky notes tool
Source=Paul Collins Startup list
[Qoeloader]
Number=8252
Confirmed=U
Filename=Qoeloader.exe
Description=Qurb 2.0 anti-spam tool for Outlook/Outlook Express. Required when supporting OE but not for Outlook. Shortcut available via Start -> Programs
Source=Paul Collins Startup list
[QPService]
Number=8253
Confirmed=U
Filename=QPService.exe
Description=HP QuickPlay - "brings your favorite music and movies to life with the touch of a button"
Source=Paul Collins Startup list
[QQ]
Number=8254
Confirmed=X
Filename=sendmess.exe
Description=Added by the SEMES TROJAN!
Source=Paul Collins Startup list
[QQ.exe]
Number=8255
Confirmed=X
Filename=QQ.exe
Description=Added by a variant of the SDBOT WORM! Note - this is not the Tencent QQ Asian instant messanger program and resides in the Windows folder
Source=Paul Collins Startup list
[QQKAV]
Number=8256
Confirmed=X
Filename=scvhsot.exe
Description=Added by the QQROB.ARQ WORM!
Source=Paul Collins Startup list
[QQServer]
Number=8257
Confirmed=X
Filename=QQ.exe
Description=Added by the DOWNLDR-AN TROJAN!
Source=Paul Collins Startup list
[qservices]
Number=8258
Confirmed=X
Filename=qservice.exe
Description=Added by the PROGENT-A TROJAN!
Source=Paul Collins Startup list
[QSort2000]
Number=8259
Confirmed=N
Filename=QSORT.EXE
Description=Utility that sorts your Start menu and Favourites in alphanumerical order. Not required - at any time you can right-click on these lists and choose "Sort by Name"
Source=Paul Collins Startup list
[QT4HPOT]
Number=8260
Confirmed=U
Filename=OneTouch.exe
Description=Hewlett Packard One Touch keyboard driver. Required if you use the additional keys
Source=Paul Collins Startup list
[QTaskStartup]
Number=8261
Confirmed=U
Filename=qtask.exe
Description=Feature of Quicken.com Brokerage to customize and display Desktop Alerts and icon. It is not required for the Quicken Program to run correctly, it is only required for the Desktop Alerts feature
Source=Paul Collins Startup list
[QTime]
Number=8262
Confirmed=X
Filename=nrchk.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[QTSTUB.EXE]
Number=8263
Confirmed=N
Filename=Qtstub.exe
Description=Part of an old version of the Quick Tax application. It enables Quick Tax Calendar Popup to show tax calendar reminders
Source=Paul Collins Startup list
[QTSvc]
Number=8264
Confirmed=X
Filename=msocfg.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[QTSvc]
Number=8265
Confirmed=X
Filename=navchk.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[QTSvc]
Number=8266
Confirmed=X
Filename=shman.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[QTSvc]
Number=8267
Confirmed=X
Filename=ssvr.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[qttask]
Number=8268
Confirmed=N
Filename=Qttask.exe
Description=System Tray access to Apple's "Quick Time" viewer from version 5 onwards
Source=Paul Collins Startup list
[QtVprMtx]
Number=8269
Confirmed=U
Filename=QTVPRMTX.EXE
Description=Multimedia keyboard driver from Dritek System Inc
Source=Paul Collins Startup list
[Quantifier Security]
Number=8270
Confirmed=X
Filename=qsecue.exe
Description=Added by the SPYBOT.UOL WORM!
Source=Paul Collins Startup list
[QUBCity]
Number=8271
Confirmed=?
Filename=qtp.exe
Description=??
Source=Paul Collins Startup list
[Queensla]
Number=8272
Confirmed=?
Filename=Queensla.exe
Description=??
Source=Paul Collins Startup list
[Quick Controls]
Number=8273
Confirmed=U
Filename=Astrotoolbar.exe
Description=Gateway Astro Screen and Sound Controls tray icon
Source=Paul Collins Startup list
[Quick Heal Firewall Pro]
Number=8274
Confirmed=U
Filename=qhfw.exe
Description=Quick Heal Firewall Pro
Source=Paul Collins Startup list
[Quick Heal Messenger]
Number=8275
Confirmed=U
Filename=QHM32.EXE
Description=Quick Heal Anti-Virus Messenger - keeps you informed about the latest threats, hoaxes etc
Source=Paul Collins Startup list
[Quick Heal On-Line Protection]
Number=8276
Confirmed=Y
Filename=Cateye.exe
Description=Quick Heal - virus scanner
Source=Paul Collins Startup list
[Quick Heal Startup Scan]
Number=8277
Confirmed=Y
Filename=QHSTRT32.EXE
Description=Quick Heal - virus scanner
Source=Paul Collins Startup list
[Quick Shelf xx]
Number=8278
Confirmed=N
Filename=qushelfxx.exe
Description=Places an icon in the system tray for launching MS Bookshelf. Available via Start -> Programs"xx" represents the version number - ie, 98, 99
Source=Paul Collins Startup list
[Quick Startup]
Number=8279
Confirmed=Y
Filename=Fquick32.exe
Description=For a Nisis G6 USB Graphics Tablet. Re-enables itself if disabled therefore best left alone
Source=Paul Collins Startup list
[Quick Time Task]
Number=8280
Confirmed=N
Filename=qttask.exe
Description=System Tray access to Apple's "Quick Time" viewer from version 5 onwards
Source=Paul Collins Startup list
[Quick View Plus]
Number=8281
Confirmed=N
Filename=QVP32.EXE
Description=Quick View Plus from Inso Corporation. Multiple file type viewer. Available via Start -> Programs
Source=Paul Collins Startup list
[QuickBooks Delivery Agent]
Number=8282
Confirmed=N
Filename=QBDAGENT.EXE
Description=As far QAGENT but for QuickBooks. Can also have the version number in the name
Source=Paul Collins Startup list
[Quickbooks Update Agent]
Number=8283
Confirmed=N
Filename=qbupdate.exe
Description=Associated with Intuit's Quickbooks but not required. Possibly to do with the payroll update service but you're prompted to check for updates when appropriate whether this is running or not
Source=Paul Collins Startup list
[QuickCamPro]
Number=8284
Confirmed=U
Filename=QuickCamPro.exe
Description=System Tray for Picture Capture utility that can run unattended. Pictures every 30 seconds for example, auto FTP Upload, etc
Source=Paul Collins Startup list
[quicken]
Number=8285
Confirmed=X
Filename=quicken.exe
Description=CoolWebSearch Therealsearch parasite variant
Source=Paul Collins Startup list
[quicken]
Number=8286
Confirmed=X
Filename=Winrar.exe
Description=CoolWebSearch Therealsearch parasite variant. Note - this is not the file zipping utility also known as WinRAR!
Source=Paul Collins Startup list
[quicken]
Number=8287
Confirmed=X
Filename=Waol.exe
Description=CoolWebSearch Therealsearch parasite variant
Source=Paul Collins Startup list
[Quicken Scheduled Updates]
Number=8288
Confirmed=N
Filename=bagent.exe
Description=Quicken background downloading module
Source=Paul Collins Startup list
[Quicken Startup]
Number=8289
Confirmed=N
Filename=QWDLLS.EXE
Description=Quicken option to load DLLs at startup
Source=Paul Collins Startup list
[QuickenSEMessage]
Number=8290
Confirmed=N
Filename=Qsemsg.exe
Description=Quicken option
Source=Paul Collins Startup list
[QuickFinder Scheduler]
Number=8291
Confirmed=N
Filename=QFSCHD100.exe
Description=Used in Corel 2002 & Corel Suite 7 - finds files faster by indexing your files (similar to Microsoft's Find Fast or Fast Search for its Office products)
Source=Paul Collins Startup list
[QuickFinder Scheduler]
Number=8292
Confirmed=N
Filename=QFSched.exe
Description=Used in Corel 2002 & Corel Suite 7 - finds files faster by indexing your files (similar to Microsoft's Find Fast or Fast Search for its Office products)
Source=Paul Collins Startup list
[QuickLaunchEr]
Number=8293
Confirmed=Y
Filename=QuickLaunchEr.Exe
Description=QuickLaunchEr - allows you to quickly launch programs from an icon in the system tray
Source=Paul Collins Startup list
[Quicklink III]
Number=8294
Confirmed=N
Filename=QL.EXE
Description=HP fax program and only needs to be in the start-up group if you allow your phone to automatically answer your phone in fax mode, that is, to receive faxes after a certain number of rings. Available via Start -> Programs
Source=Paul Collins Startup list
[Quicknote]
Number=8295
Confirmed=N
Filename=quicknote.exe
Description=JC&MB Quicknote Virtual Scrapbook
Source=Paul Collins Startup list
[QuickPassword]
Number=8296
Confirmed=U
Filename=agquickp.exe
Description=Smart card-based authentication and digital signature client software
Source=Paul Collins Startup list
[QuickRes]
Number=8297
Confirmed=N
Filename=QUICKRES.EXE
Description=Utility to quickly change desktop resolution - left over from Win95 Power Toys. In Win98 and above incorporated via Control Panel -> Display. Not required unless you have to change resolutions on a regular basis
Source=Paul Collins Startup list
[quickset]
Number=8298
Confirmed=N
Filename=quickset.exe
Description=Dell taskbar icon allowing you to quickly change settings
Source=Paul Collins Startup list
[Quicktime]
Number=8299
Confirmed=X
Filename=qttasks.exe
Description=Added by the ADCLICK-AK TROJAN!
Source=Paul Collins Startup list
[Quicktime]
Number=8300
Confirmed=X
Filename=shch.exe
Description=Added by a variant of the EB TROJAN!
Source=Paul Collins Startup list
[Quicktime Mediaplayer]
Number=8301
Confirmed=X
Filename=winmplyer32.exe
Description=Added by the RBOT-PM WORM!
Source=Paul Collins Startup list
[Quicktime Mediaplayr]
Number=8302
Confirmed=X
Filename=wnmplyr.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Quicktime Pro 3.0]
Number=8303
Confirmed=X
Filename=winuodps.exe
Description=Added by the GAOBOT.BH WORM!
Source=Paul Collins Startup list
[QuickTime Task]
Number=8304
Confirmed=N
Filename=Qttask.exe
Description=System Tray access to Apple's "Quick Time" viewer from version 5 onwards
Source=Paul Collins Startup list
[QuickTime Task]
Number=8305
Confirmed=X
Filename=qttasks.exe
Description=CoolWebSearch parasite variant
Source=Paul Collins Startup list
[Quicktime Task]
Number=8306
Confirmed=X
Filename=[random filename]
Description=Trafficadvance dialer
Source=Paul Collins Startup list
[QuickTime Update Completion x]
Number=8307
Confirmed=N
Filename=quicktimeupdatehelper.exe
Description=Different numbers caused by number of launches. So if 3 updates are made separately, 3 would appear (in theory)
Source=Paul Collins Startup list
[QuicktimeMngr]
Number=8308
Confirmed=X
Filename=QUICKTIMEMNGR.EXE
Description=Added by the WOOTBOT.AW WORM!
Source=Paul Collins Startup list
[QuickTimeUpdate]
Number=8309
Confirmed=X
Filename=QuickUpdate.exe
Description=Added by the BIFROSE-CW TROJAN!
Source=Paul Collins Startup list
[Quicktlme]
Number=8310
Confirmed=X
Filename=ru.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[QuickTV]
Number=8311
Confirmed=U
Filename=QuickTV.exe
Description=Infra-red remote control driver for the AVerTV Studio TV tuner/personal video recoder from AVerMedia. Required if you use the remote control
Source=Paul Collins Startup list
[Quickzip]
Number=8312
Confirmed=X
Filename=Ls.exe
Description=MsConnect browser hijacker and dialler
Source=Paul Collins Startup list
[QuickZip]
Number=8313
Confirmed=X
Filename=lu.exe
Description=MsConnect browser hijacker and dialler
Source=Paul Collins Startup list
[QuikShield]
Number=8314
Confirmed=N
Filename=qkshield.exe
Description=QuikShield popup blocker - reportedly stealth installed, see here
Source=Paul Collins Startup list
[QuikSync]
Number=8315
Confirmed=N
Filename=QUIKSYNC.EXE
Description=Used by Iomega drives. Available via Start -> Programs
Source=Paul Collins Startup list
[qwe]
Number=8316
Confirmed=X
Filename=qwe.exe
Description=Added by the LINEAGE-F TROJAN!
Source=Paul Collins Startup list
[QWERTY]
Number=8317
Confirmed=?
Filename=qwerty.exe
Description=Possibly adult content related adware
Source=Paul Collins Startup list
[qwertybot.exe]
Number=8318
Confirmed=X
Filename=qwertybot.exe
Description=Added by the AGENT.ALF TROJAN!
Source=Paul Collins Startup list
[QWS3270 Sessions]
Number=8319
Confirmed=U
Filename=sessions.exe
Description=QWS3270 Secure terminal emulation software
Source=Paul Collins Startup list
[R]
Number=8320
Confirmed=X
Filename=[path] rundll32.exe msprt.dll
Description=Chinese originated browser hijacker - redirecting to 4199.com
Source=Paul Collins Startup list
[RA Server]
Number=8321
Confirmed=X
Filename=Slave.exe
Description=Added by the RA TROJAN!
Source=Paul Collins Startup list
[RabbitWannaHome]
Number=8322
Confirmed=X
Filename=rabbit.exe
Description=Added by the MIMAIL.S WORM!
Source=Paul Collins Startup list
[Rabo Session Monitor]
Number=8323
Confirmed=Y
Filename=RaboSessionMon.exe
Description=Related to RaboBank electronic banking software
Source=Paul Collins Startup list
[RaConfig2500]
Number=8324
Confirmed=N
Filename=RaConfig2500.exe
Description=RaLink wireless LAN configuration utility
Source=Paul Collins Startup list
[RadarSync]
Number=8325
Confirmed=N
Filename=RadarSync.exe
Description=Radarsync utility comes from DFI with their latest motherboards, e.g., DFI LanParty Ultra - checks for BIOS and driver updates periodically
Source=Paul Collins Startup list
[RadBoot]
Number=8326
Confirmed=U
Filename=RadBoot.exe
Description=RadLinker - tweaker/linker for ATI Radeon based graphics cards. It allows you easy access to per game settings
Source=Paul Collins Startup list
[Radio365Agent]
Number=8327
Confirmed=U
Filename=Radio365TrayAgent.exe
Description=Radio365 - create playlists and broadcast live straight from your PC!
Source=Paul Collins Startup list
[RadioSvr]
Number=8328
Confirmed=U
Filename=RadioSvr.EXE
Description=Used to configure wire less networks. Windows automatically detects the Wireless network and it configures the network
Source=Paul Collins Startup list
[RAID Event Monitor]
Number=8329
Confirmed=U
Filename=iaanotif.exe
Description=IAA Event Monitor User Notification Tool - part of Intel® Application Accelerator - "a performance software package for desktop PCs using select Intel® chipsets" that "replaces the ATA drivers that come with Windows with drivers optimized for desktop and mobile PCs." If you use the RAID version it's required to notify you if a RAID 1 disk has failed
Source=Paul Collins Startup list
[RaidTool]
Number=8330
Confirmed=U
Filename=raid_tool.exe
Description=VIA V-RAID Tool - hard disk striping/mirroring utility for increased performance and reliability
Source=Paul Collins Startup list
[Rainlendar]
Number=8331
Confirmed=U
Filename=Rainlendar.exe
Description=Rainlendar is a customizable calendar that displays the current month
Source=Paul Collins Startup list
[Rainlendar2]
Number=8332
Confirmed=U
Filename=Rainlendar2.exe
Description=Rainlendar is a customizable calendar that displays the current month
Source=Paul Collins Startup list
[RAM Idle Professional]
Number=8333
Confirmed=U
Filename=RAM_XP.exe
Description=RAM Idle LE - "A smart memory management program that will keep your computer running better, faster, and longer. RAM Idle works by freeing up physical RAM wasted by Windows and other applications. In addition, RAM Idle also includes Cache and startup manager program that will give you more power to optimize your Windows." MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind
Source=Paul Collins Startup list
[RAMASST]
Number=8334
Confirmed=U
Filename=RAMASST.exe
Description=Optionally installed with some DVD drives (LG, Panasonic, etc). Disables Windows XP's CD-burning abilities because they cause some incompatibilities. It does not affect your ability to burn CDs. If you do not have this program running, you may have some compatibility issues with burnt DVDs
Source=Paul Collins Startup list
[RamBooster2]
Number=8335
Confirmed=X
Filename=rb.exe
Description=Added by the AKAK TROJAN!
Source=Paul Collins Startup list
[RAMDef]
Number=8336
Confirmed=U
Filename=ramdef.exe
Description=Ram Def Xtreme - monitors and defragments your system RAM to improve reliability and speed. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind
Source=Paul Collins Startup list
[RAMDrive]
Number=8337
Confirmed=U
Filename=RDTask.exe
Description=Virtual Hard Drive (Ram Drive) from Farstone - takes a portion of your system memory (RAM) and uses it to simulate a hard disk drive
Source=Paul Collins Startup list
[RamIdle]
Number=8338
Confirmed=U
Filename=ramidle.exe
Description=RAM Idle LE - "A smart memory management program that will keep your computer running better, faster, and longer. RAM Idle works by freeing up physical RAM wasted by Windows and other applications. In addition, RAM Idle also includes Cache and startup manager program that will give you more power to optimize your Windows." MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind
Source=Paul Collins Startup list
[RAMpage]
Number=8339
Confirmed=U
Filename=RAMpage.exe
Description=Small Windows utility that displays the amount of available memory in an icon in the System Tray. It can also free memory by double clicking the tray icon, or by setting a threshold that activates the program automatically, or by having it run automatically when an application exits. RAMpage is free, and open source
Source=Paul Collins Startup list
[Randex virus built for IRBMe]
Number=8340
Confirmed=X
Filename=irbme.exe
Description=Added by the RANDEX.RH WORM!
Source=Paul Collins Startup list
[random]
Number=8341
Confirmed=X
Filename=random.exe
Description=Added by the DLOADER-KM TROJAN!
Source=Paul Collins Startup list
[Random Interface Network]
Number=8342
Confirmed=X
Filename=rst.exe
Description=Added by the DELBOT-P WORM!
Source=Paul Collins Startup list
[Random Interface Network Manager]
Number=8343
Confirmed=X
Filename=rinsv.exe
Description=Added by the DELBOT-L WORM!
Source=Paul Collins Startup list
[Random Unique ID]
Number=8344
Confirmed=X
Filename=[worm filename]
Description=Added by the XROVE-A WORM!
Source=Paul Collins Startup list
[RandomWin32]
Number=8345
Confirmed=X
Filename=mgnwin32.exe
Description=Added by the SDBOT-DV WORM!
Source=Paul Collins Startup list
[rant]
Number=8346
Confirmed=Y
Filename=rant.exe
Description=Added by the RBOT-ZB WORM!
Source=Paul Collins Startup list
[RapApp]
Number=8347
Confirmed=Y
Filename=RAPAPP.EXE
Description=Application protection component of BlackICE PC Protection (was Defender) firewall, informing you of any modifications to programs, files or folders and detecting unknown programs trying to launch
Source=Paul Collins Startup list
[Rapdata]
Number=8348
Confirmed=X
Filename=ravsecs.exe
Description=Added by the QQPASS-V TROJAN!
Source=Paul Collins Startup list
[Rapdatae]
Number=8349
Confirmed=X
Filename=rabseuser.exe
Description=Added by the QQPASS-S TROJAN!
Source=Paul Collins Startup list
[Rapdatybs]
Number=8350
Confirmed=X
Filename=ravseteyns.exe
Description=Added by the PWS-ACP TROJAN!
Source=Paul Collins Startup list
[Rapid Restore]
Number=8351
Confirmed=U
Filename=rrpcsb.exe
Description=XPoint "Rapid Restore PC" - a "Managed Recovery™ solution that enables IT Administrators to protect the corporate image, while offloading personal data backup and recovery chores to the end user"
Source=Paul Collins Startup list
[RapidBlaster]
Number=8352
Confirmed=X
Filename=rb32.exe
Description=RapidBlaster parasite. Recommended you use RapidBlaster Killer to uninstall - see here
Source=Paul Collins Startup list
[Raptelnet]
Number=8353
Confirmed=X
Filename=ravspeger.exe
Description=Added by the QQPASS-AA TROJAN!
Source=Paul Collins Startup list
[Raptelt]
Number=8354
Confirmed=X
Filename=ravspegtl.exe
Description=Added by the QQPASS-AB TROJAN!
Source=Paul Collins Startup list
[Raptor Mobile]
Number=8355
Confirmed=Y
Filename=vpnservices.exe
Description=Symantec VPN Client used to connect to corporate networks. If unchecked, must be uninstalled using Add/Remove Programs as it tightly integrates into networking
Source=Paul Collins Startup list
[RasCon Remote Access Service Manager]
Number=8356
Confirmed=X
Filename=rasmngr.exe
Description=Added by the SPYBOT.EM WORM!
Source=Paul Collins Startup list
[rasctrs]
Number=8357
Confirmed=X
Filename=rasctrs.exe
Description=Hijacker, also detected as the ADWAHECK TROJAN!
Source=Paul Collins Startup list
[Rase]
Number=8358
Confirmed=X
Filename=boln.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[rasman]
Number=8359
Confirmed=X
Filename=rasman32.exe
Description=Added by the BCKDR-QGN TROJAN!
Source=Paul Collins Startup list
[RasMan.exe]
Number=8360
Confirmed=X
Filename=RasMan.exe
Description=Added by the FEUTEL-H TROJAN!
Source=Paul Collins Startup list
[rate.exe]
Number=8361
Confirmed=X
Filename=i11r54n4.exe
Description=Added by the BEAGLE.E WORM and variants!
Source=Paul Collins Startup list
[rate.exe]
Number=8362
Confirmed=X
Filename=********.exe [* = random char]
Description=Unidentified adware
Source=Paul Collins Startup list
[RAV8Tray]
Number=8363
Confirmed=Y
Filename=ravtray8.exe
Description=RAV anti-virus related
Source=Paul Collins Startup list
[RavAv]
Number=8364
Confirmed=X
Filename=RavMon.exe
Description=Added by the BDOOR-DIJ TROJAN! Note - this file is located in the %WinDir% directory, and must NOT be confused with the legitimate RAV antivirus file of the same name!
Source=Paul Collins Startup list
[RavAv]
Number=8365
Confirmed=X
Filename=RavMonE.exe
Description=Added by the RJUMPF-F WORM!
Source=Paul Collins Startup list
[RavAv]
Number=8366
Confirmed=X
Filename=AdobeR.exe
Description=Added by the RJUMP.D WORM!
Source=Paul Collins Startup list
[RAVEN_VLZS.EXE]
Number=8367
Confirmed=X
Filename=RAVEN_VLZS.EXE
Description=DownloadReceiver parasite - no longer in existence
Source=Paul Collins Startup list
[RavMon]
Number=8368
Confirmed=Y
Filename=RavMon.exe
Description=RAV AntiVirus
Source=Paul Collins Startup list
[ravshell]
Number=8369
Confirmed=X
Filename=expl0rer.exe
Description=Added by the DLOADER.MAR TROJAN!
Source=Paul Collins Startup list
[Ravshell]
Number=8370
Confirmed=X
Filename=explore3.exe
Description=Added by the PAKES.HZ TROJAN!
Source=Paul Collins Startup list
[Ravshell]
Number=8371
Confirmed=X
Filename=IEXPLORER.EXE
Description=Added by the AGENT.URZ TROJAN!
Source=Paul Collins Startup list
[Ravshell]
Number=8372
Confirmed=X
Filename=rund1132.exe
Description=Added by the AGENT.OKZ TROJAN!
Source=Paul Collins Startup list
[Ravshell]
Number=8373
Confirmed=X
Filename=svch0st.exe
Description=Added by the NSPM.PU TROJAN!
Source=Paul Collins Startup list
[ravtask]
Number=8374
Confirmed=X
Filename=rund1132.exe
Description=Added by the DLOADER.IYT TROJAN!
Source=Paul Collins Startup list
[ravtask]
Number=8375
Confirmed=X
Filename=svch0st.exe
Description=Added by the LINEAG-AIN TROJAN!
Source=Paul Collins Startup list
[RavTime]
Number=8376
Confirmed=X
Filename=Mstray.exe
Description=Added by the WUKILL.A WORM!
Source=Paul Collins Startup list
[RavTimer]
Number=8377
Confirmed=X
Filename=RavTimer.exe
Description=RAV AntiVirus
Source=Paul Collins Startup list
[RavTimer]
Number=8378
Confirmed=X
Filename=explores.exe
Description=Added by the HOMEY-A TROJAN!
Source=Paul Collins Startup list
[RavTimeXP]
Number=8379
Confirmed=X
Filename=[worm filename]
Description=Added by the WULLIK.B WORM!
Source=Paul Collins Startup list
[RavTimeXP]
Number=8380
Confirmed=X
Filename=Virus
Description=Added by the CAGER.A WORM!
Source=Paul Collins Startup list
[RavTimXP]
Number=8381
Confirmed=X
Filename=[worm filename]
Description=Added by the WULLIK.B WORM!
Source=Paul Collins Startup list
[RavUptets]
Number=8382
Confirmed=X
Filename=agetlke.exe
Description=Added by the QQPASS-AK TROJAN!
Source=Paul Collins Startup list
[RavUptkt]
Number=8383
Confirmed=X
Filename=agetlktz.exe
Description=Added by the QQPASS-AJ TROJAN!
Source=Paul Collins Startup list
[RavUptpe]
Number=8384
Confirmed=X
Filename=ravsesur.exe
Description=Added by the QQPASS-T TROJAN!
Source=Paul Collins Startup list
[rav_temp.exe]
Number=8385
Confirmed=?
Filename=rav_temp.exe
Description=??
Source=Paul Collins Startup list
[RAX SYSTEM]
Number=8386
Confirmed=X
Filename=scrigz.exe
Description=Added by the MYTOB.KR WORM!
Source=Paul Collins Startup list
[Ray Process Killer]
Number=8387
Confirmed=N
Filename=Prkill.exe
Description=Ray Process Killer - clicking right mouse button produces popup menu with current active tasks. You can choose any task and click "Ok" to terminate it. Use CTRL+ALT+DEL instead
Source=Paul Collins Startup list
[razer]
Number=8388
Confirmed=U
Filename=razerhid.exe
Description=Razer mouse driver
Source=Paul Collins Startup list
[rb32 lptt01]
Number=8389
Confirmed=X
Filename=rb32.exe
Description=RapidBlaster variant (in a "RapidBlaster" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
Source=Paul Collins Startup list
[rb32 ml097e]
Number=8390
Confirmed=X
Filename=rb32.exe
Description=RapidBlaster variant (in a "RapidBlaster" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
Source=Paul Collins Startup list
[rbenh ml***e]
Number=8391
Confirmed=X
Filename=rbenh.exe
Description=RapidBlaster variant (in a "RBEnhance" folder in Program Files) where *** represents random digits. Recommended you use RapidBlaster Killer to uninstall - see here
Source=Paul Collins Startup list
[RBOT v2 with NetAPI exploit traded with billgates I gave my mother Greetz - OG - Bluehell Irc Server]
Number=8392
Confirmed=X
Filename=glossary.exe
Description=Added by the VANEBOT-J WORM!
Source=Paul Collins Startup list
[Rcf Driver]
Number=8393
Confirmed=X
Filename=rcf.exe
Description=Added by the RANDEX.BLD WORM!
Source=Paul Collins Startup list
[rCron]
Number=8394
Confirmed=X
Filename=rcron.exe
Description="Switch" adult content dialler
Source=Paul Collins Startup list
[rCron]
Number=8395
Confirmed=X
Filename=dservice.exe
Description=Switch premium rate adult content dialer
Source=Paul Collins Startup list
[RCScheduleCheck]
Number=8396
Confirmed=U
Filename=RCSCHED.EXE
Description=Scheduler for VCOM's Recovery Commander - which "can restore your non-booting system back to normal. It only takes a few minutes to get your system back up and running"
Source=Paul Collins Startup list
[RCSync]
Number=8397
Confirmed=X
Filename=RCSync.exe
Description=PrizeSurfer related. "PrizeSurfer is the free software that automatically enters you to win cash and prizes just for surfing the web and shopping online!" Stealth installed malware
Source=Paul Collins Startup list
[RCSystem]
Number=8398
Confirmed=U
Filename=DLLML.exe RCSystem
Description=Related to Creative DLL Module Loader for the Sound Blaster X-Fi (and maybe others). This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems
Source=Paul Collins Startup list
[RDClient]
Number=8399
Confirmed=U
Filename=RDCLIENT.EXE
Description=Remote Disconnection Utility from Twiga. Used for connecting and disconnecting dial up connections on a network - only needed if there is a shared internet connection
Source=Paul Collins Startup list
[RDLL]
Number=8400
Confirmed=X
Filename=RunDll16.exe
Description=Added by the SDBOT.F TROJAN!
Source=Paul Collins Startup list
[rdvs]
Number=8401
Confirmed=X
Filename=[worm filename]
Description=Added by the ULTIMAX WORM!
Source=Paul Collins Startup list
[Reactor3]
Number=8402
Confirmed=X
Filename=[random name]32.exe
Description=Added by the BOFRA.A WORM!
Source=Paul Collins Startup list
[Reactor5]
Number=8403
Confirmed=X
Filename=[random name]32.exe
Description=Added by the BOFRA.D WORM!
Source=Paul Collins Startup list
[Reactor6]
Number=8404
Confirmed=X
Filename=[random name]32.exe
Description=Added by the BOFRA.C WORM!
Source=Paul Collins Startup list
[Reactor7]
Number=8405
Confirmed=X
Filename=[random name]32.exe
Description=Added by the BOFRA.B WORM!
Source=Paul Collins Startup list
[Reactor8]
Number=8406
Confirmed=X
Filename=[random name]32.exe
Description=Added by the BOFRA.E WORM!
Source=Paul Collins Startup list
[Reactor9]
Number=8407
Confirmed=X
Filename=[random name]32.exe
Description=Added by the BOFRA.E WORM!
Source=Paul Collins Startup list
[readdb40]
Number=8408
Confirmed=X
Filename=rundll32.exe [path] readdb40.dll, EnableRunDLL32
Description=LZIO.com adware downloader
Source=Paul Collins Startup list
[REAL]
Number=8409
Confirmed=N
Filename=realjbox.exe
Description=Real Jukebox - MP3 and music files player
Source=Paul Collins Startup list
[Real Internet Player]
Number=8410
Confirmed=X
Filename=Reaiplay.exe
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[Real player updater]
Number=8411
Confirmed=X
Filename=realupd.exe
Description=Added by the PARLAY TROJAN!
Source=Paul Collins Startup list
[real scheduler.hta]
Number=8412
Confirmed=X
Filename=RealAudio.exe
Description=Added by the CEEGAR TROJAN! Note - this is not associated with the popular RealPlayer media player
Source=Paul Collins Startup list
[Real Spy Monitor]
Number=8413
Confirmed=U
Filename=Winrsm.exe
Description=Realspy keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list
[Real Statics Agent]
Number=8414
Confirmed=X
Filename=ccreal.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Real-Tens]
Number=8415
Confirmed=X
Filename=Real-Tens.exe
Description=DownloadWare adware
Source=Paul Collins Startup list
[RealAudio]
Number=8416
Confirmed=X
Filename=RealAudio.exe
Description=Added by the CEEGAR TROJAN! Note - this is not associated with the popular RealPlayer media player
Source=Paul Collins Startup list
[Realaudio Player]
Number=8417
Confirmed=X
Filename=realaudio32.exe
Description=Added by the AGOBOT.AFR WORM!
Source=Paul Collins Startup list
[RealDownload]
Number=8418
Confirmed=N
Filename=RealPlay.exe
Description=Download manager. Available via Start -> Programs
Source=Paul Collins Startup list
[RealDownload Express]
Number=8419
Confirmed=X
Filename=npnzdad.exe
Description=Advertising spyware
Source=Paul Collins Startup list
[Reality Fusion GameCam SE]
Number=8420
Confirmed=N
Filename=RFTRay.exe
Description=Reality Fusion GameCam Video Interaction Technology Software that comes with the Logitech QuickCam PC video camera and other USB cameras. It's only an icon that appears on your System Tray. Available via Start -> Programs
Source=Paul Collins Startup list
[RealJukeboxSystray]
Number=8421
Confirmed=N
Filename=tsystray.exe
Description=System Tray icon for RealJukebox
Source=Paul Collins Startup list
[realone_nt2003]
Number=8422
Confirmed=X
Filename=moniker.exe
Description=Added by the SNONE.A WORM!
Source=Paul Collins Startup list
[RealP1ayer]
Number=8423
Confirmed=X
Filename=[path to file]
Description=Added by the RPLAY.A TROJAN! Note that the name has a number "1" in place of the second lower case "L"
Source=Paul Collins Startup list
[realplay]
Number=8424
Confirmed=N
Filename=realplay.exe
Description=System Tray icon for RealPlayer. If you subsequently start RealPlayer manually it adds itself back to the start-up list. You can stop this from happening by right-clicking on the tray icon and disabling StartCenter via Preferences
Source=Paul Collins Startup list
[realplay lptt01]
Number=8425
Confirmed=X
Filename=realplay.exe
Description=RapidBlaster variant (in a "RealPlay" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not RealPlayer which can have the same executable name
Source=Paul Collins Startup list
[realplay ml097e]
Number=8426
Confirmed=X
Filename=realplay.exe
Description=RapidBlaster variant (in a "RealPlay" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not RealPlayer which can have the same executable name
Source=Paul Collins Startup list
[RealPlayer Ath Check]
Number=8427
Confirmed=X
Filename=rnathchk.exe
Description=Added by the MYTOB.AG WORM!
Source=Paul Collins Startup list
[Realplayer Codec Support]
Number=8428
Confirmed=X
Filename=realsched.exe
Description=Added by the AGOBOT-AAD WORM! Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name
Source=Paul Collins Startup list
[Realplayer One]
Number=8429
Confirmed=X
Filename=realplay.exe
Description=Added by the RBOT-NK WORM!
Source=Paul Collins Startup list
[Realplayer.exe]
Number=8430
Confirmed=X
Filename=Realplayer.exe
Description=Added by the DELF.CNV TROJAN!
Source=Paul Collins Startup list
[RealPlayer2]
Number=8431
Confirmed=N
Filename=MsgCenterExe
Description=RealNetworks RealPlayer related - disabling this application will not affect Real Player in any way
Source=Paul Collins Startup list
[RealPlayerUpdater]
Number=8432
Confirmed=X
Filename=realupd32.exe
Description=Added by the LOHAV-T TROJAN!
Source=Paul Collins Startup list
[Realpopup]
Number=8433
Confirmed=?
Filename=Realpopup.exe
Description=RealPopup - "Replaces old winpopup with a full featured freeware tool which remains stable and simple as its predecessor"
Source=Paul Collins Startup list
[Realsched]
Number=8434
Confirmed=N
Filename=realsched.exe
Description=Application Scheduler installed along with RealOne Player. Runs independently of RealOne Player, to remind AutoUpdate and Message Center to perform their tasks at pre-scheduled intervals. If it can't be disabled try deleting or renaming realsched.exe and then delete the entry in the registry
Source=Paul Collins Startup list
[RealSPEED]
Number=8435
Confirmed=U
Filename=RealSPEED.Exe
Description=RealSPEED - tweaking utility to speed-up your internet connection
Source=Paul Collins Startup list
[Realtime Audio Engine]
Number=8436
Confirmed=U
Filename=mmrtkrnl.exe
Description=Associated with ALCATech BPM Studio
Source=Paul Collins Startup list
[Realtime Monitor]
Number=8437
Confirmed=Y
Filename=realmon.exe
Description=Realtime scanner part of eTrust Antivirus/InoculateIT version 6 virus scanners from Computer Associates
Source=Paul Collins Startup list
[RealTimeUpdate]
Number=8438
Confirmed=?
Filename=RealTimeUpdate.exe
Description=Product description in properties is "InternetExplorerCommunicationAgent Module" ?
Source=Paul Collins Startup list
[realtpsk]
Number=8439
Confirmed=X
Filename=realsched.exe
Description=Chinese originated adware - detected by Panda antivirus as NewWeb. Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name
Source=Paul Collins Startup list
[RealTray]
Number=8440
Confirmed=N
Filename=RealPlay.exe
Description=System Tray icon for RealPlayer. If you subsequently start RealPlayer manually it adds itself back to the start-up list. You can stop this from happening by right-clicking on the tray icon and disabling StartCenter via Preferences
Source=Paul Collins Startup list
[RealUpdater]
Number=8441
Confirmed=X
Filename=realupd.exe
Description=Added by the PARLAY or MITGLIEDER.I TROJANS!
Source=Paul Collins Startup list
[RebateNation0]
Number=8442
Confirmed=X
Filename=RebateNation0.exe
Description=RebateNation adware
Source=Paul Collins Startup list
[Reboot]
Number=8443
Confirmed=N
Filename=Reboot.exe
Description=MS-DOS/Win3.1 utility use to clean boot a system. Sometimes installed by default from some driver CDs for motherboards
Source=Paul Collins Startup list
[Recguard]
Number=8444
Confirmed=Y
Filename=recguard.exe
Description=On HP computers, Recguard prevents the deletion or corruption of the WinXP Recovery Partition. Without it enabled, it is possible to knock that completely out and force the customer to send the PC back to HP for a re-image, possibly at the customer's expense
Source=Paul Collins Startup list
[Reclip]
Number=8445
Confirmed=N
Filename=reclip.exe
Description=Reclip Popup Clipboard manager
Source=Paul Collins Startup list
[Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B}]
Number=8446
Confirmed=X
Filename=RH.DLL
Description=SmartPops search hijacker
Source=Paul Collins Startup list
[Recover]
Number=8447
Confirmed=N
Filename=N/A
Description=Added during the installation of Comcast High Speed Internet software. During installation the system reboots and if the disk is removed a screen appears asking for the disk to be re-inserted to complete installation. Not required once installion is complete
Source=Paul Collins Startup list
[recover.bmp.exe]
Number=8448
Confirmed=X
Filename=Rundll.exe
Description=Added by the ANAFTP-01 TROJAN! Note - this is NOT the Windows system file of the same name as described here
Source=Paul Collins Startup list
[RecoverFromReboo]
Number=8449
Confirmed=N
Filename=RECOVE~1.EXE
Description=Part of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry may be left in the registry
Source=Paul Collins Startup list
[RecoverFromReboo]
Number=8450
Confirmed=N
Filename=RecoverFromReboot.exe
Description=Part of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry may be left in the registry
Source=Paul Collins Startup list
[RecoverFromReboot]
Number=8451
Confirmed=N
Filename=RECOVE~1.EXE
Description=Part of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry may be left in the registry
Source=Paul Collins Startup list
[RecoverFromReboot]
Number=8452
Confirmed=N
Filename=RecoverFromReboot.exe
Description=Part of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry may be left in the registry
Source=Paul Collins Startup list
[Recoveru system]
Number=8453
Confirmed=X
Filename=svchast.exe
Description=Added by a variant of the LINEAGE-AV TROJAN!
Source=Paul Collins Startup list
[Recoveru systems]
Number=8454
Confirmed=X
Filename=svchost.exe
Description=Added by a variant of the SDBOT WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! ! This file is located in the "temp" folder
Source=Paul Collins Startup list
[RecShe]
Number=8455
Confirmed=N
Filename=RecSche.exe
Description=Recording scheduler for WatchTV Capture Card (TV Tuner card)
Source=Paul Collins Startup list
[Recycle Bin Handler]
Number=8456
Confirmed=X
Filename=recycler.exe
Description=Added by the SHUCKBOT-A TROJAN!
Source=Paul Collins Startup list
[Recycle Bin Handler 2005]
Number=8457
Confirmed=X
Filename=system.exe
Description=Added by the HO TROJAN!
Source=Paul Collins Startup list
[RecycleSTR]
Number=8458
Confirmed=X
Filename=msreg32.exe
Description=Added by the RBOT-TC WORM!
Source=Paul Collins Startup list
[Red Flag]
Number=8459
Confirmed=N
Filename=redflag.exe
Description=PMS prediction program with modes for guys and girls - no longer available
Source=Paul Collins Startup list
[Red Swoosh EDN Client]
Number=8460
Confirmed=U
Filename=RSEDNClient.exe
Description=Red Swoosh - mechanism used by web sites to allow you to download files from those sites quicker and more efficiently via P2P. Note from the license agreement they automatically update the software, can download other published content that it feels may interest you without your knowledge and share non-personally identifiable information with others in the network - but you must agree to this when installing the software
Source=Paul Collins Startup list
[redirect]
Number=8461
Confirmed=X
Filename=redirect*.exe
Description=Dotcomtoolbar/Linksummary hijacker installer - where * is a random digit
Source=Paul Collins Startup list
[Redline Taskbar]
Number=8462
Confirmed=N
Filename=taskbar.exe
Description=Taskbar icon for the Redline RegTweak overclocking program as supplied with Sapphire ATI graphics cards
Source=Paul Collins Startup list
[REEGRUN]
Number=8463
Confirmed=X
Filename=[path to file]
Description=Added by the SECDROP.AI TROJAN
Source=Paul Collins Startup list
[Reek 32 Server]
Number=8464
Confirmed=X
Filename=reek32.exe
Description=Added by the RANDEX.AL WORM!
Source=Paul Collins Startup list
[Referee]
Number=8465
Confirmed=U
Filename=referee.exe
Description=MediaComm's monitor for file association changes. Stop rogue programs from screwing your settings either on installation or whenever they run
Source=Paul Collins Startup list
[Refresh]
Number=8466
Confirmed=N
Filename=Refresh.exe
Description=(Iomega) Refresh - loads the Iomega desktop icons at startup
Source=Paul Collins Startup list
[Reg]
Number=8467
Confirmed=X
Filename=Reg.hta
Description=Passon homepage hi-jacker
Source=Paul Collins Startup list
[Reg Check]
Number=8468
Confirmed=?
Filename=lpt.exe
Description=Related to Supanet ISP software - what does it do and is it required?
Source=Paul Collins Startup list
[reg run]
Number=8469
Confirmed=X
Filename=Systen.exe
Description=Added by the BANCOS-BS TROJAN!
Source=Paul Collins Startup list
[Reg Service]
Number=8470
Confirmed=X
Filename=winsy.exe
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[Reg Service]
Number=8471
Confirmed=X
Filename=winslogon.exe
Description=Added by the AGOBOT-SC WORM!
Source=Paul Collins Startup list
[Reg Service]
Number=8472
Confirmed=X
Filename=ipcfg.exe
Description=Added by the AGOBOT-SO WORM!
Source=Paul Collins Startup list
[Reg Service]
Number=8473
Confirmed=X
Filename=REGSRV32.EXE
Description=Added by the RBOT.ZW WORM!
Source=Paul Collins Startup list
[Reg Service]
Number=8474
Confirmed=X
Filename=WinnConfig.exe
Description=Added by the AGOBOT-PF WORM!
Source=Paul Collins Startup list
[Reg Service]
Number=8475
Confirmed=X
Filename=NT32.exe
Description=Added by the AGOBOT.G TROJAN!
Source=Paul Collins Startup list
[Reg Services]
Number=8476
Confirmed=X
Filename=Winboot32.exe
Description=Added by the RBOT.PB WORM!
Source=Paul Collins Startup list
[reg1.reg]
Number=8477
Confirmed=X
Filename=vuamgard.exe
Description=Added by a variant of the IRC.BOT TROJAN!
Source=Paul Collins Startup list
[reg2.0]
Number=8478
Confirmed=U
Filename=SVCH0ST.EXE
Description=eSpyNow surveillance software. Uninstall this software unless you put it there yourself. Note - the filename has the digit 0 rather then the uppercase "o"
Source=Paul Collins Startup list
[Reg32]
Number=8479
Confirmed=X
Filename=Reg32.exe
Description=Hijacker - redirecting to only-virgins.com
Source=Paul Collins Startup list
[reg32]
Number=8480
Confirmed=X
Filename=reg32.exe
Description=Added by the NOUPDATE.B TROJAN!
Source=Paul Collins Startup list
[Reg32]
Number=8481
Confirmed=X
Filename=reg33.exe
Description=CoolWebSearch parasite variant - also detected as the STARTPA-M TROJAN!
Source=Paul Collins Startup list
[Regcheck]
Number=8482
Confirmed=X
Filename=~CAB001.EXE
Description=Added by the CYBRSPY.13A or CYBRSPY.13B TROJANS!
Source=Paul Collins Startup list
[regcheck]
Number=8483
Confirmed=X
Filename=[path to file]
Description=Added by the SERVPAM TROJAN!
Source=Paul Collins Startup list
[RegCleaner]
Number=8484
Confirmed=X
Filename=SYSio32.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! Note - do not confuse this with the popular RegCleaner registry cleaner freeware
Source=Paul Collins Startup list
[RegCompres]
Number=8485
Confirmed=X
Filename=Regcpm32.exe
Description=Added by the POLDO.B TROJAN!
Source=Paul Collins Startup list
[RegCompres]
Number=8486
Confirmed=X
Filename=REGCPM32.EXE
Description=Added by the DASMIN-E TROJAN!
Source=Paul Collins Startup list
[Regcxdinaf]
Number=8487
Confirmed=X
Filename=REGCXDINAF.EXE
Description=Added by the BANCOS-BW TROJAN!
Source=Paul Collins Startup list
[Regcxn]
Number=8488
Confirmed=X
Filename=Regcxn.exe
Description=Added by the COIBOA-D TROJAN!
Source=Paul Collins Startup list
[regdefend]
Number=8489
Confirmed=U
Filename=regdefend.exe
Description="RegDefend is a configurable, kernel based registry protection system, designed to intercept selected changes before they occur, thus also preventing malicious software like viruses, trojans and worms from using the registry to their advantage"
Source=Paul Collins Startup list
[RegDone]
Number=8490
Confirmed=X
Filename=services.exe
Description=Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[RegDone]
Number=8491
Confirmed=X
Filename=winlogon.exe
Description=Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[RegDone Ex]
Number=8492
Confirmed=X
Filename=csrss.exe
Description=Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[RegDoneEx]
Number=8493
Confirmed=X
Filename=lsass.exe
Description=Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
Source=Paul Collins Startup list
[regedit]
Number=8494
Confirmed=X
Filename=regedit.exe
Description=Added by the BRID.A WORM! Note - this is not the valid Windows registry editor which resides in Windows or Winnt and will not figure in Msconfig/Startup! This version resides in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list
[REGEDIT]
Number=8495
Confirmed=X
Filename=Regsrv32.com
Description=Added by the SOUTHGHOST WORM!
Source=Paul Collins Startup list
[regedit]
Number=8496
Confirmed=X
Filename=autoexe.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[regedit]
Number=8497
Confirmed=X
Filename= svchost.exe ccRegVfy
Description=Added by the HOTWORD.B TROJAN! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup!
Source=Paul Collins Startup list
[RegEdit32]
Number=8498
Confirmed=X
Filename=RegEdit32.exe
Description=Added by the VOUMIT-A WORM! Note - this is not the legitimate regedit32.exe application which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "mirc32" folder
Source=Paul Collins Startup list
[Regexit]
Number=8499
Confirmed=X
Filename=runlli32.exe
Description=Added by the QQPASS-U TROJAN!
Source=Paul Collins Startup list
[Regexit]
Number=8500
Confirmed=X
Filename=Updadv.exe
Description=Added by the QQPASS-N TROJAN!
Source=Paul Collins Startup list
[RegFreeze]
Number=8501
Confirmed=U
Filename=regfreeze.exe
Description=RegFreeze anti-spyware software
Source=Paul Collins Startup list
[reggsdg]
Number=8502
Confirmed=X
Filename=spoolserv.exe
Description=Added by the SDBOT-MS WORM!
Source=Paul Collins Startup list
[RegHelp]
Number=8503
Confirmed=U
Filename=svchosts.exe
Description=SpyGraphica spy software - "Stealth monitoring of ALL PC or Network Activity with DVD-like playback. EVERY keystroke can be e-mailed in a detailed activity report every 15 minutes...anywhere in the world."
Source=Paul Collins Startup list
[reginfo32]
Number=8504
Confirmed=?
Filename=reginfo32.exe
Description=??
Source=Paul Collins Startup list
[Register Manager]
Number=8505
Confirmed=X
Filename=RegistryManage.exe
Description=Added by the SDBOT.AYH WORM!
Source=Paul Collins Startup list
[Register MediaRing Talk]
Number=8506
Confirmed=N
Filename=register.exe
Description=If you don't want to register MediaRing and be reminded about it every bootup disable it
Source=Paul Collins Startup list
[Register SeqChk]
Number=8507
Confirmed=?
Filename=regsvr32.exe ..csseqchk.dll
Description=??
Source=Paul Collins Startup list
[RegisterDropHandler]
Number=8508
Confirmed=U
Filename=REGIST~1.EXE
Description=Part of the OCR software TextBridge Pro 9.0 (and possibly earlier versions). Typically used with imaging devices such as scanners and digital cameras for creating text documents from images. This item will probably be displayed twice and will re-instate itself whenever you start the main program so leave it - once started it frees the memory it used. Its purpose and an explanation of how to correct a problem it creates for "Send To" can be found here. Note that you don't have to uninstall TextBridge for this fix to work and the program works fine afterwards. Not used on later versions of the software - hence the 'U' recommendation
Source=Paul Collins Startup list
[Registration Service]
Number=8509
Confirmed=X
Filename=toker.exe
Description=Added by the SDBOT-BB WORM!
Source=Paul Collins Startup list
[Registration-Studio 8]
Number=8510
Confirmed=N
Filename=RegTool.exe
Description=Registration for Pinnacle Studio Version 8 home video software from Pinnacle Systems
Source=Paul Collins Startup list
[Registry]
Number=8511
Confirmed=X
Filename=wscript.exe [path] ShakiraPics.jpg.vbs
Description=Added by the VBSWG.AQ WORM!
Source=Paul Collins Startup list
[Registry]
Number=8512
Confirmed=U
Filename=class0117[random].exe
Description=Blackbox captures emails and chat logs, and monitors Internet activity - remove if you didn't intentionally install it
Source=Paul Collins Startup list
[Registry Checkup]
Number=8513
Confirmed=X
Filename=winreg.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Registry Checkup System326a Monitor]
Number=8514
Confirmed=X
Filename=Winregs326a.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Registry Integrity Checker]
Number=8515
Confirmed=X
Filename=regintmon.exe
Description=Added by a variant of the AGOBOT/GAOBOT WORM!
Source=Paul Collins Startup list
[Registry Integritycheck]
Number=8516
Confirmed=X
Filename=WCPDT.EXE
Description=Added by the AGOBOT-RF WORM!
Source=Paul Collins Startup list
[Registry Loader]
Number=8517
Confirmed=X
Filename=regloadr.exe
Description=Added by the GAOBOT.AO WORM!
Source=Paul Collins Startup list
[Registry Loader]
Number=8518
Confirmed=X
Filename=winhlpp32.exe
Description=Added by the GAOBOT.AO WORM!
Source=Paul Collins Startup list
[Registry oidet]
Number=8519
Confirmed=X
Filename=win32.exe
Description=Added by the RBOT.BMT WORM!
Source=Paul Collins Startup list
[Registry Protector]
Number=8520
Confirmed=X
Filename=regprotect.exe
Description=Added by the ARIVER.A WORM!
Source=Paul Collins Startup list
[Registry Scanner]
Number=8521
Confirmed=X
Filename=regscanr.exe
Description=Added by a variant of the OPTIX TROJAN!
Source=Paul Collins Startup list
[Registry Server]
Number=8522
Confirmed=X
Filename=regsrv32.exe
Description=Added by the RBOT-GM WORM!
Source=Paul Collins Startup list
[Registry Service]
Number=8523
Confirmed=X
Filename=REGSRV32.EXE
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Registry Service]
Number=8524
Confirmed=X
Filename=resvs.exe
Description=Added by the DELBOT-I WORM!
Source=Paul Collins Startup list
[Registry Services]
Number=8525
Confirmed=X
Filename=Registry.exe
Description=Added by the CILE TROJAN!
Source=Paul Collins Startup list
[Registry Startup Check]
Number=8526
Confirmed=X
Filename=checkreg.exe
Description=Added by the REMLOAD-A or DANMEC-B TROJANS!
Source=Paul Collins Startup list
[Registry System16 Checkup Monitor]
Number=8527
Confirmed=X
Filename=SystemReg16.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Registry System166 Checkup Monitor]
Number=8528
Confirmed=X
Filename=SystemReg166.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Registry Value Name]
Number=8529
Confirmed=X
Filename=roses.exe
Description=Added by the RBOT-AFT WORM!
Source=Paul Collins Startup list
[Registry Value Name]
Number=8530
Confirmed=X
Filename=service.exe
Description=Added by the RBOT-AHT WORM!
Source=Paul Collins Startup list
[Registry Value Name]
Number=8531
Confirmed=X
Filename=winapi32.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Registry Value Name Start]
Number=8532
Confirmed=X
Filename=MsPMSPSa.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[RegistryCheck]
Number=8533
Confirmed=X
Filename=rundll32.exe chkreg.dll, CheckRegistry
Description=Ulubione adult content dialer
Source=Paul Collins Startup list
[RegistryChk]
Number=8534
Confirmed=X
Filename=winbackup.exe
Description=Added by the MERTIAN WORM!
Source=Paul Collins Startup list
[RegistryMechanic]
Number=8535
Confirmed=U
Filename=RegMech.exe
Description=Registry Mechanic - "you can safely clean and repair Windows registry problems with a few simple mouse clicks! Problems with the Windows registry are a common cause of Windows crashes and error messages"
Source=Paul Collins Startup list
[RegistryMonitor]
Number=8536
Confirmed=X
Filename=registry.pif
Description=Affilred adware
Source=Paul Collins Startup list
[REGIST~1]
Number=8537
Confirmed=U
Filename=REGIST~1.EXE
Description=Part of the OCR software TextBridge Pro 9.0 (and possibly earlier versions). Typically used with imaging devices such as scanners and digital cameras for creating text documents from images. This item will probably be displayed twice and will re-instate itself whenever you start the main program so leave it - once started it frees the memory it used. Its purpose and an explanation of how to correct a problem it creates for "Send To" can be found here. Note that you don't have to uninstall TextBridge for this fix to work and the program works fine afterwards. Not used on later versions of the software - hence the 'U' recommendation
Source=Paul Collins Startup list
[Regkey for autostart]
Number=8538
Confirmed=X
Filename=winservice.exe
Description=Added by the RBOT-NU WORM!
Source=Paul Collins Startup list
[RegKillTray]
Number=8539
Confirmed=U
Filename=RegKillTray.exe
Description=DVD region killer part of CloneDVD from Elaborate Bytes AG. Copies the main movie, Special Features and/or the original menu onto a DVD Recordable or onto your harddisk
Source=Paul Collins Startup list
[Regmonitor]
Number=8540
Confirmed=X
Filename=regmaping.exe
Description=Added by the BEAGLE.DO WORM!
Source=Paul Collins Startup list
[REGMSYS]
Number=8541
Confirmed=X
Filename=[path to file]
Description=Added by the LOWZONE-AX TROJAN!
Source=Paul Collins Startup list
[RegMutex]
Number=8542
Confirmed=X
Filename=lexplore_.exe
Description=Added by the MSNOPT-A TROJAN!
Source=Paul Collins Startup list
[RegPowerClean]
Number=8543
Confirmed=N
Filename=RegPowerClean.exe
Description=RegistryPowerCleaner is a security risk that may give exaggerated reports of errors in the registry of the compromised computer
Source=Paul Collins Startup list
[RegProt]
Number=8544
Confirmed=Y
Filename=Regprot.exe
Description=RegistryProt from Diamond Computer Systems - protects the system registry against changes
Source=Paul Collins Startup list
[Regptmens]
Number=8545
Confirmed=X
Filename=REGPTMENS.EXE
Description=Added by the BANCOS-ED TROJAN!
Source=Paul Collins Startup list
[Regro]
Number=8546
Confirmed=X
Filename=rundll132.exe
Description=Added by the OKARAG TROJAN!
Source=Paul Collins Startup list
[RegRun]
Number=8547
Confirmed=X
Filename=mActiveX.exe
Description=Adware downloader - also detected as a variant of the LOWZONES.BW or AGENT.RD TROJANS!
Source=Paul Collins Startup list
[REGRUN]
Number=8548
Confirmed=X
Filename=winfix22490.exe
Description=Adware downloader - also detected as a variant of the LOWZONES.BW or AGENT.RD TROJANS!
Source=Paul Collins Startup list
[REGRUN]
Number=8549
Confirmed=X
Filename=[path to trojan]
Description=Added by the LOWZONE-AH TROJAN!
Source=Paul Collins Startup list
[REGRUN]
Number=8550
Confirmed=X
Filename=regeditt.exe
Description=Adware downloader - also detected as a variant of the LOWZONES.BW or AGENT.RD TROJANS!
Source=Paul Collins Startup list
[REGRUN]
Number=8551
Confirmed=X
Filename=sory.exe
Description=Adware downloader - also detected as a variant of the LOWZONES.BW or AGENT.RD TROJANS!
Source=Paul Collins Startup list
[REGRUN]
Number=8552
Confirmed=X
Filename=dialer.exe
Description=Adware downloader - also detected as a variant of the LOWZONES.BW or AGENT.RD TROJANS!
Source=Paul Collins Startup list
[RegRun WinBait]
Number=8553
Confirmed=U
Filename=winbait.exe
Description=Part of RegRun - used to detect unknown viruses. RegRun compares winbait.exe with the original copy called winbait.org and warns if the files are different..
Source=Paul Collins Startup list
[Regrun2]
Number=8554
Confirmed=Y
Filename=WatchDog.exe
Description=Greatis Software's RegRun security suite which amongst other things replaces MSCONFIG. The WatchDog check for registry changes caused by trojan's, viruses, etc
Source=Paul Collins Startup list
[REGRUNM]
Number=8555
Confirmed=X
Filename=autoprotect.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Regrx]
Number=8556
Confirmed=X
Filename=rundll32.exe
Description=Added by the WAYIC-A TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in the Windows folder (98\ME) or the System32 folder(NT\2000\XP). The file is located in C:\Windows
Source=Paul Collins Startup list
[Regscan]
Number=8557
Confirmed=X
Filename=regscanr.exe
Description=Added by the OPTIX-SE TROJAN!
Source=Paul Collins Startup list
[RegScan]
Number=8558
Confirmed=X
Filename=DLLSRV32.EXE
Description=Added by the AGOBOT.AEW WORM!
Source=Paul Collins Startup list
[RegScan]
Number=8559
Confirmed=X
Filename=Regscan.exe
Description=Added by the TALEX TROJAN!
Source=Paul Collins Startup list
[RegServer]
Number=8560
Confirmed=?
Filename=regserve.exe
Description=Related to XGI Technology's Volari graphics cards - what does it do and is it required?
Source=Paul Collins Startup list
[regservices.exe]
Number=8561
Confirmed=X
Filename=regservices.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[RegShave]
Number=8562
Confirmed=N
Filename=regshave.exe
Description=Part of the USB driver for your Fuji digital cameras - used when uninstalling the USB drivers, erasing all entries from the registry. Only required BEFORE attempting to uninstall the Fuji software or the uninstall may not work correctly
Source=Paul Collins Startup list
[regsrv]
Number=8563
Confirmed=X
Filename=regsrv.exe
Description=Added by the OPTIXPRO.11 TROJAN!
Source=Paul Collins Startup list
[regsrv]
Number=8564
Confirmed=X
Filename=scvhost.exe
Description=Added by the AGOBOT.E WORM!
Source=Paul Collins Startup list
[regsrvc]
Number=8565
Confirmed=X
Filename=regsrvc.exe
Description=Added by the STOPED-A TROJAN!
Source=Paul Collins Startup list
[Regsv]
Number=8566
Confirmed=X
Filename=regsv.exe
Description=Search hijacker - redirecting to scheo.com
Source=Paul Collins Startup list
[Regsvc]
Number=8567
Confirmed=X
Filename=regsv.exe
Description=Added by an unidentified TROJAN!
Source=Paul Collins Startup list
[regsvc32]
Number=8568
Confirmed=X
Filename=regsvc32.exe
Description=Homepage hijacker that changes your homepage to an adult content site
Source=Paul Collins Startup list
[regsvr]
Number=8569
Confirmed=X
Filename=regsvr.exe
Description=Added by the WEBMONEY-G TROJAN!
Source=Paul Collins Startup list
[REGSVR32]
Number=8570
Confirmed=U
Filename=regsvr32.exe ctasio.dll
Description=ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality
Source=Paul Collins Startup list
[RegSvr32]
Number=8571
Confirmed=X
Filename=msmsgs.exe
Description=Added by the ZLOB.B TROJAN!
Source=Paul Collins Startup list
[regsync]
Number=8572
Confirmed=X
Filename=regsync.exe
Description=SafeSurfing adware
Source=Paul Collins Startup list
[regtmlp]
Number=8573
Confirmed=?
Filename=N/A
Description=??
Source=Paul Collins Startup list
[RegTweak]
Number=8574
Confirmed=U
Filename=RegTwk.exe
Description=Rage3d Tweak - ATI Radeon tweaker which allows access to registry tweak options, custom display modes, refresh rates and overclocking all through an easy to use interface
Source=Paul Collins Startup list
[RegVer]
Number=8575
Confirmed=X
Filename=REGVER.EXE
Description=Added by the LATINUS.16 TROJAN!
Source=Paul Collins Startup list
[RegVfy32]
Number=8576
Confirmed=X
Filename=Regverif32.exe
Description=Added by the SYGYP.A WORM!
Source=Paul Collins Startup list
[RegWrite]
Number=8577
Confirmed=X
Filename=csrss.exe
Description=Added by the SOKACAPS TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Windows\Media folder
Source=Paul Collins Startup list
[Regx10EXE]
Number=8578
Confirmed=Y
Filename=atix10.exe
Description=ATI Remote Wonder™ - PC wireless remote control driver. Required if you use it
Source=Paul Collins Startup list
[reg_key]
Number=8579
Confirmed=X
Filename=FUKULAMER.exe
Description=Added by the BEAGLE.AH WORM!
Source=Paul Collins Startup list
[reg_key]
Number=8580
Confirmed=X
Filename=loader_name.exe
Description=Added by the BEAGLE.Y or BEAGLE.Z or BEAGLE.AA WORMS!
Source=Paul Collins Startup list
[Reg_WFT]
Number=8581
Confirmed=X
Filename=Regsysw.com
Description=Added by the WILSEF VIRUS!
Source=Paul Collins Startup list
[Reg_WFT]
Number=8582
Confirmed=X
Filename=scanreg32.com
Description=Added by the SENNASPY-F TROJAN!
Source=Paul Collins Startup list
[ReleaseRAM]
Number=8583
Confirmed=U
Filename=RRAM.exe
Description="Release RAM allows your computer to run faster and uses your computer's RAM more efficiently". MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind
Source=Paul Collins Startup list
[reload]
Number=8584
Confirmed=X
Filename=reload.vbs
Description=Added by the LOVELETTER.AS VIRUS!
Source=Paul Collins Startup list
[Reload]
Number=8585
Confirmed=X
Filename=reload.exe
Description=Added by the LAZAR TROJAN!
Source=Paul Collins Startup list
[RemHelp]
Number=8586
Confirmed=N
Filename=Remhelp.exe
Description=BT Voyager ADSL Modem Help related
Source=Paul Collins Startup list
[Reminder]
Number=8587
Confirmed=N
Filename=reminder.exe
Description=From MS Money. Reminds you of your bills
Source=Paul Collins Startup list
[Reminder]
Number=8588
Confirmed=N
Filename=Remind_XP.exe
Description=HP-specific program that reminds users to create System Recovery CDs. Once they use the Recovery CD Creator (Start -> PC Help & Tools -> Recovery CD Creator) to make the recovery CDs the entry will remove itself from the startup list
Source=Paul Collins Startup list
[Reminder-cpqXXXXX]
Number=8589
Confirmed=N
Filename=remind32.exe
Description=Compaq printer Registration
Source=Paul Collins Startup list
[Reminder-hpcXXXXX]
Number=8590
Confirmed=N
Filename=remind32.exe
Description=HP CD-Writer Registration
Source=Paul Collins Startup list
[Reminder-ranXXXXX]
Number=8591
Confirmed=N
Filename=remind32.exe
Description=Registration reminder widget for Rand Mcnally maps
Source=Paul Collins Startup list
[reminder-ScanSoft Product Registration]
Number=8592
Confirmed=N
Filename=remind32.exe
Description=Registration reminder for ScanSoft products such as PaperPort
Source=Paul Collins Startup list
[RemindMe]
Number=8593
Confirmed=U
Filename=RemindMe.exe
Description=Remind-Me - calendar software
Source=Paul Collins Startup list
[Remind_XP]
Number=8594
Confirmed=N
Filename=Remind_XP.exe
Description=HP-specific program that reminds users to create System Recovery CDs. Once they use the Recovery CD Creator (Start -> PC Help & Tools -> Recovery CD Creator) to make the recovery CDs the entry will remove itself from the startup list
Source=Paul Collins Startup list
[Remndr]
Number=8595
Confirmed=X
Filename=CsRemnd.exe
Description=CasinoOnline foistware
Source=Paul Collins Startup list
[Remote]
Number=8596
Confirmed=U
Filename=Remote.exe
Description=Remote Control driver for LifeView internal and external TV products
Source=Paul Collins Startup list
[Remote Access]
Number=8597
Confirmed=U
Filename=rnaapp.exe
Description=Dial-up networking application - not normally found in the startup locations. It runs when you connect to the net via this method (ie, analogue 56K modem) and terminates after the connection is closed
Source=Paul Collins Startup list
[Remote Access Slave]
Number=8598
Confirmed=X
Filename=Synchost.exe
Description=Added by the RIPJAC TROJAN!
Source=Paul Collins Startup list
[Remote Control]
Number=8599
Confirmed=N
Filename=Rc.exe
Description=Hinet Hi-Five ISP software
Source=Paul Collins Startup list
[Remote Controller]
Number=8600
Confirmed=N
Filename=TVRMVCR.EXE
Description=ProLink PlayTVpro TV tuner software
Source=Paul Collins Startup list
[Remote Desktop Computing]
Number=8601
Confirmed=U
Filename=marspc.exe
Description=Marspc Remote Desktop Computing
Source=Paul Collins Startup list
[Remote Desktop Help Session Manager]
Number=8602
Confirmed=X
Filename=WinRDH.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Remote Management Agent]
Number=8603
Confirmed=U
Filename=zenrc32.exe
Description=Part of Novell's ZENworks - "Complete End-to-End Directory-enabled Network Management". Installed on a managed workstation fo an administrator to remotely manage the workstation. Required if the PC is a managed workstation
Source=Paul Collins Startup list
[remote master]
Number=8604
Confirmed=U
Filename=remote master.exe
Description=Required if you want your ASUS Remote control to work at all. Available via Start -> Programs
Source=Paul Collins Startup list
[Remote Procedure Call]
Number=8605
Confirmed=X
Filename=winrpc.exe
Description=Added by the RBOT-KM WORM!
Source=Paul Collins Startup list
[Remote Procedure Call]
Number=8606
Confirmed=X
Filename=winsysrpc.exe
Description=Added by the SDBOT-PS WORM!
Source=Paul Collins Startup list
[Remote Procedure Call For Windows 32bit]
Number=8607
Confirmed=X
Filename=rpc.exe
Description=Added by the RBOT-MD WORM!
Source=Paul Collins Startup list
[Remote Procedure Call Locator]
Number=8608
Confirmed=X
Filename=RUNDLL32.EXE reg678.dll ondll_reg
Description=Added by a variant of the LOVGATE WORM!
Source=Paul Collins Startup list
[Remote Procedure Calls]
Number=8609
Confirmed=X
Filename=mswinrpc.exe
Description=Added by the RBOT.KJ WORM!
Source=Paul Collins Startup list
[Remote Procedure Calls]
Number=8610
Confirmed=X
Filename=mswinc.exe
Description=Added by the RBOT-IT WORM!
Source=Paul Collins Startup list
[Remote Procedure Calls]
Number=8611
Confirmed=X
Filename=win.exe
Description=Added by the SDBOT-QI WORM!
Source=Paul Collins Startup list
[Remote Update Monitor]
Number=8612
Confirmed=Y
Filename=imonitor.exe
Description=Sophos Antivirus Remote Update utility - provides an easy way for remote workers to keep up to date with their virus protection via a website or network connection provided by their employer
Source=Paul Collins Startup list
[RemoteAgent]
Number=8613
Confirmed=Y
Filename=RAUAgent.exe
Description=Trend Micro's Office Scan Client, see here - "Its Web-based management console gives administrators transparent access to desktop and mobile clients to coordinate automatic deployment of security policies and software updates"
Source=Paul Collins Startup list
[RemoteCenter]
Number=8614
Confirmed=U
Filename=RcMan.exe
Description=Remote control for Creative MediaSource - plays back music in DVD-Audio, MP3, WMA, WAV and other media formats
Source=Paul Collins Startup list
[RemoteControl]
Number=8615
Confirmed=U
Filename=rmctrl.exe
Description=Remote Control background application for Cyberlink's PowerDVD version 4 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one
Source=Paul Collins Startup list
[RemoteControl]
Number=8616
Confirmed=U
Filename=PDVDServ.exe
Description=Remote Control background application for Cyberlink's PowerDVD version 5 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one
Source=Paul Collins Startup list
[Remote_Agent]
Number=8617
Confirmed=N
Filename=RemoteAgent.exe
Description=Cyberlink's Power VCR II 3.0 is a TV tuner recording utility. If you want to schedule recordings you'll need this, otherwise can be disabled. Available via Start -> Programs
Source=Paul Collins Startup list
[REMOVE ME]
Number=8618
Confirmed=X
Filename=windos.exe
Description=Added by the SDBOT.EE WORM!
Source=Paul Collins Startup list
[Removecpl]
Number=8619
Confirmed=N
Filename=Removecpl.exe
Description=Related to a Belkin 54Mbps Wireless Utility Control Panel applet
Source=Paul Collins Startup list
[Removed.exe]
Number=8620
Confirmed=X
Filename=Removed.exe
Description=GatorCheat - adware downloader
Source=Paul Collins Startup list
[RemStart]
Number=8621
Confirmed=?
Filename=remstart.exe
Description=Part of McAfee's Remote Desktop 32 Agent application. What does it do and is it required?
Source=Paul Collins Startup list
[RenolB]
Number=8622
Confirmed=?
Filename=ib.exe
Description=??
Source=Paul Collins Startup list
[Replay Center]
Number=8623
Confirmed=U
Filename=ReplayRadio.exe
Description=Replay Radio - "makes it easy to automatically record your favorite radio shows, so you can listen wherever and whenever you like"
Source=Paul Collins Startup list
[Replicator]
Number=8624
Confirmed=U
Filename=PTReplicator.exe
Description=Replicator from Karen's powertools. "Automatically backup files, directories, even entire drives!"
Source=Paul Collins Startup list
[RepliGo Assistant]
Number=8625
Confirmed=U
Filename=RepliGoMon.exe
Description=Cerience RepliGo software - "any document you have on your PC can be transferred to your mobile device"
Source=Paul Collins Startup list
[ReproPRD]
Number=8626
Confirmed=U
Filename=PrdUsb.exe
Description=Thrustmaster Corporation Presets application - a game controller driver, presumably necessary for certain functions to work
Source=Paul Collins Startup list
[requester]
Number=8627
Confirmed=X
Filename=requester.*.exe
Description=Added by a variant of the MUQUEST.A trojan - NOTE: the * stands for a digit, examples: requester.5.exe, requester.10.exe
Source=Paul Collins Startup list
[Requester]
Number=8628
Confirmed=X
Filename=requester.11.exe
Description=Added by the MUQUEST TROJAN!
Source=Paul Collins Startup list
[Required Service Drivers]
Number=8629
Confirmed=X
Filename=micront.exe
Description=Added by the RBOT-ABD WORM!
Source=Paul Collins Startup list
[resagnt]
Number=8630
Confirmed=X
Filename=restun.exe
Description=Adware downloader, identified by Panda antivirus as Trojan.Downloader.ALQ
Source=Paul Collins Startup list
[reseurce]
Number=8631
Confirmed=X
Filename=[path to trojan]
Description=Added by the LINEAGE-AI TROJAN!
Source=Paul Collins Startup list
[reseurce]
Number=8632
Confirmed=X
Filename=svchost.exe
Description=Added by the LINEAGE-FV TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[Resolution Assistant]
Number=8633
Confirmed=N
Filename=matcli.exe
Description=Dell Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Resolution Assistant is required to run with the Help and Support program. If you uncheck Resolution Assistant and and then run Help and Support it will add another Resolution Assistant in the startup menu. If you remove the Resolution Assistant in the add/remove program some help menus in help and support will not be available. You decide
Source=Paul Collins Startup list
[Resource Meter]
Number=8634
Confirmed=N
Filename=rsrcmtr.exe
Description=Windows Resource Meter. Available via Start -> Programs. You may want this enabled if your PC is suffering from crashes and want to know potential causes
Source=Paul Collins Startup list
[Restart Watch]
Number=8635
Confirmed=?
Filename=Watch.exe
Description=Associated with an Eicon Networks Diva ISDN or ADSL modem. What does it do and is it required?
Source=Paul Collins Startup list
[Restart WSC Setting]
Number=8636
Confirmed=U
Filename=wscrestp.exe
Description=WinStart Commander - part of Ultra WinCleaner Utility Suite. Starts Windows faster and controls hidden programs to boost performance and prevent system slow downs and crashes
Source=Paul Collins Startup list
[Restart_VS]
Number=8637
Confirmed=?
Filename=Viewsonic.exe
Description=Could be a left-over from the installation of a Viewsonic flat panel display
Source=Paul Collins Startup list
[RestoreDesktop]
Number=8638
Confirmed=U
Filename=RestoreDesktop.exe
Description=Softwarium Restore Desktop "is a Windows Context Menu addition that automatically saves and restores the icons' positions on the Windows desktop after a resolution change"
Source=Paul Collins Startup list
[RestoreIT!]
Number=8639
Confirmed=Y
Filename=VBPTASK.EXE
Description=RestoreIT! from FarStone "allows you to recover instantly your files, system configuration, and even your operating system, to any point in time prior to the data loss or system failure"
Source=Paul Collins Startup list
[restory]
Number=8640
Confirmed=X
Filename=restory.exe
Description=Added by the RETSAM TROJAN!
Source=Paul Collins Startup list
[Resume Copy]
Number=8641
Confirmed=U
Filename=copyfstq.exe
Description=Part of Total Copy - an improved version of the Windows copy function. Allows for resumption file copies or moves in progress when computer was shut down. Not required if your not using the program or don't care about that function
Source=Paul Collins Startup list
[ResumeFixClocks]
Number=8642
Confirmed=U
Filename=resumefix.exe
Description=Part of the RadeonTweaker utility for overclocking ATI Radeon graphics cards
Source=Paul Collins Startup list
[retime]
Number=8643
Confirmed=X
Filename=retime.exe
Description=Added by the GIPMA TROJAN!
Source=Paul Collins Startup list
[RetrieverScheduler]
Number=8644
Confirmed=U
Filename=retrieverscheduler.exe
Description=80-20 Retriever from 80-20 - "80-20 Retriever is a powerful personal search tool that encompasses email folders, archived email, and local or network file systems, giving users one point of fast, accurate search for all personal information". Real-time scheduler - shortcut available
Source=Paul Collins Startup list
[RetroExpress]
Number=8645
Confirmed=U
Filename=RetroExpress.exe
Description=EMC (was Dantz) Retrospect Express - backup software for external hardware storage devices
Source=Paul Collins Startup list
[RevoTaskbarApp]
Number=8646
Confirmed=U
Filename=RevoTask.exe
Description=Control Application for M-Audio Revolution 7.1 sound card. The sound card will function without it - but changes to speaker setup and sound modification (Bass/Treble etc) will not be available
Source=Paul Collins Startup list
[RexSyMon]
Number=8647
Confirmed=N
Filename=rexsymon.exe
Description=Intellisync for REX sychronization software for Xircom REX MicroPDAs for sharing information between the PDA and PC
Source=Paul Collins Startup list
[RF]
Number=8648
Confirmed=X
Filename=EC.exe
Description=Added by the LINEAGE-U TROJAN!
Source=Paul Collins Startup list
[rfagent]
Number=8649
Confirmed=U
Filename=rfagent.exe
Description=Registry First Aid - scans the Windows registry for orphan file/folder references, finds these files or folders on your drives that may have been moved from their initial locations, and then corrects your registry entries to match the located files or folders
Source=Paul Collins Startup list
[rforce]
Number=8650
Confirmed=X
Filename=EXP1ORER.EXE
Description=Added by the DROPPER.KN TROJAN! Note the number "1" in the filename rather than letter "L". It also drops another file named DEVICEMAP.SYS which is the ROOTKIT.O TROJAN!
Source=Paul Collins Startup list
[RFTray]
Number=8651
Confirmed=N
Filename=RFTRay.exe
Description=Reality Fusion GameCam Video Interaction Technology Software that comes with the Logitech QuickCam PC video camera and other USB cameras. It's only an icon that appears on your System Tray. Available via Start -> Programs
Source=Paul Collins Startup list
[rfw]
Number=8652
Confirmed=Y
Filename=Rfw.exe
Description=RAV AntiVirus
Source=Paul Collins Startup list
[rfwydg]
Number=8653
Confirmed=?
Filename=rfwydg.exe
Description=??
Source=Paul Collins Startup list
[RFX_auto_upgrade]
Number=8654
Confirmed=N
Filename=rundll32.exe npvpg005.dll
Description=A browser plugin called the RichFX player. Here is a link to download RichFX's solution to removing the auto upgrade
Source=Paul Collins Startup list
[Rg2catbd]
Number=8655
Confirmed=X
Filename=Rg2catbd.exe
Description=Added by a variant of the BANLOAD family of TROJANS!
Source=Paul Collins Startup list
[RH]
Number=8656
Confirmed=U
Filename=rh32.exe
Description=EuroFonts - adds Euro symbols to pre-Euro computers
Source=Paul Collins Startup list
[Rhino]
Number=8657
Confirmed=X
Filename=[random name]32.exe
Description=Added by the BOFRA.A WORM!
Source=Paul Collins Startup list
[RhinoBlocker]
Number=8658
Confirmed=U
Filename=RhinoBlocker.exe
Description=RhinoBlocker - pop-up stopper
Source=Paul Collins Startup list
[RHPTray]
Number=8659
Confirmed=N
Filename=RHPTray.exe
Description=System tray access to Red Hot Pawn - online chess
Source=Paul Collins Startup list
[RHSI SHS]
Number=8660
Confirmed=N
Filename=SHS.exe
Description=Rogers Hi-Speed Internet software. "Should you ever lose access to your Rogers Hi-Speed Internet connection or e-mail, the Self-Healing Software (SHS.exe) will automatically repair your settings to get you up and running in a flash"
Source=Paul Collins Startup list
[RichMedia]
Number=8661
Confirmed=X
Filename=HBHelper.dll
Description=HenBang adware
Source=Paul Collins Startup list
[RichMedia]
Number=8662
Confirmed=X
Filename=rundll32.exe [path] hbcast.dll, WaitWindows
Description=Henbang adware variant
Source=Paul Collins Startup list
[richup]
Number=8663
Confirmed=X
Filename=richup.exe
Description=SafeSurfing adware
Source=Paul Collins Startup list
[RightFAX Print-to-Fax Driver]
Number=8664
Confirmed=U
Filename=FaxCtrl.exe
Description=Part of RightFAX from Captaris - "the proven market leader in fax server and document delivery software"
Source=Paul Collins Startup list
[Ring Central Fax]
Number=8665
Confirmed=U
Filename=rcenterrll.exe
Description=Only needed if you want a PC to answer faxes automatically
Source=Paul Collins Startup list
[rIOphosIs]
Number=8666
Confirmed=X
Filename=rIOPHosIs.vBS
Description=Added by the RIOSYS MACRO!
Source=Paul Collins Startup list
[Riorad Manager]
Number=8667
Confirmed=N
Filename=riomgr.exe
Description="Riorad Explorer is hands-down the most advanced Windows software companion for your Rio MP3 player"
Source=Paul Collins Startup list
[RivaTuner]
Number=8668
Confirmed=U
Filename=RivaTuner.exe
Description=RivaTuner for tweaking nVidia graphics cards. Required if you make any changes
Source=Paul Collins Startup list
[RivaTunerStartupDaemon]
Number=8669
Confirmed=U
Filename=RivaTuner.exe
Description=RivaTuner for tweaking nVidia graphics cards. Required if you make any changes
Source=Paul Collins Startup list
[RjLyraInstaller]
Number=8670
Confirmed=?
Filename=setup.exe
Description=??
Source=Paul Collins Startup list
[rmalt]
Number=8671
Confirmed=X
Filename=[random filename]
Description=Added by the CLICKER-CS TROJAN! Filenames spotted inlcude Setup.exe, Keygen.exe, Keygen-Serial.exe, Photoshop.CS2.KeyGen.exe and more
Source=Paul Collins Startup list
[rmctrl]
Number=8672
Confirmed=U
Filename=rmctrl.exe
Description=Remote Control background application for Cyberlink's PowerDVD version 4 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one
Source=Paul Collins Startup list
[rmdrfje.dll]
Number=8673
Confirmed=X
Filename=rundll32.exe [path] rmdrfje.dll
Description=Added by the DLOADR-ANM TROJAN!
Source=Paul Collins Startup list
[rmmon]
Number=8674
Confirmed=N
Filename=mprmmon.exe
Description=Resource Monitor for the now defunct Chromatic Research MPact2 3DVD graphics card
Source=Paul Collins Startup list
[RMremote]
Number=8675
Confirmed=?
Filename=RmRemote.exe
Description=Remote control driver for REALmagic Xcard. Is it required?
Source=Paul Collins Startup list
[rn4d]
Number=8676
Confirmed=X
Filename=dirote.exe
Description=Added by the MAROON.A TROJAN!
Source=Paul Collins Startup list
[Rnaomflt]
Number=8677
Confirmed=U
Filename=naomf.exe
Description=Naomi internet filtering software
Source=Paul Collins Startup list
[RNBc Test]
Number=8678
Confirmed=X
Filename=wf32vbs.exe
Description=Added by the RBOT-AGR WORM!
Source=Paul Collins Startup list
[RNBc Test]
Number=8679
Confirmed=X
Filename=bvldv32.exe
Description=Added by the RBOT-AJF WORM!
Source=Paul Collins Startup list
[RNBOStart]
Number=8680
Confirmed=U
Filename=sentstrt.exe
Description=Program used to initialise the VxD virtual driver for Sentinel drivers associated with Rainbow H/W keys that plug-in to the parallel port. These are usually supplied with workplace design tools and restrict the use of the software only to the machine to which the H/W key is connected. Required if you have such tools
Source=Paul Collins Startup list
[RNBz Test]
Number=8681
Confirmed=X
Filename=wf32vbc.exe
Description=Added by the RBOT-AEY WORM!
Source=Paul Collins Startup list
[RNDc Test]
Number=8682
Confirmed=X
Filename=wf32b.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[rndll2]
Number=8683
Confirmed=?
Filename=rndll2.exe
Description=May be related to the DivX program as a *.dat file in the same directory had "DivXPro505Bundle.exe" mentioned within?
Source=Paul Collins Startup list
[rngmf]
Number=8684
Confirmed=X
Filename=[path to trojan]
Description=Added by the RANKY.C TROJAN!
Source=Paul Collins Startup list
[Rnudll32]
Number=8685
Confirmed=X
Filename=tadxtr.exe
Description=Added by the QQPASS-O TROJAN!
Source=Paul Collins Startup list
[rnxqh]
Number=8686
Confirmed=?
Filename=rnxqh.exe
Description=??
Source=Paul Collins Startup list
[Roam04]
Number=8687
Confirmed=X
Filename=ActiveX.exe
Description=Added by the ROAMER-A TROJAN!
Source=Paul Collins Startup list
[RoboForm]
Number=8688
Confirmed=N
Filename=RoboTaskBarIcon.exe
Description=Roboform - password manager and web form filler. Will work without this startup entry, as the "active" component is an integrated Internet Explorer browser plugin
Source=Paul Collins Startup list
[RoboFormWatcher]
Number=8689
Confirmed=N
Filename=RoboFormWatcher.exe
Description=Roboform from Siber Systems. Automatically completes web forms. Available via Start -> Programs
Source=Paul Collins Startup list
[Rocket.Time]
Number=8690
Confirmed=U
Filename=RocketTime.exe
Description=Rocket.Time - time synchronization software from Rocket Software
Source=Paul Collins Startup list
[Roflcopteur]
Number=8691
Confirmed=X
Filename=seman.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[roketpipe]
Number=8692
Confirmed=?
Filename=rpclient.exe
Description=??
Source=Paul Collins Startup list
[Rollback]
Number=8693
Confirmed=U
Filename=RollbackTray.exe
Description=Added by the RollBack Rx system restore program
Source=Paul Collins Startup list
[rollbk]
Number=8694
Confirmed=X
Filename=dsm.exe
Description=Added by the SERFLOG.B WORM!
Source=Paul Collins Startup list
[rollbk]
Number=8695
Confirmed=X
Filename=msmpatch.exe
Description=Added by the SERFLOG.B WORM!
Source=Paul Collins Startup list
[rollbk]
Number=8696
Confirmed=X
Filename=svosm.exe
Description=Added by the SERFLOG.B WORM!
Source=Paul Collins Startup list
[rollbk]
Number=8697
Confirmed=X
Filename=sysup.exe
Description=Added by the SERFLOG.B WORM!
Source=Paul Collins Startup list
[romahere]
Number=8698
Confirmed=X
Filename=matrixhere.exe
Description=SuperSpider hijacker - a CoolWebSearch parasite variant
Source=Paul Collins Startup list
[romahere2]
Number=8699
Confirmed=X
Filename=************.exe [* = random char]
Description=SuperSpider hijacker - a CoolWebSearch parasite variant. Also detected as the KREPPER-AE TROJAN!
Source=Paul Collins Startup list
[romahere3]
Number=8700
Confirmed=X
Filename=************.exe [* = random char]
Description=SuperSpider hijacker - a CoolWebSearch parasite variant. Also detected as the KREPPER-AE TROJAN!
Source=Paul Collins Startup list
[Root_Machine]
Number=8701
Confirmed=X
Filename=[path to trojan]
Description=Added by the BANCBAN-DI TROJAN!
Source=Paul Collins Startup list
[ROOT_Machine]
Number=8702
Confirmed=X
Filename=winlogon.exe
Description=Added by the BANKER-FI TROJAN! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This worm file is placed in the Windows\inf or Winnt\inf folder
Source=Paul Collins Startup list
[ROUTD]
Number=8703
Confirmed=?
Filename=ROUTD.exe
Description=??
Source=Paul Collins Startup list
[RoxAssist]
Number=8704
Confirmed=N
Filename=RoxAssist.exe
Description=Roxio Assistant is designed to correct Engine Initialization errors. If Easy CD & DVD Creator's Engine does not initialize, the applications in Easy CD & DVD Creator will not recognize your recorder. After running this program you should receive the message "Engine initialized successfully with full recorder support". If you do not receive the message, update your Virus software and then check and clean your system for viruses. After the removal of any viruses, uninstall and then reinstall Easy CD & DVD Creator (use "Add Remove Programs" in "Control Panel"). Can be run manually
Source=Paul Collins Startup list
[Roxio Engine]
Number=8705
Confirmed=?
Filename=MSMNGR32.EXE
Description=Not believed to be a valid Roxio program - more likely a variant on the WOMANIZ.A TROJAN!
Source=Paul Collins Startup list
[RoxioAudioCentral]
Number=8706
Confirmed=N
Filename=RxMon.exe
Description=Part of Roxio EasyCD Creator 6.0 - places the Roxio AudioCentral icon in you system tray. "Includes a player, media manager, ripper, tag and sound editor - integrated in a single application". Not required for Roxio to work properly.
Source=Paul Collins Startup list
[RoxioDragToDisc]
Number=8707
Confirmed=N
Filename=DrgToDsc.exe
Description=Part of Roxio EasyCD Creator 6.0 - places the Roxio Drag-to-Disc icon in you system tray. "Easily drag and drop files for burning to CD or DVD. Disc formatting and burning will happen automatically". Not required for Roxio to work properly
Source=Paul Collins Startup list
[RoxioEngineUtility]
Number=8708
Confirmed=Y
Filename=EngUtil.exe
Description=Part of Roxio EasyCD Creator 6.0 - corrects any modification made to the Roxio Engine, it exits after checking
Source=Paul Collins Startup list
[RoxWatchTray]
Number=8709
Confirmed=N
Filename=RoxWatchTray.exe
Description=System Tray icon installed by Roxio Easy Media Creator 8 and which allows you to configure your watched folders or to turn the “Watched Folders” feature of Roxio ON or OFF
Source=Paul Collins Startup list
[RP32]
Number=8710
Confirmed=U
Filename=rp32.exe
Description=Unicenter Remote Control (was Remotely Possible) from Enterprise International for remote control and access to Win9x/NT systems
Source=Paul Collins Startup list
[RPC]
Number=8711
Confirmed=X
Filename=MSschost.exe
Description=Added by a variant of the GAOBOT/AGOBOT WORM!
Source=Paul Collins Startup list
[RPC Patcher]
Number=8712
Confirmed=X
Filename=[path to worm]
Description=Added by the BOLGI WORM!
Source=Paul Collins Startup list
[RPC Service]
Number=8713
Confirmed=X
Filename=[random filename]
Description=Added by the AAD TROJAN!
Source=Paul Collins Startup list
[rpc Win32]
Number=8714
Confirmed=X
Filename=shost32.exe
Description=Added by the RBOT-ABL WORM!
Source=Paul Collins Startup list
[rpc Win32]
Number=8715
Confirmed=X
Filename=spoolscv.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[rpcc]
Number=8716
Confirmed=X
Filename=rpcc.exe
Description=Added by the SPAMMIT-E TROJAN!
Source=Paul Collins Startup list
[rpcda Win32]
Number=8717
Confirmed=X
Filename=rpcda.exe
Description=Added by the RBOT-AE WORM!
Source=Paul Collins Startup list
[RPCser32g]
Number=8718
Confirmed=X
Filename=services.exe
Description=Added by the RITDOOR-C WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
Source=Paul Collins Startup list
[RPCserr32g]
Number=8719
Confirmed=X
Filename=winlogon.exe
Description=Added by the RITDOOR-B WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder
Source=Paul Collins Startup list
[RPCserv32]
Number=8720
Confirmed=X
Filename=services.exe
Description=Added by the MYDOOM.AL WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
Source=Paul Collins Startup list
[RPCserv32g]
Number=8721
Confirmed=X
Filename=services.exe
Description=Added by the BOBAX.AA WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
Source=Paul Collins Startup list
[RPCserv32g]
Number=8722
Confirmed=X
Filename=CSRSS.EXE
Description=Added by the BOBAX.AD WORM! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[RPCserv32g]
Number=8723
Confirmed=X
Filename=MSDEFR.EXE
Description=Added by the BOBAX.AD WORM!
Source=Paul Collins Startup list
[RPCserv32g]
Number=8724
Confirmed=X
Filename=NB32EXT2.EXE
Description=Added by the BOBAX.AD WORM!
Source=Paul Collins Startup list
[RPCserv32g]
Number=8725
Confirmed=X
Filename=WINLOGON.EXE
Description=Added by the BOBAX.AD WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder
Source=Paul Collins Startup list
[RPCSS.exe]
Number=8726
Confirmed=Y
Filename=rpcss.exe
Description=Remote Procedure Call. Required by windows for programs to communicate with each other on networks/different machines. Originally for NT only but now installed with Win98/98se. Under Win98/98se, a program may need it to communicate with other components of itself. You could delete the program but if any abnormalities occur soon after then reinstall. Under NT, deleting this critical system component will disable the OS. For a more detailed explanation see here
Source=Paul Collins Startup list
[RpcxWindows Extensions]
Number=8727
Confirmed=X
Filename=rpcxwinex.exe
Description=Added by the RBOT.ACP WORM!
Source=Paul Collins Startup list
[Rr2]
Number=8728
Confirmed=X
Filename=rundll32.exe
Description=Added by the LINEAG-ADI TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in the Windows folder (98\ME) or the System32 folder(NT\2000\XP). This file is located in an "addins" sub-folder
Source=Paul Collins Startup list
[RRMedic]
Number=8729
Confirmed=X
Filename=rrmedic.exe
Description=Troubleshooting utility for the RoadRunner cable internet service. Not required and you are advised to completely uninstall it. Provides a lot of false alarms and gets a lot of people panicking about there internet connection
Source=Paul Collins Startup list
[rscmpt]
Number=8730
Confirmed=U
Filename=rscmpt.exe
Description=Required on the GeFroce 64 meg MX card to show the full 64 meg memory and appears to be a software memory emulator running under the Win2K - see here. High CPU useage results - hence the U status
Source=Paul Collins Startup list
[rsmb]
Number=8731
Confirmed=X
Filename=rsmb.exe
Description=Added by the WAREZOV.C WORM!
Source=Paul Collins Startup list
[rsMenu]
Number=8732
Confirmed=U
Filename=rsMenu.exe
Description=Synchronizes a Casio PDA with MS Outlook
Source=Paul Collins Startup list
[RSPC Driver]
Number=8733
Confirmed=X
Filename=[random filename].exe
Description=Added by the RBOT-SN WORM!
Source=Paul Collins Startup list
[RSPC Driver D]
Number=8734
Confirmed=X
Filename=[random filename]
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[RSRCMTZ]
Number=8735
Confirmed=?
Filename=RSRCMTZ.exe
Description=??
Source=Paul Collins Startup list
[RSS]
Number=8736
Confirmed=X
Filename=rundll32 RSSToolbar.dll, DllRunMain
Description="Related Sites" toolbar - SearchAndClick hijacker variant
Source=Paul Collins Startup list
[RssReader]
Number=8737
Confirmed=U
Filename=RssReader.exe
Description=RssReader - a free RSS reader able to display any RSS and Atom news feed (XML)
Source=Paul Collins Startup list
[RSync]
Number=8738
Confirmed=X
Filename=netsync.exe
Description=SafeSurfing adware
Source=Paul Collins Startup list
[rtasks]
Number=8739
Confirmed=N
Filename=rtasks.exe
Description=WinAntiVirus Pro 2007 virus software - not recommended, see here
Source=Paul Collins Startup list
[rtcdll]
Number=8740
Confirmed=U
Filename=rtcdll.exe
Description=RTCDLL is "Real Time Communication" and is associated with Windows Messenger (the IM application, not messenger service). It is only necessary if you use Windows Messenger. Most people use MSN Messenger instead, so it is not required in those cases
Source=Paul Collins Startup list
[RTHDCPL]
Number=8741
Confirmed=U
Filename=RTHDCPL.EXE
Description=Realtek HD Audio Sound Effect Manager
Source=Paul Collins Startup list
[RtHDVCpl]
Number=8742
Confirmed=U
Filename=RtHDVCpl.exe
Description=High definition audio codec driver from Realtek Semiconductor
Source=Paul Collins Startup list
[RtlMon.exe]
Number=8743
Confirmed=N
Filename=RtlMon.exe
Description=Monitor for RealTek network card
Source=Paul Collins Startup list
[RTMonitor]
Number=8744
Confirmed=Y
Filename=RTMonitor.exe
Description=Cheyenne (now eTrust) antivirus
Source=Paul Collins Startup list
[rtos]
Number=8745
Confirmed=X
Filename=rtos.exe
Description=IRC trojan
Source=Paul Collins Startup list
[RTStartMute]
Number=8746
Confirmed=?
Filename=N/A
Description=??
Source=Paul Collins Startup list
[rtvscn95]
Number=8747
Confirmed=Y
Filename=RTVSCN95.EXE
Description=Real-time virus scanner component of Norton Anti-Virus Corporate Edition
Source=Paul Collins Startup list
[RtWLan]
Number=8748
Confirmed=U
Filename=RtWLan.exe
Description=Configuration utility for the Netgear WG111 54 Mbps Wireless USB 2.0 Adapter that "provides wireless access to your desktop or notebook PC through the computer's USB port"
Source=Paul Collins Startup list
[Ruby13]
Number=8749
Confirmed=X
Filename=Ruby13.exe
Description=Added by the MEXER.E WORM!
Source=Paul Collins Startup list
[Ruby14]
Number=8750
Confirmed=X
Filename=Ruby14.exe
Description=Added by the FIGHTRUB-A WORM!
Source=Paul Collins Startup list
[ruin]
Number=8751
Confirmed=X
Filename=system32.exe
Description=Added by the DELF-JM TROJAN!
Source=Paul Collins Startup list
[RuLaunch]
Number=8752
Confirmed=U
Filename=RuLaunch.exe
Description=Instant Updater for McAfee's VirusScan, Internet Security, Quick Clean, Uninstaller and Firewall products. In the case of VirusScan leave it enabled unless you update manually on a regular basis
Source=Paul Collins Startup list
[run]
Number=8753
Confirmed=X
Filename=Autoexec.com
Description=Added by the HOLCAS.A WORM!
Source=Paul Collins Startup list
[run]
Number=8754
Confirmed=X
Filename=inetinfo.exe
Description=Added by the BINGHE TROJAN!
Source=Paul Collins Startup list
[Run]
Number=8755
Confirmed=X
Filename=help.exe
Description=Identified as the DELF.LF by Ewido Security Suite
Source=Paul Collins Startup list
[run]
Number=8756
Confirmed=X
Filename=[path] rundll32.exe rsrc.dll
Description=Browser hijacker of Chinese origin, redirecting to 4199.com
Source=Paul Collins Startup list
[Run Msn Messenger]
Number=8757
Confirmed=X
Filename=msnmgr.exe
Description=Added by the AGOBOT.HA WORM!
Source=Paul Collins Startup list
[Run MSupdt32]
Number=8758
Confirmed=X
Filename=wscript MSupdt32.vbs
Description=Added by the CASER WORM!
Source=Paul Collins Startup list
[Run Nintendo Wi-Fi USB Connector Registration Tool]
Number=8759
Confirmed=U
Filename=NintendoWFCReg.exe
Description=Related to Wi-Fi USB Connector from Nintendo
Source=Paul Collins Startup list
[Run POPFile in background]
Number=8760
Confirmed=U
Filename=perl.exe
Description=POPFile - E-mail spam blocker
Source=Paul Collins Startup list
[Run POPFile in background]
Number=8761
Confirmed=U
Filename=wperl.exe
Description=POPFile - E-mail spam blocker
Source=Paul Collins Startup list
[Run Services as Application]
Number=8762
Confirmed=X
Filename=localsvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Run Services as Application]
Number=8763
Confirmed=X
Filename=netsvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Run Services as Application]
Number=8764
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Run Services as Application]
Number=8765
Confirmed=X
Filename=svcadmin.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Run Services as Application]
Number=8766
Confirmed=X
Filename=svcman.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Run Services as Application]
Number=8767
Confirmed=X
Filename=svcrun.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Run Services as Application]
Number=8768
Confirmed=X
Filename=tcpsvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Run Services as Application]
Number=8769
Confirmed=X
Filename=websvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Run StartupMonitor]
Number=8770
Confirmed=U
Filename=StartupMonitor.exe
Description=Mike Lin's StartupMonitor, throws up an alert and asks your permission every time any change is made to your start-up configuration, either in the registry or start menu
Source=Paul Collins Startup list
[Run TaskMrg]
Number=8771
Confirmed=X
Filename=csrss.exe
Description=Added by the LDPINCH-W TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows folder
Source=Paul Collins Startup list
[run windows]
Number=8772
Confirmed=X
Filename=servic.bat
Description=Added by the REBOOT-AP TROJAN!
Source=Paul Collins Startup list
[Run XP Service Pack]
Number=8773
Confirmed=X
Filename=xpservicepack.exe
Description=Added by the SDBOT.AQA WORM!
Source=Paul Collins Startup list
[Run05]
Number=8774
Confirmed=X
Filename=rundll_32.exe
Description=Added by the BANCOS-DT TROJAN!
Source=Paul Collins Startup list
[run32]
Number=8775
Confirmed=X
Filename=run32dll.exe
Description=Added by the SDBOT-CWB WORM!
Source=Paul Collins Startup list
[run32dll]
Number=8776
Confirmed=X
Filename=WINClock.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[run32dll]
Number=8777
Confirmed=X
Filename=task32.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[Run32dll]
Number=8778
Confirmed=X
Filename=ocxdll.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[run=]
Number=8779
Confirmed=N
Filename=cmmpu.exe
Description=MIDI emulator driver for the integrated sound chip by C-Media based on the CMI-8330 chip set normally found in cheap motherboards. Also installed as part of the software for a Guillemot Maxi Muse sound card (PCI)
Source=Paul Collins Startup list
[run=]
Number=8780
Confirmed=N
Filename=hpfsched
Description=HPFSCHED is a small TSR that will remind you to clean the cartridges in your DeskJet from time to time in order to keep print quality high. It can be removed from the run line in win.ini if you do not want that feature
Source=Paul Collins Startup list
[run=]
Number=8781
Confirmed=N
Filename=lxdboxcp.exe
Description=Lexmark DOS-Printing Control Program for the Lexmark 2050. Only required if you need to print from DOS
Source=Paul Collins Startup list
[run=]
Number=8782
Confirmed=N
Filename=pcfix2k.exe
Description=pcfix2k splash screen
Source=Paul Collins Startup list
[run=]
Number=8783
Confirmed=X
Filename=ptlseq.cpl
Description=PhoenixNet BIOS adware. See here
Source=Paul Collins Startup list
[run=]
Number=8784
Confirmed=U
Filename=ramsys.exe
Description=Advanced Startup Manager from Rays Lab
Source=Paul Collins Startup list
[run=]
Number=8785
Confirmed=?
Filename=wallflip.exe
Description=Desktop wallpaper changer?
Source=Paul Collins Startup list
[run=]
Number=8786
Confirmed=X
Filename=svcinit.exe
Description=CoolWebSearch parasite variant
Source=Paul Collins Startup list
[run=]
Number=8787
Confirmed=X
Filename=fntldr.exe
Description=CoolWebSearch Tapicfg parasite variant
Source=Paul Collins Startup list
[run=]
Number=8788
Confirmed=Y
Filename=smsrun16.exe
Description=Microsoft Systems Management Server (SMS) related - program that reads SMSRUN16.INI on clients running Win 3.1, Windows for Workgroups, Win95, or OS/2 to create program groups on the client and then launch SMS client programs
Source=Paul Collins Startup list
[run=]
Number=8789
Confirmed=?
Filename=win.ini
Description=??
Source=Paul Collins Startup list
[run=]
Number=8790
Confirmed=X
Filename=RAVMOND.exe
Description=Added by a variant of the LOVGATE WORM!
Source=Paul Collins Startup list
[run=]
Number=8791
Confirmed=X
Filename=real.exe
Description=Added by a variant of the LOVGATE WORM!
Source=Paul Collins Startup list
[run=]
Number=8792
Confirmed=X
Filename=dec25.exe
Description=Added by the ATAK.F WORM!
Source=Paul Collins Startup list
[run=]
Number=8793
Confirmed=?
Filename=LXBTppls.exe
Description=Reportedly part of Lexmark printer software - what does it do and is it required?
Source=Paul Collins Startup list
[run=]
Number=8794
Confirmed=N
Filename=fmedia.exe
Description=FMedia FaxWorks related - can be run manually
Source=Paul Collins Startup list
[run=]
Number=8795
Confirmed=Y
Filename=wswpd.exe
Description=Used with some models of Panasonic, Epson and NEC printers - required for printer to work
Source=Paul Collins Startup list
[run=]
Number=8796
Confirmed=X
Filename=cyxid98.exe
Description=Unidentified malware
Source=Paul Collins Startup list
[run=]
Number=8797
Confirmed=X
Filename=info32.exe
Description=CoolWebSearch Tapicfg parasite variant
Source=Paul Collins Startup list
[run=]
Number=8798
Confirmed=X
Filename=mouse_configurator.win
Description=Added by the GAGGLE.E WORM!
Source=Paul Collins Startup list
[run=]
Number=8799
Confirmed=X
Filename=RegistryReminder.exe
Description=Added by the APSTROJAN.OB TROJAN!
Source=Paul Collins Startup list
[run=]
Number=8800
Confirmed=X
Filename=sec5dec.exe
Description=Added by the ATAK.G WORM!
Source=Paul Collins Startup list
[run=]
Number=8801
Confirmed=X
Filename=wmplayer.exe
Description=CoolWebSearch Smartsearch parasite variant
Source=Paul Collins Startup list
[run=]
Number=8802
Confirmed=X
Filename=Autoexec.com
Description=Added by the HOLCAS.A WORM!
Source=Paul Collins Startup list
[run=]
Number=8803
Confirmed=X
Filename=htmlsync.exe
Description=Searchforfree.info browser hijacker
Source=Paul Collins Startup list
[run=]
Number=8804
Confirmed=X
Filename=msoffice.exe
Description=Added by the ADWARELOADER TROJAN! Note - do not confuse with the legitimate Microsoft Office file, which would typically be located in the Program Files\Microsoft Office\Office folder!
Source=Paul Collins Startup list
[run=]
Number=8805
Confirmed=X
Filename=DRDOOM.EXE
Description=Added by the SEMAPI-A WORM!
Source=Paul Collins Startup list
[run=]
Number=8806
Confirmed=X
Filename=svhost.exe
Description=Added by the ADMINCASH.B TROJAN!
Source=Paul Collins Startup list
[run=]
Number=8807
Confirmed=X
Filename=dllreg.exe
Description=Added by the DUMARU-L TROJAN!
Source=Paul Collins Startup list
[run=]
Number=8808
Confirmed=X
Filename=mdm.exe
Description=Added by the PROXY-GG TROJAN!
Source=Paul Collins Startup list
[run=]
Number=8809
Confirmed=X
Filename=Celine.scr
Description=Added by the CELINE-A TROJAN!
Source=Paul Collins Startup list
[run=]
Number=8810
Confirmed=X
Filename=services.exe
Description=Added by the KREPPER-N TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "inet10066" subfolder of the Windows or Winnt folder
Source=Paul Collins Startup list
[RunAlert]
Number=8811
Confirmed=U
Filename=AService.exe
Description=MSI MOtherboard PC Alert III - MSI motherboard monitoring software. Only required if you "overclock" your system
Source=Paul Collins Startup list
[runAP]
Number=8812
Confirmed=N
Filename=runAP.exe
Description=Not required but what is it?
Source=Paul Collins Startup list
[runapp]
Number=8813
Confirmed=X
Filename=icqchk.exe
Description=Added by the BOMKA TROJAN!
Source=Paul Collins Startup list
[Runapp32]
Number=8814
Confirmed=X
Filename=Runapp32.exe
Description=Added by the NEODURK TROJAN!
Source=Paul Collins Startup list
[RunCA]
Number=8815
Confirmed=Y
Filename=InvokeSvc3.exe
Description=Wireless-G USB Wireless Network Adapter related - would appear to be required
Source=Paul Collins Startup list
[Rund11]
Number=8816
Confirmed=X
Filename=Rund11.EXE
Description=Added by the MARIO-C WORM!
Source=Paul Collins Startup list
[rund1132]
Number=8817
Confirmed=X
Filename=rund1132.exe
Description=Added by the DOPBOT-A WORM!
Source=Paul Collins Startup list
[Rund1132.exe]
Number=8818
Confirmed=X
Filename=Rund1132.exe
Description=Added by the STARTPA-HS TROJAN!
Source=Paul Collins Startup list
[Rund1l32]
Number=8819
Confirmed=X
Filename=Winfi1e32.exe
Description=Added by the MERTIAN WORM!
Source=Paul Collins Startup list
[Rundil32]
Number=8820
Confirmed=X
Filename=runlli32.exe
Description=Added by the QQPASS-U TROJAN!
Source=Paul Collins Startup list
[Rundil32]
Number=8821
Confirmed=X
Filename=Updadv.exe
Description=Added by the QQPASS-N TROJAN!
Source=Paul Collins Startup list
[rundl332]
Number=8822
Confirmed=X
Filename=math.exe ...pluged.exe
Description=Added by the DOOMJUICE WORM!
Source=Paul Collins Startup list
[rundli32]
Number=8823
Confirmed=X
Filename=rundli32.exe
Description=Added by the LADE WORM!
Source=Paul Collins Startup list
[RunDLL]
Number=8824
Confirmed=X
Filename=rundll32.exe bridge.dll, Load
Description=Flingstone.com browser hijacker
Source=Paul Collins Startup list
[Rundll]
Number=8825
Confirmed=X
Filename=Rundll~.exe
Description=Added by the DELF-KT TROJAN!
Source=Paul Collins Startup list
[Rundll]
Number=8826
Confirmed=X
Filename=rundll32.exe [random file name].dll "taskmon"
Description=Added by the MYTOB.IG WORM!
Source=Paul Collins Startup list
[RunDll]
Number=8827
Confirmed=X
Filename=RunDll.exe
Description=Added by the QQPASS-AH TROJAN! Note - this is NOT the Windows system file of the same name as described here
Source=Paul Collins Startup list
[rundll***]
Number=8828
Confirmed=X
Filename=die.exe [path] mdll.exe
Description=Added by the SUMTAX TROJAN! where *** is 134, 569, 777 or 946
Source=Paul Collins Startup list
[rundll***]
Number=8829
Confirmed=X
Filename=die.exe [path] secure.bat
Description=Added by the SUMTAX TROJAN! where *** is 134, 569, 777 or 946
Source=Paul Collins Startup list
[rundll***]
Number=8830
Confirmed=X
Filename=die.exe [path] secure.exe
Description=Added by the SUMTAX TROJAN! where *** is 134, 569, 777 or 946
Source=Paul Collins Startup list
[rundll***]
Number=8831
Confirmed=X
Filename=die.exe [path] ttg.exe
Description=Added by the SUMTAX TROJAN! where *** is 134, 569, 777 or 946
Source=Paul Collins Startup list
[Rundll16]
Number=8832
Confirmed=X
Filename=Rundll16.exe
Description=Added by a number of VIRUSES, WORMS and TROJANS!
Source=Paul Collins Startup list
[Rundll32]
Number=8833
Confirmed=X
Filename=Rundll32.exe
Description=Added by the DVLDR TROJAN! Note - this is not the valid "Rundll32.exe" as it's in the Windows\Fonts directory
Source=Paul Collins Startup list
[RUNDLL32]
Number=8834
Confirmed=N
Filename=RUNDLL32.EXE NvQtwk, NvCplDaemon
Description=System Tray icon used to change display settings, change the clock rate and memory speed for nVidia based graphics cards. This is unnecessary since you can easily configure these settings the way you want them in the Display Properties and not have to mess with them again. Also disable the "NVIDIA Driver Helper Service" if enabled as it can cause this entry to be re-enabled on re-boot (note that this service can also cause extreme shutdown delays if enabled - see here)
Source=Paul Collins Startup list
[RunDLL32]
Number=8835
Confirmed=N
Filename=RunDLL32.exe NvMCTray.dll, NvTaskbarInit
Description=System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties
Source=Paul Collins Startup list
[rundll32]
Number=8836
Confirmed=U
Filename=Rundll32.exe Wf2kcpl.dll DllLoadDefaultSettings
Description=Loads default settings for Leadtek Winfast graphics cards
Source=Paul Collins Startup list
[RunDLL32]
Number=8837
Confirmed=X
Filename=winupdate.exe
Description=Added by an unidentified TROJAN! - possibly a BMBOT variant
Source=Paul Collins Startup list
[Rundll32]
Number=8838
Confirmed=X
Filename=Windows.exe
Description=Added by the QQPASS.E TROJAN!
Source=Paul Collins Startup list
[Rundll32]
Number=8839
Confirmed=U
Filename=Rundll32.exe ptipbm.dll, SetWriteBack
Description=Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. Tells the drivers that the connected Drives should use the "Write Back" Caching. You can disable this if you don't want to use "Write Back" Caching or if you have not connected any driver to your Promise Controller
Source=Paul Collins Startup list
[rundll32]
Number=8840
Confirmed=X
Filename=[path to worm]
Description=Added by the AUTEX WORM!
Source=Paul Collins Startup list
[rundll32]
Number=8841
Confirmed=?
Filename=rundll32.exe ptipbmf.dll, SetWriteCacheMode
Description=Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. May be necessary in order to maintain preferences applied to the RAID array connected to the Promise controller
Source=Paul Collins Startup list
[rundll32]
Number=8842
Confirmed=X
Filename=rundll32.exe
Description=Added by the SANKER WORM! Note that the valid "rundll32.exe" resides in C:\Windows\System32 wheras this version resides in C:\Windows
Source=Paul Collins Startup list
[rundll32]
Number=8843
Confirmed=X
Filename=csrss.exe
Description=Added by the GUTTA TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows folder
Source=Paul Collins Startup list
[rundll32]
Number=8844
Confirmed=U
Filename=RunDLL32.exe irprops.cpl, BluetoothAuthenticationAgent
Description=Associated with BlueTooth software, and registers the "Infrared Port properties" Control Panel applet. Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click here here for more information. In case you no longer have BlueTooth support installed, and don't need it, simply uncheck the entry in Msconfig > Startup
Source=Paul Collins Startup list
[RUNDLL32]
Number=8845
Confirmed=X
Filename=rundl32.exe
Description=Added by the DEMOTRY-A WORM!
Source=Paul Collins Startup list
[rundll32]
Number=8846
Confirmed=X
Filename=rundll32.exe
Description=Added by the AGENT-EZ TROJAN! Note - the real rundll32.exe resides in the System (9x/Me) or System32 (NT/2K/XP) folder whereas this file is found in a "SHELLEXT" subfolder
Source=Paul Collins Startup list
[Rundll32]
Number=8847
Confirmed=X
Filename=RUNDDLL32.EXE
Description=Added by the STARTPAGE.AXH TROJAN!
Source=Paul Collins Startup list
[Rundll32 cmicnfg]
Number=8848
Confirmed=N
Filename=Rundll32 cmicnfg.cpl, CMICtrlWnd
Description=System tray control panel for C-Media based soundcards - often included on popular motherboards with in-built audio. Available via Start -> Settings -> Control Panel
Source=Paul Collins Startup list
[RunDll32 essprops]
Number=8849
Confirmed=Y
Filename=RunDll32 essprops.cpl, TaskbarIconWnd
Description=Associated with a Logitech mouse - required for proper operation
Source=Paul Collins Startup list
[Rundll32 P17]
Number=8850
Confirmed=U
Filename=Rundll32 P17.dll, P17Helper
Description=ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality
Source=Paul Collins Startup list
[Rundll32.exe]
Number=8851
Confirmed=X
Filename=Proyecto1.exe
Description=Added by the GRUEL WORM!
Source=Paul Collins Startup list
[Rundll32.exe]
Number=8852
Confirmed=X
Filename=Root.exe
Description=Added by the GRUEL WORM!
Source=Paul Collins Startup list
[Rundll32_7]
Number=8853
Confirmed=X
Filename=rundll32.exe MSIEFR40.DLL, DllRunServer
Description=BrowserAid/BrowserPal foistware
Source=Paul Collins Startup list
[Rundll32_8]
Number=8854
Confirmed=X
Filename=rundll32.exe inetp60.dll, DllRunServer
Description=BrowserAid/BrowserPal foistware
Source=Paul Collins Startup list
[Rundll32_8]
Number=8855
Confirmed=X
Filename=rundll32.exe 1.dll, DllRunServer
Description=BrowserAid/BrowserPal foistware
Source=Paul Collins Startup list
[rundll64]
Number=8856
Confirmed=X
Filename=[path to worm]
Description=Added by the AUTEX WORM!
Source=Paul Collins Startup list
[RundllSvr]
Number=8857
Confirmed=X
Filename=Rundll.exe
Description=Added by the HUAYU WORM! Note - this is NOT the Windows system file of the same name as described here
Source=Paul Collins Startup list
[Rundllsystem32]
Number=8858
Confirmed=X
Filename=Rundllsystem32.exe
Description=Added by the NETDEVIL.B TROJAN!
Source=Paul Collins Startup list
[Rundnm]
Number=8859
Confirmed=X
Filename=Rundnm.exe
Description=Added by the DELF-HA TROJAN!
Source=Paul Collins Startup list
[RUNGogoTools]
Number=8860
Confirmed=X
Filename=LaunchAdware.exe
Description=GoGoTools adware
Source=Paul Collins Startup list
[RUNGogoTools]
Number=8861
Confirmed=X
Filename=GoGoLaunch.exe
Description=GoGoTools adware
Source=Paul Collins Startup list
[RUNHYPER]
Number=8862
Confirmed=X
Filename=hyperx.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[runing]
Number=8863
Confirmed=X
Filename=win.exe
Description=Added by the DELF-LC TROJAN!
Source=Paul Collins Startup list
[RUNLOAD]
Number=8864
Confirmed=X
Filename=l0ad.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[RUNLOUD]
Number=8865
Confirmed=X
Filename=loud.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[Runmarc8mManager]
Number=8866
Confirmed=U
Filename=marc8m95.exe
Description=MARC Sound System Manager for the Marc 8 MIDI sound card - allows for easy adjustment of the settings
Source=Paul Collins Startup list
[Runner]
Number=8867
Confirmed=X
Filename=lsass.exe [trojan filename]
Description=Added by the DROWSY-B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located the Winnt or Windows folder
Source=Paul Collins Startup list
[Runner]
Number=8868
Confirmed=X
Filename=csrss.exe
Description=Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[Runner]
Number=8869
Confirmed=X
Filename=lsass.exe
Description=Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[Runner]
Number=8870
Confirmed=X
Filename=svchost.exe
Description=Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[runner1]
Number=8871
Confirmed=X
Filename=updater.exe
Description=Added by the CRYPT.ULPM.GEN TROJAN!
Source=Paul Collins Startup list
[RunOnce]
Number=8872
Confirmed=U
Filename=RUNONCE.EXE
Description=Part of MS Data Access Components - only required if you use these
Source=Paul Collins Startup list
[RunOnceEx]
Number=8873
Confirmed=X
Filename=sms.exe
Description=Identified as the DELF.LF by Ewido Security Suite
Source=Paul Collins Startup list
[RunProg]
Number=8874
Confirmed=X
Filename=Server.exe
Description=Added by the OPTIX.04.A TROJAN!
Source=Paul Collins Startup list
[RunProg]
Number=8875
Confirmed=X
Filename=wini.exe
Description=Added by the OPTIX.04.D TROJAN!
Source=Paul Collins Startup list
[runreper]
Number=8876
Confirmed=X
Filename=viewer.exe
Description=Added by the REPER.A VIRUS!
Source=Paul Collins Startup list
[runs]
Number=8877
Confirmed=X
Filename=run.exe
Description=Added by the RBOT-BWF WORM!
Source=Paul Collins Startup list
[RunSearvices]
Number=8878
Confirmed=X
Filename=tread.exe
Description=Identified as the DELF.LF by Ewido Security Suite
Source=Paul Collins Startup list
[RunServices]
Number=8879
Confirmed=X
Filename=runsvc32.exe
Description=Added by the AGOBOT.QJ WORM!
Source=Paul Collins Startup list
[runSubvalues]
Number=8880
Confirmed=X
Filename=[path to file]
Description=Added by the DLOADER-QY TROJAN!
Source=Paul Collins Startup list
[RunSysd32]
Number=8881
Confirmed=U
Filename=RunSysd32.exe
Description=DesktopShield2000 by Stéphane Groleau. Locks the desktop at bootup so that users cannot bypass the Windows screensaver password. Only essential if using the program and is an optional setting. It can be disabled from within
Source=Paul Collins Startup list
[Runtime Process]
Number=8882
Confirmed=X
Filename=Csrss.exe
Description=Added by the CIADOOR-J TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[Runtt1]
Number=8883
Confirmed=X
Filename=Internat.exe
Description=Added by the LINEAGE-R TROJAN!
Source=Paul Collins Startup list
[Runtt1]
Number=8884
Confirmed=X
Filename=Internet.exe
Description=Added by the LINEAGE-Q TROJAN!
Source=Paul Collins Startup list
[RunWin]
Number=8885
Confirmed=X
Filename=[path to file]
Description=Added by the BANKER-ES TROJAN!
Source=Paul Collins Startup list
[runwin32]
Number=8886
Confirmed=X
Filename=runwin32.exe
Description=Added by the ESEARCH-A TROJAN!
Source=Paul Collins Startup list
[RUNWIN32]
Number=8887
Confirmed=X
Filename=runwin32.exe
Description=Added by the VB-AET TROJAN!
Source=Paul Collins Startup list
[RunWindowsUpdate]
Number=8888
Confirmed=X
Filename=uptodate.exe
Description=BrowserAid/BrowserPal foistware
Source=Paul Collins Startup list
[Run[0]]
Number=8889
Confirmed=X
Filename=syscnfg.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in C:\windows\fonts (or C:\winnt\fonts) directory where no *.exe files should reside
Source=Paul Collins Startup list
[Run_cd]
Number=8890
Confirmed=X
Filename=Run_cd.exe
Description=Added by the GHOST.23 TROJAN!
Source=Paul Collins Startup list
[run_pbnext]
Number=8891
Confirmed=Y
Filename=PBNext.exe
Description=PBNext is virtual phone system which offers the same functionality as expensive PBX hardware
Source=Paul Collins Startup list
[Rupsw32]
Number=8892
Confirmed=U
Filename=Rupsw32.exe
Description=MegaTec Rups, UPS monitoring software - monitor and control DB9 UPS running on either Windows & Novell NetWare (with RUPS 2000) or Unix (with RUPS for Unix / Plus) operating systems
Source=Paul Collins Startup list
[RUSBHOLoader]
Number=8893
Confirmed=?
Filename=rundll32.exe RUSBHOLoader.dll, AutoRegister
Description=??
Source=Paul Collins Startup list
[RVC6Player]
Number=8894
Confirmed=X
Filename=tskdbg.exe
Description=Added by the ZAPCHAS-M TROJAN!
Source=Paul Collins Startup list
[rvde]
Number=8895
Confirmed=X
Filename=N/A
Description=Related to li-speed****
Source=Paul Collins Startup list
[RVP]
Number=8896
Confirmed=X
Filename=bpc.exe
Description=Spyware included with the latest version of Grokster. Also see here
Source=Paul Collins Startup list
[rx]
Number=8897
Confirmed=X
Filename=rundll32.exe
Description=Added by the Lineage-BP TROJAN! Note - this is not the legitimate Windows process (Which is found in the Windows folder for 9x\Me and the System32 folder for NT\2K\XP). This file is found in the Windows or Winnt folder
Source=Paul Collins Startup list
[rx]
Number=8898
Confirmed=X
Filename=explore.exe
Description=Added by the ZHENGTU-A TROJAN!
Source=Paul Collins Startup list
[RxMon]
Number=8899
Confirmed=N
Filename=rxmon9x.exe
Description=Part of Dell Resolution Assistant - "a diagnostic program that allows you to contact Dell. When factory-installed by Dell, it allowed you to perform hardware and software diagnostics that provided alerts to potential problems and enabled real-time communication with Dell RA techs. You can now use RA only to contact Dell by e-mail"
Source=Paul Collins Startup list
[RxUser]
Number=8900
Confirmed=N
Filename=RxUser.exe
Description=Part of Dell Resolution Assistant - "a diagnostic program that allows you to contact Dell. When factory-installed by Dell, it allowed you to perform hardware and software diagnostics that provided alerts to potential problems and enabled real-time communication with Dell RA techs. You can now use RA only to contact Dell by e-mail"
Source=Paul Collins Startup list
[rzt]
Number=8901
Confirmed=X
Filename=rundll32.exe
Description=Added by the LINEAGE.BDP TROJAN!
Source=Paul Collins Startup list
[r_server]
Number=8902
Confirmed=Y
Filename=r_server.exe
Description=Radmin - remote admistrator server
Source=Paul Collins Startup list
[r_server]
Number=8903
Confirmed=X
Filename=service.exe
Description=Added by the MULTIDR-CP TROJAN!
Source=Paul Collins Startup list
[S]
Number=8904
Confirmed=X
Filename=svhost.exe
Description=Added by the AGOBOT-LN WORM!
Source=Paul Collins Startup list
[S0undMan]
Number=8905
Confirmed=X
Filename=svch0st.exe
Description=Added by the LOVGATE.AB WORM! Note - the filename has the digit 0 rather then the uppercase "o"
Source=Paul Collins Startup list
[S24EvMon]
Number=8906
Confirmed=?
Filename=S24EvMon.exe
Description=Event Monitor - supports driver extensions to NIC Driver for wireless adapters. Is it required?
Source=Paul Collins Startup list
[S3 Internal Chip]
Number=8907
Confirmed=X
Filename=s3serv.exe
Description=Added by the AGOBOT-DD WORM!
Source=Paul Collins Startup list
[S3apphk]
Number=8908
Confirmed=N
Filename=S3apphk.exe
Description=A tool installed alongside the drivers for your S3 video output device. It is not necessary but should be allowed to run unless it is causing problems
Source=Paul Collins Startup list
[S3Hotkey]
Number=8909
Confirmed=U
Filename=s3hotkey.exe
Description=Hotkey system tray icon to enable switching between monitors. Found on laptops with an S3 Twister integrated graphics card
Source=Paul Collins Startup list
[S3Mon]
Number=8910
Confirmed=?
Filename=S3Mon.exe
Description=S3DuoVue multi-monitor taskbar helper by S3 Graphics. What does it do and is it required?
Source=Paul Collins Startup list
[S3TRAY]
Number=8911
Confirmed=N
Filename=S3Tray.exe
Description=S3 display configuration taskbar utility for S3 chipset based graphics cards. Can be run from Start-> Settings -> Control Panel -> Display
Source=Paul Collins Startup list
[s3tray2]
Number=8912
Confirmed=?
Filename=s3tray2.exe
Description=Same as the s3tray entry in this table?
Source=Paul Collins Startup list
[S3TRAYHP]
Number=8913
Confirmed=?
Filename=S3trayhp.exe
Description=S3 Video driver related. What does it do and is it required?
Source=Paul Collins Startup list
[S4F]
Number=8914
Confirmed=U
Filename=S4F.exe
Description=FilterPak from S4F, Inc - internet filtering software
Source=Paul Collins Startup list
[s4helper]
Number=8915
Confirmed=X
Filename=s4helper.exe
Description=Searchcentrix hijacker
Source=Paul Collins Startup list
[SA]
Number=8916
Confirmed=?
Filename=Sa3.exe
Description=Logitech QuickCam driver. Is it required?
Source=Paul Collins Startup list
[SA Service]
Number=8917
Confirmed=?
Filename=SAservice.exe
Description=Associated with Cyber Trio and Warner troubleshooting software from G-Tek Technologies and pre-installed on some Packard Bell and NEC PCs. What function does this perform and is it required?
Source=Paul Collins Startup list
[Sa3dsrv]
Number=8918
Confirmed=N
Filename=Sa3dsrv.exe
Description=3D sound extension for Windows
Source=Paul Collins Startup list
[saap]
Number=8919
Confirmed=X
Filename=saap.exe
Description=NCase adware
Source=Paul Collins Startup list
[Sabreserver]
Number=8920
Confirmed=N
Filename=SABSERV.EXE
Description=Airline reservation software from Sabre. Available via Start -> Programs
Source=Paul Collins Startup list
[sac]
Number=8921
Confirmed=X
Filename=sac.exe
Description=NCase adware
Source=Paul Collins Startup list
[SACC]
Number=8922
Confirmed=X
Filename=sacc.exe
Description=SurfAccuracy adware
Source=Paul Collins Startup list
[SAClient]
Number=8923
Confirmed=N
Filename=RegCon.exe
Description=AT&T or ComCast BBClient - monitors system and network-delivered services for availability. Your current network status is displayed on a color-coded web page in near-real time. When problems are detected, you're immediately notified by e-mail, pager, or text messaging
Source=Paul Collins Startup list
[Safe]
Number=8924
Confirmed=X
Filename=SafeWin.exe
Description=Added by the FOCOSENHA TROJAN!
Source=Paul Collins Startup list
[Safe]
Number=8925
Confirmed=X
Filename=[path to trojan]
Description=Added by the BANKER-DT TROJAN!
Source=Paul Collins Startup list
[SafeGuard Popup Blocker Updater]
Number=8926
Confirmed=X
Filename=regsvr32 [path] sfgupd.dll
Description=SafeguardProtect/Veevo hijacker
Source=Paul Collins Startup list
[SafeGuard Popup Blocker Updater (required)]
Number=8927
Confirmed=X
Filename=regsvr32 [path] sfg****.dll [* = ramdom char]
Description=SafeguardProtect/Veevo hijacker
Source=Paul Collins Startup list
[SafeGuard Popup Updater (required)]
Number=8928
Confirmed=X
Filename=regsvr32 [path] sfg****.dll [* = random char]
Description=SafeguardProtect/Veevo hijacker
Source=Paul Collins Startup list
[SafeGuard Popup Updater (required)]
Number=8929
Confirmed=X
Filename=regsvr32 [path] PDF****.dll [* = random char]
Description=SafeguardProtect/Veevo hijacker
Source=Paul Collins Startup list
[SafeHouseSystemTray]
Number=8930
Confirmed=U
Filename=SDWTRAY.EXE
Description=SafeHouse "Personal Privacy" system tray icon - PP protects and hides your private and personal photos, videos, files and folders by making them "invisible" and encrypted
Source=Paul Collins Startup list
[SafeInstall.exe]
Number=8931
Confirmed=N
Filename=SAFEIN~1.EXE
Description=Monitors a download and ensures an newer version of a file isn't replaced by an older one
Source=Paul Collins Startup list
[SafeOFF]
Number=8932
Confirmed=N
Filename=SafeOff.exe
Description=Provides protection that if user accidentally presses the power switch a dialog will pop up for confirmation
Source=Paul Collins Startup list
[SafeSearch]
Number=8933
Confirmed=X
Filename=safesearch.exe
Description=SafeSearch.A adware
Source=Paul Collins Startup list
[SafeSurfingUpdate]
Number=8934
Confirmed=X
Filename=SSUpdate.exe
Description=MoneyTree parasite - ActiveX control used to download premium-rate dialers
Source=Paul Collins Startup list
[SafetyNet]
Number=8935
Confirmed=U
Filename=ipcTray.exe
Description=Safety.Net from Netveda - "offers Internet security, content security and advanced Internet firewall protection for all your LAN computers, and trust controls to block unwanted or harmful applications from accessing the network"
Source=Paul Collins Startup list
[SafetyNet_Notifier]
Number=8936
Confirmed=U
Filename=ipcLn.exe
Description=Safety.Net from Netveda - "offers Internet security, content security and advanced Internet firewall protection for all your LAN computers, and trust controls to block unwanted or harmful applications from accessing the network"
Source=Paul Collins Startup list
[Safeworld]
Number=8937
Confirmed=U
Filename=Freedom.exe
Description=SafeWorld Internet Security - now no longer available
Source=Paul Collins Startup list
[Sagate Security Firewall]
Number=8938
Confirmed=X
Filename=sagate.exe
Description=Added by the GAOBOT.BOW WORM!
Source=Paul Collins Startup list
[SAgent2ExePath]
Number=8939
Confirmed=N
Filename=SAgent2.exe
Description=Seiko Epson printer status agent. Disable if printer is not used often
Source=Paul Collins Startup list
[SAGENTSERVICE]
Number=8940
Confirmed=U
Filename=Sagent.exe
Description=TinySpyAgent commercial keystroke logger. Uninstall this software if you did not install it yourself
Source=Paul Collins Startup list
[sagnt]
Number=8941
Confirmed=X
Filename=sagnt.exe
Description=Adware web downloader
Source=Paul Collins Startup list
[SAHagent]
Number=8942
Confirmed=X
Filename=Sahagent.exe
Description=ShopAtHomeSelect parasite
Source=Paul Collins Startup list
[SAHBundle]
Number=8943
Confirmed=X
Filename=bundle.exe
Description=ShopAtHomeSelect parasite
Source=Paul Collins Startup list
[SAHBundle]
Number=8944
Confirmed=X
Filename=shop1003.exe
Description=ShopAtHomeSelect parasite
Source=Paul Collins Startup list
[saie]
Number=8945
Confirmed=X
Filename=saie.exe
Description=NCase adware
Source=Paul Collins Startup list
[SAIMON]
Number=8946
Confirmed=U
Filename=SaiMon.exe
Description=Saitek joystick driver
Source=Paul Collins Startup list
[sain]
Number=8947
Confirmed=X
Filename=sain.exe
Description=NCase adware
Source=Paul Collins Startup list
[sais]
Number=8948
Confirmed=X
Filename=sais.exe
Description=NCase adware
Source=Paul Collins Startup list
[SaiSmart]
Number=8949
Confirmed=?
Filename=SaiSmart.exe
Description="Smart Button Special Sauce" - included with the latest software for Saitek game controllers. Related to the "S", "Shift" or "Smart" button and gives gamers extra features on the buttons. Only required if you use this feature
Source=Paul Collins Startup list
[SaitekAutoConfigure]
Number=8950
Confirmed=U
Filename=saicnfig.exe
Description=Configuration for Saitek game controllers
Source=Paul Collins Startup list
[Sakemsneql]
Number=8951
Confirmed=X
Filename=simenu.exe
Description=Added by the SDBOT.BTO WORM!
Source=Paul Collins Startup list
[salm]
Number=8952
Confirmed=X
Filename=salm.exe
Description=180Search adware
Source=Paul Collins Startup list
[salm]
Number=8953
Confirmed=X
Filename=salm.exe
Description=NCase adware
Source=Paul Collins Startup list
[Sam-sung]
Number=8954
Confirmed=X
Filename=Sam-sung.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[SAMcal]
Number=8955
Confirmed=U
Filename=SAMcal.exe
Description=SamCal - calendar/reminder program
Source=Paul Collins Startup list
[Sametime Connect]
Number=8956
Confirmed=U
Filename=Connect.exe
Description=IBM Lotus Sametime - instant messaging and Web conferencing software
Source=Paul Collins Startup list
[Samsong]
Number=8957
Confirmed=X
Filename=Samsong.exe
Description=Added by the SDBOT.BNE WORM!
Source=Paul Collins Startup list
[Samsung]
Number=8958
Confirmed=X
Filename=Samsungs.exe
Description=Added by an IRC TROJAN variant!
Source=Paul Collins Startup list
[SandboxieControl]
Number=8959
Confirmed=U
Filename=Control.exe
Description=SandBoxie - allows data to be read from the hard drive by an application but never written back unless you allow it
Source=Paul Collins Startup list
[SandIcon]
Number=8960
Confirmed=N
Filename=SandIcon.exe
Description=SanDisk ImageMate CompactFlash card reader SDDR-31 (USB). Very little use except to place the Sandisk icon beside its drive designation in Windows Explorer. The reader itself will work fine without it. The simplest thing is to just unplug the reader when you're not using it. It may slow the startup by a few nanoseconds, but once the software sees there's no reader, you get back the resources
Source=Paul Collins Startup list
[SANS Service]
Number=8961
Confirmed=X
Filename=sansv.exe
Description=Added by the VANEBOT-AH WORM!
Source=Paul Collins Startup list
[sapp]
Number=8962
Confirmed=X
Filename=sapp.exe
Description=NCase adware
Source=Paul Collins Startup list
[SaskTel Accelerated Dial-up]
Number=8963
Confirmed=U
Filename=sasktelgui.exe
Description="Experience faster surfing, downloading and e-mail by adding SaskTel Accelerated Dial-up Internet"
Source=Paul Collins Startup list
[saSyncMgr]
Number=8964
Confirmed=X
Filename=rundll32.exe sasync.dll, SyncWait
Description=Browser hijacker - redirecting to Searchant.com
Source=Paul Collins Startup list
[SATARaid]
Number=8965
Confirmed=U
Filename=SATARaid.exe
Description=RAID driver for serial ATA disks on some motherboards such as the DFI Lanparty range. Only loaded if one is using RAID support on SATA drives
Source=Paul Collins Startup list
[satmat]
Number=8966
Confirmed=X
Filename=satmat.exe
Description=VX2.Transponder parasite updater/installer related
Source=Paul Collins Startup list
[sau]
Number=8967
Confirmed=X
Filename=sau.exe
Description=180Solutions adware related
Source=Paul Collins Startup list
[SAUpdate]
Number=8968
Confirmed=U
Filename=SAUpdate.exe
Description=Big Brother from Quest Software. System and network monitor
Source=Paul Collins Startup list
[SAutoLaunchExe]
Number=8969
Confirmed=U
Filename=SAutoLaunchExe.exe
Description=Sharp Zaurus PDA related, needed to synchronize information with a Desktop or Notebook
Source=Paul Collins Startup list
[SAVAgent]
Number=8970
Confirmed=Y
Filename=SAVAgent.exe
Description=Part of Sophos anti-virus software. Required for centrally administered Sophos updates to work correctly, e.g. automatically updating PCs used by dial-in home or out-of-office users
Source=Paul Collins Startup list
[Save]
Number=8971
Confirmed=X
Filename=Save.exe
Description=WhenU.Save adware
Source=Paul Collins Startup list
[SaveDate]
Number=8972
Confirmed=X
Filename=SaveStartDate.Exe
Description=Unidentified adware
Source=Paul Collins Startup list
[Savenow]
Number=8973
Confirmed=X
Filename=SaveNow.exe
Description=WhenU.Save adware
Source=Paul Collins Startup list
[Savenow]
Number=8974
Confirmed=X
Filename=savenow.exe
Description=Added by the SPREDA.B VIRUS!
Source=Paul Collins Startup list
[SAW]
Number=8975
Confirmed=X
Filename=saw.exe
Description=SmartAdware adware
Source=Paul Collins Startup list
[Say The Time 5.0]
Number=8976
Confirmed=U
Filename=SAYTIME.EXE
Description=This program has audio cues for the system clock in male and female voices, customizes the appearance of the system clock, and can synchronize it to a time server regularly
Source=Paul Collins Startup list
[SB]
Number=8977
Confirmed=U
Filename=SB.exe
Description=Acer Soft Button on Acer Tablet PCs
Source=Paul Collins Startup list
[SB Audigy 2 Startup Menu]
Number=8978
Confirmed=N
Filename=/l:eng
Description=Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function
Source=Paul Collins Startup list
[SB Watchdog]
Number=8979
Confirmed=X
Filename=SBWatchdog.exe
Description=Spyware utility installed by the manufacturers of some laptops (Sony) used to monitor browsing habits and send them back to whoever installed it - released by SoftBank
Source=Paul Collins Startup list
[SB13mini]
Number=8980
Confirmed=X
Filename=RYZO32.EXE
Description=Added by the SPYBOT-EJ WORM!
Source=Paul Collins Startup list
[SBAutoUpdate]
Number=8981
Confirmed=U
Filename=sbautoupdate.exe
Description=SpywareBlaster auto-updater
Source=Paul Collins Startup list
[SBC Self Support Tool]
Number=8982
Confirmed=U
Filename=matcli.exe
Description=matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file. The SBC Self Support Tool is required to run with the Help and Support program. If you uncheck SBC and and then run Help and Support it will add another SBC entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide
Source=Paul Collins Startup list
[SBC Yahoo! Connection Manager]
Number=8983
Confirmed=N
Filename=ConnectionManager.exe
Description=Used to create and connect your SBC Yahoo DSL connection. This program has been reported to cause problems for some users. If you find that it causes you pc to become slow or unstable you should uninstall it (using Add/Remove programs) and manually connect your DSL connection
Source=Paul Collins Startup list
[SBCSTray]
Number=8984
Confirmed=U
Filename=SBCSTray.exe
Description=System Tray access to CounterSpy anti-spyware from Sunbelt Software
Source=Paul Collins Startup list
[SBDrvDet]
Number=8985
Confirmed=U
Filename=SBDrv.exe
Description=Detects the "Easy Front-Panel Audio Connectivity Drive Internal Drive Bay" on the Sound Blaster Audigy 2 Platinium eX. Can be disabled if you don't have one
Source=Paul Collins Startup list
[sbdrvdet]
Number=8986
Confirmed=N
Filename=sbdrvdet.exe
Description=Checks to see if Creative sound card driver should be updated
Source=Paul Collins Startup list
[SBHC]
Number=8987
Confirmed=X
Filename=sbhc.exe
Description=SuperBar parasite - uninstall available here
Source=Paul Collins Startup list
[SBMPOP]
Number=8988
Confirmed=X
Filename=SBMPop.exe
Description=SearchByMedia adware
Source=Paul Collins Startup list
[SBMX]
Number=8989
Confirmed=N
Filename=sbmx.exe
Description=SoundMAX MPU401 MIDI device emulator for x86 VM DOS games/apps (for Win9x only)
Source=Paul Collins Startup list
[sbss Launcher]
Number=8990
Confirmed=X
Filename=sbss.exe
Description=SideBySide adware
Source=Paul Collins Startup list
[SbUsb AudCtrl]
Number=8991
Confirmed=U
Filename=RunDll32 sbusbdll.dll, RCMonitor
Description=Control for Soundblaster MP3 external (USB) sound card
Source=Paul Collins Startup list
[sc]
Number=8992
Confirmed=N
Filename=scrubxp.exe
Description=ScrubXP - utility that deletes safe to remove files, cookies, browsing history, etc
Source=Paul Collins Startup list
[sc]
Number=8993
Confirmed=U
Filename=sc.exe
Description=Watchdog 2.0 Software - monitoring program
Source=Paul Collins Startup list
[sc]
Number=8994
Confirmed=U
Filename=run.exe
Description=All-In-One_SPY stealth monitoring software - allows monitoring and recording of all actions performed on a computer. It records all keystrokes, remembers addresses of Internet pages visited, and maintains a log file listing all applicationsrun on the computer. It can create screenshots and record sounds from the computer's microphone to a sound file
Source=Paul Collins Startup list
[sc23exec]
Number=8995
Confirmed=?
Filename=sc23exec.exe
Description=Possibly related to a digital camera
Source=Paul Collins Startup list
[SC3300CC]
Number=8996
Confirmed=Y
Filename=SC3300CC.exe
Description=SiPix digital camera Twain device driver
Source=Paul Collins Startup list
[scain]
Number=8997
Confirmed=X
Filename=s030109.Stub.exe
Description=Delfin Media Viewer adware related
Source=Paul Collins Startup list
[ScamDisk]
Number=8998
Confirmed=X
Filename=SVOHOST.exe
Description=Added by the LEWOR.D WORM!
Source=Paul Collins Startup list
[scan]
Number=8999
Confirmed=X
Filename=mscman.exe
Description=ClientMan parasite variant
Source=Paul Collins Startup list
[Scan Detector]
Number=9000
Confirmed=?
Filename=Pmxdetect.exe
Description=Associated with PrimaScan scanners. Is it required?
Source=Paul Collins Startup list
[Scan Register]
Number=9001
Confirmed=X
Filename=ssms.exe
Description=Added by the RBOT-AT WORM!
Source=Paul Collins Startup list
[Scan Wizard]
Number=9002
Confirmed=?
Filename=button.exe
Description=Associated with ScanWizard as supplied with Microtek scanners - see also Scanner Detector or SDetect. What does it do and is it required?
Source=Paul Collins Startup list
[ScanDisc]
Number=9003
Confirmed=X
Filename=satan.exe
Description=Added by the GREGSTAR TROJAN!
Source=Paul Collins Startup list
[ScanDisk]
Number=9004
Confirmed=X
Filename=ScanDisk.exe
Description=Added by the GANDA.A WORM! Note - this is not the valid "ScanDisk" Win9x/Me standard disk error checker
Source=Paul Collins Startup list
[scands32.exe]
Number=9005
Confirmed=X
Filename=scands32.exe
Description=Added by a variant of the ADCLICKER TROJAN!
Source=Paul Collins Startup list
[Scandsk2]
Number=9006
Confirmed=X
Filename=scandsk2.exe
Description=Added by the AGOBOT-PK WORM!
Source=Paul Collins Startup list
[scandskx.exe]
Number=9007
Confirmed=X
Filename=scandskx.exe
Description=Added by the DLOADR-ARM TROJAN!
Source=Paul Collins Startup list
[ScanFile]
Number=9008
Confirmed=?
Filename=??
Description=??
Source=Paul Collins Startup list
[ScanInicio]
Number=9009
Confirmed=Y
Filename=Inicio.exe
Description=Part of Panda Antivirus. Responsible for scanning the boot sector of your disk and your memory at startup to check for viruses that try and load and act before your anti-virus is fully operational. It only adds a fraction of a second to start-up time and is worth leaving active
Source=Paul Collins Startup list
[Scanner Detector]
Number=9010
Confirmed=N
Filename=SDetect.exe
Description=ScanSuite Scanner Detector - part of ScanWizard, supplied with Microtek scanners. Waits until you press the "GO" button and seems to serve no other purpose. Automatically installed without prompting. Not required if you can start your scanning application before pressing the "GO" button
Source=Paul Collins Startup list
[Scanner File Utility]
Number=9011
Confirmed=Y
Filename=NsCatCom.exe
Description=Kycocera Mita network copier/printer/scanner process to dump scanned documents onto a workstation
Source=Paul Collins Startup list
[ScanPanel]
Number=9012
Confirmed=?
Filename=ScanPanel.exe
Description=Trust Easy Webscan scanner related - what does it do and is it required?
Source=Paul Collins Startup list
[Scanreg]
Number=9013
Confirmed=X
Filename=[filename]
Description=Added by the QQPASS.E TROJAN!
Source=Paul Collins Startup list
[ScanRegistry]
Number=9014
Confirmed=X
Filename=nsrvnt.exe
Description=Added by the NERTE TROJAN! Not to be confused with the real ScanRegistry - which is a vital Windows file. This version has the executable as nsrvnt.exe not scanregw.exe
Source=Paul Collins Startup list
[ScanRegistry]
Number=9015
Confirmed=X
Filename=scanregv.exe
Description=Added by the MASTERLOCK TROJAN!. Not to be confused with the real ScanRegistry - which is a vital Windows file. This version has the executable as scanregv.exe not scanregw.exe
Source=Paul Collins Startup list
[ScanRegistry]
Number=9016
Confirmed=Y
Filename=Scanregw.exe
Description=Scans the system registry and makes back-ups at start-up. Important should the registry become corrupt. The executable "Scanregw.exe" is located in %windir% (where %windir% is the Windows directory - C:\Windows or C:\Winnt)
Source=Paul Collins Startup list
[ScanRegistry]
Number=9017
Confirmed=X
Filename=Scanregw.exe
Description=Added by the STATOR WORM! Not to be confused with the legitimate ScanRegistry entry - which is a vital Windows file. The executable "Scanregw.exe" is located in %windir%\System (where %windir% is the Windows directory - C:\Windows or C:\Winnt). Runs from the registry RunServices key as opposed to the Run key
Source=Paul Collins Startup list
[ScanRegistry]
Number=9018
Confirmed=X
Filename=N/A
Description=Added by the DINOXI or DINOXI.B WORMS!
Source=Paul Collins Startup list
[ScanRegistry]
Number=9019
Confirmed=X
Filename=scanregw.exe
Description=Added by the NYXEM-D WORM! Note - do not confuse this with the legitimate Windows process scanregw.exe which is always found in the Windows folder on Win9x/ME machines. This worm file is found in the System (9x/ME) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list
[ScanRegistry]
Number=9020
Confirmed=X
Filename=update.exe
Description=Added by the DWNLDR-FZY TROJAN!
Source=Paul Collins Startup list
[ScanSpyware v *]
Number=9021
Confirmed=N
Filename=Scanner.exe
Description=Spyware remover (where * = the version number) - not recommended, see here
Source=Paul Collins Startup list
[scApp]
Number=9022
Confirmed=X
Filename=scApp.exe
Description=Added by the STANDO-E WORM!
Source=Paul Collins Startup list
[SCardSvr]
Number=9023
Confirmed=N
Filename=scardsvr.exe
Description=Related to SmartCard readers and sometimes uses lots of system resources
Source=Paul Collins Startup list
[SCardSvr]
Number=9024
Confirmed=X
Filename=SCardSvr32.Exe
Description=Added by the MOFEI.B WORM!
Source=Paul Collins Startup list
[SCDEmuApp.exe]
Number=9025
Confirmed=U
Filename=SCDEmuApp.exe
Description=Related to PowerISO - CD/DVD image file processing tool
Source=Paul Collins Startup list
[scheck45]
Number=9026
Confirmed=X
Filename=scheck45.exe
Description=Related to unknown malware - hidden installer associated with it
Source=Paul Collins Startup list
[schedm]
Number=9027
Confirmed=U
Filename=schedm.exe
Description=Part of Antivir PersonalEdition Classic anti-virus
Source=Paul Collins Startup list
[ScheduIe]
Number=9028
Confirmed=X
Filename=nrchk.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[ScheduIr]
Number=9029
Confirmed=X
Filename=msexploren.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[ScheduIr]
Number=9030
Confirmed=X
Filename=shch.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[ScheduIr]
Number=9031
Confirmed=X
Filename=svchst.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[ScheduIr]
Number=9032
Confirmed=X
Filename=winagent.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Schedule]
Number=9033
Confirmed=U
Filename=Schedule.exe
Description=Scheduler for Mercury Ez View TV Tuner Card
Source=Paul Collins Startup list
[Scheduled Maintenance]
Number=9034
Confirmed=N
Filename=Scheduled_Maintenance.exe
Description=Scheduler for Iolo System Mechanic tweaking utility. It can cleans your registry and deletes temporary files at defined intervals. Available via Start -> Programs
Source=Paul Collins Startup list
[Scheduler]
Number=9035
Confirmed=X
Filename=expIorer.exe
Description=Added by the TACTSLAY.A TROJAN!
Source=Paul Collins Startup list
[Scheduler]
Number=9036
Confirmed=X
Filename=MSMSGS.EXE
Description=Added by the HOSTBANK-A TROJAN! Note - this particular msmsgs.exe file is located in the Windows\System32\Config or Winnt\System32\Config folder, and should not be mistaken for the MSN Messenger file of the same name!
Source=Paul Collins Startup list
[Scheduler]
Number=9037
Confirmed=X
Filename=outIook.exe
Description=Added by the TACTSLAY.A TROJAN!
Source=Paul Collins Startup list
[Scheduler]
Number=9038
Confirmed=X
Filename=svcrhost.exe
Description=Added by the TACTSLAY.A TROJAN!
Source=Paul Collins Startup list
[Scheduler]
Number=9039
Confirmed=X
Filename=svcshost.exe
Description=Added by the TACTSLAY.A TROJAN!
Source=Paul Collins Startup list
[Scheduler]
Number=9040
Confirmed=X
Filename=winagent.exe
Description=Added by the TACTSLAY.B TROJAN!
Source=Paul Collins Startup list
[Scheduler]
Number=9041
Confirmed=U
Filename=Scheduler daemon.exe
Description=Tenebril GhostSurf or SpyCatcher related scheduler - you can schedule daily, weekly, monthly or one-time only cleanings
Source=Paul Collins Startup list
[Scheduler]
Number=9042
Confirmed=X
Filename=msnexploren.exe
Description=Added by the TACTSLAY.B TROJAN!
Source=Paul Collins Startup list
[Scheduler]
Number=9043
Confirmed=X
Filename=sdhch.exe
Description=Added by the TACTSLAY.B TROJAN!
Source=Paul Collins Startup list
[Scheduler]
Number=9044
Confirmed=X
Filename=svchst.exe
Description=Added by the TACTSLAY.B TROJAN!
Source=Paul Collins Startup list
[Scheduler Service]
Number=9045
Confirmed=X
Filename=wsass.exe
Description=Added by the LIOTEN.KX WORM!
Source=Paul Collins Startup list
[SchedulerMgr]
Number=9046
Confirmed=X
Filename=navchk.exe
Description=Premium rate adult content dialer
Source=Paul Collins Startup list
[Scheduling Agent]
Number=9047
Confirmed=X
Filename=Scheduler.exe
Description=Added by the SUBWOOFER TROJAN! Note - this is not the real MS Scheduling agent as the executable is incorrect
Source=Paul Collins Startup list
[SchedulingAgant]
Number=9048
Confirmed=X
Filename=MMTASK.EXE
Description=Added by the YAB.A TROJAN! Not the valid MusicMatch Jukebox which has the same filename
Source=Paul Collins Startup list
[SchedulingAgent]
Number=9049
Confirmed=U
Filename=mstask.exe
Description=MS Scheduling Agent displayed as a box with a stopwatch in the System Tray that is only needed if you have regular scheduled disk defragmenting, ScanDisk, etc. Required if you have regularily scheduled events such as weekly virus scans
Source=Paul Collins Startup list
[SchedulingAgent]
Number=9050
Confirmed=U
Filename=mstinit.exe
Description=MS Scheduling Agent displayed as a box with a stopwatch in the System Tray that is only needed if you have regular scheduled disk defragmenting, ScanDisk, etc. Required if you have regularily scheduled events such as weekly virus scans
Source=Paul Collins Startup list
[SchedulingAgent]
Number=9051
Confirmed=X
Filename=N/A
Description=Added by the DINOXI or DINOXI.B WORMS!
Source=Paul Collins Startup list
[Schmaili]
Number=9052
Confirmed=U
Filename=Schmaili.exe
Description=Schmaili - insert animated smilies into your e-mail
Source=Paul Collins Startup list
[schost]
Number=9053
Confirmed=X
Filename=[path to trojan]
Description=Added by the TJSERV.D TROJAN!
Source=Paul Collins Startup list
[SchSvr]
Number=9054
Confirmed=N
Filename=SchSvr.exe
Description=WinScheduler is installed with Home Theater or WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs
Source=Paul Collins Startup list
[SCHWIZEX]
Number=9055
Confirmed=Y
Filename=SCHWIZEX.EXE
Description=Part of ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions - provides a restore function. This part takes a snapshot of your system following a healthy re-boot
Source=Paul Collins Startup list
[ScManager]
Number=9056
Confirmed=X
Filename=scman.exe
Description=Added by the FORBOT-CW WORM!
Source=Paul Collins Startup list
[scopedll]
Number=9057
Confirmed=X
Filename=scopedll.exe
Description=Added by a variant of the CRYPTER.C TROJAN!
Source=Paul Collins Startup list
[Scotia OnLine Recovery]
Number=9058
Confirmed=N
Filename=etdirrcv.exe
Description=Scotia OnLine Security Software provided by Entrust for Scotiabank. Provides trusted secure access to Scotia OnLine Secure Web sites. *.* represents the version number. Now obsolete after Scotiabank modernised their login process
Source=Paul Collins Startup list
[Scotia OnLine Security v*.* Recovery]
Number=9059
Confirmed=N
Filename=etdirrcv.exe
Description=Scotia OnLine Security Software provided by Entrust for Scotiabank. Provides trusted secure access to Scotia OnLine Secure Web sites. *.* represents the version number. Now obsolete after Scotiabank modernised their login process
Source=Paul Collins Startup list
[Scr]
Number=9060
Confirmed=X
Filename=scr.scr
Description=Added by the OPASERV.T WORM!
Source=Paul Collins Startup list
[ScrapPad]
Number=9061
Confirmed=N
Filename=Scrappad.exe
Description=ScrapPad allows you to quickly and easily record notes, thoughts, messages, and just about anything you want. Use it like you use scrap paper
Source=Paul Collins Startup list
[scrbmk]
Number=9062
Confirmed=X
Filename=[path to trojan]
Description=Added by the DLOADER-VP TROJAN!
Source=Paul Collins Startup list
[Screen Calendar]
Number=9063
Confirmed=U
Filename=scrcal.exe
Description=Screen Calendar allows you to create custom desktop wallpapers with built in active calendar and scheduler
Source=Paul Collins Startup list
[Screen Guard]
Number=9064
Confirmed=U
Filename=launch.exe
Description=Part of Access Denied security and privacy software
Source=Paul Collins Startup list
[Screen Guard Message Scan]
Number=9065
Confirmed=U
Filename=sgms.exe
Description=Part of Access Denied security and privacy software
Source=Paul Collins Startup list
[Screen Saver]
Number=9066
Confirmed=X
Filename=scrnsaver.scr
Description=Added by the RBOT-AGP WORM!
Source=Paul Collins Startup list
[Screen Saver Control]
Number=9067
Confirmed=N
Filename=FSScrCtl.exe
Description=Installs as part of the Hubble Space Telescope screen saver (and possibly others). Lets you control your installed screensavers from a System Tray icon
Source=Paul Collins Startup list
[ScreenHunter 4.0 Free]
Number=9068
Confirmed=N
Filename=ScreenHunter.exe
Description="ScreenHunter 4.0 Free is a completely free screen capture software for you to easily take screenshots"
Source=Paul Collins Startup list
[ScreenPrint32]
Number=9069
Confirmed=N
Filename=ScreenPrint32.exe
Description=ScreenPrint32 screen capture software - can be launched manually
Source=Paul Collins Startup list
[screxe]
Number=9070
Confirmed=?
Filename=scruser2k.exe
Description=??
Source=Paul Collins Startup list
[script]
Number=9071
Confirmed=?
Filename=script.bat
Description=Maybe associated with DOS on a Win9x machine
Source=Paul Collins Startup list
[ScriptBlocking]
Number=9072
Confirmed=Y
Filename=SBServ.exe
Description=Update to Norton AntiVirus 2001. Detects certain types of script-based viruses without the need for specific virus definitions - such as JavaScript and VBScript. This will help protect you from these viruses even before virus definitions are available. Note - some users complain of problems once the update is installed - refer here for more information
Source=Paul Collins Startup list
[ScriptSentry]
Number=9073
Confirmed=Y
Filename=Scriptsentry.exe
Description=Script Sentry from Jason's Toolbox. Blocks malicious scripts and allows safe scripts to run. Only required if you want it to check the file associations it guards at startup. It will function regardlessly
Source=Paul Collins Startup list
[Scroll-In-Mouse V2.0]
Number=9074
Confirmed=U
Filename=SCROLL.EXE
Description=Toolkit for the Lynx-3D Net scroll mouse from QTronix. Required if you use the special features
Source=Paul Collins Startup list
[scrss]
Number=9075
Confirmed=X
Filename=scrss.exe
Description=Added by the HACDEF-R TROJAN!
Source=Paul Collins Startup list
[scrsvc]
Number=9076
Confirmed=X
Filename=scrsvc.exe
Description=Added by the AGENT-DS TROJAN!
Source=Paul Collins Startup list
[ScrSvr]
Number=9077
Confirmed=X
Filename=ScrSvr.exe
Description=Added by the OPASERV WORM!
Source=Paul Collins Startup list
[ScrSvrOld]
Number=9078
Confirmed=X
Filename=[worm filename]
Description=Added by the OPASERV WORM!
Source=Paul Collins Startup list
[Scsi]
Number=9079
Confirmed=Y
Filename=Scsi.exe
Description=SCSI Miniport driver
Source=Paul Collins Startup list
[sctrlmgr]
Number=9080
Confirmed=X
Filename=sescmgr.exe
Description=Added by a variant of the DWNLDR-GAH TROJAN!
Source=Paul Collins Startup list
[scvhost]
Number=9081
Confirmed=X
Filename=svzhost.exe
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[scvhost]
Number=9082
Confirmed=U
Filename=scvhost.exe
Description=Wiretap surveillance software. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list
[scvhost loader]
Number=9083
Confirmed=X
Filename=ixplore.exe
Description=Added by the SDBOT-CY TROJAN!
Source=Paul Collins Startup list
[scvhost.exe]
Number=9084
Confirmed=X
Filename=scvhost.exe
Description=Added by the LOHAV-N TROJAN!
Source=Paul Collins Startup list
[sd32info]
Number=9085
Confirmed=X
Filename=sd32info.exe
Description=Added by the CRYPTER.A TROJAN!
Source=Paul Collins Startup list
[SDaemon]
Number=9086
Confirmed=U
Filename=sdaemon.exe
Description=PC Security from Tropical Software. 'PC Security™ 5.1 is the ultimate in computer security, offering multiple locking systems for the Windows environment and internet. Lock files, monitor programs' activities, even detect intruders! PC Security™ offers flexible and complete password protection, "Drag and Drop" support, plus many other handy features'
Source=Paul Collins Startup list
[SDAutoLiveupdate]
Number=9087
Confirmed=U
Filename=LiveUpdateSD.exe
Description=Spyware Detector - spyware remover. Initially not recommended due to false positives but the later versions have since improved - see here
Source=Paul Collins Startup list
[SDAv]
Number=9088
Confirmed=X
Filename=csnss.exe
Description=Added by the SERFLOG.C WORM!
Source=Paul Collins Startup list
[SDAv]
Number=9089
Confirmed=X
Filename=svhost.exe
Description=Added by the SERFLOG.C WORM!
Source=Paul Collins Startup list
[sdchosts32]
Number=9090
Confirmed=X
Filename=vbdd.exe
Description=Added by the RANKY.AG TROJAN!
Source=Paul Collins Startup list
[SDClientMonitor]
Number=9091
Confirmed=?
Filename=sdclientmonitor.exe
Description=Related to LANDesk Management Suite from LANDesk Software Ltd. What does it do and is it required?
Source=Paul Collins Startup list
[SDetect]
Number=9092
Confirmed=N
Filename=SDetect.exe
Description=ScanSuite Scanner Detector - part of ScanWizard, supplied with Microtek scanners. Waits until you press the "GO" button and seems to serve no other purpose. Automatically installed without prompting. Not required if you can start your scanning application before pressing the "GO" button
Source=Paul Collins Startup list
[sdfsdfsdf]
Number=9093
Confirmed=X
Filename=sp2update.exe
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[SDIN Adapter]
Number=9094
Confirmed=X
Filename=sdin.exe
Description=Added by the FORBOT-AP WORM!
Source=Paul Collins Startup list
[SDJobCheck]
Number=9095
Confirmed=?
Filename=triggusr.exe
Description=Part of CA Unicenter Software Delivery - manage software across various systems, from desktops and servers to PDAs and mobile phones, in a controlled and standardized way - is it required at startup?
Source=Paul Collins Startup list
[SDK Codre Function22]
Number=9096
Confirmed=X
Filename=sdkimddprovment2.exe
Description=Added by the SDBOT-YJ WORM!
Source=Paul Collins Startup list
[SDK Core Component]
Number=9097
Confirmed=X
Filename=sdkcore.exe
Description=Added by the SDBOT-WC WORM!
Source=Paul Collins Startup list
[SDK Core Function]
Number=9098
Confirmed=X
Filename=sdkimprovment.exe
Description=Added by the RBOT.BHL WORM!
Source=Paul Collins Startup list
[SDK Core Function2]
Number=9099
Confirmed=X
Filename=sdkimprovment2.exe
Description=Added by the SPYBOT.OGX WORM!
Source=Paul Collins Startup list
[Sdk**.exe [* = random char]]
Number=9100
Confirmed=X
Filename=Sdk**.exe [* = random char]
Description=Sdk**.exe [* = random char]
Source=Paul Collins Startup list
[Sdk**.exe [* = random char]]
Number=9101
Confirmed=X
Filename=Sdk**.exe [* = random char]
Description=CoolWebSearch/HomeSearch adware - for examples, see this log
Source=Paul Collins Startup list
[Sdk**32.exe [* = random char]]
Number=9102
Confirmed=X
Filename=Sdk**32.exe [* = random char]
Description=CoolWebSearch/HomeSearch adware - for examples, see this log
Source=Paul Collins Startup list
[SDKcore Update Components2]
Number=9103
Confirmed=X
Filename=SDKC0R3.exe
Description=Added by the RBOT-ABA WORM!
Source=Paul Collins Startup list
[sdkupdate22]
Number=9104
Confirmed=X
Filename=SDK0mCORE.exe
Description=Added by the FORBOT-DT WORM!
Source=Paul Collins Startup list
[SDPhotoBar.exe]
Number=9105
Confirmed=N
Filename=SDPhotoBar.exe
Description=SmartDraw Photo (now FotoFinsh) - "organize, enhance, print, and share your photos. It's also a powerful graphic editor for creating images and web graphics"
Source=Paul Collins Startup list
[SDR6_Check]
Number=9106
Confirmed=N
Filename=udcsdr.exe
Description=DriveCleaner is a security assesment tool which gives exaggerated reports of security and privacy risks on a computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported risks
Source=Paul Collins Startup list
[sdrss]
Number=9107
Confirmed=X
Filename=sdrss.exe
Description=Added by the SDBOT-SQ WORM!
Source=Paul Collins Startup list
[sds20]
Number=9108
Confirmed=U
Filename=svchost.exe
Description=InlookExpress logs keystrokes and captures screenshots. If you didn't install this yourself remove it. Note - this should not be confused with the svchost.exe system process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder! This file is located in a "sds20" folder
Source=Paul Collins Startup list
[SDTray]
Number=9109
Confirmed=U
Filename=sdtray.exe
Description=RSA Keon Web PassPort - software that allows organizations to use digital certificates in a Web-based environment to help ensure that their transactions are authentic, confidential and digitally signed
Source=Paul Collins Startup list
[SDTray]
Number=9110
Confirmed=U
Filename=SDTrayApp.exe
Description=Spyware Doctor spyware remover - system tray access
Source=Paul Collins Startup list
[sdxsys32]
Number=9111
Confirmed=X
Filename=sdxsys32.exe
Description=Added by the BROGGER-A TROJAN!
Source=Paul Collins Startup list
[sealmon]
Number=9112
Confirmed=U
Filename=sealmon.exe
Description=SealedMedia enables you to combine document protection and control with your existing applications - such as Microsoft Word, Microsoft Excel, Microsoft PowerPoint and Email
Source=Paul Collins Startup list
[Search Bar]
Number=9113
Confirmed=X
Filename=taskbar.exe
Description=Added by the OPANKI-F WORM!
Source=Paul Collins Startup list
[Search Hook]
Number=9114
Confirmed=?
Filename=srchhook.exe
Description=??
Source=Paul Collins Startup list
[Search Page]
Number=9115
Confirmed=X
Filename=http://find.naupoint.com
Description=Naupoint browser hijacker
Source=Paul Collins Startup list
[Search-Exe]
Number=9116
Confirmed=X
Filename=SE.exe
Description=Search-Exe hijacker
Source=Paul Collins Startup list
[Search.vbs]
Number=9117
Confirmed=X
Filename=
Description=Hijacker
Source=Paul Collins Startup list
[searchbar]
Number=9118
Confirmed=X
Filename=vnmispoisn downloader.exe
Description=SearchBarCash adware variant
Source=Paul Collins Startup list
[SearchEnhancement]
Number=9119
Confirmed=X
Filename=scbar.exe
Description=SCBar foistware
Source=Paul Collins Startup list
[searchnav]
Number=9120
Confirmed=X
Filename=searchnav.exe
Description=SearchNav adware - IEFeatures/Popnav variant
Source=Paul Collins Startup list
[SearchNavVersion]
Number=9121
Confirmed=X
Filename=searchnavversion.exe
Description=SearchNav adware - IEFeatures/Popnav variant
Source=Paul Collins Startup list
[SearchNet_Up]
Number=9122
Confirmed=X
Filename=ServeUp.exe
Description=SearchNet adware
Source=Paul Collins Startup list
[SearchSetter]
Number=9123
Confirmed=X
Filename=searchsetter[1].exe
Description=Browser hijacker - redirecting to FindWhateverNow.com
Source=Paul Collins Startup list
[SearchSquire[number]]
Number=9124
Confirmed=X
Filename=SearchSquire[number].exe
Description=SearchSquire adware
Source=Paul Collins Startup list
[SearchUpgrader]
Number=9125
Confirmed=X
Filename=SearchUpgrader.exe
Description=Hijacker
Source=Paul Collins Startup list
[Secboot]
Number=9126
Confirmed=X
Filename=w32tm.exe
Description=Added by the HAXDOOR.D TROJAN!
Source=Paul Collins Startup list
[secboot]
Number=9127
Confirmed=X
Filename=mszx23.exe
Description=Added by a variant of the HAXDOOR.BC TROJAN!
Source=Paul Collins Startup list
[secboot]
Number=9128
Confirmed=X
Filename=vtd 16.exe
Description=Added by the HAXDOOR-AE TROJAN!
Source=Paul Collins Startup list
[Second Copy 2000]
Number=9129
Confirmed=U
Filename=SecCopy.exe
Description=Related to Second Copy® - a files/folders backup utility
Source=Paul Collins Startup list
[SecondChance]
Number=9130
Confirmed=U
Filename=sctray.exe
Description=Power Quest Second Chance. Sets checkpoints for saving a backup copy of the registry to a disk so you can restore it if you have a crash
Source=Paul Collins Startup list
[Secret]
Number=9131
Confirmed=X
Filename=Secret.exe
Description=Added by the DELF-LW TROJAN!
Source=Paul Collins Startup list
[Secret-Crush]
Number=9132
Confirmed=X
Filename=start.exe
Description=Hijacker that may reset your browser's home page and/or search settings to point to undesired sites
Source=Paul Collins Startup list
[SECRETMAKER]
Number=9133
Confirmed=U
Filename=secretmaker.exe
Description=Secretmaker is a combonation of eight privacy-defending programs, including Spam Fighter Pro, Worm Hunter, Pop-Up Killer, Banner Blocker, Cookie Eraser, Privacy Protector, History Cleaner, and Garbage Cleaner
Source=Paul Collins Startup list
[SecretSmileys]
Number=9134
Confirmed=U
Filename=ss.exe
Description="Secret Smileys is an add-on for AIM that provides users access to 1000's of new Smileys that can be viewed by anyone using a current version of AIM. Secret Smileys also adds other features such as logging of IM conversations, and it gets rid of that annoying advertisement on your buddy list window"
Source=Paul Collins Startup list
[secserv.exe]
Number=9135
Confirmed=X
Filename=secserv.exe
Description=Reported by Panda as an EasySearch Adware variant. Note - EasySearch modifies the Internet Explorer settings and may download programs onto the infected computer
Source=Paul Collins Startup list
[secsvc32]
Number=9136
Confirmed=X
Filename=secsvcnt.exe
Description=Added by the GLOBAL PATROL TROJAN!
Source=Paul Collins Startup list
[Secsys]
Number=9137
Confirmed=U
Filename=Secsys.exe
Description=UltraSoft Key Interceptor surveillance software - uninstall this unless you put it there yourself!
Source=Paul Collins Startup list
[secure]
Number=9138
Confirmed=X
Filename=secure.exe
Description=DealHelper adware
Source=Paul Collins Startup list
[secure]
Number=9139
Confirmed=X
Filename=svshost.exe
Description=Added by the RBOT-AFO WORM!
Source=Paul Collins Startup list
[secure socket layer]
Number=9140
Confirmed=X
Filename=wins32a.exe
Description=Added by an IRCBOT TROJAN!
Source=Paul Collins Startup list
[Secure Socket Layer Certification]
Number=9141
Confirmed=X
Filename=sslcert.exe
Description=Added by the VANEBOT-AN WORM!
Source=Paul Collins Startup list
[Secure System]
Number=9142
Confirmed=X
Filename=integitor.exe
Description=Added by the AGOBOT.ACI WORM!
Source=Paul Collins Startup list
[SecureClean4RegManager]
Number=9143
Confirmed=N
Filename=scregmanager4.exe
Description=WhiteCanyon SecureClean 4 disk cleaner - clean hard drive data, MRUs, temp files and more. Can be started manually
Source=Paul Collins Startup list
[SecureClean4Tray]
Number=9144
Confirmed=N
Filename=sctray4.exe
Description=WhiteCanyon SecureClean 4 disk cleaner - clean hard drive data, MRUs, temp files and more. Can be started manually
Source=Paul Collins Startup list
[SecureCleanIEClean]
Number=9145
Confirmed=N
Filename=SCIEClean.exe
Description=SecureClean - scans your system for hidden temporary files, deleted email messages, Internet histories and caches
Source=Paul Collins Startup list
[SecureItPro]
Number=9146
Confirmed=U
Filename=Secureitpro470p.exe
Description=SecureIt Pro - lock your computer when you're not there, to stop malicious users from accessing your desktop
Source=Paul Collins Startup list
[SecureLogin]
Number=9147
Confirmed=X
Filename=Mslg32.exe
Description=Added by the REDZED WORM!
Source=Paul Collins Startup list
[SecureOnlineAccountNumbers]
Number=9148
Confirmed=U
Filename=SOAN.exe
Description=Related to Secure Online Account Numbers by Discover(R) Card from Orbiscom Ltd. Secure and innovative payment solutions
Source=Paul Collins Startup list
[Security]
Number=9149
Confirmed=X
Filename=WindowsSecurityUpdate.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Security Accounts Manager SM]
Number=9150
Confirmed=X
Filename=samsm.exe
Description=Added by the SPYBOT.JE WORM!
Source=Paul Collins Startup list
[Security Agent]
Number=9151
Confirmed=X
Filename=securag.exe
Description=Added by the BANCBAN-F TROJAN!
Source=Paul Collins Startup list
[Security Agent Manager]
Number=9152
Confirmed=X
Filename=mssams.exe
Description=Added by the RBOT-SV WORM!
Source=Paul Collins Startup list
[Security Center]
Number=9153
Confirmed=X
Filename=AppControl.exe
Description=Added by the SDBOT.CFT WORM!
Source=Paul Collins Startup list
[Security iGuard]
Number=9154
Confirmed=N
Filename=Security iGuard.exe
Description=Spyware remover - not recommended, see here
Source=Paul Collins Startup list
[Security Manager]
Number=9155
Confirmed=U
Filename=SecurityManager.exe
Description=A ComCast Internet software suite that provides a variety of features (firewall, popup blocker, parental controls etcetera) to help ensure your computer is secure, and your information is kept private
Source=Paul Collins Startup list
[Security Patch]
Number=9156
Confirmed=X
Filename=scmss.exe
Description=Added by the RBOT-ZW WORM!
Source=Paul Collins Startup list
[Security Patch]
Number=9157
Confirmed=X
Filename=WinUpdate32.exe
Description=Added by the SDBOT-BM WORM!
Source=Paul Collins Startup list
[Security Patches]
Number=9158
Confirmed=X
Filename=msnkn.exe
Description=Added by the RBOT.WW WORM!
Source=Paul Collins Startup list
[Security Patches]
Number=9159
Confirmed=X
Filename=WinLab32.exe
Description=Added by the SDBOT-KB WORM!
Source=Paul Collins Startup list
[security service]
Number=9160
Confirmed=X
Filename=syss.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Security Service]
Number=9161
Confirmed=X
Filename=secsvc.exe
Description=Added by the RBOT-GGF WORM!
Source=Paul Collins Startup list
[Security Service Process]
Number=9162
Confirmed=X
Filename=svhost.exe
Description=Added by the AGOBOT-LC WORM!
Source=Paul Collins Startup list
[securw]
Number=9163
Confirmed=X
Filename=Nctrup.exe
Description=Added by the NOPIR.A WORM!
Source=Paul Collins Startup list
[SECWIZ98]
Number=9164
Confirmed=Y
Filename=SECWIZ98.EXE
Description=Security Wizard 98 by Chris Farmer. Offers you a variety of ways to restrict access to many of the programs and settings on your PC. Available here
Source=Paul Collins Startup list
[seekmo]
Number=9165
Confirmed=X
Filename=seekmo.exe
Description=Seekmo Search, a 180Solutions adware variant - also see here
Source=Paul Collins Startup list
[seeve]
Number=9166
Confirmed=X
Filename=seeve.exe
Description=Medload adware
Source=Paul Collins Startup list
[Select server]
Number=9167
Confirmed=X
Filename=slcsvr.exe
Description=Added by the DLOADER-WD TROJAN!
Source=Paul Collins Startup list
[SelfHostUtil]
Number=9168
Confirmed=?
Filename=slefhost.exe
Description=??
Source=Paul Collins Startup list
[seli]
Number=9169
Confirmed=X
Filename=[path to file]
Description=Added by the LOWZONE-AS TROJAN!
Source=Paul Collins Startup list
[SemanticInsight]
Number=9170
Confirmed=X
Filename=SemanticInsight.exe
Description=Added by RXToolbar ADAWARE! Software that displays pop-up/pop-under advertisements when the primary user interface is not visible
Source=Paul Collins Startup list
[SeMS]
Number=9171
Confirmed=U
Filename=SeMS.exe
Description=PCsms - tool that enables you to send sms text messages from your PC to any UK mobile phone
Source=Paul Collins Startup list
[Sen]
Number=9172
Confirmed=X
Filename=tlii.exe
Description=Recognized by Kaspersky antivirus as Win32.PurityScan.ah. This file is usually found in the Program Files\bama folder
Source=Paul Collins Startup list
[Sensiva]
Number=9173
Confirmed=U
Filename=Sensiva.exe
Description=Symbol Commander makes the use of your PC, laptop, Tablet PC, and Pocket PC much easier and much faster. It recognizes your handwriting with unparalled performance and executes commands in a snap. Just by using your mouse, pen, or touchpad, simply draw symbols to execute actions instantly
Source=Paul Collins Startup list
[SENTRY]
Number=9174
Confirmed=X
Filename=SENTRY.exe
Description=From IP Insight. Allows website owners "to instantly determine the precise geographic location, connection speed and detailed demographics of every visitor to your website". Will be detected by most firewalls and the majority of home users should disable it
Source=Paul Collins Startup list
[Sepate Security Firewall]
Number=9175
Confirmed=X
Filename=sepate.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[septpop06apsept]
Number=9176
Confirmed=X
Filename=septpop06apsept.exe
Description=MediaMotor.Popupwithcast adware
Source=Paul Collins Startup list
[Serials]
Number=9177
Confirmed=X
Filename=serials.exe
Description=Any one of a variety of worms and trojans
Source=Paul Collins Startup list
[SernellApp.pcx]
Number=9178
Confirmed=X
Filename=csrss.exe
Description=Added by the BANCBAN-BJ TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "D5133" subfolder
Source=Paul Collins Startup list
[serpe]
Number=9179
Confirmed=X
Filename=formatsys.exe
Description=Added by the SERFLOG.A WORM!
Source=Paul Collins Startup list
[serpe]
Number=9180
Confirmed=X
Filename=msmbw.exe
Description=Added by the SERFLOG.A WORM!
Source=Paul Collins Startup list
[serpe]
Number=9181
Confirmed=X
Filename=serbw.exe
Description=Added by the SERFLOG.A WORM!
Source=Paul Collins Startup list
[serrdctl.exe]
Number=9182
Confirmed=Y
Filename=serrdctl.exe
Description="Shared Modem Service Client Event Viewer" - used when a number of PCs have access to a number of modems. Required to be running on each PC for access to the modems
Source=Paul Collins Startup list
[serrv]
Number=9183
Confirmed=X
Filename=serrv.exe
Description=Added by the WAREZOV.DC WORM!
Source=Paul Collins Startup list
[SERV PacK2]
Number=9184
Confirmed=X
Filename=nerx.exe
Description=Added by the SDBOT-ACP WORM!
Source=Paul Collins Startup list
[Serv-U]
Number=9185
Confirmed=N
Filename=serv-u32.exe
Description=FTP server
Source=Paul Collins Startup list
[Serv-U]
Number=9186
Confirmed=X
Filename=wssdsu.exe
Description=Added by the MANIFEST TROJAN!
Source=Paul Collins Startup list
[server]
Number=9187
Confirmed=X
Filename=server.exe
Description=Added by the DELTAD.A WORM!
Source=Paul Collins Startup list
[server]
Number=9188
Confirmed=X
Filename=system.exe
Description=Added by the METHS-A TROJAN!
Source=Paul Collins Startup list
[server]
Number=9189
Confirmed=X
Filename=server.exe
Description=Added by the SINGU-Q TROJAN!
Source=Paul Collins Startup list
[Server Backbone]
Number=9190
Confirmed=X
Filename=server05.exe
Description=Added by the RBOT-ZM WORM!
Source=Paul Collins Startup list
[Server Runtime Process]
Number=9191
Confirmed=X
Filename=wbemstest.exe
Description=Added by the SDBOT-DDB WORM!
Source=Paul Collins Startup list
[SERVER.EXE]
Number=9192
Confirmed=X
Filename=SERVER.EXE
Description=Added by the BUSHTRO122 or SMOKODOOR TROJANS!
Source=Paul Collins Startup list
[serverex]
Number=9193
Confirmed=X
Filename=Server.txt.vbs
Description=Added by the DELTAD.A WORM!
Source=Paul Collins Startup list
[Service]
Number=9194
Confirmed=X
Filename=service.exe
Description=Added by the ALADINZ.H TROJAN!
Source=Paul Collins Startup list
[Service]
Number=9195
Confirmed=X
Filename=[trojan filename]
Description=Added by the KAITEX.E TROJAN!
Source=Paul Collins Startup list
[Service]
Number=9196
Confirmed=X
Filename=services.exe
Description=Added by the NETSKY or NETSKY.B WORMS! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
Source=Paul Collins Startup list
[Service]
Number=9197
Confirmed=X
Filename=SYSNT.exe
Description=Added by the CHA TROJAN!
Source=Paul Collins Startup list
[Service]
Number=9198
Confirmed=X
Filename=Service.pif
Description=Added by the ASSIRAL-C WORM!
Source=Paul Collins Startup list
[service]
Number=9199
Confirmed=X
Filename=wN2S.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Service Cleaner]
Number=9200
Confirmed=X
Filename=filen.exe
Description=Added by the RBOT.BRH WORM!
Source=Paul Collins Startup list
[Service Connection]
Number=9201
Confirmed=N
Filename=sccenter.exe
Description=For Compaq PC's. Part of Backweb
Source=Paul Collins Startup list
[Service Connection]
Number=9202
Confirmed=N
Filename=bwtray.exe
Description=For Compaq PC's. Part of Backweb
Source=Paul Collins Startup list
[Service Controller]
Number=9203
Confirmed=X
Filename=Csrrs.exe
Description=Added by the GAOBOT.AO WORM!
Source=Paul Collins Startup list
[Service Controller]
Number=9204
Confirmed=X
Filename=service.exe
Description=Added by the PREVERT TROJAN!
Source=Paul Collins Startup list
[Service Drivers]
Number=9205
Confirmed=X
Filename=msnpg.exe
Description=Added by the RBOT.BMD WORM!
Source=Paul Collins Startup list
[Service Drivers]
Number=9206
Confirmed=X
Filename=PC.EXE
Description=Added by the SDBOT-WK WORM!
Source=Paul Collins Startup list
[Service Drivers]
Number=9207
Confirmed=X
Filename=Compt.exe
Description=Added by the RBOT-ZJ WORM!
Source=Paul Collins Startup list
[Service Drivers]
Number=9208
Confirmed=X
Filename=abl.exe
Description=Added by the SDBOT-YX WORM!
Source=Paul Collins Startup list
[Service Drivers]
Number=9209
Confirmed=X
Filename=MSNMEssenger.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Service Host]
Number=9210
Confirmed=X
Filename=[filename].exe
Description=Added by the TORVEL.B WORM!
Source=Paul Collins Startup list
[Service Host]
Number=9211
Confirmed=X
Filename=spoolxx.exe
Description=Added by the TORVEL WORM!
Source=Paul Collins Startup list
[Service Host]
Number=9212
Confirmed=X
Filename=svchost.exe
Description=Added by the DAOSER-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Services\{C922CCC4-CF61-4589-A0D1-828160704853} subfolder
Source=Paul Collins Startup list
[Service Host]
Number=9213
Confirmed=X
Filename=svchost.exe
Description=Added by the DAOSER-C TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Services\[random] subfolder
Source=Paul Collins Startup list
[Service Host ]
Number=9214
Confirmed=X
Filename=svchost.exe
Description=Added by the TORVEL WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list
[Service Host Driver]
Number=9215
Confirmed=X
Filename=svchost.exe
Description=Added by the HITON TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list
[Service Host Process]
Number=9216
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the GAOBOT.GEN!POLY WORM!
Source=Paul Collins Startup list
[Service Manager]
Number=9217
Confirmed=N
Filename=sqlmangr.exe
Description=SQL Server Service Manager - provides tray access to SQL server, the server agent and MSDTC. Available via Start -> Programs
Source=Paul Collins Startup list
[Service Manager]
Number=9218
Confirmed=X
Filename=SERVICEMGR.EXE
Description=Added by the PASSMAIL-D VIRUS!
Source=Paul Collins Startup list
[Service Manager]
Number=9219
Confirmed=X
Filename=dxsound.exe
Description=Added by the PROXY-GRIC TROJAN!
Source=Paul Collins Startup list
[service manager]
Number=9220
Confirmed=X
Filename=service.exe
Description=Added by the DONBOMB.A TROJAN!
Source=Paul Collins Startup list
[Service Monitor]
Number=9221
Confirmed=X
Filename=msnfilen.exe
Description=Added by the RBOT-ALE WORM!
Source=Paul Collins Startup list
[Service Monitor]
Number=9222
Confirmed=X
Filename=javams32.exe
Description=Added by the DELF-NK TROJAN!
Source=Paul Collins Startup list
[Service Monitor]
Number=9223
Confirmed=X
Filename=javams64.exe
Description=Added by the SDBOT-AFO WORM!
Source=Paul Collins Startup list
[Service Monitor]
Number=9224
Confirmed=X
Filename=msnserve.exe
Description=Added by the SPYBOT.YQW WORM!
Source=Paul Collins Startup list
[Service Monitor]
Number=9225
Confirmed=X
Filename=WinOcx.exe
Description=Added by the RBOT-AQJ WORM!
Source=Paul Collins Startup list
[Service Monitor]
Number=9226
Confirmed=X
Filename=csnss.exe
Description=Added by the RBOT.EEH WORM!
Source=Paul Collins Startup list
[Service Monitor]
Number=9227
Confirmed=X
Filename=filen.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Service Pack]
Number=9228
Confirmed=X
Filename=[various filenames]
Description=Added by the LERPA-A WORM! Note - the file name will be one of the following common.exe, common.pif, common.scr, Sexo.exe, Sexo.jpg.pif, ini_file__.pif, load_me__.tmp, msfile.pif, system_load_.pif or zipped.rar.pif
Source=Paul Collins Startup list
[Service Pack DLL Runtime]
Number=9229
Confirmed=X
Filename=spdll32.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Service Process]
Number=9230
Confirmed=X
Filename=SVCHOST.EXE
Description=Added by the DARKER WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list
[Service Process]
Number=9231
Confirmed=X
Filename=winset.exe
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[Service Process]
Number=9232
Confirmed=X
Filename=service.exe
Description=Added by the DCMBOT-C TROJAN!
Source=Paul Collins Startup list
[Service Process]
Number=9233
Confirmed=X
Filename=smss.exe
Description=Added by the DCMBOT-E TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "config" subfolder
Source=Paul Collins Startup list
[Service Process]
Number=9234
Confirmed=X
Filename=smss.exe
Description=Added by the DCMBOT-E TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in "config" subfolder
Source=Paul Collins Startup list
[Service Process]
Number=9235
Confirmed=X
Filename=svchost.exe
Description=Added by the DCMBOT-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "config" subfolder
Source=Paul Collins Startup list
[Service Registry NT Save]
Number=9236
Confirmed=X
Filename=jdbgmgrnt.exe
Description=Added by the BANCOS-CG TROJAN!
Source=Paul Collins Startup list
[Service Registry NT Save]
Number=9237
Confirmed=X
Filename=taskmgrnt.exe
Description=Added by the BANCOS-BY TROJAN!
Source=Paul Collins Startup list
[Service Registry NT Save]
Number=9238
Confirmed=X
Filename=regeditnt.exe
Description=Added by the BANCOS-BM TROJAN!
Source=Paul Collins Startup list
[Service Scheduler]
Number=9239
Confirmed=X
Filename=scheduler.exe
Description=Added by the AGOBOT-PH WORM!
Source=Paul Collins Startup list
[Service System]
Number=9240
Confirmed=X
Filename=kernels32.exe
Description=Added by the BANCOS-DA TROJAN!
Source=Paul Collins Startup list
[Service System]
Number=9241
Confirmed=X
Filename=windowsXP.exe
Description=Added by the BANCOS-EL TROJAN!
Source=Paul Collins Startup list
[Service System]
Number=9242
Confirmed=X
Filename=kgbfsm344.exe
Description=Added by the BANCOS-FS TROJAN!
Source=Paul Collins Startup list
[Service System]
Number=9243
Confirmed=X
Filename=wernell87.exe
Description=Added by the BANCOS-FJ TROJAN!
Source=Paul Collins Startup list
[service updaer]
Number=9244
Confirmed=X
Filename=qualityz.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! - probably a SPYBOT variant
Source=Paul Collins Startup list
[Service.exe]
Number=9245
Confirmed=X
Filename=Service.exe
Description="servedby.advertising" popup generator
Source=Paul Collins Startup list
[service32]
Number=9246
Confirmed=X
Filename=service32.exe
Description=Added by the AGOBOT-ST WORM!
Source=Paul Collins Startup list
[ServiceConfig]
Number=9247
Confirmed=U
Filename=ispbeg.exe
Description=Comcast Transition Wizard. On June 30th, 2003 it will migrate E-mail and web pages from AT&T Broadband Internet to Comcast High-Speed Internet. Until then it will run at startup and then terminate - hence the U recommendation
Source=Paul Collins Startup list
[serviceconnect]
Number=9248
Confirmed=X
Filename=serviceconnect.exe
Description=Added by the AGOBOT.AIR WORM!
Source=Paul Collins Startup list
[ServiceLayer]
Number=9249
Confirmed=Y
Filename=ServiceLayer.exe
Description=Nokia Connectivity Library support task that is needed by NCLTRAY and by the Nokia Connection Manager for either to work properly
Source=Paul Collins Startup list
[servicemng]
Number=9250
Confirmed=X
Filename=service.exe
Description=Added by the TAME-C WORM!
Source=Paul Collins Startup list
[services]
Number=9251
Confirmed=X
Filename=start.bat
Description=Added by the ZCREW TROJAN!
Source=Paul Collins Startup list
[Services]
Number=9252
Confirmed=X
Filename=[path to trojan]
Description=Added by the METEORSHELL TROJAN!
Source=Paul Collins Startup list
[Services]
Number=9253
Confirmed=X
Filename=back32.exe ...service.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! Back32.exe is the baddie whose purpose is to HIDE the MIRC32 server in service.exe
Source=Paul Collins Startup list
[Services]
Number=9254
Confirmed=X
Filename=services.exe
Description=Added by a number of VIRUSES, WORMS and TROJANS! Note - this is not the legitimate services.exe process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Services]
Number=9255
Confirmed=X
Filename=winread.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[Services]
Number=9256
Confirmed=X
Filename=windns.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Services]
Number=9257
Confirmed=X
Filename=mshost.exe
Description=Added by the LANFILT-J TROJAN!
Source=Paul Collins Startup list
[services]
Number=9258
Confirmed=X
Filename=Svchosts.exe
Description=Added by the SDBOT.N WORM!
Source=Paul Collins Startup list
[Services]
Number=9259
Confirmed=X
Filename=csrss.exe
Description=Added by a variant of the RANKY.U TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Services]
Number=9260
Confirmed=X
Filename=scks32.exe
Description=Added by a Proxy Trojan variant
Source=Paul Collins Startup list
[Services]
Number=9261
Confirmed=X
Filename=sockys32.exe
Description=Added by the RANKY.L TROJAN!
Source=Paul Collins Startup list
[Services]
Number=9262
Confirmed=X
Filename=sys.exe
Description=Added by a Proxy Trojan variant
Source=Paul Collins Startup list
[services]
Number=9263
Confirmed=X
Filename=windows32.exe
Description=Added by the FLYVB-C WORM!
Source=Paul Collins Startup list
[services]
Number=9264
Confirmed=X
Filename=socks.exe
Description=Added by the WIN32.SMALL.N TROJAN!
Source=Paul Collins Startup list
[Services]
Number=9265
Confirmed=X
Filename=services.exe
Description=Added by the ZINCITE.A TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
Source=Paul Collins Startup list
[Services]
Number=9266
Confirmed=X
Filename=[path to trojan]
Description=Added by the RANCK-DB TROJAN!
Source=Paul Collins Startup list
[Services]
Number=9267
Confirmed=X
Filename=iexplore.exe
Description=Added by the MOGI WORM! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list
[Services]
Number=9268
Confirmed=X
Filename=svchost.exe
Description=Added by the REPER-B WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[Services]
Number=9269
Confirmed=X
Filename=sysamp.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Services]
Number=9270
Confirmed=X
Filename=prosys32.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Services]
Number=9271
Confirmed=X
Filename=iexplorer.exe
Description=Added by an unidentified WORM or TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe)
Source=Paul Collins Startup list
[Services]
Number=9272
Confirmed=X
Filename=iexploler.exe
Description=Added by the RANCK-LT TROJAN!
Source=Paul Collins Startup list
[Services]
Number=9273
Confirmed=X
Filename=iexpolere.exe
Description=Added by the RANCK.LU TROJAN!
Source=Paul Collins Startup list
[Services Administrator]
Number=9274
Confirmed=X
Filename=localsvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Services Administrator]
Number=9275
Confirmed=X
Filename=netsvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Services Administrator]
Number=9276
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Services Administrator]
Number=9277
Confirmed=X
Filename=svcadmin.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Services Administrator]
Number=9278
Confirmed=X
Filename=svcman.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Services Administrator]
Number=9279
Confirmed=X
Filename=svcrun.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Services Administrator]
Number=9280
Confirmed=X
Filename=tcpsvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Services Administrator]
Number=9281
Confirmed=X
Filename=websvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Services Controller]
Number=9282
Confirmed=X
Filename=lsassa.exe
Description=Added by the CIADOOR.122 VIRUS!
Source=Paul Collins Startup list
[Services Controller]
Number=9283
Confirmed=X
Filename=services.exe
Description=Added by the CIADOOR-F TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
Source=Paul Collins Startup list
[Services Host]
Number=9284
Confirmed=X
Filename=Scchost.exe
Description=Added by the DONK WORM!
Source=Paul Collins Startup list
[Services Host]
Number=9285
Confirmed=X
Filename=svchost32.exe
Description=Added by the AGOBOT-TG WORM!
Source=Paul Collins Startup list
[Services Logon]
Number=9286
Confirmed=X
Filename=services.exe
Description=Added by the CROWT.A WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! By default this file is located in Documents and Settings\[user name]\Templates
Source=Paul Collins Startup list
[Services Process]
Number=9287
Confirmed=X
Filename=services.exe
Description=Spyware - recognized by Kaspersky antivirus as Small.X TROJAN! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Services Process]
Number=9288
Confirmed=X
Filename=smss.exe
Description=Added by the SMALL-EK TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "config" subfolder
Source=Paul Collins Startup list
[Services Startup]
Number=9289
Confirmed=X
Filename=services.exe
Description=Added by the CROWT.A WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! By default this file is located in Documents and Settings\[user name]\Templates
Source=Paul Collins Startup list
[Services Startup]
Number=9290
Confirmed=X
Filename=svhost33.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Services.dll]
Number=9291
Confirmed=X
Filename=smss.exe
Description=Added by the SOBER-L WORM! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a msagent\system subfolder of the Winnt or Windows folder
Source=Paul Collins Startup list
[Services.EXE]
Number=9292
Confirmed=X
Filename=services.exe
Description=Added by the KAZPING WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
Source=Paul Collins Startup list
[services.exe]
Number=9293
Confirmed=X
Filename=Services.exe
Description=Added by the CIADOOR-F TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
Source=Paul Collins Startup list
[Services004]
Number=9294
Confirmed=X
Filename=[worm filename]
Description=Added by the BUGBROS WORM!
Source=Paul Collins Startup list
[services32]
Number=9295
Confirmed=X
Filename=mc-110-12-0000079.exe
Description=Added by the TrojanDownloader.Agent.rv TROJAN!
Source=Paul Collins Startup list
[services32]
Number=9296
Confirmed=X
Filename=mc-58-12-0000120.exe
Description="Shorty" adware - also detected as the AGENT.FD TROJAN!
Source=Paul Collins Startup list
[services32]
Number=9297
Confirmed=X
Filename=mc-58-12-0000140.exe
Description="Shorty" adware - also detected as the AGENT.FD TROJAN!
Source=Paul Collins Startup list
[Services32 Startup]
Number=9298
Confirmed=X
Filename=win32dll.exe
Description=Added by the SDBOT-XO WORM!
Source=Paul Collins Startup list
[ServicesLoad]
Number=9299
Confirmed=X
Filename=lsass.exe
Description=Added by the DEARIS-A TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[ServicesLog]
Number=9300
Confirmed=X
Filename=ccapp32.exe
Description=Added by the RBOT-AMX WORM!
Source=Paul Collins Startup list
[Servicewin]
Number=9301
Confirmed=X
Filename=Hide32.exe
Description=Added by the MSNVB-D WORM!
Source=Paul Collins Startup list
[Servicing]
Number=9302
Confirmed=X
Filename=hostd.exe
Description=Added by the SDBOT.BUI WORM!
Source=Paul Collins Startup list
[Servicio Local]
Number=9303
Confirmed=X
Filename=svhost.exe
Description=Added by the SPYBOT.BGX WORM!
Source=Paul Collins Startup list
[servics]
Number=9304
Confirmed=X
Filename=servics.exe
Description=Added by the SINGU-J TROJAN!
Source=Paul Collins Startup list
[SERVlCE]
Number=9305
Confirmed=X
Filename=SERVlCE.EXE
Description=Added by the AGOBOT-UB WORM!
Source=Paul Collins Startup list
[ServUTrayIcon]
Number=9306
Confirmed=?
Filename=ServUTray.exe
Description=System Tray icon for Serv-U FTP server. Is it required?
Source=Paul Collins Startup list
[SES Service]
Number=9307
Confirmed=X
Filename=sesvc.exe
Description=Added by the SDBOT-CZU WORM!
Source=Paul Collins Startup list
[Session Client]
Number=9308
Confirmed=U
Filename=sescli.exe
Description=SurfSpy keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list
[Session Manager Subsystem]
Number=9309
Confirmed=X
Filename=smssa.exe
Description=Added by the RBOT-AGS WORM!
Source=Paul Collins Startup list
[SESync]
Number=9310
Confirmed=X
Filename=sed.exe
Description=DownloadWare adware
Source=Paul Collins Startup list
[SetDefaultMIDI]
Number=9311
Confirmed=?
Filename=MIDIDef.exe
Description=Related to a Soundblaster Audigy soundcards. What does it do and is it required?
Source=Paul Collins Startup list
[SetDefaultPrinter]
Number=9312
Confirmed=Y
Filename=cloaker.exe
Description=Used by HP and Compaq computers to hide the windows of programs passed as arguments to it
Source=Paul Collins Startup list
[setdefprt]
Number=9313
Confirmed=N
Filename=setdefprt.exe
Description=Used to set a Brother MFC printer/copier/scanner as the default printer after installation
Source=Paul Collins Startup list
[SetDefPrt]
Number=9314
Confirmed=N
Filename=BrStDvPt.exe
Description=Used to set a Brother MFC printer/copier/scanner as the default printer after installation
Source=Paul Collins Startup list
[SetecCertUtil]
Number=9315
Confirmed=U
Filename=Certutil.exe
Description=Setec Web and Email Security. Setec PKI smart card software. The PKI technology enables secure and reliable user identification in services offered through Internet, mobile handsets and digital TV
Source=Paul Collins Startup list
[setFTPBack]
Number=9316
Confirmed=X
Filename=createsw.exe
Description=Added by the FTP_BMAIL TROJAN!
Source=Paul Collins Startup list
[SetHook]
Number=9317
Confirmed=N
Filename=SetHook.exe
Description=Fellowes Neato CD label design software. "Launch NEATO's MediaFACE II label making software directly from the productname toolbar"
Source=Paul Collins Startup list
[SETI@home]
Number=9318
Confirmed=N
Filename=SETI@home.exe
Description=SETI@home is a scientific experiment that uses Internet-connected computers in the Search for Extraterrestrial Intelligence (SETI). You can participate by running a free program that downloads and analyzes radio telescope data
Source=Paul Collins Startup list
[seticlient]
Number=9319
Confirmed=N
Filename=SETI@home.exe
Description=SETI@home is a scientific experiment that uses Internet-connected computers in the Search for Extraterrestrial Intelligence (SETI). You can participate by running a free program that downloads and analyzes radio telescope data
Source=Paul Collins Startup list
[SetIcon]
Number=9320
Confirmed=N
Filename=SetIcon.exe
Description=Installed by a 6-in-1 (4 Media Card slots, a floppy drive and a USB connection) device. Constantly updates the icons for the four Media Card slots that it has and is a resource hog
Source=Paul Collins Startup list
[SetiQueue]
Number=9321
Confirmed=N
Filename=Setiqu~1.exe
Description=Provides work unit buffering for Seti@Home clients - see here for more details
Source=Paul Collins Startup list
[SetiSpy]
Number=9322
Confirmed=N
Filename=SetiSpy.exe
Description=SETI Spy is a little program to "spy" on the progress and performance of the SETI@home client. Called a "spy" because it is unobtrusive as possible
Source=Paul Collins Startup list
[SetPoint]
Number=9323
Confirmed=X
Filename=SetPoint.exe
Description=Added by the RBOT-BWI WORM! Note - this is not the valid Logitech Setpoint mouse and keyboard entry that uses the same filename and is located in the Logitech\Setpoint sub-folder of Program Files. This file is located in the System (9x/Me) or System32 (NT/2K/XP/Vista) folder
Source=Paul Collins Startup list
[SetPoint]
Number=9324
Confirmed=U
Filename=Setpoint.exe
Description=Logitech SetPoint Event Manager for their range of mice and keyboards. Required if you want to use the advanced features of these devices and is located in the Logitech\Setpoint sub-folder of Program Files
Source=Paul Collins Startup list
[SETPOINT Logitech Inc]
Number=9325
Confirmed=X
Filename=KHALMNP.exe
Description=Added by the RBOT-AAX WORM!
Source=Paul Collins Startup list
[SetRefresh]
Number=9326
Confirmed=?
Filename=SetRefresh.exe
Description=Found on a Compaq PC. Video refresh rate utility? Is it required?
Source=Paul Collins Startup list
[Setting]
Number=9327
Confirmed=X
Filename=sysweb.exe
Description=Added by the SDBOT.GEN TROJAN!
Source=Paul Collins Startup list
[setup]
Number=9328
Confirmed=N
Filename=hphprld.exe ....setup.exe
Description=HP DeskJet Setup - printers function normally without it
Source=Paul Collins Startup list
[Setup experation]
Number=9329
Confirmed=X
Filename=svchost.exe
Description=Added by the TOFGER-AW TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list
[setupa]
Number=9330
Confirmed=X
Filename=runt32.exe
Description=Added by the QQPASS-K TROJAN!
Source=Paul Collins Startup list
[setupdata]
Number=9331
Confirmed=X
Filename=rnll32.exe
Description=Added by the QQPASS-AC TROJAN!
Source=Paul Collins Startup list
[SetupICWDesktop]
Number=9332
Confirmed=N
Filename=icwconn1.exe
Description=Appears to be the "Internet Connection Wizard" from Internet Explorer being set-up as a desktop shortcut. Appears under the RunOnce registry key but is available under Start -> Programs -> Accessories -> Communication (or similar) anyway
Source=Paul Collins Startup list
[setupuser]
Number=9333
Confirmed=X
Filename=regedit.exe setupuser.log
Description=Regfile in disguise - another CoolWebSearch parasite variant
Source=Paul Collins Startup list
[setuzp]
Number=9334
Confirmed=?
Filename=setuzp.exe
Description=??
Source=Paul Collins Startup list
[SetVrc]
Number=9335
Confirmed=X
Filename=setvrc.exe
Description=Added by the HUNTOCX WORM!
Source=Paul Collins Startup list
[Sex Teris]
Number=9336
Confirmed=X
Filename=st01b.exe
Description=Added by the REPAD WORM!
Source=Paul Collins Startup list
[Sexnow]
Number=9337
Confirmed=X
Filename=Sexnow.exe
Description=Added by the SENOW-B premium rate adult content dialler
Source=Paul Collins Startup list
[Sexy_Blondes]
Number=9338
Confirmed=X
Filename=Sexy_Blondes.exe
Description=Added by the Sexy DIALER!. Related also to Hot Tarts DIALER!
Source=Paul Collins Startup list
[Sexy_sg]
Number=9339
Confirmed=X
Filename=Sexy_sg.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[sf]
Number=9340
Confirmed=X
Filename=sf.exe
Description=SurfEnhance adware component
Source=Paul Collins Startup list
[SFIGUI]
Number=9341
Confirmed=N
Filename=SFIGUI.EXE
Description=Sonic Focus - "enhances music, movie and game sound by analyzing compressed audio streams in realtime, then restoring and enriching audio back to its original performance qualities"
Source=Paul Collins Startup list
[sfita]
Number=9342
Confirmed=X
Filename=sfita.exe
Description=Added by the FAVADD-H TROJAN! Also known as SurfEnhance adware
Source=Paul Collins Startup list
[SFP]
Number=9343
Confirmed=N
Filename=vzSFPWin.EXE
Description=Verizon Online Support Center - prompts for online updates
Source=Paul Collins Startup list
[sfpc]
Number=9344
Confirmed=U
Filename=sfpc.exe
Description=Spy4PC surveillance software. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list
[SFtrb Service]
Number=9345
Confirmed=X
Filename=cftrb32.exe
Description=Added by the SOBIG.D WORM!
Source=Paul Collins Startup list
[SfWinStartInfo]
Number=9346
Confirmed=U
Filename=sfWinStartupInfo.exe
Description=SFIRM32 Online Banking software
Source=Paul Collins Startup list
[Sgecrypt]
Number=9347
Confirmed=U
Filename=Sgecrypt.exe
Description=SafeGuard Easy - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks"
Source=Paul Collins Startup list
[Sgeecview]
Number=9348
Confirmed=U
Filename=Ecview.exe
Description=SafeGuard Easy - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks"
Source=Paul Collins Startup list
[sginst]
Number=9349
Confirmed=U
Filename=sginst.exe
Description=eAcceleration Stop-Sign security software related. Previously not recommended, see here
Source=Paul Collins Startup list
[SGTBox]
Number=9350
Confirmed=?
Filename=SGTBox.exe
Description=Canon scanner driver. Is it required?
Source=Paul Collins Startup list
[sgtray]
Number=9351
Confirmed=U
Filename=sgtray.exe
Description=StorageGuard from Veritas. Free utility that integrates with Backup MyPC (formerly Backup Exec Desktop), Simple Backup and MS Backup. Provides system tray access and background monitoring - warning you of files that haven't recently been backed up. Required unless you backup manually on a regular basis or have scheduled backups
Source=Paul Collins Startup list
[Shadow]
Number=9352
Confirmed=Y
Filename=Shadow.exe
Description="NTI Shadow 3 is an award-winning easy-to-use backup application that automatically protects your photo, music, video, and various data files. It makes data restoration as easy as dragging and dropping files from one place to another"
Source=Paul Collins Startup list
[ShadowUser Pro Edition]
Number=9353
Confirmed=U
Filename=ShadowUser.exe
Description="StorageCraft™ ShadowUser™ provides easy to use desktop security and protection for Windows operating systems. ShadowUser is the best way to prevent unwanted changes to PCs and laptops"
Source=Paul Collins Startup list
[shambl3r]
Number=9354
Confirmed=X
Filename=cnf.bat
Description=Added by the REMABL WORM!
Source=Paul Collins Startup list
[shambl3r*]
Number=9355
Confirmed=X
Filename=shambl3r.exe
Description=Added by the REMABL WORM! where * is 2 to 11
Source=Paul Collins Startup list
[Shania]
Number=9356
Confirmed=X
Filename=Shania.vbs
Description=Added by the SHANIA VIRUS! - NOTE: this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
Source=Paul Collins Startup list
[Share-to-Web Namespace Daemon]
Number=9357
Confirmed=N
Filename=hpgs2wnd.exe
Description=HP's exclusive Share-to-Web software makes it easy to share content with others through our affiliate Internet websites. In other words an application that allows users to upload scanned images to their personal webpages if desired. Available via Start -> Programs
Source=Paul Collins Startup list
[Shareaza]
Number=9358
Confirmed=N
Filename=Shareaza.exe
Description=Shareaza P2P client
Source=Paul Collins Startup list
[Shareaza]
Number=9359
Confirmed=U
Filename=bindata.exe
Description=Shareaza P2P client related
Source=Paul Collins Startup list
[sharedprem]
Number=9360
Confirmed=X
Filename=sharedprem.exe
Description=Added by the MAKECALL TROJAN!
Source=Paul Collins Startup list
[Sharing and Mapping Software]
Number=9361
Confirmed=Y
Filename=DShmap.exe
Description=Intel AnyPoint internet sharing software. Now discontinued
Source=Paul Collins Startup list
[SharkEject]
Number=9362
Confirmed=N
Filename=AEJCT32.exe
Description=Allows you to eject a disk from the Avatar Shark drive from the system tray. When loaded, there is a desktop icon so this isn't required
Source=Paul Collins Startup list
[SharpTray]
Number=9363
Confirmed=U
Filename=SharpTray.exe
Description=Part of Sharpdesk from Sharp Electronics. "A desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents"
Source=Paul Collins Startup list
[Shcenter]
Number=9364
Confirmed=N
Filename=chcenter.exe
Description=IMSI HiJaak - "the easiest way to convert, capture, and manage all your graphic files"
Source=Paul Collins Startup list
[SheduIer]
Number=9365
Confirmed=X
Filename=svchst.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[SheduIer]
Number=9366
Confirmed=X
Filename=shch.exe
Description=Added by the EB TROJAN!
Source=Paul Collins Startup list
[SheduIer]
Number=9367
Confirmed=X
Filename=winagent.exe
Description=Added by the EB TROJAN!
Source=Paul Collins Startup list
[Shedule Connection]
Number=9368
Confirmed=X
Filename=arpo412.exe
Description=Added by the PPDOOR-R WORM!
Source=Paul Collins Startup list
[Sheduler]
Number=9369
Confirmed=X
Filename=nerocheck.exe
Description=Added by the TACTSLAY.B TROJAN!
Source=Paul Collins Startup list
[Shell]
Number=9370
Confirmed=X
Filename=Shell32.exe
Description=Added by the BADSECTOR TROJAN!
Source=Paul Collins Startup list
[Shell]
Number=9371
Confirmed=X
Filename=ray.exe
Description=Homepage hijacker re-directing browsers to adult content websites
Source=Paul Collins Startup list
[Shell]
Number=9372
Confirmed=X
Filename=Tray.exe
Description=Homepage hijacker re-directing browsers to adult content websites
Source=Paul Collins Startup list
[Shell]
Number=9373
Confirmed=X
Filename=wmedia16.exe
Description=Added by the GOLDUN TROJAN!
Source=Paul Collins Startup list
[Shell]
Number=9374
Confirmed=X
Filename=Open32.exe
Description=Added by the SMALL-DL TROJAN!
Source=Paul Collins Startup list
[Shell]
Number=9375
Confirmed=X
Filename=Explorer.exe sound_drive16.exe
Description=Added by the GP TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System subfolder
Source=Paul Collins Startup list
[Shell]
Number=9376
Confirmed=X
Filename=Explorer.exe, msmsgs.exe
Description=Added by the ZLOB TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list
[Shell]
Number=9377
Confirmed=X
Filename=Explorer.exe [path] svchost.exe
Description=Added by the DOYORG TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list
[shell]
Number=9378
Confirmed=X
Filename=explorer.exe
Description=Added by the KAKKEYS TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System32 subfolder
Source=Paul Collins Startup list
[Shell]
Number=9379
Confirmed=X
Filename=iexplore.exe
Description=Added by the KIPIS-U TROJAN! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in a "Microsoft" subfolder
Source=Paul Collins Startup list
[Shell]
Number=9380
Confirmed=X
Filename=ibm0000*.exe [* = digit]
Description=Added by the TORPIG-C and TORPIG-J TROJANS! Filenames spotted include ibm00001.exe, ibm00002.exe, ibm00005.exe and so on
Source=Paul Collins Startup list
[Shell]
Number=9381
Confirmed=X
Filename=taskmrg.exe
Description=Added by the BANCBAN-FT TROJAN!
Source=Paul Collins Startup list
[Shell]
Number=9382
Confirmed=X
Filename=Explorer.exe winupdate.exe
Description=Added by the AGENT-FD TROJAN!
Source=Paul Collins Startup list
[Shell]
Number=9383
Confirmed=X
Filename=ibm[RANDOM 5 DIGIT NUMBER].exe
Description=Added by the ANSERIN TROJAN!
Source=Paul Collins Startup list
[Shell]
Number=9384
Confirmed=X
Filename=svchost.exe
Description=Added by the GOLDSPY-B TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[Shell]
Number=9385
Confirmed=X
Filename=ibm00001.dll
Description=Added by the TORPIG-Q TROJAN!
Source=Paul Collins Startup list
[Shell API32]
Number=9386
Confirmed=X
Filename=svcnet.exe
Description=Added by the TIBICK.C WORM!
Source=Paul Collins Startup list
[Shell Extension]
Number=9387
Confirmed=X
Filename=spollsv.exe
Description=Added by a variant of the LOVGATE WORM!
Source=Paul Collins Startup list
[Shell Tray Window]
Number=9388
Confirmed=X
Filename=ShellTraywnd.exe
Description=Added by the STULTDOR-A TROJAN!
Source=Paul Collins Startup list
[shell update]
Number=9389
Confirmed=X
Filename=shellexec.exe
Description=Added by the AGOBOT-TH WORM!
Source=Paul Collins Startup list
[Shell32]
Number=9390
Confirmed=X
Filename=Shell32.vbs
Description=Added by the SCAFENE WORM!
Source=Paul Collins Startup list
[shell32]
Number=9391
Confirmed=X
Filename=ntldrt.exe
Description=Added by the JLOK-A WORM!
Source=Paul Collins Startup list
[Shell32]
Number=9392
Confirmed=X
Filename=iexplore.exe
Description=Added by the IRCBOT-AY TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup unless you add it manually! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list
[ShellApi]
Number=9393
Confirmed=X
Filename=SHELLMSN.EXE
Description=Added by the NETDEV.B TROJAN!
Source=Paul Collins Startup list
[Shellapi32]
Number=9394
Confirmed=X
Filename=Shellapi32.exe
Description=Added by the NETDEVIL (or NERTE) TROJAN!
Source=Paul Collins Startup list
[Shellapi32]
Number=9395
Confirmed=X
Filename=mcvsrte.exe
Description=Added by an unidentified WORM! Note - do not confuse with the McAfee SecurityCenter file of the same name
Source=Paul Collins Startup list
[ShellCommand]
Number=9396
Confirmed=X
Filename=[path to file]
Description=Added by the REMCON-A TROJAN!
Source=Paul Collins Startup list
[Shelldaemon]
Number=9397
Confirmed=X
Filename=Shelldaemon.exe
Description=Added by a variant of the AGENT.ALN TROJAN!
Source=Paul Collins Startup list
[ShellEx]
Number=9398
Confirmed=X
Filename=ShellEx.exe
Description=Added by the ANAKHA TROJAN!
Source=Paul Collins Startup list
[ShellN]
Number=9399
Confirmed=X
Filename=isca.exe
Description=Added by the IBILL.Z TROJAN!
Source=Paul Collins Startup list
[ShellOS]
Number=9400
Confirmed=X
Filename=A+++.exe
Description=Added by the AV TROJAN!
Source=Paul Collins Startup list
[ShellRun]
Number=9401
Confirmed=X
Filename=lexplore_.exe
Description=Added by the MSNOPT-A TROJAN!
Source=Paul Collins Startup list
[ShellRun32]
Number=9402
Confirmed=X
Filename=iexplore.exe
Description=Added by the IRCBOT-AY TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup unless you add it manually! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list
[Shellspl]
Number=9403
Confirmed=X
Filename=lsas.exe
Description=Added by the YALER-A TROJAN!
Source=Paul Collins Startup list
[Shellspl]
Number=9404
Confirmed=X
Filename=spools.exe
Description=Added by the PROXAGE-A TROJAN!
Source=Paul Collins Startup list
[shellsystem]
Number=9405
Confirmed=X
Filename=shellsystem.exe
Description=Added by the UPCHAN TROJAN!
Source=Paul Collins Startup list
[shhost]
Number=9406
Confirmed=X
Filename=shhost.exe
Description=Added by the AGENT.CE TROJAN!
Source=Paul Collins Startup list
[shicoxp]
Number=9407
Confirmed=N
Filename=shicoxp.exe
Description=Installed with the drivers for multi card readers of various brands. To differentiate between the various card slots on multi slot readers the shicoxp.exe file assigns and loads unique drive icons for the various card slots that are displayed in Windows Explorer
Source=Paul Collins Startup list
[Shine]
Number=9408
Confirmed=X
Filename=Shine.exe
Description=Added by the HAPPYLOW (or NISHE-A) VIRUS!
Source=Paul Collins Startup list
[SHINITV]
Number=9409
Confirmed=?
Filename=shinitv.exe
Description=??
Source=Paul Collins Startup list
[Shmgrate.exe]
Number=9410
Confirmed=X
Filename=ibot4.exe
Description=Added by the GASTER TROJAN!
Source=Paul Collins Startup list
[ShockmachineReminder]
Number=9411
Confirmed=N
Filename=SmReminder.exe
Description="Shockmachine is a stand-alone application that lets users collect Macromedia Shockwave and Flash titles and play them offline". Could be a registration reminder for the trial version
Source=Paul Collins Startup list
[Shockwave]
Number=9412
Confirmed=X
Filename=csrss.exe
Description=Added by the SNDOG WORM! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[Shockwave Init]
Number=9413
Confirmed=N
Filename=SWINIT.EXE
Description=Part of Macromedia Shockwave. Controls the Shockwave Remote Control Panel. The Remote Control can be activated manually from the Start Menu by locating and selecting Shockwave and then Shockwave Remote under Programs
Source=Paul Collins Startup list
[Shockwave Support]
Number=9414
Confirmed=X
Filename=FlashPlayer.exe
Description=Added by the DELF-DRA WORM!
Source=Paul Collins Startup list
[ShortKeys 99]
Number=9415
Confirmed=N
Filename=SHORTKEY.EXE
Description=ShortKeys from Insight Software Solutions - allows you to program keys with text strings
Source=Paul Collins Startup list
[sHotKey]
Number=9416
Confirmed=Y
Filename=sHotKey.exe
Description=Special function key manager for Chicony keyboards - see here
Source=Paul Collins Startup list
[Showbehind]
Number=9417
Confirmed=X
Filename=SHOWBEHIND.EXE
Description=Advertisement display which can be stopped here
Source=Paul Collins Startup list
[ShowFF]
Number=9418
Confirmed=X
Filename=ShowFF.exe
Description=Added by the Adware.FFToolBar adware toolbar
Source=Paul Collins Startup list
[ShowIcon_Justrams_USB Product Driver v2.12r012]
Number=9419
Confirmed=?
Filename=shwicon.exe
Description=Related to Just Rams USB product driver. Is it required?
Source=Paul Collins Startup list
[ShowIcon_PNY_PNY Attaché]
Number=9420
Confirmed=U
Filename=shwicon.exe
Description=PNY Attaché USB flash memory stick System Tray icon - shows when the device is plugged in
Source=Paul Collins Startup list
[ShowIcon_SmartDisk Corporation_USB Card Reader v1.14e051]
Number=9421
Confirmed=?
Filename=shwicon.exe
Description=Card reader for memory cards from digital cameras. Is it required?
Source=Paul Collins Startup list
[ShowLOMControl]
Number=9422
Confirmed=U
Filename=[strange symbol]
Description=Note that there is a strange symbol in the command field. HKLM\Software\Microsoft\Windows\Current Version\Run\ShowLOMControl Reg_DWORD 0x00000001 (1) LOM = LAN on Motherboard.It mean Show "LAN on Motherboard" Control.On systems where you can install an external LAN interface, it will warn you that you already have a built-in LAN interface. Appears to be a feature on certain Dell systems
Source=Paul Collins Startup list
[Showme]
Number=9423
Confirmed=X
Filename=Ruden.vbs
Description=Added by the HANDLE-A VIRUS!
Source=Paul Collins Startup list
[ShowWnd]
Number=9424
Confirmed=U
Filename=ShowWnd.exe
Description=Found on Gateway computers (and maybe others) - see here. "Showwnd is included with the Chicony keyboard software and is used by the software to stop the keyboard driver's taskbar entry from reappearing. It is not necessary to remove the keyboard software, however if you wish it can be removed through Add or Remove Programs"
Source=Paul Collins Startup list
[SHPC32]
Number=9425
Confirmed=U
Filename=SHPC32.exe
Description=Port monitor for Lexmark printers on a USB connection. Ties in with the Printer Control Program. Features like cancelling a print are unavailable if disabled
Source=Paul Collins Startup list
[ShStatEXE]
Number=9426
Confirmed=Y
Filename=SHSTAT.EXE
Description=From McAfee VirusScan NT 4.x. Handles program communication among VShield components, displays VShield icon. Can be started automatically or available via Start -> Programs
Source=Paul Collins Startup list
[Shutdownaware]
Number=9427
Confirmed=U
Filename=shutdownaware.exe
Description=Loaded by the SWEEX 6-in-1 Media Card Reader to properly manage the reader while it is connected to your system
Source=Paul Collins Startup list
[ShutDownPro]
Number=9428
Confirmed=U
Filename=ShutDownPro.exe
Description=ShutDownPro - shutdown, reboot, logoff your System with one mouse click
Source=Paul Collins Startup list
[Si Meter]
Number=9429
Confirmed=N
Filename=SIMETER.EXE
Description=Si Meter - keep track of things like CPU activity, network activity and speed, hard-drive activity, hard-drive space, system memory, running processes, or just date and time
Source=Paul Collins Startup list
[si91e44b]
Number=9430
Confirmed=X
Filename=rundll32.exe [path] si91e44b.dll, EnableRunDLL32
Description=LZIO.com adware downloader
Source=Paul Collins Startup list
[SIA2006]
Number=9431
Confirmed=U
Filename=SIA2006.exe
Description=Part of Steganos Internet Anonym privacy software
Source=Paul Collins Startup list
[SIAPRO6]
Number=9432
Confirmed=U
Filename=sia.exe
Description=Steganos Internet Anonym privacy software
Source=Paul Collins Startup list
[Sicom]
Number=9433
Confirmed=X
Filename=Sicom.exe
Description=Added by the NETLIP WORM!
Source=Paul Collins Startup list
[SideACT]
Number=9434
Confirmed=U
Filename=SideACT.exe
Description=SideACT organizer software
Source=Paul Collins Startup list
[Sidebar]
Number=9435
Confirmed=U
Filename=Sidebar.exe
Description=If you are running Windows Vista it is a part of the operating system. But on other versions of Windows it can be a part of
Searchcentrix hijacker
Source=Paul Collins Startup list
[SIDEBAR]
Number=9436
Confirmed=N
Filename=dsidebar.exe
Description="Desktop Sidebar provides you with instant access to the information you most desire by grabbing data from your PC and the internet. The result is a dynamic visual display you configure and control"
Source=Paul Collins Startup list
[Sidebar]
Number=9437
Confirmed=U
Filename=sidebar.exe
Description=Windows Sidebar is a pane on the side of the Microsoft Windows Vista desktop where you can keep your gadgets organized and always available
Source=Paul Collins Startup list
[SideWinderTrayV4]
Number=9438
Confirmed=N
Filename=SWTrayV4.exe
Description=MS SideWinder game controller system tray icon. This is specific to version 4 of the software. Available via Start -> Programs
Source=Paul Collins Startup list
[SigmaTel Audio]
Number=9439
Confirmed=N
Filename=setup.exe
Description=Sigmatel audio driver
Source=Paul Collins Startup list
[SigmatelSysTrayApp]
Number=9440
Confirmed=N
Filename=stsystra.exe
Description=System tray program for the Sigmatel Audio sound card. Often found on Dell computers
Source=Paul Collins Startup list
[SigmatelSysTrayApp]
Number=9441
Confirmed=N
Filename=sttray.exe
Description=System tray program for the Sigmatel Audio sound card. Often found on Dell computers
Source=Paul Collins Startup list
[SigX]
Number=9442
Confirmed=?
Filename=sigx.exe
Description=??
Source=Paul Collins Startup list
[SigXC]
Number=9443
Confirmed=X
Filename=SigX.exe
Description=SigX is a "dynamic signature image generated based on whatever data your computer sends it though our SigX program. It can display your current Mp3, current OS, Free Ram, your current time and more"
Source=Paul Collins Startup list
[Simcast]
Number=9444
Confirmed=N
Filename=SimcastAlerts.exe
Description=Simcast is a free service that allows you to subscribe to information on a large variety of topics. Alerts will appear on your desktop when a channel that you have subscribed to has something to say
Source=Paul Collins Startup list
[SimpLite-MSN]
Number=9445
Confirmed=U
Filename=SimpLite-MSN.exe
Description=Required if you use the SimpLite add-on to MSN Messenger (SimpLite adds encryption to the instant messaging service)
Source=Paul Collins Startup list
[Singapore]
Number=9446
Confirmed=X
Filename=singapore.exe
Description=Adds a blue crescent to the taskbar and when double-clicked displays an adult-content web-site. Also known to drop your internet connection and dial an international telephone number. See here for more information. Must be disabled in MSCONFIG before un-installing or it re-instates itself
Source=Paul Collins Startup list
[SIPPS]
Number=9447
Confirmed=U
Filename=SIPPS\SIPPS.exe
Description=Web.de Internet phone utility
Source=Paul Collins Startup list
[SiS Dns]
Number=9448
Confirmed=X
Filename=dnssvc.exe
Description=Added by the DLOADER-UE TROJAN!
Source=Paul Collins Startup list
[SiS KHooker]
Number=9449
Confirmed=N
Filename=khooker.exe
Description=SiS Keyboard Daemon. System Tray utility which gets installed by the drivers of the latter day SiS VGA cards. Can cause errors at startup and isn't required
Source=Paul Collins Startup list
[SiS Mpc Service]
Number=9450
Confirmed=X
Filename=mpcsvc.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[SiS Mpc Service]
Number=9451
Confirmed=X
Filename=mpcsvc.exe
Description=Added by the CIAFOOR-CJ TROJAN!
Source=Paul Collins Startup list
[SiS Tray]
Number=9452
Confirmed=U
Filename=sistray.exe
Description=System Tray icon for SiS based graphics. Note - this resides in C:\Windows\System
Source=Paul Collins Startup list
[SiS Windows KeyHook]
Number=9453
Confirmed=U
Filename=keyhook.exe
Description=SIS graphics cards related: "Super VGA Keyboard Daemon" - hooks into the keyboard processing chain in order to enable hotkey settings
Source=Paul Collins Startup list
[SiS7012Utility]
Number=9454
Confirmed=Y
Filename=SiSAudUt.exe
Description=SiS Corporation sound card driver
Source=Paul Collins Startup list
[SISAM10M]
Number=9455
Confirmed=?
Filename=SISAM10M.exe
Description=??
Source=Paul Collins Startup list
[SiSAudio]
Number=9456
Confirmed=N
Filename=MP_S3.exe
Description=WinME patch for an older SiS 961 chipset FERR bug. Enable if you have audio problems
Source=Paul Collins Startup list
[siscolor]
Number=9457
Confirmed=U
Filename=color.exe
Description=Probably on-board graphics related based upon the SiS chipsets. Has been seen on ASUS motherboards with SiS chipsets and known to cause conflicts if you choose another graphics card and disable the on-board
Source=Paul Collins Startup list
[siService.exe]
Number=9458
Confirmed=U
Filename=siService.exe
Description=Spam Inspector - anti email spam software
Source=Paul Collins Startup list
[SiSPower]
Number=9459
Confirmed=?
Filename=Rundll32.exe SiSPower.dll, ModeAgent
Description=Responsible for power management for SIS chipsets - is it required?
Source=Paul Collins Startup list
[SiSRaid]
Number=9460
Confirmed=U
Filename=SRaid.exe
Description=Related to the SIS Raid system from Silicon Integrated Systems
Source=Paul Collins Startup list
[SiSSetCDfmt]
Number=9461
Confirmed=?
Filename=SiSSetCDfmt.exe
Description=Related to a Silicon Integrated Systems Corp (SiS) product?
Source=Paul Collins Startup list
[SISSoundman]
Number=9462
Confirmed=?
Filename=Soundman.exe
Description=Related to a Silicon Integrated Systems Corp (SiS) product?
Source=Paul Collins Startup list
[SiSSWLED]
Number=9463
Confirmed=U
Filename=sisswled.exe
Description=System Tray utility for SiS 900 network cards
Source=Paul Collins Startup list
[sistrai.exe]
Number=9464
Confirmed=X
Filename=sistrai.exe
Description=Added by the PROVA TROJAN!
Source=Paul Collins Startup list
[sistray]
Number=9465
Confirmed=X
Filename=sistray.exe
Description=Added by the PROVA TROJAN!
Source=Paul Collins Startup list
[sistray]
Number=9466
Confirmed=U
Filename=sistray.exe
Description=System Tray icon for SiS based graphics. Note - this resides in C:\Windows\System
Source=Paul Collins Startup list
[Sistray32]
Number=9467
Confirmed=X
Filename=remotehost.pif
Description=Added by the HOLCAS.A WORM!
Source=Paul Collins Startup list
[Sistray32]
Number=9468
Confirmed=X
Filename=win.bat
Description=Added by the JUMPRED.A WORM!
Source=Paul Collins Startup list
[Sistray32]
Number=9469
Confirmed=X
Filename=virus.exe
Description=Added by the TOMETA-C TROJAN!
Source=Paul Collins Startup list
[sistry]
Number=9470
Confirmed=X
Filename=sistry.exe
Description=Added by the CEBE WORM!
Source=Paul Collins Startup list
[SiSUSBRG]
Number=9471
Confirmed=N
Filename=SiSUSBrg.exe
Description=SiS USB Registry Patch File - fixes the undetectable problem with SiS USB controller on Windows XP
Source=Paul Collins Startup list
[SiteAdvisor]
Number=9472
Confirmed=U
Filename=SiteAdv.exe
Description=SiteAdvisor from McAfee warns you before you interact with a dangerous Web site
Source=Paul Collins Startup list
[sixtysix]
Number=9473
Confirmed=X
Filename=sixtypopsix.exe
Description=Medload adware
Source=Paul Collins Startup list
[SK51]
Number=9474
Confirmed=U
Filename=SK51.EXE
Description=SaveKeys keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list
[SK60]
Number=9475
Confirmed=U
Filename=SK60.EXE
Description=SaveKeys keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list
[SK9910DM]
Number=9476
Confirmed=U
Filename=SK9910DM.EXE
Description=Multi-function keyboard driver. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys
Source=Paul Collins Startup list
[SKDAEMON]
Number=9477
Confirmed=U
Filename=SKDAEMON.EXE
Description=Multi-function keyboard driver. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys
Source=Paul Collins Startup list
[skinkers]
Number=9478
Confirmed=U
Filename=skinkers.exe
Description=Selection of desktop messaging/marketing tools with celebrity tie-ins including MTV's "Desktop Ozzy" and Arsenal's "Desktop Wenger" - see here. Leave enabled if you want to receive messages
Source=Paul Collins Startup list
[sks-32]
Number=9479
Confirmed=X
Filename=SKS32P~1.EXE
Description=SpyKeySpy logs keystrokes and sends the stolen information to a configurable email address
Source=Paul Collins Startup list
[Skunk]
Number=9480
Confirmed=X
Filename=Skunk.exe
Description=Added by the SUNK-A WORM! Note - this file is found in the root folder (C:\), (D:\), etc
Source=Paul Collins Startup list
[SkyBlaster Scheduler]
Number=9481
Confirmed=Y
Filename=SSFSch.exe
Description=For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system
Source=Paul Collins Startup list
[skynetave.exe]
Number=9482
Confirmed=X
Filename=skynetave.exe
Description=Added by the SASSER.D WORM!
Source=Paul Collins Startup list
[SkynetRevenge]
Number=9483
Confirmed=X
Filename=winlogon.scr
Description=Added by the NETSKY.AA WORM!
Source=Paul Collins Startup list
[Skype]
Number=9484
Confirmed=N
Filename=Skype.exe
Description="Skype is free and simple software that will enable you to make free calls anywhere in the world in minutes"
Source=Paul Collins Startup list
[SkypeMate]
Number=9485
Confirmed=N
Filename=SkypeMate.exe
Description=SkypeMate acts as a bridge between networks of VoIP and PSTN
Source=Paul Collins Startup list
[SkypeStartup]
Number=9486
Confirmed=X
Filename=Skype.exe
Description=Added by the PYKSE-A WORM!
Source=Paul Collins Startup list
[SkySurfer Management Service]
Number=9487
Confirmed=Y
Filename=SmaServ.exe
Description=For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system
Source=Paul Collins Startup list
[SkyTel]
Number=9488
Confirmed=U
Filename=SkyTel.exe
Description=Process associated with Realtek Voice Manager for some of their audio chipsets
Source=Paul Collins Startup list
[sl4 rules]
Number=9489
Confirmed=X
Filename=rbot32.exe
Description=Added by the SDBOT-QC WORM!
Source=Paul Collins Startup list
[slack12]
Number=9490
Confirmed=X
Filename=mfcee.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Slayhacker734]
Number=9491
Confirmed=X
Filename=slay7383.exe
Description=Added by the SIKBOT-A TROJAN!
Source=Paul Collins Startup list
[SleepManager]
Number=9492
Confirmed=N
Filename=SleepMgr.exe
Description=This program locates free contiguous disk spaces and allocates them for storing BASE MEMORY, EXTENDED MEMORY, VIDEO MEMORY, and SM RAM. It helps the computer come out of hibernate mode
Source=Paul Collins Startup list
[Slibe.com]
Number=9493
Confirmed=U
Filename=Sliber.EXE
Description=Sliber - freeware screen capturing & online sharing tool
Source=Paul Collins Startup list
[SlickRun]
Number=9494
Confirmed=U
Filename=sr.exe
Description="SlickRun is a floating command line utility for Windows. It gives you almost instant access to any program or website. SlickRun allows you to create command aliases (known as MagicWords), so C:\Program Files\Outlook Express\msimn.exe becomes MAIL"
Source=Paul Collins Startup list
[slide]
Number=9495
Confirmed=X
Filename=Iexplore.exe
Description=Added by the GASLIDE TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!
Source=Paul Collins Startup list
[slimp3]
Number=9496
Confirmed=N
Filename=SliMP3 Server.exe
Description=Slimp3 Server - "presents an entirely new way of accessing and enjoying your music collection. Instead of storing your music on CDs or memory cards, the SliMP3 uses your home network to access the music stored on your PC"
Source=Paul Collins Startup list
[Slingshot]
Number=9497
Confirmed=N
Filename=SLINGS~1.EXE
Description=Atomica Slingshot - "reference tool with access to dictionary and encyclopedia terms, bios, technical terms, history, geography, and much more". Now superseed by 1-Click Answers
Source=Paul Collins Startup list
[slipcore]
Number=9498
Confirmed=Y
Filename=slipcore.exe
Description=Core module for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pix. Used by popular ISPs such as IceNet, Wanadoo, Terra, OnSpeed, United Online and AOL Canada. Required if the user's account is locked in to that proxy server
Source=Paul Collins Startup list
[slipgui]
Number=9499
Confirmed=Y
Filename=slipgui.exe
Description=User interface for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pix. Used by popular ISPs such as IceNet, Wanadoo, Terra, OnSpeed, United Online and AOL Canada. Required if the user's account is locked in to that proxy server
Source=Paul Collins Startup list
[SlipStream]
Number=9500
Confirmed=Y
Filename=slipcore.exe
Description=Core module for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pix. Used by popular ISPs such as IceNet, Wanadoo, Terra, OnSpeed, United Online and AOL Canada. Required if the user's account is locked in to that proxy server
Source=Paul Collins Startup list
[slmss]
Number=9501
Confirmed=X
Filename=slmss.exe
Description=SeekSeek search hijacker related - see here
Source=Paul Collins Startup list
[sload]
Number=9502
Confirmed=X
Filename=sload.exe
Description=Win SynchroAd adware, also detected as DLOADER-QG TROJAN!
Source=Paul Collins Startup list
[slvchost32]
Number=9503
Confirmed=X
Filename=slvchost32.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[sm]
Number=9504
Confirmed=X
Filename=sa_exe.exe
Description=Added by the OLFEB.A TROJAN!
Source=Paul Collins Startup list
[sm]
Number=9505
Confirmed=X
Filename=sf_exe.exe
Description=Added by the OLFEB.A TROJAN!
Source=Paul Collins Startup list
[sm]
Number=9506
Confirmed=X
Filename=sm_exe.exe
Description=Added by the OLFEB.A TROJAN!
Source=Paul Collins Startup list
[sm]
Number=9507
Confirmed=X
Filename=sr_exe.exe
Description=Added by the LUKUSPAM TROJAN!
Source=Paul Collins Startup list
[SM1BG]
Number=9508
Confirmed=N
Filename=SM1BG.EXE
Description=USB driver for downloading from within Napster to portable MP3 players. Only required at startup if you use it all the time - otherwise start it manually when required
Source=Paul Collins Startup list
[SM1NINT]
Number=9509
Confirmed=N
Filename=SM1NINT.exe
Description=Cypress USB Mass Storage Driver Notification Icon Application - tray notification for Cypress base memory sticks and external storage devices for Win98
Source=Paul Collins Startup list
[SM56 Helper Win32 Utility]
Number=9510
Confirmed=N
Filename=sm56hlpr.exe
Description=Helper utility for Motorola based SM56 software modems - resides in the System Tray
Source=Paul Collins Startup list
[Sm56acl]
Number=9511
Confirmed=N
Filename=sm56hlpr.exe
Description=Helper utility for Motorola based SM56 software modems - resides in the System Tray
Source=Paul Collins Startup list
[sman]
Number=9512
Confirmed=X
Filename=app***.tmp [* = digit]
Description=Unidentified adware
Source=Paul Collins Startup list
[Smapp]
Number=9513
Confirmed=N
Filename=smtray.exe
Description=System Tray access for the Compaq/ADI SoundMAX integrated digital audio controller
Source=Paul Collins Startup list
[Smart Card Service]
Number=9514
Confirmed=N
Filename=ScardSvr.exe
Description=For Smart Card readers. Known to cause problems, especially for Windows 2000 users - see here. Probably not required unless you use such a device regularly
Source=Paul Collins Startup list
[Smart Connect Monitor]
Number=9515
Confirmed=U
Filename=SCMon.exe
Description=Appears on a Sony Vaio. Smart Connect Version 2.1 enables data transfer between Vaios via i.LINK cable. Smart Connect supports File and Printer Sharing for MS networks. You can copy files from your Vaio to another Vaio or print using a printer connected to a remote Vaio
Source=Paul Collins Startup list
[Smart Connect Setup]
Number=9516
Confirmed=U
Filename=SCSetup.exe
Description=Appears on a Sony Vaio. Smart Connect Version 2.1 enables data transfer between Vaios via i.LINK cable. Smart Connect supports File and Printer Sharing for MS networks. You can copy files from your Vaio to another Vaio or print using a printer connected to a remote Vaio
Source=Paul Collins Startup list
[Smart Keyboard]
Number=9517
Confirmed=U
Filename=Smartkbd.exe
Description=Netropa Smart Keyboard driver
Source=Paul Collins Startup list
[Smart Label O Server]
Number=9518
Confirmed=N
Filename=ssloserv.exe
Description=Part of the printer software for the smart-label printer made by Seiko. Can be disabled safely
Source=Paul Collins Startup list
[Smart Label RFViewer]
Number=9519
Confirmed=N
Filename=SSLFVIEW.EXE
Description=Part of the printer software for the smart-label printer made by Seiko. Can be disabled safely
Source=Paul Collins Startup list
[Smart Start UP]
Number=9520
Confirmed=N
Filename=PnPDetect.exe
Description=Part of Presto! Mr.Photo - "an ideal program for creating, sharing, and manag-ing digital images and videos"
Source=Paul Collins Startup list
[Smart Touch]
Number=9521
Confirmed=U
Filename=STouch.exe
Description=Related to Plustek OpticSlim scanner
Source=Paul Collins Startup list
[Smart Type Assistant]
Number=9522
Confirmed=N
Filename=sta.exe
Description=Smart Type Assistant - a complex typing automation tool, intended to make your work faster and safer
Source=Paul Collins Startup list
[Smartalec]
Number=9523
Confirmed=U
Filename=pcaccel.exe
Description=Smartalec PC Accelerator - system optimization utility
Source=Paul Collins Startup list
[SmartBarXP]
Number=9524
Confirmed=N
Filename=SmartBarXP.exe
Description=SmartBarXP is a bar that runs down the side of your screen, and can be configured to display interactive panels known as 'panes'. These panes include media players, slideshow and image viewing panes, a virtual desktop manager, and live news, weather and stock feeds to mention but a few
Source=Paul Collins Startup list
[sMaRTcaPs]
Number=9525
Confirmed=N
Filename=SMARTC~1.EXE
Description=sMaRTcaPs from Phoebus LLC - enables you to configure the time needed to depress Caps Lock, Num Lock & Insert keys
Source=Paul Collins Startup list
[Smarthruengine]
Number=9526
Confirmed=U
Filename=QS.exe
Description=Samsung smarthru software, used with Lexmark Z82 or Samsung multifunction printers
Source=Paul Collins Startup list
[SmartPCXL]
Number=9527
Confirmed=U
Filename=pcaccel.exe
Description=Smartalec PC Accelerator - system optimization utility
Source=Paul Collins Startup list
[SmartSync Pro]
Number=9528
Confirmed=U
Filename=SmartSync.exe
Description=Related to CompanionLink Software Inc. Synchronization solutions for ACT!, GoldMine, Lotus Notes and Microsoft Outlook
Source=Paul Collins Startup list
[SMax4]
Number=9529
Confirmed=N
Filename=SMax4.exe
Description=System Tray icon for SoundMax integrated sound. Sound properties can be accessed through the Start Menu or Control Panel
Source=Paul Collins Startup list
[SMax4PNP]
Number=9530
Confirmed=U
Filename=SMax4PNP.exe
Description=SoundMax integrated sound. Required if you have custom settings for your sound, such as effects and environments
Source=Paul Collins Startup list
[smbdpmi]
Number=9531
Confirmed=?
Filename=smbdpmi.exe
Description=IBM Netfinity Director and Universal Management Services related. What does it do and is it required?
Source=Paul Collins Startup list
[smc]
Number=9532
Confirmed=Y
Filename=smc.exe
Description=Sygate Firewall
Source=Paul Collins Startup list
[smc]
Number=9533
Confirmed=Y
Filename=spfsmc.exe
Description=Sygate Firewall
Source=Paul Collins Startup list
[SMC Service]
Number=9534
Confirmed=Y
Filename=smc.exe
Description=Sygate Firewall
Source=Paul Collins Startup list
[SMC Service]
Number=9535
Confirmed=Y
Filename=spfsmc.exe
Description=Sygate Firewall
Source=Paul Collins Startup list
[smcserv]
Number=9536
Confirmed=X
Filename=winsrv.exe
Description=Added by the AGOBOT-OU WORM!
Source=Paul Collins Startup list
[SmcService]
Number=9537
Confirmed=Y
Filename=smc.exe
Description=Sygate Firewall
Source=Paul Collins Startup list
[SmcServices]
Number=9538
Confirmed=Y
Filename=smc.exe
Description=Sygate Firewall
Source=Paul Collins Startup list
[SmcServices]
Number=9539
Confirmed=Y
Filename=spfsmc.exe
Description=Sygate Firewall
Source=Paul Collins Startup list
[Smcsta.exe]
Number=9540
Confirmed=?
Filename=Smcsta.exe
Description=SMC Networks wireless PCI card driver. Is it required?
Source=Paul Collins Startup list
[SmcSVR]
Number=9541
Confirmed=X
Filename=SmcSVR.exe
Description=Added by the LEGMIR.JU TROJAN!
Source=Paul Collins Startup list
[Smiley District]
Number=9542
Confirmed=X
Filename=plugin.exe
Description=Smiley District adware
Source=Paul Collins Startup list
[Smith Micro try]
Number=9543
Confirmed=N
Filename=smiptray.exe
Description=Smith Micro shared files. Comes with D-Link web cam
Source=Paul Collins Startup list
[smodul]
Number=9544
Confirmed=U
Filename=smodule.exe
Description=UserMonitor from Neuber. Teachers can broadcast screen to other screens, see students screens in a network and detect unauthorized software
Source=Paul Collins Startup list
[SmoothView]
Number=9545
Confirmed=X
Filename=SmoothView.exe
Description=TOSHIBA Zooming Utility - allows "automatic" zoom feature in some appications, like IE, MS-Office, WMPlayer, Adobe Reader and also desktop icons
Source=Paul Collins Startup list
[SMPAutoStart]
Number=9546
Confirmed=U
Filename=smpdemo.exe
Description=Smart Phone Recorder demo from KenGolf.com. Answering Machine, Caller ID, Call Recording
Source=Paul Collins Startup list
[smres]
Number=9547
Confirmed=X
Filename=smres.exe
Description=Added by the AGOBOT-UA WORM!
Source=Paul Collins Startup list
[SMS Application Launcher]
Number=9548
Confirmed=U
Filename=LAUNCH32.EXE
Description=Microsoft Systems Management Server - used to manage computers on a network remotely
Source=Paul Collins Startup list
[SMS Client Service]
Number=9549
Confirmed=U
Filename=clisvc95.exe
Description=When the SMS Client service starts on a domain controller, the Client service modifies the SMSCliToknAcct & user account group membership, user rights, and account comment. The Client service then waits for the synchronization of the comment to verify that the account and user rights are properly set for this account. This account is used to obtain a token to start the SMS Client processes, such as the Software Inventory and Software Distribution agents (MS Systems Management Server)
Source=Paul Collins Startup list
[Sms System32]
Number=9550
Confirmed=X
Filename=SmsSystem32.exe
Description=Unidentified malware
Source=Paul Collins Startup list
[SMS Win9x Message Agent]
Number=9551
Confirmed=U
Filename=??
Description=This program assigns a user to a Systems Management Server site
Source=Paul Collins Startup list
[SMS Win9x Message Agent]
Number=9552
Confirmed=U
Filename=SMSMsg.exe
Description=This program assigns a user to a Systems Management Server site
Source=Paul Collins Startup list
[Smserial]
Number=9553
Confirmed=N
Filename=sm56hlpr.exe
Description=Helper utility for Motorola based SM56 software modems - resides in the System Tray
Source=Paul Collins Startup list
[SMSI Loader]
Number=9554
Confirmed=N
Filename=SMLoader.exe
Description=Smith Micro HotFax - fax software
Source=Paul Collins Startup list
[smsm]
Number=9555
Confirmed=X
Filename=smsm.exe
Description=Added by the BANKER-CO TROJAN!
Source=Paul Collins Startup list
[smsrv]
Number=9556
Confirmed=X
Filename=smsrv.exe
Description=Added by the AGOBOT-SX WORM!
Source=Paul Collins Startup list
[SMSS]
Number=9557
Confirmed=X
Filename=smss.exe
Description=Added by the FLOOD.F TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Catroot" subfolder
Source=Paul Collins Startup list
[smss]
Number=9558
Confirmed=X
Filename=[path to smss.exe]
Description=Added by the ALADINZ.F TROJAN! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[smss]
Number=9559
Confirmed=X
Filename=smss.exe
Description=Added by the AGENT-TR TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[smss]
Number=9560
Confirmed=X
Filename=smss.exe
Description=Added by the BOROBOT-J TROJAN and variants! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup!
Source=Paul Collins Startup list
[Smss]
Number=9561
Confirmed=X
Filename=ssms.exe
Description=Added by the RBOT.OP WORM!
Source=Paul Collins Startup list
[smss.exe]
Number=9562
Confirmed=X
Filename=csrss.exe
Description=Added by the DALBUG WORM! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[smssLevel4]
Number=9563
Confirmed=X
Filename=smss.exe
Description=Unidentified malware! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in Program Files\Windows Media Player\Skins\WindowsMediaSkin\Data\Level4 folder
Source=Paul Collins Startup list
[SMSSS]
Number=9564
Confirmed=X
Filename=smsss.exe
Description=Added by the SDBOT.ZD WORM!
Source=Paul Collins Startup list
[SMSSS Loader]
Number=9565
Confirmed=X
Filename=smsss.exe
Description=Added by the AGOBOT.MQ WORM!
Source=Paul Collins Startup list
[SMSSU]
Number=9566
Confirmed=X
Filename=SMSSU.EXE
Description=Hijacker, detected by Norton antivirus as Trojan.StartPage.O
Source=Paul Collins Startup list
[smsys]
Number=9567
Confirmed=X
Filename=Explorer.exe
Description=Added by the CLICKER-C TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in a "Template" subfolder
Source=Paul Collins Startup list
[smsys]
Number=9568
Confirmed=X
Filename=vi.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[SMSystemAnalyzer]
Number=9569
Confirmed=U
Filename=SMSystemAnalyzer.exe
Description=Part of the Iolo System Mechanic optimization tool
Source=Paul Collins Startup list
[sms_msn]
Number=9570
Confirmed=X
Filename=sms_msn.exe
Description=Added by an unknown WORM or TROJAN!
Source=Paul Collins Startup list
[sms_msn40]
Number=9571
Confirmed=X
Filename=sms_msn40.exe
Description=Added by an unknown WORM or TROJAN infection
Source=Paul Collins Startup list
[Smt]
Number=9572
Confirmed=U
Filename=SMT.exe
Description=Win-Spy keyboard logger/monitoring software - remove unless you installed it yourself
Source=Paul Collins Startup list
[SMToolbar]
Number=9573
Confirmed=N
Filename=SMToolbar.exe
Description=StartMake.com toolbar
Source=Paul Collins Startup list
[SMTP32 Mailing Protocol]
Number=9574
Confirmed=X
Filename=smtp32.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[SmWizard]
Number=9575
Confirmed=?
Filename=SmWizard.exe
Description=SmartWizard MFC Application - associated with C-Media who produce audio chipsets commonly used for on-board sound on motherboards. What does it do and is it required?
Source=Paul Collins Startup list
[SN Messenger]
Number=9576
Confirmed=X
Filename=msnmsgr.exe
Description=Added by the RBOT-AVP WORM!
Source=Paul Collins Startup list
[snapple]
Number=9577
Confirmed=X
Filename=snapple.exe
Description=Added by the FORBOT-EG WORM!
Source=Paul Collins Startup list
[snbr]
Number=9578
Confirmed=?
Filename=snbr.exe
Description=??
Source=Paul Collins Startup list
[snbupt]
Number=9579
Confirmed=X
Filename=snbupt.exe
Description=UpSpiralBar adware
Source=Paul Collins Startup list
[sncntr]
Number=9580
Confirmed=X
Filename=sncntr.exe
Description=Added by the DLUCA-I TROJAN!
Source=Paul Collins Startup list
[SNCT511]
Number=9581
Confirmed=?
Filename=vsnct511.exe
Description=Unidentified "Snapshot Viewer"- what does it do and is it required?
Source=Paul Collins Startup list
[snd332]
Number=9582
Confirmed=X
Filename=snd332.exe
Description=Added by the B1LD0 AIM WORM!
Source=Paul Collins Startup list
[Sndcompat]
Number=9583
Confirmed=X
Filename=Sndcompat.exe
Description=Added by the GEMA TROJAN!
Source=Paul Collins Startup list
[sndmi13]
Number=9584
Confirmed=U
Filename=vsndmi13.exe
Description=Driver for DualCam cameras - that combine the best features of a digital still camera and a webcam
Source=Paul Collins Startup list
[SNDMon]
Number=9585
Confirmed=U
Filename=SNDMon.exe
Description=Part of Symantec's LiveUpate (eg, Norton). Not required if you run manual updates but probably require if you leave them to run automatically. Also, if one runs a small office network and SNDMon is disabled on one of the computers – then other computers disappear from the network for this computer, including shared devices like printers and scanners. Hence the "U" recommendation
Source=Paul Collins Startup list
[Sndsaver]
Number=9586
Confirmed=X
Filename=Sndsaver.exe
Description=Added by the GEMA TROJAN!
Source=Paul Collins Startup list
[sndsrvc]
Number=9587
Confirmed=?
Filename=SNDSRVC.EXE
Description=Part of Norton Personal Firewall and Norton Internet Security - what does it do and is it required?
Source=Paul Collins Startup list
[SNInstall]
Number=9588
Confirmed=X
Filename=[various filenames]
Description=Spy Sheriff/SpywareNO malware, also detected as the SPYHOAX-A TROJAN, pretends to be a spyware remover! - file names spotted sofar include VXH8JKDQ2.EXE, NS6281400.so, CVXH8JKDQ2.EXE, down3.exe, sefe.exe, winstall.exe, and tool2.exe
Source=Paul Collins Startup list
[Snippet]
Number=9589
Confirmed=U
Filename=SnippingTool.exe
Description=The Snipping Tool (part of the Experience Pack for Tablet PC) allows you to easily "cut out" anything on screen and share it with other people. The whole screen becomes an "inkable" surface that you can add comments to and mark up however you like. You can then save that annotated image to use later, or send it to someone else in an E-mail message
Source=Paul Collins Startup list
[SNM]
Number=9590
Confirmed=U
Filename=SNM.exe
Description=SpyNoMore anti-spyware
Source=Paul Collins Startup list
[SnoopFreeUI]
Number=9591
Confirmed=U
Filename=SnoopFreeUI.exe
Description=Anti-keylogging software made by SnoopFree Software
Source=Paul Collins Startup list
[SNP Generic Host Process]
Number=9592
Confirmed=X
Filename=svchost.exe
Description=Added by the ZAPCHAS-O TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[snp2std]
Number=9593
Confirmed=N
Filename=vsnp2std.exe
Description=Digital camera related
Source=Paul Collins Startup list
[snpstd]
Number=9594
Confirmed=?
Filename=vsnpstd.exe
Description=Sonix PC Camera Monitor MFC Application. What does it do and is it required?
Source=Paul Collins Startup list
[SNPSTD2]
Number=9595
Confirmed=?
Filename=vsnpstd2.exe
Description=CameraMonitor MFC Application. Appears to be related to a USB connection to a digital camera -is it required?
Source=Paul Collins Startup list
[snpstd3]
Number=9596
Confirmed=Y
Filename=vsnpstd3.exe
Description=Sonix Inc. Camera Monitor MFC Application
Source=Paul Collins Startup list
[Snsicon]
Number=9597
Confirmed=N
Filename=Snsicon.exe
Description=Launches a screensaver program from Second Nature
Source=Paul Collins Startup list
[SNSS.EXE]
Number=9598
Confirmed=X
Filename=SNSS.EXE
Description=Added by the Nunci premium rate dialer
Source=Paul Collins Startup list
[snvc]
Number=9599
Confirmed=X
Filename=snvc.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[SO5 Integrator Pass One]
Number=9600
Confirmed=?
Filename=sointgr.exe
Description=StarOffice 5. See here for more details
Source=Paul Collins Startup list
[SO5 Integrator Pass Two]
Number=9601
Confirmed=?
Filename=sointgr.exe
Description=StarOffice 5. See here for more details
Source=Paul Collins Startup list
[Soar]
Number=9602
Confirmed=X
Filename=Rwon.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[Social Security Agency]
Number=9603
Confirmed=X
Filename=rpcxsocsa.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Sock32]
Number=9604
Confirmed=X
Filename=sock32.exe
Description=Added by the SDBOT TROJAN!
Source=Paul Collins Startup list
[Socket Utility]
Number=9605
Confirmed=X
Filename=svchostz.exe
Description=Added by the DAEMONI-E TROJAN!
Source=Paul Collins Startup list
[Socket Utility]
Number=9606
Confirmed=X
Filename=socket.exe
Description=Added by the DAEMONI-E TROJAN!
Source=Paul Collins Startup list
[Socket Utility]
Number=9607
Confirmed=X
Filename=svchostz.exe
Description=Added by the DAEMONI-E TROJAN!
Source=Paul Collins Startup list
[SoDA Startup]
Number=9608
Confirmed=Y
Filename=SodaStartup.exe
Description=Used by the IBM Rational SoDA project management tool. Unsure of it's actual purpose but it's recommended you leave it enabled if you use the software
Source=Paul Collins Startup list
[soffice]
Number=9609
Confirmed=N
Filename=SOFFICE.EXE
Description=Displays StarOffice quick start applet in System tray. Right clicking on the icon allows rapid starting up of components of the StarOffice 6.0 suite. Available via Start -> Programs. Automatically started when any StarOffice 6.0 component is started from the Start -> Programs. A resource hog (it eats > 16 MB of memory).
Source=Paul Collins Startup list
[Soft Profile Inc]
Number=9610
Confirmed=X
Filename=hxdef.exe...
Description=Added by a variant of the LOVGATE WORM!
Source=Paul Collins Startup list
[softIce Update 32]
Number=9611
Confirmed=X
Filename=wininits.exe
Description=Added by the RBOT-ANB WORM!
Source=Paul Collins Startup list
[SoftickPPP]
Number=9612
Confirmed=U
Filename=PPPGate.exe
Description=Softick PPP is a Microsoft Windows driver that allows to establish PPP session between Palm powered devices and Microsoft Windows desktop computer
Source=Paul Collins Startup list
[SOFTinst]
Number=9613
Confirmed=Y
Filename=N/A
Description=For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out
Source=Paul Collins Startup list
[SoftStuff Wallpaper Changer]
Number=9614
Confirmed=U
Filename=softstrt.exe
Description=AzureBay wallpaper changer
Source=Paul Collins Startup list
[Software]
Number=9615
Confirmed=X
Filename=software.exe
Description=Added by the CRABTON-B TROJAN!
Source=Paul Collins Startup list
[SoftwareStation]
Number=9616
Confirmed=U
Filename=station.exe
Description=eAcceleration Stop-Sign security software related. Previously not recommended, see here
Source=Paul Collins Startup list
[Solo Sentry]
Number=9617
Confirmed=Y
Filename=Solosent.exe
Description=Solo Antivirus
Source=Paul Collins Startup list
[SoloSchedule]
Number=9618
Confirmed=U
Filename=Solocfg.exe
Description=Scheduler for Solo Antivirus. Leave enabled unless you scan manually on a regular basis
Source=Paul Collins Startup list
[SoloSysCheck]
Number=9619
Confirmed=U
Filename=Syscheck.exe
Description=Solo antivirus System Integrity Check - Monitors system registry, system.ini, win.ini and startup to protect you from new Internet Worms and Backdoors
Source=Paul Collins Startup list
[somatic]
Number=9620
Confirmed=X
Filename=somatic.exe
Description=Searchcentrix hijacker
Source=Paul Collins Startup list
[Sonic A3D Control]
Number=9621
Confirmed=N
Filename=vrtxctrl.exe
Description=Sound related options
Source=Paul Collins Startup list
[Sonic RecordNow!]
Number=9622
Confirmed=X
Filename=smsc.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[SoniqueQuickStart]
Number=9623
Confirmed=N
Filename=sqstart.exe
Description=Quickstart for the discontinued Sonique audio player. Available via Start -> Programs
Source=Paul Collins Startup list
[SonnReg]
Number=9624
Confirmed=?
Filename=SonnReg.exe
Description=Now superseeded by ColorWizzard - 3Deep corrected lighting, shading and color for all your 2D and 3D games. Possibly a registration reminder?
Source=Paul Collins Startup list
[SonudMan]
Number=9625
Confirmed=X
Filename=SonudMan.exe
Description=Added by the STARTPAGE.Q TROJAN!
Source=Paul Collins Startup list
[SonudMan]
Number=9626
Confirmed=X
Filename=WNILOGON.exe
Description=Added by the QQROB-DC TROJAN! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[SonudMon]
Number=9627
Confirmed=X
Filename=SonudMon.exe
Description=Added by the LEWOR-J TROJAN!
Source=Paul Collins Startup list
[SonyPowerCfg]
Number=9628
Confirmed=U
Filename=SPMgr.exe
Description=Related to Sony VAIO Power Management Module installed on laptops and provides additional configuration options for these devices. This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems
Source=Paul Collins Startup list
[Soot]
Number=9629
Confirmed=?
Filename=rcea.exe
Description=??
Source=Paul Collins Startup list
[sophagnt]
Number=9630
Confirmed=?
Filename=sophagnt.exe
Description=Possibly related to Sophocles Screenwriting Software?
Source=Paul Collins Startup list
[SOProc_RegSoAlertWxLiteNnAj]
Number=9631
Confirmed=X
Filename=rundll32 shell32.dll, ShellExec_RunDLL [path] soproc.exe
Description=Advertising by SoftwareOnline - monitors your browsing habits and distributes the data back to the author's servers for analysis
Source=Paul Collins Startup list
[SOS]
Number=9632
Confirmed=X
Filename=SOS.exe
Description=Added by the PHILIS VIRUS!
Source=Paul Collins Startup list
[SoSyncMonitor]
Number=9633
Confirmed=?
Filename=SoSyncMonitor.exe
Description=SuperOffice related. What does it do and is it required?
Source=Paul Collins Startup list
[Sound Loader]
Number=9634
Confirmed=X
Filename=sndloader.exe
Description=Added by the AGOBOT-BV WORM!
Source=Paul Collins Startup list
[Sound services]
Number=9635
Confirmed=X
Filename=SOUND32.EXE
Description=Added by the AGOBOT.GG WORM!
Source=Paul Collins Startup list
[Sound System]
Number=9636
Confirmed=X
Filename=WinSound1.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[soundcontrl]
Number=9637
Confirmed=X
Filename=soundcontrl.exe
Description=Added by the GAOBOT.AFJ WORM!
Source=Paul Collins Startup list
[sounddrv]
Number=9638
Confirmed=X
Filename=sndbdrv3104.exe
Description=CoolWebSearch parasite variant
Source=Paul Collins Startup list
[SoundFusion]
Number=9639
Confirmed=?
Filename=rundll32 cwcprops.cpl
Description=Control panel item for the Terratec DMX Xfire 1024 soundcard (Start -> Settings -> Control Panel) based upon a Cirrus Logic "SoundFusion" DSP. Does it need to run at start-up every time?
Source=Paul Collins Startup list
[SoundFusion]
Number=9640
Confirmed=?
Filename=rundll32 hercplgs.cpl, BootEntryPoint
Description=Control panel item for Hercules Fortissimo soundcards (Start -> Settings -> Control Panel) based upon a Cirrus Logic "SoundFusion" DSP. Does it need to run at start-up every time?
Source=Paul Collins Startup list
[SoundFusion]
Number=9641
Confirmed=?
Filename=RunDll32 cwaprops.cpl, C25CrystalControlWnd
Description=Control panel item for a Terratec soundcard (Start -> Settings -> Control Panel) based upon a Cirrus Logic "SoundFusion" DSP. Does it need to run at start-up every time?
Source=Paul Collins Startup list
[SoundMam]
Number=9642
Confirmed=X
Filename=SVOHOST.exe
Description=Added by the QQROB-AAL TROJAN!
Source=Paul Collins Startup list
[soundman]
Number=9643
Confirmed=N
Filename=soundman.exe
Description=System Tray icon for the Realtek AC97 Audio Sound Manager for AC97 onboard audio. Available via Start -> Settings-> Control Panel
Source=Paul Collins Startup list
[SOUNDMAN Microsoft Help]
Number=9644
Confirmed=X
Filename=soun.pif
Description=Added by the RBOT-AIU WORM!
Source=Paul Collins Startup list
[SoundMAX]
Number=9645
Confirmed=N
Filename=SMax4.exe
Description=System Tray icon for SoundMax integrated sound. Sound properties can be accessed through the Start Menu or Control Panel
Source=Paul Collins Startup list
[SoundMAX]
Number=9646
Confirmed=X
Filename=SoundMAX.exe
Description=Added by the RIZON-A WORM! Note - this file is placed in the Startup folder itself, and has NO relation to SoundMax sound cards!
Source=Paul Collins Startup list
[SoundMax Audio Drivers]
Number=9647
Confirmed=X
Filename=SndMAX.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[SoundMAXPnP]
Number=9648
Confirmed=U
Filename=SMax4PNP.exe
Description=SoundMax integrated sound. Required if you have custom settings for your sound, such as effects and environments
Source=Paul Collins Startup list
[soundmix]
Number=9649
Confirmed=X
Filename=soundmix.exe
Description=Added by the AGENT.PGV WORM!
Source=Paul Collins Startup list
[SoundMixer]
Number=9650
Confirmed=X
Filename=smvss.exe
Description=Added by the DEDLER-G TROJAN!
Source=Paul Collins Startup list
[Soundmx]
Number=9651
Confirmed=X
Filename=Soundmx.exe
Description=CoolWebSearch Tapicfg parasite variant
Source=Paul Collins Startup list
[soundtask]
Number=9652
Confirmed=X
Filename=soundtask.exe
Description=Added by the AGOBOT-MD WORM!
Source=Paul Collins Startup list
[soundtasks]
Number=9653
Confirmed=X
Filename=soundtasks.exe
Description=Added by a variant of the CRYPTER.C TROJAN!
Source=Paul Collins Startup list
[soundtctrls]
Number=9654
Confirmed=X
Filename=soundtctrls.exe
Description=Added by the AGOBOT-ZV WORM!
Source=Paul Collins Startup list
[SoundView]
Number=9655
Confirmed=X
Filename=msdview32.exe
Description=Trojan downloader
Source=Paul Collins Startup list
[sounofts]
Number=9656
Confirmed=X
Filename=sounofts.exe
Description=Added by the AGOBOT-ND WORM!
Source=Paul Collins Startup list
[sountskmanager]
Number=9657
Confirmed=X
Filename=sountaskmgr
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[SourcePath]
Number=9658
Confirmed=N
Filename=gwreg.exe
Description=Used to update Gateway registry settings for System Restoration Kit and Web update programs
Source=Paul Collins Startup list
[sp]
Number=9659
Confirmed=X
Filename=sp.reg
Description=IE search hijacker - changes the default search to http://www.gocybersearch.com/
Source=Paul Collins Startup list
[sp]
Number=9660
Confirmed=X
Filename=regedit-s .... sp.dll
Description=Malicious javascript annoyance that changes the default search engine in IE to one of many including "topsearcher". See here for more and a fix
Source=Paul Collins Startup list
[sp]
Number=9661
Confirmed=X
Filename=se.dll, DllInstall
Description=Added by the Startpage.M hijacker
Source=Paul Collins Startup list
[sp]
Number=9662
Confirmed=X
Filename=rundll32 (Path to Trojan DLL), DllInstall
Description=Added by the ABLANK-W and ABLANK-Z TROJANS!
Source=Paul Collins Startup list
[SP TimeSync]
Number=9663
Confirmed=U
Filename=SP TimeSync.exe
Description=SP TimeSync lets you synchronize your computer's clock with any Internet atomic clock (time server)
Source=Paul Collins Startup list
[SP00LSV]
Number=9664
Confirmed=X
Filename=Sp00lsv.exe
Description=Added by the GRAYBIRD.E TROJAN!
Source=Paul Collins Startup list
[SP2 Connection Patcher]
Number=9665
Confirmed=U
Filename=SP2ConnPatcher.exe
Description=Changes limit of concurrent TCP connections of Windows Service Pack 2
Source=Paul Collins Startup list
[SP2 data]
Number=9666
Confirmed=X
Filename=[path] repcale.exe [path] apc.exe
Description=Added by a variant of the RANDON.AN WORM!
Source=Paul Collins Startup list
[SP2 Firewall/Internet Updater]
Number=9667
Confirmed=X
Filename=crssrs.exe
Description=Added by the RBOT.BJO WORM!
Source=Paul Collins Startup list
[sp2chk.exe]
Number=9668
Confirmed=X
Filename=sp2chk.exe
Description=Added by the ALUROOT.A TROJAN!
Source=Paul Collins Startup list
[sp2ctr]
Number=9669
Confirmed=X
Filename=sp2ctr.exe
Description=Added by the DLUCA-M TROJAN!
Source=Paul Collins Startup list
[sp2fwxp]
Number=9670
Confirmed=X
Filename=sp2fwxp.exe
Description=Added by the SMALL.ABW TROJAN!
Source=Paul Collins Startup list
[sp2update]
Number=9671
Confirmed=X
Filename=sp2update.exe
Description=SP2Update adware! Tracks URLs visited and search terms entered into Internet Explorer
Source=Paul Collins Startup list
[Spam Blocker for Outlook Express]
Number=9672
Confirmed=X
Filename=SBInst.exe
Description=HotBar related
Source=Paul Collins Startup list
[SPAM FIREWALL]
Number=9673
Confirmed=X
Filename=mfirewall.exe
Description=Added by the SDBOT.AOU WORM!
Source=Paul Collins Startup list
[Spam Sleuth]
Number=9674
Confirmed=U
Filename=SpamSleuth.exe
Description=Spam Sleuth E-mail spam detection program
Source=Paul Collins Startup list
[SpamBlocker]
Number=9675
Confirmed=X
Filename=SbOEAddOn.exe
Description=Related to Hotbar's Weather Forecast tool for your desktop
Source=Paul Collins Startup list
[SPAMfighter Agent]
Number=9676
Confirmed=U
Filename=SFAgent.exe
Description=SPAMfighter anti email spam filter
Source=Paul Collins Startup list
[spamihilator]
Number=9677
Confirmed=U
Filename=spamihilator.exe
Description=Spamihilator - spam filter
Source=Paul Collins Startup list
[SpamPal]
Number=9678
Confirmed=U
Filename=spampal.exe
Description=SpamPal - anti-spam tool
Source=Paul Collins Startup list
[SpamSubtract]
Number=9679
Confirmed=U
Filename=SpamSubtract.exe
Description=Intermute SpamSubtract - junk email detection and removal program
Source=Paul Collins Startup list
[Spark]
Number=9680
Confirmed=U
Filename=Spark.exe
Description=Spark instant messaging server
Source=Paul Collins Startup list
[spc_w]
Number=9681
Confirmed=N
Filename=hcm.exe
Description=NetZero Search Enhancement related
Source=Paul Collins Startup list
[spc_w]
Number=9682
Confirmed=N
Filename=blspc.exe
Description=NetZero Search Enhancement related
Source=Paul Collins Startup list
[spc_w]
Number=9683
Confirmed=N
Filename=nzspc.exe
Description=NetZero Search Enhancement related
Source=Paul Collins Startup list
[Spdstart]
Number=9684
Confirmed=N
Filename=Spdstart.exe
Description=Norton Utilities Speed Start. "This feature optimizes the start up speed of launching applications, such as Word and Excel."
Source=Paul Collins Startup list
[Speaking Clock Deluxe]
Number=9685
Confirmed=U
Filename=SpClDlx.exe
Description=Speaking Clock Deluxe - turns your computer into a speaking clock with several languages. It can also keep track of up to 50 alarms that can be set to a time and a date, and be repeated daily, weekly, monthly and yearly
Source=Paul Collins Startup list
[Special Firewall Service]
Number=9686
Confirmed=X
Filename=avguard.exe
Description=Added by the NETSKY.G WORM!
Source=Paul Collins Startup list
[SpecialOffers]
Number=9687
Confirmed=X
Filename=SpecialOffers*.exe [* = digit]
Description=SpecialOffers adware
Source=Paul Collins Startup list
[SpecialOffers]
Number=9688
Confirmed=X
Filename=SpecialOffers.exe
Description=SpecialOffers adware
Source=Paul Collins Startup list
[specific]
Number=9689
Confirmed=X
Filename=specixic.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Speed racer]
Number=9690
Confirmed=N
Filename=CTSRReg.exe
Description=Software for a Creative sound card
Source=Paul Collins Startup list
[Speed Tec]
Number=9691
Confirmed=U
Filename=speedtec.exe
Description=Accel SpeedTec from Montana Software speeds up your modem. SpeedTec modifies the Internet Protocol settings in the Windows registry to speed downloads on all modems. If you find this improves your connectivity and download speeds leave this enabled
Source=Paul Collins Startup list
[SpeedBoss]
Number=9692
Confirmed=X
Filename=[worm filename]
Description=Added by the OPASERV.AD WORM!
Source=Paul Collins Startup list
[SpeedItUp]
Number=9693
Confirmed=U
Filename=SPEEDITUP.EXE
Description=Speed It Up - "all in one Speed Booster designed to significantly increase the speed of your computer and boost your PC available memory"
Source=Paul Collins Startup list
[Speedkey]
Number=9694
Confirmed=U
Filename=SPEEDKEY.EXE
Description=Additional keyboard shortcuts on MS programmable keyboard
Source=Paul Collins Startup list
[SpeedMeter]
Number=9695
Confirmed=U
Filename=SpeedMeter.exe
Description=Application measuring upload and download speed
Source=Paul Collins Startup list
[SpeedOptimizer]
Number=9696
Confirmed=U
Filename=spo.exe
Description=SpeedOptimizer is designed to optimize and speed-up your Internet data transmission including browsing, streaming, downloading, uploading and e-mail communication
Source=Paul Collins Startup list
[SpeedswitchXP]
Number=9697
Confirmed=U
Filename=SpeedswitchXP.exe
Description=SpeedswitchXP is a CPU frequency control for notebooks running Windows XP
Source=Paul Collins Startup list
[Speedtouch USB Diagnostics]
Number=9698
Confirmed=U
Filename=Dragdiag.exe
Description=For an external Alcatel ADSL high-speed modem. A diagnostic tool and can be run from the Start menu when required. The only reason it might be useful on startup is if you like seeing an 'at-a-glance' status indicator on the taskbar (the icon is a different colour depending on the status of the device/line)
Source=Paul Collins Startup list
[SpeedUpMyPC]
Number=9699
Confirmed=U
Filename=SpeedUpMyPC.exe
Description=SpeedUpMyPC "automatically fine-tunes all your resources including hardware, system settings and internet usage to operate at peak performance at all times"
Source=Paul Collins Startup list
[Spees1]
Number=9700
Confirmed=X
Filename=speedy.scr
Description=Added by the OPASERV.Y WORM!
Source=Paul Collins Startup list
[Spees2]
Number=9701
Confirmed=X
Filename=Speedy.bat
Description=Added by the OPASERV.AD WORM!
Source=Paul Collins Startup list
[Spees3]
Number=9702
Confirmed=X
Filename=SPEEDY.PIF
Description=Added by the OPASERV.AD WORM!
Source=Paul Collins Startup list
[Spellex Anywhere]
Number=9703
Confirmed=N
Filename=sa.exe
Description=Spellex-Anywhere - adds spell checking functionality to almost any Window program. Create a shortcut and run manually before it's to be used
Source=Paul Collins Startup list
[SpIDerMail]
Number=9704
Confirmed=Y
Filename=spiderml.exe
Description=DrWeb antivirus Spider Mail e-mail scanner
Source=Paul Collins Startup list
[Spinner Plus]
Number=9705
Confirmed=N
Filename=spinner.exe
Description="Spinner Plus lets you listen to over 100 channels of music broadcast from Spinner.com. Spinner Plus uses RealNetwork's G2 technology to provide high-quality online audio. The technology adjusts the audio streaming to match your Internet connection speed, which helps eliminate sound distortion or choppiness". Available via Start -> Programs
Source=Paul Collins Startup list
[SPINX]
Number=9706
Confirmed=X
Filename=Wscript.exe OXNEY.B.VBS
Description=Added by the YENO.B and YENO.C WORMS!
Source=Paul Collins Startup list
[SPnt]
Number=9707
Confirmed=X
Filename=SPnt.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[SpokeSysTray]
Number=9708
Confirmed=U
Filename=SpokeSysTray.exe
Description=Spoke Software client application. Spoke "uses data in your e-mail and other enterprise information systems to discover the existing relationships of people in your enterprise. It then builds a private, secure relationship network for each user without any additional manual data entry"
Source=Paul Collins Startup list
[spolsvr2]
Number=9709
Confirmed=X
Filename=spolsvr2.exe
Description=Added by the EVILSOCK.10 TROJAN! Note - this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
Source=Paul Collins Startup list
[spoo1sv]
Number=9710
Confirmed=X
Filename=spoo1sv.exe
Description=Added by the SOULJET TROJAN!
Source=Paul Collins Startup list
[Spool]
Number=9711
Confirmed=X
Filename=[path to trojan]
Description=Added by the RANKY.R TROJAN!
Source=Paul Collins Startup list
[Spool]
Number=9712
Confirmed=X
Filename=wys.exe
Description=WhileUSurf adware
Source=Paul Collins Startup list
[SPOOL Configuration]
Number=9713
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the SDBOT-KD WORM!
Source=Paul Collins Startup list
[Spool Loader]
Number=9714
Confirmed=N
Filename=spool.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Spool LoadKIt]
Number=9715
Confirmed=X
Filename=spoolv.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Spool lptt01]
Number=9716
Confirmed=X
Filename=spool.exe
Description=RapidBlaster variant (in a "spool" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
Source=Paul Collins Startup list
[Spool Manager]
Number=9717
Confirmed=X
Filename=spoolsrv.exe
Description=Added by the BANKER-FR TROJAN!
Source=Paul Collins Startup list
[Spool ml097e]
Number=9718
Confirmed=X
Filename=spool.exe
Description=RapidBlaster variant (in a "spool" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
Source=Paul Collins Startup list
[Spool32]
Number=9719
Confirmed=X
Filename=pool32.exe
Description=Added by the ASSASIN-F TROJAN!
Source=Paul Collins Startup list
[spoolax]
Number=9720
Confirmed=X
Filename=[path to trojan]
Description=Added by the PERDA-D TROJAN!
Source=Paul Collins Startup list
[Spooler Service]
Number=9721
Confirmed=X
Filename=Spoolsrv.exe
Description=Added by the JOINER.C1 TROJAN!
Source=Paul Collins Startup list
[Spooler Sub System Process]
Number=9722
Confirmed=X
Filename=SPOOL32.EXE
Description=Added by the YAB.A TROJAN!
Source=Paul Collins Startup list
[Spooler Subsystem]
Number=9723
Confirmed=X
Filename=spoolsub.exe
Description=Added by the SDBOT-ABG TROJAN!
Source=Paul Collins Startup list
[Spooler SubSystem App]
Number=9724
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the POEBOT-J WORM!
Source=Paul Collins Startup list
[Spooler SubSystem App]
Number=9725
Confirmed=X
Filename=spooIsv.exe
Description=Added by the LINKBOT.M WORM!
Source=Paul Collins Startup list
[Spooler SubSystem Application]
Number=9726
Confirmed=X
Filename=localsvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Spooler SubSystem Application]
Number=9727
Confirmed=X
Filename=netsvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Spooler SubSystem Application]
Number=9728
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Spooler SubSystem Application]
Number=9729
Confirmed=X
Filename=svcadmin.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Spooler SubSystem Application]
Number=9730
Confirmed=X
Filename=svcman.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Spooler SubSystem Application]
Number=9731
Confirmed=X
Filename=svcrun.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Spooler SubSystem Application]
Number=9732
Confirmed=X
Filename=tcpsvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Spooler SubSystem Application]
Number=9733
Confirmed=X
Filename=websvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Spooler Subsytem App]
Number=9734
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the SDBOT-MM WORM!
Source=Paul Collins Startup list
[SpoolerSubSystemProcess]
Number=9735
Confirmed=X
Filename=SpooI32.exe
Description=Added by the EHKS.21 keylogger! Note - the "I" between "o" and "3" is a capital "i" not a lower case "L"
Source=Paul Collins Startup list
[Spools Service Controller]
Number=9736
Confirmed=X
Filename=spools.exe
Description=Added by the KASSBOT-C WORM!
Source=Paul Collins Startup list
[spoolserv]
Number=9737
Confirmed=X
Filename=spoolserv.exe
Description=Added by the SDBOT-PN WORM!
Source=Paul Collins Startup list
[SpoolService]
Number=9738
Confirmed=X
Filename=spolsv.exe
Description=Added by the AGOBOT-CS WORM!
Source=Paul Collins Startup list
[Spoolsv]
Number=9739
Confirmed=X
Filename=Spoolsv.exe
Description=Added by the CIADOOR.121 VIRUS! Note - "Spoolsv.exe" is located in the Windows or Winnt directory, and not in System32, like the legitimate Spoolsv.exe system file
Source=Paul Collins Startup list
[spoolsv]
Number=9740
Confirmed=X
Filename=scvhosts.exe
Description=Added by the SMALL-AW TROJAN!
Source=Paul Collins Startup list
[spoolsv]
Number=9741
Confirmed=X
Filename=svchost.exe
Description=Added by the DLOADER-FI TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "HELP" subfolder of the Winnt or Windows folder
Source=Paul Collins Startup list
[spoolsv]
Number=9742
Confirmed=X
Filename=spoclsv.exe
Description=Added by the Fujacks-M WORM!
Source=Paul Collins Startup list
[spoolsv manager]
Number=9743
Confirmed=X
Filename=SpoolMgr.exe
Description=Added by the ASSIRAL WORM!
Source=Paul Collins Startup list
[spoolsv service]
Number=9744
Confirmed=X
Filename=spoolsv32.exe
Description=Added by the RBOT-AHP WORM!
Source=Paul Collins Startup list
[SPOOLSV32]
Number=9745
Confirmed=X
Filename=SPOOLSV32.EXE
Description=Added by the CWS-I or HAZIF-B TROJANS!
Source=Paul Collins Startup list
[spoolsvc]
Number=9746
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the DROPPER-AT TROJAN!
Source=Paul Collins Startup list
[spoolsvr32]
Number=9747
Confirmed=X
Filename=csmss.exe
Description=Added by the AGENT-AU TROJAN!
Source=Paul Collins Startup list
[spoolsvr32]
Number=9748
Confirmed=X
Filename=csmss32.exe
Description=Added by a variant of the AGENT-AU TROJAN!
Source=Paul Collins Startup list
[spoolsvs.exe]
Number=9749
Confirmed=X
Filename=spoolsvs.exe
Description=Added by the DLOADER-RK TROJAN!
Source=Paul Collins Startup list
[SPOOLSVU]
Number=9750
Confirmed=X
Filename=SPOOLSVU.EXE
Description=Added by the STARTPAGE.K hijacker
Source=Paul Collins Startup list
[spoolsvv]
Number=9751
Confirmed=X
Filename=spoolsvv.exe
Description=Searchcentrix hijacker
Source=Paul Collins Startup list
[Spoolvs]
Number=9752
Confirmed=X
Filename=spoolvs.exe
Description=Added by the SDBOT.AUS WORM!
Source=Paul Collins Startup list
[Spore]
Number=9753
Confirmed=X
Filename=MsNews.vbs
Description=Added by the SPORE.A WORM!
Source=Paul Collins Startup list
[Spore.b]
Number=9754
Confirmed=X
Filename=Scmhlpr.vbs
Description=Added by the SPORE.B WORM!
Source=Paul Collins Startup list
[SPP]
Number=9755
Confirmed=?
Filename=run.exe
Description=??
Source=Paul Collins Startup list
[spp]
Number=9756
Confirmed=X
Filename=regedit -s spp.reg
Description=IE search hijacker - changes the default search to http://www.hotsearchbox.com/ie/
Source=Paul Collins Startup list
[sppbridge]
Number=9757
Confirmed=?
Filename=sppbridge.exe
Description=Associated with an Anycom bluetooth wireless card on laptops - used for printing to portable printers for example. Is it required or can it be started manually?
Source=Paul Collins Startup list
[SprintPort]
Number=9758
Confirmed=?
Filename=SprintPortA.exe
Description=Novatel wireless modem related. What does it do and is it required?
Source=Paul Collins Startup list
[SpriteService]
Number=9759
Confirmed=U
Filename=SpriteService.exe
Description=Sprite Backup is a backup application for Windows Mobile Pocket PC or Smartphone
Source=Paul Collins Startup list
[SPSTEALT]
Number=9760
Confirmed=U
Filename=SmartProtectorPro.exe
Description=Smart Protector Pro - internet privacy tool that erases tracks, MRU lists, etc
Source=Paul Collins Startup list
[spstore]
Number=9761
Confirmed=?
Filename=storesp.exe
Description=Softprobe - program designed to provide managers with an analysis of an individuals computer use who are under their supervision. This program is NOT related to Winpup
Source=Paul Collins Startup list
[Spy Blocker]
Number=9762
Confirmed=U
Filename=spyblocker.exe
Description=SpyBlocker blocks the communications of spyware installed on a PC so spyware runs but can't exchange data with the server to which it should report. Ensuring spyware can't communicate is important, as you may find after using Ad-Aware that some applications containing spyware subsystems may not run correctly or at all
Source=Paul Collins Startup list
[Spy Protector]
Number=9763
Confirmed=U
Filename=SpyProtector.exe
Description=Included in the full version of Security Task Manager, Spy Protector prevents keyboard and mouse monitoring, warns when the registry is changed and eliminates internet activity and work traces
Source=Paul Collins Startup list
[Spy-Control]
Number=9764
Confirmed=N
Filename=Spy-Control.exe
Description=Spyware remover - not recommended, see here
Source=Paul Collins Startup list
[Spy-Keylogger]
Number=9765
Confirmed=U
Filename=skl.exe
Description=SpyKeylogger keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list
[SpyAxe]
Number=9766
Confirmed=N
Filename=spyaxe.exe
Description=Spyware remover - not recommended, see here. For removal instructions see here
Source=Paul Collins Startup list
[SpyBan]
Number=9767
Confirmed=N
Filename=SpyBan.exe
Description=Spyware remover - not recommended, see here
Source=Paul Collins Startup list
[SpyBlast]
Number=9768
Confirmed=X
Filename=SpyBlast.exe
Description=Spyware killer that is in effect autoinstalled foistware, targeted by SpyBot, among others
Source=Paul Collins Startup list
[SpyBlocker]
Number=9769
Confirmed=U
Filename=spyblocker.exe
Description=SpyBlocker blocks the communications of spyware installed on a PC so spyware runs but can't exchange data with the server to which it should report. Ensuring spyware can't communicate is important, as you may find after using Ad-Aware that some applications containing spyware subsystems may not run correctly or at all
Source=Paul Collins Startup list
[SpyBlocs]
Number=9770
Confirmed=N
Filename=SpyBlocs.exe
Description=Spyware remover - not recommended, see here
Source=Paul Collins Startup list
[SpyBlocs3.0]
Number=9771
Confirmed=N
Filename=SpyBlocs3.0.exe
Description=Spyware remover - not recommended, see here
Source=Paul Collins Startup list
[SpybotSD TeaTimer]
Number=9772
Confirmed=Y
Filename=TeaTimer.exe
Description=TeaTimer is a permanent process and registry monitor of the Spybot S&D system protector which perpetually monitors the processes called/initiated. Detects processes wanting to start and gives you options on how to deal with this process in the future
Source=Paul Collins Startup list
[SpyBotSnD]
Number=9773
Confirmed=U
Filename=Spybotsd.exe
Description=Spybot - Search & Destroy - free multi-spyware removal tool from Safer Networking Ltd.
Source=Paul Collins Startup list
[Spybott lptt01]
Number=9774
Confirmed=X
Filename=spybott.exe
Description=RapidBlaster variant (in a "Spybott" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
Source=Paul Collins Startup list
[Spybott ml097e]
Number=9775
Confirmed=X
Filename=spybott.exe
Description=RapidBlaster variant (in a "Spybott" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
Source=Paul Collins Startup list
[SpyClean]
Number=9776
Confirmed=X
Filename=1ClickSpyClean.exe
Description=1 Click Spy Clean uses a database that was stolen from SpybotS&D. Not recommended, see here
Source=Paul Collins Startup list
[SpyCop ScanCheck]
Number=9777
Confirmed=U
Filename=MAIN.EXE
Description=SpyCop surveillance software detection - checks to see when your machine was last scanned and if it was more than a week asks if you want to scan
Source=Paul Collins Startup list
[SpyEmergency]
Number=9778
Confirmed=U
Filename=SpyEmergency.exe
Description=SpyEmergency security software from Netgate
Source=Paul Collins Startup list
[SpyEx]
Number=9779
Confirmed=X
Filename=Winllogo.exe
Description=Added by the PRSKEY-A WORM!
Source=Paul Collins Startup list
[SpyFighterMonitor]
Number=9780
Confirmed=N
Filename=SpyFighter.exe
Description=Spyware remover - not recommended, see here
Source=Paul Collins Startup list
[SpyFighterUpdate]
Number=9781
Confirmed=N
Filename=AutoUpdate.exe
Description=Spyware remover - not recommended, see here
Source=Paul Collins Startup list
[SpyHealer]
Number=9782
Confirmed=N
Filename=SpyHealer.exe
Description=Spyware remover - not recommended, see here
Source=Paul Collins Startup list
[SpyHeals]
Number=9783
Confirmed=X
Filename=SpyHeals.exe
Description=Smitfraud variant
Source=Paul Collins Startup list
[SpyHunter]
Number=9784
Confirmed=N
Filename=SpyHunter.exe
Description=Enigma SpyHunter - not recommended, see note
Source=Paul Collins Startup list
[Spykiller]
Number=9785
Confirmed=U
Filename=Spykiller.exe
Description=Spyware remover - older versions are not recommended, see here
Source=Paul Collins Startup list
[SpyNuker]
Number=9786
Confirmed=X
Filename=Spynuker.exe
Description=A "spyware removal program" by TrekBlue, which is being heavily advertised through junk e-mail from its affiliates and misleading fake-dialogue-box web advertising. This is the same company as E-mail marketers 'TrekData' and 'Blue Haven Media', who distribute spyware through ActiveX drive-by-download on web pages
Source=Paul Collins Startup list
[SpyOnThis Monitor]
Number=9787
Confirmed=N
Filename=SpyOnThisMonitor.exe
Description=Spyware remover - not recommended, see here
Source=Paul Collins Startup list
[SpyQuake2.com]
Number=9788
Confirmed=N
Filename=Spy-Quake2.exe
Description=Spyware remover - not recommended, see here
Source=Paul Collins Startup list
[SpySheriff]
Number=9789
Confirmed=X
Filename=SpySheriff.exe
Description=SpySheriff malware
Source=Paul Collins Startup list
[SpySpotter]
Number=9790
Confirmed=N
Filename=SpySpotter.exe
Description=Spyware remover - not recommended, see here
Source=Paul Collins Startup list
[SpyStopper]
Number=9791
Confirmed=U
Filename=spystopper.exe
Description=SpyStopper - blocks intrusive spyware, Web bugs, worms, scripts, advertisements, and cookies. Protects you from being profiled and tracked
Source=Paul Collins Startup list
[SpySubtract]
Number=9792
Confirmed=U
Filename=SpySub.exe
Description=SpySubtract - multi spyware removal tool
Source=Paul Collins Startup list
[SpySweeper]
Number=9793
Confirmed=U
Filename=SpySweeper.exe
Description=Spy Sweeper - detects and removes spyware
Source=Paul Collins Startup list
[SpySweeperEnterprise]
Number=9794
Confirmed=U
Filename=SpySweeperUI.exe
Description=User interface for Spy Sweeper Enterprise edition - "a centrally managed, scalable enterprise solution that provides best of breed protection against all types of malicious spyware, adware, and other harmful intruders"
Source=Paul Collins Startup list
[SpyTrooper]
Number=9795
Confirmed=X
Filename=SpyTrooper.exe
Description=SpyTrooper - malware posing as a spyware remover, see here
Source=Paul Collins Startup list
[Spyware]
Number=9796
Confirmed=N
Filename=Spyware.exe
Description=BPS spyware remover - not recommended, see here
Source=Paul Collins Startup list
[Spyware Begone]
Number=9797
Confirmed=U
Filename=SpywareBeGone.exe
Description=Spyware BeGone - spyware removal utility. Previously not recommended, see here
Source=Paul Collins Startup list
[Spyware Begone]
Number=9798
Confirmed=U
Filename=freescan.exe
Description=Spyware BeGone - spyware removal utility. Previously not recommended, see here
Source=Paul Collins Startup list
[Spyware Doctor]
Number=9799
Confirmed=U
Filename=spydoctor.exe
Description=Spyware Doctor spyware remover
Source=Paul Collins Startup list
[Spyware Doctor]
Number=9800
Confirmed=U
Filename=swdoctor.exe
Description=Spyware Doctor spyware remover
Source=Paul Collins Startup list
[Spyware Guard Control Panel]
Number=9801
Confirmed=U
Filename=spywar~1.exe
Description=
"SpywareGuard provides a real-time protection solution against spyware"
Source=Paul Collins Startup list
[Spyware Nuker]
Number=9802
Confirmed=U
Filename=swn2.exe
Description=Spyware removal program by TrekBlue. Previously not recommended but the latest version was delisted here
Source=Paul Collins Startup list
[Spyware Nuker Installer]
Number=9803
Confirmed=U
Filename=SpywareNukerInstaller.exe
Description=Spyware removal program by TrekBlue. Previously not recommended but the latest version was delisted here
Source=Paul Collins Startup list
[Spyware remover]
Number=9804
Confirmed=X
Filename=Remove_spyware.exe
Description=Unidentified, but not known to belong to any known spyware remover, and strongly suspected to be adware related!
Source=Paul Collins Startup list
[Spyware Scanner]
Number=9805
Confirmed=U
Filename=AseScanner.exe
Description=Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here and here
Source=Paul Collins Startup list
[SpyWare Shield]
Number=9806
Confirmed=U
Filename=Shield.exe
Description=Acronis Privacy Expert Spyware Shield prevents spyware and other suspicious programs from being installed on PCs
Source=Paul Collins Startup list
[Spyware Slayer]
Number=9807
Confirmed=N
Filename=SpywareSlayer.Exe
Description=Spyware remover - not recommended, see here
Source=Paul Collins Startup list
[Spyware Soft Stop]
Number=9808
Confirmed=N
Filename=Spyware Soft Stop.exe
Description=Spyware remover - not recommended, see here
Source=Paul Collins Startup list
[Spyware Stormer]
Number=9809
Confirmed=N
Filename=SpywareStormer.Exe
Description=Spyware remover - not recommended, see here
Source=Paul Collins Startup list
[Spyware Vanisher]
Number=9810
Confirmed=U
Filename=FreeScanner.exe
Description=Spyware Vanisher - spyware removal utility. Previously not recommended, see here
Source=Paul Collins Startup list
[Spyware X-terminator]
Number=9811
Confirmed=U
Filename=SpywareX.exe
Description=Spyware X-terminator - spyware remover
Source=Paul Collins Startup list
[Spyware-Cop]
Number=9812
Confirmed=N
Filename=Spyware-Cop.exe
Description=Spyware remover - not recommended, see here
Source=Paul Collins Startup list
[SpywareBot]
Number=9813
Confirmed=N
Filename=SpywareBot.exe
Description=Spyware remover - not recommended, see note
Source=Paul Collins Startup list
[spywarefighterguard]
Number=9814
Confirmed=U
Filename=spfprc.exe
Description=Spyware Fighter - anti spyware program
Source=Paul Collins Startup list
[SpywareGuard]
Number=9815
Confirmed=U
Filename=sgmain.exe
Description=
"SpywareGuard provides a real-time protection solution against spyware"
Source=Paul Collins Startup list
[SpywareGuard]
Number=9816
Confirmed=X
Filename=winproc32.exe
Description=Startpage adware Trojan
Source=Paul Collins Startup list
[SpywareGuard]
Number=9817
Confirmed=X
Filename=deinst_qfe001.exe
Description=Added by a variant of the Win32.Small TROJAN! - Do NOT confuse with the legitimate SpywareGuard application
Source=Paul Collins Startup list
[Spywareguard lptt01]
Number=9818
Confirmed=X
Filename=Spywareguard.exe
Description=RapidBlaster variant (in a "Spyguard" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
Source=Paul Collins Startup list
[Spywareguard ml097e]
Number=9819
Confirmed=X
Filename=Spywareguard.exe
Description=RapidBlaster variant (in a "Spyguard" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
Source=Paul Collins Startup list
[SpywareGuardPlus]
Number=9820
Confirmed=X
Filename=winmm64.exe
Description=StartPage.ht homepage hijacker
Source=Paul Collins Startup list
[SpywareKilla]
Number=9821
Confirmed=N
Filename=SpywareKilla.exe
Description=Spyware remover - not recommended, see here
Source=Paul Collins Startup list
[SpywareLocked]
Number=9822
Confirmed=N
Filename=SpywareLocked.exe
Description=Spyware remover - not recommended, see here
Source=Paul Collins Startup list
[SpywareLocked 3.5]
Number=9823
Confirmed=N
Filename=SpywareLocked 3.5.exe
Description=Spyware remover - not recommended, see here
Source=Paul Collins Startup list
[SpywareNo]
Number=9824
Confirmed=N
Filename=SpywareNo.exe
Description=Spyware remover - not recommended, see here
Source=Paul Collins Startup list
[SpywareQuake]
Number=9825
Confirmed=N
Filename=SpywareQuake.exe
Description=Spyware remover - not recommended, see here
Source=Paul Collins Startup list
[SpywareStrike]
Number=9826
Confirmed=N
Filename=SpywareStrike.exe
Description=Spyware remover - not recommended, see here
Source=Paul Collins Startup list
[SPYWATCH]
Number=9827
Confirmed=N
Filename=SpyWatch.exe
Description=BPS spyware remover - not recommended, see here
Source=Paul Collins Startup list
[SQConfigChecker]
Number=9828
Confirmed=X
Filename=cc.exe
Description=Xupiter SQWire toolbar related. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see here
Source=Paul Collins Startup list
[SQInstaller]
Number=9829
Confirmed=X
Filename=SQInstaller.exe
Description=Xupiter SQWire toolbar related. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see here
Source=Paul Collins Startup list
[SQL Server]
Number=9830
Confirmed=N
Filename=scm.exe
Description=SQL Server Service Control Manager. Available via Start -> Programs
Source=Paul Collins Startup list
[SQL Server Service]
Number=9831
Confirmed=X
Filename=sql.exe
Description=Added by the RBOT-ADF
Source=Paul Collins Startup list
[sqservices]
Number=9832
Confirmed=X
Filename=wins32.exe
Description=Added by the PROGENT-B TROJAN!
Source=Paul Collins Startup list
[SQUpdatesChecker]
Number=9833
Confirmed=X
Filename=uc.exe
Description=Xupiter SQWire toolbar related. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see here
Source=Paul Collins Startup list
[sqvynikp]
Number=9834
Confirmed=X
Filename=sqvynikp.exe
Description=Free_Scratch_Cards foistware
Source=Paul Collins Startup list
[SR Agent]
Number=9835
Confirmed=Y
Filename=AGENTSVC.EXE
Description=Related to Secure Resolutions - desktop virus protection
Source=Paul Collins Startup list
[Sr Agent]
Number=9836
Confirmed=Y
Filename=SrLogon.exe
Description=Related to Secure Resolutions - desktop virus protection
Source=Paul Collins Startup list
[sr1exe]
Number=9837
Confirmed=?
Filename=updtSup3.exe
Description=Found on a Dell computer, in a Documents and SettingsAll UsersApplication DataDellAlert2 subfolder
Source=Paul Collins Startup list
[sr64]
Number=9838
Confirmed=X
Filename=[path to trojan]
Description=Added by the AGENT.X TROJAN!
Source=Paul Collins Startup list
[SrchfstUpdate]
Number=9839
Confirmed=X
Filename=srchupdt.exe
Description=SearchFast adware downloader
Source=Paul Collins Startup list
[sre]
Number=9840
Confirmed=X
Filename=rundll32.exe sre.dll, Register
Description=CoolWebSearch parasite variant - also detected by Kaspersky antivirus as Trojan.Downloader.Agent.Fc
Source=Paul Collins Startup list
[srePostpone]
Number=9841
Confirmed=?
Filename=rundll32.exe [path] srescan.dll, DoSpecialAction
Description=Related to ZoneAlarm. What does it do and is it required?
Source=Paul Collins Startup list
[SRFirstRun]
Number=9842
Confirmed=?
Filename=rundll32 srclient.dll, CreateFirstRunRp
Description=Created by execution of the Windows XP sr.inf file, which installs the Windows XP System Restore feature, needed for example when installing System Restore into Windows Server 2003. Does this indeed need to run at every bootup?
Source=Paul Collins Startup list
[Srmclean]
Number=9843
Confirmed=U
Filename=srmclean.exe
Description=Srmclean helps in the installation and execution of the SoundMax SoftPaq for Compaq/ADI SoundMax Integrated Digital Audio. According to Compaq - "If you disable the entry from loading into startup, then you will not be able to use the features of the sound card"
Source=Paul Collins Startup list
[SRNG]
Number=9844
Confirmed=X
Filename=srng.exe
Description=ShopNavSearch.Srng search hijacker
Source=Paul Collins Startup list
[SRP Startup]
Number=9845
Confirmed=U
Filename=srrpro.exe
Description=System Restore Remover Pro allows you to safely and easily remove System Restore and various other Windows Millennium "features". This is enabled if you tick the "Remove unnecessary System Restore information on startup" box. Available via Start -> Settings -> Control Panel
Source=Paul Collins Startup list
[SRS Applet]
Number=9846
Confirmed=Y
Filename=SrsTray.Exe
Description=S3 Sonic Vibes sound card drivers - if disabled you loose sound
Source=Paul Collins Startup list
[SRS Audio Sandbox]
Number=9847
Confirmed=U
Filename=SRSSSC.exe
Description=SRS Audio Sandbox "provide amazing audio immersion and maximum thump for a personalized audio experience!"
Source=Paul Collins Startup list
[srshost.exe]
Number=9848
Confirmed=X
Filename=srshost.exe
Description=Added by a variant of the RBOT-ASW WORM!
Source=Paul Collins Startup list
[Srv RPCrom]
Number=9849
Confirmed=X
Filename=NClienti386.exe
Description=Added by the WATSOON.A TROJAN!
Source=Paul Collins Startup list
[Srv32]
Number=9850
Confirmed=X
Filename=Srv32.exe
Description=Added by the OPASERV.J WORM!
Source=Paul Collins Startup list
[Srv32]
Number=9851
Confirmed=X
Filename=Srv32.exe
Description=Added by the OPASERV.S WORM!
Source=Paul Collins Startup list
[Srv32 spool service]
Number=9852
Confirmed=X
Filename=runsrv32.exe
Description=Topantispyware.com malware - recognized by Kaspersky antivirus as Trojan-Clicker.Win32.Spyre.b
Source=Paul Collins Startup list
[Srv32 spool service]
Number=9853
Confirmed=X
Filename=spoolsrv32.exe
Description=Added by the SPYRE.B TROJAN!
Source=Paul Collins Startup list
[Srv32 spool service]
Number=9854
Confirmed=X
Filename=[path to trojan]
Description=Added by the DLOADER-LB TROJAN!
Source=Paul Collins Startup list
[Srv325]
Number=9855
Confirmed=X
Filename=Srv325.exe
Description=Added by the AGOBOT-PR WORM!
Source=Paul Collins Startup list
[Srv32Old]
Number=9856
Confirmed=X
Filename=[worm filename].PIF
Description=Added by the OPASERV.J WORM!
Source=Paul Collins Startup list
[Srv32Win]
Number=9857
Confirmed=U
Filename=SpyAgent4.exe
Description=SpyAgent - monitoring software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it
Source=Paul Collins Startup list
[Srv32Win]
Number=9858
Confirmed=U
Filename=Svchost.exe
Description=Realtime-Spy keystroke logger/monitoring program - remove unless you installed it yourself! Note - this is not the svchost.exe process that normally doesn't appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Srv32Win]
Number=9859
Confirmed=U
Filename=sysdiag.exe
Description=SpyAgent surveillance software. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list
[srv32win]
Number=9860
Confirmed=U
Filename=win16dll.exe
Description=Screenspy captures screenshots silently. If you didn't install this yourself remove it
Source=Paul Collins Startup list
[Srvce Pack Updte]
Number=9861
Confirmed=X
Filename=svcpack.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[srvexc.exe]
Number=9862
Confirmed=X
Filename=srvexc.exe
Description=Added by the SERVSAX TROJAN!
Source=Paul Collins Startup list
[srvprc]
Number=9863
Confirmed=U
Filename=srvprc.exe
Description=ActMon surveillance software. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list
[srxTray]
Number=9864
Confirmed=N
Filename=srxTray.exe
Description=Titan FTP Server - FTP server
Source=Paul Collins Startup list
[SsAAD.exe]
Number=9865
Confirmed=?
Filename=SsAAD.exe
Description=Sony SonicStage software related - "Atrac Hard Disk Monitor". What does it do and is it required?
Source=Paul Collins Startup list
[ssate.exe]
Number=9866
Confirmed=X
Filename=irun4.exe
Description=Added by the BEAGLE.J WORM!
Source=Paul Collins Startup list
[ssate.exe]
Number=9867
Confirmed=X
Filename=winsys.exe
Description=Added by the BEAGLE.K WORM!
Source=Paul Collins Startup list
[SSBkgdUpdate]
Number=9868
Confirmed=N
Filename=SSBkgdupdate.exe
Description=ScanSoft OmniPage auto updater. Can be disabled using the main program's options. Note - if you have a Soundblaster Audigy2 ZS soundcard installed on your computer and the volume of your soundsystem is turned on extremely high disabling this will solve the problem
Source=Paul Collins Startup list
[SSC Service Utility]
Number=9869
Confirmed=U
Filename=ssc_serv.exe
Description=SSC Service Utility is a printer utility for refilled Epson cartridges
Source=Paul Collins Startup list
[SSCFBTN.EXE]
Number=9870
Confirmed=U
Filename=SSCFBTN.EXE
Description=Samsung smarthru software,used with Lexmark Z82 or Samsung multifunction printers
Source=Paul Collins Startup list
[sscRun]
Number=9871
Confirmed=Y
Filename=SSCRun.exe
Description=AOL's firewall
Source=Paul Collins Startup list
[SSC_UserPrompt]
Number=9872
Confirmed=Y
Filename=UsrPrmpt.exe
Description=Part of Symantec's AntiVirus suite and comes usually with a product update, if not on the system already. Required for essential applications to work properly
Source=Paul Collins Startup list
[Ssd]
Number=9873
Confirmed=Y
Filename=Std.exe
Description=Stealthdisk - file and folder hiding/locking utility
Source=Paul Collins Startup list
[ssdiag]
Number=9874
Confirmed=?
Filename=ssdiag.exe
Description=Equinox (now Avocent) "Configuration and DOS Diagnostic for DOS and Windows platforms"
Source=Paul Collins Startup list
[SSDPSRV]
Number=9875
Confirmed=N
Filename=ssdpsrv.exe
Description=Simple Service Discovery Protocol (SSDP) and General Event Notification Architecture (GENA) services for network plug and play functionality. Starts up a web server on port 5000. Used by Universal Plug and Play (for network device discovery). To remove this program, open Add/Remove Programs, select either Communications (Me) or Networking Services (XP), and remove the checkmark next to Universal Plug and Play
Source=Paul Collins Startup list
[ssgrate.exe]
Number=9876
Confirmed=X
Filename=system.exe
Description=Added by the MITGLIEDER.C TROJAN!
Source=Paul Collins Startup list
[ssgrate.exe]
Number=9877
Confirmed=X
Filename=irun.exe
Description=Added by the MITGLIEDER.D TROJAN!
Source=Paul Collins Startup list
[ssgrate.exe]
Number=9878
Confirmed=X
Filename=irun4.exe
Description=Added by the MITGLIEDER.F TROJAN!
Source=Paul Collins Startup list
[ssgrate.exe]
Number=9879
Confirmed=X
Filename=sysdoor.exe
Description=Added by the MITGLIEDER.N TROJAN!
Source=Paul Collins Startup list
[ssgrate.exe]
Number=9880
Confirmed=X
Filename=winerdir.exe
Description=Added by the MITGLIEDER.O TROJAN!
Source=Paul Collins Startup list
[ssgrate.exe]
Number=9881
Confirmed=X
Filename=winsystems.exe
Description=Added by the BAGLEDL-J TROJAN!
Source=Paul Collins Startup list
[ssgrate.exe]
Number=9882
Confirmed=X
Filename=wintems.exe
Description=Added by the MITGLIEDER.Q TROJAN!
Source=Paul Collins Startup list
[SSh32]
Number=9883
Confirmed=U
Filename=SSh32.exe
Description=2Spy keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list
[SSK Service]
Number=9884
Confirmed=X
Filename=winssk32.exe
Description=Added by the SOBIG.E WORM!
Source=Paul Collins Startup list
[SSL]
Number=9885
Confirmed=X
Filename=svchost.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[SSL Manager]
Number=9886
Confirmed=X
Filename=amsnmsgs.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[ssmmgr]
Number=9887
Confirmed=U
Filename=ssmmgr.exe
Description=Samsung printer monitor - for checking ink levels, etc.
Source=Paul Collins Startup list
[ssms.exe]
Number=9888
Confirmed=X
Filename=SSMS.EXE
Description=Added by the GISMOR WORM!
Source=Paul Collins Startup list
[SSPY]
Number=9889
Confirmed=U
Filename=SSYTEM.EXE
Description=SurfingSpy keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list
[sssasasb32]
Number=9890
Confirmed=X
Filename=sssasasb32.exe
Description=Added by the TACTSLAY.F TROJAN!
Source=Paul Collins Startup list
[sssasasb32]
Number=9891
Confirmed=X
Filename=msnmsgq32.exe
Description=Added by the TACTSLAY.F TROJAN!
Source=Paul Collins Startup list
[sstata]
Number=9892
Confirmed=X
Filename=dwdas.exe
Description=Added by the DASDA TROJAN!
Source=Paul Collins Startup list
[sstata]
Number=9893
Confirmed=X
Filename=[path to trojan]
Description=Added by the RANCK-DF TROJAN!
Source=Paul Collins Startup list
[SStb.exe]
Number=9894
Confirmed=X
Filename=SStb.exe
Description=Adpowerzone.com "ServerSide" keyword hijacker
Source=Paul Collins Startup list
[sstray]
Number=9895
Confirmed=N
Filename=sstray.exe
Description=nVidia nForce Taskbar Utility - quick access to the nForce2 "Sound Storm" control panel and related utilitys
Source=Paul Collins Startup list
[SSUpdate]
Number=9896
Confirmed=X
Filename=SSUpdate.exe
Description=MoneyTree parasite - ActiveX control used to download premium-rate dialers
Source=Paul Collins Startup list
[ssvchost]
Number=9897
Confirmed=X
Filename=ssvchost.exe
Description=Added by the HELIOS.B TROJAN!
Source=Paul Collins Startup list
[SSWPlauncher]
Number=9898
Confirmed=X
Filename=comet.exe
Description=Comet Cursor adware
Source=Paul Collins Startup list
[Stacmon]
Number=9899
Confirmed=N
Filename=Stacmon.exe
Description=Installed with the drivers for a SigmaTel C-Major Audio card (on a Dell Inspiron 600m PC for example). Appears as though it can be disabled with no ill effects
Source=Paul Collins Startup list
[StacSysTray]
Number=9900
Confirmed=N
Filename=StacSysTray.exe
Description=System Tray control panel for SigmaTel C-Major on-board audio - as used on some Dell and Packard Bell PCs
Source=Paul Collins Startup list
[staeck12]
Number=9901
Confirmed=X
Filename=mfcee.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[standalone.exe]
Number=9902
Confirmed=X
Filename=standalone.exe
Description=Added by the AGOBOT-ADS WORM!
Source=Paul Collins Startup list
[StarSkin]
Number=9903
Confirmed=U
Filename=starskin.exe
Description=StarSkin allows you to change the view and appearance of your Windows XP box with the use of publically available themes
Source=Paul Collins Startup list
[Start]
Number=9904
Confirmed=Y
Filename=Quick95.exe
Description=For a Nisis G6 USB Graphics Tablet. Re-enables itself if disabled therefore best left alone
Source=Paul Collins Startup list
[Start]
Number=9905
Confirmed=X
Filename=windows.vbs
Description=Homepage hijacker
Source=Paul Collins Startup list
[start]
Number=9906
Confirmed=?
Filename=start.exe
Description=??
Source=Paul Collins Startup list
[start]
Number=9907
Confirmed=X
Filename=sdcc.exe
Description=Added by the AGENT.CSX TROJAN!
Source=Paul Collins Startup list
[Start aThx Roll]
Number=9908
Confirmed=X
Filename=f0mered.exe
Description=Added by the RBOT.AAV WORM!
Source=Paul Collins Startup list
[start extracting]
Number=9909
Confirmed=X
Filename=spoolvse.exe
Description=Added by the RBOT-XF WORM!
Source=Paul Collins Startup list
[start extracting]
Number=9910
Confirmed=X
Filename=spoolvs.exe
Description=Added by the RBOT.AKC WORM!
Source=Paul Collins Startup list
[Start Getright]
Number=9911
Confirmed=N
Filename=getright.exe
Description=See Getright Tray Icon
Source=Paul Collins Startup list
[Start It Upping]
Number=9912
Confirmed=X
Filename=svchosets.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Start Network Scanner Tool]
Number=9913
Confirmed=U
Filename=sdFTP.exe
Description=Part of Sharpdesk from Sharp Electronics. "A desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents"
Source=Paul Collins Startup list
[Start Page]
Number=9914
Confirmed=X
Filename=http://find.naupoint.com
Description=Naupoint browser hijacker
Source=Paul Collins Startup list
[Start Page]
Number=9915
Confirmed=X
Filename=svcnt32.exe
Description=Homepage hijacker, also detected as Trojan-Downloader.Win32.Delf.ks
Source=Paul Collins Startup list
[Start RF Wireless Keyboard]
Number=9916
Confirmed=Y
Filename=ktrexe.exe
Description=Yuanxun Electronics RF wireless keyboard driver
Source=Paul Collins Startup list
[Start RF Wireless Mouse]
Number=9917
Confirmed=Y
Filename=cm20.exe
Description=Yuanxun Electronics RF wireless mouse driver
Source=Paul Collins Startup list
[Start Service]
Number=9918
Confirmed=U
Filename=upssrv.exe
Description=Cyber Power PowerPanelPlus software. "During a power failure the system automatically saves and closes open files within the battery backup time and safely powers down your computer"
Source=Paul Collins Startup list
[Start Up Cop]
Number=9919
Confirmed=U
Filename=startcop.exe
Description=StartUp Cop - startup manager
Source=Paul Collins Startup list
[start uploading]
Number=9920
Confirmed=X
Filename=smsss.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Start Upping]
Number=9921
Confirmed=X
Filename=taskmrg.exe
Description=Added by the RBOT-MA WORM!
Source=Paul Collins Startup list
[Start Upping]
Number=9922
Confirmed=X
Filename=SVCHOSTES.EXE
Description=Added by the RBOT-NB WORM!
Source=Paul Collins Startup list
[Start Upping]
Number=9923
Confirmed=X
Filename=taksmgr.exe
Description=Added by the RBOT-QK WORM!
Source=Paul Collins Startup list
[Start Upping]
Number=9924
Confirmed=X
Filename=mcrt32.exe
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[Start Upping]
Number=9925
Confirmed=X
Filename=windupds.exe
Description=Added by the SDBOT.AFH WORM!
Source=Paul Collins Startup list
[Start Upping]
Number=9926
Confirmed=X
Filename=windupdts.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Start Upping]
Number=9927
Confirmed=X
Filename=xdcc.exe
Description=Added by the SPYBOT.OY WORM!
Source=Paul Collins Startup list
[Start Upping]
Number=9928
Confirmed=X
Filename=spoolnt.exe
Description=Added by the RBOT-TM WORM!
Source=Paul Collins Startup list
[Start Uppings]
Number=9929
Confirmed=X
Filename=svcchosts.exe
Description=Added by the SDBOT.VY WORM!
Source=Paul Collins Startup list
[Start Uppings]
Number=9930
Confirmed=X
Filename=mssupdate.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Start Wingman Profiler]
Number=9931
Confirmed=N
Filename=lwtest.exe
Description=Logitech Wingman software required to operate Logitech joysticks and gamepads. Unless you're a hard-core gamer, it's best to leave it unchecked
Source=Paul Collins Startup list
[Start Wingman Profiler]
Number=9932
Confirmed=N
Filename=lwemon.exe
Description=Logitech Wingman software required to operate Logitech joysticks and gamepads. Unless you're a hard-core gamer, it's best to leave it unchecked
Source=Paul Collins Startup list
[Startacc]
Number=9933
Confirmed=U
Filename=startacc.exe
Description=Launches Webroot's Accelerate 2000 software that "speeds up your Internet connection by up to 300%". Leave enabled if you find it improves internet connection
Source=Paul Collins Startup list
[StartCCC]
Number=9934
Confirmed=N
Filename=CLIStart.exe
Description=Puts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start -> Programs
Source=Paul Collins Startup list
[StartEAK]
Number=9935
Confirmed=Y
Filename=StartEAK.exe
Description=Easy Access Button Support for Compaq PCs. Required if you use these
Source=Paul Collins Startup list
[startemdoit]
Number=9936
Confirmed=X
Filename=[path to trojan]
Description=Added by the DLOADR-AVP TROJAN!
Source=Paul Collins Startup list
[Starter]
Number=9937
Confirmed=X
Filename=scvhosting.exe
Description=Added by the SDBOT.RU WORM!
Source=Paul Collins Startup list
[starter]
Number=9938
Confirmed=X
Filename=scvhostingg.exe
Description=Added by the FORBOT-FB WORM!
Source=Paul Collins Startup list
[starter]
Number=9939
Confirmed=X
Filename=iexplore.exe
Description=Added by the FORBOT-DU WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup unless you add it manually! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list
[StartFoxie]
Number=9940
Confirmed=U
Filename=StartFoxie.exe
Description=Foxie Suite from Softonic International. "This suite of free tools comes in the form of an Internet Explorer add-on and includes a mix of powerful security enhancements"
Source=Paul Collins Startup list
[startkey]
Number=9941
Confirmed=X
Filename=svcmgr.exe
Description=Added by the HIPPER-B TROJAN!
Source=Paul Collins Startup list
[startkey]
Number=9942
Confirmed=X
Filename=update.exe
Description=Added by the BIFROSE-DG TROJAN!
Source=Paul Collins Startup list
[startkey]
Number=9943
Confirmed=X
Filename=XMCHAI.EXE
Description=Added by the BIFROSE-AO TROJAN!
Source=Paul Collins Startup list
[startkey]
Number=9944
Confirmed=X
Filename=explore32.exe
Description=Added by the MT TROJAN!
Source=Paul Collins Startup list
[startkey]
Number=9945
Confirmed=X
Filename=CKOTS.exe
Description=Added by the BIFROSE-HM TROJAN!
Source=Paul Collins Startup list
[StartKey]
Number=9946
Confirmed=X
Filename=pligde.exe
Description=Added by the BIFROSE.E TROJAN!
Source=Paul Collins Startup list
[startkey]
Number=9947
Confirmed=X
Filename=RunWinRaR.exe
Description=Added by a variant of the BIFROSE-LV TROJAN!
Source=Paul Collins Startup list
[startkey]
Number=9948
Confirmed=X
Filename=Mysia.exe
Description=Added by the CEP TROJAN!
Source=Paul Collins Startup list
[startkey]
Number=9949
Confirmed=X
Filename=explorer.exe
Description=Added by the MLD TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System subfolder
Source=Paul Collins Startup list
[startkey]
Number=9950
Confirmed=X
Filename=furzi.exe
Description=Added by the BIFROSE-OK TROJAN!
Source=Paul Collins Startup list
[startkey]
Number=9951
Confirmed=X
Filename=krnl.exe
Description=Added by the BIFROSE-S TROJAN!
Source=Paul Collins Startup list
[startkey]
Number=9952
Confirmed=X
Filename=royale.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[startkey]
Number=9953
Confirmed=X
Filename=rtfmsv.exe
Description=Added by the EDEPOL-C TROJAN!
Source=Paul Collins Startup list
[startkey]
Number=9954
Confirmed=X
Filename=scvhost.exe
Description=Added by the BIFROSE-PM TROJAN!
Source=Paul Collins Startup list
[startkey]
Number=9955
Confirmed=X
Filename=server.exe
Description=Added by the BIFROSE-DB TROJAN!
Source=Paul Collins Startup list
[startkey]
Number=9956
Confirmed=X
Filename=win32i.exe
Description=Added by the BIFROSE-R TROJAN!
Source=Paul Collins Startup list
[startkey]
Number=9957
Confirmed=X
Filename=winampXP.exe
Description=Added by the BIFROSE-OY TROJAN!
Source=Paul Collins Startup list
[startkey]
Number=9958
Confirmed=X
Filename=svchost32.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[startkey]
Number=9959
Confirmed=X
Filename=winlogin.exe
Description=Added by the BIFROSE-PM TROJAN!
Source=Paul Collins Startup list
[startkey]
Number=9960
Confirmed=X
Filename=winlogin.exe
Description=Added by the BIFROSE-PM TROJAN!
Source=Paul Collins Startup list
[startkey]
Number=9961
Confirmed=X
Filename=antivir.exe
Description=Added by the BIFROSE-TO TROJAN!
Source=Paul Collins Startup list
[startl.exe]
Number=9962
Confirmed=N
Filename=startl.exe
Description=Lingocom LingoWare - translates any application into your language
Source=Paul Collins Startup list
[StartMenu]
Number=9963
Confirmed=X
Filename=deamon.exe
Description=Added by the TACTSLAY.C TROJAN!
Source=Paul Collins Startup list
[StartMenu]
Number=9964
Confirmed=X
Filename=msgaol.exe
Description=Added by the TACTSLAY.C TROJAN!
Source=Paul Collins Startup list
[StartMenu]
Number=9965
Confirmed=X
Filename=s_menu.exe
Description=Added by the TACTSLAY.C TROJAN!
Source=Paul Collins Startup list
[StartMenu]
Number=9966
Confirmed=X
Filename=browse.exe
Description=Added by the DROWSY-C TROJAN!
Source=Paul Collins Startup list
[startpage]
Number=9967
Confirmed=X
Filename=startpage.exe
Description=Browser hijacker - redirecting to pages2start.com
Source=Paul Collins Startup list
[STARTPAGE]
Number=9968
Confirmed=U
Filename=start1.exe
Description=NoSpy.org - prevents spyware from changing your startpage and other browser properties. The start1.exe file is located in a NOSPY.ORG folder
Source=Paul Collins Startup list
[StartStop]
Number=9969
Confirmed=U
Filename=STARTSTOP.EXE
Description=StartStop from TFI Technology - startup manager
Source=Paul Collins Startup list
[StartSurfing]
Number=9970
Confirmed=U
Filename=STARTS.exe
Description=Start Surfing allows you to protect your privacy while surfing and searching the Internet by acting as a "filter" between you and the website you are visiting. Startsurfing acts as your shield from Pop Up Windows, Mouse Traps, Window Resizing, and scripts that attempt to record your personal information. Available via Start -> Programs
Source=Paul Collins Startup list
[Startup]
Number=9971
Confirmed=N
Filename=??
Description=Related to an Iomega drive
Source=Paul Collins Startup list
[Startup]
Number=9972
Confirmed=X
Filename=WinlogonStartup
Description=Unidentified malware
Source=Paul Collins Startup list
[Startup]
Number=9973
Confirmed=X
Filename=mirc.exe
Description=Added by the FLOOD-EU TROJAN! An uninstall option for mirc.exe can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as mIRC. This one puts 10 files in the Windows or Winnt folder
Source=Paul Collins Startup list
[Startup Configuration]
Number=9974
Confirmed=X
Filename=[six character filename]
Description=Added by the RBOT-ARV WORM!
Source=Paul Collins Startup list
[Startup Configuration]
Number=9975
Confirmed=X
Filename=wztoid.exe
Description=Added by the RBOT-ASD WORM!
Source=Paul Collins Startup list
[Startup Launcher GUI]
Number=9976
Confirmed=?
Filename=GUI.exe
Description=Startup manager?
Source=Paul Collins Startup list
[Startup Manager Scanner]
Number=9977
Confirmed=U
Filename=StartupMonitor.exe
Description=Startup-Mechanic Startup monitor - offers boot protection of your PC from harmful trojans, adult-dialers, and other scumware
Source=Paul Collins Startup list
[Startup Scan]
Number=9978
Confirmed=Y
Filename=Sensor.EXE
Description=AntiVirus Quick Heal - scheduling agent
Source=Paul Collins Startup list
[Startup Update]
Number=9979
Confirmed=X
Filename=Cvshost.exe
Description=Added by the GAOBOT.AO WORM!
Source=Paul Collins Startup list
[StartupBin]
Number=9980
Confirmed=X
Filename=iwnujdss.exe
Description=Added by the SDBOT-XZ WORM!
Source=Paul Collins Startup list
[StartupMonitor]
Number=9981
Confirmed=U
Filename=StartupMonitor.exe
Description=Mike Lin's StartupMonitor, throws up an alert and asks your permission every time any change is made to your start-up configuration, either in the registry or start menu
Source=Paul Collins Startup list
[startwin]
Number=9982
Confirmed=X
Filename=startwin.exe
Description=Added by the ANTIMAN.A WORM!
Source=Paul Collins Startup list
[startwindowskeyuser]
Number=9983
Confirmed=X
Filename=rundle2.exe
Description=Added by the JAVAKILLER TROJAN!
Source=Paul Collins Startup list
[Stat 'n' Perf]
Number=9984
Confirmed=N
Filename=StatnPerf.exe
Description=Stat 'n' Perf monitors your internet connection and displays information about sent and received bytes
Source=Paul Collins Startup list
[StatBar]
Number=9985
Confirmed=X
Filename=STATBAR.exe
Description=StatBar (system status bar) allows you to quickly get an overview of your system's condition (memory, CPU, uptime, and much more). Due to the sheer number of resources (over 60%) consumed by this program, it is unsuitable for Windows 95/98/SE/Me
Source=Paul Collins Startup list
[State Service]
Number=9986
Confirmed=X
Filename=csrss.exe
Description=Added by the DADOBRA-CP TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[StationPlaylistStudio]
Number=9987
Confirmed=U
Filename=SPLStudio.exe
Description=StationPlaylist Studio - "simple to use on-air broadcast playback software for the studio and/or DJ" for small to medium sized radio broadcasters, and internet webcasters
Source=Paul Collins Startup list
[Statistics]
Number=9988
Confirmed=X
Filename=statslist.exe
Description=Added by the OPANKI-S WORM!
Source=Paul Collins Startup list
[Status Monitor]
Number=9989
Confirmed=N
Filename=BrMfcWnd.exe
Description=Brother scanner status monitor - can be started manually
Source=Paul Collins Startup list
[Status Monitor XE]
Number=9990
Confirmed=N
Filename=ENGSS.EXE
Description=The Xerox Document WorkCentre XE Series Status Monitor displays information about your printer and currently active or waiting print jobs. You can use it to control your printing environment and manage your printing operations. Available via Start -> Programs
Source=Paul Collins Startup list
[StatusClient]
Number=9991
Confirmed=?
Filename=StatusClient.exe
Description=Part of Hewlett Packard network printer drivers
Source=Paul Collins Startup list
[StatusClient 2.6]
Number=9992
Confirmed=?
Filename=StatusClient.exe
Description=Part of Hewlett Packard network printer drivers
Source=Paul Collins Startup list
[StatusView]
Number=9993
Confirmed=N
Filename=StatusView.exe
Description=Status View intra-office messaging
Source=Paul Collins Startup list
[Stay Connected!]
Number=9994
Confirmed=N
Filename=StayCon.exe
Description=More than just a pinger, actually simulates online activity. Supports AOL, NetZero, MSN, ATT WorldNet, CompuServe and many other ISPs as well. Available via Start -> Programs
Source=Paul Collins Startup list
[StayAlive]
Number=9995
Confirmed=U
Filename=StayAlive.Exe
Description=Part of RealSPEED - tweaking utility to speed-up your internet connection. Stay connected even after a period of inactivity on the net
Source=Paul Collins Startup list
[StayAlive]
Number=9996
Confirmed=U
Filename=sa.exe
Description=StayAlive from TFI Technology. "This top-notch tool intercepts crashes when they happen, keeping your programs running so you can save your work."
Source=Paul Collins Startup list
[STBVision]
Number=9997
Confirmed=?
Filename=STBVisn.exe
Description=Related to the STB Velocity graphics card. What does it do and is it required?
Source=Paul Collins Startup list
[STBWEBTV]
Number=9998
Confirmed=N
Filename=STBWEBTV.EXE
Description=Used to display TV on your PC
Source=Paul Collins Startup list
[stcinstaller]
Number=9999
Confirmed=X
Filename=id53.exe
Description=Added by the SCTHOUGHT.L TROJAN!
Source=Paul Collins Startup list
[stcloader]
Number=10000
Confirmed=X
Filename=stcloader.exe
Description=Popup adware by 2ndThought software
Source=Paul Collins Startup list
[stcloader]
Number=10001
Confirmed=X
Filename=STCLOA~1.exe
Description=Popup adware by 2ndThought software
Source=Paul Collins Startup list
[STCLOA~1]
Number=10002
Confirmed=X
Filename=stcloader.exe
Description=Popup adware by 2ndThought software
Source=Paul Collins Startup list
[STCLOA~1]
Number=10003
Confirmed=X
Filename=STCLOA~1.exe
Description=Popup adware by 2ndThought software
Source=Paul Collins Startup list
[STCPO]
Number=10004
Confirmed=Y
Filename=STCPO.exe
Description=Sophos Sweep antivirus software
Source=Paul Collins Startup list
[StdAFX]
Number=10005
Confirmed=X
Filename=stdafx.exe
Description=Added by the DELBOT-AF WORM!
Source=Paul Collins Startup list
[stdlib]
Number=10006
Confirmed=X
Filename=[filename]
Description=Added by the PERDA-E TROJAN!
Source=Paul Collins Startup list
[STDSB]
Number=10007
Confirmed=Y
Filename=STDSB.exe
Description=Scrollbar driver for notebooks. If taken out of the Startup, it will not provide scrolling
Source=Paul Collins Startup list
[Stealth Anonymizer 2.5]
Number=10008
Confirmed=U
Filename=stealth25.exe
Description=Now named Stealther - proxy server agent that lets you travel the Internet with maximum possible privacy
Source=Paul Collins Startup list
[stealth.dcom.exe]
Number=10009
Confirmed=X
Filename=stealth.dcom.exe
Description=Added by the THEALS.A WORM!
Source=Paul Collins Startup list
[stealth.ddos.exe]
Number=10010
Confirmed=X
Filename=stealth.ddos.exe
Description=Added by the THEALS.A WORM!
Source=Paul Collins Startup list
[stealth.exe]
Number=10011
Confirmed=X
Filename=stealth.exe
Description=Added by the THEALS.A WORM!
Source=Paul Collins Startup list
[stealth.injector.exe]
Number=10012
Confirmed=X
Filename=stealth.injector.exe
Description=Added by the THEALS.A WORM!
Source=Paul Collins Startup list
[stealth.stat.exe]
Number=10013
Confirmed=X
Filename=stealth.stat.exe
Description=Added by the THEALS.A WORM!
Source=Paul Collins Startup list
[stealth.wm.exe]
Number=10014
Confirmed=X
Filename=stealth.wm.exe
Description=Added by the THEALS.A WORM!
Source=Paul Collins Startup list
[stealth.worm.exe]
Number=10015
Confirmed=X
Filename=stealth.worm.exe
Description=Added by the THEALS.A WORM!
Source=Paul Collins Startup list
[Steam]
Number=10016
Confirmed=N
Filename=steam.exe
Description=Valve Software's STEAM broadband game client. Steam is Valve's new way of getting games into your hands ASAP. Games like Half-Life, Counter-Strike, and Counter-Strike: Condition Zero are all being made available through Steam. Steam games are automatically kept up-to-date with the latest content and revisions. Steam also includes an instant-message client which even works while you're in-game
Source=Paul Collins Startup list
[steam]
Number=10017
Confirmed=X
Filename=steam.exe
Description=Added by the RBOT-AJT WORM! Note - the file steam.exe will be found in the Windows\System folder and is not associated with Valve Software's game client
Source=Paul Collins Startup list
[SteFanie]
Number=10018
Confirmed=X
Filename=SteFanie.vbs
Description=Added by the STEFAN WORM! Note - make sure you check the hyperlink as this one copies it's self to numerous dirves and folders
Source=Paul Collins Startup list
[stgclean]
Number=10019
Confirmed=?
Filename=w32main2.exe
Description=Related to IBM Standard Software Installer. What does it do and is it required?
Source=Paul Collins Startup list
[Stickies]
Number=10020
Confirmed=N
Filename=STICKIES.EXE
Description=Stickies - utility that allows you to put yellow "Post-It" type messages on your desktop and can be used to set reminders. Available via Start -> Programs
Source=Paul Collins Startup list
[Sticky Notes]
Number=10021
Confirmed=N
Filename=stikynot.exe
Description=Microsoft Sticky Notes - virtual sticky notes tool
Source=Paul Collins Startup list
[Sticky Pad]
Number=10022
Confirmed=U
Filename=StickyPad.exe
Description=Sticky Pad from Green Eclipse. Place sticky notes on your desktop
Source=Paul Collins Startup list
[StickyNote]
Number=10023
Confirmed=N
Filename=StickyNote.exe
Description=Utility that allows you to put yellow "Post-It" type messages on your desktop. Available via Start -> Programs
Source=Paul Collins Startup list
[StillImageMonitor]
Number=10024
Confirmed=U
Filename=Stimon.exe
Description=Stimon.exe enables a USB still-image device (such as a scanner) to initiate data transfer to a program. For example, if your scanning device has a scan button, it may start a program and begin scanning when you press it. Create a shortcut and start it manually when needed if your scanner otherwise fails to scan. May be required for your USB scanner to work - including all HP scanners and some of their SCSI scanners
Source=Paul Collins Startup list
[stisrv]
Number=10025
Confirmed=X
Filename=stisrv.exe
Description=Added by the RBOT.BQF WORM!
Source=Paul Collins Startup list
[stlbdist]
Number=10026
Confirmed=X
Filename=rundll32exe stlbdist.DLL, DllRunMain
Description=Hijacker pointing to www.searchandclick.com
Source=Paul Collins Startup list
[stlbupdt]
Number=10027
Confirmed=X
Filename=rundll32.exe stlbupdt.DLL, DllRunMain
Description=BrowserAid/BrowserPal foistware
Source=Paul Collins Startup list
[STManager]
Number=10028
Confirmed=N
Filename=drst.exe
Description=Dr. SpeedTouch is some sort of diagnostics software which sends out information to a server which then relays the information back to the program to test the network to see if the SpeedTouch ADSL modem connection is working properly. Not required if connected via Ethernet (and probably USB). Can cause a slow down in Win2K - see here
Source=Paul Collins Startup list
[stmha]
Number=10029
Confirmed=X
Filename=wkfxi.js
Description=Added by the SPETH WORM!
Source=Paul Collins Startup list
[stonedrv]
Number=10030
Confirmed=X
Filename=stonedrv.exe
Description=Added by the COSIMA-K TROJAN!
Source=Paul Collins Startup list
[StopSignSsTsMon]
Number=10031
Confirmed=U
Filename=sstsmon.dll, VerifyStatus
Description=eAcceleration Stop-Sign security software related. Previously not recommended, see here
Source=Paul Collins Startup list
[StopSignStatus]
Number=10032
Confirmed=U
Filename=stopsinfo.dll
Description=eAcceleration Stop-Sign security software related. Previously not recommended, see here
Source=Paul Collins Startup list
[STOPzilla]
Number=10033
Confirmed=U
Filename=Stopzilla.exe
Description=StopZilla! - pop-up killer
Source=Paul Collins Startup list
[STOPzilla Service]
Number=10034
Confirmed=U
Filename=SZNTSVC.EXE
Description=StopZilla! - pop-up killer
Source=Paul Collins Startup list
[StorageGuard]
Number=10035
Confirmed=U
Filename=sgtray.exe
Description=StorageGuard from Veritas. Free utility that integrates with Backup MyPC (formerly Backup Exec Desktop), Simple Backup and MS Backup. Provides system tray access and background monitoring - warning you of files that haven't recently been backed up. Required unless you backup manually on a regular basis or have scheduled backups
Source=Paul Collins Startup list
[STPMGR]
Number=10036
Confirmed=?
Filename=STPMGR.EXE
Description=Part of SafeTP which is transparent FTP security software. Does it need to be running permanently or can it be started manually via Start -> Programs
Source=Paul Collins Startup list
[stratas]
Number=10037
Confirmed=X
Filename=xmconfig.exe
Description=Added by the RBOT-AHR WORM!
Source=Paul Collins Startup list
[stratas]
Number=10038
Confirmed=X
Filename=lockx.exe
Description=Added by the SDBOT-ADD WORM!
Source=Paul Collins Startup list
[Stratas]
Number=10039
Confirmed=X
Filename=ggfig.exe
Description=Added by the OPANKI.W WORM!
Source=Paul Collins Startup list
[StreamAppliance]
Number=10040
Confirmed=X
Filename=wuauclt14.exe
Description=Added by the RBOT-GMB WORM!
Source=Paul Collins Startup list
[StreamAppliance]
Number=10041
Confirmed=X
Filename=wuauclt16.exe
Description=Added by the RBOT-GME WORM!
Source=Paul Collins Startup list
[Streamload Downloader]
Number=10042
Confirmed=N
Filename=SlDB.exe
Description=Downloader for MediaMax (was Streamload) - "gives you a private and secure place to upload, store, access, and share your personal videos, photos, movies, music, and files"
Source=Paul Collins Startup list
[Streamload Uploader]
Number=10043
Confirmed=N
Filename=StreamMgr.exe
Description=Uploader for MediaMax (was Streamload) - "gives you a private and secure place to upload, store, access, and share your personal videos, photos, movies, music, and files"
Source=Paul Collins Startup list
[StreamZap Remote]
Number=10044
Confirmed=U
Filename=zremote.exe
Description=StreamZap PC Remote - control Windows Media Player, iTunes, RealPlayer, Winamp, PowerPoint, MusicMatch Jukebox, and many other multimedia applications
Source=Paul Collins Startup list
[StrgSync.exe]
Number=10045
Confirmed=U
Filename=StrgSync.exe
Description=SimpleTech Inc's StorageSync backup software - backs up an entire PC, or selected files and folders
Source=Paul Collins Startup list
[strmsnmgrs]
Number=10046
Confirmed=X
Filename=msnxmsgrsc.exe
Description=Added by the SDBOT.JDR WORM!
Source=Paul Collins Startup list
[strmsnmsgr]
Number=10047
Confirmed=X
Filename=msnmsgrs.exe
Description=Added by the RBOT-ACQ WORM!
Source=Paul Collins Startup list
[strmsnmsgrs]
Number=10048
Confirmed=X
Filename=msnmsgrsc.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[strmsnnms]
Number=10049
Confirmed=X
Filename=msnmegrs.exe
Description=Added by the SDBOT-YU TROJAN!
Source=Paul Collins Startup list
[strmsnnrs]
Number=10050
Confirmed=X
Filename=msnmcgrs.exe
Description=Added by the RBOT-ACT TROJAN!
Source=Paul Collins Startup list
[strmsoums]
Number=10051
Confirmed=X
Filename=msnmegrse.exe
Description=Added by the SDBOT-ZK TROJAN!
Source=Paul Collins Startup list
[Strng32]
Number=10052
Confirmed=X
Filename=strngbox.exe
Description=Added by the STRANO WORM!
Source=Paul Collins Startup list
[StrokeIt]
Number=10053
Confirmed=U
Filename=strokeit.exe
Description=StrokeIt is an "advanced mouse gesture recognition engine and command processor"
Source=Paul Collins Startup list
[strtas]
Number=10054
Confirmed=X
Filename=lock1.exe
Description=Added by the SDBOT-ADQ WORM!
Source=Paul Collins Startup list
[strtas]
Number=10055
Confirmed=X
Filename=lockx.exe
Description=Added by the SDBOT-AEB WORM!
Source=Paul Collins Startup list
[strtas]
Number=10056
Confirmed=X
Filename=l074.exe
Description=Added by the AGENT-II TROJAN!
Source=Paul Collins Startup list
[strtas]
Number=10057
Confirmed=X
Filename=loc1.exe
Description=Added by the RBOT-AZU TROJAN!
Source=Paul Collins Startup list
[strto]
Number=10058
Confirmed=X
Filename=strto.exe
Description=Added by the KILLPROC-F TROJAN!
Source=Paul Collins Startup list
[strto]
Number=10059
Confirmed=X
Filename=[path to trojan]
Description=Added by the KILLAV-AP TROJAN!
Source=Paul Collins Startup list
[Sts]
Number=10060
Confirmed=X
Filename=iwnujdss2.exe
Description=Added by the SDBOT-YI WORM!
Source=Paul Collins Startup list
[Stubbish]
Number=10061
Confirmed=X
Filename=Stubbish.exe
Description=Added by the STUBBOT-A WORM!
Source=Paul Collins Startup list
[StubPath]
Number=10062
Confirmed=X
Filename=Sservice.exe
Description=Added by the PRORAT TROJAN!
Source=Paul Collins Startup list
[stup]
Number=10063
Confirmed=X
Filename=138762763.exe
Description=Added by the FIRESPY-A TROJAN! It will attempt to register the dropped component as a Firefox plugin and begin monitoring the user's browsing habits, stealing information including monitoring and logging information from Web forms
Source=Paul Collins Startup list
[StupAssist]
Number=10064
Confirmed=N
Filename=StupAssist.exe
Description=Associated with Nikon digital cameras
Source=Paul Collins Startup list
[stxrmsgms]
Number=10065
Confirmed=X
Filename=mstats.exe
Description=Added by the IRCBOT-AE TROJAN!
Source=Paul Collins Startup list
[StyleXP]
Number=10066
Confirmed=U
Filename=StyleXP.exe
Description=StyleXP allows you customize the way WinXP looks. If disabled via msconfig it re-instates itself at reboot, therefore uninstall it if you don't want it
Source=Paul Collins Startup list
[SubAH]
Number=10067
Confirmed=X
Filename=SubAH.exe
Description=Added by the SUBAH TROJAN!
Source=Paul Collins Startup list
[Subliminal Power]
Number=10068
Confirmed=U
Filename=Subliminal.exe
Description=Subliminal Power - displays subliminal messages of your choice on your computer screen
Source=Paul Collins Startup list
[Subtract the Ads]
Number=10069
Confirmed=N
Filename=AdSub.exe
Description=Removes adverts from web pages. Although useful - not required
Source=Paul Collins Startup list
[suck]
Number=10070
Confirmed=X
Filename=l0ad.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[Suitcase Startup]
Number=10071
Confirmed=U
Filename=Suitcase.exe
Description=Suitcase - system font manager start up utility. Used for dynamic managment of fonts on your system
Source=Paul Collins Startup list
[Suite]
Number=10072
Confirmed=X
Filename=SuiteOffices.exe
Description=Added by the LAZAR TROJAN!
Source=Paul Collins Startup list
[SULFNBJ.EXE]
Number=10073
Confirmed=X
Filename=SULFNBJ.EXE
Description=Added by the PE_MAGISTR.DAM VIRUS!
Source=Paul Collins Startup list
[Sun Java Console for Windows NT & XP]
Number=10074
Confirmed=X
Filename=jconsole.exe
Description=Added by the VANEBOT-C WORM!
Source=Paul Collins Startup list
[Sunasdtserv]
Number=10075
Confirmed=U
Filename=Sunasdtserv.exe
Description=CounterSpy by Sunbelt Software - adware/spyware protection
Source=Paul Collins Startup list
[sunasServ]
Number=10076
Confirmed=U
Filename=sunasServ.exe
Description=CounterSpy by Sunbelt Software - adware/spyware protection
Source=Paul Collins Startup list
[SunJavaSched]
Number=10077
Confirmed=X
Filename=ccEvtMngr.exe
Description=Added by the SDBOT-YP WORM!
Source=Paul Collins Startup list
[SunJavaSched Updater]
Number=10078
Confirmed=X
Filename=avamx.exe
Description=Added by the RBOT-ABJ WORM!
Source=Paul Collins Startup list
[SunJavaUpdate]
Number=10079
Confirmed=X
Filename=smvss.exe
Description=Added by the DEDLER-G TROJAN!
Source=Paul Collins Startup list
[SunJavaUpdateSched]
Number=10080
Confirmed=N
Filename=jusched.exe
Description=Checks with Sun's Java updates site to see if newer Java versions are available. Visit http://java.sun.com or just run the Java Plug-In Control Panel
Source=Paul Collins Startup list
[SunJavaUpdateSched]
Number=10081
Confirmed=X
Filename=scvhost.exe
Description=Added by the SDBOT-AVX WORM!
Source=Paul Collins Startup list
[SunJavaUpdateSched]
Number=10082
Confirmed=X
Filename=javamx.exe
Description=Added by the SDBOT-WI WORM!
Source=Paul Collins Startup list
[Sunkist]
Number=10083
Confirmed=U
Filename=shwicon98.exe
Description=Card reader for memory cards from digital cameras, etc
Source=Paul Collins Startup list
[Sunkist2k]
Number=10084
Confirmed=U
Filename=shwicon2k.exe
Description=Card reader for memory cards from digital cameras, etc
Source=Paul Collins Startup list
[SunKistEM]
Number=10085
Confirmed=U
Filename=shwiconem.exe
Description=Used by your computer to communicate with your Alcor Micro Multimedia Card Reader - necessary if you're using this software
Source=Paul Collins Startup list
[SuNotification]
Number=10086
Confirmed=U
Filename=suatshut.exe
Description=ShadowSurfer - "provides a safe computing environment by creating a virtual twin of your PC. Restore the pre-ShadowMode system state no matter what changes have occurred to your PC"
Source=Paul Collins Startup list
[SunProtectionServer]
Number=10087
Confirmed=U
Filename=SunProtectionServer.exe
Description=CounterSpy antispyware software
Source=Paul Collins Startup list
[SunServer]
Number=10088
Confirmed=U
Filename=SunServer.exe
Description=CounterSpy antispyware software
Source=Paul Collins Startup list
[SupaDial]
Number=10089
Confirmed=?
Filename=SupaDial.exe
Description=SupaNet.com modem driver related - is it required?
Source=Paul Collins Startup list
[Supastatus]
Number=10090
Confirmed=N
Filename=status.exe
Description=Supanet ISP software
Source=Paul Collins Startup list
[supdate2.dll]
Number=10091
Confirmed=X
Filename=rundll32.exe [path] supdate2.dll
Description=Added by the ZLOB-VL TROJAN!
Source=Paul Collins Startup list
[super]
Number=10092
Confirmed=X
Filename=fuckbx.exe
Description=Added by the LINEAGE-H TROJAN!
Source=Paul Collins Startup list
[super]
Number=10093
Confirmed=X
Filename=super.exe
Description=Added by the AGOBOT-QT WORM!
Source=Paul Collins Startup list
[Super Popup Blocker]
Number=10094
Confirmed=U
Filename=popkill.exe
Description=Saga Super Popup Blocker - pop-up stopper
Source=Paul Collins Startup list
[Super X Desktop Version 3.4]
Number=10095
Confirmed=U
Filename=SXDesk.exe
Description=Super X Desktop - virtual desktop manager
Source=Paul Collins Startup list
[SuperAdBlocker]
Number=10096
Confirmed=U
Filename=SAdBlock.exe
Description=SuperAdBlocker
Source=Paul Collins Startup list
[SUPERAntiSpyware]
Number=10097
Confirmed=U
Filename=SUPERAntiSpyware.exe
Description="SUPERAntiSpyware is the most thorough scanner on the market. Our Multi-Dimensional Scanning and Process Interrogation Technology will detect spyware that other products miss! SUPERAntiSpyware will remove ALL the Spyware, NOT just the easy ones!"
Source=Paul Collins Startup list
[SuperBar.Component]
Number=10098
Confirmed=X
Filename=[path to services.exe]
Description=Added by the SMALL-AQ TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in an "Inetsrv" subfolder
Source=Paul Collins Startup list
[SuperBar.Component]
Number=10099
Confirmed=X
Filename=services.exe
Description=FakeMessage/AdRotator adware. Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in an "Inetsrv" subfolder
Source=Paul Collins Startup list
[Supercleaner]
Number=10100
Confirmed=U
Filename=Supercleaner.exe
Description=Supercleaner - all in one disk cleaner for your computer
Source=Paul Collins Startup list
[SuperCool Compress Backup]
Number=10101
Confirmed=U
Filename=Main.exe
Description="SuperCool Zip Backup software is a data backup,restore and file synchronization program"
Source=Paul Collins Startup list
[SuperHeissSex]
Number=10102
Confirmed=X
Filename=SuperHeissSex.exe
Description=Added by the HeissSex premium rate adult content dialer!
Source=Paul Collins Startup list
[supernews12]
Number=10103
Confirmed=X
Filename=newsd32.exe
Description=Adware, also detected as the DLOADER-JN TROJAN!
Source=Paul Collins Startup list
[Supernova]
Number=10104
Confirmed=X
Filename=[worm filename]
Description=Added by the SURNOVA (or SUPOVA) WORM!
Source=Paul Collins Startup list
[superproxy]
Number=10105
Confirmed=X
Filename=superproxy.exe
Description=Added by the DELBACK-B TROJAN!
Source=Paul Collins Startup list
[SuperRam]
Number=10106
Confirmed=U
Filename=SuperRam.exe
Description=SuperRam memory manager. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See SuperRam article and make up your own mind
Source=Paul Collins Startup list
[superslut]
Number=10107
Confirmed=X
Filename=msslut32.exe
Description=Added by the SLUTER-A WORM!
Source=Paul Collins Startup list
[SuperSpamKiller Pro]
Number=10108
Confirmed=U
Filename=Ssk.exe
Description=SuperSpamKiller Pro email spam blocker
Source=Paul Collins Startup list
[Supervisor.exe]
Number=10109
Confirmed=X
Filename=Supervisor.exe
Description=Has been reported to be associated with various antitrojan software like ATS and PC Doorguard. If so it's required in Startup - any further information is welcome
Source=Paul Collins Startup list
[support-reverse-smileys]
Number=10110
Confirmed=X
Filename=[trojan filename]
Description=Added by the LITEBOT TROJAN!
Source=Paul Collins Startup list
[supporter5]
Number=10111
Confirmed=X
Filename=supporter5.exe
Description=Part of eScorcher anti-virus software- responsible for updates of new virus bases each time you logon to the web. Used to collect information about the user and therefore treated as spyware - now the web-site is dead
Source=Paul Collins Startup list
[SureCleanProfessional]
Number=10112
Confirmed=U
Filename=SRClean.exe
Description=SureClean PC and Internet tracks cleaner
Source=Paul Collins Startup list
[Sureshotpopupkiller]
Number=10113
Confirmed=U
Filename=Stopthepop.exe
Description=Stop-the-Pop-Up popup blocker
Source=Paul Collins Startup list
[Sureshotpopupkiller]
Number=10114
Confirmed=U
Filename=pusak.exe
Description=Stop-the-Pop-Up popup blocker
Source=Paul Collins Startup list
[SurfAccuracy]
Number=10115
Confirmed=X
Filename=sacc.exe
Description=SurfAccuracy adware
Source=Paul Collins Startup list
[SurfBuddy]
Number=10116
Confirmed=X
Filename=rundll32 [path] sbuddy.dll
Description=SurfBuddy adware - not to be confused with the legitimate SurfBuddy application by SurfApps!
Source=Paul Collins Startup list
[SurfChoice]
Number=10117
Confirmed=U
Filename=SCMan.exe
Description=SCMan is a utility that can control services on WinNT from the command line. This utility can create, start, pause, stop, delete services. Furthermore it can retrieve a service's current state, get the displayname for a service and vice versa
Source=Paul Collins Startup list
[Surfer lptt01]
Number=10118
Confirmed=X
Filename=surfer.exe
Description=RapidBlaster variant (in a "mssurfer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
Source=Paul Collins Startup list
[Surfer ml097e]
Number=10119
Confirmed=X
Filename=surfer.exe
Description=RapidBlaster variant (in a "mssurfer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
Source=Paul Collins Startup list
[SurfHelper]
Number=10120
Confirmed=U
Filename=SurfHelp.exe
Description=Related to SurfHelper - a free tool to remove popup windows, clear history, control window properties of IE, and more
Source=Paul Collins Startup list
[SurfinGuard Pro]
Number=10121
Confirmed=U
Filename=winsfcm.exe
Description=SurfinGuard Pro from Finjan - internet protection software, protects against all malicious code delivered through executables, scripting files, ActiveX and Java
Source=Paul Collins Startup list
[SurfSecret]
Number=10122
Confirmed=U
Filename=ss2-full.exe
Description="House-cleaning utility that enables you to keep your computer usage to yourself. Runs quietly from the system tray, eliminating tell-tale files at a regular interval of your choosing. You can set it to clear your Internet cache files, cookies, history, temp folder, etc. It can also clear the history of your Run and Find menus, in addition to the AOL cache"
Source=Paul Collins Startup list
[SurfSideKick 2]
Number=10123
Confirmed=X
Filename=Ssk.exe
Description=SurfSideKick adware
Source=Paul Collins Startup list
[SurfSideKick 3]
Number=10124
Confirmed=X
Filename=Ssk.exe
Description=SurfSideKick adware
Source=Paul Collins Startup list
[SurfStream]
Number=10125
Confirmed=U
Filename=SurfStream.exe
Description=Conceiva "SurfStream lets you surf the Web faster. It contains a fully featured proxy server that lets you surf the Web significantly faster. It also blocks all pop-up windows and banner ads from Web pages. An intelligent tune-up tool automatically analyzes and optimizes your computer's Internet connection and TCP/IP settings"
Source=Paul Collins Startup list
[Surs]
Number=10126
Confirmed=X
Filename=awab.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[Surveysa]
Number=10127
Confirmed=N
Filename=surveysa.exe
Description=Found on Sony laptops, it brings up a prompt to take a survey. It goes away if you fill out the survey or you choose "never prompt me again" but keeps popping if you either exit out of it or select "take survey later"
Source=Paul Collins Startup list
[suScheduler]
Number=10128
Confirmed=U
Filename=UCLauncher.exe
Description=Related to Lenovo ThinkVantage Technologies. ThinkVantage Technologies help make ThinkPad/ThinkCentre PCs less dependent on IT staff
Source=Paul Collins Startup list
[Susp]
Number=10129
Confirmed=X
Filename=Susp.exe
Description=VX2.Transponder parasite updater/installer related
Source=Paul Collins Startup list
[susse]
Number=10130
Confirmed=X
Filename=hpsw.exe
Description=LinkMaker adware
Source=Paul Collins Startup list
[Sustem]
Number=10131
Confirmed=X
Filename=explorer.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate Windows Explorer (explorer.exe) which would not normally appear in Msconfig/Startup unless you added it manually!
Source=Paul Collins Startup list
[SustemUpdate]
Number=10132
Confirmed=X
Filename=explorer.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate Windows Explorer (explorer.exe) which would not normally appear in Msconfig/Startup unless you added it manually!
Source=Paul Collins Startup list
[SV00LSV]
Number=10133
Confirmed=X
Filename=SV00LSV.EXE
Description=Added by the GRAYBIRD-C TROJAN!
Source=Paul Collins Startup list
[SVA Player]
Number=10134
Confirmed=X
Filename=SVAplayer.exe
Description=QuickFlicks Streaming Player malware
Source=Paul Collins Startup list
[Svc]
Number=10135
Confirmed=X
Filename=svc.exe
Description=ClientMan parasite variant
Source=Paul Collins Startup list
[SVC]
Number=10136
Confirmed=U
Filename=svchost.exe
Description=ElfSpy keystroke logger/monitoring program - remove unless you installed it yourself! Note - this is not the svchost.exe process that normally doesn't appear in Msconfig/Startup!
Source=Paul Collins Startup list
[SVC Service]
Number=10137
Confirmed=X
Filename=svcinit.exe
Description=Added by the SINIT TROJAN!
Source=Paul Collins Startup list
[SVC Service]
Number=10138
Confirmed=X
Filename=svcinit.exe
Description=CoolWebSearch parasite variant
Source=Paul Collins Startup list
[SVC Service]
Number=10139
Confirmed=X
Filename=svcpack.exe
Description=CoolWebSearch Svcinit parasite variant
Source=Paul Collins Startup list
[SVC Service]
Number=10140
Confirmed=X
Filename=svc32.pif
Description=Added by the RBOT-ASC WORM!
Source=Paul Collins Startup list
[SVC Socks]
Number=10141
Confirmed=X
Filename=mstaskm.exe
Description=CoolWebSearch parasite variant
Source=Paul Collins Startup list
[Svced]
Number=10142
Confirmed=X
Filename=Svced.exe
Description=Added by the DELF.F TROJAN!
Source=Paul Collins Startup list
[SvcH0st]
Number=10143
Confirmed=X
Filename=msexploren.exe
Description=Added by the BACKDOOR-CGZ TROJAN!
Source=Paul Collins Startup list
[SvcH0st]
Number=10144
Confirmed=X
Filename=SHCH.EXE
Description=Added by the EB TROJAN!
Source=Paul Collins Startup list
[SvcH0st]
Number=10145
Confirmed=X
Filename=SVCHST.EXE
Description=Added by the EB TROJAN!
Source=Paul Collins Startup list
[SvcH0st]
Number=10146
Confirmed=X
Filename=WINAGENT.EXE
Description=Added by the EB TROJAN!
Source=Paul Collins Startup list
[SVCH0ST]
Number=10147
Confirmed=X
Filename=spoo1sv.exe
Description=Added by the HF TROJAN!
Source=Paul Collins Startup list
[SVCH0ST]
Number=10148
Confirmed=X
Filename=SVCH0ST.EXE
Description=Added by the IK TROJAN! Note - the filename has the digit 0 rather then the uppercase "o"
Source=Paul Collins Startup list
[SvcH0st]
Number=10149
Confirmed=X
Filename=msnexploren.exe
Description=Added by the TACTSLAY.B TROJAN!
Source=Paul Collins Startup list
[SvcH0st]
Number=10150
Confirmed=X
Filename=sdhch.exe
Description=Added by the TACTSLAY.B TROJAN!
Source=Paul Collins Startup list
[SVCH0TS]
Number=10151
Confirmed=X
Filename=sp00lvs.exe
Description=Added by the LINEAGE-AZ TROJAN!
Source=Paul Collins Startup list
[svchast]
Number=10152
Confirmed=X
Filename=svchast.exe
Description=Added by the LINEAGE-AV TROJAN!
Source=Paul Collins Startup list
[svchctrl]
Number=10153
Confirmed=X
Filename=svchctrl.exe
Description=Added by the COBFINN TROJAN!
Source=Paul Collins Startup list
[svchos]
Number=10154
Confirmed=X
Filename=svchos.exe
Description=Added by the EZIBOT-B TROJAN!
Source=Paul Collins Startup list
[SVCHOST]
Number=10155
Confirmed=X
Filename=svchost.exe
Description=System1060 homepage hi-jacker. Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "System1060" subfolder of the Winnt or Windows folder
Source=Paul Collins Startup list
[svchost]
Number=10156
Confirmed=X
Filename=svchost.exe
Description=Added by many TROJANS amd WORMS, such as MORB or TARNO. Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup!
Source=Paul Collins Startup list
[SVCHOST]
Number=10157
Confirmed=X
Filename=mrowyekdc.exe
Description=Added by the GOTORM WORM!
Source=Paul Collins Startup list
[svchost]
Number=10158
Confirmed=X
Filename=Svch0st.exe
Description=Added by the GRAYBIRD and GRAYBIRD.B TROJANS! Note - the filename has the digit 0 rather then the uppercase "o"
Source=Paul Collins Startup list
[svchost]
Number=10159
Confirmed=X
Filename=[path to trojan]
Description=Added by the HAZZER TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[svchost]
Number=10160
Confirmed=X
Filename=ADMAGIC.EXE
Description=Added by the SMIBAG WORM! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Svchost]
Number=10161
Confirmed=X
Filename=winhost.exe
Description=Added by the LOLAWEB.A TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Svchost]
Number=10162
Confirmed=X
Filename=svchost.exe
Description=Added by the MOZE-A WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list
[SVCHOST]
Number=10163
Confirmed=X
Filename=var.txt.exe
Description=Added by the LDPINCH.C TROJAN!
Source=Paul Collins Startup list
[Svchost]
Number=10164
Confirmed=X
Filename=svchosl.pif
Description=Added by the INZAE.A or INZAE.B WORMS!
Source=Paul Collins Startup list
[svchost]
Number=10165
Confirmed=X
Filename=[path] SETUP.EXE
Description=Added by the SETCLO WORM!
Source=Paul Collins Startup list
[SVCHOST]
Number=10166
Confirmed=X
Filename=scvhost.exe
Description=Added by the MYTOB.E or MYTOB.G WORMS!
Source=Paul Collins Startup list
[SVCHOST]
Number=10167
Confirmed=X
Filename=taskgmr.exe
Description=Added by the MYTOB.F or MYTOB.H WORMS!
Source=Paul Collins Startup list
[svchost]
Number=10168
Confirmed=X
Filename=olehelp.exe
Description=Added by the BOOKMARKER.G TROJAN!
Source=Paul Collins Startup list
[SVCHOST]
Number=10169
Confirmed=X
Filename=updater32.exe
Description=Added by the RANTS.A WORM!
Source=Paul Collins Startup list
[SVCHOST]
Number=10170
Confirmed=X
Filename=SPOOLSV.EXE
Description=Added by the BAITAP-A WORM! Note - "Spoolsv.exe" is located in the Windows or Winnt directory, and not in System32, like the legitimate Spoolsv.exe system file
Source=Paul Collins Startup list
[SvcHost]
Number=10171
Confirmed=X
Filename=svchost32.exe
Description=Added by the AGOBOT-TM WORM!
Source=Paul Collins Startup list
[svchost]
Number=10172
Confirmed=X
Filename=svchost.exe
Description=Added by the BANCBAN-HL TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "config" subfolder of the Winnt or Windows folder
Source=Paul Collins Startup list
[svchost]
Number=10173
Confirmed=X
Filename=[path to explorer.exe]
Description=Added by the UNREAL-A TROJAN!
Source=Paul Collins Startup list
[svchost]
Number=10174
Confirmed=X
Filename=rundll16.exe
Description=Added by the STARTPA-PB TROJAN!
Source=Paul Collins Startup list
[Svchost]
Number=10175
Confirmed=X
Filename=svchost.exe
Description=Added by the ADCLICK-AX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Program Files\Internet Explorer folder
Source=Paul Collins Startup list
[svchost]
Number=10176
Confirmed=X
Filename=svchost.exe
Description=Added by the ES TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Microsoft" subfolder
Source=Paul Collins Startup list
[svchost]
Number=10177
Confirmed=X
Filename=svchost.exe
Description=Added by the DLOADER-EV TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Arquivos de programas" folder
Source=Paul Collins Startup list
[svchost]
Number=10178
Confirmed=X
Filename=winhelp.exe
Description=Added by the GAOBOT.GEN!POLY WORM!
Source=Paul Collins Startup list
[SVCHOST]
Number=10179
Confirmed=X
Filename=MDM.EXE
Description=Added by the LCJUMP-A WORM! Note - this is not the valid Machine Debug Manager which shares the same filename
Source=Paul Collins Startup list
[Svchost]
Number=10180
Confirmed=X
Filename=svchots.exe
Description=Added by the RBOT.ADK WORM!
Source=Paul Collins Startup list
[svchost]
Number=10181
Confirmed=X
Filename=ying.exe
Description=Constructor VC2000 malware
Source=Paul Collins Startup list
[SVCHOST Generic application]
Number=10182
Confirmed=X
Filename=svchost.exe
Description=Added by the DAEMONI-K TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list
[svchost Netware Manager]
Number=10183
Confirmed=X
Filename=svchost.exe
Description=Added by the EXVID.A WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[Svchost Windows Remote Services]
Number=10184
Confirmed=X
Filename=svhost.exe
Description=Added by the IRCBOT-IV WORM!
Source=Paul Collins Startup list
[svchost.exe]
Number=10185
Confirmed=X
Filename=svchost32.exe
Description=CoolWebSearch Svchost32 parasite variant
Source=Paul Collins Startup list
[SVCHOST.EXE]
Number=10186
Confirmed=X
Filename=SVCHOST.EXE
Description=Added by the WRMSCAN-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list
[svchost.exe]
Number=10187
Confirmed=X
Filename=[path to executeable]
Description=Added by the BANKER-MO TROJAN!
Source=Paul Collins Startup list
[svchost.exe]
Number=10188
Confirmed=X
Filename=svchost.exe
Description=Added by the ZAPCHAS-V TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "drivers" subfolder
Source=Paul Collins Startup list
[svchost.exe]
Number=10189
Confirmed=X
Filename=swchost.exe
Description=Added by the SADELPHI-A TROJAN!
Source=Paul Collins Startup list
[svchost1]
Number=10190
Confirmed=X
Filename=svchost1.exe
Description=Added by the AGOBOT.ZZ WORM!
Source=Paul Collins Startup list
[SvcHost32]
Number=10191
Confirmed=X
Filename=svchost32.exe
Description=Added by the MIMAIL.I or MIMAIL.J WORMS!
Source=Paul Collins Startup list
[svchost64]
Number=10192
Confirmed=X
Filename=svchost64.exe
Description=Added by the SDBOTER.G VIRUS!
Source=Paul Collins Startup list
[svchosta]
Number=10193
Confirmed=X
Filename=svchosta.exe
Description=Added by the SNIFFER-I TROJAN!
Source=Paul Collins Startup list
[svchostb]
Number=10194
Confirmed=X
Filename=svchostb.exe
Description=Added by the SNIFFER-J TROJAN!
Source=Paul Collins Startup list
[svchostdll.scr]
Number=10195
Confirmed=X
Filename=svchostdll.scr
Description=Added by the BANCBAN-FM TROJAN!
Source=Paul Collins Startup list
[SvcHosto]
Number=10196
Confirmed=X
Filename=v1rg1n.exe
Description=Added by the AGOBOT-TK WORM!
Source=Paul Collins Startup list
[svchostr]
Number=10197
Confirmed=X
Filename=svchostr.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[svchosts]
Number=10198
Confirmed=X
Filename=svchosts.exe
Description=Added by the BANCBAN-DC or BANKER-ED TROJANS!
Source=Paul Collins Startup list
[svchosts.exe]
Number=10199
Confirmed=X
Filename=svchosts.exe
Description=Added by the AGOBOT-JN WORM!
Source=Paul Collins Startup list
[svchosts.scr]
Number=10200
Confirmed=X
Filename=svchosts.scr
Description=Added by the BANCBAN-DQ TROJAN and variants!
Source=Paul Collins Startup list
[SVCHOT]
Number=10201
Confirmed=X
Filename=SVCHOT.exe
Description=Added by the QQROB-U TROJAN!
Source=Paul Collins Startup list
[svchst]
Number=10202
Confirmed=X
Filename=svchst.exe
Description=Added by the KBROY-C TROJAN!
Source=Paul Collins Startup list
[svcinfo]
Number=10203
Confirmed=X
Filename=svcinfo.exe
Description=Added by the CRYPTER.A TROJAN!
Source=Paul Collins Startup list
[Svclhost]
Number=10204
Confirmed=X
Filename=svcchost.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[SvcManager]
Number=10205
Confirmed=X
Filename=restore3.exe
Description=Added by the AGENT-DSS TROJAN!
Source=Paul Collins Startup list
[svcmon]
Number=10206
Confirmed=U
Filename=svcmon.exe
Description=PersonInspect surveillance software. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list
[svcroot]
Number=10207
Confirmed=X
Filename=svcroot.exe
Description=Added by the KEYLOG-AC TROJAN!
Source=Paul Collins Startup list
[svcshare]
Number=10208
Confirmed=X
Filename=winampXP.exe
Description=Added by the FUJACKS-J VIRUS!
Source=Paul Collins Startup list
[svcshare]
Number=10209
Confirmed=X
Filename=spoclsv.exe
Description=Added by the FUJACKS-A VIRUS!
Source=Paul Collins Startup list
[SvcSys]
Number=10210
Confirmed=X
Filename=[path to file]
Description=Added by the BANCOS.Z TROJAN!
Source=Paul Collins Startup list
[Svcsys Registry Manager]
Number=10211
Confirmed=X
Filename=svcsysreg.exe
Description=Recognized by Kaspersky antivirus as Trojan-Clicker.Agent.cv
Source=Paul Collins Startup list
[svcsys32]
Number=10212
Confirmed=X
Filename=svcsys32.exe
Description=Added by the AGOBOT-LL WORM!
Source=Paul Collins Startup list
[svctask]
Number=10213
Confirmed=X
Filename=svctask.exe
Description=Added by the CHUCKYB-A TROJAN!
Source=Paul Collins Startup list
[svcwinprocess32]
Number=10214
Confirmed=X
Filename=[path to worm]
Description=Added by the UPERING WORM!
Source=Paul Collins Startup list
[svhoost]
Number=10215
Confirmed=X
Filename=checksys.exe
Description=Added by a downloader TROJAN of Chinese origin!
Source=Paul Collins Startup list
[SVHOST]
Number=10216
Confirmed=X
Filename=svhost.exe
Description=Added by the MYDOOM.I WORM!
Source=Paul Collins Startup list
[SVHOST]
Number=10217
Confirmed=X
Filename=SVHOST.EXE
Description=Added by the ZORI.A VIRUS!
Source=Paul Collins Startup list
[Svhost Loader]
Number=10218
Confirmed=X
Filename=svshost.exe
Description=Added by the AGOBOT.G WORM!
Source=Paul Collins Startup list
[svhost updates]
Number=10219
Confirmed=X
Filename=Svhost.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[svhost windows services]
Number=10220
Confirmed=X
Filename=svhost8.exe
Description=Added by the RBOT-WQ WORM!
Source=Paul Collins Startup list
[SVIDC32M]
Number=10221
Confirmed=?
Filename=SVIDC32M.exe
Description=??
Source=Paul Collins Startup list
[sVideo2]
Number=10222
Confirmed=X
Filename=vxdrun6.exe
Description="Switch" premium rate adult content dialler
Source=Paul Collins Startup list
[sviload32]
Number=10223
Confirmed=X
Filename=sviload32.exe
Description=Added by the RBOT-AAS WORM!
Source=Paul Collins Startup list
[SVM Pop]
Number=10224
Confirmed=?
Filename=svmpop.exe
Description=??
Source=Paul Collins Startup list
[svnlitup32]
Number=10225
Confirmed=X
Filename=svnlitup32.exe
Description=Added by the RBOT.CBJ WORM!
Source=Paul Collins Startup list
[svnloader]
Number=10226
Confirmed=X
Filename=svnload32.exe
Description=Added by the RBOT-ACU WORM!
Source=Paul Collins Startup list
[svphost.exe]
Number=10227
Confirmed=X
Filename=svphost.exe
Description=Added by the AGENT.CS TROJAN!
Source=Paul Collins Startup list
[SVPWUTIL]
Number=10228
Confirmed=U
Filename=SVPWUTIL.exe SVPwUTIL
Description=Part of Toshiba Hardware Setup
Source=Paul Collins Startup list
[svrrun]
Number=10229
Confirmed=X
Filename=svrrun.exe
Description=Adware hailing from Deskwizz.com
Source=Paul Collins Startup list
[svsekin]
Number=10230
Confirmed=X
Filename=svsekt.exe
Description=Added by the QQPASS.G TROJAN!
Source=Paul Collins Startup list
[svshost]
Number=10231
Confirmed=X
Filename=svshost.exe
Description=Added by the CHODE-H WORM!
Source=Paul Collins Startup list
[svshost]
Number=10232
Confirmed=X
Filename=messenger.exe
Description=Added by the LOONY-G TROJAN!
Source=Paul Collins Startup list
[Svshost Update Service]
Number=10233
Confirmed=X
Filename=svcbind.exe
Description=Added by the MYTOB.LH WORM!
Source=Paul Collins Startup list
[svshost32]
Number=10234
Confirmed=X
Filename=msgrsv32.exe
Description=Added by the RANKY.AJ TROJAN!
Source=Paul Collins Startup list
[svshost32]
Number=10235
Confirmed=X
Filename=svshost32.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[svshostdriver]
Number=10236
Confirmed=X
Filename=svshost.exe
Description=Added by the SDBOT-HN TROJAN!
Source=Paul Collins Startup list
[svtcin]
Number=10237
Confirmed=X
Filename=n20050308.a.Stub.EXE
Description=Added by the N20050308 TROJAN!
Source=Paul Collins Startup list
[svwin32]
Number=10238
Confirmed=X
Filename=unninst32.exe
Description=Added by the AGOBOT-NF WORM!
Source=Paul Collins Startup list
[SVX Control Service]
Number=10239
Confirmed=X
Filename=svxhost.exe
Description=Added by the FORBOT-K WORM!
Source=Paul Collins Startup list
[SW20]
Number=10240
Confirmed=U
Filename=sw20.exe
Description=Related to MSI's Dynamic Overclocking Technology
Source=Paul Collins Startup list
[SW24]
Number=10241
Confirmed=U
Filename=sw24.exe
Description=Related to MSI's Dynamic Overclocking Technology
Source=Paul Collins Startup list
[Swap Nut]
Number=10242
Confirmed=N
Filename=javaw.exe
Description=javaw.exe can be loaded by other programs at startup but in this instance it's SwapNut, a peer-to-peer file sharing and searching utility developed and marketed by File Metrics, Inc. Users can search for and find almost any type of digital file (audio, video, photos etc.) through a secure peer-to-peer network
Source=Paul Collins Startup list
[SWCaller]
Number=10243
Confirmed=X
Filename=SWcaller.exe
Description=Swporta homepage hijacker
Source=Paul Collins Startup list
[SWCaller]
Number=10244
Confirmed=X
Filename=Swcaller2.exe
Description=Swporta homepage hijacker
Source=Paul Collins Startup list
[Swchost]
Number=10245
Confirmed=X
Filename=Swhost.exe
Description=Added by the MP TROJAN!
Source=Paul Collins Startup list
[SWClient]
Number=10246
Confirmed=U
Filename=swsys.exe
Description=ActivMonAgent keyboard logger/monitoring program - remove unless you installed it yourself
Source=Paul Collins Startup list
[swcroot]
Number=10247
Confirmed=X
Filename=swcroot.exe
Description=Added by the SOLENO-A TROJAN!
Source=Paul Collins Startup list
[SWd]
Number=10248
Confirmed=N
Filename=winwd.exe
Description=PC Security from Tropical Software - lock files, password protect, etc
Source=Paul Collins Startup list
[Sweep95]
Number=10249
Confirmed=Y
Filename=ICLOAD95.EXE
Description=Part of Sophos ant-virus sofware
Source=Paul Collins Startup list
[SweetIM]
Number=10250
Confirmed=N
Filename=SweetIM.exe
Description=vSweetIM - send fancier smiley-faces and IM graphics to friends who are using MSN Messenger. They are only able to see these advanced smiley-faces if they also have SweetIM installed
Source=Paul Collins Startup list
[Swf32]
Number=10251
Confirmed=X
Filename=AVupdate.exe
Description=Added by the MERKUR.E WORM!
Source=Paul Collins Startup list
[Swf32]
Number=10252
Confirmed=X
Filename=_backup.exe
Description=Added by the SYMTEN WORM!
Source=Paul Collins Startup list
[swg]
Number=10253
Confirmed=U
Filename=GoogleToolbarNotifier.exe
Description=Companion to the Google Toolbar that lets you keep Google as your default search engine and prevents this setting from being changed without your consent. Shouldn't remain in memory after the feature is disabled as it's a bug - see here
Source=Paul Collins Startup list
[SwimSuitNetwork]
Number=10254
Confirmed=X
Filename=SwimSuitNetwork.exe
Description=Advertising spyware
Source=Paul Collins Startup list
[swingsys]
Number=10255
Confirmed=X
Filename=SWINGSYS.EXE
Description=Added by the BANCOS-CX TROJAN!
Source=Paul Collins Startup list
[Switch Off]
Number=10256
Confirmed=U
Filename=swoff.exe
Description=Switch Off - tray-based system utility that can automatically perform various frequently used operations like shutdown or restart your computer, disconnect your current dialup connection, lock workstation, etc
Source=Paul Collins Startup list
[Switchboard.com Toolbar]
Number=10257
Confirmed=N
Filename=AtHoc.exe
Description=Toolbar for the on-line version of Yellow Pages in the US - Switchboard.com
Source=Paul Collins Startup list
[Switcher]
Number=10258
Confirmed=U
Filename=Switcher.exe
Description="On a Sony laptop with built in wireless it allows the user to select which wireless services they want to run (i.e. Wireless LAN, Bluetooth, both) when turning the wireless switch on if disabled)"
Source=Paul Collins Startup list
[switp]
Number=10259
Confirmed=X
Filename=switpa.exe
Description=OfferAgent adware component
Source=Paul Collins Startup list
[SWL]
Number=10260
Confirmed=U
Filename=rundll32.exe [path] SWL.dll rdl
Description=StealthWeblog surveillance software. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list
[SWN2]
Number=10261
Confirmed=U
Filename=swnxt.exe
Description=Spyware removal program by TrekBlue. Previously not recommended but the latest version was delisted here
Source=Paul Collins Startup list
[sws.exe]
Number=10262
Confirmed=X
Filename=[random filename]
Description=Haldex type adult content dialler
Source=Paul Collins Startup list
[sws.exe]
Number=10263
Confirmed=X
Filename=gd-dial.exe
Description=Globaldialer adult content premium rate dialer
Source=Paul Collins Startup list
[SwTray]
Number=10264
Confirmed=N
Filename=SWTRAY.EXE
Description=MS SideWinder game controller system tray icon. Available via Start -> Programs. May have the version number after it
Source=Paul Collins Startup list
[SWTrayV4]
Number=10265
Confirmed=N
Filename=SWTrayV4.exe
Description=MS SideWinder game controller system tray icon. This is specific to version 4 of the software. Available via Start -> Programs
Source=Paul Collins Startup list
[SXGDSENU]
Number=10266
Confirmed=?
Filename=sxgdsenu.exe
Description=Yamaha SXG soundcard driver
Source=Paul Collins Startup list
[SxgTkBar]
Number=10267
Confirmed=N
Filename=sxgtkbar.exe
Description=Yamaha SXG soundcard utility - gives quick and easy access via the system tray bar to diagnostics and configuration
Source=Paul Collins Startup list
[Sxplog]
Number=10268
Confirmed=?
Filename=sxpstub.exe
Description=Part of CA Unicenter Software Delivery - manage software across various systems, from desktops and servers to PDAs and mobile phones, in a controlled and standardized way - is it required at startup?
Source=Paul Collins Startup list
[sxrrv]
Number=10269
Confirmed=X
Filename=sxrrv.pif
Description=Added by the VAX-A TROJAN!
Source=Paul Collins Startup list
[SyBot v2.1 By Sky-Dancer]
Number=10270
Confirmed=X
Filename=HPSV.exe
Description=Added by the ZOTOB.I WORM!
Source=Paul Collins Startup list
[SYDNEY]
Number=10271
Confirmed=X
Filename=[file path]
Description=Added by the SYNEY WORM!
Source=Paul Collins Startup list
[syelimS-esreveR-troppuS]
Number=10272
Confirmed=X
Filename=[filename]
Description=Added by the LITBOT.C TROJAN!
Source=Paul Collins Startup list
[Syga432te Pe432rsonal Firewall]
Number=10273
Confirmed=X
Filename=MrNo4236.exe
Description=Added by the RBOT-AQY WORM!
Source=Paul Collins Startup list
[Sygaete Personal Firewall]
Number=10274
Confirmed=X
Filename=SyGate.exe
Description=Added by the RBOT-GLX WORM!
Source=Paul Collins Startup list
[Sygate Peral Firewall]
Number=10275
Confirmed=X
Filename=Syga.exe
Description=Added by the RBOT-AQK WORM!
Source=Paul Collins Startup list
[Sygate Personal 3]
Number=10276
Confirmed=X
Filename=svrv.exe
Description=Added by the RBOT-XD WORM!
Source=Paul Collins Startup list
[Sygate Personal Block]
Number=10277
Confirmed=X
Filename=Studio.exe
Description=Added by the RBOT-TW WORM!
Source=Paul Collins Startup list
[Sygate Personal Firewall]
Number=10278
Confirmed=X
Filename=Win32x.exe
Description=Added by the RBOT-KZ WORM!
Source=Paul Collins Startup list
[Sygate Personal Firewall]
Number=10279
Confirmed=X
Filename=system32.exe
Description=Added by the RBOT.VI WORM!
Source=Paul Collins Startup list
[Sygate Personal Firewall]
Number=10280
Confirmed=X
Filename=sysgut.exe
Description=Added by the SDBOT.WM WORM!
Source=Paul Collins Startup list
[Sygate Personal Firewall]
Number=10281
Confirmed=X
Filename=Sygate.exe
Description=Added by the RBOT-PN WORM!
Source=Paul Collins Startup list
[Sygate Personal Firewall]
Number=10282
Confirmed=X
Filename=Mcafeeupdate.exe
Description=Added by the RBOT.YN WORM!
Source=Paul Collins Startup list
[Sygate Personal Firewall]
Number=10283
Confirmed=X
Filename=Sygate32.exe
Description=Added by the RBOT.ATW WORM!
Source=Paul Collins Startup list
[Sygate Personal Firewall]
Number=10284
Confirmed=X
Filename=MSNSRV32.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Sygate Personal Firewall]
Number=10285
Confirmed=X
Filename=service.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Sygate Personal Firewall]
Number=10286
Confirmed=X
Filename=t1ktik.exe
Description=Added by the RBOT-VP WORM!
Source=Paul Collins Startup list
[Sygate Personal Firewall]
Number=10287
Confirmed=X
Filename=host32.exe
Description=Added by the RBOT.ALD WORM!
Source=Paul Collins Startup list
[Sygate Personal Firewall]
Number=10288
Confirmed=X
Filename=sexy.exe
Description=Added by the RBOT-XY WORM!
Source=Paul Collins Startup list
[Sygate Personal Firewall]
Number=10289
Confirmed=X
Filename=sys.exe
Description=Added by the RBOT-ZC WORM!
Source=Paul Collins Startup list
[Sygate Personal Firewall]
Number=10290
Confirmed=X
Filename=syserror.exe
Description=Added by the RBOT.UC WORM!
Source=Paul Collins Startup list
[Sygate Personal Firewall]
Number=10291
Confirmed=X
Filename=hostserv.exe
Description=Added by the RBOT.BKO WORM!
Source=Paul Collins Startup list
[Sygate Personal Firewall]
Number=10292
Confirmed=X
Filename=msnmsgrs.exe
Description=Added by the RBOT.XN WORM!
Source=Paul Collins Startup list
[Sygate Personal Firewall]
Number=10293
Confirmed=X
Filename=Sygat.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Sygate Personal Firewall]
Number=10294
Confirmed=X
Filename=wins.exe
Description=Added by the RBOT.AOB WORM!
Source=Paul Collins Startup list
[Sygate Personal Firewall]
Number=10295
Confirmed=X
Filename=winxpstat.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Sygate Personal Firewall]
Number=10296
Confirmed=X
Filename=Syga.exe
Description=Added by the RBOT-AQD WORM!
Source=Paul Collins Startup list
[Sygate Personal Firewall]
Number=10297
Confirmed=X
Filename=svchots.exe
Description=Added by the RBOT.ABT WORM!
Source=Paul Collins Startup list
[Sygate Personal Firewall Start]
Number=10298
Confirmed=X
Filename=services32.exe
Description=Added by the RBOT-MB WORM!
Source=Paul Collins Startup list
[Sygate Personal Firewall Start]
Number=10299
Confirmed=X
Filename=servic.exe
Description=Added by the RBOT-RY WORM!
Source=Paul Collins Startup list
[Sygate Personal Port]
Number=10300
Confirmed=X
Filename=crss.exe
Description=Added by the RBOT-PX WORM!
Source=Paul Collins Startup list
[Sygate Personal Port Blocker]
Number=10301
Confirmed=X
Filename=volume.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Sygate Personal Port Blocker]
Number=10302
Confirmed=X
Filename=winupdate.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Sygate Personals Firewalls]
Number=10303
Confirmed=X
Filename=ccsrn.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[SyGateService]
Number=10304
Confirmed=U
Filename=sgserv95.exe
Description=SyGate is a useful little program that lets you share an internet connection over an intranet. Is it needed - it saves a lot of headache to just let SyGate load at startup. Available via Start -> Programs
Source=Paul Collins Startup list
[Symantec]
Number=10305
Confirmed=X
Filename=ccapp.exe
Description=Added by the REATLE WORM! Note - this is not a Symantec file
Source=Paul Collins Startup list
[Symantec Anti Virus]
Number=10306
Confirmed=X
Filename=symantec32.exe
Description=Added by a variant of the WOOTBOT WORM!
Source=Paul Collins Startup list
[Symantec Antivirus professional]
Number=10307
Confirmed=X
Filename=dfrgfrat.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Symantec Autoscan]
Number=10308
Confirmed=X
Filename=[random filename]
Description=Added by the RBOT-AJO WORM!
Source=Paul Collins Startup list
[Symantec Configuration Loader]
Number=10309
Confirmed=X
Filename=ccApp32.exe
Description=Added by a variant of the GAOBOT WORM!
Source=Paul Collins Startup list
[Symantec Core LC]
Number=10310
Confirmed=Y
Filename=symlcsvc.exe
Description=Part of Norton AntiVirus 2004. What does it do?
Source=Paul Collins Startup list
[Symantec Fax Starter Edition Port]
Number=10311
Confirmed=N
Filename=OLFSNT40.EXE
Description=Offers a virtual printer as a fax machine. Can be run via a desktop shortcut
Source=Paul Collins Startup list
[Symantec NetDriver Monitor]
Number=10312
Confirmed=U
Filename=SNDMon.exe
Description=Part of Symantec's LiveUpate (eg, Norton). Not required if you run manual updates but probably require if you leave them to run automatically. Also, if one runs a small office network and SNDMon is disabled on one of the computers – then other computers disappear from the network for this computer, including shared devices like printers and scanners. Hence the "U" recommendation
Source=Paul Collins Startup list
[Symantec NetDriver Warning]
Number=10313
Confirmed=U
Filename=SNDWarn.exe
Description=Part of Symantec Live Update - displays the warning when you need to update the firewall database
Source=Paul Collins Startup list
[Symantec Secure Server]
Number=10314
Confirmed=X
Filename=svrhost.exe
Description=Added by the IRCBOT-UB TROJAN!
Source=Paul Collins Startup list
[Symantec Security]
Number=10315
Confirmed=X
Filename=symantec32.exe
Description=Added by the RANDEX.PR or RANDEX.YR WORMS!
Source=Paul Collins Startup list
[Symantec Security Addon]
Number=10316
Confirmed=X
Filename=nvsvc.exe
Description=Added by a variant of the AGOBOT/GAOBOT WORM! Note - do NOT confuse with the legitimate NVIDIA Driver Helper Service file of the same name as described here
Source=Paul Collins Startup list
[Symantec Security Routine Addon for Microsoft Windows]
Number=10317
Confirmed=X
Filename=navpxaw32.exe
Description=Added by the AGOBOT-GJ TROJAN!
Source=Paul Collins Startup list
[Symantec Service]
Number=10318
Confirmed=X
Filename=ccApp.exe
Description=Added by the AKHER.D WORM! Note - this is also not the valid Norton AV file with the same filename
Source=Paul Collins Startup list
[SymantecFilterCheck]
Number=10319
Confirmed=X
Filename=svhost.exe
Description=Added by the BANKER-EEO TROJAN!
Source=Paul Collins Startup list
[SymAV]
Number=10320
Confirmed=X
Filename=SymAV.exe
Description=Added by the NETSKY.U WORM!
Source=Paul Collins Startup list
[SymKeepAlive]
Number=10321
Confirmed=U
Filename=CKA.exe
Description=Part of Norton SystemWorks 2003 - keeps a dial-up modem connection alive
Source=Paul Collins Startup list
[Symlcs]
Number=10322
Confirmed=X
Filename=[path to file]
Description=Added by the YASPY-A TROJAN!
Source=Paul Collins Startup list
[Symmetrical Network]
Number=10323
Confirmed=X
Filename=symmec.exe
Description=Added by the DELBOT-N WORM!
Source=Paul Collins Startup list
[SymRun]
Number=10324
Confirmed=X
Filename=N/A
Description=Added by the KANGAROO-A TROJAN!
Source=Paul Collins Startup list
[SymRun]
Number=10325
Confirmed=X
Filename=ccApps.exe
Description=Added by the KAGEN-A TROJAN!
Source=Paul Collins Startup list
[SymTray - Norton SystemWorks]
Number=10326
Confirmed=N
Filename=SYMTRAY.EXE
Description=Keeps all System Tray icons for Norton SystemWorks together to reduce clutter. SystemWorks includes Norton Anti-Virus, Norton Utilities and Norton CleanSweep - mentioned elsewhere here. Personally I only have Norton eMail Protect running which doesn't need SymTray
Source=Paul Collins Startup list
[Synaptics Pointing Device Driver]
Number=10327
Confirmed=U
Filename=SynTPEnh.exe
Description=Synaptics touchpad tray icon. Displays status and provides quick launch to touchpad features such as scrolling and tap zones. Required on IBM Thinkpads with UnltraNav (pointstick and touchpad combo) if you don't want to loose the advanced pointstick features such as scroll
Source=Paul Collins Startup list
[Sync Data]
Number=10328
Confirmed=U
Filename=Hndsync.exe
Description=Pocket Real Estate - mobile synchronization manager
Source=Paul Collins Startup list
[Sync Server]
Number=10329
Confirmed=X
Filename=drwatsoon.exe
Description=Added by the WATSOON.A TROJAN!
Source=Paul Collins Startup list
[Sync-It]
Number=10330
Confirmed=U
Filename=Syncit.exe
Description=Sync-It - synchronizes the system clock with time servers on the internet
Source=Paul Collins Startup list
[SyncAgent]
Number=10331
Confirmed=U
Filename=syncagent.exe
Description=Ghost Keylogger keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list
[Synchronization Manage]
Number=10332
Confirmed=X
Filename=rservers.exe
Description=Added by the FORBOT-FM WORM!
Source=Paul Collins Startup list
[Synchronization Manager]
Number=10333
Confirmed=N
Filename=mobsync.exe
Description=Find more information about its use here
Source=Paul Collins Startup list
[syncman]
Number=10334
Confirmed=X
Filename=winsync.exe
Description=Added by the MANCSYN-A TROJAN!
Source=Paul Collins Startup list
[SyncManager]
Number=10335
Confirmed=X
Filename=msorunner.exe
Description=Added by a variant of the TACTSLAY TROJAN!
Source=Paul Collins Startup list
[SyncMon]
Number=10336
Confirmed=X
Filename=adslcomdos.exe
Description=Added by the CLUNKY-A TROJAN!
Source=Paul Collins Startup list
[SyncMon]
Number=10337
Confirmed=X
Filename=fixcomdos.exe
Description=Added by the CLUNKY-B TROJAN!
Source=Paul Collins Startup list
[SynSetup]
Number=10338
Confirmed=?
Filename=SynTP.tmp RunOnce.exe
Description=Probably associated Synaptics touchpads on laptops as for the SynTPEnh and SynTPLpr entries but what does it do and is it required?
Source=Paul Collins Startup list
[Syntax]
Number=10339
Confirmed=X
Filename=windows32.exe
Description=Added by the SDBOT.CQ WORM!
Source=Paul Collins Startup list
[Syntax Script]
Number=10340
Confirmed=X
Filename=systacq.exe
Description=Added by the SDBOT.AI WORM!
Source=Paul Collins Startup list
[SynTPEnh]
Number=10341
Confirmed=U
Filename=syntpenh.exe
Description=Synaptics touchpad tray icon. Displays status and provides quick launch to touchpad features such as scrolling and tap zones. Required on IBM Thinkpads with UnltraNav (pointstick and touchpad combo) if you don't want to loose the advanced pointstick features such as scroll
Source=Paul Collins Startup list
[SynTPLpr]
Number=10342
Confirmed=Y
Filename=syntplpr.exe
Description=Synaptics touchpad driver helper. Required for touchpad features to work
Source=Paul Collins Startup list
[sys]
Number=10343
Confirmed=X
Filename=regedit /s sys.reg
Description=Hijacker
Source=Paul Collins Startup list
[sys]
Number=10344
Confirmed=X
Filename=regedit sysdllwm.reg
Description=CoolWebSearch parasite variant - also detected as the FEMAD-L TROJAN!
Source=Paul Collins Startup list
[Sys Ren]
Number=10345
Confirmed=X
Filename=SysRen.exe
Description=Part of FlashEnhancer adware
Source=Paul Collins Startup list
[sys************* [* = random digit]]
Number=10346
Confirmed=X
Filename=sys*************.exe [* = random digit]
Description=WINBO adware
Source=Paul Collins Startup list
[Sys**.exe [* = random char]]
Number=10347
Confirmed=X
Filename=Sys**.exe [* = random char]
Description=CoolWebSearch/HomeSearch adware - for examples, see this log
Source=Paul Collins Startup list
[Sys**32.exe [* = random char]]
Number=10348
Confirmed=X
Filename=Sys**32.exe [* = random char]
Description=CoolWebSearch/HomeSearch adware - for examples, see this log
Source=Paul Collins Startup list
[Sys-Stat]
Number=10349
Confirmed=X
Filename=wuapdxe.exe
Description=Added by the SDBOT.HK WORM!
Source=Paul Collins Startup list
[sys008]
Number=10350
Confirmed=X
Filename=sys008.exe
Description=Hijacker, also detected as the STARTPA-GK TROJAN!
Source=Paul Collins Startup list
[sys009]
Number=10351
Confirmed=X
Filename=sys009.exe
Description=Added by the STARTPA-ZB TROJAN!
Source=Paul Collins Startup list
[sys201]
Number=10352
Confirmed=X
Filename=sys209.exe
Description=Added by the STARTPA-ZY TROJAN!
Source=Paul Collins Startup list
[Sys29]
Number=10353
Confirmed=X
Filename=win***32.exe [* = random char]
Description=EliteBar adware
Source=Paul Collins Startup list
[sys32]
Number=10354
Confirmed=X
Filename=sys32.exe
Description=Added by the FLUX.E TROJAN!
Source=Paul Collins Startup list
[sys32]
Number=10355
Confirmed=X
Filename=sysx32.exe
Description=Added by the KVEX-A VIRUS!
Source=Paul Collins Startup list
[sys32cmd]
Number=10356
Confirmed=U
Filename=sys32win.exe
Description=Active Keylogger keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list
[sys32dll]
Number=10357
Confirmed=X
Filename=sys32dll.exe
Description=Added by the AIMDES.B WORM!
Source=Paul Collins Startup list
[sys32sql]
Number=10358
Confirmed=U
Filename=sys32win.exe
Description=Active Keylogger keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list
[sys33]
Number=10359
Confirmed=X
Filename=sys33.exe
Description=Added by the AGOBOT-WJ WORM!
Source=Paul Collins Startup list
[SysA]
Number=10360
Confirmed=X
Filename=win***32.exe [* = random char]
Description=EliteBar adware
Source=Paul Collins Startup list
[SysAgent]
Number=10361
Confirmed=U
Filename=SysAgent.exe
Description=SYSagent - small utility for retrieving all the hardware and software information required by anyone administering a machine and/or the network it's a part of
Source=Paul Collins Startup list
[SysAI]
Number=10362
Confirmed=X
Filename=SysAI.exe
Description=AproposMedia adware
Source=Paul Collins Startup list
[SysATW]
Number=10363
Confirmed=X
Filename=sysatw.exe
Description=Added by the VANEBOT-AM WORM!
Source=Paul Collins Startup list
[SysBkup]
Number=10364
Confirmed=U
Filename=[path to file]
Description=Keyspy keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list
[Sysbot]
Number=10365
Confirmed=U
Filename=sysbot.exe
Description=Spector - spying (or monitoring) software to record internet activity
Source=Paul Collins Startup list
[syscfg]
Number=10366
Confirmed=X
Filename=syscfg32.exe
Description=Added by the KWBOT.S WORM!
Source=Paul Collins Startup list
[syscfg34.exe]
Number=10367
Confirmed=X
Filename=syscfg34.exe
Description=Added by the ELECTRON WORM!
Source=Paul Collins Startup list
[Syscheck]
Number=10368
Confirmed=X
Filename=win.hta
Description=Browser hijacker
Source=Paul Collins Startup list
[syscheck]
Number=10369
Confirmed=X
Filename=iexplorer.exe
Description=Added by the AGENT.DM TROJAN!
Source=Paul Collins Startup list
[sysclx]
Number=10370
Confirmed=X
Filename=ntldrt.exe
Description=Added by the JLOK-A WORM!
Source=Paul Collins Startup list
[syscm]
Number=10371
Confirmed=X
Filename=Syscm.exe
Description=Vanish adware
Source=Paul Collins Startup list
[SysComp]
Number=10372
Confirmed=?
Filename=mssdnl.com
Description=Unknown but suspect as *.com are not usually run at start up and the name isn't recognized
Source=Paul Collins Startup list
[syscon]
Number=10373
Confirmed=X
Filename=syscon.exe
Description=Added by the APRILCONE.A WORM!
Source=Paul Collins Startup list
[syscon lptt01]
Number=10374
Confirmed=X
Filename=syscon.exe
Description=RapidBlaster variant (in a "Syscon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
Source=Paul Collins Startup list
[syscon ml097e]
Number=10375
Confirmed=X
Filename=syscon.exe
Description=RapidBlaster variant (in a "Syscon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
Source=Paul Collins Startup list
[sysconfig]
Number=10376
Confirmed=X
Filename=iexplorer.exe
Description=Added by the CULT.C WORM!
Source=Paul Collins Startup list
[SysConfig]
Number=10377
Confirmed=X
Filename=syscfg35.exe
Description=Added by the KAZMOR.C WORM!
Source=Paul Collins Startup list
[sysconfig]
Number=10378
Confirmed=X
Filename=iexplorer.exe
Description=Added by the CULT.H WORM!
Source=Paul Collins Startup list
[SysConfig]
Number=10379
Confirmed=X
Filename=wincfg32.exe
Description=Added by the SDBOT.ZD WORM!
Source=Paul Collins Startup list
[Sysconfig]
Number=10380
Confirmed=U
Filename=Stealth KeySpy.exe
Description=StealthKeySpy - keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list
[Syscpy]
Number=10381
Confirmed=X
Filename=Syscpy.exe
Description=Firewall-bypassing, proxied spam relayer. Detected by Symantec as the HOGLE TROJAN!
Source=Paul Collins Startup list
[SysCtl]
Number=10382
Confirmed=X
Filename=sysctl.exe
Description=Added by the AOK TROJAN!
Source=Paul Collins Startup list
[Sysctrls]
Number=10383
Confirmed=X
Filename=procdll.exe
Description=Added by the WEEDBOTZ.14 TROJAN!
Source=Paul Collins Startup list
[Sysctrls]
Number=10384
Confirmed=X
Filename=winupdate.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[sysdat.dll]
Number=10385
Confirmed=X
Filename=sysdat.dll.exe
Description=Added by the NISHICA 1.1 TROJAN!
Source=Paul Collins Startup list
[SysData]
Number=10386
Confirmed=X
Filename=[path to file]
Description=Added by the RANCK-BA TROJAN!
Source=Paul Collins Startup list
[SysDeskqqfx]
Number=10387
Confirmed=X
Filename=qqfx.exe
Description=Added by the QQPASS.H TROJAN!
Source=Paul Collins Startup list
[SysDeskqqfx]
Number=10388
Confirmed=X
Filename=Runddll32.exe
Description=Added by the CHANGGAME TROJAN!
Source=Paul Collins Startup list
[SysDesktop]
Number=10389
Confirmed=X
Filename=fswanQQ.exe
Description=Added by the QQSEND-A TROJAN!
Source=Paul Collins Startup list
[sysdir]
Number=10390
Confirmed=X
Filename=winrun.exe
Description=Added by the WINBUR.B WORM!
Source=Paul Collins Startup list
[sysdll]
Number=10391
Confirmed=X
Filename=[trojan filename]
Description=Added by the HUGESOT TROJAN!
Source=Paul Collins Startup list
[Sysdpt]
Number=10392
Confirmed=X
Filename=sysdpt.exe
Description=CRYPT trojan downloader
Source=Paul Collins Startup list
[sysdxvid]
Number=10393
Confirmed=X
Filename=sysdxvid.exe
Description=Added by the DLUCA-S TROJAN!
Source=Paul Collins Startup list
[sysemls]
Number=10394
Confirmed=X
Filename=sysem.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[SysEQ]
Number=10395
Confirmed=X
Filename=svclgx32.exe
Description=Added by the IRCBOT-AC TROJAN!
Source=Paul Collins Startup list
[sysfiler]
Number=10396
Confirmed=X
Filename=sysfiler.exe
Description=Added by the RETSAM TROJAN!
Source=Paul Collins Startup list
[SYSfit]
Number=10397
Confirmed=X
Filename=SYSfit.exe
Description=AdShooter adware variant
Source=Paul Collins Startup list
[sysflg32]
Number=10398
Confirmed=X
Filename=sysflg32.exe
Description=Added by a variant of the CRYPTER.C TROJAN!
Source=Paul Collins Startup list
[sysformat]
Number=10399
Confirmed=X
Filename=sysformat.exe
Description=Added by the BAGLE-BK WORM!
Source=Paul Collins Startup list
[sysfrcx]
Number=10400
Confirmed=X
Filename=sysfrcx.exe
Description=Added by the KEYLOG-SCLOG TROJAN!
Source=Paul Collins Startup list
[syshelp]
Number=10401
Confirmed=X
Filename=syshelp.exe
Description=Added by a variant of the LOVGATE WORM!
Source=Paul Collins Startup list
[sysin]
Number=10402
Confirmed=X
Filename=[path to file]
Description=Added by the DSRC-A TROJAN!
Source=Paul Collins Startup list
[sysinfo]
Number=10403
Confirmed=X
Filename=sysinfo.exe
Description=Added by the BEDRILL TROJAN!
Source=Paul Collins Startup list
[sysinfo.exe]
Number=10404
Confirmed=X
Filename=sysinfo.exe
Description=Added by the BEAGLE.V WORM!
Source=Paul Collins Startup list
[SysInit]
Number=10405
Confirmed=X
Filename=wininit32.exe
Description=Added by the XABOT WORM!
Source=Paul Collins Startup list
[sysinit]
Number=10406
Confirmed=X
Filename=services.exe
Description=Added by the NEWLFRM-A TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in an "golumm" subfolder
Source=Paul Collins Startup list
[Sysino]
Number=10407
Confirmed=X
Filename=lsess.exe
Description=Added by the FORBOT-BF WORM!
Source=Paul Collins Startup list
[sysint16]
Number=10408
Confirmed=X
Filename=sysint16.exe
Description=Added by the CRYPTER.A TROJAN!
Source=Paul Collins Startup list
[Syskey]
Number=10409
Confirmed=X
Filename=sysinit.exe
Description=Added by the BEAGLE.AX WORM!
Source=Paul Collins Startup list
[Syslib]
Number=10410
Confirmed=X
Filename=Syslib.exe
Description=Adult content related downloader trojan
Source=Paul Collins Startup list
[Syslog lptt01]
Number=10411
Confirmed=X
Filename=Syslog.exe
Description=RapidBlaster variant (in a "Syslog" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
Source=Paul Collins Startup list
[Syslog ml097e]
Number=10412
Confirmed=X
Filename=Syslog.exe
Description=RapidBlaster variant (in a "Syslog" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
Source=Paul Collins Startup list
[syslogin.exe]
Number=10413
Confirmed=X
Filename=syslogin.exe
Description=Added by the BAGZ-B WORM!
Source=Paul Collins Startup list
[Sysman]
Number=10414
Confirmed=U
Filename=Sysman.exe
Description=KeyTrap is a surveillance software program that records all keyboard activities. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list
[sysme]
Number=10415
Confirmed=X
Filename=sysme.exe
Description=Added by the PSW_STEALER_C TROJAN!
Source=Paul Collins Startup list
[sysmem]
Number=10416
Confirmed=X
Filename=mmsete.exe
Description=Added by the NOPIR.C WORM!
Source=Paul Collins Startup list
[sysmem]
Number=10417
Confirmed=X
Filename=outlookrem.exe
Description=Added by the NOPIR-C WORM!
Source=Paul Collins Startup list
[SysMemory manager]
Number=10418
Confirmed=X
Filename=mdms.exe
Description=Added by the CIMUZ-D TROJAN!
Source=Paul Collins Startup list
[SysMetrix]
Number=10419
Confirmed=U
Filename=SysMetrix.exe
Description=SysMetrix - skinnable clock and metering application. It monitors and reports on a great number of statistics
Source=Paul Collins Startup list
[sysMett1]
Number=10420
Confirmed=X
Filename=explorer.exe
Description=Added by the LEGMIR-Y TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the Program Files folder
Source=Paul Collins Startup list
[sysmini]
Number=10421
Confirmed=X
Filename=sysmini.exe
Description=Added by the ADLOAD.DD TROJAN!
Source=Paul Collins Startup list
[sysmngr32]
Number=10422
Confirmed=X
Filename=sys64mnger.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[sysmntrc]
Number=10423
Confirmed=X
Filename=sysmntrc.exe
Description=Added by the BANCOS-FX TROJAN!
Source=Paul Collins Startup list
[sysmod]
Number=10424
Confirmed=X
Filename=sysmod.exe
Description=Added by the SPYBOT-DU WORM!
Source=Paul Collins Startup list
[sysmon]
Number=10425
Confirmed=X
Filename=sysmon.exe
Description=Added by the BIZEX WORM!
Source=Paul Collins Startup list
[Sysmon]
Number=10426
Confirmed=X
Filename=rpcmon.exe
Description=Added by the RANDEX.ATX WORM!
Source=Paul Collins Startup list
[sysmon]
Number=10427
Confirmed=X
Filename=sysmon44.exe
Description=Added by a variant of the BACKDOOR-CBA TROJAN!
Source=Paul Collins Startup list
[SysMon]
Number=10428
Confirmed=X
Filename=wowexece.exe
Description=Added by the MULAN-A TROJAN!
Source=Paul Collins Startup list
[Sysmon]
Number=10429
Confirmed=X
Filename=SystemMonitor.exe
Description=Added by the NUJAMA-A WORM!
Source=Paul Collins Startup list
[sysmon12]
Number=10430
Confirmed=X
Filename=[various filenames]
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[SysmonLog]
Number=10431
Confirmed=X
Filename=mslog.exe
Description=Added by the AGENT.AOV TROJAN!
Source=Paul Collins Startup list
[sysmonnt]
Number=10432
Confirmed=X
Filename=sysmonnt.exe
Description=SearchPounder sends keywords typed into HTML forms and popular Internet search engines to a remote server
Source=Paul Collins Startup list
[SysMonXP]
Number=10433
Confirmed=X
Filename=SysMonXP.exe
Description=Added by the NETSKY.Q WORM!
Source=Paul Collins Startup list
[sysnate]
Number=10434
Confirmed=X
Filename=sysnate.exe
Description=Added by the MEDIAS TROJAN!
Source=Paul Collins Startup list
[Sysnet]
Number=10435
Confirmed=X
Filename=snuninst.exe
Description=Unidentified adware
Source=Paul Collins Startup list
[sysnet]
Number=10436
Confirmed=X
Filename=sysnet.exe
Description=CasClient adware - also detected as the CMAPP TROJAN!
Source=Paul Collins Startup list
[sysobj.exe]
Number=10437
Confirmed=X
Filename=sysobj.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[SysOps]
Number=10438
Confirmed=X
Filename=SysOps
Description=Added by the MSNCORRUPT TROJAN!
Source=Paul Collins Startup list
[syspare]
Number=10439
Confirmed=X
Filename=syspare.exe
Description=Added by the BIFROSE-AN TROJAN!
Source=Paul Collins Startup list
[syspath]
Number=10440
Confirmed=X
Filename=drv.exe
Description=Added by the SOBER WORM!
Source=Paul Collins Startup list
[sysPersonalFirewall]
Number=10441
Confirmed=X
Filename=msnmssgr.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[sysPersonalFirewall]
Number=10442
Confirmed=X
Filename=system.exe
Description=Added by the WOOTBOT.FH WORM!
Source=Paul Collins Startup list
[sysPersonalFirewall]
Number=10443
Confirmed=X
Filename=tskm0nitor.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[SysPilot]
Number=10444
Confirmed=U
Filename=fdxxl.exe
Description=G Data "PC Spion". PC monitoring and surveilling software, captures all users activity on the PC, see here. Disable/remove if you didn't install it yourself!
Source=Paul Collins Startup list
[sysPnP]
Number=10445
Confirmed=X
Filename=bootconf.exe
Description=Homepage hijacker, redirecting to coolwwwsearch.com; see for example here
Source=Paul Collins Startup list
[SysPnP]
Number=10446
Confirmed=X
Filename=rundll32 setupapi, InstallHinfSection.... oemsyspnp.inf
Description=Search hijacker - see here
Source=Paul Collins Startup list
[syspol]
Number=10447
Confirmed=X
Filename=syspol.exe
Description=Added by the DREMN-B TROJAN! Note - this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
Source=Paul Collins Startup list
[SysPool]
Number=10448
Confirmed=Y
Filename=Mssvc.exe
Description=StealthDisk - hides folders, files and applications. Will also encrypt them for better protection
Source=Paul Collins Startup list
[SysPool]
Number=10449
Confirmed=X
Filename=MSSVC32.EXE
Description=Added by the BANCBAN-IO TROJAN!
Source=Paul Collins Startup list
[SysProtect]
Number=10450
Confirmed=X
Filename=System.exe
Description=Added by the NETSPY TROJAN!
Source=Paul Collins Startup list
[SysProtect]
Number=10451
Confirmed=X
Filename=syp.exe
Description=SysProtect is detected as a "potentially unwanted program". It purports to be an system repair/maintenance application, but requires paid registration before any issues found can be fixed. Many of the "invalid" items found appear suspect. This has been reported to be distributed in wild via trojan Vundo. Other incarnations of this software exist with the same model and similar web presences (for example WinFixer). For more information see here
Source=Paul Collins Startup list
[syspw32.exe]
Number=10452
Confirmed=X
Filename=syspw32.exe
Description=Added by the APPFLET.A WORM!
Source=Paul Collins Startup list
[Sysqq]
Number=10453
Confirmed=X
Filename=LSESS.exe
Description=Added by the FORBOT-BF WORM!
Source=Paul Collins Startup list
[SysR]
Number=10454
Confirmed=X
Filename=sysmd.exe
Description=Ulubione adult content dialer
Source=Paul Collins Startup list
[SysReg]
Number=10455
Confirmed=X
Filename=SysReg.exe
Description=Added by the CHEKIN TROJAN!
Source=Paul Collins Startup list
[SysReg]
Number=10456
Confirmed=X
Filename=SysReg.exe
Description=SearchSeekFind textual marketing foistware
Source=Paul Collins Startup list
[Sysres]
Number=10457
Confirmed=X
Filename=Sysres.exe
Description=Added by the LOGMOD.A TROJAN!
Source=Paul Collins Startup list
[SysRes]
Number=10458
Confirmed=X
Filename=TASKMANAGER.exe
Description=Added by the ELIPTER.A or ELIPTER.B WORMS!
Source=Paul Collins Startup list
[SysRes]
Number=10459
Confirmed=X
Filename=WWE DIVAS.exe
Description=Added by the ELIPTER.D WORM!
Source=Paul Collins Startup list
[SysRes]
Number=10460
Confirmed=X
Filename=IExpIore .exe
Description=Added by the ELITPER.E WORM!
Source=Paul Collins Startup list
[Syss]
Number=10461
Confirmed=X
Filename=ehuupdate.exe
Description=EHU adware
Source=Paul Collins Startup list
[SysScan]
Number=10462
Confirmed=X
Filename=bvt.exe
Description=Added by the AUTOUPDER TROJAN!
Source=Paul Collins Startup list
[SysSearch]
Number=10463
Confirmed=X
Filename=Regedit.exe -s [path] pcsearch.reg
Description=Added by the StartPage-FN browser hijacker
Source=Paul Collins Startup list
[SysSearch]
Number=10464
Confirmed=X
Filename=REGEDIT.EXE -s [path] sysreg.reg
Description=Added by the STARTPA-ME TROJAN!
Source=Paul Collins Startup list
[SysSense]
Number=10465
Confirmed=U
Filename=SysSense.exe
Description="SysSense is your personal desktop Google AdSense monitor. It keeps your current Google AdSense information in the Windows system tray". Google AdSense account required
Source=Paul Collins Startup list
[sysser]
Number=10466
Confirmed=X
Filename=[path to file]
Description=Added by the RAHACK WORM!
Source=Paul Collins Startup list
[SysService]
Number=10467
Confirmed=X
Filename=SysService.exe
Description=Added by the DELF family of TROJANS!
Source=Paul Collins Startup list
[SysService]
Number=10468
Confirmed=U
Filename=SERVICES.EXE
Description=NSKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list
[SysService32]
Number=10469
Confirmed=X
Filename=SysService32.exe
Description=Added by the KINDAL VIRUS!
Source=Paul Collins Startup list
[SysService32]
Number=10470
Confirmed=X
Filename=ln32k.dll
Description=Added by the KINDAL VIRUS!
Source=Paul Collins Startup list
[SysService32l]
Number=10471
Confirmed=X
Filename=systask32l.exe
Description=Added by the THEUG WORM!
Source=Paul Collins Startup list
[SYSsfitb]
Number=10472
Confirmed=X
Filename=SYSsfitb.exe
Description=Searchforit browser hijacker
Source=Paul Collins Startup list
[SySSL]
Number=10473
Confirmed=X
Filename=sysl.exe
Description=Added by the RBOT-CKH WORM!
Source=Paul Collins Startup list
[SysStart]
Number=10474
Confirmed=X
Filename=***sysi6.exe [* = random char]
Description=ZenoSearch adware. Note - the most frequent filenames appear to be jdisysi6.exe, hjisysi6.exe, ffgsysi6.exe but there are others
Source=Paul Collins Startup list
[SysStart]
Number=10475
Confirmed=X
Filename=1.exe
Description=ZenoSearch adware
Source=Paul Collins Startup list
[SysStart]
Number=10476
Confirmed=X
Filename=[adware filename]
Description=ZenoSearch adware
Source=Paul Collins Startup list
[SysStrt]
Number=10477
Confirmed=X
Filename=systemc.exe
Description=Added by the AGOBOT-QA TROJAN!
Source=Paul Collins Startup list
[syst]
Number=10478
Confirmed=X
Filename=syst.exe
Description=Added by the DUMB.A "Joke" virus
Source=Paul Collins Startup list
[System]
Number=10479
Confirmed=X
Filename=run322.exe
Description=Added by the LANFILT TROJAN!
Source=Paul Collins Startup list
[System]
Number=10480
Confirmed=X
Filename=system.exe
Description=Added by various WORMS and TROJANS!
Source=Paul Collins Startup list
[system]
Number=10481
Confirmed=X
Filename=regedit -s system.dll
Description=Homepage hijacker
Source=Paul Collins Startup list
[system]
Number=10482
Confirmed=X
Filename=systemsearch.hta
Description=Jetseeker.com hijacker
Source=Paul Collins Startup list
[System]
Number=10483
Confirmed=X
Filename=dcomx.exe
Description=Added by the CIREBOT TROJAN!
Source=Paul Collins Startup list
[system]
Number=10484
Confirmed=X
Filename=Explorer.exe
Description=Added by the GRAYBIRD TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list
[System]
Number=10485
Confirmed=X
Filename=YPager.exe
Description=Added by the JUNTADOR.K TROJAN! Note - this is not Yahoo! Messenger
Source=Paul Collins Startup list
[system]
Number=10486
Confirmed=X
Filename=outlook.exe
Description=Added by the MIMAIL.Q WORM! Note that the valid MS Outlook executeable is located in the Program Files\Microsoft Office\Office directory wheras this one is found in the Windows or Winnt directory
Source=Paul Collins Startup list
[System]
Number=10487
Confirmed=X
Filename=Atira.exe
Description=Added by the KOTIRA VIRUS!
Source=Paul Collins Startup list
[SYSTEM]
Number=10488
Confirmed=X
Filename=lsas.exe
Description=Added by the SPYBOT.CJ WORM!
Source=Paul Collins Startup list
[System]
Number=10489
Confirmed=X
Filename=kernels32.exe
Description=Added by the DLOADER-FC TROJAN!
Source=Paul Collins Startup list
[System]
Number=10490
Confirmed=U
Filename=sysctrl.exe
Description=Added by WinGuardian. Note - this commercial keylogger is no longer made or sold by Webroot but older copies may still be in existance, those copies will be identified as spyware
Source=Paul Collins Startup list
[System]
Number=10491
Confirmed=X
Filename=csrss.exe
Description=Added by the LDPINCH.E TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[System]
Number=10492
Confirmed=X
Filename=svchost.exe
Description=Added by the LDPINCH-AU TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list
[system]
Number=10493
Confirmed=X
Filename=lsasse.exe
Description=Added by the RBOT-YL WORM!
Source=Paul Collins Startup list
[System]
Number=10494
Confirmed=X
Filename=systray.exe
Description=Added by the PISABOY-A TROJAN! Note - this is not the legitimate systray.exe process
Source=Paul Collins Startup list
[System]
Number=10495
Confirmed=X
Filename=abcdefg.exe
Description=Added by the HARWIG-B WORM!
Source=Paul Collins Startup list
[System]
Number=10496
Confirmed=X
Filename=cber.exe
Description=Added by an unidentified TROJAN!
Source=Paul Collins Startup list
[System]
Number=10497
Confirmed=X
Filename=serwin.exe
Description=Added by the LDPINCH-BN TROJAN!
Source=Paul Collins Startup list
[System]
Number=10498
Confirmed=X
Filename=svchîst.exe
Description=Added by the LDPINCH-BF TROJAN!
Source=Paul Collins Startup list
[System]
Number=10499
Confirmed=X
Filename=system.exe (74295303)
Description=Added by the IU WORM!
Source=Paul Collins Startup list
[System]
Number=10500
Confirmed=X
Filename=WINL0G0N.EXE
Description=Added by the BANCOS-DB TROJAN!
Source=Paul Collins Startup list
[System]
Number=10501
Confirmed=X
Filename=wumgrd32.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[System]
Number=10502
Confirmed=X
Filename=SPOOLSU.EXE
Description=Added by the BANKER-FC TROJAN!
Source=Paul Collins Startup list
[System]
Number=10503
Confirmed=X
Filename=system23.exe
Description=Added by the LEBREAT-D WORM!
Source=Paul Collins Startup list
[System]
Number=10504
Confirmed=X
Filename=windowsps.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[SYSTEM]
Number=10505
Confirmed=X
Filename=d.exe
Description=Added by the MYTOB.LP WORM!
Source=Paul Collins Startup list
[System]
Number=10506
Confirmed=X
Filename=inetinfo.exe
Description=Added by the PARDROP-A TROJAN!
Source=Paul Collins Startup list
[system]
Number=10507
Confirmed=X
Filename=services.exe
Description=Added by the DELF-LQ TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "HELP" subfolder of the Windows or Winnt folder
Source=Paul Collins Startup list
[SYSTEM]
Number=10508
Confirmed=X
Filename=VSSMON.exe
Description=Added by the RBOT-AWW TROJAN!
Source=Paul Collins Startup list
[SYSTEM]
Number=10509
Confirmed=X
Filename=wiinlogon.exe
Description=Added by the RBOT-AVG WORM!
Source=Paul Collins Startup list
[System]
Number=10510
Confirmed=X
Filename=kernels64.exe
Description=Added by the VIXUP-S TROJAN!
Source=Paul Collins Startup list
[system]
Number=10511
Confirmed=X
Filename=lsass.exe
Description=Added by the SATILOLER.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Program Files\Common Files\system folder
Source=Paul Collins Startup list
[System]
Number=10512
Confirmed=X
Filename=smss.exe
Description=Added by the AGENT.AEP TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
Source=Paul Collins Startup list
[System]
Number=10513
Confirmed=X
Filename=winupd.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[system]
Number=10514
Confirmed=X
Filename=messenger.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[System]
Number=10515
Confirmed=X
Filename=kernels1118.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[System]
Number=10516
Confirmed=X
Filename=wsscntfy.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[SYSTEM]
Number=10517
Confirmed=X
Filename=windmupdr.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[system]
Number=10518
Confirmed=X
Filename=svcr.exe
Description=Added by the SPYONE TROJAN!
Source=Paul Collins Startup list
[System]
Number=10519
Confirmed=X
Filename=kernels88.exe
Description=Added by the TIBS-PP TROJAN!
Source=Paul Collins Startup list
[System]
Number=10520
Confirmed=X
Filename=kernels8.exe
Description=Added by the TIBS.AI TROJAN!
Source=Paul Collins Startup list
[System]
Number=10521
Confirmed=X
Filename=OeApi.vbs
Description=Added by the AGUI WORM!
Source=Paul Collins Startup list
[System]
Number=10522
Confirmed=X
Filename=Updaterun.exe
Description=Added by the QQHELP-DX TROJAN!
Source=Paul Collins Startup list
[System]
Number=10523
Confirmed=X
Filename=Zap.exe
Description=Added by the MSNVB-D WORM!
Source=Paul Collins Startup list
[System 64 Driver for Games]
Number=10524
Confirmed=X
Filename=sys64dvr.exe
Description=Added by the SDBOT TROJAN!
Source=Paul Collins Startup list
[System Applications Profile]
Number=10525
Confirmed=X
Filename=sap.exe
Description=Added by the RBOT-QF WORM!
Source=Paul Collins Startup list
[System Backup]
Number=10526
Confirmed=X
Filename=msystem.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[System backup]
Number=10527
Confirmed=X
Filename=[random filename]
Description=Added by the ADMINCASH.B TROJAN! Note - multiple different file names have been spotted, examples: web.exe, soft.exe, msxmidi.exe, wmplayer.exe, as well as completely random ones such as 9a2de006.exe, 36c75e3c.exe and so on
Source=Paul Collins Startup list
[System Backup Services]
Number=10528
Confirmed=X
Filename=backups32.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[System Boot Check]
Number=10529
Confirmed=X
Filename=sysload3.exe
Description=Added by the FUBALCA WORM!
Source=Paul Collins Startup list
[System Buffer Application]
Number=10530
Confirmed=X
Filename=buffer32.exe
Description=Added by the SDBOT-UD WORM!
Source=Paul Collins Startup list
[System Cache]
Number=10531
Confirmed=X
Filename=SysCache.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[System Check]
Number=10532
Confirmed=U
Filename=Rundll32.exe SysDll32.dll, SystemCheck
Description=XPCSpy Pro keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list
[system check]
Number=10533
Confirmed=X
Filename=updater.exe
Description=Unidentified adware downloader
Source=Paul Collins Startup list
[System Check]
Number=10534
Confirmed=X
Filename=win_klr32.exe
Description=Added by the DELF-DRA WORM!
Source=Paul Collins Startup list
[System Checking]
Number=10535
Confirmed=X
Filename=wasul.exe
Description=Added by the RBOT.BHM WORM!
Source=Paul Collins Startup list
[System Config]
Number=10536
Confirmed=X
Filename=BF3.EXE
Description=Added by the SPYBOT-DT WORM!
Source=Paul Collins Startup list
[System Config Manager]
Number=10537
Confirmed=X
Filename=crss.exe
Description=Added by the AGOBOT.GH WORM!
Source=Paul Collins Startup list
[System Config Manager]
Number=10538
Confirmed=X
Filename=smssl.exe
Description=Added by the AGOBOT-ZJ WORM!
Source=Paul Collins Startup list
[System Configuration]
Number=10539
Confirmed=X
Filename=iexplore.exe
Description=Added by the RANDEX.AD WORM! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list
[System Configuration]
Number=10540
Confirmed=X
Filename=syscfg32.exe
Description=Added by the MYTOB.EA WORM!
Source=Paul Collins Startup list
[system configure]
Number=10541
Confirmed=X
Filename=svchost.exe
Description=Added by the LINEAGE-C TROJAN! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup!
Source=Paul Collins Startup list
[System CPL manager]
Number=10542
Confirmed=X
Filename=[random filename]
Description=Added by the RBOT-SR WORM!
Source=Paul Collins Startup list
[System CSRSS Patch]
Number=10543
Confirmed=X
Filename=scrtkfg.exe
Description=Added by the RBOT-ADA WORM!
Source=Paul Collins Startup list
[System Database administration]
Number=10544
Confirmed=X
Filename=systemDA.exe
Description=Added by the DERDERO.B WORM!
Source=Paul Collins Startup list
[System Database Administration Support Process]
Number=10545
Confirmed=X
Filename=sysdasp.exe
Description=Added by the DERDERO.C WORM!
Source=Paul Collins Startup list
[System Diagnostics]
Number=10546
Confirmed=X
Filename=sysdiag32.exe
Description=Added by the SDBOT.GEN TROJAN!
Source=Paul Collins Startup list
[System DLF]
Number=10547
Confirmed=N
Filename=cpqdiaga.exe
Description=Compaq Diagnostic record system utility which allow you to view information about your computer's hardware and software configuration. Available via Start -> Programs
Source=Paul Collins Startup list
[System DLL Resources]
Number=10548
Confirmed=U
Filename=sysdll.exe
Description=SnapKey is a surveillance software program that records all keyboard activities. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list
[System Document Application]
Number=10549
Confirmed=X
Filename=nmod.exe
Description=Added by the SDBOT-ABB WORM!
Source=Paul Collins Startup list
[System Document Application]
Number=10550
Confirmed=X
Filename=msdocument.exe
Description=Added by the RANDEX.COX WORM!
Source=Paul Collins Startup list
[System Document Application]
Number=10551
Confirmed=X
Filename=wins.exe
Description=Added by the SDBOT.AUB WORM!
Source=Paul Collins Startup list
[System Download Manager]
Number=10552
Confirmed=X
Filename=SysMgr.exe
Description=Added by the RBOT.CIG WORM!
Source=Paul Collins Startup list
[System driver]
Number=10553
Confirmed=X
Filename=Messenger.exe
Description=Added by the WOOTBOT.GI WORM!
Source=Paul Collins Startup list
[System Drivers]
Number=10554
Confirmed=X
Filename=wingmt.exe
Description=Added by the SDBOT-MG WORM!
Source=Paul Collins Startup list
[System Drivers]
Number=10555
Confirmed=X
Filename=cpsq32.exe
Description=Added by the SDBOT.AXH WORM!
Source=Paul Collins Startup list
[System Efficiency Monitor]
Number=10556
Confirmed=X
Filename=mscedit32.exe
Description=Added by the SDBOT.P TROJAN!
Source=Paul Collins Startup list
[System Efficiency Monitor]
Number=10557
Confirmed=X
Filename=mscommand.exe
Description=Added by the KWBOT.P WORM!
Source=Paul Collins Startup list
[System Efficiency Monitor]
Number=10558
Confirmed=X
Filename=msedit32.exe
Description=Added by the STEPH-B WORM!
Source=Paul Collins Startup list
[System Event Manager]
Number=10559
Confirmed=X
Filename=secsvc.exe
Description=Added by the RBOT.BMY WORM!
Source=Paul Collins Startup list
[System Executable DLL Library]
Number=10560
Confirmed=X
Filename=EXECDLL32.exe
Description=Added by the RANDEX.AZ WORM!
Source=Paul Collins Startup list
[System Failure Statistic]
Number=10561
Confirmed=X
Filename=cnstat.exe
Description=Added by the RBOT-LF WORM!
Source=Paul Collins Startup list
[System File Drivers]
Number=10562
Confirmed=X
Filename=nvsysvc32.exe
Description=Added by the AGOBOT.WJ WORM!
Source=Paul Collins Startup list
[system firewall]
Number=10563
Confirmed=X
Filename=makeini32.exe
Description=Added by the AGOBOT-PS WORM!
Source=Paul Collins Startup list
[System Firewalls]
Number=10564
Confirmed=X
Filename=commandprompt32.exe
Description=Added by the RBOT.BJT WORM!
Source=Paul Collins Startup list
[System Guard]
Number=10565
Confirmed=X
Filename=mhguard.exe
Description=Added by the RBOT-AGU WORM!
Source=Paul Collins Startup list
[System Handler]
Number=10566
Confirmed=X
Filename=LSASS.EXE
Description=Added by the NIMOS WORM! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
Source=Paul Collins Startup list
[system handler]
Number=10567
Confirmed=X
Filename=srvhandle.exe
Description=Added by the REDPLUT VIRUS!
Source=Paul Collins Startup list
[System Host Manager]
Number=10568
Confirmed=X
Filename=syshost.exe
Description=Added by the BANWORM-C WORM!
Source=Paul Collins Startup list
[System Host Service]
Number=10569
Confirmed=X
Filename=svchost.exe
Description=Added by the CONE.F WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "tasks" subfolder of the Winnt or Windows folder
Source=Paul Collins Startup list
[System Information Manager]
Number=10570
Confirmed=X
Filename=Navcpe.exe
Description=Added by the SDBOT-QB WORM!
Source=Paul Collins Startup list
[System Information Manager]
Number=10571
Confirmed=X
Filename=Msbb.exe
Description=Added by a variant of the BACKDOOR.IRC.BOT TROJAN!
Source=Paul Collins Startup list
[System Initialization]
Number=10572
Confirmed=X
Filename=msmsgri32.exe
Description=Added by the RANDEX.D WORM or ROXY or ROXY.B TROJANS!
Source=Paul Collins Startup list
[System Initialization]
Number=10573
Confirmed=X
Filename=payload.dat
Description=Added by the RANDEX.D WORM or ROXY or ROXY.B TROJANS!
Source=Paul Collins Startup list
[System Kernal Support]
Number=10574
Confirmed=X
Filename=system.exe
Description=Added by the SDBOT.BWV WORM!
Source=Paul Collins Startup list
[System Kernel]
Number=10575
Confirmed=X
Filename=lsass.exe
Description=Added by the VBBOT-G TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[System LifeGuard Scheduler]
Number=10576
Confirmed=U
Filename=Slsched.exe
Description=System LifeGuard scheduler
Source=Paul Collins Startup list
[System Log Event]
Number=10577
Confirmed=X
Filename=csrss32.exe
Description=Added by the AGOBOT-JI WORM!
Source=Paul Collins Startup list
[System Management Service]
Number=10578
Confirmed=X
Filename=smsc.exe
Description=Added by the RBOT-ANN WORM!
Source=Paul Collins Startup list
[System Manager]
Number=10579
Confirmed=X
Filename=svchost.exe
Description=Added by the BANKER-AE TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list
[system manager]
Number=10580
Confirmed=X
Filename=System.exe
Description=Added by the FORBOT-BO WORM!
Source=Paul Collins Startup list
[System Manager]
Number=10581
Confirmed=X
Filename=winsrv32.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[System Manager]
Number=10582
Confirmed=X
Filename=sysmng.exe
Description=Added by the TAME-C WORM!
Source=Paul Collins Startup list
[System Manager Updates]
Number=10583
Confirmed=X
Filename=winsvc.exe
Description=Added by the AGOBOT.AEM WORM!
Source=Paul Collins Startup list
[System Mechanic Popup Blocker]
Number=10584
Confirmed=U
Filename=PopupBlocker.exe
Description=Popup blocker part of Iolo System Mechanic utility suite
Source=Paul Collins Startup list
[System Mechanic Popup Stopper]
Number=10585
Confirmed=U
Filename=Popupstopper.exe
Description=Popup stopper part of Iolo System Mechanic utility suite
Source=Paul Collins Startup list
[System Mechanic Professional Update [Incinerator.dll]]
Number=10586
Confirmed=N
Filename=SysMech4.exe /REREG: [path] Incinerator.dll
Description=Iolo System Mechanic "Incinerator" feature securely deletes files and folders from your PC so they can never be recovered again
Source=Paul Collins Startup list
[SYSTEM MESSAGER]
Number=10587
Confirmed=X
Filename=wmisg.exe
Description=Added by the MYTOB.ES WORM!
Source=Paul Collins Startup list
[System Messaging Queue]
Number=10588
Confirmed=X
Filename=SMCSS.EXE
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[System Messenger]
Number=10589
Confirmed=X
Filename=SYSMSG32.EXE
Description=Added by the SPYBOT-DK WORM!
Source=Paul Collins Startup list
[System Monitor]
Number=10590
Confirmed=U
Filename=SYSMON.EXE
Description=Comes with some Aopen motherboards. Monitors CPU temp, voltage and fan speed. Warns if any become abnormal
Source=Paul Collins Startup list
[System Monitor]
Number=10591
Confirmed=X
Filename=Sysmon16.exe
Description=Added by the SDBOT TROJAN!
Source=Paul Collins Startup list
[System MScvb]
Number=10592
Confirmed=X
Filename=mscvb32.exe
Description=Added by the SOBIG.C WORM!
Source=Paul Collins Startup list
[System Net]
Number=10593
Confirmed=X
Filename=sys32.exe
Description=Added by the FORBOT-FX WORM!
Source=Paul Collins Startup list
[System Net Database]
Number=10594
Confirmed=X
Filename=sysnd.exe
Description=Added by the RBOT-AAW WORM!
Source=Paul Collins Startup list
[System Networking]
Number=10595
Confirmed=X
Filename=sysnet.exe
Description=Added by the RBOT.API WORM!
Source=Paul Collins Startup list
[System Power Managment]
Number=10596
Confirmed=X
Filename=svcnost.exe
Description=Added by the DREF-I WORM!
Source=Paul Collins Startup list
[System Process]
Number=10597
Confirmed=X
Filename=csrss.exe
Description=Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[System Process]
Number=10598
Confirmed=X
Filename=lsass.exe
Description=Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[System Process]
Number=10599
Confirmed=X
Filename=svchost.exe
Description=Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list
[System Process]
Number=10600
Confirmed=X
Filename=CSRSR.exe
Description=Added by the AGOBOT-SQ WORM!
Source=Paul Collins Startup list
[System Profile]
Number=10601
Confirmed=X
Filename=Regsrv.exe
Description=Added by a variant of the OPTIX TROJAN!
Source=Paul Collins Startup list
[System Reboot]
Number=10602
Confirmed=X
Filename=rebootsys.exe
Description=Added by the RBOT-WU WORM!
Source=Paul Collins Startup list
[System Redirect]
Number=10603
Confirmed=X
Filename=sysbho.exe
Description=Downloader trojan, "Melkosoft" adware related
Source=Paul Collins Startup list
[System Restore]
Number=10604
Confirmed=X
Filename=svcnet.exe
Description=Added by the TIBICK WORM!
Source=Paul Collins Startup list
[System Restore Data]
Number=10605
Confirmed=X
Filename=[path] repcale.exe [path] beird.exe
Description=Added by the RANDON.AN WORM!
Source=Paul Collins Startup list
[System Service]
Number=10606
Confirmed=X
Filename=MSREXE.EXE
Description=Added by the AML TROJAN!
Source=Paul Collins Startup list
[system service]
Number=10607
Confirmed=X
Filename=spoolcrv.cpl
Description=Added by the INSPIR.11 TROJAN!
Source=Paul Collins Startup list
[System Service]
Number=10608
Confirmed=X
Filename=systems.exe
Description=Added by the AGOBOT.VZ WORM!
Source=Paul Collins Startup list
[System Service]
Number=10609
Confirmed=X
Filename=coderxt.exe
Description=Added by the RBOT-ALD WORM!
Source=Paul Collins Startup list
[System Service]
Number=10610
Confirmed=X
Filename=exp0lrer.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[System Service]
Number=10611
Confirmed=X
Filename=servicent.exe
Description=Added by the RBOT-AJI WORM!
Source=Paul Collins Startup list
[System service]
Number=10612
Confirmed=X
Filename=system.exe
Description=Added by the BANCOS.AA TROJAN!
Source=Paul Collins Startup list
[System Service]
Number=10613
Confirmed=X
Filename=msnwindows.exe
Description=Added by the SPYBOT.YCL WORM!
Source=Paul Collins Startup list
[System Service]
Number=10614
Confirmed=X
Filename=servicez.exe
Description=Added by the RBOT-AOY WORM!
Source=Paul Collins Startup list
[System Service]
Number=10615
Confirmed=X
Filename=msnxpexe.exe
Description=Added by the RBOT-AUA WORM!
Source=Paul Collins Startup list
[System Service]
Number=10616
Confirmed=X
Filename=teskmangr.exe
Description=Added by the RBOT-AUV WORM!
Source=Paul Collins Startup list
[System Service]
Number=10617
Confirmed=X
Filename=backup.exe
Description=Added by the PACKBOT.AA WORM!
Source=Paul Collins Startup list
[System Service]
Number=10618
Confirmed=X
Filename=serious.exe
Description=Added by the RBOT-FMV WORM! Note - deactivates the Microsoft Internet Connection Firewall (ICF)
Source=Paul Collins Startup list
[SYSTEM service helper]
Number=10619
Confirmed=X
Filename=svchelper.exe
Description=Added by the MONKBD-A WORM!
Source=Paul Collins Startup list
[SYSTEM service helper]
Number=10620
Confirmed=X
Filename=syshelp.exe
Description=Added by a variant of the MONKBD-A WORM!
Source=Paul Collins Startup list
[System service**]
Number=10621
Confirmed=X
Filename=pokapoka**.exe
Description=EliteBar adware - where ** represents the numbers 61 to 79
Source=Paul Collins Startup list
[System service62]
Number=10622
Confirmed=X
Filename=System service62
Description=pokapoka62.exe
Source=Paul Collins Startup list
[System service78]
Number=10623
Confirmed=X
Filename=[path to file]
Description=Added by the ELITEBAR-T and ELITEBAR-U TROJANS!
Source=Paul Collins Startup list
[System service79]
Number=10624
Confirmed=X
Filename=[path to file]
Description=Added by the ELITEBAR-V TROJAN!
Source=Paul Collins Startup list
[System Services]
Number=10625
Confirmed=X
Filename=[random file name]
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[System Services]
Number=10626
Confirmed=X
Filename=connection.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[System Services]
Number=10627
Confirmed=X
Filename=svcsenes.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[System Services]
Number=10628
Confirmed=X
Filename=svcsenes32a.exe
Description=Added by the RBOT-AFG WORM!
Source=Paul Collins Startup list
[System Services]
Number=10629
Confirmed=X
Filename=ssms.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[System Session Manager]
Number=10630
Confirmed=X
Filename=smss.exe
Description=Added by the KALEL-E WORM! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[System settings]
Number=10631
Confirmed=X
Filename=burndl32.exe
Description=Added by the SDBOT-ZO WORM!
Source=Paul Collins Startup list
[System Setup]
Number=10632
Confirmed=X
Filename=rpcxcmod.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[System Soap Pro]
Number=10633
Confirmed=X
Filename=soap.exe
Description=System Soap Pro internet cleaning software. Bundles foistware like Httper and Zipclix - best avoided
Source=Paul Collins Startup list
[system spool]
Number=10634
Confirmed=X
Filename=syspools.exe
Description=Added by the DREF-T WORM/VIRUS!
Source=Paul Collins Startup list
[System startup]
Number=10635
Confirmed=U
Filename=charmapx.exe
Description=Only required if using an oriental language
Source=Paul Collins Startup list
[System Startup]
Number=10636
Confirmed=X
Filename=Voltio.exe
Description=Added by the RBOT.NJ WORM!
Source=Paul Collins Startup list
[System Startup]
Number=10637
Confirmed=X
Filename=kimochi.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[System Startup Manager]
Number=10638
Confirmed=X
Filename=smcss.exe
Description=Added by the RBOT.AMD WORM!
Source=Paul Collins Startup list
[System Stats]
Number=10639
Confirmed=X
Filename=SystemStats.exe
Description=Added by a variant of the WOOTBOT WORM!
Source=Paul Collins Startup list
[System Support]
Number=10640
Confirmed=X
Filename=syscfg.exe
Description=Added by the RBOT-AGQ WORM!
Source=Paul Collins Startup list
[System Support]
Number=10641
Confirmed=X
Filename=system32.exe
Description=Added by the RBOT-AHA WORM!
Source=Paul Collins Startup list
[System Support]
Number=10642
Confirmed=X
Filename=syssql.exe
Description=Added by the RBOT-AUH WORM!
Source=Paul Collins Startup list
[System Support]
Number=10643
Confirmed=X
Filename=torrent.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[System Terminal]
Number=10644
Confirmed=X
Filename=SYSTEM2.EXE
Description=Added by the SPYBOT-BZ TROJAN!
Source=Paul Collins Startup list
[System time updator]
Number=10645
Confirmed=X
Filename=CSysTime.exe
Description=Added by the RANDEX.S WORM!
Source=Paul Collins Startup list
[System Toolkit]
Number=10646
Confirmed=X
Filename=Systools.exe
Description=Added by the RONOPER-G WORM!
Source=Paul Collins Startup list
[System Tray]
Number=10647
Confirmed=X
Filename=msccn32.exe
Description=Added by the SOBIG.B WORM! Warning - spreading via infected E-mail attachments with the sender address faked as support@microsoft.com! Note - this is not the legitimate systray.exe process
Source=Paul Collins Startup list
[System Tray]
Number=10648
Confirmed=X
Filename=systray.exe
Description=Added by the FAN-A WORM!
Source=Paul Collins Startup list
[System Tray Services]
Number=10649
Confirmed=X
Filename=spooles32.exe
Description=Added by the AGOBOT.ZH WORM!
Source=Paul Collins Startup list
[System Tray32]
Number=10650
Confirmed=X
Filename=SysTray32.exe
Description=Added by the REPAD WORM!
Source=Paul Collins Startup list
[System Unix]
Number=10651
Confirmed=X
Filename=syscfg32.exe
Description=Added by the RBOT-ZD WORM!
Source=Paul Collins Startup list
[system updata]
Number=10652
Confirmed=X
Filename=updata.exe
Description=Added by the LINEAGE-C TROJAN!
Source=Paul Collins Startup list
[System Update]
Number=10653
Confirmed=X
Filename=[filename].exe
Description=CoolWebSearch parasite variant
Source=Paul Collins Startup list
[System Update]
Number=10654
Confirmed=X
Filename=[random filename]
Description=Added by the KORGO.W or KORGO.X WORMS!
Source=Paul Collins Startup list
[System Update]
Number=10655
Confirmed=X
Filename=wupdmgr.exe
Description=Added by the SOROMO-A TROJAN!
Source=Paul Collins Startup list
[System Update]
Number=10656
Confirmed=X
Filename=[random filename]
Description=Added by the SOROMO-A TROJAN!
Source=Paul Collins Startup list
[System Update]
Number=10657
Confirmed=X
Filename=wauluclt.exe
Description=Added by the SDBOT.EF WORM!
Source=Paul Collins Startup list
[System Update]
Number=10658
Confirmed=X
Filename=[path to trojan]
Description=Added by the AUTOTROJ-D TROJAN!
Source=Paul Collins Startup list
[System Update]
Number=10659
Confirmed=X
Filename=mssetupconf.exe
Description=Added by the RBOT.DLC WORM!
Source=Paul Collins Startup list
[System Update Application]
Number=10660
Confirmed=Y
Filename=msbuffer.exe
Description=Added by the SDBOT.AFF WORM!
Source=Paul Collins Startup list
[System Update Service]
Number=10661
Confirmed=X
Filename=wmiprvsa.exe
Description=Added by the AGOBOT-RG TROJAN!
Source=Paul Collins Startup list
[System Update Service]
Number=10662
Confirmed=X
Filename=winupd32.exe
Description=Added by the ADTODA-A TROJAN!
Source=Paul Collins Startup list
[System Update Service]
Number=10663
Confirmed=X
Filename=system.pif
Description=Added by the RBOT-ALL WORM!
Source=Paul Collins Startup list
[System Update Service]
Number=10664
Confirmed=X
Filename=update.pif
Description=Added by the SPYBOT.WOE WORM!
Source=Paul Collins Startup list
[System Update2]
Number=10665
Confirmed=X
Filename=explorer.exe
Description=Added by the AUTOTROJ-C TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list
[System Update2]
Number=10666
Confirmed=X
Filename=services.exe
Description=Added by the AUTOTROJ-C TROJAN!Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
Source=Paul Collins Startup list
[System Update2]
Number=10667
Confirmed=X
Filename=svchost.exe
Description=Added by the AUTOTROJ-C TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[System Update2]
Number=10668
Confirmed=X
Filename=system.exe
Description=Added by the AUTOTROJ-C TROJAN!
Source=Paul Collins Startup list
[System Update2]
Number=10669
Confirmed=X
Filename=taskman.exe
Description=Added by the AUTOTROJ-C TROJAN!
Source=Paul Collins Startup list
[System Update2]
Number=10670
Confirmed=X
Filename=taskmon.exe
Description=Added by the AUTOTROJ-C TROJAN!
Source=Paul Collins Startup list
[System Update2]
Number=10671
Confirmed=X
Filename=update.exe
Description=Added by the AUTOTROJ-C TROJAN!
Source=Paul Collins Startup list
[System Update2]
Number=10672
Confirmed=X
Filename=webcheck.exe
Description=Added by the AUTOTROJ-C TROJAN!
Source=Paul Collins Startup list
[System Update2]
Number=10673
Confirmed=X
Filename=wininet.exe
Description=Added by the AUTOTROJ-C TROJAN!
Source=Paul Collins Startup list
[System Update2]
Number=10674
Confirmed=X
Filename=winlogon.exe
Description=Added by the AUTOTROJ-C TROJAN! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[System Update2]
Number=10675
Confirmed=X
Filename=winspool.exe
Description=Added by the AUTOTROJ-C TROJAN!
Source=Paul Collins Startup list
[System Update2]
Number=10676
Confirmed=X
Filename=wupdmgr.exe
Description=Added by the AUTOTROJ-C TROJAN!
Source=Paul Collins Startup list
[System Updater Service]
Number=10677
Confirmed=X
Filename=wmiprvsw.exe
Description=Added by the GAOBOT.AFC WORM!
Source=Paul Collins Startup list
[System Updates]
Number=10678
Confirmed=X
Filename=winsci.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[System Updates]
Number=10679
Confirmed=X
Filename=szwi.exe
Description=Added by the RBOT-AXE WORM!
Source=Paul Collins Startup list
[System Updates]
Number=10680
Confirmed=U
Filename=unve.exe
Description=Added by the RBOT-AWG TROJAN!
Source=Paul Collins Startup list
[System Updates]
Number=10681
Confirmed=X
Filename=wmkl.exe
Description=Added by the RBOT-AYJ WORM!
Source=Paul Collins Startup list
[System Updates 4]
Number=10682
Confirmed=X
Filename=mssysfix.exe
Description=Added by the RBOT-ADU WORM!
Source=Paul Collins Startup list
[System Updates Manager]
Number=10683
Confirmed=X
Filename=winserv32.exe
Description=Added by the AGOBOT-AGA WORM!
Source=Paul Collins Startup list
[System Updates Service]
Number=10684
Confirmed=X
Filename=updates.pif
Description=Added by the RBOT-AMA WORM!
Source=Paul Collins Startup list
[System Uptime Server]
Number=10685
Confirmed=X
Filename=SYSENTRY.EXE
Description=Added by the RBOT.LK WORM!
Source=Paul Collins Startup list
[System Uptime Server]
Number=10686
Confirmed=X
Filename=SYSENTRY32.EXE
Description=Added by the RBOT.LK WORM!
Source=Paul Collins Startup list
[system xp]
Number=10687
Confirmed=X
Filename=acdsee demo.exe
Description=Added by the SALGA.A WORM!
Source=Paul Collins Startup list
[System-Config]
Number=10688
Confirmed=X
Filename=msptmf32.com
Description=Added by the LIOTEN.FA WORM!
Source=Paul Collins Startup list
[System-Service]
Number=10689
Confirmed=X
Filename=EXPLORER.SCR
Description=Added by the BENJAMIN.A WORM! KaZaA file-sharing users beware!
Source=Paul Collins Startup list
[System-Stat]
Number=10690
Confirmed=X
Filename=systats.exe
Description=Added by the SDBOT.RA WORM!
Source=Paul Collins Startup list
[system.]
Number=10691
Confirmed=X
Filename=system..exe
Description=Added by the OPTIXPRO.13.C TROJAN!
Source=Paul Collins Startup list
[system...]
Number=10692
Confirmed=X
Filename=system...exe
Description=Added by the OPTIXPRO.13.C TROJAN!
Source=Paul Collins Startup list
[System.exe]
Number=10693
Confirmed=X
Filename=System.exe
Description=Added by various WORMS and TROJANS!
Source=Paul Collins Startup list
[System132]
Number=10694
Confirmed=X
Filename=Csrtss.exe
Description=Added by the LANFILT-I TROJAN!
Source=Paul Collins Startup list
[system23]
Number=10695
Confirmed=X
Filename=notPad.exe
Description=Added by the ESTEEMS.D TROJAN!
Source=Paul Collins Startup list
[System32]
Number=10696
Confirmed=X
Filename=system.exe
Description=Added by the BUSHTRO122 TROJAN!
Source=Paul Collins Startup list
[System32]
Number=10697
Confirmed=X
Filename=System32.exe
Description=Added by any number of WORMS or TROJANS!
Source=Paul Collins Startup list
[System32]
Number=10698
Confirmed=U
Filename=sysdiag.exe
Description=SpyAgent surveillance software. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list
[System32]
Number=10699
Confirmed=X
Filename=system32,1.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[system32]
Number=10700
Confirmed=X
Filename=NeT-BoT.exe
Description=Added by the AGOBOT-LJ WORM!
Source=Paul Collins Startup list
[System32]
Number=10701
Confirmed=X
Filename=lsasss.exe
Description=Added by the RBOT-XW WORM!
Source=Paul Collins Startup list
[System32]
Number=10702
Confirmed=X
Filename=crsvvc.exe
Description=Added by the RBOT.BLY WORM!
Source=Paul Collins Startup list
[system32]
Number=10703
Confirmed=X
Filename=QQGame.exe
Description=Added by the QQPASS-AC TROJAN!
Source=Paul Collins Startup list
[System32]
Number=10704
Confirmed=X
Filename=[worm filename]
Description=Added by the NAUTICAL-A TROJAN!
Source=Paul Collins Startup list
[System32 PCI Manager]
Number=10705
Confirmed=X
Filename=syspci32.exe
Description=Added by the RBOT-AFR WORM!
Source=Paul Collins Startup list
[System32 PCI Manager]
Number=10706
Confirmed=X
Filename=syspci32.exe
Description=Added by the RBOT-AFR WORM!
Source=Paul Collins Startup list
[System32 TCP Manager]
Number=10707
Confirmed=X
Filename=systcpm.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[System32 TCP Manager]
Number=10708
Confirmed=X
Filename=systerm.exe
Description=Added by the RBOT.AFD WORM!
Source=Paul Collins Startup list
[System32 Temp Service]
Number=10709
Confirmed=X
Filename=systmp.exe
Description=Added by the RBOT-AET WORM!
Source=Paul Collins Startup list
[system32.dll]
Number=10710
Confirmed=X
Filename=systeminit.exe
Description=CoolWebSearch parasite variant - re-directing to your-search.info
Source=Paul Collins Startup list
[system32.dll]
Number=10711
Confirmed=X
Filename=sysdll32.exe
Description=CoolWebSearch parasite variant. Redirecting to wholeworldmarket.com, most likely other domains as well
Source=Paul Collins Startup list
[system32.exe]
Number=10712
Confirmed=X
Filename=services32.exe
Description=Added by a variant of the BACKDOOR.IRC.BOT TROJAN!
Source=Paul Collins Startup list
[system32.exe]
Number=10713
Confirmed=X
Filename=system32.exe
Description=Added by the GRAYBIRD.P TROJAN!
Source=Paul Collins Startup list
[System32Check]
Number=10714
Confirmed=X
Filename=[random].exe
Description=Added by the CHAST-A TROJAN!
Source=Paul Collins Startup list
[System32Dll]
Number=10715
Confirmed=X
Filename=DLL32SYS.EXE
Description=Added by the SPYBOT-CZ WORM!
Source=Paul Collins Startup list
[System32Ex]
Number=10716
Confirmed=X
Filename=System32Ex.exe
Description=Added by the IRCCONTACT TROJAN!
Source=Paul Collins Startup list
[System32kfvwĆ]
Number=10717
Confirmed=U
Filename=sysdiag.exe
Description=SpyAgent surveillance software. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list
[System33]
Number=10718
Confirmed=X
Filename=FB_PNU.EXE
Description=Added by the NICHELLO-A WORM!
Source=Paul Collins Startup list
[system34.exe]
Number=10719
Confirmed=X
Filename=system34.exe
Description=Added by the DWNLDR-FXY TROJAN!
Source=Paul Collins Startup list
[System4224411]
Number=10720
Confirmed=X
Filename=Virus
Description=Added by the CAGER.A WORM!
Source=Paul Collins Startup list
[System4224411]
Number=10721
Confirmed=X
Filename=Systemdll.exe
Description=Added by the YUSUFALI-B WORM!
Source=Paul Collins Startup list
[system43.exe]
Number=10722
Confirmed=X
Filename=system43.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[System64]
Number=10723
Confirmed=X
Filename=inet.exe
Description=Added by the DENGLE-A TROJAN!
Source=Paul Collins Startup list
[SystemAdministration]
Number=10724
Confirmed=X
Filename=Wincmp32.exe
Description=Added by the ASYLUM TROJAN!
Source=Paul Collins Startup list
[SystemAgent]
Number=10725
Confirmed=U
Filename=Sage.exe
Description="Microsoft Plus! System Agent automatically tunes your system, performing tasks such as disk optimization and error correction. It can also run any application at prescheduled times"
Source=Paul Collins Startup list
[SystemB]
Number=10726
Confirmed=X
Filename=MessengerStopper.exe
Description=MessStopper adware
Source=Paul Collins Startup list
[SystemBackup]
Number=10727
Confirmed=X
Filename=mtx.exe
Description=Added by the MTX VIRUS/WORM!
Source=Paul Collins Startup list
[SystemBackup]
Number=10728
Confirmed=X
Filename=MicroLog.exe
Description=Added by the MICROLOG.A TROJAN!
Source=Paul Collins Startup list
[SystemBoot]
Number=10729
Confirmed=?
Filename=ladies.htm
Description=Unknown but sounds very suspicious??
Source=Paul Collins Startup list
[SystemBoot]
Number=10730
Confirmed=X
Filename=Mshta.exe ...filename.hta
Description=Adult content dialler
Source=Paul Collins Startup list
[Systemboot]
Number=10731
Confirmed=X
Filename=msnsngr.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[SystemCheck]
Number=10732
Confirmed=X
Filename=Systemcheck.exe
Description=Added by the LAVITS WORM!
Source=Paul Collins Startup list
[SystemCheck]
Number=10733
Confirmed=X
Filename=services.exe
Description=Added by the SOBER-M WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Config\system subfolder of the Windows or Winnt folder
Source=Paul Collins Startup list
[SystemCheck]
Number=10734
Confirmed=X
Filename=svchost.exe
Description=Added by the DELF-KR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a C:\DriverLoad folder
Source=Paul Collins Startup list
[SystemCheck]
Number=10735
Confirmed=X
Filename=SysCheckBop32.exe
Description=WINBO adware
Source=Paul Collins Startup list
[SystemChecker]
Number=10736
Confirmed=X
Filename=Syschk.exe
Description=Added by the GALIL.F WORM!
Source=Paul Collins Startup list
[SystemCONF98i]
Number=10737
Confirmed=X
Filename=SystemCONF98i.exe
Description=Added by the GLITCH TROJAN!
Source=Paul Collins Startup list
[SystemDebug]
Number=10738
Confirmed=X
Filename=Sysdeb32.exe
Description=Added by the SYSBUG TROJAN!
Source=Paul Collins Startup list
[SystemDll]
Number=10739
Confirmed=X
Filename=SystemDll.exe
Description=Added by the LOXOSCAM TROJAN!
Source=Paul Collins Startup list
[systemdll32.exe]
Number=10740
Confirmed=X
Filename=systemdll32.exe
Description=Added by the FEUTEL-F TROJAN!
Source=Paul Collins Startup list
[SystemDoctor 2006 Free]
Number=10741
Confirmed=N
Filename=sd2006.exe
Description=SystemDoctor is a Security Risk that may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported threats
Source=Paul Collins Startup list
[SystemDriver]
Number=10742
Confirmed=X
Filename=csrss.exe
Description=Added by the ASCETIC.B TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a \addins\explorer subfolder of the Winnt or Windows folder
Source=Paul Collins Startup list
[SystemDriverCheck]
Number=10743
Confirmed=X
Filename=svchost.exe
Description=Added by the DELF-KR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a C:\DriverLoad folder
Source=Paul Collins Startup list
[SystemDriverLoad]
Number=10744
Confirmed=X
Filename=svchost.exe
Description=Added by the DELF-KR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a C:\DriverLoad folder
Source=Paul Collins Startup list
[systemdrv]
Number=10745
Confirmed=X
Filename=ms32sys.exe
Description=Added by an unidentified WORM or TROJAN - most likely GAOBOT variant
Source=Paul Collins Startup list
[SystemEmergency]
Number=10746
Confirmed=X
Filename=[various filenames]
Description=CoolWebSearch Smartsearch parasite variant
Source=Paul Collins Startup list
[SystemExplorer]
Number=10747
Confirmed=X
Filename=explore.exe
Description=Homepage hijacker - file located in the "Services" folder in Common Files
Source=Paul Collins Startup list
[SystemFile]
Number=10748
Confirmed=X
Filename=SystemFile.exe
Description=Added by the DULLDOOR-A TROJAN!
Source=Paul Collins Startup list
[SystemFTP]
Number=10749
Confirmed=X
Filename=VSENMB.exe
Description=Malware (ie, malicious software). Also changes the system.ini Shell line to read Shell=Explorer.exe VSENMB.exe, and it hacks the Winstart.bat as well
Source=Paul Collins Startup list
[SystemGent]
Number=10750
Confirmed=X
Filename=CVT.exe
Description=Added by the BRONTOK-H WORM!
Source=Paul Collins Startup list
[SystemGuardAlerter]
Number=10751
Confirmed=?
Filename=SystemGuardAlerter.exe
Description=Part of the Iolo System Mechanic maintenance software. What does it do?
Source=Paul Collins Startup list
[SystemInit]
Number=10752
Confirmed=X
Filename=iservc.exe
Description=Added by the FIZZER WORM!
Source=Paul Collins Startup list
[Systemiom Updater]
Number=10753
Confirmed=X
Filename=Systemiom.exe
Description=Added by the SPYBOT.TY WORM!
Source=Paul Collins Startup list
[SystemKey]
Number=10754
Confirmed=U
Filename=rundll32.exe [path] SystemKey.dll rdl
Description=Stealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list
[SystemLoad32]
Number=10755
Confirmed=X
Filename=sysload32.exe
Description=Added by the MIMAIL.E WORM!
Source=Paul Collins Startup list
[SystemManager]
Number=10756
Confirmed=X
Filename=Sysman32.exe
Description=Added by the DOWNLOADER-BW.B TROJAN!
Source=Paul Collins Startup list
[SystemMap32]
Number=10757
Confirmed=X
Filename=Netisp32.vbs
Description=Added by the REDIST.C WORM!
Source=Paul Collins Startup list
[SystemMD]
Number=10758
Confirmed=X
Filename=md.exe
Description=Homepage hijacker
Source=Paul Collins Startup list
[SystemMgr]
Number=10759
Confirmed=X
Filename=Ir32_a.exe
Description=Added by the MAGANIA-OU TROJAN!
Source=Paul Collins Startup list
[SystemMonitor]
Number=10760
Confirmed=X
Filename=Sysmon32.exe
Description=Added by the AIDID.A WORM!
Source=Paul Collins Startup list
[SystemNetwork]
Number=10761
Confirmed=X
Filename=NETSERV.EXE
Description=Added by the NETCONTROL VIRUS!
Source=Paul Collins Startup list
[SystemNetwork]
Number=10762
Confirmed=X
Filename=sysnet.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[SystemNT]
Number=10763
Confirmed=X
Filename=SystemNT.exe
Description=Added by the PWSVB-EG TROJAN!
Source=Paul Collins Startup list
[SystemProcEvent]
Number=10764
Confirmed=X
Filename=csrwnd.exe
Description=Added by the IRCBOT.I TROJAN!
Source=Paul Collins Startup list
[systemr]
Number=10765
Confirmed=X
Filename=d11host.exe
Description=Added by the GX TROJAN!
Source=Paul Collins Startup list
[systemr]
Number=10766
Confirmed=X
Filename=gedit.exe
Description=Added by the ADCLICK-AQ TROJAN!
Source=Paul Collins Startup list
[SystemReg]
Number=10767
Confirmed=?
Filename=PROCES.EXE
Description=??
Source=Paul Collins Startup list
[SystemReg]
Number=10768
Confirmed=X
Filename=svchost.exe
Description=Added by the DEWIN.E TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list
[SystemReg]
Number=10769
Confirmed=X
Filename=WINREG.EXE
Description=Added by the DEWIN.A TROJAN!
Source=Paul Collins Startup list
[Systems]
Number=10770
Confirmed=X
Filename=scchost.exe
Description=Added by the DAEMOZ.A TROJAN!
Source=Paul Collins Startup list
[Systems]
Number=10771
Confirmed=X
Filename=svch0st.exe
Description=Added by the MYDOOM.BI WORM!
Source=Paul Collins Startup list
[Systems]
Number=10772
Confirmed=X
Filename=Systems.exe
Description=Added by the BANKBOA-A TROJAN!
Source=Paul Collins Startup list
[Systems]
Number=10773
Confirmed=X
Filename=itDDD.exe
Description=Added by the DLOADER-PP TROJAN!
Source=Paul Collins Startup list
[Systems]
Number=10774
Confirmed=X
Filename=sescmgr.exe
Description=Added by the DWNLDR-GAH TROJAN!
Source=Paul Collins Startup list
[Systems]
Number=10775
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the DLOADR-SW TROJAN!
Source=Paul Collins Startup list
[Systems]
Number=10776
Confirmed=X
Filename=sysmon.exe
Description=Added by the VIXUP-BI WORM!
Source=Paul Collins Startup list
[Systems Backups]
Number=10777
Confirmed=X
Filename=windrives.exe
Description=Added by the AGOBOT-RB WORM!
Source=Paul Collins Startup list
[Systems Restart]
Number=10778
Confirmed=X
Filename=slchost.exe
Description=Added by the MULTIDROP.C TROJAN!
Source=Paul Collins Startup list
[Systems Restart]
Number=10779
Confirmed=X
Filename=spchost.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Systems Restart]
Number=10780
Confirmed=X
Filename=Rundll32.exe beem.dll, DllRegisterServer
Description=Browser hijacker - the file serves to register a dll implemented as a browser plugin
Source=Paul Collins Startup list
[Systems Restart]
Number=10781
Confirmed=X
Filename=Rundll32.exe snim.dll, DllRegisterServer
Description=Added by the Startpage.I hijacker
Source=Paul Collins Startup list
[Systems Restart]
Number=10782
Confirmed=X
Filename=Rundll32.exe zolk.dll, DllRegisterServer
Description=Added by a variant of the STARTPAGE.J TROJAN!
Source=Paul Collins Startup list
[Systems.exe]
Number=10783
Confirmed=U
Filename=Systems.exe
Description=Keyboard Spectator - monitoring software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it
Source=Paul Collins Startup list
[systems.exe]
Number=10784
Confirmed=U
Filename=systems.exe
Description=KGBSpy is a commercial surveillance software program. It logs keystrokes, Web sites visited, and clipboard activity. It also has a screen capture logger and can be run automatically in a silent, undetectable mode
Source=Paul Collins Startup list
[SystemSafe]
Number=10785
Confirmed=U
Filename=Syssafe.exe
Description=System Safety Monitor - system monitoring tool with additional application firewalling
Source=Paul Collins Startup list
[SYSTEMSars32]
Number=10786
Confirmed=X
Filename=csrss.exe
Description=Added by the AHLEM.A WORM! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[SystemSAS]
Number=10787
Confirmed=X
Filename=System32.exe
Description=Added by the KWBOT.C WORM!
Source=Paul Collins Startup list
[systemscroot]
Number=10788
Confirmed=X
Filename=systembin.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[SystemSearch]
Number=10789
Confirmed=X
Filename=regedit.exe -s c:\ie.reg
Description=Installs a Seachxl.com browser page hijack
Source=Paul Collins Startup list
[SystemSearch]
Number=10790
Confirmed=X
Filename=regedit.exe -s c:\sys.reg
Description=Installs a i--search.com browser page hijack
Source=Paul Collins Startup list
[SystemService]
Number=10791
Confirmed=X
Filename=msocfg.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[SystemService]
Number=10792
Confirmed=X
Filename=navchk.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[SystemService]
Number=10793
Confirmed=X
Filename=qservice.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[SystemService]
Number=10794
Confirmed=X
Filename=shman.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[SystemService]
Number=10795
Confirmed=U
Filename=nsserver.exe
Description=NiceSpy keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list
[SystemSettingf]
Number=10796
Confirmed=X
Filename=TRUG.vbs
Description=Added by the TRUG.B MACRO!
Source=Paul Collins Startup list
[SystemSuite Task Manager]
Number=10797
Confirmed=U
Filename=MXTASK.EXE
Description=vcom (nee Ontrack) SystemSuite - PC maintenance and security. Use the program's configuration options to enable only the parts you want running all the time - such as Virusscanner Pro
Source=Paul Collins Startup list
[SystemTasks]
Number=10798
Confirmed=X
Filename=filez.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[SystemTasks]
Number=10799
Confirmed=X
Filename=sexypicz.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[SystemTasks]
Number=10800
Confirmed=X
Filename=loaded.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[SystemTools]
Number=10801
Confirmed=X
Filename=kernels32.exe
Description=Added by the DLOADER-FC TROJAN!
Source=Paul Collins Startup list
[SystemTools]
Number=10802
Confirmed=X
Filename=kernels1118.exe
Description=Added by the SMALL.DGK TROJAN!
Source=Paul Collins Startup list
[SystemTools]
Number=10803
Confirmed=X
Filename=kernels8.exe
Description=Added by the FNG TROJAN!
Source=Paul Collins Startup list
[SystemTools]
Number=10804
Confirmed=X
Filename=kernels88.exe
Description=Added by the TIBS-PP TROJAN!
Source=Paul Collins Startup list
[Systemtra]
Number=10805
Confirmed=X
Filename=Systra.exe
Description=Added by the LOVGATE-W WORM!
Source=Paul Collins Startup list
[SystemTra]
Number=10806
Confirmed=X
Filename=CDPlay.EXE
Description=Added by a variant of the LOVGATE WORM!
Source=Paul Collins Startup list
[SystemTray]
Number=10807
Confirmed=U
Filename=SysTray.Exe
Description=SYSTRAY.EXE - System Tray Services. Provides the Volume Control, PC Card Status, Power Management and other icons that reside in the System Tray (see here). SYSTRAY.EXE may be disabled if none of these services are required. It will launch as and when required if you later enable the icons. If you need these items they're available via Start -> Settings -> Control Panel
Source=Paul Collins Startup list
[SystemTray]
Number=10808
Confirmed=X
Filename=SystemTray.exe
Description=Added by the BIGFOOT TROJAN! Note - this is not the legitimate systray.exe process
Source=Paul Collins Startup list
[SystemTray]
Number=10809
Confirmed=X
Filename=SysTray.exe
Description=Added by the ALADINZ.P TROJAN! Note - this is not the legitimate systray.exe process. If you right-click on the real systray.exe the "Properties" reveal it to be a Microsoft file
Source=Paul Collins Startup list
[SystemTraySD]
Number=10810
Confirmed=U
Filename=SDSystemTray.exe
Description=Spyware Detector - spyware remover. Initially not recommended due to false positives but the later versions have since improved - see here
Source=Paul Collins Startup list
[SystemTraySR]
Number=10811
Confirmed=U
Filename=SRSystemTray.exe
Description=Spyware Detector - spyware remover. Initially not recommended due to false positives but the later versions have since improved - see here
Source=Paul Collins Startup list
[SystemUpd]
Number=10812
Confirmed=N
Filename=SystemUpd.exe
Description=Updater for Swapoo.com, a kind of Napster for games
Source=Paul Collins Startup list
[SystemWideHook for Windows NT]
Number=10813
Confirmed=X
Filename=%WinHook32.exe
Description=Added by the MYDOOM.AC WORM!
Source=Paul Collins Startup list
[SystemWizard Sniffer]
Number=10814
Confirmed=U
Filename=Sniffer.exe
Description=SystemWizard for Win98/ME from SystemSoft - diagnoses and solves hardware and software problems on a PC
Source=Paul Collins Startup list
[systemyom Updater]
Number=10815
Confirmed=X
Filename=systemyom.exe
Description=Added by a variant of the BACKDOOR.IRC.BOT TROJAN!
Source=Paul Collins Startup list
[SYSTEMZ Patch]
Number=10816
Confirmed=X
Filename=SYSZ.exe
Description=Added by the ALADINZ.P TROJAN!
Source=Paul Collins Startup list
[System_Messages]
Number=10817
Confirmed=U
Filename=pprsen.exe
Description=TerminatorX - "offers an easy and effective method of stopping users running predetermined file sharing programs like KaZaA, messenger programs, chat rooms and the like"
Source=Paul Collins Startup list
[systen32.exe]
Number=10818
Confirmed=X
Filename=systen32.exe
Description=Added by the AQP TROJAN!
Source=Paul Collins Startup list
[Systes]
Number=10819
Confirmed=X
Filename=jrdtifkkxbbsa.exe
Description=Added by the RBOT-ADC WORM!
Source=Paul Collins Startup list
[Systesms.exe]
Number=10820
Confirmed=X
Filename=systesms.exe
Description=Added by the RBOT-HI WORM!
Source=Paul Collins Startup list
[Systest]
Number=10821
Confirmed=U
Filename=Systest.exe
Description=Clean Space internet evidence eliminator
Source=Paul Collins Startup list
[systhread]
Number=10822
Confirmed=X
Filename=winkernal.exe
Description=Added by the LIAMED WORM!
Source=Paul Collins Startup list
[SysTime]
Number=10823
Confirmed=X
Filename=systime.exe
Description=CoolWebSearch parasite variant - also detected as the STARTPA-FL TROJAN!
Source=Paul Collins Startup list
[Systmesy]
Number=10824
Confirmed=X
Filename=Systmesy.exe
Description=Added by the RBOT-KQ WORM!
Source=Paul Collins Startup list
[Systoan32]
Number=10825
Confirmed=X
Filename=systoan.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[systr]
Number=10826
Confirmed=X
Filename=SYSERVER.exe
Description=Added by the VB-DQY WORM!
Source=Paul Collins Startup list
[systr2]
Number=10827
Confirmed=X
Filename=SERVICE.exe
Description=Added by the VB-DQY WORM!
Source=Paul Collins Startup list
[systr32]
Number=10828
Confirmed=?
Filename=systr32.exe
Description=??
Source=Paul Collins Startup list
[systrans]
Number=10829
Confirmed=X
Filename=[path to trojan]
Description=Added by the STARTPA-GZ TROJAN!
Source=Paul Collins Startup list
[systrax]
Number=10830
Confirmed=?
Filename=systrax.exe
Description=??
Source=Paul Collins Startup list
[Systray]
Number=10831
Confirmed=X
Filename=Systray_.Exe
Description=Added by the KERGEZ.A WORM!
Source=Paul Collins Startup list
[Systray]
Number=10832
Confirmed=X
Filename=[filename.exe]
Description=Winfavorites adware
Source=Paul Collins Startup list
[SYSTRAY]
Number=10833
Confirmed=X
Filename=UNMT.EXE
Description=Added by the DLOADER-LQ TROJAN!
Source=Paul Collins Startup list
[SysTray]
Number=10834
Confirmed=U
Filename=SysTray.Exe
Description=SYSTRAY.EXE - System Tray Services. Provides the Volume Control, PC Card Status, Power Management and other icons that reside in the System Tray (see here). SYSTRAY.EXE may be disabled if none of these services are required. It will launch as and when required if you later enable the icons. If you need these items they're available via Start -> Settings -> Control Panel
Source=Paul Collins Startup list
[SysTray]
Number=10835
Confirmed=X
Filename=Snnpapi.exe
Description=Added by an unidentified TROJAN!
Source=Paul Collins Startup list
[Systray]
Number=10836
Confirmed=X
Filename=w32explorer.exe
Description=Added by the RBOT-AJY WORM!
Source=Paul Collins Startup list
[Systray]
Number=10837
Confirmed=X
Filename=SteFanie.vbs
Description=Added by the STEFAN WORM! Note - make sure you check the hyperlink as this one copies it's self to numerous dirves and folders
Source=Paul Collins Startup list
[Systray]
Number=10838
Confirmed=X
Filename=KAT.vbs
Description=Added by the SOAD-D WORM!
Source=Paul Collins Startup list
[SysTray]
Number=10839
Confirmed=X
Filename=svhost.exe
Description=Added by the RAJILO-A WORM!
Source=Paul Collins Startup list
[Systray driver]
Number=10840
Confirmed=X
Filename=systray.exe
Description=Added by the MUTEBOT TROJAN! Note - this is not the legitimate systray.exe process
Source=Paul Collins Startup list
[SystrayServices]
Number=10841
Confirmed=X
Filename=Msxpw.exe
Description=Added by the CITOR WORM!
Source=Paul Collins Startup list
[systree]
Number=10842
Confirmed=X
Filename=systree
Description=Added by the BANCOS.L TROJAN!
Source=Paul Collins Startup list
[Systrsy]
Number=10843
Confirmed=X
Filename=Systrsy.exe
Description=Added by the CDTRAY TROJAN! Note - this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
Source=Paul Collins Startup list
[Systry]
Number=10844
Confirmed=X
Filename=[path to worm]
Description=Added by the AUTEX WORM!
Source=Paul Collins Startup list
[SYStry]
Number=10845
Confirmed=X
Filename=spoolsvr.exe
Description=Added by the SDBOT.GN WORM!
Source=Paul Collins Startup list
[Systryt]
Number=10846
Confirmed=X
Filename=[path to worm]
Description=Added by the AUTEX WORM!
Source=Paul Collins Startup list
[SystUphes]
Number=10847
Confirmed=X
Filename=algesetp.exe
Description=Added by the QQPASS-AM TROJAN!
Source=Paul Collins Startup list
[Systweak Ad and Popup Blocker]
Number=10848
Confirmed=U
Filename=adblock.exe
Description=Ad and popup blocker part of Advanced System Optimizer from Systweak
Source=Paul Collins Startup list
[Systweak Memory Optimizer]
Number=10849
Confirmed=U
Filename=memtuneup.exe
Description=Part of SysTweak Advanced System Optimizer
Source=Paul Collins Startup list
[sysu]
Number=10850
Confirmed=X
Filename=sysu.exe
Description=Dynamic Desktop Media adware - see here
Source=Paul Collins Startup list
[sysug32.exe]
Number=10851
Confirmed=X
Filename=sysug32.exe
Description=Added by an unidentified TROJAN or WORM!
Source=Paul Collins Startup list
[SysUpd]
Number=10852
Confirmed=X
Filename=Sysupd.exe
Description=VirtuMonde adware
Source=Paul Collins Startup list
[sysupdate]
Number=10853
Confirmed=X
Filename=cmman32.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Sysvupex]
Number=10854
Confirmed=X
Filename=Sysvupex.exe
Description=Added by the MEDIAS TROJAN!
Source=Paul Collins Startup list
[sysvx]
Number=10855
Confirmed=X
Filename=sysvx_.exe
Description=Added by the LOOSKY-BX TROJAN!
Source=Paul Collins Startup list
[SysW8]
Number=10856
Confirmed=U
Filename=csta.exe
Description=Clean Space internet evidence eliminator
Source=Paul Collins Startup list
[SYSWB6]
Number=10857
Confirmed=U
Filename=SYSWB6.exe
Description=Part of We-Blocker - gives parents the opportunity to monitor their children's Internet access and provide them with age-appropriate content, while filtering out sites that contain adult content. Works in conjunction with Winkb6 and both files are needed to run We-Blocker
Source=Paul Collins Startup list
[SysWin]
Number=10858
Confirmed=X
Filename=SysWin.exe
Description=Added by the IRCCONTACT TROJAN!
Source=Paul Collins Startup list
[syswin]
Number=10859
Confirmed=X
Filename=v6.exe
Description=Added by the AGENT-ECM TROJAN!
Source=Paul Collins Startup list
[syswin32]
Number=10860
Confirmed=X
Filename=syswin32.exe
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[Syswindow]
Number=10861
Confirmed=X
Filename=Syswindow.exe
Description=Added by the COW TROJAN!
Source=Paul Collins Startup list
[SysWy]
Number=10862
Confirmed=X
Filename=rundll32.exe
Description=Added by the LINEAGE-JH TROJAN! Note - this file is found in the C:\Windows\System folder, and is not to be confused with the legitimate rundll32.exe file, always located in the Windows folder on Win98/ME systems, and in the Winnt\System32 or Windows\System32 folder in WinXP/NT/2K!
Source=Paul Collins Startup list
[sysX3]
Number=10863
Confirmed=X
Filename=sys22.exe
Description=Added by the RANTS.C WORM!
Source=Paul Collins Startup list
[sysygm32]
Number=10864
Confirmed=X
Filename=syscxd32.exe
Description=Added by the IRCBOT-PC TROJAN!
Source=Paul Collins Startup list
[sysygm64]
Number=10865
Confirmed=X
Filename=winrxd64.exe
Description=Added by the IRCBOT-RK TROJAN!
Source=Paul Collins Startup list
[SYS_CLEAN]
Number=10866
Confirmed=X
Filename=Service.exe
Description=Added by the FLOPCOPY WORM!
Source=Paul Collins Startup list
[Sys_Run]
Number=10867
Confirmed=X
Filename=ghost.exe
Description=Added by the LINEAGE-N TROJAN!
Source=Paul Collins Startup list
[sys_Runtt1]
Number=10868
Confirmed=X
Filename=explorer.exe
Description=Added by the LINEAGE-M TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the Program Files folder
Source=Paul Collins Startup list
[SyztMy]
Number=10869
Confirmed=X
Filename=expiorer.exe
Description=Added by the LINEAG-AIN TROJAN!
Source=Paul Collins Startup list
[SZMsgSvc.exe]
Number=10870
Confirmed=U
Filename=SZMsgSvc.exe
Description=StopZilla! - pop-up killer
Source=Paul Collins Startup list
[t]
Number=10871
Confirmed=X
Filename=xclean.exe
Description=FlashEnhancer adware
Source=Paul Collins Startup list
[T-DSL SpeedMgr]
Number=10872
Confirmed=N
Filename=speedmgr.exe
Description=T-Online ISP SpeedManager - shows upload and download speed. Also checks for updates automatically
Source=Paul Collins Startup list
[T3Console]
Number=10873
Confirmed=U
Filename=T3Console.exe
Description=Related to T3 Security Suite - prevents unauthorized or inappropriate access to your PC and data
Source=Paul Collins Startup list
[Taakcontrole]
Number=10874
Confirmed=U
Filename=taskmon.exe
Description=Task Monitor (on Dutch language versions of Windows) - checks the disk-access patterns of programs when they are started and stores this information in log files in the Applog folder. Task Monitor also records the number of times you use a program. The Disk Defragmenter tool uses this information to optimize your hard disk so that programs that you use frequently are loaded faster. Not required - but can be useful. Note: for Norton Anti-Virus 2002 users, loading TaskMonitor will typically solve many, if not most, of those annoying IE scripting errors (per Symantec's Knowledgebase)
Source=Paul Collins Startup list
[Taba]
Number=10875
Confirmed=X
Filename=stte.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[Tablet]
Number=10876
Confirmed=N
Filename=Tablet.exe
Description=Loads the tablet drivers for the Wacom Graphics Tablet. This can be unchecked in msconfig without problems if you don't need the tablet functional all the time. Create your own shortcut if you need to run it ad hoc. If you forget to run it before running Paint Shop Pro & Adobe Photo Shop) you may find the following: (1) Paint Shop Pro (version 7.04) - (a) Browse function will NOT work (program freezes) (b) On program exit, PSP does not terminate (you have to CTRL+ALT+DEL to close it) (2) Photo Shop (version 6.01) - (a) Program functions slowdown (d) On program exit it takes noticeably longer to shut down (like 30-45 seconds)
Source=Paul Collins Startup list
[tablet s]
Number=10877
Confirmed=Y
Filename=tablet s
Description=Starts the Wacom Penabled driver on Acer Tablet PCs (tablet icon with a green check appears during startup if successful)
Source=Paul Collins Startup list
[Tablet Task]
Number=10878
Confirmed=X
Filename=tabletsk32.exe
Description=Added by the RBOT-AJB WORM!
Source=Paul Collins Startup list
[TabletTip]
Number=10879
Confirmed=U
Filename=tabtip.exe
Description=The Microsoft Tablet PC Input Panel converts handwriting to text dynamically, and you can make corrections quickly and easily before inserting text
Source=Paul Collins Startup list
[TabletWizard]
Number=10880
Confirmed=U
Filename=SPLSHWRP.EXE
Description=Microsoft Tablet PC Component
Source=Paul Collins Startup list
[TabUserW]
Number=10881
Confirmed=Y
Filename=TabUserW.exe
Description=Wacom pen tablet driver
Source=Paul Collins Startup list
[TAcelMgr]
Number=10882
Confirmed=?
Filename=TAcelMgr.exe
Description=TOSHIBA Acceleration Utilities related. What does it do and is it required?
Source=Paul Collins Startup list
[Tad]
Number=10883
Confirmed=N
Filename=tad.exe
Description=From Turtle Beach's Santa Cruz on a Dell WinME system. Not required - works fine without it including keyboard hot controls for volume and mute
Source=Paul Collins Startup list
[Taesk managers]
Number=10884
Confirmed=X
Filename=tase.pif
Description=Added by the RBOT-AYK TROJAN!
Source=Paul Collins Startup list
[TAG]
Number=10885
Confirmed=?
Filename=tag.exe
Description=??
Source=Paul Collins Startup list
[Tahni Deskmate]
Number=10886
Confirmed=N
Filename=Tahni.exe
Description=Tahni Deskmate - "Interactive cartoon character that lives on your Windows desktop"
Source=Paul Collins Startup list
[TakeMP3]
Number=10887
Confirmed=X
Filename=rundll32.exe MSA64CHK.dll, DllMostrar
Description=MatrixDialer related
Source=Paul Collins Startup list
[TAKSMGN]
Number=10888
Confirmed=X
Filename=taskmr.exe
Description=Added by the RBOT-AHS WORM!
Source=Paul Collins Startup list
[talk]
Number=10889
Confirmed=X
Filename=talk.bat
Description=Added by the TIOTUA-G WORM!
Source=Paul Collins Startup list
[TalkingReminder]
Number=10890
Confirmed=N
Filename=TALKINGREMINDER.EXE
Description=Talking Reminder from Software River Solutions - talking calendar reminder
Source=Paul Collins Startup list
[talknow]
Number=10891
Confirmed=?
Filename=talknow.exe
Description=Could it be related to this or something similar?
Source=Paul Collins Startup list
[Tango]
Number=10892
Confirmed=?
Filename=Setup.exe
Description=Tango Broadband access software. Is it required?
Source=Paul Collins Startup list
[TangoManager]
Number=10893
Confirmed=?
Filename=TangoManager.exe
Description=Tango Broadband access software. Is it required?
Source=Paul Collins Startup list
[TANG_INA_MO]
Number=10894
Confirmed=X
Filename=AutoRun.bat
Description=Added by the FILUKIN.A WORM!
Source=Paul Collins Startup list
[Tapicfg]
Number=10895
Confirmed=X
Filename=Tapicfg.exe
Description=CoolWebSearch Tapicfg parasite variant
Source=Paul Collins Startup list
[Tapisys]
Number=10896
Confirmed=X
Filename=tss.exe
Description=Added by the SMALL TROJAN!
Source=Paul Collins Startup list
[TapiTNA]
Number=10897
Confirmed=U
Filename=TapiTNA.exe
Description=Telephony Location Selector allowing mobile users to change dialling locations - part of the Win95 Power Toys
Source=Paul Collins Startup list
[Tardis]
Number=10898
Confirmed=U
Filename=Tardis.exe
Description=Tardis - time synchronization software
Source=Paul Collins Startup list
[Task]
Number=10899
Confirmed=X
Filename=tasker.exe
Description=Added by the MYDOOM.R WORM!
Source=Paul Collins Startup list
[Task Bar]
Number=10900
Confirmed=X
Filename=TASKBAR.EXE
Description=Added by the FRETHEM.J WORM!
Source=Paul Collins Startup list
[Task BarClient]
Number=10901
Confirmed=?
Filename=TaskBarClient.exe
Description=Responsible for creating the System Tray icon and associated display system for the Starband satellite always on internet service
Source=Paul Collins Startup list
[Task BarSvr]
Number=10902
Confirmed=?
Filename=TaskBarSvr.exe
Description=Part of the Starband satellite always on internet service. Not included on the current system. What does it do and is it needed?
Source=Paul Collins Startup list
[Task Catcher]
Number=10903
Confirmed=U
Filename=tasktrap.exe
Description=Task Catcher - utility that will block unwanted programs from running
Source=Paul Collins Startup list
[Task Catcher Real-Time Detector]
Number=10904
Confirmed=U
Filename=tasktrap.exe
Description=Task Catcher - utility that will block unwanted programs from running
Source=Paul Collins Startup list
[Task Commander]
Number=10905
Confirmed=X
Filename=regsvc32.exe
Description=Added by the AGOBOT-RX WORM!
Source=Paul Collins Startup list
[Task Debugger]
Number=10906
Confirmed=X
Filename=sysdll.exe
Description=Added by the RBOT-CQ WORM!
Source=Paul Collins Startup list
[Task Help]
Number=10907
Confirmed=X
Filename=wualcts.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Task Manager]
Number=10908
Confirmed=X
Filename=taskmngr.exe
Description=Added by the RBOT.Y WORM!
Source=Paul Collins Startup list
[Task Manager]
Number=10909
Confirmed=X
Filename=taskman.exe
Description=Added by the FORBOT-T WORM!
Source=Paul Collins Startup list
[Task Manager]
Number=10910
Confirmed=X
Filename=prcview.exe
Description=Added by the AGOBOT-RT WORM!
Source=Paul Collins Startup list
[Task manager]
Number=10911
Confirmed=X
Filename=taskemngr.exe
Description=Added by the RBOT-AGA WORM!
Source=Paul Collins Startup list
[Task manager]
Number=10912
Confirmed=X
Filename=TikTo.exe
Description=Added by the RBOT.LV WORM!
Source=Paul Collins Startup list
[Task manager]
Number=10913
Confirmed=X
Filename=taskmngr.exe
Description=Added by the RBOT-AYZ WORM!
Source=Paul Collins Startup list
[Task Manager]
Number=10914
Confirmed=X
Filename=svchost.exe
Description=Added by the SOHANA-P WORM! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup!
Source=Paul Collins Startup list
[Task Manager]
Number=10915
Confirmed=X
Filename=taskmng.exe
Description=Added by the TIOTUA-E WORM!
Source=Paul Collins Startup list
[Task Monitoring Service]
Number=10916
Confirmed=X
Filename=svchost.exe
Description=Added by the CONE.D WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "tasks" subfolder of the Winnt or Windows folder
Source=Paul Collins Startup list
[Task Scheduler Engine]
Number=10917
Confirmed=X
Filename=schedsvc32.exe
Description=Added by the RBOT-ASJ WORM!
Source=Paul Collins Startup list
[task service]
Number=10918
Confirmed=X
Filename=taskservices.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Task service]
Number=10919
Confirmed=X
Filename=taskmgs.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[TASK SETUP]
Number=10920
Confirmed=X
Filename=tasksetup.exe
Description=Added by the RBOT-YR WORM!
Source=Paul Collins Startup list
[Taskbar]
Number=10921
Confirmed=N
Filename=Taskbar.exe
Description=Taskbar icon for the Redline RegTweak overclocking program as supplied with Sapphire ATI graphics cards
Source=Paul Collins Startup list
[TaskBar]
Number=10922
Confirmed=N
Filename=CTLTask.exe
Description=Creative SoundBlaster Audigy Taskbar - used to choose between different types of EAX Effects, not required in startup. NOTE: if you get a ctltask.exe error message while installing the Audigy drivers, see this Microsoft Knowledge Base article
Source=Paul Collins Startup list
[Taskbar Display Controls]
Number=10923
Confirmed=N
Filename=RunDLL deskcp16.dll, QUICKRES_RUNDLLENTRY
Description=Only appears in MSCONFIG if you have a Display Settings icon in the System Tray allowing resolution changes on the fly. Can also be disabled under Control Panel -> Display -> Settings -> Advanced -> General. Also appears if you have Win95 with the QuickRes "Powertoy" installed
Source=Paul Collins Startup list
[Taskbar Service]
Number=10924
Confirmed=X
Filename=taskbar.svc
Description=Unidentified adware
Source=Paul Collins Startup list
[Taskbar System]
Number=10925
Confirmed=X
Filename=tasksys.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Taskbar++]
Number=10926
Confirmed=N
Filename=TaskbarPP.exe
Description=Taskbar++ is a software that allows you to sort (move) the buttons of the Windows taskbar by Drag & Drop
Source=Paul Collins Startup list
[Taskbell.exe]
Number=10927
Confirmed=X
Filename=Rund1.exe
Description=Added by the YIPID TROJAN!
Source=Paul Collins Startup list
[taskdir]
Number=10928
Confirmed=X
Filename=taskdir.exe
Description=Added by the LAGER.AQ TROJAN!
Source=Paul Collins Startup list
[TaskList]
Number=10929
Confirmed=X
Filename=tasklist32.exe
Description=Added by the BANCOS-DX TROJAN!
Source=Paul Collins Startup list
[TaskMan]
Number=10930
Confirmed=X
Filename=rundll32.exe
Description=Added by the DVLDR TROJAN! Note - this is not the valid "rundll32.exe" as it's in the Windows\Fonts directory
Source=Paul Collins Startup list
[taskmanager]
Number=10931
Confirmed=X
Filename=taskmgr.com
Description=Added by the BEREB WORM!
Source=Paul Collins Startup list
[taskmanager]
Number=10932
Confirmed=X
Filename=taskmanager.exe
Description=Added by the AGOBOT-TF WORM!
Source=Paul Collins Startup list
[TaskManager]
Number=10933
Confirmed=X
Filename=[path to trojan]
Description=Added by the LDPINCH-CF TROJAN!
Source=Paul Collins Startup list
[taskmanger]
Number=10934
Confirmed=X
Filename=taskmanger.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Taskmgo]
Number=10935
Confirmed=X
Filename=[path to file]
Description=Added by the BANCBAN-T TROJAN!
Source=Paul Collins Startup list
[Taskmgr]
Number=10936
Confirmed=X
Filename=Taskmgr.exe
Description=System1060 homepage hi-jacker. Note - this is not a Windows file and is found in a WindowsSystem1060 directory
Source=Paul Collins Startup list
[Taskmgr]
Number=10937
Confirmed=X
Filename=tskmgr32.exe
Description=Homepage hi-jacker
Source=Paul Collins Startup list
[taskmgr]
Number=10938
Confirmed=X
Filename=taskmgr.exe
Description=Added by the Startpage.G hijacker. Note - this is NOT the Windows Task Manager file!
Source=Paul Collins Startup list
[Taskmgr]
Number=10939
Confirmed=X
Filename=system.exe
Description=Added by the PAKES.G TROJAN!
Source=Paul Collins Startup list
[taskmgr]
Number=10940
Confirmed=X
Filename=explorer.exe
Description=Added by the ZAPCHAS-AC TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System folder
Source=Paul Collins Startup list
[taskmgr]
Number=10941
Confirmed=X
Filename=[path to trojan]
Description=Added by the AGENT-ENV TROJAN!
Source=Paul Collins Startup list
[taskmgr]
Number=10942
Confirmed=X
Filename=taskmanager.exe
Description=Added by the BCKDR-QHT TROJAN!
Source=Paul Collins Startup list
[taskmgr.exe]
Number=10943
Confirmed=N
Filename=taskmgr.exe
Description=Windows Task Manager in Windows XP. If run from the Startup folder, the tray icon will be put to the system tray after boot. Useful to check if XP has finished running the delayed services after boot. Available via a desktop shortcut
Source=Paul Collins Startup list
[taskmgr.exe]
Number=10944
Confirmed=X
Filename=paint.exe
Description=Added by a variant of the AGENT.AH downloader TROJAN!
Source=Paul Collins Startup list
[taskmgr.exe]
Number=10945
Confirmed=X
Filename=mirc.exe
Description=Added by a variant of the AGENT.AH TROJAN!
Source=Paul Collins Startup list
[taskmgr.exe]
Number=10946
Confirmed=X
Filename=paintms.exe
Description=Added by a variant of the AGENT.AH TROJAN!
Source=Paul Collins Startup list
[TASKMGRU]
Number=10947
Confirmed=X
Filename=TASKMGRU.EXE
Description=Added by the CWS-M TROJAN!
Source=Paul Collins Startup list
[taskmngr]
Number=10948
Confirmed=X
Filename=[path] msnve.exe [path] task.exe
Description=Added by the FLOOD-EK TROJAN!
Source=Paul Collins Startup list
[taskmngr lptt01]
Number=10949
Confirmed=X
Filename=taskmngr.exe
Description=RapidBlaster variant (in a "Taskmngr" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
Source=Paul Collins Startup list
[taskmngr ml097e]
Number=10950
Confirmed=X
Filename=taskmngr.exe
Description=RapidBlaster variant (in a "Taskmngr" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
Source=Paul Collins Startup list
[TaskMon]
Number=10951
Confirmed=X
Filename=taskmon.exe
Description=Added by the MYDOOM.A or MYDOOM.J WORMS! Note - this is not the legitimate Win9x/Me file of the same name which resides in C:\Windows as this version resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP). It is not normally on a WinXP system
Source=Paul Collins Startup list
[Taskmon driver]
Number=10952
Confirmed=X
Filename=winampa.exe
Description=Added by the LOONY-I TROJAN! Note - this is NOT associated with the popular Winamp media player. The valid file for the Winamp Agent resides in a "Winamp" subdirectory of the Program Files directory whereas this file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list
[taskmone]
Number=10953
Confirmed=X
Filename=taskmone.exe
Description=Added by the SINGU-S TROJAN!
Source=Paul Collins Startup list
[TaskMonitor]
Number=10954
Confirmed=U
Filename=taskmon.exe
Description=The Task Monitor checks the disk-access patterns of programs when they are started and stores this information in log files in the Applog folder. Task Monitor also records the number of times you use a program. The Disk Defragmenter tool uses this information to optimize your hard disk so that programs that you use frequently are loaded faster. Not required - but can be useful. Note: for Norton Anti-Virus 2002 users, loading TaskMonitor will typically solve many, if not most, of those annoying IE scripting errors (per Symantec's Knowledgebase)
Source=Paul Collins Startup list
[TaskMrg]
Number=10955
Confirmed=X
Filename=csrss.exe
Description=Added by the LDPINCH-W TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[taskmrg.exe]
Number=10956
Confirmed=X
Filename=taskimg.exe
Description=Added by the DLOADER-QZ TROJAN!
Source=Paul Collins Startup list
[taskopen.exe]
Number=10957
Confirmed=X
Filename=taskopen.exe
Description=Added by the HIDD.C TROJAN!
Source=Paul Collins Startup list
[TaskPlus]
Number=10958
Confirmed=N
Filename=TASKPLUS0.EXE
Description=Task and calendar management software available as freeware or as a "Professional" version for sharing over a LAN
Source=Paul Collins Startup list
[TaskPlus]
Number=10959
Confirmed=N
Filename=TASKPL~1.EXE
Description=Task and calendar management software available as freeware or as a "Professional" version for sharing over a LAN
Source=Paul Collins Startup list
[TaskReg]
Number=10960
Confirmed=X
Filename=[random filename]
Description=Added by the CBLAD WORM!
Source=Paul Collins Startup list
[TaskS manager]
Number=10961
Confirmed=X
Filename=taskmgrs.exe
Description=Added by the AGOBOT.QU WORM!
Source=Paul Collins Startup list
[Taskschd]
Number=10962
Confirmed=X
Filename=TRAYWND.EXE
Description=Added by the LITMUS.002 TROJAN!
Source=Paul Collins Startup list
[TaskScheduler]
Number=10963
Confirmed=U
Filename=TaskSch.exe
Description=ProSeries accounting software related
Source=Paul Collins Startup list
[taskswitch]
Number=10964
Confirmed=N
Filename=taskswitch.exe
Description=ALT+TAB replacement Powertoy for Windows XP - enhances the graphics displayed when you want to switch between programs running full-screen
Source=Paul Collins Startup list
[TaskSwitchXP]
Number=10965
Confirmed=U
Filename=TaskSwitchXP.exe
Description="TaskSwitchXP from NTWind Software. Advanced task management utility that picks up where the standard Windows Alt Tab switcher leaves off. It provides the same functionality, and adds visual styles to the dialog and also enhances it by displaying thumbnail preview of the application that will be switched to"
Source=Paul Collins Startup list
[tasksys]
Number=10966
Confirmed=X
Filename=tasksys.vbs
Description=Added by the BYRON WORM!
Source=Paul Collins Startup list
[Tasktray]
Number=10967
Confirmed=N
Filename=CTLTray.exe
Description=Installed with the Sound Blaster Audigy range of soundcards. Allows you to set EAX effects or equalizer settings for the Sound Blaster Audigy from a systray icon. Also allows you to launch the Taskbar via right-click -> Show Taskbar. The tasktray can be accessed via Start -> Programs -> Creative -> Sound Blaster Audigy -> Taskbar
Source=Paul Collins Startup list
[Tasmgr]
Number=10968
Confirmed=X
Filename=Taskmgr.bat
Description=Added by the YPSAN.G WORM!
Source=Paul Collins Startup list
[tat]
Number=10969
Confirmed=X
Filename=tatss.exe
Description=Delfin Promulgate adware variant
Source=Paul Collins Startup list
[Tau monitor]
Number=10970
Confirmed=Y
Filename=Taumon.exe
Description="Tauscan is a powerful Trojan Horse detection and removal engine capable of catching every known type of backdoor that can threaten your system"
Source=Paul Collins Startup list
[TAudEffect]
Number=10971
Confirmed=?
Filename=TAudEff.exe
Description=TOSHIBA Notebook related. What does it do and is it required?
Source=Paul Collins Startup list
[TB2PROEXE]
Number=10972
Confirmed=U
Filename=tb2start.exe
Description=Timbuktu Pro - remote desktop access software
Source=Paul Collins Startup list
[TBC Pro]
Number=10973
Confirmed=U
Filename=tbcpro.exe
Description=TitleBarClock Pro - displays Day, Time, Date, Month, Year, FreeMem, and FreeDriveSpace on the right side of the title bar in any main window that has the mouse or keyboard focus
Source=Paul Collins Startup list
[TBC.exe]
Number=10974
Confirmed=U
Filename=TBC.exe
Description=TitleBarClock software
Source=Paul Collins Startup list
[tbctray]
Number=10975
Confirmed=N
Filename=tbctray.exe
Description=Provides quick access via a System Tray icon to the control panel for Turtle Beach's Santa Cruz or VideoLogic's SonicFury soundcards. Available via Start -> Settings -> Control Panel
Source=Paul Collins Startup list
[TBLFUNC]
Number=10976
Confirmed=Y
Filename=tblmouse.exe
Description=Aiptek HyperPen graphics tablet driver
Source=Paul Collins Startup list
[tbon]
Number=10977
Confirmed=X
Filename=tbon.exe
Description=BestOffers adware
Source=Paul Collins Startup list
[TBPanel]
Number=10978
Confirmed=U
Filename=TBPanel.exe
Description=Configuration utility for Gainward graphics cards. Not required unless you use non-default settings. Available via Start -> Settings -> Control Panel
Source=Paul Collins Startup list
[TBPS]
Number=10979
Confirmed=X
Filename=TBPS.exe
Description=WebSearch Toolbar - HuntBar hijacker, toolbar installer variant
Source=Paul Collins Startup list
[TBTray]
Number=10980
Confirmed=N
Filename=tbtray.exe
Description=VLSI/QSound ThunderBird PCI Control Panel. System Tray access to the settings for this and related soundcards. Available via Start -> Settings -> Control Panel
Source=Paul Collins Startup list
[TB_setup]
Number=10981
Confirmed=?
Filename=TB_ANI~1.EXE
Description=??
Source=Paul Collins Startup list
[TB_setup]
Number=10982
Confirmed=X
Filename=tb_setup.exe
Description=HuntBar hijacker, toolbar installer
Source=Paul Collins Startup list
[tcactive]
Number=10983
Confirmed=Y
Filename=tca.exe
Description=Part of The Cleaner from MooSoft - stops virus trojans before they can do any damage
Source=Paul Collins Startup list
[TCASUTIEXE]
Number=10984
Confirmed=N
Filename=tcaudiag.exe
Description=3Com NIC Installation/Diagnostic MFC application. Diagnostics may be run from the Start -> Programs
Source=Paul Collins Startup list
[TCASUTIEXE]
Number=10985
Confirmed=N
Filename=TCASUTI.exe
Description=Associated with the 3COM diagnostic module (3COM NIC Doctor). No further information is available
Source=Paul Collins Startup list
[TCAUDIAG -off]
Number=10986
Confirmed=N
Filename=tcaudiag.exe
Description=3Com NIC Installation/Diagnostic MFC application. Diagnostics may be run from the Start -> Programs
Source=Paul Collins Startup list
[TCDPbtn]
Number=10987
Confirmed=?
Filename=TCDPbtn.exe
Description=Found on a Toshiba laptop
Source=Paul Collins Startup list
[TCDPlay]
Number=10988
Confirmed=?
Filename=TCDPlay.drv
Description=Found on a Toshiba laptop - sounds like the driver for the CD-ROM but why doesn't it use the standard Windows drivers - any comments?
Source=Paul Collins Startup list
[TClock]
Number=10989
Confirmed=U
Filename=TCLOCK.EXE
Description=Kazubon TClock. Utility that amongst other things synchronizes your system clock with Internet time servers. Available via Start -> Programs
Source=Paul Collins Startup list
[TClock.exe]
Number=10990
Confirmed=X
Filename=tclock_install.exe
Description=TClock - distributed and installed without user permission by other rogue software or malware. TClock contains no uninstall facility through Windows. As TClock is of dubious origin and usefulness, it should be terminated and removed if detected
Source=Paul Collins Startup list
[TClockEx]
Number=10991
Confirmed=U
Filename=TCLOCKEX.EXE
Description=Puts a configurable time/date display in the tray (and other features). Freeware by Dale Nurden and is popular on cover disks
Source=Paul Collins Startup list
[tcmonitor]
Number=10992
Confirmed=U
Filename=tcm.exe
Description=Part of The Cleaner from MooSoft - warns of changes to the registry
Source=Paul Collins Startup list
[TCOYFReminder]
Number=10993
Confirmed=U
Filename=tcoyftray.exe
Description=My ParenTime Fertility Planner Reminder. The calendar provides a quick overview of the status of your fertility
Source=Paul Collins Startup list
[Tcp Application Manager]
Number=10994
Confirmed=X
Filename=localsvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Tcp Application Manager]
Number=10995
Confirmed=X
Filename=netsvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Tcp Application Manager]
Number=10996
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Tcp Application Manager]
Number=10997
Confirmed=X
Filename=svcadmin.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Tcp Application Manager]
Number=10998
Confirmed=X
Filename=svcman.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Tcp Application Manager]
Number=10999
Confirmed=X
Filename=svcrun.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Tcp Application Manager]
Number=11000
Confirmed=X
Filename=tcpsvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Tcp Application Manager]
Number=11001
Confirmed=X
Filename=websvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[tcp checker]
Number=11002
Confirmed=X
Filename=tcpcheck.exe
Description=Added by the VBBOT-A TROJAN!
Source=Paul Collins Startup list
[TCP Internet Services]
Number=11003
Confirmed=X
Filename=TCPSVC32.EXE
Description=Added by the SPYBOT.X TROJAN!
Source=Paul Collins Startup list
[TCP Monitoring]
Number=11004
Confirmed=X
Filename=LanNSvc.exe
Description=Added by the RANDEX.AAS WORM!
Source=Paul Collins Startup list
[tcpipmon]
Number=11005
Confirmed=X
Filename=tcpipmon.exe
Description=Added by the CLICKER-EF TROJAN!
Source=Paul Collins Startup list
[tcpippui]
Number=11006
Confirmed=X
Filename=tcpippui.exe
Description=Added by the RBOT-APS WORM!
Source=Paul Collins Startup list
[tcpippui32]
Number=11007
Confirmed=X
Filename=tcpippui32.exe
Description=Added by the RBOT-ART WORM!
Source=Paul Collins Startup list
[TCPServer]
Number=11008
Confirmed=X
Filename=TCPServer.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[TCPXP Update]
Number=11009
Confirmed=X
Filename=tcpxp.exe
Description=Added by the RBOT-UL WORM!
Source=Paul Collins Startup list
[TCtryIOHook]
Number=11010
Confirmed=?
Filename=TCtrlIOHook.exe
Description=Toshiba laptop related. What does it do and is it required?
Source=Paul Collins Startup list
[tcupdater]
Number=11011
Confirmed=X
Filename=tcupdater.exe
Description=Topconverting.com/180Search adware updater
Source=Paul Collins Startup list
[TDispVol]
Number=11012
Confirmed=U
Filename=TDispVol.exe
Description=Used on Toshiba computers to make the Fn key have control over the volume on/off
Source=Paul Collins Startup list
[TDKSTART]
Number=11013
Confirmed=U
Filename=TDKSTART.EXE
Description=Sets the spindown timeout and access speeds at startup and displays a splash screen for CD-RW.
Source=Paul Collins Startup list
[TDKTASK]
Number=11014
Confirmed=N
Filename=TDKTASK.EXE
Description=Taskbar utility for a "control panel" for a CD-RW
Source=Paul Collins Startup list
[TDockNUndock]
Number=11015
Confirmed=?
Filename=N/A
Description=Found on a Toshiba laptop - for use with a docking station?
Source=Paul Collins Startup list
[TDS3]
Number=11016
Confirmed=U
Filename=TDS-3.exe
Description=DiamondCS TDS-3 antitrojan. Can be used to scan on demand, but required in startup if you prefer real time protection
Source=Paul Collins Startup list
[TDspOff]
Number=11017
Confirmed=?
Filename=Tdspoff.exe
Description=Found on a Toshiba laptop
Source=Paul Collins Startup list
[Teach In Box]
Number=11018
Confirmed=N
Filename=teachbox.exe
Description=Tutoring program that comes with a SystemAX Computer
Source=Paul Collins Startup list
[Tech-In-A-Box]
Number=11019
Confirmed=Y
Filename=techbox.exe
Description=Tech-in-a-Box "provides easy-to-use tools for various system maintenance tasks. From backup and restore to diagnostics and repairs, Tech-in-a-Box is your tool to stay up and running"
Source=Paul Collins Startup list
[Telechips,Mass]
Number=11020
Confirmed=U
Filename=patch.exe
Description=Removable disk driver for the Muro MP3 player
Source=Paul Collins Startup list
[Telemeter 3.0]
Number=11021
Confirmed=N
Filename=telemeter3.exe
Description=Internet connection bandwidth meter from a user ISP
Source=Paul Collins Startup list
[Telepath]
Number=11022
Confirmed=Y
Filename=telepath.exe
Description=Drivers for the WinModem versions of the US Robotics "Telepath" series - as supplied to Gateway for instance. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem information
Source=Paul Collins Startup list
[Telnet]
Number=11023
Confirmed=X
Filename=Telnet.exe
Description=Added by the VOUMIT-A WORM! Note - this is not the legitimate telnet.exe application which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "mirc32" folder
Source=Paul Collins Startup list
[Telnet24]
Number=11024
Confirmed=X
Filename=[random filename]
Description=Added by the RBOT-ARD WORM!
Source=Paul Collins Startup list
[TELUS Security service]
Number=11025
Confirmed=Y
Filename=freedom.exe
Description=Freedom Internet Security & Privacy - anti-virus, personal firewall and parental control. It also blocks ads, safeguards your personal information, encrypts your passwords, and much more. No longer available for sale
Source=Paul Collins Startup list
[TempCom]
Number=11026
Confirmed=X
Filename=[randomname].com
Description=Added by the TRAXG WORM!
Source=Paul Collins Startup list
[tempx]
Number=11027
Confirmed=X
Filename=tempx.exe
Description=Added by the TEMPEX.A TROJAN!
Source=Paul Collins Startup list
[Tencent QQ]
Number=11028
Confirmed=X
Filename=Rund1132.exe qq.dll, Rundll32
Description=Added by the QQPASS.F TROJAN!
Source=Paul Collins Startup list
[Terminal Services]
Number=11029
Confirmed=X
Filename=mstscc.exe
Description=Added by the SDBOT-CZW WORM!
Source=Paul Collins Startup list
[Terminal Update]
Number=11030
Confirmed=X
Filename=biosefui.exe
Description=Added by the PPDOOR-O TROJAN!
Source=Paul Collins Startup list
[Terminate Popup]
Number=11031
Confirmed=X
Filename=ZPU.exe
Description=Free Popup Killer - foistware proven to install the Regsvc32 homepage hijacker. Also see here
Source=Paul Collins Startup list
[Terminate Popup]
Number=11032
Confirmed=X
Filename=FPUK.exe
Description=Free Popup Killer - foistware proven to install the Regsvc32 homepage hijacker. Also see here
Source=Paul Collins Startup list
[TEscKey]
Number=11033
Confirmed=U
Filename=TEscKey.exe
Description=Toshiba Escape Key handler. Enables you to program and use the <FN><Esc> key combination to perform a specific function
Source=Paul Collins Startup list
[Tesco.net]
Number=11034
Confirmed=N
Filename=rundll32 [path] RyDial.dll, QuickStart
Description=Tesco.net dial-up ISP software - not required
Source=Paul Collins Startup list
[Tesla]
Number=11035
Confirmed=?
Filename=TESLA.EXE
Description=??
Source=Paul Collins Startup list
[test]
Number=11036
Confirmed=X
Filename=i love you.exe
Description=Added by the SINGU-T TROJAN!
Source=Paul Collins Startup list
[Testing 123]
Number=11037
Confirmed=X
Filename=msdata.dat
Description=Added by the NITS.A WORM!
Source=Paul Collins Startup list
[testit.exe]
Number=11038
Confirmed=X
Filename=testit.exe
Description=ISTBar adware
Source=Paul Collins Startup list
[TExBUtil Registry]
Number=11039
Confirmed=?
Filename=TExBUtil.exe
Description=??
Source=Paul Collins Startup list
[TextAloud]
Number=11040
Confirmed=N
Filename=TextAloudMP3.exe
Description=TextAloud MP3 - convert text into spoken words and MP3s
Source=Paul Collins Startup list
[Textbridge Instant Access OCR]
Number=11041
Confirmed=N
Filename=telepath.exe
Description=TextBridge from Nuance (was Scansoft). OCR (optical character recognition) software for scanning documents into popular editing applications. Available via Start -> Programs
Source=Paul Collins Startup list
[TEXTCONV]
Number=11042
Confirmed=X
Filename=services.exe
Description=Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[TEXTCONV]
Number=11043
Confirmed=X
Filename=winlogon.exe
Description=Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[TFncKy]
Number=11044
Confirmed=U
Filename=TFncky.exe
Description=Deals with the <Fn> - <Function> key combinations on a Toshiba laptop
Source=Paul Collins Startup list
[TFNF5]
Number=11045
Confirmed=U
Filename=TFNF5.exe
Description=Toshiba Hotkey Utility for Display Devices. By pressing <FN> + <F5>, a window appears showing the displays that can be chosen – LCD, LCD + CRT, CRT, TV
Source=Paul Collins Startup list
[tfswctrl]
Number=11046
Confirmed=Y
Filename=tfswctrl.exe
Description=Drive letter access to a UDF packet writer for CD-RW - from HP, Veritas an others. Similar to Roxio's DirectCD and does the same thing. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"
Source=Paul Collins Startup list
[TFTP***]
Number=11047
Confirmed=X
Filename=tftp***
Description=Added by a variant of the SPYBOT WORM! where *** can be any number
Source=Paul Collins Startup list
[TFunckey]
Number=11048
Confirmed=U
Filename=TFuncKey.exe
Description=Deals with the <Fn> - <Function> key combinations on a Toshiba laptop
Source=Paul Collins Startup list
[TgAddServer]
Number=11049
Confirmed=N
Filename=tgfix.exe
Description=Software from SupportSoft (aka Support.com) provided to manufacturers (such as Sony (Vaio Support Agent) and Toshiba (Virtual Tech)) and ISPs (such as Comcast, Cox and Charter (Pipeline Support Agent)) that allows them to offer on-line support - to update drivers, fix faults, etc. Can cause a deterioration in a PC's peformance (see here). This part does the protection and "self-healing". Uninstallation is recommended by most people - especially for System Restore users (WinME/XP). If not available via Add/Remove try here
Source=Paul Collins Startup list
[tgbcde]
Number=11050
Confirmed=X
Filename=module32.exe
Description=Added by the REIGN.R TROJAN!
Source=Paul Collins Startup list
[Tgcmd]
Number=11051
Confirmed=U
Filename=tgcmd.exe
Description=See also TgAddServer. This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation
Source=Paul Collins Startup list
[tgcmdprovidersbc]
Number=11052
Confirmed=U
Filename=tgcmd.exe
Description=See also TgAddServer. This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation
Source=Paul Collins Startup list
[TGCMG]
Number=11053
Confirmed=N
Filename=??
Description=Related to Rogers@Home, causes errors in WinSock32.dll. Not required for connection to work
Source=Paul Collins Startup list
[TGDC IE Plugin]
Number=11054
Confirmed=X
Filename=tgdc.exe
Description=ShopForGood spyware - see here
Source=Paul Collins Startup list
[tgkill]
Number=11055
Confirmed=X
Filename=tgkill.exe
Description=Comcast (the cable folks who are replacing @home in some parts of the USA) have struck a deal with Tioga to provide an "enhanced" support and self-repairing tool. This is "beta" at present and was made available to download by mistake at present. Remove via Start -> Settings -> Add/Remove Programs
Source=Paul Collins Startup list
[Tgsetsite]
Number=11056
Confirmed=U
Filename=tgfix.exe
Description=See also TgAddServer. This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation
Source=Paul Collins Startup list
[Thdetrf]
Number=11057
Confirmed=N
Filename=thdetr32.exe
Description=Appears to be related to Lycos advertising
Source=Paul Collins Startup list
[ThE]
Number=11058
Confirmed=X
Filename=wind0s.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[The Easy Bee's Hive]
Number=11059
Confirmed=U
Filename=ATCEgSvr.exe
Description=The Easy Bee is a software that allows you to record Internet navigation sequences, which can include form filling and button clicking and to attach a replay schedule to each sequence
Source=Paul Collins Startup list
[The Ethernet]
Number=11060
Confirmed=X
Filename=ethernet.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[The Intranet]
Number=11061
Confirmed=X
Filename=intranet.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[TheMainStart]
Number=11062
Confirmed=?
Filename=N/A
Description=??
Source=Paul Collins Startup list
[TheMonitor]
Number=11063
Confirmed=X
Filename=[path to trojan]
Description=Added by the DLOADR-LO TROJAN!
Source=Paul Collins Startup list
[TheMonitor]
Number=11064
Confirmed=X
Filename=Duce6.exe
Description=YourEnhancement downloader
Source=Paul Collins Startup list
[THGuard]
Number=11065
Confirmed=U
Filename=TH_Guard.exe
Description=Resident memory scanning for TrojanHunter
Source=Paul Collins Startup list
[THGuard]
Number=11066
Confirmed=U
Filename=THGuard.exe
Description=Resident memory scanning for TrojanHunter
Source=Paul Collins Startup list
[Think-Adz]
Number=11067
Confirmed=X
Filename=[random filename].exe
Description=ZenoSearch adware
Source=Paul Collins Startup list
[This is a virus, please delete it]
Number=11068
Confirmed=X
Filename=bigbadvirus.exe
Description=Added by the RANDEX.F WORM!
Source=Paul Collins Startup list
[THOTKEY]
Number=11069
Confirmed=U
Filename=THotkey.exe
Description=Associated with the Fn+ keys on Toshiba laptops. When disabled some keys still worked, like the one that regulates the volume of the system beep, but others didn't, like the one that immediately blackens your screen
Source=Paul Collins Startup list
[ThpSrv]
Number=11070
Confirmed=Y
Filename=thpsrv.exe
Description=Toshiba Hard Drive Protection Utility - moves the Hard Drive head to a safe position in case of shock or vibration to reduce the risk of damage that could be caused by head-to-disk contact
Source=Paul Collins Startup list
[Threaded]
Number=11071
Confirmed=X
Filename=intcp32.exe
Description=Added by the RANDEX.UG WORM!
Source=Paul Collins Startup list
[ThrustTSR]
Number=11072
Confirmed=U
Filename=TMTMTSR.exe
Description=Thrustmaster Thrustmapper - "t-mapper - icon sits on your taskbar and automatically detects when the joystick is plugged in and configures it accordingly"
Source=Paul Collins Startup list
[Thumbs Plus *.*]
Number=11073
Confirmed=X
Filename=thmbplus**.exe
Description=Added by the AGOBOT-AAF WORM! ** is a combination of a random digits and characters
Source=Paul Collins Startup list
[TI WLAN]
Number=11074
Confirmed=U
Filename=TIWLANCu.exe
Description=Texas Instruments TI wireless LAN products
Source=Paul Collins Startup list
[tibs3]
Number=11075
Confirmed=X
Filename=tibs3.exe
Description=Premium rate adult content dialler - see here
Source=Paul Collins Startup list
[tibs5]
Number=11076
Confirmed=X
Filename=tibs5.exe
Description=Premium rate adult content dialer - see here
Source=Paul Collins Startup list
[Tiger]
Number=11077
Confirmed=X
Filename=Shine.exe
Description=Added by the HAPPYLOW (or NISHE-A) VIRUS!
Source=Paul Collins Startup list
[TiKL]
Number=11078
Confirmed=U
Filename=tikl.exe
Description=TinyKeylogger keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list
[Tilerun]
Number=11079
Confirmed=X
Filename=Tilecom32.com
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Time Manager]
Number=11080
Confirmed=X
Filename=TimeManager.exe
Description=Added by the MYTOB-BV WORM!
Source=Paul Collins Startup list
[Time Zone Synchronization]
Number=11081
Confirmed=X
Filename=wscript zshell.js
Description=Added by the NETDEX-A TROJAN!
Source=Paul Collins Startup list
[TimeCalendar]
Number=11082
Confirmed=U
Filename=tc.exe
Description=TimeCalendar digital planner
Source=Paul Collins Startup list
[Timed Backups Manager Startup]
Number=11083
Confirmed=N
Filename=BACKTIME.EXE
Description=Backup Plus - backup software
Source=Paul Collins Startup list
[TimeLeft]
Number=11084
Confirmed=U
Filename=TimeLeft.exe
Description=TimeLeft is a countdown, reminder, clock, alarm clock, stopwatch, timer, sticker and time synchronization utility which uses Winamp skins to show digits and text
Source=Paul Collins Startup list
[Timemanager.exe]
Number=11085
Confirmed=U
Filename=Timemanager.exe
Description=Time Manager will let you track billable and non-billable time by customer, by category and by associate and then integrate directly to our custom billing package
Source=Paul Collins Startup list
[TimeOnline]
Number=11086
Confirmed=N
Filename=TIMEONLINE.EXE
Description=Lightman Groups's TimeOnline monitor. For dial-up users to monitor time spent on the net. Available via Start -> Programs
Source=Paul Collins Startup list
[TIMER]
Number=11087
Confirmed=X
Filename=TIMER.EXE
Description=Added by the TIMESE.AG WORM!
Source=Paul Collins Startup list
[Timer]
Number=11088
Confirmed=X
Filename=comm.exe
Description=Added by the IP TROJAN!
Source=Paul Collins Startup list
[Timer]
Number=11089
Confirmed=X
Filename=timed.exe
Description=Added by the LV TROJAN!
Source=Paul Collins Startup list
[Timer]
Number=11090
Confirmed=X
Filename=msncomm.exe
Description=Added by the WEBDOR.AK TROJAN!
Source=Paul Collins Startup list
[TimeService]
Number=11091
Confirmed=X
Filename=trun.exe
Description=TlfLic-A premium rate adult content dialler
Source=Paul Collins Startup list
[TimeSink Add Client]
Number=11092
Confirmed=X
Filename=TSADBOT.EXE
Description=Advertising spyware
Source=Paul Collins Startup list
[timessquare]
Number=11093
Confirmed=X
Filename=timessquare.exe
Description=Reported as Trojan.Win32.StartPage.aw by Kaspersky Anti-Virus
Source=Paul Collins Startup list
[timestamp]
Number=11094
Confirmed=X
Filename=timeapr32.exe
Description=Added by the AGENT-DRU TROJAN!
Source=Paul Collins Startup list
[TimeSyncApp]
Number=11095
Confirmed=X
Filename=TimeSynchronize.exe
Description=DealHelper adware
Source=Paul Collins Startup list
[TimeUp]
Number=11096
Confirmed=N
Filename=Timeup.exe
Description=TimeUp - internet online timer
Source=Paul Collins Startup list
[Timezone]
Number=11097
Confirmed=U
Filename=TimeZone.exe
Description=Microsoft Daylight Saving Time Update Utility - see here
Source=Paul Collins Startup list
[TimounterMonitor]
Number=11098
Confirmed=U
Filename=TimounterMonitor.exe
Description=Part of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archive
Source=Paul Collins Startup list
[TINTSETP]
Number=11099
Confirmed=N
Filename=TINTSETP.EXE
Description=Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word
Source=Paul Collins Startup list
[Tiny AV]
Number=11100
Confirmed=X
Filename=fooding.exe
Description=Added by the NETSKY.I WORM!
Source=Paul Collins Startup list
[Tiny Personal Firewall]
Number=11101
Confirmed=Y
Filename=persfw.exe
Description=Tiny Personal Firewall
Source=Paul Collins Startup list
[tinySpell]
Number=11102
Confirmed=U
Filename=tinyspell.exe
Description=Tinyspell - "allows you to easily and quickly check the spelling of words in any Windows application. Monitors your typing on the fly, alerts you whenever it detects a misspelled word, and checks the spelling of every word you copy to the clipboard"
Source=Paul Collins Startup list
[TiomanExe]
Number=11103
Confirmed=U
Filename=Tioman.Exe
Description=Agate Tioman - warm and hot swap removable bay device manager for IBM laptops
Source=Paul Collins Startup list
[Tips]
Number=11104
Confirmed=N
Filename=mousetips.exe
Description=Suggests tips on using your mouse
Source=Paul Collins Startup list
[TiTleBarClock]
Number=11105
Confirmed=U
Filename=TiTleBarClock.exe
Description=TitleBarClock displays the day/month/time and free physical RAM on the right hand side of an open window, replacing the system tray clock at startup
Source=Paul Collins Startup list
[TitleTime]
Number=11106
Confirmed=U
Filename=TiTime.exe
Description="TitleTime adds the current date and/or time to the Caption of the currently active application window. Additional options are a second clock (with a different time), week number, GMT/UTC time, Swatch Internet Time and Sounds at each full, half or quarter hour"
Source=Paul Collins Startup list
[Tivoli]
Number=11107
Confirmed=N
Filename=LCFEP.EXE
Description=Tivoli 'TME' System Tray icon - "'lcfep' is the program that displays statistics about the Endpoint. Apparently stopping/removing this process has no impact on the Endpoint itself which will continue to function normally"
Source=Paul Collins Startup list
[TivoNotify]
Number=11108
Confirmed=X
Filename=TiVoNotify.exe
Description=Part of Tivo Desktop. What does it do and is it required?
Source=Paul Collins Startup list
[TivoServer]
Number=11109
Confirmed=U
Filename=TiVoServer.exe
Description=Tivo Server - installed with the TiVo Home Media Option. It streams audio files to your television/home theater from your PC
Source=Paul Collins Startup list
[TivoTransfer]
Number=11110
Confirmed=U
Filename=TivoTransfer.exe
Description=Tivo Transfer Service. TiVo Desktop is an easy-to-use application that lets you publish and share digital music, photos and TiVo recordings between your networked TiVo Series2 DVR and your computer
Source=Paul Collins Startup list
[TIxDSL]
Number=11111
Confirmed=U
Filename=tidslmon.exe
Description=Actiontec DSL modem. Associated with High Speed AOL DSL. Used to get line sync with the Actiontec DSL USB Modem. Available via Start -> Programs
Source=Paul Collins Startup list
[TizzleTalk]
Number=11112
Confirmed=N
Filename=TizzleTalk.exe
Description=TizzeTalk is a dialect translator for Yahoo, MSN, AOL Instant Messengers. Bundles adware, hence not recommended. From their EULA : "As a result of installing the Company's Software, you will see occasional banner ads, pop-up or pop-under ads, or other types of ads selected based on your online activities .../... Occasionally, we may automatically or through other remote means, update, upgrade, patch or uninstall the Company's Software, including the Company's advertising-supported software, without further notice to you. These upgrades also may include installation of additional applications from the Company as well as third party applications"
Source=Paul Collins Startup list
[tjstartup]
Number=11113
Confirmed=X
Filename=[path to file]
Description=Added by the TJSERV.C TROJAN!
Source=Paul Collins Startup list
[TkBell.Exe]
Number=11114
Confirmed=N
Filename=evntsvc.exe
Description=Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
Source=Paul Collins Startup list
[TkBell.Exe]
Number=11115
Confirmed=N
Filename=realsched.exe
Description=Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
Source=Paul Collins Startup list
[TkBell.Exe]
Number=11116
Confirmed=N
Filename=tkbell.exe
Description=Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
Source=Paul Collins Startup list
[TkBellExe]
Number=11117
Confirmed=N
Filename=evntsvc.exe
Description=Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
Source=Paul Collins Startup list
[TkBellExe]
Number=11118
Confirmed=N
Filename=realsched.exe
Description=Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
Source=Paul Collins Startup list
[TkBellExe]
Number=11119
Confirmed=N
Filename=tkbell.exe
Description=Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
Source=Paul Collins Startup list
[TkNetDriver Monitor]
Number=11120
Confirmed=X
Filename=lexbce.exe
Description=Added by the SDBOT-ADF WORM!
Source=Paul Collins Startup list
[tkonnect]
Number=11121
Confirmed=N
Filename=TKONNECT.EXE
Description=Dialer for the Tiscali internet service provider. Available as a desktop shortcut
Source=Paul Collins Startup list
[tlc]
Number=11122
Confirmed=X
Filename=update911.js
Description=Hijacker installer
Source=Paul Collins Startup list
[TlcR]
Number=11123
Confirmed=?
Filename=avp.exe
Description=??
Source=Paul Collins Startup list
[tlntsvr]
Number=11124
Confirmed=U
Filename=tlntsvr.exe
Description=Microsoft program associated with Telnet
Source=Paul Collins Startup list
[TLogonPath]
Number=11125
Confirmed=U
Filename=tb2logon.exe
Description=Timbuktu Pro - remote desktop access software
Source=Paul Collins Startup list
[TM Outbreak Agent]
Number=11126
Confirmed=U
Filename=TMOAgent.exe
Description=Trend Micro Internet Security anti-virus software virus outbreak warnings. Notifies users of virus outbreaks and offers to update the scanner
Source=Paul Collins Startup list
[TMA distribution]
Number=11127
Confirmed=U
Filename=cfinst.exe
Description=Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients
Source=Paul Collins Startup list
[tmax]
Number=11128
Confirmed=X
Filename=pupdate.exe
Description=Adware pop-up generator
Source=Paul Collins Startup list
[tmchook]
Number=11129
Confirmed=X
Filename=tmchook.exe
Description=Detected by Kaspersky as the TrojanDownloader.Win32.VB.aa VIRUS!
Source=Paul Collins Startup list
[TMEEJME]
Number=11130
Confirmed=?
Filename=TMEEJME.EXE
Description=Found in a ToshibaTME3 directory. Toshiba Mobile Extension related?
Source=Paul Collins Startup list
[TMERzCtl]
Number=11131
Confirmed=?
Filename=TMERzCtl.EXE
Description=Found in a ToshibaTME3 directory. Toshiba Mobile Extension related?
Source=Paul Collins Startup list
[TMESBS]
Number=11132
Confirmed=U
Filename=TMESBS21.exe
Description=Toshiba Mobile Extension Selectable Bay Service for WinXP - support for docking stations. Not required if you don't use a docking station
Source=Paul Collins Startup list
[TMESBS32]
Number=11133
Confirmed=?
Filename=TMESBS32.EXE
Description=Found in a ToshibaTME3 directory. Toshiba Mobile Extension related?
Source=Paul Collins Startup list
[TMESRV31]
Number=11134
Confirmed=U
Filename=TMESRV31.EXE
Description=Toshiba utility related to inserting and removing a laptop from a docking station. Not required if you don't use a docking station
Source=Paul Collins Startup list
[TMExLogon]
Number=11135
Confirmed=U
Filename=TMESRV.EXE
Description=Toshiba utility related to inserting and removing a laptop from a docking station. Not required if you don't use a docking station
Source=Paul Collins Startup list
[Tmmkb]
Number=11136
Confirmed=?
Filename=Tmmkysvr.exe
Description=Toshiba multi-media keyboard software - possibly including creating keyboard shortcuts?
Source=Paul Collins Startup list
[TmNetDriver Monitor]
Number=11137
Confirmed=X
Filename=exbce.exe
Description=Added by the SDBOT-ABR WORM!
Source=Paul Collins Startup list
[Tmntsrv32]
Number=11138
Confirmed=X
Filename=Tmntsrv32.exe
Description=Hijacker, detected by Norton antivirus as Trojan.StartPage.O
Source=Paul Collins Startup list
[TMOUSE]
Number=11139
Confirmed=U
Filename=tmouse.exe
Description=Component of the Toshiba Mouse Control that allows users with an AccuPoint mouse to scroll MS-scroll-compatible documents by holding CTRL + ALT and moving the AccuPoint up or down. It also allows zooming by holding CTRL + SHIFT and moving the AccuPoint up or down. Disabling this item has no adverse effects, except disabling the scroll/zoom features of the AccuPoint
Source=Paul Collins Startup list
[tmproxy]
Number=11140
Confirmed=Y
Filename=tmproxy.exe
Description=Trend Micro PC-cillin 2003 antivirus software
Source=Paul Collins Startup list
[TMTMTSR]
Number=11141
Confirmed=U
Filename=TMTMTSR.exe
Description=Thrustmaster Thrustmapper - "t-mapper - icon sits on your taskbar and automatically detects when the joystick is plugged in and configures it accordingly"
Source=Paul Collins Startup list
[TNTClk]
Number=11142
Confirmed=U
Filename=TNTCLK.exe
Description=Overclocking program for TNT, TNT2, and other graphics cards. This program can overclock the graphics card manually after startup when needed, especially before starting a gaming session. However, for simplicity, it can be left checked to let it run once at startup to automatically overclock the graphics card. In this case, it doesn't even run in the background after doing its job
Source=Paul Collins Startup list
[ToADiMon.exe]
Number=11143
Confirmed=U
Filename=ToADiMon.exe
Description=T-Online ISP software connection assistant
Source=Paul Collins Startup list
[Toggler]
Number=11144
Confirmed=U
Filename=toggler.exe
Description="Toggler allows you to gain control over your Caps Lock, Num Lock, and Insert keys. It prevents you from writing in ALL CAPS when your finger has slipped to accidentally hit the Caps Lock key"
Source=Paul Collins Startup list
[Tok-Cirrhatus]
Number=11145
Confirmed=X
Filename=IDTemplate.exe
Description=Added by the RONTOKBRO.A WORM!
Source=Paul Collins Startup list
[Tok-Cirrhatus]
Number=11146
Confirmed=X
Filename=smss.exe
Description=Added by the BRONTOK-A WORM and variants! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the "Documents and Settings\[User]\Local Settings\Application Data\" folder
Source=Paul Collins Startup list
[Tok-Cirrhatus]
Number=11147
Confirmed=X
Filename=[path to file]
Description=Added by the BRONTOK-F WORM!
Source=Paul Collins Startup list
[Tok-Cirrhatus-1959]
Number=11148
Confirmed=X
Filename=br4941on.exe
Description=Added by the BRONTOK-J WORM!
Source=Paul Collins Startup list
[Tok-Cirrhatus-1959sarc]
Number=11149
Confirmed=X
Filename=sv711224030r.exe
Description=Added by the BRONTOK-R WORM!
Source=Paul Collins Startup list
[Tok-Cirrhatus-2784]
Number=11150
Confirmed=X
Filename=br6591on.exe
Description=Added by the BRONTOK-L WORM!
Source=Paul Collins Startup list
[Tok-Cirrhatus-2784]
Number=11151
Confirmed=X
Filename=smss.exe
Description=Added by the BRONTOK-S WORM! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the "Documents and Settings\[User]\Local Settings\Application Data\" folder
Source=Paul Collins Startup list
[Tok-Cirrhatus-[4 random digits]]
Number=11152
Confirmed=X
Filename=br[4 random digits]on.exe
Description=Added by the BRONTOK-M WORM!
Source=Paul Collins Startup list
[TomcatStartup]
Number=11153
Confirmed=?
Filename=hpbpsttp.exe
Description=Apache Tomcat web server, part of HP LaserJet "Printer Tools" software. What does it do and is it required?
Source=Paul Collins Startup list
[TomcatStartup 2.5]
Number=11154
Confirmed=?
Filename=hpbpsttp.exe
Description=Apache Tomcat web server, part of HP LaserJet "Printer Tools" software. What does it do and is it required?
Source=Paul Collins Startup list
[Tommorrow]
Number=11155
Confirmed=?
Filename=tomorrow.exe
Description=??
Source=Paul Collins Startup list
[ToolBoxFX]
Number=11156
Confirmed=?
Filename=HPTLBXFX.exe
Description=HP ToolBoxFX - "provides desktop configuration, status and support for every feature". Supplied with some HP multifunction printers
Source=Paul Collins Startup list
[ToP]
Number=11157
Confirmed=X
Filename=LSASS.exe
Description=Added by the WOWCRAFT.C TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[Top Tilecom]
Number=11158
Confirmed=X
Filename=Tilecomtop.com
Description=Added by the WORM_RBOT.BXD WORM!
Source=Paul Collins Startup list
[ToPassSrv]
Number=11159
Confirmed=?
Filename=Pktopass.exe
Description=Related to Caere Pagekeeper scanning software (now taken over by Scansoft), Disabling is known to cause problems
Source=Paul Collins Startup list
[TopDesk]
Number=11160
Confirmed=U
Filename=TopDesk.exe
Description=TopDesk - puts an icon in your system tray that when clicked upon, opens a pop-up menu that gives instant access to all of your desktop programs without having to minimize, resize, move or close other programs or files
Source=Paul Collins Startup list
[Topic lnternet]
Number=11161
Confirmed=X
Filename=lnternet32.exe
Description=Added by the RBOT-GLZ WORM!
Source=Paul Collins Startup list
[ToPicks Starter]
Number=11162
Confirmed=X
Filename=Idhost.exe
Description=TOPicks adware
Source=Paul Collins Startup list
[topmoxie]
Number=11163
Confirmed=X
Filename=JavaRun.exe
Description=TopMoxie adware
Source=Paul Collins Startup list
[TopSearch]
Number=11164
Confirmed=X
Filename=TopSearch.exe
Description=TopSearch adware variant
Source=Paul Collins Startup list
[Tor]
Number=11165
Confirmed=N
Filename=tor.exe
Description=Tor anonymous internet communication system. Shortcut available via Start -> Programs
Source=Paul Collins Startup list
[tor anonymous proxy]
Number=11166
Confirmed=X
Filename=tor32.exe
Description=Added by the SDBOT-ADR WORM!
Source=Paul Collins Startup list
[Torjan Program]
Number=11167
Confirmed=X
Filename=[path to trojan]
Description=Added by the LEGMIR-BO TROJAN!
Source=Paul Collins Startup list
[Torjan Program]
Number=11168
Confirmed=X
Filename=smss.exe
Description=Added by the WOWCRAFT.B TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[Torjan Program]
Number=11169
Confirmed=X
Filename=WINLOGON.EXE
Description=Added by the WOWCRAFT.D TROJAN! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! This trojan file is found in the Windows or Winnt folder
Source=Paul Collins Startup list
[TOSCDSPD]
Number=11170
Confirmed=N
Filename=toscdspd.exe
Description=Related to Toshiba laptop CD/DVD drivers. This is a non-essential process. Disabling or enabling this is down to user preference
Source=Paul Collins Startup list
[TOSHIBA Accessibility]
Number=11171
Confirmed=U
Filename=FnKeyHook.exe
Description="Allows you to use the Fn key to create a hot key combination with one of the function keys without pressing the two keys simultaneously as is usually required. Using Accessibility lets you make the Fn key a sticky key, meaning you can press it once, release it, and then press a function key to activate the hot key function"
Source=Paul Collins Startup list
[Toshiba Fan]
Number=11172
Confirmed=Y
Filename=fan.exe
Description=Toshiba untilty to keep the fan on a laptop running if they fail to detect there is too much heat
Source=Paul Collins Startup list
[Toshiba Key State]
Number=11173
Confirmed=U
Filename=KEYSTATE.EXE
Description=Displays an icon in the System Tray indicating the state of the CAPS LOCK key. Can be handy on (e.g., Toshiba) laptops which do not have a Caps Lock indicator light. Available via Start -> Programs
Source=Paul Collins Startup list
[ToshibaPinger]
Number=11174
Confirmed=N
Filename=pinger.exe
Description=Pinger is the resident program for Toshiba Upgrades. Periodically checks to see if there are any software/driver upgrades for your particular computer model. If it finds any, it posts a notification. Disabling instructions here
Source=Paul Collins Startup list
[TOSHIBSU]
Number=11175
Confirmed=U
Filename=Toshibsu.exe
Description=Reduces the power consumption when the laptop isn't being used to preserve battery power. Hibernate function doesn't work if this is disabled. Similar programs on other laptops reduce the processor clock rate, etc. Required if you run off battery regularly
Source=Paul Collins Startup list
[TosHKCW]
Number=11176
Confirmed=U
Filename=TosHKCW.exe
Description=Toshiba Hot Key Change/Control Wireless. Permits you to use a hot key to activate/deactivate built-in 802.11b wireless transmission on a laptop (if installed)
Source=Paul Collins Startup list
[TosMem]
Number=11177
Confirmed=Y
Filename=tosmem.exe
Description=Toshiba laptop related. Win98/Me ACPI system can not hibernate or go on standby if all of the physical memory lower than 640KB is locked. This utility allocates and locks three pages on boot and then releases them on standby/hibernation for ACPI.SYS in order to solve the above problem
Source=Paul Collins Startup list
[TosRotation]
Number=11178
Confirmed=U
Filename=TRot.exe
Description=TOSHIBA Rotation Utility - allows users to rotate a notebook's screen image 180 degrees in order to share information on the screen with others seated across a table or desk
Source=Paul Collins Startup list
[TotRecSched]
Number=11179
Confirmed=U
Filename=TotRecSched.exe
Description=Scheduler for Total Recorder - allows automatic recording of a show at a given time for later playback or you can use the scheduler as an alarm
Source=Paul Collins Startup list
[ToUcamVProperty]
Number=11180
Confirmed=Y
Filename=VProperty.exe
Description=Philips Web Camera model name pcvc740k, ToUcam driver configuration tray icon
Source=Paul Collins Startup list
[Touch Manager]
Number=11181
Confirmed=U
Filename=WinLED.exe
Description=Dell keyboard utility. Disabling can result in loss of screen saver and power saver functionality
Source=Paul Collins Startup list
[TouchED]
Number=11182
Confirmed=U
Filename=TouchED.exe
Description=TouchPad On/Off Utility on a Toshiba laptop
Source=Paul Collins Startup list
[tour]
Number=11183
Confirmed=N
Filename=regedit ..tour.reg
Description=Edits registry values to keep the WinMe tour in Task Scheduler
Source=Paul Collins Startup list
[Tour]
Number=11184
Confirmed=N
Filename=wincool.exe
Description=Component of WinME that's annoying as hell. Pop's up a prompt to play the C:\WINDOWS\Application Data\Microsoft\INTROCONTENT.HTA that plays a full screen version of the WinME product preview Windows Media video file that cannot be stopped to my knowledge until it finishes. That prompt will keep popping up after an install/reinstall of WinME until you give in and watch the thing. It also puts a task scheduler entry to run that annoying thing every 30 minutes, and don't bother deleting that entry, Windows puts it right back. Not only should you disable it from running, you should delete the thing altogether, as it, somehow can re-enable itself. Apparently you can try setting the file to read only
Source=Paul Collins Startup list
[tourpath]
Number=11185
Confirmed=N
Filename=regedit /s [path] tour.reg
Description=Edits registry values to keep the Win 2000 "tour" in Task Scheduler
Source=Paul Collins Startup list
[TP4EX]
Number=11186
Confirmed=U
Filename=tp4ex.exe
Description=Adds accessibility options for an IBM TrackPoint
Source=Paul Collins Startup list
[tp4mon]
Number=11187
Confirmed=U
Filename=tp4mon.exe
Description=Supports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to work
Source=Paul Collins Startup list
[tp4serv]
Number=11188
Confirmed=U
Filename=tp4serv.exe
Description=Supports the "pointer stick" on Thinkpads in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to work
Source=Paul Collins Startup list
[TP98TRAY]
Number=11189
Confirmed=?
Filename=TP98TRAY.EXE
Description=IBM Thinkpad related utility. What does it do and is it required?
Source=Paul Collins Startup list
[TP98UTIL]
Number=11190
Confirmed=N
Filename=TP98.EXE
Description=IBM Thinkpad feature setup & configuration utility
Source=Paul Collins Startup list
[tpcupdater]
Number=11191
Confirmed=X
Filename=updatetc.exe
Description=180Solutions adware related
Source=Paul Collins Startup list
[TpHotKey]
Number=11192
Confirmed=U
Filename=TPHKMGR.EXE
Description=Activates "ThinkPad Help" when the "Thinkpad key" is pressed on an IBM ThinkPad laptop. Also activates the audio buttons (volume up/down, mute) on models such as the Thinkpad T30
Source=Paul Collins Startup list
[TPKBDLED]
Number=11193
Confirmed=U
Filename=TpScrLk.exe
Description=IBM Thinkpad utility for displaying the Scroll Lock status on the System Tray - for Thinkpad's that don't have a Scroll Lock LED
Source=Paul Collins Startup list
[TPKMAPHELPER]
Number=11194
Confirmed=U
Filename=TpKmapAp.exe
Description=IBM Thinkpad - Keyboard Customizer Utility. Allows the user to set keyboard shortcuts, emulate such features as Windows key on laptop, can be disabled from within program, is available from Programs > Access IBM. Not required
Source=Paul Collins Startup list
[TpKmapMn]
Number=11195
Confirmed=U
Filename=TpKmapMn.exe
Description=Create Keyboard combinations for special Thinkpad buttons when using an external keyboard, e.g. "Ctrl-arrow up" for "volume up". Only required when using an external keyboard. Available via Start -> Programs
Source=Paul Collins Startup list
[tpopservice]
Number=11196
Confirmed=U
Filename=tpopservice.exe
Description=DirecWay two-way satellite internet service enhanced POP proxy server for email
Source=Paul Collins Startup list
[TPP Auto Loader]
Number=11197
Confirmed=U
Filename=Tppaldr.exe
Description=Installed with DataStor's (and some other manufacturers) USB 2.0 based external DVD, CD-ROM and CD-RW drives. System tray icon allowing the user to disconnect the external drive without an error message being displayed
Source=Paul Collins Startup list
[Tprtray]
Number=11198
Confirmed=U
Filename=Tprtray.exe
Description=Displays the Power icon in the System Tray on a Toshiba laptop
Source=Paul Collins Startup list
[TpScrLk]
Number=11199
Confirmed=U
Filename=TpScrLk.exe
Description=IBM Thinkpad utility for displaying the Scroll Lock status on the System Tray - for Thinkpad's that don't have a Scroll Lock LED
Source=Paul Collins Startup list
[TpShocks]
Number=11200
Confirmed=Y
Filename=TpShocks.exe
Description=Responsible for controlling the IBM Hard Drive Active Protection system found on newer models of IBM Thinkpads, including T41, T42, X40, R50, and R51. The Hard Drive Active Protection system is based on a technology similar to that used in automobiles to deploy airbags on contact: An accelorometer on the motherboard detects physical acceleration--such as when the notebook falls--and in response the system temporarily parks the hard drive's read/write head until stability returns
Source=Paul Collins Startup list
[TPSmain]
Number=11201
Confirmed=U
Filename=TPSMain.exe
Description=Toshiba Power Saver - associated with Toshiba laptops/desktops. Manages the power save function to make sure that the system goes to a power saver mode when not used
Source=Paul Collins Startup list
[TPSODDCtl]
Number=11202
Confirmed=Y
Filename=TPSODDCtl.exe
Description=Power saving software on Toshiba laptops
Source=Paul Collins Startup list
[TPTray]
Number=11203
Confirmed=N
Filename=TPTray.exe
Description=Touchpad configuration tray icon for Toshiba laptops. Available via Start -> Settings -> Control Panel
Source=Paul Collins Startup list
[TPTRAY]
Number=11204
Confirmed=?
Filename=TP98TRAY.EXE
Description=IBM Thinkpad related utility. What does it do and is it required?
Source=Paul Collins Startup list
[TPwrMain]
Number=11205
Confirmed=Y
Filename=TPwrMain.EXE
Description=Power management software for Toshiba laptops
Source=Paul Collins Startup list
[TPwrMgr]
Number=11206
Confirmed=?
Filename=TPwrMgr.exe
Description=Found on a Toshiba laptop. Related to power management?
Source=Paul Collins Startup list
[TPWRTRAY]
Number=11207
Confirmed=Y
Filename=Tpwrtray.exe
Description=Toshiba laptop's own Advanced Power Management system which disables Windows APM (greyed-out in Control Panel). You can't choose which of the 2 systems to use
Source=Paul Collins Startup list
[tqrecv]
Number=11208
Confirmed=U
Filename=tqrecv.exe
Description=Tellique satellite broadcast reception software
Source=Paul Collins Startup list
[Traceless]
Number=11209
Confirmed=N
Filename=launch.exe
Description=Traceless 2003 - clear your cookies, temp directories and browser history with a click of a button. It also clears the recent documents and the IE drop down auto complete box
Source=Paul Collins Startup list
[Track4WinMonitor]
Number=11210
Confirmed=U
Filename=STMonitor.exe
Description=Track4Win is a surveillance software program that takes screenshots and logs user activity such as URLs and currently running processes. It uploads the logs and screenshots to a preconfigured server. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list
[Tracker]
Number=11211
Confirmed=?
Filename=Tracker.exe
Description=Possibly associated with My Deluxe Invoices program
Source=Paul Collins Startup list
[TrackpointSrv]
Number=11212
Confirmed=U
Filename=daemon.exe
Description=Supports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to work
Source=Paul Collins Startup list
[TrackpointSrv]
Number=11213
Confirmed=U
Filename=tp4serv.exe
Description=Supports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to work
Source=Paul Collins Startup list
[TrackPointSrv]
Number=11214
Confirmed=U
Filename=tp4mon.exe
Description=Supports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to work
Source=Paul Collins Startup list
[Tracks Eraser]
Number=11215
Confirmed=U
Filename=te.exe
Description=Tracks Eraser from Acesoft - "Erases all tracks of your internet activity"
Source=Paul Collins Startup list
[Tracks Eraser Pro]
Number=11216
Confirmed=U
Filename=te.exe
Description=Tracks Eraser Pro from Acesoft - "Erases all tracks of your internet activity"
Source=Paul Collins Startup list
[tranicon]
Number=11217
Confirmed=U
Filename=tranicon.exe
Description=A Tweak-XP component (only in the registered version), makes Desktop icons transparent. Can be enabled/disabled via Tweak-XP -> System + File Tweaks -> Windows Tweaks -> Desktop Tweaks -> Make Desktop Icons Transparent
Source=Paul Collins Startup list
[Transcode360]
Number=11218
Confirmed=N
Filename=Transcode360Tray.exe
Description=Designed for WinXP Media Center Edition 2005 and the Xbox 360, Transcode360 aims to broaden the support for a wide range of video media including DivX and XviD
Source=Paul Collins Startup list
[Transparent]
Number=11219
Confirmed=U
Filename=TransparentW.exe
Description=Utility to turn desktop icon text backgrounds transparent. The last letter defines the icon text color: D= as desktop, W=white, B=black. Available from here
Source=Paul Collins Startup list
[Transparent]
Number=11220
Confirmed=U
Filename=TransparentD.exe
Description=Utility to turn desktop icon text backgrounds transparent. The last letter defines the icon text color: D= as desktop, W=white, B=black. Available from here
Source=Paul Collins Startup list
[Transparent]
Number=11221
Confirmed=U
Filename=TransparentB.exe
Description=Utility to turn desktop icon text backgrounds transparent. The last letter defines the icon text color: D= as desktop, W=white, B=black. Available from here
Source=Paul Collins Startup list
[TransparentIcons]
Number=11222
Confirmed=U
Filename=tranicon.exe
Description=A Tweak-XP component (only in the registered version), makes Desktop icons transparent. Can be enabled/disabled via Tweak-XP -> System + File Tweaks -> Windows Tweaks -> Desktop Tweaks -> Make Desktop Icons Transparent
Source=Paul Collins Startup list
[transtask]
Number=11223
Confirmed=U
Filename=transtask.exe
Description=A Tweak-XP component, makes the taskbar icons transparent
Source=Paul Collins Startup list
[Trashgrd]
Number=11224
Confirmed=U
Filename=TRASHGRD.EXE
Description=Part of McAfee Nuts & Bolts. Protects all the files you delete, even files deleted in DOS or in 16-bit Windows applications, by sending them to the Recycle Bin
Source=Paul Collins Startup list
[Tray]
Number=11225
Confirmed=X
Filename=rundll32.exe
Description=Added by the LINEAG-ADR TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in the Windows folder (98\ME) or the System32 folder(NT\2000\XP). This file is located in an "command" sub-folder
Source=Paul Collins Startup list
[Tray Pilot Lite]
Number=11226
Confirmed=U
Filename=TrayPlt.exe
Description=Tray Pilot allows you to hide the System Tray window. No longer supported by the authors
Source=Paul Collins Startup list
[Tray Temperature]
Number=11227
Confirmed=N
Filename=Weatherbug.exe
Description=Weatherbug provides current outdoor temperature in the System Tray, also weather alerts. Available via Start -> Programs
Source=Paul Collins Startup list
[Traybar]
Number=11228
Confirmed=X
Filename=lsass.exe
Description=Added by the MYDOOM.L WORM! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[traydate.exe]
Number=11229
Confirmed=U
Filename=TRAYDATE.EXE
Description=Displays the date as well as the time in the System Tray. Available from TUCOWS
Source=Paul Collins Startup list
[TrayManager]
Number=11230
Confirmed=U
Filename=Trayman.exe
Description=TrayManager hides system tray icons (FreeCell won't work when TrayMan is loaded)
Source=Paul Collins Startup list
[Traymin900]
Number=11231
Confirmed=U
Filename=Tray900.exe
Description=Related to the Philips SPC webcam - System Tray manager for Personal 900 series camera
Source=Paul Collins Startup list
[Traymon]
Number=11232
Confirmed=U
Filename=traymon.exe
Description=Netropa Internet Receiver traymonitor. Will only launch the bar if you are connected to the internet and there's new news
Source=Paul Collins Startup list
[TraySantaCruz]
Number=11233
Confirmed=N
Filename=tbctray.exe
Description=Provides quick access via a System Tray icon to the control panel for Turtle Beach's Santa Cruz or VideoLogic's SonicFury soundcards. Available via Start -> Settings -> Control Panel
Source=Paul Collins Startup list
[TrayServer]
Number=11234
Confirmed=N
Filename=TrayServer.exe
Description=For monitoring tray icons
Source=Paul Collins Startup list
[TrayX]
Number=11235
Confirmed=X
Filename=winppr32.exe
Description=Added by the SOBIG.F WORM!
Source=Paul Collins Startup list
[tray_helper]
Number=11236
Confirmed=N
Filename=tray_helper.exe
Description=Tray Helper is an Email checker with additional tools, including a popup window killer, pinger module to monitor hosts and an event reminder
Source=Paul Collins Startup list
[Trend Micro Anti-Spyware]
Number=11237
Confirmed=U
Filename=Tmas.exe
Description=Trend Micro Anti-Spyware - required when using real time monitoring
Source=Paul Collins Startup list
[Trend Micro AntiVirus 2007]
Number=11238
Confirmed=Y
Filename=tavui.exe
Description=Trend Micro AntiVirus
Source=Paul Collins Startup list
[TrendMicro Antivirus]
Number=11239
Confirmed=Y
Filename=Aveagent.exe
Description=Virus scanner
Source=Paul Collins Startup list
[TrendMicro OfficeScan NT]
Number=11240
Confirmed=Y
Filename=TMLISTEN.EXE
Description=Virus scanner
Source=Paul Collins Startup list
[Trickler]
Number=11241
Confirmed=X
Filename=[path to file]
Description=GAIN adware. Please note that Claria Corporation no longer support GAIN-Supported software - see here
Source=Paul Collins Startup list
[TridentTVIcon]
Number=11242
Confirmed=Y
Filename=tvicon.exe
Description=Trident Microsystems, Inc Display driver
Source=Paul Collins Startup list
[TridTray]
Number=11243
Confirmed=?
Filename=TridTray.exe
Description=System Tray access to Trident 4DWave soundcards?
Source=Paul Collins Startup list
[TridTray]
Number=11244
Confirmed=?
Filename=TridTray.exe
Description=System Tray access to Trident 4DWave soundcards?
Source=Paul Collins Startup list
[Trillian]
Number=11245
Confirmed=U
Filename=trillian.exe
Description=Part of Trillian IRC client
Source=Paul Collins Startup list
[trirot]
Number=11246
Confirmed=Y
Filename=trirot.exe
Description=Trident Microsystems 3D video driver
Source=Paul Collins Startup list
[TRIXX]
Number=11247
Confirmed=U
Filename=TRIXX.exe
Description=Sapphire TRIXX overclocking tool for the X800 GTO graphics card (and possiby others) - "push default clock speeds to 560MHz or better"
Source=Paul Collins Startup list
[Trojan Guarder Gold Version]
Number=11248
Confirmed=N
Filename=Trojan Guarder.exe
Description=TrojanGuarder is a security risk that may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported threats
Source=Paul Collins Startup list
[Trojancheck 6 Guard]
Number=11249
Confirmed=U
Filename=tcguard.exe
Description=TrojanCheck anti-trojan software
Source=Paul Collins Startup list
[TrojanScanner]
Number=11250
Confirmed=U
Filename=Trjscan.exe
Description=Trojan Remover from Simply Super Software. Scans for an removes trojan viruses where anti-virus software may have not detected or removed
Source=Paul Collins Startup list
[TrojanShield]
Number=11251
Confirmed=U
Filename=Init.exe
Description=TrojanShield
Source=Paul Collins Startup list
[TrojanShield Protector]
Number=11252
Confirmed=U
Filename=Port.exe
Description=TrojanShield anti-hacker/anti-trojan software
Source=Paul Collins Startup list
[True Internet Color Icon]
Number=11253
Confirmed=U
Filename=internetcolor.exe
Description=Now superseeded by ColorWizzard. Was part of 3Deep. "With True Internet Color PCs can display the best color possible over the web. Enabled web sites will know how connected monitors display color and will send them color corrected images"
Source=Paul Collins Startup list
[TrueCrypt]
Number=11254
Confirmed=U
Filename=TrueCrypt.exe
Description=TrueCrypt is a free open-source disk encryption software for Windows XP/2K/2003 and Linux. This the Truecrypt background task that enables some background function of truetyp: Hot-keys, autodismount, etc
Source=Paul Collins Startup list
[TrueFonts]
Number=11255
Confirmed=X
Filename=fonts.hta
Description=Browser hijacker - redirecting to Hugesearch.net
Source=Paul Collins Startup list
[TrueImageMonitor.exe]
Number=11256
Confirmed=N
Filename=TrueImageMonitor.exe
Description=Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage
Source=Paul Collins Startup list
[TrueSync Launcher]
Number=11257
Confirmed=N
Filename=tstool.exe
Description=Starfish TrueSync - for synchronization between Windows platforms and popular devices, applications and services. Stafish became Intellisync which was acquired by Nokia and is now no longer supported
Source=Paul Collins Startup list
[truetype]
Number=11258
Confirmed=X
Filename=truetype.exe
Description=Added by the COSIAM-I TROJAN!
Source=Paul Collins Startup list
[TrueVector]
Number=11259
Confirmed=Y
Filename=VSMON.EXE
Description=Even if you don't have ZoneAlarm or ZoneAlarm Pro run at start-up you do need this
Source=Paul Collins Startup list
[Trust Cleaner]
Number=11260
Confirmed=X
Filename=TrustCleaner.exe
Description=Smitfraud variant
Source=Paul Collins Startup list
[TrustIn Popups]
Number=11261
Confirmed=X
Filename=TrustInPopups.exe
Description=TrustInPopups adware
Source=Paul Collins Startup list
[trustras.exe]
Number=11262
Confirmed=?
Filename=trustras.exe
Description=Trust ADSL modem related. Is it required?
Source=Paul Collins Startup list
[TrustyHound-TS]
Number=11263
Confirmed=X
Filename=TrustyHound-TS.exe
Description=TrustyHound spyware
Source=Paul Collins Startup list
[tsa]
Number=11264
Confirmed=X
Filename=tsm.exe
Description=TargetSaver adware
Source=Paul Collins Startup list
[Tsa2]
Number=11265
Confirmed=X
Filename=tsm2.exe
Description=TargetSaver adware
Source=Paul Collins Startup list
[TsAdbot]
Number=11266
Confirmed=X
Filename=TSADBOT.EXE
Description=TimeSink Add Client - advertising spyware
Source=Paul Collins Startup list
[TSBxLogon]
Number=11267
Confirmed=?
Filename=TMESBS2.EXE
Description=Found on a Toshiba laptop. May be related to TMESBS?
Source=Paul Collins Startup list
[TSE_PLUtil]
Number=11268
Confirmed=U
Filename=PLBkMon.exe
Description=Prolific USB Flash Disk Log On Application
Source=Paul Collins Startup list
[Tsk Mng Hlp]
Number=11269
Confirmed=X
Filename=wins32.exe
Description=Added by the AGOBOT-JB WORM!
Source=Paul Collins Startup list
[tskdbg]
Number=11270
Confirmed=X
Filename=tskdbg.exe
Description=Added by the FLOOD.E TROJAN!
Source=Paul Collins Startup list
[Tsklist]
Number=11271
Confirmed=X
Filename=tsklist32.exe
Description=Added by the BANCOS.SP TROJAN as reported by Kaspersky
Source=Paul Collins Startup list
[TSkrMain]
Number=11272
Confirmed=U
Filename=TSkrMain.exe
Description=TOSHIBA Accelerometer Utilities - hardware utilities that work with the motion sensors built into their Tablet PCs. Detect the way you are holding it at any given moment, you can set the machine to perform a specific function when the unit is quickly tilted to the left or right, or to the front or back and you can also take control of the cursor in some applications and make it move by leaning the PC in a certain direction
Source=Paul Collins Startup list
[Tsl]
Number=11273
Confirmed=X
Filename=tsl.exe
Description=Uploader-R adware
Source=Paul Collins Startup list
[Tsl2]
Number=11274
Confirmed=X
Filename=tsl2.exe
Description=TargetSaver adware
Source=Paul Collins Startup list
[TSMsger]
Number=11275
Confirmed=N
Filename=TSMsger.exe
Description=Epson scannner software - required for "one-touch" operation. Can be launched manually
Source=Paul Collins Startup list
[tsnp2std]
Number=11276
Confirmed=N
Filename=tsnp2std.exe
Description=Digital camera related
Source=Paul Collins Startup list
[TSPower]
Number=11277
Confirmed=?
Filename=spower.drv
Description=Found on a Toshiba laptop. Related to power management?
Source=Paul Collins Startup list
[tsrv]
Number=11278
Confirmed=X
Filename=t2serv.exe
Description=Added by the WAREZOV.AT WORM!
Source=Paul Collins Startup list
[tsrv]
Number=11279
Confirmed=X
Filename=tsrv.exe
Description=Added by the WAREZOV.W WORM!
Source=Paul Collins Startup list
[TSService]
Number=11280
Confirmed=?
Filename=NSSERVICE.EXE
Description=??
Source=Paul Collins Startup list
[tsvcin]
Number=11281
Confirmed=X
Filename=n20050308.exe
Description=Delfin Media Viewer adware related
Source=Paul Collins Startup list
[tsyssmon]
Number=11282
Confirmed=?
Filename=tsyssmon.exe
Description=Found in a Toshibasysstability directory
Source=Paul Collins Startup list
[TSystem]
Number=11283
Confirmed=X
Filename=[trojan filename]
Description=Added by the NSYS-A TROJAN!
Source=Paul Collins Startup list
[ttaa]
Number=11284
Confirmed=X
Filename=tata.exe
Description=Added by the LINEAGE-T TROJAN!
Source=Paul Collins Startup list
[ttasq]
Number=11285
Confirmed=?
Filename=ttasq.exe
Description=??
Source=Paul Collins Startup list
[ttool]
Number=11286
Confirmed=X
Filename=scvc.exe
Description=Added by the OWM TROJAN!
Source=Paul Collins Startup list
[TTrayp]
Number=11287
Confirmed=N
Filename=VTtrayp.exe
Description=Part of S3 Graphics Controllers - S3 Screentoys Helper
Source=Paul Collins Startup list
[TTS Sync]
Number=11288
Confirmed=X
Filename=testtts.exe
Description=Added by the SDBOT.BVA WORM!
Source=Paul Collins Startup list
[Ttt]
Number=11289
Confirmed=X
Filename=Ttt.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[ttupt]
Number=11290
Confirmed=X
Filename=ttupt.exe
Description=eZula TopText adware
Source=Paul Collins Startup list
[Tukati]
Number=11291
Confirmed=?
Filename=TukatiRedistributor.exe
Description=Tukati Digital Content Distribution. Is it required?
Source=Paul Collins Startup list
[tunebite]
Number=11292
Confirmed=N
Filename=tunebite.exe
Description="Tunebite lets you make unprotected copies of copy-protected music files by recording them while they are being played". Can be launched from it's Start Menu shortcut
Source=Paul Collins Startup list
[TuneUp MemOptimizer]
Number=11293
Confirmed=U
Filename=memoptimizer.exe
Description=Part of "TuneUp Utilities", specifically 2003 version. "Monitors and optimizes free memory in the background." Basically, it cleans RAM and also allows you to clear the clipboard
Source=Paul Collins Startup list
[TurBo]
Number=11294
Confirmed=X
Filename=System.Trubo.vbs
Description=Added by the AUTOM-C WORM!
Source=Paul Collins Startup list
[TurboExplorer]
Number=11295
Confirmed=U
Filename=TE.exe
Description=Web accelerator - "TurboExplorer 2.x is a real-time web surfing accelerator specifically designed for Internet Explorer 4/5 to achieve a faster and more effective approach to the internet". Only needed if you find it improves web browsing
Source=Paul Collins Startup list
[TurboLaunch]
Number=11296
Confirmed=U
Filename=Tlaunch.exe
Description=TurboLaunch is a tool-bar style application that can be set up to run many programs and perform certain pre-programmed actions
Source=Paul Collins Startup list
[TurboMemoryCharger]
Number=11297
Confirmed=U
Filename=turbomemorycharger.exe
Description=Turbo Memory Charger - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind
Source=Paul Collins Startup list
[TurboNote]
Number=11298
Confirmed=N
Filename=tbnote.exe
Description=Post-It's on your desktop. Available via Start -> Programs
Source=Paul Collins Startup list
[TurboTop]
Number=11299
Confirmed=U
Filename=TurboTop.exe
Description=TurboTop - make any window "Always on top"
Source=Paul Collins Startup list
[TURXP Protocol]
Number=11300
Confirmed=X
Filename=sps32.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[tutcdchk2]
Number=11301
Confirmed=X
Filename=tutcdchk2.exe
Description=Added by the VXGAME TROJAN!
Source=Paul Collins Startup list
[TV Media]
Number=11302
Confirmed=X
Filename=Tvm.exe
Description=CleverIEHooker hijacker variant
Source=Paul Collins Startup list
[TV Scheduler]
Number=11303
Confirmed=U
Filename=TVSCHL.EXE
Description=ProLink PlayTVpro TV tuner software scheduler
Source=Paul Collins Startup list
[TV878 Remote Control]
Number=11304
Confirmed=U
Filename=C7XRCtl.exe
Description=Related to Kworld TV878 Tuner
Source=Paul Collins Startup list
[TVMD]
Number=11305
Confirmed=X
Filename=tvmd.exe
Description=Total Velocity - "Secure commerce company that enables the 'checkout' process for our customers in order to safely and securely purchase our award winning software". Autointsalling spyware
Source=Paul Collins Startup list
[TvNow]
Number=11306
Confirmed=U
Filename=TvNow.exe
Description=Application supplied with HP notebooks. It activates the S-Video port and is said to improve the quality of the output signal (resolution/timeouts)
Source=Paul Collins Startup list
[TvrRemote]
Number=11307
Confirmed=U
Filename=Remote.exe
Description=Remote Control driver for LifeView internal and external TV products
Source=Paul Collins Startup list
[TvrSchedule]
Number=11308
Confirmed=U
Filename=Schedule.exe
Description=Scheduler for Mercury Ez View TV Tuner Card
Source=Paul Collins Startup list
[Tvs]
Number=11309
Confirmed=N
Filename=TvsTray.exe
Description=Toshiba Virtual Sound on a notebook. Allows you to change sound settings on the fly - default setting is "build-in speaker". You can also select external speaker, open type headphone, or closed type headphone. Each setting has presets for Bass, Stereo, and Clarity - which can also be changed by user if desired. Can also be launched from Start -> Programs -> Toshiba -> Utilities
Source=Paul Collins Startup list
[tvs_b]
Number=11310
Confirmed=X
Filename=tvs_b.exe
Description=BroadcastPC adware variant
Source=Paul Collins Startup list
[tvs_b]
Number=11311
Confirmed=X
Filename=tvs_ln.exe
Description=BroadcastPC adware variant
Source=Paul Collins Startup list
[tvs_re]
Number=11312
Confirmed=X
Filename=tvs_re_inst.exe
Description=BroadcastPC adware variant
Source=Paul Collins Startup list
[TVTMD]
Number=11313
Confirmed=X
Filename=TVTMD.EXE
Description=Total Velocity variant - autoinstalling spyware
Source=Paul Collins Startup list
[TVTunerLib]
Number=11314
Confirmed=U
Filename=TVTLInstTool.exe
Description=Related to Sony installer tool for Sony TV tuner library
Source=Paul Collins Startup list
[TVWakeup]
Number=11315
Confirmed=N
Filename=tvwakeup.exe
Description=MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it
Source=Paul Collins Startup list
[Tvwatch]
Number=11316
Confirmed=?
Filename=tvwatch.exe
Description=Associated with the TV-oOut option on Asus AGP or Intel graphics cards. Is it required?
Source=Paul Collins Startup list
[Twain image]
Number=11317
Confirmed=X
Filename=mmp32.exe
Description=DailyWinner adware
Source=Paul Collins Startup list
[TWarmBay]
Number=11318
Confirmed=?
Filename=N/A
Description=Found on a Toshiba laptop. Related to hotswap bay management?
Source=Paul Collins Startup list
[TWarnMsg]
Number=11319
Confirmed=U
Filename=twarnmsg.exe
Description=Toshiba System Warning Function for Windows 98, Me, 2000 - provides notification dialog when the cooling fan stops
Source=Paul Collins Startup list
[TWBbtn]
Number=11320
Confirmed=?
Filename=N/A
Description=Found on a Toshiba laptop
Source=Paul Collins Startup list
[TWBrowse]
Number=11321
Confirmed=?
Filename=TWBrowse.drv
Description=Found on a Toshiba laptop. Possibly related to TWAIN drivers (ie, scanners, etc) - see this?
Source=Paul Collins Startup list
[Tweak Manager]
Number=11322
Confirmed=?
Filename=WinManager.Exe
Description=WinGuides Tweak Manager. Is this required for the live updates feature and/or if settings are changed?
Source=Paul Collins Startup list
[Tweak UI]
Number=11323
Confirmed=U
Filename=rundll32.exe tweakui.cpl, tweakmeup
Description=Restores settings that can't be retained if you have Microsoft's Tweak UI "powertoy" installed
Source=Paul Collins Startup list
[Tweak UI]
Number=11324
Confirmed=U
Filename=rundll32.exe tweakui.cpl, tweaklogon
Description=Automatically logs you on if you have Microsoft's Tweak UI "powertoy" installed
Source=Paul Collins Startup list
[Tweak UI]
Number=11325
Confirmed=X
Filename=RunDLL32 tweakUI.DLL, TWEAKUI /tweakmeup
Description=Added by the SUBWOOFER TROJAN! Note - the real Tweak UI entry for this is "rundll32.exe tweakui.cpl, tweakmeup"
Source=Paul Collins Startup list
[Tweak UI 1.33 deutsch]
Number=11326
Confirmed=U
Filename=RUNDLL32.EXE TWEAKUI.CPL, TweakMeUp
Description=Restores settings that can't be retained if you have Microsoft's Tweak UI "powertoy" installed - German version
Source=Paul Collins Startup list
[Tweak-Me]
Number=11327
Confirmed=U
Filename=TWEAK-ME.exe
Description=3rd party version of Miscrosoft'sTweak UI "powertoy" with many more options and controls (plus full support), designed specifically to take advantage of features in WinMe/2K and above, available from here
Source=Paul Collins Startup list
[Tweak-xp]
Number=11328
Confirmed=U
Filename=Tweak-xp.exe
Description=Main program for Tweak-XP - a WinXP tweaking utility
Source=Paul Collins Startup list
[TweakDUN]
Number=11329
Confirmed=U
Filename=tweakdun.exe
Description=Utility to optimize your Internet Browser Software. TweakDUN promotes faster Internet data transfer rates and faster downloads by eliminating fragmentation of data packets
Source=Paul Collins Startup list
[Tweaki4PU]
Number=11330
Confirmed=U
Filename=twksup.exe
Description="Tweaki puts several Windows utilities into one easy to use program while adding hundreds of additional tweaks not found in other system tweakers"
Source=Paul Collins Startup list
[tweakico]
Number=11331
Confirmed=?
Filename=tweakico.exe
Description=May be a HP program to control their icons?
Source=Paul Collins Startup list
[TweakMASTER]
Number=11332
Confirmed=U
Filename=TMTray.exe
Description=TweakMASTER Internet Optimizer
Source=Paul Collins Startup list
[TweakYC]
Number=11333
Confirmed=?
Filename=TweakYC.exe
Description=VideoMate TV tuner and capture card related - what does it do and is it required?
Source=Paul Collins Startup list
[twister]
Number=11334
Confirmed=U
Filename=twister.exe
Description=Twister "AntiTrojanVirus"
Source=Paul Collins Startup list
[TwkSCardSrv]
Number=11335
Confirmed=N
Filename=SCardS32.Exe
Description=Used with Towitoko SmartCard Readers for card recognition
Source=Paul Collins Startup list
[twunk service]
Number=11336
Confirmed=X
Filename=twunk16.exe
Description=Added by the RBOT.BAT WORM!
Source=Paul Collins Startup list
[twunk_32]
Number=11337
Confirmed=X
Filename=twunk_32.exe
Description=Added by the BLACKMAL.C WORM! Note - this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
Source=Paul Collins Startup list
[Twunk_64]
Number=11338
Confirmed=X
Filename=twunk_64.exe
Description=System1060 homepage hi-jacker. Note - this is not a Windows file and is found in a WindowsSystem1060 directory
Source=Paul Collins Startup list
[tyack drive]
Number=11339
Confirmed=X
Filename=tyack.pif
Description=Added by the RBOT-AMT WORM!
Source=Paul Collins Startup list
[type32]
Number=11340
Confirmed=N
Filename=type32.exe
Description=For MS programmable keyboards. If you disable Intellitype in Startup, any "Hot Keys" that are changed by the user to perform functions other than default settings, defer back to their default settings. Not required unless you have changed them
Source=Paul Collins Startup list
[TypingSatellite]
Number=11341
Confirmed=N
Filename=KBOOST.exe
Description=Typing Master 2002 background utility that collects typing errors and builds up customised typing lessons for your needs. Available via Start -> Programs
Source=Paul Collins Startup list
[U.S.Robotics WLAN Adapter Configuration Utility]
Number=11342
Confirmed=U
Filename=USRWLAN.exe
Description=U.S.Robotics LAN Adapter - wireless LAN (WLAN) configuration utility
Source=Paul Collins Startup list
[Uate]
Number=11343
Confirmed=X
Filename=oocs.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[UBSShell]
Number=11344
Confirmed=U
Filename=UBSShell.exe
Description=UBS (United Bank of Switzerland) banking software
Source=Paul Collins Startup list
[UCmd]
Number=11345
Confirmed=X
Filename=fallfour.exe
Description=Added by the SDBOT-AZA WORM!
Source=Paul Collins Startup list
[UCmore XP - The Search Accelerator]
Number=11346
Confirmed=U
Filename=rundll32.exe UCMTSAIE.dll, DllShowTB
Description=UCmore toolbar - search accelerator
Source=Paul Collins Startup list
[UC_SMB]
Number=11347
Confirmed=N
Filename=ucstart.exe
Description=Part of IBM Update connector on IBM PCs for updating drivers on a new installation. Once you manually run the IBM Update connector program (shortcut) this entry is removed
Source=Paul Collins Startup list
[uc_start]
Number=11348
Confirmed=N
Filename=ucstartup.exe
Description=Auto updater feature for IBM machines that tries to connect to IBM to see if there are any new drivers, patches and etc
Source=Paul Collins Startup list
[UD Agent]
Number=11349
Confirmed=U
Filename=UD.EXE
Description=The United Devices Agent can recycle your PC's unused resources and use them to perform valuable scientific and medical research without disturbing your usual computer use - similar to SETI@home but for medical research. Available via Start > Programs
Source=Paul Collins Startup list
[UDC6cw]
Number=11350
Confirmed=N
Filename=UDC6cw.exe
Description=DriveCleaner is a security assesment tool which gives exaggerated reports of security and privacy risks on a computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported risks
Source=Paul Collins Startup list
[udzok]
Number=11351
Confirmed=X
Filename=udzou.exe
Description=Added by the SDBOT-CUS WORM!
Source=Paul Collins Startup list
[Ueproc32]
Number=11352
Confirmed=U
Filename=UEPROC32.exe
Description=Part of Norton Utilities - most likely associated with the Unerase Wizard in older versions
Source=Paul Collins Startup list
[UFD Monitor9382]
Number=11353
Confirmed=X
Filename=ufdlmon.exe
Description=Part of USB Flashdisk software - what does it do and is it required?
Source=Paul Collins Startup list
[UFD Utility9382]
Number=11354
Confirmed=?
Filename=UFDTool.exe
Description=Part of USB Flashdisk software - what does it do and is it required?
Source=Paul Collins Startup list
[ugon]
Number=11355
Confirmed=?
Filename=aockstrs.exe
Description=??
Source=Paul Collins Startup list
[uhvjsul.dll]
Number=11356
Confirmed=X
Filename=[path] rundll32.exe [path] uhvjsul.dll, mrpmvyf
Description=Added by the BUSKY-G TROJAN!
Source=Paul Collins Startup list
[Uidler]
Number=11357
Confirmed=N
Filename=Uidler.exe
Description=Uniloc Titlewave Browser used with some shareware
Source=Paul Collins Startup list
[UIWatcher]
Number=11358
Confirmed=N
Filename=UIWatcher.exe
Description=Ashampoo's Uninstaller Suite - installation watcher. Available via Start -> Programs
Source=Paul Collins Startup list
[ujm]
Number=11359
Confirmed=U
Filename=nm32.exe
Description=Stranget keystroke logger/monitoring program - remove unless you installed it yourself! Found in an "fyt" subfolder of the Windows or Winnt folder
Source=Paul Collins Startup list
[UKVideo2]
Number=11360
Confirmed=X
Filename=ukvideo2.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[Ulead AutoDetector v2]
Number=11361
Confirmed=?
Filename=monitor.exe
Description=Related to Ulead Systems Inc.. What does it do and is it required?
Source=Paul Collins Startup list
[Ulead Photo Express x.0 Calendar]
Number=11362
Confirmed=N
Filename=calcheck.exe
Description=Ulead Calendar Checker - part of Ulead Photo Express, where "x" represents the version number. Automatically replaces your calendar desktop wallpaper on a weekly/monthly/yearly basis if you've created them. Not required - change them manually
Source=Paul Collins Startup list
[Ultimate Cleaner]
Number=11363
Confirmed=N
Filename=App.exe
Description=Ultimate Cleaner spyware remover - not recommended, see here
Source=Paul Collins Startup list
[UltimateBuddy]
Number=11364
Confirmed=X
Filename=UltimateBuddy.exe
Description=UltimateBuddy - installs malware, or is bundled with malware
Source=Paul Collins Startup list
[UltimateZip Quick Start]
Number=11365
Confirmed=N
Filename=uzqkst.exe
Description=UltimateZip - file compression utility
Source=Paul Collins Startup list
[Ultra Hal Assistant 4.5 Startup]
Number=11366
Confirmed=N
Filename=HalAsst.exe
Description=Zabaware Ultra Hal Assistant - artificial intelligence conversation simulator. It is capable of being your digital secretary and companion
Source=Paul Collins Startup list
[UltraDVDMon]
Number=11367
Confirmed=?
Filename=DVDMon.exe
Description=UltraDVD DVD player software - is it required?
Source=Paul Collins Startup list
[Ulubione]
Number=11368
Confirmed=X
Filename=sys****.exe
Description=Ulubione adware
Source=Paul Collins Startup list
[UMAX VistaAccess]
Number=11369
Confirmed=N
Filename=vsaccess.exe
Description=VistaAccess gives you quick and easy access to scanning functions right from your desktop
Source=Paul Collins Startup list
[UMonit]
Number=11370
Confirmed=U
Filename=umonit.exe
Description=Alerts when USB device is plugged in
Source=Paul Collins Startup list
[umxagent]
Number=11371
Confirmed=Y
Filename=umxagent.exe
Description=Tiny Personal Firewall V4 - main engine
Source=Paul Collins Startup list
[umxldra]
Number=11372
Confirmed=Y
Filename=umxldra.exe
Description=User mode executive module DLL loader - part of Tiny Personal Firewall V4
Source=Paul Collins Startup list
[UMXLDRW]
Number=11373
Confirmed=Y
Filename=UMXLDRW.exe
Description=Tiny Personal Firewall (pre V4)
Source=Paul Collins Startup list
[un32info]
Number=11374
Confirmed=X
Filename=un32info.Exe
Description=Added by the CRYPTER.A TROJAN!
Source=Paul Collins Startup list
[UNERI]
Number=11375
Confirmed=X
Filename=yujixit.exe
Description=Added by the SDBOT.BOO WORM!
Source=Paul Collins Startup list
[UnHackMe Monitor]
Number=11376
Confirmed=U
Filename=hackmon.exe
Description=UnHackMe allows you to detect and remove a new generation of 'invisible' Trojan programs called "rootkits"
Source=Paul Collins Startup list
[Uniblue Quick Access]
Number=11377
Confirmed=U
Filename=qaccess.exe
Description=Quick Access application from UniBlue Systems Ltd - "helps you account for all processes on your computer by providing an additional plug-in for the Windows task manager"
Source=Paul Collins Startup list
[Uniblue Registry Booster]
Number=11378
Confirmed=U
Filename=RegistryBooster.exe
Description=Uniblue "Registry Booster is the safest and most trusted solution to clean and optimise your system, free it from registry errors and fragmented entries"
Source=Paul Collins Startup list
[Uniblue SpyEraser]
Number=11379
Confirmed=U
Filename=spyeraser.exe
Description=SpyEraser from Uniblue. Spyware detection program
Source=Paul Collins Startup list
[uninstal]
Number=11380
Confirmed=X
Filename=regsvr32 image.dll
Description=CoolWebSearch parasite variant
Source=Paul Collins Startup list
[Uninstall****]
Number=11381
Confirmed=X
Filename=upd.exe
Description=Adult content based screen saver where **** can be any number
Source=Paul Collins Startup list
[UninstallAbility]
Number=11382
Confirmed=N
Filename=uability.exe
Description=UninstallAbility free uninstaller
Source=Paul Collins Startup list
[UninstallHL]
Number=11383
Confirmed=X
Filename=PreUninstallHL.exe
Description=LinkReplacer/FFinder adware
Source=Paul Collins Startup list
[UninstallQL]
Number=11384
Confirmed=X
Filename=PreUninstallQL.exe
Description=LinkReplacer/FFinder adware
Source=Paul Collins Startup list
[Uninstall_TBPS]
Number=11385
Confirmed=X
Filename=TBuninst.exe
Description=WebSearch Toolbar - HuntBar hijacker, toolbar installer variant
Source=Paul Collins Startup list
[UniPrint]
Number=11386
Confirmed=U
Filename=SetDfltSettings.exe
Description=Drivers for Uniprint, a printing help for Terminal Services and Citrix which recieves downloaded files from a Uniprint enabled server and prints them locally allowing for truly universal printing through Terminal Services or Citrix
Source=Paul Collins Startup list
[UniSc]
Number=11387
Confirmed=U
Filename=Unisc.exe
Description=McAfee UnInstaller
Source=Paul Collins Startup list
[uniucu]
Number=11388
Confirmed=?
Filename=uniucu.exe
Description=??
Source=Paul Collins Startup list
[Universal USB Service]
Number=11389
Confirmed=X
Filename=svchost32.exe
Description=Added by the KELVIR.R WORM!
Source=Paul Collins Startup list
[Unix File Support]
Number=11390
Confirmed=X
Filename=init3.exe
Description=Added by the RBOT-ZN WORM!
Source=Paul Collins Startup list
[unldr16]
Number=11391
Confirmed=X
Filename=unldr16.exe
Description=Added by a variant of the CRYPTER.C TROJAN!
Source=Paul Collins Startup list
[unldr32]
Number=11392
Confirmed=X
Filename=unldr32.exe
Description=Added by a variant of the CRYPTER.C TROJAN!
Source=Paul Collins Startup list
[UnlockerAssistant]
Number=11393
Confirmed=U
Filename=UnlockerAssistant.exe
Description=Related to Unlocker utility to unlock files when the OS reports the file is being used by an other person or program
Source=Paul Collins Startup list
[UnSpyPC]
Number=11394
Confirmed=N
Filename=UnSpyPC.exe
Description=Spyware remover - not recommended, see here
Source=Paul Collins Startup list
[untray]
Number=11395
Confirmed=Y
Filename=untray.exe
Description=Command Antivirus related
Source=Paul Collins Startup list
[uoltray]
Number=11396
Confirmed=N
Filename=exec.exe
Description=Netzero free ISP software - not required
Source=Paul Collins Startup list
[Up Service]
Number=11397
Confirmed=X
Filename=up32.pif
Description=Added by the RBOT-ARI WORM!
Source=Paul Collins Startup list
[UpConfgVer]
Number=11398
Confirmed=N
Filename=UpgConf.exe
Description=Panda Antivirus Platinum. Purpose unclear, but according to Panda Software not required for the AV to function
Source=Paul Collins Startup list
[Updade Windows]
Number=11399
Confirmed=X
Filename=winlogom.exe
Description=Added by the TONAX-A TROJAN!
Source=Paul Collins Startup list
[UpData]
Number=11400
Confirmed=X
Filename=wupdata.exe
Description=Added by the IRCBOT-AA TROJAN!
Source=Paul Collins Startup list
[Update]
Number=11401
Confirmed=X
Filename=[original file path]
Description=Added by the LYNDEGG WORM!
Source=Paul Collins Startup list
[Update]
Number=11402
Confirmed=X
Filename=CDUpdater.exe
Description="Carpe Diem" adult premium rate dialler related
Source=Paul Collins Startup list
[Update]
Number=11403
Confirmed=X
Filename=Sysupd.exe
Description=Added by the SLACKBOT VIRUS!
Source=Paul Collins Startup list
[Update]
Number=11404
Confirmed=X
Filename=Zupdate.exe
Description=Associated with B3d Projector foistware - see here
Source=Paul Collins Startup list
[Update]
Number=11405
Confirmed=X
Filename=mshtm.exe
Description=Browser hijacker - redirecting to buldog-search.com
Source=Paul Collins Startup list
[Update]
Number=11406
Confirmed=X
Filename=UPDATE-28062004.exe[25 blank spaces].vbs
Description=Added by the MIDFIN WORM!
Source=Paul Collins Startup list
[update]
Number=11407
Confirmed=X
Filename=winis.exe
Description=Added by the RBOT-VD WORM!
Source=Paul Collins Startup list
[update]
Number=11408
Confirmed=X
Filename=r00t.exe
Description=Added by the RBOT-ACO WORM!
Source=Paul Collins Startup list
[UPDATE]
Number=11409
Confirmed=X
Filename=WinUpdater5.0.vbs
Description=Added by the GORMLEZ-A WORM!
Source=Paul Collins Startup list
[UpDate]
Number=11410
Confirmed=X
Filename=RAuth.exe
Description=Added by the DLOADER-UL TROJAN!
Source=Paul Collins Startup list
[Update]
Number=11411
Confirmed=X
Filename=csrss.exe
Description=Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[Update]
Number=11412
Confirmed=X
Filename=csrss.exe
Description=Added by the MEHEERWAR TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in a "winupdate" subfolder
Source=Paul Collins Startup list
[Update]
Number=11413
Confirmed=X
Filename=lsass.exe
Description=Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[Update]
Number=11414
Confirmed=X
Filename=svchost.exe
Description=Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[Update]
Number=11415
Confirmed=X
Filename=Update.exe
Description=QuickButton adware
Source=Paul Collins Startup list
[Update]
Number=11416
Confirmed=X
Filename=hanz.exe
Description=Added by a variant of the RBOT-GLJ WORM!
Source=Paul Collins Startup list
[Update Checker]
Number=11417
Confirmed=X
Filename=winlog.exe
Description=Added by the IRCBOT-TJ TROJAN!
Source=Paul Collins Startup list
[Update Checker]
Number=11418
Confirmed=X
Filename=scvhost.exe
Description=Added by the AGENT-DSF TROJAN!
Source=Paul Collins Startup list
[Update for Windows]
Number=11419
Confirmed=X
Filename=[various filenames]
Description=Added by the LERPA-A WORM! Note - the file name will be one of the following common.exe, common.pif, common.scr, Sexo.exe, Sexo.jpg.pif, ini_file__.pif, load_me__.tmp, msfile.pif, system_load_.pif or zipped.rar.pif
Source=Paul Collins Startup list
[Update for Works]
Number=11420
Confirmed=?
Filename=MSWkstz.exe
Description=Maybe related to later versions of MS Works?
Source=Paul Collins Startup list
[Update Grokster]
Number=11421
Confirmed=N
Filename=WiseUpdt.exe
Description=Automatically updates the Grokster file sharing software. Beware of adware and spyware when using this type of program, for instance, Grokster contains CyDoor
Source=Paul Collins Startup list
[Update Install]
Number=11422
Confirmed=X
Filename=Schost.exe
Description=Added by the GAOBOT.AO WORM!
Source=Paul Collins Startup list
[Update local]
Number=11423
Confirmed=?
Filename=SetCPQLC.exe
Description=Running on a Compaq desktop. Any ideas?
Source=Paul Collins Startup list
[Update Manager]
Number=11424
Confirmed=N
Filename=UpdateManager.exe
Description=Searches for updates for the Rogers Yahoo! Browser - can be run manually
Source=Paul Collins Startup list
[update run dos]
Number=11425
Confirmed=X
Filename=logon.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Update Run MSword]
Number=11426
Confirmed=X
Filename=LOGON.EXE
Description=Added by the RBOT.TY WORM!
Source=Paul Collins Startup list
[Update Service]
Number=11427
Confirmed=Y
Filename=Update.exe
Description=Loaded by Handybits programs such as EasyCrypto. Re-instates itself every time the program is run so best to leave it enabled. Prevent it dialling out via a firewall
Source=Paul Collins Startup list
[update service]
Number=11428
Confirmed=X
Filename=svxhost.exe
Description=Added by the RBOT-MG WORM!
Source=Paul Collins Startup list
[Update Service]
Number=11429
Confirmed=X
Filename=winu32.exe
Description=Added by the RBOT-MG WORM!
Source=Paul Collins Startup list
[update service]
Number=11430
Confirmed=X
Filename=winx.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Update TUT]
Number=11431
Confirmed=?
Filename=WiseUpdt.exe
Description=??
Source=Paul Collins Startup list
[Update ver 1.0]
Number=11432
Confirmed=X
Filename=Swap.exe
Description=Added by the SWAP-C WORM!
Source=Paul Collins Startup list
[Update Windows]
Number=11433
Confirmed=X
Filename=EXPLORE.EXE
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Update Windows]
Number=11434
Confirmed=X
Filename=EXPLORE.EXE
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Update.exe]
Number=11435
Confirmed=X
Filename=ravseuper.exe
Description=Added by the QQPASS-P TROJAN!
Source=Paul Collins Startup list
[Update32]
Number=11436
Confirmed=X
Filename=configs.exe
Description=Hijacker, also detected as the QURL-2 TROJAN!
Source=Paul Collins Startup list
[UpdateCheck]
Number=11437
Confirmed=X
Filename=winstall.exe
Description=Added by the SPYBOT-CY WORM!
Source=Paul Collins Startup list
[UpdateComponent]
Number=11438
Confirmed=X
Filename=CNF UPD.EXE
Description=Added by the SPYBOT.GEN VIRUS!
Source=Paul Collins Startup list
[UpdateFW]
Number=11439
Confirmed=?
Filename=fwdload.exe
Description=Appears to be firmware update software for a Network Associates ATMbook OC-3 SMF Interface Module?
Source=Paul Collins Startup list
[UPDATEHOOK]
Number=11440
Confirmed=?
Filename=Rundll32.exe
Description=??
Source=Paul Collins Startup list
[updatelavasoft]
Number=11441
Confirmed=X
Filename=updatelavasoft.exe
Description=CoolWebSearch parasite variant - redirecting to lalasearch.com
Source=Paul Collins Startup list
[UpdateManager]
Number=11442
Confirmed=U
Filename=sgtray.exe
Description=StorageGuard from Veritas (this version by Sonic). Free utility that integrates with Backup MyPC (formerly Backup Exec Desktop), Simple Backup and MS Backup. Provides system tray access and background monitoring - warning you of files that haven't recently been backed up. Required unless you backup manually on a regular basis or have scheduled backups
Source=Paul Collins Startup list
[UpdateMedia]
Number=11443
Confirmed=X
Filename=UpdateMedia.exe
Description=MediaUpdate foistware
Source=Paul Collins Startup list
[UpdateMgr]
Number=11444
Confirmed=X
Filename=updmgr.exe
Description=Added by the SouthBeachTel premium rate adult content dialer
Source=Paul Collins Startup list
[updateMgr]
Number=11445
Confirmed=N
Filename=AdobeUpdateManager.exe
Description=Automatic updates for the Adobe Reader file viewer
Source=Paul Collins Startup list
[updatemgr.exe]
Number=11446
Confirmed=N
Filename=updatemgr.exe
Description=Once a month, your EarthLink 5.0 Update Manager contacts EarthLink's servers to check for software updates. If an update is available for your EarthLink software, Update Manager will inform you and, with your permission, download and install the update. Can go to http://www.earthlink.net and download the updates manually
Source=Paul Collins Startup list
[UPDATEMSN]
Number=11447
Confirmed=X
Filename=svhost.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[updater]
Number=11448
Confirmed=X
Filename=wupdater.exe
Description=eUniverse/KeenValue adware
Source=Paul Collins Startup list
[updater]
Number=11449
Confirmed=?
Filename=updater.exe
Description=??
Source=Paul Collins Startup list
[Updater]
Number=11450
Confirmed=X
Filename=adservernow.exe
Description=AdServerNow adware
Source=Paul Collins Startup list
[updater]
Number=11451
Confirmed=X
Filename=wisvc.exe
Description=Added by the ORSE-A TROJAN!
Source=Paul Collins Startup list
[Updater Service Process]
Number=11452
Confirmed=X
Filename=svhost32.exe
Description=Added by the AGOBOT.TY WORM!
Source=Paul Collins Startup list
[updater32]
Number=11453
Confirmed=X
Filename=winload32.exe
Description=Added by the CULT.M WORM!
Source=Paul Collins Startup list
[updatereal]
Number=11454
Confirmed=X
Filename=realupdate.exe
Description=Chinese originated adware
Source=Paul Collins Startup list
[Updates]
Number=11455
Confirmed=X
Filename=msupdate.exe
Description=CoolWebSearch parasite variant
Source=Paul Collins Startup list
[Updates from HP]
Number=11456
Confirmed=N
Filename=backweb*****.exe
Description=See here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners". * can be any digit
Source=Paul Collins Startup list
[Updates from HP]
Number=11457
Confirmed=N
Filename=Updates from HP.exe
Description=Automatically detects an internet connection and downloads any available updates
Source=Paul Collins Startup list
[UpdateService]
Number=11458
Confirmed=X
Filename=wservice.exe
Description=Added by the DREF-K WORM!
Source=Paul Collins Startup list
[Updatestats]
Number=11459
Confirmed=X
Filename=Updatestats.exe
Description=Statblaster adware
Source=Paul Collins Startup list
[UpdateStats]
Number=11460
Confirmed=X
Filename=UpdateStats.exe
Description=SeekSeek search hijacker related - see here
Source=Paul Collins Startup list
[updatev01]
Number=11461
Confirmed=N
Filename=updatev01.exe
Description=Ultra-networks.com software updater/downloader
Source=Paul Collins Startup list
[updatewin]
Number=11462
Confirmed=X
Filename=update.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Updatewiz]
Number=11463
Confirmed=?
Filename=updatewiz.exe
Description=??
Source=Paul Collins Startup list
[UPDATE~1]
Number=11464
Confirmed=N
Filename=updatemgr.exe
Description=Once a month, your EarthLink 5.0 Update Manager contacts EarthLink's servers to check for software updates. If an update is available for your EarthLink software, Update Manager will inform you and, with your permission, download and install the update. Can go to http://www.earthlink.net and download the updates manually
Source=Paul Collins Startup list
[upddateit]
Number=11465
Confirmed=X
Filename=winit.exe
Description=Added by the RBOT-MS WORM!
Source=Paul Collins Startup list
[Updmgr]
Number=11466
Confirmed=X
Filename=updmgr.exe
Description=eUniverse/KeenValue adware
Source=Paul Collins Startup list
[updmgr]
Number=11467
Confirmed=X
Filename=rvupdmgr.exe
Description=eUniverse/KeenValue adware
Source=Paul Collins Startup list
[upDpacketo]
Number=11468
Confirmed=X
Filename=services.exe
Description=Added by the NAFBOT-A TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "TEMPER" subfolder of the Windows or Winnt folder
Source=Paul Collins Startup list
[UpdReg]
Number=11469
Confirmed=N
Filename=Updreg.exe
Description=Reminder to register Creative Labs SoundBlaster Live! cards
Source=Paul Collins Startup list
[UpdSys]
Number=11470
Confirmed=X
Filename=[random filename]
Description=Added by the BJ TROJAN!
Source=Paul Collins Startup list
[Updt Service]
Number=11471
Confirmed=X
Filename=updt.pif
Description=Added by the RBOT-AYU WORM!
Source=Paul Collins Startup list
[updwebmin]
Number=11472
Confirmed=X
Filename=updwebmin.exe
Description=Added by the BACKDOOR.GEN TROJAN!
Source=Paul Collins Startup list
[UPERVGAS]
Number=11473
Confirmed=?
Filename=UPERVGAS.exe
Description=??
Source=Paul Collins Startup list
[Upgrade Sarvice]
Number=11474
Confirmed=X
Filename=sxchost.exe
Description=Added by a variant of the TOFGER-I TROJAN!
Source=Paul Collins Startup list
[Upgrade Service]
Number=11475
Confirmed=X
Filename=sxchost.exe
Description=Added by the TOFGER-I TROJAN!
Source=Paul Collins Startup list
[Upgrade Service]
Number=11476
Confirmed=X
Filename=winupd.exe
Description=Added by the TOFGER-U TROJAN!
Source=Paul Collins Startup list
[upme]
Number=11477
Confirmed=X
Filename=[filename]
Description=Added by the MUGLY.F WORM!
Source=Paul Collins Startup list
[Upme]
Number=11478
Confirmed=X
Filename=DLLMAN.EXE
Description=Added by the MUGLY.I WORM!
Source=Paul Collins Startup list
[upnp]
Number=11479
Confirmed=X
Filename=upnp.exe
Description=Added by the DLOADR-YT WORM!
Source=Paul Collins Startup list
[UPnP Manager]
Number=11480
Confirmed=X
Filename=upnpman.exe
Description=Added by a variant of the AGOBOT WORM!
Source=Paul Collins Startup list
[UPNPService]
Number=11481
Confirmed=X
Filename=WinSVCservice.exe
Description=Added by the AGOBOT.UN WORM!
Source=Paul Collins Startup list
[Upromise0]
Number=11482
Confirmed=U
Filename=Upromise0.exe
Description=Upromise college savings program
Source=Paul Collins Startup list
[UpromiseRemindU]
Number=11483
Confirmed=U
Filename=wjview ...Code
Description=Part of the Upromise saving scheme but associated with Ebates MoneyMaker adware so the choice is yours
Source=Paul Collins Startup list
[UPS]
Number=11484
Confirmed=Y
Filename=ups.exe
Description=PowerChute v5.02 - UPS Monitoring Module (which loads iconclnt - the tray icon)
Source=Paul Collins Startup list
[UPS]
Number=11485
Confirmed=X
Filename=UPS32.exe
Description=Added by the FEMOT.O WORM!
Source=Paul Collins Startup list
[UPSentry 2000]
Number=11486
Confirmed=Y
Filename=upsd.exe
Description=Used with Belkin UPS (Uninterruptable Power Supply) for support in the event of a power-loss
Source=Paul Collins Startup list
[UPSlim]
Number=11487
Confirmed=Y
Filename=upsd.exe
Description=Used with Belkin UPS (Uninterruptable Power Supply) for support in the event of a power-loss
Source=Paul Collins Startup list
[UPSMON]
Number=11488
Confirmed=U
Filename=UPSMON.exe
Description=UPSMON Power Management software
Source=Paul Collins Startup list
[UPSUtl]
Number=11489
Confirmed=X
Filename=web.exe
Description=CoolWebSearch parasite variant
Source=Paul Collins Startup list
[Uptimer4]
Number=11490
Confirmed=U
Filename=Uptimer4.exe
Description=Uptimer4 is an appbar which displays time, date, uptime, free ram, free pagefile, cpu usage, disk free space, battery power, IP addresses, TCP throughput, list of running processes, netstat and several more things
Source=Paul Collins Startup list
[UpTimes service]
Number=11491
Confirmed=X
Filename=WinUp.exe
Description=Added by the RBOT-AKB WORM!
Source=Paul Collins Startup list
[UpToDate]
Number=11492
Confirmed=X
Filename=uptodate.exe
Description=BrowserAid/BrowserPal foistware
Source=Paul Collins Startup list
[upxdn]
Number=11493
Confirmed=X
Filename=upxdn.exe
Description=Added by the AGENT.NCC TROJAN!
Source=Paul Collins Startup list
[upxdnd]
Number=11494
Confirmed=X
Filename=upxdnd.exe
Description=Added by the JD-A TROJAN!
Source=Paul Collins Startup list
[upyxo]
Number=11495
Confirmed=X
Filename=yujixit.exe
Description=Added by the SDBOT.BIX WORM!
Source=Paul Collins Startup list
[UrlLstCk]
Number=11496
Confirmed=Y
Filename=UrlLstCk.exe
Description=Part of Norton Internet Security. From Symantec - "UrlLstCk.exe is a necessary file that will be present in C:\Program Files\Norton Internet Security. It is a URL Checklist. It should not be disabled"
Source=Paul Collins Startup list
[URLMAP]
Number=11497
Confirmed=N
Filename=Urlmap.exe
Description=Installed by MS Money, and runs whenever you start IE. All it does is bring up an annoying sidebar (kind of like the search window) with 'financial links' when the web page supports it
Source=Paul Collins Startup list
[UrtSvcExe]
Number=11498
Confirmed=Y
Filename=Urt95Svc.exe
Description="Cisco Secure URT is a virtual LAN (VLAN) assignment service that enhances LAN security by actively identifying and authenticating users and then associating them only to their specific network services and resources"
Source=Paul Collins Startup list
[Usb]
Number=11499
Confirmed=?
Filename=Usb.exe
Description=HP related - not sure whether it's required
Source=Paul Collins Startup list
[usb]
Number=11500
Confirmed=X
Filename=SASS.EXE
Description=Added by the FUNSTA-A TROJAN!
Source=Paul Collins Startup list
[USB 2.0 Driver]
Number=11501
Confirmed=X
Filename=updateXPSPC.exe
Description=Added by the AGOBOT-RJ WORM!
Source=Paul Collins Startup list
[USB 2.0 Driver]
Number=11502
Confirmed=X
Filename=Winsys32.exe
Description=Added by the AGOBOT-QM WORM!
Source=Paul Collins Startup list
[USB 2.0 Driver]
Number=11503
Confirmed=X
Filename=updateXP.exe
Description=Added by the AGOBOT-QP WORM!
Source=Paul Collins Startup list
[USB 2.0 Driver]
Number=11504
Confirmed=X
Filename=winsystem.exe
Description=Added by the AGOBOT-QS WORM!
Source=Paul Collins Startup list
[USB 2.1 Driver]
Number=11505
Confirmed=X
Filename=winupdate1.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[USB controller]
Number=11506
Confirmed=X
Filename=Svcmm32.exe
Description=SvcMM backdoor parasite downloader
Source=Paul Collins Startup list
[USB Device]
Number=11507
Confirmed=X
Filename=servicelog.exe
Description=Added by the WOOTBOT.CB WORM!
Source=Paul Collins Startup list
[USB Device]
Number=11508
Confirmed=X
Filename=win32usb.exe
Description=Added by the FORBOT-BQ WORM!
Source=Paul Collins Startup list
[USB Driver4]
Number=11509
Confirmed=X
Filename=UpdateXP*.exe [* = random digit]
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[USB Drivers1]
Number=11510
Confirmed=X
Filename=msupdate.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[USB Driverz2]
Number=11511
Confirmed=X
Filename=msnplus1.exe
Description=Added by the SDBOT-XQ WORM!
Source=Paul Collins Startup list
[USB Fix 1.1]
Number=11512
Confirmed=X
Filename=wuservices.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[USB Fixes]
Number=11513
Confirmed=X
Filename=wuafix.exe
Description=Added by the RBOT-ABV TROJAN!
Source=Paul Collins Startup list
[USB Hardware Monitoring]
Number=11514
Confirmed=X
Filename=USBhardware.exe
Description=Added by the RBOT-NN WORM!
Source=Paul Collins Startup list
[USB Hardware326 Monitoring]
Number=11515
Confirmed=Y
Filename=USBhardware326.exe
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[USB Hardware32c Monitoring]
Number=11516
Confirmed=X
Filename=USBHARDWARE32C.EXE
Description=Added by the RBOT-UU WORM!
Source=Paul Collins Startup list
[USB Host Service]
Number=11517
Confirmed=X
Filename=usbsvc.exe
Description=Added by the RBOT-GG WORM!
Source=Paul Collins Startup list
[USB Hub Keyboard Patch]
Number=11518
Confirmed=?
Filename=SKBPATCH.EXE
Description=USB HUB Update
Source=Paul Collins Startup list
[USB SECURITY DEVICE CoInstaller]
Number=11519
Confirmed=Y
Filename=JupitCo.exe
Description=ButterflyMedia USB Flash drive related - required for the password security feature to work
Source=Paul Collins Startup list
[USB Updates]
Number=11520
Confirmed=X
Filename=mservices.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[USB Updates]
Number=11521
Confirmed=X
Filename=msfirewalls.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[USB Updates 2]
Number=11522
Confirmed=X
Filename=wugfixx.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[USB2Check]
Number=11523
Confirmed=N
Filename=PCLECoInst.dll
Description=Related to Pinnacle Systems Inc. CoInstaller - you can execute the USB2.0 interface check program (Usb2Check.exe file) to check if your system is a USB2.0 enabled system
Source=Paul Collins Startup list
[USBConfigration2]
Number=11524
Confirmed=X
Filename=wmmndir.exe
Description=Added by the AGOBOT-SV WORM!
Source=Paul Collins Startup list
[UsbD]
Number=11525
Confirmed=X
Filename=smss32.exe
Description=Adware downloader - recognized by Kaspersky antivirus as Trojan-Proxy.Win32.Agent.cj
Source=Paul Collins Startup list
[UsbD]
Number=11526
Confirmed=X
Filename=svhost32.exe
Description=Added by the AGENT.IB TROJAN!
Source=Paul Collins Startup list
[Usbd]
Number=11527
Confirmed=X
Filename=usb_d.exe
Description=Added by the CIDRA-A TROJAN!
Source=Paul Collins Startup list
[UsbD]
Number=11528
Confirmed=X
Filename=[path to trojan]
Description=Added by the CIDRA-F TROJAN!
Source=Paul Collins Startup list
[USBDetector]
Number=11529
Confirmed=U
Filename=USBDetector.exe
Description=USBDetector sets up an icon in the System Tray for a USB card which is intended to be used to eject or unplug hardware
Source=Paul Collins Startup list
[USBDetector]
Number=11530
Confirmed=U
Filename=UDetect.exe
Description=USB tray icon/detection for external Belkin (and maybe other makes) under Win98
Source=Paul Collins Startup list
[USBDrives]
Number=11531
Confirmed=X
Filename=msfirewalI.exe
Description=Added by the RBOT-ABP WORM!
Source=Paul Collins Startup list
[usbdrv]
Number=11532
Confirmed=X
Filename=servicetask.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[USBHWDRV]
Number=11533
Confirmed=X
Filename=gam.exe
Description=Added by a variant of the LOWZONE-I TROJAN!
Source=Paul Collins Startup list
[USBHWDRV]
Number=11534
Confirmed=X
Filename=msdc.exe
Description=Added by a variant of the LOWZONE-I TROJAN!
Source=Paul Collins Startup list
[USBHWDRV]
Number=11535
Confirmed=X
Filename=sst4.exe
Description=Added by a variant of the LOWZONE-I TROJAN!
Source=Paul Collins Startup list
[USBHWINFO]
Number=11536
Confirmed=X
Filename=mac.exe
Description=Added by the LOWZONE-I TROJAN!
Source=Paul Collins Startup list
[USBHWINFO]
Number=11537
Confirmed=X
Filename=[path to trojan]
Description=Added by the LOWZONE-I TROJAN!
Source=Paul Collins Startup list
[USBHWINFO]
Number=11538
Confirmed=X
Filename=sst6.exe
Description=Added by the LOWZONE-I TROJAN!
Source=Paul Collins Startup list
[USBMMKBD]
Number=11539
Confirmed=U
Filename=usbmmkbd.exe
Description=USB multimedia keyboard for HP systems. Allows the use of special function keys on USB keyboards. The latest version no longer pings a server when on-line wheras the older version did but did not transmit any user information
Source=Paul Collins Startup list
[USBMonit.exe]
Number=11540
Confirmed=U
Filename=USBMonit.exe
Description=Monitors USB ports for insertion of Sandisk USB flashdrives
Source=Paul Collins Startup list
[usbn]
Number=11541
Confirmed=X
Filename=usbn.exe
Description=Adult content dialer - recognized by Kaspersky antivirus as Trojan-Downloader.Win32.Small.afa
Source=Paul Collins Startup list
[usbn]
Number=11542
Confirmed=X
Filename=[path to trojan]
Description=Added by the HOGIL-C TROJAN!
Source=Paul Collins Startup list
[USBPNP]
Number=11543
Confirmed=Y
Filename=USBPNP.exe
Description=SiPix digital camera Twain USB driver
Source=Paul Collins Startup list
[USBTA]
Number=11544
Confirmed=N
Filename=usbtapnp.exe
Description=System Tray access for the BeWAN Gazel 128 USB ISDN adapter
Source=Paul Collins Startup list
[USBToolTip]
Number=11545
Confirmed=?
Filename=USBTip.exe
Description=Related to Pinnacle Systems Inc. What does it do and is it required?
Source=Paul Collins Startup list
[useful-soft]
Number=11546
Confirmed=X
Filename=svchst.exe
Description=Added by the STARTPA-HH TROJAN!
Source=Paul Collins Startup list
[user]
Number=11547
Confirmed=X
Filename=user32.exe
Description=Added by the BINGHE TROJAN!
Source=Paul Collins Startup list
[User Logger]
Number=11548
Confirmed=U
Filename=UsrLog.exe
Description=UserLogger is a commercial surveillance software program. It logs keystrokes, programs used and computer ID information. It also captures screenshots, can hide its presence on the computer and can be disguised in the Windows Task list
Source=Paul Collins Startup list
[User Manager]
Number=11549
Confirmed=X
Filename=fcllls.exe
Description=Added by the ZAGABAN-B TROJAN!
Source=Paul Collins Startup list
[User Services]
Number=11550
Confirmed=X
Filename=usersvc.exe
Description=Added by the REVCUSS.A TROJAN!
Source=Paul Collins Startup list
[User23.exe]
Number=11551
Confirmed=X
Filename=DIAL.exe
Description=This is a trojan trying to disguise itself as User32.dll
Source=Paul Collins Startup list
[User32]
Number=11552
Confirmed=X
Filename=[filename]
Description=Added by the NETTRASH TROJAN!
Source=Paul Collins Startup list
[UserFaultCheck]
Number=11553
Confirmed=N
Filename=dumprep 0 -u
Description=Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out
Source=Paul Collins Startup list
[Userinit]
Number=11554
Confirmed=X
Filename=lsass.exe
Description=Added by a variant of the DLOADER-TP TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Program Files\Common Files folder
Source=Paul Collins Startup list
[userinit]
Number=11555
Confirmed=X
Filename=winlogon.exe
Description=Added by the DLOADER-TP TROJAN! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder
Source=Paul Collins Startup list
[Userinit]
Number=11556
Confirmed=X
Filename=lsass.exe
Description=Added by a variant of the VIRAN-A TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Program Files\Common Files\System folder
Source=Paul Collins Startup list
[userinit]
Number=11557
Confirmed=X
Filename=smss.exe
Description=Added by the DLOADR-B TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This trojan file is found in the Windows or Winnt folder
Source=Paul Collins Startup list
[userinit]
Number=11558
Confirmed=X
Filename=choo_003956f4
Description=Added by the PEED.16896 TROJAN!
Source=Paul Collins Startup list
[userinit]
Number=11559
Confirmed=X
Filename=ntos.exe
Description=Added by the AGENT-ECU TROJAN!
Source=Paul Collins Startup list
[UserInit StartUp]
Number=11560
Confirmed=X
Filename=rpcxuisu.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[userint32]
Number=11561
Confirmed=X
Filename=userint32.exe
Description=Added by an unidentified TROJAN via an Instant Message that says, "This was cool, check it out here." Also contains Aurora popups
Source=Paul Collins Startup list
[USERINTERFACE REPORT3R]
Number=11562
Confirmed=X
Filename=M0USE.exe
Description=Added by the MYTOB.HS WORM!
Source=Paul Collins Startup list
[Userinterface Reporter]
Number=11563
Confirmed=X
Filename=fuuuucktttttt.exe
Description=Added by the MYTOB-DK WORM!
Source=Paul Collins Startup list
[Userinterface Reporter]
Number=11564
Confirmed=X
Filename=srv32.exe
Description=ISTBar adware
Source=Paul Collins Startup list
[UserSystem]
Number=11565
Confirmed=X
Filename=[filename]
Description=CoolWebSearch Smartsearch parasite variant. Also detected as the SEARCH-A TROJAN!
Source=Paul Collins Startup list
[ushli]
Number=11566
Confirmed=X
Filename=sscbltqu.exe
Description=Obtained from an MP3 search list site. Also generates random processes on reboot
Source=Paul Collins Startup list
[usrgtway.exe]
Number=11567
Confirmed=X
Filename=syswrun4x.exe
Description=Added by the MITGLIEDER.E TROJAN!
Source=Paul Collins Startup list
[USRobotics 802.11g Wireless Network Utility]
Number=11568
Confirmed=N
Filename=USRWLANG.exe
Description=USRobotics Wireless Network Utility - used to configure security settings for connecting to WEP encrypted Access Point through the USR Wireless adapter. You must uncheck "Use Windows to configure my wireless settings" for the program to work properly. Has Site Survey capabilities, and reports link quality and signal strength. Not required for proper operation of the device as the features given are accessible in the network connection properties
Source=Paul Collins Startup list
[Usrobotics Online Registration]
Number=11569
Confirmed=N
Filename=??
Description=Pop-up reminding customers to register their products online at US Robotics
Source=Paul Collins Startup list
[USRpdA]
Number=11570
Confirmed=Y
Filename=USRmlnkA.exe
Description=Modem driver files from US Robotics
Source=Paul Collins Startup list
[Usrr]
Number=11571
Confirmed=X
Filename=rncr.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[Usrr]
Number=11572
Confirmed=X
Filename=rpen.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[USRSTA]
Number=11573
Confirmed=?
Filename=USRSTA.exe
Description=Wireless Card controller. What does it do and is it required?
Source=Paul Collins Startup list
[USRSTA.EXE]
Number=11574
Confirmed=?
Filename=USRSTA.EXE
Description=Wireless Card controller. What does it do and is it required?
Source=Paul Collins Startup list
[USSShReg]
Number=11575
Confirmed=N
Filename=USSSHREG.EXE
Description=Registration reminder for Ulead SmartSaver Pro - compacts large graphics for web designers
Source=Paul Collins Startup list
[UStorag]
Number=11576
Confirmed=U
Filename=ustorage.exe
Description=U-Storage is application software running under Microsoft Windows, it provides functions and utility to manage STF flash drive (USB drive) for security, partition, boot-ability and recovery. See note
Source=Paul Collins Startup list
[Ustorage]
Number=11577
Confirmed=N
Filename=Ustorage.exe
Description=Maintenance tool (enable security functions) for a USB drive from Pretec
Source=Paul Collins Startup list
[Utility Ping]
Number=11578
Confirmed=?
Filename=UTILIT~1.EXE
Description=??
Source=Paul Collins Startup list
[UtilityPro]
Number=11579
Confirmed=N
Filename=UtilityPro.exe
Description=IE search toolbars as supplied by people such as Yellow Internet and SearchBoss and written by Rawhide Search Solutions
Source=Paul Collins Startup list
[UTILsInst]
Number=11580
Confirmed=Y
Filename=N/A
Description=For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out
Source=Paul Collins Startup list
[Utopia Angel]
Number=11581
Confirmed=N
Filename=Angel.exe
Description=Calculator for the online Utopia game
Source=Paul Collins Startup list
[uvnx]
Number=11582
Confirmed=X
Filename=uvcx.exe
Description=Added by the DLOADR-AWF TROJAN!
Source=Paul Collins Startup list
[uvnx]
Number=11583
Confirmed=X
Filename=uvnx.exe
Description=Added by the SMALL.CUL TROJAN!
Source=Paul Collins Startup list
[UVS10 Preload]
Number=11584
Confirmed=U
Filename=uvPL.exe
Description=Related to Ulead VideoStudio video editing and DVD authoring software
Source=Paul Collins Startup list
[uwa7pcw]
Number=11585
Confirmed=N
Filename=uwa7pcw.exe
Description=WinAntiVirus Pro 2007 virus software - not recommended, see here
Source=Paul Collins Startup list
[uwyrl]
Number=11586
Confirmed=X
Filename=uwyrl.exe
Description=Added by the PHEL.A TROJAN!
Source=Paul Collins Startup list
[uwyw.exe]
Number=11587
Confirmed=X
Filename=yujixit.exe
Description=Added by the SDBOT.BGB WORM!
Source=Paul Collins Startup list
[v]
Number=11588
Confirmed=?
Filename=WMPVer.EXE
Description=Dritek System Inc. 3D Mouse related. Is it required?
Source=Paul Collins Startup list
[V.92 Modem On Hold]
Number=11589
Confirmed=U
Filename=Ltmoh.exe
Description=Modem On Hold utility - manages incoming/outgoing voice calls on a single phone line while being connected to the internet
Source=Paul Collins Startup list
[V0250Mon.exe]
Number=11590
Confirmed=Y
Filename=V0250Mon.exe
Description=Part of Creative Webcam Launcher
Source=Paul Collins Startup list
[V128IID]
Number=11591
Confirmed=Y
Filename=Rundll32.exe v128iitw.dll, STB_InitTweak
Description=Loads drivers for some STB graphics cards such as the STB nVIDIA TNT 16MB. Required if you don't want to experience lock-ups or error messages
Source=Paul Collins Startup list
[V128IITV]
Number=11592
Confirmed=?
Filename=??
Description=Loads drivers for some STB graphics cards. May be related to such a card with a TV out option?
Source=Paul Collins Startup list
[V66SHELL]
Number=11593
Confirmed=?
Filename=V66SHELL.EXE
Description=It looks to be part of the display driver set for ASUS V3800, V6600 and V6800 display adapters. Probably a system tray quick access control?
Source=Paul Collins Startup list
[va10key]
Number=11594
Confirmed=U
Filename=va10key.exe
Description=Only required if you use the 10 kay bay unit with a Sony Vaio laptop
Source=Paul Collins Startup list
[VaCtrls]
Number=11595
Confirmed=X
Filename=v7
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Vaganza-XPloit-[User Name]"]
Number=11596
Confirmed=X
Filename=[user name].exe
Description=Added by the GAVGENT.A WORM!
Source=Paul Collins Startup list
[VAGCtrl]
Number=11597
Confirmed=Y
Filename=VAGCTRL.EXE
Description=Vexira Antivirus - virus scanner from Central Command
Source=Paul Collins Startup list
[VAGuard]
Number=11598
Confirmed=Y
Filename=VAGNT.exe
Description=Vexira Antivirus - virus scanner from Central Command
Source=Paul Collins Startup list
[VAIO Action Setup (Server)]
Number=11599
Confirmed=U
Filename=VAServ.exe
Description=Sony Vaio utility that auto-launches selected applications when you plug in a digital video camera, digital still camera, etc. via iLink (FireWire) or USB
Source=Paul Collins Startup list
[VAIO Recovery]
Number=11600
Confirmed=U
Filename=PartSeal.exe
Description=System backup for Sony Vaio PCs. Adds a recovery mechanism for users over and above any System Restore features - allowing users to revert a drive back to the state it was when bought form the factory by hitting F10. The user obviously loses any data stored if not backed-up elsewhere
Source=Paul Collins Startup list
[VAIO Update 2]
Number=11601
Confirmed=U
Filename=VAIOUpdt.exe
Description=Related to Sony Vaio Update service. This program is non-essential process to the running of the program, but should not be terminated unless suspected to be causing problems
Source=Paul Collins Startup list
[ValidData]
Number=11602
Confirmed=X
Filename=[path to trojan]
Description=Added by the RANKY.H TROJAN!
Source=Paul Collins Startup list
[valuename]
Number=11603
Confirmed=X
Filename=svchosts.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[vb6]
Number=11604
Confirmed=X
Filename=vb6.exe
Description=Added by the MUGLY.D WORM!
Source=Paul Collins Startup list
[VBouncer]
Number=11605
Confirmed=X
Filename=VirtualBouncer.exe
Description=Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here
Source=Paul Collins Startup list
[VbouncerDL]
Number=11606
Confirmed=X
Filename=VbouncerInner****.exe [* = random char]
Description=Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here
Source=Paul Collins Startup list
[VbouncerDL]
Number=11607
Confirmed=X
Filename=VBouncerInner.exe
Description=Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here
Source=Paul Collins Startup list
[VBS.Ipnuker@mm]
Number=11608
Confirmed=X
Filename=[worm filename].vbs
Description=Added by the NUKIP WORM!
Source=Paul Collins Startup list
[VBS_AUTO_UPDATE]
Number=11609
Confirmed=X
Filename=0548656X.vbs
Description=Added by the GORMLEZ-A WORM!
Source=Paul Collins Startup list
[VBundleOuterDL]
Number=11610
Confirmed=X
Filename=BundleOuter.EXE
Description=Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here
Source=Paul Collins Startup list
[VB_run]
Number=11611
Confirmed=X
Filename=comctl_32.exe
Description=Dubious downloader from densmail.com
Source=Paul Collins Startup list
[VC5MediaPlayer]
Number=11612
Confirmed=X
Filename=csmss.exe
Description=Added by the DEDLER-B WORM!
Source=Paul Collins Startup list
[VC5Play]
Number=11613
Confirmed=N
Filename=VC5Play.exe
Description=Virtual CD drive emulator - version 5. Available via Start -> Programs
Source=Paul Collins Startup list
[VC6play]
Number=11614
Confirmed=N
Filename=VC6Play.exe
Description=Virtual CD drive emulator - version 6. Available via Start -> Programs
Source=Paul Collins Startup list
[VC7Play]
Number=11615
Confirmed=N
Filename=VC7Play.exe
Description=Virtual CD drive emulator - version 7. Available via Start -> Programs
Source=Paul Collins Startup list
[VC7Player]
Number=11616
Confirmed=N
Filename=VC7Play.exe
Description=Virtual CD drive emulator - version 7. Available via Start -> Programs
Source=Paul Collins Startup list
[VCatch]
Number=11617
Confirmed=X
Filename=Vcatch.exe
Description=CommonSearch Vcatch - "antivirus" software which actually bundles spy/adware itself!
Source=Paul Collins Startup list
[VCatch Premium]
Number=11618
Confirmed=X
Filename=VCatchpre.exe
Description=VCatch antivirus. Considered spyware itself - see here
Source=Paul Collins Startup list
[VCDPlayer]
Number=11619
Confirmed=N
Filename=VCDPlayer.exe
Description=Virtual CD drive emulator. Available via Start -> Programs
Source=Paul Collins Startup list
[vcdplayx]
Number=11620
Confirmed=N
Filename=vcdplayx.exe
Description=CD emulation part of GameDrive & VirtualDrive from Farstone. Not required as starting these programs load this automatically
Source=Paul Collins Startup list
[VCDTower]
Number=11621
Confirmed=U
Filename=VCDTower.exe
Description=Goldensoft CD Ghost related - turns a computer into a 200X-speed CD-ROM tower. Working from the hard drive, users can simultaneously access as many as 23 virtual CD-ROM drives at a speed of 200X for true multitasking
Source=Paul Collins Startup list
[VCDWATCH]
Number=11622
Confirmed=?
Filename=VCDWATCH.EXE
Description=Confirmed as Voyetra CD Watcher as it was found in a Compaq/Voyetra/AS2 directory but what does it do?
Source=Paul Collins Startup list
[VCMnet11]
Number=11623
Confirmed=X
Filename=VCMnet11.exe
Description=Windows AFA Internet Enhancement - a browser hijacker, redirecting to adsourcecorp.com. See here
Source=Paul Collins Startup list
[VCS Host]
Number=11624
Confirmed=X
Filename=vcshost.exe
Description=Added by the RBOT-FKT WORM!
Source=Paul Collins Startup list
[VCSPlayer]
Number=11625
Confirmed=N
Filename=vcsplay.exe
Description=Virtual CD drive emulator. Available via Start -> Programs
Source=Paul Collins Startup list
[VCXD Settings]
Number=11626
Confirmed=X
Filename=phqg.EXE
Description=Added by the RBOT.BRF WORM!
Source=Paul Collins Startup list
[VC_Log]
Number=11627
Confirmed=U
Filename=keylog.exe
Description=PaqKeylog is a surveillance software program that logs keystrokes and can run in stealth mode. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list
[Vdat Update]
Number=11628
Confirmed=X
Filename=lalaa.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[VDI Manager (HP)]
Number=11629
Confirmed=?
Filename=HPO0VDX05.exe
Description=HP (Hewlett-Packard) related. Now - what does it do?
Source=Paul Collins Startup list
[vdtask]
Number=11630
Confirmed=N
Filename=vdtask.exe
Description=Program part of GameDrive & VirtualDrive from Farstone. Not required as starting these programs load this automatically
Source=Paul Collins Startup list
[Vegas Palms - Launcher]
Number=11631
Confirmed=N
Filename=Launcher.exe
Description=Vegas Palms on-line cassino
Source=Paul Collins Startup list
[veja_fotos.exe]
Number=11632
Confirmed=X
Filename=veja_fotos.exe
Description=Added by the MDROP-F TROJAN!
Source=Paul Collins Startup list
[VERBATIM STORE 'N' G]
Number=11633
Confirmed=U
Filename=verbatim store 'n' go.exe
Description=Loads the driver for the Verbatim Store'n'Go PRO USB Flash Drive - reportedly required only on systems running Windows 98 and Millennium
Source=Paul Collins Startup list
[Verif]
Number=11634
Confirmed=X
Filename=vxst.exe
Description=Added by the NOPIR.B WORM!
Source=Paul Collins Startup list
[Verizon Control Pad]
Number=11635
Confirmed=N
Filename=cpad.exe
Description=Control Pad - installed with Verizon DSL accounts. Tool designed to streamline the online experience
Source=Paul Collins Startup list
[Verizon Online Support Center]
Number=11636
Confirmed=U
Filename=matcli.exe
Description="matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Verizon Online Support Center is required to run with the Help and Support program. If you uncheck Verizon Online Support Center and and then run help and Support it will add another Verizon Online Support Center in the startup menu. If you remove the Verizon Online Support Center in the add/remove program some help menus in help and support will not be available. You decide
Source=Paul Collins Startup list
[VerizonServicepoint.exe]
Number=11637
Confirmed=U
Filename=VerizonServicepoint.exe
Description=Part of Verizon Online Support Manager
Source=Paul Collins Startup list
[vern16.dll]
Number=11638
Confirmed=X
Filename=regsvr32.exe [path] vernn16.dll
Description=DailyWinner adware
Source=Paul Collins Startup list
[versato]
Number=11639
Confirmed=U
Filename=versato.exe
Description="Hot" button (such as volume and browser control) management and a CD player as supplied with QTronix (as possibly Micro Innovations) keyboards
Source=Paul Collins Startup list
[Version]
Number=11640
Confirmed=X
Filename=Version.exe
Description=JRAUN adware variant
Source=Paul Collins Startup list
[Version]
Number=11641
Confirmed=X
Filename=manage.exe
Description=JRAUN adware variant
Source=Paul Collins Startup list
[version]
Number=11642
Confirmed=X
Filename=adl_dh.exe
Description=DealHelper adware related
Source=Paul Collins Startup list
[Vet Alert]
Number=11643
Confirmed=Y
Filename=vetmsg9x.exe
Description=Computer Associates "InnoculateIT" and Vet Anti-Virus virus software
Source=Paul Collins Startup list
[Vet Alert]
Number=11644
Confirmed=Y
Filename=VETMSG.EXE
Description=Computer Associates Vet Anti-Virus software
Source=Paul Collins Startup list
[Vet Start Up]
Number=11645
Confirmed=Y
Filename=vet98.exe
Description=Computer Associates "InnoculateIT" and Vet Anti-Virus virus software. This option will slow down your system, if set too aggressively. There is no need to scan every file when opened, closed, etc. Check in InoculateIT PE options
Source=Paul Collins Startup list
[Vet Start Up]
Number=11646
Confirmed=Y
Filename=vet32.exe
Description=Computer Associates "InnoculateIT" and Vet Anti-Virus virus software. This option will slow down your system, if set too aggressively. There is no need to scan every file when opened, closed, etc. Check in InoculateIT PE options
Source=Paul Collins Startup list
[VetTray]
Number=11647
Confirmed=U
Filename=vettray.exe
Description=Computer Associates "InnoculateIT" and Vet Anti-Virus virus software. System Tray quicklaunch access, not really necessary but only occupies 36k resources
Source=Paul Collins Startup list
[VFW Encoder/Decoder Settings]
Number=11648
Confirmed=X
Filename=RUNDLL32.exe MSSIGN30.DLL ondll_reg
Description=Added by the LOVGATE-W WORM!
Source=Paul Collins Startup list
[VGA Startup]
Number=11649
Confirmed=X
Filename=vgacard.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[VgaDriver]
Number=11650
Confirmed=X
Filename=RsrVga32.exe
Description=Added by the KEYLOG-AH TROJAN!
Source=Paul Collins Startup list
[VGATune]
Number=11651
Confirmed=X
Filename=VGATune.exe
Description=Added by the RBOT-AWM WORM!
Source=Paul Collins Startup list
[VGAUtil]
Number=11652
Confirmed=U
Filename=G-VGA.exe
Description=Gigabyte VGA Utility - access card options (application needs to be run at startup, but is not system critical)
Source=Paul Collins Startup list
[vid32cntl]
Number=11653
Confirmed=X
Filename=vid32cntl.Exe
Description=Added by the CRYPTER.A TROJAN!
Source=Paul Collins Startup list
[vidcntl]
Number=11654
Confirmed=X
Filename=vidcntl.Exe
Description=Added by the CRYPTER.A TROJAN!
Source=Paul Collins Startup list
[Vidcompat]
Number=11655
Confirmed=X
Filename=Vidcompat.exe
Description=Added by the GEMA TROJAN!
Source=Paul Collins Startup list
[vidctrl]
Number=11656
Confirmed=X
Filename=vidctrl.exe
Description=Delfin Promulgate adware variant
Source=Paul Collins Startup list
[Video]
Number=11657
Confirmed=X
Filename=explored.exe
Description=Added by the GAOBOT.RF WORM!
Source=Paul Collins Startup list
[Video]
Number=11658
Confirmed=X
Filename=winamp32.exe
Description=Added by the AGOBOT-NG WORM!
Source=Paul Collins Startup list
[Video Card Driver (do not remove)]
Number=11659
Confirmed=X
Filename=tsasi.exe
Description=Added by the SPYBOT-EF WORM!
Source=Paul Collins Startup list
[Video Lan Player]
Number=11660
Confirmed=X
Filename=VideoLanPlayer.exe
Description=Added by the RBOT-MY WORM!
Source=Paul Collins Startup list
[Video Manager]
Number=11661
Confirmed=X
Filename=videomgr.exe
Description=Added by the PANDEM.C WORM!
Source=Paul Collins Startup list
[Video Multimedia Driver]
Number=11662
Confirmed=X
Filename=ndrives32.exe
Description=Added by the RBOT-DK WORM!
Source=Paul Collins Startup list
[Video Proces]
Number=11663
Confirmed=X
Filename=winaps.exe
Description=Added by the AGOBOT.HD WORM!
Source=Paul Collins Startup list
[Video Process]
Number=11664
Confirmed=X
Filename=sysconf.exe
Description=Added by the GAOBOT.GEN!POLY or GAOBOT.UM or GAOBOT.ADX WORMS!
Source=Paul Collins Startup list
[Video Process]
Number=11665
Confirmed=X
Filename=MS32x16.exe
Description=Added by the RBOT.RH WORM!
Source=Paul Collins Startup list
[Video Process]
Number=11666
Confirmed=X
Filename=netsvcs.exe
Description=Added by the AGOBOT.LH WORM!
Source=Paul Collins Startup list
[Video Process]
Number=11667
Confirmed=X
Filename=MSlti64.exe
Description=Added by the AGOBOT.UE WORM!
Source=Paul Collins Startup list
[Video Process]
Number=11668
Confirmed=X
Filename=[random filename]
Description=Added by the RBOT-LM WORM!
Source=Paul Collins Startup list
[Video Process]
Number=11669
Confirmed=X
Filename=winasp.exe
Description=Added by the AGOBOT-IS WORM!
Source=Paul Collins Startup list
[Video Process]
Number=11670
Confirmed=X
Filename=msn5.exe
Description=Added by the AGOBOT-TW WORM!
Source=Paul Collins Startup list
[Video Process]
Number=11671
Confirmed=X
Filename=MStli32s.exe
Description=Added by the RBOT-GAD WORM!
Source=Paul Collins Startup list
[Video Services]
Number=11672
Confirmed=X
Filename=explore.exe
Description=Added by the GAOBOT.GL WORM!
Source=Paul Collins Startup list
[Video Services]
Number=11673
Confirmed=X
Filename=videol_32.exe
Description=Added by the AGOBOT-DM WORM!
Source=Paul Collins Startup list
[Video Services]
Number=11674
Confirmed=X
Filename=sys32.exe
Description=Added by the AGOBOT.PS WORM!
Source=Paul Collins Startup list
[Videocntl]
Number=11675
Confirmed=X
Filename=Videocntl.exe
Description=Added by a variant of the GEMA.D TROJAN!
Source=Paul Collins Startup list
[VideoDriver]
Number=11676
Confirmed=X
Filename=[filename]
Description=Added by the GSPOT20.A TROJAN!
Source=Paul Collins Startup list
[VideoDriver]
Number=11677
Confirmed=X
Filename=videodrv.exe
Description=Added by the MIMAIL.A WORM!
Source=Paul Collins Startup list
[VideoDriver]
Number=11678
Confirmed=X
Filename=gspotbot.exe
Description=Added by the SPIGOT.C TROJAN!
Source=Paul Collins Startup list
[Videool32]
Number=11679
Confirmed=X
Filename=VIDEOL32.EXE
Description=Added by the AGOBOT.EC WORM!
Source=Paul Collins Startup list
[videoporno.exe]
Number=11680
Confirmed=X
Filename=videoporno.exe
Description=Premium rate adult content dialer
Source=Paul Collins Startup list
[Videora]
Number=11681
Confirmed=Y
Filename=Videora.exe
Description=Video Holding personal video downloading program
Source=Paul Collins Startup list
[vidmon]
Number=11682
Confirmed=X
Filename=VIDMON.EXE
Description=Delfin Media Viewer adware related
Source=Paul Collins Startup list
[VidSvr]
Number=11683
Confirmed=N
Filename=vidsvr.exe
Description=MS WebTV for Windows Channel Guide. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it
Source=Paul Collins Startup list
[vietato.exe]
Number=11684
Confirmed=X
Filename=vietato.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[VIEW POINT DRIVERS]
Number=11685
Confirmed=X
Filename=phqghum.exe
Description=Added by the RBOT.BRX WORM!
Source=Paul Collins Startup list
[VIEW POINT DRIVERS FOR WIN32]
Number=11686
Confirmed=X
Filename=phqghu.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[ViewMgr]
Number=11687
Confirmed=N
Filename=ViewMgr.exe
Description=Viewpoint Manager - automatic updates for ViewPoint products such as ViewPoint Media Player (as bundled with AOL, AOL Instant Messenger, Compuserve, etc). Can be run manually via Start -> Settings -> Control Panel by enabling auto-updates temporarily, re-booting and then disabling again. Not recommended as Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This may change in 2006 - read this article
Source=Paul Collins Startup list
[ViewpointPhotosDeviceConnect]
Number=11688
Confirmed=U
Filename=FotomatDeviceConnect.exe
Description=Related to Viewpoint which is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 according to this article. You can remove it via Start -> Settings -> Control Panel -> Add/Remove Programs list...
Source=Paul Collins Startup list
[Vinny]
Number=11689
Confirmed=?
Filename=??
Description=??
Source=Paul Collins Startup list
[Virt.exe]
Number=11690
Confirmed=X
Filename=Virt.exe
Description=Added by the REMADM-C TROJAN!
Source=Paul Collins Startup list
[VirtuaGirl]
Number=11691
Confirmed=U
Filename=Vg.exe
Description=VirtuaGirl is a shareware program featuring scantily dressed girls on your desktop. They say hi in the morning, remind you of your appointments and dance for you on request...
Source=Paul Collins Startup list
[VirtuaGirl2]
Number=11692
Confirmed=U
Filename=VirtuaGirl2
Description=VirtuaGirl is a shareware program featuring scantily dressed girls on your desktop. They say hi in the morning, remind you of your appointments and dance for you on request...
Source=Paul Collins Startup list
[virtual]
Number=11693
Confirmed=X
Filename=winit.exe
Description=Added by the MUGLY.A or MUGLY.B WORMS!
Source=Paul Collins Startup list
[virtual]
Number=11694
Confirmed=X
Filename=winprotect.exe
Description=Added by the MUGLY.C WORM!
Source=Paul Collins Startup list
[virtual]
Number=11695
Confirmed=X
Filename=wini.exe
Description=Added by the RBOT-YX WORM!
Source=Paul Collins Startup list
[Virtual Access Scheduler]
Number=11696
Confirmed=U
Filename=VASCHD32.EXE
Description=The scheduler for mail and usenet tool
Source=Paul Collins Startup list
[Virtual Bouncer]
Number=11697
Confirmed=X
Filename=VirtualBouncer.exe
Description=Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here
Source=Paul Collins Startup list
[Virtual CD v6]
Number=11698
Confirmed=X
Filename=grplscd.exe
Description=Added by the RBOT-AXV WORM!
Source=Paul Collins Startup list
[Virtual CD v6]
Number=11699
Confirmed=X
Filename=[random].exe
Description=Added by the RBOT-AZV WORM!
Source=Paul Collins Startup list
[Virtual CDROM]
Number=11700
Confirmed=X
Filename=deamon.exe
Description=Added by the RBOT.VP WORM!
Source=Paul Collins Startup list
[Virtual Protocol]
Number=11701
Confirmed=X
Filename=vr32.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[virtual-ie]
Number=11702
Confirmed=X
Filename=winlogi.exe
Description=Malware - recognized by Kaspersky antivirus as Trojan-Dropper.Win32.WinAD.h
Source=Paul Collins Startup list
[virtual-machine]
Number=11703
Confirmed=X
Filename=svchosts.exe
Description=Added by the RBOT-US WORM!
Source=Paul Collins Startup list
[virtual-machine]
Number=11704
Confirmed=X
Filename=winlogin.exe
Description=Added by the RBOT-VU WORM!
Source=Paul Collins Startup list
[virtual-machine]
Number=11705
Confirmed=X
Filename=wini.exe
Description=Added by the RBOT-WR WORM!
Source=Paul Collins Startup list
[VirtualCloneDrive]
Number=11706
Confirmed=N
Filename=VCDDaemon.exe
Description=Virtual Clone Drive, part of CloneCD CD/DVD copying sofware. Discontinued
Source=Paul Collins Startup list
[VirtualDrive]
Number=11707
Confirmed=N
Filename=VDTask.exe
Description=VirtualDrive from Farstone - virtual CD drive emulator. Available via Start -> Programs
Source=Paul Collins Startup list
[VirtuaReminder]
Number=11708
Confirmed=U
Filename=VirtuaReminder.exe
Description=VirtuaReminder is a tool allowing the user to create reminders for such things as important appointments, birthdays, etc
Source=Paul Collins Startup list
[Virtuele Katja]
Number=11709
Confirmed=U
Filename=VKatja.exe
Description=Virtuele Katja - have an attractive moviestar parade on your Desktop and help you search the Dutch "Gouden Gids" business directory too...
Source=Paul Collins Startup list
[Virus]
Number=11710
Confirmed=X
Filename=Anti.exe
Description=Added by the SEENBOT.O WORM!
Source=Paul Collins Startup list
[Virus Protect]
Number=11711
Confirmed=X
Filename=vrsprtc.exe
Description=Added by the RBOT-APR WORM!
Source=Paul Collins Startup list
[Virus Removal Tool]
Number=11712
Confirmed=X
Filename=[path to trojan]
Description=Added by the TOMETA-B TROJAN!
Source=Paul Collins Startup list
[Virus Scan]
Number=11713
Confirmed=X
Filename=virscana.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[Virus-Burst]
Number=11714
Confirmed=N
Filename=Virus-Burst.exe
Description=Spyware remover - not recommended, see here
Source=Paul Collins Startup list
[VirusBurst]
Number=11715
Confirmed=N
Filename=VirusBurst.exe
Description=Spyware remover - not recommended, see here
Source=Paul Collins Startup list
[VirusCheckII]
Number=11716
Confirmed=X
Filename=AVIRCHK.EXE
Description=Added by the DASMIN TROJAN!
Source=Paul Collins Startup list
[VirusKeeper]
Number=11717
Confirmed=U
Filename=VirusKeeper.exe
Description=VirusKeeper uses a powerful real-time threat detection engine
Source=Paul Collins Startup list
[VirusRescue]
Number=11718
Confirmed=N
Filename=VirusRescue.exe
Description=Virus program - not recommended, see here
Source=Paul Collins Startup list
[VirusScan Online]
Number=11719
Confirmed=Y
Filename=mcvsshld.exe
Description=McAfee VirusScan On-line. See also the McAgentExe entry
Source=Paul Collins Startup list
[VirusScanMSC]
Number=11720
Confirmed=?
Filename=VsStat.exe
Description=Part of McAfee VirusScan. System Tray application as with previous versions (were also VsStat.exe), McAfee SecurityCenter integration or something else? Is it required?
Source=Paul Collins Startup list
[VirusScanner]
Number=11721
Confirmed=X
Filename=mnsys.exe
Description=Added by the SDBOT-AFQ WORM!
Source=Paul Collins Startup list
[Virus_Scanner]
Number=11722
Confirmed=X
Filename=Virus_Cleaner.exe
Description=Added by the PANOL WORM!
Source=Paul Collins Startup list
[visionGS]
Number=11723
Confirmed=N
Filename=VISIONGS.EXE
Description=visionGS webcam software
Source=Paul Collins Startup list
[Vistascan]
Number=11724
Confirmed=N
Filename=vistascan.exe
Description=Included in VistaScan are VistaAccess and VistaShuttle. VistaAccess gives you quick and easy access to scanning functions right from your desktop. For Windows users, you'll see a scanner icon in the Windows Tray of the Taskbar. Click this icon and a menu opens
Source=Paul Collins Startup list
[Visual Element FX5]
Number=11725
Confirmed=X
Filename=[various filenames]
Description=ClearStream Accelerator adware
Source=Paul Collins Startup list
[VisualStudio]
Number=11726
Confirmed=X
Filename=msorunner.exe
Description=Added by a variant of the TACTSLAY TROJAN!
Source=Paul Collins Startup list
[VisualTaskTips]
Number=11727
Confirmed=U
Filename=VisualTaskTips.exe
Description="Visual Task Tips is a lightweight shell enhancement utility. It provides thumbnail preview image for each task in the Windows Taskbar"
Source=Paul Collins Startup list
[VisualTooltip]
Number=11728
Confirmed=U
Filename=VisualToolTip.exe
Description=Related to VisualTooltip. Shows a thumbnail of a window by placing the mouse cursor over a button on the taskbar
Source=Paul Collins Startup list
[VITAL BOOT PROCESS]
Number=11729
Confirmed=X
Filename=taskmngr.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[VITAL BOOT PROCESS]
Number=11730
Confirmed=X
Filename=taskmnsgr.exe
Description=Added by the Rbot-VY WORM!
Source=Paul Collins Startup list
[Vital Load Process]
Number=11731
Confirmed=X
Filename=Spoolsvr.exe
Description=Added by the RBOT.AIF WORM!
Source=Paul Collins Startup list
[VividGalut]
Number=11732
Confirmed=X
Filename=VividGalut.exe
Description=Adult content related web downloader
Source=Paul Collins Startup list
[vmcleaner]
Number=11733
Confirmed=X
Filename=gxlib.exe
Description=Added by the SMALL-HS TROJAN!
Source=Paul Collins Startup list
[VMConsole.exe]
Number=11734
Confirmed=?
Filename=VMConsole.exe
Description=Sony VAIO Media Console - installed on the VAIO Media Integrated Server PCs. What does it do and is it required?
Source=Paul Collins Startup list
[VMDFW]
Number=11735
Confirmed=Y
Filename=vmdfw.exe
Description=VirusMD Personal Firewall. Vendor's Note: "VirusMD Personal Firewall is a micro-firewall and should not be use as your primary virus scanner or as your primary firewall. It does not pan-block incoming or outgoing data. Rather, is a diagnostic and therapeutic utility designed to help professionals save time and effort in eradicating Trojan horses"
Source=Paul Collins Startup list
[vmlib]
Number=11736
Confirmed=X
Filename=vmlib.exe
Description=Added by the LOWZONE-AQ TROJAN!
Source=Paul Collins Startup list
[Vmmon32]
Number=11737
Confirmed=X
Filename=vmmon32.exe
Description=Browser hijacker
Source=Paul Collins Startup list
[vmnetdhcp]
Number=11738
Confirmed=X
Filename=vmnetdhcp.exe
Description=Added by the DWNLDR-GTC TROJAN!
Source=Paul Collins Startup list
[vmsnGraber]
Number=11739
Confirmed=X
Filename=VMSNGRABER.EXE
Description=Added by the ENVID.B WORM!
Source=Paul Collins Startup list
[vmss]
Number=11740
Confirmed=X
Filename=vmss.exe
Description=Delfin Media Viewer or "Promulgate" adware variant
Source=Paul Collins Startup list
[vmtuner]
Number=11741
Confirmed=X
Filename=gclib.exe
Description=Hijacker - recognized by Kaspersky antivirus as Trojan-Clicker.Win32.Small.fh
Source=Paul Collins Startup list
[vmtuner]
Number=11742
Confirmed=X
Filename=gglib.exe
Description=Added by the QLOWZON-D TROJAN!
Source=Paul Collins Startup list
[VnCplUpdate]
Number=11743
Confirmed=X
Filename=msdm.exe
Description=Masssend - spam relayer. Listens on a port for the spammers to feed it a list of addresses and what to send out. More information in this advisory
Source=Paul Collins Startup list
[vnmispoisn downloader]
Number=11744
Confirmed=X
Filename=vnmispoisn downloader.exe
Description=SearchBarCash adware variant
Source=Paul Collins Startup list
[VOBID]
Number=11745
Confirmed=U
Filename=InstantDrive.exe
Description=Pinnacle Systems (ex VOB) InstantDrive - creates a virtual CD-ROM drive on the computer's hard drive. Part of InstantCD/DVD burning software
Source=Paul Collins Startup list
[VOBRegCheck]
Number=11746
Confirmed=Y
Filename=VOBRegCheck.exe
Description=Part of Pinnacle Systems InstantCD/DVD and InstantCopy CD/DVD copying software that verifies drive settings. Once loaded it doesn't use any resources so you can leave it enabled
Source=Paul Collins Startup list
[VoiceCenter]
Number=11747
Confirmed=U
Filename=AndreaVC.exe
Description=Related to Andrea's Superbeam microphone utility
Source=Paul Collins Startup list
[voip phone]
Number=11748
Confirmed=U
Filename=voip phone.exe
Description=Related to Acer Bluetooth VoIP phone - as optionally supplied with some of their notebooks such as the TravelMate 8200
Source=Paul Collins Startup list
[VoipBuster]
Number=11749
Confirmed=N
Filename=VoipBuster.exe
Description=VoipBuster - voice over the internet service. If you are calling a land line in one of their free destinations listed, the call will be placed at no costs at all. For all other calls, you will be asked to buy credits first
Source=Paul Collins Startup list
[VolPanel]
Number=11750
Confirmed=U
Filename=VolPanel.exe
Description=Related to Creative Sound Blaster X-Fi
Source=Paul Collins Startup list
[Voltage Manager]
Number=11751
Confirmed=X
Filename=[random filename]
Description=Added by the DREFFORT WORM!
Source=Paul Collins Startup list
[Volume Controller]
Number=11752
Confirmed=X
Filename=VolumeControl.exe
Description=Added by the SDBOT.AYI WORM!
Source=Paul Collins Startup list
[Vonage]
Number=11753
Confirmed=U
Filename=click2call.exe
Description=Vonage Voice over IP Internet phone service
Source=Paul Collins Startup list
[VoodooBanshee]
Number=11754
Confirmed=U
Filename=rundll32.exe 3DBBps.dll, BansheeLoadSettings
Description=Loads the configuration settings for a 3dfx Voodoo Banshee chipset based graphics card. If you change some of the settings from default you probably need this - otherwise maybe not
Source=Paul Collins Startup list
[voowsmcr]
Number=11755
Confirmed=?
Filename=huhdir.exe
Description=??
Source=Paul Collins Startup list
[Vortex Tray]
Number=11756
Confirmed=N
Filename=asp4setp.exe
Description=System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel
Source=Paul Collins Startup list
[VortexTray]
Number=11757
Confirmed=N
Filename=au30setp.exe
Description=System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel
Source=Paul Collins Startup list
[VortexTray]
Number=11758
Confirmed=N
Filename=asp4tray.exe
Description=System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel
Source=Paul Collins Startup list
[VortexTray]
Number=11759
Confirmed=N
Filename=asp4setp.exe
Description=System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel
Source=Paul Collins Startup list
[VoyetraTray]
Number=11760
Confirmed=N
Filename=vtray.exe
Description=This provides an abbreviated Control Group for the Turtle Beach Montego II sound functions/associated with AudioStation 3 and 32
Source=Paul Collins Startup list
[VPCUserServices]
Number=11761
Confirmed=U
Filename=VMUSrvc.exe
Description=Part of "DOS Virtual Machine Additions" for Microsoft Virtual PC, software virtualization software that allows you to run multiple PC-based operating systems simultaneously on one workstation. This process provides additional functionalities such as Shared Folders
Source=Paul Collins Startup list
[Vpop3 Mail Server]
Number=11762
Confirmed=U
Filename=vpop3.exe
Description=Mail server from Paul Smith Computer Services. Runs in system tray to collect mail. Can be run from a shortcut and if it isn't running then it won't get your email!
Source=Paul Collins Startup list
[vptray]
Number=11763
Confirmed=U
Filename=vptray.exe
Description=System Tray icon for Norton Anti-Virus Corporate Edition. Gives access to the options available and may not be required. Some users may have problems - refer here
Source=Paul Collins Startup list
[Vrmon]
Number=11764
Confirmed=Y
Filename=vrmonnt.exe
Description=HAURI Anti-Virus
Source=Paul Collins Startup list
[VrSchedule]
Number=11765
Confirmed=Y
Filename=Vrres.exe
Description=HAURI Anti-Virus
Source=Paul Collins Startup list
[VS.VSN]
Number=11766
Confirmed=Y
Filename=
Description=Part of eSafe antivirus "SmartScan" - alerts the user if files have been changed/added
Source=Paul Collins Startup list
[vsadmin]
Number=11767
Confirmed=X
Filename=smrs.exe
Description=Added by the AGOBOT-RC WORM!
Source=Paul Collins Startup list
[Vsample]
Number=11768
Confirmed=X
Filename=winxpsock.exe
Description=Added by the SDBOT.BLK WORM!
Source=Paul Collins Startup list
[vscanner]
Number=11769
Confirmed=X
Filename=spooll32.exe
Description=Added by the OPTIXPRO.10 TROJAN!
Source=Paul Collins Startup list
[vschost]
Number=11770
Confirmed=X
Filename=vschosts.exe
Description=Added by the VIPSY-A TROJAN!
Source=Paul Collins Startup list
[VsEcomrEXE]
Number=11771
Confirmed=N
Filename=VSECOMR.EXE
Description=From McAfee VirusScan up to version 4.x. This executable is responsible for the periodic "update" prompts
Source=Paul Collins Startup list
[Vshwin32EXE]
Number=11772
Confirmed=Y
Filename=VSHWIN32.EXE
Description=From McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Communicates between VSSTAT.EXE and the VShield System Scan module. Can be started automatically or available via Start -> Programs
Source=Paul Collins Startup list
[VSN]
Number=11773
Confirmed=N
Filename=VSN.exe
Description=Software to share photographs across the internet
Source=Paul Collins Startup list
[vsnpstd3]
Number=11774
Confirmed=Y
Filename=vsnpstd3.exe
Description=Sonix Inc. Camera Monitor MFC Application
Source=Paul Collins Startup list
[VSOCheckTask]
Number=11775
Confirmed=Y
Filename=MCMNHDLR.EXE
Description=Part of McAfee's SecurityCenter and Virusscan Online. Must be enabled for scanning to work
Source=Paul Collins Startup list
[VSP32 Controls]
Number=11776
Confirmed=X
Filename=vsp32.exe
Description=Added by the RBOT-VA WORM!
Source=Paul Collins Startup list
[vspdfprsrv.exe]
Number=11777
Confirmed=N
Filename=vspdfprsrv.exe
Description=Visage PDF Printer
Source=Paul Collins Startup list
[VsStatEXE]
Number=11778
Confirmed=Y
Filename=VSSTAT.EXE
Description=From McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Communicates between VSSTAT.EXE and the VShield System Scan module. Can be started automatically or available via Start -> Programs
Source=Paul Collins Startup list
[vst]
Number=11779
Confirmed=X
Filename=vstkmgr.exe
Description=Added by the AGOBOT.SK WORM!
Source=Paul Collins Startup list
[vTPass]
Number=11780
Confirmed=N
Filename=vtpassld.exe
Description=Part of vTrails - a live media delivery solution. vTPass is the driver enabling the system to work. If unavailable via Start -> Programs, create your own shortcut for the "vtpass.exe" file
Source=Paul Collins Startup list
[VTPreset]
Number=11781
Confirmed=U
Filename=VTPreset.exe
Description=Savage Pro S3 graphics software
Source=Paul Collins Startup list
[VTTimer]
Number=11782
Confirmed=U
Filename=VTTimer.exe
Description=Driver file for the on-board VIA/S3G KM400/KN400 graphics which enables TV in/out communication
Source=Paul Collins Startup list
[vTunerStartUp]
Number=11783
Confirmed=N
Filename=vTuner.exe
Description=vTuner - "an easy way to find and listen to radio and TV broadcasts over the Internet"
Source=Paul Collins Startup list
[vuaaa]
Number=11784
Confirmed=X
Filename=reg.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[VVSN]
Number=11785
Confirmed=X
Filename=VVSN.exe
Description=WhenU.Save adware
Source=Paul Collins Startup list
[VX Audio]
Number=11786
Confirmed=X
Filename=vxaudio.exe
Description=Added by the VANEBOT-AI WORM!
Source=Paul Collins Startup list
[VX1000]
Number=11787
Confirmed=?
Filename=vVX1000.exe
Description=Associated with Microsoft's VX-1000 LifeCam webcams. What does it do and is it required?
Source=Paul Collins Startup list
[VX3000]
Number=11788
Confirmed=?
Filename=vVX3000.exe
Description=Associated with Microsoft's VX-1000 LifeCam webcams. What does it do and is it required?
Source=Paul Collins Startup list
[VX6000]
Number=11789
Confirmed=?
Filename=vVX6000.exe
Description=Associated with Microsoft's VX-1000 LifeCam webcams. What does it do and is it required?
Source=Paul Collins Startup list
[VZAccess Manager]
Number=11790
Confirmed=U
Filename=VZAccess Manager.exe
Description=Verizon Access manager for enterprises
Source=Paul Collins Startup list
[VZRemoteCommander]
Number=11791
Confirmed=U
Filename=AvRmtCtr.exe
Description=Related to Sony's VAIO Zone Remote Commander. A non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems
Source=Paul Collins Startup list
[W1N32.DLL]
Number=11792
Confirmed=X
Filename=WINLOGON .exe
Description=Added by the DROPPERFL.A TROJAN!
Source=Paul Collins Startup list
[w32]
Number=11793
Confirmed=X
Filename=w32.exe
Description=Added by the SOKEVEN TROJAN!
Source=Paul Collins Startup list
[W32.Scran]
Number=11794
Confirmed=X
Filename=Scran.exe
Description=Added by the NARCS WORM!
Source=Paul Collins Startup list
[w32alanis]
Number=11795
Confirmed=X
Filename=mope.scr
Description=Added by the SINALA WORM!
Source=Paul Collins Startup list
[W32data]
Number=11796
Confirmed=X
Filename=eworo.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[W32Load]
Number=11797
Confirmed=X
Filename=[random filename].scr
Description=Added by the CASPID WORM!
Source=Paul Collins Startup list
[W32PluginsDownloaderXMLHTTPSelfClearing7520]
Number=11798
Confirmed=X
Filename=wiper.exe
Description=Added by the PROXYSER-M TROJAN!
Source=Paul Collins Startup list
[w32sup]
Number=11799
Confirmed=X
Filename=w32sup.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[W32SYS]
Number=11800
Confirmed=X
Filename=w32sys.exe
Description=Added by the JAMBU-A WORM!
Source=Paul Collins Startup list
[W32Tc]
Number=11801
Confirmed=X
Filename=WTC32.scr
Description=Added by the VOTE.D or VOTE.K WORMS!
Source=Paul Collins Startup list
[W3KNetwork]
Number=11802
Confirmed=X
Filename=rundll32.exe w3knet.dll, dllinitrun
Description=Advertising spyware. Check here for more info on this particular one
Source=Paul Collins Startup list
[W75P2PSERVER]
Number=11803
Confirmed=Y
Filename=W75P2PS.EXE
Description=Printer utility which is required in order to make the printer work correctly
Source=Paul Collins Startup list
[W815DM]
Number=11804
Confirmed=U
Filename=W815DM.exe
Description=Enuff Parental Control Software by Akrontech
Source=Paul Collins Startup list
[w98Eject]
Number=11805
Confirmed=U
Filename=w98Eject.exe
Description=Related to USB support for Sigmatel MP3 audio palyer (and others such as SanDisk). It's intent is to "put away" the "disk" before you unplug it from the USB port, ostensibly to avoid "losing" data
Source=Paul Collins Startup list
[wait4IP]
Number=11806
Confirmed=U
Filename=wait4IP.exe
Description=Packard Bell net2Plug allows you to network PCs anywhere in your house
Source=Paul Collins Startup list
[wallchgr.exe wstart]
Number=11807
Confirmed=U
Filename=Wallchgr.exe
Description=WallChanger - wallpaper changer from Blue Tree Software
Source=Paul Collins Startup list
[WallPaper]
Number=11808
Confirmed=X
Filename=taskimgr.exe
Description=Added by the BANKER-GX TROJAN!
Source=Paul Collins Startup list
[WallPaper]
Number=11809
Confirmed=U
Filename=WALLPA~1.EXE
Description=Wallpaper Changer - wallpaper manager that can change your background images on every startup
Source=Paul Collins Startup list
[WallpaperChanger]
Number=11810
Confirmed=U
Filename=Wallpaper.exe
Description=A wallpaper changer and manager utility. There is the Freeware version and the Pro version. The freeware version is completely free. The Pro version is 30-day trialware, and after the 30 days some of the more advanced features will be disabled unless you register it
Source=Paul Collins Startup list
[Wanadoo Messenger.exe]
Number=11811
Confirmed=N
Filename=Wanadoo Messenger.exe
Description=Wanadoo ISP instant messenger client
Source=Paul Collins Startup list
[WanMPSvc]
Number=11812
Confirmed=Y
Filename=WanMPSvc.exe
Description=An AOL component, the Wan miniport (ATW) service. If you delete this and logon, AOL reports a problem with your internet connection, and reinstalling AOL doesn't help
Source=Paul Collins Startup list
[WAPI]
Number=11813
Confirmed=X
Filename=wts**.exe [* = random char]
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[War FTPD Tray Icon]
Number=11814
Confirmed=N
Filename=wartray.exe
Description=War-ftpd - FTP server
Source=Paul Collins Startup list
[war-ftpd.exe]
Number=11815
Confirmed=N
Filename=WAR-FTPD.EXE
Description=War FTP Daemon from JGAA's Internet - FTP client
Source=Paul Collins Startup list
[Wardo]
Number=11816
Confirmed=X
Filename=syslaunch.exe
Description=Added by the ADCLICKER.G TROJAN!
Source=Paul Collins Startup list
[WareOut]
Number=11817
Confirmed=X
Filename=WareOut.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[warez]
Number=11818
Confirmed=N
Filename=warez.exe
Description=Warez P2P client
Source=Paul Collins Startup list
[Warner]
Number=11819
Confirmed=U
Filename=warner.exe
Description=Also known as "CyberWarner". From G-Tek Technologies and pre-installed on some Packard Bell PCs. Protects critical files
Source=Paul Collins Startup list
[Warnet]
Number=11820
Confirmed=U
Filename=warnet.exe
Description=Warnet - system cleanup software
Source=Paul Collins Startup list
[Warning: do not remove it!]
Number=11821
Confirmed=U
Filename=fpplock.exe
Description=Part of Folder Password Expert by ZQS Software Team - "a software program to restrict access to the folders that contain your sensitive data"
Source=Paul Collins Startup list
[Warning: do not remove it! (system)]
Number=11822
Confirmed=Y
Filename=cfpsys.exe
Description=Folder Password Protect - a program that lets you set a password on folders of your choice
Source=Paul Collins Startup list
[WarReg_PopUp]
Number=11823
Confirmed=N
Filename=WarReg_PopUp.exe
Description=Acer warranty registration popup
Source=Paul Collins Startup list
[WARSVR]
Number=11824
Confirmed=N
Filename=war-ftpd.exe
Description="War FTP Daemon - the original free FTP server for windows"
Source=Paul Collins Startup list
[WashAndGo - Cleanup of old Backupfiles]
Number=11825
Confirmed=U
Filename=checker.exe
Description=WashAndGo - temp file cleaner
Source=Paul Collins Startup list
[Washer]
Number=11826
Confirmed=U
Filename=washer.exe
Description=Window Washer from Webroot Software. Useful utility that deletes safe to remove files, cookies, browsing history, etc. Available via from Start -> Programs. Disable within the program options - otherwise it is re-enabled in MSCONFIG
Source=Paul Collins Startup list
[Washerie.exe]
Number=11827
Confirmed=N
Filename=washerie.exe
Description=Cookie Washer for Internet Explorer from Webroot Software. Light version of Windows Washer, specific for cleaning the IE cache and cookies. Available via Start -> Programs
Source=Paul Collins Startup list
[washindex]
Number=11828
Confirmed=U
Filename=washidx.exe
Description=Window Washer from Webroot Software. Useful utility that deletes safe to remove files, cookies, browsing history, etc. Available via from Start -> Programs. Disable within the program options - otherwise it is re-enabled in MSCONFIG
Source=Paul Collins Startup list
[Wast]
Number=11829
Confirmed=X
Filename=wast.exe
Description=Grokster ads updater
Source=Paul Collins Startup list
[Watch]
Number=11830
Confirmed=N
Filename=watch.exe
Description=Found to be used by a Trust USB scanner for auto starting the scanning software when the lid is lifted
Source=Paul Collins Startup list
[Watch]
Number=11831
Confirmed=U
Filename=1200UBWATCH.EXE
Description=Button press monitor for the Mustek 1200 UB Scanner
Source=Paul Collins Startup list
[Watch Dog Program]
Number=11832
Confirmed=N
Filename=watchdog.exe
Description=For Compaq PC's. Associated with Compaq's internet services. Not required if you don't use services provided by them and may not be required even if you do
Source=Paul Collins Startup list
[Watchdog]
Number=11833
Confirmed=N
Filename=Watchdog.exe
Description=Definitely part of the Mustek scanner drivers and software (for 600 III EP Plus and maybe others), launches from the Startup folder in the Start Menu, but not required as they give instructions on removing it on their webpage
Source=Paul Collins Startup list
[WatchDog]
Number=11834
Confirmed=?
Filename=watchdog.exe
Description=Part of Motorola "Mobile Phone Tools" v3 - in a "Mobiile Phone Tools" sub-directory of Program Files
Source=Paul Collins Startup list
[WatchDog]
Number=11835
Confirmed=?
Filename=DVDCheck.exe
Description=Related to an Intervideo program. What does it do and is it required in startup?
Source=Paul Collins Startup list
[WaveTop Launcher]
Number=11836
Confirmed=N
Filename=WaveTop.exe
Description=WaveTop - "Get push content from TV without an Internet connection" - now possibly a defunct system in the US included as an optional part of WebTV in Win98
Source=Paul Collins Startup list
[WaveTop Receiver 1]
Number=11837
Confirmed=N
Filename=N/A
Description=WaveTop - "Get push content from TV without an Internet connection" - now possibly a defunct system in the US included as an optional part of WebTV in Win98
Source=Paul Collins Startup list
[WaveTop Receiver 2]
Number=11838
Confirmed=N
Filename=N/A
Description=WaveTop - "Get push content from TV without an Internet connection" - now possibly a defunct system in the US included as an optional part of WebTV in Win98
Source=Paul Collins Startup list
[WaveTop Upload Manager]
Number=11839
Confirmed=N
Filename=N/A
Description=WaveTop - "Get push content from TV without an Internet connection" - now possibly a defunct system in the US included as an optional part of WebTV in Win98
Source=Paul Collins Startup list
[Wbiff]
Number=11840
Confirmed=N
Filename=Wbiff.exe
Description=Wbiff! E-mail checker - automatically checks your e-mail and notifies you if any new e-mail has been received
Source=Paul Collins Startup list
[Wbutton]
Number=11841
Confirmed=U
Filename=Wbutton.exe
Description=Turns on and off the integrated WiFi on Acer (and other laptops)
Source=Paul Collins Startup list
[WCESCOMM]
Number=11842
Confirmed=N
Filename=WCESCOMM.EXE
Description=Active sync for use with Windows CE based palm PC
Source=Paul Collins Startup list
[WCESMngr]
Number=11843
Confirmed=X
Filename=spoolsb.exe
Description=Added by the AGOBOT-QZ WORM!
Source=Paul Collins Startup list
[WCESMngr]
Number=11844
Confirmed=X
Filename=WCEMNGR.EXE
Description=Added by the AGOBOT-QX WORM!
Source=Paul Collins Startup list
[wcmdmgr]
Number=11845
Confirmed=U
Filename=wcmdmgrl.exe
Description=Web Driver delivery system for WildTangent on-line games. Periodically checks for updates - can be disabled within the programs control panel. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
Source=Paul Collins Startup list
[wcmdmgr.exe]
Number=11846
Confirmed=N
Filename=wcmdmgr.exe
Description=Web Driver delivery system for WildTangent on-line games. Periodically checks for updates - can be disabled within the programs control panel. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
Source=Paul Collins Startup list
[wcmdmgrl]
Number=11847
Confirmed=U
Filename=wcmdmgrl.exe
Description=Web Driver delivery system for WildTangent on-line games. Periodically checks for updates - can be disabled within the programs control panel. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
Source=Paul Collins Startup list
[WCOLOREAL]
Number=11848
Confirmed=U
Filename=coloreal.exe
Description=Makes colours sharper and brighter, but will only work with coloreal capable monitors
Source=Paul Collins Startup list
[WCPC]
Number=11849
Confirmed=?
Filename=wintsvcc.exe
Description=??
Source=Paul Collins Startup list
[WCPI]
Number=11850
Confirmed=X
Filename=wintsvit.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[WCPS]
Number=11851
Confirmed=X
Filename=Wint**.exe [* = random char]
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[WCPT]
Number=11852
Confirmed=X
Filename=wintsvtr.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[wcsys]
Number=11853
Confirmed=X
Filename=wcsys.exe
Description=Added by the KEYLOG-AP TROJAN!
Source=Paul Collins Startup list
[WD Button Manager]
Number=11854
Confirmed=U
Filename=WDBtnMgr.exe
Description=Button manager installed with a western digital external disk drive. Allows you to back up your system with one click
Source=Paul Collins Startup list
[wdfmgr32.exe]
Number=11855
Confirmed=X
Filename=wdfmgr32.exe
Description=Added by the DWNLDR-FVL TROJAN!
Source=Paul Collins Startup list
[WDInfo]
Number=11856
Confirmed=X
Filename=wdinfo.exe
Description=Added by the DLUCA.B TROJAN!
Source=Paul Collins Startup list
[WDNS SYSTEM]
Number=11857
Confirmed=X
Filename=nibie.exe
Description=Added by the MYTOB-BY WORM!
Source=Paul Collins Startup list
[WDNS SYSTEM]
Number=11858
Confirmed=X
Filename=skybotx.exe
Description=Added by the MYTOB-BY WORM!
Source=Paul Collins Startup list
[WDNS SYSTEM]
Number=11859
Confirmed=X
Filename=wdns33.exe
Description=Added by the MYTOB-BY WORM!
Source=Paul Collins Startup list
[wdskctl]
Number=11860
Confirmed=X
Filename=wdskctl.exe
Description=IEPlugin spyware
Source=Paul Collins Startup list
[wdwctrl]
Number=11861
Confirmed=X
Filename=wdwctrl.exe
Description=Added by the DLUCA.E TROJAN!
Source=Paul Collins Startup list
[WEATHER]
Number=11862
Confirmed=N
Filename=WEATHER.EXE
Description=Weatherbug provides current outdoor temperature in the System Tray, also weather alerts. Available via Start -> Programs
Source=Paul Collins Startup list
[WeatherCast]
Number=11863
Confirmed=N
Filename=Weather.exe
Description=Weather reporting in the System Tray. Available via Start -> Programs. Installed via Radlight
Source=Paul Collins Startup list
[WeatherOnTray]
Number=11864
Confirmed=X
Filename=WeatherOnTray.exe
Description=Hotbar's Weather Forecast tool for your desktop - adware
Source=Paul Collins Startup list
[WeatherOnTray]
Number=11865
Confirmed=X
Filename=SbWeatherOnTray.exe
Description=Related to Hotbar's Weather Forecast tool for your desktop
Source=Paul Collins Startup list
[Weatherscope]
Number=11866
Confirmed=N
Filename=Weatherscope.exe
Description=WeatherScope - "displays your current local temperature in the system tray of your computer (near the clock) whenever you are online!" Not recommended as it bundles GAIN adware. You can get the adware free version for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here
Source=Paul Collins Startup list
[WeatherWatcher]
Number=11867
Confirmed=N
Filename=ww.exe
Description=WeatherWatcher - weather reporting in the System Tray
Source=Paul Collins Startup list
[web]
Number=11868
Confirmed=X
Filename=******.exe [* = random char]
Description=Added by a variant of the EASTO.A TROJAN!
Source=Paul Collins Startup list
[WEB DRIVERS FOR WIN32]
Number=11869
Confirmed=X
Filename=phqgh.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Web Offer]
Number=11870
Confirmed=X
Filename=ezPopStub.exe
Description=eZula TopText adware
Source=Paul Collins Startup list
[Web Offer]
Number=11871
Confirmed=X
Filename=ezStub.exe
Description=eZula TopText adware
Source=Paul Collins Startup list
[Web Offer]
Number=11872
Confirmed=X
Filename=EZSTUB22.EXE
Description=eZula TopText adware
Source=Paul Collins Startup list
[Web Offer]
Number=11873
Confirmed=X
Filename=vl_ezstub.exe
Description=eZula TopText adware
Source=Paul Collins Startup list
[Web Search]
Number=11874
Confirmed=?
Filename=??
Description=??
Source=Paul Collins Startup list
[Web Service]
Number=11875
Confirmed=X
Filename=[random filename].exe
Description=Added by the ADMINCASH TROJAN!
Source=Paul Collins Startup list
[Web Service]
Number=11876
Confirmed=X
Filename=sm.exe
Description=Added by the BUBE-F VIRUS!
Source=Paul Collins Startup list
[Web Service]
Number=11877
Confirmed=X
Filename=MSXMIDI.EXE
Description=CoolWebSearch parasite variant, identified by Kaspersky as TrojanDropper.Win32.Small.cw
Source=Paul Collins Startup list
[Web2Pop]
Number=11878
Confirmed=U
Filename=Web2Pop.exe
Description=Web2Pop allows you to retrieve your web-based accounts messages to read them in your favorite e-mail client
Source=Paul Collins Startup list
[web3trap]
Number=11879
Confirmed=Y
Filename=web3trap.exe
Description=PC-Cillin 2000 anti-virus software -> ActiveX filter. Guards against malicious ActiveX programs, etc
Source=Paul Collins Startup list
[webalize]
Number=11880
Confirmed=X
Filename=webalize.exe
Description=Searchcentrix hijacker
Source=Paul Collins Startup list
[WebArmyKnife]
Number=11881
Confirmed=N
Filename=WAK.exe
Description=Web Army Knife - a suite of web site developer's tools
Source=Paul Collins Startup list
[webassist]
Number=11882
Confirmed=X
Filename=webassist.exe
Description=Adware popup generator
Source=Paul Collins Startup list
[webcam]
Number=11883
Confirmed=X
Filename=webcam.exe
Description=Added by the MONAD-A TROJAN! Note - this malware actually changes the default value data of the Registry Run and RunServices keys in order to force Windows to launch it at boot. Name field may be empty
Source=Paul Collins Startup list
[Webcam Go Sti Service Application]
Number=11884
Confirmed=?
Filename=wbcgosvc.exe
Description=Control software for the portable Creative Webcam Go digital camera/PC web cam. What does it do and is it required?
Source=Paul Collins Startup list
[WebcamRT.exe]
Number=11885
Confirmed=N
Filename=WEBCAMRT.exe
Description=For Logitech Web Cams. Not required - camera works fine without it
Source=Paul Collins Startup list
[Webcelerator]
Number=11886
Confirmed=X
Filename=webcel.exe
Description=Webcelerator from eAcceleration speeds your Web browsing by both remembering where you have been and anticipating where you will go. Only needed if you find it improves web browsing. Now no longer available and supported and when available was classed as spyware - see here
Source=Paul Collins Startup list
[WebCheck]
Number=11887
Confirmed=X
Filename=WebCheck.pif
Description=Added by the CONE.C or CONE.F WORMS!
Source=Paul Collins Startup list
[WebCpr0]
Number=11888
Confirmed=X
Filename=WebCpr0.exe
Description=WebRebates adware
Source=Paul Collins Startup list
[Webdav.exe]
Number=11889
Confirmed=X
Filename=webdav.exe
Description=IRC DDoS bot which gives the hacker full control over your system
Source=Paul Collins Startup list
[WebExRemoteAccessAgent]
Number=11890
Confirmed=U
Filename=raagtapp.exe
Description=Related to Web Meetings from WebEx Communications, Inc. Share and present online with anyone, anywhere
Source=Paul Collins Startup list
[WebHancer Agent]
Number=11891
Confirmed=X
Filename=whagent.exe
Description=System Tray application that starts up Webhancer software. Software that optimizes your web browser and is also advertising spyware that you can find out about here
Source=Paul Collins Startup list
[webHancer Survey Companion]
Number=11892
Confirmed=X
Filename=whSurvey.exe
Description=WebHancertrackware - traffic measurement service that uses a client agent that is stealth installed on user machines, gathering detailed data about sites visited, their performance and, most important, what the user actually does while there
Source=Paul Collins Startup list
[WebInstall]
Number=11893
Confirmed=X
Filename=WebInstall.exe
Description=ClipGenie adware downloader
Source=Paul Collins Startup list
[WebInstall2]
Number=11894
Confirmed=X
Filename=WebInstall.exe
Description=ClipGenie adware downloader
Source=Paul Collins Startup list
[WebKey]
Number=11895
Confirmed=N
Filename=WebKey.exe
Description=WebKey from JB Utilities. Utility to keep track of login data required when browsing the internet
Source=Paul Collins Startup list
[WebLink]
Number=11896
Confirmed=N
Filename=WebLink.exe
Description=Softex is a "cost-effective way to provide software updates, technical support or new product information to specific end-users - it can silently provide end-users with software updates, technical support and new product information customized to their specific needs through a persistent link"
Source=Paul Collins Startup list
[WebOutfitterTray]
Number=11897
Confirmed=N
Filename=sttray.exe
Description=Intel WebOutfitter service System Tray icon
Source=Paul Collins Startup list
[Webposition Gold 2]
Number=11898
Confirmed=N
Filename=wpsche~1.exe
Description=Scheduler for Web Position Gold - utility to help optimize the position of web-sites in search engines
Source=Paul Collins Startup list
[WebRebates0]
Number=11899
Confirmed=X
Filename=WebRebates0.exe
Description=WebRebates adware
Source=Paul Collins Startup list
[WebRun]
Number=11900
Confirmed=X
Filename=[random filename]
Description=Added by the ADWARELOADER TROJAN!
Source=Paul Collins Startup list
[websaverlive]
Number=11901
Confirmed=U
Filename=websaverlive.exe
Description=WebSaver Live! is a companion program to Websaver that retrieves information from the Internet on a schedule and displays it on your screen when your computer is idle
Source=Paul Collins Startup list
[WebSavingsfromEbates]
Number=11902
Confirmed=X
Filename=WebSavingsfromEbatesrun.exe
Description=Web Savings From Ebates Software, a shopping tool that opens pop-up windows
Source=Paul Collins Startup list
[WebSavingsFromEbates0]
Number=11903
Confirmed=X
Filename=WebSavingsFromEbates0.exe
Description=Web Savings From Ebates Software, a shopping tool that opens pop-up windows
Source=Paul Collins Startup list
[WebScan]
Number=11904
Confirmed=U
Filename=DEFSCANGUI.EXE
Description=eAcceleration Stop-Sign security software related. Previously not recommended, see here
Source=Paul Collins Startup list
[webscan]
Number=11905
Confirmed=U
Filename=stopsignav.exe
Description=eAcceleration Stop-Sign security software related. Previously not recommended, see here
Source=Paul Collins Startup list
[WebScanX]
Number=11906
Confirmed=Y
Filename=WebScanX.exe
Description=From McAfee VirusScan up to version 4.x. Provides functionality for VShield Download Scan and Internet Filter modules. Enables internet scanning. Guards against malicious ActiveX programs, etc
Source=Paul Collins Startup list
[websearch]
Number=11907
Confirmed=X
Filename=wjview ...websearch.exe
Description="Web Savings" From Ebates Software, a shopping tool that opens pop-up windows
Source=Paul Collins Startup list
[WebSecureAlert]
Number=11908
Confirmed=N
Filename=WebSecureAlert.exe
Description=WebSecureAlert - "helps to protect your browser security by monitoring for unauthorized tampering with Internet Explorer's security settings, and can help to protect your privacy by deleting your web surfing history on a regular basis". Not recommended as it bundles GAIN adware. You can get the adware free version for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here
Source=Paul Collins Startup list
[WebServer]
Number=11909
Confirmed=?
Filename=VBI_SE~1.EXE
Description=Related to a Pinnacle sound card. What does it do and is it needed?
Source=Paul Collins Startup list
[Webshots]
Number=11910
Confirmed=U
Filename=Webshots Tray.exe
Description=Webshots - software that displays photos as your screensaver and wallpaper, and provides tools for sharing your personal photos on the web
Source=Paul Collins Startup list
[Webshots]
Number=11911
Confirmed=U
Filename=websho~1.exe
Description=Webshots - software that displays photos as your screensaver and wallpaper, and provides tools for sharing your personal photos on the web
Source=Paul Collins Startup list
[Webshots]
Number=11912
Confirmed=U
Filename=Launcher.exe
Description=Webshots - software that displays photos as your screensaver and wallpaper, and provides tools for sharing your personal photos on the web
Source=Paul Collins Startup list
[Webshots]
Number=11913
Confirmed=U
Filename=WebshotsTray.exe
Description=Webshots - software that displays photos as your screensaver and wallpaper, and provides tools for sharing your personal photos on the web
Source=Paul Collins Startup list
[Website Administrator Info]
Number=11914
Confirmed=X
Filename=webadmin.exe
Description=Added by the FORBOT-FY WORM!
Source=Paul Collins Startup list
[WebSpecials]
Number=11915
Confirmed=X
Filename=rundll32 [path] webspec.dll
Description=WebSpecials spyware
Source=Paul Collins Startup list
[Websx]
Number=11916
Confirmed=X
Filename=Int*****.exe
Description=Adult content dialler - where ***** are random
Source=Paul Collins Startup list
[Webtrap]
Number=11917
Confirmed=Y
Filename=webtrap.exe
Description=Part of PC-Cillin anti-virus software. Checks web-sites for malicious Java and ActiveX elements in a similar way to McAfee WebScanX. A few users find it infuriating
Source=Paul Collins Startup list
[WebTrapNT.exe]
Number=11918
Confirmed=Y
Filename=WebTrapNT.exe
Description=Part of PC-Cillin Anti-Virus software. Checks visited web-sites for malicious Java and ActiveX elements
Source=Paul Collins Startup list
[WebWasher]
Number=11919
Confirmed=U
Filename=wwasher.exe
Description=Free Pop-up/ad/javascript filter program from Siemens. If not running then browsers will not be protected but will still work. Available via Start -> Programs
Source=Paul Collins Startup list
[WeirdOnTheWeb]
Number=11920
Confirmed=X
Filename=WeirdOnTheWeb.exe
Description=Added by the WeirdOnTheWeb adware
Source=Paul Collins Startup list
[Welcome]
Number=11921
Confirmed=N
Filename=Welcome.exe
Description=Launches the Welcome to Windows tutorial on boot up
Source=Paul Collins Startup list
[WEPstat]
Number=11922
Confirmed=?
Filename=Wepstat.exe
Description=Cisco Aironet 340 Series PC Card driver. If it can be started manually it shouldn't be required if you don't use the PC card facility regularily - hence the status could be "U". Can anybody confirm this?
Source=Paul Collins Startup list
[wersds]
Number=11923
Confirmed=X
Filename=doriot.exe
Description=Added by the JECT.C TROJAN!
Source=Paul Collins Startup list
[wersds.exe]
Number=11924
Confirmed=X
Filename=doriot.exe
Description=Added by the BAGLEDI-A TROJAN!
Source=Paul Collins Startup list
[wesumu]
Number=11925
Confirmed=X
Filename=wiustv.exe
Description=Added by the QQPASS-L TROJAN!
Source=Paul Collins Startup list
[WetSock]
Number=11926
Confirmed=N
Filename=wetsock.exe
Description=RoboMagic Wetsock - weather reporting in the System Tray
Source=Paul Collins Startup list
[wextract_cleanup0]
Number=11927
Confirmed=N
Filename=advpack.dll, DelNodeRunDLL32 [path] [filename].TMP
Description=Wextract Cleanup0 is valid and legal software included or sold to help clean up temporary or cab files created by the installer software for a wide variety of software. It should disapear after a restart of the system. If not fix it
Source=Paul Collins Startup list
[WFGStartup]
Number=11928
Confirmed=N
Filename=WFGStartup.exe
Description=World Weather. "This midlet displays the current weather conditions for major cities around the world. This version is for memory limited mobile phones"
Source=Paul Collins Startup list
[wfips]
Number=11929
Confirmed=U
Filename=iphider.exe
Description=ICQ (messaging/chat program) anti-bomb software. "WFIPS is anti-bomb software for safeguarding ICQ Bomb before the bombing. 'ICQ Defoolder' is a tool for removing ICQ bomb after being exposed." For more information about ICQ bombs see here
Source=Paul Collins Startup list
[WFXCTL32.EXE]
Number=11930
Confirmed=N
Filename=WFXCTL32.EXE
Description=From WinFax 10.0 and possibly earlier versions. Appears if you chose to have WinFax appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start -> Programs
Source=Paul Collins Startup list
[wfxsnt40]
Number=11931
Confirmed=Y
Filename=wfxsnt40.exe
Description=WinFax 10.0 and maybe earlier versions. The program that opens the port for WinFax and not normally in the start menu. Needed if you want to run WinFax
Source=Paul Collins Startup list
[WFXSwtch]
Number=11932
Confirmed=?
Filename=WFXSWTCH.exe
Description=Related to WinFax. What does it do and is it required?
Source=Paul Collins Startup list
[WG111v2 Smart Wizard Wireless Setting]
Number=11933
Confirmed=U
Filename=RtlWake.exe
Description=Configuration utility for the Netgear WG111 54 Mbps Wireless USB 2.0 Adapter that "provides wireless access to your desktop or notebook PC through the computer's USB port"
Source=Paul Collins Startup list
[WG511WLU]
Number=11934
Confirmed=Y
Filename=WG511WLU.exe
Description=Netgear configuration programme for the 54g wireless lan card - required to monitor and manage the lan card
Source=Paul Collins Startup list
[wgeax]
Number=11935
Confirmed=X
Filename=wgeax.exe
Description=Added by the IRCBOT-TM WORM!
Source=Paul Collins Startup list
[wgs3]
Number=11936
Confirmed=X
Filename=wgs3.exe
Description=Added by the LEGMIR-AQH TROJAN!
Source=Paul Collins Startup list
[WGV]
Number=11937
Confirmed=X
Filename=WGV.exe
Description=Added by the ZIPPIE TROJAN!
Source=Paul Collins Startup list
[WGWLocalManager]
Number=11938
Confirmed=U
Filename=WGWLocalManager.exe
Description=Part of Flash-Networks NettGain2000 product. NettGain 2000 is a combined hardware/software networking solution, which is designed to improve performance of satellite networks by increasing data transmission speeds and maximizing the existing bandwidth for complete utilization when sending TCP/IP applications over a satellite. It is needed when connecting to the internet via satellite to provide speed faster than 60k or so. It could be started by creating a shortcut, running it only when connecting to the internet. If internet is used often, it's recommended to leave it in startup so it starts with the system
Source=Paul Collins Startup list
[WgwMngr]
Number=11939
Confirmed=Y
Filename=WgwMngr.exe
Description=Part of Flash-Networks NettGain2000 product. NettGain 2000 is a combined hardware/software networking solution, which is designed to improve performance of satellite networks by increasing data transmission speeds and maximizing the existing bandwidth for complete utilization when sending TCP/IP applications over a satellite. It is needed when connecting to the internet via satellite to provide speed faster than 60k or so
Source=Paul Collins Startup list
[whagent]
Number=11940
Confirmed=X
Filename=whagent.exe
Description=System Tray application that starts up Webhancer software. Software that optimizes your web browser and is also advertising spyware that you can find out about here
Source=Paul Collins Startup list
[WhatPulse]
Number=11941
Confirmed=U
Filename=WHATPU~1.EXE
Description=WhatPulse keeps track of your keystrokes, allowing you to find out just how much you type a day
Source=Paul Collins Startup list
[WheelMouse]
Number=11942
Confirmed=U
Filename=4DMAIN.EXE
Description=Mouse software for "Fellowes" Wheelman mouse. Has caused some users problems but shouldn't be needed if you don't use any enhanced features it may provide
Source=Paul Collins Startup list
[WheelMouse]
Number=11943
Confirmed=U
Filename=AMOUMAIN.EXE
Description=A4Tech wireless mouse driver and utility - required if you use non-standard Windows driver features
Source=Paul Collins Startup list
[WheelsMouse]
Number=11944
Confirmed=X
Filename=[path to trojan]
Description=Added by the SOCKSPR-D TROJAN!
Source=Paul Collins Startup list
[WhenUSave]
Number=11945
Confirmed=X
Filename=Save.exe
Description=WhenU.Save adware
Source=Paul Collins Startup list
[WhenUSearch]
Number=11946
Confirmed=X
Filename=Search.exe
Description=WhenU.Save adware
Source=Paul Collins Startup list
[WhenUSearchWHSE]
Number=11947
Confirmed=X
Filename=whse.exe
Description=WhenU.Save adware
Source=Paul Collins Startup list
[Whistler]
Number=11948
Confirmed=X
Filename=whismng.exe
Description=Added by the WHISTLER-F TROJAN!
Source=Paul Collins Startup list
[Whitechix]
Number=11949
Confirmed=X
Filename=brightx.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Whvlxd]
Number=11950
Confirmed=X
Filename=Whvlxd.exe
Description=Added by the ZAPCHAS-CS TROJAN!
Source=Paul Collins Startup list
[whxpin service]
Number=11951
Confirmed=X
Filename=ssvsol.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[WIAWizardMenu]
Number=11952
Confirmed=N
Filename=RUNDLL32.EXE sti_ci.dll, WiaCreateWizardMenu
Description=Still Image Class Installer - installed with a webcam
Source=Paul Collins Startup list
[Widnows Xp Web scan]
Number=11953
Confirmed=X
Filename=xpscan.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[wifeman]
Number=11954
Confirmed=X
Filename=wifeman.exe
Description=Unidentified malware
Source=Paul Collins Startup list
[WiFix service]
Number=11955
Confirmed=X
Filename=[random filename]
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[WildFlics]
Number=11956
Confirmed=X
Filename=WildFlics.exe
Description=Added by the Direct-B premium rate adult content dialler
Source=Paul Collins Startup list
[WildTangent CDA]
Number=11957
Confirmed=?
Filename=RUNDLL32.exe cdaEngine0400.dll, cdaEngineMain
Description=Part of the WildTangent on-line games system. What does it do and is it required?
Source=Paul Collins Startup list
[WildTangent Web Driver updater]
Number=11958
Confirmed=U
Filename=wcmdmgrl.exe
Description=Web Driver delivery system for WildTangent on-line games. Periodically checks for updates - can be disabled within the programs control panel. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
Source=Paul Collins Startup list
[Wildwire Monitor]
Number=11959
Confirmed=N
Filename=WWMon.exe
Description=This places a status icon on the taskbar for the DSL WildWire Tiger Modem. This is also a shortcut to the diagnostics utility for the DSL modem
Source=Paul Collins Startup list
[Willow Road]
Number=11960
Confirmed=N
Filename=WillowRoad.exe
Description=Willow Road Screen Saver
Source=Paul Collins Startup list
[win]
Number=11961
Confirmed=X
Filename=regedit -s ..win.dll
Description=Added by the SEEKER.K TROJAN!
Source=Paul Collins Startup list
[win]
Number=11962
Confirmed=X
Filename=xwinxrpc32.exe
Description=Added by the AGOBOT-MV WORM!
Source=Paul Collins Startup list
[win]
Number=11963
Confirmed=X
Filename=xwinxrpc.exe
Description=Added by the AGOBOT-MV WORM!
Source=Paul Collins Startup list
[WIN]
Number=11964
Confirmed=X
Filename=ehshell.exe
Description=Added by the MYTOB-CQ WORM!
Source=Paul Collins Startup list
[WIN]
Number=11965
Confirmed=X
Filename=windows.exe
Description=Added by the REATLE.C WORM!
Source=Paul Collins Startup list
[Win Chimes]
Number=11966
Confirmed=U
Filename=winchi~1.exe
Description=WinChimes - enhancement software for the system clock that runs in the system tray
Source=Paul Collins Startup list
[Win Comm]
Number=11967
Confirmed=X
Filename=WinComm.exe
Description=Added by the WINCOM TROJAN!
Source=Paul Collins Startup list
[Win Command]
Number=11968
Confirmed=X
Filename=command32.exe
Description=Added by the AGOBOT.XQ WORM!
Source=Paul Collins Startup list
[Win CPU]
Number=11969
Confirmed=X
Filename=sysin.pif
Description=Added by the RBOT-AXL WORM!
Source=Paul Collins Startup list
[win ctl app]
Number=11970
Confirmed=X
Filename=wuctl.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Win Drivers SSL]
Number=11971
Confirmed=X
Filename=hpws.exe
Description=Added by the IRCBOT.67098 WORM!
Source=Paul Collins Startup list
[Win Drivers SSL]
Number=11972
Confirmed=X
Filename=TASKMAN4.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Win Drivers SSL]
Number=11973
Confirmed=X
Filename=hpws.exe
Description=Added by the IRCBOT.67098 WORM!
Source=Paul Collins Startup list
[Win Drivers SSL32]
Number=11974
Confirmed=X
Filename=hpwsnnsbc.exe
Description=Added by the SPYBOT.MAR WORM!
Source=Paul Collins Startup list
[WIN HOST PROCESS]
Number=11975
Confirmed=X
Filename=WIN HOST PROCESS.EXE
Description=Added by the KEYLOGGER.CLONE TROJAN!
Source=Paul Collins Startup list
[Win INI 32]
Number=11976
Confirmed=X
Filename=msrp32.exe
Description=Added by the RBOT-FZC WORM!
Source=Paul Collins Startup list
[Win l5oahder]
Number=11977
Confirmed=X
Filename=winampa.exe
Description=Added by a variant of the RBOT WORM! Note - this is NOT associated with the popular Winamp media player. The valid file for the Winamp Agent resides in a "Winamp" subdirectory of the Program Files directory
Source=Paul Collins Startup list
[Win Login]
Number=11978
Confirmed=X
Filename=winlogin.exe
Description=Added by the RBOT-AWE WORM! Note - this trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder
Source=Paul Collins Startup list
[Win Microsoft 98]
Number=11979
Confirmed=X
Filename=win14.exe
Description=Added by the RBOT-AKX WORM!
Source=Paul Collins Startup list
[win name]
Number=11980
Confirmed=?
Filename=stat.exe
Description=??
Source=Paul Collins Startup list
[Win Patch]
Number=11981
Confirmed=X
Filename=ntldr.exe
Description=Added by the SDBOT-GS WORM!
Source=Paul Collins Startup list
[Win Process Updates]
Number=11982
Confirmed=X
Filename=winupdates.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Win Prosess0r]
Number=11983
Confirmed=X
Filename=[random filename]
Description=Added by the RBOT-BIT WORM!
Source=Paul Collins Startup list
[WIN prosessor16]
Number=11984
Confirmed=X
Filename=[random filename].exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Win Proxy32 Protocol]
Number=11985
Confirmed=X
Filename=bsvtem.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Win Secure Update]
Number=11986
Confirmed=X
Filename=[random filename]
Description=Added by the RBOT-AGI WORM!
Source=Paul Collins Startup list
[Win Security]
Number=11987
Confirmed=X
Filename=msw32.pif
Description=Added by the RBOT-AQT WORM!
Source=Paul Collins Startup list
[Win Server]
Number=11988
Confirmed=X
Filename=winserv.exe
Description=Added by the IMISERV.A TROJAN!
Source=Paul Collins Startup list
[Win Server Updt]
Number=11989
Confirmed=X
Filename=wupdt.exe
Description=Added by the IMISERV.A TROJAN!
Source=Paul Collins Startup list
[Win Server Updt]
Number=11990
Confirmed=X
Filename=winserver.exe
Description=Added by a variant of the IMISERV TROJAN!
Source=Paul Collins Startup list
[Win Server Updt]
Number=11991
Confirmed=X
Filename=pxckdla.exe
Description=IEPlugin adware
Source=Paul Collins Startup list
[Win TaskLoader]
Number=11992
Confirmed=X
Filename=msgmr.exe
Description=Added by the MYTOB.L WORM!
Source=Paul Collins Startup list
[win update]
Number=11993
Confirmed=X
Filename=wupda32.exe
Description=Added by the SDBOT.J WORM!
Source=Paul Collins Startup list
[win update]
Number=11994
Confirmed=X
Filename=wapdate.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Win Update]
Number=11995
Confirmed=X
Filename=SysUpdate.exe
Description=Added by the AGOBOT-TN WORM!
Source=Paul Collins Startup list
[Win Update]
Number=11996
Confirmed=X
Filename=oleupdate.exe
Description=Added by the AGENT-UY TROJAN!
Source=Paul Collins Startup list
[Win Update]
Number=11997
Confirmed=X
Filename=msnmger.exe
Description=Added by the RBOT-GDP WORM!
Source=Paul Collins Startup list
[Win Updater]
Number=11998
Confirmed=X
Filename=WINUPDATER.EXE
Description=Added by the RBOT.IP WORM!
Source=Paul Collins Startup list
[Win Updator Services]
Number=11999
Confirmed=X
Filename=ctfnom.exe
Description=Added by a variant of the WOOTBOT WORM!
Source=Paul Collins Startup list
[WIN USB 2.0]
Number=12000
Confirmed=X
Filename=usbsystem.exe
Description=Added by an unidentified WORM of TROJAN!
Source=Paul Collins Startup list
[WIN USB 2.0]
Number=12001
Confirmed=X
Filename=winusb.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Win USB 2.0 USB Driver]
Number=12002
Confirmed=X
Filename=HPPrint.exe
Description=Added by the SPYBOT.DNB WORM!
Source=Paul Collins Startup list
[WIN USB SUPPORT]
Number=12003
Confirmed=X
Filename=grxsrv.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Win Validation Application]
Number=12004
Confirmed=X
Filename=DBExecCom.exe
Description=Added by the VBSILLY-A WORM!
Source=Paul Collins Startup list
[Win WinAmp]
Number=12005
Confirmed=X
Filename=winamp.exe
Description=Added by the RBOT.AGF WORM! Note - this is NOT the popular Winamp media player which resides in a "Winamp" subdirectory of the Program Files directory. This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list
[win************* [* = random digit]]
Number=12006
Confirmed=X
Filename=win*************.exe [* = random digit]
Description=WINBO adware
Source=Paul Collins Startup list
[WIN-BUGSFIX]
Number=12007
Confirmed=X
Filename=WIN-BUGSFIX.EXE
Description=Added by the LOVELETTER (I LOVE YOU) VIRUS!
Source=Paul Collins Startup list
[win-xp]
Number=12008
Confirmed=X
Filename=nvsc32.exe
Description=Added by the BROPIA.N WORM!
Source=Paul Collins Startup list
[win-xp]
Number=12009
Confirmed=X
Filename=winis.exe
Description=Added by the BROPIA.N WORM!
Source=Paul Collins Startup list
[win-xp]
Number=12010
Confirmed=X
Filename=winis.exe
Description=Added by the BROPIA.N WORM!
Source=Paul Collins Startup list
[win.exe]
Number=12011
Confirmed=X
Filename=win.exe
Description=Added by the PODROP-C TROJAN!
Source=Paul Collins Startup list
[win16.dll]
Number=12012
Confirmed=U
Filename=win16dll.exe
Description=Screenspy captures screenshots silently. If you didn't install this yourself, remove it
Source=Paul Collins Startup list
[Win2Drv]
Number=12013
Confirmed=X
Filename=[worm filename]
Description=Added by the WINTOO WORM!
Source=Paul Collins Startup list
[WIN32]
Number=12014
Confirmed=X
Filename=WIN32.EXE
Description=Added by the RATEGA TROJAN!
Source=Paul Collins Startup list
[win32]
Number=12015
Confirmed=X
Filename=Shakira_1997_Part_1_.Mpeg_.scr
Description=Added by the MYLIFE.N WORM!
Source=Paul Collins Startup list
[win32]
Number=12016
Confirmed=X
Filename=Setup_32.exe
Description=Added by the EVILBOT.B TROJAN!
Source=Paul Collins Startup list
[Win32]
Number=12017
Confirmed=X
Filename=Win32.exe
Description=Added by the ISRAZ.A WORM!
Source=Paul Collins Startup list
[win32]
Number=12018
Confirmed=X
Filename=winsrv32.exe
Description=Added by the ADUENT TROJAN! Acts as a hi-jacker redirecting to Surferbar.com and adult content sites
Source=Paul Collins Startup list
[win32]
Number=12019
Confirmed=X
Filename=WinSetup.exe
Description=Added by the EVILBOT.B TROJAN!
Source=Paul Collins Startup list
[Win32]
Number=12020
Confirmed=X
Filename=system32.vbs
Description=Added by the SWERUN VIRUS!
Source=Paul Collins Startup list
[Win32]
Number=12021
Confirmed=X
Filename=Game.exe.vbs
Description=Added by the SCAFENE WORM!
Source=Paul Collins Startup list
[Win32]
Number=12022
Confirmed=X
Filename=arsetup.exe
Description=Added by the SPAZBOX.A TROJAN!
Source=Paul Collins Startup list
[win32]
Number=12023
Confirmed=X
Filename=winhost.exe
Description=Added by the BROPIA.J WORM!
Source=Paul Collins Startup list
[Win32]
Number=12024
Confirmed=X
Filename=winnnit.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Win32]
Number=12025
Confirmed=X
Filename=msnsrv.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Win32]
Number=12026
Confirmed=X
Filename=sysmon.exe
Description=Added by the MYTOB-HQ TROJAN!
Source=Paul Collins Startup list
[Win32]
Number=12027
Confirmed=X
Filename=zaq.exe
Description=Added by the RBOT-GCE WORM!
Source=Paul Collins Startup list
[Win32 Bios]
Number=12028
Confirmed=X
Filename=Winbios.exe
Description=Added by the SEMAPI-A WORM!
Source=Paul Collins Startup list
[Win32 Configuration]
Number=12029
Confirmed=X
Filename=videosd32.exe
Description=Added by the SDBOT.TT WORM!
Source=Paul Collins Startup list
[Win32 Configuration]
Number=12030
Confirmed=X
Filename=dllhelp.exe
Description=Added by the SDBOT.UL WORM!
Source=Paul Collins Startup list
[Win32 Configuration]
Number=12031
Confirmed=X
Filename=mplayer.exe
Description=Added by the FORBOT-BZ WORM!
Source=Paul Collins Startup list
[WIN32 DDOSSER]
Number=12032
Confirmed=X
Filename=dos.exe
Description=Added by the KELVIR.F WORM!
Source=Paul Collins Startup list
[Win32 Debug Manager]
Number=12033
Confirmed=X
Filename=Win32Debug.exe
Description=Added by a variant of the WOOTBOT WORM!
Source=Paul Collins Startup list
[Win32 Debug Manager]
Number=12034
Confirmed=X
Filename=microsoftupd.exe
Description=Added by a variant of the WOOTBOT WORM!
Source=Paul Collins Startup list
[Win32 Device Loader]
Number=12035
Confirmed=X
Filename=Win32ldr.exe
Description=Added by a variant of the AGOBOT/GAOBOT WORM!
Source=Paul Collins Startup list
[Win32 Driver]
Number=12036
Confirmed=X
Filename=svchosts.exe
Description=Added by the FORBOT-FD WORM!
Source=Paul Collins Startup list
[Win32 Drivers]
Number=12037
Confirmed=X
Filename=winlogons.exe
Description=Added by the FORBOT-FG WORM!
Source=Paul Collins Startup list
[Win32 DRK Driver]
Number=12038
Confirmed=X
Filename=wdrk32.exe
Description=Added by the WOOTBOT.CY WORM!
Source=Paul Collins Startup list
[Win32 exe file]
Number=12039
Confirmed=X
Filename=winstr32.exe
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[Win32 Explorer]
Number=12040
Confirmed=X
Filename=Explorer32.exe
Description=StartPa-MN homepage hijacker
Source=Paul Collins Startup list
[Win32 Firewall Driver]
Number=12041
Confirmed=X
Filename=winfw.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Win32 FireWire Driver]
Number=12042
Confirmed=X
Filename=CTHELPER32.EXE
Description=Added by the WOOTBOT TROJAN!
Source=Paul Collins Startup list
[Win32 FRT Driver]
Number=12043
Confirmed=X
Filename=msfr32.exe
Description=Added by a variant of the FORBOT WORM!
Source=Paul Collins Startup list
[Win32 Help32 Service]
Number=12044
Confirmed=X
Filename=win32help.exe
Description=Added by the DELBOT-U WORM!
Source=Paul Collins Startup list
[Win32 Information Service]
Number=12045
Confirmed=X
Filename=crsrs.exe
Description=Added by the RINBOT.Y WORM!
Source=Paul Collins Startup list
[Win32 Information Service]
Number=12046
Confirmed=X
Filename=crsss.exe
Description=Added by the DELBOT-O WORM!
Source=Paul Collins Startup list
[win32 internet server]
Number=12047
Confirmed=X
Filename=winserver.exe
Description=Added by the DERMON-D TROJAN!
Source=Paul Collins Startup list
[Win32 Kernel core component]
Number=12048
Confirmed=X
Filename=Kernel32.pif
Description=Added by the MOKS VIRUS!
Source=Paul Collins Startup list
[Win32 LSA Driver]
Number=12049
Confirmed=X
Filename=lsa.exe
Description=Added by the FORBOT-FJ WORM!
Source=Paul Collins Startup list
[Win32 Ms Auto Updater]
Number=12050
Confirmed=X
Filename=AutomsUPD.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Win32 NDIS Driver]
Number=12051
Confirmed=X
Filename=xpndis.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Win32 Network Driver]
Number=12052
Confirmed=X
Filename=crss.exe
Description=Added by a variant of the AGOBOT/GAOBOT WORM!
Source=Paul Collins Startup list
[Win32 NT Adv Services]
Number=12053
Confirmed=X
Filename=taskmngr.exe
Description=Added by the RBOT-ADE WORM!
Source=Paul Collins Startup list
[Win32 nvc]
Number=12054
Confirmed=X
Filename=nvcva.exe
Description=Added by the RBOT-ABF WORM!
Source=Paul Collins Startup list
[Win32 NVIDIA Driver]
Number=12055
Confirmed=X
Filename=MSPMSPSU.EXE
Description=Added by a variant of the WOOTBOT.Y WORM!
Source=Paul Collins Startup list
[win32 regedit]
Number=12056
Confirmed=X
Filename=msn32.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Win32 Rundll Loader]
Number=12057
Confirmed=X
Filename=Rundll32.exe
Description=Added by the SDBOT.A TROJAN! Note - this is not to be confused with the legitimate rundll32.exe file!
Source=Paul Collins Startup list
[Win32 Secure]
Number=12058
Confirmed=X
Filename=msconfigsvc.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Win32 Security Protocol]
Number=12059
Confirmed=X
Filename=secure32.exe
Description=Added by the RBOT-ETI WORM!
Source=Paul Collins Startup list
[Win32 Security Service]
Number=12060
Confirmed=X
Filename=crsrs.exe
Description=Added by the DELBOT-S WORM!
Source=Paul Collins Startup list
[Win32 Service]
Number=12061
Confirmed=X
Filename=bazzi.exe
Description=Added by the AHKER.E WORM!
Source=Paul Collins Startup list
[Win32 Services]
Number=12062
Confirmed=X
Filename=odbc32.exe
Description=Added by the SPYBOT-EK WORM!
Source=Paul Collins Startup list
[Win32 Services Config]
Number=12063
Confirmed=X
Filename=winwkys.exe
Description=Added by the RBOT.BKY WORM!
Source=Paul Collins Startup list
[Win32 Services1]
Number=12064
Confirmed=X
Filename=wuamngr1.exe
Description=Added by the SDBOT-PV WORM!
Source=Paul Collins Startup list
[Win32 Src Service]
Number=12065
Confirmed=X
Filename=win32src.exe
Description=Added by the RBOT-SX WORM!
Source=Paul Collins Startup list
[Win32 SSL Driver]
Number=12066
Confirmed=X
Filename=winssv.exe
Description=Added by the FORBOT-BH WORM!
Source=Paul Collins Startup list
[Win32 Svchosts Driver]
Number=12067
Confirmed=X
Filename=svchosts.exe
Description=Added by the FORBOT-FO WORM!
Source=Paul Collins Startup list
[win32 system server]
Number=12068
Confirmed=X
Filename=winserver.exe
Description=Added by the DERMON-A TROJAN!
Source=Paul Collins Startup list
[Win32 System Spool]
Number=12069
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the SDBOT.UK WORM!
Source=Paul Collins Startup list
[Win32 Test]
Number=12070
Confirmed=X
Filename=bleatest.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Win32 Update]
Number=12071
Confirmed=X
Filename=svchosts.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Win32 Update]
Number=12072
Confirmed=X
Filename=dl32.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[win32 update service]
Number=12073
Confirmed=X
Filename=svchostt.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Win32 USB Driver]
Number=12074
Confirmed=X
Filename=winxpinit.exe
Description=Added by the SDBOT.AA TROJAN!
Source=Paul Collins Startup list
[Win32 USB Driver]
Number=12075
Confirmed=X
Filename=mvsecn.exe
Description=Added by the FORBOT-BK WORM!
Source=Paul Collins Startup list
[Win32 Usb Driver]
Number=12076
Confirmed=X
Filename=svhosint32.exe
Description=Added by the FORBOT-BE or FORBOT-J WORMS!
Source=Paul Collins Startup list
[Win32 Usb Driver]
Number=12077
Confirmed=X
Filename=usb32.exe
Description=Added by the SDBOT-OV WORM!
Source=Paul Collins Startup list
[Win32 Usb Driver]
Number=12078
Confirmed=X
Filename=AvpG.exe
Description=Added by the FORBOT-BX WORM!
Source=Paul Collins Startup list
[Win32 USB2]
Number=12079
Confirmed=X
Filename=wins32.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Win32 USB2 Driver]
Number=12080
Confirmed=X
Filename=win32usb.exe
Description=Added by the SPYBOT.DHV WORM!
Source=Paul Collins Startup list
[Win32 USB2 Driver]
Number=12081
Confirmed=X
Filename=smsc.exe
Description=Added by the SDBOT.FO WORM!
Source=Paul Collins Startup list
[Win32 USB2 Driver]
Number=12082
Confirmed=X
Filename=svchosting.exe
Description=Added by the FORBOT.J or SDBOT.HU WORM!
Source=Paul Collins Startup list
[Win32 USB2 Driver]
Number=12083
Confirmed=X
Filename=sys32.exe
Description=Added by the WOOTBOT.X WORM!
Source=Paul Collins Startup list
[Win32 USB2 Driver]
Number=12084
Confirmed=X
Filename=sys32snd.exe
Description=Added by the FORBOT-AN WORM!
Source=Paul Collins Startup list
[Win32 USB2 Driver]
Number=12085
Confirmed=X
Filename=wind32.exe
Description=Added by the FORBOT-AH WORM!
Source=Paul Collins Startup list
[Win32 USB2 Driver]
Number=12086
Confirmed=X
Filename=winupdate.exe
Description=Added by the AGOBOT.YE WORM!
Source=Paul Collins Startup list
[Win32 USB2 Driver]
Number=12087
Confirmed=X
Filename=updatemgr.exe
Description=Added by a variant of the FORBOT WORM!
Source=Paul Collins Startup list
[Win32 USB2 Driver]
Number=12088
Confirmed=X
Filename=winsnd32.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Win32 USB2 Driver]
Number=12089
Confirmed=X
Filename=msn.exe
Description=Added by the FORBOT-EX WORM!
Source=Paul Collins Startup list
[Win32 USB2 Driver]
Number=12090
Confirmed=X
Filename=syscfg32.exe
Description=Added by the FORBOT-R WORM!
Source=Paul Collins Startup list
[Win32 USB2.0 Driver]
Number=12091
Confirmed=X
Filename=386.exe
Description=Added by the IRCBOT.D WORM!
Source=Paul Collins Startup list
[Win32 USB2.0 Driver]
Number=12092
Confirmed=X
Filename=rundll16.exe
Description=Added by the WOOTBOT.H WORM!
Source=Paul Collins Startup list
[Win32 USB2.0 Driver]
Number=12093
Confirmed=X
Filename=w32usb2.exe
Description=Added by the SPYBOT.DN WORM!
Source=Paul Collins Startup list
[Win32 USB2.0 Driver]
Number=12094
Confirmed=X
Filename=service.exe
Description=Added by the SDBOT-QF WORM!
Source=Paul Collins Startup list
[Win32 USB3 Driver]
Number=12095
Confirmed=X
Filename=win32tool.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Win32 Wmls Driver]
Number=12096
Confirmed=X
Filename=winitr32.exe
Description=Added by the WOOTBOT.B WORM!
Source=Paul Collins Startup list
[Win32 Word Services]
Number=12097
Confirmed=X
Filename=msword32.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[win32.exe]
Number=12098
Confirmed=X
Filename=win32.exe
Description=Added by the STARTPAGE TROJAN!
Source=Paul Collins Startup list
[Win32.exe]
Number=12099
Confirmed=X
Filename=Win32.exe
Description=Added by the AWQ.A TROJAN!
Source=Paul Collins Startup list
[Win32.Exploit.mzH]
Number=12100
Confirmed=X
Filename=mzrun.exe
Description=Added by the PAINTER TROJAN!
Source=Paul Collins Startup list
[Win32.Trojan.Downloader]
Number=12101
Confirmed=X
Filename=netstat2.exe
Description=Added by the PAINTER TROJAN!
Source=Paul Collins Startup list
[Win32BaseServiceMOD]
Number=12102
Confirmed=X
Filename=Wintask.exe
Description=Added by the NAVIDAD WORM!
Source=Paul Collins Startup list
[win32beta]
Number=12103
Confirmed=X
Filename=win32sys4.exe
Description=Added by the BANKER-DA TROJAN!
Source=Paul Collins Startup list
[win32clf]
Number=12104
Confirmed=X
Filename=win32clf.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[win32debug]
Number=12105
Confirmed=X
Filename=win32debug.exe
Description=Added by the GUDEB WORM!
Source=Paul Collins Startup list
[Win32DLL]
Number=12106
Confirmed=X
Filename=Win32DLL.vbs
Description=Added by the LOVELETTER (I LOVE YOU) VIRUS!
Source=Paul Collins Startup list
[Win32dll]
Number=12107
Confirmed=X
Filename=Win32dll.exe
Description=Added by the BANPAES TROJAN!
Source=Paul Collins Startup list
[WIN32DS]
Number=12108
Confirmed=X
Filename=clienttimer.exe
Description=Added by Eziin adware
Source=Paul Collins Startup list
[Win32G]
Number=12109
Confirmed=X
Filename=Kernel32.com
Description=Added by the ESTRELLA TROJAN!
Source=Paul Collins Startup list
[Win32G]
Number=12110
Confirmed=X
Filename=Scandisk.com
Description=Added by the ESTRELLA TROJAN!
Source=Paul Collins Startup list
[win32gb]
Number=12111
Confirmed=X
Filename=win32gb.exe
Description=All-In-One-Telcom (adult content dialler) variant
Source=Paul Collins Startup list
[Win32Host Process]
Number=12112
Confirmed=X
Filename=webemir.exe
Description=Added by the TURGEN -A TROJAN!
Source=Paul Collins Startup list
[win32info]
Number=12113
Confirmed=X
Filename=win32info.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[win32ini]
Number=12114
Confirmed=X
Filename=systroy.exe
Description=Added by the IRC.ALADINZ.C TROJAN!
Source=Paul Collins Startup list
[WIN32io]
Number=12115
Confirmed=X
Filename=clienttimer.exe
Description=Added by Eziin adware
Source=Paul Collins Startup list
[Win32R]
Number=12116
Confirmed=X
Filename=Server.com
Description=Added by the ESTRELLA TROJAN!
Source=Paul Collins Startup list
[WIn32S Java DLL]
Number=12117
Confirmed=X
Filename=kavsvx.exe
Description=Added by the AGOBOT-RZ WORM!
Source=Paul Collins Startup list
[win32servv]
Number=12118
Confirmed=X
Filename=load.exe
Description=iSearch adware
Source=Paul Collins Startup list
[win32servv]
Number=12119
Confirmed=X
Filename=ms1.exe
Description=iSearch adware
Source=Paul Collins Startup list
[WIN32SL]
Number=12120
Confirmed=Y
Filename=Win32sl.exe
Description=Part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards. The specific function of this is to load MIF's in order for Dell OpenManage Client to work
Source=Paul Collins Startup list
[WIN32SNDS]
Number=12121
Confirmed=X
Filename=banc.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Win32system]
Number=12122
Confirmed=X
Filename=[random filename]
Description=Added by the DDV.B WORM!
Source=Paul Collins Startup list
[Win32System]
Number=12123
Confirmed=X
Filename=win32s.exe
Description=Added by the MYDOOM.V WORM!
Source=Paul Collins Startup list
[Win32SystemMonitor]
Number=12124
Confirmed=X
Filename=***.exe [* = random char]
Description=Browser hijacker
Source=Paul Collins Startup list
[Win32SysV]
Number=12125
Confirmed=X
Filename=xin.exe
Description=Added by the FORBOT-EO WORM!
Source=Paul Collins Startup list
[win32us]
Number=12126
Confirmed=X
Filename=win32us.exe
Description=All-In-One-Telcom (adult content dialler) variant
Source=Paul Collins Startup list
[win32usbd]
Number=12127
Confirmed=X
Filename=ssrs.exe
Description=Added by the RBOT-RA WORM!
Source=Paul Collins Startup list
[WIN32WN]
Number=12128
Confirmed=X
Filename=system_wc.exe
Description=Added by Eziin adware
Source=Paul Collins Startup list
[win32_i lptt01]
Number=12129
Confirmed=X
Filename=win32_i.exe
Description=RapidBlaster variant (in a "win32_i" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
Source=Paul Collins Startup list
[win32_i ml097e]
Number=12130
Confirmed=X
Filename=win32_i.exe
Description=RapidBlaster variant (in a "win32_i" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
Source=Paul Collins Startup list
[Win386]
Number=12131
Confirmed=X
Filename=Win386.exe
Description=Added by the GOSUSUB VIRUS!
Source=Paul Collins Startup list
[Win386]
Number=12132
Confirmed=X
Filename=sp32.dll
Description=Homepage hijacker. Not a dll but a regfile in disguise
Source=Paul Collins Startup list
[WIN3S2SNDS]
Number=12133
Confirmed=X
Filename=winabsmod.exe
Description=Added by the AGENT.DN TROJAN - known to BOClean as "CWS/INDEX", "shuts down anything that wants to open and is used as a spam proxy as well"
Source=Paul Collins Startup list
[WIN3S2SNDS]
Number=12134
Confirmed=X
Filename=winiprtx.exe
Description=Added by the AGENT.DN TROJAN - known to BOClean as "CWS/INDEX", "shuts down anything that wants to open and is used as a spam proxy as well"
Source=Paul Collins Startup list
[Win64 Compatibility Check]
Number=12135
Confirmed=X
Filename=load win64.drv
Description=CoolWebSearch parasite variant
Source=Paul Collins Startup list
[WIN95DEFVIEW]
Number=12136
Confirmed=X
Filename=[path to file]
Description=Added by the DEDLER-D TROJAN!
Source=Paul Collins Startup list
[WIN95DEFVIEW]
Number=12137
Confirmed=X
Filename=csmss.exe
Description=Added by the DEDLER-D TROJAN!
Source=Paul Collins Startup list
[win98 DNS]
Number=12138
Confirmed=X
Filename=wingrd.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[winabc]
Number=12139
Confirmed=X
Filename=rundll32.exe [Temp]\[ORIGFILENAME].DLL, InstallLaunchEv
Description=Added by the LINEAGE-PN TROJAN!
Source=Paul Collins Startup list
[WinAC v4]
Number=12140
Confirmed=X
Filename=klsuicbn.exe
Description=Added by the FORBOT-CS WORM!
Source=Paul Collins Startup list
[Winacsr]
Number=12141
Confirmed=U
Filename=Winacsr.exe
Description=AceScreenSpy keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list
[winactive]
Number=12142
Confirmed=X
Filename=WINACTIVE.EXE
Description=WinActive of the LOP.com hijacker
Source=Paul Collins Startup list
[WinActiveJ]
Number=12143
Confirmed=X
Filename=WinActiveJ.exe
Description=Added by the ROTARRAN VIRUS!
Source=Paul Collins Startup list
[Winad Client]
Number=12144
Confirmed=X
Filename=Winad.exe
Description=WinAd adware by eXact Advertising
Source=Paul Collins Startup list
[WinAdCnt.exe]
Number=12145
Confirmed=X
Filename=WinAdCnt.exe
Description=Added by the BANKER-BU TROJAN!
Source=Paul Collins Startup list
[winadm]
Number=12146
Confirmed=X
Filename=winadm.exe
Description=Browser hijacker - redirecting to Search-World.net. Related to the SMALL.AEX TROJAN!
Source=Paul Collins Startup list
[WinAgent]
Number=12147
Confirmed=?
Filename=WinAgent.exe
Description=Standard Life Insurance program. Is it required at startup?
Source=Paul Collins Startup list
[Winahlp.exe]
Number=12148
Confirmed=X
Filename=Winahlp.exe
Description=Added by a variant of the VAGRNOCKER TROJAN!
Source=Paul Collins Startup list
[winallap]
Number=12149
Confirmed=X
Filename=winallap.exe
Description=Added by the DELF.E TROJAN!
Source=Paul Collins Startup list
[winallapu]
Number=12150
Confirmed=X
Filename=winallapu.exe
Description=Added by the DELF.E TROJAN!
Source=Paul Collins Startup list
[Winamp]
Number=12151
Confirmed=X
Filename=winamp.hta
Description=Hijacker - re-directing to adult content sites. Note - this isn't the real Winamp
Source=Paul Collins Startup list
[Winamp]
Number=12152
Confirmed=X
Filename=winamp.exe
Description=Added by the AGOBOT.XI WORM! Note - this is NOT the popular Winamp media player
Source=Paul Collins Startup list
[WinAMP]
Number=12153
Confirmed=X
Filename=winamp62.exe
Description=Added by the SDBOT-WN WORM!
Source=Paul Collins Startup list
[Winamp]
Number=12154
Confirmed=N
Filename=winamp.exe
Description=Winamp media player. Resides in a "Winamp" subdirectory of the Program Files directory
Source=Paul Collins Startup list
[Winamp Agent]
Number=12155
Confirmed=X
Filename=winamp.exe
Description=Added by a variant of the RBOT WORM! Note - this is NOT the popular Winamp media player. The valid filename for the Winamp Agent is "winampa.exe" - see here
Source=Paul Collins Startup list
[Winamp Media]
Number=12156
Confirmed=X
Filename=qmedia.exe
Description=Added by the DIAZMON-A TROJAN!
Source=Paul Collins Startup list
[Winamp media player]
Number=12157
Confirmed=X
Filename=winapa.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[WinAmp Player]
Number=12158
Confirmed=X
Filename=winampp.exe
Description=Added by the RBOT-AQI WORM! Note - this is NOT the popular Winamp media player which has a different filename
Source=Paul Collins Startup list
[Winamp to Google Talk]
Number=12159
Confirmed=U
Filename=winamptogoogletalk.exe
Description=Winamp to Google Talk, available here shows your current Winamp track in your Google Talk status
Source=Paul Collins Startup list
[Winamp Update]
Number=12160
Confirmed=X
Filename=yhn.exe
Description=Added by the SDBOT-ACR WORM!
Source=Paul Collins Startup list
[Winampa]
Number=12161
Confirmed=U
Filename=WINAMPa.exe
Description=Loads the System Tray icon for the popular Winamp media player - see here. Can be used to mantain file associations so programs like QuickTime and RealPlayer don't take over as default player for various media types. Available via Start -> Programs. Resides in a "Winamp" subdirectory of the Program Files directory
Source=Paul Collins Startup list
[Winampa]
Number=12162
Confirmed=X
Filename=winampa.exe
Description=Added by the AGOBOT-GS TROJAN! ! Note - this is NOT associated with the popular Winamp media player. The valid file for the Winamp Agent resides in a "Winamp" subdirectory of the Program Files directory whereas this file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list
[Winampa Agent]
Number=12163
Confirmed=X
Filename=WINAMPA.EXE
Description=Added by a variant of the RBOT WORM! Note - this is NOT the popular Winamp media player. The valid filename for the Winamp Agent is "winampa.exe" - see here
Source=Paul Collins Startup list
[WinampAgent]
Number=12164
Confirmed=U
Filename=WINAMPa.exe
Description=Loads the System Tray icon for the popular Winamp media player - see here. Can be used to mantain file associations so programs like QuickTime and RealPlayer don't take over as default player for various media types. Available via Start -> Programs. Resides in a "Winamp" subdirectory of the Program Files directory
Source=Paul Collins Startup list
[WinAmpAgent]
Number=12165
Confirmed=X
Filename=Msexploren.exe
Description=Added by the EB TROJAN! Note - this is NOT the popular Winamp media player which has a different filename
Source=Paul Collins Startup list
[WinAmpAgent]
Number=12166
Confirmed=X
Filename=Shch.exe
Description=Added by the EB TROJAN! Note - this is NOT the popular Winamp media player which has a different filename
Source=Paul Collins Startup list
[WinAmpAgent]
Number=12167
Confirmed=X
Filename=svchst.exe
Description=Added by the EB TROJAN! Note - this is NOT the popular Winamp media player which has a different filename
Source=Paul Collins Startup list
[WinAmpAgent]
Number=12168
Confirmed=X
Filename=Winagent.exe
Description=Added by the EB TROJAN! Note - this is NOT the popular Winamp media player which has a different filename
Source=Paul Collins Startup list
[WinAmpAgent]
Number=12169
Confirmed=X
Filename=msnexploren.exe
Description=Added by the TACTSLAY.B TROJAN!
Source=Paul Collins Startup list
[WinAmpAgent]
Number=12170
Confirmed=X
Filename=sdhch.exe
Description=Added by the TACTSLAY.B TROJAN!
Source=Paul Collins Startup list
[WinAntiSpyware 2005]
Number=12171
Confirmed=N
Filename=was5.exe
Description=Spyware remover - not recommended, see here
Source=Paul Collins Startup list
[WinAntiVirus Pro 2007]
Number=12172
Confirmed=N
Filename=WinAV.exe
Description=WinAntiVirus Pro 2007 virus software - not recommended, see here
Source=Paul Collins Startup list
[WinApi]
Number=12173
Confirmed=X
Filename=winapix.exe
Description=Added by a variant of the TIBSER.A downloader TROJAN!
Source=Paul Collins Startup list
[WINAPLOGUPD]
Number=12174
Confirmed=X
Filename=WINAPLOGUPD.EXE
Description=Added by the CAPSIDE-C WORM!
Source=Paul Collins Startup list
[Winapp]
Number=12175
Confirmed=X
Filename=winpup32.exe
Description=Produces popup ads to adult content sites
Source=Paul Collins Startup list
[WinApp32]
Number=12176
Confirmed=X
Filename=msapp.exe
Description=Added by the RSBOT TROJAN!
Source=Paul Collins Startup list
[WinAppLog]
Number=12177
Confirmed=U
Filename=svchost.exe
Description=StingKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself! Note - this is not the svchost.exe process that normally doesn't appear in Msconfig/Startup!
Source=Paul Collins Startup list
[WinAuth]
Number=12178
Confirmed=X
Filename=winlogon.exe
Description=Hijacker, also indentified as the STRTPAGE.BE TROJAN! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder
Source=Paul Collins Startup list
[WinAwk]
Number=12179
Confirmed=X
Filename=WinAwk.exe
Description=Added by the SDBOT-AYF WORM!
Source=Paul Collins Startup list
[WinBackup Scheduler]
Number=12180
Confirmed=U
Filename=Wbsched.exe
Description=LIUtilities WinBackup scheduler - backup software
Source=Paul Collins Startup list
[WinBar]
Number=12181
Confirmed=U
Filename=WinBar.exe
Description="WinBar is a free and compact program that lets you monitor your system and provides easy access to frequently used controls"
Source=Paul Collins Startup list
[winbar.pif]
Number=12182
Confirmed=X
Filename=packe.pif
Description=Added by the RBOT-AVI WORM!
Source=Paul Collins Startup list
[winbas12]
Number=12183
Confirmed=X
Filename=winbas12.exe
Description=Adware, CoolWebSearch parasite related - recognized by Kaspersky antivirus as TrojanDownloader.Win32.VB.du - Note - this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
Source=Paul Collins Startup list
[Winbed]
Number=12184
Confirmed=X
Filename=winbed.exe
Description=Hijacker
Source=Paul Collins Startup list
[Winbin]
Number=12185
Confirmed=X
Filename=swchost.exe
Description=Added by the RBOT.CLS WORM!
Source=Paul Collins Startup list
[winbin32]
Number=12186
Confirmed=X
Filename=win32exe.exe
Description=Added by the RBOT-ZL WORM!
Source=Paul Collins Startup list
[winbot]
Number=12187
Confirmed=X
Filename=winbot.exe
Description=Added by the MIDRUG-A TROJAN!
Source=Paul Collins Startup list
[WinCheck]
Number=12188
Confirmed=X
Filename=WinCheck.exe
Description=Added by the PWS-CY TROJAN!
Source=Paul Collins Startup list
[WinCheck]
Number=12189
Confirmed=X
Filename=services.exe
Description=Added by the SOBER.S WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "ConnectionStatus\Microsoft" subfolder of the Windows or Winnt folder
Source=Paul Collins Startup list
[WinCheck]
Number=12190
Confirmed=X
Filename=check.exe
Description=Added by the DELBOT-Y WORM!
Source=Paul Collins Startup list
[winchost]
Number=12191
Confirmed=X
Filename=winchost.exe
Description=Added by the DLOADER-PO TROJAN!
Source=Paul Collins Startup list
[WINCINEMAMGR]
Number=12192
Confirmed=N
Filename=WINCIN~1.EXE
Description=WinCinema_Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs
Source=Paul Collins Startup list
[WinCinemaMgr]
Number=12193
Confirmed=N
Filename=WinCinemaMgr.exe
Description=WinCinema_Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs
Source=Paul Collins Startup list
[winclean]
Number=12194
Confirmed=X
Filename=winclean.exe
Description=Added by the AGENT.GXR TROJAN!
Source=Paul Collins Startup list
[wincmap]
Number=12195
Confirmed=X
Filename=wincmapp.exe
Description=CasClient adware variant - also detected as the CMAPP TROJAN!
Source=Paul Collins Startup list
[wincms]
Number=12196
Confirmed=X
Filename=wincms.exe
Description=Added by the RBOT.CBR WORM! Note - this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
Source=Paul Collins Startup list
[WinCRT32]
Number=12197
Confirmed=X
Filename=wincrt32.exe
Description=Added by the DOGBOT-D WORM!
Source=Paul Collins Startup list
[WinCSRSS]
Number=12198
Confirmed=X
Filename=MSGRT32.EXE
Description=Added by the REWINDO-A TROJAN!
Source=Paul Collins Startup list
[WINCX]
Number=12199
Confirmed=X
Filename=wincore332.exe
Description=Added by the AGOBOT-MG WORM!
Source=Paul Collins Startup list
[Wind Logd File]
Number=12200
Confirmed=X
Filename=servicelogd.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Wind Security]
Number=12201
Confirmed=X
Filename=mswi32.pif
Description=Added by the RBOT-ARH WORM!
Source=Paul Collins Startup list
[wind.exe]
Number=12202
Confirmed=X
Filename=wind.exe
Description=Added by the MITGLIEDER.BD TROJAN!
Source=Paul Collins Startup list
[WIND0WS]
Number=12203
Confirmed=X
Filename=WIND0WS.exe
Description=Added by the SPYBOT.DQ WORM!
Source=Paul Collins Startup list
[WIND0WS]
Number=12204
Confirmed=X
Filename=mella.bat
Description=Added by the ALLEM WORM!
Source=Paul Collins Startup list
[Wind0ws]
Number=12205
Confirmed=X
Filename=wordpad.exe
Description=Added by the AGOBOT-TL WORM! Note - this is not the legitimate Windows application wordpad.exe (which is found in the Program Files\Accessories folder) which should not normally be seen in Msconfig or as a Startup item. This file is loacted in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list
[Wind0ws Sharing]
Number=12206
Confirmed=X
Filename=ssprotecter.exe
Description=Added by the RBOT-AHW WORM!
Source=Paul Collins Startup list
[WinData]
Number=12207
Confirmed=X
Filename=services.exe
Description=Added by the SOBER.AA WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "PoolData" subfolder of the Windows or Winnt folder
Source=Paul Collins Startup list
[WinDates]
Number=12208
Confirmed=N
Filename=windates.exe
Description=WinDates is a calendar, date organizer and event reminder program from Rockin' Software
Source=Paul Collins Startup list
[windbs]
Number=12209
Confirmed=X
Filename=winxtc.exe
Description=Added by the AGOBOT-WD WORM!
Source=Paul Collins Startup list
[Winde]
Number=12210
Confirmed=X
Filename=winde.exe
Description=Added by the DLUCA TROJAN!
Source=Paul Collins Startup list
[windef]
Number=12211
Confirmed=X
Filename=Win32sp.vbs
Description=Added by the ANPES WORM!
Source=Paul Collins Startup list
[windef]
Number=12212
Confirmed=X
Filename=windef.exe
Description=Added by the WURMARK-O WORM!
Source=Paul Collins Startup list
[Windeows NetStart Service2]
Number=12213
Confirmed=X
Filename=tesakrmger.exe
Description=Added by the RBOT-AMY WORM!
Source=Paul Collins Startup list
[windhost.exe]
Number=12214
Confirmed=X
Filename=osrwin32.exe
Description=Added by the BANKER-CB TROJAN!
Source=Paul Collins Startup list
[windhost.exe]
Number=12215
Confirmed=X
Filename=windhost.exe
Description=Added by the BANKER-BV TROJAN!
Source=Paul Collins Startup list
[windhost.exe]
Number=12216
Confirmed=X
Filename=winos.exe
Description=Added by the PWSAGENT-A WORM!
Source=Paul Collins Startup list
[windir]
Number=12217
Confirmed=X
Filename=winrun.exe
Description=Added by the WINBUR.B WORM!
Source=Paul Collins Startup list
[Windll]
Number=12218
Confirmed=X
Filename=Windll.exe
Description=Added by the TRYNOMA TROJAN!
Source=Paul Collins Startup list
[WINDLL]
Number=12219
Confirmed=U
Filename=WSYS.EXE
Description=STARR key logger. "It logs almost everything that goes through the box. It logs all key strokes, all passwords transacted even if they weren't keyed in, all web sites visited, every program launched including the path to that program, and more"
Source=Paul Collins Startup list
[windll]
Number=12220
Confirmed=X
Filename=windll32.exe
Description=Added by the ASTEF or RESPAN WORMS!
Source=Paul Collins Startup list
[WinDLL (csmss.exe)]
Number=12221
Confirmed=X
Filename=rundll32.exe [path] CSMSS.EXE
Description=Added by the AKBOT.U WORM!
Source=Paul Collins Startup list
[WinDLL (wchshield.exe)]
Number=12222
Confirmed=X
Filename=wchshield.exe
Description=Added by the IRCBOT GEN WORM!
Source=Paul Collins Startup list
[Windll.exe]
Number=12223
Confirmed=X
Filename=Windll.exe
Description=Added by the STEALER TROJAN!
Source=Paul Collins Startup list
[Windll32]
Number=12224
Confirmed=X
Filename=Windll32.exe
Description=Added by the MSNPWS TROJAN!
Source=Paul Collins Startup list
[WinDll32]
Number=12225
Confirmed=X
Filename=_WIN32.EXE
Description=Added by the LEGMIR.AQ TROJAN!
Source=Paul Collins Startup list
[windllsys32.exe]
Number=12226
Confirmed=X
Filename=windllsys32.exe
Description=Added by a variant of the MITGLIE-A TROJAN!
Source=Paul Collins Startup list
[WinDNS]
Number=12227
Confirmed=X
Filename=windns32.exe
Description=Added by the GAOBOT.WX WORM!
Source=Paul Collins Startup list
[Windoes Kernel]
Number=12228
Confirmed=X
Filename=kernel32.exe
Description=Added by the KICKIN.A (or CYDOG.C) WORM!
Source=Paul Collins Startup list
[Window]
Number=12229
Confirmed=X
Filename=explore.exe
Description=Added by the GAOBOT.ADW WORM!
Source=Paul Collins Startup list
[Window Loader]
Number=12230
Confirmed=X
Filename=Dos32.exe
Description=Added by the GAOBOT.AO WORM!
Source=Paul Collins Startup list
[Window Monitor]
Number=12231
Confirmed=X
Filename=winmon32.exe
Description=Added by the SDBOT.RT WORM!
Source=Paul Collins Startup list
[Window service]
Number=12232
Confirmed=X
Filename=[random filename]
Description=Added by the RBOT-ACH WORM!
Source=Paul Collins Startup list
[Window Washer]
Number=12233
Confirmed=U
Filename=wwDisp.exe
Description=Window Washer from Webroot Software. Useful utility that deletes safe to remove files, cookies, browsing history, etc. Available via from Start -> Programs. Disable within the program options - otherwise it is re-enabled in MSCONFIG
Source=Paul Collins Startup list
[window.exe]
Number=12234
Confirmed=X
Filename=window.exe
Description=Added by the MITGLIEDER.H or MITGLIEDER.J TROJANS!
Source=Paul Collins Startup list
[window2]
Number=12235
Confirmed=X
Filename=ssvchost.exe
Description=Added by the IRCBOT.H TROJAN!
Source=Paul Collins Startup list
[WindowBlinds]
Number=12236
Confirmed=U
Filename=wbload.exe
Description=WindowBlinds from Stardock. Skin application to change the appearence on Windows desktops. Available as an individual download or as part of Object Desktop. Required to restore settings if you use it. Available via right-click on the Desktop -> Properties -> Skins
Source=Paul Collins Startup list
[WindowEnhancer]
Number=12237
Confirmed=X
Filename=Winex.exe
Description=SCBar foistware variant
Source=Paul Collins Startup list
[Windowfdgfds DasdLL Verifiew]
Number=12238
Confirmed=X
Filename=[path to worm]
Description=Added by the RBOT-GGX WORM!
Source=Paul Collins Startup list
[Windowfdgfds DLL fgfdg Verifier]
Number=12239
Confirmed=X
Filename=winsecure.exe
Description=Added by the RBOT.CSP WORM!
Source=Paul Collins Startup list
[Windowfdgfds DLL fgfdg Verifier]
Number=12240
Confirmed=X
Filename=winsecure.exe
Description=Added by the RBOT.CSP WORM!
Source=Paul Collins Startup list
[WindowFX]
Number=12241
Confirmed=U
Filename=wfxload.exe
Description=Stardock WindowFX - "Allows you to add an unprecedented number of special effects to windows"
Source=Paul Collins Startup list
[windown]
Number=12242
Confirmed=X
Filename=wiusyt.exe
Description=Added by the QQPASS-M TROJAN!
Source=Paul Collins Startup list
[WindowRegKey update]
Number=12243
Confirmed=X
Filename=wins.exe
Description=Added by the SPYBOT.I WORM!
Source=Paul Collins Startup list
[Windows]
Number=12244
Confirmed=X
Filename=Kernel32.exe
Description=Added by the TENDOOLF.A WORM!
Source=Paul Collins Startup list
[Windows]
Number=12245
Confirmed=X
Filename=msdos98.exe
Description=Added by the PWSTEAL TROJAN!
Source=Paul Collins Startup list
[Windows]
Number=12246
Confirmed=X
Filename=Windows.exe
Description=Added by the KAZMOR.A, BOBBINS & ALADINZ.D TROJANS!
Source=Paul Collins Startup list
[Windows]
Number=12247
Confirmed=X
Filename=explorer.exe
Description=Added by the POEBOT-J WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list
[windows]
Number=12248
Confirmed=X
Filename=[path to trojan]
Description=Added by the AIMWIN TROJAN!
Source=Paul Collins Startup list
[windows]
Number=12249
Confirmed=X
Filename=hkey.exe
Description=Added by the GAOBOT.AFW WORM!
Source=Paul Collins Startup list
[windows]
Number=12250
Confirmed=X
Filename=system copy.exe
Description=Added by the SALGA.A WORM!
Source=Paul Collins Startup list
[Windows]
Number=12251
Confirmed=X
Filename=gearsec.exe
Description=Added by the STUBBOT-B TROJAN!
Source=Paul Collins Startup list
[Windows]
Number=12252
Confirmed=X
Filename=run.exe
Description=Added by the SPYBOT.OFN WORM!
Source=Paul Collins Startup list
[Windows]
Number=12253
Confirmed=X
Filename=system.exe
Description=Added by the SPYBOT.OBB WORM!
Source=Paul Collins Startup list
[WINDOWS]
Number=12254
Confirmed=X
Filename=\windows.exe
Description=Added by the MONBOT-A TROJAN!
Source=Paul Collins Startup list
[Windows]
Number=12255
Confirmed=X
Filename=services.exe
Description=Added by the SOBER-Z WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! ! This file is located in a "WinSecurity" subfolder of the Windows or Winnt folder
Source=Paul Collins Startup list
[WINDOWS]
Number=12256
Confirmed=X
Filename=jif.exe
Description=Added by the MYTOB.MK WORM!
Source=Paul Collins Startup list
[windows]
Number=12257
Confirmed=X
Filename=iexplore.exe
Description=Added by the RBOT-UM WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup unless you add it manually! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list
[Windows]
Number=12258
Confirmed=X
Filename=services.exe
Description=Added by the DLOADR-GW TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Windows" subfolder
Source=Paul Collins Startup list
[Windows]
Number=12259
Confirmed=X
Filename=smss.exe
Description=Added by the BANCBAN-QF TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[windows]
Number=12260
Confirmed=X
Filename=svchost.exe
Description=Added by the SLOMIRC-A WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[WINDOWS]
Number=12261
Confirmed=X
Filename=ymssgr.exe
Description=Added by the PS TROJAN! Note - deactivates the MicrosoftInternet Connection Firewall (ICF)
Source=Paul Collins Startup list
[Windows]
Number=12262
Confirmed=X
Filename=taskmngr.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Windows (ICS) Spooler]
Number=12263
Confirmed=X
Filename=crtss.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows (random character)]
Number=12264
Confirmed=X
Filename=diskcheck.exe
Description=Added by the SINGU.B TROJAN!
Source=Paul Collins Startup list
[Windows .Net Manager]
Number=12265
Confirmed=X
Filename=localsvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Windows .Net Manager]
Number=12266
Confirmed=X
Filename=netsvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Windows .Net Manager]
Number=12267
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Windows .Net Manager]
Number=12268
Confirmed=X
Filename=svcadmin.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Windows .Net Manager]
Number=12269
Confirmed=X
Filename=svcman.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Windows .Net Manager]
Number=12270
Confirmed=X
Filename=svcrun.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Windows .Net Manager]
Number=12271
Confirmed=X
Filename=tcpsvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Windows .Net Manager]
Number=12272
Confirmed=X
Filename=websvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Windows 128 Module]
Number=12273
Confirmed=X
Filename=win128.exe
Description=Added by the FORBOT-ES WORM!
Source=Paul Collins Startup list
[Windows 2004]
Number=12274
Confirmed=X
Filename=csrss.exe
Description=Added by the BANKER-DY TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Arquivos de programas\Windows 2004\Tools" folder
Source=Paul Collins Startup list
[Windows 32 Editor]
Number=12275
Confirmed=X
Filename=Win32edit.exe
Description=Added by the WOOTBOT.GQ WORM!
Source=Paul Collins Startup list
[Windows 32 Rescue]
Number=12276
Confirmed=X
Filename=win32resc.exe
Description=Added by the FORBOT-EU WORM!
Source=Paul Collins Startup list
[Windows 32 Update]
Number=12277
Confirmed=X
Filename=Windows-Update.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Accelerators]
Number=12278
Confirmed=U
Filename=setup.exe
Description=KeySpy keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list
[Windows AdControl]
Number=12279
Confirmed=X
Filename=WinAdCtl.exe
Description=Windupdates adware variant
Source=Paul Collins Startup list
[Windows AdService]
Number=12280
Confirmed=X
Filename=WinAdServ.exe
Description=Windupdates adware variant
Source=Paul Collins Startup list
[Windows AdStatus]
Number=12281
Confirmed=X
Filename=WinStat.exe
Description=Added by the BLESHARE!DR VIRUS!
Source=Paul Collins Startup list
[Windows AdTools]
Number=12282
Confirmed=X
Filename=WinAdTools.exe
Description=Windupdates adware variant
Source=Paul Collins Startup list
[Windows Anti Verifier]
Number=12283
Confirmed=X
Filename=Windows-Anti.exe
Description=Added by the RBOT.ETT WORM!
Source=Paul Collins Startup list
[Windows Anti-Virus Built 32]
Number=12284
Confirmed=X
Filename=AntiVirus32.exe
Description=Added by the SDBOT-BG WORM!
Source=Paul Collins Startup list
[Windows APCI Verifier]
Number=12285
Confirmed=X
Filename=dhcpserv.exe
Description=Added by the RBOT-FON WORM! Note - Disables the automatic startup of other software and deactivates the Microsoft Internet Connection Firewall (ICF)
Source=Paul Collins Startup list
[Windows API Control Task]
Number=12286
Confirmed=X
Filename=apitsk32.exe
Description=Added by the MYTOB.HI WORM!
Source=Paul Collins Startup list
[Windows Application Layer]
Number=12287
Confirmed=X
Filename=walg32.exe
Description=Added by the AGOBOT.ATN WORM!
Source=Paul Collins Startup list
[Windows Application Layer Gateway]
Number=12288
Confirmed=X
Filename=walg32.exe
Description=Added by the AGOBOT-AAZ WORM!
Source=Paul Collins Startup list
[Windows ASN Service]
Number=12289
Confirmed=X
Filename=rge.exe
Description=Added by the RBOT-AOK WORM!
Source=Paul Collins Startup list
[Windows ASN Service]
Number=12290
Confirmed=X
Filename=[random filename]
Description=Added by the AGOBOT-TC WORM!
Source=Paul Collins Startup list
[Windows Authority Service]
Number=12291
Confirmed=X
Filename=lsass.exe
Description=Added by the KALEL-E WORM! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup!
Source=Paul Collins Startup list
[windows auto update]
Number=12292
Confirmed=X
Filename=penis32.exe
Description=Added by the BLASTER (or MSBLAST.A) WORM!
Source=Paul Collins Startup list
[Windows Auto Update]
Number=12293
Confirmed=X
Filename=winupdater.exe
Description=Added by the SDBOT.TF WORM!
Source=Paul Collins Startup list
[Windows auto update]
Number=12294
Confirmed=X
Filename=bazzi.exe
Description=Added by the AHKER.E WORM!
Source=Paul Collins Startup list
[Windows auto update]
Number=12295
Confirmed=X
Filename=LSASS.exe
Description=Added by the AHKER.G WORM! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[windows auto update ]
Number=12296
Confirmed=X
Filename=msblast.exe
Description=Added by the BLASTER.B WORM!
Source=Paul Collins Startup list
[Windows Automatic Update]
Number=12297
Confirmed=X
Filename=wuamgrder.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Automatic Updater]
Number=12298
Confirmed=X
Filename=windrg.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Automatic Updates]
Number=12299
Confirmed=X
Filename=dvldr.exe
Description=Added by the RBOT.MF WORM!
Source=Paul Collins Startup list
[Windows Automatical Updater]
Number=12300
Confirmed=X
Filename=dcz.exe
Description=Added by the RBOT.CXS WORM!
Source=Paul Collins Startup list
[Windows AutomaticUpdater]
Number=12301
Confirmed=X
Filename=runddls.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[windows automation]
Number=12302
Confirmed=X
Filename=mslaugh.exe
Description=Added by the BLASTER.E WORM!
Source=Paul Collins Startup list
[Windows Automation]
Number=12303
Confirmed=X
Filename=msdspr.exe
Description=Added by the SOLAME.A WORM!
Source=Paul Collins Startup list
[Windows Autostart Loader]
Number=12304
Confirmed=X
Filename=notepad32.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows backup]
Number=12305
Confirmed=X
Filename=systemss.exe
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[Windows Backup Configuration]
Number=12306
Confirmed=X
Filename=IEXPLORER.exe
Description=Added by the GAOBOT.AZ WORM!
Source=Paul Collins Startup list
[Windows Baţlangýç Dosyasý]
Number=12307
Confirmed=X
Filename=sistem.exe
Description=Added by the MUZK WORM!
Source=Paul Collins Startup list
[Windows Bootup]
Number=12308
Confirmed=X
Filename=ms-wks32.exe
Description=Added by the RBOT-AFM WORM!
Source=Paul Collins Startup list
[Windows Bootup]
Number=12309
Confirmed=X
Filename=Systemwks32.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Bootup]
Number=12310
Confirmed=X
Filename=task-mngr.exe
Description=Added by the RBOT-AWP WORM!
Source=Paul Collins Startup list
[Windows Clean-Up Pro]
Number=12311
Confirmed=N
Filename=WINDOWS CLEAN-UP PRO.Exe
Description=Spyware remover - not recommended, see note
Source=Paul Collins Startup list
[Windows Client Service 32]
Number=12312
Confirmed=X
Filename=csrss.exe
Description=Added by the RBOT-ALB WORM! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located a drivers\winsdriver subfolder
Source=Paul Collins Startup list
[Windows Client/Server Runtime Server]
Number=12313
Confirmed=X
Filename=csrs.exe
Description=Added by the RBOT.KD WORM!
Source=Paul Collins Startup list
[Windows Command]
Number=12314
Confirmed=X
Filename=wincmd.exe
Description=Added by the RBOT.ANV WORM!
Source=Paul Collins Startup list
[Windows Communicator]
Number=12315
Confirmed=X
Filename=wincomm.exe
Description=Added by the AGOBOT-BH WORM!
Source=Paul Collins Startup list
[Windows Communicator for NT/XP]
Number=12316
Confirmed=X
Filename=osndyrn.exe
Description=Added by the SDBOT-CPK WORM! Note - can terminate AV related processes
Source=Paul Collins Startup list
[Windows Compliant]
Number=12317
Confirmed=X
Filename=[random filename]
Description=Added by the RBOT-IR WORM!
Source=Paul Collins Startup list
[Windows Config]
Number=12318
Confirmed=X
Filename=SSYS.EXE
Description=Added by the SPYBOT-DA WORM!
Source=Paul Collins Startup list
[Windows Config]
Number=12319
Confirmed=X
Filename=wins.exe
Description=Added by the SPYBOT.JR WORM!
Source=Paul Collins Startup list
[Windows Config]
Number=12320
Confirmed=X
Filename=RUNDLL.EXE
Description=Added by the SPYBOT-DX WORM! Note - this is not the Windows system file of the same name as described here
Source=Paul Collins Startup list
[Windows Config Connection]
Number=12321
Confirmed=X
Filename=msicll.exe
Description=Added by the RBOT-EXQ WORM!
Source=Paul Collins Startup list
[Windows Config Loader]
Number=12322
Confirmed=X
Filename=Wincfg32.exe
Description=Added by the SILVERFTP TROJAN!
Source=Paul Collins Startup list
[Windows Config Manager]
Number=12323
Confirmed=X
Filename=winconf.exe
Description=Added by the RBOT-AIT WORM!
Source=Paul Collins Startup list
[Windows Config System]
Number=12324
Confirmed=X
Filename=config.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Windows Configuration]
Number=12325
Confirmed=X
Filename=wsys32.exe
Description=Added by the GAOBOT.FB WORM!
Source=Paul Collins Startup list
[Windows Configuration]
Number=12326
Confirmed=X
Filename=wincfg32.exe
Description=Added by the MYTOB.ED WORM!
Source=Paul Collins Startup list
[Windows Configuration Loader]
Number=12327
Confirmed=X
Filename=asclt.exe
Description=Added by the SDBOT-OA WORM!
Source=Paul Collins Startup list
[Windows connection manager]
Number=12328
Confirmed=X
Filename=Internet.exe
Description=Added by the RBOT-APN WORM! Note - file is found in the Windows or Winnt folder. Make sure you check the link on this one, it copies it's self under three other file names and folder locations
Source=Paul Collins Startup list
[Windows Console Monitor]
Number=12329
Confirmed=X
Filename=[path to worm]
Description=Added by KEDEBE WORM!
Source=Paul Collins Startup list
[Windows Console Monitor]
Number=12330
Confirmed=X
Filename=gcasAV32.exe
Description=Added by the KEDEBE-A WORM!
Source=Paul Collins Startup list
[Windows Control]
Number=12331
Confirmed=X
Filename=Control.exe
Description=Browser hijacker. NOTE - On Win9x systems it will overwrite the Windows file of the same name in the Windows directory, so therefore it will be necessary to extract a fresh copy of the file from the Windows setup cabs!
Source=Paul Collins Startup list
[Windows ControlAd]
Number=12332
Confirmed=X
Filename=WinCtlAd.exe
Description=Windupdates adware variant
Source=Paul Collins Startup list
[Windows Core Kernel Update]
Number=12333
Confirmed=X
Filename=win32bootcfg.exe
Description=Added by the RANCK-EL TROJAN!
Source=Paul Collins Startup list
[Windows CPU host]
Number=12334
Confirmed=X
Filename=winbog32.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Critical Alert]
Number=12335
Confirmed=X
Filename=wincrt.exe
Description=Added by the ALEDO-A TROJAN!
Source=Paul Collins Startup list
[Windows Custom Services]
Number=12336
Confirmed=X
Filename=CSRCS.EXE
Description=Added by the SPYBOT-EI WORM!
Source=Paul Collins Startup list
[Windows Data Server]
Number=12337
Confirmed=X
Filename=autodisc.exe
Description=Added by the SPYBOT-CB WORM!
Source=Paul Collins Startup list
[Windows Data Server]
Number=12338
Confirmed=X
Filename=[random name].exe
Description=Added by the SPYBOT-DS WORM!
Source=Paul Collins Startup list
[Windows Database]
Number=12339
Confirmed=X
Filename=WinDat.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Windows Database]
Number=12340
Confirmed=X
Filename=wiinsvc.exe
Description=Added by the AGOBOT-RU WORM!
Source=Paul Collins Startup list
[Windows Dcom2 Fix]
Number=12341
Confirmed=X
Filename=mscom32.exe
Description=Added by the RBOT-QT WORM!
Source=Paul Collins Startup list
[Windows DDE Loader]
Number=12342
Confirmed=X
Filename=windde32.exe
Description=Added by the SDBOT-UZ WORM!
Source=Paul Collins Startup list
[Windows debug logging]
Number=12343
Confirmed=X
Filename=winlogg.exe
Description=Added by the RBOT-OY WORM!
Source=Paul Collins Startup list
[Windows debug logging]
Number=12344
Confirmed=X
Filename=winloggs.exe
Description=Added by the RBOT-QN WORM!
Source=Paul Collins Startup list
[Windows Debugger]
Number=12345
Confirmed=X
Filename=windbg.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[Windows Debugger]
Number=12346
Confirmed=X
Filename=msdbg32.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Debugger]
Number=12347
Confirmed=X
Filename=windbg32.exe
Description=Added by the ZOTOB.L WORM!
Source=Paul Collins Startup list
[Windows Debugging Tools]
Number=12348
Confirmed=X
Filename=updatecfg.exe
Description=Added by the RBOT-AXU WORM!
Source=Paul Collins Startup list
[Windows Default Configuration]
Number=12349
Confirmed=X
Filename=svchost.exe
Description=Added by the DLOADER-U TROJAN! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup!
Source=Paul Collins Startup list
[Windows Defender]
Number=12350
Confirmed=Y
Filename=MSASCui.exe
Description=Related to Windows Defender Microsoft (anti-spyware) tool
Source=Paul Collins Startup list
[WINDOWS DENEME]
Number=12351
Confirmed=X
Filename=deneme.exe
Description=Added by the MYTOB-CR WORM!
Source=Paul Collins Startup list
[Windows Desktop Controler]
Number=12352
Confirmed=X
Filename=windesktop.exe
Description=Added by the SDBOT-XH WORM!
Source=Paul Collins Startup list
[Windows Desktop Daemon]
Number=12353
Confirmed=X
Filename=winpadg.exe
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[Windows Desktop Search]
Number=12354
Confirmed=U
Filename=WindowsSearch.exe
Description=Windows Desktop Search from Microsoft
Source=Paul Collins Startup list
[Windows Dialup Service]
Number=12355
Confirmed=X
Filename=dialup.exe
Description=Added by the AGOBOT.AAH WORM!
Source=Paul Collins Startup list
[Windows DLL host]
Number=12356
Confirmed=X
Filename=winupd32.exe
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[Windows DLL Host]
Number=12357
Confirmed=X
Filename=dllhost32.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Windows DLL Loader]
Number=12358
Confirmed=X
Filename=RUNDLL16.EXE
Description=Added by the DOMWIS TROJAN!
Source=Paul Collins Startup list
[Windows DLL Loader]
Number=12359
Confirmed=X
Filename=defragfat32z.exe
Description=Added by the LINKBOT.A WORM!
Source=Paul Collins Startup list
[Windows DLL Loader]
Number=12360
Confirmed=X
Filename=rundll32.exe
Description=Added by the WHIPSER-B WORM! Note - rundll32.exe file is placed in the Windows\System folder, wheras the legitimate rundll32.exe is located in the C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K) or C:\Windows\System32 (WinXP)
Source=Paul Collins Startup list
[Windows DLL Loader]
Number=12361
Confirmed=X
Filename=defragfat32pi.exe
Description=Added by the RBOT-QQ WORM!
Source=Paul Collins Startup list
[Windows DLL Loader]
Number=12362
Confirmed=X
Filename=defragfat39.exe
Description=Added by the POEBOT-C WORM!
Source=Paul Collins Startup list
[Windows DLL Loader]
Number=12363
Confirmed=X
Filename=defragfatz.exe
Description=Added by the LINKBOT.H WORM!
Source=Paul Collins Startup list
[Windows DLL Loader]
Number=12364
Confirmed=X
Filename=defragfat32.exe
Description=Added by the SDBOT-SS WORM!
Source=Paul Collins Startup list
[Windows DLL Loader]
Number=12365
Confirmed=X
Filename=defragfat32abc.exe
Description=Added by the RBOT-RG WORM!
Source=Paul Collins Startup list
[Windows DLL Loader]
Number=12366
Confirmed=X
Filename=wdevice.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Windows DLL Loader]
Number=12367
Confirmed=X
Filename=SYSCFG16.EXE
Description=Added by the DOMWIS-N WORM!
Source=Paul Collins Startup list
[Windows DLL Loader]
Number=12368
Confirmed=X
Filename=WINCFG32.EXE
Description=Added by the AGOBOT-TE WORM!
Source=Paul Collins Startup list
[Windows DLL Services]
Number=12369
Confirmed=X
Filename=winsvc32.exe
Description=Added by the RBOT-ZF WORM!
Source=Paul Collins Startup list
[Windows DLL Services]
Number=12370
Confirmed=X
Filename=svchost.exe
Description=Added by the AGENT.H spyware! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Windows DLL Services]
Number=12371
Confirmed=X
Filename=system.exe
Description=Added by the AGENT.H spyware
Source=Paul Collins Startup list
[Windows DLL Tracker]
Number=12372
Confirmed=X
Filename=spoolsrv.exe
Description=Added by a variant of the WOOTBOT WORM!
Source=Paul Collins Startup list
[Windows DLL Verifier]
Number=12373
Confirmed=X
Filename=xptl.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows DLL Verifier]
Number=12374
Confirmed=X
Filename=windlls.exe
Description=Added by the RBOT-AZQ WORM!
Source=Paul Collins Startup list
[Windows DNS]
Number=12375
Confirmed=X
Filename=windns.exe
Description=Added by the SDBOT-XU WORM!
Source=Paul Collins Startup list
[Windows DNS Daemon]
Number=12376
Confirmed=X
Filename=windnsd.exe
Description=Added by the WOOTBOT.AS WORM!
Source=Paul Collins Startup list
[Windows Domain Name Drivers]
Number=12377
Confirmed=X
Filename=windns.exe
Description=Added by the FORBOT-EP WORM!
Source=Paul Collins Startup list
[Windows DOS]
Number=12378
Confirmed=X
Filename=dosw.exe
Description=Added by the SALAY-A WORM!
Source=Paul Collins Startup list
[Windows Download Manager]
Number=12379
Confirmed=X
Filename=windlmngr.exe
Description=Added by an unidentified TROJAN!
Source=Paul Collins Startup list
[Windows Drive Compatibility]
Number=12380
Confirmed=X
Filename=System32Driver32.exe
Description=Added by the SUPOVA.Z WORM!
Source=Paul Collins Startup list
[Windows Driver]
Number=12381
Confirmed=X
Filename=winxpdriver.exe
Description=Added by the WOOTBOT.EE WORM!
Source=Paul Collins Startup list
[Windows Driver Adapter]
Number=12382
Confirmed=X
Filename=svchost.exe
Description=Added by the ANTINNY-K WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in a "drivers" subfolder
Source=Paul Collins Startup list
[Windows Driver Foundation]
Number=12383
Confirmed=X
Filename=MTVSCMXT.EXE
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Driver Services]
Number=12384
Confirmed=X
Filename=msdrvs32.exe
Description=Added by the WOOTBOT.L WORM!
Source=Paul Collins Startup list
[Windows drivers update]
Number=12385
Confirmed=X
Filename=windowsupdate.exe
Description=Added by the RBOT-ACE WORM!
Source=Paul Collins Startup list
[Windows Dynamic Loading Header]
Number=12386
Confirmed=X
Filename=winDLL32.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Windows Executable]
Number=12387
Confirmed=X
Filename=winmys.exe
Description=Added by the RBOT-ABO WORM!
Source=Paul Collins Startup list
[Windows ExpIorer]
Number=12388
Confirmed=X
Filename=[random filename]
Description=Added by the RBOT-AKO WORM!
Source=Paul Collins Startup list
[Windows Explorer]
Number=12389
Confirmed=X
Filename=[filename].exe
Description=Added by the SDBOT TROJAN! Note - this is not the legitimate Windows Explorer (explorer.exe) which would not normally appear in Msconfig/Startup unless you added it manually!
Source=Paul Collins Startup list
[Windows Explorer]
Number=12390
Confirmed=X
Filename=Lsas.exe
Description=Added by the GAOBOT.AO WORM!
Source=Paul Collins Startup list
[Windows Explorer]
Number=12391
Confirmed=X
Filename=olecom32.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Windows Explorer]
Number=12392
Confirmed=X
Filename=EEXPLORER.EXE
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[Windows Explorer]
Number=12393
Confirmed=X
Filename=explorer.exe
Description=Added by the POEBOT-J WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list
[Windows Explorer]
Number=12394
Confirmed=X
Filename=explorer.pif
Description=Added by the RBOT-AID WORM!
Source=Paul Collins Startup list
[Windows Explorer]
Number=12395
Confirmed=X
Filename=system32.exe
Description=Added by the RBOT-AJH WORM!
Source=Paul Collins Startup list
[Windows Explorer]
Number=12396
Confirmed=X
Filename=explorer32.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Windows Explorer Shell]
Number=12397
Confirmed=X
Filename=Winexec32.exe
Description=Added by the REDIST.B WORM!
Source=Paul Collins Startup list
[Windows Explorer SP2]
Number=12398
Confirmed=X
Filename=csrss.exe
Description=Added by the BANKER-DM TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located a JavaBeans subfolder
Source=Paul Collins Startup list
[Windows Explorer Update Build 1142]
Number=12399
Confirmed=X
Filename=EXPLORER32.EXE
Description=Added by the KaZaA based KWBOT or KWBOT.Y WORMS!
Source=Paul Collins Startup list
[Windows Explorer-3212]
Number=12400
Confirmed=X
Filename=WINRE16.EXE
Description=Added by the HARDOC WORM!
Source=Paul Collins Startup list
[Windows Extensions for Win32]
Number=12401
Confirmed=X
Filename=winprgs32.exe
Description=Added by the SDBOT.AFA WORM!
Source=Paul Collins Startup list
[Windows Eyes]
Number=12402
Confirmed=N
Filename=??
Description=For blind people, gives a voice description of items on the screen. Windows application which gives you total control over what you hear, when you hear it, and how you hear it. Available via Start -> Programs
Source=Paul Collins Startup list
[Windows FAT 32]
Number=12403
Confirmed=X
Filename=WINFAT32B.exe
Description=Added by the SPYBOT-AGT WORM!
Source=Paul Collins Startup list
[Windows File Protection]
Number=12404
Confirmed=X
Filename=winprotect.exe
Description=Added by the AGOBOT.JB WORM!
Source=Paul Collins Startup list
[Windows File System Frame]
Number=12405
Confirmed=X
Filename=ntframe.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Windows Firewal]
Number=12406
Confirmed=X
Filename=Lsess.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Firewall]
Number=12407
Confirmed=X
Filename=WindowsFirewall.exe
Description=Added by the MYTOB.AO WORM!
Source=Paul Collins Startup list
[Windows Firewall Log]
Number=12408
Confirmed=X
Filename=winlog.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Windows Firewall Manager]
Number=12409
Confirmed=X
Filename=msfw.exe
Description=Added by the RBOT.WR WORM!
Source=Paul Collins Startup list
[Windows firewall manager]
Number=12410
Confirmed=X
Filename=chh.exe
Description=Added by a variant of the RANDEX.GEL WORM!
Source=Paul Collins Startup list
[Windows firewall manager]
Number=12411
Confirmed=X
Filename=msguard.exe
Description=Added by a variant of the RANDEX.GEL WORM!
Source=Paul Collins Startup list
[Windows Firewall Updater]
Number=12412
Confirmed=X
Filename=updatees.exe
Description=Added by the RBOT-GX WORM!
Source=Paul Collins Startup list
[Windows Firewall Updater]
Number=12413
Confirmed=X
Filename=cronos.exe
Description=Added by the RBOT-GBY WORM!
Source=Paul Collins Startup list
[Windows Firewall Updater]
Number=12414
Confirmed=X
Filename=ctfcom.exe
Description=Added by the RBOT-GCB WORM!
Source=Paul Collins Startup list
[Windows Firewalll]
Number=12415
Confirmed=X
Filename=scvhost.exe
Description=Added by the RBOT-EK WORM!
Source=Paul Collins Startup list
[Windows Firewalll]
Number=12416
Confirmed=X
Filename=sphost.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Firewalll]
Number=12417
Confirmed=X
Filename=svvhost.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Firewalll]
Number=12418
Confirmed=X
Filename=winmu.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Fix]
Number=12419
Confirmed=X
Filename=integator.exe
Description=Added by the SDBOT.ZAB WORM!
Source=Paul Collins Startup list
[Windows Fixes Systems]
Number=12420
Confirmed=X
Filename=elite.exe
Description=Added by the MYTOB.EG WORM!
Source=Paul Collins Startup list
[Windows FormatAd]
Number=12421
Confirmed=X
Filename=WinForm.exe
Description=Windupdates adware variant
Source=Paul Collins Startup list
[Windows Frame Works]
Number=12422
Confirmed=X
Filename=frmwrks32.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[WINDOWS FUCK BY CLASIC]
Number=12423
Confirmed=X
Filename=fuck.exe
Description=Added by the ZOTOB.H or ZOTOB.J WORMS!
Source=Paul Collins Startup list
[Windows Generic Proc]
Number=12424
Confirmed=X
Filename=procmsg.exe
Description=Added by the ALLIM.B WORM!
Source=Paul Collins Startup list
[Windows GMT32]
Number=12425
Confirmed=X
Filename=wingmt32.exe
Description=Added by the MYTOB.KM WORM!
Source=Paul Collins Startup list
[Windows Graphics Loaders]
Number=12426
Confirmed=X
Filename=wingraphics.exe
Description=Added by the SPYBOT.JG WORM!
Source=Paul Collins Startup list
[Windows Guard]
Number=12427
Confirmed=X
Filename=WAUMGRD.EXE
Description=Added by the RBOT-GY WORM!
Source=Paul Collins Startup list
[Windows Guardian]
Number=12428
Confirmed=U
Filename=thehel1iawgrd32.exe
Description=Part of First Aid by Cybermedia who were subsequently bought by McAfee (Network Associates). Protects your Windows system from application failure and crashes
Source=Paul Collins Startup list
[Windows Guardian]
Number=12429
Confirmed=U
Filename=Fawgrd32.exe
Description=Part of First Aid by Cybermedia who were subsequently bought by McAfee (Network Associates). Protects your Windows system from application failure and crashes
Source=Paul Collins Startup list
[Windows Help]
Number=12430
Confirmed=X
Filename=mailinfo.exe
Description=Added by the MYTOB.JX WORM!
Source=Paul Collins Startup list
[Windows Help File]
Number=12431
Confirmed=X
Filename=winhelper32.exe
Description=Added by the SDBOT-QK TROJAN!
Source=Paul Collins Startup list
[Windows Help Manager]
Number=12432
Confirmed=X
Filename=svchost32.exe
Description=Added by the RBOT-OZ WORM!
Source=Paul Collins Startup list
[Windows Help Service]
Number=12433
Confirmed=X
Filename=winhelpsv.exe
Description=Added by the RBOT-LP WORM!
Source=Paul Collins Startup list
[Windows Help Service]
Number=12434
Confirmed=X
Filename=winhlp.pif
Description=Added by the RBOT-AKW WORM!
Source=Paul Collins Startup list
[Windows Help System]
Number=12435
Confirmed=?
Filename=Help.pif
Description=??
Source=Paul Collins Startup list
[Windows Host]
Number=12436
Confirmed=X
Filename=hosts.exe
Description=Added by the KELVIR.U WORM!
Source=Paul Collins Startup list
[Windows Host]
Number=12437
Confirmed=X
Filename=winhost.exe
Description=Added by the PRYSAT TROJAN!
Source=Paul Collins Startup list
[Windows Host Device]
Number=12438
Confirmed=X
Filename=hostsvc.exe
Description=Added by the ZOOTY-A WORM!
Source=Paul Collins Startup list
[Windows Host Name]
Number=12439
Confirmed=X
Filename=lmass.exe
Description=Added by the GAOBOT.O WORM!
Source=Paul Collins Startup list
[Windows Host Service]
Number=12440
Confirmed=X
Filename=scvhosts.exe
Description=Added by the SPYBOT.NLI WORM!
Source=Paul Collins Startup list
[Windows Host Service]
Number=12441
Confirmed=X
Filename=host.exe
Description=Added by KELVIR.AN WORM!
Source=Paul Collins Startup list
[Windows Host Service]
Number=12442
Confirmed=X
Filename=svchoste.exe
Description=Added by the KELVIR.BF WORM!
Source=Paul Collins Startup list
[Windows Host Service]
Number=12443
Confirmed=X
Filename=svchosts32.exe
Description=Added by the KELVIR.AW WORM!
Source=Paul Collins Startup list
[Windows Host32 Starter]
Number=12444
Confirmed=X
Filename=hostserv.exe
Description=Added by the SDBOT-WU WORM!
Source=Paul Collins Startup list
[Windows Hosts]
Number=12445
Confirmed=X
Filename=hosts.exe
Description=Added by the KELVIR-O TROJAN!
Source=Paul Collins Startup list
[Windows HP Drivers]
Number=12446
Confirmed=X
Filename=hpdmws.exe
Description=Added by the SDBOT.AQU WORM!
Source=Paul Collins Startup list
[Windows HTML file reader]
Number=12447
Confirmed=X
Filename=Sysconf32.exe
Description=Added by the NOOMY.A WORM!
Source=Paul Collins Startup list
[Windows HTTP services]
Number=12448
Confirmed=X
Filename=winhttps.exe
Description=Added by a variant of the SDBOT WORM! See here
Source=Paul Collins Startup list
[Windows Icons Manager]
Number=12449
Confirmed=X
Filename=wicomgr.exe
Description=Added by the RBOT-AIF WORM!
Source=Paul Collins Startup list
[WINDOWS ID SYSTEM]
Number=12450
Confirmed=X
Filename=wID32.exe
Description=Added by the MYTOB.LN WORM!
Source=Paul Collins Startup list
[Windows iMessenger Messenger]
Number=12451
Confirmed=X
Filename=winimsg.exe
Description=Added by the ALLIM.A WORM!
Source=Paul Collins Startup list
[Windows Incontext]
Number=12452
Confirmed=X
Filename=InSearch.exe
Description=PacerD_Media/Pacimedia.com/Z-Quest adware installer
Source=Paul Collins Startup list
[Windows Insecure]
Number=12453
Confirmed=X
Filename=[path to worm]
Description=Added by the RBOT-FSM WORM!
Source=Paul Collins Startup list
[Windows installer]
Number=12454
Confirmed=X
Filename=winstall.exe
Description=SpySheriff malware. For more information on registry key changes see SPYWAD-E
Source=Paul Collins Startup list
[Windows Installer]
Number=12455
Confirmed=X
Filename=ntdll.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Windows Internet Protocol]
Number=12456
Confirmed=X
Filename=winproc32.exe
Description=CoolWebSearch Winproc32 parasite variant - also detected as the STARTPA-BF TROJAN!
Source=Paul Collins Startup list
[Windows Internet Protocol]
Number=12457
Confirmed=X
Filename=deinst_qfe001.exe
Description=Added by a variant of the Win32.Small TROJAN!
Source=Paul Collins Startup list
[Windows Internet Service]
Number=12458
Confirmed=X
Filename=wininet.exe
Description=Added by the RBOT-AUX WORM!
Source=Paul Collins Startup list
[Windows IP Security]
Number=12459
Confirmed=U
Filename=ipsec.exe
Description=Related to the VPN IPSec utility - used to create Security Policy (SP) entries and Security Association (SA) entries in the kernel
Source=Paul Collins Startup list
[Windows IP Security Service]
Number=12460
Confirmed=X
Filename=ipsecs.exe
Description=Added by the RBOT.BPW WORM!
Source=Paul Collins Startup list
[Windows IPv6 Drivers]
Number=12461
Confirmed=X
Filename=wipv6.exe
Description=Added by the SDBOT-VJ WORM!
Source=Paul Collins Startup list
[Windows Java Update]
Number=12462
Confirmed=X
Filename=weatherBug32.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows JavaScript Daemon]
Number=12463
Confirmed=X
Filename=Winjsd.exe
Description=Added by the WOOTBOT.AF WORM!
Source=Paul Collins Startup list
[Windows Kernel 64]
Number=12464
Confirmed=X
Filename=kernal64.exe
Description=Added by the YIMP-B WORM!
Source=Paul Collins Startup list
[Windows Kernel System Service]
Number=12465
Confirmed=X
Filename=wkssvr.exe
Description=Added by a variant of the RANDEX.GEL WORM!
Source=Paul Collins Startup list
[Windows kev Messenger]
Number=12466
Confirmed=X
Filename=mskev.exe
Description=Added by the SDBOT-XV WORM!
Source=Paul Collins Startup list
[Windows live Support]
Number=12467
Confirmed=X
Filename=wlmsngr.exe
Description=Added by the RBOT-BKL WORM!
Source=Paul Collins Startup list
[Windows Load]
Number=12468
Confirmed=?
Filename=windows.com
Description=??
Source=Paul Collins Startup list
[Windows Loader]
Number=12469
Confirmed=X
Filename=wstart32.exe
Description=Added by the GAOBOT.CA WORM!
Source=Paul Collins Startup list
[Windows Loader]
Number=12470
Confirmed=X
Filename=winServices.pif
Description=Reported by Kaspersky Anti-Virus as the CARDSPY.D TROJAN!
Source=Paul Collins Startup list
[Windows Loader]
Number=12471
Confirmed=X
Filename=SysUpdate.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Windows Loader Service]
Number=12472
Confirmed=X
Filename=civsc.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[windows Loadxm]
Number=12473
Confirmed=X
Filename=Win_.exe
Description=Added by the FODDER-A TROJAN!
Source=Paul Collins Startup list
[Windows Local Services]
Number=12474
Confirmed=X
Filename=localsvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Windows Local Services]
Number=12475
Confirmed=X
Filename=netsvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Windows Local Services]
Number=12476
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Windows Local Services]
Number=12477
Confirmed=X
Filename=svcadmin.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Windows Local Services]
Number=12478
Confirmed=X
Filename=svcman.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Windows Local Services]
Number=12479
Confirmed=X
Filename=svcrun.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Windows Local Services]
Number=12480
Confirmed=X
Filename=tcpsvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Windows Local Services]
Number=12481
Confirmed=X
Filename=websvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Windows Locator]
Number=12482
Confirmed=X
Filename=wsass.exe
Description=Added by the IRCBOT.N TROJAN!
Source=Paul Collins Startup list
[Windows Logger]
Number=12483
Confirmed=X
Filename=winlog.exe
Description=Added by the NSHADOW-B TROJAN!
Source=Paul Collins Startup list
[Windows logging]
Number=12484
Confirmed=X
Filename=winlogd.exe
Description=Added by the RBOT-ON WORM!
Source=Paul Collins Startup list
[Windows Login]
Number=12485
Confirmed=X
Filename=explored.exe
Description=Added by the GAOBOT.SY WORM!
Source=Paul Collins Startup list
[Windows Login]
Number=12486
Confirmed=X
Filename=winlog.exe
Description=Added by the AGOBOT.MG WORM!
Source=Paul Collins Startup list
[Windows Login]
Number=12487
Confirmed=X
Filename=lmss.exe
Description=Added by the AGOBOT-JA WORM!
Source=Paul Collins Startup list
[Windows Login]
Number=12488
Confirmed=X
Filename=lmss.exe
Description=Added by the AGOBOT-JA WORM!
Source=Paul Collins Startup list
[Windows Login Folder]
Number=12489
Confirmed=X
Filename=winzep.exe
Description=Added by the AGOBOT-TZ WORM!
Source=Paul Collins Startup list
[Windows Login Manager]
Number=12490
Confirmed=X
Filename=winlogin.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Windows Login Security]
Number=12491
Confirmed=X
Filename=winlogin.pif
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Windows Login Service]
Number=12492
Confirmed=X
Filename=winlog.exe
Description=Added by the RBOT-AFN WORM!
Source=Paul Collins Startup list
[Windows Login Service]
Number=12493
Confirmed=X
Filename=winlogin.pif
Description=Added by the SDBOT-ACU WORM!
Source=Paul Collins Startup list
[Windows Logon]
Number=12494
Confirmed=X
Filename=winlogin.exe
Description=Added by the SPYBOT-C TROJAN!
Source=Paul Collins Startup list
[Windows Logon Application]
Number=12495
Confirmed=X
Filename=WinIogon.exe
Description=Added by the LINKBOT.M WORM!
Source=Paul Collins Startup list
[Windows Logon Application]
Number=12496
Confirmed=X
Filename=logon.exe
Description=Added by the POEBOT-J WORM!
Source=Paul Collins Startup list
[Windows Logon Application]
Number=12497
Confirmed=X
Filename=services.exe
Description=Added by the CIADOOR-L TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
Source=Paul Collins Startup list
[Windows Logon Application]
Number=12498
Confirmed=X
Filename=win32help.exe
Description=Added by the DELBOT-X WORM!
Source=Paul Collins Startup list
[Windows Logon Application]
Number=12499
Confirmed=X
Filename=winlogon.exe
Description=Added by the POEBOT-KW WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Windows Logon Manager]
Number=12500
Confirmed=X
Filename=logon.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Logon Procedure]
Number=12501
Confirmed=X
Filename=Svchoste.exe
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[Windows Logon Procedure]
Number=12502
Confirmed=X
Filename=Svchosta.exe
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[windows logon procedure]
Number=12503
Confirmed=X
Filename=winlogonpc.exe
Description=Added by the WINLOGON TROJAN!
Source=Paul Collins Startup list
[Windows Logon Service]
Number=12504
Confirmed=X
Filename=winlogon.pif
Description=Added by the RBOT-AOU WORM!
Source=Paul Collins Startup list
[Windows Logon Service]
Number=12505
Confirmed=X
Filename=napi32.exe
Description=Added by the SPYBOT.ANDM WORM!
Source=Paul Collins Startup list
[Windows LoL Layer]
Number=12506
Confirmed=X
Filename=gqwdcr.exe
Description=Added by the AGOBOT-AHS WORM!
Source=Paul Collins Startup list
[Windows LoL Layer]
Number=12507
Confirmed=X
Filename=win.exe
Description=Added by the RBOT-FTO WORM!
Source=Paul Collins Startup list
[Windows LoL Layer]
Number=12508
Confirmed=X
Filename=[random filename].exe
Description=Added by the RBOT-GMD WORM!
Source=Paul Collins Startup list
[Windows LoL Layer]
Number=12509
Confirmed=X
Filename=pyvnpt.exe
Description=Added by the RBOT-GKV WORM!
Source=Paul Collins Startup list
[Windows LoL Layer]
Number=12510
Confirmed=X
Filename=winlolx.exe
Description=Added by the RBOT-FOR WORM!
Source=Paul Collins Startup list
[Windows Management Instrumentation]
Number=12511
Confirmed=X
Filename=mwd.exe
Description=Added by the GRAPS WORM!
Source=Paul Collins Startup list
[Windows Management Instrumentation]
Number=12512
Confirmed=X
Filename=[path to file]
Description=Added by the QEDS-A VIRUS!
Source=Paul Collins Startup list
[WINDOWS MANAGEMENT SYSTEM]
Number=12513
Confirmed=X
Filename=wm1exe.exe
Description=Added by the RBOT-VT WORM!
Source=Paul Collins Startup list
[Windows Manager]
Number=12514
Confirmed=X
Filename=winmants.exe
Description=Added by the MANTAS WORM!
Source=Paul Collins Startup list
[Windows Manager]
Number=12515
Confirmed=X
Filename=winsrv.exe
Description=Added by a variant of the AGOBOT/GAOBOT WORM!
Source=Paul Collins Startup list
[Windows Manager Update Inc]
Number=12516
Confirmed=X
Filename=tgb.exe
Description=Added by the SDBOT-ACM WORM!
Source=Paul Collins Startup list
[Windows mangement]
Number=12517
Confirmed=X
Filename=winlogonn.exe
Description=Added by the RANDEX.FC WORM!
Source=Paul Collins Startup list
[Windows Media AP]
Number=12518
Confirmed=X
Filename=winmapp.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Windows Media APP]
Number=12519
Confirmed=X
Filename=wmapp.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Windows Media Center]
Number=12520
Confirmed=N
Filename=RunDLL32.exe [path] ehuihlp.dll, BootMediaCenter
Description=Starts Windows Media Center every time Windows Vista (Home Premium or Ultimate) boots. Disable by unchecking the "Start Windows Media Center when Windows Starts" option via Windows Media Center -> Tasks -> Settings -> General -> Startup and Window Behaviour
Source=Paul Collins Startup list
[Windows Media Connect 2]
Number=12521
Confirmed=N
Filename=WMCCFG.exe
Description=Windows Media Connect from Microsoft - stream digital media files on your computer to digital media receivers (DMRs) that are connected to your home network
Source=Paul Collins Startup list
[Windows Media Driver]
Number=12522
Confirmed=X
Filename=msnger.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Media Loader]
Number=12523
Confirmed=X
Filename=wmloader.exe
Description=Added by a variant of the GAOBOT WORM!
Source=Paul Collins Startup list
[Windows Media Player]
Number=12524
Confirmed=X
Filename=wmediaplayer.exe
Description=Added by the AGOBOT-NQ WORM!
Source=Paul Collins Startup list
[Windows Media Player]
Number=12525
Confirmed=X
Filename=MediaPIayer.exe
Description=Added by the SDBOT-QO TROJAN! - note, the executable is called 'MediapIayer', with an 'i' !)
Source=Paul Collins Startup list
[Windows Media Player]
Number=12526
Confirmed=X
Filename=[random filename]
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Media Player]
Number=12527
Confirmed=X
Filename=msa.exe
Description=Added by the RBOT-SI WORM!
Source=Paul Collins Startup list
[Windows Media Player]
Number=12528
Confirmed=X
Filename=mcafe32.exe
Description=Added by the RBOT-YO WORM!
Source=Paul Collins Startup list
[Windows Media Player]
Number=12529
Confirmed=X
Filename=wmplayer.exe
Description=Added by the KELVIR.G WORM or variants! Note - this is not the valid Windows Media Player as the executeable resides is C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K) or C:\Windows\System32 (WinXP) rather than C:\Program Files\Windows Media Player
Source=Paul Collins Startup list
[Windows Media Player]
Number=12530
Confirmed=X
Filename=50cent.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Media Player]
Number=12531
Confirmed=X
Filename=mpwe.exe
Description=Added by the RBOT-TT WORM!
Source=Paul Collins Startup list
[Windows Media Player]
Number=12532
Confirmed=X
Filename=msams.exe
Description=Added by the RBOT.AHR WORM!
Source=Paul Collins Startup list
[Windows Media Player 3.6]
Number=12533
Confirmed=X
Filename=wmpa36.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Media Player 3.6b]
Number=12534
Confirmed=X
Filename=WMPA36B.EXE
Description=Added by the RBOT-VV WORM!
Source=Paul Collins Startup list
[Windows Media Player 3.6d]
Number=12535
Confirmed=X
Filename=wmpa36d.exe
Description=Added by the RBOT-YA WORM!
Source=Paul Collins Startup list
[Windows Media Player 3.9]
Number=12536
Confirmed=X
Filename=wmpa36.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Media Player Service]
Number=12537
Confirmed=X
Filename=wmedia.exe
Description=Added by the RBOT.213504 WORM!
Source=Paul Collins Startup list
[Windows Media Player Update]
Number=12538
Confirmed=X
Filename=[random filename]
Description=Added by the RBOT-ET WORM!
Source=Paul Collins Startup list
[Windows Media Powerpoint Helper]
Number=12539
Confirmed=N
Filename=NSPPTHLP.EXE
Description=German software (comes with some Toshiba CD writers) that helps convert Powerpoint files to ASF (Streaming Media) files. Available via Start -> Programs
Source=Paul Collins Startup list
[Windows media service]
Number=12540
Confirmed=X
Filename=crvss.exe
Description=Added by the SDBOT.VP WORM!
Source=Paul Collins Startup list
[Windows media service]
Number=12541
Confirmed=X
Filename=crsss.exe
Description=Added by the RBOT.ACY WORM!
Source=Paul Collins Startup list
[Windows media service]
Number=12542
Confirmed=X
Filename=Sygate32.exe
Description=Added by the RBOT.ADE WORM!
Source=Paul Collins Startup list
[Windows media services]
Number=12543
Confirmed=X
Filename=cvrsss.exe
Description=Added by the RBOT-MW WORM!
Source=Paul Collins Startup list
[Windows Media SP.2.37]
Number=12544
Confirmed=X
Filename=[random filename]
Description=Added by the LEMIR.C TROJAN!
Source=Paul Collins Startup list
[Windows Media Updater]
Number=12545
Confirmed=X
Filename=crease.exe
Description=Added by the RBOT-ATI WORM!
Source=Paul Collins Startup list
[Windows Media Upgrade]
Number=12546
Confirmed=X
Filename=NeUpgrade.exe
Description=Added by the RBOT.BMF TROJAN!
Source=Paul Collins Startup list
[Windows Media Utility]
Number=12547
Confirmed=X
Filename=wmediautil.exe
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[Windows messenger]
Number=12548
Confirmed=X
Filename=messengers.exe
Description=Added by the MYTOB.EI WORM!
Source=Paul Collins Startup list
[Windows Messenger]
Number=12549
Confirmed=X
Filename=msnsmgs.exe
Description=Added by the RBOT-ANJ WORM!
Source=Paul Collins Startup list
[Windows Messenger Messenger]
Number=12550
Confirmed=X
Filename=winmsg.exe
Description=Added by VELKBOT.A WORM!
Source=Paul Collins Startup list
[Windows Messenger Service]
Number=12551
Confirmed=X
Filename=winsmsgr.exe
Description=Added by the RBOT-VW WORM!
Source=Paul Collins Startup list
[Windows Messenger Service]
Number=12552
Confirmed=X
Filename=kaspersky.exe
Description=Added by the MYTOB.HY WORM!
Source=Paul Collins Startup list
[Windows MeTaLRoCk service]
Number=12553
Confirmed=X
Filename=metalrock.exe
Description=Added by the TASTYRED TROJAN!
Source=Paul Collins Startup list
[Windows Micro Drivers]
Number=12554
Confirmed=X
Filename=wupdates32.exe
Description=Added by the RBOT-AEH WORM!
Source=Paul Collins Startup list
[Windows Microsoft Update]
Number=12555
Confirmed=X
Filename=wintask32.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Windows mod Verifier]
Number=12556
Confirmed=X
Filename=Windows-mod.exe
Description=Added by the RBOT.DSU WORM!
Source=Paul Collins Startup list
[Windows modez Verifier]
Number=12557
Confirmed=X
Filename=w1nz0zz0.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Windows modez Verifier]
Number=12558
Confirmed=X
Filename=Window2.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows modez Verifier]
Number=12559
Confirmed=X
Filename=WindowsLogon.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Windows modez Verifier]
Number=12560
Confirmed=X
Filename=Wwuamguard.exe
Description=Added by the RBOT.EZJ WORM!
Source=Paul Collins Startup list
[Windows modez Verifier]
Number=12561
Confirmed=X
Filename=winlogom.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows modez Verifier]
Number=12562
Confirmed=X
Filename=Windows-.exe
Description=Added by the RBOT-DIO WORM!
Source=Paul Collins Startup list
[Windows modez Verifier]
Number=12563
Confirmed=X
Filename=taskmngr.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows modez Verifier]
Number=12564
Confirmed=X
Filename=winl0g0z.exe
Description=Added by the RBOT-FNB WORM!
Source=Paul Collins Startup list
[Windows Monitor]
Number=12565
Confirmed=X
Filename=winmon.exe
Description=Added by the SDBOT.VB WORM!
Source=Paul Collins Startup list
[Windows Monitor]
Number=12566
Confirmed=X
Filename=arsetup.exe
Description=Added by the SPAZBOX.A TROJAN!
Source=Paul Collins Startup list
[Windows Monitor Services]
Number=12567
Confirmed=X
Filename=winmonitor.exe
Description=Added by the RBOT-XX WORM!
Source=Paul Collins Startup list
[Windows Monitoring Service]
Number=12568
Confirmed=X
Filename=winmon.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Windows More Choice]
Number=12569
Confirmed=X
Filename=TopContext.exe
Description=ZQuest adware
Source=Paul Collins Startup list
[Windows Mouse Utilities]
Number=12570
Confirmed=X
Filename=mouseutils.exe
Description=Added by the RBOT-ABU WORM!
Source=Paul Collins Startup list
[Windows ms Drivers]
Number=12571
Confirmed=X
Filename=msnup32.exe
Description=Added by the SDBOT-AAL WORM!
Source=Paul Collins Startup list
[Windows MS Update 32]
Number=12572
Confirmed=X
Filename=fhm.exe
Description=Added by the IRCBOT.GEN WORM!
Source=Paul Collins Startup list
[Windows MS Update 32]
Number=12573
Confirmed=X
Filename=sucker.exe
Description=Added by the FORBOT-GJ WORM!
Source=Paul Collins Startup list
[Windows MSConfig Startup Logger]
Number=12574
Confirmed=X
Filename=winlog.exe
Description=Added by the RBOT.BCU WORM!
Source=Paul Collins Startup list
[Windows Msn Live Messanger]
Number=12575
Confirmed=X
Filename=msnmsgsman.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Windows MSX drivers]
Number=12576
Confirmed=X
Filename=winmsx.exe
Description=Added by the RBOT-AYG TROJAN!
Source=Paul Collins Startup list
[Windows Net Cfg ]
Number=12577
Confirmed=X
Filename=service.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows NetDDe]
Number=12578
Confirmed=X
Filename=wrmana32.exe
Description=Added by the MYTOB.IM WORM!
Source=Paul Collins Startup list
[Windows Nets]
Number=12579
Confirmed=X
Filename=WinNET.exe
Description=Added by the RBOT-MO WORM!
Source=Paul Collins Startup list
[Windows NetStart Service]
Number=12580
Confirmed=X
Filename=winsN2S.exe
Description=Added by the RBOT-ZX WORM!
Source=Paul Collins Startup list
[Windows NetStart Service2]
Number=12581
Confirmed=X
Filename=winsN2S.exe
Description=Added by the RBOT-ABN WORM!
Source=Paul Collins Startup list
[Windows NetStart Service2]
Number=12582
Confirmed=X
Filename=winsN2SD.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Network Controller]
Number=12583
Confirmed=X
Filename=Mqguard.exe
Description=Added by the FORBOT-CL WORM!
Source=Paul Collins Startup list
[Windows Network Controller]
Number=12584
Confirmed=X
Filename=WinxPupd.exe
Description=Added by the FORBOT-DK WORM!
Source=Paul Collins Startup list
[Windows Network Controller]
Number=12585
Confirmed=X
Filename=winmms32.exe
Description=Added by the FORBOT-ED WORM!
Source=Paul Collins Startup list
[Windows Network Controller]
Number=12586
Confirmed=X
Filename=wingmt.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Windows Network Controller]
Number=12587
Confirmed=X
Filename=Win9x.exe
Description=Added by the WOOTBOT.I WORM!
Source=Paul Collins Startup list
[Windows Network Firewall]
Number=12588
Confirmed=X
Filename=firewall.exe
Description=Added by the POEBOT-J WORM!
Source=Paul Collins Startup list
[Windows Network Service]
Number=12589
Confirmed=X
Filename=winvc32.exe
Description=Added by the RBOT.RY WORM!
Source=Paul Collins Startup list
[Windows Networking]
Number=12590
Confirmed=X
Filename=winsys32.exe
Description=Added by the GAOBOT.FL WORM!
Source=Paul Collins Startup list
[Windows Networks]
Number=12591
Confirmed=X
Filename=netcog.exe
Description=Added by the MYTOB.FH WORM!
Source=Paul Collins Startup list
[Windows Nivedia Driver]
Number=12592
Confirmed=X
Filename=sysMGT.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows NNT]
Number=12593
Confirmed=X
Filename=[path to trojan]
Description=Added by the RANKY.E TROJAN!
Source=Paul Collins Startup list
[Windows NT 32]
Number=12594
Confirmed=X
Filename=ntlogin32.exe
Description=Added by the RANDEX.BRD WORM!
Source=Paul Collins Startup list
[Windows NT Login]
Number=12595
Confirmed=X
Filename=ntlogin32.exe
Description=Added by the SDBOT.WG WORM!
Source=Paul Collins Startup list
[Windows NT Login Session Manager]
Number=12596
Confirmed=X
Filename=WNSM.EXE
Description=Added by the RBOT.BIV WORM!
Source=Paul Collins Startup list
[Windows NT Logon Application]
Number=12597
Confirmed=X
Filename=winlogon.scr
Description=Added by the RBOT-ALP WORM!
Source=Paul Collins Startup list
[Windows NT Service Name]
Number=12598
Confirmed=X
Filename=winshock.exe
Description=Added by the RBOT-PK WORM!
Source=Paul Collins Startup list
[Windows NT Update Manager]
Number=12599
Confirmed=X
Filename=WINL0G0N.exe
Description=Added by the AGOBOT-NU WORM! Note that those are zeroes in the filename and not capital "o"
Source=Paul Collins Startup list
[Windows OEM Tools]
Number=12600
Confirmed=X
Filename=winres32.exe
Description=Added by the SPYBOT.FD WORM!
Source=Paul Collins Startup list
[Windows OLE Automation Server]
Number=12601
Confirmed=X
Filename=ole32aut.vbe
Description=CoolWebSearch parasite variant
Source=Paul Collins Startup list
[Windows Online Updater]
Number=12602
Confirmed=X
Filename=dllman.exe
Description=Added by the RBOT-TE WORM!
Source=Paul Collins Startup list
[Windows Pc]
Number=12603
Confirmed=X
Filename=winmgr.exe
Description=Added by the BIBOT-A WORM!
Source=Paul Collins Startup list
[Windows PDG]
Number=12604
Confirmed=X
Filename=winpdg.exe
Description=Added by the RBOT-ADW WORM!
Source=Paul Collins Startup list
[Windows Performance Monitor]
Number=12605
Confirmed=X
Filename=wmscupd.exe
Description=Added by the IRCBOT_GEN WORM!
Source=Paul Collins Startup list
[Windows PNP]
Number=12606
Confirmed=X
Filename=winpnp.exe
Description=Added by the RBOT-AKN WORM!
Source=Paul Collins Startup list
[Windows PNP Server]
Number=12607
Confirmed=X
Filename=pnpsrv.exe
Description=Added by this variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Windows Portable Device Drivers]
Number=12608
Confirmed=X
Filename=MSKSVRVS.EXE
Description=Added by a TROJAN - see here
Source=Paul Collins Startup list
[Windows Portable Devices]
Number=12609
Confirmed=X
Filename=MSKSVRTSS.EXE
Description=Added by the SPYBOT.APEO WORM!
Source=Paul Collins Startup list
[Windows Print Monitor Daemon]
Number=12610
Confirmed=X
Filename=[random filename].exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Windows Print Spooler]
Number=12611
Confirmed=?
Filename=SCVHOSTS.EXE
Description=Suspicious due to the similarity to the valid "svchost.exe" file
Source=Paul Collins Startup list
[Windows Print Spooler]
Number=12612
Confirmed=X
Filename=NavAgent32.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[Windows Print Spooler]
Number=12613
Confirmed=X
Filename=SVEHOST.EXE
Description=Added by the SPYBOT.H WORM!
Source=Paul Collins Startup list
[Windows Process]
Number=12614
Confirmed=X
Filename=win_update.exe
Description=Added by the LASTWORD WORM!
Source=Paul Collins Startup list
[Windows Process Manager]
Number=12615
Confirmed=X
Filename=winproc.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Windows Processe Manager]
Number=12616
Confirmed=X
Filename=mspn32.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Proffesional Security]
Number=12617
Confirmed=X
Filename=WinSecure32.exe
Description=Added by the AGOBOT.VA WORM
Source=Paul Collins Startup list
[Windows Protectot]
Number=12618
Confirmed=X
Filename=boxide.exe
Description=Added by a variant of the WOOTBOT WORM!
Source=Paul Collins Startup list
[Windows Recylinder Check]
Number=12619
Confirmed=X
Filename=zwdomsgemw.exe
Description=Added by the RBOT-EGJ WORM!
Source=Paul Collins Startup list
[Windows Reg Services]
Number=12620
Confirmed=X
Filename=ffservice.exe
Description=Added by the DLOADER-PL or DLOADER-XM TROJANS!
Source=Paul Collins Startup list
[Windows Reg Services]
Number=12621
Confirmed=X
Filename=dservice.exe
Description=Added by the PRORAT-D TROJAN!
Source=Paul Collins Startup list
[Windows Reg Services]
Number=12622
Confirmed=X
Filename=fservice.exe
Description=Added by the PRORAT-D TROJAN!
Source=Paul Collins Startup list
[Windows Reg Services]
Number=12623
Confirmed=X
Filename=ssservice.exe
Description=Added by the PRORAT-D TROJAN!
Source=Paul Collins Startup list
[Windows Reg Services]
Number=12624
Confirmed=X
Filename=lncom.exe
Description=Added by the PRORAT-O TROJAN!
Source=Paul Collins Startup list
[Windows Reg Services]
Number=12625
Confirmed=X
Filename=lservice.exe
Description=Added by the PRORAT-O TROJAN!
Source=Paul Collins Startup list
[Windows Reg Services]
Number=12626
Confirmed=X
Filename=wservice.exe
Description=Added by the PRORAT-O TROJAN!
Source=Paul Collins Startup list
[WINDOWS REGISTER EDIT]
Number=12627
Confirmed=X
Filename=registr32.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Windows Register Settings]
Number=12628
Confirmed=X
Filename=svmhost.exe
Description=Added by a variant of the FORBOT WORM!
Source=Paul Collins Startup list
[Windows Registers]
Number=12629
Confirmed=X
Filename=winservicess.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Windows Registry]
Number=12630
Confirmed=X
Filename=msnmsg.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Registry]
Number=12631
Confirmed=X
Filename=winhost.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Registry Cleaner]
Number=12632
Confirmed=X
Filename=winclean.exe
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[Windows Registry Express Loader]
Number=12633
Confirmed=X
Filename=regexpress.exe
Description=Added by the FORBOT-CJ WORM!
Source=Paul Collins Startup list
[Windows Registry Manager]
Number=12634
Confirmed=X
Filename=tasksmanagers.exe
Description=Added by the MYTOB.ER WORM!
Source=Paul Collins Startup list
[Windows Registry Name]
Number=12635
Confirmed=X
Filename=[random filename]
Description=Added by the RBOT-AEB WORM!
Source=Paul Collins Startup list
[Windows Registry Name]
Number=12636
Confirmed=X
Filename=winses.exe
Description=Added by the RBOT-ADB WORM!
Source=Paul Collins Startup list
[Windows Registry Repair Pro]
Number=12637
Confirmed=U
Filename=RegistryRepairPro.exe
Description=Registry Repair Pro. "Scans the Windows Registry for invalid or obsolete information in the registry"
Source=Paul Collins Startup list
[Windows Registry Scan]
Number=12638
Confirmed=X
Filename=regscan32.exe
Description=Added by the RBOT.KE WORM!
Source=Paul Collins Startup list
[Windows Registry Scan]
Number=12639
Confirmed=X
Filename=timeupdate.exe
Description=Added by the SPYBOT.JE WORM!
Source=Paul Collins Startup list
[Windows Registry Scan]
Number=12640
Confirmed=X
Filename=svcdll.exe
Description=Added by the RBOT-TP WORM!
Source=Paul Collins Startup list
[Windows Registry Scan]
Number=12641
Confirmed=X
Filename=regscan23.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Registry Security]
Number=12642
Confirmed=X
Filename=crss.exe
Description=Added by a variant of the IRC.BOT TROJAN!
Source=Paul Collins Startup list
[Windows Registry Startup]
Number=12643
Confirmed=X
Filename=wind32.exe
Description=Added by the AGOBOT-BZ WORM!
Source=Paul Collins Startup list
[Windows Repair]
Number=12644
Confirmed=X
Filename=toxikx.exe
Description=Added by the SDBOT-ADL WORM!
Source=Paul Collins Startup list
[Windows report]
Number=12645
Confirmed=X
Filename=swchost.exe
Description=Added by the SMALL-BD TROJAN!
Source=Paul Collins Startup list
[windows run]
Number=12646
Confirmed=X
Filename=system.exe
Description=Added by the ICPASS-A WORM!
Source=Paul Collins Startup list
[Windows Run-Time 64bit]
Number=12647
Confirmed=X
Filename=win64rt.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Runtime Help]
Number=12648
Confirmed=X
Filename=win32hlp.exe
Description=Added by a variant of the AIMVISION TROJAN!
Source=Paul Collins Startup list
[Windows Runtime Help]
Number=12649
Confirmed=X
Filename=WinRunHelp.wrh
Description=Added by a variant of the AIMVISION TROJAN!
Source=Paul Collins Startup list
[Windows Runtime Proccess]
Number=12650
Confirmed=X
Filename=32RUNdll.exe
Description=Added by the SDBOT.QW WORM!
Source=Paul Collins Startup list
[Windows SA]
Number=12651
Confirmed=X
Filename=omniscient.exe
Description=BLAZEFIND adware
Source=Paul Collins Startup list
[Windows Screensaver]
Number=12652
Confirmed=X
Filename=Service.exe
Description=Added by the KELVIR.P WORM!
Source=Paul Collins Startup list
[WINDOWS SCREENSAVER]
Number=12653
Confirmed=X
Filename=ssaver.scr
Description=Added by the SDBOT-YZ WORM!
Source=Paul Collins Startup list
[Windows secure]
Number=12654
Confirmed=X
Filename=setver32.exe
Description=Added by the SPYBOT.EP WORM!
Source=Paul Collins Startup list
[Windows Secure Connection]
Number=12655
Confirmed=X
Filename=winsc.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Secure Layer]
Number=12656
Confirmed=X
Filename=[random filename]
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Windows Secure Messaging System]
Number=12657
Confirmed=X
Filename=msnmsgrsrvc.exe
Description=Added by the RBOT-RE WORM!
Source=Paul Collins Startup list
[Windows Secure Services]
Number=12658
Confirmed=X
Filename=ssms.exe
Description=Added by the RBOT-GAR WORM!
Source=Paul Collins Startup list
[Windows Secure Update]
Number=12659
Confirmed=X
Filename=winupser.exe
Description=Added by the RBOT-GCG WORM!
Source=Paul Collins Startup list
[Windows Secure Update]
Number=12660
Confirmed=X
Filename=WinSecUp.exe
Description=Added by the RBOT-GCD WORM!
Source=Paul Collins Startup list
[WINDOWS SECURITY]
Number=12661
Confirmed=X
Filename=wingrd.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Security]
Number=12662
Confirmed=X
Filename=win.pif
Description=Added by the RBOT-APT WORM!
Source=Paul Collins Startup list
[Windows Security]
Number=12663
Confirmed=X
Filename=ms32.pif
Description=Added by the RBOT-ARN WORM!
Source=Paul Collins Startup list
[Windows Security]
Number=12664
Confirmed=X
Filename=winscure.exe
Description=Added by the RBOT-BAF WORM!
Source=Paul Collins Startup list
[Windows Security Assistant]
Number=12665
Confirmed=X
Filename=rundll32.vbe
Description=CoolWebSearch Alfasearch parasite variant - also detected as the STARTPA-U TROJAN!
Source=Paul Collins Startup list
[Windows Security Assistant]
Number=12666
Confirmed=X
Filename=winsec.exe
Description=CoolWebSearch parasite variant
Source=Paul Collins Startup list
[Windows Security Authority Service]
Number=12667
Confirmed=X
Filename=lsass.exe
Description=Added by the KALEL-A WORM! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Windows Security Center Notification Appls]
Number=12668
Confirmed=X
Filename=sxe.exe
Description=Added by the RBOT-GKX WORM!
Source=Paul Collins Startup list
[Windows Security Center Notification Applse]
Number=12669
Confirmed=X
Filename=sxes.exe
Description=Added by the RBOT-GLR WORM!
Source=Paul Collins Startup list
[Windows Security Manager]
Number=12670
Confirmed=X
Filename=winsecurity.exe
Description=Added by the AGOBOT-KI WORM!
Source=Paul Collins Startup list
[Windows Security Manager]
Number=12671
Confirmed=X
Filename=winsecure.exe
Description=Affilred adware
Source=Paul Collins Startup list
[Windows Security Manager]
Number=12672
Confirmed=X
Filename=svchost.exe
Description=Added by the ANTINNY.AX WORM!! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Microsoft" subfolder
Source=Paul Collins Startup list
[Windows Security Module]
Number=12673
Confirmed=X
Filename=module.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Security Service]
Number=12674
Confirmed=X
Filename=[random file name]
Description=Added by the RBOT-ALV WORM!
Source=Paul Collins Startup list
[Windows Security Service]
Number=12675
Confirmed=X
Filename=arrdt.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Security Service]
Number=12676
Confirmed=X
Filename=windows.pif
Description=Added by the RBOT-AMG WORM!
Source=Paul Collins Startup list
[Windows Security Update]
Number=12677
Confirmed=X
Filename=security32.exe
Description=Affilred adware
Source=Paul Collins Startup list
[Windows Serv Patch]
Number=12678
Confirmed=X
Filename=Mcaffe2005.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows ServeAd]
Number=12679
Confirmed=X
Filename=WinServAd.exe
Description=Windupdates adware variant
Source=Paul Collins Startup list
[Windows Server Information]
Number=12680
Confirmed=X
Filename=servinfo.exe
Description=Added by the FORBOT-EN WORM!
Source=Paul Collins Startup list
[Windows Servic2]
Number=12681
Confirmed=X
Filename=winsy.exe
Description=Added by the RBOT-AIA WORM!
Source=Paul Collins Startup list
[Windows service]
Number=12682
Confirmed=X
Filename=wuamgrd.exe
Description=Added by the RBOT-QW WORM!
Source=Paul Collins Startup list
[Windows Service]
Number=12683
Confirmed=X
Filename=dddd.exe
Description=Identified by Kaspersky Labs as Dialer.Salc, also known to come with the Bube family trojans
Source=Paul Collins Startup list
[Windows Service]
Number=12684
Confirmed=X
Filename=prvdi.exe
Description=Malware - recognized by Kaspersky antivirus as Trojan-Dropper.Win32.Small.rd
Source=Paul Collins Startup list
[Windows Service]
Number=12685
Confirmed=X
Filename=video.exe
Description=Added by an unidentified TROJAN!
Source=Paul Collins Startup list
[Windows Service]
Number=12686
Confirmed=X
Filename=svvhost.exe
Description=Added by the AGOBOT-HL WORM!
Source=Paul Collins Startup list
[Windows Service]
Number=12687
Confirmed=X
Filename=private-zone.exe
Description=Added by an unidentified TROJAN.CLICKER!
Source=Paul Collins Startup list
[Windows Service]
Number=12688
Confirmed=X
Filename=pd7.exe
Description=Added by the SMALL.VZ TROJAN!
Source=Paul Collins Startup list
[Windows Service]
Number=12689
Confirmed=X
Filename=dstart4.exe
Description=Added by an unidentified TROJAN!
Source=Paul Collins Startup list
[Windows Service]
Number=12690
Confirmed=X
Filename=pd14.exe
Description=Adware, detected by DiamondCS TDS-3 anti-trojan as "TrojanDownloader.Win32.Delf.dg"
Source=Paul Collins Startup list
[Windows Service]
Number=12691
Confirmed=X
Filename=video2.exe
Description=Added by the DOWNLOADER.SMALL.MY TROJAN!
Source=Paul Collins Startup list
[Windows Service]
Number=12692
Confirmed=X
Filename=services.exe
Description=Added by the KALEL-A WORM! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Windows Service]
Number=12693
Confirmed=X
Filename=WINSVC.EXE
Description=Added by the SPYBOT-DH TROJAN!
Source=Paul Collins Startup list
[Windows Service]
Number=12694
Confirmed=X
Filename=r.exe
Description=Added by a variant of the SMALL.VZ TROJAN!
Source=Paul Collins Startup list
[Windows Service]
Number=12695
Confirmed=X
Filename=windowz.exe
Description=Added by the SDBOT-AYI WORM! Note - dissables the automatic startup of other software and deactivates the Microsoft Internet Connection Firewall (ICF)
Source=Paul Collins Startup list
[Windows Service Agent]
Number=12696
Confirmed=X
Filename=czf.exe
Description=Added by the RBOT-GAJ WORM!
Source=Paul Collins Startup list
[Windows Service Controller]
Number=12697
Confirmed=X
Filename=services.exe
Description=Added by the KALEL-B WORM! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Windows Service DC]
Number=12698
Confirmed=X
Filename=uhpnjcjl.exe
Description=Added by the RBOT-GLY WORM!
Source=Paul Collins Startup list
[Windows Service Host]
Number=12699
Confirmed=X
Filename=scvhost.exe
Description=Added by the SDBOT.N TROJAN!
Source=Paul Collins Startup list
[Windows Service Host]
Number=12700
Confirmed=X
Filename=svchost.exe
Description=Added by the CONE.B WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list
[Windows Service Host]
Number=12701
Confirmed=X
Filename=svchost.exe
Description=Added by the KALEL-C WORM! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Windows Service Host]
Number=12702
Confirmed=X
Filename=schost.exe
Description=Added by the GAOBOT.AO WORM!
Source=Paul Collins Startup list
[Windows Service Host Process]
Number=12703
Confirmed=X
Filename=[path to file]
Description=Added by the EZIO-A WORM!
Source=Paul Collins Startup list
[Windows Service Hosting]
Number=12704
Confirmed=X
Filename=USERINIT.exe
Description=Added by the GOMMER-A WORM!
Source=Paul Collins Startup list
[Windows Service Loader]
Number=12705
Confirmed=X
Filename=Window.exe
Description=Added by the RBOT-XO WORM!
Source=Paul Collins Startup list
[Windows Service Manager]
Number=12706
Confirmed=X
Filename=userint32.exe
Description=Added by the OSCABOT-C WORM!
Source=Paul Collins Startup list
[Windows Service Manager]
Number=12707
Confirmed=X
Filename=localsvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Windows Service Manager]
Number=12708
Confirmed=X
Filename=msgs.exe
Description=Added by the OSCABOT-E WORM!
Source=Paul Collins Startup list
[Windows Service Manager]
Number=12709
Confirmed=X
Filename=msnmrg.exe
Description=Added by the OSCABOT-G WORM!
Source=Paul Collins Startup list
[Windows Service Manager]
Number=12710
Confirmed=X
Filename=netsvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Windows Service Manager]
Number=12711
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Windows Service Manager]
Number=12712
Confirmed=X
Filename=svcadmin.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Windows Service Manager]
Number=12713
Confirmed=X
Filename=svcman.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Windows Service Manager]
Number=12714
Confirmed=X
Filename=svcmgr32.exe
Description=Added by the OSCABOT-D WORM!
Source=Paul Collins Startup list
[Windows Service Manager]
Number=12715
Confirmed=X
Filename=svcrun.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Windows Service Manager]
Number=12716
Confirmed=X
Filename=tcpsvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Windows Service Manager]
Number=12717
Confirmed=X
Filename=websvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Windows Service Manager]
Number=12718
Confirmed=X
Filename=taskmgr.exe
Description=Detected as Trojan-Spy.Win32.IamBigBrother.91 by Kaspersky, possibly a commercial keylogger
Source=Paul Collins Startup list
[Windows Service Pack Auto Update]
Number=12719
Confirmed=X
Filename=winworks.exe
Description=Adware downloader, identified by eScan antivirus as Trojan-Clicker.Agent.bt
Source=Paul Collins Startup list
[Windows Service Pack Auto Update]
Number=12720
Confirmed=X
Filename=figgaz.exe
Description=Added by a TROJAN.CLICKER - identified by Kaspersky antivirus as Trojan-Clicker.Agent.bt
Source=Paul Collins Startup list
[Windows Service Pack Auto Update]
Number=12721
Confirmed=X
Filename=ballin.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Windows Service Pack Auto Update]
Number=12722
Confirmed=X
Filename=del-me.exe
Description=Adware, also detected as the LOWZONES.BH TROJAN!
Source=Paul Collins Startup list
[Windows Service Pack2]
Number=12723
Confirmed=X
Filename=svchhost.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Service Pack2]
Number=12724
Confirmed=X
Filename=WIN43.EXE
Description=Added by the GAOBOT.G WORM!
Source=Paul Collins Startup list
[Windows Service Support Call]
Number=12725
Confirmed=X
Filename=SVSS32.EXE
Description=Added by the RBOT-XQ WORM!
Source=Paul Collins Startup list
[Windows Service Utitity]
Number=12726
Confirmed=X
Filename=winsrvc.exe
Description=Added by the RBOT-ASI WORM!
Source=Paul Collins Startup list
[Windows Service XP]
Number=12727
Confirmed=X
Filename=XpFirewall.exe
Description=Added by the MYTOB.AM WORM!
Source=Paul Collins Startup list
[Windows Services]
Number=12728
Confirmed=X
Filename=service.exe
Description=Added by the RANDEX.R WORM!
Source=Paul Collins Startup list
[Windows Services]
Number=12729
Confirmed=X
Filename=svchosts.exe
Description=Added by the AGOBOT-KL TROJAN!
Source=Paul Collins Startup list
[Windows Services]
Number=12730
Confirmed=X
Filename=Explorer.exe
Description=Added by the SDBOT-WT WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System32 subfolder
Source=Paul Collins Startup list
[Windows Services]
Number=12731
Confirmed=X
Filename=NetworkDriver32.exe
Description=Added by the RBOT-ACR WORM!
Source=Paul Collins Startup list
[Windows Services]
Number=12732
Confirmed=X
Filename=scmsg.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Windows Services]
Number=12733
Confirmed=X
Filename=scvhoste.exe
Description=Added by SPYBOT.OBZ WORM!
Source=Paul Collins Startup list
[Windows Services]
Number=12734
Confirmed=X
Filename=winsvc32.exe
Description=Added by the MYTOB-CB WORM!
Source=Paul Collins Startup list
[Windows Services]
Number=12735
Confirmed=X
Filename=NetworkDrivers.exe
Description=Added by the SDBOT-YO WORM!
Source=Paul Collins Startup list
[Windows Services]
Number=12736
Confirmed=X
Filename=smsc.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Windows Services]
Number=12737
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the SDBOT.CPZ WORM!
Source=Paul Collins Startup list
[Windows Services]
Number=12738
Confirmed=X
Filename=iexplore.exe
Description=Added by the RBOT-WE WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup unless you add it manually! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list
[Windows Services Host]
Number=12739
Confirmed=X
Filename=svchost.exe
Description=Added by the CONE or CONE.E WORMS! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Windows Services Hosts]
Number=12740
Confirmed=X
Filename=svhosts.exe
Description=Added by the SDBOT-YH TROJAN!
Source=Paul Collins Startup list
[Windows Services Ink Platform Tablet Input Subsystem]
Number=12741
Confirmed=X
Filename=wsiptis.exe
Description=Added by the RBOT.APC WORM!
Source=Paul Collins Startup list
[Windows Services Layer]
Number=12742
Confirmed=X
Filename=winlogz2.exe
Description=Added by the RBOT-FZE WORM!
Source=Paul Collins Startup list
[Windows Services Layer]
Number=12743
Confirmed=X
Filename=winl0g0.exe
Description=Added by the RBOT-FZQ WORM!
Source=Paul Collins Startup list
[Windows Services Layer]
Number=12744
Confirmed=X
Filename=sslms.exe
Description=Added by the RBOT-GAH WORM!
Source=Paul Collins Startup list
[Windows Services Update]
Number=12745
Confirmed=X
Filename=svch0st.exe
Description=Added by a variant of the RBOT WORM! Note - the filename has the digit 0 rather then the uppercase "o"
Source=Paul Collins Startup list
[Windows Session Manager]
Number=12746
Confirmed=X
Filename=smss32.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Session Manager Subsystem]
Number=12747
Confirmed=X
Filename=smss.exe
Description=Added by the KALEL-B WORM! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Windows shell]
Number=12748
Confirmed=?
Filename=win70.exe
Description=??
Source=Paul Collins Startup list
[Windows Shell]
Number=12749
Confirmed=X
Filename=shell.exe
Description=Added by the MYTOB-CA WORM!
Source=Paul Collins Startup list
[Windows Shell]
Number=12750
Confirmed=X
Filename=taskgmr.exe
Description=Added by the MYTOB.BV WORM!
Source=Paul Collins Startup list
[Windows Shell Library Loader]
Number=12751
Confirmed=X
Filename=load shell.dll
Description=CoolWebSearch parasite variant
Source=Paul Collins Startup list
[windows shellext.32]
Number=12752
Confirmed=X
Filename=mschost.exe
Description=Added by the BLASTER.K WORM!
Source=Paul Collins Startup list
[WINDOWS SKY]
Number=12753
Confirmed=X
Filename=sky.exe
Description=Added by the MYTOB.CH WORM!
Source=Paul Collins Startup list
[Windows Smart Manager]
Number=12754
Confirmed=X
Filename=smart.exe
Description=Added by the RBOT-SL WORM!
Source=Paul Collins Startup list
[Windows Socket Procedure]
Number=12755
Confirmed=X
Filename=WinSock32.exe
Description=Added by the RBOT-FMX WORM!
Source=Paul Collins Startup list
[Windows Software]
Number=12756
Confirmed=X
Filename=hbsppe.exe
Description=Added by the RBOT-GLL WORM!
Source=Paul Collins Startup list
[Windows Sound Driver]
Number=12757
Confirmed=X
Filename=SndMon32.exe
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[Windows Sound Manager]
Number=12758
Confirmed=X
Filename=SndMon32.exe
Description=Added by the FORBOT-BU WORM!
Source=Paul Collins Startup list
[Windows Sound Manager]
Number=12759
Confirmed=X
Filename=SndMon16.exe
Description=Added by a variant of the FORBOT WORM!
Source=Paul Collins Startup list
[Windows Sound Verifier]
Number=12760
Confirmed=X
Filename=WinIp32.exe
Description=Added by the RBOT-FMO WORM!
Source=Paul Collins Startup list
[Windows SP2 Firewall]
Number=12761
Confirmed=X
Filename=wfirewall7.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows SP2 Update]
Number=12762
Confirmed=X
Filename=Sp2update.exe
Description=Added by the WOOTBOT.BS WORM!
Source=Paul Collins Startup list
[Windows SP2 Version Load]
Number=12763
Confirmed=X
Filename=wuauclt32.exe
Description=Added by the GAOBOT.CX WORM!
Source=Paul Collins Startup list
[Windows SP4]
Number=12764
Confirmed=X
Filename=directCC.exe
Description=Added by the RBOT-ACX WORM!
Source=Paul Collins Startup list
[Windows Spool Server]
Number=12765
Confirmed=X
Filename=spoolsrv.exe
Description=Added by the SDBOT-ACT WORM!
Source=Paul Collins Startup list
[Windows SpoolaPrint Service]
Number=12766
Confirmed=X
Filename=spoolasrv.exe
Description=Added by the SDBOT-AYD WORM!
Source=Paul Collins Startup list
[Windows Spooler]
Number=12767
Confirmed=X
Filename=SPOOLSRV.EXE
Description=Added by the SPYBOT.P WORM!
Source=Paul Collins Startup list
[Windows Spooler]
Number=12768
Confirmed=X
Filename=spoolsv32.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Windows Spooler Services]
Number=12769
Confirmed=X
Filename=spool.exe
Description=Added by the AGOBOT-AMO WORM!
Source=Paul Collins Startup list
[Windows SpoolPrint Service]
Number=12770
Confirmed=X
Filename=spoolersrv.exe
Description=Added by the SDBOT-ZT WORM!
Source=Paul Collins Startup list
[Windows Spools SV]
Number=12771
Confirmed=X
Filename=winsv.exe
Description=Added by the RBOT-AUQ WORM!
Source=Paul Collins Startup list
[Windows spoolservr Service]
Number=12772
Confirmed=X
Filename=spoolservr.exe
Description=Added by the SDBOT-AAN WORM!
Source=Paul Collins Startup list
[Windows Spoolsre Service]
Number=12773
Confirmed=X
Filename=spoolsre.exe
Description=Added by the SDBOT-AAE WORM!
Source=Paul Collins Startup list
[Windows Spoolsrv Service]
Number=12774
Confirmed=X
Filename=spoolmsv.exe
Description=Added by the SDBOT-ZS WORM!
Source=Paul Collins Startup list
[windows spoolsrv service]
Number=12775
Confirmed=X
Filename=spoolssv.exe
Description=Added by the SDBOT-AWV WORM!
Source=Paul Collins Startup list
[Windows Spoolsurf Service]
Number=12776
Confirmed=X
Filename=spoolsurf.exe
Description=Added by the SDBOT-ZZ WORM!
Source=Paul Collins Startup list
[Windows SpooltPrint Service]
Number=12777
Confirmed=X
Filename=spooltsrv.exe
Description=Added by the SDBOT-AYE WORM!
Source=Paul Collins Startup list
[Windows Spoolvvv Service]
Number=12778
Confirmed=X
Filename=spoolvvv.exe
Description=Added by the SDBOT-AAW WORM!
Source=Paul Collins Startup list
[Windows spyware remover]
Number=12779
Confirmed=X
Filename=Windows-spyware.exe
Description=Added by the SystemPoser TROJAN!
Source=Paul Collins Startup list
[Windows sq Drivers]
Number=12780
Confirmed=X
Filename=winmsn32.exe
Description=Added by the RBOT-ADI WORM!
Source=Paul Collins Startup list
[Windows Sql Service For Windows 32 Bit]
Number=12781
Confirmed=X
Filename=winsql32.exe
Description=Added by the FORBOT-FC WORM!
Source=Paul Collins Startup list
[Windows SSH Client]
Number=12782
Confirmed=X
Filename=winssh.exe
Description=Added by the RBOT-AXC WORM!
Source=Paul Collins Startup list
[Windows SSL File]
Number=12783
Confirmed=X
Filename=winssv.exe
Description=Added by the WOOTBOT.CA WORM!
Source=Paul Collins Startup list
[Windows SSL Secondary Drivers]
Number=12784
Confirmed=X
Filename=SSL32Dr.exe
Description=Added by the SDBOT.ASQ WORM!
Source=Paul Collins Startup list
[Windows Stand Sound Drivers]
Number=12785
Confirmed=X
Filename=Sounddrv.exe
Description=Added by the SDBOT-XF WORM!
Source=Paul Collins Startup list
[Windows Standard Securty]
Number=12786
Confirmed=X
Filename=[random 3-letter filename]
Description=Added by the RBOT-ALF WORM!
Source=Paul Collins Startup list
[Windows Start Server 2000]
Number=12787
Confirmed=X
Filename=traficy.exe
Description=Added by the RBOT-AHM WORM!
Source=Paul Collins Startup list
[Windows Startup]
Number=12788
Confirmed=X
Filename=winsta~1.exe
Description=GoHip foistware
Source=Paul Collins Startup list
[Windows Startup]
Number=12789
Confirmed=X
Filename=winstartup.exe
Description=GoHip foistware
Source=Paul Collins Startup list
[Windows Startup]
Number=12790
Confirmed=X
Filename=Wdrun32.exe
Description=Added by the GAOBOT.AO WORM!
Source=Paul Collins Startup list
[Windows Startup]
Number=12791
Confirmed=X
Filename=services21.exe
Description=Added by the AGOBOT-MX WORM!
Source=Paul Collins Startup list
[Windows Startup 32 Bits]
Number=12792
Confirmed=X
Filename=sysrun32.exe
Description=Added by a variant of the DARKSUN TROJAN!
Source=Paul Collins Startup list
[Windows Stortup]
Number=12793
Confirmed=X
Filename=svchost.exe
Description=Added by the TOGER-V TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[Windows Streams Server]
Number=12794
Confirmed=X
Filename=localsrv.exe
Description=Added by the SDBOT.LN WORM!
Source=Paul Collins Startup list
[Windows Subsys]
Number=12795
Confirmed=X
Filename=winload.exe
Description=Added by the NETSPREE.C WORM!
Source=Paul Collins Startup list
[WINDOWS SVC]
Number=12796
Confirmed=X
Filename=winsvc.exe
Description=Added by the MYTOB-EY WORM!
Source=Paul Collins Startup list
[Windows Svshost Service Update 32]
Number=12797
Confirmed=X
Filename=svcsshost32.exe
Description=Added by the FORBOT-GD WORM!
Source=Paul Collins Startup list
[Windows SyncroAd]
Number=12798
Confirmed=X
Filename=SyncroAd.exe
Description=Windupdates adware variant
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12799
Confirmed=X
Filename=beta.exe
Description=Added by the MYTOB.DF WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12800
Confirmed=X
Filename=dcomuser.exe
Description=Added by the MYTOB.EO WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12801
Confirmed=X
Filename=lf66prc.exe
Description=Added by the MYTOB.GC WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12802
Confirmed=X
Filename=msdev32.exe
Description=Added by the MYTOB.EH WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12803
Confirmed=X
Filename=nec.exe
Description=Added by the MYTOB-L WORM or variants!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12804
Confirmed=X
Filename=nibie.exe
Description=Added by the MYTOB-BY WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12805
Confirmed=X
Filename=ninfoie.exe
Description=Added by the MYTOB-EP WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12806
Confirmed=X
Filename=skybot.exe
Description=Added by the MYTOB-CX WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12807
Confirmed=X
Filename=skybotx.exe
Description=Added by the MYTOB-BY WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12808
Confirmed=X
Filename=smoc.exe
Description=Added by the MYTOB.FU WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12809
Confirmed=X
Filename=smsc.exe
Description=Added by the MYTOB-BR WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12810
Confirmed=X
Filename=test.exe
Description=Added by the MYTOB.DJ WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12811
Confirmed=U
Filename=test2.exe
Description=Added by the MYTOB.DJ WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12812
Confirmed=X
Filename=test3.exe
Description=Added by the MYTOB.DV WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12813
Confirmed=X
Filename=wdns33.exe
Description=Added by the MYTOB-BY WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12814
Confirmed=X
Filename=win.exe.exe
Description=Added by the MYTOB.FA WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12815
Confirmed=X
Filename=winaup.exe
Description=Added by the MYTOB-DN WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12816
Confirmed=X
Filename=winligon.exe
Description=Added by the MYTOB.EP WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12817
Confirmed=X
Filename=winmon.exe
Description=Added by the MYTOB.GB WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12818
Confirmed=X
Filename=winNTsys32.exe
Description=Added by the MYTOB-DM WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12819
Confirmed=X
Filename=winsvc32.exe
Description=Added by the MYTOB.HH WORM!
Source=Paul Collins Startup list
[Windows System]
Number=12820
Confirmed=X
Filename=WINSYS.exe
Description=Added by the RBOT-AEF WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12821
Confirmed=X
Filename=winsys33.exe
Description=Added by the MYTOB.EK WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12822
Confirmed=X
Filename=winvnc.exe
Description=Added by the MYTOB.EU WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12823
Confirmed=X
Filename=winxpserv.exe
Description=Added by the MYTOB-BQ WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12824
Confirmed=X
Filename=xxx.exe
Description=Added by the MYTOB.CZ WORM!
Source=Paul Collins Startup list
[Windows System]
Number=12825
Confirmed=X
Filename=winsys32.exe
Description=Added by the MYTOB-IS WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12826
Confirmed=X
Filename=\skybot.exe
Description=Added by the MYTOB.JU WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12827
Confirmed=X
Filename=botzor.exe
Description=Added by the ZOTOB WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12828
Confirmed=X
Filename=gothica.exe
Description=Added by the MYTOB.HU WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12829
Confirmed=X
Filename=msnl.exe
Description=Added by the MYTOB.IK WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12830
Confirmed=X
Filename=per.exe
Description=Added by the ZOTOB.C WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12831
Confirmed=X
Filename=twunk_65.exe
Description=Added by the MYTOB-EG WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12832
Confirmed=X
Filename=servce.exe
Description=Added by the MYTOB-EI WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12833
Confirmed=X
Filename=servises.exe
Description=Added by the ZOTOB-I WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12834
Confirmed=X
Filename=xpupdate.exe
Description=Added by the ZOTOB-G WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12835
Confirmed=X
Filename=expI0rer.exe
Description=Added by the MYTOB-FI WORM! Note the upper case "i" and number "0" in the filename
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12836
Confirmed=X
Filename=msn32.exe
Description=Added by the MYTOB-FX WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12837
Confirmed=X
Filename=sky.exe
Description=Added by the MYTOB.LB WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12838
Confirmed=X
Filename=Win32IMAPSVR.exe
Description=Added by the MYTOB-FQ or MYTOB-FU WORMS!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12839
Confirmed=X
Filename=winsvc.exe
Description=Added by the MYTOB.LM WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12840
Confirmed=X
Filename=mswins.exe
Description=Added by the MYTOB.DP WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12841
Confirmed=X
Filename=mtrnqs.exe
Description=Added by the MYTOB.IG WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM]
Number=12842
Confirmed=X
Filename=logic.exe
Description=Added by the MYTOB.IC WORM!
Source=Paul Collins Startup list
[Windows System 32]
Number=12843
Confirmed=X
Filename=winsys_32.exe
Description=Added by the RBOT-FTR WORM!
Source=Paul Collins Startup list
[Windows System 32-Bat Service]
Number=12844
Confirmed=X
Filename=win32bat.exe
Description=Added by the MYTOB.FI WORM!
Source=Paul Collins Startup list
[Windows System Backup]
Number=12845
Confirmed=X
Filename=SysBackup.exe
Description=Unidentified malware
Source=Paul Collins Startup list
[WINDOWS SYSTEM By FEnR]
Number=12846
Confirmed=X
Filename=windasz-updote.exe
Description=Added by the MYTOB.LR WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM Cleaner]
Number=12847
Confirmed=X
Filename=h3.exe
Description=Added by the MYTOB.EQ WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM CLEANER]
Number=12848
Confirmed=X
Filename=iexplore.exe
Description=Added by the MYTOB.ET WORM! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP)
Source=Paul Collins Startup list
[Windows System Configuration]
Number=12849
Confirmed=X
Filename=SYSCFG16.EXE
Description=Added by the WISDOOR.Z TROJAN!
Source=Paul Collins Startup list
[Windows System Configuration]
Number=12850
Confirmed=X
Filename=Passcfg16.exe
Description=Added by the DOMWIS-E TROJAN!
Source=Paul Collins Startup list
[Windows System Configuration]
Number=12851
Confirmed=X
Filename=Winfrw.exe
Description=Added by the SOLUFINA TROJAN or the DOMWIS-J WORM!
Source=Paul Collins Startup list
[Windows System Configuration]
Number=12852
Confirmed=X
Filename=wincfg.exe
Description=Added by the AGOBOT.OP WORM!
Source=Paul Collins Startup list
[Windows System Configuration]
Number=12853
Confirmed=X
Filename=WINCFG32.EXE
Description=Added by the AGOBOT-TE WORM!
Source=Paul Collins Startup list
[Windows System Configuration]
Number=12854
Confirmed=X
Filename=WinNeth.exe
Description=Added by the RETHE-A WORM!
Source=Paul Collins Startup list
[Windows System Configuration]
Number=12855
Confirmed=X
Filename=nether.exe
Description=Added by the Opanki-AB WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM Dns]
Number=12856
Confirmed=X
Filename=windsns.exe
Description=Added by the MYTOB.EY WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM DNSPOOL]
Number=12857
Confirmed=X
Filename=hbmail.exe
Description=Added by the MYTOB.FW WORM!
Source=Paul Collins Startup list
[Windows System File]
Number=12858
Confirmed=X
Filename=cmxp.exe
Description=Added by the SPYBOT.KHO WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM FILE]
Number=12859
Confirmed=X
Filename=winload.exe
Description=Added by the MYTOB.DK WORM!
Source=Paul Collins Startup list
[Windows System Gateway]
Number=12860
Confirmed=X
Filename=SPOOLER.EXE
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows System Init]
Number=12861
Confirmed=X
Filename=winit32.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows System Manager]
Number=12862
Confirmed=X
Filename=winsystem.exe
Description=Added by the RBOT-AN WORM!
Source=Paul Collins Startup list
[Windows System Manager]
Number=12863
Confirmed=X
Filename=CRSL.EXE
Description=Added by the SDBOT.MG WORM!
Source=Paul Collins Startup list
[Windows System Manager]
Number=12864
Confirmed=X
Filename=sysconf.exe
Description=Added by the MYTOB.AL WORM!
Source=Paul Collins Startup list
[Windows System Manager]
Number=12865
Confirmed=X
Filename=smsc.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows System Manager]
Number=12866
Confirmed=X
Filename=crssm.exe
Description=Added by the RBOT-AFH WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM MANAGER]
Number=12867
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the MYTOB-LY WORM!
Source=Paul Collins Startup list
[Windows System Manager Loader]
Number=12868
Confirmed=X
Filename=smsls.exe
Description=Added by the AGOBOT.TF WORM!
Source=Paul Collins Startup list
[Windows System Manager Proc]
Number=12869
Confirmed=X
Filename=winsmc.exe
Description=Added by the RBOT.JH WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM MEMORY LOADER]
Number=12870
Confirmed=X
Filename=memloader.exe
Description=Added by the MYTOB-IN WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM mscdvvs]
Number=12871
Confirmed=X
Filename=mscdvvs.exe
Description=Added by the MYTOB.MD WORM!
Source=Paul Collins Startup list
[windows system notepad]
Number=12872
Confirmed=X
Filename=wnpsm.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows System Restore Configuration]
Number=12873
Confirmed=X
Filename=Sblhost.exe
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[Windows System Restorer]
Number=12874
Confirmed=X
Filename=SystemRestorer.exe
Description=Added by the DULOAD.C WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEM SCALPE]
Number=12875
Confirmed=X
Filename=scalpe91.exe
Description=Added by the MYTOB_HI WORM!
Source=Paul Collins Startup list
[Windows System Security]
Number=12876
Confirmed=X
Filename=winmp.exe
Description=Added by the RBOT.IV WORM!
Source=Paul Collins Startup list
[Windows System Security]
Number=12877
Confirmed=X
Filename=sys32.pif
Description=Added by the RBOT-AOL WORM!
Source=Paul Collins Startup list
[Windows System Security Monitor]
Number=12878
Confirmed=X
Filename=[4 random letters].exe
Description=Added by the PINKTON.A WORM!
Source=Paul Collins Startup list
[Windows System Serivce]
Number=12879
Confirmed=X
Filename=winserv.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[windows system service]
Number=12880
Confirmed=X
Filename=winsock.exe
Description=Added by the RBOT-MR WORM!
Source=Paul Collins Startup list
[Windows System Service]
Number=12881
Confirmed=X
Filename=wnuserv.exe
Description=Added by the SPYBOT.ANDM WORM!
Source=Paul Collins Startup list
[Windows System Tray]
Number=12882
Confirmed=U
Filename=msni.exe
Description=Iambigbrother monitoring software
Source=Paul Collins Startup list
[Windows System Tray]
Number=12883
Confirmed=X
Filename=swhost.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[WINDOWS SYSTEM UPDATE]
Number=12884
Confirmed=X
Filename=xDcc.exe
Description=Added by the MYOTB-EH WORM!
Source=Paul Collins Startup list
[Windows System32]
Number=12885
Confirmed=X
Filename=windowsp.exe
Description=Added by the MYTOB.GD WORM!
Source=Paul Collins Startup list
[Windows System32]
Number=12886
Confirmed=X
Filename=winsys32.exe
Description=Added by the SDBOT-AHS WORM!
Source=Paul Collins Startup list
[Windows System32]
Number=12887
Confirmed=X
Filename=clsas32.exe
Description=Added by the RBOT-AZO WORM!
Source=Paul Collins Startup list
[Windows System32]
Number=12888
Confirmed=X
Filename=explorer.exe
Description=Added by the OPANKI-V WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually!
Source=Paul Collins Startup list
[Windows System32]
Number=12889
Confirmed=X
Filename=System32.exe
Description=Added by the SDBOT-ALI WORM!
Source=Paul Collins Startup list
[Windows SYSTEM32]
Number=12890
Confirmed=X
Filename=Realplayer.exe
Description=Added by the SPYBOT.ZH WORM!
Source=Paul Collins Startup list
[Windows System32]
Number=12891
Confirmed=X
Filename=wingrd32.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows System32 Kernel]
Number=12892
Confirmed=X
Filename=system32.exe
Description=Added by the SDBOT-AAT WORM!
Source=Paul Collins Startup list
[WINDOWS SYSTEMn]
Number=12893
Confirmed=X
Filename=servicces.exe
Description=Added by the MYTOB-EL WORM!
Source=Paul Collins Startup list
[Windows Systemnmg]
Number=12894
Confirmed=X
Filename=stagmr.exe
Description=Added by the MYTOB.S WORM!
Source=Paul Collins Startup list
[Windows Systems16]
Number=12895
Confirmed=X
Filename=winjews16.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Windows Sz Host]
Number=12896
Confirmed=X
Filename=winshvc.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Windows Task Manager]
Number=12897
Confirmed=X
Filename=ACCOUNT_DETAILS.DOC.exe
Description=Added by the QUATERS.A WORM!
Source=Paul Collins Startup list
[Windows Task Manager]
Number=12898
Confirmed=X
Filename=taskmgn.exe
Description=Unidentified malware, either a variant of the WIN32.RBOT WORM, or part of a Casino Palazzo foistware install
Source=Paul Collins Startup list
[Windows Task Manager]
Number=12899
Confirmed=X
Filename=taskmrg.exe
Description=Added by the MYTOB.AV WORM!
Source=Paul Collins Startup list
[Windows Task Manager]
Number=12900
Confirmed=X
Filename=taskgmr.exe
Description=Added by the MYTOB.BJ WORM!
Source=Paul Collins Startup list
[Windows Task Manager]
Number=12901
Confirmed=X
Filename=taskmg.exe
Description=Browser hijacker - identified by DrWeb antivirus as "Trojan.StartPage.601"
Source=Paul Collins Startup list
[Windows Task Manager]
Number=12902
Confirmed=X
Filename=taskmngr.exe
Description=Added by the RBOT-ANM WORM!
Source=Paul Collins Startup list
[Windows Task Manager Emulator]
Number=12903
Confirmed=X
Filename=kennewr.exe
Description=Added by the SPYBOT-FA WORM!
Source=Paul Collins Startup list
[Windows Task Scheduler]
Number=12904
Confirmed=X
Filename=asijdie.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Windows Task Service (32-bits)]
Number=12905
Confirmed=X
Filename=tasksys.exe
Description=Added by the DREFIR.D WORM!
Source=Paul Collins Startup list
[Windows TaskAd]
Number=12906
Confirmed=X
Filename=Wintaskad.exe
Description=Windupdates adware variant
Source=Paul Collins Startup list
[Windows Taskbar Manager]
Number=12907
Confirmed=X
Filename=internat.exe
Description=Added by the PROTORIDE-H WORM!
Source=Paul Collins Startup list
[Windows Taskbar Manager]
Number=12908
Confirmed=X
Filename=[path to file]
Description=Added by the PROTORIDE.B WORM!
Source=Paul Collins Startup list
[Windows Taskbar System]
Number=12909
Confirmed=X
Filename=tasksys.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Windows Taskmanager]
Number=12910
Confirmed=X
Filename=lsassx.exe
Description=Added by the KELVIR.E WORM!
Source=Paul Collins Startup list
[Windows TCP/IP]
Number=12911
Confirmed=X
Filename=wintcp.exe
Description=Added by the AGOBOT-ZH WORM!
Source=Paul Collins Startup list
[Windows Telnet Server]
Number=12912
Confirmed=X
Filename=wintel.exe
Description=Added by the AGOBOT-MW WORM!
Source=Paul Collins Startup list
[Windows Time]
Number=12913
Confirmed=X
Filename=tmservice.exe
Description=Added by a variant of the RBOT-YK WORM!
Source=Paul Collins Startup list
[Windows Time]
Number=12914
Confirmed=X
Filename=winmgr.exe
Description=Added by the RBOT-XC WORM!
Source=Paul Collins Startup list
[Windows Time Server]
Number=12915
Confirmed=X
Filename=TimeSRV.exe
Description=Added by the SPYBOT.DNC WORM!
Source=Paul Collins Startup list
[Windows TM]
Number=12916
Confirmed=X
Filename=SVPHOST.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows TM]
Number=12917
Confirmed=X
Filename=rundlI32.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows TM]
Number=12918
Confirmed=X
Filename=windowssys32.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows TM]
Number=12919
Confirmed=X
Filename=WinxSys.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Upate]
Number=12920
Confirmed=X
Filename=rundll.exe
Description=Added by the HAKO TROJAN! Note - this is NOT the Windows system file of the same name as described here
Source=Paul Collins Startup list
[Windows Update]
Number=12921
Confirmed=X
Filename=[filename]
Description=Added by the NORIO TROJAN! Acts as a hi-jacker redirecting to adult content sites
Source=Paul Collins Startup list
[Windows Update]
Number=12922
Confirmed=X
Filename=iexplorere.exe
Description=Added by the GAOBOT.AP WORM!
Source=Paul Collins Startup list
[windows update]
Number=12923
Confirmed=X
Filename=uddater.exe
Description=Added by the LEOX TROJAN!
Source=Paul Collins Startup list
[Windows Update]
Number=12924
Confirmed=X
Filename=wudate.exe
Description=Added by the AGOBOT.ML WORM!
Source=Paul Collins Startup list
[Windows Update]
Number=12925
Confirmed=X
Filename=wupdate.exe
Description=Wengs adware
Source=Paul Collins Startup list
[windows update]
Number=12926
Confirmed=X
Filename=sychost.exe
Description=Added by the LEOX.B WORM!
Source=Paul Collins Startup list
[Windows Update]
Number=12927
Confirmed=X
Filename=Wuamgrd.exe
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[Windows Update]
Number=12928
Confirmed=X
Filename=inetinf.exe
Description=Added by a variant of the AGOBOT/GAOBOT WORM!
Source=Paul Collins Startup list
[Windows Update]
Number=12929
Confirmed=X
Filename=WindowsUpdate.exe
Description=Added by the BAYROB-A TROJAN!
Source=Paul Collins Startup list
[Windows Update]
Number=12930
Confirmed=X
Filename=host32.exe
Description=Added by the RBOT-GU WORM!
Source=Paul Collins Startup list
[windows update]
Number=12931
Confirmed=X
Filename=wuraclt.exe
Description=Added by the RBOT-PO WORM!
Source=Paul Collins Startup list
[windows update]
Number=12932
Confirmed=X
Filename=Wuanclt.exe
Description=Added by the RBOT.XZ WORM!
Source=Paul Collins Startup list
[Windows Update]
Number=12933
Confirmed=X
Filename=svchosts.exe
Description=Added by the FRUCTA TROJAN!
Source=Paul Collins Startup list
[Windows Update]
Number=12934
Confirmed=X
Filename=ebay.exe
Description=Added by the GAOBOT.BUU WORM!
Source=Paul Collins Startup list
[Windows Update]
Number=12935
Confirmed=X
Filename=windows.exe
Description=Added by the RBOT-RB WORM!
Source=Paul Collins Startup list
[windows update]
Number=12936
Confirmed=X
Filename=wuaurlt.exe
Description=Added by the RBOT.ADG WORM!
Source=Paul Collins Startup list
[Windows Update]
Number=12937
Confirmed=X
Filename=Update.exe
Description=Added by the DELF-FN TROJAN!
Source=Paul Collins Startup list
[Windows Update]
Number=12938
Confirmed=X
Filename=winmguard.exe
Description=Added by the RBOT-EM WORM!
Source=Paul Collins Startup list
[Windows Update]
Number=12939
Confirmed=X
Filename=wuampd.exe
Description=Added by the RBOT.UM WORM!
Source=Paul Collins Startup list
[windows update]
Number=12940
Confirmed=X
Filename=wuarclt.exe
Description=Added by the RBOT-OF WORM!
Source=Paul Collins Startup list
[Windows Update]
Number=12941
Confirmed=X
Filename=winupdate.exe
Description=Added by the SDBOT-WS WORM!
Source=Paul Collins Startup list
[Windows Update]
Number=12942
Confirmed=X
Filename=msnwinsb.exe
Description=Added by the RBOT-AAH WORM!
Source=Paul Collins Startup list
[Windows Update]
Number=12943
Confirmed=X
Filename=scvhost.exe
Description=Added by the SDBOT-XT WORM!
Source=Paul Collins Startup list
[windows update]
Number=12944
Confirmed=X
Filename=Microsoft.exe
Description=Added by the LMIR.A TROJAN!
Source=Paul Collins Startup list
[Windows Update]
Number=12945
Confirmed=X
Filename=mplupdate.exe
Description=Added by the MOEGA WORM!
Source=Paul Collins Startup list
[windows update]
Number=12946
Confirmed=X
Filename=msnsever.exe
Description=Added by the RBOT-AHN WORM!
Source=Paul Collins Startup list
[Windows Update]
Number=12947
Confirmed=X
Filename=taskmr.exe
Description=Added by the MYTOB-GZ WORM!
Source=Paul Collins Startup list
[Windows Update]
Number=12948
Confirmed=X
Filename=update32.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Update]
Number=12949
Confirmed=X
Filename=wininfo.exe
Description=Added by the MYTOB.GA WORM!
Source=Paul Collins Startup list
[Windows Update]
Number=12950
Confirmed=X
Filename=winlogin.exe
Description=Added by the BANKER-DV TROJAN!
Source=Paul Collins Startup list
[Windows Update]
Number=12951
Confirmed=X
Filename=msnupdates.exe
Description=Added by the RBOT-ALK WORM! Note - this file has nothing to do with Windows updates or MSN
Source=Paul Collins Startup list
[Windows Update]
Number=12952
Confirmed=X
Filename=qtask.exe
Description=Added by the RBOT-AKU WORM! Note - do not confuse with the Quicken file of the same name as described here
Source=Paul Collins Startup list
[windows update]
Number=12953
Confirmed=X
Filename=real.exe
Description=Added by the LEGMIR-AU WORM!
Source=Paul Collins Startup list
[Windows Update]
Number=12954
Confirmed=X
Filename=windowsx.exe
Description=Added by the BANCD-A TROJAN!
Source=Paul Collins Startup list
[Windows update]
Number=12955
Confirmed=X
Filename=wudupdate.exe
Description=Adware downloader - Istbar related
Source=Paul Collins Startup list
[Windows Update]
Number=12956
Confirmed=X
Filename=wupdmgr.exe
Description=Added by the BANCBAN-FC TROJAN and variants!
Source=Paul Collins Startup list
[Windows Update]
Number=12957
Confirmed=X
Filename=csrss.exe
Description=Added by the BANKER-HM TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
Source=Paul Collins Startup list
[Windows Update]
Number=12958
Confirmed=X
Filename=msnsupdate.exe
Description=Added by the RBOT-AXS WORM!
Source=Paul Collins Startup list
[Windows Update]
Number=12959
Confirmed=X
Filename=XPLoogNT.exe
Description=Added by the BANCD-B TROJAN!
Source=Paul Collins Startup list
[Windows Update]
Number=12960
Confirmed=X
Filename=install.exe
Description=Added by the BANKER-IB TROJAN!
Source=Paul Collins Startup list
[Windows Update]
Number=12961
Confirmed=X
Filename=msi.exe
Description=Added by the BANKER-XB TROJAN!
Source=Paul Collins Startup list
[Windows Update]
Number=12962
Confirmed=X
Filename=Sqltob.exe
Description=Added by the DASHER.A WORM!
Source=Paul Collins Startup list
[windows update]
Number=12963
Confirmed=X
Filename=logonuit.exe
Description=Added by the LEGMIR-AO TROJAN!
Source=Paul Collins Startup list
[Windows Update]
Number=12964
Confirmed=X
Filename=avkir.exe
Description=Added by the RBOT-GJP WORM!
Source=Paul Collins Startup list
[Windows Update 32]
Number=12965
Confirmed=X
Filename=winlogons.exe
Description=Added by the FORBOT-FI WORM!
Source=Paul Collins Startup list
[Windows Update 32]
Number=12966
Confirmed=X
Filename=rempss.exe
Description=Added by the FORBOT-FW WORM!
Source=Paul Collins Startup list
[Windows Update 32]
Number=12967
Confirmed=X
Filename=slsys.exe
Description=Added by a variant of the FORBOT WORM!
Source=Paul Collins Startup list
[Windows Update 63]
Number=12968
Confirmed=X
Filename=shupd64.exe
Description=Added by the FORBOT-GA WORM!
Source=Paul Collins Startup list
[Windows Update 64]
Number=12969
Confirmed=X
Filename=nbupd64.exe
Description=Added by a variant of the FORBOT WORM!
Source=Paul Collins Startup list
[Windows Update 64]
Number=12970
Confirmed=X
Filename=WinV.exe
Description=Added by the FORBOT-FP WORM!
Source=Paul Collins Startup list
[Windows Update Auto Update]
Number=12971
Confirmed=X
Filename=wuaumgr.exe
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[Windows Update AutoUpdate Client]
Number=12972
Confirmed=X
Filename=waucult.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Update AutoUpdate Client]
Number=12973
Confirmed=X
Filename=wuauclt.exe
Description=Added by the LAZAR.B TROJAN! Note - this is not the legitimate wuauclt.exe process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Windows Update AutoUpdate Client Product]
Number=12974
Confirmed=X
Filename=wuauct.exe
Description=Added by the AGOBOT.ACL WORM!
Source=Paul Collins Startup list
[Windows Update Center]
Number=12975
Confirmed=X
Filename=svthx.exe
Description=Added by the STUBBOT.A WORM!
Source=Paul Collins Startup list
[Windows Update Center]
Number=12976
Confirmed=X
Filename=W32RSA.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Windows Update Checker]
Number=12977
Confirmed=X
Filename=[random filename]
Description=Adware downloader trojan
Source=Paul Collins Startup list
[Windows Update Checker]
Number=12978
Confirmed=X
Filename=msupdte32.exe
Description=Added by the SDBOT-AEF WORM!
Source=Paul Collins Startup list
[Windows Update Checker]
Number=12979
Confirmed=X
Filename=deinst_qfe001.exe
Description=Added by a variant of the Win32.Small TROJAN!
Source=Paul Collins Startup list
[Windows Update Checker]
Number=12980
Confirmed=X
Filename=deinst_qfe002.exe
Description=Added by a variant of the Win32.Small TROJAN!
Source=Paul Collins Startup list
[Windows Update Client]
Number=12981
Confirmed=X
Filename=wuclient.exe
Description=Added by the SMALL-RN TROJAN!
Source=Paul Collins Startup list
[Windows Update Client Service]
Number=12982
Confirmed=X
Filename=windrvl32.exe
Description=Added by the AGOBOT-MM TROJAN!
Source=Paul Collins Startup list
[Windows update config]
Number=12983
Confirmed=X
Filename=svhost.exe
Description=Added by the SDBOT-PF WORM!
Source=Paul Collins Startup list
[windows update configurator]
Number=12984
Confirmed=X
Filename=svghost.exe
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[Windows Update Controller]
Number=12985
Confirmed=X
Filename=mwoffice.exe
Description=Added by the BATTRY-A TROJAN!
Source=Paul Collins Startup list
[Windows Update Drive]
Number=12986
Confirmed=X
Filename=updrvs.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Windows Update Files]
Number=12987
Confirmed=X
Filename=dnetc.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! Note - wupdmgr.exe is the real Windows Update
Source=Paul Collins Startup list
[Windows Update Firewall System]
Number=12988
Confirmed=X
Filename=ctfmoom.exe
Description=Added by the RBOT-GAN WORM!
Source=Paul Collins Startup list
[Windows Update GUI Executable x32x]
Number=12989
Confirmed=X
Filename=wupdategux32.exe
Description=Added by the RBOT.CXY WORM!
Source=Paul Collins Startup list
[Windows Update GUI Executable x32x]
Number=12990
Confirmed=X
Filename=wupdategux32.exe
Description=Added by the RBOT.CXY WORM!
Source=Paul Collins Startup list
[Windows Update Host]
Number=12991
Confirmed=X
Filename=winupsvc.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Windows Update IPv6 Layer]
Number=12992
Confirmed=X
Filename=WIN32IPV6.EXE
Description=Added by the RBOT.DUD WORM!
Source=Paul Collins Startup list
[Windows update loader]
Number=12993
Confirmed=X
Filename=xpupdate.exe
Description=Added by the BRAVE-A TROJAN!
Source=Paul Collins Startup list
[Windows Update Manager]
Number=12994
Confirmed=X
Filename=wupdmngr.exe
Description=Added by the RANDEX.BTB WORM!
Source=Paul Collins Startup list
[Windows Update Manager]
Number=12995
Confirmed=X
Filename=Winlog0n.exe
Description=Added by the AGENT-BO TROJAN!
Source=Paul Collins Startup list
[Windows Update Manager]
Number=12996
Confirmed=X
Filename=wupdate.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Update Manager]
Number=12997
Confirmed=X
Filename=bootwiz.exe
Description=Added by the MYBOT WORM!
Source=Paul Collins Startup list
[Windows Update Manager for NT]
Number=12998
Confirmed=X
Filename=wupdmgr32.exe
Description=Added by the SDBOT.AH WORM!
Source=Paul Collins Startup list
[Windows Update Monitoring Service]
Number=12999
Confirmed=X
Filename=winupdt.exe
Description=Added by the RBOT-PL WORM!
Source=Paul Collins Startup list
[Windows Update Process]
Number=13000
Confirmed=X
Filename=wmiprvsc.exe
Description=Added by the SDBOT-CB WORM!
Source=Paul Collins Startup list
[Windows Update Service]
Number=13001
Confirmed=X
Filename=csrs.exe
Description=Added by the AGOBOT-NI WORM!
Source=Paul Collins Startup list
[Windows Update Service]
Number=13002
Confirmed=X
Filename=smcg.exe
Description=Added by the SDBOT.QY WORM!
Source=Paul Collins Startup list
[Windows Update Service]
Number=13003
Confirmed=X
Filename=SP00ISS.exe
Description=Added by the SDBOT-ZH WORM!
Source=Paul Collins Startup list
[Windows Update Service]
Number=13004
Confirmed=X
Filename=update32.pif
Description=Added by the RBOT-ALC WORM!
Source=Paul Collins Startup list
[Windows Update Service 2004/2005]
Number=13005
Confirmed=X
Filename=systemupdate.exe
Description=Added by the RBOT-JE WORM!
Source=Paul Collins Startup list
[Windows Update services]
Number=13006
Confirmed=X
Filename=wins32svcs.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Update Software]
Number=13007
Confirmed=X
Filename=system.exe
Description=Added by the TOFGER.BX TROJAN!
Source=Paul Collins Startup list
[Windows Update System]
Number=13008
Confirmed=X
Filename=mswins.exe
Description=Added by the IRCBOT.DN WORM!
Source=Paul Collins Startup list
[Windows Update System Shell]
Number=13009
Confirmed=X
Filename=svhostcs32.exe
Description=Added by the RBOT-AAZ WORM!
Source=Paul Collins Startup list
[Windows Update V6]
Number=13010
Confirmed=X
Filename=[random filename]
Description=Added by the RBOT-KT WORM!
Source=Paul Collins Startup list
[Windows Update.exe]
Number=13011
Confirmed=X
Filename=N/A
Description=Homepage hijacker
Source=Paul Collins Startup list
[Windows Updated]
Number=13012
Confirmed=X
Filename=spoolsae.exe
Description=Added by the RBOT-APM WORM!
Source=Paul Collins Startup list
[Windows Updated]
Number=13013
Confirmed=X
Filename=updatr.exe
Description=Added by the RBOT-AYB WORM!
Source=Paul Collins Startup list
[Windows Updater]
Number=13014
Confirmed=X
Filename=wupdmgr32.exe
Description=Added by a variant of the DOS.AUTOCAT TROJAN!
Source=Paul Collins Startup list
[Windows Updater]
Number=13015
Confirmed=X
Filename=iexplorerrs.exe
Description=Added by the RBOT-TN WORM!
Source=Paul Collins Startup list
[Windows Updater]
Number=13016
Confirmed=X
Filename=svigost.exe
Description=Added by the RBOT-VS WORM!
Source=Paul Collins Startup list
[Windows Updater]
Number=13017
Confirmed=X
Filename=wupdate.exe
Description=Added by the WOOTBOT.AJ WORM!
Source=Paul Collins Startup list
[Windows Updater]
Number=13018
Confirmed=X
Filename=sdsys.exe
Description=Added by the FORBOT-JG WORM!
Source=Paul Collins Startup list
[Windows Updater Online]
Number=13019
Confirmed=X
Filename=winupdatexx.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Updates]
Number=13020
Confirmed=X
Filename=lsassx.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Windows Updates]
Number=13021
Confirmed=X
Filename=winupd32.exe
Description=Added by the MYTOB.CE WORM!
Source=Paul Collins Startup list
[Windows Updates]
Number=13022
Confirmed=X
Filename=w32dns.exe
Description=Added by the SDBOT-BFW WORM!
Source=Paul Collins Startup list
[Windows Updating Service]
Number=13023
Confirmed=X
Filename=updating.pif
Description=Added by the RBOT-ALW WORM!
Source=Paul Collins Startup list
[Windows Updtee Mgnr]
Number=13024
Confirmed=X
Filename=W1NT45K.exe
Description=Added by the MYTOB.DC WORM!
Source=Paul Collins Startup list
[Windows USB 2.0 Driver]
Number=13025
Confirmed=X
Filename=usbtskmgr.exe
Description=Added by the RBOT-BKG WORM!
Source=Paul Collins Startup list
[Windows USB 2.0 Driver]
Number=13026
Confirmed=X
Filename=usb2ctrl.exe
Description=Added by the RBOT-BIW WORM!
Source=Paul Collins Startup list
[Windows USB controler]
Number=13027
Confirmed=X
Filename=winusb.exe
Description=Added by the RBOT-HR WORM!
Source=Paul Collins Startup list
[Windows USB Driver Support]
Number=13028
Confirmed=X
Filename=Windowsusb.exe
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[Windows USB Service]
Number=13029
Confirmed=X
Filename=666.exe
Description=Added by the MYTOB.AR WORM!
Source=Paul Collins Startup list
[Windows USBD]
Number=13030
Confirmed=X
Filename=msifirewall.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Windows User Mode Driver Manager]
Number=13031
Confirmed=X
Filename=wdfmrg.exe
Description=Added by SDBOT-ZN WORM!
Source=Paul Collins Startup list
[Windows User Starter]
Number=13032
Confirmed=X
Filename=winuser32.exe
Description=Added by the RBOT.SN WORM!
Source=Paul Collins Startup list
[Windows Version Check]
Number=13033
Confirmed=N
Filename=ver_chk.exe
Description=Version checker for CyberAudioLibrary - "a new way to exchange information through the Internet"
Source=Paul Collins Startup list
[Windows video]
Number=13034
Confirmed=X
Filename=vide_32.exe
Description=Added by a variant of the AGOBOT/GAOBOT WORM!
Source=Paul Collins Startup list
[Windows Video Acquisition (WVA)]
Number=13035
Confirmed=X
Filename=wvsvc.exe
Description=Added by the AGOBOT.YM WORM!
Source=Paul Collins Startup list
[Windows Video Drivers]
Number=13036
Confirmed=X
Filename=videons32.exe
Description=Added by the GAOBOT.AZT WORM!
Source=Paul Collins Startup list
[Windows Virus Control]
Number=13037
Confirmed=X
Filename=plou.exe
Description=Added by the SDBOT-ACZ WORM!
Source=Paul Collins Startup list
[Windows Web Services]
Number=13038
Confirmed=X
Filename=localsvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Windows Web Services]
Number=13039
Confirmed=X
Filename=netsvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Windows Web Services]
Number=13040
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Windows Web Services]
Number=13041
Confirmed=X
Filename=svcadmin.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Windows Web Services]
Number=13042
Confirmed=X
Filename=svcman.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Windows Web Services]
Number=13043
Confirmed=X
Filename=svcrun.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Windows Web Services]
Number=13044
Confirmed=X
Filename=tcpsvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Windows Web Services]
Number=13045
Confirmed=X
Filename=websvc.exe
Description=Added by the DLOADER-NY TROJAN!
Source=Paul Collins Startup list
[Windows Winhlp32 Stub Service]
Number=13046
Confirmed=X
Filename=winhlp32.pif
Description=Added by the AIMBOT.AH TROJAN!
Source=Paul Collins Startup list
[Windows WKS]
Number=13047
Confirmed=X
Filename=wsass.exe
Description=Added by the SDBOT-DK WORM!
Source=Paul Collins Startup list
[Windows WMF Fix]
Number=13048
Confirmed=X
Filename=winfix.exe
Description=Added by the RBOT-FTQ WORM!
Source=Paul Collins Startup list
[Windows Workstation]
Number=13049
Confirmed=X
Filename=mpci.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Workstation]
Number=13050
Confirmed=X
Filename=msup32a.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Windows Workstation Service]
Number=13051
Confirmed=X
Filename=explore.exe
Description=Added by unknown malware
Source=Paul Collins Startup list
[Windows Workstation Service (32-bits)]
Number=13052
Confirmed=X
Filename=wkssvc32.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Windows Workstation Start Service]
Number=13053
Confirmed=X
Filename=mslanmgr.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows Xp]
Number=13054
Confirmed=X
Filename=nortonguard.exe
Description=Added by the MYTOB-DZ WORM!
Source=Paul Collins Startup list
[Windows XP Automatic Update]
Number=13055
Confirmed=X
Filename=wXPupdate.exe
Description=Added by the RBOT-AFC WORM!
Source=Paul Collins Startup list
[Windows Xp Service Pack 2]
Number=13056
Confirmed=X
Filename=svchost.exe
Description=Added by the XPLOS-A TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Windows XP SP2 KeyGen]
Number=13057
Confirmed=X
Filename=Windows XP SP2 KeyGen.exe
Description=Added by the TIBICK-C WORM!
Source=Paul Collins Startup list
[Windows-System]
Number=13058
Confirmed=X
Filename=System32.exe
Description=Added by the LOGPOLE.C WORM!
Source=Paul Collins Startup list
[Windows-TCP-IP]
Number=13059
Confirmed=X
Filename=rfkampig.exe
Description=Added by the GIPMA TROJAN!
Source=Paul Collins Startup list
[Windows-XP-Service-Pack]
Number=13060
Confirmed=X
Filename=xpspz.exe
Description=Added by the SDBOT-AAC WORM!
Source=Paul Collins Startup list
[windows16]
Number=13061
Confirmed=X
Filename=windows16.exe
Description=Added by the XU TROJAN!
Source=Paul Collins Startup list
[Windows32]
Number=13062
Confirmed=X
Filename=rundll.exe
Description=Added by the AGOBOT-LK or AGOBOT-ND WORMS! Note - this is NOT the Windows system file of the same name as described here
Source=Paul Collins Startup list
[windows32]
Number=13063
Confirmed=X
Filename=windows32.exe
Description=Added by the XU TROJAN!
Source=Paul Collins Startup list
[Windows32]
Number=13064
Confirmed=X
Filename=wuuaclt.exe
Description=Added by the BRATLE.B WORM!
Source=Paul Collins Startup list
[Windows32 Configuration Loader]
Number=13065
Confirmed=X
Filename=msrf32.exe
Description=Added by the SDBOT-ABX WORM!
Source=Paul Collins Startup list
[Windows32 Messenger Service]
Number=13066
Confirmed=X
Filename=msmsgv.exe
Description=Added by the RBOT.ANS WORM!
Source=Paul Collins Startup list
[Windows32 Net Database]
Number=13067
Confirmed=X
Filename=msnd32.exe
Description=Added by the RBOT-AAL WORM!
Source=Paul Collins Startup list
[Windows32 Serivces]
Number=13068
Confirmed=X
Filename=winser32.exe
Description=Added by the SPYBOT.AAF WORM!
Source=Paul Collins Startup list
[WindowsAgent]
Number=13069
Confirmed=X
Filename=WindowsAgent.exe
Description=Added by the GOP.G WORM!
Source=Paul Collins Startup list
[WindowsAgent]
Number=13070
Confirmed=X
Filename=sysexhook.exe
Description=Added by the GOP keyboard logger/TROJAN!
Source=Paul Collins Startup list
[WindowsAPI.DLL]
Number=13071
Confirmed=X
Filename=Server5.exe
Description=Added by the "Fear and Hope" TROJAN!
Source=Paul Collins Startup list
[WindowsAudio]
Number=13072
Confirmed=X
Filename=systemupd.exe
Description=Added by the AGENT-TH WORM!
Source=Paul Collins Startup list
[WindowsBackup]
Number=13073
Confirmed=X
Filename=WINDOWSBACKUP.EXE
Description=Added by the STANG WORM!
Source=Paul Collins Startup list
[WindowsBool]
Number=13074
Confirmed=X
Filename=aimplg.exe
Description=Added by the SDBOT-CNG WORM!
Source=Paul Collins Startup list
[WindowsCRC]
Number=13075
Confirmed=X
Filename=wscrc.exe
Description=Added by the SDBOT-VU WORM!
Source=Paul Collins Startup list
[WindowsCriticalUpdate]
Number=13076
Confirmed=X
Filename=windows_critical_update.exe
Description=Added by the ASTEF or RESPAN WORMS!
Source=Paul Collins Startup list
[WindowsDiskEvt]
Number=13077
Confirmed=X
Filename=svcsvh32.exe
Description=Added by the NANINF.D TROJAN!
Source=Paul Collins Startup list
[WindowsDiskLog]
Number=13078
Confirmed=X
Filename=cstsm.exe
Description=Added by the STINX-C or STINX-D TROJANS!
Source=Paul Collins Startup list
[WindowsFileSystem]
Number=13079
Confirmed=X
Filename=winsfs32.exe
Description=Added by the RBOT-FMQ WORM!
Source=Paul Collins Startup list
[WindowsFirewallSvc]
Number=13080
Confirmed=X
Filename=winsvcup.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[WINDOWSflashbrg]
Number=13081
Confirmed=X
Filename=sqldata1.exe
Description=Added by a variant of the AGENT-IC TROJAN!
Source=Paul Collins Startup list
[WindowsFY]
Number=13082
Confirmed=X
Filename=wp.exe
Description=Part of a "Security IGuard" parasite infestation - also detected as DESKTOPHIJACK
Source=Paul Collins Startup list
[WindowsFY]
Number=13083
Confirmed=X
Filename=bsw.exe
Description=Added by a variant of the DESKTOPHIJACK TROJAN! For removal see here
Source=Paul Collins Startup list
[WindowsFY]
Number=13084
Confirmed=X
Filename=[path to trojan]
Description=Added by the FAKEALE-E TROJAN!
Source=Paul Collins Startup list
[WindowsFZ]
Number=13085
Confirmed=X
Filename=[path to file]
Description=Added by the DESKTOPHIJACK VIRUS! Also see DESKTOPHIJACK.B TROJAN!
Source=Paul Collins Startup list
[WindowsFZ]
Number=13086
Confirmed=X
Filename=A5281300.so
Description=Variant of the SmitFraud alias FAKEALE-C TROJAN!
Source=Paul Collins Startup list
[WindowsFZ]
Number=13087
Confirmed=X
Filename=zloader3.exe
Description=Variant of the SmitFraud alias FAKEALE-C TROJAN!
Source=Paul Collins Startup list
[WindowsKeyUpdate]
Number=13088
Confirmed=X
Filename=master.exe
Description=Added by the JOSAM WORM!
Source=Paul Collins Startup list
[WindowsMGM]
Number=13089
Confirmed=X
Filename=Winmgm32.exe
Description=Added by the SOBIG.A WORM and LALA.C TROJAN!
Source=Paul Collins Startup list
[WindowsProtocolLog]
Number=13090
Confirmed=X
Filename=lsadst.exe
Description=Added by the NANINF.C TROJAN!
Source=Paul Collins Startup list
[WindowsReg% update]
Number=13091
Confirmed=X
Filename=[random filename].exe
Description=Added by the RBOT-HH WORM!
Source=Paul Collins Startup list
[WindowsRegistration]
Number=13092
Confirmed=X
Filename=[random filename]
Description=Added by the RBOT-NO WORM!
Source=Paul Collins Startup list
[WindowsRegKey Autoupdate]
Number=13093
Confirmed=X
Filename=[random filename]
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[WindowsRegKey upd4te2d4te]
Number=13094
Confirmed=X
Filename=*********.exe [* = random char]
Description=Added by the RBOT.XQ WORM!
Source=Paul Collins Startup list
[WindowsRegKey update]
Number=13095
Confirmed=X
Filename=winupdate.exe
Description=Added by the RBOT-QJ WORM!
Source=Paul Collins Startup list
[WindowsRegKey update]
Number=13096
Confirmed=X
Filename=windns.exe
Description=Added by the RBOT.IE WORM!
Source=Paul Collins Startup list
[WindowsRegKey update]
Number=13097
Confirmed=X
Filename=WinUpdate32.exe
Description=Added by the RBOT-AGW WORM!
Source=Paul Collins Startup list
[WindowsRegKey update]
Number=13098
Confirmed=X
Filename=winupdatexx.exe
Description=Added by the RBOT.LW WORM!
Source=Paul Collins Startup list
[WindowsRegKey update]
Number=13099
Confirmed=X
Filename=[random filename]
Description=Added by the RBOT.QT WORM!
Source=Paul Collins Startup list
[WindowsRegKey update]
Number=13100
Confirmed=X
Filename=svchoosts.exe
Description=Added by the RBOT.ADB WORM!
Source=Paul Collins Startup list
[WindowsRegKey update]
Number=13101
Confirmed=X
Filename=svchostc.exe
Description=Added by the RBOT.IF WORM!
Source=Paul Collins Startup list
[WindowsRegKey update]
Number=13102
Confirmed=X
Filename=wdnupdate.exe
Description=Added by the SDBOT.QX WORM!
Source=Paul Collins Startup list
[WindowsRegKey update]
Number=13103
Confirmed=X
Filename=Windowsup.exe
Description=Added by the SDBOT.PU WORM!
Source=Paul Collins Startup list
[WindowsRegKey update]
Number=13104
Confirmed=X
Filename=WINUPDATES.EXE
Description=Added by the RBOT-MM WORM!
Source=Paul Collins Startup list
[WindowsRegKey update]
Number=13105
Confirmed=X
Filename=rkbuouoxfl.exe
Description=Added by the RBOT-OO WORM!
Source=Paul Collins Startup list
[WindowsRegKey update]
Number=13106
Confirmed=X
Filename=winsys.exe
Description=Added by the RBOT-JY WORM!
Source=Paul Collins Startup list
[WindowsRegKey update]
Number=13107
Confirmed=X
Filename=winupdat32.exe
Description=Added by the RBOT-AGW WORM!
Source=Paul Collins Startup list
[WindowsRegKey update XP]
Number=13108
Confirmed=X
Filename=windexv1.exe
Description=Added by the RBOT-ABM WORM!
Source=Paul Collins Startup list
[WindowsRegKey%$ update]
Number=13109
Confirmed=X
Filename=msi332.exe
Description=Added by the RBOT-IX WORM!
Source=Paul Collins Startup list
[WindowsRegKey%update]
Number=13110
Confirmed=X
Filename=ethernet32m.exe
Description=Added by the RBOT-EN WORM!
Source=Paul Collins Startup list
[WindowsRegKeys update]
Number=13111
Confirmed=X
Filename=winsysi.exe
Description=Added by the SDBOT.WE WORM!
Source=Paul Collins Startup list
[WindowsSetup]
Number=13112
Confirmed=X
Filename=[path to trojan]
Description=Added by the EZBOT TROJAN!
Source=Paul Collins Startup list
[WindowsSystem32]
Number=13113
Confirmed=X
Filename=asper.exe
Description=Added by the AGENT-EFP TROJAN!
Source=Paul Collins Startup list
[WindowsSystem32]
Number=13114
Confirmed=X
Filename=svchosts.exe
Description=Added by the AGENT-EDA TROJAN!
Source=Paul Collins Startup list
[windowstime.exe]
Number=13115
Confirmed=X
Filename=windowstime.exe
Description=Added by the AQV TROJAN!
Source=Paul Collins Startup list
[WindowsUpd]
Number=13116
Confirmed=X
Filename=WindowsUpd4.exe
Description=VirtuMonde adware
Source=Paul Collins Startup list
[WindowsUpd1]
Number=13117
Confirmed=X
Filename=WindowsUpd1.exe
Description=VirtuMonde adware
Source=Paul Collins Startup list
[WindowsUpd2]
Number=13118
Confirmed=X
Filename=WindowsUpd2.exe
Description=VirtuMonde adware
Source=Paul Collins Startup list
[WindowsUpdate]
Number=13119
Confirmed=X
Filename=windows_update.exe
Description=Added by the LOFNI WORM!
Source=Paul Collins Startup list
[WindowsUpdate]
Number=13120
Confirmed=X
Filename=svchost.exe
Description=Added by the ASTEF or RESPAN WORMS or AGENT-V TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[windowsupdate]
Number=13121
Confirmed=X
Filename=RPCX1sQ3.exe
Description=Added by the IRCBOT.B TROJAN!
Source=Paul Collins Startup list
[WindowsUpdate]
Number=13122
Confirmed=X
Filename=USRINIT.EXE
Description=Added by the MADDIS.B WORM!
Source=Paul Collins Startup list
[windowsupdate]
Number=13123
Confirmed=X
Filename=winupdate.exe
Description=Added by the WARPI WORM!
Source=Paul Collins Startup list
[WindowsUpdate]
Number=13124
Confirmed=X
Filename=svchost.exe
Description=Added by the IK TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[WindowsUpdate]
Number=13125
Confirmed=X
Filename=winnnint.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[WindowsUpdate]
Number=13126
Confirmed=X
Filename=[path to file]
Description=Added by the DUPA-B TROJAN!
Source=Paul Collins Startup list
[WindowsUpdate]
Number=13127
Confirmed=X
Filename=dupadupam2.exe
Description=Added by the DUPA-B TROJAN!
Source=Paul Collins Startup list
[WindowsUpdate]
Number=13128
Confirmed=X
Filename=svchostw.exe
Description=Added by the COBFINN_B TROJAN!
Source=Paul Collins Startup list
[WindowsUpdate renew]
Number=13129
Confirmed=X
Filename=iexplore.exe
Description=Added by the AGENT.QG TROJAN! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[WindowsUpdate Service]
Number=13130
Confirmed=X
Filename=wuautlc.exe
Description=Added by the RBOT-NR WORM!
Source=Paul Collins Startup list
[Windowsupdate Service]
Number=13131
Confirmed=X
Filename=csrss.exe
Description=Added by the BABA-B WORM! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the root folder (ie, C:\)
Source=Paul Collins Startup list
[WindowsUpdateDirect]
Number=13132
Confirmed=X
Filename=dupadirect.exe
Description=Added by the DUPA-C TROJAN!
Source=Paul Collins Startup list
[WindowsUpdatem1]
Number=13133
Confirmed=X
Filename=[path to file]
Description=Added by the AGENT-AAJ TROJAN!
Source=Paul Collins Startup list
[WindowsUpdatem2]
Number=13134
Confirmed=X
Filename=svchost.exe
Description=Added by an unidentified WORM or TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
Source=Paul Collins Startup list
[WindowsUpdateNT]
Number=13135
Confirmed=X
Filename=svwhost.exe
Description=Added by the SHELLOT-B TROJAN!
Source=Paul Collins Startup list
[WindowsUpdateR]
Number=13136
Confirmed=X
Filename=regserv.exe
Description=Added by the COBFINN_B TROJAN!
Source=Paul Collins Startup list
[WindowsXP Module]
Number=13137
Confirmed=X
Filename=DirectX3D.exe
Description=Malware, reportedly a keylogger - see here
Source=Paul Collins Startup list
[WindowsXP Update]
Number=13138
Confirmed=X
Filename=windowsxpupdate.exe
Description=Added by the RBOT-PB WORM!
Source=Paul Collins Startup list
[WindowsXPserv]
Number=13139
Confirmed=X
Filename=svcnxp32.exe
Description=Addee by the NANINF-A TROJAN!
Source=Paul Collins Startup list
[Windows_LowLevel_Security_Core]
Number=13140
Confirmed=X
Filename=lsass.exe
Description=Added by the PADMIN-A TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Repair" subfolder of the Winnt or Windows folder
Source=Paul Collins Startup list
[Windows_Protect]
Number=13141
Confirmed=X
Filename=winsystem.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows_Protect]
Number=13142
Confirmed=X
Filename=winregal.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Windows_Protect]
Number=13143
Confirmed=X
Filename=lsas.exe
Description=Added by the RBOT.ARO WORM!
Source=Paul Collins Startup list
[Windows_Protect]
Number=13144
Confirmed=X
Filename=wincontrol32.exe
Description=Added by the RBOT-ADK WORM!
Source=Paul Collins Startup list
[Windows_Serivce]
Number=13145
Confirmed=X
Filename=SERVICE.exe
Description=Added by the WOOTBOT.AH WORM!
Source=Paul Collins Startup list
[Windows_Updates]
Number=13146
Confirmed=X
Filename=svthost.exe
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[Windows_VXD]
Number=13147
Confirmed=X
Filename=user32.exe
Description=Added by the PPORT TROJAN!
Source=Paul Collins Startup list
[Windowz]
Number=13148
Confirmed=X
Filename=[original worm filename].vbs
Description=Added by the NUKIP WORM!
Source=Paul Collins Startup list
[Windowz Update V2.0]
Number=13149
Confirmed=X
Filename=Explorer.exe
Description=Added by the YODO WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System32 subfolder
Source=Paul Collins Startup list
[Windoxs Update Center]
Number=13150
Confirmed=X
Filename=W32RfSA.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[WinDrg32]
Number=13151
Confirmed=X
Filename=windrg32.exe
Description=Added by the DRUDGEBOT.A WORM!
Source=Paul Collins Startup list
[WinDriv32]
Number=13152
Confirmed=X
Filename=WinDriv32.exe
Description=Added by the SMALL-BA TROJAN!
Source=Paul Collins Startup list
[WinDriver Configuration]
Number=13153
Confirmed=X
Filename=windrvconf.exe
Description=Added by the AGOBOT-LX TROJAN!
Source=Paul Collins Startup list
[WinDrives]
Number=13154
Confirmed=X
Filename=WinDrives.EXE
Description=Added by the SMALL.DIG WORM!
Source=Paul Collins Startup list
[WINDRUN]
Number=13155
Confirmed=X
Filename=taskgmrs.exe
Description=Added by the MYTOB-BT WORM!
Source=Paul Collins Startup list
[windrv]
Number=13156
Confirmed=X
Filename=windrv32.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! - possibly a strain of OBLIVION or BIONET
Source=Paul Collins Startup list
[WinDrv]
Number=13157
Confirmed=X
Filename=windrvx.exe
Description=Added by a variant of the TIBSER.A downloader TROJAN!
Source=Paul Collins Startup list
[WinDSL MTU-Adjust]
Number=13158
Confirmed=U
Filename=WinDSL_MTU.exe
Description=Adjusts the registry setting of the DUN-Adapters (MTU) and the TCP/IP-Protocol (RWIN) by ENGEL Technologieberatung
Source=Paul Collins Startup list
[WinDSL_MTU]
Number=13159
Confirmed=?
Filename=WinDSL_MTU.exe
Description=May be realted to Tiscali broadband, if so is it required?
Source=Paul Collins Startup list
[WinDSNX]
Number=13160
Confirmed=X
Filename=Win????.exe
Description=Added by the DSNX TROJAN!
Source=Paul Collins Startup list
[WindUpdates]
Number=13161
Confirmed=X
Filename=[path to trojan]
Description=Added by the AGENT.BF TROJAN!
Source=Paul Collins Startup list
[WindUpdates]
Number=13162
Confirmed=X
Filename=WinUpdt.exe
Description=Windupdates adware variant
Source=Paul Collins Startup list
[WINDVDpatch]
Number=13163
Confirmed=U
Filename=CTHELPER.EXE
Description=CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative's sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so it's best left disabled unless you need it
Source=Paul Collins Startup list
[WinDVR SchSvr]
Number=13164
Confirmed=N
Filename=SchSvr.exe
Description=WinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs
Source=Paul Collins Startup list
[WinDVRCtrl]
Number=13165
Confirmed=N
Filename=WinDVRCtrl.exe
Description=Control center software for an AOpen VA1000 TV tuner card
Source=Paul Collins Startup list
[Windws Configuration Loader]
Number=13166
Confirmed=X
Filename=LEXPLORE.exe
Description=Added by the SODABOT WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer
Source=Paul Collins Startup list
[WinEssential]
Number=13167
Confirmed=X
Filename=Keyhost.exe
Description=Hijacker - hailing from jraun.com
Source=Paul Collins Startup list
[WinEssential]
Number=13168
Confirmed=X
Filename=keyword.exe
Description=Jraun adware
Source=Paul Collins Startup list
[WinEx]
Number=13169
Confirmed=X
Filename=lexplore_.exe
Description=Added by the MSNOPT-A TROJAN!
Source=Paul Collins Startup list
[WinExec]
Number=13170
Confirmed=X
Filename=Winexec.exe.vbs
Description=Added by the AINESEY.A WORM!
Source=Paul Collins Startup list
[WinExec]
Number=13171
Confirmed=X
Filename=WinExec.exe
Description=Added by the FALUS-A WORM!
Source=Paul Collins Startup list
[WinExec]
Number=13172
Confirmed=X
Filename=Lsass.exe
Description=Added by the CRUTLE-B WORM! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[WinExec32]
Number=13173
Confirmed=X
Filename=WinExec32.exe
Description=Added by the KAZWIN WORM!
Source=Paul Collins Startup list
[WinFast Schedule]
Number=13174
Confirmed=U
Filename=Wfwiz.exe
Description=Leadtek WinFast TV tuner scheduler and remote control driver - required if you use the latter
Source=Paul Collins Startup list
[Winfast2KLoadDefault]
Number=13175
Confirmed=U
Filename=Rundll32.exe Wf2kcpl.dll, DllLoadDefaultSettings
Description=Loads default settings for Leadtek Winfast graphics cards
Source=Paul Collins Startup list
[WinFastDTV]
Number=13176
Confirmed=U
Filename=DTVSchdl.exe
Description=Scheduler for WinFast DTV digital TV cards from Leadtek Research Inc
Source=Paul Collins Startup list
[Winfast_2K]
Number=13177
Confirmed=U
Filename=WF2k.exe
Description=System Tray application that starts up the Winfox utility for a Leadtek Winfast grpahics card to restore settings. Can be started manually from Start -> Settings -> Control Panel Display. Only needed if you wish to run things like the hardware monitor or overclock your card
Source=Paul Collins Startup list
[WinFast_Gamma]
Number=13178
Confirmed=U
Filename=Rundll32.exe wfcpl.dll, DllLoadGammaRampSettings
Description=Loads if you change the gamma settings on Leadtek WinFast graphics cards
Source=Paul Collins Startup list
[WinFast_Taskbar]
Number=13179
Confirmed=U
Filename=rundll32.exe wftask.dll, WFDllLoadDefaultSettings
Description=Loads default settings for Leadtek WinFast graphics cards
Source=Paul Collins Startup list
[WinFavorites]
Number=13180
Confirmed=X
Filename=WinFavorites.exe1
Description=Loudmarketing.com adware downloader
Source=Paul Collins Startup list
[WinFax PRO]
Number=13181
Confirmed=N
Filename=FAXMNG32.EXE
Description=WinFax PRO from Symantec - fax management software
Source=Paul Collins Startup list
[WinFax PRO Controller]
Number=13182
Confirmed=N
Filename=WFXCTL32.EXE
Description=From WinFax 10.0 and possibly earlier versions. Appears if you chose to have WinFax appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start -> Programs
Source=Paul Collins Startup list
[WinFaxAppPortStarter]
Number=13183
Confirmed=Y
Filename=wfxsnt40.exe
Description=WinFax 10.0 and maybe earlier versions. Used to initiate the WinFax port to enable printing to the WinFax printer (send a fax) from any application.
Source=Paul Collins Startup list
[WinFire]
Number=13184
Confirmed=X
Filename=WF.exe
Description=Added by the DELF-SY TROJAN!
Source=Paul Collins Startup list
[WinFix service]
Number=13185
Confirmed=X
Filename=rsswjzgp.exe
Description=Added by the RBOT-FAE WORM!
Source=Paul Collins Startup list
[WinFixer 2005]
Number=13186
Confirmed=X
Filename=wfx5.exe
Description=WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here
Source=Paul Collins Startup list
[WinFixer helper]
Number=13187
Confirmed=X
Filename=wfxcwr.exe
Description=WinAntiSpyware 2005 by Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here
Source=Paul Collins Startup list
[WinFixer service]
Number=13188
Confirmed=X
Filename=[random filename].exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[WinFixer2006]
Number=13189
Confirmed=X
Filename=uwfx6.exe
Description=WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here
Source=Paul Collins Startup list
[WinFlyer32.dll]
Number=13190
Confirmed=X
Filename=WinFlyer32.dll
Description=Added by the WINFLYER TROJAN!
Source=Paul Collins Startup list
[winfont]
Number=13191
Confirmed=X
Filename=winfont.exe
Description=Added by the DEATH TROJAN!
Source=Paul Collins Startup list
[winform]
Number=13192
Confirmed=X
Filename=winform.exe
Description=Added by the PWS-ALB TROJAN!
Source=Paul Collins Startup list
[WinFoxV2]
Number=13193
Confirmed=U
Filename=WF2k.exe
Description=System Tray application that starts up the Winfox utility for a Leadtek Winfast grpahics card to restore settings. Can be started manually from Start -> Settings -> Control Panel Display. Only needed if you wish to run things like the hardware monitor or overclock your card
Source=Paul Collins Startup list
[WinFX]
Number=13194
Confirmed=X
Filename=cssrs.exe
Description=Added by the AGOBOT.FX WORM!
Source=Paul Collins Startup list
[WinGate]
Number=13195
Confirmed=X
Filename=WinGate.exe
Description=Added by a variant of the LOVGATE WORM!
Source=Paul Collins Startup list
[WinGate Engine Monitor]
Number=13196
Confirmed=U
Filename=wgengmon.exe
Description=WinGate Internet Client Dialup Monitor - component of WinGate proxy server software. Displays the status of the WinGate engine, and appears in the system tray of each workstation on the network reassuring clients that their workstations have connectivity with the WinGate Server
Source=Paul Collins Startup list
[WinGate initialize]
Number=13197
Confirmed=X
Filename=WinGate.exe
Description=Added by a variant of the LOVGATE WORM!
Source=Paul Collins Startup list
[wingerver2.0.exe]
Number=13198
Confirmed=X
Filename=wingerver2.0.exe
Description=Added by the GRAYBRD-AE TROJAN!
Source=Paul Collins Startup list
[wingo]
Number=13199
Confirmed=X
Filename=wingo.exe
Description=Added by the BEAGLE.AW or BEAGLE.AV WORMS!
Source=Paul Collins Startup list
[wingo]
Number=13200
Confirmed=X
Filename=[various filenames]
Description=Added by the BAGLE-AU WORM!
Source=Paul Collins Startup list
[WinGuage Pro]
Number=13201
Confirmed=N
Filename=WGPRO32.EXE
Description=Part of McAfee Nuts & Bolts. "WinGauge is a dynamic reporting tool that constantly monitors your use of Windows and your applications, to alert you to potential problems before they become serious". Resource hog. Available via Start -> Programs
Source=Paul Collins Startup list
[Winguard]
Number=13202
Confirmed=Y
Filename=WGFE95.EXE
Description=Dr Solomon's Virex antivirus
Source=Paul Collins Startup list
[winguard]
Number=13203
Confirmed=Y
Filename=wingrd32.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[WinGuard Pro]
Number=13204
Confirmed=U
Filename=wgp.exe
Description=Winguard Pro
Source=Paul Collins Startup list
[WinHacker]
Number=13205
Confirmed=N
Filename=rundll32.exe wh95.dll, HackMe
Description=WinHacker tweaking utility by Wedge Software. There are far better tweakers and, unlike WinHacker, most are free
Source=Paul Collins Startup list
[Winhelp]
Number=13206
Confirmed=X
Filename=winhe1p.exe
Description=Added by the QQPASS.E TROJAN!
Source=Paul Collins Startup list
[WinHelp]
Number=13207
Confirmed=X
Filename=WinHelp.exe
Description=Added by a variant of the LOVGATE WORM! Note - "winhelp.exe" resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP) whereas the valid "winhelp.exe" resides in C:\Windows or C:\Winnt
Source=Paul Collins Startup list
[WinHelp]
Number=13208
Confirmed=X
Filename=realsched.exe
Description=Added by a variant of the LOVGATE WORM! Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name
Source=Paul Collins Startup list
[Winhelp]
Number=13209
Confirmed=X
Filename=TkBellExe.exe...
Description=Added by a variant of the LOVGATE WORM!
Source=Paul Collins Startup list
[winhelp]
Number=13210
Confirmed=X
Filename=winhelp.exe
Description=Added by the BLACKMAL.C WORM! Note - this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
Source=Paul Collins Startup list
[winhelp]
Number=13211
Confirmed=X
Filename=dns32.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[winhelp]
Number=13212
Confirmed=X
Filename=Updadv.exe
Description=Added by the QQPASS-N TROJAN!
Source=Paul Collins Startup list
[winhlp.exe]
Number=13213
Confirmed=X
Filename=winhlp.exe
Description=Added by the FORMGLIEDER TROJAN!
Source=Paul Collins Startup list
[winhlp3.exe]
Number=13214
Confirmed=X
Filename=winhlp3.exe
Description=Added by a variant of the EASTO.A TROJAN!
Source=Paul Collins Startup list
[Winhlp32]
Number=13215
Confirmed=X
Filename=Wscript.exe ..Msexec32.vbs
Description=Added by the GANT.B WORM!
Source=Paul Collins Startup list
[winhlp32.exe]
Number=13216
Confirmed=X
Filename=winhlp32.exe
Description=Added by the EASTO.A TROJAN!
Source=Paul Collins Startup list
[winhlpp32.exe]
Number=13217
Confirmed=X
Filename=winhlpp32.exe
Description=Added by the GAOBOT.SY WORM!
Source=Paul Collins Startup list
[Winhost]
Number=13218
Confirmed=X
Filename=wintt.exe
Description=Added by the LOLAWEB.B TROJAN!
Source=Paul Collins Startup list
[Winhost]
Number=13219
Confirmed=X
Filename=win.exe
Description=Added by the DLOADER-AP TROJAN!
Source=Paul Collins Startup list
[Winhost]
Number=13220
Confirmed=X
Filename=yahoo.exe
Description=Added by the DELF-KM TROJAN!
Source=Paul Collins Startup list
[Winhost]
Number=13221
Confirmed=X
Filename=winhost.exe
Description=Added by the REATLE.F WORM!
Source=Paul Collins Startup list
[winhost.exe]
Number=13222
Confirmed=X
Filename=winhost.exe
Description=Added by the LOHAV-R TROJAN!
Source=Paul Collins Startup list
[winhost32.exe]
Number=13223
Confirmed=X
Filename=winhost32.exe
Description=Added by the TABDIM TROJAN!
Source=Paul Collins Startup list
[WinHound]
Number=13224
Confirmed=N
Filename=WinHound.exe
Description=Spyware remover - not recommended, see here
Source=Paul Collins Startup list
[WinIeRun]
Number=13225
Confirmed=X
Filename=winierun.exe
Description=Added by the RNWATCH-A WORM!
Source=Paul Collins Startup list
[winimage]
Number=13226
Confirmed=X
Filename=wvsvc.exe
Description=Added by the RBOT.TX WORM!
Source=Paul Collins Startup list
[WinINet]
Number=13227
Confirmed=X
Filename=services.exe
Description=Added by the SOBER-P WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "ConnectionStatus" subfolder of the Windows or Winnt folder
Source=Paul Collins Startup list
[wininet]
Number=13228
Confirmed=X
Filename=wininet.exe
Description=Added by the STUBBOT-C WORM!
Source=Paul Collins Startup list
[wininet32]
Number=13229
Confirmed=X
Filename=wininet32.exe
Description=Added by the RAZNEW-A TROJAN!
Source=Paul Collins Startup list
[wininetd]
Number=13230
Confirmed=X
Filename=wininetd.exe
Description=Added by the WINET TROJAN!
Source=Paul Collins Startup list
[wininit]
Number=13231
Confirmed=X
Filename=wininit.exe
Description=Added by the WOLLF.16 TROJAN!
Source=Paul Collins Startup list
[WinInit]
Number=13232
Confirmed=X
Filename=Win86.exe
Description=Added by the SMALL-PB TROJAN!
Source=Paul Collins Startup list
[winint]
Number=13233
Confirmed=X
Filename=winint.exe
Description=Added by the SDBOT-ADA WORM!
Source=Paul Collins Startup list
[winipsec]
Number=13234
Confirmed=X
Filename=winipsec.exe
Description=Unidentified malware
Source=Paul Collins Startup list
[WinIRXHelper]
Number=13235
Confirmed=U
Filename=WinIRXHelper.exe
Description=MSI Media Center Deluxe software - see here
Source=Paul Collins Startup list
[winis]
Number=13236
Confirmed=X
Filename=winis.exe
Description=Added by the RBOT-WI WORM!
Source=Paul Collins Startup list
[Wink*.exe]
Number=13237
Confirmed=X
Filename=Wink*.exe [* = random char]
Description=Added by a variant of the KLEZ WORM!
Source=Paul Collins Startup list
[Winkb6]
Number=13238
Confirmed=U
Filename=winkb6.exe
Description=Part of We-Blocker - gives parents the opportunity to monitor their children's Internet access and provide them with age-appropriate content, while filtering out sites that contain adult content. Works in conjunction with Winkb6 and both files are needed to run We-Blocker
Source=Paul Collins Startup list
[WinKernel]
Number=13239
Confirmed=X
Filename=WinKer.exe
Description=Added by the MIRAB or SERVIDOR TROJANS!
Source=Paul Collins Startup list
[WinKernel]
Number=13240
Confirmed=X
Filename=[path to worm]
Description=Added by the PLEA VIRUS!
Source=Paul Collins Startup list
[winkernel32]
Number=13241
Confirmed=X
Filename=wWin32.com
Description=Added by the BANSAP TROJAN!
Source=Paul Collins Startup list
[WinKey]
Number=13242
Confirmed=U
Filename=winkey.exe
Description=Loads Copernic's WinKey. Used to map out Windows key hotkey combinations. Not required for the system, but is necessary for this to be running if you use these hotkey combos
Source=Paul Collins Startup list
[winla]
Number=13243
Confirmed=X
Filename=winla.exe
Description=Added by the DLOADR-AQL TROJAN!
Source=Paul Collins Startup list
[winldr]
Number=13244
Confirmed=X
Filename=[path to file]
Description=Added by the VIDLO-P TROJAN!
Source=Paul Collins Startup list
[winldr]
Number=13245
Confirmed=X
Filename=Rechnung.pdf.exe
Description=Added by the ACS TROJAN!
Source=Paul Collins Startup list
[winlgz2]
Number=13246
Confirmed=X
Filename=winlgz2.exe
Description=Added by the KILLFIL-Q TROJAN!
Source=Paul Collins Startup list
[winlibs.exe]
Number=13247
Confirmed=X
Filename=winlibs.exe
Description=Added by the EVAMAN.C WORM!
Source=Paul Collins Startup list
[WinLibUpdate]
Number=13248
Confirmed=X
Filename=libupdate.exe
Description=Added by the BIONET series of TROJANS such as BIONET.31 or BIONET.310
Source=Paul Collins Startup list
[WinLibUpdate32]
Number=13249
Confirmed=X
Filename=libupdate32.exe
Description=Added by the BIONET.405 TROJAN!
Source=Paul Collins Startup list
[WinLibUpdte]
Number=13250
Confirmed=X
Filename=libupdte.exe
Description=Added by the BIONET.318 TROJAN!
Source=Paul Collins Startup list
[winligom]
Number=13251
Confirmed=X
Filename=winligom.exe
Description=Added by the RBOT-GAI WORM! Note - this malware actually changes the default value data of the registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
Source=Paul Collins Startup list
[Winlink]
Number=13252
Confirmed=X
Filename=winlink32.exe
Description=Added by the GAOBOT.AAY WORM!
Source=Paul Collins Startup list
[Winlme]
Number=13253
Confirmed=X
Filename=windll.exe
Description=Added by the GOP.F WORM!
Source=Paul Collins Startup list
[WinLoad]
Number=13254
Confirmed=U
Filename=Winload.exe
Description=PCTattletale is a surveillance software program that monitors user activity, logs keystrokes, and takes screenshots. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list
[WinLoader]
Number=13255
Confirmed=X
Filename=[random filename]
Description=Added by variants of the SUBSEVEN TROJAN!
Source=Paul Collins Startup list
[winlocatorupdate]
Number=13256
Confirmed=X
Filename=updatewinlocator.exe
Description=Locator adult content toolbar related
Source=Paul Collins Startup list
[winlog]
Number=13257
Confirmed=X
Filename=winlog.exe
Description=Unidentified adware. Note - this malware actually changes the default value data of the Registry Run and RunServices keys in order to force Windows to launch it at boot. Name field may be empty
Source=Paul Collins Startup list
[winlog]
Number=13258
Confirmed=X
Filename=winlog.exe
Description=Added by the GAOBOT_DF WORM!
Source=Paul Collins Startup list
[winlog manager]
Number=13259
Confirmed=X
Filename=winlog.exe
Description=Added by the DONBOMB.A TROJAN!
Source=Paul Collins Startup list
[WINLOG0N]
Number=13260
Confirmed=X
Filename=WINLOG0N.EXE
Description=Added by the MYDOOM.BI WORM!
Source=Paul Collins Startup list
[WinLogin]
Number=13261
Confirmed=X
Filename=winlogin.exe
Description=Added by the AGOBOT-IX WORM!
Source=Paul Collins Startup list
[winlogin]
Number=13262
Confirmed=X
Filename=win32x.exe
Description=Browser hijacker, also detetected as the STARTPA-DF TROJAN!
Source=Paul Collins Startup list
[Winlogin.exe]
Number=13263
Confirmed=X
Filename=log.exe
Description=Added by a variant of the AGENT.AH downloader TROJAN!
Source=Paul Collins Startup list
[winlogin.exe]
Number=13264
Confirmed=X
Filename=logfile.exe
Description=Added by the AGENT.AH TROJAN!
Source=Paul Collins Startup list
[winlogin.exe]
Number=13265
Confirmed=X
Filename=mspaint.exe
Description=Added by a variant of the AGENT.AH TROJAN!
Source=Paul Collins Startup list
[Winlogin.exe]
Number=13266
Confirmed=X
Filename=steam.exe
Description=Added by a variant of the AGENT.AH TROJAN!
Source=Paul Collins Startup list
[winlogoff]
Number=13267
Confirmed=X
Filename=winlogoff.exe
Description=Added by the AGOBOT-TR WORM!
Source=Paul Collins Startup list
[winlogon]
Number=13268
Confirmed=X
Filename=winlogon.exe
Description=Hijacker or adult content dialler! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder
Source=Paul Collins Startup list
[winlogon]
Number=13269
Confirmed=X
Filename=winlogin.exe
Description=Added by the RANDEX.E WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup and is always located in the System32 folder
Source=Paul Collins Startup list
[winlogon]
Number=13270
Confirmed=X
Filename=winlogon.exe
Description=Added by the TRODAL TROJAN! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder
Source=Paul Collins Startup list
[winlogon]
Number=13271
Confirmed=X
Filename=msreg32.exe
Description=Added by the SDBOT.EO WORM!
Source=Paul Collins Startup list
[winlogon]
Number=13272
Confirmed=X
Filename=winlogon32.exe
Description=Added by the MASLAN.C WORM!
Source=Paul Collins Startup list
[winlogon]
Number=13273
Confirmed=X
Filename=wpwlogon.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[WINLOGON]
Number=13274
Confirmed=X
Filename=wscript.exe [System or System32]\WINLOGON.vbs
Description=Added by the YPSAN.F WORM!
Source=Paul Collins Startup list
[Winlogon]
Number=13275
Confirmed=X
Filename=lsass.exe
Description=Added by the VB-EJ TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[Winlogon]
Number=13276
Confirmed=X
Filename=lsass.exe
Description=Added by the FLOPPY-B VIRUS! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[winlogon]
Number=13277
Confirmed=X
Filename=nvchost.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[winlogon service]
Number=13278
Confirmed=X
Filename=urx.exe
Description=Added by the SPYBOT.EN WORM!
Source=Paul Collins Startup list
[Winlogon Shell]
Number=13279
Confirmed=X
Filename=Explorer.exe [path] svchost.exe
Description=Added by the KIPIS.M WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in System\1032 or System32\1032 subfolders
Source=Paul Collins Startup list
[Winlogon.exe]
Number=13280
Confirmed=X
Filename=N/A
Description=CoolWebSearch parasite variant - resets home page to an adult content site
Source=Paul Collins Startup list
[winlogon.exe]
Number=13281
Confirmed=X
Filename=helper.exe
Description=Added by the FAKESPY-A TROJAN!
Source=Paul Collins Startup list
[winlogon.exe]
Number=13282
Confirmed=X
Filename=msole32.exe
Description=Adware, also detected as the FAKESPY-B TROJAN!
Source=Paul Collins Startup list
[winlogon32_]
Number=13283
Confirmed=X
Filename=[path to file]
Description=Added by the RULAND.A WORM!
Source=Paul Collins Startup list
[Winlogun]
Number=13284
Confirmed=X
Filename=winlogin.exe
Description=Added by the P2LOAD-C WORM!
Source=Paul Collins Startup list
[WinLsass]
Number=13285
Confirmed=X
Filename=servicec.exe
Description=Added by the SCANE WORM!
Source=Paul Collins Startup list
[WinLsass]
Number=13286
Confirmed=X
Filename=[path to trojan]
Description=Added by the SCANE WORM!
Source=Paul Collins Startup list
[winltmpv]
Number=13287
Confirmed=X
Filename=winln.exe
Description=Added by the TCXMEDI-C TROJAN!
Source=Paul Collins Startup list
[winltmpv]
Number=13288
Confirmed=X
Filename=wutop.exe
Description=Added by the TCXMEDI-C TROJAN!
Source=Paul Collins Startup list
[Winmain]
Number=13289
Confirmed=X
Filename=winmain.exe
Description=One of the first of a new breed of malware. When run it immediately loads MSHTA.EXE from the Windows folder, placing it on "hot standby", ready to accept HTA scripting within a web page and then EXECUTE what is embedded IN the page as a program! In other words, it's possible for a "rogue" website to actually embed trojans, worms and/or viruses directly into a web page. NSClean's HTA Stop offers an easy way to toggle this capabiltity, or rather vulnerability, on and off. I suggest you leave it disabled!
Source=Paul Collins Startup list
[WinManager]
Number=13290
Confirmed=?
Filename=schost.exe
Description=??
Source=Paul Collins Startup list
[winmatrix.exe]
Number=13291
Confirmed=U
Filename=WinMatrixXP.exe
Description=WinMatrix XP - wallpaper replacement that shows different matrix effects (including flowing matrix codes from 'The Matrix' movie) on your desktop
Source=Paul Collins Startup list
[WinMedia]
Number=13292
Confirmed=X
Filename=[path to trojan]
Description=Added by the ZEROBE-A TROJAN!
Source=Paul Collins Startup list
[WinMedia]
Number=13293
Confirmed=X
Filename=msupd******.exe [*= random digit]
Description=Added by the INJECT.163 TROJAN!
Source=Paul Collins Startup list
[WinMem]
Number=13294
Confirmed=U
Filename=WinMem.exe
Description=WinMem Cleaner - part of Ultra WinCleaner Utility Suite. Makes more memory available for your programs and the Operating System. It also defragments your system
Source=Paul Collins Startup list
[WinMenssage]
Number=13295
Confirmed=X
Filename=winmax.exe
Description=Added by the BANCOS.B TROJAN!
Source=Paul Collins Startup list
[WinMessenger]
Number=13296
Confirmed=X
Filename=syshost.exe
Description=Added by the OPANKI-E WORM!
Source=Paul Collins Startup list
[WinMgmt]
Number=13297
Confirmed=N
Filename=WinMgmt.exe
Description=Used for Enterprise Management. If you are not an IT Administrator you don't need it to be running. Also runs from the PCHealth "scheduler" - refer here
Source=Paul Collins Startup list
[WINMGR]
Number=13298
Confirmed=X
Filename=taskgmgr.exe
Description=Added by the MYTOB.AN WORM!
Source=Paul Collins Startup list
[Winmgr.exe]
Number=13299
Confirmed=X
Filename=scvhost.exe
Description=Added by the AGOBOT.AFG WORM!
Source=Paul Collins Startup list
[WinMgr32]
Number=13300
Confirmed=X
Filename=winmgr32.exe
Description=Added by the MIMAIL.P WORM!
Source=Paul Collins Startup list
[WinMine]
Number=13301
Confirmed=X
Filename=D4NG3.vbs
Description=Added by the BISCUIT.A WORM!
Source=Paul Collins Startup list
[winmodem]
Number=13302
Confirmed=Y
Filename=wmexe.exe
Description=Software for software based modems. Required if you have one of these. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem information
Source=Paul Collins Startup list
[WinMoviePlugIn]
Number=13303
Confirmed=X
Filename=WinMoviePlugIn.exe
Description=Sfonditalia adult content premium rate dialer
Source=Paul Collins Startup list
[Winmsg]
Number=13304
Confirmed=X
Filename=winwork.exe
Description=Added by the GAOBOT.GEN!POLY WORM!
Source=Paul Collins Startup list
[WinMsg]
Number=13305
Confirmed=X
Filename=winmsgr.exe
Description=Added by the DLOADR-AS TROJAN!
Source=Paul Collins Startup list
[WinMsrv32]
Number=13306
Confirmed=X
Filename=WinMsrv32.exe
Description=Added by the GAOBOT.AFJ WORM!
Source=Paul Collins Startup list
[WinMX]
Number=13307
Confirmed=N
Filename=WinMX.exe
Description=WinMX file sharing application
Source=Paul Collins Startup list
[winmysqladmin]
Number=13308
Confirmed=N
Filename=winmysqladmin.exe
Description=Starts the MySQL database admin tool
Source=Paul Collins Startup list
[WinMySQLadmin Tool]
Number=13309
Confirmed=N
Filename=winmysqladmin.exe
Description=Starts the MySQL database admin tool
Source=Paul Collins Startup list
[winnet]
Number=13310
Confirmed=X
Filename=winnet.exe
Description=CommonName Toolbar spyware. To uninstall see here
Source=Paul Collins Startup list
[WinNetDDE]
Number=13311
Confirmed=X
Filename=[random characters].exe
Description=Added by the NETDEPIX.B TROJAN!
Source=Paul Collins Startup list
[WinNite]
Number=13312
Confirmed=X
Filename=niteaim.exe
Description=Added by the OPANKI.B WORM!
Source=Paul Collins Startup list
[Winnov Menu]
Number=13313
Confirmed=?
Filename=WnvMenu.Exe
Description=Winnov Video Capture Card related. What does it do and is it required?
Source=Paul Collins Startup list
[Winnov Remote]
Number=13314
Confirmed=?
Filename=WnvRsvr.Exe
Description=Winnov Video Capture Card related. What does it do and is it required?
Source=Paul Collins Startup list
[Winnov Status]
Number=13315
Confirmed=?
Filename=WvStatus.Exe
Description=Winnov Video Capture Card related. What does it do and is it required?
Source=Paul Collins Startup list
[winnt]
Number=13316
Confirmed=X
Filename=winnt.exe
Description=Added by the MONA-E WORM!
Source=Paul Collins Startup list
[winnt DNS ident]
Number=13317
Confirmed=X
Filename=wuamgrd32.exe
Description=Added by the RBOT-BAU WORM!
Source=Paul Collins Startup list
[winnt DNS ident]
Number=13318
Confirmed=X
Filename=iexplorer.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[winnt DNS ident]
Number=13319
Confirmed=X
Filename=pidchk32.exe
Description=Added by the RBOT-ACY WORM!
Source=Paul Collins Startup list
[winnt DNS ident]
Number=13320
Confirmed=X
Filename=windowxp.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[winnt DNS ident]
Number=13321
Confirmed=X
Filename=Winupd32.exe
Description=Added by the RBOT.AVU WORM!
Source=Paul Collins Startup list
[winnt DNS ident]
Number=13322
Confirmed=X
Filename=winupdate32.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[winnt DNS ident]
Number=13323
Confirmed=X
Filename=wuamgrd33.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Winnt DNS ident]
Number=13324
Confirmed=X
Filename=windowsp.exe
Description=Added by the RBOT.BAL WORM!
Source=Paul Collins Startup list
[winNT updatc]
Number=13325
Confirmed=X
Filename=wupgrd.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[WinNtBB]
Number=13326
Confirmed=X
Filename=WinntBB.exe
Description=Added by the DULOAD.C WORM!
Source=Paul Collins Startup list
[Winnup]
Number=13327
Confirmed=X
Filename=win32nls.exe
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[winocx32]
Number=13328
Confirmed=X
Filename=winocx32.exe
Description=Added by the PROTORIDE.I WORM!
Source=Paul Collins Startup list
[WINOWS SYSTEM]
Number=13329
Confirmed=X
Filename=winnt.exe
Description=Added by the MYTOB.ID WORM!
Source=Paul Collins Startup list
[WINP]
Number=13330
Confirmed=X
Filename=winmic.exe
Description=Added by the SPYBOT-EB WORM!
Source=Paul Collins Startup list
[Winpack]
Number=13331
Confirmed=X
Filename=winpack.exe
Description=Adware downloader - recognized by Kaspersky antivirus as Trojan-Downloader.Win32.Agent.gg
Source=Paul Collins Startup list
[WinPatrol]
Number=13332
Confirmed=U
Filename=WinPatrol.exe
Description=WinPatrol - "Manage Startup programs, tasks, cookies; will sniff out Worms, Trojan horses, Cookies, Adware, Spyware, Klez, Assumption and other malicious programs"
Source=Paul Collins Startup list
[WinPatrol Explorer]
Number=13333
Confirmed=Y
Filename=WinPatrolEx.exe
Description=Part of WinPatrol
Source=Paul Collins Startup list
[winphonics7536]
Number=13334
Confirmed=X
Filename=vbsystem35.exe setups.exe vb.vb
Description=Added by a variant of the MUTIN-C TROJAN!
Source=Paul Collins Startup list
[winpipe]
Number=13335
Confirmed=X
Filename=winpipe.exe
Description=Browser hijacker redirecting to wow-access.com
Source=Paul Collins Startup list
[WinPLOSION]
Number=13336
Confirmed=U
Filename=WinPlosion.exe
Description="WinPLOSION allows you to immediately view and select from all the windows running on your computer, just those of the active application, or to minimise all windows and display a clear desktop"
Source=Paul Collins Startup list
[WinPoet]
Number=13337
Confirmed=Y
Filename=WinPPPoverEthernet.exe
Description=WinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs and ISPs. For more info read here. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networking
Source=Paul Collins Startup list
[winpol]
Number=13338
Confirmed=X
Filename=winpol.exe
Description=Added by the AGENT.IWD TROJAN!
Source=Paul Collins Startup list
[WinPopup]
Number=13339
Confirmed=N
Filename=WINPOPUP.EXE
Description=Intranet chat software provided by windows for chat on small networks. Handy little LAN messaging utility. Has been included in Windows since 95, and maybe in WFWG 3.11. Normally it won't set itself up to run unless the user specifically adds it to startup
Source=Paul Collins Startup list
[winpopup]
Number=13340
Confirmed=X
Filename=winupie.exe
Description=Adware by Tradeexit.com
Source=Paul Collins Startup list
[Winpower]
Number=13341
Confirmed=N
Filename=Winpower.exe
Description=Part of InstallAnywhere from Zero G Software, now owned by Macrovision
Source=Paul Collins Startup list
[Winprocer32 Update]
Number=13342
Confirmed=X
Filename=winprocer32.exe
Description=Added by the RBOT.GW WORM!
Source=Paul Collins Startup list
[winprocessor Update]
Number=13343
Confirmed=X
Filename=winprocessor.exe
Description=Added by the RBOT.IO WORM!
Source=Paul Collins Startup list
[WinProfile]
Number=13344
Confirmed=X
Filename=Command.exe
Description=Added by the BUDDY TROJAN!
Source=Paul Collins Startup list
[WinProfile]
Number=13345
Confirmed=X
Filename=sndcfg16.exe
Description=Added by the SNDC.A WORM!
Source=Paul Collins Startup list
[winprofile]
Number=13346
Confirmed=X
Filename=iexpiore.exe
Description=Added by a variant of the MONCHER WORM!
Source=Paul Collins Startup list
[WinProfile]
Number=13347
Confirmed=X
Filename=iexpIore.exe
Description=Added by CHUM-C TROJAN!
Source=Paul Collins Startup list
[WinProt]
Number=13348
Confirmed=X
Filename=Winprot.exe
Description=Added by the CHUPACABRA TROJAN!
Source=Paul Collins Startup list
[WinProt]
Number=13349
Confirmed=X
Filename=server.exe
Description=Added by the CHUPACABRA TROJAN!
Source=Paul Collins Startup list
[winprotect]
Number=13350
Confirmed=X
Filename=win32.exe
Description=Added by the MUGLY.E WORM!
Source=Paul Collins Startup list
[winprotect]
Number=13351
Confirmed=X
Filename=winprotect.exe
Description=Added by the SDBOT-SB WORM!
Source=Paul Collins Startup list
[WinProxy]
Number=13352
Confirmed=U
Filename=WinProxy.EXE
Description="WinProxy is the world-first proxy server and a firewall with integrated mail server for Windows 95/98/ME/NT/2000/XP"
Source=Paul Collins Startup list
[Winproxy Personal]
Number=13353
Confirmed=X
Filename=WINPROXY.EXE
Description=Added by the SDBOT.BMF WORM!
Source=Paul Collins Startup list
[winpsd]
Number=13354
Confirmed=X
Filename=winpsd.exe
Description=Added by the MYDOOM.Q WORM!
Source=Paul Collins Startup list
[WinPWD Manager]
Number=13355
Confirmed=X
Filename=wpwdmgr.exe
Description=Added by the RBOT-AUT WORM!
Source=Paul Collins Startup list
[winrapid]
Number=13356
Confirmed=X
Filename=winrapid.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[winrar]
Number=13357
Confirmed=X
Filename=winrar.exe
Description=CoolWebSearch Therealsearch parasite variant. Note - this is not the file zipping utility also known as WinRAR!
Source=Paul Collins Startup list
[winrarshell]
Number=13358
Confirmed=X
Filename=winrarshell32.exe
Description=Added by the SALIRA TROJAN!
Source=Paul Collins Startup list
[WinReader]
Number=13359
Confirmed=X
Filename=read.exe
Description=Added by the DELBOT-V WORM!
Source=Paul Collins Startup list
[winReg]
Number=13360
Confirmed=X
Filename=winReg.exe
Description=Added by the YAHA.H or YAHA.J WORMS!
Source=Paul Collins Startup list
[WinReg32 service]
Number=13361
Confirmed=X
Filename=holqdnoxpmeu.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[winregsrv]
Number=13362
Confirmed=X
Filename=winregsrv.exe
Description=Added by the SYNRG TROJAN!
Source=Paul Collins Startup list
[winreg_32]
Number=13363
Confirmed=X
Filename=svchosst.exe
Description=Added by the BANCOS-CE TROJAN!
Source=Paul Collins Startup list
[winreg_32]
Number=13364
Confirmed=X
Filename=[path to trojan]
Description=Added by the BANKER-DB TROJAN!
Source=Paul Collins Startup list
[winreg_32]
Number=13365
Confirmed=X
Filename=sysdll.exe
Description=Added by the DLOADER-IJ TROJAN!
Source=Paul Collins Startup list
[winreg_32]
Number=13366
Confirmed=X
Filename=Vc030405.exe
Description=Added by the BANCOS-CT TROJAN!
Source=Paul Collins Startup list
[WINREMOTE]
Number=13367
Confirmed=U
Filename=WinRemote.exe
Description=InterVideo WinCinema Manager - needed for the use of WinDVD Remote Control
Source=Paul Collins Startup list
[Winres32vis]
Number=13368
Confirmed=X
Filename=[path to worm]
Description=Added by the THRAX.A WORM!
Source=Paul Collins Startup list
[winrestore1]
Number=13369
Confirmed=X
Filename=winrestore.exe
Description=Added by the KILLFIL-Q TROJAN!
Source=Paul Collins Startup list
[winreups]
Number=13370
Confirmed=X
Filename=winreups.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[winroute]
Number=13371
Confirmed=N
Filename=winroute.exe
Description=Win-Route 4.27. WinRoute Tray Icon for starting and stopping the WrCtrl.exe process, also to log in to the console to view logs and change settings. Can be unchecked and the engine still runs and functions normally. Can then use provided shortcuts for administration of the program. Loaded in SERVICES on Windows 2k
Source=Paul Collins Startup list
[WinRPC]
Number=13372
Confirmed=X
Filename=winrpcmx.exe
Description=Added by the BANKER-EEI TROJAN!
Source=Paul Collins Startup list
[winrun]
Number=13373
Confirmed=X
Filename=msconfig.exe
Description=Added by the WINUR WORM! Note - this is not the real msconfig.exe as it's located in C:\winrun\
Source=Paul Collins Startup list
[winrun]
Number=13374
Confirmed=X
Filename=winrun.exe
Description=Added by the WINBUR.B WORM!
Source=Paul Collins Startup list
[WINRUN]
Number=13375
Confirmed=X
Filename=taskgmr32.exe
Description=Added by the MYTOB.AP WORM!
Source=Paul Collins Startup list
[WINRUN]
Number=13376
Confirmed=X
Filename=svchost32.exe
Description=Added by the MYTOB-AI WORM!
Source=Paul Collins Startup list
[WINRUN]
Number=13377
Confirmed=X
Filename=taskgmr.exe
Description=Added by the MYTOB-BX WORM!
Source=Paul Collins Startup list
[WINRUN z]
Number=13378
Confirmed=X
Filename=W1NT45K.exe
Description=Added by the MYTOB.BL WORM!
Source=Paul Collins Startup list
[WinRunners]
Number=13379
Confirmed=X
Filename=WinDrivers.exe
Description=Added by the DULOAD.C WORM!
Source=Paul Collins Startup list
[Wins Service Driver]
Number=13380
Confirmed=X
Filename=winet.exe
Description=Added by the RBOT-APV WORM!
Source=Paul Collins Startup list
[Wins Update 32]
Number=13381
Confirmed=X
Filename=services32.exe
Description=Added by the FORBOT-FN WORM!
Source=Paul Collins Startup list
[Wins32 Online]
Number=13382
Confirmed=X
Filename=cfgpwnz.exe
Description=Added by the BROPIA.R WORM!
Source=Paul Collins Startup list
[WinScMngr]
Number=13383
Confirmed=X
Filename=winsmc.exe
Description=Added by the SDBOT-BPZ WORM!
Source=Paul Collins Startup list
[WinSec]
Number=13384
Confirmed=X
Filename=winsec16.exe
Description=Added by the AGOBOT.ZF WORM!
Source=Paul Collins Startup list
[winsecure]
Number=13385
Confirmed=X
Filename=winsecure.exe
Description=Browser hijacker, redirecting to specificsearches.com
Source=Paul Collins Startup list
[WinSecure]
Number=13386
Confirmed=X
Filename=[random].exe
Description=Added by the AGENT-LR TROJAN!
Source=Paul Collins Startup list
[Winsecure Antivirus]
Number=13387
Confirmed=X
Filename=Secureantivirus.exe
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[WinSecured32]
Number=13388
Confirmed=X
Filename=ssmr.exe
Description=Added by a variant of the FORBOT WORM!
Source=Paul Collins Startup list
[Winserv]
Number=13389
Confirmed=X
Filename=Winserv.ila
Description=Added by the NODMIN WORM!
Source=Paul Collins Startup list
[winserver]
Number=13390
Confirmed=X
Filename=Server.txt.vbs
Description=Added by the DELTAD.A WORM!
Source=Paul Collins Startup list
[Winservice]
Number=13391
Confirmed=X
Filename=winmain.exe
Description=Adult content related malware
Source=Paul Collins Startup list
[winservice]
Number=13392
Confirmed=X
Filename=svchost.exe
Description=Added by the CVK TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[WinService]
Number=13393
Confirmed=X
Filename=hosth.exe
Description=Added by the DWNLDR-FUX TROJAN!
Source=Paul Collins Startup list
[WinService]
Number=13394
Confirmed=X
Filename=Ttt.exe
Description=Added by the MSNVB-D WORM!
Source=Paul Collins Startup list
[WinService32]
Number=13395
Confirmed=U
Filename=ssmgr.exe
Description=007 Spy Software - "stealthy monitoring program which allows you to secretly track all activities of computer users and automatically deliver logs to you via Email or FTP"
Source=Paul Collins Startup list
[WinService32]
Number=13396
Confirmed=U
Filename=svchost.exe
Description=007 Spy Software keystroke logger/monitoring program - remove unless you installed it yourself! Note - this is not the svchost.exe process that normally doesn't appear in Msconfig/Startup!
Source=Paul Collins Startup list
[WinServices]
Number=13397
Confirmed=X
Filename=WinServices.exe
Description=Added by the YAHA.K or YAHA.M WORMS!
Source=Paul Collins Startup list
[winservices]
Number=13398
Confirmed=X
Filename=bootvfy.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[winservit]
Number=13399
Confirmed=X
Filename=cassl.exe
Description=Added by the RBOT.ASG WORM!
Source=Paul Collins Startup list
[winservn]
Number=13400
Confirmed=X
Filename=winservn.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[winservs]
Number=13401
Confirmed=X
Filename=winservs.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[WinSetBrowse]
Number=13402
Confirmed=X
Filename=BasicUpdate.dll.vbs
Description=Added by the BISCUIT.A WORM!
Source=Paul Collins Startup list
[winsfc]
Number=13403
Confirmed=X
Filename=winsfc.exe
Description=Added by the WISFC VIRUS!
Source=Paul Collins Startup list
[Winshell]
Number=13404
Confirmed=X
Filename=remote.exe
Description=Added by the MYTOB.LJ WORM!
Source=Paul Collins Startup list
[Winshoe]
Number=13405
Confirmed=?
Filename=wuadfdqr.exe
Description=Probably an unidentified VIRUS! Adds itself to 3 registry "Run" keys and prevents Task Manager being displayed. This is not the Winshoe IRC Client as the visitor did not have it installed
Source=Paul Collins Startup list
[winshost.exe]
Number=13406
Confirmed=X
Filename=winshost.exe
Description=Added by the TOOSO WORM and variants!
Source=Paul Collins Startup list
[WinShowUpdate]
Number=13407
Confirmed=X
Filename=copy C:\WINDOWS\winshow.new C:\WINDOW\Swinshow.dll
Description=Winshow parasiate related - from the "RunOnce" keys it replaces "winshow.dll" with a new version
Source=Paul Collins Startup list
[WinSig]
Number=13408
Confirmed=X
Filename=NetXP.exe
Description=Added by the BANKER-FN TROJAN!
Source=Paul Collins Startup list
[winskype]
Number=13409
Confirmed=X
Filename=winskype.exe
Description=Added by the BROGGER-C TROJAN!
Source=Paul Collins Startup list
[winsock]
Number=13410
Confirmed=X
Filename=svch0st.exe
Description=Added by the SAGE-A WORM! Note - the filename has the digit 0 rather then the uppercase "o"
Source=Paul Collins Startup list
[Winsock driver]
Number=13411
Confirmed=X
Filename=winnt update.exe
Description=Added by the SPYBOT-DM TROJAN!
Source=Paul Collins Startup list
[Winsock driver]
Number=13412
Confirmed=X
Filename=winnt64.exe
Description=Added by the SPYBOT-DR WORM!
Source=Paul Collins Startup list
[Winsock Startup]
Number=13413
Confirmed=X
Filename=Main2.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[winsock2]
Number=13414
Confirmed=X
Filename=netsvr.exe
Description=Added by the AGOBOT.LY WORM!
Source=Paul Collins Startup list
[Winsock2 driver]
Number=13415
Confirmed=X
Filename=SDJOIJE.EXE
Description=Added by the SPYBOT.DR TROJAN!
Source=Paul Collins Startup list
[Winsock2 driver]
Number=13416
Confirmed=X
Filename=MIRC32.exe
Description=Added by the SPYBUZZ TROJAN!
Source=Paul Collins Startup list
[Winsock2 driver]
Number=13417
Confirmed=X
Filename=kgzgjkpcw.exe
Description=Added by the SDBOT.T TROJAN!
Source=Paul Collins Startup list
[Winsock2 driver]
Number=13418
Confirmed=X
Filename=ZONEALARM.EXE
Description=Added by the SDBOT.T TROJAN! Note - ZONEALARM.EXE is not the valid Zone Labs firewall program
Source=Paul Collins Startup list
[Winsock2 driver]
Number=13419
Confirmed=X
Filename=WINCFG.SCR
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[Winsock2 driver]
Number=13420
Confirmed=X
Filename=winupdate.exe
Description=Added by the SPYBOT-BX WORM!
Source=Paul Collins Startup list
[Winsock2 driver]
Number=13421
Confirmed=X
Filename=SPOLSV.EXE
Description=Added by the SPYBOT-CM WORM!
Source=Paul Collins Startup list
[Winsock2 driver]
Number=13422
Confirmed=X
Filename=Zonealarmupdate.exe
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[Winsock2 driver]
Number=13423
Confirmed=X
Filename=sysreq.exe
Description=Added by the SPYBOT-CC WORM!
Source=Paul Collins Startup list
[Winsock2 driver]
Number=13424
Confirmed=X
Filename=AMSNMGR.EXE
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[Winsock2 driver]
Number=13425
Confirmed=X
Filename=WUAUMQR.EXE
Description=Added by the SPYBOT-DP WORM!
Source=Paul Collins Startup list
[Winsock2 driver]
Number=13426
Confirmed=X
Filename=wincfg.exe
Description=Added by the SPYBOT.CO WORM!
Source=Paul Collins Startup list
[Winsock2 driver]
Number=13427
Confirmed=X
Filename=ntsys32.exe
Description=Added by the SPYBOT-DD WORM!
Source=Paul Collins Startup list
[Winsock2 driver]
Number=13428
Confirmed=X
Filename=svchorsst.exe
Description=Added by the SPYBOT-EE WORM!
Source=Paul Collins Startup list
[Winsock2 driver]
Number=13429
Confirmed=X
Filename=SYSTEM32.EXE
Description=Added by the SPYBOT-EG WORM!
Source=Paul Collins Startup list
[Winsock2 driver]
Number=13430
Confirmed=X
Filename=dllcfg32.exe
Description=Added by the SPYBOT.AG WORM!
Source=Paul Collins Startup list
[Winsock2.dll]
Number=13431
Confirmed=X
Filename=WINLODR.SCR
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[Winsock32 driver]
Number=13432
Confirmed=X
Filename=Testing.exe
Description=Added by the SPYBOT.B WORM!
Source=Paul Collins Startup list
[Winsock32 driver]
Number=13433
Confirmed=X
Filename=lcd.exe
Description=Added by the SPYBOT.B WORM!
Source=Paul Collins Startup list
[Winsock32 driver]
Number=13434
Confirmed=X
Filename=Sdjoije.exe
Description=Added by the SPYBOT.B WORM!
Source=Paul Collins Startup list
[Winsock32driver]
Number=13435
Confirmed=X
Filename=win32server.scr
Description=Added by the HACARMY TROJAN!
Source=Paul Collins Startup list
[Winsock32driver]
Number=13436
Confirmed=X
Filename=sp2XPupdate.exe
Description=Added by the HACKARMY.S TROJAN!
Source=Paul Collins Startup list
[Winsock32driver]
Number=13437
Confirmed=X
Filename=win32server.exe
Description=Added by the BACKDOOR-AZV TROJAN!
Source=Paul Collins Startup list
[Winsock32driver]
Number=13438
Confirmed=X
Filename=ZoneAlarmPr0.exe
Description=Added by the HACKARMY-B TROJAN!
Source=Paul Collins Startup list
[Winsock32driver]
Number=13439
Confirmed=X
Filename=ZoneLockup.exe
Description=Added by the HACARMY.D TROJAN!
Source=Paul Collins Startup list
[Winsock32driver]
Number=13440
Confirmed=X
Filename=win32server.exe
Description=Added by the HACARMY.F TROJAN!
Source=Paul Collins Startup list
[Winsock32driver]
Number=13441
Confirmed=X
Filename=winXPupdate.exe
Description=Added by the HACKARMY.9728 TROJAN!
Source=Paul Collins Startup list
[Winsock32driver]
Number=13442
Confirmed=X
Filename=svchhost.exe
Description=Added by the HACKARMY.I TROJAN!
Source=Paul Collins Startup list
[winsockdriver]
Number=13443
Confirmed=X
Filename=tskmg.exe
Description=Added by the SDBOT.GEN TROJAN or WARPIGS.C WORM!
Source=Paul Collins Startup list
[winsockdriver]
Number=13444
Confirmed=X
Filename=winsock2.2.exe
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[winsockdriver]
Number=13445
Confirmed=X
Filename=iexplor.exe
Description=Added by the BLATIC.A WORM!
Source=Paul Collins Startup list
[winsockdriver]
Number=13446
Confirmed=X
Filename=winsock3.exe
Description=Added by the SPYBOT-DO WORM!
Source=Paul Collins Startup list
[winsockdriver]
Number=13447
Confirmed=X
Filename=bot.exe
Description=Added by the WARPIGS-D TROJAN!
Source=Paul Collins Startup list
[WinSocketComponent]
Number=13448
Confirmed=X
Filename=nthost.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[Winsocks2 driver]
Number=13449
Confirmed=X
Filename=mznmgr.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[WINSOS VERIFY]
Number=13450
Confirmed=U
Filename=WINSOS.EXE
Description=WinSOS - "deletes spyware, optimizes your computer - backs up selected data"
Source=Paul Collins Startup list
[WinSP]
Number=13451
Confirmed=X
Filename=[path] REGEDIT.EXE -s [path] sysreg.reg
Description=Added by the STARTPA-ME TROJAN!
Source=Paul Collins Startup list
[winspd32dll]
Number=13452
Confirmed=X
Filename=winspd32.exe
Description=Added by a variant of the AGOBOT/GAOBOT WORM!
Source=Paul Collins Startup list
[WinSPF]
Number=13453
Confirmed=X
Filename=windrv32.exe
Description=Added by the MYDOOM.T WORM!
Source=Paul Collins Startup list
[WinSPF]
Number=13454
Confirmed=X
Filename=winspf32.exe
Description=Added by the MYDOOM.S WORM!
Source=Paul Collins Startup list
[Winspl]
Number=13455
Confirmed=X
Filename=winsplx.exe
Description=Added by a variant of the TROLL-A TROJAN!
Source=Paul Collins Startup list
[Winspool]
Number=13456
Confirmed=X
Filename=spoolsvr.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[WinSrv]
Number=13457
Confirmed=X
Filename=kn0x.exe
Description=Added by the HOBBIT.F WORM!
Source=Paul Collins Startup list
[WinSrv]
Number=13458
Confirmed=X
Filename=SHIZZLE.EXE
Description=Added by the HOBBIT.C WORM!
Source=Paul Collins Startup list
[Winsrv]
Number=13459
Confirmed=X
Filename=winsrv.exe
Description=Added by the OPASERV.T WORM!
Source=Paul Collins Startup list
[winsrv]
Number=13460
Confirmed=X
Filename=winsrv.exe
Description=Added by the NETSNAK-B TROJAN!
Source=Paul Collins Startup list
[winsrv3]
Number=13461
Confirmed=X
Filename=services.exe
Description=Added by the NAFBOT-A TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
Source=Paul Collins Startup list
[WinsSystem]
Number=13462
Confirmed=X
Filename=syssmss.exe
Description=Added by the DELF.IG TROJAN!
Source=Paul Collins Startup list
[WinStabilizer]
Number=13463
Confirmed=X
Filename=WinStabilizer.exe
Description=Added by the AGOBOT-SW WORM!
Source=Paul Collins Startup list
[WinStart]
Number=13464
Confirmed=X
Filename=WinStart.exe
Description=From IGetNet - turns the IE address bar into a keyword engine piped into IGetNet. In other words, with this installed, typing "car" in the IE address bar will point the browser to the Lexus web site. Foistware - installs components without your knowledge
Source=Paul Collins Startup list
[WinStart]
Number=13465
Confirmed=X
Filename=Wscript.exe WinStart.vbs
Description=Added by the CIAN.C WORM!
Source=Paul Collins Startup list
[WinStart]
Number=13466
Confirmed=X
Filename=winstart32.exe
Description=Added by the PUROL WORM!
Source=Paul Collins Startup list
[WinStart]
Number=13467
Confirmed=X
Filename=WinStart.pif
Description=Added by the CONE.E WORM!
Source=Paul Collins Startup list
[winstart]
Number=13468
Confirmed=X
Filename=winstart.exe
Description=Added by the SCKEYLO-AB TROJAN!
Source=Paul Collins Startup list
[WinStart001]
Number=13469
Confirmed=X
Filename=WinStart001.exe
Description=From IGetNet - turns the IE address bar into a keyword engine piped into IGetNet. In other words, with this installed, typing "car" in the IE address bar will point the browser to the Lexus web site. Foistware - installs components without your knowledge
Source=Paul Collins Startup list
[WinStart001.EXE]
Number=13470
Confirmed=X
Filename=WinStart001.exe
Description=From IGetNet - turns the IE address bar into a keyword engine piped into IGetNet. In other words, with this installed, typing "car" in the IE address bar will point the browser to the Lexus web site. Foistware - installs components without your knowledge
Source=Paul Collins Startup list
[winstats]
Number=13471
Confirmed=X
Filename=winstats.exe
Description=Added by the GARGAFX TROJAN!
Source=Paul Collins Startup list
[Winsta~1]
Number=13472
Confirmed=X
Filename=winsta~1.exe
Description=GoHip foistware
Source=Paul Collins Startup list
[WinSth16]
Number=13473
Confirmed=X
Filename=WinSth16.exe
Description=Added by the CAKE WORM!
Source=Paul Collins Startup list
[winstro]
Number=13474
Confirmed=X
Filename=RUN32DLL.exe
Description=Added by the FTP_ANA TROJAN!
Source=Paul Collins Startup list
[winsupdatesysmngr64]
Number=13475
Confirmed=X
Filename=winsys64mnger.exe
Description=Added by the RBOT-BAG WORM!
Source=Paul Collins Startup list
[WinSvc16.exe]
Number=13476
Confirmed=X
Filename=WinSvc16.exe
Description=Added by the SDBOT.FQ TROJAN!
Source=Paul Collins Startup list
[Winsvc32]
Number=13477
Confirmed=X
Filename=Winsvc32.exe
Description=Homepage hijacker
Source=Paul Collins Startup list
[winsvc32.exe]
Number=13478
Confirmed=X
Filename=winsvc32.exe
Description=Added by the GREPAGE TROJAN!
Source=Paul Collins Startup list
[Winsvr]
Number=13479
Confirmed=X
Filename=msupd******.exe [*= random digit]
Description=Added by the INJECT.163 TROJAN!
Source=Paul Collins Startup list
[Winsvr manager]
Number=13480
Confirmed=X
Filename=DDEsvr.exe
Description=Added by the TIRBOT-C WORM!
Source=Paul Collins Startup list
[winsy32.exe]
Number=13481
Confirmed=X
Filename=winsy32.exe
Description=CoolWebSearch parasite variant
Source=Paul Collins Startup list
[winsync]
Number=13482
Confirmed=X
Filename=******.exe reg_run [* = random char]
Description=Added by a variant of the QOOLOGIC TROJAN!
Source=Paul Collins Startup list
[Winsys]
Number=13483
Confirmed=U
Filename=Winsys.exe
Description=Win-Spy keyboard logger/monitoring software - remove unless you installed it yourself
Source=Paul Collins Startup list
[WINSYS]
Number=13484
Confirmed=X
Filename=[path to trojan]
Description=Added by the GOLDPLAY TROJAN!
Source=Paul Collins Startup list
[winsys]
Number=13485
Confirmed=X
Filename=syschost.exe
Description=Added by an unidentified TROJAN!
Source=Paul Collins Startup list
[WinSys32]
Number=13486
Confirmed=X
Filename=Winsys32.exe
Description=Added by the CIGIVIP TROJAN or RECKUS WORM!
Source=Paul Collins Startup list
[winsys32 Driver]
Number=13487
Confirmed=X
Filename=winsys32.exe
Description=Added by the LOONY-O TROJAN!
Source=Paul Collins Startup list
[WinSysAppMon]
Number=13488
Confirmed=U
Filename=WinSysRM.exe
Description=Home & Family Content Filter related. See here
Source=Paul Collins Startup list
[winsysban]
Number=13489
Confirmed=X
Filename=[path to trojan]
Description=Added by the CLICKER-CD TROJAN!
Source=Paul Collins Startup list
[winsyslog lptt01]
Number=13490
Confirmed=X
Filename=winsyslog.exe
Description=RapidBlaster variant (in a "Winsyslog" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
Source=Paul Collins Startup list
[WinSysModule]
Number=13491
Confirmed=X
Filename=[path to trojan]
Description=Added by the AGENT-DIQ TROJAN!
Source=Paul Collins Startup list
[WinSysStartUpWKbLw]
Number=13492
Confirmed=X
Filename=TaskSystemDll.Exe
Description=Added by the BACKZAT.G WORM!
Source=Paul Collins Startup list
[WinSyst32]
Number=13493
Confirmed=X
Filename=winsyst32.exe
Description=Added by the MORB WORM!
Source=Paul Collins Startup list
[WinSystem]
Number=13494
Confirmed=X
Filename=winsystem.exe
Description=Added by the WHITEBAIT WORM!
Source=Paul Collins Startup list
[WinSystem]
Number=13495
Confirmed=U
Filename=WinSystems.exe
Description=CMKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list
[WinSystems]
Number=13496
Confirmed=X
Filename=winsystems16.exe
Description=Added by the SDBOT-CZT WORM!
Source=Paul Collins Startup list
[winsystems25]
Number=13497
Confirmed=X
Filename=winsystems.exe
Description=Added by the RBOT-CNZ WORM!
Source=Paul Collins Startup list
[winsysupd]
Number=13498
Confirmed=X
Filename=[path to trojan]
Description=Added by the STARTPA-NI TROJAN!
Source=Paul Collins Startup list
[WINT]
Number=13499
Confirmed=X
Filename=wcp****.exe [* = random char]
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[WINT]
Number=13500
Confirmed=X
Filename=wcpcc.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[WINT]
Number=13501
Confirmed=X
Filename=wcpsvit.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[WinTask]
Number=13502
Confirmed=X
Filename=Wintask.exe
Description=Added by the HIPO or LEMIR.F TROJANS!
Source=Paul Collins Startup list
[WINTASK]
Number=13503
Confirmed=X
Filename=taskgmr.exe
Description=Added by the MYTOB.I WORM and variants!
Source=Paul Collins Startup list
[WINTASK]
Number=13504
Confirmed=X
Filename=taskgamr.exe
Description=Added by the MYTOB.AU WORM!
Source=Paul Collins Startup list
[WINTASK]
Number=13505
Confirmed=X
Filename=sys32.exe
Description=Added by the MYTOB.K WORM!
Source=Paul Collins Startup list
[WINTASK]
Number=13506
Confirmed=X
Filename=msmgrxp.exe
Description=Added by the MYTOB.AQ WORM!
Source=Paul Collins Startup list
[WINTASK]
Number=13507
Confirmed=X
Filename=iexplorer.exe
Description=Added by the MYTOB-CH WORM!
Source=Paul Collins Startup list
[WINTASK]
Number=13508
Confirmed=X
Filename=taskgmr32.exe
Description=Added by the MYTOB.BU WORM!
Source=Paul Collins Startup list
[WINTASK]
Number=13509
Confirmed=X
Filename=msvhost.exe
Description=Added by the MYTOB-AR WORM!
Source=Paul Collins Startup list
[WINTASK]
Number=13510
Confirmed=X
Filename=t4skmgr.exe
Description=Added by the MYTOB-AK WORM!
Source=Paul Collins Startup list
[WINTASK]
Number=13511
Confirmed=X
Filename=taskfile.exe
Description=Added by the MYTOB.EF WORM!
Source=Paul Collins Startup list
[WINTASK]
Number=13512
Confirmed=X
Filename=taskgm.exe
Description=Added by the MYTOB-AO WORM!
Source=Paul Collins Startup list
[WINTASK]
Number=13513
Confirmed=X
Filename=taskgmrs.exe
Description=Added by the MYTOB.DH WORM!
Source=Paul Collins Startup list
[WINTASK]
Number=13514
Confirmed=X
Filename=yahooicons.exe
Description=Added by the MYTOB-HM WORM!
Source=Paul Collins Startup list
[WINTASK DLL]
Number=13515
Confirmed=X
Filename=jusched32.exe
Description=Added by the MYTOB.AI WORM!
Source=Paul Collins Startup list
[WINTASK DLL32]
Number=13516
Confirmed=X
Filename=smsrss.exe
Description=Added by the MYTOB.BS WORM!
Source=Paul Collins Startup list
[WinTask driver]
Number=13517
Confirmed=X
Filename=wintask.exe
Description=Added by the DLOADER-NA TROJAN!
Source=Paul Collins Startup list
[WINTASK32]
Number=13518
Confirmed=X
Filename=taskgmr32.exe
Description=Added by the MYTOB.BN WORM!
Source=Paul Collins Startup list
[WINTASK32]
Number=13519
Confirmed=X
Filename=taskgmrr.exe
Description=Added by the MYTOB.FX WORM!
Source=Paul Collins Startup list
[wintask32]
Number=13520
Confirmed=X
Filename=Jwintask.com
Description=Added by the NAFBOT-A WORM!
Source=Paul Collins Startup list
[WINTASKMANAGER]
Number=13521
Confirmed=X
Filename=taskgmr.exe
Description=Added by the MYTOB-AF WORM!
Source=Paul Collins Startup list
[WINTASKMGR]
Number=13522
Confirmed=X
Filename=ccsrs.exe
Description=Added by the MYTOB.Q WORM!
Source=Paul Collins Startup list
[WINTASKS]
Number=13523
Confirmed=X
Filename=taskgmr.exe
Description=Added by the MYTOB.BO WORM!
Source=Paul Collins Startup list
[WINTASKS]
Number=13524
Confirmed=X
Filename=winxpro.exe
Description=Added by the MYTOB.EZ WORM!
Source=Paul Collins Startup list
[WinTasks DLL Library (32-bits)]
Number=13525
Confirmed=X
Filename=winkll.exe
Description=Added by the RBOT-AJZ WORM!
Source=Paul Collins Startup list
[WinTasks Traybar]
Number=13526
Confirmed=U
Filename=wintasks.exe
Description=WinTasks - "Efficient Resource and Task Management is absolutely critical if you want to achieve the highest system performance levels possible. WinTasks 4 will not only help you achieve this task, but will actually make your system run faster and more smoothly than ever before"
Source=Paul Collins Startup list
[wintasks.exe]
Number=13527
Confirmed=X
Filename=wintasks.exe
Description=Added by the EVAMAN WORM!
Source=Paul Collins Startup list
[Wintbp.exe]
Number=13528
Confirmed=X
Filename=wintbp.exe
Description=Added by the ZOTOB.E WORM!
Source=Paul Collins Startup list
[Wintbpx.exe]
Number=13529
Confirmed=X
Filename=wintbpx.exe
Description=Added by the ZOTOB.F WORM!
Source=Paul Collins Startup list
[wintective]
Number=13530
Confirmed=U
Filename=wintective.exe
Description=Wintective logs keystrokes, captures screenshots, and monitors Internet activity. The gathered information can be sent to a predetermined email address. If you didn't install this yourself remove it
Source=Paul Collins Startup list
[winter]
Number=13531
Confirmed=X
Filename=happy.exe
Description=Added by the SDBOT-YF WORM!
Source=Paul Collins Startup list
[Wintercooler Pro]
Number=13532
Confirmed=N
Filename=WINCOOL.EXE
Description=Wintercooler Pro - utility that monitors CPU usage, RAM consumption and Internet connection speed
Source=Paul Collins Startup list
[WinTidy]
Number=13533
Confirmed=N
Filename=WinTidy.exe
Description=Desktop icon manager from PC Magazine (Ziff-Davis). Available via Start -> Programs
Source=Paul Collins Startup list
[Wintime]
Number=13534
Confirmed=X
Filename=Wintime.exe
Description=Added by the HARNIG TROJAN!
Source=Paul Collins Startup list
[WinTime]
Number=13535
Confirmed=U
Filename=wintime.exe
Description=Added by WinTime - change desktop icons' color and font
Source=Paul Collins Startup list
[Wintime Wtxpload]
Number=13536
Confirmed=N
Filename=Wxpload.exe Wintime
Description=Part of the software to support a Dexxa USB graphics tablet. From a visitor - "This gets started anyway when you plug in the USB connector for the graphics tablet, if it's not already running. It then starts an application which manages the tablet messages. Since I leave the tablet unplugged unless I need to use it, I don't need this running at startup. I suspect that this program monitors a number of windows messages, so that when it's loaded, my regular mouse slows down - it acts like it 'sticks' entering and leaving windows. Certainly my performance returned to what I expected when I removed this item using MSCONFIG"
Source=Paul Collins Startup list
[WinTimer]
Number=13537
Confirmed=X
Filename=msupdate.cmd
Description=Hijacker - recognized by Kaspersky antivirus as Trojan.Win32.StartPage.tj
Source=Paul Collins Startup list
[wintnask32.exe]
Number=13538
Confirmed=X
Filename=wintnask32.exe
Description=Added by the RBOT-AFP WORM!
Source=Paul Collins Startup list
[wintnl.exe]
Number=13539
Confirmed=X
Filename=wintnl.exe
Description=Added by a variant of the ZOTOB.K WORM!
Source=Paul Collins Startup list
[wintnpx.exe]
Number=13540
Confirmed=X
Filename=wintnpx.exe
Description=Added by the ZOTOB.H WORM!
Source=Paul Collins Startup list
[WinTools]
Number=13541
Confirmed=X
Filename=WToolsA.exe
Description=Wintools adware
Source=Paul Collins Startup list
[WinTOTAL Scheduler]
Number=13542
Confirmed=N
Filename=guru.exe
Description=WinTOTAL Real estate appraisal software related
Source=Paul Collins Startup list
[WinTray]
Number=13543
Confirmed=X
Filename=wintray.exe
Description=Added by the LEGUARDIEN.B TROJAN!
Source=Paul Collins Startup list
[wintsk32dll]
Number=13544
Confirmed=X
Filename=wintsk32dll.exe
Description=Added by the RBOT-AAJ WORM!
Source=Paul Collins Startup list
[winudll.exe]
Number=13545
Confirmed=X
Filename=winudll.exe
Description=Added by the MITGLIE-CE TROJAN!
Source=Paul Collins Startup list
[winui]
Number=13546
Confirmed=X
Filename=z.exe
Description=Added by the KONDELI TROJAN!
Source=Paul Collins Startup list
[winupated.exe]
Number=13547
Confirmed=X
Filename=winupated.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[winupd]
Number=13548
Confirmed=X
Filename=RUNDLL32.EXE [random value].dll, _mainRD
Description=Added by the MOTA.A WORM!
Source=Paul Collins Startup list
[winupd]
Number=13549
Confirmed=X
Filename=winupd.exe
Description=SearchNew adware
Source=Paul Collins Startup list
[winupd.exe]
Number=13550
Confirmed=X
Filename=winupd.exe
Description=Added by the BEAGLE.M or BEAGLE.N WORMS!
Source=Paul Collins Startup list
[WinUPD32]
Number=13551
Confirmed=X
Filename=explorer.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate Windows Explorer (explorer.exe) which would not normally appear in Msconfig/Startup unless you added it manually!
Source=Paul Collins Startup list
[winupdat]
Number=13552
Confirmed=X
Filename=winupdat.exe
Description=Added by the CANBOT.A WORM!
Source=Paul Collins Startup list
[WinUpdate]
Number=13553
Confirmed=X
Filename=RBSKQQBO.EXE
Description=Added by the VBSWG2B.A WORM!
Source=Paul Collins Startup list
[WinUpdate]
Number=13554
Confirmed=X
Filename=wmbem.exe
Description=Added by the REVCUSS.B TROJAN!
Source=Paul Collins Startup list
[WinUpdate]
Number=13555
Confirmed=X
Filename=updsys.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[winupdate]
Number=13556
Confirmed=X
Filename=winupdate.exe
Description=Added by the ALCAN.B WORM!
Source=Paul Collins Startup list
[WinUpdate]
Number=13557
Confirmed=X
Filename=svhost.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[WinUpdate Loader]
Number=13558
Confirmed=X
Filename=msnnm.exe
Description=Added by the REVCUSS.C TROJAN!
Source=Paul Collins Startup list
[winupdate.exe]
Number=13559
Confirmed=X
Filename=winupdate.exe
Description=Added by the RADO TROJAN!
Source=Paul Collins Startup list
[winupdate.reg]
Number=13560
Confirmed=X
Filename=winupdate.exe
Description=Added by the SPYBOT.EAS WORM!
Source=Paul Collins Startup list
[winupdate2846]
Number=13561
Confirmed=X
Filename=vbsystem35.exe msvbrun.exe
Description=Added by a variant of the MUTIN-C TROJAN!
Source=Paul Collins Startup list
[WinUpdateB]
Number=13562
Confirmed=X
Filename=breatle.exe
Description=Added by the BRATLE.AWORM!
Source=Paul Collins Startup list
[winupdateconn]
Number=13563
Confirmed=X
Filename=[path to file]
Description=Added by the COMBRA-A WORM!
Source=Paul Collins Startup list
[winupdateconn_]
Number=13564
Confirmed=X
Filename=Explorer.EXE
Description=Added by the COMBRA-B WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list
[winupdatefiv_]
Number=13565
Confirmed=X
Filename=[path to file]
Description=Added by the COMBRA.C WORM!
Source=Paul Collins Startup list
[WinUpdateProtection]
Number=13566
Confirmed=U
Filename=csrss.exe
Description=EmployeeWatch is a commercial surveillance software program designed to monitor user activity on a computer
Source=Paul Collins Startup list
[winupdates]
Number=13567
Confirmed=X
Filename=winupdates.exe
Description=Added by the ALCRA-B WORM!
Source=Paul Collins Startup list
[winupdate_]
Number=13568
Confirmed=X
Filename=[path to file]
Description=Added by the COMDOR.A WORM!
Source=Paul Collins Startup list
[WinUPDbc]
Number=13569
Confirmed=X
Filename=winupdbc.exe
Description=Added by the BANKER-DSN TROJAN!
Source=Paul Collins Startup list
[WinUpdsv]
Number=13570
Confirmed=X
Filename=winupdsv.exe
Description=Added by the DROPO MACRO!
Source=Paul Collins Startup list
[winupdt]
Number=13571
Confirmed=X
Filename=RUNDLL32.EXE [random.dll]
Description=Added by the MABUT.A WORM!
Source=Paul Collins Startup list
[winupdtl]
Number=13572
Confirmed=X
Filename=winupdtl.exe
Description=SecondThought adware variant
Source=Paul Collins Startup list
[WinUpgrader]
Number=13573
Confirmed=X
Filename=[path to trojan]
Description=Added by the AGENT-DZ TROJAN!
Source=Paul Collins Startup list
[winur]
Number=13574
Confirmed=X
Filename=winrun.exe
Description=Added by the WINUR.B WORM!
Source=Paul Collins Startup list
[winusb.dll]
Number=13575
Confirmed=X
Filename=winguard.exe
Description=Added by the FORBOT-CN WORM!
Source=Paul Collins Startup list
[WinUser32K]
Number=13576
Confirmed=X
Filename=usr32wink.exe
Description=Added by the HK TROJAN!
Source=Paul Collins Startup list
[WinUsr]
Number=13577
Confirmed=X
Filename=WinUsr.exe K1S2
Description=Added by the CLUNK.A WORM!
Source=Paul Collins Startup list
[Winux Piriax Service]
Number=13578
Confirmed=X
Filename=PH32.EXE
Description=Added by the RANDEX.G WORM!
Source=Paul Collins Startup list
[winversion]
Number=13579
Confirmed=X
Filename=winversion.exe
Description=Browser hijacker, redirecting to specificsearches.com
Source=Paul Collins Startup list
[WinVNC]
Number=13580
Confirmed=U
Filename=WinVNC.exe
Description=WinVNC is an application that allows you to remote control your PC from another PC somewhere on the internet. Now superseeded by RealVNC
Source=Paul Collins Startup list
[WinVNC]
Number=13581
Confirmed=X
Filename=iexplorer.exe
Description=Added by the EVIVINC VIRUS!
Source=Paul Collins Startup list
[winvxd32]
Number=13582
Confirmed=X
Filename=winvxd32.exe
Description=Added by the GABLOLIZ.A WORM!
Source=Paul Collins Startup list
[winwan lptt01]
Number=13583
Confirmed=X
Filename=winwan.exe
Description=RapidBlaster variant (in a "Winwan" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
Source=Paul Collins Startup list
[winwan ml097e]
Number=13584
Confirmed=X
Filename=winwan.exe
Description=RapidBlaster variant (in a "Winwan" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
Source=Paul Collins Startup list
[winword]
Number=13585
Confirmed=X
Filename=winword.exe
Description=Added by the TORPID-C TROJAN!
Source=Paul Collins Startup list
[WINWORD.exe]
Number=13586
Confirmed=X
Filename=WINWORD.exe
Description=Added by the DRIVUS TROJAN! Note - this is not the legitimate MS Word process of the same name, which is always located in the Program Files folder. This one is found in System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
Source=Paul Collins Startup list
[WinWorks]
Number=13587
Confirmed=X
Filename=vstmgr.exe
Description=Added by the AGOBOT.ACJ WORM!
Source=Paul Collins Startup list
[winwsl.exe]
Number=13588
Confirmed=X
Filename=winwsl.exe
Description=Added by the ZOTOB-J WORM!
Source=Paul Collins Startup list
[winXP]
Number=13589
Confirmed=X
Filename=33.exe
Description=Added by the ANPES WORM!
Source=Paul Collins Startup list
[WinXP]
Number=13590
Confirmed=X
Filename=plugin1.exe
Description=Added by the Downloader-JW TROJAN!
Source=Paul Collins Startup list
[WinXP]
Number=13591
Confirmed=X
Filename=csrss.exe
Description=Added by the BANCOS-AG TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Arquivos de programas\WinXP\Tools" folder
Source=Paul Collins Startup list
[WinXP fix]
Number=13592
Confirmed=X
Filename=[path to file]
Description=Added by the RANKY.P TROJAN!
Source=Paul Collins Startup list
[WinXP Processor Generator v1.2]
Number=13593
Confirmed=X
Filename=intspnsr32.exe
Description=Added by the SDBOT.LP WORM!
Source=Paul Collins Startup list
[WinXp Updater]
Number=13594
Confirmed=X
Filename=winxp32.exe
Description=Added by the RBOT-HG WORM!
Source=Paul Collins Startup list
[WinXP-98]
Number=13595
Confirmed=X
Filename=CSRSS.exe
Description=Added by the BANKER-DS TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located a C:\Arquivos de programas\WinXP-98\Tools folder
Source=Paul Collins Startup list
[winxpdll32.exe]
Number=13596
Confirmed=X
Filename=winxpdll32.exe
Description=Added by a variant of the SMALL downloader TROJAN!
Source=Paul Collins Startup list
[WinXPHome]
Number=13597
Confirmed=X
Filename=plugin2.exe
Description=Added by the malicious INOR.T script!
Source=Paul Collins Startup list
[WinXPLoad]
Number=13598
Confirmed=U
Filename=Rundll32 LoadDll, LoadExe WinXPLoad.exe
Description=Compaq hotkey related - required if you use the hotkeys
Source=Paul Collins Startup list
[winxpusbd]
Number=13599
Confirmed=X
Filename=winxp64.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[winystems25]
Number=13600
Confirmed=X
Filename=winystems.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Winz Firewall]
Number=13601
Confirmed=X
Filename=[random filename].exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[WinZap Check]
Number=13602
Confirmed=X
Filename=winzbp.exe
Description=Added by the RBOT-AWZ WORM!
Source=Paul Collins Startup list
[winzip]
Number=13603
Confirmed=X
Filename=[path to trojan]
Description=Added by the BANCOS.G or BANCOS.K TROJANS! Note - this is not part of the popular WinZip file compression utility
Source=Paul Collins Startup list
[Winzip]
Number=13604
Confirmed=X
Filename=[various filenames]
Description=Added by the LERPA-A WORM! Note - the file name will be one of the following common.exe, common.pif, common.scr, Sexo.exe, Sexo.jpg.pif, ini_file__.pif, load_me__.tmp, msfile.pif, system_load_.pif or zipped.rar.pif
Source=Paul Collins Startup list
[Winzip Application]
Number=13605
Confirmed=X
Filename=winzip81.exe
Description=Added by the RBOT-BKZ WORM!
Source=Paul Collins Startup list
[WinZip Quick Pick]
Number=13606
Confirmed=N
Filename=WZQKPICK.EXE
Description=Added with WinZip version 8.1. "The new WinZip Quick Pick taskbar tray icon gives you instant access to WinZip and your Zip files. Just left click the icon to open WinZip, or right click it to instantly reopen recently used Zip files, access your Favorite Zip Folders, open WinZip Help, or start WinZip itself.". You can right-click and close it - choosing to not re-load it at start-up
Source=Paul Collins Startup list
[WinZip Update]
Number=13607
Confirmed=X
Filename=WinZip.exe
Description=Added by a variant of the RBOT WORM! Note - this is not part of the popular WinZip file compression utility
Source=Paul Collins Startup list
[Win_api_driver]
Number=13608
Confirmed=X
Filename=system.exe
Description=Added by the REVIRD TROJAN!
Source=Paul Collins Startup list
[Win_BooT]
Number=13609
Confirmed=X
Filename=[path to file]
Description=Added by the BANKER-GI TROJAN!
Source=Paul Collins Startup list
[WIN_DRIVR32]
Number=13610
Confirmed=X
Filename=shchostv.exe
Description=Added by a TROJAN - see here
Source=Paul Collins Startup list
[Win_Library]
Number=13611
Confirmed=X
Filename=INISvc.exe
Description=Added by the ANARCH WORM!
Source=Paul Collins Startup list
[win_spool2]
Number=13612
Confirmed=X
Filename=win_spool2.exe
Description=Added by the SCKEYLOG.B TROJAN!
Source=Paul Collins Startup list
[win_supp00.exe]
Number=13613
Confirmed=X
Filename=Win Const.exe
Description=Added by the ASSASIN-H TROJAN!
Source=Paul Collins Startup list
[win_upd.exe]
Number=13614
Confirmed=X
Filename=WINdirect.exe
Description=Added by the MITGLIEDER.M TROJAN!
Source=Paul Collins Startup list
[win_upd2.exe]
Number=13615
Confirmed=X
Filename=WINdirect.exe
Description=Added by the BEAGLE.AO WORM!
Source=Paul Collins Startup list
[Win_vader]
Number=13616
Confirmed=X
Filename=Win_vader.vbs
Description=Added by the INVASION.A VIRUS!
Source=Paul Collins Startup list
[WIP Config GUI]
Number=13617
Confirmed=X
Filename=Winipcfgs.exe
Description=Added by the RBOT-CN WORM!
Source=Paul Collins Startup list
[Wireless Console]
Number=13618
Confirmed=N
Filename=wcourier.exe
Description=ASUS Wireless Console - installed alongside ASUS wireless components and provides additional configuration options for these devices
Source=Paul Collins Startup list
[Wireless PCI Card Configuration Utility]
Number=13619
Confirmed=U
Filename=WMP11Cfg.exe
Description=Utility used by the LINKSYS wireless PCI card (WMP11) and indicates when a wireless access connection is made by a screen colour change. Also used for configuration
Source=Paul Collins Startup list
[Wireless Provider Server]
Number=13620
Confirmed=X
Filename=wpsvr.exe
Description=Added by the FORBOT-AD WORM!
Source=Paul Collins Startup list
[Wireless Switching Setting Utility]
Number=13621
Confirmed=U
Filename=Switcher.exe
Description=On a Sony laptop with built in wireless it allows the user to select which wireless services they want to run (i.e. Wireless LAN, Bluetooth, both) when turning the wireless switch on if disabled)
Source=Paul Collins Startup list
[Wireless-G Notebook Adapter]
Number=13622
Confirmed=Y
Filename=Gcc.exe
Description=LinkSys Wireless-G Notebook Adapter driver
Source=Paul Collins Startup list
[Wireless-G Notebook Adapter Utility]
Number=13623
Confirmed=U
Filename=WPC54CFG.EXE
Description=Utility used by the LINKSYS Wireless-G Notebook Adapter (WPC54G)
Source=Paul Collins Startup list
[WireLessKeyboard]
Number=13624
Confirmed=U
Filename=PS2USBKbdDrv.exe
Description=Related to WireLess Keyboard Multimedia Combo Set by SANSUN Industries
Source=Paul Collins Startup list
[WireLessMouse]
Number=13625
Confirmed=U
Filename=MouseDrv.exe
Description=Related to WireLess Mouse Multimedia Combo Set by SANSUN Industries. Located in C:\Program Files\Multimedia Combo Set
Source=Paul Collins Startup list
[wise]
Number=13626
Confirmed=X
Filename=clockwise.exe
Description=Added by the LAZAR-A TROJAN!
Source=Paul Collins Startup list
[WIZZ]
Number=13627
Confirmed=X
Filename=dazzler.exe
Description=Reported by Kaspersky Anti-Virus as DIALER.IS TROJAN!
Source=Paul Collins Startup list
[wjview]
Number=13628
Confirmed=N
Filename=wjview.exe
Description=MS tool used to view window-based Java applications from the command line
Source=Paul Collins Startup list
[wkcalrem]
Number=13629
Confirmed=N
Filename=wkcalrem.exe
Description=Produces a pop-up reminder of events scheduled using the MS Works Calendar
Source=Paul Collins Startup list
[WkDetect]
Number=13630
Confirmed=N
Filename=WkDetect.exe
Description=Checks for updates to MS Works
Source=Paul Collins Startup list
[wkfud]
Number=13631
Confirmed=N
Filename=wkfud.exe
Description=A marketing program for MS Works
Source=Paul Collins Startup list
[WksSb]
Number=13632
Confirmed=N
Filename=WksSb.exe
Description=The Works Portfolio tool lets you collect and organize text and pictures from the Web or your favorite program. The Works Portfolio provides a location where you can store items you want to later put into a document or other file
Source=Paul Collins Startup list
[WksSVC]
Number=13633
Confirmed=X
Filename=EXPLORER.exe
Description=Added by the MYTOB-BW WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list
[WkUFind]
Number=13634
Confirmed=N
Filename=WkUFind.exe
Description=MS Works Update Detection. MS Picture It! (versions 7 to current) use this automatic update feature during the log on process. It can also cause your system to automatically dial into your ISP as it tries to access the internet, if you have your system set to automatically dial when the internet is invoked. To manually update, go to Microsoft's Office/Works update site. You can also turn of the automatic update feature within Picture It! - see here
Source=Paul Collins Startup list
[Wkyo86]
Number=13635
Confirmed=X
Filename=[path to worm]
Description=Added by the PITIN-A WORM!
Source=Paul Collins Startup list
[Wlan Drier]
Number=13636
Confirmed=X
Filename=Winusb2.exe
Description=Added by the WOOTBOT.DC WORM!
Source=Paul Collins Startup list
[Wlan Driver]
Number=13637
Confirmed=X
Filename=avscan.exe
Description=Added by the WOOTBOT.DH WORM!
Source=Paul Collins Startup list
[WLAN Status Tray Applet]
Number=13638
Confirmed=N
Filename=WLANSTA.EXE
Description=System Tray icon for checking the status of a Wireless LAN
Source=Paul Collins Startup list
[wlancfg]
Number=13639
Confirmed=U
Filename=wlancfg.exe
Description=Inventel wireless router related - required in order to automatically connect to the Net at bootup
Source=Paul Collins Startup list
[wlancfg5]
Number=13640
Confirmed=Y
Filename=wlancfg5.exe
Description=NetGear WG311v3 wireless PCI adapter driver - required in order to automatically connect to the wireless router/gateway at bootup. Note - may not install correctly on Windows9x/ME computers which have Slipstream accelerator installed. Uninstall Slipstream first, disabling slipcore and slipgui are insufficient
Source=Paul Collins Startup list
[WLANSTA.EXE]
Number=13641
Confirmed=N
Filename=WLANSTA.EXE
Description=System Tray icon for checking the status of a Wireless LAN
Source=Paul Collins Startup list
[WLAN_Cfg.exe]
Number=13642
Confirmed=Y
Filename=WLAN_Cfg.exe
Description=Linksys Instant Wireless USB Network Adapter driver
Source=Paul Collins Startup list
[wlsass]
Number=13643
Confirmed=X
Filename=wlsass.exe
Description=Added by the RANKY.CY TROJAN!
Source=Paul Collins Startup list
[WLTRAY]
Number=13644
Confirmed=N
Filename=wltray.exe
Description=Installed alongside Dell Wireless WLAN Card and provides additional configuration options for these devices
Source=Paul Collins Startup list
[wltray]
Number=13645
Confirmed=N
Filename=wltray.exe
Description=System tray access to wireless LAN card configuration options
Source=Paul Collins Startup list
[WM VCR]
Number=13646
Confirmed=N
Filename=WMVCR.exe
Description=WM Recorder allows you to record Windows Media(tm) streaming Video or Audio content. Can be accessed via Start Menu -> Programs
Source=Paul Collins Startup list
[Wm24Pan]
Number=13647
Confirmed=Y
Filename=Wm24Pan.Exe
Description=ESI external sound card driver
Source=Paul Collins Startup list
[wm41a398]
Number=13648
Confirmed=X
Filename=rundll32.exe [path] wm41a398.dll, EnableRunDLL32
Description=LZIO.com adware downloader
Source=Paul Collins Startup list
[WMAudio]
Number=13649
Confirmed=X
Filename=services.exe
Description=Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[WMAudio]
Number=13650
Confirmed=X
Filename=winlogon.exe
Description=Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[WMBoot]
Number=13651
Confirmed=N
Filename=N/A
Description=Associated with Logitech Wingman game controllers. Not required but what does it do?
Source=Paul Collins Startup list
[wmcbaaca]
Number=13652
Confirmed=X
Filename=rundll32.exe [path] wmcbaaca.dll, EnableRunDLL32
Description=LZIO.com adware downloader
Source=Paul Collins Startup list
[WMC_RebootCheck]
Number=13653
Confirmed=N
Filename=unregmp2.exe
Description=Corrects problems with installations of Windows Media Player from version 9 onwards - see here and search for "unregmp2.exe"
Source=Paul Collins Startup list
[WMI Application Interface]
Number=13654
Confirmed=X
Filename=wmiapi.exe
Description=Added by the SPYBOT.RBY WORM!
Source=Paul Collins Startup list
[WMIEXE.exe]
Number=13655
Confirmed=U
Filename=wmiexe.exe
Description=NT component, used by Windows Millennium to detect Plug and Play-compliant IEEE 1394 devices during the startup process. Since this is important for the computer to work properly if you have these, Windows Millennium protects wmiexe.exe and will restore the file even if it's deleted or renamed
Source=Paul Collins Startup list
[Wminf]
Number=13656
Confirmed=X
Filename=Wminf.exe
Description=Added by the GEMA TROJAN!
Source=Paul Collins Startup list
[Wminfo]
Number=13657
Confirmed=X
Filename=Wminfo.exe
Description=Added by the GEMA TROJAN!
Source=Paul Collins Startup list
[wmiprv]
Number=13658
Confirmed=X
Filename=wmiprv.exe
Description=Added by the RBOT-WM WORM!
Source=Paul Collins Startup list
[wmon]
Number=13659
Confirmed=X
Filename=jusched.exe
Description=Added by the AGOBOT-OW WORM!
Source=Paul Collins Startup list
[WMP54Gv4]
Number=13660
Confirmed=Y
Filename=WMP54Gv4.exe
Description=Linksys WMP54Gv4 wireless PCI adapter driver - required in order to automatically connect to the wireless router/gateway at bootup. Note - may not install correctly on Windows9x/ME computers which have Slipstream accelerator installed. Uninstall Slipstream first, disabling slipcore and slipgui are insufficient
Source=Paul Collins Startup list
[wmplayer.exe]
Number=13661
Confirmed=X
Filename=wmplayer.exe
Description=Added by the BANCBAN-CZ TROJAN!
Source=Paul Collins Startup list
[wmpnscfg]
Number=13662
Confirmed=U
Filename=wmpnscfg.exe
Description="Microsoft Windows uses wmpnscfg.exe to alert users when media rendering devices are found on the network. Wmpnscfg starts the Windows Media Player Network Sharing Service (NSS) and then waits for notifications from the service. When wmpnscfg is notified that a new media device is available on the network, it displays a popup in the system tray that informs the user about the availability of the new device. If the user clicks the popup, wmpnscfg launches Windows Media Player, which displays a dialog box that asks the user to either allow or deny sharing with the new device." - see here
Source=Paul Collins Startup list
[wms3]
Number=13663
Confirmed=X
Filename=wms3.exe
Description=Added by the LEGMIR-AQG TROJAN!
Source=Paul Collins Startup list
[wmsys32]
Number=13664
Confirmed=X
Filename=wmsys32.exe
Description=Added by the BANPAES.B TROJAN!
Source=Paul Collins Startup list
[wmv]
Number=13665
Confirmed=X
Filename=winmonv.exe
Description=Added by the AGENT-DG TROJAN!
Source=Paul Collins Startup list
[WM_LOGIN]
Number=13666
Confirmed=?
Filename=MSGLOGIN.EXE
Description=Part of McAfee Firewall. What is it for and is it needed?
Source=Paul Collins Startup list
[WN Services]
Number=13667
Confirmed=X
Filename=wnsvc.exe
Description=Added by the KBBOT-A TROJAN!
Source=Paul Collins Startup list
[WNAD]
Number=13668
Confirmed=X
Filename=WNAD.EXE
Description=Spyware added as a result of running a program called "Yo Mama Osama" (osama.exe). See here for more and how to get rid of it. There are other ways this can show up on your system, and it will manifest itself by periodically opening a new browser window with advertising for copy DVD software and the like
Source=Paul Collins Startup list
[wnddrv]
Number=13669
Confirmed=X
Filename=svchost.exe
Description=Added by an unidentified TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list
[WNILOGON]
Number=13670
Confirmed=X
Filename=WNILOGON.exe
Description=Added by the LEWOR-M TROJAN!
Source=Paul Collins Startup list
[WNSC]
Number=13671
Confirmed=X
Filename=wns*****.exe [* = random char]
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[Wnsck2 driver]
Number=13672
Confirmed=X
Filename=wlogf.exe
Description=Added by the SPYBOT-AF WORM!
Source=Paul Collins Startup list
[WNSI]
Number=13673
Confirmed=X
Filename=wnscp**.exe [* = random char]
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[WNSO]
Number=13674
Confirmed=X
Filename=WNSO.exe
Description=Baidu.SoBar adware
Source=Paul Collins Startup list
[WNST]
Number=13675
Confirmed=X
Filename=wns*****.exe [* = random char]
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[wntlgns]
Number=13676
Confirmed=X
Filename=wntlgns.exe
Description=CoolWebSearch parasite variant
Source=Paul Collins Startup list
[wnxpupdate]
Number=13677
Confirmed=X
Filename=spvspool.exe
Description=Added by the DABORA.B WORM!
Source=Paul Collins Startup list
[wnxupdate]
Number=13678
Confirmed=X
Filename=updatexp.exe
Description=Added by the COMBRA-G WORM!
Source=Paul Collins Startup list
[won update]
Number=13679
Confirmed=X
Filename=WAPDATE.EXE
Description=Added by the RBOT.N WORM!
Source=Paul Collins Startup list
[WonderFrog]
Number=13680
Confirmed=U
Filename=WonderFrog.exe
Description=Wonder Frog typing monitor
Source=Paul Collins Startup list
[WooCnxMon]
Number=13681
Confirmed=N
Filename=CnxMon.exe
Description=Wanadoo ISP software related - not required - here's how to bypass it
Source=Paul Collins Startup list
[Woods Inc]
Number=13682
Confirmed=X
Filename=wcmd.exe
Description=Added by the KILLFIL-O TROJAN!
Source=Paul Collins Startup list
[woopie]
Number=13683
Confirmed=X
Filename=winamp.exe
Description=Added by the AGOBOT.XV WORM! Note - this is NOT the popular Winamp media player
Source=Paul Collins Startup list
[WOOTASKBARICON]
Number=13684
Confirmed=N
Filename=TaskbarIcon.exe
Description=Wanadoo ISP taskbar icon - not required
Source=Paul Collins Startup list
[Woowatch]
Number=13685
Confirmed=N
Filename=Watch.exe
Description=Wanadoo ISP software, not required
Source=Paul Collins Startup list
[word pair]
Number=13686
Confirmed=X
Filename=bopotsvr.exe
Description=Added by the SHED-A TROJAN!
Source=Paul Collins Startup list
[WordQ carat flag]
Number=13687
Confirmed=Y
Filename=WordQcrs.exe
Description=Related to WordQ Writing Aid Software
Source=Paul Collins Startup list
[WordWeb]
Number=13688
Confirmed=N
Filename=wweb32.exe
Description=WordWeb - free theasaurus and dictionary. Start manually
Source=Paul Collins Startup list
[Workflo]
Number=13689
Confirmed=?
Filename=workflow.exe
Description=Related to BroadJump Client Foundation - broadband troubleshooting software installed by various companies. Is it required?
Source=Paul Collins Startup list
[Working System Analyzer]
Number=13690
Confirmed=X
Filename=syswork.exe
Description=Added by the FORBOT-FZ WORM!
Source=Paul Collins Startup list
[worknote1]
Number=13691
Confirmed=X
Filename=[filename]
Description=Added by the MEETOT WORM!
Source=Paul Collins Startup list
[WorkPace 3.0]
Number=13692
Confirmed=U
Filename=workpace.exe
Description=WorkPace - stress injury prevention software
Source=Paul Collins Startup list
[Works Calendar Reminder]
Number=13693
Confirmed=N
Filename=wkcalrem.exe
Description=Produces a pop-up reminder of events scheduled using the MS Works Calendar
Source=Paul Collins Startup list
[WorksFUD]
Number=13694
Confirmed=N
Filename=wkfud.exe
Description=A marketing program for MS Works
Source=Paul Collins Startup list
[Workstation Scheduler]
Number=13695
Confirmed=U
Filename=wm95.exe
Description=Desktop Management Scheduler. Part of Novell's Netware Client. Schedueles NDS events. If events have been schedueled, it is required, otherwise, it is useless and a memory hog
Source=Paul Collins Startup list
[Workstation Services]
Number=13696
Confirmed=X
Filename=wrkstn.exe
Description=Added by the RBOT-OJ WORM!
Source=Paul Collins Startup list
[Workstation Ver 5.0]
Number=13697
Confirmed=X
Filename=vmware.exe
Description=Added by the RBOT-AHB WORM!
Source=Paul Collins Startup list
[WorldAntiSpy]
Number=13698
Confirmed=X
Filename=worldantispy.exe
Description=WorldAntiSpy, "rogue" spyware remover, installed as part of this scam
Source=Paul Collins Startup list
[Worm Detector]
Number=13699
Confirmed=U
Filename=wd.exe
Description=Worm Detector - antivirus add-on for Outlook 2K or XP for handling worms and spam
Source=Paul Collins Startup list
[wormexe]
Number=13700
Confirmed=X
Filename=winstart.exe
Description=Added by the EARLYBIRD WORM!
Source=Paul Collins Startup list
[wovax]
Number=13701
Confirmed=X
Filename=wovax.exe
Description=Added by the DAQA.A TROJAN!
Source=Paul Collins Startup list
[wow]
Number=13702
Confirmed=X
Filename=bar.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[wow]
Number=13703
Confirmed=X
Filename=wwf.exe
Description=Added by the LINEAGE-Y TROJAN!
Source=Paul Collins Startup list
[wow]
Number=13704
Confirmed=X
Filename=Launcher.exe
Description=Added by the DELF-DOR TROJAN!
Source=Paul Collins Startup list
[Wpctrl]
Number=13705
Confirmed=N
Filename=wpctrlnt.exe
Description=WinPortrait plug-in for PivotPro from Portrait Studios - allows a screen to be rotated to match rotated LCD screens, for example). Shortcut available via Display Properties
Source=Paul Collins Startup list
[Wpctrl]
Number=13706
Confirmed=N
Filename=wpctrl95.exe
Description=WinPortrait plug-in for PivotPro from Portrait Studios - allows a screen to be rotated to match rotated LCD screens, for example). Shortcut available via Display Properties
Source=Paul Collins Startup list
[wpctrl95]
Number=13707
Confirmed=N
Filename=wpctrlnt.exe
Description=WinPortrait plug-in for PivotPro from Portrait Studios - allows a screen to be rotated to match rotated LCD screens, for example). Shortcut available via Display Properties
Source=Paul Collins Startup list
[wpctrl95]
Number=13708
Confirmed=N
Filename=wpctrl95.exe
Description=WinPortrait plug-in for PivotPro from Portrait Studios - allows a screen to be rotated to match rotated LCD screens, for example). Shortcut available via Display Properties
Source=Paul Collins Startup list
[WPCUMI]
Number=13709
Confirmed=Y
Filename=WpcUmi.exe
Description=Windows Vista Parental Control Notifications from Microsoft Corporation
Source=Paul Collins Startup list
[WPCycle.exe]
Number=13710
Confirmed=Y
Filename=WpCycleWin.exe
Description=Added when selecting Mplayer2 to open media files. Forces other codes to Wait for Previous instructions to end, preventing instability of your CPU (freezing)
Source=Paul Collins Startup list
[wpds.exe]
Number=13711
Confirmed=X
Filename=doriot.exe
Description=Added by the SMALL-KY TROJAN!
Source=Paul Collins Startup list
[wpds.exe]
Number=13712
Confirmed=X
Filename=wwnrot.exe
Description=Added by the BAGLEDI-D TROJAN!
Source=Paul Collins Startup list
[wpwmgrs]
Number=13713
Confirmed=X
Filename=wpwmgrs.exe
Description=Added by the MYTOB-DH WORM!
Source=Paul Collins Startup list
[WQK]
Number=13714
Confirmed=X
Filename=WQK.exe
Description=Added by the KLEZ.H WORM!
Source=Paul Collins Startup list
[wr]
Number=13715
Confirmed=?
Filename=WR.EXE
Description=??
Source=Paul Collins Startup list
[WR Command]
Number=13716
Confirmed=?
Filename=wr.exe
Description=??
Source=Paul Collins Startup list
[WrCtrl]
Number=13717
Confirmed=N
Filename=WrCtrl.exe
Description=Win-Route 4.27 NAT engine on Win2k Pro for connection sharing and security using Win-Route by Tiny Software. A connection sharing/Firewall Application. If service is disabled the program does not work, but you can manually start/stop the service with a shortcut the program installs at any time
Source=Paul Collins Startup list
[WRDialer]
Number=13718
Confirmed=X
Filename=WrDialer.exe
Description=WinPoet DSL dialler
Source=Paul Collins Startup list
[WRECK GUARD]
Number=13719
Confirmed=?
Filename=??
Description=??
Source=Paul Collins Startup list
[WregBios]
Number=13720
Confirmed=?
Filename=wregbios.exe
Description=Desktop Management BIOS (DMI BIOS) related. Apparently invokes the DosBios.exe file. Is it required?
Source=Paul Collins Startup list
[wrexec]
Number=13721
Confirmed=U
Filename=wrexec.exe
Description=Watch Right - monitoring program, part of the PowerTools add-on for AOL. Records instant messages, E-mail, chat. Watch Right appears to be, and functions as an online clock updater which connects with the U.S. National Institute of Standards and Technology. It was designed for parents who wish to keep an eye on what their children are doing online
Source=Paul Collins Startup list
[wriste]
Number=13722
Confirmed=?
Filename=wriste.exe
Description=??
Source=Paul Collins Startup list
[Write DVD-R!]
Number=13723
Confirmed=U
Filename=saimon.exe
Description=Saimon's WriteDVD! "gives total support for DVD-RAM drives. It provides many functions such as setting partitions on DVD-RAM disks and FixDVD! can diagnose and repair UDF formatted disks"
Source=Paul Collins Startup list
[ws2 32]
Number=13724
Confirmed=X
Filename=svchst.exe
Description=Added by the VOKEN-A TROJAN!
Source=Paul Collins Startup list
[ws2help]
Number=13725
Confirmed=X
Filename=ws2help.exe
Description=Added by a variant of the SMALL.AN TROJAN!
Source=Paul Collins Startup list
[WSAConfiguration]
Number=13726
Confirmed=X
Filename=wmon32.exe
Description=Added by the GAOBOT.BAJ WORM!
Source=Paul Collins Startup list
[WSAConfiguration]
Number=13727
Confirmed=X
Filename=svchostt.exe
Description=Added by the AGOBOT.ZT WORM!
Source=Paul Collins Startup list
[WSAConfiguration]
Number=13728
Confirmed=X
Filename=rpcxmn32.exe
Description=Added by the AGOBOT.ABG WORM!
Source=Paul Collins Startup list
[WSAConfiguration]
Number=13729
Confirmed=X
Filename=win32upd.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[WSAConfiguration]
Number=13730
Confirmed=X
Filename=drrss.exe
Description=Added by a variant of the AGOBOT/GAOBOT WORM!
Source=Paul Collins Startup list
[WSAConfiguration]
Number=13731
Confirmed=X
Filename=winlogon32.exe
Description=Added by the AGOBOT-WC WORM!
Source=Paul Collins Startup list
[WSAConfiguration]
Number=13732
Confirmed=X
Filename=ntguard32.exe
Description=Added by a variant of the AGOBOT/GAOBOT WORM!
Source=Paul Collins Startup list
[WSAConfiguration]
Number=13733
Confirmed=X
Filename=csrsvcs.exe
Description=Added by the AGOBOT.VI WORM!
Source=Paul Collins Startup list
[WSAConfiguration1]
Number=13734
Confirmed=X
Filename=csass.exe
Description=Added by the AGOBOT.WH WORM!
Source=Paul Collins Startup list
[wsass32]
Number=13735
Confirmed=X
Filename=wsass32.exe
Description=Added by the BANKEM-V TROJAN!
Source=Paul Collins Startup list
[wsbklite]
Number=13736
Confirmed=?
Filename=wsbklite.exe
Description=Related to the Acer Soft Button on Acer Tablet PCs. Appears to do nothing so is it required?
Source=Paul Collins Startup list
[WScheduler]
Number=13737
Confirmed=U
Filename=WScheduler.exe
Description=Windows Scheduler - "schedule unattended running of applications, batch files, scripts and much more. Also, you can schedule popup reminders so you'll never forget reminders, tasks and other events."
Source=Paul Collins Startup list
[wscntfys]
Number=13738
Confirmed=X
Filename=wsscntfy.exe
Description=Added by the SDBOT-TN WORM!
Source=Paul Collins Startup list
[wscript.exe]
Number=13739
Confirmed=X
Filename=vabian.vbs
Description=Added by the VABI VIRUS!
Source=Paul Collins Startup list
[wscsvc.exe]
Number=13740
Confirmed=X
Filename=wscsvc.exe
Description=Added by a password stealing BANKER TROJAN!
Source=Paul Collins Startup list
[Wsdata service]
Number=13741
Confirmed=X
Filename=WSconf.exe
Description=Added by the SDBOT.ZU WORM!
Source=Paul Collins Startup list
[wserv]
Number=13742
Confirmed=X
Filename=wserv.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[wserver]
Number=13743
Confirmed=X
Filename=wserver.exe
Description=Added by the NETSKY.AC or SASSER.G WORMS!
Source=Paul Collins Startup list
[WService]
Number=13744
Confirmed=U
Filename=WService.exe
Description=Tablet client Driver for UC-Logic Pen/Graphics Tablet
Source=Paul Collins Startup list
[wsg32]
Number=13745
Confirmed=U
Filename=wsg32.exe
Description=GoldenKeylog keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list
[wskrnl]
Number=13746
Confirmed=U
Filename=wskrnl.exe
Description=ActMon surveillance software. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list
[wsock32]
Number=13747
Confirmed=X
Filename=svchost.exe
Description=Added by the HORST-A WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list
[wsrv32]
Number=13748
Confirmed=X
Filename=wsrv32.exe
Description=Added by a CLICKER TROJAN! Identified by Kaspersky antivirus as Win32.Agent.ep
Source=Paul Collins Startup list
[WSSAConfiguration]
Number=13749
Confirmed=X
Filename=wmmon32.exe
Description=Added by the AGOBOT-KC WORM!
Source=Paul Collins Startup list
[wssys]
Number=13750
Confirmed=U
Filename=wssys.exe
Description=WebPI logs keystrokes and captures screenshots. If you didn't install this yourself remove it
Source=Paul Collins Startup list
[Wstat32 driver]
Number=13751
Confirmed=X
Filename=Wstat32.exe
Description=Added by the LOONBOT TROJAN!
Source=Paul Collins Startup list
[wstimeb]
Number=13752
Confirmed=Y
Filename=wstimeb.exe
Description=Used with NEC printers. You can disable it before printing but it re-loads itself when printing so you may as well leave it
Source=Paul Collins Startup list
[wsttrs]
Number=13753
Confirmed=X
Filename=wsttrs.exe
Description=Added by the LDPINCH-QS TROJAN!
Source=Paul Collins Startup list
[wsvbs]
Number=13754
Confirmed=X
Filename=wsvbs.exe
Description=Added by the PWS-AEB TROJAN!
Source=Paul Collins Startup list
[WSVCS]
Number=13755
Confirmed=U
Filename=SERVICES.EXE
Description=WSLogger keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list
[wswpd]
Number=13756
Confirmed=Y
Filename=wswpd.exe
Description=Used with some models of Panasonic, Epson and NEC printers. Some older drivers known to have a "memory leak". Needed for printing to work
Source=Paul Collins Startup list
[wsys.exe]
Number=13757
Confirmed=U
Filename=wsys.exe
Description=SpyloPCMonitor is a surviellance software program that monitors user activity, logs keystrokes, and takes screenshots. It ends the processes of anti-spyware programs. If you didn't install this yourself remove it
Source=Paul Collins Startup list
[ws_d]
Number=13758
Confirmed=X
Filename=ws32.exe
Description=Added by the LEGMIR-RL TROJAN!
Source=Paul Collins Startup list
[WT Game Channel]
Number=13759
Confirmed=N
Filename=GameChannel.exe
Description=WildTangent GameChannel - notification of new games, quick access to games and fast and easy game downloads. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
Source=Paul Collins Startup list
[WT Game Channel]
Number=13760
Confirmed=N
Filename=wtgamechannel.exe
Description=WildTangent GameChannel - notification of new games, quick access to games and fast and easy game downloads. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
Source=Paul Collins Startup list
[WT GameChannel]
Number=13761
Confirmed=N
Filename=GameChannel.exe
Description=WildTangent GameChannel - notification of new games, quick access to games and fast and easy game downloads. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
Source=Paul Collins Startup list
[WT GameChannel]
Number=13762
Confirmed=N
Filename=wtgamechannel.exe
Description=WildTangent GameChannel - notification of new games, quick access to games and fast and easy game downloads. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
Source=Paul Collins Startup list
[WTF Test]
Number=13763
Confirmed=X
Filename=wtftest.exe
Description=Added by the RBOT-ACM WORM!
Source=Paul Collins Startup list
[WTIndicator]
Number=13764
Confirmed=U
Filename=SchedInd.exe
Description=WinTask - software that automates a variety of routine tasks quickly and simply
Source=Paul Collins Startup list
[WTSI]
Number=13765
Confirmed=X
Filename=wapisvit.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[WTSS]
Number=13766
Confirmed=X
Filename=wap***.exe [* = random char]
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[WTST]
Number=13767
Confirmed=X
Filename=wapisvtr.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[WU713STA.EXE]
Number=13768
Confirmed=Y
Filename=WU713STA.EXE
Description=Blitzz Technology wireless NIC adapter driver
Source=Paul Collins Startup list
[wuanguard]
Number=13769
Confirmed=X
Filename=wuanguard32.exe
Description=Added by the RBOT-AAF WORM!
Source=Paul Collins Startup list
[WUOLService]
Number=13770
Confirmed=Y
Filename=WUOLService9x.exe
Description=Remote wakeup status agent. Part of Novell's ZenWorks. Processes Wake-up on LAN requests (turn on a computer remotely on LAN)
Source=Paul Collins Startup list
[wuosdial]
Number=13771
Confirmed=X
Filename=wuosdial.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[WUPD]
Number=13772
Confirmed=X
Filename=iglmtray.exe
Description=Added by the TZET WORM!
Source=Paul Collins Startup list
[wupd]
Number=13773
Confirmed=X
Filename=symcsvc.exe
Description=Added by the ABWIZ.C TROJAN!
Source=Paul Collins Startup list
[wupd]
Number=13774
Confirmed=X
Filename=win32.exe
Description=Added by the ORSE-C TROJAN!
Source=Paul Collins Startup list
[wupdate]
Number=13775
Confirmed=X
Filename=wisvccz.exe
Description=Added by the ORSE-B TROJAN!
Source=Paul Collins Startup list
[wupdate]
Number=13776
Confirmed=X
Filename=wi32.exe
Description=Downloader trojan, detected by Panda antivirus as Adware/Trustbid
Source=Paul Collins Startup list
[WUpdate]
Number=13777
Confirmed=X
Filename=1037v.exe
Description=Added by the CLAGGER-AR TROJAN!
Source=Paul Collins Startup list
[Wupdate driver]
Number=13778
Confirmed=X
Filename=[various filenames]
Description=Added by a variant of the SPYBOT WORM!
Source=Paul Collins Startup list
[WUpdates]
Number=13779
Confirmed=X
Filename=WUpdates.exe
Description=Added by the SWEPDAT TROJAN!
Source=Paul Collins Startup list
[Wupdm32]
Number=13780
Confirmed=X
Filename=Wupdm32.exe
Description=Added by the MIDLAK WORM!
Source=Paul Collins Startup list
[wupdmgr32.exe]
Number=13781
Confirmed=X
Filename=wupdmgr32.exe
Description=Added by the CERTIF-I TROJAN!
Source=Paul Collins Startup list
[wupdt]
Number=13782
Confirmed=X
Filename=wupdt.exe
Description=Added by the IMISERV.A TROJAN!
Source=Paul Collins Startup list
[WUSB11B.exe]
Number=13783
Confirmed=Y
Filename=WUSB11B.exe
Description=Linksys WUSB11 WLAN USB adapter
Source=Paul Collins Startup list
[WUSB54Gv2]
Number=13784
Confirmed=Y
Filename=InvokeSvc3.exe
Description=Wireless-G USB Wireless Network Adapter related - would appear to be required
Source=Paul Collins Startup list
[WUSB54Gv4]
Number=13785
Confirmed=Y
Filename=WUSB54Gv4.exe
Description=Wireless-G USB Wireless Network Adapter related - would appear to be required
Source=Paul Collins Startup list
[wuviewer]
Number=13786
Confirmed=X
Filename=wuviewer.exe
Description=Added by a Proxy Trojan variant
Source=Paul Collins Startup list
[WUx_RegSvr]
Number=13787
Confirmed=?
Filename=RegSvr32.exe
Description=x is any number??
Source=Paul Collins Startup list
[WWKS]
Number=13788
Confirmed=X
Filename=wsass.exe
Description=Added by the SDBOT-BT WORM!
Source=Paul Collins Startup list
[www.hidro.4t.com]
Number=13789
Confirmed=X
Filename=enbiei.exe
Description=Added by the BLASTER.F WORM!
Source=Paul Collins Startup list
[www.symantec.com]
Number=13790
Confirmed=X
Filename=oz11111.exe
Description=Added by the MYDOOM.W WORM
Source=Paul Collins Startup list
[WXcmeinst]
Number=13791
Confirmed=X
Filename=[path to file]
Description=Added by the RANCK-CD TROJAN!
Source=Paul Collins Startup list
[Wxp4]
Number=13792
Confirmed=X
Filename=Norton Update.exe
Description=Added by the ERKEZ.D WORM!
Source=Paul Collins Startup list
[WXProcMgr Module]
Number=13793
Confirmed=N
Filename=WXprocMgr.exe
Description=TVTonic from Wavexpress - "enjoy 3 full-screen, DVD-quality video channels for FREE". Allows data content to be downloaded and synchronized on your system
Source=Paul Collins Startup list
[WZCBDLService]
Number=13794
Confirmed=U
Filename=WZCBDL9X.exe
Description=WZCBDLService Launcher from D-Link - configuration/drivers
Source=Paul Collins Startup list
[wzdmg]
Number=13795
Confirmed=X
Filename=wzdmg.exe
Description=Added by a generic downloader TROJAN - see here
Source=Paul Collins Startup list
[wzhelper]
Number=13796
Confirmed=X
Filename=wzhelper.exe
Description=Searchcentrix hijacker
Source=Paul Collins Startup list
[wzservice]
Number=13797
Confirmed=X
Filename=hess.exe
Description=Added by the HACKARMY.W TROJAN!
Source=Paul Collins Startup list
[X Server]
Number=13798
Confirmed=U
Filename=X.exe
Description="XoftWare for Windows" enables you to run network-based UNIX programs ("X programs" or "clients") side-by-side with Windows applications on your personal computer. You can also share programs and computing resources with host computers connected to your PC over a network
Source=Paul Collins Startup list
[X-Cleaner Deluxe]
Number=13799
Confirmed=U
Filename=xcleaner.exe
Description=X-Cleaner Deluxe - privacy and anti-spy application
Source=Paul Collins Startup list
[X-Cleaner Freeware]
Number=13800
Confirmed=U
Filename=XCLEAN~1.EXE
Description=X-Cleaner Freeware - "cookie cleaning, Internet cache cleaning, scans for many popular spy software packages and performs permanent file shredding"
Source=Paul Collins Startup list
[X-Grabber]
Number=13801
Confirmed=N
Filename=sswizard.exe
Description=ScreenShot Wizard
Source=Paul Collins Startup list
[X1]
Number=13802
Confirmed=U
Filename=X1.exe
Description=Part of X1's Enterprise Desktop Search Resource Center. An enterprise desktop search engine
Source=Paul Collins Startup list
[X1 System Tray]
Number=13803
Confirmed=U
Filename=X1Systray.exe
Description=Part of X1's Enterprise Desktop Search Resource Center. An enterprise desktop search engine
Source=Paul Collins Startup list
[X10 Device Network Service]
Number=13804
Confirmed=U
Filename=x10nets.exe
Description=Belongs to X10 video streaming device(s)
Source=Paul Collins Startup list
[X10Weax]
Number=13805
Confirmed=X
Filename=WTHRTRAY.EXE
Description=WeatherCheck - "bring the latest local weather to your desktop". Not recommended as it reportedly pops ads, and contains no uninstaller
Source=Paul Collins Startup list
[X1FileMonitor.exe]
Number=13806
Confirmed=U
Filename=X1FileMonitor.exe
Description=Part of X1's Enterprise Desktop Search Resource Center. An enterprise desktop search engine
Source=Paul Collins Startup list
[x3watch]
Number=13807
Confirmed=U
Filename=x3watch.exe
Description="program helping with online integrity. Whenever you browse the internet and accesses a site which may contain questionable material, the program will save the site name on your computer. Approximately every 30 days, a person of your choice (an accountabiltiy partner) will receive an e-mail containing all possible questionable sites you may have visited within the month. This information is meant to encourage an open and honest conversation between friends and help us all be more accountable"
Source=Paul Collins Startup list
[x3yy]
Number=13808
Confirmed=X
Filename=[path to trojan]
Description=Added by the TANNICK TROJAN!
Source=Paul Collins Startup list
[Xanadu]
Number=13809
Confirmed=N
Filename=Xanadu.exe
Description=Xanadu - free language and translation wizard from Foreignword
Source=Paul Collins Startup list
[xBrotherMeCom]
Number=13810
Confirmed=?
Filename=BrMeCom.exe
Description=Related to Brother MFC-9200c printer. What does it do and is it required?
Source=Paul Collins Startup list
[xbtl]
Number=13811
Confirmed=U
Filename=bootldr.exe
Description=Active Keylogger keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list
[Xcpy1]
Number=13812
Confirmed=X
Filename=Xcpy1.exe
Description=BroadcastPC adware variant
Source=Paul Collins Startup list
[xdxqa]
Number=13813
Confirmed=X
Filename=dewa.exe
Description=Added by the SDBOT-YB WORM!
Source=Paul Collins Startup list
[XE 8x LM Status]
Number=13814
Confirmed=U
Filename=lmsxxe.exe
Description=Xerox XE8 series laser printer status monitor
Source=Paul Collins Startup list
[Xecuter.bat]
Number=13815
Confirmed=X
Filename=psexec.bat
Description=Added by the BOOHOO WORM!
Source=Paul Collins Startup list
[XemiCo]
Number=13816
Confirmed=U
Filename=ADC.EXE
Description=XemiComputers Active Desktop Calendar
Source=Paul Collins Startup list
[XeroxScannerDaemon]
Number=13817
Confirmed=U
Filename=XrxFTPLt.exe
Description=Xerox Scanner Daemon - driver for Xerox Scanner model fu621d
Source=Paul Collins Startup list
[XFILTER]
Number=13818
Confirmed=Y
Filename=xfilter.exe
Description=Filseclab Personal Firewall Professional Edition
Source=Paul Collins Startup list
[Xfire]
Number=13819
Confirmed=N
Filename=Xfire.exe
Description=Terratec DMXFire 1024 soundcard control panel
Source=Paul Collins Startup list
[xflash]
Number=13820
Confirmed=X
Filename=xflash.exe
Description=Added by the BANCJ-A TROJAN!
Source=Paul Collins Startup list
[xftpGraber]
Number=13821
Confirmed=X
Filename=Xftpgraber.exe
Description=Added by the ENVID.C WORM!
Source=Paul Collins Startup list
[XGIWatchDog]
Number=13822
Confirmed=?
Filename=XWatDog.exe
Description=Related to XGI Technology's Volari graphics cards - what does it do and is it required?
Source=Paul Collins Startup list
[xhi]
Number=13823
Confirmed=X
Filename=xhi.exe
Description=Added by the SCLOG-A TROJAN!
Source=Paul Collins Startup list
[xhrmy]
Number=13824
Confirmed=X
Filename=Xhrmy.exe
Description=HyperLinker adware
Source=Paul Collins Startup list
[xicon]
Number=13825
Confirmed=?
Filename=xicon.exe
Description=Part of the IBM/XPoint Rapid Restore utility. What does it do and is it required?
Source=Paul Collins Startup list
[XiD]
Number=13826
Confirmed=X
Filename=mmx.exe
Description=Added by the ANALOGX TROJAN!
Source=Paul Collins Startup list
[XircWinModem4]
Number=13827
Confirmed=Y
Filename=ltcm000c.exe
Description=WinModem drivers. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem information
Source=Paul Collins Startup list
[xitami]
Number=13828
Confirmed=U
Filename=Xiwin32.exe
Description=Xitami Multiplatform Open Source web server
Source=Paul Collins Startup list
[xkstartup]
Number=13829
Confirmed=?
Filename=RunDll32 InstZ82.dll, SetUsbPrinterPort
Description=On a system with a Lexmark printer
Source=Paul Collins Startup list
[xload32]
Number=13830
Confirmed=X
Filename=netdd.exe
Description=Added by the NETSPY TROJAN!
Source=Paul Collins Startup list
[xloadnet]
Number=13831
Confirmed=X
Filename=xloadnet.exe
Description=Added by the VB.NCK TROJAN!
Source=Paul Collins Startup list
[XML Service]
Number=13832
Confirmed=X
Filename=msxml.exe
Description=Added by the RBOT-HD WORM!
Source=Paul Collins Startup list
[XNSearchAssistant]
Number=13833
Confirmed=X
Filename=SrchAsst.exe
Description=iWon Search Assistant - spyware
Source=Paul Collins Startup list
[XoftSpy]
Number=13834
Confirmed=U
Filename=XoftSpy.exe
Description=XoftSpy antispyware software
Source=Paul Collins Startup list
[xor]
Number=13835
Confirmed=X
Filename=svchost.exe
Description=Added by the XORDOOR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in a "xor" subfolder
Source=Paul Collins Startup list
[xor]
Number=13836
Confirmed=X
Filename=svshost.exe
Description=Added by the AGENT.DC TROJAN!
Source=Paul Collins Startup list
[Xordate]
Number=13837
Confirmed=X
Filename=wuauclt10.exe
Description=Added by the RBOT-GKN WORM!
Source=Paul Collins Startup list
[Xordate]
Number=13838
Confirmed=X
Filename=wuauclt11.exe
Description=Added by the RBOT-GLI WORM!
Source=Paul Collins Startup list
[Xordate]
Number=13839
Confirmed=X
Filename=wuauclt12.exe
Description=Added by the RBOT-GLQ WORM!
Source=Paul Collins Startup list
[Xordate]
Number=13840
Confirmed=X
Filename=wuauclt13.exe
Description=Added by the RBOT-GLM WORM!
Source=Paul Collins Startup list
[xp]
Number=13841
Confirmed=X
Filename=winis.exe
Description=Added by the RBOT-WO WORM!
Source=Paul Collins Startup list
[Xp]
Number=13842
Confirmed=X
Filename=p2pnetworking.exe
Description=Added by the SDBOT.XA WORM!
Source=Paul Collins Startup list
[xp service pack 2]
Number=13843
Confirmed=X
Filename=xpsp2.exe
Description=Added by the RBOT-KW WORM!
Source=Paul Collins Startup list
[XP Tools]
Number=13844
Confirmed=U
Filename=xptools.exe
Description=XPTools - "integrated suite of powerful PC Utilities to fix, speed up, maintain and protect your computer"
Source=Paul Collins Startup list
[xp32win]
Number=13845
Confirmed=X
Filename=xpupdater02.exe
Description=Added by the MOSUCK-A TROJAN!
Source=Paul Collins Startup list
[Xpagent]
Number=13846
Confirmed=?
Filename=xpagent.exe
Description=Part of the IBM/XPoint Rapid Restore utility. What does it do and is it required?
Source=Paul Collins Startup list
[XPAgent]
Number=13847
Confirmed=X
Filename=XPAgent.exe
Description=Reported as the CLICKER.LE TROJAN by Panda Anti-Virus. Do not confuse this with the IBM/XPoint Rapid Restore file which is generally located in the PROGRAM FILES\XPOINT\AGENT folder
Source=Paul Collins Startup list
[xpcfg]
Number=13848
Confirmed=?
Filename=xpcfg.exe
Description=??
Source=Paul Collins Startup list
[Xpclient]
Number=13849
Confirmed=?
Filename=xpclient.exe
Description=Part of the IBM/XPoint Rapid Restore utility. What does it do and is it required?
Source=Paul Collins Startup list
[XPCPHOST Settings]
Number=13850
Confirmed=X
Filename=xpcphost.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[xpiupdate]
Number=13851
Confirmed=X
Filename=xpiupdate.exe
Description=Added by the RBOT-AAB WORM!
Source=Paul Collins Startup list
[xPlanetControl]
Number=13852
Confirmed=U
Filename=xPlanetControl.exe
Description=Tool that displays a globe with current day/night zones and clouds on users desktop.
Source=Paul Collins Startup list
[XPSoft]
Number=13853
Confirmed=X
Filename=CVDAsDW.exe
Description=Added by the SDBOT-SY WORM!
Source=Paul Collins Startup list
[XPSP2 Firewall]
Number=13854
Confirmed=X
Filename=xpsp2fw.exe
Description=Added by the SMALL-RN TROJAN!
Source=Paul Collins Startup list
[xpstart]
Number=13855
Confirmed=X
Filename=wini.exe
Description=Added by the PICRATE.A WORM!
Source=Paul Collins Startup list
[xpstat]
Number=13856
Confirmed=X
Filename=winlogins.exe
Description=Added by the RBOT-AAR WORM!
Source=Paul Collins Startup list
[XPsys]
Number=13857
Confirmed=X
Filename=XPsys.exe
Description=Added by the DELF-KQ TROJAN!
Source=Paul Collins Startup list
[xpsystem]
Number=13858
Confirmed=X
Filename=y.exe
Description=CoolWebSearch parasite variant
Source=Paul Collins Startup list
[Xpsystem]
Number=13859
Confirmed=X
Filename=SERVICES.EXE
Description=Added by the DAEMOZ.A TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in an "SERVICES" subfolder
Source=Paul Collins Startup list
[xpsystem]
Number=13860
Confirmed=X
Filename=services.exe
Description=CoolWebSearch parasite variant. Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[xpsystem]
Number=13861
Confirmed=X
Filename=MSXMIDI.EXE
Description=CoolWebSearch parasite variant, identified by Kaspersky antivirus as TrojanDropper.Win32.Small.cw
Source=Paul Collins Startup list
[xpupdate]
Number=13862
Confirmed=X
Filename=updates.exe
Description=Added by the BROPIA.L WORM!
Source=Paul Collins Startup list
[xp_system]
Number=13863
Confirmed=X
Filename=[filename]
Description=Added by the BOOKMARKER.J TROJAN! This file is located in a Windows\inet20004 or Winnt\inet20004 folder
Source=Paul Collins Startup list
[xp_system]
Number=13864
Confirmed=X
Filename=winlogon.exe
Description=Added by the KREPPER-G TROJAN! - a CoolWebSearch parasite variant. Note - this is not the legitimate winlogon.exe, which should not figure in Msconfig/Startup!
Source=Paul Collins Startup list
[xp_system]
Number=13865
Confirmed=X
Filename=services.exe
Description=Added by the KREPPER-N TROJAN and variants! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! The file is located in a "inet*****" subfolder of the Windows or Winnt folder - where ***** varies dependent upon the variant, examples are 20088, 20001, 10066
Source=Paul Collins Startup list
[XSC SIP Client]
Number=13866
Confirmed=U
Filename=X-Lite.exe
Description="CounterPath's X-Lite 3.0 is the market's leading free SIP based softphone available for download". For VOIP and broadband users
Source=Paul Collins Startup list
[xserv]
Number=13867
Confirmed=X
Filename=[path to trojan]
Description=Added by the STUMPY-A TROJAN!
Source=Paul Collins Startup list
[XStop95]
Number=13868
Confirmed=U
Filename=XStop95.exe
Description=XStop - internet filter
Source=Paul Collins Startup list
[xswin]
Number=13869
Confirmed=N
Filename=xswin.exe
Description=Installed with a Xerox Work Centre Pro 555. Unchecking it removes an "out of system memory" error
Source=Paul Collins Startup list
[XTCsgloader]
Number=13870
Confirmed=?
Filename=XTCsgloader.exe
Description=Another Xupiter toolbar variant??
Source=Paul Collins Startup list
[XTN Service Drivers]
Number=13871
Confirmed=X
Filename=winxtn.exe
Description=Added by the SDBOT-YK WORM!
Source=Paul Collins Startup list
[XTNDConnect PC - 3CmPlm]
Number=13872
Confirmed=U
Filename=Autodet.exe
Description=Component of EasySync Pro. Synchronisation between Palm PDAs and Microsoft Outlook
Source=Paul Collins Startup list
[XTNDConnect PC - ErPhn2]
Number=13873
Confirmed=U
Filename=ErPhn2.exe
Description=Component of EasySync Pro. Synchronisation between SonyEricsson mobile phones and Microsoft Outlook
Source=Paul Collins Startup list
[XTNDConnect PC - ErTray]
Number=13874
Confirmed=U
Filename=ErTray.exe
Description=Component of EasySync Pro. Synchronisation between SonyEricsson mobile phones and Microsoft Outlook
Source=Paul Collins Startup list
[XTNDConnect PC - LtNts4]
Number=13875
Confirmed=U
Filename=NtsAgnt.exe
Description=Component of EasySync Pro
Source=Paul Collins Startup list
[Xtray]
Number=13876
Confirmed=X
Filename=xtray_link.exe
Description=Added by the VB.JL TROJAN!
Source=Paul Collins Startup list
[XtreamLok License Manager]
Number=13877
Confirmed=U
Filename=xl.exe
Description=License manager for xLok (XtreamLok) - prevents software being reverse engineered
Source=Paul Collins Startup list
[Xtrem parental control]
Number=13878
Confirmed=U
Filename=pcx.exe
Description=ParentXtreme is a surviellance software program that monitors user activity, logs keystrokes, and takes screenshots. It ends the processes of anti-spyware programs. If you didn't install this yourself remove it
Source=Paul Collins Startup list
[XTServiceUpdate]
Number=13879
Confirmed=X
Filename=XTServiceUpdate.exe
Description=hahame.net adware downloader
Source=Paul Collins Startup list
[XtTb.exe]
Number=13880
Confirmed=X
Filename=XtTb.exe
Description=Top-banners.com adware
Source=Paul Collins Startup list
[xuio.exe]
Number=13881
Confirmed=?
Filename=xuio.exe
Description=??
Source=Paul Collins Startup list
[Xupiter Startup]
Number=13882
Confirmed=X
Filename=XupiterStartup.exe
Description=Xupiter - adware and homepage hijacker. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see here
Source=Paul Collins Startup list
[XupiterCfgLoader]
Number=13883
Confirmed=X
Filename=XTCfgLoader.exe
Description=Xupiter - adware and homepage hijacker. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see here
Source=Paul Collins Startup list
[XupiterCfgLoader]
Number=13884
Confirmed=X
Filename=BWCfgLoader.exe
Description=Xupiter - adware and homepage hijacker. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see here
Source=Paul Collins Startup list
[xupiterstartup2003]
Number=13885
Confirmed=X
Filename=xupiterstartup2003.exe
Description=Xupiter - adware and homepage hijacker. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see here
Source=Paul Collins Startup list
[XupiterToolbarLoader]
Number=13886
Confirmed=X
Filename=XupiterToolbarLoader.exe
Description=Xupiter - adware and homepage hijacker. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see here
Source=Paul Collins Startup list
[xv_ctrl]
Number=13887
Confirmed=U
Filename=v_ctrl.exe
Description=3dfx Underground Tools - "Gives direct hardware control to your video graphics adapter"
Source=Paul Collins Startup list
[xware]
Number=13888
Confirmed=X
Filename=xware.exe
Description=Malware downloader from xxsware.com, causes adult content popups
Source=Paul Collins Startup list
[xware]
Number=13889
Confirmed=X
Filename=cskware.exe
Description=Malware downloader from xxsware.com, produces adult content popups
Source=Paul Collins Startup list
[XWMSUSBAPI]
Number=13890
Confirmed=?
Filename=XWMSAPI.EXE
Description=Part of the installation of a Xerox WorkCentre printer/scanner. Is it required?
Source=Paul Collins Startup list
[xxcm]
Number=13891
Confirmed=X
Filename=sys.exe
Description=Added by the KRISWORM-A WORM!
Source=Paul Collins Startup list
[xxsrSrv32]
Number=13892
Confirmed=X
Filename=xxsrsrv.exe
Description=Added by the BANCSDE-E TROJAN!
Source=Paul Collins Startup list
[XXXmpeg]
Number=13893
Confirmed=X
Filename=XXXmpeg.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[xxxvideo]
Number=13894
Confirmed=X
Filename=xxxvideo.exe
Description=AccessPlugin premium rate adult content dialler
Source=Paul Collins Startup list
[xy]
Number=13895
Confirmed=X
Filename=svhost32.exe
Description=Added by the DELF.FAI TROJAN!
Source=Paul Collins Startup list
[x[Number from 1 to 7]]
Number=13896
Confirmed=X
Filename=x[Number from 1 to 7].exe
Description=Added by the DADOBRA-A TROJAN!
Source=Paul Collins Startup list
[Y!TunnelBasic]
Number=13897
Confirmed=U
Filename=YTBasic.exe
Description=Y!TunnelBasic software provides additional features to Yahoo! Messenger
Source=Paul Collins Startup list
[Y!TunnelPro]
Number=13898
Confirmed=U
Filename=YTunnelPro.exe
Description=Spam, bot and ad blocker for Yahoo! Messenger from Digital Asphyxia
Source=Paul Collins Startup list
[Y!TunnelPro]
Number=13899
Confirmed=U
Filename=YTPro.exe
Description=Spam, bot and ad blocker for Yahoo! Messenger from Digital Asphyxia
Source=Paul Collins Startup list
[Y'z Shadow]
Number=13900
Confirmed=U
Filename=YzShadow.exe
Description=Y'z Shadow 'adds a shadow effect to the windows in pursuit of the "beauty of a shadow".
It also allows the user the option of making menus transparent'
Source=Paul Collins Startup list
[Y'z Toolbar]
Number=13901
Confirmed=U
Filename=YzToolBar.exe
Description=Y'z Toolbar "allows the user to change the toolbar icons in Explorer and Internet Explorer.
The user can also create and add their own themes"
Source=Paul Collins Startup list
[Ya Salam]
Number=13902
Confirmed=X
Filename=NancyAjram.exe
Description=Added by the JALABED WORM!
Source=Paul Collins Startup list
[yaemu.exe]
Number=13903
Confirmed=X
Filename=yaemu.exe
Description=Added by the WIN32.DNSCHANGER.S TROJAN!
Source=Paul Collins Startup list
[yahoo groups]
Number=13904
Confirmed=X
Filename=upgrdmgr.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[Yahoo HP Reminder 1.1]
Number=13905
Confirmed=?
Filename=yr.exe
Description=??
Source=Paul Collins Startup list
[Yahoo Instant Messengar]
Number=13906
Confirmed=X
Filename=YahooMsgr.exe
Description=Added by the SDBOT.GEN TROJAN!
Source=Paul Collins Startup list
[Yahoo Messenger]
Number=13907
Confirmed=X
Filename=Yahoomsg.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Yahoo Messenger]
Number=13908
Confirmed=X
Filename=YPager.exe
Description=Added by the RBOT-QO WORM!
Source=Paul Collins Startup list
[Yahoo Messenger]
Number=13909
Confirmed=X
Filename=svchost32.exe
Description=Added by the SOHANA-P WORM!
Source=Paul Collins Startup list
[Yahoo Messengger]
Number=13910
Confirmed=X
Filename=SVICHHOST.exe
Description=Added by the TIOTUA-C TROJAN!
Source=Paul Collins Startup list
[Yahoo Messengger]
Number=13911
Confirmed=X
Filename=RVHOST.exe
Description=Added by the SILLYFDC-G WORM!
Source=Paul Collins Startup list
[Yahoo Messengger]
Number=13912
Confirmed=X
Filename=SSVICHOSST.exe
Description=Added by the SOHANA-R WORM!
Source=Paul Collins Startup list
[Yahoo Update]
Number=13913
Confirmed=X
Filename=Yahoo!.exe
Description=Added by the YAHOO! TROJAN!
Source=Paul Collins Startup list
[Yahoo Updater]
Number=13914
Confirmed=X
Filename=Messenger.exe
Description=Added by the FORBOT-FE WORM!
Source=Paul Collins Startup list
[Yahoo! Pager]
Number=13915
Confirmed=N
Filename=ypager.exe
Description=Yahoo! Messenger allows you to send instant messages. Available via Start -> Programs
Source=Paul Collins Startup list
[Yahoo! Pager]
Number=13916
Confirmed=N
Filename=YAHOOM~1.EXE
Description=Yahoo! Messenger allows you to send instant messages. Available via Start -> Programs
Source=Paul Collins Startup list
[Yahoo2000]
Number=13917
Confirmed=X
Filename=Anti.exe
Description=Added by the RBOT.ATK WORM!
Source=Paul Collins Startup list
[Yahoo2000]
Number=13918
Confirmed=X
Filename=Anti.exe
Description=Added by an unknown Malware, possibly a variant of the RBOT-RAM WORM!
Source=Paul Collins Startup list
[YahooStock]
Number=13919
Confirmed=X
Filename=Prmvr.exe
Description=Adtomi adware
Source=Paul Collins Startup list
[YahooStock]
Number=13920
Confirmed=X
Filename=ystckAO32.exe
Description=Adtomi adware
Source=Paul Collins Startup list
[yahoo_toolbar lptt01]
Number=13921
Confirmed=X
Filename=yahoo_toolbar.exe
Description=RapidBlaster variant (in a "yahoo_toolbar" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
Source=Paul Collins Startup list
[yahoo_toolbar ml097e]
Number=13922
Confirmed=X
Filename=yahoo_toolbar.exe
Description=RapidBlaster variant (in a "yahoo_toolbar" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
Source=Paul Collins Startup list
[YAMAHA AC-XG Power Utility]
Number=13923
Confirmed=?
Filename=yacpower.exe
Description=YAMAHA AC-XG Power Utility. What does it do and is it required?
Source=Paul Collins Startup list
[YAMAHA DS-XG Launcher]
Number=13924
Confirmed=N
Filename=dslaunch.exe
Description=System Tray access for the features of the Yamaha DS-XG soundcard unless you regularly change set-ups
Source=Paul Collins Startup list
[Yankee Clipper III]
Number=13925
Confirmed=N
Filename=YankClip.exe
Description=Yankee Clipper III - 'A super powerful Windows clipboard extender/memory - now in its third generation. Handles Pictures, Richtext, URLS, etc - any size. Features printing, drag and drop, optional permanent storage of clippings. Familiar "Outlook" interface'. Freeware
Source=Paul Collins Startup list
[YBrowser]
Number=13926
Confirmed=N
Filename=ybrwicon.exe
Description=SBC Yahoo! Browser system tray icon
Source=Paul Collins Startup list
[YCentral]
Number=13927
Confirmed=U
Filename=YahooCentral.exe
Description=Yahoo! Central - "alerts you if your default home page, search, or email is changed or if updates are available for your Yahoo! software. You can manage your default Internet settings and get updates to your software from Yahoo!"
Source=Paul Collins Startup list
[yeahdude.exe]
Number=13928
Confirmed=X
Filename=hallowelt.exe
Description=Added by the GAOBOT.RS or GAOBOT.SA WORMS!
Source=Paul Collins Startup list
[yemarvd]
Number=13929
Confirmed=X
Filename=sysmon.exe
Description=Added by the AGENT-CH TROJAN!
Source=Paul Collins Startup list
[YeppStudioAgent]
Number=13930
Confirmed=N
Filename=SamsungMediaStudioAgent.exe
Description=Samsung Media Studio MP3 player file management software - see here for an example
Source=Paul Collins Startup list
[YhooUapdates]
Number=13931
Confirmed=X
Filename=ymssmsgs.exe
Description=Added by a variant of the SMALL_K TROJAN!
Source=Paul Collins Startup list
[YhooUpdates]
Number=13932
Confirmed=X
Filename=ymsmsgs.exe
Description=Added by the SMALL_K TROJAN!
Source=Paul Collins Startup list
[ying]
Number=13933
Confirmed=X
Filename=ying.exe
Description=Constructor VC2000 malware
Source=Paul Collins Startup list
[ymetray]
Number=13934
Confirmed=N
Filename=ymetray.exe
Description=Yahoo! Music system tray icon
Source=Paul Collins Startup list
[YOP]
Number=13935
Confirmed=N
Filename=yop.exe
Description=Dashboard Module for SBC Yahoo! Online Protection
Source=Paul Collins Startup list
[You've Got Pictures Screensaver]
Number=13936
Confirmed=U
Filename=ygpsstra.exe
Description=AOL You've Got Pictures Screensaver
Source=Paul Collins Startup list
[YOW tuner]
Number=13937
Confirmed=?
Filename=WatchPNM.exe
Description=??
Source=Paul Collins Startup list
[ypager]
Number=13938
Confirmed=N
Filename=ypager.exe
Description=Yahoo! Messenger allows you to send instant messages. Available via Start -> Programs
Source=Paul Collins Startup list
[YPC]
Number=13939
Confirmed=U
Filename=ypc.exe
Description=Yahoo Parental controls - "Let you decide what type of sites and Yahoo! services your kids can access"
Source=Paul Collins Startup list
[YPOPs]
Number=13940
Confirmed=U
Filename=YPOPs.exe
Description=YPOPs! - an application that provides POP3 access to Yahoo! Mail. Yahoo! Mail disabled free access to its POP3 service in 2002. This application emulates a POP3 server and enables popular email clients like Outlook, Netscape, Eudora, Mozilla, etc., to download email from Yahoo! account
Source=Paul Collins Startup list
[YTrayMagic Lite 1]
Number=13941
Confirmed=Y
Filename=YTRAYMAGIC.EXE
Description=YTrayMagic from YoconSoft automatically restores your tray icons after an Explorer(the windows shell) crash. Leave to run at startup since only those icons that are in the taskbar after YTrayMagic has initialized will be restored
Source=Paul Collins Startup list
[Yumgo's Homepage Protector V1]
Number=13942
Confirmed=U
Filename=YumgoHomepageProtector.exe
Description=Yumgo's Homepage Protector
Source=Paul Collins Startup list
[ywwvc.exe]
Number=13943
Confirmed=X
Filename=ywwvc.exe
Description=Added by the STARTPA-HR TROJAN!
Source=Paul Collins Startup list
[ywzizdon]
Number=13944
Confirmed=X
Filename=ywzizdon.exe
Description=Free_Scratch_Cards foistware
Source=Paul Collins Startup list
[yx]
Number=13945
Confirmed=X
Filename=uu.exe
Description=Added by the AGOBOT-YX WORM!
Source=Paul Collins Startup list
[yyyyyyyy]
Number=13946
Confirmed=X
Filename=[path to trojan]
Description=Added by the MUMUBOY.B TROJAN!
Source=Paul Collins Startup list
[yz.exe]
Number=13947
Confirmed=X
Filename=yz.exe
Description=Added by the VARDO TROJAN!
Source=Paul Collins Startup list
[YZH]
Number=13948
Confirmed=X
Filename=YZH.exe
Description=Added by the LEGMIR-BM VIRUS!
Source=Paul Collins Startup list
[YZH.SYS]
Number=13949
Confirmed=X
Filename=YZH.exe
Description=Added by the PHILIS.C VIRUS!
Source=Paul Collins Startup list
[Z]
Number=13950
Confirmed=X
Filename=zmon.exe
Description=Added by the DELBOT-AO WORM!
Source=Paul Collins Startup list
[z-WrDialer]
Number=13951
Confirmed=U
Filename=WrDialer.exe
Description=WinPoet DSL dialer
Source=Paul Collins Startup list
[ZaCker]
Number=13952
Confirmed=X
Filename=[filename].PIF
Description=Added by the HOLAR.A WORM!
Source=Paul Collins Startup list
[Zacker]
Number=13953
Confirmed=X
Filename=Zacker.exe
Description=Added by the GEMEL WORM!
Source=Paul Collins Startup list
[zango]
Number=13954
Confirmed=X
Filename=zango.exe
Description=NCase adware
Source=Paul Collins Startup list
[Zango SiteFinder]
Number=13955
Confirmed=X
Filename=ZangoSiteFinder.exe
Description=180Solutions ZangoSearch adware variant
Source=Paul Collins Startup list
[Zango TvTimes]
Number=13956
Confirmed=X
Filename=ZANGOT~1.EXE
Description=ZangoSearch adware
Source=Paul Collins Startup list
[zanu]
Number=13957
Confirmed=X
Filename=zanu.exe
Description=NCase adware
Source=Paul Collins Startup list
[Zapro]
Number=13958
Confirmed=Y
Filename=Zapro.exe
Description=Firewall program from Zonelabs - paid for version
Source=Paul Collins Startup list
[zBrowser Launcher]
Number=13959
Confirmed=U
Filename=iTouch.exe
Description=For a Logitech internet keyboard - loads the software for the shortcut keys on the keyboard. Also used to display your keyboard LEDs on-screen to indicate Caps Lock, etc if it doesn't have them
Source=Paul Collins Startup list
[zBrowser Launcher]
Number=13960
Confirmed=U
Filename=Commandr.exe
Description=For a Logitech internet keyboard - loads the software for the shortcut keys on the keyboard. Also used to display your keyboard LEDs on-screen to indicate Caps Lock, etc if it doesn't have them
Source=Paul Collins Startup list
[zcb]
Number=13961
Confirmed=?
Filename=zcb.exe
Description=??
Source=Paul Collins Startup list
[Zcfgsvc]
Number=13962
Confirmed=U
Filename=ZCfgSvc.exe
Description=Zero Config MFC Application, part of Intel's ProSET utilities and installed by the drivers for many of Intel wireless network cards - essential to the proper functioning of many of the Intel ProSET utilities (but not all) and these System Tray ProSET utilities are a must if you are using your wireless connection, if only so you know when the signal is fading or dropping. The problem is that, in some PCs, ZCFGSVC can be incredibly badly behaved : taking up to 100% of CPU time and therefore resulting in an extremely slow PC, preventing the installation of software or Windows updates, or causing "Not Responding" or "End this Program" shutdown problems. If you experience this, try first the very latest drivers from Intel or your laptop manufacturer. If that still does not solve the problem and you have WinXP/2003, try setting the "Wireless Zero Configuration" service to disabled
Source=Paul Collins Startup list
[zcproo]
Number=13963
Confirmed=X
Filename=qssstiej.exe
Description=Possible homepage hijacker installing a toolbar: http://tdko.com/ ,Lop.com in disguise
Source=Paul Collins Startup list
[ZDConfig]
Number=13964
Confirmed=?
Filename=ZDConfig.exe
Description=Related to various brands of Wireless USB LAN Adapter - what does it do and is it required?
Source=Paul Collins Startup list
[zdnet]
Number=13965
Confirmed=N
Filename=kontiki.exe
Description=Kontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktops
Source=Paul Collins Startup list
[Zebus]
Number=13966
Confirmed=N
Filename=msdc32.exe
Description=Runs a HTML tutorial on the Zebus web-site
Source=Paul Collins Startup list
[Zekio Startups]
Number=13967
Confirmed=X
Filename=znksvc32.exe
Description=Added by the AGOBOT-AGI WORM!
Source=Paul Collins Startup list
[Zen.A]
Number=13968
Confirmed=X
Filename=[path to trojan]
Description=Added by the ZOOMEN-A TROJAN!
Source=Paul Collins Startup list
[Zenet]
Number=13969
Confirmed=X
Filename=rundll32 CNBabe.dll, DllStartup
Description=CommonName Toolbar spyware. To uninstall see here
Source=Paul Collins Startup list
[Zeno]
Number=13970
Confirmed=X
Filename=*sys****.exe [* = random char/digit]
Description=ZenoSearch adware. Note - the most frequent filenames appear to be rsyssx2d.exe, rsyssx2d.exe, rsystu2d.exe and ysysyz2d.exe but there are others
Source=Paul Collins Startup list
[Zeno]
Number=13971
Confirmed=X
Filename=*winspez.exe [* = rand letter]
Description=ZenoSearch adware
Source=Paul Collins Startup list
[Zeno]
Number=13972
Confirmed=X
Filename=nwinrqez.exe
Description=Added by the QEXREZ family of TROJANS!
Source=Paul Collins Startup list
[ZENRC]
Number=13973
Confirmed=Y
Filename=zenrc32.exe
Description=The main component of Novell's ZenWorks - "Complete End-to-End Directory-enabled Network Management". Leave well alone
Source=Paul Collins Startup list
[ZENRC Tray Icon]
Number=13974
Confirmed=Y
Filename=zentray.exe
Description=Part of Novell's ZenWorks - "Complete End-to-End Directory-enabled Network Management". Best left alone
Source=Paul Collins Startup list
[ZENworks Imaging Service]
Number=13975
Confirmed=Y
Filename=ZISWin.exe
Description=Imaging Agent. Part of Novell's ZenWorks - "Complete End-to-End Directory-enabled Network Management"
Source=Paul Collins Startup list
[Zero PoPup Killer XP]
Number=13976
Confirmed=U
Filename=zpk_xp.exe
Description=Intelligent anti-pop-up software product by Ax-Soft
Source=Paul Collins Startup list
[ZeroAds]
Number=13977
Confirmed=U
Filename=0
Description=ZeroAds - culls ads, cookies and pop-ups. Tells ZeroAds not to run at startup - needed to start it manually
Source=Paul Collins Startup list
[ZeroAds]
Number=13978
Confirmed=U
Filename=LAS0Ads.exe
Description=ZeroAds - culls ads, cookies and pop-ups. Required for the cookie interception to work
Source=Paul Collins Startup list
[ZeroAds]
Number=13979
Confirmed=U
Filename=Zeroads.exe
Description=ZeroAds - a popular Internet accelerator and anti-adware application
Source=Paul Collins Startup list
[ZeroSpyware]
Number=13980
Confirmed=U
Filename=ZeroSpyware.exe
Description=FBM Software ZeroSpyware 2004 spyware detector and remover
Source=Paul Collins Startup list
[zervpack2]
Number=13981
Confirmed=X
Filename=update2.exe
Description=Added by the SDBOT.WD WORM!
Source=Paul Collins Startup list
[ZGNUBI]
Number=13982
Confirmed=?
Filename=ZGNUBI.exe
Description=??
Source=Paul Collins Startup list
[Zi5]
Number=13983
Confirmed=X
Filename=AntiVirus Update.exe
Description=Added by the ERKEZ.G WORM!
Source=Paul Collins Startup list
[ZIBMACC]
Number=13984
Confirmed=U
Filename=rundll.exe ZIBMACC.INF
Description=ZIBMACC.INF is an IBM file that is only loaded and installed under a recovery operation. The file is a support file for IBM access to the system if needed. You may delete this file. This is as from IBM Technical Support (USA - 800-887-7435)
Source=Paul Collins Startup list
[ZincgrubInc]
Number=13985
Confirmed=X
Filename=Lsass.exe
Description=Added by the VOUMIT-A WORM! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "mirc32" folder
Source=Paul Collins Startup list
[ZingSpooler]
Number=13986
Confirmed=U
Filename=ZingSpooler.exe
Description=Was used for a drag and drop program to upload pictures to www.zing.com but Zing has gone out of business. Now used for Sony ImageStation's upload photos to online albums
Source=Paul Collins Startup list
[Zinio DLM]
Number=13987
Confirmed=N
Filename=ZDLM.EXE
Description=Zinio - used to read magazines in digital rather than paper format
Source=Paul Collins Startup list
[Zinio DLM]
Number=13988
Confirmed=N
Filename=ZinioDeliveryManager.exe
Description=Related to Zinio used to read magazines in digital rather than paper format
Source=Paul Collins Startup list
[Zip Driver Loader]
Number=13989
Confirmed=X
Filename=ZipLoader32.exe
Description=Added by the OBLIVION TROJAN! This executable is one of the most common but there are more
Source=Paul Collins Startup list
[Zip Driver Loader]
Number=13990
Confirmed=X
Filename=msload32.exe
Description=Added by the OBLIVION TROJAN! This executable is one of the most common but there are more
Source=Paul Collins Startup list
[ZipDisk Icons]
Number=13991
Confirmed=U
Filename=IMGICON.EXE
Description=Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running
Source=Paul Collins Startup list
[ZipGenius Clean]
Number=13992
Confirmed=N
Filename=zg.exe
Description=ZipGenius file compression utility
Source=Paul Collins Startup list
[ziphelp]
Number=13993
Confirmed=X
Filename=ziphelp.exe
Description=CoolWebSearch parasite variant
Source=Paul Collins Startup list
[ZipMagic]
Number=13994
Confirmed=N
Filename=zm32.exe
Description=Zip utility by Ontrack. Preloading ZipMagic allows you to access files within a zip archive without unzipping them first
Source=Paul Collins Startup list
[zlclient]
Number=13995
Confirmed=Y
Filename=zlclient.exe
Description=Firewall program from Zonelabs. Pro version inlcudes other online security options
Source=Paul Collins Startup list
[ZLH]
Number=13996
Confirmed=U
Filename=ZLH.EXE
Description=System Tray icon for Norman Antivirus
Source=Paul Collins Startup list
[ZNN]
Number=13997
Confirmed=X
Filename=znnsvc.exe
Description=Added by the SDBOT-DAA WORM!
Source=Paul Collins Startup list
[Zolero Translator]
Number=13998
Confirmed=X
Filename=ZoleroTranslator.exe
Description=Zolero Translator - added by Clickspring, the makers of Purityscan, products and are bundled with the Outer Info Network Client, or OIN client
Source=Paul Collins Startup list
[Zonavirus]
Number=13999
Confirmed=X
Filename=0
Description=Added by the KITRO.D (or ARGEN.A) WORM!
Source=Paul Collins Startup list
[Zone Alarm]
Number=14000
Confirmed=X
Filename=vsmon.exe
Description=Added by the RBOT.BO WORM! If this was the ZoneAlarm firewall the name column would be TrueVector
Source=Paul Collins Startup list
[zone alarm security]
Number=14001
Confirmed=X
Filename=zlclint.exe
Description=Added by the NIRBOT WORM!
Source=Paul Collins Startup list
[Zone Labs Client]
Number=14002
Confirmed=Y
Filename=zlclient.exe
Description=Firewall program from Zonelabs. Pro version inlcudes other online security options
Source=Paul Collins Startup list
[Zone Labs Client Ex]
Number=14003
Confirmed=X
Filename=svchost.exe
Description=Added by the NETSKY.F WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list
[Zone system]
Number=14004
Confirmed=X
Filename=szchost.exe
Description=Added by the MULTIDR-AC TROJAN!
Source=Paul Collins Startup list
[ZoneAlarm]
Number=14005
Confirmed=Y
Filename=zonealarm.exe
Description=Firewall program from Zonelabs - free version
Source=Paul Collins Startup list
[zonealarm]
Number=14006
Confirmed=X
Filename=[random filename]
Description=Added by an unidentified VIRUS, WORM or TROJAN! The only exception is if you have an older version of the ZoneAlarm firewall running
Source=Paul Collins Startup list
[Zonealarm]
Number=14007
Confirmed=X
Filename=Removeme.exe
Description=Added by the FORBOT-BG WORM!
Source=Paul Collins Startup list
[Zonealarm]
Number=14008
Confirmed=X
Filename=iexplore.exe
Description=Added by the FORBOT-CP WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup unless you add it manually! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list
[ZoneAlarm Plus]
Number=14009
Confirmed=Y
Filename=zaplus.exe
Description=Firewall program from Zonelabs - paid for version
Source=Paul Collins Startup list
[ZoneAlarm Pro]
Number=14010
Confirmed=Y
Filename=Zapro.exe
Description=Firewall program from Zonelabs - paid for version
Source=Paul Collins Startup list
[Zonesoft Cleaner]
Number=14011
Confirmed=X
Filename=rnsys.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[Zoom]
Number=14012
Confirmed=U
Filename=zoom.exe
Description=Zoom - speeds up Windows startup and manages startup applications
Source=Paul Collins Startup list
[Zooming]
Number=14013
Confirmed=U
Filename=ZoomingHook.exe
Description=Toshiba Zooming Utility - found on Toshiba laptops and Tablet PCs. It allows users to zoom in (or magnify) text
Source=Paul Collins Startup list
[ZoomingHook]
Number=14014
Confirmed=U
Filename=ZoomingHook.exe
Description=Toshiba Zooming Utility - found on Toshiba laptops. It allows users to zoom in (or magnify) text
Source=Paul Collins Startup list
[ZPoint]
Number=14015
Confirmed=X
Filename=winmuse.exe
Description=Added by the VJ TROJAN!
Source=Paul Collins Startup list
[ZPOINT32]
Number=14016
Confirmed=Y
Filename=ZPOINT32.exe
Description=USB graphics/writing tablet driver
Source=Paul Collins Startup list
[zSearch]
Number=14017
Confirmed=X
Filename=Zstb.exe
Description=TotalVelocity zSearch parasite
Source=Paul Collins Startup list
[zSecurity Service]
Number=14018
Confirmed=X
Filename=szsvc.exe
Description=Added by the SDBOT-DAB WORM!
Source=Paul Collins Startup list
[zsms]
Number=14019
Confirmed=X
Filename=smss.exe
Description=Added by the BANCOS-CK TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[zsmsgs]
Number=14020
Confirmed=X
Filename=iservice.exe
Description=Added by the BANCOS-BU TROJAN!
Source=Paul Collins Startup list
[zsmss]
Number=14021
Confirmed=X
Filename=smss.exe
Description=Added by the BANCOS-DD TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list
[zSPGuard]
Number=14022
Confirmed=U
Filename=Spguard.exe
Description="StartPage Guard (SPG) protects your PC from cyberscam, by detecting and preventing any unauthorized changes to your internet browser's Start and Search pages. It is also capable of removing automatically most of known 'invaders'."
Source=Paul Collins Startup list
[ZSScheduler]
Number=14023
Confirmed=U
Filename=zsscheduler.dll
Description=ZeroSpyware from FBM Software
Source=Paul Collins Startup list
[ZStart]
Number=14024
Confirmed=X
Filename=[various filenames]
Description=VX2.Transponder parasite updater/installer related
Source=Paul Collins Startup list
[Zstart]
Number=14025
Confirmed=X
Filename=cxdxregt.exe
Description=ZenoSearch adware
Source=Paul Collins Startup list
[ZtgServerSwitch]
Number=14026
Confirmed=X
Filename=server.vbs
Description=ZTGServerswitch is part of Sony's Vaio support agent - designed by Support.com. Not required if the user does not wish to use the Vaio support agent and regarded as spyware
Source=Paul Collins Startup list
[Zune Launcher]
Number=14027
Confirmed=U
Filename=ZuneLauncher.exe
Description=Only needed if running Microsoft's new Zune software for use with their new Zune music player. Similar to iTunes for the iPod
Source=Paul Collins Startup list
[Zupdate]
Number=14028
Confirmed=X
Filename=Zupdate.exe
Description=Associated with B3d Projector foistware - see here
Source=Paul Collins Startup list
[zzb]
Number=14029
Confirmed=X
Filename=zzb.exe
Description=IAGold adware downloader
Source=Paul Collins Startup list
[zzb]
Number=14030
Confirmed=X
Filename=zzb.exe
Description=IAGold adware downloader
Source=Paul Collins Startup list
[zzgshp]
Number=14031
Confirmed=X
Filename=gshp.vbs
Description=Homepage hi-jacker that re-defines your IE or Netscape start page
Source=Paul Collins Startup list
[zztp]
Number=14032
Confirmed=X
Filename=svchost.exe
Description=Added by the TANNICK.B TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[zzz-hpi-boot]
Number=14033
Confirmed=?
Filename=hpi-boot.exe
Description=Associated with HP Photosmart printers
Source=Paul Collins Startup list
[zzzCamlnSuitelll]
Number=14034
Confirmed=?
Filename=setup.exe 46***
Description=??
Source=Paul Collins Startup list
[zzzhpsetup]
Number=14035
Confirmed=?
Filename=setup.exe
Description=??
Source=Paul Collins Startup list
[Z_Start]
Number=14036
Confirmed=X
Filename=********.exe [* = 8 random chars]
Description=ZenoSearch adware. Note - the most frequent filenames appear to be dwdsregt.exe, rkdsregm.exe, psdsregm.exe and ZIFI002.exe but there are others
Source=Paul Collins Startup list
[[3-4 random letters]]
Number=14037
Confirmed=X
Filename=nslookup.exe
Description=PurityScan/Clickspring adware. Not to be confused with the legitimate nslookup.exe which is found in the System32 folder
Source=Paul Collins Startup list
[[3-4 random letters]Srv32]
Number=14038
Confirmed=X
Filename=[path to file]
Description=Added by the BANCSADE-A TROJAN!
Source=Paul Collins Startup list
[[decimal number]]
Number=14039
Confirmed=X
Filename=[path to worm]
Description=Added by the OPOSSUM-A WORM! The decimal number can be anything, eg, 0.12345678
Source=Paul Collins Startup list
[[default]]
Number=14040
Confirmed=X
Filename=DrWatson32.exe
Description=Added by the DREMN TROJAN!
Source=Paul Collins Startup list
[[Entry name]]
Number=14041
Confirmed=X
Filename=System.exe
Description=Added by the NETHIEF-N TROJAN!
Source=Paul Collins Startup list
[[Ephemeral 2.5] by TreeHugger,]
Number=14042
Confirmed=X
Filename=[path to worm]
Description=Added by the LEMOOR-C WORM!
Source=Paul Collins Startup list
[[Ephemeral 2.x] by TreeHugger,]
Number=14043
Confirmed=X
Filename=[path to worm]
Description=Added by the LEMOOR.A WORM! where "x" represents 3 or 4
Source=Paul Collins Startup list
[[executed file name]]
Number=14044
Confirmed=X
Filename=App.exe
Description=Added by the WAXPOW WORM!
Source=Paul Collins Startup list
[[executed file name]]
Number=14045
Confirmed=X
Filename=Regsrv32.com
Description=Added by the SOUTHGHOST WORM!
Source=Paul Collins Startup list
[[filename]]
Number=14046
Confirmed=X
Filename=svchost.scr
Description=Added by the BANKER-CC TROJAN!
Source=Paul Collins Startup list
[[original filename]]
Number=14047
Confirmed=X
Filename=svchost.scr
Description=Added by the BANCBAN-CX TROJAN!
Source=Paul Collins Startup list
[[original filename]]
Number=14048
Confirmed=X
Filename=xphost.scr
Description=Added by the BANCBAN-HM TROJAN!
Source=Paul Collins Startup list
[[random 12 digit number]]
Number=14049
Confirmed=X
Filename=avifile5.exe
Description=Adsrv.com/IeDriver adware variant
Source=Paul Collins Startup list
[[random 12 digit number]]
Number=14050
Confirmed=X
Filename=bootvid4.exe
Description=Adsrv.com/IeDriver adware variant
Source=Paul Collins Startup list
[[random 12 digit number]]
Number=14051
Confirmed=X
Filename=browser8.exe
Description=Adsrv.com/IeDriver adware variant
Source=Paul Collins Startup list
[[random 12 digit number]]
Number=14052
Confirmed=X
Filename=atitvo32.exe
Description=Adsrv.com/IeDriver adware variant
Source=Paul Collins Startup list
[[random 12 digit number]]
Number=14053
Confirmed=X
Filename=autodisc.exe
Description=Adsrv.com/IeDriver adware variant
Source=Paul Collins Startup list
[[random 12 digit number]]
Number=14054
Confirmed=X
Filename=cabview1.exe
Description=Adsrv.com/IeDriver adware variant
Source=Paul Collins Startup list
[[random 12 digit number]]
Number=14055
Confirmed=X
Filename=advpack1.exe
Description=Adsrv.com/IeDriver adware variant
Source=Paul Collins Startup list
[[random 12 digit number]]
Number=14056
Confirmed=X
Filename=batmeter.exe
Description=Adsrv.com/IeDriver adware variant
Source=Paul Collins Startup list
[[random 12 digit number]]
Number=14057
Confirmed=X
Filename=bidispl2.exe
Description=Adsrv.com/IeDriver adware variant
Source=Paul Collins Startup list
[[random 12 digit number]]
Number=14058
Confirmed=X
Filename=asferror.exe
Description=Adsrv.com/IeDriver adware variant
Source=Paul Collins Startup list
[[random 12 digit number]]
Number=14059
Confirmed=X
Filename=catsrvps.exe
Description=Adsrv.com/IeDriver adware variant
Source=Paul Collins Startup list
[[random 12 digit number]]
Number=14060
Confirmed=X
Filename=admparse.exe
Description=Adsrv.com/IeDriver adware variant
Source=Paul Collins Startup list
[[random 12 digit number]]
Number=14061
Confirmed=X
Filename=audiosrv.exe
Description=Adsrv.com/IeDriver adware variant
Source=Paul Collins Startup list
[[random 12 digit number]]
Number=14062
Confirmed=X
Filename=bootvid2.exe
Description=Adsrv.com/IeDriver adware variant
Source=Paul Collins Startup list
[[random 12 digit number]]
Number=14063
Confirmed=X
Filename=cmpbk321.exe
Description=Adsrv.com/IeDriver adware variant
Source=Paul Collins Startup list
[[random characters]]
Number=14064
Confirmed=X
Filename=securewinload32x.exe
Description=Added by the OPTIXP-N TROJAN! Note - this trojan file is found in the System (9x/Me) or System32 (NT/2K/XP) folder. The file system32dir2a.exe will also be found in the same folder and should be deleted
Source=Paul Collins Startup list
[[random characters]]
Number=14065
Confirmed=X
Filename=rsbmsc.exe
Description=Detected by AntiVir antivirus as the BDS/Agent.adt TROJAN!
Source=Paul Collins Startup list
[[random filename]]
Number=14066
Confirmed=X
Filename=slk8x2peu.exe
Description=QuickLinks adware
Source=Paul Collins Startup list
[[random names]]
Number=14067
Confirmed=X
Filename=eee2.exe
Description=MediaMotor adware
Source=Paul Collins Startup list
[[random name]]
Number=14068
Confirmed=X
Filename=Svchosts.exe
Description=Added by the SDBOT.N TROJAN!
Source=Paul Collins Startup list
[[random name]]
Number=14069
Confirmed=X
Filename=wincpu.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[[random name]]
Number=14070
Confirmed=X
Filename=m?dtc.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14071
Confirmed=X
Filename=ping.exe
Description=PurityScan/Clickspring adware. Note - do not confuse with the Microsoft utility of the same name as described here
Source=Paul Collins Startup list
[[random name]]
Number=14072
Confirmed=X
Filename=CXTPLS_LOADER.EXE
Description=AproposMedia adware
Source=Paul Collins Startup list
[[random name]]
Number=14073
Confirmed=X
Filename=??plorer.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14074
Confirmed=X
Filename=?hkdsk.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14075
Confirmed=X
Filename=?hkntfs.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14076
Confirmed=X
Filename=l?gonui.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14077
Confirmed=X
Filename=m?iexec.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14078
Confirmed=X
Filename=r?gsvr32.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14079
Confirmed=X
Filename=t?skmgr.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14080
Confirmed=X
Filename=w?auboot.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14081
Confirmed=X
Filename=w?auclt.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14082
Confirmed=X
Filename=w?crtupd.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14083
Confirmed=X
Filename=w?wexec.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14084
Confirmed=X
Filename=??erinit.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14085
Confirmed=X
Filename=d?dplay.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14086
Confirmed=X
Filename=n?tepad.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14087
Confirmed=X
Filename=??chost.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14088
Confirmed=X
Filename=??oolsv.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14089
Confirmed=X
Filename=??xplore.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14090
Confirmed=X
Filename=r?ndll32.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14091
Confirmed=X
Filename=se?vices.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14092
Confirmed=X
Filename=w?nlogon.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14093
Confirmed=X
Filename=w?nword.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14094
Confirmed=X
Filename=??anregw.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14095
Confirmed=X
Filename=?ttrib.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14096
Confirmed=X
Filename=j?vaw.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14097
Confirmed=X
Filename=l?ass.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14098
Confirmed=X
Filename=m?config.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14099
Confirmed=X
Filename=n?lookup.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14100
Confirmed=X
Filename=n?pdb.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14101
Confirmed=X
Filename=??ool32.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14102
Confirmed=X
Filename=??rss.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14103
Confirmed=X
Filename=??rvices.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14104
Confirmed=X
Filename=?ti2evxx.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14105
Confirmed=X
Filename=chkdsk.exe
Description=PurityScan/Clickspring adware. Unlike this file, the legitimate Windows chkdisk.exe will in Windows XP/2K/NT always be located in the Winnt\System32 or Windows\System32 folder, and ought moreover NOT to figure among the startups!
Source=Paul Collins Startup list
[[random name]]
Number=14106
Confirmed=X
Filename=d?xplore.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14107
Confirmed=X
Filename=dvdplay.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14108
Confirmed=X
Filename=spoolsv.exe
Description=PurityScan/Clickspring adware. Do not confuse with the legitimate Microsoft Printer Spooler Service (spoolsv.exe)
Source=Paul Collins Startup list
[[random name]]
Number=14109
Confirmed=X
Filename=w?aclt.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14110
Confirmed=X
Filename=wucrtupd.exe
Description=PurityScan/Clickspring adware. Do not confuse with the legitimate Windows Critical Update Notification (wucrtupd.exe)
Source=Paul Collins Startup list
[[random name]]
Number=14111
Confirmed=X
Filename=charmapnt.exe
Description=Added by the BANCOS-DR TROJAN!
Source=Paul Collins Startup list
[[random name]]
Number=14112
Confirmed=X
Filename=n?tdde.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14113
Confirmed=X
Filename=r?gedit.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14114
Confirmed=X
Filename=r?ndll.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14115
Confirmed=X
Filename=scanregw.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14116
Confirmed=X
Filename=wuauboot.exe
Description=PurityScan/Clickspring adware. Note - do not confuse with the legitimate wuauboot.exe file, which should not figure in Msconfig/Startup!
Source=Paul Collins Startup list
[[random name]]
Number=14117
Confirmed=X
Filename=w?nspool.exe
Description=PurityScan/Clickspring adware
Source=Paul Collins Startup list
[[random name]]
Number=14118
Confirmed=X
Filename=svchost.exe
Description=Added by the BANCBAN-JC TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "config" subfolder of the Winnt or Windows folder
Source=Paul Collins Startup list
[[random name]]
Number=14119
Confirmed=X
Filename=[random name].dll
Description=SearchNet adware
Source=Paul Collins Startup list
[[random name]]
Number=14120
Confirmed=X
Filename=iexpl0ra.exe
Description=Added by the ULPM.BD TROJAN!
Source=Paul Collins Startup list
[[random name]]
Number=14121
Confirmed=X
Filename=rundl13a.exe
Description=Added by the GAMPASS-L TROJAN!
Source=Paul Collins Startup list
[[random name]]
Number=14122
Confirmed=X
Filename=Servere.exe
Description=Added by the LEGMIR-AQM TROJAN!
Source=Paul Collins Startup list
[[random number]]
Number=14123
Confirmed=X
Filename=explorer.exe
Description=Added by the KEYLOG-AN TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one copies it's self under 9 additional file names in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list
[[Randomly chosen existing folder name]]
Number=14124
Confirmed=X
Filename=_autorun.exe
Description=Added by the ANTINNY-L WORM!
Source=Paul Collins Startup list
[[Randomly chosen existing folder name]]
Number=14125
Confirmed=X
Filename=_cfg.exe
Description=Added by the ANTINNY-L WORM!
Source=Paul Collins Startup list
[[Randomly chosen existing folder name]]
Number=14126
Confirmed=X
Filename=_config.exe
Description=Added by the ANTINNY-L WORM!
Source=Paul Collins Startup list
[[Randomly chosen existing folder name]]
Number=14127
Confirmed=X
Filename=_env.exe
Description=Added by the ANTINNY-L WORM!
Source=Paul Collins Startup list
[[Randomly chosen existing folder name]]
Number=14128
Confirmed=X
Filename=_loader.exe
Description=Added by the ANTINNY-L WORM!
Source=Paul Collins Startup list
[[Randomly chosen existing folder name]]
Number=14129
Confirmed=X
Filename=_login.exe
Description=Added by the ANTINNY-L WORM!
Source=Paul Collins Startup list
[[Randomly chosen existing folder name]]
Number=14130
Confirmed=X
Filename=_setup.exe
Description=Added by the ANTINNY-L WORM!
Source=Paul Collins Startup list
[[Randomly chosen existing folder name]]
Number=14131
Confirmed=X
Filename=_start.exe
Description=Added by the ANTINNY-L WORM!
Source=Paul Collins Startup list
[[random]]
Number=14132
Confirmed=X
Filename=lsass.scr
Description=Added by the BANCBAN-CW TROJAN!
Source=Paul Collins Startup list
[[random]]
Number=14133
Confirmed=X
Filename=svchost.scr
Description=Added by the BANCBAN-CY TROJAN!
Source=Paul Collins Startup list
[[trojan filename]]
Number=14134
Confirmed=X
Filename=Install.exe
Description=Added by the BANCBAN-FS TROJAN!
Source=Paul Collins Startup list
[[trojan name]]
Number=14135
Confirmed=X
Filename=svchost.exe
Description=Added by the BANCBAN-CL TROJAN! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup!
Source=Paul Collins Startup list
[[username] config]
Number=14136
Confirmed=X
Filename=[path to trojan]
Description=Added by the MOSUCK-H TROJAN!
Source=Paul Collins Startup list
[[various filenames]]
Number=14137
Confirmed=X
Filename=qtsks.exe
Description=Added by the WEBDOR.Y TROJAN
Source=Paul Collins Startup list
[[various names]]
Number=14138
Confirmed=X
Filename=elf.exe
Description=Elf is a hacker program, tied to a trojan server
Source=Paul Collins Startup list
[[various names]]
Number=14139
Confirmed=X
Filename=crsrs.exe
Description=Added by the FORBOT-AK WORM!
Source=Paul Collins Startup list
[[various names]]
Number=14140
Confirmed=X
Filename=Windows32.exe
Description=Added by any of a number of WORM or TROJAN variants
Source=Paul Collins Startup list
[[various names]]
Number=14141
Confirmed=X
Filename=bling.exe
Description=Added by the RBOT-NI WORM!
Source=Paul Collins Startup list
[[various names]]
Number=14142
Confirmed=X
Filename=mediaplayer32.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[[various names]]
Number=14143
Confirmed=X
Filename=winlogon32.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[[various names]]
Number=14144
Confirmed=X
Filename=svchostss.exe
Description=Added by a variant of the RBOT WORM!
Source=Paul Collins Startup list
[[various names]]
Number=14145
Confirmed=X
Filename=win32snd.exe
Description=Added by the RBOT-DQ WORM!
Source=Paul Collins Startup list
[[various names]]
Number=14146
Confirmed=X
Filename=shch.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[[various names]]
Number=14147
Confirmed=X
Filename=PasswdMon.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14148
Confirmed=X
Filename=runload32.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14149
Confirmed=X
Filename=dstart2.exe
Description=Adware - recognized by Kaspersky antivirus as Trojan-Downloader.Small.alw
Source=Paul Collins Startup list
[[various names]]
Number=14150
Confirmed=X
Filename=msdos32.exe
Description=Added by a variant of the AGENT.AH TROJAN!
Source=Paul Collins Startup list
[[various names]]
Number=14151
Confirmed=X
Filename=sitebar.exe
Description=Added by an unidentified TROJAN!
Source=Paul Collins Startup list
[[various names]]
Number=14152
Confirmed=X
Filename=backorif.exe
Description=Added by a NTROOTKIT TROJAN variant!
Source=Paul Collins Startup list
[[various names]]
Number=14153
Confirmed=X
Filename=bhoserv.exe
Description=Added by a NTROOTKIT TROJAN variant!
Source=Paul Collins Startup list
[[various names]]
Number=14154
Confirmed=X
Filename=driver32.exe
Description=Added by a variant of the SDBOT WORM!
Source=Paul Collins Startup list
[[various names]]
Number=14155
Confirmed=X
Filename=hyandex.exe
Description=Added by a NTROOTKIT TROJAN variant!
Source=Paul Collins Startup list
[[various names]]
Number=14156
Confirmed=X
Filename=Uint32.exe
Description=Added by a NTROOTKIT TROJAN variant!
Source=Paul Collins Startup list
[[various names]]
Number=14157
Confirmed=X
Filename=Uint32.exe
Description=Added by a NTROOTKIT TROJAN variant!
Source=Paul Collins Startup list
[[various names]]
Number=14158
Confirmed=X
Filename=_ctcp.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14159
Confirmed=X
Filename=10010.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14160
Confirmed=X
Filename=321102.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14161
Confirmed=X
Filename=34763.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14162
Confirmed=X
Filename=abrek.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14163
Confirmed=X
Filename=ActionScr.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14164
Confirmed=X
Filename=AliceSD.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14165
Confirmed=X
Filename=AppMasterCenter.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14166
Confirmed=X
Filename=atl_helper.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14167
Confirmed=X
Filename=ATLIEHELPER.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14168
Confirmed=X
Filename=avpmondll.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14169
Confirmed=X
Filename=awinrar.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14170
Confirmed=X
Filename=backd.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14171
Confirmed=X
Filename=backorif.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14172
Confirmed=X
Filename=barint.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14173
Confirmed=X
Filename=bhoserv.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14174
Confirmed=X
Filename=bingo9.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14175
Confirmed=X
Filename=bnui.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14176
Confirmed=X
Filename=Bogobot.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14177
Confirmed=X
Filename=borlandg.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14178
Confirmed=X
Filename=BoundRec.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14179
Confirmed=X
Filename=br0ken.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14180
Confirmed=X
Filename=Brong32.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14181
Confirmed=X
Filename=clamav.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14182
Confirmed=X
Filename=cmon14.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14183
Confirmed=X
Filename=cnftips.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14184
Confirmed=X
Filename=control64.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14185
Confirmed=X
Filename=corrida.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14186
Confirmed=X
Filename=CToolBar.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14187
Confirmed=X
Filename=DCC_send.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14188
Confirmed=X
Filename=defect08.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14189
Confirmed=X
Filename=Dest068.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14190
Confirmed=X
Filename=dialer423.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14191
Confirmed=X
Filename=diskserv.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14192
Confirmed=X
Filename=driver64.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14193
Confirmed=X
Filename=DTOURS.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14194
Confirmed=X
Filename=ERTYDF.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14195
Confirmed=X
Filename=ExchangeMaster.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14196
Confirmed=X
Filename=EXE32EXE.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14197
Confirmed=X
Filename=expoler.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14198
Confirmed=X
Filename=FLKPT.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14199
Confirmed=X
Filename=forces_elite.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14200
Confirmed=X
Filename=ftbar.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14201
Confirmed=X
Filename=gabber.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14202
Confirmed=X
Filename=hyandex.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14203
Confirmed=X
Filename=iehelper.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14204
Confirmed=X
Filename=iesetupdll.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14205
Confirmed=X
Filename=init32.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14206
Confirmed=X
Filename=InpriseMon.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14207
Confirmed=X
Filename=install2.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14208
Confirmed=X
Filename=jopplerg.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14209
Confirmed=X
Filename=Kargo.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14210
Confirmed=X
Filename=keybdll.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14211
Confirmed=X
Filename=KeywordFinder.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14212
Confirmed=X
Filename=killall.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14213
Confirmed=X
Filename=LOPTCON.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14214
Confirmed=X
Filename=media64.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14215
Confirmed=X
Filename=MNTP.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14216
Confirmed=X
Filename=MON76234.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14217
Confirmed=X
Filename=moniter.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14218
Confirmed=X
Filename=mozilla-text.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14219
Confirmed=X
Filename=msag.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14220
Confirmed=X
Filename=ms-its.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14221
Confirmed=X
Filename=MsNetHelper.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14222
Confirmed=X
Filename=new32.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14223
Confirmed=X
Filename=newbreed.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14224
Confirmed=X
Filename=nmdllw.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14225
Confirmed=X
Filename=NopeZ.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14226
Confirmed=X
Filename=NsCplTray.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14227
Confirmed=X
Filename=NSYSCPLSTR.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14228
Confirmed=X
Filename=NukeSpan.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14229
Confirmed=X
Filename=openstre.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14230
Confirmed=X
Filename=panel_its.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14231
Confirmed=X
Filename=ParisM.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14232
Confirmed=X
Filename=pizda.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14233
Confirmed=X
Filename=powerdll.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14234
Confirmed=X
Filename=PrcIdle.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14235
Confirmed=X
Filename=prcmon.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14236
Confirmed=X
Filename=Preliminary.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14237
Confirmed=X
Filename=prgsys0984.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14238
Confirmed=X
Filename=progmen.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14239
Confirmed=X
Filename=qwe.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14240
Confirmed=X
Filename=RtlFindVal.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14241
Confirmed=X
Filename=SAPSTR.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14242
Confirmed=X
Filename=sbin.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14243
Confirmed=X
Filename=scanSYS.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14244
Confirmed=X
Filename=Serviceprocess.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14245
Confirmed=X
Filename=SetupExeDll.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14246
Confirmed=X
Filename=Shaitan1678.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14247
Confirmed=X
Filename=slamm.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14248
Confirmed=X
Filename=sound64.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14249
Confirmed=X
Filename=SpyElim.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14250
Confirmed=X
Filename=srbho.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14251
Confirmed=X
Filename=ssweeper.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14252
Confirmed=X
Filename=StartCpl.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14253
Confirmed=X
Filename=startman.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14254
Confirmed=X
Filename=StatusCheck.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14255
Confirmed=X
Filename=stuffmon.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14256
Confirmed=X
Filename=sysconf16.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14257
Confirmed=X
Filename=SysEntry.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14258
Confirmed=X
Filename=sysmon12.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14259
Confirmed=X
Filename=syspanel.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14260
Confirmed=X
Filename=SysSupport.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14261
Confirmed=X
Filename=SYSTRAV.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14262
Confirmed=X
Filename=TemplateDongle.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14263
Confirmed=X
Filename=teqq32.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14264
Confirmed=X
Filename=Testimonials.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14265
Confirmed=X
Filename=TForm1.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14266
Confirmed=X
Filename=TorontoMail.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14267
Confirmed=X
Filename=Trayz.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14268
Confirmed=X
Filename=TRPT.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14269
Confirmed=X
Filename=trycrt.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14270
Confirmed=X
Filename=typeconf.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14271
Confirmed=X
Filename=Uint32.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14272
Confirmed=X
Filename=uio.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14273
Confirmed=X
Filename=UserSp1.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14274
Confirmed=X
Filename=utsgmon.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14275
Confirmed=X
Filename=vxdman.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14276
Confirmed=X
Filename=WhatsNewBot.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14277
Confirmed=X
Filename=WinInitDll.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14278
Confirmed=X
Filename=wormexe.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14279
Confirmed=X
Filename=WTFCTF.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14280
Confirmed=X
Filename=XTermInit.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14281
Confirmed=X
Filename=xwiz.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14282
Confirmed=X
Filename=xxtoolbar.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14283
Confirmed=X
Filename=zantu.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14284
Confirmed=X
Filename=zxc.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14285
Confirmed=X
Filename=ABCXYZ.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14286
Confirmed=X
Filename=dePloy.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14287
Confirmed=X
Filename=JAguAr.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14288
Confirmed=X
Filename=80d0.exe
Description=MediaMotor adware
Source=Paul Collins Startup list
[[various names]]
Number=14289
Confirmed=X
Filename=exe81.exe
Description=MediaMotor adware
Source=Paul Collins Startup list
[[various names]]
Number=14290
Confirmed=X
Filename=exe82.exe
Description=MediaMotor adware
Source=Paul Collins Startup list
[[various names]]
Number=14291
Confirmed=X
Filename=MSTCPDLL.exe
Description=Wareout - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list
[[various names]]
Number=14292
Confirmed=X
Filename=seli.exe
Description=MediaMotor adware
Source=Paul Collins Startup list
[\IEService.exe]
Number=14293
Confirmed=X
Filename=IEService.exe
Description=FastFind parasite variant
Source=Paul Collins Startup list
[\Pribi.exe]
Number=14294
Confirmed=X
Filename=Pribi.exe
Description=FastFind adware variant
Source=Paul Collins Startup list
[\SysInit]
Number=14295
Confirmed=X
Filename=svchost.exe
Description=Added by the STARTPA-BD TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Program Files/Common Files folder
Source=Paul Collins Startup list
[\\TOOLS.exe]
Number=14296
Confirmed=X
Filename=tools.exe
Description=Lycos SideSearch/Fastfind.org adware
Source=Paul Collins Startup list
[^`d}qZxu]
Number=14297
Confirmed=X
Filename=~`d}qzxu3zYF
Description=Added by the GAOBOT.GEN!POLY WORM!
Source=Paul Collins Startup list
[_AntiSpyware]
Number=14298
Confirmed=U
Filename=MssCli.exe
Description=Part of McAfee AntiSpyware
Source=Paul Collins Startup list
[_AntiSpyware]
Number=14299
Confirmed=U
Filename=masalert.exe
Description=Part of McAfee AntiSpyware
Source=Paul Collins Startup list
[_Cat1]
Number=14300
Confirmed=X
Filename=nmmst.exe
Description=Added by the SMALL.SD TROJAN!
Source=Paul Collins Startup list
[_Cat2]
Number=14301
Confirmed=X
Filename=nmstt.exe
Description=Added by the SMALL-DT TROJAN!
Source=Paul Collins Startup list
[_Cat3]
Number=14302
Confirmed=X
Filename=msmsgrxp.exe
Description=Added by a variant of the SMALL-DT downloader TROJAN
Source=Paul Collins Startup list
[_Cat4]
Number=14303
Confirmed=X
Filename=msmsgr2.exe
Description=Added by the SMALL-EB TROJAN!
Source=Paul Collins Startup list
[_Hazafibb]
Number=14304
Confirmed=X
Filename=[path to file]
Description=Added by the ZAFI.B WORM!
Source=Paul Collins Startup list
[_mzu_stonedrv2]
Number=14305
Confirmed=X
Filename=_mzu_stonedrv2.exe
Description=Added by a variant of the DWNLDR-FTB TROJAN!
Source=Paul Collins Startup list
[_mzu_stonedrv3]
Number=14306
Confirmed=X
Filename=_mzu_stonedrv3.exe
Description=Added by the DWNLDR-FTB TROJAN!
Source=Paul Collins Startup list
[_mzu_stonedrv7]
Number=14307
Confirmed=Y
Filename=_mzu_stonedrv7.exe
Description=Added by a variant of the FTB TROJAN!
Source=Paul Collins Startup list
[_ntrdlhost]
Number=14308
Confirmed=X
Filename=_Ntrdlhost.exe
Description=Added by the DLOADER-JV TROJAN!
Source=Paul Collins Startup list
[_ntrRescueService]
Number=14309
Confirmed=X
Filename=_ntrrs.exe
Description=Added by the DLOADER-JV TROJAN!
Source=Paul Collins Startup list
[_pnd_Panda Antivirus]
Number=14310
Confirmed=X
Filename=_pnd_*****.exe [* = random char/digit]
Description=Added by the AGENT.NAK TROJAN!
Source=Paul Collins Startup list
[_Setv]
Number=14311
Confirmed=X
Filename=Setv.com
Description=Added by the BESAM WORM!
Source=Paul Collins Startup list
[_svchost.con]
Number=14312
Confirmed=X
Filename=svchost.com
Description=Added by the ERKEZ.C WORM!
Source=Paul Collins Startup list
[_SystemBoot]
Number=14313
Confirmed=X
Filename=services.exe
Description=Added by the SOBER-Q TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Help\Help subfolder of the Windows or Winnt folder
Source=Paul Collins Startup list
[_SystemDriver]
Number=14314
Confirmed=X
Filename=csrss.exe
Description=Added by the ASCETIC.B TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a \addins\explorer subfolder of the Winnt or Windows folder
Source=Paul Collins Startup list
[_System_Run]
Number=14315
Confirmed=X
Filename=_svchost_.exe
Description=Added by the LINEAGE-Z TROJAN!
Source=Paul Collins Startup list
[_tdiserv_]
Number=14316
Confirmed=X
Filename=_tdicli_.exe
Description=Added by the TDISERV.A WORM!
Source=Paul Collins Startup list
[_winadm]
Number=14317
Confirmed=U
Filename=winadm.exe
Description=Parents Friend - "Log any activity and protect programs with a password. Further more you can lock the pc any hour in the week you want with the main password. You can also give users allowed programs in their program-lists and you can limit the maximal daily hours and maximal weekly hours user spend on the PC"
Source=Paul Collins Startup list
[_WinCheck]
Number=14318
Confirmed=X
Filename=services.exe
Description=Added by the SOBER.V WORM!
Source=Paul Collins Startup list
[_WinData]
Number=14319
Confirmed=X
Filename=services.exe
Description=Added by the SOBER.AA WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "PoolData" subfolder of the Windows or Winnt folder
Source=Paul Collins Startup list
[_Windows]
Number=14320
Confirmed=X
Filename=services.exe
Description=Added by the SOBER.X WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "WinSecurity" subfolder of the Windows or Winnt folder
Source=Paul Collins Startup list
[_WinMain]
Number=14321
Confirmed=X
Filename=winexec.exe
Description=Added by the DLOADER-XX TROJAN!
Source=Paul Collins Startup list
[_WinStart]
Number=14322
Confirmed=X
Filename=services.exe
Description=Added by the SOBER.O WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Connection Wizard\Status subfolder of the Windows or Winnt folder
Source=Paul Collins Startup list
[_winsystem.sys]
Number=14323
Confirmed=X
Filename=smss.exe
Description=Added by the SOBER.K TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a msagent\win32 subfolder of the Winnt or Windows folder
Source=Paul Collins Startup list
[_x-Finder]
Number=14324
Confirmed=X
Filename=_x-Finder.exe
Description=Disconnects and redials an ISP modem to an adult content site
Source=Paul Collins Startup list
[{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
Number=14325
Confirmed=U
Filename=gnotify.exe
Description=Google Gmail Notifier. Alerts you when you have new Gmail messages
Source=Paul Collins Startup list
[{1290A33C-85F5-4164-A1BE-7DD299D4986A}]
Number=14326
Confirmed=U
Filename=PBKScheduler.exe
Description=Scheduler for CyberLink PowerBackup - archiving/backup utility
Source=Paul Collins Startup list
[{12EE7A5E-0674-42f9-A76B-000000004D00}]
Number=14327
Confirmed=X
Filename=rundll32.exe [path] stlb2.dll, DllRunMain
Description=BrowserAid/BrowserPal foistware
Source=Paul Collins Startup list
[{1C-CC-C5-54-ZN}]
Number=14328
Confirmed=X
Filename=dwdsregt.exe
Description=ZenoSearch adware
Source=Paul Collins Startup list
[{2CF0B992-5EEB-4143-99C0-5297EF71F444}]
Number=14329
Confirmed=X
Filename=rundll32.exe stlbdist.dll, DllRunMain
Description=BrowserAid/BrowserPal foistware
Source=Paul Collins Startup list
[{2CF0B992-5EEB-4143-99C2-5297EF71F44B}]
Number=14330
Confirmed=X
Filename=rundll32.exe stlbupdt.DLL, DllRunMain
Description=BrowserAid/BrowserPal foistware
Source=Paul Collins Startup list
[{2F-FF-F4-4C-ZN}]
Number=14331
Confirmed=X
Filename=omdsregk.exe
Description=ZenoSearch adware
Source=Paul Collins Startup list
[{357AA41A-B7A8-4632-A27D-5B980B25CF43}]
Number=14332
Confirmed=X
Filename=[path to svchost.exe]
Description=Added by the SMALL-AQ TROJAN!
Source=Paul Collins Startup list
[{357AA41A-B7A8-4632-A27D-5B980B25CF43}]
Number=14333
Confirmed=X
Filename=services.exe
Description=Added by FakeMessage/AdRotator adware. Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in an "Inetsrv" subfolder
Source=Paul Collins Startup list
[{357AA41A-B7A8-4632-A27D-5B980B25CF43}]
Number=14334
Confirmed=X
Filename=[path to trojan]
Description=Added by the SMALL-EP TROJAN!
Source=Paul Collins Startup list
[{8C-C4-4A-A4-ZN}]
Number=14335
Confirmed=X
Filename=dwdsregt.exe
Description=ZenoSearch adware
Source=Paul Collins Startup list
[{A70F6A1D-0195-42a2-934C-D8AC0F7C08EB}]
Number=14336
Confirmed=X
Filename=rundll32.exe E6F1873B.DLL, D9EBC318C
Description=BrowserAid/BrowserPal foistware
Source=Paul Collins Startup list
[µTorrent]
Number=14337
Confirmed=U
Filename=utorrent.exe
Description=µTorrent - BitTorrent client for Windows sporting a very small footprint. It was designed to use as little cpu, memory and space as possible while offering all the functionality expected from advanced clients
Source=Paul Collins Startup list