[]
Number=1
Confirmed=X
Filename=system32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotku.html" target=_blank>AGOBOT-KU</a> WORM! Note - has a blank entry under the Startup Item/Name field
Source=Paul Collins Startup list

[]
Number=2
Confirmed=X
Filename=pathex.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmkmoosea.html" target="_blank">MKMOOSE-A</a> WORM! Note - has a blank entry under the Startup Item/Name field
Source=Paul Collins Startup list

[]
Number=3
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfux.html" target="_blank">DELF-UX</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field
Source=Paul Collins Startup list

[]
Number=4
Confirmed=X
Filename=MSPF.EXE
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field
Source=Paul Collins Startup list

[]
Number=5
Confirmed=X
Filename=dllvirtual.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdadobraiw.html" target="_blank">DADOBRA-IW</a> TROJAN! Note - has a blank entry under the Startup Item/Name field
Source=Paul Collins Startup list

[]
Number=6
Confirmed=X
Filename=dllvirtual.dll
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdadobraiw.html" target="_blank">DADOBRA-IW</a> TROJAN! Note - has a blank entry under the Startup Item/Name field
Source=Paul Collins Startup list

[]
Number=7
Confirmed=X
Filename=dllvirtual.js
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdadobraiw.html" target="_blank">DADOBRA-IW</a> TROJAN! Note - has a blank entry under the Startup Item/Name field
Source=Paul Collins Startup list

[ SystemBoot]
Number=8
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsoberq.html" target="_blank">SOBER-Q</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Help\Help subfolder of the Windows or Winnt folder
Source=Paul Collins Startup list

[ WinCheck]
Number=9
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sobers.html" target=_blank>SOBER-S</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "ConnectionStatus\Microsoft" subfolder of the Windows or Winnt folder
Source=Paul Collins Startup list

[ Windows]
Number=10
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-111915-0848-99" target=_blank>SOBER.X</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "WinSecurity" subfolder of the Windows or Winnt folder
Source=Paul Collins Startup list

[ WinStart]
Number=11
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050210-2339-99" target="_blank">SOBER.O</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Connection Wizard\Status subfolder of the Windows or Winnt folder
Source=Paul Collins Startup list

[ winsystem.sys]
Number=12
Confirmed=X
Filename=smss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022023-0454-99" target=_blank>SOBER.K</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a msagent\win32 subfolder of the Winnt or Windows folder
Source=Paul Collins Startup list

[!1_pgaccount]
Number=13
Confirmed=Y
Filename=pgaccount.exe
Description=DiamondCS <a href="http://www.diamondcs.com.au/processguard/" target=_blank>ProcessGuard</a> security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. You will see one instant of pgaccount.exe for every active account on your system, and this is essential for PG to work properly
Source=Paul Collins Startup list

[!1_ProcessGuard_Startup]
Number=14
Confirmed=Y
Filename=procguard.exe
Description=DiamondCS <a href="http://www.diamondcs.com.au/processguard/" target=_blank>ProcessGuard</a> security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks
Source=Paul Collins Startup list

[!AVG Anti-Spyware]
Number=15
Confirmed=U
Filename=avgas.exe
Description=Part of <a href="http://www3.grisoft.com/doc/products-avg-anti-spyware/us/crp/0" target="_blank">AVG Anti-Spyware</a> from Grisoft
Source=Paul Collins Startup list

[!ewido]
Number=16
Confirmed=U
Filename=ewido.exe
Description=Part of <a href="http://www.ewido.net/en/" target="_blank">Ewido</a> anti-spyware
Source=Paul Collins Startup list

[!NoLoad]
Number=17
Confirmed=N
Filename=winrecon.exe
Description=<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winrecon/" target="_blank">WinRecon</a> keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[$EnterNet]
Number=18
Confirmed=?
Filename=Enternet.exe
Description=Connection manager for the EnterNet ISP. You can also use <a href="http://user.cs.tu-berlin.de/~normanb/" target="_blank">RASPPOE</a>
Source=Paul Collins Startup list

[$sys$cmp]
Number=19
Confirmed=X
Filename=$sys$xp.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-111015-0804-99" target=_blank>RYKNOS.B</a> TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer
Source=Paul Collins Startup list

[$sys$crash]
Number=20
Confirmed=X
Filename=$sys$sonyTimer.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120709-5703-99" target=_blank>WELOMOCH</a> TROJAN!
Source=Paul Collins Startup list

[$sys$crash]
Number=21
Confirmed=X
Filename=$sys$sos$sys$.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120709-5703-99" target=_blank>WELOMOCH</a> TROJAN!
Source=Paul Collins Startup list

[$sys$crash]
Number=22
Confirmed=X
Filename=$sys$WeLoveMcCOL.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120709-5703-99" target=_blank>WELOMOCH</a> TROJAN!
Source=Paul Collins Startup list

[$sys$drv]
Number=23
Confirmed=X
Filename=$sys$drv.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-111012-2048-99" target=_blank>RYKNOS</a> TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer
Source=Paul Collins Startup list

[$sys$momomomochin]
Number=24
Confirmed=X
Filename=$sys$sonyTimer.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120709-5703-99" target=_blank>WELOMOCH</a> TROJAN!
Source=Paul Collins Startup list

[$sys$momomomochin]
Number=25
Confirmed=X
Filename=$sys$sos$sys$.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120709-5703-99" target=_blank>WELOMOCH</a> TROJAN!
Source=Paul Collins Startup list

[$sys$momomomochin]
Number=26
Confirmed=X
Filename=$sys$WeLoveMcCOL.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120709-5703-99" target=_blank>WELOMOCH</a> TROJAN!
Source=Paul Collins Startup list

[$sys$umaiyo]
Number=27
Confirmed=X
Filename=$sys$sonyTimer.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120709-5703-99" target=_blank>WELOMOCH</a> TROJAN!
Source=Paul Collins Startup list

[$sys$umaiyo]
Number=28
Confirmed=X
Filename=$sys$sos$sys$.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120709-5703-99" target=_blank>WELOMOCH</a> TROJAN!
Source=Paul Collins Startup list

[$sys$umaiyo]
Number=29
Confirmed=X
Filename=$sys$WeLoveMcCOL.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120709-5703-99" target=_blank>WELOMOCH</a> TROJAN!
Source=Paul Collins Startup list

[$Volumouse$]
Number=30
Confirmed=U
Filename=volumouse.exe
Description=<a href="http://www.nirsoft.net/utils/volumouse.html" target="_blank">Volumouse</a> from Nirsoft. "Provides you a quick and easy way to control the sound volume on your system - simply by rolling the wheel of your wheel mouse"
Source=Paul Collins Startup list

[$WindowsRegKey%update]
Number=31
Confirmed=X
Filename=IEXPLORE.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotez.html" target=_blank>RBOT-EZ</a> WORM! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[%cmpmixtitle%]
Number=32
Confirmed=N
Filename=%cmpmixstr%
Description=<font color="#FF0000">Possibly related to C-Media Mixer Control panel?</font>
Source=Paul Collins Startup list

[%FP%012-L2TP fts.exe]
Number=33
Confirmed=N
Filename=fts.exe
Description=012.Net.il Israeli ISP software front-end
Source=Paul Collins Startup list

[%FP%012-L2TP FWPortal.exe]
Number=34
Confirmed=U
Filename=FWPortal.exe
Description=012.Net.il Israeli ISP dial-up software
Source=Paul Collins Startup list

[%FP%1776 Internet fts.exe]
Number=35
Confirmed=N
Filename=fts.exe
Description=1776 Internet US ISP software ISP software front-end
Source=Paul Collins Startup list

[%FP%1776 Internet FWPortal.exe]
Number=36
Confirmed=U
Filename=FWPortal.exe
Description=1776 Internet US ISP dial-up software
Source=Paul Collins Startup list

[%FP%Barak013 fts.exe]
Number=37
Confirmed=N
Filename=fts.exe
Description=Barak013 Israeli ISP software front-end
Source=Paul Collins Startup list

[%FP%Barak013 FWPortal.exe]
Number=38
Confirmed=U
Filename=FWPortal.exe
Description=Barak013 Israeli ISP dial-up software
Source=Paul Collins Startup list

[%FP%Friendly fts.exe]
Number=39
Confirmed=N
Filename=fts.exe
Description=Friendly ISP software front-end
Source=Paul Collins Startup list

[(*)API Machine]
Number=40
Confirmed=X
Filename=winSOCKS.exe
Description=Homepage hijacker, see <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winsocks/" target="_blank">here</a> (* = any digit)
Source=Paul Collins Startup list

[(*)Run]
Number=41
Confirmed=X
Filename=win32API.exe
Description=Homepage hijacker, see <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/win32api/" target="_blank">here</a> (* = any digit)
Source=Paul Collins Startup list

[(default)]
Number=42
Confirmed=X
Filename=[random filename].exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032319-2209-99" target="_blank">BLACKMAL</a> WORM!
Source=Paul Collins Startup list

[(default)]
Number=43
Confirmed=X
Filename=rundll32.exe [path] Zykheptd.dll
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-022116-5404-99" target=_blank>HESIVE.B</a> TROJAN!
Source=Paul Collins Startup list

[(L4r1$$4) (4nt1) (V1ruz)]
Number=44
Confirmed=X
Filename=SP00Lsv32.pif
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030222-1459-99" target=_blank>ASSIRAL.B</a> WORM!
Source=Paul Collins Startup list

[*JanisRuckenbrodII]
Number=45
Confirmed=X
Filename=janis.com
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-012114-5256-99" target="_blank">POPS</a> WORM!
Source=Paul Collins Startup list

[*Microsoft Update]
Number=46
Confirmed=X
Filename=ctxma.exe
Description=Added by the <a href="http://www.kephyr.com/spywarescanner/library/w32.hllw.stmu/index.phtml" target="_blank">STMU</a> TROJAN!
Source=Paul Collins Startup list

[*Microsoft Update]
Number=47
Confirmed=X
Filename=cxma.exe
Description=Added by the <a href="http://www.kephyr.com/spywarescanner/library/w32.hllw.stmu/index.phtml" target="_blank">STMU</a> TROJAN!
Source=Paul Collins Startup list

[*Microsoft Update]
Number=48
Confirmed=X
Filename=wstcl.exe
Description=Added by the <a href="http://www.kephyr.com/spywarescanner/library/w32.hllw.stmu/index.phtml" target="_blank">STMU</a> TROJAN!
Source=Paul Collins Startup list

[*Microsoft Update]
Number=49
Confirmed=X
Filename=wucxt.exe
Description=Added by the <a href="http://www.kephyr.com/spywarescanner/library/w32.hllw.stmu/index.phtml" target="_blank">STMU</a> TROJAN!
Source=Paul Collins Startup list

[*Microsoft Update]
Number=50
Confirmed=X
Filename=wuytc.exe
Description=Added by the <a href="http://www.kephyr.com/spywarescanner/library/w32.hllw.stmu/index.phtml" target="_blank">STMU</a> TROJAN!
Source=Paul Collins Startup list

[*MS Setup]
Number=51
Confirmed=X
Filename=[random filename]
Description=Virtumondo adware, also known as the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112111-3912-99" target=_blank>VUNDO</a> TROJAN!
Source=Paul Collins Startup list

[*Security Center]
Number=52
Confirmed=X
Filename=secctr.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BRO&VSect=P" target=_blank>SDBOT.BRO</a> WORM!
Source=Paul Collins Startup list

[*StateMgr]
Number=53
Confirmed=Y
Filename=statemgr.exe
Description=Windows ME default for System Restore. Do NOT disable!
Source=Paul Collins Startup list

[*windows update]
Number=54
Confirmed=X
Filename=wrauclt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqu.html" target=_blank>RBOT-QU</a> WORM!
Source=Paul Collins Startup list

[*windows update]
Number=55
Confirmed=X
Filename=wuanclt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpg.html" target=_blank>RBOT-PG</a> WORM!
Source=Paul Collins Startup list

[*windows update]
Number=56
Confirmed=X
Filename=wuaucrlt.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-010714-2915-99" target=_blank>SPYBOT.HUR</a> WORM!
Source=Paul Collins Startup list

[*windows update]
Number=57
Confirmed=X
Filename=wuraclt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpo.html" target=_blank>RBOT-PO</a> WORM!
Source=Paul Collins Startup list

[*windows update]
Number=58
Confirmed=X
Filename=wurauclt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotsy.html" target=_blank>RBOT-SY</a> WORM!
Source=Paul Collins Startup list

[*windows update]
Number=59
Confirmed=X
Filename=wsctl.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.PR" target="_blank">SPYBOT.PR</a> WORM!
Source=Paul Collins Startup list

[*windows update]
Number=60
Confirmed=X
Filename=wkmst.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AVD" target="_blank">SDBOT.AVD</a> WORM!
Source=Paul Collins Startup list

[*windows update]
Number=61
Confirmed=X
Filename=wscxt.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AOS&VSect=P" target=_blank>RBOT.AOS</a> WORM!
Source=Paul Collins Startup list

[*windows update]
Number=62
Confirmed=X
Filename=waurclt.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[*Windows [filename] Checker]
Number=63
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kedebeb.html" target=_blank>KEDEBE-B</a> WORM!
Source=Paul Collins Startup list

[*WindowsAudio]
Number=64
Confirmed=X
Filename=systemupd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentth.html" target=_blank>AGENT-TH</a> WORM!
Source=Paul Collins Startup list

[*WinLogon]
Number=65
Confirmed=X
Filename=[trojan path] ren time:[random number]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112111-3912-99" target=_blank>VUNDO</a> TROJAN!
Source=Paul Collins Startup list

[*winstats]
Number=66
Confirmed=X
Filename=winstats.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-090216-3057-99" target=_blank>GARGAFX</a> TROJAN!
Source=Paul Collins Startup list

[*wuauclt.exe]
Number=67
Confirmed=X
Filename=w****.exe [* = random char]
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotug.html" target="_blank">RBOT-UG</a> WORM! Note - * in the filename represents a random char; variants spotted: wxmct.exe, wtmsv.exe, wxmst.exe, wmsvc.exe and so on...
Source=Paul Collins Startup list

[,main drive Loader]
Number=68
Confirmed=X
Filename=wininfo.exe
Description=Suspected malware as it appears in 3 different registry locations - see <a href="http://forums.techguy.org/t151017/s.html" target="_blank"> here</a>
Source=Paul Collins Startup list

[..]
Number=69
Confirmed=X
Filename=ABC2007.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadrash.html" target="_blank">DLOADR-ASH</a> TROJAN!
Source=Paul Collins Startup list

[.mscdr]
Number=70
Confirmed=X
Filename=lassa.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-101212-0903-99" target=_blank>WEBUS.C</a> TROJAN!

Source=Paul Collins Startup list

[.mscdr]
Number=71
Confirmed=X
Filename=lsvchost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-111216-2213-99" target=_blank>WEBUS.D</a> TROJAN!
Source=Paul Collins Startup list

[.mscdsr]
Number=72
Confirmed=X
Filename=lsvchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorcr.html" target=_blank>CR</a> TROJAN!
Source=Paul Collins Startup list

[.mscsbl]
Number=73
Confirmed=X
Filename=svhost.exe
Description=Added by the <a href="http://vil.mcafeesecurity.com/vil/content/v_130850.htm" target=_blank>CMQ</a> TROJAN!
Source=Paul Collins Startup list

[.msfupdate]
Number=74
Confirmed=X
Filename=msveup.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040411-1529-99" target=_blank>ALLOCUP.A</a> WORM!
Source=Paul Collins Startup list

[.mssecure]
Number=75
Confirmed=X
Filename=mssecure.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=DDOS_BOXED.X&VSect=P" target=_blank>DDOS_BOXED.X</a> TROJAN!
Source=Paul Collins Startup list

[.NET config]
Number=76
Confirmed=?
Filename=sysmon32.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[.norton]
Number=77
Confirmed=X
Filename=rchost.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojboxeda.html" target=_blank>BOXED-A</a> TROJAN!
Source=Paul Collins Startup list

[.nvsvc]
Number=78
Confirmed=X
Filename=smss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotfp.html" target=_blank>IRCBOT-FP</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which should not normally figure in Msconfig/Startup!

Source=Paul Collins Startup list

[.nvsvcb]
Number=79
Confirmed=X
Filename=smssb.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=57167" target="_blank">BOXED.CG</a> TROJAN!
Source=Paul Collins Startup list

[.Prog]
Number=80
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081700-2526-99" target="_blank">NEVEG.B</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081614-3605-99" target="_blank">NEVEG.C</a> WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[.Prog]
Number=81
Confirmed=X
Filename=winlogon.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081623-4258-99" target="_blank">NEVEG.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[.protected]
Number=82
Confirmed=X
Filename=N/A
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094215" target="_blank">Smitfraud</a> variant
Source=Paul Collins Startup list

[.svchost]
Number=83
Confirmed=X
Filename=CSRSS.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051709-5609-99" target=_blank>WEBUS.F</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
Source=Paul Collins Startup list

[.TEXTCONV]
Number=84
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091409-4900-99" target="_blank">WEBUS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[.TEXTCONV]
Number=85
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100519-0947-99" target=_blank>WEBUS.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
Source=Paul Collins Startup list

[.WMAudio]
Number=86
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091409-4900-99" target="_blank">WEBUS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[.WMAudio]
Number=87
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100519-0947-99" target=_blank>WEBUS.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
Source=Paul Collins Startup list

[/l:eng]
Number=88
Confirmed=N
Filename=N/A
Description=Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function
Source=Paul Collins Startup list

[000]
Number=89
Confirmed=U
Filename=pit.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061617-2707-99" target="_blank">PrivateEye</a> surveillance software. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list

[000hpdllhos]
Number=90
Confirmed=X
Filename=hpdllhost.exe
Description=<a href="http://www.spywareguide.com/product_show.php?id=853" target="_blank">LZIO.com</a> adware downloader
Source=Paul Collins Startup list

[000StTHK]
Number=91
Confirmed=U
Filename=000StTHK.exe
Description=Toshiba Hot key functionality for the function keys (Fn-Esc, Fn-F1 (lock), Fn-F2, Fn-F3, Fn-F4, Fn-F5 (switching between laptop and CRT display output), etc...)
Source=Paul Collins Startup list

[0050726-007-i32-1]
Number=92
Confirmed=X
Filename=0050726-007-i32-1.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanec.html" target=_blank>BANCBAN-EC</a> TROJAN!
Source=Paul Collins Startup list

[00DSKSVR00]
Number=93
Confirmed=?
Filename=desksaver.exe
Description=Related to <a href="http://www.softstack.com/deskshield.html" target=_blank>Advanced Desktop Shield</a>
Source=Paul Collins Startup list

[00DSKSVR01]
Number=94
Confirmed=?
Filename=desksaver.exe
Description=Related to <a href="http://www.softstack.com/deskshield.html" target=_blank>Advanced Desktop Shield</a>
Source=Paul Collins Startup list

[00TCrdMain]
Number=95
Confirmed=Y
Filename=TCrdMain.exe
Description=Related to the flash card slot on a Toshiba laptop. Ending this process will disable access to the flash cards
Source=Paul Collins Startup list

[00THotkey]
Number=96
Confirmed=U
Filename=00THotKey.exe
Description=For Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev.
Source=Paul Collins Startup list

[0190 Warner]
Number=97
Confirmed=U
Filename=WARN0190.EXE
Description=Anti-dialer <a href="http://www.wt-rate.com/" target=_blank>program</a> (Germany)
Source=Paul Collins Startup list

[0900 Warner]
Number=98
Confirmed=U
Filename=WARN0900.EXE
Description=Anti-dialer <a href="http://www.wt-rate.com/" target=_blank>program</a> (Germany)
Source=Paul Collins Startup list

[0mcamcap]
Number=99
Confirmed=X
Filename=0mcamcap.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcosiamh.html" target=_blank>COSIAM-H</a> TROJAN!

Source=Paul Collins Startup list

[0utlook Express]
Number=100
Confirmed=X
Filename=*****.exe [* = random char]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotcc.html" target=_blank>RBOT-CC</a> WORM! Note the first letter is actually the digit "0" and not a capital "o"
Source=Paul Collins Startup list

[1]
Number=101
Confirmed=X
Filename=1.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041515-1002-99" target=_blank>ESTEEMS</a> TROJAN!
Source=Paul Collins Startup list

[1]
Number=102
Confirmed=X
Filename=lsass.scr
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-052411-0618-99" target=_blank>BANCOS.V</a> TROJAN!

Source=Paul Collins Startup list

[1]
Number=103
Confirmed=X
Filename=svchost.scr
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-052515-4611-99" target=_blank>BANCOS.X</a> TROJAN!
Source=Paul Collins Startup list

[1111swapmgr.exe]
Number=104
Confirmed=X
Filename=1111swapmgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooric.html" target=_blank>IC</a> TROJAN!
Source=Paul Collins Startup list

[123456]
Number=105
Confirmed=X
Filename=rundll32.exe shell32.dll, Control_RunDLL ...123456.cpl
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-070209-4033-99" target="_blank">KITRO.C</a> (or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DANDI.A&amp;VSect=T" target="_blank">DANDI.A</a>) WORM! 123456 can be any random 3 to 6 digit number
Source=Paul Collins Startup list

[12Ghosts Popup-Killer]
Number=106
Confirmed=U
Filename=12popup.exe
Description=<a href="http://12ghosts.com/ghosts/popup.htm" target="_blank">12Ghosts Popup-Killer</a>
Source=Paul Collins Startup list

[17779Proj2002]
Number=107
Confirmed=?
Filename=N/A
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[180adsolution]
Number=108
Confirmed=X
Filename=180adsolution.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=180solutions.NCase&threatid=8869" target="_blank">NCase</a> adware
Source=Paul Collins Startup list

[180ax]
Number=109
Confirmed=X
Filename=180ax.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=180solutions.NCase&threatid=8869" target="_blank">NCase</a> adware
Source=Paul Collins Startup list

[180ClientStubInstall]
Number=110
Confirmed=X
Filename=stubinstaller****.exe [* = digit]
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453090677" target="_blank">180Solutions</a> adware related
Source=Paul Collins Startup list

[180ClientStubInstall]
Number=111
Confirmed=X
Filename=[path to trojan]
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453090677" target="_blank">180Solutions</a> adware related
Source=Paul Collins Startup list

[180ClientStubInstall]
Number=112
Confirmed=X
Filename=******.tmp [* = random digit/char]
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453090677" target="_blank">180Solutions</a> adware related
Source=Paul Collins Startup list

[196_150_ni]
Number=113
Confirmed=X
Filename=196_150_ni.exe
Description=WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see <a href="http://www.superadblocker.com/1/196_150_NI.EXE-5442.html" target="_blank">here</a>
Source=Paul Collins Startup list

[197_150_ni_3]
Number=114
Confirmed=X
Filename=197_150_ni_3.exe
Description=WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see <a href="http://www.superadblocker.com/1/196_150_NI.EXE-5442.html" target="_blank">here</a>
Source=Paul Collins Startup list

[1:]
Number=115
Confirmed=N
Filename=hpdrv.exe
Description=HP utility for monitoring when and how many recoveries have been done
Source=Paul Collins Startup list

[1A:MacVisionTrayMonitor]
Number=116
Confirmed=N
Filename=TrayMonitor.exe
Description=Comes with the MacVision program for monitoring tray icons (Note : program is by Stardock)
Source=Paul Collins Startup list

[1A:Stardock MCP]
Number=117
Confirmed=Y
Filename=mcpserver.exe
Description=Master Control Program for Stardock apps, in development. People should leave it running if they're using any of the Stardock applications
Source=Paul Collins Startup list

[1A:Stardock TrayMonitor]
Number=118
Confirmed=Y
Filename=TrayServer.exe
Description=For monitoring tray icons - if disabled icons will not be displayed in ObjectBar or DesktopX
Source=Paul Collins Startup list

[1CmailS]
Number=119
Confirmed=?
Filename=NETMAIL.EXE
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[1on1]
Number=120
Confirmed=X
Filename=1on1.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[1Srv32]
Number=121
Confirmed=U
Filename=SpyAgent4.exe
Description=SpyTech <a href="http://www.spytech-web.com/spyagent.shtml" target="_blank">SpyAgent</a> monitoring software. &quot;Spy software that allows you to monitor EVERYTHING users do on your PC.&quot;
Source=Paul Collins Startup list

[1u7]
Number=122
Confirmed=X
Filename=1u7.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmurbaca.html" target="_blank">MURBAC-A</a> TROJAN!
Source=Paul Collins Startup list

[1Win32Cfg]
Number=123
Confirmed=U
Filename=SpyBuddy.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-062611-4548-99" target=_blank>SpyBuddy</a> keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[1Win32Cfg]
Number=124
Confirmed=U
Filename=Keyloggerpro.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120711-4013-99" target=_blank>Keyloggerpro</a> keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[1WinCfg32]
Number=125
Confirmed=X
Filename=WebMailSpy.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-062918-0745-99" target=_blank>WebMailSpy</a> spyware
Source=Paul Collins Startup list

[2020Downloader]
Number=126
Confirmed=X
Filename=mssvr.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=2020Search&threatid=13811" target="_blank">2020Search</a> Toolbar
Source=Paul Collins Startup list

[252]
Number=127
Confirmed=X
Filename=winmgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmirat.html" target=_blank>LEGMIR-AT</a> TROJAN!
Source=Paul Collins Startup list

[27]
Number=128
Confirmed=X
Filename=slsorve.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojslsorvea.html" target="_blank">SLSORVE-A</a> TROJAN!
Source=Paul Collins Startup list

[27]
Number=129
Confirmed=X
Filename=csrss32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojslsorved.html" target=_blank>SLSORVE-D</a> TROJAN!
Source=Paul Collins Startup list

[27]
Number=130
Confirmed=X
Filename=msm32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojslsorvee.html" target=_blank>SLSORVE-E</a> TROJAN!
Source=Paul Collins Startup list

[2Search]
Number=131
Confirmed=X
Filename=main.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-080302-3232-99" target="_blank">2Search</a> adware
Source=Paul Collins Startup list

[2thousandbuck]
Number=132
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110410-0039-99" target=_blank>RANKY.L</a> TROJAN!
Source=Paul Collins Startup list

[2wSysTray]
Number=133
Confirmed=U
Filename=2portalmon.exe
Description=<a target="_blank" href="http://www.2wire.com/">2Wire</a> Homeportal user interface
Source=Paul Collins Startup list

[32-bit Thunking service]
Number=134
Confirmed=X
Filename=thunk32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021712-1032-99" target=_blank>DERDERO.A</a> WORM!
Source=Paul Collins Startup list

[333]
Number=135
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojjda.html" target="_blank">JD-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This one is located in a "Syswm1i" directory
Source=Paul Collins Startup list

[39ELTFH25Z8SKF]
Number=136
Confirmed=?
Filename=Ezg1q5.exe
Description=<font color="#FF0000">Seems to be associated with software by <a href="http://www.resplendence.com/docs/" target="_blank">Resplendence SP</a> ?</font>
Source=Paul Collins Startup list

[3c1807pd]
Number=137
Confirmed=Y
Filename=3cmlink.exe 3cpipe-3c1807pd
Description=3Com WinModem driver. See <a href="http://modemsite.com/56k/winmodems.asp" target="_blank">here</a> for more WinModem information
Source=Paul Collins Startup list

[3capplnk]
Number=138
Confirmed=Y
Filename=3capplnk.exe
Description=US Robotics Modem driver
Source=Paul Collins Startup list

[3cdminic]
Number=139
Confirmed=N
Filename=3CDMINIC.EXE
Description=3Com DMI (DynamicAccess <u>D</u>esktop <u>M</u>anagement <u>I</u>nterface) Agent associated with 3Com network cards
Source=Paul Collins Startup list

[3CM Link]
Number=140
Confirmed=Y
Filename=3cmcnkw.exe
Description=Required for a US Robotics WinModem as it provides the link to Windows - won't work without it
Source=Paul Collins Startup list

[3Cmlink]
Number=141
Confirmed=Y
Filename=3CmlinkW.exe
Description=For a US Robotics WinModem. Provides the link to Windows as the CPU does the processing on WinModems - won't work without it. See <a href="http://modemsite.com/56k/winmodems.asp" target="_blank">here</a> for more WinModem information
Source=Paul Collins Startup list

[3ComDMIAgent]
Number=142
Confirmed=N
Filename=3CDMINIC.EXE
Description=3Com DMI (DynamicAccess <u>D</u>esktop <u>M</u>anagement <u>I</u>nterface) Agent associated with 3Com network cards
Source=Paul Collins Startup list

[3cpipe-USRpdA]
Number=143
Confirmed=Y
Filename=USRmlnkA.exe
Description=Modem driver files from US Robotics
Source=Paul Collins Startup list

[3D Text]
Number=144
Confirmed=X
Filename=3D Text.scr
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102412-2855-99" target="_blank"> JERMY.A</a> WORM!
Source=Paul Collins Startup list

[3Deep Control Panel]
Number=145
Confirmed=U
Filename=3DeepCTL.EXE
Description=Now superseeded by <a href="http://www.colorwizzard.com/" target="_blank">ColorWizzard</a> - 3Deep corrected lighting, shading and color for all your 2D and 3D games
Source=Paul Collins Startup list

[3Dfx Acc]
Number=146
Confirmed=X
Filename=GFXACC.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-030413-4714-99" target="_blank">GIBE</a> WORM!

Source=Paul Collins Startup list

[3dfx Task Manager]
Number=147
Confirmed=N
Filename=3dfxMan.exe
Description=System Tray application for 3dfx Voodoo 3/4/5 functions. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[3dfx Tools]
Number=148
Confirmed=Y
Filename=3dfxCmn.dll
Description=Updates the registry with information that can't be held for Voodoo 3/4/5 series graphics cards. Important for owners of these cards
Source=Paul Collins Startup list

[3dfxv2ps.dll]
Number=149
Confirmed=Y
Filename=3dfxv2ps.dll
Description=Updates the registry with info that can't be held for 3dfx Voodoo 2 video cards. Important for owners of these cards
Source=Paul Collins Startup list

[3Dlabs Taskbar Display Manager]
Number=150
Confirmed=?
Filename=3DLman.exe
Description=3DLabs graphics driver related. <font color="#FF0000"> System Tray access to display settings?</font>
Source=Paul Collins Startup list

[3DLabsHelperDemon]
Number=151
Confirmed=U
Filename=3dldemon.exe
Description=Directly from the programs author &quot;It is a tiny program that is installed by the Permedia2/3 and probably other Oxygen-series cards. Normally it sits in the background doing nothing at all (sleeping on a semaphore), so it should take zero CPU time and virtually zero memory, since it will all be paged out to the hard drive.&quot; In most cases it can be safely disabled
Source=Paul Collins Startup list

[3DMouse.EXE]
Number=152
Confirmed=Y
Filename=3DMouse.EXE
Description=Dritek System Inc. 3D Mouse driver
Source=Paul Collins Startup list

[3d_sound]
Number=153
Confirmed=X
Filename=3d_sound.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojriadosa.html" target=_blank>RIADOS-A</a> TROJAN!
Source=Paul Collins Startup list

[3qdctl.exe]
Number=154
Confirmed=U
Filename=3qdctl.exe
Description=Provided with Terratec 128i PCI and similar sound cards. Loads a sound profile at bootup, restoring volume and other audio settings to a pre-determined default. Similar to Creative Lab's AudioHQ
Source=Paul Collins Startup list

[3ware 3DM]
Number=155
Confirmed=Y
Filename=3dm.exe
Description=Monitors status of the disk array on 3ware IDE RAID controllers
Source=Paul Collins Startup list

[456655]
Number=156
Confirmed=X
Filename=explorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifrosede.html" target=_blank>BIFROSE-DE</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System folder
Source=Paul Collins Startup list

[4da92ad5.exe]
Number=157
Confirmed=X
Filename=4da92ad5.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadrwz.html" target="_blank">DLOADR-WZ</a> TROJAN!
Source=Paul Collins Startup list

[4wd!!!]
Number=158
Confirmed=X
Filename=Natal!.pif
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.AI" target="_blank">OPASERV.AI</a> WORM!
Source=Paul Collins Startup list

[5-1-61-96]
Number=159
Confirmed=X
Filename=members-area.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[5-2-46-112]
Number=160
Confirmed=X
Filename=5-2-46-112.exe
Description=Adult content pop-up dialler. Removal instructions <a href="http://groups.google.com/group/microsoft.public.windowsxp.general/browse_frm/thread/eb788b5ae71219be/b143744d5a592352?hl=en&lr=&ie=UTF-8&oe=UTF8&safe=off&rnum=9&prev=/groups%3Fq%3D5-2-46-112.exe%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF8%26safe%3Doff%26selm%3D1e10cd61.0203201743.78f51cfa%40posting.google.com%26rnum%3D9#b143744d5a592352" target="_blank">here</a>
Source=Paul Collins Startup list

[55278]
Number=161
Confirmed=X
Filename=grepclient1.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineages.html" target=_blank>LINEAGE-S</a> TROJAN!
Source=Paul Collins Startup list

[5p4m]
Number=162
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlitebotc.html" target=_blank>LITEBOT-C</a> TROJAN!
Source=Paul Collins Startup list

[5whgue21]
Number=163
Confirmed=X
Filename=5whgue21.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092410-4648-99" target=_blank>ClearSearch</a> adware
Source=Paul Collins Startup list

[666]
Number=164
Confirmed=X
Filename=Ska.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpipes.html" target=_blank>PIPES</a> TROJAN!
Source=Paul Collins Startup list

[678]
Number=165
Confirmed=X
Filename=lsas32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojslsorveb.html" target=_blank>SLSORVE-B</a> TROJAN!
Source=Paul Collins Startup list

[98D0CE0C16B1]
Number=166
Confirmed=X
Filename=rundll32.exe D0CE0C16B1, D0CE0C16B1
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrowserAid&threatid=3342" target="_blank">BrowserAid/BrowserPal</a> foistware
Source=Paul Collins Startup list

[9m]
Number=167
Confirmed=X
Filename=winlog0n.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmiraqk.html" target="_blank">LEGMIR-AQK</a> TROJAN!
Source=Paul Collins Startup list

[9xadiras]
Number=168
Confirmed=Y
Filename=9xadiras.exe
Description=<a href="http://www.alliedtelesyn.co.uk/en-gb/" target=_blank>Allied Telesyn</a> AT series router/modem related - apparently required
Source=Paul Collins Startup list

[9xHtProtect]
Number=169
Confirmed=X
Filename=AVprotect9x.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031015-0018-99" target="_blank">NETSKY.M</a> WORM!
Source=Paul Collins Startup list

[;Rundll]
Number=170
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_PWSLEGMIR.E" target="_blank">PWSLEGMIR.E</a> TROJAN!
Source=Paul Collins Startup list

[?ekio Startups]
Number=171
Confirmed=X
Filename=?nksvc32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotov.html" target=_blank>AGOBOT-OV</a> WORM where ? is a random character

Source=Paul Collins Startup list

[@]
Number=172
Confirmed=X
Filename=regedit -s ..win.dll
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100111-0931-99" target="_blank">SEEKER.K</a> TROJAN!
Source=Paul Collins Startup list

[@Hoc Toolbar]
Number=173
Confirmed=N
Filename=AtHoc.exe
Description=One-click activated browsing toolbar used by various web-sites. See <a href="http://siliconvalley.internet.com/news/article.php/3531_479951" target="_blank">here</a> for more info
Source=Paul Collins Startup list

[@loha]
Number=174
Confirmed=N
Filename=reminder.exe
Description=Registration reminder for <a href="http://www.pcworld.com/downloads/file_description/0,fid,6581,00.asp" target="_blank">@loha@home</a> E-mail utility
Source=Paul Collins Startup list

[@tour_ww]
Number=175
Confirmed=X
Filename=@tour_ww[1].exe
Description=Adult content dialler
Source=Paul Collins Startup list

[a]
Number=176
Confirmed=X
Filename=a.exe
Description=Commercials file that registers itself in the system registry and redirects IE to a certain commercial website
Source=Paul Collins Startup list

[a]
Number=177
Confirmed=X
Filename=jesse.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32meloa.html" target=_blank>MELO-A</a> WORM!
Source=Paul Collins Startup list

[A New Windows Updater]
Number=178
Confirmed=X
Filename=w32NTupdt.exe
Description=Added by <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042420-4303-99" target="_blank">MYTOB.BM</a> WORM!
Source=Paul Collins Startup list

[A Verizon App]
Number=179
Confirmed=U
Filename=VERIZO~1.EXE
Description=Part of <a href="http://www22.verizon.com/" target="_blank">Verizon</a> Online Support Manager
Source=Paul Collins Startup list

[a-squared]
Number=180
Confirmed=U
Filename=a2guard.exe
Description=<a href="http://www.emsisoft.com/en/" target=_blank>a-Squared</a> antitrojan - can be run on demand but necessary in Startup if you prefer the a˛ 'Background Guard' real time protection feature
Source=Paul Collins Startup list

[a-winpoet-service]
Number=181
Confirmed=Y
Filename=winpppoverethernet.exe
Description=WinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs and ISPs. For more info read <a href="http://www.finepoint.com/winpoet.html" target="_blank">here</a>. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networking
Source=Paul Collins Startup list

[A1000 Settings Utility]
Number=182
Confirmed=U
Filename=cpqa1000.exe
Description=Compaq A1000 Print Fax All-in-One copy scan printer software. Required in the Startup in order to scan, print, copy and fax. Only required if you use these features
Source=Paul Collins Startup list

[A4Proxy]
Number=183
Confirmed=U
Filename=A4Proxy.exe
Description=<a href="http://www.findincontext.com/a4proxy/review.htm" target="_blank">Anonymity 4 Proxy</a> - local proxy server that makes you anonymous when visiting web sites
Source=Paul Collins Startup list

[AAACLEAN]
Number=184
Confirmed=?
Filename=AAACLEAN.INF
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[AAAKeyboard]
Number=185
Confirmed=?
Filename=??
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[AAATraySaver]
Number=186
Confirmed=N
Filename=TraySaver.exe
Description=System Tray management utility from <a href="http://www.mlin.net/" target="_blank">Mike Lin</a> which allows you to hide, show, restore icons that are lost in an Explorer crash, remove dead tray icons, minimize any window to the System Tray
Source=Paul Collins Startup list

[AAK]
Number=187
Confirmed=U
Filename=aak.exe
Description=<a href="http://www.anti-keylogger.net/" target="_blank">Advanced Anti-Keylogger</a> - "Anti-spy software to prohibit operation of any keyloggers currently in use or presently being developed anywhere"
Source=Paul Collins Startup list

[Aaou]
Number=188
Confirmed=X
Filename=amee.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[Aapp]
Number=189
Confirmed=X
Filename=adprot.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051216-4630-99" target=_blank>AdBlaster</a> adware
Source=Paul Collins Startup list

[aauclient]
Number=190
Confirmed=?
Filename=ACNUpdater.exe
Description=Appears to be related to software from <a href="http://www.accenture.com/home/default.htm?viewType=Flash" target=_blank>Accenture.com</a>
Source=Paul Collins Startup list

[ab EazyScheduler]
Number=191
Confirmed=?
Filename=ezsched.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[ABBYY Community Agent]
Number=192
Confirmed=N
Filename=CAGENT.EXE
Description=Installed with the Optical Character Recognition (OCR) software that comes bundled with a Compaq A3000 all-in-one printer/scanner. Its function appears to be to link you to the internet in an attempt to buy the&nbsp;5.0 version of the software
Source=Paul Collins Startup list

[ABC]
Number=193
Confirmed=U
Filename=keylogger.exe
Description=Keystroke logger/monitoring program - remove unless you installed it yourself!

Source=Paul Collins Startup list

[abcdefgh]
Number=194
Confirmed=X
Filename=abcdefgh.exe
Description=<a href="http://www.securitystronghold.com/gates/spyware-adware-solutions/abcdefgh_abcdefgh.exe_solution.htm" target=_blank>EPJ</a> TROJAN! 

Source=Paul Collins Startup list

[ABIT uGuru]
Number=195
Confirmed=U
Filename=uGuru.exe
Description=<a href="http://www2.abit.com.tw/page/en/news/newspop.php?pDOCNO=en_0309184" target=_blank>ABIT µGuru</a> - on motherboards incorporating the µGuru processor this provides quick access to "hardware monitoring, overclocking, BIOS flashing and audio tweakin
Source=Paul Collins Startup list

[ABITEQ]
Number=196
Confirmed=N
Filename=abiteq.exe
Description=Monitoring utility for ABIT Motherboards. Displays system voltages, temperatures and fan speeds
Source=Paul Collins Startup list

[Abrada WIN32]
Number=197
Confirmed=X
Filename=abrada.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdermong.html" target=_blank>DERMON-G</a> TROJAN!

Source=Paul Collins Startup list

[Absolute Shield]
Number=198
Confirmed=U
Filename=dseraser.exe
Description=<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/dseraser/" target=_blank>Absolute Shield Evidence Eliminator</a> - internet history eraser

Source=Paul Collins Startup list

[Absolute StartUp monitor]
Number=199
Confirmed=U
Filename=ASMon.exe
Description=<a href="http://www.fgroupsoft.com/Absolutestartup/" target="_blank">Absolute Startup</a> - startup monitor from F-Group Software
Source=Paul Collins Startup list

[AbsoluteShield Internet Eraser]
Number=200
Confirmed=U
Filename=cseraser.exe
Description=<a href="http://www.internet-track-eraser.com/" target=_blank>AbsoluteShield Internet Eraser</a> - "protects your privacy by cleaning up all the tracks of your Internet and computer activities"

Source=Paul Collins Startup list

[ABsr]
Number=201
Confirmed=X
Filename=absr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-042320-3206-99" target="_blank">AUTOUPDER</a> TROJAN!
Source=Paul Collins Startup list

[absr]
Number=202
Confirmed=X
Filename=mwsvm.exe
Description=SeekSeek search hijacker related - see <a href="http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW_SECTHOUGHT.A&VSect=Sn" target=_blank>here</a>

Source=Paul Collins Startup list

[abtu]
Number=203
Confirmed=X
Filename=mp3serch.exe
Description=Loads the executable for <a href="http://www.spywareinfo.com/lop.html" target="_blank">Lop.com</a>. mp3serch.exe is the final version
Source=Paul Collins Startup list

[abtu]
Number=204
Confirmed=X
Filename=lopsearch.exe
Description=Loads the executable for <a href="http://www.spywareinfo.com/articles/lop/" target="_blank">Lop.com</a>. lopsearch.exe is the beta version
Source=Paul Collins Startup list

[AbyssWebServer]
Number=205
Confirmed=U
Filename=abyssws.exe
Description=<a href="http://abyss.sourceforge.net/" target="_blank">Abyss</a> web server
Source=Paul Collins Startup list

[AcBtnMgr_Xxx]
Number=206
Confirmed=Y
Filename=AcBtnMgr_Xxx.exe
Description=Associated with the Lexmark Xxx (where &quot;xx&quot; is the model) all-in-one printer/scanner/copier. Required for correct operation
Source=Paul Collins Startup list

[acc]
Number=207
Confirmed=U
Filename=acc.exe
Description=<a href="http://www.voicecallcentral.com/#advanced_call_center" target="_blank">Advanced Call Center</a> - "full-featured yet easy-to-use answering machine software for your voice modem"
Source=Paul Collins Startup list

[ACCDEFRAGINFO]
Number=208
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32darbyo.html" target=_blank>DARBY-O</a> WORM!
Source=Paul Collins Startup list

[Accelerate]
Number=209
Confirmed=U
Filename=accelerate.exe
Description=Webroot Accelerate - allows you to optimize Windows network registry settings in order to boost surfing speeds. Leave this enabled if you find it improves your connection
Source=Paul Collins Startup list

[Access Ramp Monitor]
Number=210
Confirmed=N
Filename=armon32.exe
Description=Monitors your progress on the internet; hang-ups, connection speeds, internet congestion and traffic flow. It prevents some games from running also. To disable the Access Ramp Monitor (1) Open Windows Explorer (2) Open the Program Files folder (3) Open the MindSpring folder (4) Open the AccessRamp folder (5) Double-click on the ARMCfg32.exe file (6) Uncheck Enable Dialup Monitor and click OK (7) Restart the computer and try again
Source=Paul Collins Startup list

[Access WebControl]
Number=211
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojppdoorm.html" target=_blank>PPDOOR-M</a> TROJAN!
Source=Paul Collins Startup list

[AccessManager]
Number=212
Confirmed=U
Filename=AccessMgr.exe
Description=Part of SmartPipes <a href="http://www.smartpipes.com/SecureSite.htm" target=_blank>SecureSite</a> software. "SecureSite enables rapid turnup and enhanced administration of VPNs. It automates and simplifies tasks for VPN design and policy management, access control management, and key management"
Source=Paul Collins Startup list

[AccessMedia P2P Loader]
Number=213
Confirmed=X
Filename=amp2pl.exe
Description=My AccessMedia toolbar related, stealth installed!
Source=Paul Collins Startup list

[AccessoriesPlus]
Number=214
Confirmed=U
Filename=clockplus.exe
Description=Clock Plus, part of <a href="http://simplypowerful.com/software/accessoriesplus.html" target=_blank>Accessories Plus</a> allows you to select from dozens of alternatives for the Windows clock
Source=Paul Collins Startup list

[AccessRamp Monitor01]
Number=215
Confirmed=N
Filename=ARMon32a.exe
Description=From a visitor &quot;Just wanted to provide you with some info on Access Ramp software installed with Verizon DSL accounts in those areas that use the Winpoet PPPoE software. The Access Ramp TSRs are installed as part of IP Insight software (can't remember the software maker). You can decline to install IP Insight during Winpoet setup, or go into Add/Remove programs uninstall IP Insight by hand if it's already installed. It really doesn't do a darn thing for you. It was intended to help DSL techs monitor QoS, but the backend part was never implemented (at least as of earlier this year). This will not affect the user's ability or inability to access their DSL service.&quot;
Source=Paul Collins Startup list

[AccessRampLAN01]
Number=216
Confirmed=N
Filename=ARUpld32.exe
Description=Version of the AccessRamp Monitor01 entry for LAN connections - a history uploader. The key in turning it off is a file named ARUCfg32.exe. This file (ARUCfg32.exe) does not show up in the startup process. If you have this file, you can execute it and remove all the monitoring activities it does. Removing all the checks in all the boxes (both tabs) still calls ARUpld32.exe to start when you start the dial up. You can block it from sending info if you have Zone Alarm installed. Renaming the extension of ARUCfg32.exe to ARUCfg32.exe1 works. The ARUpld32.exe is not loaded when launching the dial up client. Written by IP Insight and also included with Earthlink Total Access 2003
Source=Paul Collins Startup list

[AcctMgr]
Number=217
Confirmed=U
Filename=AcctMgr.exe
Description=Norton™ Password Manager - part of <a href="http://www.symantec.com/sabu/sysworks/basic/" target="_blank">Norton SystemWorks 2004</a> - stores passwords and other personal information, and retrieves the data needed for email logins, shopping orders, banking, and other online activities - all from the safety of your own PC
Source=Paul Collins Startup list

[AccuWeather.com® Desktop]
Number=218
Confirmed=N
Filename=AccuWeatherDesktop.exe
Description=Desktop weather from <a href="http://home.accuweather.com/index.asp?partner=accuweather" target="_blank">AccuWeather</a>
Source=Paul Collins Startup list

[accwizz.exe]
Number=219
Confirmed=X
Filename=accwizz.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082312-1953-99" target=_blank>RULAND.A</a> WORM!
Source=Paul Collins Startup list

[accwizzz.exe]
Number=220
Confirmed=X
Filename=accwizzz.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082312-1953-99" target=_blank>RULAND.A</a> WORM!
Source=Paul Collins Startup list

[acdllib3]
Number=221
Confirmed=X
Filename=bcdlmem.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmailbotba.html" target="_blank">MAILBOT-BA</a> TROJAN!
Source=Paul Collins Startup list

[ACDSee]
Number=222
Confirmed=N
Filename=ACDSee8Pro.exe
Description=<a href="http://www.acdsee.com/" target="_blank">ACDSee</a> 8 photo software. Organize, manage, enhance, and share all your valued photo memories
Source=Paul Collins Startup list

[Ace bows]
Number=223
Confirmed=?
Filename=Ace bows.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[AceGain LiveUpdate]
Number=224
Confirmed=N
Filename=LiveUpdate.exe
Description="<a href="http://www.acegain.com/products_lu.htm" target="_blank">AceGain LiveUpdate</a> can help to automate and optimize product updates. AceGain LiveUpdate will automatically detect new patch updates, driver updates or full product updates and automatically download and install them according to user configuration"
Source=Paul Collins Startup list

[Acer ePower Management]
Number=225
Confirmed=U
Filename=Acer ePower Management.exe
Description=Part of Acer Empowering Technology. "<a href="http://www.acer-euro.com/et/en/notebooks01.htm#7" target="_blank">Acer ePower Management</a> is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles"
Source=Paul Collins Startup list

[AcerGoto]
Number=226
Confirmed=U
Filename=AcerGoto.exe
Description=Acer Computer "Goto Drive" Cold Swap Driver - a swappable second disk drive provides convenient backup of large files, or easy importation of data from user's previous computer
Source=Paul Collins Startup list

[AcerNotebookManager]
Number=227
Confirmed=U
Filename=almxptray.exe
Description=System Tray access on some Acer Notebooks to give faster access to system settings
Source=Paul Collins Startup list

[AcerPowerkey]
Number=228
Confirmed=U
Filename=Powerkey.exe
Description=PowerKey utility for Acer TravelMate notebook PCs. Allows the user to quickly switch between different power schemes by pressing Fn+F3
Source=Paul Collins Startup list

[Aceu]
Number=229
Confirmed=X
Filename=[random filename]
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[AClntUsr]
Number=230
Confirmed=U
Filename=AClntUsr.exe
Description=Altiris <a href="http://www.cdg-group.com/go.exe?prodid=299" target="_blank">AClient</a> Service Windows Tray Icon
Source=Paul Collins Startup list

[Acme.PCHButton]
Number=231
Confirmed=N
Filename=pchbutton.exe
Description=Used by HP Instant Support
Source=Paul Collins Startup list

[ACMonitor_Xxx]
Number=232
Confirmed=Y
Filename=ACMonitor_Xxx.exe
Description=Associated with the Lexmark Xxx (where &quot;xx&quot; is the model) all-in-one printer/scanner/copier. Required for correct operation
Source=Paul Collins Startup list

[acocash]
Number=233
Confirmed=X
Filename=fastdown.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[acocash]
Number=234
Confirmed=X
Filename=fastdown.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[Acombo3dmouse]
Number=235
Confirmed=U
Filename=Acombo3d.exe
Description=Mouse driver - required if you use non-standard Windows driver features
Source=Paul Collins Startup list

[Aconti]
Number=236
Confirmed=X
Filename=aconti.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[acoustic]
Number=237
Confirmed=U
Filename=acoustic.exe
Description=Control panel program for Philips <a href="http://www.digit-life.com/articles/philipsae/index.html" target="_blank">Acoustic Edge</a> soundcard. Not required unless changed settings aren't retained
Source=Paul Collins Startup list

[acpart]
Number=238
Confirmed=N
Filename=agpart11.exe
Description=Program for finding trucks on-line
Source=Paul Collins Startup list

[Acrobat]
Number=239
Confirmed=X
Filename=acrmon32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallect.html" target="_blank">SMALL-ECT</a> TROJAN!
Source=Paul Collins Startup list

[Acrobat Assistant *.*]
Number=240
Confirmed=U
Filename=ACROTRAY.EXE
Description=Used to create PDF files with Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendation. *.* represents the version
Source=Paul Collins Startup list

[Acrobat Read]
Number=241
Confirmed=X
Filename=acroup32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvanbotbq.html" target="_blank">VANBOT-BQ</a> TROJAN!
Source=Paul Collins Startup list

[Acronis Popup Blocker]
Number=242
Confirmed=U
Filename=RunDll32.exe [path] Blocker.dll, Run
Description=Part of <a href="http://www.acronis.com/homecomputing/products/privacyexpert/" target=_blank>Acronis Privacy Expert</a> - anti-spyware and security suite

Source=Paul Collins Startup list

[Acronis Scheduler2 Service]
Number=243
Confirmed=U
Filename=schedhlp.exe
Description=Part of <a href="http://www.acronis.com/homecomputing/products/trueimage/" target="_blank">Acronis True Image</a> - backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images
Source=Paul Collins Startup list

[Acronis True Image]
Number=244
Confirmed=U
Filename=TimounterMonitor.exe
Description=Part of <a href="http://www.acronis.com/homecomputing/products/trueimage/" target="_blank">Acronis True Image</a> backup software. Monitor for the backup archive explorer for moving and viewing files within an archive
Source=Paul Collins Startup list

[Acronis True Image Monitor]
Number=245
Confirmed=N
Filename=TrueImageMonitor.exe
Description=Part of <a href="http://www.acronis.com/homecomputing/products/trueimage/" target="_blank">Acronis True Image</a> - backup software. Can be disabled without affecting TrueImage
Source=Paul Collins Startup list

[Acronis TrueImage Monitor]
Number=246
Confirmed=N
Filename=TrueImageMonitor.exe
Description=Part of <a href="http://www.acronis.com/homecomputing/products/trueimage/" target="_blank">Acronis True Image</a> - backup software. Can be disabled without affecting TrueImage
Source=Paul Collins Startup list

[AcronisTimounterMonitor]
Number=247
Confirmed=U
Filename=TimounterMonitor.exe
Description=Part of <a href="http://www.acronis.com/homecomputing/products/trueimage/" target="_blank">Acronis True Image</a> backup software. Monitor for the backup archive explorer for moving and viewing files within an archive
Source=Paul Collins Startup list

[AcronisTrueImage Monitor]
Number=248
Confirmed=N
Filename=TrueImageMonitor.exe
Description=Part of <a href="http://www.acronis.com/homecomputing/products/trueimage/" target="_blank">Acronis True Image</a> - backup software. Can be disabled without affecting TrueImage
Source=Paul Collins Startup list

[Act! Preloader]
Number=249
Confirmed=U
Filename=Act8.exe
Description=Sage Software's <a href="http://www.act.com/products/index.cfm" target="_blank">ACT!</a> "enables individuals and small business customers to instantly access key contact and customer information, manage and prioritize activities, and track all contact-related communications so you can grow productive business relationships"
Source=Paul Collins Startup list

[Action Manager 32]
Number=250
Confirmed=N
Filename=am32.exe
Description=Associated with a Plustech scanner. Small utility that runs in the background for doing fax/copy/etc. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[ActionAgent]
Number=251
Confirmed=?
Filename=actionagent.exe
Description="A COM server that runs on the client as part of the Dell OpenManage Client Instrumentation 6.x package; provides a simple method for a remote administrator to perform actions on the instrumented client". <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list

[Activation]
Number=252
Confirmed=N
Filename=Activation.exe
Description=Part of Microsoft Money
Source=Paul Collins Startup list

[Activboard]
Number=253
Confirmed=U
Filename=MMKeybd.exe
Description=Packard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keys
Source=Paul Collins Startup list

[Active Bit Station]
Number=254
Confirmed=X
Filename=abs.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050615-3728-99" target="_blank">MYTOB.BZ</a> WORM!
Source=Paul Collins Startup list

[Active Email Monitor]
Number=255
Confirmed=U
Filename=aem25.exe
Description=<a href="http://www.vicman.net/emailmon/" target="_blank">Active Email Monitor</a> checks multiple accounts for email, serves as a SPAM filter and can also protect you from harmful items that can be sent via email
Source=Paul Collins Startup list

[Active shield]
Number=256
Confirmed=U
Filename=Activeshield.exe
Description=<a href="http://www.securitystronghold.com/" target=_blank>Active Shield</a> is "an heuristic screen that actively protects your computer from trojans, spyware, adware, trackware, dialers, keyloggers, and even some special kinds of viruses"
Source=Paul Collins Startup list

[ActiveDesktop]
Number=257
Confirmed=X
Filename=systray32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-030717-0234-99" target="_blank">DABOOM</a> WORM!
Source=Paul Collins Startup list

[ACTIVEDS]
Number=258
Confirmed=X
Filename=ACTIVEDS.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T" target="_blank">OPASERV.T</a> WORM!
Source=Paul Collins Startup list

[ActiveEyes]
Number=259
Confirmed=N
Filename=ActiveEyes.exe
Description=ActiveEyes from TFI Technology is a small utility that you can use to liven up your desktop. It follows your mouse around and can tell you how far your cursor has travelled or point out where the cursor is. It's small, it's free and comes with a range of options and animations. Not needed - if unavailable via Start -> Programs, create your own shortcut
Source=Paul Collins Startup list

[ActiveKeys.AAB635BD7D054a37A576]
Number=260
Confirmed=U
Filename=akeys.exe
Description="<a href="http://softarium.com/activekeys/" target="_blank">Active Keys</a> is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action"
Source=Paul Collins Startup list

[ActiveMenu]
Number=261
Confirmed=U
Filename=ActiveMenu.exe
Description=Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
Source=Paul Collins Startup list

[ActivePlus]
Number=262
Confirmed=U
Filename=activeplus.exe
Description=Interactive Agents Plugin for <a href="http://www.patchou.com/msgplus/" target="_blank">Messenger Plus!</a> (MSN Messenger add-on)
Source=Paul Collins Startup list

[ActiveScan Antivirus]
Number=263
Confirmed=X
Filename=ActiveScan.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfkq.html" target="_blank">RBOT-FKQ</a> WORM!
Source=Paul Collins Startup list

[ActiveShield]
Number=264
Confirmed=Y
Filename=MCVSSHLD.EXE
Description=McAfee VirusScan On-line. See also the McAgentExe entry
Source=Paul Collins Startup list

[ActiveSpeed]
Number=265
Confirmed=U
Filename=AS.exe
Description=Ascentive <a href="http://www.barelyaverage.com/portfolio/html_emails/ascentive/activespeed_biplane/biplane_anim.html" target=_blank>ActiveSpeed</a> Internet Optimizer
Source=Paul Collins Startup list

[ActiveSync]
Number=266
Confirmed=X
Filename=wcescom32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmancsyne.html" target="_blank">MANCSYN-E</a> TROJAN!
Source=Paul Collins Startup list

[ActiveWords]
Number=267
Confirmed=N
Filename=AWMonitor.exe
Description=<a href="http://www.activewords.com" target="_blank">ActiveWords</a> from ActiveWord Systems, Inc. Like macro programs, ActiveWords sits in the background and watches as you type. When it recognizes that you’ve typed an ActiveWord, it takes the associated action, such as replacing your keystrokes with the text you’ve defined
Source=Paul Collins Startup list

[ActiveX Streamer]
Number=268
Confirmed=X
Filename=msgfix.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.NQ" target="_blank">SDBOT.NQ</a> WORM!
Source=Paul Collins Startup list

[ActiveXUpdate]
Number=269
Confirmed=X
Filename=svcss.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojdedlerc.html" target=_blank>DEDLER.C</a> TROJAN!
Source=Paul Collins Startup list

[Activity]
Number=270
Confirmed=U
Filename=actik.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-032917-5224-99" target="_blank">ActivityKey</a> Keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[ActivSurf]
Number=271
Confirmed=N
Filename=backweb*****.exe
Description=Packard Bell ActivSurf - automatically detects an internet connection and downloads any available updates
Source=Paul Collins Startup list

[ActMaker]
Number=272
Confirmed=U
Filename=ActMak25.exe
Description="<a href="http://www.789987.com/products.htm" target=_blank>ActMaker</a> mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload. You don't need to do any coding, nor are you required to know a lot about the computer"
Source=Paul Collins Startup list

[ActMaker]
Number=273
Confirmed=U
Filename=ActMaker25.exe
Description=<a href="http://www.789987.com/products.htm" target=_blank>ActMaker</a> mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload

Source=Paul Collins Startup list

[ACTray]
Number=274
Confirmed=U
Filename=ACTray.exe
Description=System Tray icon for <a href="http://www.pc.ibm.com/us/think/thinkvantagetech/accessconnections.html" target="_blank">ThinkVantage Access Connections</a> - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically"
Source=Paul Collins Startup list

[Actual Window Minimizer]
Number=275
Confirmed=U
Filename=ActualWindowMinimizerCenter.exe
Description=<a href="http://www.actualtools.com/windowminimizer/" target=_blank>Actual Window Minimizer</a> - "allows minimizing any window to task tray notification area or to the edge of the screen"

Source=Paul Collins Startup list

[ACTX1]
Number=276
Confirmed=X
Filename=v1201.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453097395" target="_blank">VB.IS</a> TROJAN!
Source=Paul Collins Startup list

[ACU]
Number=277
Confirmed=U
Filename=ACU.exe
Description=<a href="http://www.atheros.com/" target="_blank">Atheros</a> wireless Client Utility
Source=Paul Collins Startup list

[ACU_QSB]
Number=278
Confirmed=U
Filename=ACU.exe
Description=<a href="http://www.atheros.com/" target="_blank">Atheros</a> wireless Client Utility
Source=Paul Collins Startup list

[ACWLIcon]
Number=279
Confirmed=U
Filename=ACWLIcon.exe
Description=Related to IBM ThinkVantage Connectivity Solution

Source=Paul Collins Startup list

[Ad Blocker]
Number=280
Confirmed=U
Filename=blocker.exe
Description=<a href="http://www.cdkm.com/" target="_blank">Ad Blocker</a> - blocks popups, and also removes banners, image ads and flash ads
Source=Paul Collins Startup list

[Ad Blocker Pro]
Number=281
Confirmed=U
Filename=Ad Blocker Pro.exe
Description=Ad Away popup and banner remover
Source=Paul Collins Startup list

[Ad Muncher]
Number=282
Confirmed=U
Filename=AdMunch.exe
Description=<a href="http://www.admuncher.com/" target="_blank">Ad Muncher</a> removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications
Source=Paul Collins Startup list

[Ad Online Guide]
Number=283
Confirmed=?
Filename=adonlineguide.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Ad-aware]
Number=284
Confirmed=N
Filename=Ad-aware.exe
Description=<a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-aware</a> from Lavasoft. Checks your PC for "Spyware" which reports back your internet activities to "base". Available via Start -> Programs
Source=Paul Collins Startup list

[Ad-Aware]
Number=285
Confirmed=X
Filename=Ad-Aware.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadj.html" target=_blank>RBOT-ADJ</a> WORM! Note - this is not the popular <a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-aware</a> spware/adware removal tool and is located in the Winnt\System32 or Windows\System32 directory
Source=Paul Collins Startup list

[Ad-Eliminator]
Number=286
Confirmed=N
Filename=ad-eliminator.exe
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>
Source=Paul Collins Startup list

[Ad-Muncher]
Number=287
Confirmed=U
Filename=ADMUNCH.EXE
Description=<a href="http://www.admuncher.com/" target="_blank">Ad Muncher</a> removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications
Source=Paul Collins Startup list

[Ad-Protect]
Number=288
Confirmed=U
Filename=ad-protect.exe
Description=<a href="http://www.adprotectplus.com/" target=_blank>Ad-Protect</a> spyware and spam monitoring tool

Source=Paul Collins Startup list

[Ad-watch]
Number=289
Confirmed=U
Filename=Ad-watch.exe
Description=Part of Lavasoft <a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-aware Plus</a> - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system
Source=Paul Collins Startup list

[AD2KClient]
Number=290
Confirmed=U
Filename=AD2KClient.exe
Description=Executable for <a href="http://www.iomega-activedisk.com/index.jsp" target="_blank">Active Disk</a> from Iomega disk - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk
Source=Paul Collins Startup list

[Adaptec DirectCD]
Number=291
Confirmed=N
Filename=Directcd.exe
Description=DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later

Source=Paul Collins Startup list

[AdaptecDirectCD]
Number=292
Confirmed=N
Filename=Directcd.exe
Description=DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -&gt; Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later
Source=Paul Collins Startup list

[AdAware]
Number=293
Confirmed=X
Filename=wini.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxn.html" target="_blank">RBOT-XN</a> WORM!
Source=Paul Collins Startup list

[Adaware Bootup]
Number=294
Confirmed=N
Filename=ad-aware.exe
Description=<a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-aware</a> from Lavasoft. Checks your PC for "Spyware" which reports back your internet activities to "base". Available via Start -> Programs
Source=Paul Collins Startup list

[Adaware lptt01]
Number=295
Confirmed=X
Filename=adaware.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>. Note - this is not the valid Lavasoft Adaware
Source=Paul Collins Startup list

[Adaware ml097e]
Number=296
Confirmed=X
Filename=adaware.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>. Note - this is not the valid Lavasoft Adaware
Source=Paul Collins Startup list

[Add**.exe [* = random char]]
Number=297
Confirmed=X
Filename=Add**.exe [* = random char]
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
Source=Paul Collins Startup list

[Add**32.exe [* = random char]]
Number=298
Confirmed=X
Filename=Add**32.exe [* = random char]
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
Source=Paul Collins Startup list

[AddClass]
Number=299
Confirmed=X
Filename=AddClass.exe
Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#addclass" target=_blank>Addclass</a> parasite variant
Source=Paul Collins Startup list

[AddClass]
Number=300
Confirmed=X
Filename=[Installation_Path]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080815-4711-99" target=_blank>STARTPAGE.F</a> hijacker
Source=Paul Collins Startup list

[AddClass]
Number=301
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsecdla.html" target=_blank>SECDL-A</a> TROJAN!
Source=Paul Collins Startup list

[AdDelete]
Number=302
Confirmed=U
Filename=AdDelete.exe
Description=Banner advertisment blocker
Source=Paul Collins Startup list

[AdDestroyer]
Number=303
Confirmed=X
Filename=AdDestroyer.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Virtual%20Bouncer&threatid=12432" target="_blank">Virtual Bouncer</a> - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see <a href="http://groups.google.com/group/alt.sports.hockey.nhl.vanc-canucks/msg/dec91d1aa1e0d9dd?hl=en&lr=&ie=UTF-8&oe=UTF-8" target="_blank">here</a>
Source=Paul Collins Startup list

[addproxy]
Number=304
Confirmed=?
Filename=addproxy.exe
Description=Related to Adobe Photoshop
Source=Paul Collins Startup list

[ADG]
Number=305
Confirmed=?
Filename=ADG.exe
Description=<font color="#FF0000"> SoundBlaster Audigy related?</font>
Source=Paul Collins Startup list

[ADGJdet]
Number=306
Confirmed=N
Filename=ADGJDet.exe
Description=Added with SoundBlaster Live! or Audigy soundcards for headphone autodetection
Source=Paul Collins Startup list

[aDir]
Number=307
Confirmed=X
Filename=adirss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojspamsrve.html" target="_blank">SPAMSRV-E</a> TROJAN!
Source=Paul Collins Startup list

[Adiras]
Number=308
Confirmed=Y
Filename=Adiras.exe
Description=ADSL USB modem related
Source=Paul Collins Startup list

[adirka]
Number=309
Confirmed=X
Filename=adirka.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtibsqt.html" target="_blank">TIBS-QT</a> TROJAN!
Source=Paul Collins Startup list

[AdKiller]
Number=310
Confirmed=U
Filename=AD Defender.exe
Description=Part of <a href="http://www.evonsoft.com/Advanced-Spyware-Remover.htm" target="_blank">Advanced Spyware Remover</a> anti-spyware tool
Source=Paul Collins Startup list

[ADM Library Loader]
Number=311
Confirmed=X
Filename=admlib32.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99" target="_blank">SDBOT</a> TROJAN!
Source=Paul Collins Startup list

[Admanager Controller]
Number=312
Confirmed=X
Filename=AdManCtl.exe
Description=Adware, probably a Windupdates variant
Source=Paul Collins Startup list

[Admilli Service]
Number=313
Confirmed=X
Filename=AdmilliServ.exe
Description=Windupdates adware variant
Source=Paul Collins Startup list

[Administrator]
Number=314
Confirmed=X
Filename=svchost.scr
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-092910-5215-99" target=_blank>NOVACAL</a> TROJAN!
Source=Paul Collins Startup list

[AdminSoft]
Number=315
Confirmed=X
Filename=sysfile.vbs
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/vbsstargruba.html" target="_blank">STARGRUB-A</a> WORM!
Source=Paul Collins Startup list

[admtray.exe]
Number=316
Confirmed=U
Filename=admtray.exe
Description=Related to <a href="http://global.acer.com/" target=_blank>Acer</a> Inc. destop tray
Source=Paul Collins Startup list

[Adobe]
Number=317
Confirmed=X
Filename=Adobe.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[Adobe]
Number=318
Confirmed=X
Filename=sysconfig.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[adobe]
Number=319
Confirmed=X
Filename=gam.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Adobe]
Number=320
Confirmed=X
Filename=sysbat32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LOWZONES.T" target=_blank>LOWZONES.T</a> TROJAN!
Source=Paul Collins Startup list

[Adobe]
Number=321
Confirmed=X
Filename=zteam.exe
Description=Added by an unidentified TROJAN!
Source=Paul Collins Startup list

[Adobe Acrobat]
Number=322
Confirmed=N
Filename=READER~1.EXE
Description=Speeds up the time it takes to load the <a href="http://www.adobe.com/products/acrobat/readermain.html" target="_blank">Adobe Reader</a> application. Your choice, but not required for Adobe Reader to function properly
Source=Paul Collins Startup list

[Adobe Acrobat Distiller Application]
Number=323
Confirmed=X
Filename=acrotray.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040512-3029-99" target=_blank>RANDEX.DFJ</a> WORM!
Source=Paul Collins Startup list

[Adobe Acrobat Reader CFG]
Number=324
Confirmed=X
Filename=[random filename]
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Adobe Filter Platform]
Number=325
Confirmed=X
Filename=afilterplatform.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotop.html" target=_blank>RBOT-OP</a> WORM!
Source=Paul Collins Startup list

[Adobe Gamma Loader]
Number=326
Confirmed=U
Filename=Adobe Gamma Loader.exe
Description=Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fine
Source=Paul Collins Startup list

[Adobe Photo Downloader]
Number=327
Confirmed=N
Filename=apdproxy.exe
Description=Part of <a href="http://www.adobe.com/" target=_blank>Adobe's</a> Photoshop Album or Photoshop Elements packages - starts each time you connect an external image device to your PC (see <a href="http://www.adobe.com/support/techdocs/332361.html" target=_blank>here</a>)
Source=Paul Collins Startup list

[Adobe Reader Speed Lauch]
Number=328
Confirmed=N
Filename=reader_sl.exe
Description=Speeds up the launch of Adobe (Acrobat) Reader 7
Source=Paul Collins Startup list

[Adobe Reader Speed Launch]
Number=329
Confirmed=N
Filename=reader_sl.exe
Description=Speeds up the time it takes to load the <a href="http://www.adobe.com/products/acrobat/readermain.html" target=_blank>Adobe Reader</a> application. Your choice, but not required for Adobe Reader to function properly
Source=Paul Collins Startup list

[Adobe Reader Speed Launch]
Number=330
Confirmed=N
Filename=READER~1.EXE
Description=Speeds up the time it takes to load the <a href="http://www.adobe.com/products/acrobat/readermain.html" target="_blank">Adobe Reader</a> application. Your choice, but not required for Adobe Reader to function properly
Source=Paul Collins Startup list

[Adobe Version Cue CS2]
Number=331
Confirmed=U
Filename=VersionCueCS2Tray.exe
Description=File manager that's part of <a href="http://www.adobe.com/products/creativesuite/index.html?c=us" target="_blank">Adobe Creative Suite 2</a> - "find files fast, track versions across applications, link files together, and share them in creative collaboration without fear of overwriting someone else's work"
Source=Paul Collins Startup list

[AdobeA]
Number=332
Confirmed=X
Filename=adobes.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_100373.htm" target="_blank">FLOOD.BA</a> TROJAN!
Source=Paul Collins Startup list

[AdobeFonts]
Number=333
Confirmed=X
Filename=fonts.hta
Description=Browser hijacker - redirecting to Hugesearch.net
Source=Paul Collins Startup list

[adobemgr]
Number=334
Confirmed=X
Filename=adobemgr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-091214-5754-99" target=_blank>ADCLICKER</a> TROJAN!
Source=Paul Collins Startup list

[AdobeReader]
Number=335
Confirmed=X
Filename=msni.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.DAO" target="_blank">RBOT.DAO</a> TROJAN!
Source=Paul Collins Startup list

[AdobeReaderPro]
Number=336
Confirmed=X
Filename=msnxpsp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotask.html" target=_blank>RBOT-ASK</a> or <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaus.html" target=_blank>RBOT-AUS</a> WORMS!
Source=Paul Collins Startup list

[AdobeReaderPro]
Number=337
Confirmed=X
Filename=ntkernell32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaty.html" target=_blank>RBOT-ATY</a> WORM!
Source=Paul Collins Startup list

[AdobeReaderPro]
Number=338
Confirmed=X
Filename=msnserve.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotakh.html" target="_blank">SDBOT-AKH</a> WORM!
Source=Paul Collins Startup list

[AdobeReaderPro]
Number=339
Confirmed=X
Filename=updt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ircbotvq.html" target="_blank">IRCBOT-VQ</a> WORM!
Source=Paul Collins Startup list

[AdobeReaderProfessional]
Number=340
Confirmed=X
Filename=msx64.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgat.html" target="_blank">RBOT-GAT</a> WORM!
Source=Paul Collins Startup list

[AdobeReaderPros]
Number=341
Confirmed=X
Filename=sysmsn.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbgh.html" target="_blank">RBOT-BGH</a> WORM!
Source=Paul Collins Startup list

[AdobeVersionCue]
Number=342
Confirmed=N
Filename=VersionCueTray.exe
Description="An exclusive feature of the Adobe® Creative Suite, <a href="http://www.adobe.com/products/creativesuite/versioncue.html" target=_blank>Version Cue™</a> helps you find files fast, track multiple versions of your files, and share your files for creative collaboration"
Source=Paul Collins Startup list

[Adope File Manager]
Number=343
Confirmed=X
Filename=lsasv.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[adp]
Number=344
Confirmed=X
Filename=adp.exe
Description=Spyware installed by Net2Phone, Limewire, Cydoor, Grokster, KaZaa, etc
Source=Paul Collins Startup list

[AdPopup]
Number=345
Confirmed=X
Filename=dcf5678.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentfz.html" target=_blank>AGENT-FZ</a> TROJAN!
Source=Paul Collins Startup list

[adprot]
Number=346
Confirmed=X
Filename=adprot.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051216-4630-99" target=_blank>AdBlaster</a> adware
Source=Paul Collins Startup list

[ADQuickAccess]
Number=347
Confirmed=N
Filename=Adtray.exe
Description=After Dark for Windows. Screen saver creation program produced before screen savers became integrated into Win95
Source=Paul Collins Startup list

[ADriver]
Number=348
Confirmed=X
Filename=windrv.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DELF.WG" target="_blank">DELF.WG</a> TROJAN!
Source=Paul Collins Startup list

[AdRoarUpdate]
Number=349
Confirmed=X
Filename=ARUpdate.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120211-0649-99" target="_blank">AdRoar</a> adware updater
Source=Paul Collins Startup list

[AdRotator.Application]
Number=350
Confirmed=X
Filename=[path to csrss.exe]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallaq.html" target=_blank>SMALL-AQ</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
Source=Paul Collins Startup list

[AdRotator.Application]
Number=351
Confirmed=X
Filename=services.exe
Description=Added by <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080316-2013-99&tabid=1" target=_blank>FakeMessage/AdRotator</a> adware. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in an "Inetsrv" subfolder
Source=Paul Collins Startup list

[ADS Adware Remover]
Number=352
Confirmed=N
Filename=ADS Adware Remover.exe
Description=Adware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[AdsBlocker]
Number=353
Confirmed=X
Filename=stopAds.exe
Description=Reported as DILAER.DW by <a href="http://www.eset.com/products/index.php" target="_blank">NOD32</a>
Source=Paul Collins Startup list

[ADService]
Number=354
Confirmed=U
Filename=ADService.exe
Description=Part of Iomega's <a href="http://www.iomega-activedisk.com/index.jsp" target="_blank">Active Disk</a> - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk
Source=Paul Collins Startup list

[AdsGone]
Number=355
Confirmed=U
Filename=Adsgone.exe
Description=<a href="http://www.adsgone.com/" target="_blank">AdsGone</a> - pop-up stopper
Source=Paul Collins Startup list

[ADSL Diagnostic Tools]
Number=356
Confirmed=N
Filename=mapiicon.exe
Description=System tray access to ADSL modem diagnostic tools. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[ADSLSYSTEMTRAY]
Number=357
Confirmed=?
Filename=SystemtrayV100B.exe
Description=Apparently Annex A ADSL modem related. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[AdslTaskBar]
Number=358
Confirmed=Y
Filename=rundll32.exe stmctrl.dll, TaskBar
Description=ISP software, initializes DSL modem
Source=Paul Collins Startup list

[AdslTaskBars]
Number=359
Confirmed=X
Filename=taskmng.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxz.html" target=_blank>RBOT-AXZ</a> WORM!
Source=Paul Collins Startup list

[ADSL_A2]
Number=360
Confirmed=?
Filename=A2Installed
Description=Associated with an Integrated Telecom Express (ITeX) ADSL driver installation. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[ADSS]
Number=361
Confirmed=Y
Filename=ADSS.exe
Description=ADSS is part of <a href="http://www.johnru.com/" target="_blank">Access Denied</a> security and privacy software (Access Denied Security Server) that monitors power status and provides some other services for Screen Guard. Important to keep its running while using Access Denied
Source=Paul Collins Startup list

[adstartup]
Number=362
Confirmed=X
Filename=automove.exe
Description=<a href="http://www.spywareguide.com/product_show.php?id=791" target="_blank">Adlogix</a> adware variant
Source=Paul Collins Startup list

[adstartup]
Number=363
Confirmed=X
Filename=Adstartup.exe
Description=<a href="http://www.spywareguide.com/product_show.php?id=791" target=_blank>Adlogix</a> adware variant
Source=Paul Collins Startup list

[AdStatus Service]
Number=364
Confirmed=X
Filename=AdStatServ.exe
Description=WindUpdates <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094113" target="_blank">AdStatus Service</a> adware
Source=Paul Collins Startup list

[AdSubtract]
Number=365
Confirmed=U
Filename=adsub.exe
Description=AdSubtract blocks ads, cookies, pop-up windows, animations, music, and more. Can be disabled from within AdSubtract. Available via Start -> Programs. Now superseeded by <a href="http://www.trendmicro.com/en/products/desktop/as/evaluate/overview.htm" target="_blank">Trend Micro AntiSpyware</a>
Source=Paul Collins Startup list

[adtech2005]
Number=366
Confirmed=X
Filename=adtech2005.exe
Description=Recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan.Win32.StartPage.aw
Source=Paul Collins Startup list

[adtech2006]
Number=367
Confirmed=X
Filename=adtech2006.exe
Description=Recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Clicker.Win32.VB.kc
Source=Paul Collins Startup list

[Adtools Service]
Number=368
Confirmed=X
Filename=AdTools.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453082798" target="_blank">Windupdates</a> Adware
Source=Paul Collins Startup list

[ADU]
Number=369
Confirmed=?
Filename=adu.exe
Description=Related to <a href="http://www.cisco.com/" target="_blank">Cisco</a> Aironet wireless products. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[AdultX]
Number=370
Confirmed=X
Filename=AdultX.exe
Description=Adult content dialler and hijacker
Source=Paul Collins Startup list

[Adult_Chat]
Number=371
Confirmed=X
Filename=Adult_Chat.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[Adult_Chat1]
Number=372
Confirmed=X
Filename=Adult_Chat1.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[AdUpdater]
Number=373
Confirmed=X
Filename=sysupudt.exe
Description=Unidentified adware downloader/updater
Source=Paul Collins Startup list

[ADUserMon]
Number=374
Confirmed=U
Filename=ADUserMon.exe
Description=Part of Iomega's <a href="http://www.iomega-activedisk.com/index.jsp" target="_blank">Active Disk</a> - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk
Source=Paul Collins Startup list

[Advanced DHTML Enable]
Number=375
Confirmed=X
Filename=exo32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojranckfi.html" target="_blank">RANCK-FI</a> TROJAN!
Source=Paul Collins Startup list

[Advanced Internet Protocol]
Number=376
Confirmed=X
Filename=cerf.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Advanced Protection System]
Number=377
Confirmed=X
Filename=advpsys.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Advanced Spyware Remover]
Number=378
Confirmed=U
Filename=Asr.exe
Description=<a href="http://www.evonsoft.com/" target=_blank>Advanced Spyware Remover</a> anti spyware tool

Source=Paul Collins Startup list

[Advanced Tool Checks]
Number=379
Confirmed=X
Filename=advchks.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Advanced Tools Check]
Number=380
Confirmed=N
Filename=ADVCHK.EXE
Description=Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget
Source=Paul Collins Startup list

[Advanced Uninstaller PRO Installation Monitor]
Number=381
Confirmed=U
Filename=monitor.exe
Description=Innovative Solutions <a href="http://www.innovative-sol.com/products.htm#uninstaller" target=_blank>Advanced Uninstaller PRO</a> - "easy-to-use suite for uninstalling applications and keeping your computer fast, clean, and in its best shape"
Source=Paul Collins Startup list

[Advapi]
Number=382
Confirmed=X
Filename=Advapi.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_NETDEVIL.12" target="_blank">NETDEVIL.12</a> WORM!
Source=Paul Collins Startup list

[ADVCHK]
Number=383
Confirmed=N
Filename=ADVCHK.EXE
Description=Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget
Source=Paul Collins Startup list

[Advertising Killer]
Number=384
Confirmed=U
Filename=Akiller.exe
Description=<a href="http://sourceforge.net/projects/akiller/" target="_blank">Advertising Killer</a> - popup stopper
Source=Paul Collins Startup list

[advmon32]
Number=385
Confirmed=X
Filename=advmon32.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list

[Adware Agent]
Number=386
Confirmed=U
Filename=adware agent.exe
Description=<a href="http://www.topshareware.com/Adware-Agent-download-4866.htm" target="_blank">Adware Agent</a> popup blocker
Source=Paul Collins Startup list

[Adware Spy]
Number=387
Confirmed=N
Filename=AdwareSpy.exe
Description=Adware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[AdwareAlert]
Number=388
Confirmed=U
Filename=AdwareAlert.Exe
Description=Adware program, previously not recommended (see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#adw-alert_note" target=_blank>here</a>). It has now been delisted, so make sure you have the latest version
Source=Paul Collins Startup list

[AdwareDelete]
Number=389
Confirmed=N
Filename=adwaredelete.exe
Description=Adware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>
Source=Paul Collins Startup list

[Aeiwlsta.exe]
Number=390
Confirmed=?
Filename=Aeiwlsta.exe
Description=IBM High Rate Wireless LAN Adapter driver.<font color="#FF0000"> Is it required?</font>
Source=Paul Collins Startup list

[AELaunch]
Number=391
Confirmed=N
Filename=AELaunch.exe
Description=Audio Applications Launcher for the Philips <a href="http://www.digit-life.com/articles/philipsae/index.html" target="_blank">Acoustic Edge</a> soundcard
Source=Paul Collins Startup list

[AERVICESN]
Number=392
Confirmed=X
Filename=AERVICESN.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32randonao.html" target=_blank>RANDON-AO</a> WORM!
Source=Paul Collins Startup list

[AeXAgentLogon]
Number=393
Confirmed=N
Filename=AeXAgentActivate.exe
Description=<a href="http://www.altiris.com" target=_blank>Altiris</a> Agent transmits information about your machine for the purpose of asset management and deployment
Source=Paul Collins Startup list

[AeXSWDUsr]
Number=394
Confirmed=?
Filename=AeXSWDUsr.exe
Description=<a href="http://www.altiris.com/" target="_blank">Altiris</a> Express NS Client Manager software. <font color="#FF0000"> Is it required?</font>
Source=Paul Collins Startup list

[AEZBProc]
Number=395
Confirmed=U
Filename=aptezbp.exe
Description=IBM Aptiva keyboard customizer - enables certain special buttons on keyboard for CD operation, volume control, and few quickstart buttons. Keyboard will work without it but you lose the special functions
Source=Paul Collins Startup list

[AFAFilter]
Number=396
Confirmed=U
Filename=windefault.exe
Description=<a href="http://www.afafilter.com/" target="_blank">AFAFilter</a> - internet filter software
Source=Paul Collins Startup list

[Agent]
Number=397
Confirmed=N
Filename=Agent.exe
Description=<a href="http://www.cyberlink.com/" target=_blank>Cyberlink's</a> Power VCR II 3.0 is a TV tuner recording utility. If you want to schedule recordings you'll need this, otherwise can be disabled. Available via Start -> Programs

Source=Paul Collins Startup list

[Agent]
Number=398
Confirmed=X
Filename=alsys.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32drefv.html" target="_blank">DREF-V</a> VIRUS!
Source=Paul Collins Startup list

[agent]
Number=399
Confirmed=X
Filename=ppl.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32drefu.html" target="_blank">DREF-U</a> VIRUS!
Source=Paul Collins Startup list

[Agent Browser]
Number=400
Confirmed=X
Filename=[random filename]
Description=Added by the PPdoor.M-bdr backdoor TROJAN!
Source=Paul Collins Startup list

[Agent Explorer]
Number=401
Confirmed=X
Filename=[random filename]
Description=Unidentified adware
Source=Paul Collins Startup list

[Agente]
Number=402
Confirmed=?
Filename=Remupd.exe
Description=Part of <a href="http://www.pandasoftware.com/home/particulares/default" target="_blank">Panda Antivirus </a>. <font color="#FF0000">Is this an update reminder (guess because of the name), virus definition update reminder or something similar?</font>
Source=Paul Collins Startup list

[agentsvr]
Number=403
Confirmed=X
Filename=agentsvr.exe
Description=Malware, detected by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as AdWare.Monker.a. NOTE: do NOT confuse with the Microsoft Agent Server application of the same name as described  <a href="http://www.microsoft.com/msagent/default.asp" target=_blank>here</a> - the legitimate file will always be located in the Windows\Msagent folder
Source=Paul Collins Startup list

[AgfaCLnk]
Number=404
Confirmed=U
Filename=AgfaCLnk.exe
Description=For Agfa digital cameras connected via USB. Enables Windows to access the contents of the memory stick (while the stick's still on the camera) via a virtual drive
Source=Paul Collins Startup list

[agp]
Number=405
Confirmed=X
Filename=agp32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040112-0028-99" target="_blank">GAOBOT.SY</a> WORM!
Source=Paul Collins Startup list

[AGRSMMSG]
Number=406
Confirmed=Y
Filename=AGRSMMSG.exe
Description=IBM AMR modem driver
Source=Paul Collins Startup list

[AGSatellite]
Number=407
Confirmed=N
Filename=AGSatellite.exe
Description=Program from AudioGalaxy that lets you download some MP3s from their server. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[ahfp]
Number=408
Confirmed=U
Filename=ahfp.exe
Description=<a href="http://www.softbe.com/" target="_blank">Advanced Hide Folders</a> - &quot;is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either&quot;
Source=Paul Collins Startup list

[ahfprog]
Number=409
Confirmed=U
Filename=ahfp.exe
Description=<a href="http://www.softbe.com/" target="_blank">Advanced Hide Folders</a> - &quot;is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either&quot;
Source=Paul Collins Startup list

[AHNSD]
Number=410
Confirmed=Y
Filename=AhnSD.exe
Description=<a href="http://global.ahnlab.com/" target="_blank">AhnLab</a> V3 antivirus updater - leave enabled unless you manually update on a regular basis
Source=Paul Collins Startup list

[AHNUE]
Number=411
Confirmed=?
Filename=AHNUE.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[ahost]
Number=412
Confirmed=X
Filename=ahost.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[AHQInit]
Number=413
Confirmed=N
Filename=ahqinit.exe
Description=Part of AudioHQ for the Soundblaster Live!. Appears as though it makes the AudioHW toolbar drop down from the top of the desktop and isn't required
Source=Paul Collins Startup list

[Ahst]
Number=414
Confirmed=X
Filename=iebs.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[AHU]
Number=415
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32anaconb.html" target=_blank>ANACON-B</a> WORM!
Source=Paul Collins Startup list

[ahui32.exe]
Number=416
Confirmed=X
Filename=ahui32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcertifm.html" target=_blank>CERTIF-M</a> TROJAN!
Source=Paul Collins Startup list

[Aica]
Number=417
Confirmed=X
Filename=tuaa.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[Aida]
Number=418
Confirmed=X
Filename=ttuh.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[Aida]
Number=419
Confirmed=X
Filename=eetu.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target=_blank>PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[aiepk]
Number=420
Confirmed=U
Filename=aiepk2.exe
Description=<a href="http://www.fadsoft.net/Another%20IE%20Popup%20Killer.htm" target="_blank">Another IE Popup Killer</a> - pop-up stopper
Source=Paul Collins Startup list

[AIM]
Number=421
Confirmed=N
Filename=aim.exe
Description=AOL Instant Messenger. If connected to the internet, automatically runs up AIM. Convenience more than anything. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[AIM]
Number=422
Confirmed=U
Filename=AIM+.exe
Description=AIM plus - a free add-on to AOL's Instant Messenger for Windows from Big-O Software
Source=Paul Collins Startup list

[AIM Instant Message Cookies]
Number=423
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafv.html" target=_blank>RBOT-AFV</a> WORM!
Source=Paul Collins Startup list

[Aim Plugin]
Number=424
Confirmed=X
Filename=aimplugin.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32guapf.html" target=_blank>GUAP-F</a> WORM!
Source=Paul Collins Startup list

[AIM reminder]
Number=425
Confirmed=X
Filename=AIM reminder.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BUDDY.E" target="_blank">BUDDY</a> TROJAN!
Source=Paul Collins Startup list

[Aim6]
Number=426
Confirmed=N
Filename=AOLLaunch.exe
Description=<a href="http://www.aim.com/" target="_blank">AOL Instant Messenger</a> - start it when you want to use it
Source=Paul Collins Startup list

[AIM95 Startup]
Number=427
Confirmed=X
Filename=aim95.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AEE" target=_blank>AGOBOT.AEE</a> WORM!
Source=Paul Collins Startup list

[aimaol lptt01]
Number=428
Confirmed=X
Filename=aimaol.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Aimaol" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[aimaol ml097e]
Number=429
Confirmed=X
Filename=aimaol.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Aimaol" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[aimb.exe]
Number=430
Confirmed=U
Filename=aimb.exe
Description=<a href="http://sarc.com/avcenter/venc/data/spyware.imsurfsentinel.html" target=_blank>IMSufSentinel</a> is a spy program which can record IM conversations, log keystrokes, record URLs visited, and take screenshots. If you didn't install this yourself remove it
Source=Paul Collins Startup list

[AimingClick]
Number=431
Confirmed=N
Filename=AimingClick.exe
Description=<a href="http://www.aimingtech.com/aimingclick/" target="_blank">AimingClick</a> from AimingTech. Web searching tool. Available via Start -> Programs
Source=Paul Collins Startup list

[AIMPro]
Number=432
Confirmed=U
Filename=aimpro.exe
Description=<a href="http://aimpro.premiumservices.aol.com/" target="_blank">AIM Pro</a> - secure instant messaging, video conferencing, on-line meetings and desktop and file sharing
Source=Paul Collins Startup list

[AIMster]
Number=433
Confirmed=N
Filename=??
Description=Peer to Peer (P2P) file sharing client that runs over the AOL Instant Messenger network. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[AIMWDInstall]
Number=434
Confirmed=N
Filename=AIMWDInstall.exe
Description=Version of the <a href="http://www.wildtangent.com/default.asp" target="_blank">WildTangent</a> on-line games installer that came with versions of AOL Instant Messenger. Note that WildTanget's <a href="http://www.wildtangent.com/default.asp?pageID=company_art&artid=art20030925_A" target="_blank">privacy policy</a> used to state that they also collect and share individuals information but this is no longer the case
Source=Paul Collins Startup list

[Aiptek Graphics Tablet (USB)]
Number=435
Confirmed=Y
Filename=atwtusb.exe
Description=USB interface for Aiptek Graphics Tablet (USB)
Source=Paul Collins Startup list

[aircity]
Number=436
Confirmed=X
Filename=aircity.exe
Description=Related to "Prutect" malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a>
Source=Paul Collins Startup list

[AKEYNAME]
Number=437
Confirmed=X
Filename=WinServ.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101912-0427-99" target="_blank">EVILBOT.C</a> TROJAN!
Source=Paul Collins Startup list

[akeys]
Number=438
Confirmed=U
Filename=akeys.exe
Description="<a href="http://softarium.com/activekeys/" target="_blank">Active Keys</a> is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action"
Source=Paul Collins Startup list

[AKiller]
Number=439
Confirmed=U
Filename=akiller.exe
Description=<a href="http://sourceforge.net/projects/akiller/" target="_blank">Advertising Killer</a> - popup stopper
Source=Paul Collins Startup list

[ala.exe]
Number=440
Confirmed=X
Filename=ala.exe
Description=<a href="http://www.softheap.com/lock.html" target=_blank>Access Lock</a> is a system-tray security utility you can use to secure your desktop when you are away from your computer
Source=Paul Collins Startup list

[Alarm Manager]
Number=441
Confirmed=U
Filename=Alarm.app.exe
Description=Palm alarm event reminder that coordinates what is on your Palm with settings on your desktop
Source=Paul Collins Startup list

[AlarmWatcher]
Number=442
Confirmed=?
Filename=AlarmWatcher.exe
Description=<font color="#FF0000">Associated with SynTPEnh and SynTPLpr which are from Synaptics for touchpads on laptops. What does it do and is it required?</font>
Source=Paul Collins Startup list

[Album Fast Start]
Number=443
Confirmed=N
Filename=ABMTSR.EXE
Description=Scanner software, not required for scanner to work
Source=Paul Collins Startup list

[AlcFDMonitor]
Number=444
Confirmed=?
Filename=ALCFDRTM.EXE
Description=RealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - <font color="#FF0000">is it required in startup?</font>
Source=Paul Collins Startup list

[ALCFDRTM16]
Number=445
Confirmed=?
Filename=ALCFDRTM16.com
Description=RealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - <font color="#FF0000">is it required in startup?</font>
Source=Paul Collins Startup list

[Alchem]
Number=446
Confirmed=X
Filename=Alchem.exe
Description=<a href="http://www.symantec.com/security_response/print_writeup.jsp?docid=2004-050512-4801-99" target="_blank">ClickAlchemy</a> adware
Source=Paul Collins Startup list

[Alcmtr]
Number=447
Confirmed=U
Filename=Alcmtr.exe
Description=Installed with hardware drivers for a Realtek AC97 audio device. It's believed that Realtek uses this file in order to data about the customer. Some users report problems with their on-board sound if this is disabled - hence the "U" recommendation
Source=Paul Collins Startup list

[Alcohol]
Number=448
Confirmed=U
Filename=Alcohol.exe
Description=<a href="http://www.alcohol-software.com/index.php" target="_blank">Alcohol 120%</a> - CD/DVD emulation/writing/copying software 
Source=Paul Collins Startup list

[Alcohol Autorun]
Number=449
Confirmed=U
Filename=Alcohol.exe
Description=<a href="http://www.alcohol-software.com/index.php" target="_blank">Alcohol 120%</a> - CD/DVD emulation/writing/copying software
Source=Paul Collins Startup list

[Alcom PCL Capture]
Number=450
Confirmed=?
Filename=FMW_PCAP.EXE
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[AlcWzrd]
Number=451
Confirmed=N
Filename=ALCWZRD.EXE
Description=RealTek High Definition audio driver related - detects new devices when plugged in, then pops up a dialog box. If everything works as expected you should be able to disable this one
Source=Paul Collins Startup list

[AlcxMonitor]
Number=452
Confirmed=U
Filename=Alcxmntr.exe
Description=Installed with hardware drivers for a Realtek AC97 audio device. It's believed that Realtek uses this file in order to gather data about the customer. Some users report problems with their on-board sound if this is disabled - hence the "U" recommendation
Source=Paul Collins Startup list

[aldefr ere service]
Number=453
Confirmed=X
Filename=tay0x.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxs.html" target=_blank>RBOT-XS</a> WORM!
Source=Paul Collins Startup list

[Alevir]
Number=454
Confirmed=X
Filename=Alevir.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32opaserva.html" target=_blank>OPASERV-A</a> WORM!

Source=Paul Collins Startup list

[AlevirOld]
Number=455
Confirmed=X
Filename=[worm filename]
Description=Added by the <a href="http://www.bullguard.com/virus/default.aspx?id=24" target=_blank>OPASERV</a> WORM!

Source=Paul Collins Startup list

[Alexa]
Number=456
Confirmed=N
Filename=alexa.exe
Description=Related to Alexa. Note - collects and stores information about the web pages you view, the data you enter in online forms and search programs and, with versions 5.0 and higher, the products you purchase online whilst using the toolbar. Although Alexa state's they do not attempt to analyze the data it may collect about you to determine who you are, some of your information collected by the software is personally identifiable. Please read the <a href="http://www.alexa.com/site/help/privacy" target="_blank">Privacy Policy</a>. Not Recommended
Source=Paul Collins Startup list

[AlexaToolbar]
Number=457
Confirmed=X
Filename=alt.exe
Description=Reported as the DELF.EB hijacker by <a href="http://www.ewido.net/en/" target=_blank>Ewido Security Suite</a>
Source=Paul Collins Startup list

[AlfaCleaner]
Number=458
Confirmed=X
Filename=AlfaCleaner.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=AlfaCleaner&threatid=44118" target="_blank">AlphaCleaner</a> is now a stealth install using exploits on unpatched systems. Seen alongside RazeSpyware 

Source=Paul Collins Startup list

[AlfaClock Classic]
Number=459
Confirmed=U
Filename=AlfaClock.exe
Description=<a href="http://www.alfasoftweb.com/" target=_blank>AlfaClock</a> from AlfaSoft Research Labs - "enhances your taskbar clock (tray clock) with fully customizable clock display, alarms, time synchronization and more"

Source=Paul Collins Startup list

[ALFY Accellerator]
Number=460
Confirmed=?
Filename=AlfyAC~1.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[ALG.EXE]
Number=461
Confirmed=X
Filename=iexplorer .exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32demotryb.html" target=_blank>DEMOTRY-B</a> WORM!
Source=Paul Collins Startup list

[ALG32]
Number=462
Confirmed=X
Filename=ALG32.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031109-3305-99" target=_blank>STARTPAGE.K</a> hijacker
Source=Paul Collins Startup list

[ALGU]
Number=463
Confirmed=X
Filename=ALGU.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcwsi.html" target=_blank>CWS-I</a> TROJAN!
Source=Paul Collins Startup list

[ALi5289]
Number=464
Confirmed=U
Filename=ALi5289.exe
Description=Related to <a href="http://www.uli.com.tw/" target="_blank">Uli Integrated Drivers</a> from Uli Electronics Inc
Source=Paul Collins Startup list

[Alias SketchBook Snapshot]
Number=465
Confirmed=N
Filename=ALIASS~2.EXE
Description=Screen-capture utility for Alias Sketchbook
Source=Paul Collins Startup list

[AlienAutopsy]
Number=466
Confirmed=N
Filename=Test_BS.exe
Description=<a href="http://www.alienware.com/" target="_blank">Alienware</a> computer technical support software
Source=Paul Collins Startup list

[ALiSndMgr]
Number=467
Confirmed=Y
Filename=ALiSndMg.exe
Description=ALi AC97 Sound driver
Source=Paul Collins Startup list

[AliUSBfix]
Number=468
Confirmed=?
Filename=GREENMK.exe
Description=<font color="#FF0000">May be realted to a USB 2.0 PCI card - the IOgear GIC220OU?</font>
Source=Paul Collins Startup list

[Alive SYstem]
Number=469
Confirmed=X
Filename=scchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtofdropb.html" target=_blank>TOFDROP-B</a> TROJAN!
Source=Paul Collins Startup list

[Alive SYstem]
Number=470
Confirmed=X
Filename=scchostc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtofdropb.html" target=_blank>TOFDROP-B</a> TROJAN!
Source=Paul Collins Startup list

[alkasr]
Number=471
Confirmed=X
Filename=ÎäŇíŃ.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-090212-3607-99" target="_blank">BALKART</a> TROJAN!
Source=Paul Collins Startup list

[All Aboard Status]
Number=472
Confirmed=U
Filename=stswin.exe
Description=<a target="_blank" href="http://yippee.i4free.co.nz/html/win/internet/title6724.htm">All Aboard! Internet Connection Sharing</a> status icon
Source=Paul Collins Startup list

[All Sea screen saver]
Number=473
Confirmed=X
Filename=TaskTray.exe
Description="Free screensaver", installs lots of foistware. See <a href="http://www.spywareinfo.com/forums/index.php?act=ST&amp;f=10&amp;t=5833&amp;hl=&amp;s=" target="_blank">here</a>. Get rid of it
Source=Paul Collins Startup list

[All Sea web link]
Number=474
Confirmed=X
Filename=FWLink.exe
Description="Free screensaver", installs lots of foistware. See <a href="http://www.spywareinfo.com/forums/index.php?act=ST&amp;f=10&amp;t=5833&amp;hl=&amp;s=" target="_blank">here</a>. Get rid of it
Source=Paul Collins Startup list

[AllerCalc]
Number=475
Confirmed=N
Filename=AllerCalc.exe
Description=<a href="http://www.allersoft.com/allercalc.htm" target=_blank>AllerCalc</a> is an expression calculator which allows you to directly enter an expression to be evaluated. Can be started manually
Source=Paul Collins Startup list

[Allopassw]
Number=476
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_RANKY.CU" target="_blank">RANKY.CU</a> TROJAN!
Source=Paul Collins Startup list

[AllSeeingEye]
Number=477
Confirmed=U
Filename=ase.exe
Description=<a href="http://www.fortego.com/en/ase.html" target=_blank>All-Seeing_Eye</a> security software - "monitors everything that takes place on your computer, and alerts the user as soon as anything suspicious or out-of-the-ordinary is happening, providing the user with alternatives for possible actions"
Source=Paul Collins Startup list

[allSnap]
Number=478
Confirmed=U
Filename=allSnap.exe
Description="<a href="http://ca.geocities.com/ivanheckman@rogers.com/" target="_blank">allSnap</a> is a small system tray app that makes all top level windows automatically align like they do in programs such as Winamp or Photoshop"
Source=Paul Collins Startup list

[AllToTray]
Number=479
Confirmed=U
Filename=ALLTOTRAY.EXE
Description=<a href="http://www.dntsoft.com/" target=_blank>AlltoTray</a> from DNTSoft - minimize any program to your System Tray

Source=Paul Collins Startup list

[Alogrithm Link Queue]
Number=480
Confirmed=X
Filename=alq.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Alogserv]
Number=481
Confirmed=U
Filename=Alogserv.exe
Description=From McAfee VirusScan for logging scanning activities. In some cases, if left running it can cause CPU % usage to go between 5-95% or go to and stay at 100%. Disabling it impacts on the reported last scan date. It is reported to cause jerky graphics response in many games. As of version 6, this is a critical component of McAfee and disabling it can cause a PC to lock up
Source=Paul Collins Startup list

[ALPass]
Number=482
Confirmed=U
Filename=ALPass.exe
Description=<a href="http://www.altools.net/Default.aspx?tabid=62" target=_blank>ALPass</a> password manager
Source=Paul Collins Startup list

[Alps Electric USB Server]
Number=483
Confirmed=Y
Filename=Monserv.exe
Description=Alps Electric USB Server - required according to <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;200692" target="_blank">this</a> article


Source=Paul Collins Startup list

[AlpsPoint]
Number=484
Confirmed=U
Filename=Apoint.exe
Description=Touchpad software for laptop PC's. For instance it is found on the Panasonic and Sony Vaio machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work
Source=Paul Collins Startup list

[ALServ]
Number=485
Confirmed=?
Filename=ALServ.exe
Description=Altec Lansing AMS speaker related.<font color="#FF0000"> What does it do and is it required?</font>
Source=Paul Collins Startup list

[Altnet]
Number=486
Confirmed=X
Filename=points manager.exe
Description=Altnet <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080415-0053-99" target=_blank>TopSearch</a> adware
Source=Paul Collins Startup list

[AltnetPointsManager]
Number=487
Confirmed=X
Filename=points manager.exe
Description=Altnet <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080415-0053-99" target=_blank>TopSearch</a> adware
Source=Paul Collins Startup list

[AltoMB_service]
Number=488
Confirmed=U
Filename=AltoMBsrv.exe
Description=Alto Memory Booster from <a href="http://www.altosoftware.com/" target="_blank">Alto Software</a> - boost the computers performance via more intelligent and efficient memory management. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://aumha.org/win4/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
Source=Paul Collins Startup list

[ALTOOLS]
Number=489
Confirmed=U
Filename=AccessL.exe
Description=<a href="http://www.altools.net/" target=_blank>ALTools</a> family of PC utilities

Source=Paul Collins Startup list

[AltPayments]
Number=490
Confirmed=X
Filename=AltPayments.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-053116-5734-99" target="_blank">WeirdOnTheWeb</a> adware
Source=Paul Collins Startup list

[ALU Scheduler Service]
Number=491
Confirmed=N
Filename=ALUSchedulerSvc.exe
Description=Symantec LiveUpdate scheduler for programs such as Norton AV or Internet Security
Source=Paul Collins Startup list

[ALUAlert]
Number=492
Confirmed=U
Filename=ALUNotify.exe
Description=Notification reminder for Symantec's LiveUpdate. Leave enabled unless you manually run LiveUpdate on a regular basis
Source=Paul Collins Startup list

[Aluria Security Center]
Number=493
Confirmed=N
Filename=SecurityCenter.exe
Description=Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see <a href="http://netrn.net/spywareblog/archives/2004/11/06/aluria-confused/" target="_blank">here</a>
Source=Paul Collins Startup list

[Aluria's Pop-Up Stopper]
Number=494
Confirmed=U
Filename=eps.exe
Description=Aluria Pop-Stopper
Source=Paul Collins Startup list

[Aluria's Spyware Eliminator]
Number=495
Confirmed=N
Filename=ASE.exe
Description=Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see <a href="http://netrn.net/spywareblog/archives/2004/11/06/aluria-confused/" target="_blank">here</a>
Source=Paul Collins Startup list

[AlwaysOnTopMaker]
Number=496
Confirmed=U
Filename=AlwaysOnTopMaker.exe
Description=<a href="http://www.fadsoft.net/AlwaysOnTopMaker.htm" target="_blank">Always On Top Maker</a> - utilty to enable an application to always be displayed "on top" of others on the desktop
Source=Paul Collins Startup list

[AlwaysReady Power Message APP]
Number=497
Confirmed=N
Filename=ARPWRMSG.EXE
Description=Related to HP and Compaq Desktop PCs. Read <a href="http://h10025.www1.hp.com:80/ewfrf/wc/genericDocument?docname=bph07149&cc=us&lc=en&dlc=en&dlc=en&lang=en" target="_blank">this</a> article
Source=Paul Collins Startup list

[AmazingTens]
Number=498
Confirmed=X
Filename=AmazingTens.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list

[AMD PowerNow!]
Number=499
Confirmed=U
Filename=GemBack.exe
Description=<a href="http://www.amd.com/us-en/0,,3715_13530_1260_1204^964,00.html" target="_blank">AMD PowerNow!</a> - "an innovative solution available on all AMD mobile processor-based notebooks that can effectively increase notebook battery life, while delivering performance on demand"
Source=Paul Collins Startup list

[amd_dc_opt]
Number=500
Confirmed=Y
Filename=amd_dc_opt.exe
Description=<a href="http://www.amd.com/us-en/Processors/TechnicalResources/0,,30_182_871_9706,00.html" target="_blank">AMD Dual-Core Optimizer</a> - "can help improve some PC gaming video performance by compensating for those applications that bypass the Windows API for timing by directly using the RDTSC (Read Time Stamp Counter) instruction"
Source=Paul Collins Startup list

[America Online *.* Tray Icon]
Number=501
Confirmed=N
Filename=aoltray.exe
Description=Puts AOL icon in System Tray (*.* denotes version if present). Connect to AOL via the desktop shortcut or Start -&gt; Programs
Source=Paul Collins Startup list

[AME_CSA]
Number=502
Confirmed=N
Filename=rundll32 amecsa.cpl, RUN_DLL
Description=Loads ADSL modem Control Panel applet
Source=Paul Collins Startup list

[AModemLockDown]
Number=503
Confirmed=U
Filename=ModemLockDown.exe
Description=<a href="http://modemlockdown.techconz.com/index.html" target=_blank>ModemLockDown</a> - allows you to supervise internet access by disabling the modem, protects againt dialers accessing dial-up connections, etc
Source=Paul Collins Startup list

[Amon]
Number=504
Confirmed=Y
Filename=AMON.EXE
Description=Monitoring part of Eset's <a href="http://www.eset.com/products/index.php" target="_blank">NOD32</a> virus-scanner
Source=Paul Collins Startup list

[Amonitor]
Number=505
Confirmed=Y
Filename=amon.exe
Description=<a href="http://www.tinysoftware.com/home/tiny2?la=EN" target="_blank">Tiny Personal Firewall</a>
Source=Paul Collins Startup list

[AMP WinOFF]
Number=506
Confirmed=U
Filename=winoff.exe
Description=<a href="http://www.ampsoft.net/utilities/WinOFF.php" target=_blank>WinOFF</a> is " a utility designed to shut down Windows computers automatically, in a fully configurable way"
Source=Paul Collins Startup list

[AMSG]
Number=507
Confirmed=U
Filename=Amsg.exe
Description=Part of the IBM <a href="http://www.pc.ibm.com/us/think/thinkvantagetech/productivity_ctr.html" target="_blank">ThinkVantage Productivity Center</a>. "The Message Center sends automatic notification on ThinkVantage Technologies integrated with your system. Once you're online"
Source=Paul Collins Startup list

[AMSN]
Number=508
Confirmed=N
Filename=amsn.exe
Description=<a href="http://sourceforge.net/projects/amsn/" target="_blank">aMSN Messenger</a> is a multiplatform MSN messenger clone
Source=Paul Collins Startup list

[amsn]
Number=509
Confirmed=X
Filename=amsn.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerbnz.html" target="_blank">BANKER-BNZ</a> TROJAN!
Source=Paul Collins Startup list

[Anapod Manager]
Number=510
Confirmed=N
Filename=anamgr.exe
Description=<a href="http://www.redchairsoftware.com/anapod/" target="_blank">Anapod Explorer</a> "is the most advanced Windows iPod software available, offering iPod management through full Windows Explorer integration under My Computer"
Source=Paul Collins Startup list

[anbv32]
Number=511
Confirmed=X
Filename=nabv32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091209-3011-99" target="_blank">TITOG.C</a> WORM!
Source=Paul Collins Startup list

[ANIWZCS2Service]
Number=512
Confirmed=Y
Filename=WZCSLDR2.exe
Description=<a href="http://www.alphanetworks.com/" target=_blank>ALPHA Networks</a> wireless driver
Source=Paul Collins Startup list

[ANIWZCSService]
Number=513
Confirmed=?
Filename=WZCSLDR.exe
Description=D-Link wireless PCI adapter related. In some cases reported to cause excessive CPU activity
Source=Paul Collins Startup list

[AnnotateCheck]
Number=514
Confirmed=?
Filename=AnnCheck.exe
Description=Genius Wizard Pen Tablet driver related. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list

[Announcements]
Number=515
Confirmed=N
Filename=Annclist.exe
Description=MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it
Source=Paul Collins Startup list

[Anntext]
Number=516
Confirmed=N
Filename=Anntext.exe
Description=Caere Pagekeeper text annotation server
Source=Paul Collins Startup list

[Anonymizer Total Net Shield]
Number=517
Confirmed=U
Filename=AnonTns.exe
Description=Anonymizer <a href="http://www.anonymizer.com/consumer/products/total_net_shield/" target="_blank">Total Net Shield</a> - ID protection and privacy software
Source=Paul Collins Startup list

[ANONYMIZER_SPYWAREKILLER]
Number=518
Confirmed=U
Filename=SpyWareKiller.exe
Description=Anonymizer Spyware Killer - now <a href="http://www.anonymizer.com/consumer/products/anti_spyware/" target="_blank">Anti-Spyware</a>
Source=Paul Collins Startup list

[ANONYMIZER_SPYWAREKILLER]
Number=519
Confirmed=U
Filename=AnonAntiSpyware.exe
Description=Anonymizer Spyware Killer - now <a href="http://www.anonymizer.com/consumer/products/anti_spyware/" target="_blank">Anti-Spyware</a>
Source=Paul Collins Startup list

[Another Internet Explorer Popup Killer]
Number=520
Confirmed=U
Filename=aiepk2.exe
Description=<a href="http://www.fadsoft.net/Another%20IE%20Popup%20Killer.htm" target="_blank">Another IE Popup Killer</a> - pop-up stopper
Source=Paul Collins Startup list

[ansjava]
Number=521
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32randonan.html" target=_blank>RANDON-AN</a> WORM!
Source=Paul Collins Startup list

[Anskya]
Number=522
Confirmed=X
Filename=PYSKY.NET.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadermw.html" target="_blank">DLOADER-MW</a> TROJAN!
Source=Paul Collins Startup list

[Answer Problem]
Number=523
Confirmed=X
Filename=dSAFsqs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotsc.html" target="_blank">SDBOT-SC</a> WORM!
Source=Paul Collins Startup list

[AnswerTool]
Number=524
Confirmed=U
Filename=AnswerTool.exe
Description=<a href="http://www.answertool.com/" target=_blank>AnswerTool</a> - save your E-mail replies in AnswerTool, then reuse them again and again

Source=Paul Collins Startup list

[Anti Spam Service]
Number=525
Confirmed=X
Filename=spamsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobbk.html" target=_blank>MYTOB-BK</a> WORM!
Source=Paul Collins Startup list

[Anti-Blaxx Manager]
Number=526
Confirmed=N
Filename=Anti-Blaxx.exe
Description=<a href="http://www.antiblaxx.com/" target=_blank>Anti-Blaxx</a> - bypass blacklistings from different copy protections bypassing methods like virtual CD or DVD drives

Source=Paul Collins Startup list

[Anti-keylogger check]
Number=527
Confirmed=U
Filename=antikey.exe
Description=<a href="http://www.anti-keyloggers.com/" target="_blank">Anti-keylogger</a> - protects against keylogger programs monitoring your keystrokes
Source=Paul Collins Startup list

[Anti-Trojan-Watch]
Number=528
Confirmed=U
Filename=ATWatch.exe
Description=Anti-Trojan Watch - trojan detector
Source=Paul Collins Startup list

[Anti-Virus]
Number=529
Confirmed=X
Filename=vpms.exe
Description=Added by the <a href="http://www.scanspyware.net/info/Sdbot.GV.htm" target="_blank">SDBOT.GV</a> WORM!
Source=Paul Collins Startup list

[Anti-Virus]
Number=530
Confirmed=X
Filename=[random filename].exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcaprobada.html" target="_blank">CAPROBAD-A</a> TROJAN!
Source=Paul Collins Startup list

[Anti-Virus Product Sync]
Number=531
Confirmed=X
Filename=[unprintable character][3 characters]log.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061311-1623-99" target=_blank>KEDEBE.D</a> WORM!
Source=Paul Collins Startup list

[Anti-Virus Update Scheduler]
Number=532
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojspammita.html" target=_blank>SPAMMIT-A</a> TROJAN!
Source=Paul Collins Startup list

[Anti-Virus Update Scheduler]
Number=533
Confirmed=X
Filename=winsp3.exe
Description=Malware - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as TrojanProxy.Agent.fp - A Proxy Trojan is a backdoor which allows a remote hacker to connect to other systems via the compromised system
Source=Paul Collins Startup list

[Anti-Virus Update Scheduler V1.39.12R]
Number=534
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050122-5053-99" target="_blank">HEPLANE</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050215-0935-99" target="_blank">STAPREW.B</a> TROJANS! - different filenames have been spotted; examples: msvc.exe, kaspersky.exe, nrton.exe, wins.exe, gah32.exe, 1.tmp, syste.exe, alg.exe, socks.exe, winxpsp2.exe, tek9.exe, sks.exe, hihi.exe, s.exe, xps2.exe, dns2.exe, ikav32.exe and more...
Source=Paul Collins Startup list

[AntiClicker]
Number=535
Confirmed=X
Filename=SVCHST32.EXE
Description=Added by the <a href="http://vil.nai.com/vil/content/v_100928.htm" target="_blank">CBH</a> TROJAN!
Source=Paul Collins Startup list

[antidialer.co.uk]
Number=536
Confirmed=U
Filename=Dialer_Watcher.exe
Description=<a href="http://freespace.virgin.net/glenn.fletcher/index2.htm" target="_blank">Dialer_Watcher</a> is an application that allows you to detect <a href="http://www.mcgill.ca/ncs/products/security/threatsdangers/virus/dialers/" target="_blank">dialers</a> on your computer
Source=Paul Collins Startup list

[AntiPopUp]
Number=537
Confirmed=U
Filename=AntiPopUp.exe
Description=<a href="http://www.webknacks.com/antipopup.htm" target="_blank">AntiPopUp for IE</a> - pop-up stopper
Source=Paul Collins Startup list

[AntiVerminser]
Number=538
Confirmed=N
Filename=AntiVerminser.exe
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[Antivir]
Number=539
Confirmed=X
Filename=svchst.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojragruka.html" target=_blank>RAGRUK-A</a> TROJAN!
Source=Paul Collins Startup list

[AntiVir]
Number=540
Confirmed=X
Filename=scvhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentdsf.html" target="_blank">AGENT-DSF</a> TROJAN!
Source=Paul Collins Startup list

[AntiVir]
Number=541
Confirmed=X
Filename=winlog.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbottj.html" target="_blank">IRCBOT-TJ</a> TROJAN!
Source=Paul Collins Startup list

[AntiVir XP]
Number=542
Confirmed=Y
Filename=AVwin.exe
Description=<a href="http://www.free-av.com/" target=_blank>AntiVir® PersonalEdition Classic</a> - antivirus

Source=Paul Collins Startup list

[Antivirus]
Number=543
Confirmed=X
Filename=av.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101417-5541-99" target="_blank">SINKIN</a> TROJAN! Resets IE start page to realphx.com
Source=Paul Collins Startup list

[Antivirus]
Number=544
Confirmed=X
Filename=maja.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-030509-1444-99" target="_blank">NETSKY.H</a> WORM!
Source=Paul Collins Startup list

[Antivirus]
Number=545
Confirmed=X
Filename=iexpl0res.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[AntiVirus]
Number=546
Confirmed=X
Filename=kaspery.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Antivirus Installer]
Number=547
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbadgenta.html" target=_blank>BADGENT-A</a> TROJAN!
Source=Paul Collins Startup list

[Antivirus-Golden]
Number=548
Confirmed=N
Filename=Antivirus-Golden.exe
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[antivirus32]
Number=549
Confirmed=X
Filename=antivirus.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022323-4358-99" target=_blank>SPYBOT.KAI</a> WORM!
Source=Paul Collins Startup list

[AntivirusGold]
Number=550
Confirmed=X
Filename=AntivirusGold.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/Pest.aspx?id=453094194" target="_blank">AntivirusGold</a> malware
Source=Paul Collins Startup list

[AntiVirusProtection]
Number=551
Confirmed=?
Filename=qumk.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[antiware]
Number=552
Confirmed=X
Filename=elite***32.exe [*** = random char]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderhw.html" target=_blank>DLOADER-HW</a> TROJAN!
Source=Paul Collins Startup list

[AntiWindowsMessenger]
Number=553
Confirmed=U
Filename=AntiMsMsg.exe
Description=<a href="http://fileforum.betanews.com/detail/1069500643/1" target="_blank">Anti-Windows_Messenger</a> is a small application that prevents Windows Messenger from remaining resident in memory
Source=Paul Collins Startup list

[anti_troj]
Number=554
Confirmed=X
Filename=anti_troj.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-112315-1052-99" target=_blank>LODEAR.D</a> TROJAN!
Source=Paul Collins Startup list

[AnVir]
Number=555
Confirmed=Y
Filename=AnVir.exe
Description=<a href="http://anvir.com/taskmanager/" target="_blank">AnVir Task Manager</a> - protects computer against viruses and manages running processes and startup files
Source=Paul Collins Startup list

[AnVir Task Manager]
Number=556
Confirmed=Y
Filename=AnVir.exe
Description=<a href="http://anvir.com/taskmanager/" target="_blank">AnVir Task Manager</a> - protects computer against viruses and manages running processes and startup files
Source=Paul Collins Startup list

[anvshell]
Number=557
Confirmed=U
Filename=anvshell.exe
Description=System Tray tool for ASUS video cards. If disabled you lose all the ASUS specific video card options in Control Panel -&gt; Display Properties -&gt; Advanced as well as the System Tray shortcuts toolbar
Source=Paul Collins Startup list

[Any To-Do List]
Number=558
Confirmed=U
Filename=anytodo.exe
Description=<a href="http://www.anyutils.com/anytodo.htm" target=_blank>Any To-Do List</a> "the ultimate software solution to keep yourself organized and reminded"

Source=Paul Collins Startup list

[anycom bluetooth]
Number=559
Confirmed=?
Filename=ftflauncher.exe
Description=Associated with an Anycom bluetooth wireless card. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[AnyDVD]
Number=560
Confirmed=U
Filename=AnyDVD.exe
Description=<a href="http://www.slysoft.com/en/anydvd.html" target="_blank">AnyDVD</a> - descrambles DVD-Movies automatically in the background and the DVD appears unprotected and region code free. Also removes prohibited operations from the DVD such as skipping adverts - hence the "U" recommendation
Source=Paul Collins Startup list

[AO Tray]
Number=561
Confirmed=N
Filename=AOTray.Exe
Description=System Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control Panel
Source=Paul Collins Startup list

[aol]
Number=562
Confirmed=Y
Filename=avp.exe
Description=AOL's <a href="http://www.securitycadets.com/2006/08/aols-active-virus-shield-in-a-nutshell/" target="_blank">Active Virus Shield</a>
Source=Paul Collins Startup list

[AOL 9.0 Optimized]
Number=563
Confirmed=X
Filename=AOLClient.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021517-4127-99" target=_blank>SPYBOTER.A</a> TROJAN!
Source=Paul Collins Startup list

[AOL Broadband Check-Up]
Number=564
Confirmed=U
Filename=matcli.exe
Description="matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". The AOL Self Support Tool is required to run with the Help and Support program. If you uncheck AOL and and then run Help and Support it will add another AOL entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide
Source=Paul Collins Startup list

[AOL Companion]
Number=565
Confirmed=N
Filename=companion.exe
Description=Part of the AOL Connection Suite and installs an icon on the system tray offering easy access to AOL's additional utilities and functions. This program is a non-essential process, and is installed for ease of use

Source=Paul Collins Startup list

[Aol Configuration Loader]
Number=566
Confirmed=X
Filename=aimsng.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxe.html" target=_blank>SDBOT-XE</a> WORM!
Source=Paul Collins Startup list

[AOL Fast Start]
Number=567
Confirmed=?
Filename=AOL.exe
Description=AOL ISP software related. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[AOL Instant Messanger]
Number=568
Confirmed=X
Filename=aim.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotyt.html" target=_blank>SDBOT-YT</a> WORM!
Source=Paul Collins Startup list

[AOL Instant Messengar]
Number=569
Confirmed=X
Filename=aol.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotfn.html" target="_blank">AGOBOT-FN</a> WORM!
Source=Paul Collins Startup list

[AOL Instant Messenger]
Number=570
Confirmed=?
Filename=AlM.EXE
Description=That is an L between the A and M, the start up location is wrong for AIM. <font color="#FF0000">What does this relate to?</font>
Source=Paul Collins Startup list

[Aol Instant Messenger]
Number=571
Confirmed=X
Filename=aolmsg.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042300-3701-99" target="_blank">KELVIR.AL</a> WORM!
Source=Paul Collins Startup list

[AOL Instant Messenger 7.213]
Number=572
Confirmed=X
Filename=aim9283.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzf.html" target=_blank>SDBOT-ZF</a> WORM!
Source=Paul Collins Startup list

[Aol Instant Messenger Fix]
Number=573
Confirmed=X
Filename=aolfix.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotabj.html" target=_blank>SDBOT-ABJ</a> WORM!
Source=Paul Collins Startup list

[AOL Messenger]
Number=574
Confirmed=X
Filename=[random filename]
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[AOL Messenger]
Number=575
Confirmed=X
Filename=aolmsngr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotjf.html" target=_blank>SDBOT-JF</a> WORM!
Source=Paul Collins Startup list

[AOL Messenger Optimized]
Number=576
Confirmed=X
Filename=AOLOpt.exe
Description=Added by the <a href="http://www.superadblocker.com/definition/aolopt/" target=_blank>AOLOPT</a> TROJAN! 

Source=Paul Collins Startup list

[AOL Services Hosts]
Number=577
Confirmed=X
Filename=aolserviceshosts.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[AOL Spyware Protection]
Number=578
Confirmed=U
Filename=AOLSP Scheduler.exe
Description=AOL's spyware protection program
Source=Paul Collins Startup list

[AOL TopSpeedMonitor]
Number=579
Confirmed=U
Filename=aoltsmon.exe
Description=AOL's <a href="http://site.aol.com/price_plans/bfsdialup.adp" target=_blank>TopSpeed</a> web acceleration technology supposedly helps to make web browsing faster. Most important for those users who still access AOL via dial-up
Source=Paul Collins Startup list

[AolAcsDaemon1]
Number=580
Confirmed=Y
Filename=Acsd.exe
Description=AOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Negates having to go through the procedure of signing back on manually
Source=Paul Collins Startup list

[AolAcsDaemon1]
Number=581
Confirmed=Y
Filename=AOLACSD.EXE
Description=AOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Negates having to go through the procedure of signing back on manually
Source=Paul Collins Startup list

[AOLCC]
Number=582
Confirmed=?
Filename=ACCAgnt.exe
Description=AOL ISP software related, file located in a "AOL Computer Check-Up" folder. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[AolCon]
Number=583
Confirmed=X
Filename=config.com
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112012-0423-99" target="_blank">TAPLAK</a> WORM!
Source=Paul Collins Startup list

[AOLDialer]
Number=584
Confirmed=N
Filename=AOLDial.exe
Description=AOL ISP software dialer - can be activated through a desktop shortcut
Source=Paul Collins Startup list

[AolFix]
Number=585
Confirmed=N
Filename=AolFix.exe
Description=Run on Gateway Astra computers, and maybe a few others. Designed to repair a bad registry key in Gateway computers that would not allow AOL&nbsp; to run correctly. Not seen much any more and should only run once
Source=Paul Collins Startup list

[AOLRegKey32]
Number=586
Confirmed=X
Filename=AOREGSVR512.EXE
Description=Unidentified malware - see <a href="http://fileinfo.prevx.com/QQ2cb317153874-AORE13820788/AOREGSVR512.EXE.html" target=_blank>here</a>

Source=Paul Collins Startup list

[AOLStart]
Number=587
Confirmed=X
Filename=AOLStart.exe
Description=Added by the <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=41605" target="_blank">KRAIMER.12</a> TROJAN!
Source=Paul Collins Startup list

[Aornum]
Number=588
Confirmed=X
Filename=aornum.exe
Description=Installed along with <a href="http://www.iwon.com/home/prizes/pm3_overview/0,21311,,00.html?PG=home?SEC=fnstf">iWon Prize Machine</a>. Based upon their <a href="http://www.iwon.com/home/companyinfo/privacy/privacy_overview/0,11882,,00.html#1">privacy</a> statement this can be regarded as spyware
Source=Paul Collins Startup list

[AOTray]
Number=589
Confirmed=N
Filename=AOTray.Exe
Description=System Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control Panel
Source=Paul Collins Startup list

[APC UPS Status]
Number=590
Confirmed=Y
Filename=Display.exe
Description=<a href="http://www.apcc.com/products/family/index.cfm?id=129&amp;web_displayed=" target="_blank">APC PowerChute Personal Edition</a> status icon
Source=Paul Collins Startup list

[APC_SERVICE]
Number=591
Confirmed=U
Filename=mainserv.exe
Description=<a href="http://www.apcc.com/tools/download/software_comp.cfm?sw_sku=SDW75" target="_blank">PowerChute® Personal Edition</a> - "safe system shutdown software with sophisticated power management functions"
Source=Paul Collins Startup list

[apc_tray]
Number=592
Confirmed=Y
Filename=apc_tray.exe
Description=Part of the APC UPS software loaded with the BACK-UPS CS 350 unit. Required to monitor the APC unit in case of power failure
Source=Paul Collins Startup list

[APD123]
Number=593
Confirmed=X
Filename=APD123.exe
Description=<a href="http://www.benedelman.org/spyware/installations/pacerd/" target=_blank>PacerD Media/Pacimedia.com</a> adware
Source=Paul Collins Startup list

[Api**.exe [* = random char]]
Number=594
Confirmed=X
Filename=Api**.exe [* = random char]
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
Source=Paul Collins Startup list

[Api**32.exe [* = random char]]
Number=595
Confirmed=X
Filename=Api**32.exe [* = random char]
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
Source=Paul Collins Startup list

[API32]
Number=596
Confirmed=X
Filename=api32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotb.html" target=_blank>IRCBOT-B</a> TROJAN!
Source=Paul Collins Startup list

[APIClass]
Number=597
Confirmed=X
Filename=lexplore_.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmsnopta.html" target=_blank>MSNOPT-A</a> TROJAN!
Source=Paul Collins Startup list

[APIMon]
Number=598
Confirmed=X
Filename=apimonx.exe
Description=Added by the TIBSER.A downloader TROJAN!
Source=Paul Collins Startup list

[APIMon]
Number=599
Confirmed=X
Filename=winapix.exe
Description=Added by a variant of the TIBSER.A downloader TROJAN!
Source=Paul Collins Startup list

[APIMon]
Number=600
Confirmed=X
Filename=msreg.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DROPPER.Z" target="_blank">DROPPER.Z</a> TROJAN!
Source=Paul Collins Startup list

[apisvc.exe]
Number=601
Confirmed=X
Filename=apisvc.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_116121.htm" target=_blank>LAMEBOT</a> TROJAN!
Source=Paul Collins Startup list

[APL]
Number=602
Confirmed=U
Filename=APL.exe
Description=Sage Software's <a href="http://www.act.com/products/index.cfm" target="_blank">ACT!</a> The application pre-loader (apl.exe) is a self contained executable that pre-loads the necessary .NET framework and ACT! 2005 assemblies. This pre-loading of assemblies enhances ACT! startup, view load and dialog load times in some areas of the application
Source=Paul Collins Startup list

[Apmsrv9x]
Number=603
Confirmed=?
Filename=APMSRV9X.EXE
Description=<a target="_blank" href="http://www.intel.com/support/network/anypoint/">Intel AnyPoint</a> Wireless II Home Network related. Now discontinued. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[Apoint]
Number=604
Confirmed=U
Filename=Apoint.exe
Description=Touchpad software for laptop PC's. For instance it is found on the Panasonic and Sony Vaio machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work
Source=Paul Collins Startup list

[App**32.exe [* = random char]]
Number=605
Confirmed=X
Filename=App**32.exe [* = random char]
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
Source=Paul Collins Startup list

[App.EXEName]
Number=606
Confirmed=X
Filename=[path to worm]\.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120812-3452-99" target="_blank">BODIRU</a> WORM!
Source=Paul Collins Startup list

[Appcon]
Number=607
Confirmed=U
Filename=vAppCon.exe
Description=Vital Application Console - part of <a href="http://www.pos-partner.com/Product.htm" target="_blank">POS-partner 2000</a> point-of-sale software from Vital. This is the taskbar icon and is enabled at startup by the &quot;Auto-start when OS starts&quot; option. Required for a connection to be established
Source=Paul Collins Startup list

[appconn]
Number=608
Confirmed=X
Filename=appconn.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-071414-1355-99" target="_blank">CARGAO</a> WORM!
Source=Paul Collins Startup list

[AppExtender]
Number=609
Confirmed=U
Filename=AppExtCB.exe
Description=Loads the <a href="http://www.confimax.com/?PHPSESSID=aefc68296846f048b5b7ae96e48d854f" target="_blank">Confimax</a> add-in for popular E-mail programs to confirm E-mails have been sent and received
Source=Paul Collins Startup list

[appis.exe]
Number=610
Confirmed=X
Filename=appis.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453088191" target="_blank">AGENT-BC</a> TROJAN!
Source=Paul Collins Startup list

[Application]
Number=611
Confirmed=Y
Filename=mdmsetsp.exe
Description=<a href="http://www.aztech.com/" target=_blank>Aztech Labs</a> modem driver
Source=Paul Collins Startup list

[Application Explorer]
Number=612
Confirmed=U
Filename=Naldesk.exe
Description=Novell Zenworks Application Explorer Executable. "For almost all users the Novell ZENworks agent (either Application Launcher or Application Explorer) will be run via the user's login script on each successful login. ZENworks is used to periodically deliver software updates and is also used to install the remote management components." 
Source=Paul Collins Startup list

[Application Explorer]
Number=613
Confirmed=U
Filename=NalView.exe
Description=<a href="http://www.novell.com/documentation/zdfs/index.html?page=/documentation/zdfs/zdfsadmn/data/acpsmx1.html" target="_blank">Application Explorer</a> - file manager type access to Novell Application Launcher for installing and updating network residing applications
Source=Paul Collins Startup list

[Application Layer Gateway Service]
Number=614
Confirmed=X
Filename=algs.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-052109-2651-99" target=_blank>LINKBOT.M</a> WORM!
Source=Paul Collins Startup list

[ApplicationProtocolRun]
Number=615
Confirmed=X
Filename=smsbvl32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotcx.html" target="_blank">IRCBOT-CX</a> TROJAN!
Source=Paul Collins Startup list

[AppPlus]
Number=616
Confirmed=U
Filename=AppPlus.exe
Description=<a href="http://www.appplusonline.com/" target="_blank">AppPlus</a> - "menu bar or tray launcher that docks to your desktop, floats or sits in your System Tray. Create graphic/text-based buttons that launch any number of programs, Websites, e-mail addresses or folders (which open in the AppPlus Menu System)"
Source=Paul Collins Startup list

[Apvxd]
Number=617
Confirmed=Y
Filename=APVXDWIN.EXE
Description=Part of <a href="http://www.pandasoftware.com/home/particulares/default" target="_blank">Panda Antivirus </a>. Required to enable permanent virus protection
Source=Paul Collins Startup list

[Apvxdwin]
Number=618
Confirmed=Y
Filename=APVXDWIN.EXE
Description=Part of <a href="http://www.pandasoftware.com/home/particulares/default" target="_blank">Panda Antivirus </a>. Required to enable permanent virus protection
Source=Paul Collins Startup list

[Apwheel]
Number=619
Confirmed=Y
Filename=Apwheel.exe
Description=Wheel support for an Alps mouse&nbsp;
Source=Paul Collins Startup list

[apyginapygin]
Number=620
Confirmed=X
Filename=simenu.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BTR&VSect=P" target=_blank>SDBOT.BTR</a> WORM!
Source=Paul Collins Startup list

[AQ3HelperStartUp]
Number=621
Confirmed=U
Filename=AQ3HEL~1.EXE
Description=ScreenScenes "Aquatica Water Worlds" screensaver. The freeware version comes with <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Claria.GAIN.CommonElements&threatid=5605" target="_blank">GAIN</a> branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
Source=Paul Collins Startup list

[aqadcup.exe]
Number=622
Confirmed=X
Filename=aqadcup.exe
Description=Added by the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/aqadcup/" target="_blank">AGENT.BG</a> WORM!
Source=Paul Collins Startup list

[Aqujyjax]
Number=623
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojranckcq.html" target="_blank">RANCK-CQ</a> TROJAN!
Source=Paul Collins Startup list

[Aqujyjax]
Number=624
Confirmed=X
Filename=aqujyjax.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotyc.html" target="_blank">SDBOT-YC</a> WORM!
Source=Paul Collins Startup list

[ara-key]
Number=625
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080817-4045-99" target="_blank">ANTINNY</a> WORM!
Source=Paul Collins Startup list

[arcaderockstar]
Number=626
Confirmed=X
Filename=arcaderockstar32.exe
Description=Arcade Rockstar (now <a href="http://www.gamevance.com/" target="_blank">Gamevance</a>) - free arcade games and prize tournaments. The program itself is clean, but the TOS and privacy statement say that you agree to allow the program to track/report your surfing and put popup advertising on your computer
Source=Paul Collins Startup list

[Archive]
Number=627
Confirmed=X
Filename=archive.exe
Description=Adware - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan-Downloader.Centim.a
Source=Paul Collins Startup list

[ARCHIVE CONTROL]
Number=628
Confirmed=X
Filename=fixupdattr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-070712-1709-99" target=_blank>MYTOB.GU</a> WORM!
Source=Paul Collins Startup list

[ARCSolo Recovery]
Number=629
Confirmed=N
Filename=N/A
Description=Backup software by Computer Associates - no longer supported
Source=Paul Collins Startup list

[Ardamax Keylogger]
Number=630
Confirmed=U
Filename=akl.exe
Description=<a href="http://www.bleepingcomputer.com/startups/akl.exe-10964.html" target=_blank>Ardakey B</a> keystroke logger/monitoring program - remove unless you installed it yourself!

Source=Paul Collins Startup list

[ares]
Number=631
Confirmed=N
Filename=ares.exe
Description="<a href="http://aresgalaxy.sourceforge.net/" target="_blank">Ares</a> is a free open source file sharing program that enables users to share any digital file including images, audio, video, software, documents, etc"
Source=Paul Collins Startup list

[areslite]
Number=632
Confirmed=N
Filename=AresLite.exe
Description="<a href="http://aresgalaxy.sourceforge.net/" target="_blank">Ares</a> is a free open source file sharing program that enables users to share any digital file including images, audio, video, software, documents, etc"
Source=Paul Collins Startup list

[Argentum Backup]
Number=633
Confirmed=U
Filename=ab.exe
Description=<a href="http://www.argentuma.com/backup.html" target="_blank">Argentum Backup</a> - a small backup program that lets you easily back up your documents and folders
Source=Paul Collins Startup list

[Aritima]
Number=634
Confirmed=X
Filename=aritima.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081915-4836-99" target="_blank">ARITIM</a> WORM!
Source=Paul Collins Startup list

[ARMOR2NET]
Number=635
Confirmed=N
Filename=Armor2net.exe
Description=Related to Armor2net personal firewall (possibly contains or is related to an anti-spyware product known as ArmorWall, which is a spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>
Source=Paul Collins Startup list

[ARPWRMSG]
Number=636
Confirmed=N
Filename=ARPWRMSG.EXE
Description=Related to HP and Compaq Desktop PCs. Read <a href="http://h10025.www1.hp.com:80/ewfrf/wc/genericDocument?docname=bph07149&cc=us&lc=en&dlc=en&dlc=en&lang=en" target="_blank">this</a> article
Source=Paul Collins Startup list

[Artera]
Number=637
Confirmed=U
Filename=arteraui.exe
Description=<a href="http://www.arteraturbo.com/" target="_blank">Artera Turbo Internet Accelerator</a> - "surf faster, boost download speed". Only required if you find it helps improve your performance
Source=Paul Collins Startup list

[AS00 Gear511]
Number=638
Confirmed=?
Filename=Gear511.exe
Description=Software for Netgear wireless network cards. Unknown whether it is required for the wireless card to run but does not seem to be a resource hog. Not required for laptop to run if the wireless network card will not be used. <font color="#FF0000">Is it at all required?</font>
Source=Paul Collins Startup list

[AS00_WN511B]
Number=639
Confirmed=U
Filename=WN511B.exe
Description=Netgear <a href="http://www.netgear.com/Products/Adapters/RangeMaxNextWirelessAdapters/WN511B.aspx" target="_blank">RangeMax NEXT</a> wireless adapter configuration utility
Source=Paul Collins Startup list

[AS00_WPN511]
Number=640
Confirmed=?
Filename=WPN511.exe
Description=NetgearRev MFC Application - software for Netgear wireless network cards - <font color="#FF0000">what does it do and is it required in startup?</font>
Source=Paul Collins Startup list

[ASDPLUGIN]
Number=641
Confirmed=X
Filename=dsldbaccess.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
Source=Paul Collins Startup list

[ASDPLUGIN]
Number=642
Confirmed=X
Filename=canada.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
Source=Paul Collins Startup list

[ASDPLUGIN]
Number=643
Confirmed=X
Filename=france.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
Source=Paul Collins Startup list

[ASDPLUGIN]
Number=644
Confirmed=X
Filename=fullgames.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
Source=Paul Collins Startup list

[ASDPLUGIN]
Number=645
Confirmed=X
Filename=100171be.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
Source=Paul Collins Startup list

[ASDPLUGIN]
Number=646
Confirmed=X
Filename=100176br.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
Source=Paul Collins Startup list

[ASDPLUGIN]
Number=647
Confirmed=X
Filename=adult1.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
Source=Paul Collins Startup list

[ASDPLUGIN]
Number=648
Confirmed=X
Filename=Austria.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
Source=Paul Collins Startup list

[ASDPLUGIN]
Number=649
Confirmed=X
Filename=belgium nm.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
Source=Paul Collins Startup list

[ASDPLUGIN]
Number=650
Confirmed=X
Filename=czech.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
Source=Paul Collins Startup list

[ASDPLUGIN]
Number=651
Confirmed=X
Filename=dbaccess.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
Source=Paul Collins Startup list

[ASDPLUGIN]
Number=652
Confirmed=X
Filename=dslgeaccess.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
Source=Paul Collins Startup list

[ASDPLUGIN]
Number=653
Confirmed=X
Filename=Finland.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
Source=Paul Collins Startup list

[ASDPLUGIN]
Number=654
Confirmed=X
Filename=geaccess.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
Source=Paul Collins Startup list

[ASDPLUGIN]
Number=655
Confirmed=X
Filename=mexico.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
Source=Paul Collins Startup list

[ASDPLUGIN]
Number=656
Confirmed=X
Filename=netherlands.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
Source=Paul Collins Startup list

[ASDPLUGIN]
Number=657
Confirmed=X
Filename=turkey.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
Source=Paul Collins Startup list

[ASDPLUGIN]
Number=658
Confirmed=X
Filename=uk nm.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
Source=Paul Collins Startup list

[ASDPLUGIN]
Number=659
Confirmed=X
Filename=Xadult1.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
Source=Paul Collins Startup list

[ASDPLUGIN]
Number=660
Confirmed=X
Filename=temp532.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
Source=Paul Collins Startup list

[asdx]
Number=661
Confirmed=X
Filename=xwinrpc32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.VO" target="_blank">AGOBOT.VO</a> WORM!
Source=Paul Collins Startup list

[ASE Scheduler]
Number=662
Confirmed=N
Filename=ASE Scheduler.exe
Description=Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see <a href="http://www.boston.com/business/technology/articles/2004/11/06/spyware_killer_displays_its_own_ads/" target=_blank>here</a> and <a href="http://netrn.net/spywareblog/archives/2004/11/06/aluria-confused/" target=_blank>here</a>
Source=Paul Collins Startup list

[Ashampoo PopUpBlocker]
Number=663
Confirmed=U
Filename=PopUpKiller.exe
Description=<a href="http://www.ashampoo.com/frontend/homepage/php/index.php?session_langid=2" target="_blank">Ashampoo</a> popup blocker, part of Magical Security (was Privacy Protector Plus)
Source=Paul Collins Startup list

[ashAvast]
Number=664
Confirmed=Y
Filename=ashAvast.exe
Description=Part of <a href="http://www.avast.com/" target="_blank">Avast</a> antivirus
Source=Paul Collins Startup list

[ASHLT]
Number=665
Confirmed=X
Filename=Ashlt.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100811-0814-99" target="_blank">Ashlt</a> adware
Source=Paul Collins Startup list

[ashMaiSv]
Number=666
Confirmed=Y
Filename=ashmaisv.exe
Description=Part of <a href="http://www.avast.com/" target="_blank">Avast!</a> anti-virus software - E-mail scanner
Source=Paul Collins Startup list

[AsioReg]
Number=667
Confirmed=U
Filename=regsvr32.exe ctasio.dll
Description=<a href="http://www.soundblaster.com/resources/read.asp?articleid=53937&page=1&cat=2" target="_blank">ASIO</a> (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality
Source=Paul Collins Startup list

[ASK]
Number=668
Confirmed=U
Filename=rundll32.exe [path] ASK.dll rdl
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-071816-1110-99" target=_blank>Stealth Keylogger</a> keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[asl]
Number=669
Confirmed=X
Filename=Aslru.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancoscu.html" target=_blank>BANCOS-CU</a> TROJAN!
Source=Paul Collins Startup list

[Asmw Soft Popups Burner]
Number=670
Confirmed=U
Filename=popups burner.exe
Description=Popup blocker, part of Asmw Soft <a href="http://www.asmwsoft.com/products/002.htm" target= blank>PC Optimizer</a>
Source=Paul Collins Startup list

[asnconsole]
Number=671
Confirmed=X
Filename=msasn.exe
Description=Added by the <a href="https://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=53404" target="_blank">RBOT.EVU</a> TROJAN!
Source=Paul Collins Startup list

[ASocksrv]
Number=672
Confirmed=X
Filename=SocksA.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_VB.CBW" target="_blank">VB.CBW</a> WORM!
Source=Paul Collins Startup list

[ASP.NET State Service]
Number=673
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderqi.html" target=_blank>DLOADER-QI</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
Source=Paul Collins Startup list

[ASP.NET State Service]
Number=674
Confirmed=X
Filename=crsass.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbanloadm.html" target=_blank>BANLOAD-M</a> TROJAN!
Source=Paul Collins Startup list

[ASP.NET State Service]
Number=675
Confirmed=X
Filename=servicos..exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdadobrai.html" target=_blank>DADOBRA-I</a> TROJAN!
Source=Paul Collins Startup list

[asp4tray]
Number=676
Confirmed=N
Filename=asp4tray.exe
Description=System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel
Source=Paul Collins Startup list

[AspireTimeMachine]
Number=677
Confirmed=Y
Filename=acertmb.exe
Description=System recovery software supplied with some Acer notebook PCs. Similar to GoBack and the restore program in WinXP, allowing you to restore a PC back to a working state with minimal re-entry
Source=Paul Collins Startup list

[asrupdate.exe]
Number=678
Confirmed=X
Filename=asrupdate.exe
Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan-Win32.VB.atz&threatid=90801" target="_blank">VB.ATZ</a> TROJAN!
Source=Paul Collins Startup list

[assistse]
Number=679
Confirmed=X
Filename=ASSISTSE.EXE
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=3721%20Chinese%20Keywords%20(CNSMin)&threatid=3678" target="_blank">CnsMin</a> (Chinese Keywords) hijacker related
Source=Paul Collins Startup list

[AST]
Number=680
Confirmed=X
Filename=AST
Description=Added by the TROJANDOWNLOADER.WIN32.VB.AH VIRUS!
Source=Paul Collins Startup list

[AST]
Number=681
Confirmed=X
Filename=AST
Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453068322" target=_blank>VB.AH</a> TROJAN!
Source=Paul Collins Startup list

[AST]
Number=682
Confirmed=X
Filename=AST.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453082809" target=_blank>AutoStarter</a> parasite

Source=Paul Collins Startup list

[ASTART]
Number=683
Confirmed=U
Filename=astart.exe
Description=ASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings
Source=Paul Collins Startup list

[AStart]
Number=684
Confirmed=X
Filename=AStart
Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453068322" target=_blank>VB.AH</a> TROJAN!
Source=Paul Collins Startup list

[asTray]
Number=685
Confirmed=N
Filename=Astray.exe
Description=Voyetra Audio Station - part of <a href="http://www.voyetra.com/site/default.asp" target="_blank">Voyetra's</a> Ultimate MP3 & CD Manager. MP3 and digital music jukebox/organizer
Source=Paul Collins Startup list

[Astro]
Number=686
Confirmed=N
Filename=Astro.exe
Description=Checks for updates to Quicken on a system reboot
Source=Paul Collins Startup list

[ASUS Live Update]
Number=687
Confirmed=N
Filename=ALU.exe
Description=ASUS Live Update utility for their motherboards
Source=Paul Collins Startup list

[ASUS Probe]
Number=688
Confirmed=N
Filename=AsusProb.exe
Description=ASUS video card fan/thermal monitor - only required if you overclock your card or live in a hot area
Source=Paul Collins Startup list

[ASUS SmartDoctor]
Number=689
Confirmed=U
Filename=VGAProbe.exe
Description=ASUS video card fan/thermal monitor
Source=Paul Collins Startup list

[ASUS TweakEnable]
Number=690
Confirmed=U
Filename=astart.exe
Description=Restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings
Source=Paul Collins Startup list

[ASUSKey]
Number=691
Confirmed=N
Filename=V38SHELL.EXE
Description=System tray Icon for quickly changing video modes
Source=Paul Collins Startup list

[asustweakenable]
Number=692
Confirmed=U
Filename=ATweak.exe
Description=Asus tweaking utility - for fine tuning the settings of your ASUS display card
Source=Paul Collins Startup list

[ASWDP]
Number=693
Confirmed=N
Filename=ASWDP.exe
Description=<a href="http://www.mlspulse.com/login.jsp" target="_blank">MLS Pulse</a> - real estate software. Keeps the home buyer/seller continually informed on the status of his/her local/regional real estate market
Source=Paul Collins Startup list

[ASWnk]
Number=694
Confirmed=X
Filename=aswnk.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[AT-Watch]
Number=695
Confirmed=U
Filename=ATWatch.exe
Description=Anti-Trojan Watch - trojan detector
Source=Paul Collins Startup list

[atapidrv]
Number=696
Confirmed=X
Filename=atapidrv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotsl.html" target=_blank>AGOBOT-SL</a> WORM!
Source=Paul Collins Startup list

[Athan]
Number=697
Confirmed=U
Filename=Athan.exe
Description=<a href="http://www.islamasoft.co.uk/products/athan/athansoftware.html" target=_blank>Athan</a> - an application that calculates and reminds the five daily Islamic prayer times for anywhere in the world
Source=Paul Collins Startup list

[ATI Active Graphics Card Monitor]
Number=698
Confirmed=X
Filename=atievx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ircbottl.html" target="_blank">IRCBOT-TL</a> WORM!
Source=Paul Collins Startup list

[ATI AS Filter]
Number=699
Confirmed=X
Filename=msnse.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotccy.html" target="_blank">RBOT-CCY</a> WORM! Note - modifies the HOSTS file by appending numerous lines, preventing access to the virus cleaning websites
Source=Paul Collins Startup list

[ATI CATALYST System Tray]
Number=700
Confirmed=N
Filename=CLI.exe SystemTray
Description=System Tray access to ATI's CATALYST™ CONTROL CENTER. Note that this has "SystemTray" appended to CLI.exe in the "Command" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktop
Source=Paul Collins Startup list

[ATI DeviceDetect]
Number=701
Confirmed=N
Filename=ATIDtct.EXE
Description=Utility meant for future use of the ATI TV WONDER USB 2.0 video driver and can be disabled
Source=Paul Collins Startup list

[ATI Display Driver]
Number=702
Confirmed=X
Filename=atixd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfov.html" target="_blank">RBOT-FOV</a> WORM!
Source=Paul Collins Startup list

[Ati Display Settings]
Number=703
Confirmed=X
Filename=atividx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgas.html" target="_blank">RBOT-GAS</a> WORM!
Source=Paul Collins Startup list

[ATI GART Set-up Utility]
Number=704
Confirmed=N
Filename=Atigart.exe
Description=Program that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldn't be needed
Source=Paul Collins Startup list

[ATI Launchpad]
Number=705
Confirmed=U
Filename=launchpd.exe
Description=Convenient way to start all your Multimedia Center applications (DVD, Video CD, CD Audio, File Player). You can right-click LaunchPad, and uncheck Load on Startup in the menu
Source=Paul Collins Startup list

[ATI Rage3d Pro]
Number=706
Confirmed=X
Filename=AtiRage4dPro.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotog.html" target=_blank>AGOBOT-OG</a> WORM!
Source=Paul Collins Startup list

[ATI Remote Control]
Number=707
Confirmed=Y
Filename=ATIRW.exe
Description=Driver for the <a href="http://www.ati.com/products/home-office.html" target=_blank>ATI REMOTE WONDER™</a> RF remote control for ATI's All-In-Wonder graphic cards and other products. Required if you use it
Source=Paul Collins Startup list

[ATI Remote Control]
Number=708
Confirmed=Y
Filename=ATIX10.exe
Description=ATI <a href="http://www.ati.com/products/pc/remotewonder/" target="_blank">Remote Wonder™</a> - PC wireless remote control driver. Required if you use it
Source=Paul Collins Startup list

[ATI Scheduler]
Number=709
Confirmed=N
Filename=Atisched.exe
Description=Component that remains resident in memory and automatically launches the ATI VIDEO PLAYER at a user selected time and date. Delete the shortcut in the Start -&gt; Programs -&gt; Startup folder as well. Functions could re-enable the program to load at start-up and re-introduce the shortcut. Try it and see
Source=Paul Collins Startup list

[ATI Task Application]
Number=710
Confirmed=N
Filename=Atitkad.exe
Description=System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
Source=Paul Collins Startup list

[ATI Task Application (Atikey)]
Number=711
Confirmed=N
Filename=Atitask.exe
Description=System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -&gt; Settings -&gt; Control Panel -&gt; Display
Source=Paul Collins Startup list

[ATI Technology Startup]
Number=712
Confirmed=X
Filename=techstart.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaeu.html" target=_blank>RBOT-AEU</a> WORM!
Source=Paul Collins Startup list

[ATI Video Driver Control]
Number=713
Confirmed=X
Filename=atigfx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfwl.html" target="_blank">RBOT-FWL</a> WORM!
Source=Paul Collins Startup list

[ATI VIDEO REGKEY]
Number=714
Confirmed=X
Filename=ati2vid.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.UR" target="_blank">SDBOT.UR</a> WORM!
Source=Paul Collins Startup list

[Ati2cwxx]
Number=715
Confirmed=?
Filename=Ati2cwxx.exe
Description=<font color="#FF0000">For some ATI video cards. Probably used to access features and may not be required - for example the ATI Radeon works fine without it&nbsp;</font>
Source=Paul Collins Startup list

[Ati2mdxx]
Number=716
Confirmed=U
Filename=Ati2mdxx.exe
Description=System Tray icon to access ATI graphics card settings and the Hydravision Desktop Manager
Source=Paul Collins Startup list

[ATICCC]
Number=717
Confirmed=N
Filename=cli.exe runtime
Description=ATI's CATALYST™ CONTROL CENTER. Required if you want to change graphics settings on a regular basis but you must have internet access and Microsoft's .NET framework installed. Note that this has "runtime" appended to cli.exe in the "Command" column of MSCONFIG. Recommend that start the program manually via Start -> Programs -> ATI Catalyst Control Center -> Advanced -> Restart Runtime as it can casue problems when starting Windows
Source=Paul Collins Startup list

[ATICCC]
Number=718
Confirmed=N
Filename=CLIStart.exe
Description=Puts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start -> Programs
Source=Paul Collins Startup list

[aticpaxx.exe]
Number=719
Confirmed=X
Filename=aticpaxx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxp.html" target= blank>RBOT-XP</a> WORM!
Source=Paul Collins Startup list

[AtiCwd]
Number=720
Confirmed=U
Filename=AtiCwd.exe
Description=This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
Source=Paul Collins Startup list

[AtiCwd]
Number=721
Confirmed=U
Filename=AtiCwd32.exe
Description=This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
Source=Paul Collins Startup list

[AtiCwd]
Number=722
Confirmed=U
Filename=Ati2cwad.exe
Description=This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
Source=Paul Collins Startup list

[AtiCwd32]
Number=723
Confirmed=U
Filename=AtiCwd.exe
Description=This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
Source=Paul Collins Startup list

[AtiCwd32]
Number=724
Confirmed=U
Filename=AtiCwd32.exe
Description=This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
Source=Paul Collins Startup list

[AtiCwd32]
Number=725
Confirmed=U
Filename=Ati2cwad.exe
Description=This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
Source=Paul Collins Startup list

[AtiDisplayDrv]
Number=726
Confirmed=X
Filename=atidrvxx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotvz.html" target= blank>RBOT-VZ</a> WORM!
Source=Paul Collins Startup list

[atidriver]
Number=727
Confirmed=X
Filename=reaIplayer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32warpigse.html" target=_blank>WARPIGS-E</a> WORM! Note the uppercase "I" in the filename, rather than a lower case "L"
Source=Paul Collins Startup list

[AtiKey]
Number=728
Confirmed=N
Filename=AtiKey32.exe
Description=System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
Source=Paul Collins Startup list

[AtiKey]
Number=729
Confirmed=?
Filename=atiptkad.exe
Description=System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
Source=Paul Collins Startup list

[Atikey]
Number=730
Confirmed=N
Filename=Atitask.exe
Description=System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
Source=Paul Collins Startup list

[ATIMACE]
Number=731
Confirmed=U
Filename=MACE.exe
Description=ATI Technologies Control Centre - installed alongside ATI graphics hardware and provides additional configuration options for these devices in the Managed Access to Catalyst Environment (MACE) component

Source=Paul Collins Startup list

[ATIModeChange]
Number=732
Confirmed=U
Filename=Ati2mdxx.exe
Description=System Tray icon to access ATI graphics card settings and the Hydravision Desktop Manager
Source=Paul Collins Startup list

[AtiPanel]
Number=733
Confirmed=X
Filename=atip.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.U</a> TROJAN!
Source=Paul Collins Startup list

[atipatxx]
Number=734
Confirmed=X
Filename=atipatxx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmalled.html" target=_blank>SMALL-ED</a> TROJAN!
Source=Paul Collins Startup list

[ATIPOLAB]
Number=735
Confirmed=U
Filename=ati2evxx.exe
Description=ATI External Event Utility EXE Module. This task can comsume lots of CPU resournces&nbsp; on some computers, but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources
Source=Paul Collins Startup list

[ATIPOLAB]
Number=736
Confirmed=U
Filename=ati2evae.exe
Description=ATI Polling Program - part of the ATI graphics driver e.g. on some Fujitsu-Siemens Notebooks
Source=Paul Collins Startup list

[ATIPOLL]
Number=737
Confirmed=U
Filename=ati2evxx.exe
Description=ATI External Event Utility EXE Module. This task can comsume lots of CPU resournces&nbsp; on some computers, but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources
Source=Paul Collins Startup list

[AtiPTA]
Number=738
Confirmed=U
Filename=Ati2ptxx.exe
Description=Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -&gt; Settings -&gt; Control Panel -&gt; Display. Some users may need it if they have optimised their settings
Source=Paul Collins Startup list

[AtiPTA]
Number=739
Confirmed=U
Filename=Atiptaxx.exe
Description=Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -&gt; Settings -&gt; Control Panel -&gt; Display. Some users may need it if they have optimised their settings
Source=Paul Collins Startup list

[AtiPTAAA]
Number=740
Confirmed=U
Filename=Ati2ptxx.exe
Description=Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -&gt; Settings -&gt; Control Panel -&gt; Display. Some users may need it if they have optimised their settings
Source=Paul Collins Startup list

[AtiPTAAA]
Number=741
Confirmed=U
Filename=Atiptaxx.exe
Description=Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -&gt; Settings -&gt; Control Panel -&gt; Display. Some users may need it if they have optimised their settings
Source=Paul Collins Startup list

[atiptaxx]
Number=742
Confirmed=U
Filename=Ati2ptxx.exe
Description=Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -&gt; Settings -&gt; Control Panel -&gt; Display. Some users may need it if they have optimised their settings
Source=Paul Collins Startup list

[atiptaxx]
Number=743
Confirmed=U
Filename=Atiptaxx.exe
Description=Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -&gt; Settings -&gt; Control Panel -&gt; Display. Some users may need it if they have optimised their settings
Source=Paul Collins Startup list

[atiptext]
Number=744
Confirmed=X
Filename=atiptext.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcosiama.html" target= blank>COSIAM-A</a> TROJAN!
Source=Paul Collins Startup list

[AtiQiPcl]
Number=745
Confirmed=U
Filename=AtiQiPcl.exe
Description=Used for hardware DVD decoding on ATI video cards supporting this feature. Not required unless you regularly play DVD's
Source=Paul Collins Startup list

[ATISmart]
Number=746
Confirmed=U
Filename=ati2s9ag.exe
Description=ATI's &quot;SMARTGART&quot;, which is included with the &quot;<a href="http://mirror.ati.com/products/pc/catalyst/index.html" target="_blank">Catalyst</a>&quot; drivers. When the system boots, it runs a couple of bus tests &amp; tries to apply the most stable settings
Source=Paul Collins Startup list

[AtiSound]
Number=747
Confirmed=U
Filename=csrss.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110711-5846-99" target="_blank">WinSpy</a> surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the "ComRoot" subfolder
Source=Paul Collins Startup list

[atisrc2]
Number=748
Confirmed=X
Filename=windfind.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojwindfinda.html" target=_blank>WINDFIND-A</a> TROJAN!

Source=Paul Collins Startup list

[ATITech]
Number=749
Confirmed=X
Filename=Active.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojroamera.html" target=_blank>ROAMER-A</a> TROJAN!
Source=Paul Collins Startup list

[atitray]
Number=750
Confirmed=U
Filename=atitray.exe
Description=ATI Tray Tools - allows quick access to ATI graphics card settings
Source=Paul Collins Startup list

[AtiTrayTools]
Number=751
Confirmed=U
Filename=atitray.exe
Description=ATI Tray Tools - allows quick access to ATI graphics card settings
Source=Paul Collins Startup list

[atiupdate]
Number=752
Confirmed=X
Filename=ATIUPDATE5.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS_DEBESKI.A" target="_blank">DEBESKI.A</a> TROJAN!
Source=Paul Collins Startup list

[atiupdate]
Number=753
Confirmed=X
Filename=msshed32.exe
Description=Added by the DELF.EP downloader TROJAN!
Source=Paul Collins Startup list

[ATIUpdater]
Number=754
Confirmed=X
Filename=atiupdxx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabx.html" target= blank>RBOT-ABX</a> WORM!
Source=Paul Collins Startup list

[Atiupdpl]
Number=755
Confirmed=X
Filename=atiupdpl.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.AOS" target="_blank">SMALL.AOS</a> TROJAN!
Source=Paul Collins Startup list

[ativopen]
Number=756
Confirmed=X
Filename=ativopen.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list

[ATIX10]
Number=757
Confirmed=Y
Filename=atix10.exe
Description=ATI <a href="http://www.ati.com/products/pc/remotewonder/" target="_blank">Remote Wonder™</a> - PC wireless remote control driver. Required if you use it
Source=Paul Collins Startup list

[Atl**.exe [* = random char]]
Number=758
Confirmed=X
Filename=Atl**.exe [* = random char]
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
Source=Paul Collins Startup list

[Atl**32.exe [* = random char]]
Number=759
Confirmed=X
Filename=Atl**32.exe [* = random char]
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
Source=Paul Collins Startup list

[ATM Control]
Number=760
Confirmed=X
Filename=adpn.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MMS.A&amp;VSect=T" target="_blank">MMS.A</a> WORM!
Source=Paul Collins Startup list

[ATnotes]
Number=761
Confirmed=N
Filename=atnotes.exe
Description=Loads the ATnotes program for virtual sticky notes for your desktop. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[Atomic Time Synchronizer]
Number=762
Confirmed=U
Filename=TimeSync.exe
Description=<a href="http://www.spdialer.com/timesync/" target="_blank">TimeSync</a> - lets you synchronize your computer's clock with any internet atomic clock
Source=Paul Collins Startup list

[Atomic-x27]
Number=763
Confirmed=X
Filename=Atomic-x27.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32katomika.html" target=_blank>KATOMIK-A</a> WORM!
Source=Paul Collins Startup list

[Atomic-x27C]
Number=764
Confirmed=X
Filename=AtomicpartC.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32katomika.html" target=_blank>KATOMIK-A</a> WORM!
Source=Paul Collins Startup list

[Atomic.exe]
Number=765
Confirmed=U
Filename=Atomic.exe
Description=<a href="http://www.worldtimeserver.com/atomic-clock/" target=_blank>Atomic Clock Sync</a> - synchronizes your computer's time with the NIST time server
Source=Paul Collins Startup list

[Atomica]
Number=766
Confirmed=N
Filename=atomica.exe
Description=<a href="http://www.atomica.com/" target="_blank">Atomica</a> runs from the System Tray and allows the user to find out more about a word or phrase on any screen by pointing at it with the mouse and clicking button one while holding down the Alt key
Source=Paul Collins Startup list

[AtomicTime]
Number=767
Confirmed=U
Filename=ATOMICTIME.EXE
Description=<a href="http://schmail.com/atomictime/" target="_blank">AtomicTime</a> - utility that synchronizes your PC clock to an atomic clock
Source=Paul Collins Startup list

[Atrack]
Number=768
Confirmed=U
Filename=atrack.exe
Description=New feature of Norton Internet Security (NIS) and Norton Personal Firewall (NPF) 3.0 is the Alert Tracker, an instant notification feature. The Alert Tracker displays information about events as they happen. This way, when a rule has been triggered or an access to the Internet made, you know about it immediately rather than finding out about it when you check your logs or notice that the NIS icon indicates a security alert
Source=Paul Collins Startup list

[Atray]
Number=769
Confirmed=U
Filename=Atray.exe
Description=<a href="http://www.activetray.com/" target="_blank">Active Tray</a> is a utility which lets you configure the system tray. You can also create your own tray icons
Source=Paul Collins Startup list

[ATSpooler]
Number=770
Confirmed=U
Filename=AppsTraka.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-062416-0348-99" target= blank>DeskTopScout</a> keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[ATTBroadbandUpdate]
Number=771
Confirmed=U
Filename=SAUpdate.exe
Description=<a href="http://bb4.com/" target="_blank">Big Brother</a> from Quest Software. System and network monitor
Source=Paul Collins Startup list

[ATTRedUpdate]
Number=772
Confirmed=U
Filename=AutoUpdate.exe
Description=Additional item added to start-ups after AT&amp;T took over the now bankrupt Excite@home high-speed internet service. Included for automatically downloading and installing updates. Leave it unless you plan to regularly run it to check for updates
Source=Paul Collins Startup list

[AttuneClientEngine]
Number=773
Confirmed=X
Filename=attune_ce.exe
Description=Spyware - part of an automated helpdesk software called Aveo Attune
Source=Paul Collins Startup list

[AttuneContentUpdater]
Number=774
Confirmed=X
Filename=attune_cu.exe
Description=Spyware - part of an automated helpdesk software called Aveo Attune
Source=Paul Collins Startup list

[AttuneDiscovery]
Number=775
Confirmed=X
Filename=attune_di.exe
Description=Spyware - part of an automated helpdesk software called Aveo Attune
Source=Paul Collins Startup list

[Attunel]
Number=776
Confirmed=X
Filename=Attunel.exe
Description=Spyware - part of an automated helpdesk software called Aveo Attune
Source=Paul Collins Startup list

[AttuneSystray]
Number=777
Confirmed=X
Filename=attune_st.exe
Description=Spyware - part of an automated helpdesk software called Aveo Attune
Source=Paul Collins Startup list

[aTuner]
Number=778
Confirmed=N
Filename=atuner.exe
Description=<a href="http://www.3dcenter.de/atuner/index_e.php" target="_blank">aTuner</a> - tweak tool for GeForce based graphics cards
Source=Paul Collins Startup list

[atwtusb]
Number=779
Confirmed=Y
Filename=atwtusb.exe
Description=USB interface for Aiptek Graphics Tablet (USB)
Source=Paul Collins Startup list

[AtxBrw]
Number=780
Confirmed=X
Filename=Iexplor.exe
Description="Pop Marketing" adware
Source=Paul Collins Startup list

[au]
Number=781
Confirmed=U
Filename=DealioAu.exe
Description=<a href="http://www.dealio.com/toolbar/index.html" target="_blank">Dealio Toolbar</a> is a free shopping comparison toolbar that allows users to search for a wide range of consumer products
Source=Paul Collins Startup list

[AU Agent]
Number=782
Confirmed=U
Filename=AUagent.exe
Description=<a href="http://www.zilab.com/Products/Au/index_2.shtml" target="_blank">Au Agent</a> from Zilab Software. Win2K/NT enhancement tool. Allows you to run applications under any security context without closing the whole logon session to process a new logon
Source=Paul Collins Startup list

[au.exe]
Number=783
Confirmed=X
Filename=au.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-021713-3625-99" target="_blank">BEAGLE.B</a> WORM!
Source=Paul Collins Startup list

[AUCBPNP]
Number=784
Confirmed=Y
Filename=aucbnpn.exe
Description=Adaptec USB CardBus Safe-Eject - driver for the Adaptec USB 2.0 CardBus which provides USB 2.0 ports for laptop users via a PCMCIA card slot
Source=Paul Collins Startup list

[Aucompat]
Number=785
Confirmed=X
Filename=Aucompat.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list

[Audcntr]
Number=786
Confirmed=X
Filename=audcntr.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=40574" target=_blank>GEMA</a> TROJAN!
Source=Paul Collins Startup list

[AudCtrl]
Number=787
Confirmed=?
Filename=RunDll32 AudCtrl.dll, RCMonitor
Description=<font color="#FF0000">Audio control panel?</font>
Source=Paul Collins Startup list

[audi32]
Number=788
Confirmed=X
Filename=audi32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojranckfl.html" target="_blank">RANCK-FL</a> TROJAN!
Source=Paul Collins Startup list

[AUDIO]
Number=789
Confirmed=X
Filename=SOUND.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/dialployba.html" target=_blank>PLOYB-A</a> TROJAN!
Source=Paul Collins Startup list

[audiocfg.exe]
Number=790
Confirmed=X
Filename=audiocfg.exe
Description=Added by the VB.ATE WORM!
Source=Paul Collins Startup list

[Audiocntl]
Number=791
Confirmed=X
Filename=audiocntl.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list

[AudioDeck]
Number=792
Confirmed=N
Filename=ADeck.exe
Description=ADeck.exe is a system tray application for VIA's sound cards which offers quick access to a number of sound card related items
Source=Paul Collins Startup list

[Audiodrv]
Number=793
Confirmed=X
Filename=audiodrv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target= blank>CRYPTER-C</a> TROJAN!
Source=Paul Collins Startup list

[AudioDrvEmulator]
Number=794
Confirmed=U
Filename=DLLML.exe AudDrvEm.dll
Description=Related to <a href="http://www.creative.com/" target=_blank>Creative</a> DLL Module Loader for the Sound Blaster X-Fi (and maybe others). This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems
Source=Paul Collins Startup list

[AudioHQ]
Number=795
Confirmed=N
Filename=Ahqtb.exe
Description=For Creative Soundblaster Live! series soundcards. System tray application for SB Live! functions. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[AudioHQU]
Number=796
Confirmed=N
Filename=AHQTBU.EXE
Description=System Tray application installed with the drivers for Creative Labs SoundBlaster Live! Can be run from Start -> Programs

Source=Paul Collins Startup list

[audioinf]
Number=797
Confirmed=X
Filename=audioinf.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list

[auloadplx]
Number=798
Confirmed=X
Filename=mplprogsm.exe
Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan-Proxy.Win32.Slaper.k&threatid=102648" target="_blank">SLAPER.K</a> TROJAN!
Source=Paul Collins Startup list

[AUNPS2]
Number=799
Confirmed=X
Filename=RUNDLL32 AUNPS2.DLL, _Run@16
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062019-0029-99" target="_blank">AUNPS</a> adware
Source=Paul Collins Startup list

[aupd]
Number=800
Confirmed=X
Filename=symcsvc.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-072614-3940-99" target=_blank>ABWIZ.D</a> TROJAN!
Source=Paul Collins Startup list

[aupd]
Number=801
Confirmed=X
Filename=sysvcs.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-072216-2140-99" target=_blank>ABWIZ.C</a> TROJAN!
Source=Paul Collins Startup list

[aupd]
Number=802
Confirmed=X
Filename=sywsvcs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojorsem.html" target=_blank>ORSE-M</a> TROJAN!
Source=Paul Collins Startup list

[Aureal A3D Interactive Audio]
Number=803
Confirmed=Y
Filename=sa3dsrv.exe
Description=For Aureal based 3D soundcards. A3D sound features won't work with this disabled
Source=Paul Collins Startup list

[Aureal A3D Interactive Audio Init]
Number=804
Confirmed=Y
Filename=A3dInit.exe
Description=For Aureal based 3D soundcards. A3D sound features won't work with this disabled
Source=Paul Collins Startup list

[ausvc]
Number=805
Confirmed=X
Filename=ausvc.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-042320-3206-99" target="_blank">AUTOUPDER</a> TROJAN!
Source=Paul Collins Startup list

[Auth Starter Ident]
Number=806
Confirmed=X
Filename=startauth.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotwp.html" target= blank>RBOT-WP</a> WORM!
Source=Paul Collins Startup list

[authz]
Number=807
Confirmed=X
Filename=authz.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[Auto CD-ROM Startup]
Number=808
Confirmed=X
Filename=cdaccess.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.BLA&VSect=P" target=_blank>SPYBOT.BLA</a> WORM!
Source=Paul Collins Startup list

[Auto EPSON Stylus CX6400 on DDLS1Z11]
Number=809
Confirmed=U
Filename=E_S4I2L1.EXE
Description=Related to Epson Stylus CX6400 Series printer

Source=Paul Collins Startup list

[auto repair system]
Number=810
Confirmed=X
Filename=qualityx.exe
Description=Added by an unidentified WORM or TROJAN - probably a <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> variant
Source=Paul Collins Startup list

[Auto Switch]
Number=811
Confirmed=U
Filename=TASKBAR.exe
Description=Related to 2-port Bitronics AutoSwitch kit from Belkin
Source=Paul Collins Startup list

[Auto T Bar]
Number=812
Confirmed=N
Filename=autotbar.exe
Description=If you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabled
Source=Paul Collins Startup list

[Auto Updat]
Number=813
Confirmed=X
Filename=WindowsSys32.exe
Description=Added by a variant of the <a href="http://sophos.com.au/virusinfo/analyses/w32forbotgen.html" target=_blank>FORBOT</a> WORM!
Source=Paul Collins Startup list

[Auto updat]
Number=814
Confirmed=X
Filename=crcss.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AAG&VSect=T" target=_blank>SDBOT.AAG</a> WORM!
Source=Paul Collins Startup list

[Auto Update]
Number=815
Confirmed=X
Filename=AUP.exe
Description=Added by an unididentified WORM or TROJAN!
Source=Paul Collins Startup list

[Auto Update]
Number=816
Confirmed=X
Filename=dma.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotavo.html" target=_blank>RBOT-AVO</a> WORM!
Source=Paul Collins Startup list

[Auto Update]
Number=817
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdumardla.html" target=_blank>DUMARDI-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[Auto Updates]
Number=818
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcheukoa.html" target=_blank>CHEUKO-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[Auto WinUpdate]
Number=819
Confirmed=X
Filename=taskmrg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafa.html" target=_blank>RBOT-AFA</a> WORM!
Source=Paul Collins Startup list

[Autobar]
Number=820
Confirmed=U
Filename=autobar.exe
Description=Connect buttons on the keyboard for internet direct access, etc. on HP computers
Source=Paul Collins Startup list

[AutoCAD Startup Accelerator]
Number=821
Confirmed=U
Filename=acstart16.exe
Description=Preloads some libraries that are used by <a href="http://usa.autodesk.com/adsk/servlet/index?siteID=123112&id=5127213" target=_blank>AutoCAD</a> in order to make the software load faster
Source=Paul Collins Startup list

[autoclk]
Number=822
Confirmed=U
Filename=autoclk.exe
Description=<a href="http://autoclik.8m.com/" target=_blank>Autoclik</a> is a Windows utility "that allows you to perform all mouse activity with absolutely no clicking"
Source=Paul Collins Startup list

[AutoEA]
Number=823
Confirmed=N
Filename=Ahqrun.exe
Description=For Creative Soundblaster Live! series soundcards. Specify for any audio application what audio preset to automatically associate with currently active speaker output. Available via AudioHQ
Source=Paul Collins Startup list

[AUTOEXE]
Number=824
Confirmed=X
Filename=AUTOEXE.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32semapia.html" target= blank>SEMAPI-A</a> WORM!
Source=Paul Collins Startup list

[Autoloaderaproposclient]
Number=825
Confirmed=X
Filename=Apropos_Client_Loader.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=AproposMedia&threatid=14978" target="_blank">AproposMedia</a> adware
Source=Paul Collins Startup list

[Autoloaderaproposclient]
Number=826
Confirmed=X
Filename=cxtpls_loader.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=AproposMedia&threatid=14978" target="_blank">AproposMedia</a> adware
Source=Paul Collins Startup list

[AutoLoaderEnvoloAutoUpdater]
Number=827
Confirmed=X
Filename=auto_update_loader.exe
Description=<a href="http://www.securemost.com/articles/trou_3_remove_aproposmedia.htm" target=_blank>Envolo/AproposMedia</a> adware updater
Source=Paul Collins Startup list

[AutoMate Task Service ]
Number=828
Confirmed=N
Filename=automate.exe
Description=Task scheduler for <a href="http://www.unisyn.com/" target="_blank">Unisyn Automate 4</a> task automation/macro running software. Available via a desktop shortcut or Start -&gt; Programs
Source=Paul Collins Startup list

[AutoMate5]
Number=829
Confirmed=U
Filename=Am5HkWnd.exe
Description="<a href="http://www.networkautomation.com/automate/index.htm" target="_blank">Automate</a> is the Leading Software for Automation of front and back-office business processes.It provides all the tools necessary to completely automate business processes, regardless of their complexity"
Source=Paul Collins Startup list

[Automatic Defrag Manager]
Number=830
Confirmed=X
Filename=defrag.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotake.html" target=_blank>RBOT-AKE</a> WORM!
Source=Paul Collins Startup list

[Automatic Microsoft Windows Updater]
Number=831
Confirmed=X
Filename=suchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rboteq.html" target=_blank>RBOT-EQ</a> WORM!

Source=Paul Collins Startup list

[Automatic Windows Updater]
Number=832
Confirmed=X
Filename=Update.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
Source=Paul Collins Startup list

[Automatically launches the United Devices Agent when you start your computer]
Number=833
Confirmed=N
Filename=UD.EXE
Description=The United Devices Agent can recycle your PC's unused resources and use them to perform valuable scientific and medical research without disturbing your usual computer use - similar to SETI@home but for medical research. Available via Start > Programs
Source=Paul Collins Startup list

[Autopdate]
Number=834
Confirmed=X
Filename=Autopdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagl.html" target=_blank>RBOT-AGL</a> WORM!
Source=Paul Collins Startup list

[AUTOPROP]
Number=835
Confirmed=N
Filename=REGPROP.EXE WMPADDIN.DLL
Description=Both the files are in the MS Office/Bots/FP_WMP directory. Apparently, it registers the FrontPage WiMP extension
Source=Paul Collins Startup list

[AUTOPROTECTU]
Number=836
Confirmed=X
Filename=navapq32.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[autorepair]
Number=837
Confirmed=X
Filename=dexs.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Autoroute SMTP]
Number=838
Confirmed=U
Filename=AutoSmtp.exe
Description=<a href="http://www.mailutilities.com/ars/" target="_blank">Autoroute SMTP</a> - "automatic switching between SMTP servers depending on what network you are currently working in." You need to have two Internet service providers
Source=Paul Collins Startup list

[autorun]
Number=839
Confirmed=X
Filename=autorun.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/vbsautomb.html" target="_blank">AUTOM-B</a> WORM!
Source=Paul Collins Startup list

[AutoShutdown]
Number=840
Confirmed=?
Filename=pssvc.exe
Description=<font color="#FF0000">Utility to fix vCard Export in MS Outlook 2000 - although why are these together?</font>
Source=Paul Collins Startup list

[AutoSizer]
Number=841
Confirmed=U
Filename=AUTOSIZER.EXE
Description=<a href="http://www.southbaypc.com/AutoSizer/" target="_blank">AutoSizer</a> - utility that automatically maximizes windows when they're opened
Source=Paul Collins Startup list

[AutoSpell]
Number=842
Confirmed=N
Filename=autospel.exe
Description=<a href="http://www.spellchecker.com/" target="_blank">AutoSpell</a> - spell checker (version 6.*)
Source=Paul Collins Startup list

[AutoSpell 5]
Number=843
Confirmed=N
Filename=ASWATC32.EXE
Description=<a href="http://www.spellchecker.com/" target="_blank">AutoSpell</a> - spell checker
Source=Paul Collins Startup list

[AutoSys]
Number=844
Confirmed=U
Filename=autosys.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Winguardian&threatid=40587" target="_blank">Winguardian</a> surveillance software. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list

[autotbar]
Number=845
Confirmed=N
Filename=autotbar.exe
Description=If you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabled
Source=Paul Collins Startup list

[AutoTKit]
Number=846
Confirmed=N
Filename=AUTOTKIT.EXE
Description=On HP PC's. Unclear what purpose it serves - but there's a known issue with Internet Explorer Toolbar settings not being saved with it enabled
Source=Paul Collins Startup list

[autoupd]
Number=847
Confirmed=N
Filename=autoupd.exe
Description=<a href="http://www.raxco.com/support/windows/kb_details.cfm?kbid=46" target="_blank">Raxco Software Auto Update</a> utility.&quot;Used to keep your software up-to-date&quot;
Source=Paul Collins Startup list

[autoupd]
Number=848
Confirmed=X
Filename=autoupd.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! - found in a folder of the same name
Source=Paul Collins Startup list

[autoupdate]
Number=849
Confirmed=X
Filename=WINUP2DATE.DLL, SHStart
Description=Unidentified adware - detected by <a href="http://www.pandasoftware.com/" target="_blank">Panda</a> antivirus as the CLICKER.CY TROJAN!
Source=Paul Collins Startup list

[autoupdate]
Number=850
Confirmed=X
Filename=rundll32 [path] DATADX.DLL, SHStart
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=43264" target=_blank>QOOLOGIC</a> TROJAN!
Source=Paul Collins Startup list

[autoupdate]
Number=851
Confirmed=X
Filename=rundll32 [path] SUPDATE.DLL, SHStart
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=43264" target="_blank">QOOLOGIC</a> TROJAN!
Source=Paul Collins Startup list

[Autoupdate Service]
Number=852
Confirmed=X
Filename=kaka.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsympeb.html" target=_blank>SYMPE-B</a> TROJAN!
Source=Paul Collins Startup list

[AutoUpdater]
Number=853
Confirmed=X
Filename=aupdate.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=TinyBar&threatid=13064&search=Tinybar" target="_blank">Tinybar</a> variant
Source=Paul Collins Startup list

[AutoUpdater]
Number=854
Confirmed=X
Filename=AutoUpdate.exe
Description=<a href="http://www.pchell.com/support/peopleonpage.shtml" target="_blank">PeopleonPage</a> foistware
Source=Paul Collins Startup list

[autoupdatev2]
Number=855
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdropperbm.html" target=_blank>DROPPER-BM</a> TROJAN!
Source=Paul Collins Startup list

[autoupdatev2]
Number=856
Confirmed=X
Filename=autoupdatev2.exe
Description=Recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Clicker.Win32.Agent.fq
Source=Paul Collins Startup list

[AutoVirusProtection]
Number=857
Confirmed=X
Filename=ciscv.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[auto__antiav__key]
Number=858
Confirmed=X
Filename=antiav_exe.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbagledlaa.html" target=_blank>BAGLEDI-AA</a> TROJAN!
Source=Paul Collins Startup list

[auto__hloader__key]
Number=859
Confirmed=X
Filename=hloader_exe.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BAGLE.AB&VSect=P" target=_blank>BAGLE.AB</a> TROJAN!
Source=Paul Collins Startup list

[aux.exe]
Number=860
Confirmed=X
Filename=aux.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-010115-5424-99" target=_blank>ZINS</a> TROJAN!
Source=Paul Collins Startup list

[auxAudioDevice]
Number=861
Confirmed=X
Filename=aux32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091017-5519-99" target="_blank">AIZU</a> WORM!
Source=Paul Collins Startup list

[AUXXTRAY]
Number=862
Confirmed=N
Filename=au30setp.exe
Description=System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -&gt; Settings -&gt; Control Panel
Source=Paul Collins Startup list

[AV]
Number=863
Confirmed=X
Filename=UPDATE-28062004.exe[25 blank spaces].vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110809-1153-99" target=_blank>MIDFIN</a> WORM!
Source=Paul Collins Startup list

[AV Client]
Number=864
Confirmed=X
Filename=patch31345.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100413-3115-99" target=_blank>MYDOOM.AD</a> WORM!
Source=Paul Collins Startup list

[AV Industry]
Number=865
Confirmed=X
Filename=patch31345.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100413-3115-99" target=_blank>MYDOOM.AD</a> WORM!
Source=Paul Collins Startup list

[AV UpDate]
Number=866
Confirmed=X
Filename=Update.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfuroota.html" target= blank>FUROOT-A</a> TROJAN!
Source=Paul Collins Startup list

[AvaFind]
Number=867
Confirmed=N
Filename=AvaFind.exe
Description=<a href="http://www.think-less-do-more.com/avafind/" target="_blank">AvaFind</a> file search utility
Source=Paul Collins Startup list

[AVantivirus]
Number=868
Confirmed=X
Filename=Avconsol.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32msnvbd.html" target="_blank">MSNVB-D</a> WORM!
Source=Paul Collins Startup list

[Avast!]
Number=869
Confirmed=Y
Filename=ashserv.exe
Description=Part of <a href="http://www.avast.com/" target="_blank">Avast!</a> anti-virus software
Source=Paul Collins Startup list

[avast!]
Number=870
Confirmed=Y
Filename=ashDisp.exe
Description=Part of <a href="http://www.avast.com/" target="_blank">Avast!</a> anti-virus software
Source=Paul Collins Startup list

[avast! Web Scanner]
Number=871
Confirmed=Y
Filename=Ashwebsv.exe
Description=Part of <a href="http://www.avast.com/" target="_blank">Avast!</a> anti-virus software
Source=Paul Collins Startup list

[Avast32]
Number=872
Confirmed=Y
Filename=Astart32.exe
Description=Part of <a href="http://www.avast.com/" target="_blank">Avast!</a> anti-virus software
Source=Paul Collins Startup list

[avc]
Number=873
Confirmed=X
Filename=avmon.exe
Description=Added by an unidentified TROJAN!
Source=Paul Collins Startup list

[AvconsoleEXE]
Number=874
Confirmed=U
Filename=Avconsol.exe
Description=From McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Used to schedule regular scans. If you don't have scans scheduled you don't need it
Source=Paul Collins Startup list

[AveoAttune]
Number=875
Confirmed=X
Filename=atmdlusr.exe
Description=Spyware - part of an automated helpdesk software
Source=Paul Collins Startup list

[AVFX Engine]
Number=876
Confirmed=U
Filename=StartFX.exe
Description=<a href="http://www.creative.com/products/webcams/avfx/" target="_blank">Advanced Video FX</a> - supported by a number of Creative Web Cameras. "Have more fun by adding a wide range of special effects and backgrounds to your video chat with Advanced Video FX"
Source=Paul Collins Startup list

[AvG]
Number=877
Confirmed=X
Filename=svchost323.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotza.html" target= blank>RBOT-ZA</a> WORM!
Source=Paul Collins Startup list

[AVG Anti-Virus system]
Number=878
Confirmed=Y
Filename=avgcc.exe
Description=<a href="http://www.grisoft.com/" target="_blank">AVG</a> Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates
Source=Paul Collins Startup list

[Avg Antivirus]
Number=879
Confirmed=X
Filename=icpldrvx.exe
Description=Added by the <a href="http://www.quickheal.co.in/public/alerts/banker_byu.asp" target="_blank">BANKER.BYU</a> TROJAN!
Source=Paul Collins Startup list

[AVG Grisoft Updater]
Number=880
Confirmed=X
Filename=updater.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotot.html" target=_blank>AGOBOT-OT</a> WORM!
Source=Paul Collins Startup list

[AVG7_AMSVR]
Number=881
Confirmed=Y
Filename=Avgamsvr.exe
Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> antivirus related
Source=Paul Collins Startup list

[AVG7_CC]
Number=882
Confirmed=Y
Filename=AVGCC.exe
Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates
Source=Paul Collins Startup list

[AVG7_CC]
Number=883
Confirmed=Y
Filename=avgcc.exe
Description=<a href="http://www.grisoft.com/" target="_blank">AVG</a> Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates
Source=Paul Collins Startup list

[AVG7_EMC]
Number=884
Confirmed=Y
Filename=AVGEMC.exe
Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses
Source=Paul Collins Startup list

[AVG7_Run]
Number=885
Confirmed=Y
Filename=avgw.exe
Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> Anti-Virus 7.0 related
Source=Paul Collins Startup list

[avgamsvr.exe]
Number=886
Confirmed=Y
Filename=Avgamsvr.exe
Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> antivirus related
Source=Paul Collins Startup list

[avgcc32]
Number=887
Confirmed=Y
Filename=avgcc32.exe
Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> anti-virus control center. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates
Source=Paul Collins Startup list

[AVGCtrl]
Number=888
Confirmed=Y
Filename=AVGCtrl.exe
Description=Part of <a href="http://www.free-av.com/" target=_blank>AntiVir® PersonalEdition Classic</a> antivirus
Source=Paul Collins Startup list

[avgfwsrv]
Number=889
Confirmed=Y
Filename=AVGFWSRV.EXE
Description=Firewall part of the <a href="http://www.grisoft.com/doc/31/us/crp/4?prd=afw" target="_blank">AVG Plus Firewall Edition</a>
Source=Paul Collins Startup list

[avgmsvr.exe]
Number=890
Confirmed=Y
Filename=avgmsvr.exe
Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> Anti-Virus 7.0 related
Source=Paul Collins Startup list

[AVGnt]
Number=891
Confirmed=Y
Filename=AVGnt.exe
Description=<a href="http://www.free-av.com/" target=_blank>AntiVir® PersonalEdition Classic</a> antivirus. System Tray icon and control program

Source=Paul Collins Startup list

[Avgserv9.exe]
Number=892
Confirmed=Y
Filename=Avgserv9.exe
Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> antivirus background monitoring
Source=Paul Collins Startup list

[AVGuard]
Number=893
Confirmed=Y
Filename=AVGuard.exe
Description=<a href="http://www.free-av.com/" target=_blank>AntiVir® PersonalEdition Classic</a> antivirus. Background task which scans files transparently

Source=Paul Collins Startup list

[AVG_CC]
Number=894
Confirmed=Y
Filename=avgcc32.exe
Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> anti-virus control center. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates
Source=Paul Collins Startup list

[AVG_EMC]
Number=895
Confirmed=Y
Filename=AVGEMC.exe
Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses
Source=Paul Collins Startup list

[AVG_RegCleaner]
Number=896
Confirmed=Y
Filename=AVGREGCL.exe
Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> Anti-Virus 7.0 Registry Cleaner - for checking the registry for virus additions and other security problems
Source=Paul Collins Startup list

[avidrv]
Number=897
Confirmed=X
Filename=drvsc.exe
Description=Recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan-Downloader.Win32.Agent.ph
Source=Paul Collins Startup list

[Avimgt]
Number=898
Confirmed=X
Filename=Avimgt.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list

[Avimgt32]
Number=899
Confirmed=X
Filename=Avimgt32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list

[avinit]
Number=900
Confirmed=Y
Filename=AVINIT9X.EXE
Description=<a href="http://www.authentium.com/command/" target="_blank">Command Antivirus</a> related
Source=Paul Collins Startup list

[AVK Mail Checker]
Number=901
Confirmed=Y
Filename=AVKPop.exe
Description=<a href="http://www.boomerangsoftware.com/Products/AntiVirus/AVKProInfo.htm" target=_blank>eXtendia</a> AVK AntiVirus email checker 
Source=Paul Collins Startup list

[AVKBar]
Number=902
Confirmed=Y
Filename=AVKBar.exe
Description=GData <a href="http://www.gdata.de/trade/productview/488/16/" target=_blank>AntiVirusKit</a> Anti-virus
Source=Paul Collins Startup list

[AvMaiSrv]
Number=903
Confirmed=Y
Filename=Avmaisrv.exe
Description=Part of <a href="http://www.avast.com/" target="_blank">Avast!</a> anti-virus software - E-mail scanner
Source=Paul Collins Startup list

[avnort]
Number=904
Confirmed=X
Filename=formatsys.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030709-3841-99" target=_blank>SERFLOG.A</a> WORM!
Source=Paul Collins Startup list

[avnort]
Number=905
Confirmed=X
Filename=msmbw.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030709-3841-99" target=_blank>SERFLOG.A</a> WORM!
Source=Paul Collins Startup list

[avnort]
Number=906
Confirmed=X
Filename=serbw.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030709-3841-99" target=_blank>SERFLOG.A</a> WORM!
Source=Paul Collins Startup list

[avp]
Number=907
Confirmed=Y
Filename=avp.exe
Description=AOL's <a href="http://www.securitycadets.com/2006/08/aols-active-virus-shield-in-a-nutshell/" target="_blank">Active Virus Shield</a>
Source=Paul Collins Startup list

[AVP]
Number=908
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmutboa.html" target=_blank>MUTBO-A</a> TROJAN!
Source=Paul Collins Startup list

[AVP-SE]
Number=909
Confirmed=X
Filename=avp-32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.FS" target="_blank">AGOBOT.FS</a> WORM!
Source=Paul Collins Startup list

[avpcc]
Number=910
Confirmed=Y
Filename=avpcc.exe
Description=<a href="http://www.kaspersky.com/" target="_blank">Kaspersky Labs</a> anti-virus
Source=Paul Collins Startup list

[avpm]
Number=911
Confirmed=Y
Filename=avpm.exe
Description=<a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> anti-virus
Source=Paul Collins Startup list

[Avpr]
Number=912
Confirmed=X
Filename=avpr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-101709-2151-99" target=_blank>MYDOOM.AF</a> WORM!
Source=Paul Collins Startup list

[avptask]
Number=913
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojnofereg.html" target="_blank">NOFERE-G</a> TROJAN!
Source=Paul Collins Startup list

[avptask]
Number=914
Confirmed=X
Filename=expl0rer.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.JJO" target="_blank">AGENT.JJO</a> TROJAN!
Source=Paul Collins Startup list

[Avptask]
Number=915
Confirmed=X
Filename=rund1132.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.PKZ" target="_blank">AGENT.PKZ</a> TROJAN!
Source=Paul Collins Startup list

[Avril Lavigne - Muse]
Number=916
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32avrila.html" target="_blank">AVRIL-A</a> WORM!
Source=Paul Collins Startup list

[AVSCHED32]
Number=917
Confirmed=Y
Filename=AVSched32.exe
Description=<a href="http://www.free-av.com/" target=_blank>AntiVir® PersonalEdition Classic</a> - antivirus

Source=Paul Collins Startup list

[AVSchedScan]
Number=918
Confirmed=Y
Filename=SCHSC9X.EXE
Description=<a href="http://www.authentium.com/command/" target="_blank">Command Antivirus</a> related
Source=Paul Collins Startup list

[AvSer]
Number=919
Confirmed=X
Filename=dsm.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030723-2605-99" target=_blank>SERFLOG.B</a> WORM!
Source=Paul Collins Startup list

[AvSer]
Number=920
Confirmed=X
Filename=msmpatch.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030723-2605-99" target=_blank>SERFLOG.B</a> WORM!
Source=Paul Collins Startup list

[AvSer]
Number=921
Confirmed=X
Filename=svosm.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030723-2605-99" target=_blank>SERFLOG.B</a> WORM!
Source=Paul Collins Startup list

[AvSer]
Number=922
Confirmed=X
Filename=sysup.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030723-2605-99" target=_blank>SERFLOG.B</a> WORM!
Source=Paul Collins Startup list

[avserve.exe]
Number=923
Confirmed=X
Filename=avserve.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-050116-1831-99" target="_blank">SASSER</a> WORM!
Source=Paul Collins Startup list

[avserve2.exe]
Number=924
Confirmed=X
Filename=avserve2.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-050114-1001-99" target="_blank">SASSER.B</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-050216-3656-99" target="_blank">SASSER.C</a> WORMS!
Source=Paul Collins Startup list

[avserve3.exe]
Number=925
Confirmed=X
Filename=avserve3.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-082413-3637-99" target="_blank">SASSER.G</a> WORM!
Source=Paul Collins Startup list

[AVStation premium]
Number=926
Confirmed=U
Filename=AVStation agent.exe
Description=Related to <a href="http://www.samsung.com/in/products/notepc/notepc/leaflets/X20.pdf" target=_blank>Samsung AV Station</a> - instant playback of music, photos, videos
Source=Paul Collins Startup list

[Avtray]
Number=927
Confirmed=N
Filename=Avtray.exe
Description=<a href="http://www.authentium.com/command/" target="_blank">Command Antivirus</a> tray icon
Source=Paul Collins Startup list

[AVWLPSTA]
Number=928
Confirmed=?
Filename=AVWLPSTA.exe
Description=PRISM Status Tray Applet - <font color="#FF0000">but what is it for and is it required?</font>
Source=Paul Collins Startup list

[AVWUpd32]
Number=929
Confirmed=Y
Filename=AVWUPD32.EXE
Description=<a href="http://www.free-av.com/" target=_blank>AntiVir® PersonalEdition Classic</a> - updater

Source=Paul Collins Startup list

[avx communicator]
Number=930
Confirmed=Y
Filename=xcommsur.exe
Description=Anti-virus part of <a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> virus scanner/firewall
Source=Paul Collins Startup list

[Avxlive]
Number=931
Confirmed=Y
Filename=avxlive.exe
Description=<a href="http://www.bullguard.com/" target="_blank">Bullguard</a> or <a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> antivirus
Source=Paul Collins Startup list

[avxlni]
Number=932
Confirmed=Y
Filename=avxinit.exe
Description=Anti-virus part of <a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> virus scanner/firewall
Source=Paul Collins Startup list

[Avxnews]
Number=933
Confirmed=?
Filename=??
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Awatch]
Number=934
Confirmed=U
Filename=Awatch.exe
Description=Diagnosis tool that monitors DSL connections, installed alongside DSL drivers from AVM Fritz's range of modem products
Source=Paul Collins Startup list

[AwaySch]
Number=935
Confirmed=U
Filename=AwaySch.EXE
Description=Part of the IBM <a href="http://www.pc.ibm.com/us/think/thinkvantagetech/productivity_ctr.html" target="_blank">ThinkVantage Productivity Center</a>. "The Away Manager application allows you preselect and run routine tasks to maintain your system's performance"
Source=Paul Collins Startup list

[awhost32]
Number=936
Confirmed=N
Filename=awhost32.exe
Description=Part of Symantec's <a href="http://www.symantec.com/home_homeoffice/products/overview.jsp?pcid=pf&pvid=pca12" target="_blank">pcAnywhere</a> remote PC management software. Provides an automatic startup of the client PC in host mode in conjuction with a host-definition file, so system administrators can access the machine. Can cause a 10% reduction in speed and not recommended
Source=Paul Collins Startup list

[AWMON]
Number=937
Confirmed=U
Filename=Ad-Watch.exe
Description=Part of Lavasoft <a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-aware Plus</a> - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system
Source=Paul Collins Startup list

[AWMON]
Number=938
Confirmed=U
Filename=Ad-Monitor.exe
Description=<a href="http://www.f-secure.com/" target="_blank">F-Secure</a> Anti-Spyware
Source=Paul Collins Startup list

[AWUSGSTA]
Number=939
Confirmed=?
Filename=AWUSGSTA.exe
Description=Reportedly related to a USB Wifi Adapter - <font color="#FF0000">is it required at startup?</font>

Source=Paul Collins Startup list

[awxDTools]
Number=940
Confirmed=U
Filename=awxDTools.dll, awxRegisterDll
Description=<a href="http://www.hbreitner.de/awxdtools/" target= blank>AwxDTools</a> related - a Windows Shell-Extension for the Daemon-Tools. It extends the context-menu of ImageFiles supported by Daemon-Tools (i.e.: *.cue, *.iso, *.ccd ...)
Source=Paul Collins Startup list

[AxFilter]
Number=941
Confirmed=?
Filename=Rundll32 AXFILTER.DLL, Rundll32
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[AXVenore]
Number=942
Confirmed=X
Filename=AXVenore.exe
Description=<a href="http://fileinfo.prevx.com/QQb33919476991-AXVE15381588/AXVENORE.EXE.html" target=_blank>Identified</a> as a TROJAN!

Source=Paul Collins Startup list

[AzMixerSel]
Number=943
Confirmed=U
Filename=AzMixerSel.exe
Description=Related to <a href="http://www.realtek.com.tw/" target="_blank">Realtek_Azalia</a> Mixer Selector
Source=Paul Collins Startup list

[azmodem]
Number=944
Confirmed=Y
Filename=azexe.exe
Description=<a href="http://www.aztech.com/" target=_blank>Aztech Labs</a> modem driver
Source=Paul Collins Startup list

[a_vpd]
Number=945
Confirmed=?
Filename=vpd.exe
Description=Located in the IBMTOOLS\VPD sub-directory. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[a˛]
Number=946
Confirmed=U
Filename=a2guard.exe
Description=<a href="http://www.emsisoft.com/en/" target=_blank>a-Squared</a> antitrojan - can be run on demand but necessary in Startup if you prefer the a˛ 'Background Guard' real time protection feature
Source=Paul Collins Startup list

[B'sCLiP]
Number=947
Confirmed=N
Filename=BSCLIP.exe
Description=CD recording utility that comes with a lot of CDR/CDRW drives and isn't required
Source=Paul Collins Startup list

[b.exe]
Number=948
Confirmed=X
Filename=b.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BND&VSect=T" target=_blank>SDBOT.BND</a> WORM!
Source=Paul Collins Startup list

[B.Reader]
Number=949
Confirmed=N
Filename=remin.exe
Description=<a href="http://www.harshal.da.ru/" target="_blank">Birthday Reminder 5.0</a> - as the name implies
Source=Paul Collins Startup list

[b3d]
Number=950
Confirmed=X
Filename=BDEsecureinstall.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrilliantDigital&threatid=3334" target="_blank">B3d Projector</a> foistware - periodically trys to access the internet. (1) Uninstall it via Start -> Settings -> Control Panel -> Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in the "System" directory. (3) Disable and ideally delete it from the registry. (4) Remove the "BDE" directory and all its contents
Source=Paul Collins Startup list

[b3dUpdate]
Number=951
Confirmed=X
Filename=Zupdate.exe
Description=Associated with <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrilliantDigital&threatid=3334" target="_blank">B3d Projector</a> foistware - see <a href="http://www.greatis.com/appdata/u/z/zupdate.exe.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[b9]
Number=952
Confirmed=U
Filename=B9.exe
Description=<a href="http://www.firetrust.com/firetrustbenign.html" target="_blank">FireTrust Benign</a> - allows you to receive e-mail which is safe from viruses, worms, scripts, web bugs, privacy threats and other security risks, without affecting your e-mail. "Benign neutralizes or strips out the code that makes viruses, worms, scripts and other potentially harmful things run"
Source=Paul Collins Startup list

[b99]
Number=953
Confirmed=X
Filename=msmm.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClientMan&threatid=3754" target=_blank>ClientMan</a> parasite variant
Source=Paul Collins Startup list

[bab]
Number=954
Confirmed=X
Filename=svchst32.exe
Description=Added by the <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=41035" target="_blank">AGENT.Q</a> TROJAN!
Source=Paul Collins Startup list

[babeie]
Number=955
Confirmed=X
Filename=rundll32 cnbabe.dll, dllstartup
Description=<a href="http://www.commonname.com/english/ug/toolbar/default.asp?idx=1" target="_blank">CommonName Toolbar</a> spyware. To uninstall see <a href="http://www.commonname.com/english/ug/toolbar/default.asp?idx=10#4">here</a>
Source=Paul Collins Startup list

[Babylon Client]
Number=956
Confirmed=N
Filename=Babylon.exe
Description=<a href="http://www.babylon.com/" target="_blank">Babylon-Pro</a> is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on"
Source=Paul Collins Startup list

[Babylon Translator]
Number=957
Confirmed=N
Filename=Babylon.exe
Description="<a href="http://www.babylon.com/" target="_blank">Babylon-Pro</a> is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on"
Source=Paul Collins Startup list

[Back Updates]
Number=958
Confirmed=X
Filename=Uninstall.log.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040911-2617-99" target=_blank>YPSAN.D</a> WORM!
Source=Paul Collins Startup list

[Backdoor.NuAgent]
Number=959
Confirmed=X
Filename=agent.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentdp.html" target=_blank>AGENT-DP</a> TROJAN!
Source=Paul Collins Startup list

[Background Intelligent Transfer Service]
Number=960
Confirmed=X
Filename=rundll32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbzd.html" target=_blank>VB-ZD</a> TROJAN! Note - this file is located in the C:\Windows\help folder, and is not to be confused with the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll32/" target=_blank>rundll32.exe</a> file!
Source=Paul Collins Startup list

[BackgroundSwitcher]
Number=961
Confirmed=U
Filename=bgswitch.exe
Description=Originally included with Microsoft's XP PowerToys (but now withdrawn - see <a href="http://www.aumha.org/a/powertoy.php" target="_blank">here</a>, Background Switcher allows your desktop background to periodically change
Source=Paul Collins Startup list

[Backpack UDF]
Number=962
Confirmed=N
Filename=bpudfmon.exe
Description=<a href="http://www.nero.com/" target="_blank">Backpack UDF</a> packet writing software for Microssolutions' Back Pack external CD-RW drive. Similar to DirectCD. Run manually before insert an appropriately formatted CD-RW disk
Source=Paul Collins Startup list

[backup]
Number=963
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agoboth.html" target="_blank">AGOBOT-H</a> WORM!
Source=Paul Collins Startup list

[Backup Service]
Number=964
Confirmed=X
Filename=backup.svc
Description=Unidentified adware
Source=Paul Collins Startup list

[Backup4all OTB Agent]
Number=965
Confirmed=U
Filename=B4AOTB.exe
Description="<a href="http://www.backup4all.com/backup4all.php" target="_blank">Backup4all</a> is an award-winning data backup software for Windows. This backup utility was designed to protect your valuable data from partial or total loss by automating backup tasks, password protecting and compressing it to save storage space"
Source=Paul Collins Startup list

[BackupExecScheduler]
Number=966
Confirmed=U
Filename=besch.exe
Description=Veritas "Back Up My PC" software
Source=Paul Collins Startup list

[BackupNotify]
Number=967
Confirmed=?
Filename=backupnotify.exe
Description=HP Digital Imaging related. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[BackWeb]
Number=968
Confirmed=N
Filename=backweb.exe
Description=Automatically detects an internet connection and downloads any available updates. Typical on Compaq and HP PC's but not restricted to those OEM's. Resource hog and often causes malfunctions. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[Backwork]
Number=969
Confirmed=N
Filename=Backwork.exe
Description=<a href="http://www.pcadvisor.co.uk/downloads/index.cfm?categoryID=1505&itemID=6930" target="_blank">Backwork</a> trojan detector
Source=Paul Collins Startup list

[BACPI10]
Number=970
Confirmed=U
Filename=bacpi10a.exe
Description=Known as &quot;PowerKey&quot; - a minimalistic keyboard driver that allows power management keys on BTC keyboards to function properly in older OS's (i.e. Win95/98/NT4). Also adds an icon to the system tray
Source=Paul Collins Startup list

[BacsTray]
Number=971
Confirmed=N
Filename=BacsTray.exe
Description=Broadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems
Source=Paul Collins Startup list

[BADDATE]
Number=972
Confirmed=X
Filename=BADDATE.EXE
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[BagleAV]
Number=973
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042814-2354-99" target=_blank>NETSKY.AB</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
Source=Paul Collins Startup list

[Bakra]
Number=974
Confirmed=X
Filename=IEHost.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmultidrah.html" target=_blank>MULTIDR-AH</a> TROJAN!
Source=Paul Collins Startup list

[bal]
Number=975
Confirmed=X
Filename=SYSMONMS.EXE
Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan.FakeAlert&threatid=43521" target="_blank">FAKEALERT</a> TROJAN!
Source=Paul Collins Startup list

[Band-Aid]
Number=976
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-122417-2948-99" target=_blank>RANKY.O</a> TROJAN!
Source=Paul Collins Startup list

[Bandook]
Number=977
Confirmed=X
Filename=ali.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojexemasb.html" target=_blank>EXEMAS-B</a> TROJAN!
Source=Paul Collins Startup list

[Bandwidth Monitor Pro]
Number=978
Confirmed=U
Filename=Bandwidth Monitor Pro.exe
Description=<a href="http://www.bandwidthmonitorpro.com/" target=_blank>Bandwidth Monitor Pro</a> - utililty to track your current download/upload limit that may be set by your ISP

Source=Paul Collins Startup list

[Banpopup by Pratik]
Number=979
Confirmed=U
Filename=Banpopup.exe
Description=Banpopup - popup killer
Source=Paul Collins Startup list

[Bar Ding lolt]
Number=980
Confirmed=X
Filename=Analiz.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotrp.html" target=_blank>RBOT-RP</a> WORM!
Source=Paul Collins Startup list

[bargains]
Number=981
Confirmed=X
Filename=bargains.exe
Description=<a href="http://sarc.com/avcenter/venc/data/adware.bargainbuddy.html" target="_blank">BargainBuddy</a> foistware
Source=Paul Collins Startup list

[bargains]
Number=982
Confirmed=X
Filename=bargainbuddy.exe
Description=<a href="http://sarc.com/avcenter/venc/data/adware.bargainbuddy.html" target="_blank">BargainBuddy</a> foistware
Source=Paul Collins Startup list

[Bart Station]
Number=983
Confirmed=?
Filename=station.sbrt
Description=<font color="#FF0000">Related to <a href="http://www.peoplepc.com/" target="_blank"> PeoplePC ISP</a>. May be a dialler for dial-up accounts?</font>
Source=Paul Collins Startup list

[Bart Station]
Number=984
Confirmed=U
Filename=PPCOLink.exe
Description=Dialer for PeoplePC ISP
Source=Paul Collins Startup list

[BarTheme]
Number=985
Confirmed=X
Filename=bartent32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotug.html" target=_blank>AGOBOT-UG</a> WORM!
Source=Paul Collins Startup list

[bascstray]
Number=986
Confirmed=N
Filename=BascsTray.exe
Description=Broadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems
Source=Paul Collins Startup list

[Bat]
Number=987
Confirmed=X
Filename=secure2.bat
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-041517-5616-99" target="_blank">ZCREW.C</a> TROJAN!
Source=Paul Collins Startup list

[Batchreg1]
Number=988
Confirmed=N
Filename=N/A
Description=Part of the Windows System Recovery process. Added to the registry via Msbatch.inf. The existence of this key or process after the last reboot during installation indicates an unsuccessful installation, as that key should be deleted automatically. See <a href="http://www.vanwijk.com/-=%20Bookz%20=-/Special%20Edition%20Using%20Windows%2098/ch10/ch10.htm#Heading24" target="_blank">here</a>
Source=Paul Collins Startup list

[BatInfEx]
Number=989
Confirmed=U
Filename=rundll32.exe
Description=Displays battery status information on an IBM Thinkpad
Source=Paul Collins Startup list

[BatSrv]
Number=990
Confirmed=X
Filename=batserv2.exe
Description=Recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as the Win32.Locksky.m WORM!
Source=Paul Collins Startup list

[Battery Scope]
Number=991
Confirmed=U
Filename=batmgr.exe
Description=Monitors battery levels on a notebook/laptop PC
Source=Paul Collins Startup list

[BatteryBar]
Number=992
Confirmed=U
Filename=batterybar.exe
Description=<a href="http://www.nistech.com/BatteryBar/Default.htm" target="_blank">BatteryBar</a> - displays battery usage, and the current percentage of battery power left
Source=Paul Collins Startup list

[BatzBack]
Number=993
Confirmed=X
Filename=BatzBack.scr
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-122517-5425-99" target="_blank">BACKZAT</a> WORM!
Source=Paul Collins Startup list

[BAUSB]
Number=994
Confirmed=U
Filename=BAUSB.exe
Description=Boston Acoustics Audio, USB driver
Source=Paul Collins Startup list

[bawindo]
Number=995
Confirmed=X
Filename=bawindo.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-092811-5825-99" target="_blank">BEAGLE.AR</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102909-4007-99" target=_blank>BEAGLE.AU</a> WORMS!
Source=Paul Collins Startup list

[BayMgr]
Number=996
Confirmed=U
Filename=DockApp.exe
Description=Hot-swappable drive management on laptops allowing you to change drives without closing down Windows. Only required if you frequently swap bay devices&nbsp;
Source=Paul Collins Startup list

[Bayswap]
Number=997
Confirmed=U
Filename=bayswap.exe
Description=Hot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices
Source=Paul Collins Startup list

[Bayswap2]
Number=998
Confirmed=U
Filename=TbUpdate.exe
Description=Hot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices
Source=Paul Collins Startup list

[BBC Alerts]
Number=999
Confirmed=N
Filename=BBC_Alerts.exe
Description=<a href="http://news.bbc.co.uk/1/hi/help/4735697.stm" target="_blank">BBC Alerts</a> - "You can now have all the latest news and sports headlines delivered straight to your desktop with the new BBC Alerts service"
Source=Paul Collins Startup list

[BBC News alerts]
Number=1000
Confirmed=U
Filename=skinkers.exe
Description=BBC News Desktop Alerts service - see <a href="http://news.bbc.co.uk/2/hi/help/3533099.stm" target= blank>here</a>. Desktop alert and breaking news e-mail services let you find out about all the latest news as it happens
Source=Paul Collins Startup list

[BBDial]
Number=1001
Confirmed=?
Filename=BT Broadband.exe
Description=<font color="#FF0000">Part of BT Broandband - is it required?</font>
Source=Paul Collins Startup list

[bbSysTray]
Number=1002
Confirmed=N
Filename=bbSysTray.exe
Description=Philips CD-RW related - "the 'Blue Button' feature gives users the chance to receive convenient online support for their possible device problems or questions"
Source=Paul Collins Startup list

[bbui]
Number=1003
Confirmed=U
Filename=bbui.exe
Description=AOL DSL status monitor displaying a red/green icon indicating if you have a connection
Source=Paul Collins Startup list

[bca]
Number=1004
Confirmed=U
Filename=bca.exe
Description=BeClean Agent - registry, history, temp files, etc cleaner
Source=Paul Collins Startup list

[BCDetect]
Number=1005
Confirmed=U
Filename=bcdetect.exe
Description=Bcdetect.exe searches the system to make sure Creative drivers are installed for the video card. It loads the BlasterControl when the drivers are detected. Your choice - try it and see
Source=Paul Collins Startup list

[BCMDMMSG]
Number=1006
Confirmed=Y
Filename=bcmdmmsg.exe
Description=BCM voicemodem driver. Required for dial-up if you have one of these modems
Source=Paul Collins Startup list

[BCMHal]
Number=1007
Confirmed=U
Filename=rundll32.exe bcmhal9x.dll, bcinit
Description=BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings
Source=Paul Collins Startup list

[BCMSMMSG]
Number=1008
Confirmed=Y
Filename=BCMSMMSG.exe
Description=BCM voicemodem driver. Required for dial-up if you have one of these modems
Source=Paul Collins Startup list

[bcmwltry]
Number=1009
Confirmed=?
Filename=bcmwltry.exe
Description=Broadcom Corporation Wireless Network Tray Applet.<font color="#FF0000"> </font><font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list

[BCNT]
Number=1010
Confirmed=N
Filename=bcnt.exe
Description=<a href="http://www.weatherbug.com/aws/index.asp" target="_blank">AWS Weatherbug</a> related. <font color="#FF0000">What does it do?</font>
Source=Paul Collins Startup list

[BCPC]
Number=1011
Confirmed=X
Filename=bcpc.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080114-4631-99" target="_blank">BroadcastPC</a> adware variant
Source=Paul Collins Startup list

[bcpc_c]
Number=1012
Confirmed=X
Filename=bcpc_c.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080114-4631-99" target="_blank">BroadcastPC</a> adware variant
Source=Paul Collins Startup list

[BCTweak]
Number=1013
Confirmed=U
Filename=bctweak.exe
Description=BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings
Source=Paul Collins Startup list

[Bcvsrv32]
Number=1014
Confirmed=X
Filename=bcvsrv32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110816-5549-99" target=_blank>GAOBOT.BQJ</a> WORM!
Source=Paul Collins Startup list

[BCWipeTM]
Number=1015
Confirmed=N
Filename=bcwipetm.exe
Description=<a href="http://www.jetico.com/" target="_blank">BCWipe</a> Task Manager - scheduler for BCWipe so that it runs at convenient times. You can set a time for running the task, as well as special options for the task. Run manually when needed
Source=Paul Collins Startup list

[BD]
Number=1016
Confirmed=X
Filename=dc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojrasdoora.html" target=_blank>RASDOOR-A</a> TROJAN!
Source=Paul Collins Startup list

[BDAgent]
Number=1017
Confirmed=U
Filename=bdagent.exe
Description=<a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> antivirus
Source=Paul Collins Startup list

[BDMCon]
Number=1018
Confirmed=Y
Filename=Bdmcon.exe
Description=<a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> antivirus
Source=Paul Collins Startup list

[BDNewsAgent]
Number=1019
Confirmed=Y
Filename=bdnagent.exe
Description=<a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> antivirus - updater
Source=Paul Collins Startup list

[BDOESRV]
Number=1020
Confirmed=Y
Filename=bdoesrv.exe
Description=<a href="http://www.bitdefender.com/" target="_blank">Bitdefender</a> 8 antivirus and firewall
Source=Paul Collins Startup list

[BDSwitchAgent]
Number=1021
Confirmed=Y
Filename=bdswitch.exe
Description=<a href="http://www.bitdefender.com/" target="_blank">Bitdefender</a> 8 antivirus and firewall
Source=Paul Collins Startup list

[BearFlix]
Number=1022
Confirmed=U
Filename=BearFlix.exe
Description=<a href="http://www.bearflix.com/" target="_blank">BearFlix</a> is optimized for the fast download of video files
Source=Paul Collins Startup list

[BearShare]
Number=1023
Confirmed=N
Filename=bearshare.exe
Description=<a href="http://www.bearshare.com/" target="_blank">BearShare</a> file sharing client. Versions known to include spyware - see <a href="http://www.cexx.org/adware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[BeatNik Internet Clock]
Number=1024
Confirmed=U
Filename=BeatNik.exe
Description=<a href="http://www.somedec.com/" target=_blank>BeatNik Internet Clock</a> is a Windows clock add-on that supports 'skins'. It can also synchronize your computer's clock with an atomic clock
Source=Paul Collins Startup list

[Beawver]
Number=1025
Confirmed=X
Filename=saqevre.exe
Description=Added by the <a href="http://www.scanspyware.net/info/Ranky.AGA.htm" target="_blank">RANKY.AGA</a> TROJAN!
Source=Paul Collins Startup list

[Beegees Update]
Number=1026
Confirmed=X
Filename=beegees.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotadk.html" target=_blank>SDBOT-ADK</a> WORM!
Source=Paul Collins Startup list

[BEEI]
Number=1027
Confirmed=?
Filename=beei.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[BeFaster]
Number=1028
Confirmed=U
Filename=befaster3.exe
Description=<a href="http://www.ekremdeniz.com/" target= blank>BeFaster</a> internet connection optimization tool
Source=Paul Collins Startup list

[BEHL]
Number=1029
Confirmed=?
Filename=BEHL.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[BEHLO]
Number=1030
Confirmed=?
Filename=BEHLO.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Belkin PCMCIA WLAN Monitor]
Number=1031
Confirmed=N
Filename=monitorbk.exe
Description=Belkin USB Network Adapter Management utility - can be started manually
Source=Paul Collins Startup list

[Belkin Wireless Utility]
Number=1032
Confirmed=N
Filename=Belkinwcui.exe
Description=Wireles configuration utility for some Belkin cards such as the <a href="http://catalog.belkin.com/IWCatProductPage.process?Product_Id=136479" target="_blank">Wireless G Desktop Card</a>
Source=Paul Collins Startup list

[BellSouthAlertManager.exe]
Number=1033
Confirmed=U
Filename=BellSouthAlertManager.exe
Description=Related to <a href="http://pcpitstop.com/spycheck/SWDetail.asp?fn=BellSouthAlertManager.exe" target="_blank">BellSouth Alert Manager</a>
Source=Paul Collins Startup list

[BelNotify]
Number=1034
Confirmed=U
Filename=[path] NPBelv32.dll, RunDll32_BelNotify
Description="BelTech from <a href="http://www.belarc.com/" target=_blank>Belarc</a> enables licensees to offer automated, Web-based problem resolution to their end-users. BelTech allows the end-user to simply go to a web page and automatically resolve their problem or point them to the right solution. BelTech Manager allows non-programmers to rapidly and easily deploy and maintain this service"
Source=Paul Collins Startup list

[BELORVBI]
Number=1035
Confirmed=?
Filename=BELORVBI.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Belsta.exe]
Number=1036
Confirmed=?
Filename=Belsta.exe
Description=Configuration tool for Belkin wireless network cards. Required to change the card's configuration.<font color="#FF0000"> Is it required for correct operation once the confuiguration is changed?</font>
Source=Paul Collins Startup list

[Belt]
Number=1037
Confirmed=X
Filename=Belt.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=VX2.Transponder&threatid=12517" target=_blank>VX2.Transponder</a> parasite updater/installer related
Source=Paul Collins Startup list

[Benadril Alert Tool]
Number=1038
Confirmed=X
Filename=benadrilalert.exe
Description=Plug-in for WeatherBug advising when pollen count in your area is high - prompting you to buy Benadril
Source=Paul Collins Startup list

[BestPopUpKiller]
Number=1039
Confirmed=N
Filename=BestPopupKiller.exe
Description=Popup killer by Swanksoft - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[BeSys]
Number=1040
Confirmed=X
Filename=[path to file]
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-052015-1227-99" target="_blank">BeSys</a> adware
Source=Paul Collins Startup list

[BF4P]
Number=1041
Confirmed=X
Filename=bf4p.exe
Description=Added by the <a href="http://fileinfo.prevx.com/QQc81816553925-BF4P13381774/BF4P.EXE.html" target="_blank">IRCBOT.GEN</a> WORM!
Source=Paul Collins Startup list

[bg]
Number=1042
Confirmed=Y
Filename=bullguard.exe
Description=<a href="http://www.bullguard.com/" target="_blank">Bullguard</a> antivirus and firewall. The P2P version is free with KaZaA Media Desktop and Grokster
Source=Paul Collins Startup list

[BGInfo]
Number=1043
Confirmed=U
Filename=Bginfo.exe
Description=<a href="http://www.microsoft.com/technet/sysinternals/utilities/BgInfo.mspx" target="_blank">BGinfo</a> automatically displays relevant information about a Windows computer on the desktop's background, such as the computer name, IP address, service pack version, and more
Source=Paul Collins Startup list

[BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
Number=1044
Confirmed=U
Filename=NMBgMonitor.exe
Description=Associated with <a href="http://www.nero.com/nero7/eng/Nero_Scout.html" target="_blank">Nero Scout</a>, added by version 7 of the Nero digital media suite (CD & DVD burning, authoring, etc). Thanks to Help2Go.com, if you feel this is draining more resources that necessary you can disable it by <a href="http://www.help2go.com/Tutorials/Software_Utilities/Disable_Nero_Scout_in_Nero_7.html" target="_blank">clicking here</a>
Source=Paul Collins Startup list

[BGNewsAgent]
Number=1045
Confirmed=Y
Filename=bgnewsag.exe
Description=<a href="http://www.bullguard.com/" target=_blank>BullGuard</a> antivirus updater

Source=Paul Collins Startup list

[bgsmsnd]
Number=1046
Confirmed=N
Filename=bgsmsnd.exe
Description=Printer driver to generate PDF files from any program
Source=Paul Collins Startup list

[BHOCop]
Number=1047
Confirmed=N
Filename=BHOCop.exe
Description=PC Magazine's <a href="http://www.pcmag.com/article2/0,1895,1654861,00.asp" target="_blank">BHO Cop</a> that lets you see what browser helper objects are installed. Useful for detecting spyware
Source=Paul Collins Startup list

[BHODemon 2.0]
Number=1048
Confirmed=U
Filename=BHODemon.exe
Description=BHODemon "protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. When running, it also monitors your Registry and alerts you when a BHO is installed. Best of all, BHODemon knows about the most common BHOs - the good ones, and the not-so-good ones!". If you prefer forgoing resident protection, the application can also be run on demand
Source=Paul Collins Startup list

[BHR]
Number=1049
Confirmed=U
Filename=BHR.exe
Description=<a href="http://www.zamaansoft.com/products/bhr/" target="_blank">Browser Hijack Retaliator</a> - recovers your browser after it has been hijacked by spyware, adware, etc
Source=Paul Collins Startup list

[BI1HelperStartUp]
Number=1050
Confirmed=U
Filename=BI1HEL~1.EXE
Description=ScreenScenes "Beach Islands" screensaver. The freeware version comes with <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Claria.GAIN.CommonElements&threatid=5605" target="_blank">GAIN</a> branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
Source=Paul Collins Startup list

[BIE]
Number=1051
Confirmed=X
Filename=Rundll32.exe BDSrHook.dll, Rundll32
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453075264" target="_blank">BDplugin</a> parasite
Source=Paul Collins Startup list

[BIG]
Number=1052
Confirmed=X
Filename=biggy.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotag.html" target="_blank">DELBOT-AG</a> WORM!
Source=Paul Collins Startup list

[BigDog303]
Number=1053
Confirmed=U
Filename=VM303_STI.EXE
Description=Related to <a href="http://www.vimicro.com/english/" target="_blank">VIMICRO USB</a> for PC Camera
Source=Paul Collins Startup list

[BigDogPath]
Number=1054
Confirmed=?
Filename=VM_STI.EXE
Description=Bundled with some software for digital cameras that use a USB connection - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list

[bigfix]
Number=1055
Confirmed=N
Filename=BIGFIX.EXE
Description=<a href="http://www.bigfix.com/index.html" target="_blank">BigFix</a> can automatically download and read technical support information provided by computer and software manufacturers and other technical support experts (published in the form of Fixlet® Messages) and can automatically check your computer for bugs, configuration conflicts, and security holes. Should only be started manually as it's a resource hog
Source=Paul Collins Startup list

[BigPond Toolbar]
Number=1056
Confirmed=U
Filename=bpumTray.exe
Description=Telstra <a href="http://www.bigpond.com/default.asp" target="_blank">BigPond</a> Toolbar - "Introducing the free and easy to use BigPond Toolbar that is designed to make your internet experience and managing your Telstra internet account a whole lot easier"
Source=Paul Collins Startup list

[BigPondCable]
Number=1057
Confirmed=N
Filename=bpcable.exe
Description=Telstra Bigpond Cable login software - can be started manually

Source=Paul Collins Startup list

[bikini]
Number=1058
Confirmed=X
Filename=bikini.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlowzonecx.html" target="_blank">LOWZONE-CX</a> TROJAN!
Source=Paul Collins Startup list

[Billminder]
Number=1059
Confirmed=N
Filename=Billmind.exe
Description=Can be setup in Quicken to remind user of due payments. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[bin32hpu]
Number=1060
Confirmed=X
Filename=ppstub.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-021414-1601-99" target="_blank">PrecisionPop</a> adware
Source=Paul Collins Startup list

[bingdian]
Number=1061
Confirmed=X
Filename=Bingdian.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-072911-5238-99" target="_blank">BINGD</a> WORM!
Source=Paul Collins Startup list

[Bingo Charm]
Number=1062
Confirmed=?
Filename=charms.exe
Description=<font color="#FF0000">Some kind of screen icon kind of like desk flag, but it gives you a choice of icons?</font>
Source=Paul Collins Startup list

[Biomenu]
Number=1063
Confirmed=U
Filename=menusw.exe
Description=Related to <a href="http://vaio-online.sony.com/prod_info/vgn-bx168gp/solid_security.html" target=_blank>Sony VAIO</a> - passwords, encryption, and a biometric fingerprint sensor
Source=Paul Collins Startup list

[Bios]
Number=1064
Confirmed=X
Filename=Bios32.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[BIOS XP Loader]
Number=1065
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotic.html" target=_blank>RBOT-IC</a> WORM!
Source=Paul Collins Startup list

[BIOS1]
Number=1066
Confirmed=X
Filename=BIOS1.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T" target="_blank">OPASERV.T</a> WORM!
Source=Paul Collins Startup list

[BIOVCIP]
Number=1067
Confirmed=?
Filename=BIOVCIP.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[BitComet]
Number=1068
Confirmed=N
Filename=BitComet.exe
Description=<a href="http://www.bitcomet.com/index.htm" target=_blank>BitComet</a> P2P client - can be launched from Start -> Programs
Source=Paul Collins Startup list

[BitDefender Antivirus]
Number=1069
Confirmed=X
Filename=BITDEFENDERX.EXE
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[BitDefender Communicator]
Number=1070
Confirmed=Y
Filename=xcommsvr.exe
Description=<a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> antivirus
Source=Paul Collins Startup list

[BitDefender for MSN Messenger]
Number=1071
Confirmed=U
Filename=msnmon.exe
Description=Bitdefender anti-virus for MSN Messenger - no longer supported at the <a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> website
Source=Paul Collins Startup list

[BitDefender for Yahoo! Messenger]
Number=1072
Confirmed=U
Filename=yahmon.exe
Description=Bitdefender anti-virus for Yahoo! Messenger - no longer supported at the <a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> website
Source=Paul Collins Startup list

[BitDefender Live! Init]
Number=1073
Confirmed=Y
Filename=bdinit.exe
Description=<a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> antivirus
Source=Paul Collins Startup list

[BitDefender Scan Server]
Number=1074
Confirmed=Y
Filename=bdss.exe
Description=<a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> antivirus
Source=Paul Collins Startup list

[BitDefender Virus Shield]
Number=1075
Confirmed=Y
Filename=vsserv.exe
Description=<a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> antivirus
Source=Paul Collins Startup list

[bitdefenderlive]
Number=1076
Confirmed=Y
Filename=avxlive.exe
Description=Main program of <a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> virus scanner/firewall
Source=Paul Collins Startup list

[BitDefender_P2P_Startup]
Number=1077
Confirmed=U
Filename=BitDefender_P2P_Startup.exe
Description=Bitdefender anti-virus for P2P clients - no longer supported at the <a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> website
Source=Paul Collins Startup list

[BitWare Print Monitor]
Number=1078
Confirmed=N
Filename=bwprnmon.exe
Description=<a href="http://www.2point.com/FAXserve/" target="_blank">FaxServe</a> network fax software
Source=Paul Collins Startup list

[BJ Printer Status Monitor]
Number=1079
Confirmed=N
Filename=Cjstsr.exe
Description=Canon BJ printer status monitor
Source=Paul Collins Startup list

[BJ Status Monitor 5xx]
Number=1080
Confirmed=N
Filename=CJSTRxx.EXE
Description=Canon printer status monitor - where &quot;xx&quot; is different depending upon the version. Not required as you can check the printer status via My Computer -&gt; Printers
Source=Paul Collins Startup list

[bjcfd]
Number=1081
Confirmed=N
Filename=cdf.exe
Description=<a href="http://www.broadjump.com/" target="_blank">BroadJump</a> Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs
Source=Paul Collins Startup list

[BlackICE PC Protection]
Number=1082
Confirmed=N
Filename=blackice.exe
Description=Loads the user interface for the <a href="http://blackice.iss.net/product_pc_protection.php" target="_blank">BlackICE PC Protection</a> (was Defender) firewall program. From the <a href="http://www.networkice.com/" target="_blank">parent site</a> - '(the user interface) starts in the &quot;Startup&quot; menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackD
Source=Paul Collins Startup list

[BlackIce Utility]
Number=1083
Confirmed=N
Filename=blackice.exe
Description=Loads the user interface for the <a href="http://blackice.iss.net/product_pc_protection.php" target="_blank">BlackICE PC Protection</a> (was Defender) firewall program. From the <a href="http://www.networkice.com/" target="_blank">parent site</a> - '(the user interface) starts in the &quot;Startup&quot; menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackD
Source=Paul Collins Startup list

[blads]
Number=1084
Confirmed=U
Filename=blads.exe
Description=A <a href="http://www.totalidea.com/frameset-tweakxp.htm" target=_blank>Tweak-XP</a> component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks
Source=Paul Collins Startup list

[blah service]
Number=1085
Confirmed=X
Filename=winupdate.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-090709-0941-99" target="_blank">GAOBOT.BIA</a> WORM!
Source=Paul Collins Startup list

[blah service]
Number=1086
Confirmed=X
Filename=winsysengine.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotki.html" target="_blank">RBOT-KI</a> WORM!
Source=Paul Collins Startup list

[blah service]
Number=1087
Confirmed=X
Filename=internet.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!

Source=Paul Collins Startup list

[blah service]
Number=1088
Confirmed=X
Filename=smnp.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.IZ" target=_blank>RBOT.IZ</a> WORM!

Source=Paul Collins Startup list

[blah service]
Number=1089
Confirmed=X
Filename=msnmsgrr.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.PZ&VSect=T" target=_blank>RBOT.PZ</a> WORM!
Source=Paul Collins Startup list

[blah service]
Number=1090
Confirmed=X
Filename=tazkmgr.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.UA" target=_blank>RBOT.UA</a> WORM!
Source=Paul Collins Startup list

[blah service]
Number=1091
Confirmed=X
Filename=FaLeH.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaes.html" target=_blank>RBOT-AES</a> WORM!
Source=Paul Collins Startup list

[blah service]
Number=1092
Confirmed=X
Filename=microsoft.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[blah service]
Number=1093
Confirmed=X
Filename=evosys.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[blah service]
Number=1094
Confirmed=X
Filename=win32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxo.html" target=_blank>RBOT-AXO</a> WORM!
Source=Paul Collins Startup list

[Blah service]
Number=1095
Confirmed=X
Filename=CCAPPS32.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.TV" target="_blank">RBOT.TV</a> WORM!
Source=Paul Collins Startup list

[blahh service]
Number=1096
Confirmed=X
Filename=msengine.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[blahx service]
Number=1097
Confirmed=X
Filename=msnjompa.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AML" target=_blank>SDBOT.AML</a> WORM!
Source=Paul Collins Startup list

[BlazeChanger]
Number=1098
Confirmed=N
Filename=FBZPaper.exe
Description=<a href="http://www.firehand.com/Ember/" target="_blank">Ember</a> graphic file viewer, manager, and touch-up system
Source=Paul Collins Startup list

[bldbubg]
Number=1099
Confirmed=N
Filename=bldbubg.exe
Description=Part of Dell Alerts which provides customers with an update on latest updates for his/her system
Source=Paul Collins Startup list

[BLF]
Number=1100
Confirmed=X
Filename=blf.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotm.html" target="_blank">DELBOT-M</a> WORM!
Source=Paul Collins Startup list

[blinkx]
Number=1101
Confirmed=U
Filename=blinkx.exe
Description=<a href="http://www.blinkx.com/" target=_blank>Blinkx</a> Desktop "Smart Folders" software
Source=Paul Collins Startup list

[BLMessagingIntegration]
Number=1102
Confirmed=X
Filename=blengine.exe
Description=<a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101007" target="_blank">BuddyLinks</a> adware
Source=Paul Collins Startup list

[BlockAds]
Number=1103
Confirmed=U
Filename=blads.exe
Description=A <a href="http://www.totalidea.com/frameset-tweakxp.htm" target=_blank>Tweak-XP</a> component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks
Source=Paul Collins Startup list

[BlockChecker]
Number=1104
Confirmed=X
Filename=Block-checker.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082521-1906-99" target=_blank>BlockChecker</a> adware
Source=Paul Collins Startup list

[Blocker System611 Monitoring]
Number=1105
Confirmed=X
Filename=PopUpBlocker611.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BLJ&VSect=P" target=_blank>RBOT.BLJ</a> WORM!
Source=Paul Collins Startup list

[BlockTracker]
Number=1106
Confirmed=N
Filename=BlockTracker.exe
Description=If present on a HP machine it tracks all the processes and logs them to a blocklog.txt file
Source=Paul Collins Startup list

[blsloader]
Number=1107
Confirmed=U
Filename=blsloader.exe
Description=BellSouth ISP <a href="http://bellsouth.com/consumer/inetsrvcs/inetsrvcs_fa_features.html" target="_blank">Internet Tools</a>
Source=Paul Collins Startup list

[blss]
Number=1108
Confirmed=X
Filename=blss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-022118-1659-99" target=_blank>BLARUL</a> TROJAN!
Source=Paul Collins Startup list

[BLSTAPP]
Number=1109
Confirmed=N
Filename=blstapp.exe
Description=Puts access to Creative's BlasterControl in the System Tray
Source=Paul Collins Startup list

[Blubster]
Number=1110
Confirmed=N
Filename=Blubster.exe
Description=Related to <a href="http://www.blubster.com/" target=_blank>Blubster</a> Music sharing service
Source=Paul Collins Startup list

[Blue Frog]
Number=1111
Confirmed=U
Filename=bluefrog.exe
Description=<a href="http://en.wikipedia.org/wiki/Blue_Frog" target="_blank">Blue Frog</a> by Blue Security Inc. - actively fights spam by posting complaints on the sites advertised by the spam you receive
Source=Paul Collins Startup list

[BlueLight_uoltray]
Number=1112
Confirmed=?
Filename=exec.exe
Description=Related to <a href="http://www.mybluelight.com/" target="_blank">BlueLight Internet</a>. <font color="#FF0000">What does it do and is it required?</a>
Source=Paul Collins Startup list

[BlueSoleil]
Number=1113
Confirmed=U
Filename=BLUESO~1.EXE
Description=<a href="http://www.bluesoleil.com/products/index.asp" target="_blank">BlueSoleil</a> Bluetooth wireless manager from IVT Corporation
Source=Paul Collins Startup list

[BlueSpace NE]
Number=1114
Confirmed=U
Filename=BlueSpaceNE.exe
Description="BlueSpace NE is a utility program used to run the Bluetooth function on VAIO computers that support the Bluetooth function or on VAIO computers connected to the Bluetooth USB adapter". Shortcut available via Start -> Programs
Source=Paul Collins Startup list

[BlueToothAuthentication Agent]
Number=1115
Confirmed=U
Filename=RunDLL32.exe irprops.cpl, BluetoothAuthenticationAgent
Description=Associated with BlueTooth software, designed to allow bluetooth mobile devices to authenticate to the computer, when connecting a PDA to your computer - necessary for the computer and the PDA to communicate. Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click <a href="http://www.winbookcorp.com/_technote/WBTA20000912.htm" target=_blank>here</a> for more information. In case you no longer have BlueTooth support installed, and don't need it, simply uncheck the entry in Msconfig > Startup
Source=Paul Collins Startup list

[Blueyonder Instant Support Tool]
Number=1116
Confirmed=U
Filename=matcli.exe
Description="matcli.exe is a motive Assistant Command line interface that gathers information about your system\'s identity like your name email address, city, state, etc and gets written to a log file". Blueyonder Instant Support is required to run with the Help and Support program. If you uncheck it and and then run Help and Support it will add another Blueyonder Instant Support in the startup menu. If you remove Blueyonder Instant Support in add/remove programs some help menus in help and support will not be available. You decide
Source=Paul Collins Startup list

[BMail Installation]
Number=1117
Confirmed=N
Filename=FTP_back.exe
Description=Part of <a href="http://www.imesh.com" target="_blank">iMesh</a> - a file sharing system. Reported by Norton AntiVirus as a trojan. Once deleted does not prevent file sharing working. Older versions of iMesh re-instate this but the newer versions do not
Source=Paul Collins Startup list

[Bman]
Number=1118
Confirmed=X
Filename=BMan1.exe
Description=Abcsearch.com/DealHelper adware variant
Source=Paul Collins Startup list

[BMMGAG]
Number=1119
Confirmed=U
Filename=Rundll32 PWRMONIT.DLL, StartPwrMonitor
Description=Displays a battery gauge icon in the Taskbar (not the System Tray). Provides shortcuts to IBM's proprietary power saving settings and to a battery information window
Source=Paul Collins Startup list

[BMMLREF]
Number=1120
Confirmed=U
Filename=BMMLREF.EXE
Description=Battery Manager for IBM ThinkPad laptops
Source=Paul Collins Startup list

[BMMMONWND]
Number=1121
Confirmed=?
Filename=rundll32.exe [path] BatInfEx.dll, BMMAutonomicMonitor
Description=IBM Thinkpad related. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[BMO MasterCard Wallet]
Number=1122
Confirmed=U
Filename=EWALLET.EXE
Description=The wallet conveniently stores billing, shipping and payment information on your PC
Source=Paul Collins Startup list

[BMupdate]
Number=1123
Confirmed=N
Filename=BMupdate.exe
Description=Related to the BookmarkCentral entry. Typically added after downloading drivers for Visioneer scanners for example, and you install the driver self-install
Source=Paul Collins Startup list

[BMZ]
Number=1124
Confirmed=X
Filename=bmz.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=180solutions.NCase&threatid=8869" target=_blank>NCase</a> adware
Source=Paul Collins Startup list

[Bndt32]
Number=1125
Confirmed=X
Filename=Bndt32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082915-4622-99" target="_blank">LACON</a> WORM!
Source=Paul Collins Startup list

[Bnexe]
Number=1126
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-070414-5310-99" target="_blank"> KITRO.D</a> (or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ARGEN.A&VSect=T" target="_blank">ARGEN.A</a>) WORM!
Source=Paul Collins Startup list

[BO1HelperStartUp]
Number=1127
Confirmed=U
Filename=BO1HEL~1.EXE
Description=ScreenScenes "Butterfly Oasis" screensaver. The freeware version comes with <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Claria.GAIN.CommonElements&threatid=5605" target="_blank">GAIN</a> branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
Source=Paul Collins Startup list

[BO1HelperStartUp]
Number=1128
Confirmed=U
Filename=Bo1helper.exe
Description=ScreenScenes "Butterfly Oasis" screensaver. The freeware version comes with <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Claria.GAIN.CommonElements&threatid=5605" target="_blank">GAIN</a> branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
Source=Paul Collins Startup list

[Boarddata]
Number=1129
Confirmed=X
Filename=[path] repcale.exe [path] palsp.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDON.AN" target="_blank">RANDON.AN</a> WORM!
Source=Paul Collins Startup list

[boby]
Number=1130
Confirmed=X
Filename=csrs.scr
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanpc.html" target="_blank">BANCBAN-PC</a> TROJAN!
Source=Paul Collins Startup list

[BOC412]
Number=1131
Confirmed=Y
Filename=BOC412.exe
Description=Version 4.12 of NSClean's <a href="http://www.nsclean.com/boclean.html" target=_blank>BOClean</a> anti-trojan software
Source=Paul Collins Startup list

[BOCleanautostart]
Number=1132
Confirmed=Y
Filename=Boclean.exe
Description=NSClean's <a href="http://www.nsclean.com/boclean.html" target="_blank">BOClean</a> anti-trojan software
Source=Paul Collins Startup list

[BOINC Manager]
Number=1133
Confirmed=U
Filename=boincmgr.exe
Description=<a href="http://boinc.berkeley.edu/manager.php" target="_blank">BOINC manager</a> - "controls the use of your computer's disk, network, and processor resources"
Source=Paul Collins Startup list

[Boingo Wireless Utility]
Number=1134
Confirmed=U
Filename=Icon###XXX#X#.exe
Description=Starts the Boingo Wireless utility, used to detect and login into <a href="http://www.boingo.com/" target=blank>Boingo</a> wireless hotspots. The filename may be autogenerated when installing, two different variations along the lines listed here, where # is a number and X is a letter. Shortcut available via Start -> Programs
Source=Paul Collins Startup list

[boler.exe]
Number=1135
Confirmed=X
Filename=syser.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotays.html" target=_blank>RBOT-AYS</a> WORM!
Source=Paul Collins Startup list

[bombshel]
Number=1136
Confirmed=U
Filename=BOMB32.EXE
Description=Part of McAfee Nuts &amp; Bolts. Protects your Windows system from application failure and crashes - similar to Norton Crashguard. Your choice - may cause problems
Source=Paul Collins Startup list

[Bonzi Buddy]
Number=1137
Confirmed=X
Filename=??
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=59256" target="_blank">Bonzi Buddy</a> adware - see <a href="http://www.pchell.com/support/bonzibuddy.shtml" target="_blank">here</a> for removal instructions
Source=Paul Collins Startup list

[boo]
Number=1138
Confirmed=X
Filename=boo.exe
Description=Adware downloader - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as the FAVADD.O TROJAN!
Source=Paul Collins Startup list

[BookedSpace]
Number=1139
Confirmed=X
Filename=RunDLL32.EXE [path] bs2.dll, DllRun
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BookedSpace&threatid=3275" target=_blank>BookedSpace</a> parasite
Source=Paul Collins Startup list

[BookmarkCentral]
Number=1140
Confirmed=N
Filename=BMLauncher.exe
Description=<a href="http://www.bookmarkexpress.com/" target="_blank">Bookmark Express</a> - &quot;offers a more flexible way to manage Web site bookmarks, regardless of which browser you use&quot;
Source=Paul Collins Startup list

[BookMarkSink]
Number=1141
Confirmed=N
Filename=syncit.exe
Description=Bookmark synchronization utility
Source=Paul Collins Startup list

[BookMarkSync]
Number=1142
Confirmed=N
Filename=syncit.exe
Description=<a href="http://www.sync2it.com/" target=_blank>Sync2IT BookMarkSync</a> - "real-time automatic synchronization service that allows you to access your bookmarks, favorites and favorite files from any computer or any browser". Only installed with the users explicit permission and generally only remains running if the user decides to subscribe to the service. If it is no longer required it should be uninstalled to prevent a large number of clients 'checking in' to the server that have no chance of synchronizing
Source=Paul Collins Startup list

[BookMarkSync2It]
Number=1143
Confirmed=N
Filename=sync2it.exe
Description=<a href="http://www.sync2it.com/" target=_blank>Sync2IT BookMarkSync</a> - "real-time automatic synchronization service that allows you to access your bookmarks, favorites and favorite files from any computer or any browser". Only installed with the users explicit permission and generally only remains running if the user decides to subscribe to the service. If it is no longer required it should be uninstalled to prevent a large number of clients 'checking in' to the server that have no chance of synchronizing
Source=Paul Collins Startup list

[Boost XP Service]
Number=1144
Confirmed=U
Filename=bxservice.exe
Description=<a href="http://www.systweak.com/boostxp/" target="_blank">Boost XP</a> from Systweak - WinXP tweaking utility
Source=Paul Collins Startup list

[boot]
Number=1145
Confirmed=X
Filename=boot.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpuppeta.html" target=_blank>PUPPET-A</a> TROJAN! Located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[Boot]
Number=1146
Confirmed=U
Filename=Boot.exe
Description=Part of Acer Empowering Technology. "<a href="http://www.acer-euro.com/et/en/notebooks01.htm#7" target="_blank">Acer ePower Management</a> is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles". Located in the "Acer\Empowering Technology\ePower" directory
Source=Paul Collins Startup list

[Boot Check]
Number=1147
Confirmed=X
Filename=bootchk.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotab.html" target="_blank">DELBOT-AB</a> WORM!
Source=Paul Collins Startup list

[Boot Manager]
Number=1148
Confirmed=X
Filename=Njgal.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021319-1815-99" target="_blank">KILO</a> TROJAN!
Source=Paul Collins Startup list

[Boot Manager]
Number=1149
Confirmed=X
Filename=bootmng.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[BootCfg]
Number=1150
Confirmed=X
Filename=Install.log.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040911-2617-99" target=_blank>YPSAN.D</a> WORM!
Source=Paul Collins Startup list

[BootCTRL]
Number=1151
Confirmed=X
Filename=bootctrl.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[BootLoader]
Number=1152
Confirmed=X
Filename=BootLoader.exe.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-020518-0826-99" target="_blank">WATERWORKS</a> WORM!
Source=Paul Collins Startup list

[bootpd.exe]
Number=1153
Confirmed=X
Filename=bootpd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentdt.html" target=_blank>AGENT-DT</a> TROJAN!
Source=Paul Collins Startup list

[BootsCfg]
Number=1154
Confirmed=X
Filename=Date.POP.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040417-1243-99" target=_blank>KUULLIO</a> WORM!
Source=Paul Collins Startup list

[BootsCfg]
Number=1155
Confirmed=X
Filename=wscript.exe [path] All Users.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050612-1340-99" target= blank>SPILTRON</a> WORM!
Source=Paul Collins Startup list

[BootsCfg]
Number=1156
Confirmed=X
Filename=wscript.exe [path] All Users.vbe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050612-1340-99" target= blank>SPILTRON</a> WORM!
Source=Paul Collins Startup list

[BootsCfg]
Number=1157
Confirmed=X
Filename=wscript.exe [path] Install.log.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050715-3159-99" target= blank>YPSAN.E</a> WORM!
Source=Paul Collins Startup list

[BootStatus]
Number=1158
Confirmed=U
Filename=BOOTST~1.EXE
Description=Visual Basic program that pops up a small window on startup telling you how many times the machine has been booted that day.&nbsp; Once you exit it, it has no more effect on resources
Source=Paul Collins Startup list

[BootWarn]
Number=1159
Confirmed=U
Filename=BootWarn.exe
Description=From <a href="http://www.answersthatwork.com/Tasklist_pages/tasklist_b.htm" target=_blank>here</a>: "Norton AntiVirus Boot Warning. This program is installed as a startup item when you install Norton AntiVirus, and also sometimes when you do a LiveUpdate which updates Norton AntiVirus significantly enough that a reboot is needed to complete the installation. We believe its purpose to be to warn the end-user that he must reboot his PC before using Norton AntiVirus in those cases when a reboot did not happen with the result that Norton AntiVirus did not fully complete its installation or software updating. Recommendation : Start Norton AntiVirus from "Start \ Programs \ Norton AntiVirus". If Norton AntiVirus comes up without problems, then fix this entry from the Msconfig Startup tab - it was left behind by mistake and is no longer needed now that Norton AntiVirus is fully installed and opens without error messages"
Source=Paul Collins Startup list

[boot_reg]
Number=1160
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanca.html" target=_blank>BANCBAN-CA</a> TROJAN!
Source=Paul Collins Startup list

[Bose Wave/PC Monitor]
Number=1161
Confirmed=N
Filename=wavepcmonitor.exe
Description=System Tray access for this system (more info on the system <a href="http://www.bose.com/controller?event=VIEW_PRODUCT_PAGE_EVENT&product=wave_subcategory" target="_blank">here</a>). Available via Start -> Programs
Source=Paul Collins Startup list

[BossIdea]
Number=1162
Confirmed=X
Filename=winlogin.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagei.html" target= blank>LINEAGE-I</a> TROJAN!
Source=Paul Collins Startup list

[Boston]
Number=1163
Confirmed=?
Filename=Boston.exe
Description=Part of the Boston Acoustics USB speaker systems. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[Bot Loader]
Number=1164
Confirmed=X
Filename=svchostt.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-052511-0816-99" target=_blank>GAOBOT.ALV</a> WORM!
Source=Paul Collins Startup list

[Bouncer RunStartup]
Number=1165
Confirmed=X
Filename=bouncer.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Virtual%20Bouncer&threatid=12432" target="_blank">Virtual Bouncer</a> - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see <a href="http://groups.google.com/group/alt.sports.hockey.nhl.vanc-canucks/msg/dec91d1aa1e0d9dd?hl=en&lr=&ie=UTF-8&oe=UTF-8" target="_blank">here</a>
Source=Paul Collins Startup list

[Bouncer RunStartup]
Number=1166
Confirmed=X
Filename=LiveUpdate.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Virtual%20Bouncer&threatid=12432" target="_blank">Virtual Bouncer</a> - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see <a href="http://groups.google.com/group/alt.sports.hockey.nhl.vanc-canucks/msg/dec91d1aa1e0d9dd?hl=en&lr=&ie=UTF-8&oe=UTF-8" target="_blank">here</a>
Source=Paul Collins Startup list

[boy lovers of bsd]
Number=1167
Confirmed=X
Filename=ilikeboys.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.LY&VSect=P" target=_blank>MYTOB.LY</a> WORM!
Source=Paul Collins Startup list

[bpcpost.exe]
Number=1168
Confirmed=U
Filename=bpcpost.exe
Description=MS TV Viewer Post Setup Program. Part of MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it
Source=Paul Collins Startup list

[BPCv2 re]
Number=1169
Confirmed=X
Filename=bpc2 re inst.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080114-4631-99" target="_blank">BroadcastPC</a> adware variant
Source=Paul Collins Startup list

[BPK]
Number=1170
Confirmed=U
Filename=bpk.exe
Description=Blazing Tools <a href="http://www.blazingtools.com/bpk.html" target=_blank>Perfect Keylogger</a> keystroke logger/monitoring program - remove unless you installed it yourself!

Source=Paul Collins Startup list

[BPServer]
Number=1171
Confirmed=N
Filename=G6FTPSrv.exe
Description=<a href="http://www.bpftpserver.com/?page=home&lang=en" target="_blank">BulletProof FTP Server</a>
Source=Paul Collins Startup list

[BQTray.exe]
Number=1172
Confirmed=U
Filename=BQTray.exe
Description=System Tray access to <a href="http://www.burnquick.com/" target="_blank"> BurnQuick</a> CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manually
Source=Paul Collins Startup list

[Brasil]
Number=1173
Confirmed=X
Filename=Brasil.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.E" target="_blank">OPASERV.E</a> WORM!
Source=Paul Collins Startup list

[Brasil]
Number=1174
Confirmed=X
Filename=BRASIL.PIF
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.E" target="_blank">OPASERV.E</a> WORM!
Source=Paul Collins Startup list

[BrasilOld]
Number=1175
Confirmed=X
Filename=[worm filename]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.P" target="_blank">OPASERV.P</a> WORM!
Source=Paul Collins Startup list

[BraveSentry]
Number=1176
Confirmed=N
Filename=BraveSentry.exe
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[Brct]
Number=1177
Confirmed=X
Filename=trdb.exe
Description=Recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as the PurityScan.y TROJAN!
Source=Paul Collins Startup list

[Break_Reminder]
Number=1178
Confirmed=U
Filename=BREAK REMINDER.exe
Description=Break Reminder - Remind yourself to take breaks to prevent computer related injuries. See <a href="http://www.cheqsoft.com/break.html" target="_blank">here</a>
Source=Paul Collins Startup list

[Breg]
Number=1179
Confirmed=X
Filename=bcre.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080114-4631-99" target="_blank">BroadcastPC</a> adware variant
Source=Paul Collins Startup list

[Breg]
Number=1180
Confirmed=X
Filename=bptre.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080114-4631-99" target="_blank">BroadcastPC</a> adware variant
Source=Paul Collins Startup list

[Breg]
Number=1181
Confirmed=X
Filename=breg.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080114-4631-99" target="_blank">BroadcastPC</a> adware variant
Source=Paul Collins Startup list

[Bridge]
Number=1182
Confirmed=X
Filename=rundll32.exe ...Bridge.dll
Description=Flingstone.com browser hijacker
Source=Paul Collins Startup list

[Brindys BriTray]
Number=1183
Confirmed=Y
Filename=BRITRAY.EXE
Description=Main process for the following applications: GEDEX, SICARIO, BRINOTES, BRIRESPA, SICURE, TRASGO, UNDOCS, FRESH &amp; BRIFAME (all of them from <a href="http://www.brindys.com/" target="_blank">Brindys Software</a>). Performs the following tasks [un]installation, web software autoupdate, notification windows, interprocess communication, tray bar icons &amp; menus, alarms (brinotes), and common web launching from the mentioned applications. Can be stopped safely once run if so desired
Source=Paul Collins Startup list

[BrmfRmPA]
Number=1184
Confirmed=U
Filename=BrmfRmPA.exe
Description=Brother resource manager - needed for a Brother MFC printer/copiert/scanner and PC to properly communicate
Source=Paul Collins Startup list

[Broadband Wizard]
Number=1185
Confirmed=N
Filename=bbwiz.exe
Description=Starts <a href="http://www.broadbandwizard.net/" target="_blank">Broadband Wizard</a> so it runs in the System Tray. This application tests and optimizes your Cable or DSL connection. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[Broadcom Wireless Manager UI]
Number=1186
Confirmed=U
Filename=bcmntray.exe
Description=Related to <a href="http://www.broadcom.com/" target=_blank>Broadcom</a> Network Adapters for additional configuration options for these devices. Should not be terminated unless suspected to be causing problems
Source=Paul Collins Startup list

[Broadcom Wireless Manager UI]
Number=1187
Confirmed=N
Filename=wltray.exe
Description=System tray access to wireless LAN card configuration options

Source=Paul Collins Startup list

[Bron-Spizaetus]
Number=1188
Confirmed=X
Filename=CVT.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-092311-2608-99" target=_blank>RONTOKBRO</a> WORM!
Source=Paul Collins Startup list

[Bron-Spizaetus]
Number=1189
Confirmed=X
Filename=norBtok.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RONTOKBRO.B&VSect=P" target=_blank>RONTOKBRO.B</a> WORM!
Source=Paul Collins Startup list

[Bron-Spizaetus]
Number=1190
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32brontokf.html" target=_blank>BRONTOK-F</a> WORM!
Source=Paul Collins Startup list

[Bron-Spizaetus]
Number=1191
Confirmed=X
Filename=bronstab.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RONTOKBRO.C&VSect=P" target=_blank>RONTOKBRO.C</a> WORM!
Source=Paul Collins Startup list

[Bron-Spizaetus]
Number=1192
Confirmed=X
Filename=eksplorasi.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RONTOKBRO.J&VSect=P" target=_blank>RONTOKBRO.J</a> WORM!
Source=Paul Collins Startup list

[Bron-Spizaetus]
Number=1193
Confirmed=X
Filename=ElnorB.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RONTOKBRO.D&VSect=P" target=_blank>RONTOKBRO.D</a> WORM!
Source=Paul Collins Startup list

[Bron-Spizaetus]
Number=1194
Confirmed=X
Filename=sempalong.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32brontoke.html" target=_blank>BRONTOK-E</a> WORM!
Source=Paul Collins Startup list

[Bron-Spizaetus]
Number=1195
Confirmed=X
Filename=RakyatKelaparan.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32brontokj.html" target=_blank>BRONTOK-J</a> or <a href="http://www.sophos.com/virusinfo/analyses/w32brontokl.html" target=_blank>BRONTOK-L</a> WORMS!
Source=Paul Collins Startup list

[Bron-Spizaetus-5118REPM]
Number=1196
Confirmed=X
Filename=komodo-6321422.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32brontokr.html" target=_blank>BRONTOK-R</a> WORM!
Source=Paul Collins Startup list

[Bron-Spizaetus-cfgmktoq]
Number=1197
Confirmed=X
Filename=bbm-qotkmgfc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32brontokm.html" target=_blank>BRONTOK-M</a> WORM!
Source=Paul Collins Startup list

[Bron-Spizaetus-cfgmmnru]
Number=1198
Confirmed=X
Filename=bbm-urnmmgfc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32brontokn.html" target=_blank>BRONTOK-N</a> WORM!
Source=Paul Collins Startup list

[BrowseProxy]
Number=1199
Confirmed=X
Filename=FindService.exe
Description=Actual Names <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453075255" target="_blank">(AdvSearch)</a> Internet Keywords parasite
Source=Paul Collins Startup list

[browser]
Number=1200
Confirmed=X
Filename=msgaol.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
Source=Paul Collins Startup list

[browser]
Number=1201
Confirmed=X
Filename=s_menu.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
Source=Paul Collins Startup list

[browser]
Number=1202
Confirmed=X
Filename=browse.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
Source=Paul Collins Startup list

[browser]
Number=1203
Confirmed=X
Filename=deamon.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
Source=Paul Collins Startup list

[browser]
Number=1204
Confirmed=X
Filename=msgaol.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
Source=Paul Collins Startup list

[browser aid]
Number=1205
Confirmed=X
Filename=browseraid.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrowserAid&threatid=3342" target="_blank">BrowserAid/BrowserPal</a> foistware
Source=Paul Collins Startup list

[Browser Help Svc]
Number=1206
Confirmed=X
Filename=BHSV.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotavq.html" target=_blank>RBOT-AVQ</a> WORM!
Source=Paul Collins Startup list

[Browser Hijack Blaster]
Number=1207
Confirmed=Y
Filename=bhblaster.exe
Description=Browser Hijack Blaster - protects your system from browser hijackers and spyware that alters your IE settings. Now replaced by <a href="http://javacoolsoftware.com/spywareguard.html" target="_blank">SpywareGuard</a>
Source=Paul Collins Startup list

[Browser Launcher]
Number=1208
Confirmed=U
Filename=Commandr.exe
Description=Logitech internet keyboard &quot;Commander&quot; software - loads the software for the shortcut keys on the keyboard. Not required unless you want to use the short cut keys
Source=Paul Collins Startup list

[Browser Pal]
Number=1209
Confirmed=X
Filename=adblck.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrowserAid&threatid=3342" target="_blank">BrowserAid/BrowserPal</a> foistware
Source=Paul Collins Startup list

[Browser Sentinel]
Number=1210
Confirmed=U
Filename=BrowserSentinel.exe
Description=<a href="http://www.browsersentinel.com/" target="_blank">Browser Sentinel</a> - notifies you if a program wants to penetrate into Internet explorer, add itself to the Windows auto-run list or change your home page
Source=Paul Collins Startup list

[BrowserUpdateSched]
Number=1211
Confirmed=X
Filename=qwinnsap.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094810" target="_blank">ZenoSearch</a> adware
Source=Paul Collins Startup list

[BrowserUpdateSched]
Number=1212
Confirmed=X
Filename=twinorag.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094810" target="_blank">ZenoSearch</a> adware
Source=Paul Collins Startup list

[BrowserWebCheck]
Number=1213
Confirmed=N
Filename=loadwc.exe
Description=Checks to make sure that IE is still your default browser
Source=Paul Collins Startup list

[brwdiag]
Number=1214
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32stratiobn.html" target="_blank">STRATIO-BN</a> WORM!
Source=Paul Collins Startup list

[BS Player]
Number=1215
Confirmed=N
Filename=bsplayer.exe
Description=<a href="http://www.bsplayer.org/" target= blank>BSplayer</a> - A video player used to play avi, mpg, wmv and other multimedia files
Source=Paul Collins Startup list

[BsCLiP]
Number=1216
Confirmed=N
Filename=BSCLIP.exe
Description=CD recording utility that comes with a lot of CDR/CDRW drives and isn't required
Source=Paul Collins Startup list

[Bsoft lppt01]
Number=1217
Confirmed=X
Filename=Bsoft.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "BelmontSoft" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[bsplayer]
Number=1218
Confirmed=N
Filename=bsplayer.exe
Description=<a href="http://www.bsplayer.org/" target=_blank>BSplayer</a> - a video player used to play avi, mpg, wmv and other multimedia files
Source=Paul Collins Startup list

[BSserver]
Number=1219
Confirmed=X
Filename=FileKan.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_VB.CBW" target="_blank">VB.CBW</a> WORM!
Source=Paul Collins Startup list

[BSVCHOST]
Number=1220
Confirmed=X
Filename=SVCH0ST.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-052311-1341-99" target="_blank">VOXOM</a> TROJAN!
Source=Paul Collins Startup list

[Bsx3]
Number=1221
Confirmed=X
Filename=RunDLL32.EXE [path] bs3.dll, DllRun
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BookedSpace&threatid=3275" target=_blank>BookedSpace</a> parasite
Source=Paul Collins Startup list

[BT]
Number=1222
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlitebotb.html" target=_blank>LITEBOT-B</a> TROJAN!
Source=Paul Collins Startup list

[BT Broadband Help]
Number=1223
Confirmed=U
Filename=matcli.exe
Description="matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decide
Source=Paul Collins Startup list

[BT00003*]
Number=1224
Confirmed=X
Filename=abcdefg23.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbvt.html" target=_blank>VB-VT</a> TROJAN where * = 5,6 or 7!
Source=Paul Collins Startup list

[BT00003*]
Number=1225
Confirmed=X
Filename=hiklmnop27.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbvt.html" target=_blank>VB-VT</a> TROJAN where * = 2,3 or 4!
Source=Paul Collins Startup list

[btbb_wcm_McciTrayApp]
Number=1226
Confirmed=U
Filename=McciTrayApp.exe
Description=System tray access to <a href="http://www.motive.com/" target="_blank">Motive's</a> Broadband 2.0 configuration and repair utility
Source=Paul Collins Startup list

[btinst]
Number=1227
Confirmed=?
Filename=btinst.exe
Description=Associated with an Anycom bluetooth wireless card. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[BTModemProtection]
Number=1228
Confirmed=U
Filename=BTModemProtection.exe
Description=BT Privacy Online modem protection software, see <a href="http://www.btmodemprotection.com/" target=_blank>here</a>
Source=Paul Collins Startup list

[BTopenworld]
Number=1229
Confirmed=U
Filename=DialBTYahoo.exe
Description=BT Yahoo! internet connection manager

Source=Paul Collins Startup list

[BTSETBOOTKEY]
Number=1230
Confirmed=?
Filename=BTSetBootKey.exe
Description=Related to a USB Bluetooth adaptor. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[BtStart]
Number=1231
Confirmed=U
Filename=btstart.exe
Description=<a href="http://www.broadcom.com/products/Bluetooth?source=top" target="_blank">Broadcom</a> (formerly WIDCOMM) Bluetooth Connectivity Software
Source=Paul Collins Startup list

[bttray]
Number=1232
Confirmed=U
Filename=bttray.exe
Description=System tray icon which shows the status of a BlueTooth wireless module. Most systems with such a module installed can enable/disable the module. The system tray icon changes from blue/white to blue/red when the module is turned off. Allows access to explore bluetooth places, setup wizard, advanced configuration, quick connect and shutdown device
Source=Paul Collins Startup list

[BTUSRBDG]
Number=1233
Confirmed=Y
Filename=BtUsrBdg.exe
Description=Used with a <a href="http://www.mitsumi.de/index4.html" target="_blank">Mitsumi USB Bluetooth</a> adaptor (and maybe others)
Source=Paul Collins Startup list

[BTUSRBDGF]
Number=1234
Confirmed=Y
Filename=BtUsrBdg.exe
Description=Used with a <a href="http://www.mitsumi.de/index4.html" target="_blank">Mitsumi USB Bluetooth</a> adaptor (and maybe others)
Source=Paul Collins Startup list

[BTV]
Number=1235
Confirmed=X
Filename=btv.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080114-4631-99" target="_blank">BroadcastPC</a> adware variant
Source=Paul Collins Startup list

[Buddyizer]
Number=1236
Confirmed=N
Filename=Buddyizer.exe
Description=Part of the AIMster Peer to Peer (P2P) file sharing application that runs over the AOL Instant Messenger network
Source=Paul Collins Startup list

[BUFFALO Power Save Utility for HD]
Number=1237
Confirmed=U
Filename=HDManage.exe
Description=Power Save utility for <a href="http://www.buffalotech.com/buffalo-home.php" target="_blank">Buffalo</a> backup hard discs
Source=Paul Collins Startup list

[bugwatcher service]
Number=1238
Confirmed=U
Filename=bugwatcher.exe
Description=<a href="http://www.pcworld.com/downloads/file_description/0,fid,17260,00.asp" target="_blank">Bugtoaster</a> is a service that sends reports on system/program crashes (certain types) back to Bugtoaster. They relay information to program authors and provide, if available, any known solutions to the crashes. It doesn't take up any room in memory, just activates in the event of certain program failures
Source=Paul Collins Startup list

[BuildBU]
Number=1239
Confirmed=N
Filename=bldbubg.exe
Description=Part of Dell Alerts which provides customers with an update on latest updates for his/her system
Source=Paul Collins Startup list

[BuildLab]
Number=1240
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081700-2526-99" target="_blank">NEVEG.B</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081614-3605-99" target="_blank">NEVEG.C</a> WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[BuildLab]
Number=1241
Confirmed=X
Filename=winlogon.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081623-4258-99" target="_blank">NEVEG.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[BuildLabs]
Number=1242
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091409-4900-99" target="_blank">WEBUS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[BuildLabs]
Number=1243
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100519-0947-99" target="_blank">WEBUS.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target="_blank">lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
Source=Paul Collins Startup list

[Bulldog Service]
Number=1244
Confirmed=U
Filename=upsd.exe
Description=Belkin's Bulldog Plus control software which runs under Windows 95 or later and monitors the UPS (Uninterrupted Power Supply) via a serial or USB link
Source=Paul Collins Startup list

[BulletProof FTP Server]
Number=1245
Confirmed=N
Filename=bpftpserver.exe
Description=<a href="http://www.bpftpserver.com/?page=home&lang=en" target="_blank">BulletProof FTP Server</a>
Source=Paul Collins Startup list

[BullGuard]
Number=1246
Confirmed=Y
Filename=mgui.exe
Description=Part of <a href="http://www.bullguard.com/" target="_blank"> Bullguard</a> antivirus
Source=Paul Collins Startup list

[BullGuard]
Number=1247
Confirmed=Y
Filename=BullGuard.exe
Description=Part of <a href="http://www.bullguard.com/" target="_blank">BullGuard</a> antivirus
Source=Paul Collins Startup list

[BullGuard Update]
Number=1248
Confirmed=U
Filename=avxlive.exe
Description=Part of <a href="http://www.bullguard.com/" target="_blank"> Bullguard</a> antivirus. Leave enabled unless you manually update virus definitions
Source=Paul Collins Startup list

[BullGuard XComm]
Number=1249
Confirmed=Y
Filename=XCOMMSVR.EXE
Description=Part of <a href="http://www.bullguard.com/" target="_blank"> Bullguard</a> antivirus
Source=Paul Collins Startup list

[BullGuardInit]
Number=1250
Confirmed=Y
Filename=AVXINIT.EXE
Description=Part of <a href="http://www.bullguard.com/" target="_blank"> Bullguard</a> antivirus
Source=Paul Collins Startup list

[BullguardoptIn]
Number=1251
Confirmed=Y
Filename=bulldownload.exe
Description=Part of <a href="http://www.bullguard.com/" target="_blank"> Bullguard</a> antivirus
Source=Paul Collins Startup list

[BullsEye]
Number=1252
Confirmed=X
Filename=bargains.exe
Description=<a href="http://sarc.com/avcenter/venc/data/adware.bargainbuddy.html" target="_blank">BargainBuddy</a> adware
Source=Paul Collins Startup list

[BullsEye Network]
Number=1253
Confirmed=X
Filename=bargains.exe
Description=<a href="http://sarc.com/avcenter/venc/data/adware.bargainbuddy.html" target="_blank">BargainBuddy</a> adware
Source=Paul Collins Startup list

[BullsEye Tracker]
Number=1254
Confirmed=?
Filename=BeTrack.exe
Description=Bullseye - intelligent research assistant
Source=Paul Collins Startup list

[Bunx]
Number=1255
Confirmed=X
Filename=beagle.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lebreate.html" target=_blank>LEBREAT-E</a> WORM!
Source=Paul Collins Startup list

[BurnQuick Queue]
Number=1256
Confirmed=N
Filename=BQTray.exe
Description=System Tray access to <a href="http://www.burnquick.com/" target="_blank">BurnQuick</a> CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manually
Source=Paul Collins Startup list

[Button Server]
Number=1257
Confirmed=U
Filename=bttnserv.exe
Description=Found on a Compaq PC, for the extra buttons on the keyboard for the speaker volume, media player, sleep and internet buttons. If the buttons aren't used on the keyboard or your's doesn't have them, then it isn't required
Source=Paul Collins Startup list

[ButtonKey]
Number=1258
Confirmed=N
Filename=ButtonKey.exe
Description=CyberView TWAIN driver for the <a href="http://www.scanace.com/en/product/product.php" target="_blank">Pacific Image</a> range of 35mm film scanners. Enables the one touch scanning button and places an icon an the System Tray. Use your scanners software or run it manually by creating a shortcut
Source=Paul Collins Startup list

[Buzme]
Number=1259
Confirmed=N
Filename=Bmui.exe
Description=<a href="http://www.buzme.com/buzme/default.asp" target="_blank">Buzme</a> by RingCentral, Inc - internet call waiting. Intercepts telephone calls like an answering machine and plays the voice message on your PC. Only required when you're on-line and via dial-up modem
Source=Paul Collins Startup list

[BuzMe]
Number=1260
Confirmed=U
Filename=RCUI.exe
Description=Display Client for the <a href="http://www.buzme.com/" target="_blank">BuzMe</a> Internet Call Waiting Service
Source=Paul Collins Startup list

[Buzof.exe]
Number=1261
Confirmed=U
Filename=buzof.exe
Description=<a href="http://www.basta.com/ProdBuzof.htm" target="_blank">Buzof</a> from Basta Computing &quot;enables you to automatically answer, close or minimize virtually any recurring window including messages, prompts, and dialog boxes&quot;
Source=Paul Collins Startup list

[bxproxy]
Number=1262
Confirmed=X
Filename=bxproxy.exe
Description=Added by the <a href="http://www.superadblocker.com/definition/bxproxy/" target=_blank>BXPROXY</a> TROJAN!
Source=Paul Collins Startup list

[bxsx5]
Number=1263
Confirmed=X
Filename=RunDLL32.EXE [path] bsx5.dll, DllRun
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BookedSpace&threatid=3275" target=_blank>BookedSpace</a> parasite
Source=Paul Collins Startup list

[bxxs5]
Number=1264
Confirmed=X
Filename=RunDLL32.EXE [path] bxxs5.dll, dllrun
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BookedSpace&threatid=3275" target=_blank>BookedSpace</a> parasite
Source=Paul Collins Startup list

[Bymer.Scanner]
Number=1265
Confirmed=X
Filename=Wininit.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2000-122012-3537-99" target="_blank">BYMER</a> WORM!
Source=Paul Collins Startup list

[Bymer.Scanner]
Number=1266
Confirmed=X
Filename=Msinit.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2000-122012-3537-99" target="_blank">BYMER</a> WORM!
Source=Paul Collins Startup list

[c]
Number=1267
Confirmed=X
Filename=c:\archiv~1\win.com
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100907-5516-99" target="_blank">CUYDOC</a> TROJAN!
Source=Paul Collins Startup list

[C-Media Echo Control]
Number=1268
Confirmed=U
Filename=EchoCtrl.exe
Description=C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. You may need it if you use the echo control feature of C-Media Mixer

Source=Paul Collins Startup list

[C-Media Mixer]
Number=1269
Confirmed=N
Filename=Mixer.exe
Description=C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start -&gt; Settings -&gt; Control Panel or Start -&gt; Programs
Source=Paul Collins Startup list

[C2K]
Number=1270
Confirmed=U
Filename=CYB2K.EXE
Description=CYBERsitter 2000 or 2001 - anti-adult content filter primarily. Required if you want the sites you visit filtered without having to load the software every time you launch your browser
Source=Paul Collins Startup list

[c32cs2]
Number=1271
Confirmed=U
Filename=c32cs2.exe
Description=<a href="http://www.securitysoft.com/myspace_filtering.asp?pageid=82" target="_blank">Cyber Sentinel</a> - internet filtering software
Source=Paul Collins Startup list

[C7]
Number=1272
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051016-4401-99" target= blank>MEDIAKILL.A</a> WORM!
Source=Paul Collins Startup list

[C:\WINDOWS\IEXPLOR.EXE]
Number=1273
Confirmed=X
Filename=IEXPLOR.EXE
Description="Pop Marketing" adware
Source=Paul Collins Startup list

[C:\WINDOWS\WinTask.exe]
Number=1274
Confirmed=X
Filename=WinTask.exe
Description="Pop Marketing" adware
Source=Paul Collins Startup list

[CA-AMAgent]
Number=1275
Confirmed=U
Filename=amagent.exe
Description=<a href="http://www3.ca.com/Solutions/Product.asp?ID=194" target=_blank>Unicenter Asset Management</a> is a solution for proactively managing IT assets in a business environment. It provides full-featured asset tracking capabilities through automated discovery, hardware inventory, network inventory, software inventory, configuration management, software usage monitoring, license management and extensive cross-platform reporting
Source=Paul Collins Startup list

[CaAvTray]
Number=1276
Confirmed=Y
Filename=CAVTray.exe
Description=eTrust™ <a href="http://home.ca.com/dr/sat5/ec_Main.Entry17c?SID=35715&SP=10023&PN=1&PID=671589&V1=671589&CID=179788&api1=78&api2=1&api3=&DSP=&CUR=840&PGRP=0&CACHE_ID=179788" target=_blank>EZ Antivirus</a> system tray application from Computer Associates
Source=Paul Collins Startup list

[Cabchk]
Number=1277
Confirmed=X
Filename=Cabchk.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list

[Cabchk32]
Number=1278
Confirmed=X
Filename=Cabchk32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list

[CABCInstall]
Number=1279
Confirmed=X
Filename=CABCInstall.exe
Description=<a href="http://www.ignitetech.com/" target="_blank">Ignite Technologies</a> (was CABC) content delivery software
Source=Paul Collins Startup list

[CacheBoost]
Number=1280
Confirmed=U
Filename=trayicon.exe
Description=<a href="http://www.systweak.com/cacheboost/" target="_blank">CacheBoost</a> "optimizes the System Cache-Management of Windows XP/2000/NT and Windows .Net Servers, resulting in a performance boost"
Source=Paul Collins Startup list

[CacheLoader]
Number=1281
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadernz.html" target=_blank>DLOADER-NZ</a> TROJAN!
Source=Paul Collins Startup list

[Cacheman]
Number=1282
Confirmed=N
Filename=Cacheman.exe
Description=Freeware disk cache tweaker from <a href="http://www.outertech.com/">Outer Technologies</a>. Should only be run once and not loaded at start-up
Source=Paul Collins Startup list

[CacheMgr]
Number=1283
Confirmed=Y
Filename=CacheMgr.exe
Description=<a href="http://www.sophos.com/products/es/endpoint/sav-windows.html" target="_blank">Sophos Antivirus</a> Remote Update
Source=Paul Collins Startup list

[CacheSentry Pro]
Number=1284
Confirmed=U
Filename=CacheSentry Pro.exe
Description="<a href="http://www.enigmaticsoftware.com/cachesentry_pro/index.html" target="_blank">CacheSentry Pro</a> is a program that takes over the management of the Internet Explorer (and AOL) web browser cache"
Source=Paul Collins Startup list

[CacheSentry Pro]
Number=1285
Confirmed=U
Filename=CacheSentry Pro.exe
Description="<a href="http://www.enigmaticsoftware.com/cachesentry_pro/index.html" target="_blank">CacheSentry Pro</a> is a program that takes over the management of the Internet Explorer (and AOL) web browser cache"
Source=Paul Collins Startup list

[CACStarter]
Number=1286
Confirmed=N
Filename=cacstart.exe
Description=Cash A Check - check writing software
Source=Paul Collins Startup list

[Caddais BackupOnDemand]
Number=1287
Confirmed=U
Filename=BODMon.exe
Description=<a href="http://www.caddais.com/BackupOnDemand.shtml" target="_blank">Caddais BackupOnDemand</a> - &quot;runs in the background and monitors your important files for changes. Within seconds of changing, modified files are automatically backed up to an archive location&quot;
Source=Paul Collins Startup list

[Cadenza]
Number=1288
Confirmed=U
Filename=CdzSvc.exe
Description=Cadenza <a href="http://www.sofotex.com/Cadenza-mNotes-Pocket-PC-download_L8061.html" target=_blank>mNotes</a> for Palm and Pocket PC enables users to access Lotus Notes on their mobile devices
Source=Paul Collins Startup list

[CADS]
Number=1289
Confirmed=U
Filename=cads.exe
Description=<a href="http://www.securitysoft.com/myspace_filtering.asp?pageid=82" target="_blank">Cyber Sentinel</a> - internet filtering software
Source=Paul Collins Startup list

[CafeStation]
Number=1290
Confirmed=U
Filename=CafeStation.exe
Description="<a href="http://cafesuite.net/" target=_blank>CafeSuite</a> is the solution for your internet cafe. Our software provides you with ameans to control the workstations, manage customer database, sell products and generate detailed reports and statistics"

Source=Paul Collins Startup list

[CAgent]
Number=1291
Confirmed=N
Filename=CAgent.exe
Description=<a href="http://www.fine-reader.com/" target="_blank">Abbyy Fine Reader</a> OCR (Optical Character Recognition) software for scanning and converting documents
Source=Paul Collins Startup list

[cAgOu]
Number=1292
Confirmed=X
Filename=[filename].hta
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2000-121908-3951-99" target="_blank">KAKWORM</a> WORM!
Source=Paul Collins Startup list

[CahootWebcard]
Number=1293
Confirmed=N
Filename=CahootWebcard.exe
Description="The Cahoot Webcard is a virtual card that allows you to use your Cahoot credit card online without ever having to expose your real card numbers over the web. It works by generating one-off transaction numbers as a substitute for your real cahoot credit card details". Run manually when needed
Source=Paul Collins Startup list

[caidiysetup]
Number=1294
Confirmed=X
Filename=diynetsetupuni.exe
Description=<a href="http://www.sophos.com/virusinfo/analyses/diynet.html" target="_blank">DIYNet</a> adware
Source=Paul Collins Startup list

[CAISafe]
Number=1295
Confirmed=Y
Filename=isafe.exe
Description=Part of Computer Associates <a href="http://www1.my-etrust.com/products/Antivirus.cfm?" target="_blank">eTrust EZ Antivirus</a>
Source=Paul Collins Startup list

[CaISSDT]
Number=1296
Confirmed=U
Filename=caissdt.exe
Description=<a href="http://www.ca.com/" target=_blank>Computer Associates</a> Dashboard Tray applet

Source=Paul Collins Startup list

[Cal Reminder Shortcut]
Number=1297
Confirmed=N
Filename=calrem.exe
Description=Produces a pop-up reminder of events scheduled using the MS Office Calendar
Source=Paul Collins Startup list

[Calc Microsoft Windows]
Number=1298
Confirmed=X
Filename=wincalc.exe
Description=Added by an unidentied WORM or TROJAN!
Source=Paul Collins Startup list

[CALC32]
Number=1299
Confirmed=X
Filename=CALC32.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotec.html" target=_blank>SPYBOT-EC</a> WORM!
Source=Paul Collins Startup list

[Calendar 200X Reminder]
Number=1300
Confirmed=N
Filename=calendar.exe
Description=<a href="http://www.jgraff.addr.com/cal.htm" target="_blank">Calendar 200X</a> - shows holidays, reminders of various anniversaries,tasks etc
Source=Paul Collins Startup list

[Calendarscope]
Number=1301
Confirmed=U
Filename=cs.exe
Description=<a href="http://www.calendarscope.com/" target=_blank>Calendarscope</a> calendar software
Source=Paul Collins Startup list

[calk]
Number=1302
Confirmed=X
Filename=calk.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpafh.html" target= blank>STARTPA-FH</a> TROJAN!
Source=Paul Collins Startup list

[Call32]
Number=1303
Confirmed=X
Filename=Call32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojspammith.html" target="_blank">SPAMMIT-H</a> TROJAN!
Source=Paul Collins Startup list

[CallBumping]
Number=1304
Confirmed=Y
Filename=cbpopw.exe
Description=Related to the <a href="http://www.bewan.com/bewan/products/isdn/index.php" target="_blank">Gazel</a> 128 PCI ISDN adapter. Required if you use it
Source=Paul Collins Startup list

[CallCenter Main Application]
Number=1305
Confirmed=U
Filename=V3calmcp.exe
Description="V3 Inc. <a href="http://www.v3inc.com/freecc.htm" target=_blank>CallCenter</a> is a free 32-bit, integrated fax, voicemail and data communications application with a simple to use interface providing fax send and receive functionality, basic (single mailbox) answering machine capability, and sophistcated data communications." Main application
Source=Paul Collins Startup list

[CallCenter Printer Interface]
Number=1306
Confirmed=U
Filename=V3faxecp.exe
Description="V3 Inc. <a href="http://www.v3inc.com/freecc.htm" target=_blank>CallCenter</a> is a free 32-bit, integrated fax, voicemail and data communications application with a simple to use interface providing fax send and receive functionality, basic (single mailbox) answering machine capability, and sophistcated data communications." Fax printer
Source=Paul Collins Startup list

[CallControl]
Number=1307
Confirmed=N
Filename=ftctrl32.exe
Description=FaxTalk Messenger Pro is a Windows TAPI based 32-bit application. When installed, the software automatically loads FaxTalk CallControl when you start Windows. When FaxTalk CallControl is running, any TAPI compliant application can request to use the modem from Windows
Source=Paul Collins Startup list

[CamCheck]
Number=1308
Confirmed=N
Filename=CamCheck.exe
Description=<a href="http://www.nucam.com.tw/index1.htm" target="_blank">NuCam</a> camera software related
Source=Paul Collins Startup list

[Cameno]
Number=1309
Confirmed=U
Filename=Cameno.exe
Description=<a href="http://www.spadeapps.com/cameno/" target=_blank>Cameno</a> is a program which brings tabbed windows to MSN Messenger 6.0 and above
Source=Paul Collins Startup list

[Camera Detector]
Number=1310
Confirmed=U
Filename=CAMDET~*.EXE
Description=<a href="http://www.acdsee.com/" target="_blank">ACDSee</a> Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically
Source=Paul Collins Startup list

[Camera Detector]
Number=1311
Confirmed=U
Filename=Camdetect.exe
Description=<a href="http://www.acdsee.com/" target="_blank">ACDSee</a> Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically
Source=Paul Collins Startup list

[Camera Detector]
Number=1312
Confirmed=U
Filename=DEVDET~*.EXE
Description=<a href="http://www.acdsee.com/" target="_blank">ACDSee</a> Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically
Source=Paul Collins Startup list

[Camio Viewer x]
Number=1313
Confirmed=N
Filename=IXApplet.exe
Description=Image viewing program that comes with digital cameras. Shows pictures that are in the camera before downloading them. &quot;x&quot; in the name is the version
Source=Paul Collins Startup list

[CamMonitor]
Number=1314
Confirmed=?
Filename=hpqcmon.exe
Description=<font color="#FF0000">From HP and related to digital imaging</font>
Source=Paul Collins Startup list

[Canada]
Number=1315
Confirmed=N
Filename=Canada.exe
Description=<font color="#FF0000">Known to be a dialler - but is it maliscous or clean?</font>
Source=Paul Collins Startup list

[Canary]
Number=1316
Confirmed=U
Filename=canary-std.exe
Description=Canary keystroke logger/monitoring program - remove unless you installed it yourself!

Source=Paul Collins Startup list

[candy]
Number=1317
Confirmed=X
Filename=command32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlv.html" target="_blank">RBOT-LV</a> WORM!
Source=Paul Collins Startup list

[candynet]
Number=1318
Confirmed=X
Filename=Taskmsg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotna.html" target=_blank>RBOT-NA</a> WORM!
Source=Paul Collins Startup list

[Canon MultiPASS Status Monitor]
Number=1319
Confirmed=U
Filename=monitr32.exe
Description=Cannon Multi-Pass status monitor - your choice
Source=Paul Collins Startup list

[Canon PC1200 iC D600 iR1200G Status Window]
Number=1320
Confirmed=?
Filename=CAPM1LAK.EXE
Description=Cannon printer related - <font color="#FF0000">is it required in startup?</font>
Source=Paul Collins Startup list

[Canon Printer Monitor BJCxxx]
Number=1321
Confirmed=N
Filename=Cjstlst.exe
Description=Trayicon for Canon printer. xxx denotes model. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[CAP3ON]
Number=1322
Confirmed=?
Filename=CAP3ONN.EXE
Description=Canon driver, purpose unknown. <font color="#FF0000">Is it required in startup?</font>
Source=Paul Collins Startup list

[Capfax]
Number=1323
Confirmed=N
Filename=capfax.exe
Description=<a  href="http://www.bvrp.com/ENG/products/home_fax_telephony.asp" target="_blank">PhoneTools</a> fax software
Source=Paul Collins Startup list

[CAPing]
Number=1324
Confirmed=U
Filename=CAPing.exe
Description=Citibank Citianywhere software
Source=Paul Collins Startup list

[Capon]
Number=1325
Confirmed=Y
Filename=Capon.exe
Description=Canon printer driver
Source=Paul Collins Startup list

[Capon]
Number=1326
Confirmed=Y
Filename=Caponn.exe
Description=Canon printer driver
Source=Paul Collins Startup list

[CaptionMgr32]
Number=1327
Confirmed=X
Filename=crssr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-011814-5150-99" target=_blank>ZAR.A</a> WORM!
Source=Paul Collins Startup list

[capture]
Number=1328
Confirmed=X
Filename=capture.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtheefb.html" target=_blank>THEEF-B</a> TROJAN!
Source=Paul Collins Startup list

[Capture Express 2000]
Number=1329
Confirmed=N
Filename=capexp.exe
Description=<a href="http://www.captureexpress.com/" target="_blank">Capture Express</a> - screen capture utility
Source=Paul Collins Startup list

[Card Monitor]
Number=1330
Confirmed=N
Filename=REGCNT09.exe
Description=For the USB connection on a Panasonic PV-DV701 Digital Camcorder. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[Care20]
Number=1331
Confirmed=X
Filename=Care20.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453059998" target=_blank>TopMoxie</a> adware
Source=Paul Collins Startup list

[Care2GTU]
Number=1332
Confirmed=U
Filename=Care2GTU.exe
Description=Care2 Green Thumbs-Up (from the Care2 site). Every online purchase helps environmental causes; tells you how eco-friendly a company really is, thanks to over 200 company profiles from Coop America. Saves 1 square foot of rainforest every day you use it. If it works and you like it, keep it
Source=Paul Collins Startup list

[carpserv]
Number=1333
Confirmed=U
Filename=carpserv.exe
Description=Associated with <a href="http://www.zoltrix.com/" target="_blank"> Zoltrix</a> and Conexant modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for example
Source=Paul Collins Startup list

[CARPserver]
Number=1334
Confirmed=X
Filename=CARPserver.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankeran.html" target=_blank>BANKER-AN</a> TROJAN!
Source=Paul Collins Startup list

[CARPservice]
Number=1335
Confirmed=U
Filename=carpserv.exe
Description=Associated with <a href="http://www.zoltrix.com/" target="_blank"> Zoltrix</a> and Conexant modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for example
Source=Paul Collins Startup list

[cartao]
Number=1336
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderqd.html" target=_blank>DLOADER-QD</a> TROJAN!
Source=Paul Collins Startup list

[cartao]
Number=1337
Confirmed=X
Filename=conflicted.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdadobradv.html" target="_blank">DADOBRA-DV</a> TROJAN!
Source=Paul Collins Startup list

[cartao]
Number=1338
Confirmed=X
Filename=killing.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderqn.html" target="_blank">DLOADER-QN</a> TROJAN!
Source=Paul Collins Startup list

[CAS Client]
Number=1339
Confirmed=X
Filename=casclient.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061516-2016-99" target=_blank>CasinoClient</a> adware
Source=Paul Collins Startup list

[Cas2Stub]
Number=1340
Confirmed=X
Filename=cas2stub.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061516-2016-99" target="_blank">CasinoClient</a> adware
Source=Paul Collins Startup list

[CasAgnt]
Number=1341
Confirmed=U
Filename=CasAgnt.exe
Description=Program by Extended Systems which allows you to sync your Casio PDA with your PC
Source=Paul Collins Startup list

[Casdvqwa]
Number=1342
Confirmed=X
Filename=bmqnzkg.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121516-1116-99" target="_blank">RANDEX.BE</a> WORM!
Source=Paul Collins Startup list

[caseyvideo]
Number=1343
Confirmed=X
Filename=CaseyVideo.exe
Description=Malware causing p0rn popups
Source=Paul Collins Startup list

[caseyvideo]
Number=1344
Confirmed=X
Filename=caseyvideo[*].exe [* = digit]
Description=Malware causing p0rn popups
Source=Paul Collins Startup list

[CashBack]
Number=1345
Confirmed=X
Filename=cashback.exe
Description=Part of eXact Advertising Software, consisting of "CashBack by BargainBuddy", BullsEye Network and NaviSearch
Source=Paul Collins Startup list

[CashFiesta]
Number=1346
Confirmed=X
Filename=Cashfiesta.exe
Description=<a href="http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW_CASHFIESTA.A" target=_blank>CASHFIESTA.A</a> pay-per-surf adware
Source=Paul Collins Startup list

[Cashsurfers Cashbar Navigator]
Number=1347
Confirmed=N
Filename=Cashbar.Exe
Description=Cashsurfers CashBar Navigator - "The CashBar rotates banner advertisements once per minute and provides you with access to up to date special offers and deals"
Source=Paul Collins Startup list

[CashToolbar]
Number=1348
Confirmed=X
Filename=CD_Load.exe
Description=CashToolbar <a href="http://vil.nai.com/vil/content/v_126801.htm" target="_blank">Downloader-MY</a> adware
Source=Paul Collins Startup list

[CashToolbar]
Number=1349
Confirmed=X
Filename=svchost.exe
Description=CashToolbar <a href="http://vil.nai.com/vil/content/v_126801.htm" target="_blank">Downloader-MY</a> adware. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list

[Casino Royale]
Number=1350
Confirmed=X
Filename=jamesbond.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfzo.html" target="_blank">RBOT-FZO</a> WORM!
Source=Paul Collins Startup list

[Cassandra]
Number=1351
Confirmed=X
Filename=[10 to 14 random char]THD.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkrepperai.html" target=_blank>KREPPER-AI</a> TROJAN!
Source=Paul Collins Startup list

[Cassandra]
Number=1352
Confirmed=X
Filename=cassandra.exe
Description=<a href="http://allentech.net/parasite/SuperSpider.html" target=_blank>SuperSpider</a> hijacker - a <a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant. Also detected as a variant of the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453088106" target=_blank>KREPPER</a> TROJAN!

Source=Paul Collins Startup list

[CasStub]
Number=1353
Confirmed=X
Filename=casstub.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcassa.html" target=_blank>CASS-A</a> TROJAN!
Source=Paul Collins Startup list

[Catalyst Control Centre]
Number=1354
Confirmed=X
Filename=atixvdm.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=47032" target="_blank">RBOT.DMW</a> TROJAN!
Source=Paul Collins Startup list

[CAVRID]
Number=1355
Confirmed=Y
Filename=CAVRID.exe
Description=eTrust™ <a href="http://home.ca.com/dr/sat5/ec_Main.Entry17c?SID=35715&SP=10023&PN=1&PID=671589&V1=671589&CID=179788&api1=78&api2=1&api3=&DSP=&CUR=840&PGRP=0&CACHE_ID=179788" target=_blank>EZ Antivirus</a> Real Time Infection Report from Computer Associates
Source=Paul Collins Startup list

[CAVS]
Number=1356
Confirmed=Y
Filename=CAVS.exe
Description=Cheyenne (now <a href="http://ca.com/" target=_blank>eTrust</a>) antivirus
Source=Paul Collins Startup list

[CAZNOVAS]
Number=1357
Confirmed=X
Filename=CAZNOVAS.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031919-3602-99" target="_blank">CAZNO</a> TROJAN!
Source=Paul Collins Startup list

[CBACK.EXE]
Number=1358
Confirmed=X
Filename=CBACK.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpentaa.html" target=_blank>PENTA-A</a> TROJAN!
Source=Paul Collins Startup list

[CBWAttn]
Number=1359
Confirmed=U
Filename=CBWAttn.exe
Description=Required for <a href="http://www.spyfind.com/bitware.html" target="_blank">Bitware</a> to answer incoming faxes, can cause sleep mode problems
Source=Paul Collins Startup list

[CBWHost]
Number=1360
Confirmed=U
Filename=CBWHost.exe
Description=Required for <a href="http://www.spyfind.com/bitware.html" target="_blank">Bitware</a> to answer incoming faxes, can cause sleep mode problems
Source=Paul Collins Startup list

[CBWUser]
Number=1361
Confirmed=?
Filename=CBWDial.exe
Description=Associated with <a href="http://www.spyfind.com/bitware.html" target="_blank">Bitware</a> that integrates fax, voice, pager, and data communications on your desktop
Source=Paul Collins Startup list

[CC2KUI]
Number=1362
Confirmed=X
Filename=comet.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Comet%20Cursor&threatid=29168" target=_blank>Comet Cursor</a> adware
Source=Paul Collins Startup list

[Ccao]
Number=1363
Confirmed=X
Filename=regedit.exe
Description=Probably a variant of MediaTickets adware. Note - this is not the valid Windows registry editor which resides in Windows or Winnt and will not figure in Msconfig/Startup! This version resides in a "mduu" subfolder, which may change
Source=Paul Collins Startup list

[ccApp]
Number=1364
Confirmed=Y
Filename=ccApp.exe
Description=Part of <a href="http://www.symantec.com/nav/nav_9xnt/" target="_blank">Norton AntiVirus</a>. Auto-protect and E-mail check will not function without this
Source=Paul Collins Startup list

[ccApp]
Number=1365
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102917-0924-99" target="_blank">OBSORB</a> TROJAN! Note the random filename compared to the valid Norton AntiVirus
Source=Paul Collins Startup list

[ccApp]
Number=1366
Confirmed=X
Filename=WMADZ.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlj.html" target="_blank">RBOT-LJ</a> WORM!
Source=Paul Collins Startup list

[ccApp]
Number=1367
Confirmed=X
Filename=.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlj.html" target= blank>RBOT-LJ</a> WORM!
Source=Paul Collins Startup list

[ccApp]
Number=1368
Confirmed=X
Filename=gcasServ.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM! Do not confuse with the Microsoft AntiSpyware executable of the same name
Source=Paul Collins Startup list

[ccAppr]
Number=1369
Confirmed=X
Filename=svcrhost.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
Source=Paul Collins Startup list

[ccAppr]
Number=1370
Confirmed=X
Filename=expIorer.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
Source=Paul Collins Startup list

[ccAppr]
Number=1371
Confirmed=X
Filename=outIook.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
Source=Paul Collins Startup list

[ccAppr]
Number=1372
Confirmed=X
Filename=svcshost.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
Source=Paul Collins Startup list

[ccApps]
Number=1373
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081700-2526-99" target="_blank">NEVEG.B</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081614-3605-99" target="_blank">NEVEG.C</a> WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[ccApps]
Number=1374
Confirmed=X
Filename=winlogon.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081623-4258-99" target="_blank">NEVEG.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[ccApps]
Number=1375
Confirmed=X
Filename=N/A
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kangarooa.html" target=_blank>KANGAROO-A</a> TROJAN!
Source=Paul Collins Startup list

[ccApps]
Number=1376
Confirmed=X
Filename=ccApps.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kangaroob.html" target=_blank>KANGAROO-B</a> WORM!
Source=Paul Collins Startup list

[CCD Manager]
Number=1377
Confirmed=U
Filename=DDS.EXE
Description=Project Labs <a href="http://www.centurycdtech.com/" target="_blank">Century CD</a> manager for their CD/DVD storage device
Source=Paul Collins Startup list

[Ccdecode]
Number=1378
Confirmed=N
Filename=rundll32.exe streamci, StreamingDeviceSetup
Description=Part of the closed caption decdoder/MS VBI codec. Should only run once
Source=Paul Collins Startup list

[CCDoctorLogonTesting]
Number=1379
Confirmed=Y
Filename=ccdoctor.exe
Description=Checks your system to make sure it's configured properly for running <a href="http://www-306.ibm.com/software/awdtools/clearcase/index.html" target="_blank">IBM Rational ClearCase</a>, a source code management tool. ClearCase is fairly sophisticated so there are a lot of system-related things that can cause it grief. If you run ClearCase you should not disable this as it provides a valuable service, but technically it isn't required to use the ClearCase product
Source=Paul Collins Startup list

[ccenter]
Number=1380
Confirmed=Y
Filename=CCenter.exe
Description=<a href="http://www.ravantivirus.com/" target=_blank>RAV</a> AntiVirus

Source=Paul Collins Startup list

[CcEvtMgr]
Number=1381
Confirmed=Y
Filename=ccEvtMgr.exe
Description=Part of <a href="http://www.symantec.com/nav/nav_9xnt/" target="_blank"> Norton AntiVirus 2003</a>.<font color="#FF0000"> </font>Event manager for scheduling weekly scans and or automatic virus updates. Used to start automatically via "ccApp" and was not required as a seperate entry but a recent update changed this
Source=Paul Collins Startup list

[ccEvtMrg.exe]
Number=1382
Confirmed=X
Filename=ccEvtMrg.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.GZ&VSect=T" target=_blank>RBOT.GZ</a> WORM!
Source=Paul Collins Startup list

[ccExecute]
Number=1383
Confirmed=X
Filename=bootcfg1.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32nemsib.html" target=_blank>NEMSI-B</a> VIRUS!
Source=Paul Collins Startup list

[ccHelp]
Number=1384
Confirmed=X
Filename=ccHelp.hta
Description=<a href="http://sarc.com/avcenter/venc/data/adware.searchq.html" target= blank>"Searchq"</a> adware
Source=Paul Collins Startup list

[ccleaner]
Number=1385
Confirmed=U
Filename=ccleaner.exe
Description=<a href="http://www.ccleaner.com/" target=_blank>CCleaner</a> - removes unused files from your system

Source=Paul Collins Startup list

[ccpApps]
Number=1386
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091409-4900-99" target="_blank">WEBUS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[ccpApps]
Number=1387
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100519-0947-99" target=_blank>WEBUS.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
Source=Paul Collins Startup list

[ccProxy]
Number=1388
Confirmed=U
Filename=CCPROXY.EXE
Description=Part of Norton Internet Security, proxy server that is used to support the parental controls. If you turn parental controls off at user level the process is not loaded. Reported to cause excessive CPU usage
Source=Paul Collins Startup list

[ccPrxy.exe]
Number=1389
Confirmed=X
Filename=ccPrxy.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32shipuph.html" target="_blank">SHIPUP-H</a> WORM!
Source=Paul Collins Startup list

[CcPxySvc]
Number=1390
Confirmed=Y
Filename=CCPXYSVC.exe
Description=Part of Norton's <a href="http://www.symantec.com/nav/nav_9xnt/" target="_blank"> AntiVirus 2003</a>, <a href="http://www.symantec.com/sabu/nis/nis_pe/" target="_blank"> Internet Security</a> and <a href="http://www.symantec.com/sabu/nis/npf/" target="_blank"> Firewall</a> products. E-mail proxy service - required for E-mail scanning and the firewall
Source=Paul Collins Startup list

[ccreg]
Number=1391
Confirmed=X
Filename=explorer.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021316-5131-99" target=_blank>ZCREW</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System subfolder
Source=Paul Collins Startup list

[CcRegVfy]
Number=1392
Confirmed=Y
Filename=ccRegVfy.exe
Description=Part of <a href="http://www.symantec.com/nav/nav_9xnt/" target="_blank"> Norton AntiVirus 2003</a>. "ccRegVfy.exe is responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack"
Source=Paul Collins Startup list

[ccRegVfY]
Number=1393
Confirmed=X
Filename=expIorer.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
Source=Paul Collins Startup list

[ccRegVfY]
Number=1394
Confirmed=X
Filename=svcrhost.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
Source=Paul Collins Startup list

[ccRegVfY]
Number=1395
Confirmed=X
Filename=svcshost.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
Source=Paul Collins Startup list

[ccRegVfY]
Number=1396
Confirmed=X
Filename=outIook.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.A</a> TROJAN!
Source=Paul Collins Startup list

[ccSetMgr]
Number=1397
Confirmed=Y
Filename=ccSetMgr.exe
Description=Part of Norton AntiVirus 2004. <font color="#FF0000"> What does it do?</font>
Source=Paul Collins Startup list

[ccsvit.exe]
Number=1398
Confirmed=X
Filename=ccsvit.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpahp.html" target=_blank>STARTPA-HP</a> TROJAN!
Source=Paul Collins Startup list

[cctray]
Number=1399
Confirmed=U
Filename=cctray.exe
Description=Part of <a href="http://www3.ca.com/Solutions/Product.aspx?ID=3243" target="_blank">CA Internet Security Suite</a>
Source=Paul Collins Startup list

[ccUpdate]
Number=1400
Confirmed=X
Filename=ccUpdate.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.YS" target="_blank">AGOBOT.YS</a> WORM!
Source=Paul Collins Startup list

[ccWasher]
Number=1401
Confirmed=U
Filename=aolwasher.exe
Description=Webroot Cache & Cookie Washer - cleaning browser tracks, including cache, cookies, history, mail trash, drop-down address bar, auto-complete forms and downloaded program files for IE, Netscape and AOL
Source=Paul Collins Startup list

[CCWC7a]
Number=1402
Confirmed=U
Filename=ac.exe
Description=<a href="http://hem.bredband.net/thokha/" target="_blank">Moleculesoft</a> Cache, Cookie & Windows Cleaner. No longer supported but available for free
Source=Paul Collins Startup list

[CCWC7I]
Number=1403
Confirmed=U
Filename=idxl.exe
Description=<a href="http://hem.bredband.net/thokha/" target="_blank">Moleculesoft</a> Cache, Cookie & Windows Cleaner. No longer supported but available for free
Source=Paul Collins Startup list

[CCWC7s]
Number=1404
Confirmed=U
Filename=stealth.exe
Description=<a href="http://hem.bredband.net/thokha/" target="_blank">Moleculesoft</a> Cache, Cookie & Windows Cleaner. No longer supported but available for free
Source=Paul Collins Startup list

[CD Storage Master]
Number=1405
Confirmed=N
Filename=cdstorager.exe
Description=<a href="http://www.cdstorager.com/" target= blank>CD Storage Master</a> - a program designed to catalog CD information, boasts a number of handy features for organizing your collection
Source=Paul Collins Startup list

[cd1]
Number=1406
Confirmed=X
Filename=cd1.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list

[CDANTSRV]
Number=1407
Confirmed=N
Filename=CDANTSRV.exe
Description=C-Dilla License Management software. Used for any program that uses C-dilla Protection, example: 3D Studio Max 4.x. It loads as a service automatically but is not needed unless you run said program. Can be started and stopped manually
Source=Paul Collins Startup list

[Cdcompat]
Number=1408
Confirmed=X
Filename=Cdcompat.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list

[cddrv32]
Number=1409
Confirmed=X
Filename=cddrv32.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list

[CDInterceptor]
Number=1410
Confirmed=N
Filename=cdi.exe
Description=CD indexer for measuring the speed of CD players
Source=Paul Collins Startup list

[CdnCtr]
Number=1411
Confirmed=X
Filename=cdnup.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453097703" target="_blank">CNNIC Update</a> pest
Source=Paul Collins Startup list

[CDriver]
Number=1412
Confirmed=X
Filename=windrv.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DELF.WG" target="_blank">DELF.WG</a> TROJAN!
Source=Paul Collins Startup list

[Cdrom Controller]
Number=1413
Confirmed=X
Filename=cdromcntrl.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbattrya.html" target=_blank>BATTRY-A</a> TROJAN!
Source=Paul Collins Startup list

[cds]
Number=1414
Confirmed=X
Filename=cds.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-112514-4016-99" target=_blank>SPYMON</a> TROJAN!
Source=Paul Collins Startup list

[CDTray]
Number=1415
Confirmed=N
Filename=CDTray.exe
Description=On HP PCs, this is the small CD icon next to the time
Source=Paul Collins Startup list

[CeEKEY]
Number=1416
Confirmed=U
Filename=CeEKey.exe
Description=Hot Key utility included on Toshiba Satellite laptops
Source=Paul Collins Startup list

[CeEPOWER]
Number=1417
Confirmed=U
Filename=cepmtray.exe
Description=Toshiba's Power Management Utility - allows the user to setup different profiles for both AC power and Battery Power on laptops. Contols CPU speed, Monitor Shut Off, Hard Drive Shut-Off, Monitor Brightness, System Stand-by and System Hibernate times
Source=Paul Collins Startup list

[Ceic]
Number=1418
Confirmed=?
Filename=Ceic.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Cekirge]
Number=1419
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080513-2747-99" target="_blank">KERGEZ.A</a> WORM!
Source=Paul Collins Startup list

[center]
Number=1420
Confirmed=X
Filename=[random name]32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110916-0038-99" target=_blank>BOFRA.A</a> WORM!
Source=Paul Collins Startup list

[CentralProcessor]
Number=1421
Confirmed=X
Filename=taskimgr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081711-5410-99" target="_blank">BANCOS.J</a> TROJAN!
Source=Paul Collins Startup list

[CEPA]
Number=1422
Confirmed=?
Filename=wsot.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[CertificateRegistration]
Number=1423
Confirmed=U
Filename=SafeSignCertReg.exe
Description=SafeSign Certificate Registration Utility for Microsoft Crypto applications
Source=Paul Collins Startup list

[CertReg]
Number=1424
Confirmed=U
Filename=certreg.exe
Description=Related to <a href="http://www.gemplus.com/" target=_blank>Gemplus</a> Card Reader

Source=Paul Collins Startup list

[CertStoreInit]
Number=1425
Confirmed=Y
Filename=CertStoreInit
Description=<a href="http://www.aladdin.com/eToken/" target="_blank">Aladdin eToken</a> authentication and password management
Source=Paul Collins Startup list

[CesarFTP FTP Server]
Number=1426
Confirmed=N
Filename=server.exe
Description=<a href="http://www.aclogic.com/" target="_blank">CesarFTPd</a> - FTP server
Source=Paul Collins Startup list

[cesmain.dll]
Number=1427
Confirmed=X
Filename=cmail.dll, Rundll32
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=3721%20Chinese%20Keywords%20(CNSMin)&threatid=3678" target=_blank>CnsMin</a> (Chinese Keywords) hijacker related
Source=Paul Collins Startup list

[CEventMgr]
Number=1428
Confirmed=X
Filename=Cell.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifroseak.html" target=_blank>BIFROSE-AK</a> TROJAN!
Source=Paul Collins Startup list

[CFD]
Number=1429
Confirmed=N
Filename=CFD.exe
Description=<a href="http://www.broadjump.com/" target="_blank">BroadJump</a> Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs
Source=Paul Collins Startup list

[CFDStart]
Number=1430
Confirmed=X
Filename=WinMuschi.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092618-5651-99" target="_blank">WINMUSCHI</a> dialler
Source=Paul Collins Startup list

[cfgboost]
Number=1431
Confirmed=X
Filename=cfgboot.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[cfgintpr]
Number=1432
Confirmed=Y
Filename=cfgintpr.exe
Description=Configuration Interpreter - part of <a href="http://www.tinysoftware.com/home/tiny2?la=EN" target="_blank">Tiny Personal Firewall</a> V4
Source=Paul Collins Startup list

[cfgmgr51]
Number=1433
Confirmed=X
Filename=RunDLL32.EXE [path] cfgmgr51.dll, DllRun
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BookedSpace&threatid=3275" target=_blank>BookedSpace</a> parasite
Source=Paul Collins Startup list

[cfgmgr52]
Number=1434
Confirmed=X
Filename=RunDLL32.EXE [path] cfgmgr52.dll, DllRun
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BookedSpace&threatid=3275" target=_blank>BookedSpace</a> parasite
Source=Paul Collins Startup list

[cfgwiz]
Number=1435
Confirmed=N
Filename=cfgwiz.exe
Description=Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it
Source=Paul Collins Startup list

[cFosDNT]
Number=1436
Confirmed=?
Filename=cFosDNT.exe
Description=<a href="http://www.cfos.de/index2_e.htm" target="_blank">cFos</a> DSL Modem driver related. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[cFosInst_Check]
Number=1437
Confirmed=?
Filename=cfosinst.exe
Description=<a href="http://www.cfos.de/index2_e.htm" target="_blank">cFos</a> DSL Modem driver related. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[cFosSpeed]
Number=1438
Confirmed=U
Filename=cFosSpeed.exe
Description=<a href="http://www.cfos.de/index2_e.htm" target=_blank>cFos Software</a> Internet acceleration program related. Note - may be necessary for the software to work properly
Source=Paul Collins Startup list

[CFSServ.exe]
Number=1439
Confirmed=U
Filename=CFSServ.exe
Description=Belongs to Toshiba's configfree utility and searches for Wireless Devices
Source=Paul Collins Startup list

[cftmon32]
Number=1440
Confirmed=X
Filename=taskmgr*.exe [* = number]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080717-1526-99" target="_blank">SOWSAT.C</a> and <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082211-1053-99" target="_blank">SOWSAT.J</a> WORMS!
Source=Paul Collins Startup list

[cfy]
Number=1441
Confirmed=X
Filename=cfy.exe
Description=Surfenhance.com <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-111211-5006-99" target=_blank>SearchForIt</a> adware variant
Source=Paul Collins Startup list

[CGI Firewall Script]
Number=1442
Confirmed=X
Filename=CGIAGENT.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32bropiau.html" target=_blank>BROPIA-U</a> WORM!
Source=Paul Collins Startup list

[CGServer]
Number=1443
Confirmed=U
Filename=cgserver.exe
Description=Associated with an <a href="http://www.eicon.com/worldwide/default.htm" target="_blank">Eicon Networks</a> ISDN or ADSL modem. Call Guard Server (CGserver) watches your modem and blocks incoming or outgoing calls. You need cgard.exe (from Startmenu) to configure cgserver with rules and telephone numbers. Good against unwanted dialer programs
Source=Paul Collins Startup list

[Cgtask Services]
Number=1444
Confirmed=X
Filename=cgtask.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-072809-1932-99" target="_blank">LALA.B</a> TROJAN!
Source=Paul Collins Startup list

[Cgywin]
Number=1445
Confirmed=X
Filename=cgywin32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaei.html" target=_blank>RBOT-AEI</a> WORM!
Source=Paul Collins Startup list

[ChamClock]
Number=1446
Confirmed=U
Filename=ChamClock.exe
Description=<a href="http://www.softshape.com/cham/" target="_blank">Chameleon Clock</a> - system tray clock replacement
Source=Paul Collins Startup list

[change-me-now]
Number=1447
Confirmed=X
Filename=msgfix1.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ZD" target=_blank>SDBOT.ZD</a> WORM!
Source=Paul Collins Startup list

[ChangeICON]
Number=1448
Confirmed=U
Filename=SPMSMON.EXE
Description=Card reader related program. Note - may cause problems with My Computer loading at startup. Disabling through MsConfig seems to solve the problem
Source=Paul Collins Startup list

[ChangeLines]
Number=1449
Confirmed=?
Filename=chngline.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Chatango]
Number=1450
Confirmed=N
Filename=Chatango.exe
Description=<a href="http://www.chatango.com/" target=_blank>Chatango</a> - "allows people to be connected in real time through their Web browsers. Include your Chatango contact link or button when you create eBay auctions, blogs, personal websites, Friendster profiles, and your visitors will be able to contact you instantly, without downloading anything, or registering. Alo use it to send email to your friends, allowing them to respond to you in real time!." The 'MessageCatcher' icon in the System Tray notifies you when you get a message. When you get a message, a little alert pops up, which you can click on and start chatting immediately
Source=Paul Collins Startup list

[Chcenter]
Number=1451
Confirmed=N
Filename=chcenter.exe
Description=IMSI <a href="http://www.imsisoft.com/prodinfo.asp?t=1&mcid=100" target="_blank">HiJaak</a> - "the easiest way to convert, capture, and manage all your graphic files"
Source=Paul Collins Startup list

[Chckup]
Number=1452
Confirmed=X
Filename=Netverchk.exe
Description=<a href="http://fileinfo.prevx.com/fileinfo.asp?PXC=e7ee46377171http://fileinfo.prevx.com/fileinfo.asp?PXC=e7ee46377171" target="_blank">Covert Sys Exec</a> malware variant
Source=Paul Collins Startup list

[che32]
Number=1453
Confirmed=X
Filename=che.ocx.vbs
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/wm97adenub.html" target=_blank>ADENU-B</a> VIRUS!
Source=Paul Collins Startup list

[Cheatle]
Number=1454
Confirmed=X
Filename=GigaByte.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042012-2931-99" target="_blank">SHODI.B</a> VIRUS!
Source=Paul Collins Startup list

[Check]
Number=1455
Confirmed=X
Filename=Check.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vbdrn.html" target="_blank">VB-DRN</a> WORM!
Source=Paul Collins Startup list

[Check for One Touch Update]
Number=1456
Confirmed=N
Filename=wiseupdt.exe
Description=Checks for updates for Visioneer OneTouch scanners
Source=Paul Collins Startup list

[Check for TWS Updates]
Number=1457
Confirmed=N
Filename=WiseUpdt.exe
Description=Interactive Brokers - check for update to their standalone Java-based trading platform
Source=Paul Collins Startup list

[Check Messenger]
Number=1458
Confirmed=U
Filename=cmesseng.exe
Description=Check Messenger from Qchex.com - program that helps you manage the activity of your Qchex account. Qchex appear to be no longer in buisness
Source=Paul Collins Startup list

[CheckCustomWorksUpdate]
Number=1459
Confirmed=N
Filename=CheckCWupdate.exe
Description=Update checker, part of <a href="http://www.designersgallerysoftware.com/products/product.asp?Product_ID=EDG-CW" target=_blank>CustomWorks</a> - "customize any embroidery designs to design your own unique creations"
Source=Paul Collins Startup list

[Checkdisk]
Number=1460
Confirmed=X
Filename=mscas.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvagona.html" target=_blank>VAGON-A</a> TROJAN!
Source=Paul Collins Startup list

[CheckFaultKernel]
Number=1461
Confirmed=X
Filename=mswdm.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallcsk.html" target="_blank">SMALL-CSK</a> TROJAN!
Source=Paul Collins Startup list

[CheckIt]
Number=1462
Confirmed=U
Filename=ToolBox.exe
Description=CheckIt Toolbox from <a href="http://cssvc.pcworld.compuserve.com/computing/cis/article/0,aid,15497,00.asp" target="_blank">WinCheckIt Diagnostic Software</a>. Toolbox automatically backs up critical system files (such as .ini files and the Windows Registry), and performs a check on various system parameters at intervals you specify
Source=Paul Collins Startup list

[CheckIt 86]
Number=1463
Confirmed=U
Filename=CheckIt86.exe
Description=<a href="http://www.smithmicro.com/default.tpl?group=product_full&sku=C86WINEE" target=_blank>CheckIt 86</a> popup blocker
Source=Paul Collins Startup list

[CheckMsgPlus]
Number=1464
Confirmed=Y
Filename=MsgPlusH.dll, VerifyInstallation
Description=Added by MSN Messenger Plus, a third party extension to MSN Messenger. This is the auto-update feature - see <a href="http://www.patchou.com/msgplus/faq.htm#stopconnect" target="_blank">here</a> for more info.
Source=Paul Collins Startup list

[checkrun]
Number=1465
Confirmed=X
Filename=elite***32.exe [* = random char]
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-083109-1455-99" target=_blank>EliteBar</a> adware

Source=Paul Collins Startup list

[checkrun]
Number=1466
Confirmed=X
Filename=elitelsj32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmultidrer.html" target=_blank>MULTIDR-ER</a> TROJAN!
Source=Paul Collins Startup list

[CheckScan32]
Number=1467
Confirmed=X
Filename=regload16.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AEBOT.K&VSect=P" target=_blank>AEBOT.K</a> WORM!
Source=Paul Collins Startup list

[checktime]
Number=1468
Confirmed=?
Filename=ct.exe
Description=<font color="#FF0000">Found in the HPSelectFrontend directory on a HP machine. What is it's purpose and is it required?</font>
Source=Paul Collins Startup list

[CheckVCR]
Number=1469
Confirmed=Y
Filename=IOMagic.exe
Description=Driver for the <a href="http://www.iomagic.com/" target=_blank>I/OMagic</a> Personal Video Recorder (DR-PCTV100)
Source=Paul Collins Startup list

[CherryKeyMan]
Number=1470
Confirmed=U
Filename=KeyMan.exe
Description=Multimedia keyboard manager for the <a href="http://www.cherrycorp.com/index.htm" target="_blank">Cherry</a> keyboard series. Only required if you use any of the special keys
Source=Paul Collins Startup list

[china11msn]
Number=1471
Confirmed=X
Filename=CHINA11MSN.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040417-2341-99" target=_blank>ENVID.O</a> WORM!
Source=Paul Collins Startup list

[ChineseStar]
Number=1472
Confirmed=U
Filename=cstar.exe
Description=Chinese language support software
Source=Paul Collins Startup list

[CHIPDRIVEPinManager]
Number=1473
Confirmed=U
Filename=sokscmpn.exe
Description=<a href="http://www.chipdrive.de/cgi-bin/edcstore.cgi" target=_blank>ChipDrive</a> Smartcard software
Source=Paul Collins Startup list

[CHIPDRIVESmartcardManager]
Number=1474
Confirmed=U
Filename=SCMgr.exe
Description=<a href="http://www.chipdrive.de/cgi-bin/edcstore.cgi" target=_blank>ChipDrive</a> Smartcard software
Source=Paul Collins Startup list

[CHKADMIN]
Number=1475
Confirmed=N
Filename=CHKADMIN.EXE
Description=Compaq Network Management System. When running, it places an icon in the system tray titled &quot;Intelligent Manageability&quot;
Source=Paul Collins Startup list

[chkdsk]
Number=1476
Confirmed=X
Filename=autoexec.bat
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-0016-99" target=_blank>ANPES</a> WORM!
Source=Paul Collins Startup list

[Choke]
Number=1477
Confirmed=X
Filename=Choke.exe-blahh
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2001-060615-3930-99" target="_blank">CHOKE</a> WORM!
Source=Paul Collins Startup list

[chope]
Number=1478
Confirmed=X
Filename=runlli32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassu.html" target=_blank>QQPASS-U</a> TROJAN!
Source=Paul Collins Startup list

[chostsv]
Number=1479
Confirmed=X
Filename=chostsv.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-030518-3634-99" target="_blank">BANPAES.C</a> TROJAN!
Source=Paul Collins Startup list

[CHotKey]
Number=1480
Confirmed=U
Filename=mhotkey.exe
Description=Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended features
Source=Paul Collins Startup list

[CHotKey]
Number=1481
Confirmed=U
Filename=MK9805.EXE
Description=Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended features
Source=Paul Collins Startup list

[CHotKey]
Number=1482
Confirmed=U
Filename=zHotkey.exe
Description=Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol , vol-, mute, etc. Only required for extended features
Source=Paul Collins Startup list

[Christmas Music Player]
Number=1483
Confirmed=N
Filename=TTEST6.EXE
Description=<I>&quot;</I>Christmas Music Player<I> </I>brings the music of the Christmas Holiday to your desktop&quot;
Source=Paul Collins Startup list

[ChromeMark]
Number=1484
Confirmed=?
Filename=keysh.exe
Description=<font color="#FF0000">Related to <a href="http://chromium.com/chromemark.html" target="_blank">this</a>. Don't know what keysh.exe does though and if it's required</font>
Source=Paul Collins Startup list

[ChronitelInitTV]
Number=1485
Confirmed=?
Filename=CHTVINIT.EXE
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[chrono]
Number=1486
Confirmed=U
Filename=chrono.exe
Description=<a href=http://www.altrixsoft.com/en/chrono/" target="_blank">Chronograph</a> is a simple utility that synchronizes internal computer clock to the atomic time. Chronograph automatically maintains correct time using atomic clock servers of the National Institute of Standards and Technology (NIST)." Shows seconds and shows the date without having to hover the mouse. Shows a calendar when hovered over
Source=Paul Collins Startup list

[CiaBackdoor]
Number=1487
Confirmed=X
Filename=msldr.com
Description=Added by a VIRUS!
Source=Paul Collins Startup list

[cihost.exe]
Number=1488
Confirmed=X
Filename=cihost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031918-3320-99" target="_blank">LINST</a> TROJAN!
Source=Paul Collins Startup list

[CIJxP2PSERVER]
Number=1489
Confirmed=N
Filename=CIJxP2PS.EXE
Description=Compaq printer utility which is required in order to make the printer work correctly - &quot;x&quot; depends upon the model, ie, for IJ300 x=3, for IJ700 x=7
Source=Paul Collins Startup list

[Cisco Systems VPN Client]
Number=1490
Confirmed=U
Filename=ipsecdialer.exe
Description=Cisco <a href="http://www.cisco.com/en/US/products/sw/secursw/ps2308/" target=_blank>VPN Client</a> - lets local users gain Administrator privileges on the operating system
Source=Paul Collins Startup list

[Cisco Systems VPN Client]
Number=1491
Confirmed=N
Filename=vpngui.exe
Description=Sets up IPSec communications for Cisco's <a href="http://www.cisco.com/en/US/products/sw/secursw/ps2308/" target=_blank>VPN Client</a>
Source=Paul Collins Startup list

[CISrvr Program]
Number=1492
Confirmed=N
Filename=CISRVR.EXE
Description=Related to internet setup on Compaq PC's
Source=Paul Collins Startup list

[Cissi]
Number=1493
Confirmed=X
Filename=Cissi.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-122215-2226-99" target="_blank">CISSI.A</a> WORM!
Source=Paul Collins Startup list

[CitiUCS]
Number=1494
Confirmed=U
Filename=CitiUCS.exe
Description=Citibank <a href="http://www.citibank.com/us/cards/tour/cb/shp_van.htm" target=_blank>Virtual Account Numbers</a> - "With this free service for Citi cardmembers, you never have to give out your real credit card number online"
Source=Paul Collins Startup list

[CitiVAN]
Number=1495
Confirmed=N
Filename=CitiVAN.exe
Description=Option from <a href="http://www.citibank.com/us/d.htm" target="_blank">Citibank</a> to change a credit card number in a random fashion for each purchase. The number will only be used once and never again
Source=Paul Collins Startup list

[CJET]
Number=1496
Confirmed=X
Filename=CJet.exe
Description=Added by the <a href="http://www.sarc.com/avcenter/venc/data/adware.fftoolbar.html" target=_blank>Adware.FFToolBar</a> adware toolbar
Source=Paul Collins Startup list

[Cjstcom]
Number=1497
Confirmed=Y
Filename=Cjstcom.exe
Description=Canon printer BJ status language monitor
Source=Paul Collins Startup list

[ClamWin]
Number=1498
Confirmed=Y
Filename=ClamTray.exe
Description=<a href="http://www.clamwin.com/" target=_blank>ClamWin</a> antivirus
Source=Paul Collins Startup list

[Classes]
Number=1499
Confirmed=X
Filename=int1.exe
Description=<a href="http://www.sophos.com/virusinfo/analyses/dialswitchb.html" target=_blank>"Switch"</a> adult content dialler
Source=Paul Collins Startup list

[Classes]
Number=1500
Confirmed=X
Filename=intl.exe
Description=<a href="http://www.sophos.com/virusinfo/analyses/dialswitchb.html" target=_blank>"Switch"</a> adult content dialler
Source=Paul Collins Startup list

[Classes]
Number=1501
Confirmed=X
Filename=run_21.exe
Description=<a href="http://www.sophos.com/virusinfo/analyses/dialswitchb.html" target=_blank>"Switch"</a> adult content dialler
Source=Paul Collins Startup list

[Classes]
Number=1502
Confirmed=X
Filename=srv.exe
Description=<a href="http://www.sophos.com/virusinfo/analyses/dialswitchb.html" target=_blank>"Switch"</a> adult content dialler
Source=Paul Collins Startup list

[Classes]
Number=1503
Confirmed=X
Filename=srv2.exe
Description=<a href="http://www.sophos.com/virusinfo/analyses/dialswitchb.html" target=_blank>"Switch"</a> adult content dialler
Source=Paul Collins Startup list

[Classes]
Number=1504
Confirmed=X
Filename=MSTAR2.EXE
Description=<a href="http://www.sophos.com/virusinfo/analyses/dialswitchb.html" target=_blank>"Switch"</a> adult content dialler

Source=Paul Collins Startup list

[Classes]
Number=1505
Confirmed=X
Filename=mstart.exe
Description=<a href="http://www.sophos.com/virusinfo/analyses/dialswitchb.html" target=_blank>"Switch"</a> adult content dialler

Source=Paul Collins Startup list

[clcbt.exe]
Number=1506
Confirmed=X
Filename=clcbt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentcba.html" target="_blank">AGENT.CBA</a> TROJAN!
Source=Paul Collins Startup list

[CLCLSet]
Number=1507
Confirmed=U
Filename=CLCL.exe
Description=CLCL clipboard caching utility
Source=Paul Collins Startup list

[CleanEasyImg]
Number=1508
Confirmed=?
Filename=cleanall.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[CleanRegPath]
Number=1509
Confirmed=?
Filename=CleanReg.exe
Description=Apparently Annex A ADSL modem related. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[CleanSweep Smart Sweep- Internet Sweep]
Number=1510
Confirmed=U
Filename=Csinsm32.exe
Description=Automatic logging of installs from Norton CleanSweep - available via Start -&gt; Programs
Source=Paul Collins Startup list

[CleanSweep Useage Watch]
Number=1511
Confirmed=N
Filename=CSUSEM32.EXE
Description=Quarterdeck/Norton CleanSweep component - tracks how often you use files and alerts you to files that have not been used for a specified period of time
Source=Paul Collins Startup list

[CleanTemp]
Number=1512
Confirmed=U
Filename=CLEANT~1.EXEB
Description=<a href="http://www.html2exe.com/mnu/dl/dl.shtml#free" target="_blank">CleanTemp</a> - deletes the contents of the TEMP directory when Windows starts and then closes - using no memory
Source=Paul Collins Startup list

[CleanTemp]
Number=1513
Confirmed=U
Filename=CleanTemp.exe
Description=<a href="http://www.html2exe.com/mnu/dl/dl.shtml#free" target="_blank">CleanTemp</a> - deletes the contents of the TEMP directory when Windows starts and then closes - using no memory
Source=Paul Collins Startup list

[Cleanup]
Number=1514
Confirmed=N
Filename=ONICTASK.EXE
Description=<a href="http://www.allume.com/mac/cleanup/index.html" target="_blank">Internet Cleanup</a> from Allume Systems (used to be by OnTrack) - cleans up tracks left by browsing the internet
Source=Paul Collins Startup list

[CleanUp]
Number=1515
Confirmed=Y
Filename=mcappins.exe
Description=Used by McAfee Virusscan to perform product updates. When updates are available the program will download and install them automatically. Recommended to leave enabled
Source=Paul Collins Startup list

[CleanupProgram]
Number=1516
Confirmed=?
Filename=cleanup.exe
Description=<font color="#FF0000">In a C:\Sony\sys folder - Sony Vaio related?</font>
Source=Paul Collins Startup list

[clean_service]
Number=1517
Confirmed=X
Filename=clean_service.cmd
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022711-2043-99" target=_blank>REFAZ</a> WORM!
Source=Paul Collins Startup list

[clfmon]
Number=1518
Confirmed=X
Filename=clfmon.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.E</a> TROJAN!
Source=Paul Collins Startup list

[clfmon]
Number=1519
Confirmed=X
Filename=nvsvca32.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.E</a> TROJAN!
Source=Paul Collins Startup list

[clfmon.exe]
Number=1520
Confirmed=X
Filename=clfmon.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentbj.html" target=_blank>AGENT-BJ</a> TROJAN!
Source=Paul Collins Startup list

[Click Radio Tuner]
Number=1521
Confirmed=N
Filename=clickr~1.exe
Description=<a href="http://www.clickmusic.com/radio/" target="_blank">ClickRadio</a> - subscription service playing radio music via the internet
Source=Paul Collins Startup list

[Click Tray Calendar]
Number=1522
Confirmed=N
Filename=ClickT~1.EXE
Description=<a href="http://www.waseo.de/articles.php?lng=en&pg=34" target="_blank">ClickTray Calendar</a> - shows holidays, reminders of various anniversaries,tasks etc
Source=Paul Collins Startup list

[ClickMe]
Number=1523
Confirmed=N
Filename=ClickMe.exe
Description=<a href="http://www.trendmicro.com/vinfo/jokes/jokesDetails.asp?JNAME=JOKE_CLICKME.A" target=_blank>ClickM</a> "JOKE" program
Source=Paul Collins Startup list

[Clickoff]
Number=1524
Confirmed=U
Filename=Clickoff.exe
Description=<a href="http://www.johanneshuebner.com/en/clickoff.shtml" target="_blank">Clickoff</a> automatically dismisses annoying dialog boxes
Source=Paul Collins Startup list

[ClickTheButton]
Number=1525
Confirmed=X
Filename=CTB.EXE
Description=ClickTheButton <a href="http://vil.nai.com/vil/content/v_126801.htm" target="_blank">Downloader-MY</a> adware
Source=Paul Collins Startup list

[ClickTheButton]
Number=1526
Confirmed=X
Filename=csrss.exe
Description=ClickTheButton <a href="http://vil.nai.com/vil/content/v_126801.htm" target=_blank>Downloader-MY</a> adware! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which should not normally figure in Msconfig/Startup!
Source=Paul Collins Startup list

[ClickTheButton]
Number=1527
Confirmed=X
Filename=MSCStat.exe
Description=ClickTheButton <a href="http://vil.nai.com/vil/content/v_126801.htm" target="_blank">Downloader-MY</a> adware
Source=Paul Collins Startup list

[CLICONFG]
Number=1528
Confirmed=X
Filename=CLICONFG.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T" target="_blank">OPASERV.T</a> WORM!
Source=Paul Collins Startup list

[Client Access API Daemon]
Number=1529
Confirmed=U
Filename=cwbappcd.exe
Description=IBM iSeries Client Access, see <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target=_blank>here</a>
Source=Paul Collins Startup list

[Client Access Check Version]
Number=1530
Confirmed=N
Filename=cwbckver.exe
Description=Part of IBM's <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target="_blank">iSeries</a> (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to.&nbsp;Not required - and can be turned off in the Client Access properties. It's a waste of resources
Source=Paul Collins Startup list

[Client Access Express Welcome]
Number=1531
Confirmed=?
Filename=cwbwlwiz.exe
Description=Welcome wizard launcher - Part of IBM's <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target="_blank">iSeries</a> (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[Client Access Help Update]
Number=1532
Confirmed=N
Filename=cwbinhlp.exe
Description=Client Access Help Registry Update Function - part of IBM's <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target="_blank">iSeries</a> (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. It only updates the help files on your PC to match the level of the attached iSeries
Source=Paul Collins Startup list

[Client Access Service]
Number=1533
Confirmed=N
Filename=CwbSvStr.Exe
Description=Part of IBM's <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target="_blank">iSeries</a> (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Useful if you are going to access the iSeries through Windows Explorer to move files back and forth between Windows folders and iSeries folders. This is a tool that is only used by Client Access administrators (usually) so it is not required - a waste of resources
Source=Paul Collins Startup list

[Client Access Taskbar]
Number=1534
Confirmed=U
Filename=cwbuitsk.exe
Description=IBM iSeries Client Access taskbar, see <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target=_blank>here</a>
Source=Paul Collins Startup list

[Client Agent]
Number=1535
Confirmed=X
Filename=ipxwping.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojppdoorn.html" target=_blank>PPDOOR-N</a> TROJAN!
Source=Paul Collins Startup list

[Client Agent]
Number=1536
Confirmed=X
Filename=photes.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojppdoorp.html" target=_blank>PPDOOR-P</a> TROJAN!
Source=Paul Collins Startup list

[Client Agent]
Number=1537
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojppdoorj.html" target="_blank">PPDOOR-J</a> TROJAN!
Source=Paul Collins Startup list

[Client agent for ARCserve]
Number=1538
Confirmed=?
Filename=W95AGENT.EXE
Description=Part of <a href="http://www3.ca.com/Solutions/ProductFamily.asp?ID=115" target="_blank">Brightstor ARCserve Backup</a> from Computer Associates. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[Client for Microsoft Networks]
Number=1539
Confirmed=X
Filename=msclient32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotbxq.html" target=_blank>SDBOT-BXQ</a> WORM!
Source=Paul Collins Startup list

[Client Server Control Process]
Number=1540
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagenthr.html" target=_blank>AGENT-HR</a> TROJAN! 
Source=Paul Collins Startup list

[Client Server Run Time Proccess]
Number=1541
Confirmed=X
Filename=csrsrv.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Client Server Runtime]
Number=1542
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32poebotkr.html" target="_blank">POEBOT-KR</a> WORM!
Source=Paul Collins Startup list

[Client Server Runtime Process]
Number=1543
Confirmed=X
Filename=csrsss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotld.html" target=_blank>SDBOT-LD</a> WORM!
Source=Paul Collins Startup list

[Client Server Runtime Process]
Number=1544
Confirmed=X
Filename=csrs.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-052109-2651-99" target=_blank>LINKBOT.M</a> WORM!
Source=Paul Collins Startup list

[Client Server Runtime Process]
Number=1545
Confirmed=X
Filename=smmss.exe
Description=Backdoor TROJAN! Possible <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotgen.html" target=_blank>SDBOT-GEN</a> variant
Source=Paul Collins Startup list

[Client Update]
Number=1546
Confirmed=X
Filename=wup.exe
Description=Added by a variant of the <a href="http://www.sophos.com.au/virusinfo/analyses/w32opankia.html" target=_blank>OPANKI-A</a> WORM!
Source=Paul Collins Startup list

[ClientMan1]
Number=1547
Confirmed=X
Filename=mscman.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClientMan&threatid=3754" target=_blank>ClientMan</a> parasite variant

Source=Paul Collins Startup list

[Clik Status Monitor]
Number=1548
Confirmed=N
Filename=toolsclickstat.exe
Description=Part of Iomega Tools to let you know whether an Iomega PocketZip (nee Clik) removable drive cartridge is installed
Source=Paul Collins Startup list

[clipboard.exe]
Number=1549
Confirmed=X
Filename=clipboard.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Clipbook Service]
Number=1550
Confirmed=N
Filename=Clipsrv.exe
Description=Supports Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooks
Source=Paul Collins Startup list

[ClipMate5x]
Number=1551
Confirmed=N
Filename=ClipMt5x.exe
Description=<a href="http://www.thornsoft.com/ProductOverview.asp" target="_blank">Clip Mate 5.x</a> by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start -> Programs
Source=Paul Collins Startup list

[Clipmate6]
Number=1552
Confirmed=N
Filename=CLIPMT60.EXE
Description=<a href="http://www.thornsoft.com/new_60.htm" target="_blank">Clip Mate 6</a> by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start -> Programs
Source=Paul Collins Startup list

[ClipMate7]
Number=1553
Confirmed=N
Filename=ClipMate.exe
Description=<a href="http://www.thornsoft.com/" target=_blank>Clip Mate 7</a> by Thornsoft - utility that allows you to store more than one item in the clipboard

Source=Paul Collins Startup list

[Clipomatic]
Number=1554
Confirmed=N
Filename=Clipomatic.exe
Description=Mike Lin's <a href="http://www.mlin.net/Clipomatic.shtml" target="_blank">Clipomatic</a> is a clipboard cache program - it remembers what was copied to the clipboard even after new data is copied, and allows you to retrieve the old data
Source=Paul Collins Startup list

[Clipsrv]
Number=1555
Confirmed=N
Filename=Clipsrv.exe
Description=Supports Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooks
Source=Paul Collins Startup list

[ClipSrv]
Number=1556
Confirmed=X
Filename=clipserv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaav.html" target=_blank>SDBOT-AAV</a> and <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotafe.html" target=_blank>SDBOT-AFE</a> WORMS!
Source=Paul Collins Startup list

[ClipSrv]
Number=1557
Confirmed=X
Filename=CLIPBRD3D.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mofeid.html" target=_blank>MOFEI-D</a> WORM!
Source=Paul Collins Startup list

[ClipTrak]
Number=1558
Confirmed=N
Filename=ClipTrak.exe
Description=<a href="http://www.pcmag.com/article2/0,4149,114185,00.asp" target="_blank">ClipTrak</a> - clipboard extender
Source=Paul Collins Startup list

[ClipTrakker]
Number=1559
Confirmed=N
Filename=ClipTrakker.exe
Description=<a href="http://www.cliptrakker.com/" target="_blank">Cliptrakker</a> - clipboard extender
Source=Paul Collins Startup list

[CLISTART]
Number=1560
Confirmed=N
Filename=CLIStart.exe
Description=Puts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start -> Programs
Source=Paul Collins Startup list

[CLMFrontPanel]
Number=1561
Confirmed=U
Filename=clmpanel.exe
Description=System tray status/display/configuration utility for a number of modems. Can be disabled by right-clicking on the tray icon. If disabled, connection status is lost
Source=Paul Collins Startup list

[clnwall]
Number=1562
Confirmed=?
Filename=rundll.exe setupx.dll, InstallHinfSection ..delwall.inf
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[clock]
Number=1563
Confirmed=X
Filename=[various filenames]
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-111715-1438-99" target=_blank>LiveChat</a> Adware - known file names include: mssetup.exe, kstatus.exe, spoolsv.exe, sptsupd.exe, osk.exe, msswchx.exe, netdde.exe, msbkup.exe
Source=Paul Collins Startup list

[Clock Manager]
Number=1564
Confirmed=X
Filename=amsngr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsdbotxm.html" target= blank>SDBOT-XM</a> TROJAN!
Source=Paul Collins Startup list

[ClockSync]
Number=1565
Confirmed=X
Filename=Sync.exe
Description=<a href="http://www.clock-sync.com/" target="_blank">ClockSync</a> - synchronizes your system clock with an internet time server. It's by WhenU, the makers of the Save Now spyware, and they're usually seen in tandem, so it's advised to replace it with one of may spyware free alternatives available
Source=Paul Collins Startup list

[ClockWise]
Number=1566
Confirmed=U
Filename=CLOCKWISE.EXE
Description=<a href="http://www.rjsoftware.com/ClockWise/" target="_blank">ClockWise</a> - produced by R J Software - a time utility. It is a schedueler not only for dates, but you can choose it to run programs at any time. It also updates the time by connecting to an atomic clock server. This is a spyware-free alternative to ClockSync
Source=Paul Collins Startup list

[ClocX]
Number=1567
Confirmed=U
Filename=ClocX.exe
Description=<a href="http://clocx.php5.cz/" target="_blank">ClocX</a> - places a clock on the desktop that can be moved and then changed into a calendar plus you can set alarms etc…
Source=Paul Collins Startup list

[CloneCD]
Number=1568
Confirmed=U
Filename=CloneCDTray.exe
Description=System tray for the now discontinued <a href="http://www.elby.org/products/clone_cd/index.html" target="_blank">CloneCD</a>. The only useful option is "Hide CDR Media" only available via this tray. Has additional unknown functions in later versions
Source=Paul Collins Startup list

[CloneCDElbyCDFL]
Number=1569
Confirmed=U
Filename=ElbyCheck.exe
Description=From <a href="http://www.elby.org/" target="_blank">Elaborate Bytes</a> who make CloneCD - monitors the installed filters of CD-ROMs/DVD-ROMs. Note - under Win2K removing this from startup causes the CD drive in the computer to not be recognized in the OS and after rechecking it prompts that the driver has been corrupted and asks you to restart the computer to fix it
Source=Paul Collins Startup list

[CloneCDTray]
Number=1570
Confirmed=U
Filename=CloneCDTray.exe
Description=System tray for the now discontinued <a href="http://www.elby.org/products/clone_cd/index.html" target="_blank">CloneCD</a>. The only useful option is "Hide CDR Media" only available via this tray. Has additional unknown functions in later versions
Source=Paul Collins Startup list

[Clotusorgreg0]
Number=1571
Confirmed=?
Filename=prtStart.exe Orgprt.exe
Description=IBM Lotus <a href="http://www-142.ibm.com/software/sw-lotus/products/product2.nsf/wdocs/sshome" target="_blank">SmartSuite</a> related. In a LotusOrgReg folder. <font color="#FF0000"> Unclear what exactly it does?</font>
Source=Paul Collins Startup list

[Clre]
Number=1572
Confirmed=X
Filename=mmdc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpurscanai.html" target=_blank>PURSCAN-AI</a> TROJAN!
Source=Paul Collins Startup list

[ClrSchLoader]
Number=1573
Confirmed=X
Filename=[path to file]
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092410-4648-99" target=_blank>ClearSearch</a> adware
Source=Paul Collins Startup list

[CLSID]
Number=1574
Confirmed=X
Filename=com.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[CLSID]
Number=1575
Confirmed=X
Filename=dll.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[CLSID]
Number=1576
Confirmed=X
Filename=msgplus.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[CLSID]
Number=1577
Confirmed=X
Filename=plugin.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[CLSID]
Number=1578
Confirmed=X
Filename=sed.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[CLSID]
Number=1579
Confirmed=X
Filename=msgplus.exe
Description=Premium rate adult content dialer. Note - this is NOT the MSN Messenger 'MessengerPlus' extension

Source=Paul Collins Startup list

[CLSRSS]
Number=1580
Confirmed=X
Filename=LSACS.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sillyfdcx.html" target="_blank">SILLYFDC-X</a> WORM!
Source=Paul Collins Startup list

[CM-SmWizard]
Number=1581
Confirmed=?
Filename=SmWizard.exe
Description=SmartWizard MFC Application - associated with C-Media who produce audio chipsets commonly used for on-board sound on motherboards. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[cma]
Number=1582
Confirmed=U
Filename=cma.exe
Description=DeskSite CMA siftware - "retrieves new content from the DeskSite Data Center"
Source=Paul Collins Startup list

[CMAPP]
Number=1583
Confirmed=X
Filename=cmappclient.exe
Description=CasClient adware - also detected as the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-081011-2344-99" target=_blank>CMAPP</a> TROJAN!
Source=Paul Collins Startup list

[Cmaudio]
Number=1584
Confirmed=N
Filename=Rundll32 cmicnfg.cpl, CMICtrlWnd
Description=System tray control panel for C-Media based soundcards - often included on popular motherboards with in-built audio. Available via Start -> Settings -> Control Panel
Source=Paul Collins Startup list

[Cmd]
Number=1585
Confirmed=X
Filename=cmd32.exe
Description=Added by the <a href="http://www.viruslibrary.com/virusinfo/Worm.P2P.Tanked.htm" target="_blank">TANKED</a> WORM!
Source=Paul Collins Startup list

[cmd32]
Number=1586
Confirmed=X
Filename=configs.exe
Description=Hijacker, also detected as the <a href="http://vil.nai.com/vil/content/v_126408.htm" target="_blank">QURL-2</a> TROJAN!
Source=Paul Collins Startup list

[cmdbcs]
Number=1587
Confirmed=X
Filename=cmdbcs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineaggkw.html" target="_blank">LINEAG-GKW</a> TROJAN!
Source=Paul Collins Startup list

[cmdcon]
Number=1588
Confirmed=X
Filename=cmdcon.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list

[CME]
Number=1589
Confirmed=X
Filename=cme.exe
Description=Part of <a href="http://www.thiefware.com/info/data.gator.shtml" target="_blank">Gator</a> advertising spyware - see <a href="http://www.pchell.com/support/gator.shtml" target="_blank">here</a> for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
Source=Paul Collins Startup list

[CmeSYS]
Number=1590
Confirmed=X
Filename=CMEsys.exe
Description=Part of <a href="http://www.thiefware.com/info/data.gator.shtml" target="_blank">Gator</a> advertising spyware - see <a href="http://www.pchell.com/support/gator.shtml" target="_blank">here</a> for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
Source=Paul Collins Startup list

[CmeUPD]
Number=1591
Confirmed=X
Filename=CMEupd.exe
Description=Part of <a href="http://www.thiefware.com/info/data.gator.shtml" target="_blank">Gator</a> advertising spyware - see <a href="http://www.pchell.com/support/gator.shtml" target="_blank">here</a> for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
Source=Paul Collins Startup list

[CMFibula]
Number=1592
Confirmed=X
Filename=CMFibula.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ConsumerAlertSystem.CASClient&threatid=40038" target="_blank">CASClient</a> adware
Source=Paul Collins Startup list

[CmFlywaveName]
Number=1593
Confirmed=N
Filename=CmFlywav.exe
Description=Driver for Linksys <a href="http://www.linksys.com/servlet/Satellite?c=L_Product_C2&childpagename=US%2FLayout&cid=1137451822026&pagename=Linksys%2FCommon%2FVisitorWrapper" target=_blank>Wireless-G Music Bridge</a>

Source=Paul Collins Startup list

[CMGrdian]
Number=1594
Confirmed=?
Filename=CMGrdian.exe
Description=One of the McAfee shared components. <font color="#FF0000"> What does it do and is it required?</font>
Source=Paul Collins Startup list

[CMMan]
Number=1595
Confirmed=X
Filename=CMMan.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-081011-2344-99" target=_blank>CMAPP</a> TROJAN!
Source=Paul Collins Startup list

[Cmmon32Sys]
Number=1596
Confirmed=X
Filename=cmmon32.exe
Description=Added by the SMALL.CL TROJAN!
Source=Paul Collins Startup list

[cmonitor]
Number=1597
Confirmed=N
Filename=startupmon.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-062015-2622-99" target="_blank">SystemDoctor</a> is a security risk that may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported threats
Source=Paul Collins Startup list

[CmPCIaudio]
Number=1598
Confirmed=U
Filename=RunDll32 CMICNFG3.CPL, CMICtrlWnd
Description=Registers the Control Panel applet for a C-Media PCI sound card
Source=Paul Collins Startup list

[CMPDPSRV]
Number=1599
Confirmed=U
Filename=CMPDPSRV.EXE
Description=Printer Driver Plus from ViewAhead Technology (formerly DeviceGuys, Inc.). "Printer Driver Plus seamlessly integrates all the necessary components of a printer driver, plus more". Installed with some Compaq and Lexmark printers
Source=Paul Collins Startup list

[Cmpnt]
Number=1600
Confirmed=X
Filename=Devices2.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtompaid.html" target=_blank>TOMPAI-D</a> TROJAN!
Source=Paul Collins Startup list

[Cmpnt]
Number=1601
Confirmed=X
Filename=mainsv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtompaic.html" target=_blank>TOMPAI-C</a> TROJAN!
Source=Paul Collins Startup list

[cmrss]
Number=1602
Confirmed=X
Filename=cmrss.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=1&VName=TROJ_DELF.DU&highlight=cmrss" target=_blank>DELF.DU</a> TROJAN!
Source=Paul Collins Startup list

[cmrss]
Number=1603
Confirmed=X
Filename=crmss.exe
Description=Added by the <a href="http://sophos.com.au/virusinfo/analyses/trojdloaderek.html" target= blank>DLOADER-EK</a> TROJAN!
Source=Paul Collins Startup list

[cmrss]
Number=1604
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderqq.html" target="_blank">DLOADER-QQ</a> TROJAN!
Source=Paul Collins Startup list

[cmrst]
Number=1605
Confirmed=X
Filename=cmrst.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-032117-2614-99" target=_blank>BANCOS.S</a> TROJAN!
Source=Paul Collins Startup list

[cmrst]
Number=1606
Confirmed=X
Filename=cmrst.scr
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderfp.html" target=_blank>DLOADER-FP</a> TROJAN!
Source=Paul Collins Startup list

[cms]
Number=1607
Confirmed=X
Filename=iserver.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderwk.html" target=_blank>DLOADER-WK</a> TROJAN!
Source=Paul Collins Startup list

[CMSETTINGS]
Number=1608
Confirmed=U
Filename=ctmn.exe
Description=Part of NetNanny <a href="http://www.pcmag.com/article2/0,1759,1265307,00.asp" target="_blank">Chat Monitor</a>
Source=Paul Collins Startup list

[cmsound]
Number=1609
Confirmed=X
Filename=vcpdll.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtcxmedid.html" target=_blank>TCXMEDI-D</a> downloader TROJAN!
Source=Paul Collins Startup list

[cmsound]
Number=1610
Confirmed=X
Filename=vcsystem.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtcxmedid.html" target=_blank>TCXMEDI-D</a> downloader TROJAN!
Source=Paul Collins Startup list

[cmss]
Number=1611
Confirmed=X
Filename=system.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[cmssapp]
Number=1612
Confirmed=X
Filename=iexplore_.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbancq.html" target=_blank>BANCBAN-CQ</a> TROJAN!
Source=Paul Collins Startup list

[cmssapp]
Number=1613
Confirmed=X
Filename=iexplore.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbangf.html" target=_blank>BANCBAN-GF</a> TROJAN! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
Source=Paul Collins Startup list

[cmssSystemProcess]
Number=1614
Confirmed=X
Filename=csmss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentco.html" target=_blank>AGENT-CO</a> TROJAN! 

Source=Paul Collins Startup list

[cmssSystemProcess]
Number=1615
Confirmed=X
Filename=mcsmss.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.EI&VSect=T" target=_blank>AGENT.EI</a> TROJAN!
Source=Paul Collins Startup list

[cmssSystemProcess]
Number=1616
Confirmed=X
Filename=csms.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagenty.html" target= blank>AGENT-Y</a> TROJAN!
Source=Paul Collins Startup list

[CMSystem]
Number=1617
Confirmed=X
Filename=CMSystem.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ConsumerAlertSystem.CASClient&threatid=40038" target="_blank">CASClient</a> adware
Source=Paul Collins Startup list

[cmt101]
Number=1618
Confirmed=X
Filename=cmt101.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list

[CmUCRRun]
Number=1619
Confirmed=?
Filename=CmUCReye.exe
Description=Related to <a href="http://www.medion.de/" target="_blank">Medion</a> Display Information. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[cmx32]
Number=1620
Confirmed=X
Filename=cmx32.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=40493" target=_blank>GEMA.D</a> TROJAN!
Source=Paul Collins Startup list

[Cn323]
Number=1621
Confirmed=X
Filename=cnfrm33.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110414-0646-99" target=_blank>MIMAIL.G</a> WORM!
Source=Paul Collins Startup list

[Cn911]
Number=1622
Confirmed=X
Filename=ODBCJET.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/trojbifrosepr.html" target="_blank">BIFROSE-PR</a> TROJAN!
Source=Paul Collins Startup list

[CNBABE]
Number=1623
Confirmed=X
Filename=CNBABE.EXE
Description=Appears to be spyware added by KAZAA (and maybe others) that displays pop-up ads whilst you're browsing
Source=Paul Collins Startup list

[cnet]
Number=1624
Confirmed=N
Filename=kontiki.exe
Description=<a href="http://www.kontiki.com/products/deliverymanager/index.html" target="_blank">Kontiki Delivery Manager</a> - Windows-based client software that enables secure delivery of content to users' desktops
Source=Paul Collins Startup list

[Cnfrm32]
Number=1625
Confirmed=X
Filename=cnfrm.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110116-0904-99" target=_blank>MIMAIL.D</a> WORM!
Source=Paul Collins Startup list

[CnsMax]
Number=1626
Confirmed=X
Filename=Internat.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-041814-0556-99" target="_blank">POINTEX</a> TROJAN! Note - the real internat.exe resides in %windir%\system (where %windir% is the Windows directory - C:\Windows or C:\Winnt) whereas this version resides in %windir%
Source=Paul Collins Startup list

[CnsMin]
Number=1627
Confirmed=X
Filename=Rundll32.exe CNSMIN.DLL, Rundll32
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=3721%20Chinese%20Keywords%20(CNSMin)&threatid=3678" target=_blank>CnsMin</a> (Chinese Keywords) hijacker related
Source=Paul Collins Startup list

[CnxAdslL]
Number=1628
Confirmed=Y
Filename=CnxAdslL.exe
Description=DLink, Zoom, or Conexant modem driver
Source=Paul Collins Startup list

[CnxDslTaskBar]
Number=1629
Confirmed=N
Filename=CnxDslTb.exe
Description=Connexant DSL Taskbar as used on Acess Runner and Samsung AHT-E310 ADSL modems
Source=Paul Collins Startup list

[Cobian Backup 8 interface]
Number=1630
Confirmed=U
Filename=cbInterface.exe
Description="<a href="http://sourceforge.net/projects/cobianbackup" target="_blank">Cobian Backup</a> is a backup program that can be executed in 2 ways: as a normal application or as a Windows Service. The program can schedule automatic backups for files and directories locally or to FTP servers and can use compression and encryption"
Source=Paul Collins Startup list

[Codename Dashboard]
Number=1631
Confirmed=U
Filename=dashboard.exe
Description=<a href="http://www.downlinx.com/proghtml/415/41557.htm" target="_blank">Codename: Dashboard</a> - &quot;an application that resides at the side of your screen. Built on the Microsoft .NET Framework, it is a host for interchangeable components through which C.D. allows you to have any information you want, on your desktop, all the time&quot;
Source=Paul Collins Startup list

[cof.updit]
Number=1632
Confirmed=X
Filename=[random filename]
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[CognizanceTS]
Number=1633
Confirmed=U
Filename=rundll32.exe [path] AsTsVcc.dll, RegisterModule
Description=Cognizance Corp <a href="http://www.cognizancesecurity.com/products/overview.html" target=_blank>Identity And Access Management</a> suite

Source=Paul Collins Startup list

[Coldlife -icmp]
Number=1634
Confirmed=X
Filename=Systray.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/Print100363.htm" target="_blank">FLOOD.AV</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/systray/" target="_blank">systray.exe</a> process
Source=Paul Collins Startup list

[coloreal]
Number=1635
Confirmed=U
Filename=coloreal.exe
Description=Makes colours sharper and brighter, but will only work with coloreal capable monitors
Source=Paul Collins Startup list

[Colorific Control Panel]
Number=1636
Confirmed=N
Filename=Hgcctl95.exe
Description=From E_Color. Colorific delivers accurate gamma and color temperature across your entire system - monitor to printer and digital camera to monitor
Source=Paul Collins Startup list

[COM Service]
Number=1637
Confirmed=X
Filename=mscom32.com
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081408-1248-99" target="_blank">BEASTY.H</a> TROJAN!
Source=Paul Collins Startup list

[COM Service]
Number=1638
Confirmed=X
Filename=msynvr.com
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-073114-1034-99" target="_blank">BEASTY.G</a> TROJAN!
Source=Paul Collins Startup list

[COM Service]
Number=1639
Confirmed=X
Filename=msjclh.com
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-030615-4253-99" target="_blank">BEASTY.E</a> TROJAN!
Source=Paul Collins Startup list

[COM Service]
Number=1640
Confirmed=X
Filename=msdrce.com
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081110-1125-99" target="_blank">BEASTY.I</a> TROJAN!
Source=Paul Collins Startup list

[COM Service]
Number=1641
Confirmed=X
Filename=msflyx.com
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbeastdoo.html" target=_blank>BEASTDO-O</a> TROJAN!
Source=Paul Collins Startup list

[COM+ Event System]
Number=1642
Confirmed=X
Filename=DRWTSN16.EXE
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list

[COM+ EventSystem Services]
Number=1643
Confirmed=X
Filename=ECSERVER.EXE
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Com+ Sys]
Number=1644
Confirmed=X
Filename=csrs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbt.html" target=_blank>FORBOT-BT</a> WORM!

Source=Paul Collins Startup list

[COM+ System Applications]
Number=1645
Confirmed=X
Filename=lsas.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.SE" target=_blank>AGOBOT.SE</a> WORM!
Source=Paul Collins Startup list

[COM++ System]
Number=1646
Confirmed=X
Filename=exploier.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32lovgatef.html" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list

[COM++ System]
Number=1647
Confirmed=X
Filename=suchost.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32lovgatef.html" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list

[COM++ System]
Number=1648
Confirmed=X
Filename=svchost.exe...
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32lovgatef.html" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list

[COM-IP]
Number=1649
Confirmed=N
Filename=COMIP.EXE
Description=COM-IP Virtual Modem Driver (COM-IP Creates a Fake Serial Port that allows you to use older DOS Based Communications Programs over Telnet. Type atdt host.domain.com instead of atdt 5551212)
Source=Paul Collins Startup list

[ComAgent]
Number=1650
Confirmed=U
Filename=ComAgent.exe
Description=ComAgent - <a href="http://www.altn.com/products/default.asp?product_id=MDaemon" target=_blank>MDaemon's</a> instant messaging client
Source=Paul Collins Startup list

[combo.exe]
Number=1651
Confirmed=X
Filename=combo.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojchimoc.html" target=_blank>CHIMO-C</a> TROJAN!
Source=Paul Collins Startup list

[combop.exe]
Number=1652
Confirmed=X
Filename=combop.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbowfeeda.html" target=_blank>BOWFEED-A</a> TROJAN!
Source=Paul Collins Startup list

[Comcast Network]
Number=1653
Confirmed=X
Filename=ribiva.exe
Description=Added by an <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031015-3147-99" target= blank>IRC TROJAN</a> variant!
Source=Paul Collins Startup list

[ComcastSUPPORT]
Number=1654
Confirmed=X
Filename=tgkill.exe
Description=Comcast (the cable folks who are replacing @home in some parts of the USA) have struck a deal with Tioga to provide an &quot;enhanced&quot; support and self-repairing tool. This is &quot;beta&quot; at present and was made available to download by mistake at present. Remove via Start -&gt; Settings -&gt; Add/Remove Programs
Source=Paul Collins Startup list

[COMCFG]
Number=1655
Confirmed=X
Filename=comcfg.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_TOADCOM.A" target="_blank">TOADCOM.A</a> TROJAN!
Source=Paul Collins Startup list

[comctl32]
Number=1656
Confirmed=X
Filename=comctl32.exe
Description=Adware - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as TrojanDownloader.Win32.Agent.am
Source=Paul Collins Startup list

[COMDRV32]
Number=1657
Confirmed=U
Filename=svdhost.exe
Description=<a href="http://www.protectcom.com/" target="_blank">Orvell Monitoring 2003</a> surveillance software. Uninstall this software unless you put it there yourself. Note - asks for permission to contact the IP address of http://www.protectcom.com/
Source=Paul Collins Startup list

[Comm Driver]
Number=1658
Confirmed=U
Filename=commh32.exe
Description=G Data "PC Spion". PC monitoring and surveilling software, captures all users activity on the PC, see <a href="http://archiv.chip.de/artikel/c1_archiv_artikel_17080599.html" target="_blank">here</a>. Disable/remove if you didn't install it yourself!
Source=Paul Collins Startup list

[Command]
Number=1659
Confirmed=X
Filename=system.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_GATECRASH.A" target="_blank">GATECRASH.A</a> or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_GATECRASH.B" target="_blank">GATECRASH.B</a> TROJANS!

Source=Paul Collins Startup list

[Command]
Number=1660
Confirmed=X
Filename=Gotit.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-121712-0428-99" target="_blank">TITOG</a> WORM!
Source=Paul Collins Startup list

[COMMAND]
Number=1661
Confirmed=X
Filename=command.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092815-0339-99" target="_blank">QQPASS.E</a> TROJAN!
Source=Paul Collins Startup list

[command]
Number=1662
Confirmed=X
Filename=javaw.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotlg.html" target=_blank>AGOBOT-LG</a> WORM!
Source=Paul Collins Startup list

[Command Prompt32]
Number=1663
Confirmed=X
Filename=CmdPrompt32.pif
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030222-1459-99" target=_blank>ASSIRAL.B</a> WORM!
Source=Paul Collins Startup list

[command32]
Number=1664
Confirmed=X
Filename=command32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineadla.html" target=_blank>LINEADI-A</a> TROJAN!
Source=Paul Collins Startup list

[CommCtr]
Number=1665
Confirmed=N
Filename=commctr.exe
Description="<a href="http://web.net2phone.com/consumer/commcenter/" target="_blank">Net2Phone CommCenter</a> is the latest in Internet voice technology allowing you to place calls easily all over the world right from your PC!". Available via Start -> Programs
Source=Paul Collins Startup list

[Comodo Firewall]
Number=1666
Confirmed=U
Filename=CPF.exe
Description=<a href="http://www.personalfirewall.comodo.com/" target="_blank">Comodo Firewall</a>
Source=Paul Collins Startup list

[CompanionWizard]
Number=1667
Confirmed=N
Filename=compwiz.exe
Description=WinAntiVirus 2006 virus software - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[Compaq Alerter]
Number=1668
Confirmed=U
Filename=CPQAlert.exe
Description=Compaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See <a href="http://h18000.www1.hp.com/products/servers/management/cim-description.html" target="_blank">here</a> for more information
Source=Paul Collins Startup list

[Compaq Computer Corp SCCenter Module]
Number=1669
Confirmed=N
Filename=SCCENTER.EXE
Description=For Compaq PC's. Part of Backweb
Source=Paul Collins Startup list

[Compaq Computer Security]
Number=1670
Confirmed=?
Filename=Rundll32.exe SECURE32.CPL, Service
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Compaq Connections]
Number=1671
Confirmed=N
Filename=COMPAQ~1.EXE
Description=See <a href="http://h10025.www1.hp.com/ewfrf/wc/genericDocument?cc=us&docname=bph05170&lc=en&jumpid=reg_R1002_USEN#bph05170_G5" target="_blank">here</a> - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners"
Source=Paul Collins Startup list

[Compaq Connections]
Number=1672
Confirmed=N
Filename=BackWeb-1940576.exe
Description=See <a href="http://h10025.www1.hp.com/ewfrf/wc/genericDocument?cc=us&docname=bph05170&lc=en&jumpid=reg_R1002_USEN#bph05170_G5" target="_blank">here</a> - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners". * can be any digit
Source=Paul Collins Startup list

[Compaq DMI]
Number=1673
Confirmed=N
Filename=cpqdmi.exe
Description=Compaq version of the Desktop Management Interface
Source=Paul Collins Startup list

[Compaq Drivers]
Number=1674
Confirmed=X
Filename=F1rewalls.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwd.html" target= blank>SDBOT-WD</a> WORM!
Source=Paul Collins Startup list

[Compaq Internet Setup]
Number=1675
Confirmed=N
Filename=inetwizard.exe
Description=For Compaq PC's. Runs Compaq internet setup wizard and offers you to signup from ISP list
Source=Paul Collins Startup list

[Compaq Jes Drivers]
Number=1676
Confirmed=X
Filename=winjes.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxr.html" target= blank>SDBOT-XR</a> WORM!
Source=Paul Collins Startup list

[Compaq Knowledge Center]
Number=1677
Confirmed=U
Filename=silent.exe & matcli.exe
Description=&quot;matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file while silent.exe executes matcli.exe quietly in the background. Compaq Knowledge Center is required to run with the Help and Support program. If you uncheck Compaq Knowledge Center and and then run help and Support it will add another Compaq Knowledge Center in the startup menu. If you remove the Compaq Knowledge Center in the add/remove program some help menus in help and support will not be available like Fix my Presario, Preference, and Contact Technical Support&quot;. You decide
Source=Paul Collins Startup list

[Compaq Message Server]
Number=1678
Confirmed=N
Filename=COMPAQ-RBA.EXE
Description=Applies to the CPQBootPerfDB entry as well. These files generate some kind of server or servlet that attempts to connect with Compaq online. They are like Trojans, but fairly harmless. They send information on the "Compaq Advisor/Compaq Message Screener" application that comes with every Compaq computer and provide feedback on how computer users use the Message Advisor. These messages appear occasionally and instruct and advise users on their computer and its use. They generally attempt to get you (these messages) to connect to Compaq's website. They may be safely disabled via (1) MSCONFIG or (2) Start -> Programs -> Compaq Advisor -> Advisor Settings under the "advanced" tab. Not required and can cause problems
Source=Paul Collins Startup list

[Compaq PK Daemon]
Number=1679
Confirmed=U
Filename=cpqkl.exe
Description=For Compaq laptops for programming user configurable keys. Not required unless you use them
Source=Paul Collins Startup list

[Compaq Print Fax]
Number=1680
Confirmed=X
Filename=cpqa1000.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BCV&VSect=T" target=_blank>SDBOT.BCV</a> WORM! Please take note of the difference between the legitimate Compaq Fax Utility Name (A1000 Settings Utility) and the name (Compaq Print Fax) used by this worm
Source=Paul Collins Startup list

[Compaq Service Drivers]
Number=1681
Confirmed=X
Filename=systeminfos.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxc.html" target=_blank>SDBOT-XC</a> WORM!
Source=Paul Collins Startup list

[Compaq Service Drivers]
Number=1682
Confirmed=X
Filename=compq.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Compaq Service Drivers]
Number=1683
Confirmed=X
Filename=navapqwa.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BBQ&VSect=T" target=_blank>SDBOT.BBQ</a> WORM!
Source=Paul Collins Startup list

[Compaq Service Drivers]
Number=1684
Confirmed=X
Filename=amsn.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Compaq Service Drivers]
Number=1685
Confirmed=X
Filename=compqs.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Compaq Service Drivers]
Number=1686
Confirmed=X
Filename=msnt.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.CQL&VSect=T" target=_blank>SDBOT.CQL</a> WORM!
Source=Paul Collins Startup list

[Compaq Service Drivers]
Number=1687
Confirmed=X
Filename=NtKernelSystem.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Compaq Service Drivers]
Number=1688
Confirmed=X
Filename=wincmd.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ATV&VSect=P" target=_blank>RBOT.ATV</a> WORM!
Source=Paul Collins Startup list

[Compaq Service Drivers]
Number=1689
Confirmed=X
Filename=wind32.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Compaq Service Drivers]
Number=1690
Confirmed=X
Filename=winmsn.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Compaq Service Drivers]
Number=1691
Confirmed=X
Filename=compaq.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotafu.html" target=_blank>SDBOT-AFU</a> WORM!
Source=Paul Collins Startup list

[Compaq Service Drivers]
Number=1692
Confirmed=X
Filename=msnsvc.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BKT&VSect=T" target=_blank>RBOT.BKT</a> WORM!
Source=Paul Collins Startup list

[Compaq Service Drivers]
Number=1693
Confirmed=X
Filename=ntsys32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CIW&VSect=T" target=_blank>RBOT.CIW</a> WORM!
Source=Paul Collins Startup list

[Compaq Service Drivers]
Number=1694
Confirmed=X
Filename=winsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotagd.html" target="_blank">SDBOT-AGD</a> WORM!
Source=Paul Collins Startup list

[Compaq Service Drivers 32]
Number=1695
Confirmed=X
Filename=compq32.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Compaq Service Drivrs]
Number=1696
Confirmed=X
Filename=copq.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Compaq Services Drivers]
Number=1697
Confirmed=X
Filename=ndt32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CQZ&VSect=T" target=_blank>RBOT.CQZ</a> WORM!
Source=Paul Collins Startup list

[Compaq Sound Drivers For WINDOWS]
Number=1698
Confirmed=X
Filename=sounddr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxg.html" target=_blank>SDBOT-XG</a> WORM!
Source=Paul Collins Startup list

[Compaq Video CD Watcher]
Number=1699
Confirmed=N
Filename=??
Description=For Compaq PC's. MPEG viewer
Source=Paul Collins Startup list

[Compaq32 Service Drivers]
Number=1700
Confirmed=X
Filename=ms32.exe
Description=Added by the <a href="http://bg.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=3&VName=WORM_SDBOT.BWH" target=_blank>SDBOT.BWH</a> WORM!
Source=Paul Collins Startup list

[Compaq32 Service Drivers]
Number=1701
Confirmed=X
Filename=msconfig32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotadc.html" target=_blank>SDBOT-ADC</a> WORM!
Source=Paul Collins Startup list

[Compaq32 Service Drivers]
Number=1702
Confirmed=X
Filename=msnt32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BVF&VSect=T" target=_blank>RBOT.BVF</a> WORM!
Source=Paul Collins Startup list

[CompaqHW Comp Manager]
Number=1703
Confirmed=?
Filename=cpqhcm.exe
Description=<font color="#FF0000">Running on a Compaq laptop - any ideas?</font>
Source=Paul Collins Startup list

[CompaqPrinTray]
Number=1704
Confirmed=N
Filename=printray.exe
Description=Puts printer icon in the System Tray. When this option is disabled you will no longer be able to access the Control Program or Printer Driver directly from your desktop
Source=Paul Collins Startup list

[Compaqs Service Driver]
Number=1705
Confirmed=X
Filename=copypad32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.CSO&VSect=T" target=_blank>SDBOT.CSO</a> WORM!
Source=Paul Collins Startup list

[Compaqs Service Drivers]
Number=1706
Confirmed=X
Filename=compqs.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[CompaqSystray]
Number=1707
Confirmed=N
Filename=cpqpscp.exe
Description=Compaq System Tray icon
Source=Paul Collins Startup list

[Compatibility Service Process]
Number=1708
Confirmed=X
Filename=regsvs.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040817-5940-99" target="_blank">GAOBOT.YN</a> WORM!
Source=Paul Collins Startup list

[Compd Service Drivrs]
Number=1709
Confirmed=X
Filename=codq.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[ComproRemote]
Number=1710
Confirmed=U
Filename=ComproRemote.exe
Description=<a href="http://www.comprousa.com/New/en/home.html" target=_blank>VideoMate</a> TV tuner and capture card - remote control driver

Source=Paul Collins Startup list

[ComproSchedulerDTV]
Number=1711
Confirmed=U
Filename=ComproSchedulerDTV.exe
Description=<a href="http://www.comprousa.com/New/en/home.html" target=_blank>VideoMate</a> TV tuner and capture card - scheduler

Source=Paul Collins Startup list

[Computing Technologie Firewall]
Number=1712
Confirmed=X
Filename=lsauth.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwx.html" target= blank>SDBOT-WX</a> WORM!
Source=Paul Collins Startup list

[COMSMDEXE]
Number=1713
Confirmed=N
Filename=comsmd.exe
Description=3Com tray icon
Source=Paul Collins Startup list

[ComStart]
Number=1714
Confirmed=N
Filename=Trojan Guarder.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-071914-2557-99" target="_blank">TrojanGuarder</a> is a security risk that may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported threats
Source=Paul Collins Startup list

[ComTry Web Searcher]
Number=1715
Confirmed=X
Filename=wstray.exe
Description=Comtry MP3 Downloader related - spyware
Source=Paul Collins Startup list

[comxt]
Number=1716
Confirmed=X
Filename=comxt.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100710-2042-99" target="_blank">COMXT</a> TROJAN!
Source=Paul Collins Startup list

[con]
Number=1717
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbravea.html" target=_blank>BRAVE-A</a> TROJAN!

Source=Paul Collins Startup list

[Config]
Number=1718
Confirmed=X
Filename=service.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092311-3948-99" target="_blank">ISRAZ.B</a> WORM!
Source=Paul Collins Startup list

[Config Loadation]
Number=1719
Confirmed=X
Filename=iEEexplore.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-041721-2428-99" target="_blank">SDBOT.H</a> TROJAN!
Source=Paul Collins Startup list

[Config Loadatiorin]
Number=1720
Confirmed=X
Filename=I3Explorer.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-041721-2428-99" target="_blank">SDBOT.H</a> TROJAN!
Source=Paul Collins Startup list

[Config Loader]
Number=1721
Confirmed=X
Filename=svchosl.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-040409-1043-99" target="_blank">GAOBOT.P</a> WORM!
Source=Paul Collins Startup list

[Config Loader]
Number=1722
Confirmed=X
Filename=sysldr32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-102419-1801-99" target="_blank">GAOBOT</a> WORM!
Source=Paul Collins Startup list

[Config Loader]
Number=1723
Confirmed=X
Filename=scvhost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091111-5223-99" target="_blank">GAOBOT.AE</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORMS!
Source=Paul Collins Startup list

[Config Loader]
Number=1724
Confirmed=X
Filename=svhost.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target="_blank">AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list

[Config Loader for Microsoft Windows]
Number=1725
Confirmed=X
Filename=mwincfg32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.BD" target="_blank">AGOBOT.BD</a> WORM!
Source=Paul Collins Startup list

[Config Loader2]
Number=1726
Confirmed=X
Filename=explores.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-103111-3854-99" target="_blank">GAOBOT.BT</a> WORM!
Source=Paul Collins Startup list

[Config Loadr]
Number=1727
Confirmed=X
Filename=winsys32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobothn.html" target=_blank>AGOBOT-HN</a> WORM!
Source=Paul Collins Startup list

[Config33.exe]
Number=1728
Confirmed=X
Filename=Config33.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.T" target=_blank>SDBOT.T</a> TROJAN!

Source=Paul Collins Startup list

[ConfiggLoader]
Number=1729
Confirmed=X
Filename=cart322.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112612-5132-99" target="_blank">GAOBOT.DJ</a> WORM!
Source=Paul Collins Startup list

[ConfigSafe]
Number=1730
Confirmed=U
Filename=CFGSAFE.EXE
Description=<a href="http://www.imaginelan.com/configsafe/index.html" target="_blank">ConfigSafe</a> - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions -- provides a restore function. Your choice
Source=Paul Collins Startup list

[ConfigSafe]
Number=1731
Confirmed=U
Filename=AUTOCHK.EXE
Description=<a href="http://www.imaginelan.com/configsafe/index.html" target="_blank">ConfigSafe</a> - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions -- provides a restore function. Your choice
Source=Paul Collins Startup list

[ConfigServices]
Number=1732
Confirmed=N
Filename=Config.exe
Description=Part of initial setup on a Compaq PC
Source=Paul Collins Startup list

[configsetup]
Number=1733
Confirmed=X
Filename=configsetup32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotafp.html" target=_blank>AGOBOT-AFP</a> WORM!
Source=Paul Collins Startup list

[Configuration]
Number=1734
Confirmed=X
Filename=explorer32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotml.html" target="_blank">SDBOT-ML</a> WORM!
Source=Paul Collins Startup list

[Configuration]
Number=1735
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotml.html" target=_blank>SDBOT-ML</a> WORM!

Source=Paul Collins Startup list

[configuration]
Number=1736
Confirmed=X
Filename=apphost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotvp.html" target= blank>SDBOT-VP</a> WORM!
Source=Paul Collins Startup list

[Configuration]
Number=1737
Confirmed=X
Filename=ntsys32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotln.html" target= blank>SDBOT-LN</a> WORM!
Source=Paul Collins Startup list

[Configuration Default]
Number=1738
Confirmed=X
Filename=Wuxat.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotca.html" target=_blank>SPYBOT-CA</a> WORM!

Source=Paul Collins Startup list

[Configuration File]
Number=1739
Confirmed=X
Filename=Winset32.exe
Description=Added by the FLUX.101 TROJAN!

Source=Paul Collins Startup list

[Configuration Loaded]
Number=1740
Confirmed=X
Filename=wupdated.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080813-3234-99" target="_blank">MOEGA</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-021013-3329-99" target="_blank">MOEGA.AG</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-022818-2915-99" target="_blank">MOEGA.AP</a> WORMS!
Source=Paul Collins Startup list

[Configuration Loaded]
Number=1741
Confirmed=X
Filename=lssas.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process
Source=Paul Collins Startup list

[Configuration Loader]
Number=1742
Confirmed=X
Filename=aim95.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LOADCFG.A" target="_blank"> LOADCFG</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99" target="_blank">SDBOT</a> TROJANS!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1743
Confirmed=X
Filename=cmd32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LOADCFG.A" target="_blank"> LOADCFG</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99" target="_blank">SDBOT</a> TROJANS!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1744
Confirmed=X
Filename=service5.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091710-1153-99" target="_blank">GAOBOT.AF</a> WORM!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1745
Confirmed=?
Filename=lfass.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Configuration Loader]
Number=1746
Confirmed=X
Filename=sycfg34.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092916-3339-99" target="_blank">GAOBOT.AN</a> WORM!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1747
Confirmed=X
Filename=wincrt32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102714-0859-99" target="_blank">GAOBOT.BF</a> WORM!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1748
Confirmed=X
Filename=windex.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110115-4341-99" target="_blank">GAOBOT.BZ</a> WORM!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1749
Confirmed=X
Filename=dosrun32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1750
Confirmed=X
Filename=Service.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1751
Confirmed=X
Filename=Servicess.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1752
Confirmed=X
Filename=sw32.exe
Description=Added by the <a href="http://es.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&VName=WORM_AGOBOT.BQ" target="_blank">AGOBOT.BQ</a> WORM!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1753
Confirmed=X
Filename=System.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1754
Confirmed=X
Filename=Winreg.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1755
Confirmed=X
Filename=sysinfo.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-011214-4249-99" target="_blank">GAOBOT.FQ</a> WORM!

Source=Paul Collins Startup list

[Configuration Loader]
Number=1756
Confirmed=X
Filename=microsoft.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-020416-5105-99" target="_blank">GAOBOT.JB</a> WORM!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1757
Confirmed=X
Filename=confgldr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031915-3501-99" target="_blank">GAOBOT.GEN!POLY</a> WORM!
Source=Paul Collins Startup list

[configuration loader]
Number=1758
Confirmed=X
Filename=winicfg32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032013-3449-99" target="_blank">GAOBOT.RQ</a> WORM!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1759
Confirmed=X
Filename=svhst.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040717-1139-99" target="_blank">GAOBOT.YC</a> WORM!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1760
Confirmed=X
Filename=msgfix.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-062910-1433-99" target="_blank">GAOBOT.AUS</a> or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.J" target="_blank">SDBOT.J</a> or <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotqg.html" target=_blank>SDBOT-QG</a> WORMS!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1761
Confirmed=X
Filename=msnss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-062910-1433-99" target="_blank">GAOBOT.AUS</a> WORM!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1762
Confirmed=X
Filename=IEXPL0RE.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LOADCFG.A" target="_blank"> LOADCFG</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99" target="_blank">SDBOT</a> TROJANS!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1763
Confirmed=X
Filename=loadcfg32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LOADCFG.A" target="_blank"> LOADCFG</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99" target="_blank">SDBOT</a> TROJANS!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1764
Confirmed=X
Filename=MSTasks.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LOADCFG.A" target="_blank"> LOADCFG</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99" target="_blank">SDBOT</a> TROJANS!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1765
Confirmed=X
Filename=systemry.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1766
Confirmed=X
Filename=ccSort.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_AGOBOT.SR" target=_blank>AGOBOT.SR</a> WORM!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1767
Confirmed=X
Filename=smss32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.MB" target=_blank>AGOBOT.MB</a> WORM!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1768
Confirmed=X
Filename=wincffg.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.A3&VSect=T" target=_blank>AGOBOT.A3</a> WORM!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1769
Confirmed=X
Filename=seru32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotvr.html" target=_blank>SDBOT-VR</a> WORM!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1770
Confirmed=X
Filename=botss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxs.html" target= blank>SDBOT-XS</a> WORM!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1771
Confirmed=X
Filename=ldasp.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.BH" target="_blank">AGOBOT.BH</a> WORM!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1772
Confirmed=X
Filename=msgcfgsrv.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target="_blank">AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1773
Confirmed=X
Filename=smsai.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotye.html" target= blank>SDBOT-YE</a> WORM!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1774
Confirmed=X
Filename=svupdate.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051410-0631-99" target= blank>RANDEX.DXP</a> WORM!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1775
Confirmed=X
Filename=crcss.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.ADG&VSect=T" target=_blank>AGOBOT.ADG</a> WORM!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1776
Confirmed=X
Filename=lexplore.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagx.html" target=_blank>RBOT-AGX</a> WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer
Source=Paul Collins Startup list

[Configuration Loader]
Number=1777
Confirmed=X
Filename=scvhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotaae.html" target=_blank>AGOBOT-AAE</a> and <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060816-2421-99" target=_blank>SDBOT.AR</a> WORMS!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1778
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32paradropa.html" target=_blank>PARADROP-A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1779
Confirmed=X
Filename=svchost2.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.JR&VSect=P" target=_blank>AGOBOT.JR</a> WORM!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1780
Confirmed=X
Filename=dezi.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotob.html" target=_blank>SDBOT-OB</a> WORM!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1781
Confirmed=X
Filename=mouse.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1782
Confirmed=X
Filename=msg.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BT&VSect=P" target=_blank>SDBOT.BT</a> WORM!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1783
Confirmed=X
Filename=WinHelper.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1784
Confirmed=X
Filename=extrac.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotafp.html" target=_blank>SDBOT-AFP</a> WORM!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1785
Confirmed=X
Filename=DVD-Player.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1786
Confirmed=X
Filename=IEXPLORE.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotkw.html" target=_blank>SDBOT-KW</a> WORM! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a>) process, which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup unless you add it manually! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[Configuration Loader]
Number=1787
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32paradropa.html" target=_blank>PARADROP-AI</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which should not normally figure in Msconfig/Startup!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1788
Confirmed=X
Filename=wincore.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BHE" target="_blank">SDBOT.BHE</a> WORM!
Source=Paul Collins Startup list

[Configuration Loader]
Number=1789
Confirmed=X
Filename=configldr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotpp.html" target="_blank">AGOBOT-PP</a> TROJAN!
Source=Paul Collins Startup list

[Configuration Loader ]
Number=1790
Confirmed=X
Filename=syscfg32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-102319-2939-99" target="_blank">SDBOT.B</a> TROJAN!
Source=Paul Collins Startup list

[Configuration Loader Service]
Number=1791
Confirmed=X
Filename=Winsys32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyv.html" target=_blank>RBOT-YV</a> WORM!
Source=Paul Collins Startup list

[Configuration Loader Service]
Number=1792
Confirmed=X
Filename=devl32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxy.html" target= blank>SDBOT-XY</a> WORM!
Source=Paul Collins Startup list

[Configuration Loader10]
Number=1793
Confirmed=X
Filename=ip7.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotanz.html" target=_blank>AGOBOT-ANZ</a> WORM!
Source=Paul Collins Startup list

[Configuration Loading]
Number=1794
Confirmed=X
Filename=svchos1.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120514-4926-99" target="_blank">GAOBOT.DK</a> WORM!
Source=Paul Collins Startup list

[Configuration Loading]
Number=1795
Confirmed=X
Filename=configldr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotec.html" target="_blank">AGOBOT-EC</a> WORM!
Source=Paul Collins Startup list

[Configuration Loading Service]
Number=1796
Confirmed=X
Filename=wscel.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwj.html" target= blank>SDBOT-WJ</a> WORM!
Source=Paul Collins Startup list

[Configuration Loadr]
Number=1797
Confirmed=X
Filename=iexplore.exee
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Configuration Manager]
Number=1798
Confirmed=X
Filename=CNFGLD32.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99" target="_blank">SDBOT</a> TROJAN!
Source=Paul Collins Startup list

[Configuration Manager]
Number=1799
Confirmed=X
Filename=Cnfgldr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99" target="_blank">SDBOT</a> TROJAN!
Source=Paul Collins Startup list

[Configuration Manager]
Number=1800
Confirmed=X
Filename=cfg32.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BookedSpace&threatid=3275" target=_blank>BookedSpace</a> parasite
Source=Paul Collins Startup list

[Configuration Servecie]
Number=1801
Confirmed=X
Filename=sewins.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotcoh.html" target="_blank">SDBOT-COH</a> WORM!
Source=Paul Collins Startup list

[Configuration Service]
Number=1802
Confirmed=X
Filename=suchost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081709-4000-99" target="_blank">TREB</a> TROJAN!
Source=Paul Collins Startup list

[Configuration Services]
Number=1803
Confirmed=X
Filename=mswords.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotym.html" target=_blank>SDBOT-YM</a> WORM!
Source=Paul Collins Startup list

[Configuration Utility]
Number=1804
Confirmed=N
Filename=CONFIG.EXE
Description=Controls linksys wireless connection. Available from the Desktop
Source=Paul Collins Startup list

[Configuration Utility]
Number=1805
Confirmed=U
Filename=wlanutil.exe
Description=<a href="http://www.netgear.com/" target="_blank">NetGear</a> Wireless LAN configuration utility for the MA311 802.11b (and maybe other cards)
Source=Paul Collins Startup list

[Configuration Wizard]
Number=1806
Confirmed=X
Filename=Cfgwiz32.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_HCKTCK.2K.C" target="_blank">HACKTACK</a> TROJAN! Not to be confused with the legitimate MS "ISDN Configuration Wizard" (Cfgwiz32.exe)
Source=Paul Collins Startup list

[Configuration32 Loader32]
Number=1807
Confirmed=X
Filename=winamp32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotbic.html" target=_blank>SDBOT-BIC</a> WORM!
Source=Paul Collins Startup list

[ConfLoader]
Number=1808
Confirmed=X
Filename=sysconf16.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsdbotfb.html" target=_blank>SDBOT-FB</a> TROJAN!
Source=Paul Collins Startup list

[Conmgr]
Number=1809
Confirmed=N
Filename=conmgr.exe
Description=Starts Winfax pro at startup
Source=Paul Collins Startup list

[ConMgr.exe]
Number=1810
Confirmed=U
Filename=conmgr.exe
Description=Connection Manager as used by Earthlink and others. If you need this to ensure a proper connection but don't want to connect at startup try creating your own shortcut&nbsp;
Source=Paul Collins Startup list

[Connect2Party]
Number=1811
Confirmed=X
Filename=connect2party.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[Connection Keeper]
Number=1812
Confirmed=U
Filename=ConKeepM.exe
Description="<a href="http://www.gammadyne.com/conkeep.htm" target="_blank">Connection Keeper</a> is an invaluable time-saving tool for dial-up users. This free program simulates Internet browsing (at a random interval) to prevent your connection from appearing idle, thus preventing your ISP from dropping your connection due to inactivity"
Source=Paul Collins Startup list

[Connection Manager]
Number=1813
Confirmed=N
Filename=CManager.exe
Description=SBC Yahoo DSL service connection manager. You can connect from the network connections. Users having problems with this have been advised to uninstall the connection manager via Add/Remove Programs and it won't affect the service
Source=Paul Collins Startup list

[Connectivity Tool]
Number=1814
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlitebote.html" target=_blank>LITEBOT-E</a> TROJAN!
Source=Paul Collins Startup list

[Connector]
Number=1815
Confirmed=X
Filename=SYS.EXE
Description=Added by the <a href="http://www.sarc.com/avcenter/venc/data/dialer.nunci.html" target=_blank>dialer.Nunci</a> premium dialer
Source=Paul Collins Startup list

[Connector]
Number=1816
Confirmed=X
Filename=sms.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/dialexdialb.html" target=_blank>ExDial-B</a> premium rate adult content dialer
Source=Paul Collins Startup list

[Cons]
Number=1817
Confirmed=X
Filename=consol32.exe
Description=Hijacker - redirects to a p0rn portal, where foistware like ISTBar gets stealth installed
Source=Paul Collins Startup list

[conscorr]
Number=1818
Confirmed=X
Filename=conscorr.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=VX2.Transponder&threatid=12517" target=_blank>VX2.Transponder</a> parasite updater/installer related
Source=Paul Collins Startup list

[Console de Gerenciamento Microsoft]
Number=1819
Confirmed=X
Filename=csrss.exe
Description=Unidentified malware! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a System\Level4 subfolder

Source=Paul Collins Startup list

[Console de Gerenciamento Microsoft]
Number=1820
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanet.html" target=_blank>BANCBAN-ET</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Central de Segurança" subfolder
Source=Paul Collins Startup list

[Consumer Input]
Number=1821
Confirmed=U
Filename=ConsumerInput.exe
Description=<a href="http://www.consumerinput.com/" target="_blank">Consumer Input</a> Toolbar. Opt-in market research monitoring you browsing habits - see the FAQ
Source=Paul Collins Startup list

[Consumer Input Rewarded with MyPoints, Consumer Input]
Number=1822
Confirmed=U
Filename=ConsumerInputRewardedwithMyPoints, ConsumerInput.exe
Description=<a href="http://www.consumerinput.com/" target="_blank">Consumer Input</a> Toolbar. Opt-in market research monitoring you browsing habits - see the FAQ
Source=Paul Collins Startup list

[Consumer Input Rewarded with MyPoints, Consumer Input Update]
Number=1823
Confirmed=U
Filename=ConsumerInputRewardedwithMyPoints, ConsumerInputUa.exe
Description=<a href="http://www.consumerinput.com/" target="_blank">Consumer Input</a> Toolbar. Opt-in market research monitoring you browsing habits - see the FAQ
Source=Paul Collins Startup list

[Contacte]
Number=1824
Confirmed=?
Filename=contacte.exe
Description=<font color="#FF0000">Some kind of driver?</font>
Source=Paul Collins Startup list

[Content connector]
Number=1825
Confirmed=X
Filename=[random filename].exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdialery.html" target="_blank">DIALER-Y</a> TROJAN! Note - uses a random filename and random folders. Usually the folder containing the file is a Temp folder
Source=Paul Collins Startup list

[ContentDownload]
Number=1826
Confirmed=X
Filename=rundll32.exe MSA64CHK.dll, DllMostrar
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MatrixDialer&threatid=14914" target=_blank>MatrixDialer</a> related
Source=Paul Collins Startup list

[ContentService]
Number=1827
Confirmed=X
Filename=winservn.exe
Description=Homepage hijacker
Source=Paul Collins Startup list

[ContinueInstall]
Number=1828
Confirmed=X
Filename=bpsinstall.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrowserAid&threatid=3342" target="_blank">BrowserAid/BrowserPal</a> foistware
Source=Paul Collins Startup list

[Control]
Number=1829
Confirmed=X
Filename=rundll32.exe ctrlpan.dll, Restore ControlPanel
Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#msconfd" target=_blank>Msconfd</a> parasite variant
Source=Paul Collins Startup list

[Control Center]
Number=1830
Confirmed=N
Filename=Center.exe
Description=Related to an <a href="http://www.asus.com/" target=_blank>Asus</a> WLAN card
Source=Paul Collins Startup list

[Control handler]
Number=1831
Confirmed=X
Filename=***********.exe [* = random char]
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list

[Control handler]
Number=1832
Confirmed=X
Filename=ahjinst.exe
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list

[Control handler]
Number=1833
Confirmed=X
Filename=[10 to 14 random char]THD.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkrepperai.html" target=_blank>KREPPER-AI</a> TROJAN!
Source=Paul Collins Startup list

[control panel]
Number=1834
Confirmed=N
Filename=smctrlw.exe
Description=System Tray icon for a Silicon Motion LynxEM based PCI Graphics Card
Source=Paul Collins Startup list

[Control Panel]
Number=1835
Confirmed=X
Filename=System.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-020515-1939-99" target="_blank">DANI</a> TROJAN!
Source=Paul Collins Startup list

[control panel software service]
Number=1836
Confirmed=X
Filename=cprs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfpi.html" target="_blank">RBOT-FPI</a> WORM!
Source=Paul Collins Startup list

[Controladores]
Number=1837
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtelefoa.html" target=_blank>TELEFO-A</a> TROJAN!
Source=Paul Collins Startup list

[ControlCenter2.0]
Number=1838
Confirmed=N
Filename=brctrcen.exe
Description=Brother scanner 'Control Center' application - can be started manually

Source=Paul Collins Startup list

[ControlCentreTray]
Number=1839
Confirmed=N
Filename=XWCTray.exe
Description=System Tray access for the Xerox ControlCentre 2.0 software for their range of printers, copiers, faxes, etc
Source=Paul Collins Startup list

[Controlled Resource System Service]
Number=1840
Confirmed=X
Filename=crss.exe
Description=Added by the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/crss/" target=_blank>AGOBOT.GH</a> WORM!
Source=Paul Collins Startup list

[Controller]
Number=1841
Confirmed=N
Filename=WFXCTL32.EXE
Description=From Symantec's TalkWorks Pro and WinFax. Appears if you chose to have the program appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[ControlPanel]
Number=1842
Confirmed=X
Filename=rundll32 internat.dll, LoadKeyboardProfile
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list

[ControlPanel]
Number=1843
Confirmed=X
Filename=host32.exe internat.dll, LoadKeyboardProfile
Description=Added by a vairant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DELF.DW" target="_blank">DELF.DW</a> TROJAN!
Source=Paul Collins Startup list

[ControlPanel]
Number=1844
Confirmed=X
Filename=[path] cmd32.exe internat.dll, LoadKeyboardProfile
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderhf.html" target="_blank">DLOADER-HF</a> TROJAN!
Source=Paul Collins Startup list

[ControlPanel]
Number=1845
Confirmed=X
Filename=systemctrl.exe internet.dll, LoadNetworkProfile
Description=Browser hijacker, also detected as <a href="http://www.sophos.com/virusinfo/analyses/trojstartpafx.html" target= blank>STARTPA-FX</a>
Source=Paul Collins Startup list

[ControlPanel]
Number=1846
Confirmed=X
Filename=internat.dll, LoadKeyboardProfile
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbizvesa.html" target=_blank>BIZVES-A</a> TROJAN!
Source=Paul Collins Startup list

[ControlPanel]
Number=1847
Confirmed=X
Filename=popcorn.exe internat.dll, LoadKeyboardProfile
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbizvesb.html" target=_blank>BIZVES-B</a> TROJAN!
Source=Paul Collins Startup list

[ControlPanel]
Number=1848
Confirmed=X
Filename=popcorn64.exe
Description=Browser hijacker, redirecting to loadcash.biz
Source=Paul Collins Startup list

[ControlPanel]
Number=1849
Confirmed=X
Filename=popcorn64.exe rundll.dll, LoadMouseProfile
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderoi.html" target=_blank>DLOADER-OI</a> TROJAN!
Source=Paul Collins Startup list

[ControlPanel]
Number=1850
Confirmed=X
Filename=popcorn72.exe rundll.dll, LoadMouseProfile
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderra.html" target=_blank>DLOADER-RA</a> TROJAN!
Source=Paul Collins Startup list

[ControlPanel]
Number=1851
Confirmed=X
Filename=svcc.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/adware.worldsearch.html" target=_blank>WorldSearch</a> adware
Source=Paul Collins Startup list

[ControlPanel]
Number=1852
Confirmed=X
Filename=popcorn320.exe rundll.dll, LoadMouseProfile
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderra.html" target=_blank>DLOADER-RA</a> TROJAN!
Source=Paul Collins Startup list

[ControlPanel]
Number=1853
Confirmed=X
Filename=[path] private.exe internat.dll, LoadMouseCarpetProfile
Description=Reported by Norman Virus Control as W32/Downloader. Creates the files sdfff, fdsf and zxczxc. In the C:\WINDOWS\SYSTEM32 directory creates the files d.exe, s.exe and r.exe
Source=Paul Collins Startup list

[ControlServiceMgr]
Number=1854
Confirmed=X
Filename=csmsv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentxc.html" target=_blank>AGENT-XC</a> TROJAN!
Source=Paul Collins Startup list

[Cookie Cop 2]
Number=1855
Confirmed=U
Filename=CookieCop.exe
Description=<a href="http://www.pcmag.com/article2/0,1895,6142,00.asp" target="_blank">Cookie Cop 2</a> from PC Magazine - cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return
Source=Paul Collins Startup list

[Cookie Pal]
Number=1856
Confirmed=U
Filename=CPBRWTCH.EXE
Description=Kookaburra Software's <a href="http://www.kburra.com/cpal.html" target="_blank">Cookie Pal</a> cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return
Source=Paul Collins Startup list

[CookieJar]
Number=1857
Confirmed=U
Filename=Cookiejar.exe
Description=<a href="http://www.jasons-toolbox.com/?page_id=14" target="_blank">Cookie Jar</a> cookie manager from Jason's Toolbox. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return. No longer being actively supported
Source=Paul Collins Startup list

[CookiePatrol]
Number=1858
Confirmed=U
Filename=CookiePatrol.exe
Description=CookiePatrol - cookie interceptor stopping spyware cookies that used to be part of <a href="http://www.pestpatrol.com/default.asp" target="_blank">PestPatrol</a> before CA's aquisition
Source=Paul Collins Startup list

[CookieWall]
Number=1859
Confirmed=U
Filename=cookie.exe
Description=<a href="http://www.analogx.com/contents/download/network/cookie.htm" target="_blank">CookieWall</a> from Analog X. Allows you to decide which internet sites can add &quot;cookies&quot; related to their sites for the next time you return
Source=Paul Collins Startup list

[Cool Desk]
Number=1860
Confirmed=U
Filename=cdesk.exe
Description=<a href="http://www.shelltoys.com/" target="_blank">Cool Desk</a> is a virtual desktops manager. &quot;Ever you wished to have several screens on your computer? Cool Desk creates up to 9 virtual desktops and offers you to have different windows on each of them&quot;. Not required but may be of use to you
Source=Paul Collins Startup list

[CoolDownloads]
Number=1861
Confirmed=X
Filename=rundll32.exe MSA64CHK.dll, DllMostrar
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MatrixDialer&threatid=14914" target=_blank>MatrixDialer</a> related
Source=Paul Collins Startup list

[CoolMP3]
Number=1862
Confirmed=X
Filename=rundll32.exe MSA64CHK.dll, DllMostrar
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MatrixDialer&threatid=14914" target=_blank>MatrixDialer</a> related
Source=Paul Collins Startup list

[CoolSwitch]
Number=1863
Confirmed=U
Filename=taskswitch.exe
Description=ALT+TAB replacement Powertoy for Windows XP - enhances the graphics displayed when you want to switch between programs running full-screen
Source=Paul Collins Startup list

[Coolwallpaper]
Number=1864
Confirmed=N
Filename=cwm_tray.exe
Description=<a href="http://coolwallpaper.com/download/index2.html" target=_blank>Cool Wallpaper</a> software allows you to manage high quality photos as desktop wallpaper and screen savers
Source=Paul Collins Startup list

[coolwebprogram]
Number=1865
Confirmed=X
Filename=clrssn.exe
Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#smartsearch" target=_blank>Smartsearch</a> parasite variant
Source=Paul Collins Startup list

[Copernic Desktop Search]
Number=1866
Confirmed=N
Filename=DesktopSearch.exe
Description=Copernic <a href="http://www.copernic.com/en/products/desktop-search/index.html" target=_blank>Desktop Search</a> - "Easily search your entire hard drive in less than a second to pinpoint the right file, e-mail, music or pictures"
Source=Paul Collins Startup list

[Copernic Desktop Search 2]
Number=1867
Confirmed=U
Filename=DesktopSearchService.exe
Description=<a href="http://www.copernic.com/en/products/desktop-search/index.html" target="_blank">Copernic Desktop Search</a> - search agent
Source=Paul Collins Startup list

[CopernicPerUserTaskMgr]
Number=1868
Confirmed=U
Filename=CopernicPerUserTaskMgr.exe
Description=Automatic tasking feature of Copernic Pro multi-search engine tool
Source=Paul Collins Startup list

[Copy handler]
Number=1869
Confirmed=U
Filename=Copy Handler.exe
Description=<a href="http://copyhandler.com/" target= blank>Copy Handler</a> lets you copy between hard disks, floppies, local networks, CDs, and many other storage media. Copy Handler gives you the power to pause, resume, restart, and cancel during the copying and moving processes
Source=Paul Collins Startup list

[Copyright]
Number=1870
Confirmed=N
Filename=mwcpyrt.exe
Description=Displays copyright information on IBM ThinkPads
Source=Paul Collins Startup list

[CoreCenter]
Number=1871
Confirmed=U
Filename=CoreCenter.exe
Description=MSI Core Center - motherboard utility for monitoring CPU speed, voltages, temperatures and fans speeds as well as overclocking
Source=Paul Collins Startup list

[CoreCenter]
Number=1872
Confirmed=U
Filename=CORECE~1.EXE
Description=MSI Core Center - motherboard utility for monitoring CPU speed, voltages, temperatures and fans speeds as well as overclocking
Source=Paul Collins Startup list

[Corel Colleagues & Contacts Reminders]
Number=1873
Confirmed=N
Filename=cffrem.exe
Description=Corel Colleagues & Contracts - all-in-one organizer for scheduling meetings, maintaining addresses, etc. Part of the now defunct Corel Print Office
Source=Paul Collins Startup list

[Corel Desktop Application Director]
Number=1874
Confirmed=N
Filename=dadx.exe
Description=The Desktop Application Director (DAD) gives you easy access to all Corel applications - x represents ther version number. Available via Start -> Programs
Source=Paul Collins Startup list

[Corel Family & Friends reminders]
Number=1875
Confirmed=N
Filename=CFFREM.EXE
Description=Corel Family & Friends - all-in-one calender, address book and list manager. Part of the now defunct Corel Print House Magic
Source=Paul Collins Startup list

[Corel Photo Downloader]
Number=1876
Confirmed=N
Filename=MediaDetect.exe
Description=Related to <a href="http://www.corel.com/servlet/Satellite?pagename=Corel3/Products/Display&pid=1047025470321" target=_blank>Corel Photo Album</a>

Source=Paul Collins Startup list

[Corel Registration]
Number=1877
Confirmed=N
Filename=Remind32.exe
Description=If you don't want to register Corel products and be reminded about it every 2 weeks disable it
Source=Paul Collins Startup list

[Corel Registration Reminder]
Number=1878
Confirmed=N
Filename=Remind32.exe
Description=If you don't want to register Corel products and be reminded about it every 2 weeks disable it
Source=Paul Collins Startup list

[Corel Reminder]
Number=1879
Confirmed=N
Filename=NAVBROWSER.EXE
Description=If you don't want to register Corel products and be reminded about it every 2 weeks disable it
Source=Paul Collins Startup list

[Corel Reminder]
Number=1880
Confirmed=N
Filename=NAVBrowser.exe
Description=Registration reminder for CorelDRAW 10
Source=Paul Collins Startup list

[CorelCENTRAL 10]
Number=1881
Confirmed=N
Filename=I_26dadCC.exe
Description=<a href="http://www3.corel.com/cgi-bin/gx.cgi/AppLogic+FTContentServer?pagename=Corel/Product/Feature&amp;fid=CC1ZX1WPOP4" target="_blank">CorelCENTRAL 10</a> - personal information manager (PIM). Supplied as part of Corel WordPerfect Office 2002. Available via Start -> Programs
Source=Paul Collins Startup list

[CorelDraw Toolbox]
Number=1882
Confirmed=X
Filename=CorelDraw.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotvz.html" target= blank>SDBOT-VZ</a> WORM!
Source=Paul Collins Startup list

[CorelMedia FoldersIndexer8]
Number=1883
Confirmed=N
Filename=MFindexer.exe
Description=Part of CorelDraw bundles for indexing media files - similar to &quot;fast find&quot; in MS Office
Source=Paul Collins Startup list

[CorelMedia FoldersIndexer8]
Number=1884
Confirmed=N
Filename=MFINDE~1.EXE
Description=Part of CorelDraw bundles for indexing media files - similar to &quot;fast find&quot; in MS Office
Source=Paul Collins Startup list

[CoreSrv]
Number=1885
Confirmed=X
Filename=coresrv.exe
Description=Some IRC trojans/worms use this - see <a href="http://lockdowncorp.com/bots/" target="_blank">here</a> for more information
Source=Paul Collins Startup list

[CORESYS]
Number=1886
Confirmed=?
Filename=coresys.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[CorrectConnect]
Number=1887
Confirmed=N
Filename=CConnect.exe
Description=Broadband ISP diagnostic tool - as used by NTL and Cox Communications. Shortcut available
Source=Paul Collins Startup list

[cosine]
Number=1888
Confirmed=X
Filename=cosine.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotsw.html" target=_blank>RBOT-SW</a> WORM!
Source=Paul Collins Startup list

[CostAware]
Number=1889
Confirmed=U
Filename=niIPCApp.exe
Description=NetInternals <a href="http://www.netinternals.com/default.htm?products" target="_blank">CostAware</a> - download quota measuring tool
Source=Paul Collins Startup list

[Country Select]
Number=1890
Confirmed=N
Filename=pctptt.exe
Description=Country selection for a PCtel HSP56 based modem. Often found in OEM (Dell,Compaq, HP, etc) systems for their modems included on the motherboard or as a separate card. Once you've set the modem up to the chosen country it's not required
Source=Paul Collins Startup list

[CountrySelection]
Number=1891
Confirmed=N
Filename=pctptt.exe
Description=Country selection for a PCtel HSP56 based modem. Often found in OEM (Dell,Compaq, HP, etc) systems for their modems included on the motherboard or as a separate card. Once you've set the modem up to the chosen country it's not required
Source=Paul Collins Startup list

[Coupon Offers]
Number=1892
Confirmed=?
Filename=??
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[couponica]
Number=1893
Confirmed=X
Filename=couponica.exe
Description=Adware - see <a href="http://vil.nai.com/vil/content/v_100077.htm#top" target="_blank">here</a>
Source=Paul Collins Startup list

[CP]
Number=1894
Confirmed=?
Filename=CopyProtectionNotifier.exe
Description=Related to <a href="http://www.emuzed.com/application.html" target=_blank>Emuzed</a> Systems and Middleware. Comes included with Windows XP Media Edition
Source=Paul Collins Startup list

[CP32NOT]
Number=1895
Confirmed=U
Filename=CP32BTN.EXE
Description=For the programmable &quot;one-touch&quot; buttons on HP laptops (and others?). Safe to disable if you don't use these buttons
Source=Paul Collins Startup list

[CP4HPOT]
Number=1896
Confirmed=U
Filename=OneTouch.EXE
Description=One Touch keyboard driver. Required if you use the additional keys
Source=Paul Collins Startup list

[CP888M1]
Number=1897
Confirmed=N
Filename=CP888M1.EXE
Description=Related to EZbutton quick launcher for the Media player app that comes with certain laptops
Source=Paul Collins Startup list

[CPA9P2PSERVER]
Number=1898
Confirmed=?
Filename=CPA9P2PS.exe
Description=<font color="#FF0000">Found on a Compaq Presario but what is it?</font>
Source=Paul Collins Startup list

[cpanel]
Number=1899
Confirmed=X
Filename=winlogin32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfoy.html" target="_blank">RBOT-FOY</a> WORM!
Source=Paul Collins Startup list

[CPATR10]
Number=1900
Confirmed=U
Filename=CPATR10.EXE
Description=Dritek/Compal ATR10 Easy Button driver. Used on certain laptops (e.g. Toshiba, Compaq) to translate special hotkeys such as Play/Pause and Constrast
Source=Paul Collins Startup list

[CPBrWtch]
Number=1901
Confirmed=U
Filename=CPBrWtch.exe
Description=Kookaburra Software's <a href="http://www.kburra.com/cpal.html" target="_blank">Cookie Pal</a> cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return
Source=Paul Collins Startup list

[CPD_EXE]
Number=1902
Confirmed=Y
Filename=CPD.EXE
Description=Firewall bundled with McAfee VirusScan 6.*
Source=Paul Collins Startup list

[cpl]
Number=1903
Confirmed=X
Filename=deamon.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
Source=Paul Collins Startup list

[cpl]
Number=1904
Confirmed=X
Filename=msgaol.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
Source=Paul Collins Startup list

[cpl]
Number=1905
Confirmed=X
Filename=s_menu.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
Source=Paul Collins Startup list

[cpl]
Number=1906
Confirmed=X
Filename=browse.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
Source=Paul Collins Startup list

[cpl]
Number=1907
Confirmed=X
Filename=msgaol.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
Source=Paul Collins Startup list

[CplBTQ00]
Number=1908
Confirmed=N
Filename=CplBTQ00.EXE
Description=Related to EZbutton quick launcher for the Media player app that comes with certain laptops
Source=Paul Collins Startup list

[CPLDBL10]
Number=1909
Confirmed=N
Filename=CPLDBL10.exe
Description=Related to EZbutton quick launcher for the Media player app that comes with certain laptops
Source=Paul Collins Startup list

[cpntmgc]
Number=1910
Confirmed=X
Filename=wincomp.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_WINTRIM.A" target=_blank>WINTRIM_A</a> TROJAN!
Source=Paul Collins Startup list

[cpntmgc]
Number=1911
Confirmed=X
Filename=simcss.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_MAGICON.A" target=_blank>MAGICON.A</a> TROJAN!
Source=Paul Collins Startup list

[cpntmgc]
Number=1912
Confirmed=X
Filename=navpmc.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112414-3016-99" target=_blank>SIMCSS</a> TROJAN!
Source=Paul Collins Startup list

[cpntmgc]
Number=1913
Confirmed=X
Filename=winmgts.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojwintrimb.html" target=_blank>WINTRIM-B</a> TROJAN!
Source=Paul Collins Startup list

[CPortPatch]
Number=1914
Confirmed=?
Filename=cppatch.exe
Description=<font color="#FF0000">CPortPatch is a utility is required for Dell laptops that are using a docking station. Is it needed though?</font>
Source=Paul Collins Startup list

[CPQAcDc]
Number=1915
Confirmed=Y
Filename=CPQAcDc.exe
Description=Compaq PowerCon power management software for laptops
Source=Paul Collins Startup list

[CPQAlert]
Number=1916
Confirmed=U
Filename=CPQAlert.exe
Description=Compaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See <a href="http://h18000.www1.hp.com/products/servers/management/cim-description.html" target="_blank">here</a> for more information
Source=Paul Collins Startup list

[CPQBootPerfDB]
Number=1917
Confirmed=N
Filename=CPQBootPerfDB.EXE
Description=See the entry for Compaq Message Server
Source=Paul Collins Startup list

[CPQCalib]
Number=1918
Confirmed=Y
Filename=CPQCalib.exe
Description=Compaq PowerCon power management software for laptops
Source=Paul Collins Startup list

[CPQDFWAG]
Number=1919
Confirmed=N
Filename=CpqDfwAg.exe
Description=For Compaq PC's. Runs Compaq diagnostics on every boot
Source=Paul Collins Startup list

[CPQEASYACC]
Number=1920
Confirmed=U
Filename=cpqeadm.exe
Description=For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys
Source=Paul Collins Startup list

[CPQEASYACC]
Number=1921
Confirmed=U
Filename=StartEAK.exe
Description=<a href="http://h18000.www1.hp.com/support/techpubs/whitepapers/13W1-1200a-wwen.html" target="_blank">Easy Access</a> Button Support for Compaq PCs. Required if you use these
Source=Paul Collins Startup list

[cpqeaui]
Number=1922
Confirmed=U
Filename=cpqeaui.exe
Description=For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys
Source=Paul Collins Startup list

[cpqek]
Number=1923
Confirmed=U
Filename=kcpqek.exe
Description=For Compaq PC's. <a href="http://h18000.www1.hp.com/support/techpubs/whitepapers/13W1-1200a-wwen.html" target="_blank"> Easy Access</a> button support for the keyboard
Source=Paul Collins Startup list

[CPQInet Runtime Service]
Number=1924
Confirmed=U
Filename=CpqInet.exe
Description=For Compaq PC's. Allows AOL and Compuserve to use the <a href="http://h18000.www1.hp.com/support/techpubs/whitepapers/13W1-1200a-wwen.html" target="_blank"> Easy Access</a> buttons for the internet. Is not required if you don't use the ISP providers
Source=Paul Collins Startup list

[CPQINKAGENT]
Number=1925
Confirmed=N
Filename=cpqinkag.exe
Description=That is the Compaq Ink Agent for some inkjet printers, it lets users know when their ink cartridges are getting close to empty (by how many pages they have printed)
Source=Paul Collins Startup list

[cpqns]
Number=1926
Confirmed=U
Filename=cpqnpcss.exe
Description=Related to Compaq.Net - not required if you don't use that
Source=Paul Collins Startup list

[Cpqset]
Number=1927
Confirmed=N
Filename=Cpqset.exe
Description=Default settings software in Hewlett Packard notebook
Source=Paul Collins Startup list

[CPQSTUTFIX]
Number=1928
Confirmed=Y
Filename=stutfix.exe
Description=For Compaq PC's. Fixes audio stutter problems for ESS Maestro soundcards. You can download it <a href="http://www.pacs-portal.co.uk/files/StutFix.exe">here</a>. This is a Compaq originated file and has been verified as free from viruses by McAfree/Norton
Source=Paul Collins Startup list

[cpr]
Number=1929
Confirmed=X
Filename=cpr
Description=Adroar.com adware downloader
Source=Paul Collins Startup list

[cprocsvc]
Number=1930
Confirmed=X
Filename=cproc.exe
Description=Added by MSIL.AGENT.C TROJAN!
Source=Paul Collins Startup list

[CPU Manager]
Number=1931
Confirmed=X
Filename=cpumgr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081913-3715-99" target="_blank">PANDEM.B</a> WORM!
Source=Paul Collins Startup list

[CPU Temp Control]
Number=1932
Confirmed=X
Filename=wuitgurd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahv.html" target=_blank>RBOT-AHV</a> WORM!
Source=Paul Collins Startup list

[CPU Watcher]
Number=1933
Confirmed=X
Filename=rundll32.exe [path] cpu.dll,load
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderlo.html" target=_blank>DLOADER-LO</a> TROJAN!
Source=Paul Collins Startup list

[CPU Windows Status]
Number=1934
Confirmed=X
Filename=cpustats.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[CPUcool]
Number=1935
Confirmed=U
Filename=Cpucool.exe
Description=Program to keep the processor cool when idle in &quot;overclocked&quot; systems. Also available via Start -&gt; Settings -&gt; Control Panel
Source=Paul Collins Startup list

[Cpusave]
Number=1936
Confirmed=X
Filename=Cpusave.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list

[Cpusave32]
Number=1937
Confirmed=X
Filename=Cpusave32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list

[CPVHOST Settings]
Number=1938
Confirmed=X
Filename=cpvhost.exe
Description=Added by the <a href="http://www.scanspyware.net/info/Sdbot.HMW.htm" target="_blank">SDBOT.HMW</a> WORM!
Source=Paul Collins Startup list

[cpyt]
Number=1939
Confirmed=X
Filename=hidep.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmirjacka.html" target=_blank>MIRJACK-A</a> TROJAN!
Source=Paul Collins Startup list

[cqlyg]
Number=1940
Confirmed=X
Filename=world_cup_.bat
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BAT_WCUP.A" target="_blank">WCUP.A</a> WORM!
Source=Paul Collins Startup list

[CQSCP2P SERVER]
Number=1941
Confirmed=?
Filename=??
Description=<font color="#FF0000">&quot;Compaq printer utility which is required in the startup menu in order to make the printer work correctly&quot;. Personally I doubt whether it is actually needed</font>
Source=Paul Collins Startup list

[CQSCP2PS]
Number=1942
Confirmed=?
Filename=??
Description=<font color="#FF0000">&quot;Compaq printer utility which is required in the startup menu in order to make the printer work correctly&quot;. Personally I doubt whether it is actually needed</font>
Source=Paul Collins Startup list

[Cr**.exe [* = random char]]
Number=1943
Confirmed=X
Filename=Cr**.exe [* = random char]
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
Source=Paul Collins Startup list

[Cr**.exe [* = random char]]
Number=1944
Confirmed=X
Filename=Cr**.exe [* = random char]
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
Source=Paul Collins Startup list

[Cr**32.exe [* = random char]]
Number=1945
Confirmed=X
Filename=Cr**32.exe [* = random char]
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
Source=Paul Collins Startup list

[cracked_windows1]
Number=1946
Confirmed=U
Filename=cracked_windows1.exe
Description=<a href="http://www.angelfire.com/electronic/purplexed/files/crackedwindows.html" target="_blank">Cracked Windows</a> popup killer
Source=Paul Collins Startup list

[CrazyTalk Serve]
Number=1947
Confirmed=N
Filename=rundll32.exe CrazyTalk.dll, DIIServeMediaFile
Description=<a href="http://www.reallusion.com/crazytalk/default.asp" target="_blank">CrazyTalk</a> from Reallusion - &quot;the worlds only facial animation tool that gives you the power to create talking animated images from a single photograph, complete with emotions.&quot; Can apparently be installed without your knowledge as well as being a legitimate download in it's own right from sites such as TUCOWS
Source=Paul Collins Startup list

[CRBroadCasting]
Number=1948
Confirmed=U
Filename=CRBroadCasting.exe
Description=<a href="http://www.otiglobal.com/" target=_blank>CardReader2</a> from On Track Inovations Ltd. USB Card Reader

Source=Paul Collins Startup list

[CRC Value Verifier]
Number=1949
Confirmed=X
Filename=crsss32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[CRC Value Verifier]
Number=1950
Confirmed=X
Filename=Crsss64.exe
Description=Added by the <a href="http://www.sophos.com.au/virusinfo/analyses/w32rbotny.html" target=_blank>RBOT-NY</a> WORM!

Source=Paul Collins Startup list

[CRC Value Verifier]
Number=1951
Confirmed=X
Filename=svchost32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotoa.html" target=_blank>RBOT-OA</a> WORM!
Source=Paul Collins Startup list

[CRC Value Verifier]
Number=1952
Confirmed=X
Filename=crsss.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.UK&VSect=P" target=_blank>SPYBOT.UK</a> WORM!
Source=Paul Collins Startup list

[Crc32stats Dependencies]
Number=1953
Confirmed=X
Filename=Crc32stats.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-070615-3252-99" target=_blank>MYTOB.GT</a> WORM!
Source=Paul Collins Startup list

[CRCSS]
Number=1954
Confirmed=X
Filename=crcss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ircbotth.html" target="_blank">IRCBOT-TH</a> WORM!
Source=Paul Collins Startup list

[Creata Mail]
Number=1955
Confirmed=U
Filename=JMSrvr.exe
Description=<a href="http://www.bluemountain.com/mail/index.pd" target=_blank>Creata_Mail</a>. Smileys, stationary and more for you email. Required if you want to access the program from Outlook or Outlook Express

Source=Paul Collins Startup list

[Create A Monster]
Number=1956
Confirmed=X
Filename=createAMonster.exe
Description=Kudd.com CreateAMonster. Reportedly stealth installed and <a href="http://sarc.com/avcenter/venc/data/adware.look2me.html" target=_blank>Look2Me</a> adware related

Source=Paul Collins Startup list

[CreateCD]
Number=1957
Confirmed=N
Filename=Createcd.exe
Description=Adaptec Easy CD Creator system tray application (pre version 5). Available via Start -> Programs
Source=Paul Collins Startup list

[CreateCD50]
Number=1958
Confirmed=N
Filename=Createcd50.exe
Description=Adaptec Easy CD Creator version 5 system tray application. Available via Start -> Programs
Source=Paul Collins Startup list

[Creative AGP Wizard]
Number=1959
Confirmed=N
Filename=agpwiz.exe
Description=Part of Creative's BlasterControl
Source=Paul Collins Startup list

[Creative Audio Drivers]
Number=1960
Confirmed=X
Filename=creative.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfkr.html" target="_blank">RBOT-FKR</a> WORM!
Source=Paul Collins Startup list

[Creative Detector]
Number=1961
Confirmed=N
Filename=CTDetect.exe
Description=Auto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically again
Source=Paul Collins Startup list

[Creative Launcher]
Number=1962
Confirmed=N
Filename=CTLauncher.exe
Description=For Creative Soundblaster Live! series soundcards. Adds a quick-launch bar to the top of the display and a System Tray icon. Available via Start -> Programs
Source=Paul Collins Startup list

[Creative MediaSource Go]
Number=1963
Confirmed=N
Filename=CTCMSGo.exe
Description="Creative <a href="http://www.soundblaster.com/mediasource/" target="_blank"> MediaSource</a> playbacks music in DVD-Audio, MP3, WMA, WAV and other media formats"
Source=Paul Collins Startup list

[Creative PCI Audio Configuration Utility]
Number=1964
Confirmed=N
Filename=starter.exe
Description=System Tray icon to configure a Creative Soundblaster PCI soundcard. Not required and re-instates itself when un-checked. Try one of the solutions on <a href="http://www.pacs-portal.co.uk/startup_pages/starter_exe.htm" target="_blank">this</a> special page. Similar to EnsoniqMixer
Source=Paul Collins Startup list

[Creative Service for CDROM Access]
Number=1965
Confirmed=N
Filename=Ctsvccda.exe
Description=Resident program for Creative's PlayCenter included with Soundblaster Audigy sound cards - speeds up detection of some media CDs if the system doesn't natively support them. Available via Start -> Programs
Source=Paul Collins Startup list

[Creative WebCam Tray]
Number=1966
Confirmed=N
Filename=Camtray.exe
Description=Creative WebCam tray control - can be started manually

Source=Paul Collins Startup list

[Creative.exe]
Number=1967
Confirmed=X
Filename=Creative.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2000-122112-0126-99" target="_blank">PROLIN</a> WORM!
Source=Paul Collins Startup list

[CreativeDiscNotifier]
Number=1968
Confirmed=N
Filename=CTNOTIFY.EXE
Description=For Creative Soundblaster Live! series soundcards. Detects when you insert a CD-ROM, DVD-ROM, etc. Available via Start -&gt; Settings -&gt; Control Panel
Source=Paul Collins Startup list

[CreativeMixer]
Number=1969
Confirmed=U
Filename=CTMIX32.EXE
Description=Creative soundcard System Tray access to, for example, volume slider controls as normally provided by the &quot;speaker&quot; icon. Not required unless you adjust any settings otherwise available via the standard icon
Source=Paul Collins Startup list

[CreativeTaskScheduler]
Number=1970
Confirmed=?
Filename=CTSched.exe
Description=<a href="http://www.creative.com/" target="_blank">Creative</a> Task Scheduler. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[Critical Update Check]
Number=1971
Confirmed=X
Filename=battlenet.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelflb.html" target=_blank>DELF-LB</a> TROJAN!
Source=Paul Collins Startup list

[CriticalUpdate]
Number=1972
Confirmed=N
Filename=Wucrtupd.exe
Description=MS Windows Critical Update Notification. If you want to keep Windows up-to-date, check the Windows Update site
Source=Paul Collins Startup list

[CriticalUpdate]
Number=1973
Confirmed=X
Filename=wucrtupd.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_100790.htm" target=_blank>NOALA.B</a> WORM! Note - this file is located in the Windows or Winnt folder, and must not be confused with the legitimate Windows process of the same name as described <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/wucrtupd/" target=_blank>here</a>
Source=Paul Collins Startup list

[Crnsava]
Number=1974
Confirmed=X
Filename=scrnsave.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzv.html" target=_blank>SDBOT-ZV</a> WORM!
Source=Paul Collins Startup list

[cronos]
Number=1975
Confirmed=X
Filename=MARCO!.SCR
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.G" target="_blank">OPASERV.G</a> WORM!
Source=Paul Collins Startup list

[CrossMenu]
Number=1976
Confirmed=X
Filename=CrossMenu
Description=Toshiba CrossMenu Utility - allows the user to create their own menus
Source=Paul Collins Startup list

[CRP386 Networking]
Number=1977
Confirmed=X
Filename=crp386.exe
Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Backdoor.Win32.IRCBot.n&threatid=10896" target="_blank">IRCBOT.N</a> TROJAN!
Source=Paul Collins Startup list

[crs]
Number=1978
Confirmed=X
Filename=crs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobottj.html" target=_blank>AGOBOT-TJ</a> WORM!
Source=Paul Collins Startup list

[CRSSXP SysInfo]
Number=1979
Confirmed=X
Filename=crssxp.exe
Description=Added by the <a href="http://www.scanspyware.net/info/Sdbot.NHS.htm" target="_blank">SDBOT.NHS</a> WORM!
Source=Paul Collins Startup list

[Crusty]
Number=1980
Confirmed=X
Filename=dmcpl.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-021517-4140-99" target="_blank">RUSTY</a> WORM!
Source=Paul Collins Startup list

[cryptdlg]
Number=1981
Confirmed=X
Filename=cryptdlg.exe
Description=Added by an unidentified TROJAN!
Source=Paul Collins Startup list

[cryptoexpert]
Number=1982
Confirmed=U
Filename=cexpert.exe
Description=<a href="http://www.secureaction.com/cryptoexpert/" target="_blank">CryptoExpert</a> from SecureAction Research. Advanced on the fly encryption system
Source=Paul Collins Startup list

[Cryptographic Service]
Number=1983
Confirmed=X
Filename=******.exe [* = random char]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-070217-1202-99" target="_blank">KORGO.W</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080213-0953-99" target="_blank">KORGO.X</a> or <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39581" target="_blank">KORGO.AB</a> WORMS!
Source=Paul Collins Startup list

[Crystal 3D Audio Control]
Number=1984
Confirmed=?
Filename=CWD3DSND.EXE
Description=Crystal 3D Audio sound driver. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list

[csaRem]
Number=1985
Confirmed=N
Filename=spqmdmui.exe
Description=Compaq modem country selection 
Source=Paul Collins Startup list

[CSAV_CheckViruses]
Number=1986
Confirmed=Y
Filename=vchk.exe
Description=<a href="http://www.authentium.com/command/" target="_blank">Command Antivirus</a> related
Source=Paul Collins Startup list

[csc]
Number=1987
Confirmed=U
Filename=csc.exe
Description=Command line compiler for Microsoft C# it gets installed with the .NET SDK
Source=Paul Collins Startup list

[CSCRS Value]
Number=1988
Confirmed=X
Filename=cscrs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaaa.html" target=_blank>RBOT-AAA</a> WORM!
Source=Paul Collins Startup list

[CSCRS Value Check]
Number=1989
Confirmed=X
Filename=MsPMSPSd.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[CSINJECT.EXE]
Number=1990
Confirmed=U
Filename=CSINJECT.EXE
Description=Part of Quarterdeck/Norton CleanSweep. "Csinject must be loaded in order for Smart Sweep to automatically monitor installations and properly track registry changes"
Source=Paul Collins Startup list

[csm Win Updates]
Number=1991
Confirmed=X
Filename=csm.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_135435.htm" target=_blank>ZOTOB.B</a> WORM!
Source=Paul Collins Startup list

[csoftok]
Number=1992
Confirmed=X
Filename=softok.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050913-5746-99" target= blank>QQPASS.G</a> TROJAN!
Source=Paul Collins Startup list

[csrs]
Number=1993
Confirmed=X
Filename=csrs.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031915-3501-99" target="_blank">GAOBOT.GEN!POLY</a> WORM!
Source=Paul Collins Startup list

[csrsc]
Number=1994
Confirmed=X
Filename=csrsc.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[CSRSS]
Number=1995
Confirmed=X
Filename=CSRSS.EXE
Description=Search page hijacker, redirecting to http://www.search-aide.com/. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[Csrss]
Number=1996
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031323-3628-99" target="_blank">CHOD</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup and the executeable resides in a random folder name
Source=Paul Collins Startup list

[csrss]
Number=1997
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkeylogaq.html" target=_blank>KEYLOG-AQ</a> KEYLOGGER! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
Source=Paul Collins Startup list

[csrss]
Number=1998
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32chodej.html" target=_blank>CHODE-J</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a random subfolder
Source=Paul Collins Startup list

[csrss]
Number=1999
Confirmed=X
Filename=msmsgs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32chodej.html" target=_blank>CHODE-J</a> WORM!
Source=Paul Collins Startup list

[csrss]
Number=2000
Confirmed=X
Filename=nwiz.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32chodej.html" target=_blank>CHODE-J</a> WORM!
Source=Paul Collins Startup list

[csrss]
Number=2001
Confirmed=U
Filename=csrss.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/spyware.beyondkeylog.html" target="_blank">BeyondKeylog</a> surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Program Files/Supremtec folder
Source=Paul Collins Startup list

[CSRSS Loader]
Number=2002
Confirmed=X
Filename=csrsss.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.TX" target=_blank>AGOBOT.TX</a> WORM!
Source=Paul Collins Startup list

[csrss.exe]
Number=2003
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-070603-2351-99" target=_blank>DALBUG</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the Winnt\System32 or Windows\System32 folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[csrssLevel4]
Number=2004
Confirmed=X
Filename=csrss.exe
Description=Unidentified malware. Note - this file is placed in a C:\Windows\System\Level4 folder, and should NOT be confused with the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the Winnt\System32 or Windows\System32 folder and should NOT figure in Msconfig/Startup!
Source=Paul Collins Startup list

[CSRSSU]
Number=2005
Confirmed=X
Filename=CSRSSU.exe
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant - hijacking to Slawsearch.com. Also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojcwse.html" target= blank>CWS-E</a> TROJAN!
Source=Paul Collins Startup list

[CSRSSW]
Number=2006
Confirmed=X
Filename=CSRSSW.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcwsf.html" target= blank>CWS-F</a> TROJAN!
Source=Paul Collins Startup list

[CSRSWIN]
Number=2007
Confirmed=X
Filename=[trojan filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080611-0047-99" target="_blank">WINSHELL.50</a> TROJAN!
Source=Paul Collins Startup list

[CSRSX]
Number=2008
Confirmed=X
Filename=[trojan filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081110-5211-99" target="_blank">WINSHELL.50.B</a> TROJAN!
Source=Paul Collins Startup list

[CSS Server]
Number=2009
Confirmed=U
Filename=CSSServer.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082415-5002-99" target="_blank">ComSpySysSvr</a> surveillance software. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list

[cssauth]
Number=2010
Confirmed=U
Filename=cssauth.exe
Description=Related to IBM ThinkVantage Client Security Solution

Source=Paul Collins Startup list

[CSScheduleCheck]
Number=2011
Confirmed=Y
Filename=SCHWIZEX.EXE
Description=Part of <a href="http://www.imaginelan.com/configsafe/index.html" target="_blank"> ConfigSafe</a> - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions - provides a restore function. This part takes a snapshot of your system following a healthy re-boot
Source=Paul Collins Startup list

[cssrs]
Number=2012
Confirmed=X
Filename=cssrs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbandw.html" target="_blank">BANCBAN-DW</a> TROJAN!
Source=Paul Collins Startup list

[csss]
Number=2013
Confirmed=X
Filename=Csss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-112709-2857-99" target="_blank">BALICK</a> TROJAN!
Source=Paul Collins Startup list

[CSS_Central]
Number=2014
Confirmed=U
Filename=CSS_1631.EXE
Description=CSS Communication Agent (95 Host) from Command Software Systems (now <a href="http://www.commandcom.com/" target="_blank">Authentium</a>). "CSS Central™ provides administrators with a powerfully proactive tool to effectively manage and maintain the anti-virus strategy from a centralized console"
Source=Paul Collins Startup list

[CSV10P1]
Number=2015
Confirmed=X
Filename=CSP001.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092410-4648-99" target=_blank>ClearSearch</a> adware
Source=Paul Collins Startup list

[CSV10P70]
Number=2016
Confirmed=X
Filename=CSv10P070.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092410-4648-99" target=_blank>ClearSearch</a> adware
Source=Paul Collins Startup list

[CSV7P26]
Number=2017
Confirmed=X
Filename=CSV7P26.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092410-4648-99" target=_blank>ClearSearch</a> adware
Source=Paul Collins Startup list

[CSV7P70]
Number=2018
Confirmed=X
Filename=CSV7P070.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092410-4648-99" target=_blank>ClearSearch</a> adware
Source=Paul Collins Startup list

[CSV7P91]
Number=2019
Confirmed=X
Filename=CSV7P91.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092410-4648-99" target=_blank>ClearSearch</a> adware
Source=Paul Collins Startup list

[csvdea]
Number=2020
Confirmed=U
Filename=csvdea.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-072112-1717-99" target="_blank">SpyArsenalLog</a> surveillance software. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list

[csvhost.exe]
Number=2021
Confirmed=X
Filename=csvhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcimuzbd.html" target="_blank">CIMUZ-BD</a> TROJAN!
Source=Paul Collins Startup list

[ct]
Number=2022
Confirmed=Y
Filename=ct.exe
Description=ct.exe is a file is for the HP Learning Adventure software&nbsp;and if you use this software it is required to run it
Source=Paul Collins Startup list

[CT Control Settings]
Number=2023
Confirmed=X
Filename=CTSVCCD.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotys.html" target=_blank>RBOT-YS</a> WORM!
Source=Paul Collins Startup list

[CTAVTray]
Number=2024
Confirmed=N
Filename=CTAvTray.exe
Description=For Creative Soundblaster Live! series soundcards. Plays the EAX animation on start-up and adds a System Tray icon for it. Available via AudioHQ
Source=Paul Collins Startup list

[CTCMonitor]
Number=2025
Confirmed=U
Filename=CTCMonitor.exe
Description=<a href="http://www.clicktoconvert.com/Features/features.html" target=_blank>Click-to-Convert</a> - document-to-HTML or doc-to-PDF converter. Only required if you are going to use the File -> Print method of using Click-to-Convert. If converting directly from MS Office, it is not required
Source=Paul Collins Startup list

[CTDVDDet]
Number=2026
Confirmed=N
Filename=CTDVDDet.exe
Description=Auto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically again
Source=Paul Collins Startup list

[CTDVDDet]
Number=2027
Confirmed=N
Filename=CTDetect.exe
Description=Auto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically again
Source=Paul Collins Startup list

[ctflog manager]
Number=2028
Confirmed=X
Filename=ctflog.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DONBOMB.A&VSect=P" target=_blank>DONBOMB.A</a> TROJAN!
Source=Paul Collins Startup list

[CTFM0N.exe]
Number=2029
Confirmed=X
Filename=CTFM0N.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-070512-2031-99" target=_blank>STARTPAGE.P</a> TROJAN!
Source=Paul Collins Startup list

[ctfmon]
Number=2030
Confirmed=U
Filename=ctfmon.exe
Description=CTFMon is involved with the language/alternative input services in Office XP. Ctfmon.exe will continue to put itself back into MSConfig when you run the Office XP apps as long as the Text Services and Speech applets in the Control Panel are enabled. Not required if you don't need these features. For more info on ctfmon see <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;282599" target=_blank>here</a>. Ctfmon can be disabled from Control Panel, Text & Speech Services. Note - the file will always be located in the System32 folder, if it is located elsewhere it will likely be a worm or trojan! Can cause problems with some other programs if left enabled - see <a href="http://actualtools.com/forum/read.php?FID=9&TID=63" target=_blank>here</a> for such an example
Source=Paul Collins Startup list

[ctfmon]
Number=2031
Confirmed=X
Filename=taskmgr32*.exe [* = number]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080617-4010-99" target="_blank">SOWSAT.B</a> WORM!
Source=Paul Collins Startup list

[ctfmon]
Number=2032
Confirmed=X
Filename=cftmon.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelivea.html" target= blank>DELIVE-A</a> TROJAN! Note - this file is found in C:\Windows or C:\Winnt and is not the valid MS Office file of the same name (see <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;282599" target= blank>here</a>)
Source=Paul Collins Startup list

[ctfmon]
Number=2033
Confirmed=X
Filename=mIRC.dll
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelbote.html" target=_blank>DELBOT-E</a> TROJAN!
Source=Paul Collins Startup list

[ctfmon]
Number=2034
Confirmed=X
Filename=WinConst.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojassasing.html" target=_blank>ASSASIN-G</a> TROJAN!
Source=Paul Collins Startup list

[CTFMon]
Number=2035
Confirmed=U
Filename=ctfmon.exe
Description=<a href="http://www.spyarsenal.com/familykeylogger/" target=_blank>Family Keylogger</a> is a program that lets you record to a special file and then view all the keystrokes typed by everyone using your computer. Keystroke logger/monitoring program - remove unless you installed it yourself! Found in the System\CTF (9x/Me) or System32\CTF (NT/2K/XP) folder

Source=Paul Collins Startup list

[ctfmon]
Number=2036
Confirmed=X
Filename=msnmsgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorjv.html" target=_blank>JV</a> TROJAN!
Source=Paul Collins Startup list

[Ctfmon.exe]
Number=2037
Confirmed=X
Filename=ctfmon32.exe
Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#ctfmon32" target=_blank>Ctfmon32</a> parasite variant
Source=Paul Collins Startup list

[ctfmon.exe]
Number=2038
Confirmed=X
Filename=ctfmon.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062417-1936-99" target=_blank>RAIDYS</a> TROJAN! Note - this should not be confused with the valid Office XP file, see <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;282599" target=_blank>here</a>
Source=Paul Collins Startup list

[ctfmon.exe]
Number=2039
Confirmed=X
Filename=msupdate32.exe
Description=Spy Sheriff/SpywareNO malware, also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojspyhoaxa.html" target=_blank>SPYHOAX-A</a> TROJAN, pretends to be a spyware remover! - file names spotted sofar include VXH8JKDQ2.EXE, NS6281400.so, CVXH8JKDQ2.EXE, down3.exe, sefe.exe, winstall.exe, and tool2.exe
Source=Paul Collins Startup list

[ctfmon.exe]
Number=2040
Confirmed=U
Filename=ctfmon.exe
Description=CTFMon is involved with the language/alternative input services in Office XP. Ctfmon.exe will continue to put itself back into MSConfig when you run the Office XP apps as long as the Text Services and Speech applets in the Control Panel are enabled. Not required if you don't need these features. For more info on ctfmon see <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;282599" target="_blank">here</a>. Ctfmon can be disabled from Control Panel, Text & Speech Services. Note - the file will always be located in the System32 folder, if it is located elsewhere it will likely be a worm or trojan! Can cause problems with some other programs if left enabled - see <a href="http://actualtools.com/forum/read.php?FID=9&TID=63" target="_blank">here</a> for such an example
Source=Paul Collins Startup list

[CTFMON32]
Number=2041
Confirmed=X
Filename=CTFMON32.EXE
Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#ctfmon32" target=_blank>Ctfmon32</a> parasite variant - also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojcwse.html" target= blank>CWS-E</a> TROJAN!
Source=Paul Collins Startup list

[CTFMONSS]
Number=2042
Confirmed=X
Filename=CTFMONSS.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcwsf.html" target= blank>CWS-F</a> TROJAN!
Source=Paul Collins Startup list

[ctfnom]
Number=2043
Confirmed=X
Filename=rundIl32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmiraw.html" target=_blank>LEGMIR-AW</a> TROJAN!
Source=Paul Collins Startup list

[ctfnom.exe]
Number=2044
Confirmed=X
Filename=SVOHOST.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdigidora.html" target=_blank>DIGIDOR-A</a> TROJAN!
Source=Paul Collins Startup list

[ctfnom.exe]
Number=2045
Confirmed=X
Filename=OSRSS.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderuq.html" target=_blank>DLOADER-UQ</a> TROJAN!
Source=Paul Collins Startup list

[CTHELPER]
Number=2046
Confirmed=U
Filename=CTHELPER.EXE
Description=CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative's sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so it's best left disabled unless you need it
Source=Paul Collins Startup list

[CTHelper]
Number=2047
Confirmed=X
Filename=cthelper.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxb.html" target= blank>RBOT-XB</a> WORM! Note - do not confuse with the Creative application of the same name described <a href="http://www.sysinfo.org/startuplist.php?filter=cthelper.exe" target= blank>here</a>
Source=Paul Collins Startup list

[CTime]
Number=2048
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-012015-3226-99" target="_blank">HTTPDOS</a> TROJAN!
Source=Paul Collins Startup list

[CTin10]
Number=2049
Confirmed=X
Filename=CTin10.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-022710-5851-99" target="_blank">BANCOS.E</a> TROJAN!
Source=Paul Collins Startup list

[CtModule]
Number=2050
Confirmed=X
Filename=CtModule.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojclickereg.html" target="_blank">CLICKER-EG</a> TROJAN!
Source=Paul Collins Startup list

[CTNMRUN]
Number=2051
Confirmed=U
Filename=ctnmrun.exe
Description=Detects the Creative NOMAD jukebox/MP3 player at the time it is attached to USB and starts the needed application (Creative PlayCentre 2) that you use to copy MP3 files to and from it. This is required if you want PlayCentre 2 to take control of the NOMAD once connected
Source=Paul Collins Startup list

[CTPDPSRV]
Number=2052
Confirmed=?
Filename=CTPDPSRV.EXE
Description=Printer driver (in the WINDOWS\System32\spool\DRIVERS\W32\X86 folder).<font color="#FF0000"> Is it required?</font>
Source=Paul Collins Startup list

[CTPerformanceUtility]
Number=2053
Confirmed=N
Filename=CTPowUti.exe
Description=Related to <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/ctpowuti/" target="_blank">Creative PowerSysTrayApp</a>. This program is a non-essential process, but should not be terminated unless suspected to be causing problems
Source=Paul Collins Startup list

[ctpmon]
Number=2054
Confirmed=X
Filename=ctpmon.exe
Description=System Registry Cleaner - stealth installed foistware from sysregistry.com
Source=Paul Collins Startup list

[CTRegRun]
Number=2055
Confirmed=N
Filename=CTRegRun.exe
Description=For Creative Soundblaster Live! series soundcards. Reminds you to register your card with Creative
Source=Paul Collins Startup list

[CtrlVol]
Number=2056
Confirmed=U
Filename=CtrlVol.exe
Description=Volume control key on Acer, Fujitsu and other laptops
Source=Paul Collins Startup list

[CTSched]
Number=2057
Confirmed=?
Filename=CTSched.exe
Description=<a href="http://www.creative.com/" target="_blank">Creative</a> Task Scheduler. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[CTStartup]
Number=2058
Confirmed=N
Filename=CTEaxSpl.exe
Description=Splash screen with sound on every boot up. Installed with a Sound Blaster Audigy soundcard
Source=Paul Collins Startup list

[CTSyncU.exe]
Number=2059
Confirmed=N
Filename=CTSyncU.exe
Description=<a href="http://www.creative.com/" target="_blank">Creative</a> Sync Manager</a> - synchronizes music tracks on your computer with your player
Source=Paul Collins Startup list

[CTsysVol]
Number=2060
Confirmed=U
Filename=CTSYSVOL.exe
Description=Creative sound card volume controls
Source=Paul Collins Startup list

[cttdpsrv]
Number=2061
Confirmed=?
Filename=cttdpsrv.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[CTUpdate]
Number=2062
Confirmed=X
Filename=ctupdclt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabg.html" target= blank>RBOT-ABG</a> WORM!
Source=Paul Collins Startup list

[CTxfiHlp]
Number=2063
Confirmed=N
Filename=CTXFIHLP.EXE
Description=Added by the installation of a Creative Labs X-Fi sound card. This particular process provides the help functionality for your card

Source=Paul Collins Startup list

[CTXFIREG]
Number=2064
Confirmed=N
Filename=CTxfiReg.exe
Description=Creative Labs sound card driver related. It appears that it isn't required and maybe registration related
Source=Paul Collins Startup list

[Ctykd]
Number=2065
Confirmed=X
Filename=[path to file]
Description=<a href="http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY_SMALL.SN&VSect=Td" target=_blank>SMALL.SN</a> spyware
Source=Paul Collins Startup list

[CU1]
Number=2066
Confirmed=X
Filename=VCClient.exe
Description=Associated with the Surf Sidekick adware and should be removed
Source=Paul Collins Startup list

[CU2]
Number=2067
Confirmed=X
Filename=VCMain.exe
Description=Associated with the Surf Sidekick adware and should be removed
Source=Paul Collins Startup list

[cuagentExe]
Number=2068
Confirmed=Y
Filename=Cuagent.exe
Description=<a href="http://www.authentium.com/command/" target="_blank">Command Antivirus</a> related
Source=Paul Collins Startup list

[cuo]
Number=2069
Confirmed=X
Filename=cuo.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BUGBEAR.A" target="_blank">BUGBEAR.A</a> WORM!
Source=Paul Collins Startup list

[Current Security Config]
Number=2070
Confirmed=X
Filename=csecure.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotamo.html" target=_blank>RBOT-AMO</a> WORM!
Source=Paul Collins Startup list

[cursor]
Number=2071
Confirmed=N
Filename=Screendragon_VS_Taskbar.exe
Description=<a href="http://www.screendragon.com/" target="_blank">ScreenDragon</a> video player
Source=Paul Collins Startup list

[CursorXP]
Number=2072
Confirmed=N
Filename=CursorXP.exe
Description=<a href="http://www.stardock.com/products/cursorxp/" target="_blank">CursorXP</a> from Stardock - tool for creating mouse cursors
Source=Paul Collins Startup list

[Customizer2000]
Number=2073
Confirmed=U
Filename=logon.exe
Description=Automatic logon feature of <a href="http://www.hot-shareware.com/utilities/customizer-2000/" target="_blank">Customizer 2000</a> - "a special utility which is designed to optimize Win9x/ME performance. The program lets you explore the many hidden settings in Windows, and make changes"
Source=Paul Collins Startup list

[CuteMX]
Number=2074
Confirmed=N
Filename=CuteMX.EXE
Description=File sharing utility
Source=Paul Collins Startup list

[cvmonitor.exe]
Number=2075
Confirmed=X
Filename=cvmonitor.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BV" target="_blank">SDBOT.BV</a> WORM!
Source=Paul Collins Startup list

[CVPND]
Number=2076
Confirmed=Y
Filename=cvpnd.exe
Description=Sub-system used by&nbsp;Cisco VPN client&nbsp;for making a connection to a remote IPSec server
Source=Paul Collins Startup list

[CW]
Number=2077
Confirmed=U
Filename=cw4.exe
Description=<a href="http://www.zemericks.com/products/chatwatch/index.asp" target=_blank>Chat Watch</a> "is a monitoring and logging software for online chat and instant messaging programs"
Source=Paul Collins Startup list

[CWatch]
Number=2078
Confirmed=U
Filename=cw.exe
Description=<a href="http://www.zemericks.com/products/chatwatch/index.asp" target="_blank">ChatWatch</a> - chat monitoring tool
Source=Paul Collins Startup list

[cwbckver]
Number=2079
Confirmed=N
Filename=cwbckver.exe
Description=Part of IBM's <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target="_blank">iSeries</a> (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to.&nbsp;Not required - and can be turned off in the Client Access properties. It's a waste of resources
Source=Paul Collins Startup list

[cwbinhlp]
Number=2080
Confirmed=N
Filename=cwbinhlp.exe
Description=Client Access Help Registry Update Function - part of IBM's <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target="_blank">iSeries</a> (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. It only updates the help files on your PC to match the level of the attached iSeries
Source=Paul Collins Startup list

[cwbsvstr]
Number=2081
Confirmed=N
Filename=cwbsvstr.exe
Description=Part of IBM's <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target="_blank">iSeries</a> (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Useful if you are going to access the iSeries through Windows Explorer to move files back and forth between Windows folders and iSeries folders. This is a tool that is only used by Client Access administrators (usually) so it is not required - a waste of resources
Source=Paul Collins Startup list

[cwbwlwiz]
Number=2082
Confirmed=?
Filename=cwbwlwiz.exe
Description=Welcome wizard launcher - Part of IBM's <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target="_blank">iSeries</a> (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[Cwcdschk.exe]
Number=2083
Confirmed=?
Filename=Cwcdschk.exe
Description=<font color="#FF0000">IBM Thinkpad related?</font>
Source=Paul Collins Startup list

[cwcptray]
Number=2084
Confirmed=U
Filename=cwcptray.exe
Description=Related to <a href="http://www.contentwatch.com/" target=_blank>ContentWatch</a> Parental Control internet filter
Source=Paul Collins Startup list

[cwingllib]
Number=2085
Confirmed=X
Filename=atllsimm.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[cwupdate]
Number=2086
Confirmed=U
Filename=cwupdate.exe
Description=<a href="http://www.contentwatch.com/products/contentprotect.php" target=_blank>ContentProtect</a> from ContentWatch - internet filter
Source=Paul Collins Startup list

[CXMon]
Number=2087
Confirmed=N
Filename=Hpi_Monitor.exe
Description=Autodetects when a HP camera is attached to the computer and launches the &quot;HP Photoimaging Software&quot;. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[Cyber]
Number=2088
Confirmed=N
Filename=cyberchk.exe
Description=Part of Belkins "Multimedia Cleaning Kit" and is 
automatically installed when you run their optical disk drive cleaning utility - to remind 
you to clean your drive after "x" amount of time has passed
Source=Paul Collins Startup list

[Cyber Trio]
Number=2089
Confirmed=U
Filename=showmode.exe
Description=From G-Tek Technologies. Allows you to set the PC in one of three modes, Standard, Enhanced and Kiddo. Standard is full function, Enhanced prevents accidental damage and Kiddo is a play environment for kids. Pre-installed on some Packard Bell PCs
Source=Paul Collins Startup list

[Cyber-Defender 2003]
Number=2090
Confirmed=U
Filename=uwcdsvr.exe
Description=<a href="http://www.pcworld.com/downloads/file/fid,24815-order,1-page,1-c,alldownloads/description.html" target="_blank">Cyber Defender 2003</a>
Source=Paul Collins Startup list

[cyberfree.exe]
Number=2091
Confirmed=X
Filename=****.dat [* = random char]
Description=Unidentified adware
Source=Paul Collins Startup list

[Cyberhawk]
Number=2092
Confirmed=U
Filename=CHTray.exe
Description=<a href="http://www.novatix.com/" target="_blank">Cyberhawk</a> from Novatix. Protects against viruses, spyware, identity theft
Source=Paul Collins Startup list

[CyberLat Ram Cleaner]
Number=2093
Confirmed=U
Filename=CLRamCleaner.exe
Description=<a href="http://www.cyberlat.com/ramcleaner/" target="_blank">CyberLat RAM Cleaner</a> - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://aumha.org/win4/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
Source=Paul Collins Startup list

[CyberMedia Agent]
Number=2094
Confirmed=N
Filename=CMAGENT.EXE
Description=Part of CyberMedia's Oil Change program. Not normally required. Note - if you have TextBridge, CyberMedia Agent may attach itself to TextBridge and cause TextBridge to crash everything if this is disabled
Source=Paul Collins Startup list

[CyberPatrolNew]
Number=2095
Confirmed=U
Filename=cphq.exe
Description="<a href="http://www.cyberpatrol.com/Default.aspx?id=85&mnuid=2" target="_blank">CyberPatrol</a> is one of the most powerful and popular client-based, browser independent, Internet safety software solutions for Windows-based standalone PCs available today"
Source=Paul Collins Startup list

[CyberWolf]
Number=2096
Confirmed=X
Filename=CyberWolf.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-050515-4202-99" target="_blank"> KICKIN.A</a> (or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_CYDOG.C" target="_blank">CYDOG.C</a>) WORM!
Source=Paul Collins Startup list

[CyDoor]
Number=2097
Confirmed=X
Filename=CD_Load.exe
Description=Adware. Check <a href="http://www.cexx.org/cydoor.htm" target="_blank">here</a> for information about Cy-Door and <a href="http://www.lavasoft.de/software/adaware/" target="_blank">here</a> for a program that can remove it
Source=Paul Collins Startup list

[CydoorUpdate]
Number=2098
Confirmed=X
Filename=CD_Load.exe
Description=Adware. Check <a href="http://www.cexx.org/cydoor.htm" target="_blank">here</a> for information about Cy-Door and <a href="http://www.lavasoft.de/software/adaware/" target="_blank">here</a> for a program that can remove it
Source=Paul Collins Startup list

[CYNHKey]
Number=2099
Confirmed=?
Filename=CYNHKey.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[CyphTray]
Number=2100
Confirmed=N
Filename=CyphTray.exe
Description=<a href="http://www.cypherus.com/" target="_blank">Cypherus</a> - encryption software
Source=Paul Collins Startup list

[CypressLinkMon]
Number=2101
Confirmed=U
Filename=CypressLinkMon.exe
Description=Related to <a href="http://cardiology.usa.siemens.com/products-and-it-systems/cardiology-products/ultrasound/acuson-cypress-cardiovascular-system/applications-and-software.aspx" target="_blank">CypressViewer</a> from Siemens that "allows ACUSON Cypress cardiovascular system PLUS users to store, view, and analyze Cypress system PLUS studies on a standard Windows PC"
Source=Paul Collins Startup list

[D SYSTEM]
Number=2102
Confirmed=X
Filename=dd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobfn.html" target=_blank>MYTOB-FN</a> WORM!
Source=Paul Collins Startup list

[D-Link Air USB Utility]
Number=2103
Confirmed=Y
Filename=AirCFG.exe
Description=D-Link wireless PCI adapter related
Source=Paul Collins Startup list

[D-Link Air Utility]
Number=2104
Confirmed=Y
Filename=AirCFG.exe
Description=D-Link wireless PCI adapter related
Source=Paul Collins Startup list

[D-Link AirPlus DWL-650+ Utility]
Number=2105
Confirmed=N
Filename=WLANMON.exe
Description=D-Link Air Plus Wireless PC modem connection monitor
Source=Paul Collins Startup list

[D-Link AirPlus G]
Number=2106
Confirmed=Y
Filename=AirGCFG.exe
Description=D-Link Airplus Wireless Router driver
Source=Paul Collins Startup list

[D-Link AirPlus G Wireless Utility]
Number=2107
Confirmed=Y
Filename=AirPlus.exe
Description=D-Link <a href="http://www.dlink.com/products/category.asp?cid=1&sec=0#cid_75" target="_blank">AirPlus G</a> wireless configuration and monitoring utility
Source=Paul Collins Startup list

[D-Link AirPlus XtremeG]
Number=2108
Confirmed=U
Filename=AirPlusCFG.exe
Description=D-Link AirPlus XtremeG wireless configuration utility
Source=Paul Collins Startup list

[D066UUtility]
Number=2109
Confirmed=N
Filename=D066UUTY.EXE
Description=TWAIN driver for the CanoScan D660U flatbed scanner. Start scanning via your scanner management software
Source=Paul Collins Startup list

[D3**.exe [* = random char]]
Number=2110
Confirmed=X
Filename=D3**.exe [* = random char]
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
Source=Paul Collins Startup list

[D3**32.exe [* = random char]]
Number=2111
Confirmed=X
Filename=D3**32.exe [* = random char]
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
Source=Paul Collins Startup list

[d3dupdate.exe]
Number=2112
Confirmed=X
Filename=bbeagle.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-011815-3332-99" target="_blank">BEAGLE.A</a> WORM!
Source=Paul Collins Startup list

[D4]
Number=2113
Confirmed=U
Filename=D4.exe
Description=<a href="http://www.thinkman.com/dimension4/index.html" target="_blank">Dimension 4</a> - network time synchronization freeware - starts-up, adjusts the system clock, then shuts down
Source=Paul Collins Startup list

[dabrun]
Number=2114
Confirmed=X
Filename=rundll32.exe [path] dabapi.dll, Rundll32
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=SinaUpdateCenter&threatid=91264" target="_blank">SinaUpdateCenter</a> adware
Source=Paul Collins Startup list

[DACONFIGEXE]
Number=2115
Confirmed=N
Filename=daconfig.exe
Description=3Com NIC Diagnostics. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[DadApp]
Number=2116
Confirmed=Y
Filename=dadapp.exe
Description=&quot;DadApp is the SW utility that controls the programmable buttons on Dell Laptops. Not required, but should be left in because it can create a hassle and doesn't always restore functionality to those buttons once unchecked and rechecked&quot; - direct from Dell
Source=Paul Collins Startup list

[Daemon]
Number=2117
Confirmed=N
Filename=DAEMON32.EXE
Description=Pre-loads game profiles for MS Sidewinder game controllers prior to release 2.0 of the software. Recommend upgrade. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[Daemon]
Number=2118
Confirmed=U
Filename=Daemon.exe
Description=<a href="http://www.daemon-tools.net/main.htm" target="_blank">Daemon Tools</a> - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive
Source=Paul Collins Startup list

[Daemon]
Number=2119
Confirmed=X
Filename=daemon.exe c daemon2.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031320-4753-99" target=_blank>SELOTIMA.A</a> WORM!
Source=Paul Collins Startup list

[DAEMON Tools-1033]
Number=2120
Confirmed=U
Filename=Daemon.exe
Description=<a href="http://www.daemon-tools.net/main.htm" target="_blank">Daemon Tools</a> - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive
Source=Paul Collins Startup list

[Daily Planner]
Number=2121
Confirmed=N
Filename=dayplan.exe
Description=Daily Planner - discontinued, and now part of <a href="http://www.kmcsonline.com/index.html" target="_blank">KMCS Deluxe System Suite</a>. Tool to plan your days, and check activities off as you complete them
Source=Paul Collins Startup list

[Daily Weather Forecast]
Number=2122
Confirmed=X
Filename=weather.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderip.html" target= blank>DLOADER-IP</a> TROJAN!
Source=Paul Collins Startup list

[DamedWare Services]
Number=2123
Confirmed=X
Filename=dwdrce.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaoj.html" target=_blank>RBOT-AOJ</a> WORM!
Source=Paul Collins Startup list

[Dancer]
Number=2124
Confirmed=U
Filename=DncLE.exe
Description=Part of Microsoft Plus! Digital Media Edition - see <a href="http://www.microsoft.com/windows/plus/dme_more/moreupdates.asp" target=_blank>here</a>
Source=Paul Collins Startup list

[Danton*]
Number=2125
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032114-0525-99" target="_blank">DANTON</a> TROJAN! where * = random number
Source=Paul Collins Startup list

[Dap]
Number=2126
Confirmed=N
Filename=DAP.exe
Description=<a href="http://www.speedbit.com/" target="_blank">Download Accelerator Plus</a> from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start -> Programs. Note that the free version is adware based
Source=Paul Collins Startup list

[dark]
Number=2127
Confirmed=X
Filename=imgst.scr
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050210-0214-99" target="_blank">BANCOS.U</a> TROJAN!
Source=Paul Collins Startup list

[dark]
Number=2128
Confirmed=X
Filename=imgrt.scr
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanfh.html" target=_blank>BANCBAN-FH</a> TROJAN!
Source=Paul Collins Startup list

[dark]
Number=2129
Confirmed=X
Filename=csrs.scr
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbangt.html" target=_blank>BANCBAN-GT</a> or <a href="http://www.sophos.com/virusinfo/analyses/trojbancbangu.html" target=_blank>BANCBAN-GU</a> TROJANS!
Source=Paul Collins Startup list

[DarkDevil.Grasiele.BR]
Number=2130
Confirmed=X
Filename=Grasiele.VBS
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081314-3600-99" target="_blank">LEMBRA</a> WORM!
Source=Paul Collins Startup list

[DarKNesS LsasS]
Number=2131
Confirmed=X
Filename=LsasS23.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[DashIE]
Number=2132
Confirmed=?
Filename=N/A
Description=<font color="#FF0000">Could be related to &quot;Dash Power Shopping&quot; tool bar in IE?</font>
Source=Paul Collins Startup list

[dasxdads]
Number=2133
Confirmed=X
Filename=fsdqd.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-090917-0113-99" target="_blank">GAOBOT.BIQ</a> WORM!
Source=Paul Collins Startup list

[Data]
Number=2134
Confirmed=X
Filename=System.dat.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092517-0351-99" target="_blank">BISCUIT.A</a> WORM!
Source=Paul Collins Startup list

[data]
Number=2135
Confirmed=X
Filename=msngs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadq.html" target=_blank>RBOT-ADQ</a> WORM!
Source=Paul Collins Startup list

[Data LifeGuard]
Number=2136
Confirmed=N
Filename=BACKWE~1.EXE
Description=Data LifeGuard diagnostic tools for Western Digital's series of hard drives
Source=Paul Collins Startup list

[Data LifeGuard LifeLine Lite installer]
Number=2137
Confirmed=N
Filename=DLGLI.EXE
Description=Backweb installer - see <a href="http://www.cexx.org/dlgli.htm" target="_blank"> here</a>
Source=Paul Collins Startup list

[Data Restore Service]
Number=2138
Confirmed=X
Filename=prq8.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042215-3749-99" target= blank>KELVIR.AI</a> WORM!
Source=Paul Collins Startup list

[Data789]
Number=2139
Confirmed=X
Filename=Regedit.exe ....data789.tmp
Description=Homepage hijacker
Source=Paul Collins Startup list

[DATABASE MySql]
Number=2140
Confirmed=X
Filename=[path] repcale.exe [path] beird.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDON.AN" target="_blank">RANDON.AN</a> WORM!
Source=Paul Collins Startup list

[DataCaching]
Number=2141
Confirmed=N
Filename=FlashKsk.exe
Description=<a href="http://www.smartdisk.com" target="_blank">SmartMedia Card</a> management from the installation of a SanDisk reader for a camera's SmartMedia card and also adds the &quot;Unplug and Eject Hardware&quot; System Tray icon
Source=Paul Collins Startup list

[DataKeeper]
Number=2142
Confirmed=U
Filename=DataKeeper.exe
Description=PowerQuest DataKeeper (now owned by <a href="http://www.symantec.com/" target="_blank">Symantec</a>) backup software
Source=Paul Collins Startup list

[DataLayer]
Number=2143
Confirmed=U
Filename=DataLayer.exe
Description=Nokia PC Suite 5 - "A collection of powerful tools that you can use to manage your phone features and data." Synchronize the phone with, for example Outlook. You can also use it to browse your phone, edit the phone list and so on
Source=Paul Collins Startup list

[DataViz Inc Messenger]
Number=2144
Confirmed=X
Filename=DvzIncMsgr.exe
Description=Installed with <a href="http://www.dataviz.com/products/documentstogo/" target= blank>DataViz</a> "Documents to Go" software
Source=Paul Collins Startup list

[DataViz Messenger]
Number=2145
Confirmed=N
Filename=DvzMsgr.exe
Description=<a href="http://www.dataviz.com/products/documentstogo/" target="_blank">DataViz Documents to Go</a> - &quot;allows you to use your Word, Excel and PowerPoint files on your handheld anywhere, anytime. In addition, it now synchronizes e-mail with attachments, PDF files, pictures and Excel-like charts&quot;
Source=Paul Collins Startup list

[Datcheck]
Number=2146
Confirmed=X
Filename=datcheck.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2001-010412-0842-99" target="_blank">KEYPANIC</a> TROJAN!
Source=Paul Collins Startup list

[Date Manager]
Number=2147
Confirmed=X
Filename=datemanager.exe
Description=Date Manager - calender program. Spyware/adware based provided by The Gator Corporation. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
Source=Paul Collins Startup list

[Datechecker]
Number=2148
Confirmed=?
Filename=N/A
Description=<font color="#FF0000">Could be related to <a href="http://www.simtel.net/pub/pd/9379.html" target="_blank">this</a>?</font>
Source=Paul Collins Startup list

[DateMakerIntl]
Number=2149
Confirmed=X
Filename=DateMakerIntl.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list

[DAupdate]
Number=2150
Confirmed=X
Filename=DAupdate.exe
Description=NavEnhance adware
Source=Paul Collins Startup list

[DAW9532.exe]
Number=2151
Confirmed=?
Filename=DAW9532.EXE
Description=Loaded during installation of some 3Com network cards. Enables their DynamicAccess desktop management software. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list

[DayToday]
Number=2152
Confirmed=U
Filename=DAYTODAY.EXE
Description=<a href="http://www.locutuscodeware.com/daytoday.htm" target="_blank">DayToday</a> from RoboMagic Software Corp. Displays the date on the taskbar
Source=Paul Collins Startup list

[DAZEL Delivery Agent]
Number=2153
Confirmed=U
Filename=DcDaemon.exe
Description=Control and send documents, etc, to any destination. The Dazel Corporation has now been taken over by HP
Source=Paul Collins Startup list

[dbserv]
Number=2154
Confirmed=N
Filename=dbserv.exe
Description=Database Server for Norton Ghost on Win2k Pro. Ghost works fine when it is disabled
Source=Paul Collins Startup list

[DC6_Check]
Number=2155
Confirmed=N
Filename=uwasdc.exe
Description=WinAntiSpyware 2006 spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[DC6_check]
Number=2156
Confirmed=N
Filename=dc6_startupmon.exe
Description=WinAntiVirus 2006 virus software - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[dc6_check]
Number=2157
Confirmed=N
Filename=dcmon.exe
Description=<a href="http://www.symantec.com/smb/security_response/writeup.jsp?docid=2006-062015-2622-99" target="_blank">SystemDoctor</a> is a Security Risk that may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported threats
Source=Paul Collins Startup list

[DCE Manager]
Number=2158
Confirmed=X
Filename=dcemgr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032112-1138-99" target="_blank">TUMAG</a> TROJAN!
Source=Paul Collins Startup list

[DCfssvc]
Number=2159
Confirmed=U
Filename=dcfssvc.exe
Description=Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can't load pictures from your camera/dock - Kodak's dock is an example
Source=Paul Collins Startup list

[dcfssve]
Number=2160
Confirmed=U
Filename=dcfssvc.exe
Description=Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can't load pictures from your camera/dock - Kodak's dock is an example
Source=Paul Collins Startup list

[Dcom System Patch]
Number=2161
Confirmed=X
Filename=Microsoft.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDEX.MS&VSect=P" target=_blank>RANDEX.MS</a> WORM!
Source=Paul Collins Startup list

[dcsm]
Number=2162
Confirmed=N
Filename=dcsm.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-062217-0726-99" target="_blank">DriveCleaner</a> is a security assesment tool which gives exaggerated reports of security and privacy risks on a computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported risks
Source=Paul Collins Startup list

[DDCActiveMenu]
Number=2163
Confirmed=N
Filename=DDCActiveMenu.exe
Description=Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
Source=Paul Collins Startup list

[DDCM]
Number=2164
Confirmed=N
Filename=DDCMan.exe
Description=Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
Source=Paul Collins Startup list

[DDCMan]
Number=2165
Confirmed=N
Filename=DDCMan.exe
Description=Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
Source=Paul Collins Startup list

[ddeproc]
Number=2166
Confirmed=X
Filename=ddeproc.exe
Description=Webcelerator from eAcceleration speeds your Web browsing by both remembering where you have been and anticipating where you will go. Only needed if you find it improves web browsing. Now no longer available and supported and when available was classed as spyware - see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">here</a>
Source=Paul Collins Startup list

[ddhelper]
Number=2167
Confirmed=U
Filename=W815DM.EXE
Description=Enuff Parental Control Software by <a href="http://www.akrontech.com/" target=_blank>Akrontech</a>
Source=Paul Collins Startup list

[DDialler]
Number=2168
Confirmed=X
Filename=DDialler.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[DDriver]
Number=2169
Confirmed=X
Filename=windrv.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DELF.WG" target="_blank">DELF.WG</a> TROJAN!
Source=Paul Collins Startup list

[DDT]
Number=2170
Confirmed=?
Filename=N/A
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[de32gen]
Number=2171
Confirmed=X
Filename=de32gen.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list

[DeadAIM]
Number=2172
Confirmed=N
Filename=rundll32.exe DeadAIM.ocm, ExportedCheckODLs
Description=<a href="http://www.jdennis.net/DeadAIM/about.php" target="_blank">DeadAIM</a> - feature enhancing product for AOL's Instant Messenger program
Source=Paul Collins Startup list

[DealHelperBrwsr]
Number=2173
Confirmed=X
Filename=dhbrwsr.exe
Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.dealhelper.html" target="_blank">DealHelper</a> adware
Source=Paul Collins Startup list

[DealHelperDown]
Number=2174
Confirmed=X
Filename=download.exe
Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.dealhelper.html" target="_blank">DealHelper</a> adware
Source=Paul Collins Startup list

[DealHelperUpdate]
Number=2175
Confirmed=X
Filename=DHUpdt.exe
Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.dealhelper.html" target="_blank">DealHelper</a> adware
Source=Paul Collins Startup list

[Death.exe]
Number=2176
Confirmed=X
Filename=Death.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelferw.html" target="_blank">DELF-ERW</a> TROJAN!
Source=Paul Collins Startup list

[Debug]
Number=2177
Confirmed=X
Filename=DebugW32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-062416-3732-99" target=_blank>GUBED</a> TROJAN!
Source=Paul Collins Startup list

[Debugger]
Number=2178
Confirmed=X
Filename=dbg32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobfw.html" target=_blank>MYTOB-FW</a> WORM!
Source=Paul Collins Startup list

[Debugger]
Number=2179
Confirmed=X
Filename=explorer32dbg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcwsm.html" target=_blank>CWS-M</a> TROJAN!
Source=Paul Collins Startup list

[Debugger]
Number=2180
Confirmed=X
Filename=iexplore_dbg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcwsm.html" target=_blank>CWS-M</a> TROJAN!
Source=Paul Collins Startup list

[debugger]
Number=2181
Confirmed=X
Filename=help.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delfdra.html" target="_blank">DELF-DRA</a> WORM!
Source=Paul Collins Startup list

[DebugMonitor]
Number=2182
Confirmed=X
Filename=debugmonitor.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031923-1433-99" target="_blank">MYDOOM.BG</a> WORM!
Source=Paul Collins Startup list

[DeeEnEs]
Number=2183
Confirmed=U
Filename=DeeEnEs.exe
Description=<a href="http://www.palacio-cristal.com/products/DeeEnEs/" target=_blank>DeeEnEs</a> - automatically updates a dynamic IP address when it changes
Source=Paul Collins Startup list

[deejay]
Number=2184
Confirmed=X
Filename=forboo.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotay.html" target="_blank">FORBOT-AY</a> WORM!
Source=Paul Collins Startup list

[Default]
Number=2185
Confirmed=X
Filename=explore.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030216-1808-99" target=_blank>ALLEM</a> WORM!
Source=Paul Collins Startup list

[Default]
Number=2186
Confirmed=X
Filename=mtask.vbe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030216-1808-99" target=_blank>ALLEM</a> WORM!
Source=Paul Collins Startup list

[default]
Number=2187
Confirmed=X
Filename=shell32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030215-5059-99" target=_blank>BINGHE</a> TROJAN!
Source=Paul Collins Startup list

[Default System Research]
Number=2188
Confirmed=X
Filename=vhchost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-090114-1936-99" target="_blank">TARNO.I</a> TROJAN!
Source=Paul Collins Startup list

[Default web browser]
Number=2189
Confirmed=X
Filename=IexpIore.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojoblivionb.html" target="_blank">OBLIVION.B</a> TROJAN! Note - do not confuse &quot;IexpIore.exe&quot; with &quot;iexplore.exe&quot; (Internet Explorer), the first has a captial &quot;i&quot; in place of lower case &quot;L&quot;
Source=Paul Collins Startup list

[Default_Page_URL]
Number=2190
Confirmed=X
Filename=http://find.naupoint.com
Description=<a href="http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx" target=_blank>Naupoint</a> browser hijacker
Source=Paul Collins Startup list

[Default_Search_URL]
Number=2191
Confirmed=X
Filename=http://find.naupoint.com
Description=<a href="http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx" target=_blank>Naupoint</a> browser hijacker
Source=Paul Collins Startup list

[defender]
Number=2192
Confirmed=X
Filename=defender25.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453097507" target="_blank">DollarRevenue</a> adware
Source=Paul Collins Startup list

[defender]
Number=2193
Confirmed=X
Filename=dfndref_7.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=DollarRevenue&threatid=42948" target="_blank">DollarRevenue</a> adware
Source=Paul Collins Startup list

[defergui]
Number=2194
Confirmed=?
Filename=defergui.exe
Description=Related to IBM Standard Software Installer.  <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[defragm_check]
Number=2195
Confirmed=X
Filename=defragment.exe
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list

[defragsys]
Number=2196
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifroseth.html" target="_blank">BIFROSE-TH</a> TROJAN!  Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[defwatch]
Number=2197
Confirmed=U
Filename=defwatch.exe
Description=Detects out-of-date virus definitions for Norton Anti-Virus Corporate Edition and runs the Defwatch Wizard. Only required if you don't update the virus definitions manually on a regular basis
Source=Paul Collins Startup list

[Deko550]
Number=2198
Confirmed=U
Filename=Deko550.exe
Description=Associated with the <a href="http://www.avid.com/products/deko550/" target="_blank">Deko550</a> entry-level SD real-time graphics system from Avid Technology
Source=Paul Collins Startup list

[Delay]
Number=2199
Confirmed=U
Filename=delayrun.exe
Description=On HP PCs this program is used to help prevent conflicts or timing issues on fast computers
Source=Paul Collins Startup list

[Delayrun]
Number=2200
Confirmed=U
Filename=delayrun.exe
Description=On HP PCs this program is used to help prevent conflicts or timing issues on fast computers
Source=Paul Collins Startup list

[delcab]
Number=2201
Confirmed=?
Filename=deltreew.exe C:\cabs
Description=<font color="#FF0000">??<font>
Source=Paul Collins Startup list

[Delete Me]
Number=2202
Confirmed=X
Filename=worm.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-021218-1022-99" target="_blank">DOOMHUNTER</a> WORM!
Source=Paul Collins Startup list

[DeleteHistoryFree]
Number=2203
Confirmed=U
Filename=dhf.exe
Description=<a href="http://www.deletehistoryfree.com/" target=_blank>Delete History Free</a> - "Privacy protection software for deleting Internet surfing and other computer activity tracks from your PC"

Source=Paul Collins Startup list

[Dell AIO Printer A***]
Number=2204
Confirmed=N
Filename=dlbabmgr.exe
Description=Dell AIO Printer A*** related (*** = model). Not Required at Startup
Source=Paul Collins Startup list

[Dell AIO Printer A***]
Number=2205
Confirmed=N
Filename=dlbfbmgr.exe
Description=Dell AIO Printer A*** related (*** = model). Not Required at Startup
Source=Paul Collins Startup list

[Dell AIO Printer A***]
Number=2206
Confirmed=N
Filename=dlbkbmgr.exe
Description=Dell AIO Printer A*** related (*** = model). Not Required at Startup
Source=Paul Collins Startup list

[Dell Alert]
Number=2207
Confirmed=N
Filename=DAMon.exe
Description=&quot;Dell Alert&quot; utility, that's supposed to make interaction with Support easier
Source=Paul Collins Startup list

[Dell Photo AIO Printer 922]
Number=2208
Confirmed=?
Filename=dlbtbmgr.exe
Description=Dell Photo AIO Printer 922 Device Monitor. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list

[Dell Photo AIO Printer 942]
Number=2209
Confirmed=?
Filename=dlbubmgr.exe
Description=Dell Photo AIO Printer 942 Device Monitor. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list

[Dell Photo AIO Printer 962]
Number=2210
Confirmed=?
Filename=dlbxmon.exe
Description=Dell Photo AIO Printer 962 Device Monitor. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list

[Dell QuickSet]
Number=2211
Confirmed=N
Filename=quickset.exe
Description=Dell taskbar icon allowing you to quickly change settings
Source=Paul Collins Startup list

[Dell Wireless Manager UI]
Number=2212
Confirmed=U
Filename=WLTRAY
Description=Installed alongside Dell Wireless WLAN Card and provides additional configuration options for these devices
Source=Paul Collins Startup list

[Dell Wireless Manager UI]
Number=2213
Confirmed=N
Filename=wltray.exe
Description=System tray access to wireless LAN card configuration options

Source=Paul Collins Startup list

[DellDMI]
Number=2214
Confirmed=?
Filename=delldmi.exe
Description=<font color="#FF0000">Possibly part of <a href="http://docs.us.dell.com/support/edocs/software/smcliins/cli60/en/ug/intro.htm" target="_blank">Dell OpenManage Client Instrumentation</a> - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards?</font>
Source=Paul Collins Startup list

[DELLMMKB]
Number=2215
Confirmed=U
Filename=DELLMMKB.EXE
Description=Multimedia keyboard control for Dell based PCs - only required if you use the multimedia keys
Source=Paul Collins Startup list

[DellSC]
Number=2216
Confirmed=N
Filename=dellsc.exe
Description=Dell Solution Center - web-based troubleshooting tools and educational offerings
Source=Paul Collins Startup list

[DellSupport]
Number=2217
Confirmed=U
Filename=DSAgnt.exe
Description=Dell Support Agent offers additional support and update features for your Dell computer or laptop
Source=Paul Collins Startup list

[DellTouch]
Number=2218
Confirmed=U
Filename=MMKeybd.exe
Description=Dell multimedia keyboard manager. Required if you use the additional keys
Source=Paul Collins Startup list

[DellTouch]
Number=2219
Confirmed=U
Filename=DELLMMKB.EXE
Description=Multimedia keyboard control for Dell based PCs - only required if you use the multimedia keys
Source=Paul Collins Startup list

[delmsbb]
Number=2220
Confirmed=X
Filename=delmsbb.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=180solutions.NCase&threatid=8869" target="_blank">NCase</a> adware
Source=Paul Collins Startup list

[delsaap]
Number=2221
Confirmed=X
Filename=delsaap.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=180solutions.NCase&threatid=8869" target="_blank">NCase</a> adware
Source=Paul Collins Startup list

[delstart]
Number=2222
Confirmed=?
Filename=delstart.exe
Description=Reportedly part of BT ISP software - <font color="#FF0000">what does it do and is it required in startup?</font>
Source=Paul Collins Startup list

[delsubmit]
Number=2223
Confirmed=X
Filename=rundll32.exe advpack.dll, DelNodeRunDLL32 submit.exe
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list

[DelTmp]
Number=2224
Confirmed=?
Filename=DelTemp.exe
Description=Added to the startup list after installing a Creative SoundBlaster Audigy soundcard. <font color="#FF0000">Deletes temporary files once an installation is complete?</font>
Source=Paul Collins Startup list

[DeltTray]
Number=2225
Confirmed=N
Filename=deltray.exe
Description=System Tray access to the control panel for the M-Audio <a href="http://www.m-audio.com/products/en_us/Delta44-main.html" target="_blank">Delta 44</a> PCI Analog Recording Interface. Available via a desktop shortcut, Start -> Programs or Start -> Settings -> Control Panel
Source=Paul Collins Startup list

[DeluxeCommunications]
Number=2226
Confirmed=X
Filename=Dxc.exe
Description=Deluxe Communications, a <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112118-0309-99" target="_blank">SurfSideKick</a> adware variant
Source=Paul Collins Startup list

[DELXP Protocol]
Number=2227
Confirmed=X
Filename=delxp.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[demon]
Number=2228
Confirmed=?
Filename=demon.exe
Description=Part of the French Wanadoo ADSL extense pack. <font color="#FF0000"> What does it do and is it required?</font>
Source=Paul Collins Startup list

[Deneca]
Number=2229
Confirmed=X
Filename=Virus salvado
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050909-4602-99" target= blank>DELUZ</a> VIRUS!
Source=Paul Collins Startup list

[DepFrez]
Number=2230
Confirmed=U
Filename=frzstate.exe
Description=<a href="http://www.faronics.com/html/deepfreeze.asp" target="_blank">Deep Freeze</a> from Faronics Coporation. "Freezes" the current software configuration so that an a re-boot all changes made refer back to their original settings. Not required for most users - more likely to be used by system administrators, for example
Source=Paul Collins Startup list

[Description of Shortcuts]
Number=2231
Confirmed=?
Filename=*.exe
Description=<font color="#FF0000">* seems to be a sequence of alphanumerics that can be different, i.e., 1960F8A9, 4EBD23F5, etc. Each of these files would appear to be a shortcut, i.e., 4EBD23F5 is actually Works Calender Reminder (found via a registry search)</font>
Source=Paul Collins Startup list

[Desire]
Number=2232
Confirmed=X
Filename=desires.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[desk-top-service]
Number=2233
Confirmed=?
Filename=desk-top-service.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[DeskAd Service]
Number=2234
Confirmed=X
Filename=DeskAdServ.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453090749" target= blank>DeskAd.Service</a> adware
Source=Paul Collins Startup list

[DeskColor]
Number=2235
Confirmed=N
Filename=DESKCOLOR.EXE
Description=Provides transparent icon text backgrounds and coloured icon text
Source=Paul Collins Startup list

[Deskflag]
Number=2236
Confirmed=N
Filename=Deskflag.exe
Description=<a href="http://www.deskflag.com/" target="_blank">DeskFlag</a> - animated USA flag on the desktop
Source=Paul Collins Startup list

[DeskMateAutoUpdate]
Number=2237
Confirmed=X
Filename=DeskMateAutoUpdate.exe
Description=DeskMates: Virtual scantily clad girls enhance your desktop. <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453068324" target=_blank>BargainBuddy</a> adware related
Source=Paul Collins Startup list

[Desksite CMA]
Number=2238
Confirmed=U
Filename=cma.exe
Description=DeskSite CMA siftware - "retrieves new content from the DeskSite Data Center"
Source=Paul Collins Startup list

[Desktop]
Number=2239
Confirmed=X
Filename=rundll32.exe msconfd.dll, Restore ControlPanel
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-122014-1527-99" target="_blank">BOOKMARKER</a> TROJAN!
Source=Paul Collins Startup list

[desktop]
Number=2240
Confirmed=X
Filename=desktop.exe
Description=Added by the <a href="http://www.f-secure.com/v-descs/sdbot_md.shtml" target=_blank>SDBOT.MD</a> WORM!
Source=Paul Collins Startup list

[Desktop]
Number=2241
Confirmed=X
Filename=Desktop.com
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vbdrn.html" target="_blank">VB-DRN</a> WORM!
Source=Paul Collins Startup list

[Desktop Architect]
Number=2242
Confirmed=N
Filename=DATRAY.EXE
Description=Desktop theme manager available <a href="http://www.pcworld.com/downloads/file/fid,6503-order,1-page,1-c,alldownloads/description.html" target="_blank">here</a> - for managing the desktop appearance, fonts, sounds, etc
Source=Paul Collins Startup list

[Desktop Plant]
Number=2243
Confirmed=N
Filename=AZARE10S.PLT
Description=Vritual plant from <a href="http://www.desksoft.com/DesktopPlant.htm" target="_blank">here</a> - this version is an Azalea, there are others so the filename may be different
Source=Paul Collins Startup list

[Desktop Search]
Number=2244
Confirmed=X
Filename=desktop.exe
Description=<a href="http://vil.nai.com/vil/content/v_133320.htm" target="_blank">iSearch</a> "Desktop Search" hijacker
Source=Paul Collins Startup list

[Desktop Service Centre]
Number=2245
Confirmed=?
Filename=DSC.exe
Description=OptusNet DSL or Dial-Up connection software - <font color="#FF0000">is it required?</font>
Source=Paul Collins Startup list

[Desktop Weather]
Number=2246
Confirmed=N
Filename=THE WEATHER CHANNEL.exe
Description=<a href="http://www.weather.com/services/desktop.html?from=tutorial" target="_blank">Desktop Weather</a> by The Weather Channel - provides current temperature, conditions, alerts, etc
Source=Paul Collins Startup list

[Desktop Weather 3]
Number=2247
Confirmed=N
Filename=THE WEATHER CHANNEL.exe
Description=<a href="http://www.weather.com/services/desktop.html" target="_blank">Desktop Weather 3</a> by The Weather Channel - provides current temperature, conditions, alerts, etc
Source=Paul Collins Startup list

[Desktop Weather 3]
Number=2248
Confirmed=N
Filename=THEWEA~1.EXE
Description=<a href="http://www.weather.com/services/desktop.html" target="_blank">Desktop Weather 3</a> by The Weather Channel - provides current temperature, conditions, alerts, etc
Source=Paul Collins Startup list

[desktopmgr]
Number=2249
Confirmed=N
Filename=desktopmgr.exe
Description=Synchronisation manager for the cradles for the <a href="http://www.rim.net/products/index.shtml" target="_blank">Research In Motion</a> range of wireless handhelds, including the &quot;Blackberry&quot;
Source=Paul Collins Startup list

[DesktopUpdate]
Number=2250
Confirmed=X
Filename=rundll32.exe MSA64CHK.dll, DllMostrar
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MatrixDialer&threatid=14914" target=_blank>MatrixDialer</a> related
Source=Paul Collins Startup list

[DesktopX]
Number=2251
Confirmed=U
Filename=DESKTOPX.EXE
Description=A program that replaces the regular Desktop and Taskbar, and can be changed to the user's liking
Source=Paul Collins Startup list

[deskup]
Number=2252
Confirmed=N
Filename=deskup.exe
Description=Adds Iomega Zip drive icons to the desktop
Source=Paul Collins Startup list

[destroyb11]
Number=2253
Confirmed=X
Filename=destroyb11.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfko.html" target=_blank>DELF-KO</a> TROJAN!
Source=Paul Collins Startup list

[detect]
Number=2254
Confirmed=U
Filename=idetect.exe
Description=<a href="http://www.clasys.com/internet_turbo.html" target="_blank">iNTERNET Turbo</a> from Clasys Ltd. &quot;It accelerates any Windows 95/98/Me/NT/2000/XP internet connection in seconds&quot;. If you find it helps your connectivity leave it enabled
Source=Paul Collins Startup list

[detect]
Number=2255
Confirmed=?
Filename=turbodetect.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Detector]
Number=2256
Confirmed=N
Filename=detector.exe
Description=USB port detector for LG scanners. Sits in the System Tray, and when it detects the scanner through the USB port, you can run the scanner software from the tray. It is not required at all, since you can use the scan software from almost any photo editing software
Source=Paul Collins Startup list

[Development Environment]
Number=2257
Confirmed=X
Filename=devenv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotah.html" target="_blank">DELBOT-AH</a> WORM!
Source=Paul Collins Startup list

[DEventAgent]
Number=2258
Confirmed=U
Filename=eventagt.exe
Description=DEvent Agent Module client - part of Dell OpenManage and used for server management. Only required if you use this
Source=Paul Collins Startup list

[Device Configuration Loader]
Number=2259
Confirmed=X
Filename=msdvc32.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!

Source=Paul Collins Startup list

[Device Detector]
Number=2260
Confirmed=U
Filename=DevDetect.exe
Description=<a href="http://www.acdsee.com/" target="_blank">ACDSee</a> Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically
Source=Paul Collins Startup list

[Device Detector 2]
Number=2261
Confirmed=N
Filename=DevDtct2.exe
Description=Installed by various Olympus products, this program detects the active connection of a speech device (voice recorder, etc) to a USB port then runs specific client software used to access that device. The DevDtct2 process has a "high" priority level which can negatively impact system resources
Source=Paul Collins Startup list

[Device Manager]
Number=2262
Confirmed=X
Filename=wfxmgr.exe
Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Backdoor.Win32.Rbot.aju&threatid=48893" target="_blank">RBOT.AJU</a> WORM!
Source=Paul Collins Startup list

[DeviceDiscovery]
Number=2263
Confirmed=U
Filename=hpotdd01.exe
Description=Detection of new imaging, printing and other peripherals on HP machines such as USB printers, cameras and Bluetooth products. "This program is a non-essential process, but should not be terminated unless suspected to be causing problems"
Source=Paul Collins Startup list

[DevicePath]
Number=2264
Confirmed=X
Filename=Proyecto1.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-071316-1355-99" target="_blank">GRUEL</a> WORM!
Source=Paul Collins Startup list

[DevicePath]
Number=2265
Confirmed=X
Filename=Root.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-071316-1355-99" target="_blank">GRUEL</a> WORM!
Source=Paul Collins Startup list

[Devices]
Number=2266
Confirmed=U
Filename=olesvr.exe
Description=Salfeld <a href="http://www.salfeld.com/software/childcontrol/index.html" target="_blank">Child Control</a> - parental control software
Source=Paul Collins Startup list

[Devicewin]
Number=2267
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankeraev.html" target=_blank>BANKER-AEV</a> TROJAN!
Source=Paul Collins Startup list

[devldr16]
Number=2268
Confirmed=U
Filename=devldr16.exe
Description=Associated with some Creative Labs sound cards.&nbsp; Provides audio support for DOS applications.&nbsp; Not needed if you don't have those. Required if you use &quot;Sound Play Control&quot; and &quot;Sound Recorder&quot;. To disable: (1) Disable via MSCONFIG (2) Start -&gt; Settings -&gt; Control Panel -&gt; System -&gt; Device Manager then disable &quot;Creative SB16 Emulation&quot; under Creative Miscellaneous Devices
Source=Paul Collins Startup list

[devldr16.exe]
Number=2269
Confirmed=U
Filename=devldr16.exe
Description=Associated with some Creative Labs sound cards. Provides audio support for DOS applications. Not needed if you don't have those. Required if you use "Sound Play Control" and "Sound Recorder". To disable: (1) Disable via MSCONFIG (2) Start -> Settings -> Control Panel -> System -> Device Manager then disable "Creative SB16 Emulation" under Creative Miscellaneous Devices
Source=Paul Collins Startup list

[Devlog]
Number=2270
Confirmed=?
Filename=??
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Devlog]
Number=2271
Confirmed=?
Filename=devlog.exe
Description=Apparently mainboard/chipset related, by a French company called AS Media - <font color="#FF0000"> what exactly is it, and is it required</font>
Source=Paul Collins Startup list

[dfgfdgrergd]
Number=2272
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_RANKY.CK" target="_blank">RANKY.CK</a> TROJAN!
Source=Paul Collins Startup list

[DGJM]
Number=2273
Confirmed=?
Filename=DGJM.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[dgtstart]
Number=2274
Confirmed=X
Filename=dgtstart.exe
Description=<a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=80885" target=_blank>DigitalNames.g</a> adware
Source=Paul Collins Startup list

[dguard]
Number=2275
Confirmed=U
Filename=dguard.exe
Description=eAcceleration Stop-Sign security software related. Previously not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">here</a>
Source=Paul Collins Startup list

[DHCP Server]
Number=2276
Confirmed=X
Filename=regsvr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpr.html" target=_blank>RBOT-PR</a> WORM!
Source=Paul Collins Startup list

[dhcpagnt]
Number=2277
Confirmed=Y
Filename=dhcpagnt.exe
Description=Intel DSL modem driver - leave enabled or you'll have to re-install the drivers
Source=Paul Collins Startup list

[DHNUXB]
Number=2278
Confirmed=?
Filename=DHNUXB.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[diagent]
Number=2279
Confirmed=N
Filename=diagent.exe
Description=System Tray access for Creative Diagnostics for the Creative SoundBlaster series soundcards. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[Diagnostic]
Number=2280
Confirmed=X
Filename=diagnostic.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojalphac.html" target="_blank">ALPHA-C</a> TROJAN!
Source=Paul Collins Startup list

[Dial22]
Number=2281
Confirmed=X
Filename=dlm.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[Dial33]
Number=2282
Confirmed=X
Filename=dlm.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[Dialer]
Number=2283
Confirmed=X
Filename=rundll32.exe msa32chk.dll
Description=Unidentfied malware
Source=Paul Collins Startup list

[Dialer Control]
Number=2284
Confirmed=U
Filename=dc.exe
Description=<a href="http://www.dialer-control.de/" target="_blank">Dialer-Control</a>. Detects and protects from premium rate p0rn diallers
Source=Paul Collins Startup list

[Dialer Detect]
Number=2285
Confirmed=U
Filename=dd.exe
Description=<a href="http://www.dialerdetect.nl/english/main.htm" target=_blank>DialerDetect</a> detects stealth installed premium rate diallers, and sounds the alarm when such a connection is being installed without you knowing it

Source=Paul Collins Startup list

[Dialgo SDK]
Number=2286
Confirmed=U
Filename=PhoneAnswer.exe
Description=Dialgo Wave Modem ActiveX - "Telephone Answering Machine for scripting your own professional call center business scripts using a voice modem. Features Caller-ID, Wave Playback, Wave Recording, Digit Monitoring, POP3 e-mail Manipulation, Speech Recognition and Synthesis"
Source=Paul Collins Startup list

[DialNet]
Number=2287
Confirmed=X
Filename=mxt32.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[Dialog Box Assistant]
Number=2288
Confirmed=N
Filename=OSDEx.exe
Description=<a href="http://www.win-utilities.com/dba/" target="_blank">Dialog Box Assistant</a> from Duality Software. Helps with the standard Open and Save As dialog boxes by showing recently used files and folders
Source=Paul Collins Startup list

[Dialog Helper]
Number=2289
Confirmed=N
Filename=PDDLGHLP.EXE
Description=Dialog Helper from PowerDesk Pro by <a href="http://www.ontrack.com/" target="_blank">Ontrack</a>. Helps with the standard Open and Save As dialog boxes by showing recently used files and folders. Available via Start -> Programs
Source=Paul Collins Startup list

[DialUp Network Application]
Number=2290
Confirmed=X
Filename=Rnaap.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Diamondview]
Number=2291
Confirmed=?
Filename=Diamondview.exe
Description=Manulife Financial Insurance program. <font color="#FF0000">Is it required at startup?<font>
Source=Paul Collins Startup list

[DIECOX]
Number=2292
Confirmed=X
Filename=csrss.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100826.htm" target="_blank">ATM.GEN</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[Diesel]
Number=2293
Confirmed=X
Filename=Recalculate.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022716-1619-99" target=_blank>LAZAR</a> TROJAN!
Source=Paul Collins Startup list

[DietK]
Number=2294
Confirmed=U
Filename=DietK.exe
Description=Diet Kazaa add-on for Kazaa Media Desktop - "removes all adware and popups, built in Download Accelerator, makes searches faster and helps produce more results" 
Source=Paul Collins Startup list

[DigiCell]
Number=2295
Confirmed=U
Filename=DigiCell.exe
Description=MSI DigiCell - "the most useful and powerful utility that MSI has spent much research and efforts to develop, helps users to monitor and configure all the integrated peripherals of the system, such as audio program, power management, MP3 files management and communication / 802.11g WLAN settings. Moreover, with this unique utility, you will be able to activate the MSI well-known features, Live Update and Core Center"
Source=Paul Collins Startup list

[DigiD]
Number=2296
Confirmed=X
Filename=DigitalSound.exe
Description=Adware downloader

Source=Paul Collins Startup list

[DigiGuide]
Number=2297
Confirmed=N
Filename=CLIENT.EXE
Description=TV guide and reminder
Source=Paul Collins Startup list

[DigiGuide]
Number=2298
Confirmed=N
Filename=client01.exe
Description=TV guide and reminder
Source=Paul Collins Startup list

[Digisoft AntiDialer]
Number=2299
Confirmed=U
Filename=AntiDialer.exe
Description=Digisoft <a href="http://www.digisoft.cc/antidialer.asp" target="_blank">AntiDialer</a>
Source=Paul Collins Startup list

[DigiSrv]
Number=2300
Confirmed=U
Filename=DigiSrv.exe
Description=Related to camera software from <a href="http://www.digitaldreamco.com/en/index.shtml" target=_blank>DigitalDreams</a>
Source=Paul Collins Startup list

[Digital Dashboard]
Number=2301
Confirmed=N
Filename=devgulp.exe
Description=For Compaq PC's. Loads Digital Dashboard options
Source=Paul Collins Startup list

[Digital Line Detect]
Number=2302
Confirmed=N
Filename=DLG.exe
Description=Detects whether your are plugged into a digital telephone line and displays the information graphically. Installed by Dell (and maybe others) and is included with all Connexant V.92 and Broadcom modems
Source=Paul Collins Startup list

[Digital River eBot]
Number=2303
Confirmed=N
Filename=downlo~1.exe
Description=Digital River Systems EBOT for downloading software from their site. In some cases, if you purchase software online for a download from a software manufacturer, you will be sent to this online company's site for the download after the purchase is complete. Read more <a href="http://groups.google.com/group/microsoft.public.win98.setup/browse_frm/thread/b93fc838492e3bba/b2c2f47bc1cc42ed?hl=en&rnum=3&prev=/groups%3Fq%3DDigital%2BRiver%2BeBot%26btnG%3DGoogle%2BSearch%26hl%3Den#b2c2f47bc1cc42ed" target="_blank">here</a>
Source=Paul Collins Startup list

[DigitalNames]
Number=2304
Confirmed=X
Filename=DigitalNamesStart.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-101109-1008-99" target=_blank>DigitalNames</a> spyware variant
Source=Paul Collins Startup list

[DigitalWizard]
Number=2305
Confirmed=N
Filename=ISWizard.exe
Description=InstallShield's DigitalWizard - free, complete Digital Content Management Solution that makes it easy to experience digital content
Source=Paul Collins Startup list

[DigitalWizard Monitor]
Number=2306
Confirmed=N
Filename=dwMon.exe
Description=InstallShield's DigitalWizard - free, complete Digital Content Management Solution that makes it easy to experience digital content
Source=Paul Collins Startup list

[DIGServices]
Number=2307
Confirmed=U
Filename=DIGServices
Description=Created by Disney but licensed to ESPN for watching videos
Source=Paul Collins Startup list

[DIGStream]
Number=2308
Confirmed=N
Filename=digstream.exe
Description=DIGStream Cache Manager - part of <a href="http://espn.go.com/motion/download.html" target="_blank">ESPN Motion</a> and <a href="http://disney.go.com/guestservices/disneymotion/about.html" target="_blank"> Disney Motion</a> that periodically check for new videos and indication they're available in the System Tray. Starting ESPN Motion/Disney Motion starts digstream automatically
Source=Paul Collins Startup list

[Dimension]
Number=2309
Confirmed=U
Filename=Dimension.exe
Description=Dimension - a program which lets you customize MSN messenger such as adding animated and coloured nicknames, personal toast creator, war tools (login flooder), and allows viewing and interacting with the raw MSN protocol
Source=Paul Collins Startup list

[Dimension4]
Number=2310
Confirmed=U
Filename=d4.exe
Description=<a href="http://www.thinkman.com/dimension4/index.html" target="_blank">Dimension 4</a> - network time synchronization freeware - starts-up, adjusts the system clock, then shuts down
Source=Paul Collins Startup list

[Dino3]
Number=2311
Confirmed=X
Filename=dino3.exe
Description=Related to Jurassic Park III and enables a dinosaur to walk across the screen. Also generates adverts and classified as adware as a result
Source=Paul Collins Startup list

[Dinst]
Number=2312
Confirmed=X
Filename=dinst.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080410-4405-99" target=_blank>IMIServer/IEPlugin</a> adware
Source=Paul Collins Startup list

[Dir1]
Number=2313
Confirmed=X
Filename=caKe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091116-4057-99" target="_blank">CAKE</a> WORM!
Source=Paul Collins Startup list

[Direct settings]
Number=2314
Confirmed=X
Filename=sdchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdaemonii.html" target=_blank>DAEMONI-I</a> TROJAN!
Source=Paul Collins Startup list

[Direct Update]
Number=2315
Confirmed=U
Filename=DUControl.exe
Description=<a href="http://www.directupdate.net/" target="_blank">DirectUpdate</a> dynamic DNS updater
Source=Paul Collins Startup list

[Direct X Direct3D]
Number=2316
Confirmed=X
Filename=dxd3d.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!

Source=Paul Collins Startup list

[Direct X Opengl]
Number=2317
Confirmed=X
Filename=dxopengl.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotcj.html" target=_blank>RBOT-CJ</a> WORM!

Source=Paul Collins Startup list

[direct3d.exe]
Number=2318
Confirmed=X
Filename=direct3d.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcertiff.html" target=_blank>CERTIF-F</a> TROJAN!
Source=Paul Collins Startup list

[DirectCD]
Number=2319
Confirmed=N
Filename=DirectCD.exe
Description=DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -&gt; Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later
Source=Paul Collins Startup list

[directs.exe]
Number=2320
Confirmed=X
Filename=directs.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031815-4737-99" target="_blank">BEAGLE.O</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031810-0304-99" target="_blank">BEAGLE.R</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031810-4223-99" target="_blank">BEAGLE.S</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031811-2858-99" target="_blank">BEAGLE.T</a> WORMS!
Source=Paul Collins Startup list

[DIRECTVDSL]
Number=2321
Confirmed=U
Filename=Directvdsl.exe
Description=Starts DirectTV DSL modem at boot up. Can also be started manually
Source=Paul Collins Startup list

[DirectX]
Number=2322
Confirmed=X
Filename=ddhelp32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_BIONET.318" target="_blank">BIONET.318</a> TROJAN! Note - not the DirectX helper which is ddhelp.exe
Source=Paul Collins Startup list

[directx]
Number=2323
Confirmed=X
Filename=Directx.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-020517-3752-99" target="_blank">SDBOT.D</a> TROJAN!
Source=Paul Collins Startup list

[directx]
Number=2324
Confirmed=X
Filename=Sqlexploit.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-020517-3752-99" target="_blank">SDBOT.D</a> TROJAN!
Source=Paul Collins Startup list

[DirectX]
Number=2325
Confirmed=X
Filename=DirectX.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-083018-2656-99" target="_blank">BLAXE</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100815-2137-99" target="_blank"> LOGPOLE</a> WORMS!
Source=Paul Collins Startup list

[directx]
Number=2326
Confirmed=X
Filename=NTCmd.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-020517-3752-99" target="_blank">SDBOT.D</a> TROJAN!
Source=Paul Collins Startup list

[directx]
Number=2327
Confirmed=X
Filename=PipeCmd.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-020517-3752-99" target="_blank">SDBOT.D</a> TROJAN!
Source=Paul Collins Startup list

[DirectX 32]
Number=2328
Confirmed=X
Filename=directx32.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list

[DirectX For Microsoft Windows]
Number=2329
Confirmed=X
Filename=dtxservice.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-072515-4207-99" target="_blank">PROGENT</a> TROJAN!
Source=Paul Collins Startup list

[DirectX for Microsoft Windows]
Number=2330
Confirmed=X
Filename=Fservice.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-061315-4216-99" target="_blank">PRORAT</a> TROJAN!
Source=Paul Collins Startup list

[DirectX for Microsoft Windows]
Number=2331
Confirmed=X
Filename=Sservice.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-061315-4216-99" target="_blank">PRORAT</a> TROJAN!
Source=Paul Collins Startup list

[DirectX For Microsoft® Windows]
Number=2332
Confirmed=X
Filename=fservice.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojproratp.html" target=_blank>PRORAT-P</a> TROJAN!
Source=Paul Collins Startup list

[DirectX shell driver]
Number=2333
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmarktmanb.html" target=_blank>MARKTMAN-B</a> TROJAN!
Source=Paul Collins Startup list

[DirectX Video Driver]
Number=2334
Confirmed=X
Filename=dxterm5.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32wilaba.html" target=_blank>WILAB-A</a> TROJAN!

Source=Paul Collins Startup list

[DirectX64]
Number=2335
Confirmed=X
Filename=DirectXset.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_100098.htm" target="_blank">BROWNEY.A</a> WORM!
Source=Paul Collins Startup list

[DirectX9 Diag]
Number=2336
Confirmed=X
Filename=dx9diag.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotalt.html" target=_blank>RBOT-ALT</a> WORM!
Source=Paul Collins Startup list

[Dirkey]
Number=2337
Confirmed=U
Filename=Dirkey.exe
Description=<a href="http://www.protonfx.com/dirkey/" target="_blank">Dirkey</a> - small utility that allows you to bookmark up to 9 folders by using the Ctrl+Alt+1..9 shortcut keys in an Open/Save File dialog or in Windows Explorer. After this the Ctrl+1..9 shortcut keys can be used in the same or another window to go to any of the 9 bookmarked folders&nbsp;
Source=Paul Collins Startup list

[Disable EHCI]
Number=2338
Confirmed=?
Filename=nousb20.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Disc Detector]
Number=2339
Confirmed=N
Filename=CtNotify.exe
Description=For Creative sound cards. Detects when you insert a CD, DVD, etc
Source=Paul Collins Startup list

[disc detector]
Number=2340
Confirmed=?
Filename=qnetquestnotifty.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[discoveg]
Number=2341
Confirmed=?
Filename=discoveg.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[DISCover]
Number=2342
Confirmed=?
Filename=DISCover.exe
Description=Related to <a href="http://www.discoverconsole.com/" target="_blank">DISCover Drop</a> from Digital Interactive Systems Corporation. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[DiscoverDeskshop]
Number=2343
Confirmed=N
Filename=Deskshop.exe
Description=<a href="http://www2.discovercard.com/deskshop/main.shtml" target="_blank">Discover Deskshop</a> - single use "virtual" credit card
Source=Paul Collins Startup list

[DiscUpdateManager]
Number=2344
Confirmed=U
Filename=DiscUpdMgr.exe
Description=Disc Update Manager for Digital interactive's <a href="http://www.discoverconsole.com/" target="_blank">DISCover Console</a>. Provider of on-demand video games
Source=Paul Collins Startup list

[Disk Keeper]
Number=2345
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallve.html" target=_blank>SMALL-VE</a> TROJAN!
Source=Paul Collins Startup list

[Disk Keeper]
Number=2346
Confirmed=X
Filename=SECURITY.EXE
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-100409-0013-99" target=_blank>Daosearch</a> adware
Source=Paul Collins Startup list

[Disk Manager]
Number=2347
Confirmed=X
Filename=diskver.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AQT" target=_blank>RBOT.AQT</a> WORM!
Source=Paul Collins Startup list

[Disk Master]
Number=2348
Confirmed=X
Filename=[trojan name]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111009-4018-99" target="_blank">DISTER</a> TROJAN! - a spam relayer
Source=Paul Collins Startup list

[DiskCheck]
Number=2349
Confirmed=X
Filename=msdarkend.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[DiskeeperSystray]
Number=2350
Confirmed=N
Filename=DkIcon.exe
Description=<a href="http://www.executive.com/defrag/defrag.asp" target=_blank>DisKeeper</a> defragmentation software - can be started manually
Source=Paul Collins Startup list

[diskinf]
Number=2351
Confirmed=X
Filename=diskinf.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list

[DISKMON.EXE]
Number=2352
Confirmed=?
Filename=DISKMON.EXE
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Disknag]
Number=2353
Confirmed=N
Filename=disknag.exe
Description=Dell program that reminds you to make your&nbsp; backup diskettes
Source=Paul Collins Startup list

[Diskstart]
Number=2354
Confirmed=X
Filename=Code.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[Diskstart]
Number=2355
Confirmed=X
Filename=cat.exe
Description=MS-Connect dialler
Source=Paul Collins Startup list

[Diskstart]
Number=2356
Confirmed=X
Filename=hit.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[Diskstart]
Number=2357
Confirmed=X
Filename=Snt.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[Disk_Monitor]
Number=2358
Confirmed=U
Filename=Disk_Monitor.exe
Description=Multi-media, Smartmedia, Compact Flash card reader for reading digital camera cards. Device is recognised as internal USB disk drive. Necessary if camera cards are to be recognised as soon as they are inserted into the reader
Source=Paul Collins Startup list

[Dispatcher]
Number=2359
Confirmed=X
Filename=dispatcher.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadras.html" target="_blank">DLOADR-AS</a> TROJAN!
Source=Paul Collins Startup list

[display]
Number=2360
Confirmed=U
Filename=The_Eye.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082415-5002-99" target="_blank">ComSpySysSvr</a> surveillance software. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list

[Display Drivers]
Number=2361
Confirmed=X
Filename=cssrs.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.FX" target="_blank">AGOBOT.FX</a> WORM!
Source=Paul Collins Startup list

[Display Settings]
Number=2362
Confirmed=N
Filename=hptasks.exe
Description=Allows for the adjustment of the display for LCD screen, CRT Monitor and TV output on HP computers
Source=Paul Collins Startup list

[DisplayTrayIcon]
Number=2363
Confirmed=N
Filename=TrayIcon.exe
Description=System Tray access to display properties for ABIT graphics cards. Unless you change your desktop resolution, etc regularily use Control Panel -&gt; Display
Source=Paul Collins Startup list

[Disspy]
Number=2364
Confirmed=U
Filename=disspy.exe
Description=<a href="http://www.h-desk.com/new/Features.13.0.html" target= blank>Disspy</a> spyware detection and removal software
Source=Paul Collins Startup list

[Distiller Assistant 3.01]
Number=2365
Confirmed=N
Filename=DISTASST.EXE
Description=From Adobe. Creates PDF universal files for Acrobat Reader. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[Distributed File System]
Number=2366
Confirmed=X
Filename=Dfsvc.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080412-0803-99" target=_blank>MYFIP.A</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112612-3710-99" target=_blank>MYFIP.K</a> WORMS!
Source=Paul Collins Startup list

[Distributed File System]
Number=2367
Confirmed=X
Filename=kernel32dll.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32myfipc.html" target=_blank>MYFIP-C</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112612-3710-99" target=_blank>MYFIP.K</a> WORMS!
Source=Paul Collins Startup list

[Distributed File System]
Number=2368
Confirmed=X
Filename=blade.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041509-5302-99" target=_blank>MYFIP.AC</a> WORM!
Source=Paul Collins Startup list

[Distributed File System]
Number=2369
Confirmed=U
Filename=win.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040810-5834-99" target=_blank>MYFIP.AB</a> WORM!
Source=Paul Collins Startup list

[distributed.net client]
Number=2370
Confirmed=U
Filename=DNETC.EXE
Description=Dsitributed computing projects client from <a href="http://distributed.net/" target="_blank">Distributed.net</a> where numerous computers are used to share a projects workload - similar to SETI@Home and Folding@Home. Also prone to being distributed by <a href="http://www1.distributed.net/trojans.php.en" target="_blank">viruses</a>
Source=Paul Collins Startup list

[Dit]
Number=2371
Confirmed=Y
Filename=dit.exe
Description=&quot;Drive Icon and Label Utility&quot; - assigns drive icons and names to flash memory cards. Required, otherwise the drives aren't found
Source=Paul Collins Startup list

[Dit]
Number=2372
Confirmed=X
Filename=dit.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlazara.html" target=_blank>LAZAR-A</a> TROJAN! Note - this is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[DiTask.exe]
Number=2373
Confirmed=N
Filename=DiTask.exe
Description=Associated with an <a href="http://www.eicon.com/worldwide/default.htm" target="_blank">Eicon Networks</a> ISDN or ADSL modem. System Tray icon which shows you the status of your lines (free, occupied with incoming or outgoing call). Available via Start -&gt; Programs
Source=Paul Collins Startup list

[Divamon.exe]
Number=2374
Confirmed=?
Filename=Divamon.exe
Description=Associated with an <a href="http://www.eicon.com/worldwide/default.htm" target=_blank>Eicon Networks</a> Diva ISDN or ADSL modem - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list

[divx]
Number=2375
Confirmed=X
Filename=divxenc.exe
Description=Added to the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042210-0112-99" target= blank>SPBOT.B</a> TROJAN!
Source=Paul Collins Startup list

[Divx]
Number=2376
Confirmed=X
Filename=codll.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojgravebota.html" target=_blank>GRAVEBOT-A</a> TROJAN!
Source=Paul Collins Startup list

[DivX MediaPlayer 7.0]
Number=2377
Confirmed=X
Filename=Dr.DivX.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-011518-3235-99" target="_blank">ALADINZ.G</a> TROJAN!
Source=Paul Collins Startup list

[DivX Player]
Number=2378
Confirmed=X
Filename=DivXPlayer.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!

Source=Paul Collins Startup list

[DivX Updater]
Number=2379
Confirmed=X
Filename=DivX.Exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111114-5143-99" target="_blank">NALDEM</a> TROJAN or MASTAK VIRUS!
Source=Paul Collins Startup list

[DIVX Video Player]
Number=2380
Confirmed=X
Filename=DIVXPloyer.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Divx4 codec]
Number=2381
Confirmed=X
Filename=devldr32.exe
Description=Added by an unidentfied VIRUS! Note - this is not the legitimate Creative Labs <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/devldr32" target="_blank">devldr32.exe</a> file
Source=Paul Collins Startup list

[DJREGFIX]
Number=2382
Confirmed=N
Filename=regedit /s c:\hpdjregfix.reg
Description=DJRegFix showed up first in WinME as a &quot;clever&quot; way to ensure that all Hewlett-Packard DeskJet printers actually worked with WinME - since most were having major problems. This &quot;utility&quot; adds the functionality and compatibility HP forgot to add in its WinME drivers
Source=Paul Collins Startup list

[DJSNetCN]
Number=2383
Confirmed=?
Filename=DJSNetCN.exe
Description="Symantec Licensing Detect Internet Connection", part of Norton Antivirus. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[djtopr1150.exe]
Number=2384
Confirmed=X
Filename=djtopr1150.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112314-5537-99" target="_blank">WebRebates</a> adware
Source=Paul Collins Startup list

[dKernel]
Number=2385
Confirmed=X
Filename=dKernel.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32decoya.html" target=_blank>DECOY-A</a> WORM!
Source=Paul Collins Startup list

[DkService]
Number=2386
Confirmed=Y
Filename=DkService.exe
Description=From Executive Software's Diskeeper defragmenting utility - a replacement for Windows Disk Defragmenter. It's recommended to leave this enabled, otherwise you could have problems starting it manually.
Source=Paul Collins Startup list

[DKTime]
Number=2387
Confirmed=X
Filename=dktime.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100414-1224-99" target="_blank">LUNII</a> TROJAN!
Source=Paul Collins Startup list

[Dkware lptt01]
Number=2388
Confirmed=X
Filename=dkware.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "DonkeySoft" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[Dkware ml097e]
Number=2389
Confirmed=X
Filename=dkware.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "DonkeySoft" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[dkzzixm]
Number=2390
Confirmed=?
Filename=dkzzixm.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[dla]
Number=2391
Confirmed=Y
Filename=tfswctrl.exe
Description=Drive letter access to a UDF packet writer for CD-RW - from HP, Veritas an others. Similar to Roxio's DirectCD and does the same thing. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"
Source=Paul Collins Startup list

[DLA]
Number=2392
Confirmed=U
Filename=DLACTRLW.EXE
Description=<a href="http://www.sonic.com/" target=_blank>Sonic</a> CD/DVD burning applications

Source=Paul Collins Startup list

[DlaTray]
Number=2393
Confirmed=N
Filename=Dlatray.exe
Description=System Tray access to DLA - Drive letter access to HP's and Veritas' version of DirectCD. Does the same thing as DirectCD. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"
Source=Paul Collins Startup list

[dlbcserv]
Number=2394
Confirmed=N
Filename=dlbcserv.exe
Description=Related to Dell Photo Printers and provides additional configuration options for these devices
Source=Paul Collins Startup list

[DLBUCATS]
Number=2395
Confirmed=U
Filename=DLBUtime.dll, _RunDLLEntry@16
Description=Related to Dell Photo Printers - drivers
Source=Paul Collins Startup list

[dlccmon.exe]
Number=2396
Confirmed=?
Filename=dlccmon.exe
Description=Dell Photo AIO Printer 924 Device Monitor. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[DLCDCATS]
Number=2397
Confirmed=?
Filename=rundll32 [path] DLCDtime.dll, _RunDLLEntry@16
Description=Related to Dell Photo Printers - <font color="#FF0000">what does it do and is it required in startup?</font>
Source=Paul Collins Startup list

[dlcdmon.exe]
Number=2398
Confirmed=N
Filename=dlcdmon.exe
Description=Related to Dell Photo Printers - required in order to use the scanner of the printer. If disabled, scanning cannot occur because the driver isn't running
Source=Paul Collins Startup list

[dlcgmon.exe]
Number=2399
Confirmed=U
Filename=dlcgmon.exe
Description=Dell 810 AIO phot printer device monitor. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list

[dlder]
Number=2400
Confirmed=X
Filename=dlder.exe
Description=Advertising spyware. Considered to be one oft the worst - even creating a fake "explorer.exe" file. Can be installed via versions of "Grokster", "Lime Wire" and "KaZaA" amongst other file-sharing utilities (see <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080811-0118-99" target="_blank">here</a>). Reported in the past as a virus
Source=Paul Collins Startup list

[DlDir1]
Number=2401
Confirmed=X
Filename=caKe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091116-4057-99" target="_blank">CAKE</a> WORM!
Source=Paul Collins Startup list

[DLForcerExe]
Number=2402
Confirmed=?
Filename=DLForcerEXE.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[DLF_00000B00]
Number=2403
Confirmed=N
Filename=Vcdlf.exe
Description=Known to cause problems with &quot;Out of memory&quot; errors (see <a href="http://support.microsoft.com/default.aspx?scid=kb;EN-US;q303045" target="_blank">here</a>).<font color="#FF0000"> Otherwise, it's purpose is unknown</font>
Source=Paul Collins Startup list

[DLG]
Number=2404
Confirmed=N
Filename=DLGCHBW.exe
Description=Backweb part of Data LifeGuard - diagnostic tools for Western Digital's series of hard drives. Automatically detects an internet connection and downloads any available updates
Source=Paul Collins Startup list

[DLHelperEXE]
Number=2405
Confirmed=N
Filename=WATCH.exe
Description=Download helper distributed with some software that allows the software installation to redirect download locations. Not required once the installation is finished
Source=Paul Collins Startup list

[DLHelperEXE.exe]
Number=2406
Confirmed=X
Filename=N/A
Description=Downloader for Microgaming/Casino software - stealth installed
Source=Paul Collins Startup list

[dlhost]
Number=2407
Confirmed=X
Filename=dlhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojexphooka.html" target=_blank>EXPHOOK-A</a> TROJAN!
Source=Paul Collins Startup list

[DLINK dfe drivers for Windows NT]
Number=2408
Confirmed=X
Filename=windfe.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDEX.AK" target="_blank">RANDEX.AK</a> WORM!
Source=Paul Collins Startup list

[DLink System Tray]
Number=2409
Confirmed=U
Filename=dlnetst.exe
Description=Related to <a href="http://www.dlink.com/products/?pid=284" target=_blank>D-Link</a> DGE-530T PCI card for servers and workstations
Source=Paul Collins Startup list

[Dlite]
Number=2410
Confirmed=X
Filename=dllmanager.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.DN" target="_blank">WOOTBOT.DN</a> WORM!
Source=Paul Collins Startup list

[Dll Boot Loader on Startup (do not remove this)]
Number=2411
Confirmed=X
Filename=[various filenames]
Description=Added by an unidentified TROJAN!
Source=Paul Collins Startup list

[DLL Manager]
Number=2412
Confirmed=X
Filename=dllmngr32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[DLL Service Manager]
Number=2413
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091611-3830-99" target="_blank">RPCBOT.F</a> TROJAN!
Source=Paul Collins Startup list

[dll services]
Number=2414
Confirmed=X
Filename=[random filename].exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[DLL32]
Number=2415
Confirmed=X
Filename=dllmem32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-032717-2015-99" target="_blank">KWBOT.E</a> WORM!
Source=Paul Collins Startup list

[DLL32]
Number=2416
Confirmed=X
Filename=dllhost.dll
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-092612-2130-99" target=_blank>SUCLOVE.A</a> WORM!
Source=Paul Collins Startup list

[DllCacherv2]
Number=2417
Confirmed=X
Filename=dllcachev2.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-122016-1748-99" target=_blank>LATEDA</a> TROJAN!
Source=Paul Collins Startup list

[dlldmt]
Number=2418
Confirmed=X
Filename=dlldmt.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list

[DllExecutable]
Number=2419
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vbsp.html" target= blank>VB-SP</a> WORM!
Source=Paul Collins Startup list

[dllhelp]
Number=2420
Confirmed=X
Filename=dllhelp.exe
Description=Added by the <a href="http://www.hacksoft.com.pe/virus/w32_startpage_dq.htm" target="_blank">STARTPAGE.DQ</a> hijacker
Source=Paul Collins Startup list

[dllhelp]
Number=2421
Confirmed=X
Filename=dllhlp.exe
Description=Added by the <a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=123155" target=_blank>Downloader-HI</a> TROJAN!

Source=Paul Collins Startup list

[DLLHost]
Number=2422
Confirmed=X
Filename=dllhst.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotac.html" target="_blank">DELBOT-AC</a> WORM!
Source=Paul Collins Startup list

[dllhostxp.exe]
Number=2423
Confirmed=X
Filename=dllhostxp.exe
Description=Browser hijacker and adware downloader
Source=Paul Collins Startup list

[DllLoader]
Number=2424
Confirmed=X
Filename=lssas.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorje.html" target=_blank>JE</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process
Source=Paul Collins Startup list

[Dlload]
Number=2425
Confirmed=X
Filename=killer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkillavfk.html" target=_blank>KILLAV-FK</a> TROJAN!
Source=Paul Collins Startup list

[dllreg]
Number=2426
Confirmed=X
Filename=dllreg.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list

[DLLService32]
Number=2427
Confirmed=X
Filename=dllsvc32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.VX" target=_blank>AGOBOT.VX</a> WORM!
Source=Paul Collins Startup list

[DLM.exe]
Number=2428
Confirmed=N
Filename=DLM.exe
Description=IGN Download Manager has become a requirement for downloading files through FilePlanet.com. It is based on Internet Explorer and it installs through an ActiveX-plugin, hence Internet Explorer must be installed beforehand and downloads has to be has to be initialized through that browser
Source=Paul Collins Startup list

[dlmMgr]
Number=2429
Confirmed=N
Filename=AdobeDownloadManager.exe
Description=<a href="http://www.adobe.com/products/acrobat/acrrmanager.html" target=_blank>Adobe Download Manager</a> - "can prevent you from having to start from the beginning should your download process be interrupted, and it offers a level of service not possible
Source=Paul Collins Startup list

[DLPSP]
Number=2430
Confirmed=U
Filename=DLPSP.EXE
Description=Dell laser printer status monitor
Source=Paul Collins Startup list

[dlsp2mx]
Number=2431
Confirmed=X
Filename=dlsp2mx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/dialmpbb.html" target=_blank>MPB-B</a> DIALER! An uninstall option can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "dlsp2mx"
Source=Paul Collins Startup list

[DLT]
Number=2432
Confirmed=?
Filename=dlt.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[dluca]
Number=2433
Confirmed=X
Filename=dluca.exe
Description=Adult content dialler - see <a href="http://www.spywareinfo.com/forums/index.php?act=ST&amp;f=11&amp;t=6465&amp;st=15&amp;" target="_blank"> here</a>
Source=Paul Collins Startup list

[dluca]
Number=2434
Confirmed=X
Filename=dluca.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100216-1500-99" target="_blank">DLUCA.C</a> TROJAN!
Source=Paul Collins Startup list

[dluxde]
Number=2435
Confirmed=X
Filename=dluxde.exe
Description=All-In-One-Telcom (adult content dialler) variant
Source=Paul Collins Startup list

[Dluxjp]
Number=2436
Confirmed=X
Filename=cnfrm.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102909-5644-99" target="_blank">DLUCA.D</a> TROJAN!
Source=Paul Collins Startup list

[Dm Hr]
Number=2437
Confirmed=X
Filename=lpns.exe
Description=Added by the <a href="http://kr.ahnlab.com/SecuInfoVirusViewEngNew3.ahn?SEQ_NO=7228" target="_blank">IRCBOT.WORM.61673</a> WORM!
Source=Paul Collins Startup list

[DM mgr]
Number=2438
Confirmed=X
Filename=dm_mgr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100316-2418-99" target="_blank">JITTAR</a> TROJAN!
Source=Paul Collins Startup list

[dm***.exe [* = random char]]
Number=2439
Confirmed=X
Filename=dm***.exe [* = random char]
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[DMAScheduler]
Number=2440
Confirmed=N
Filename=DMAScheduler.exe
Description=Related to <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/dmascheduler/" target="_blank">DigitalMedia</a> Plus Archiver. This program is non-essential process to the running of the program, but should not be terminated unless suspected to be causing problems
Source=Paul Collins Startup list

[DMC]
Number=2441
Confirmed=X
Filename=dmc.exe
Description=Added by Trojan-Downloader.Win32.Dluca.bv TROJAN!
Source=Paul Collins Startup list

[DMHotKey]
Number=2442
Confirmed=U
Filename=DMLoader.exe
Description=HotKey access to the Samsung Display Manager on laptops and ultra-mobiles that support it - such as the M55 and Q1
Source=Paul Collins Startup list

[DMILDR]
Number=2443
Confirmed=N
Filename=dmildr.exe
Description=Part of <a href="http://docs.us.dell.com/support/edocs/software/smcliins/cli60/en/ug/intro.htm" target="_blank">Dell OpenManage Client Instrumentation</a> - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards. Available via Start -> Programs
Source=Paul Collins Startup list

[DMISL]
Number=2444
Confirmed=N
Filename=DMISL.EXE
Description=DMI (Desktop Management Interface) Service Layer for Intel TokenExpress network card software. DMI support for the Intel network card managed through the Desktop Management Interface. See <a href="http://www.intel.com/support/tokenexpress/pro/sb/cs-016261.htm" target="_blank">here</a> for more information
Source=Paul Collins Startup list

[DMISLAPP]
Number=2445
Confirmed=N
Filename=DMISLAPP.exe
Description=DMI (Desktop Management Interface) Service Layer for Intel TokenExpress network card software. DMI support for the Intel network card managed through the Desktop Management Interface. See <a href="http://www.intel.com/support/tokenexpress/pro/sb/cs-016261.htm" target="_blank">here</a> for more information
Source=Paul Collins Startup list

[dmjay]
Number=2446
Confirmed=?
Filename=dmjay.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[dmloader]
Number=2447
Confirmed=X
Filename=dmloader.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Dmsvc32]
Number=2448
Confirmed=X
Filename=Dmsvc32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.ABU" target="_blank">AGOBOT.ABU</a> WORM!
Source=Paul Collins Startup list

[dmtdll]
Number=2449
Confirmed=X
Filename=dmtdll.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list

[DMXLauncher]
Number=2450
Confirmed=U
Filename=DMXLauncher.exe
Description=Part of Dell's Media Experience, a multimedia suite which offers the user functionality to organise and play music and digital video files
Source=Paul Collins Startup list

[dm[3 random letters].exe]
Number=2451
Confirmed=X
Filename=dm[3 random letters].exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120710-4752-99" target=_blank>RUINDEM</a> TROJAN!
Source=Paul Collins Startup list

[DM_server]
Number=2452
Confirmed=X
Filename=dmserver.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Comet%20Cursor&threatid=29168" target=_blank>Comet Cursor</a> adware
Source=Paul Collins Startup list

[dm_service]
Number=2453
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041811-4707-99" target=_blank>MITGLIEDER.P</a> TROJAN!
Source=Paul Collins Startup list

[dnam]
Number=2454
Confirmed=X
Filename=d140113.a.Stub.EXE
Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan.Downloader.Stub.A&threatid=42053" target=_blank>STUB_A</a> TROJAN!
Source=Paul Collins Startup list

[Dnar]
Number=2455
Confirmed=X
Filename=Dnar.exe
Description=Unknown, except that it is not necessary. Tends to phone home a lot. DMI related - see <a href="http://www.spywareinfo.com/yabbse/index.php?board=10;action=display;threadid=1137;start=0" target="_blank">here</a>
Source=Paul Collins Startup list

[DNE Binding Watchdog]
Number=2456
Confirmed=Y
Filename=rundll dnes.dll, DnDneCheckBindings
Description=Deterministic NDIS Extender (DNE). DNE is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to work
Source=Paul Collins Startup list

[DNE DUN Watchdog]
Number=2457
Confirmed=Y
Filename=rundll dnes.dll, DnDneCheckDUN13
Description=Deterministic NDIS Extender (DNE). DNE is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to work
Source=Paul Collins Startup list

[DNHelper32]
Number=2458
Confirmed=X
Filename=DNHlp32.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[DNS]
Number=2459
Confirmed=X
Filename=mc-58-12-0000080.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060715-4527-99" target=_blank>Shorty</a> adware - also detected as the AGENT.FD TROJAN!
Source=Paul Collins Startup list

[DNS]
Number=2460
Confirmed=X
Filename=mc-58-12-0000093.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060715-4527-99" target=_blank>Shorty</a> adware - also detected as the AGENT.FD TROJAN!
Source=Paul Collins Startup list

[DNS]
Number=2461
Confirmed=X
Filename=mc-110-12-0000079.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060715-4527-99" target=_blank>Shorty</a> adware - also detected as the AGENT.FD TROJAN!
Source=Paul Collins Startup list

[DNS]
Number=2462
Confirmed=X
Filename=mc-58-12-0000120.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060715-4527-99" target=_blank>Shorty</a> adware - also detected as the AGENT.FD TROJAN!
Source=Paul Collins Startup list

[DNS]
Number=2463
Confirmed=X
Filename=mc-58-12-0000140.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060715-4527-99" target=_blank>Shorty</a> adware - also detected as the AGENT.FD TROJAN!
Source=Paul Collins Startup list

[DNS]
Number=2464
Confirmed=X
Filename=[worm filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32bckdrcqg.html" target=_blank>CQG</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Common Files folder
Source=Paul Collins Startup list

[Dns Resolver]
Number=2465
Confirmed=X
Filename=dnsrslve.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotws.html" target=_blank>RBOT-WS</a> WORM!
Source=Paul Collins Startup list

[DNS Service]
Number=2466
Confirmed=X
Filename=dnsresolver.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpq.html" target=_blank>RBOT-PQ</a> WORM!
Source=Paul Collins Startup list

[DNS Service]
Number=2467
Confirmed=X
Filename=dnssvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotz.html" target="_blank">DELBOT-Z</a> WORM!
Source=Paul Collins Startup list

[DNS2GoClient]
Number=2468
Confirmed=?
Filename=dns2goclient.exe
Description=<a href="http://dns2go.deerfield.com/" target="_blank">DNS2Go</a> is a Domain Name System that will make your computer accessible anytime, anywhere by associating a domain name of your choice to your currently assigned IP address. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list

[DNSCacheBoost]
Number=2469
Confirmed=X
Filename=dnsping.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdnsbusta.html" target= blank>DNSBUST-A</a> TROJAN!
Source=Paul Collins Startup list

[dnscleaner]
Number=2470
Confirmed=X
Filename=dnscleaner.exe
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list

[DNXVC]
Number=2471
Confirmed=?
Filename=dnxvc.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[DocTor]
Number=2472
Confirmed=X
Filename=Doctor.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DOTOR.A" target="_blank">DOTOR.A</a> WORM!
Source=Paul Collins Startup list

[DocuMagix Init]
Number=2473
Confirmed=N
Filename=PWATCH.EXE
Description=<a href="http://www.papermaster.net/pmpro/twa/page/home" target="_blank">PaperMaster</a> is an application for the PC designed to automate the process of organizing, archiving, and retrieving digital versions of files. Start manually if needed
Source=Paul Collins Startup list

[Document Manager]
Number=2474
Confirmed=U
Filename=docmgr.exe
Description=Wave Systems Corp. <a href="http://www.wavesys.com/support/CSC/CustomerService/cssearch.asp" target="_blank">Document Manager</a> - "provides secure storage and management capabilities for file and folder level encryption"
Source=Paul Collins Startup list

[Doggy Style]
Number=2475
Confirmed=X
Filename=MsPMSPSd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaap.html" target=_blank>SDBOT-AAP</a> WORM!
Source=Paul Collins Startup list

[DOGStart]
Number=2476
Confirmed=X
Filename=GSDOGST.EXE
Description=Added by an unidentified VIRUS, WORM or TROJAN! A possibility is a trojan known as PENIS
Source=Paul Collins Startup list

[Doing]
Number=2477
Confirmed=?
Filename=doing.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[doit.exe]
Number=2478
Confirmed=X
Filename=doit.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotek.html" target= blank>FORBOT-EK</a> WORM!
Source=Paul Collins Startup list

[Domain Name Resolve Service]
Number=2479
Confirmed=X
Filename=dnsresolver.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-020213-5552-99" target=_blank>KIMAN.A</a> WORM!
Source=Paul Collins Startup list

[Don't Panic]
Number=2480
Confirmed=U
Filename=dontpanicdemodp.exe
Description=30-day trial version of <a href="http://www.panicware.com/product_dp.html" target="_blank">Don't Panic</a> privacy software from Panicware. &quot;Clean up Internet tracks and quickly hide personal documents with this privacy suite.&quot;
Source=Paul Collins Startup list

[Don't Panic Pop-Up Stopper]
Number=2481
Confirmed=U
Filename=dpps2.exe
Description=<a href="http://www.panicware.com/product_companion.html" target="_blank">Pop-Up Stopper Companion</a> from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group
Source=Paul Collins Startup list

[Don't Panic!]
Number=2482
Confirmed=U
Filename=DP.EXE
Description=<a href="http://www.panicware.com/product_dp.html" target="_blank">Don't Panic!</a> privacy software from Panicware. "Clean up Internet tracks and quickly hide personal documents with this privacy suite"
Source=Paul Collins Startup list

[Dopus]
Number=2483
Confirmed=U
Filename=dopus.exe
Description=<a href="http://gpsoft.com.au/Intro.html" target="_blank">Directory Opus</a> - a file manager from GPSoft
Source=Paul Collins Startup list

[dos]
Number=2484
Confirmed=X
Filename=dos64.exe
Description=Adware downloader trojan
Source=Paul Collins Startup list

[Dos Prompt Loader]
Number=2485
Confirmed=X
Filename=cygwin.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotvv.html" target= blank>SDBOT-VV</a> WORM!
Source=Paul Collins Startup list

[Dosbat]
Number=2486
Confirmed=?
Filename=??
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[DoubleDesktop]
Number=2487
Confirmed=U
Filename=dd.exe
Description="<a href="http://www.fatfreesoft.com/2desk.php" target=_blank>DoubleDesktop</a> is a smart and elegant system tray utility that effectively doubles the width of your Windows desktop"

Source=Paul Collins Startup list

[DoUWantIt]
Number=2488
Confirmed=N
Filename=duwi.exe
Description=DoUWantIt - online shopping assistant. Start it manually
Source=Paul Collins Startup list

[down]
Number=2489
Confirmed=X
Filename=hlp32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?Vname=TROJ_DLOADER.BG" target=_blank>DLOADER.BG</a> TROJAN!
Source=Paul Collins Startup list

[down]
Number=2490
Confirmed=X
Filename=[trojan filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallqj.html" target=_blank>Small-QJ</a> TROJAN!
Source=Paul Collins Startup list

[Down2Home]
Number=2491
Confirmed=U
Filename=Down2Home.exe
Description=<a href="http://jitserv.coolfreepage.com/" target=_blank>Down2Home</a> - "monitors your ADSL/Cablemodem/Dialup traffic and provides you with usefull statistics about the amount of data your PC has transferred"

Source=Paul Collins Startup list

[Download Accelerator Plus 5.0]
Number=2492
Confirmed=N
Filename=DAP.exe
Description=<a href="http://www.speedbit.com/" target="_blank">Download Accelerator Plus</a> from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start -> Programs. Note that the free version is adware based
Source=Paul Collins Startup list

[Download Plus]
Number=2493
Confirmed=X
Filename=DownloadPlus.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=DownloadPlus&threatid=4618" target=_blank>DownloadPlus</a> adware
Source=Paul Collins Startup list

[Download Wonder]
Number=2494
Confirmed=N
Filename=DownloadWonder.exe
Description=<a href="http://www.forty.com/" target="_blank">Download Wonder</a> from Forty Software. Download manager for resuming downloads, amongst other features
Source=Paul Collins Startup list

[DownloadAccelerator]
Number=2495
Confirmed=N
Filename=DAP.EXE
Description=<a href="http://www.speedbit.com/" target="_blank">Download Accelerator Plus</a> from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start -> Programs. Note that the free version is adware based
Source=Paul Collins Startup list

[DownloadLegalMusic]
Number=2496
Confirmed=X
Filename=rundll32.exe MSA64CHK.dll, DllMostrar
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MatrixDialer&threatid=14914" target=_blank>MatrixDialer</a> related
Source=Paul Collins Startup list

[DownloadWare]
Number=2497
Confirmed=X
Filename=dw.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=DownloadWare&threatid=4620" target=_blank>DownloadWare</a> adware
Source=Paul Collins Startup list

[DownloadWare Engine]
Number=2498
Confirmed=X
Filename=Dwe.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=DownloadWare&threatid=4620" target=_blank>DownloadWare</a> adware
Source=Paul Collins Startup list

[Downxz]
Number=2499
Confirmed=X
Filename=Downxz.bat
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091411-5523-99" target="_blank">MYDOOM.W</a> WORM
Source=Paul Collins Startup list

[DPAgnt]
Number=2500
Confirmed=N
Filename=DPAgnt.exe
Description=<a href="http://www.digitalpersona.com/" target="_blank">digitalPersona</a> fingerprint scanner
Source=Paul Collins Startup list

[DPAS]
Number=2501
Confirmed=U
Filename=DPASNT.exe
Description=DefenderPro AntiSpy - spyware remover
Source=Paul Collins Startup list

[DPASUpdate]
Number=2502
Confirmed=U
Filename=DPASAutUpdate.exe
Description=Automatic updates for DefenderPro AntiSpy - spyware remover
Source=Paul Collins Startup list

[Dpcnav]
Number=2503
Confirmed=Y
Filename=dpcnav.exe
Description=DirecWay from DirectTV (now <a href="http://go.gethughesnet.com/HUGHES/Rooms/DisplayPages/LayoutInitial?pageid=hughesnetc&Container=com.webridge.entity.Entity[OID[91908CBE85AD4C428CCD8D5CDB016B51]]" target="_blank">HughesNet</a>) - satellite based high-speed internet access
Source=Paul Collins Startup list

[DPConfig]
Number=2504
Confirmed=N
Filename=DPConfig.exe
Description=Compuware DevPartner Studio Configuration Utility, a tool for software developers - System Tray access to configure the utility's analysis. Not required at startup, can be launched from the Start Menu programs group when needed
Source=Paul Collins Startup list

[dpcproxy]
Number=2505
Confirmed=X
Filename=dpcproxy.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojgoldenpa.html" target="_blank">GOLDENP-A</a> TROJAN!
Source=Paul Collins Startup list

[DPCProxyLoadOnStartup]
Number=2506
Confirmed=Y
Filename=dpcstart.exe
Description=DirecWay from DirectTV (now <a href="http://go.gethughesnet.com/HUGHES/Rooms/DisplayPages/LayoutInitial?pageid=hughesnetc&Container=com.webridge.entity.Entity[OID[91908CBE85AD4C428CCD8D5CDB016B51]]" target="_blank">HughesNet</a>) - satellite based high-speed internet access
Source=Paul Collins Startup list

[Dpcstart]
Number=2507
Confirmed=Y
Filename=dpcstart.exe
Description=DirecWay from DirectTV (now <a href="http://go.gethughesnet.com/HUGHES/Rooms/DisplayPages/LayoutInitial?pageid=hughesnetc&Container=com.webridge.entity.Entity[OID[91908CBE85AD4C428CCD8D5CDB016B51]]" target="_blank">HughesNet</a>) - satellite based high-speed internet access
Source=Paul Collins Startup list

[dpi]
Number=2508
Confirmed=X
Filename=dpi.exe
Description=<a href="http://www.spywareguide.com/product_show.php?id=727" target=_blank>Delfin Media Viewer</a> or "Promulgate" adware
Source=Paul Collins Startup list

[dpnsvr32]
Number=2509
Confirmed=X
Filename=dpnsvr32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojaolpassb.html" target=_blank>AOLPASS-B</a> TROJAN!
Source=Paul Collins Startup list

[dpps2]
Number=2510
Confirmed=U
Filename=dpps2.exe
Description=<a href="http://www.panicware.com/product_companion.html" target="_blank">Pop-Up Stopper Companion</a> from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group
Source=Paul Collins Startup list

[dps]
Number=2511
Confirmed=X
Filename=dps.exe
Description=<a href="http://allentech.net/parasite/SmartestSearch.html" target="_blank">SmartestSearch</a> parasite - poses as a foistware, bogus adware/spyware remover called "scumware-remover"

Source=Paul Collins Startup list

[dptracker]
Number=2512
Confirmed=N
Filename=dptracker.exe
Description=<a href="http://www.digitalpeers.com/" target=_blank>CamTrack</a> webcam software that enhances the way people video chat

Source=Paul Collins Startup list

[DpUtil]
Number=2513
Confirmed=U
Filename=TEDTray.exe
Description=Main executable for TOSHIBA <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/tedtray/" target="_blank">DualPoint Utility</a> Main Module. It is a system tray icon program that provides configuration options for dual pointing device
Source=Paul Collins Startup list

[Drag'n'Drop_Autolaunch]
Number=2514
Confirmed=N
Filename=Autolaunch.exe
Description=<a href="http://www.iomega.com/hotburn/hotburn_main.html" target="_blank">Iomega HotBurn</a> - CD-RW burning software
Source=Paul Collins Startup list

[DragDrop]
Number=2515
Confirmed=?
Filename=DragDrop.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[DragnDrop_Autolaunch]
Number=2516
Confirmed=N
Filename=Autolaunch.exe
Description=<a href="http://www.iomega.com/hotburn/hotburn_main.html" target="_blank">Iomega HotBurn</a> - CD-RW burning software
Source=Paul Collins Startup list

[DRam prmaessor]
Number=2517
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CSG" target="_blank">RBOT.CSG</a> WORM!
Source=Paul Collins Startup list

[DRam prosesor]
Number=2518
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.EE" target="_blank">SPYBOT.EE</a> WORM!
Source=Paul Collins Startup list

[DRam prosessor]
Number=2519
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CSG" target="_blank">RBOT.CSG</a> WORM!
Source=Paul Collins Startup list

[DRam prosessor]
Number=2520
Confirmed=X
Filename=plscd.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CYA" target="_blank">RBOT.CYA</a> WORM!
Source=Paul Collins Startup list

[DRam prosessor]
Number=2521
Confirmed=X
Filename=HWAPI.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM! Note - this is not the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/hwapi/" target="_blank">McAfee HackerWatch</a> process which has the same filename
Source=Paul Collins Startup list

[DRan posessor]
Number=2522
Confirmed=X
Filename=DAP.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[DrCache]
Number=2523
Confirmed=X
Filename=MSTDC.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorjm.html" target=_blank>JM</a> TROJAN!
Source=Paul Collins Startup list

[dreams]
Number=2524
Confirmed=X
Filename=server.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[DrefIW]
Number=2525
Confirmed=X
Filename=SysDrefIWv2.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32drefc.html" target=_blank>DREF-C</a> WORM!
Source=Paul Collins Startup list

[DrefIW]
Number=2526
Confirmed=X
Filename=SysDref.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32drefd.html" target=_blank>DREF-D</a> WORM!
Source=Paul Collins Startup list

[dregfix]
Number=2527
Confirmed=?
Filename=ph_finder.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[DrgToDsc]
Number=2528
Confirmed=N
Filename=DrgToDsc.exe
Description=Part of Roxio EasyCD Creator 6.0 - places the Roxio Drag-to-Disc icon in you system tray. "Easily drag and drop files for burning to CD or DVD. Disc formatting and burning will happen automatically". Not required for Roxio to work properly
Source=Paul Collins Startup list

[dried.exe]
Number=2529
Confirmed=?
Filename=dried.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[DriveCleaner 2006 Free]
Number=2530
Confirmed=N
Filename=UDC2006.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-062217-0726-99" target="_blank">DriveCleaner</a> is a security assesment tool which gives exaggerated reports of security and privacy risks on a computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported risks
Source=Paul Collins Startup list

[DriveIcons]
Number=2531
Confirmed=U
Filename=DriveIcon.exe
Description=<a href="http://www.realtek.com.tw/products/productsView.aspx?Langid=1&PNid=15&PFid=25&Level=4&Conn=3" target="_blank">Drive Icons</a> from Realtek - shows a specific icon for each card type for their card reader controllers
Source=Paul Collins Startup list

[DriveLED]
Number=2532
Confirmed=U
Filename=OODLed.exe
Description=<a href="http://www.oo-software.com/home/en/products/oodriveled/" target="_blank">O&O DriveLED</a> - hard disk monitoring and crash prevention
Source=Paul Collins Startup list

[Driver]
Number=2533
Confirmed=X
Filename=gbot.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_JUNTADOR.K" target="_blank">JUNTADOR.K</a> TROJAN!
Source=Paul Collins Startup list

[Driver32]
Number=2534
Confirmed=X
Filename=Scam32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2001-071720-1640-99" target="_blank"> SIRCAM</a> WORM!
Source=Paul Collins Startup list

[DriverCheck]
Number=2535
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfkr.html" target=_blank>DELF-KR</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a C:\DriverLoad folder
Source=Paul Collins Startup list

[DriverDB]
Number=2536
Confirmed=X
Filename=svcmdx32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041722-3847-99" target=_blank>BERPI</a> TROJAN!
Source=Paul Collins Startup list

[DriverLoad]
Number=2537
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfkr.html" target=_blank>DELF-KR</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a C:\DriverLoad folder
Source=Paul Collins Startup list

[DriverModule]
Number=2538
Confirmed=X
Filename=csrnvrt.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-013116-4032-99" target=_blank>IRCBOT.I</a> TROJAN!
Source=Paul Collins Startup list

[DriverPath]
Number=2539
Confirmed=X
Filename=system32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojprorats.html" target=_blank>PRORAT-S</a> TROJAN!
Source=Paul Collins Startup list

[Drivers for Internet Explorer]
Number=2540
Confirmed=X
Filename=accesweb.exe
Description=Added by freewebs.com hijacker!
Source=Paul Collins Startup list

[DriveSelect]
Number=2541
Confirmed=N
Filename=driveselect.exe
Description=<a href="http://www.321studiosinc.com/" target=_blank>DVD X Copy XPress</a> by 321 Studios. Creates a pop-up at Windows startup that asks for the DVD drive to be selected. Available via Start -> Programs

Source=Paul Collins Startup list

[drkly16j]
Number=2542
Confirmed=U
Filename=rundll32.exe drkly16j.dll, ServiceCheck
Description=<a href="http://www.kidswatch.com/" target=_blank>KidsWatch Time Control</a> parental control software
Source=Paul Collins Startup list

[dRMON SmartAgent]
Number=2543
Confirmed=U
Filename=SmartAgt.exe
Description=Part of the network monitoring program group for 3Com NIC cards. See <a href="http://support.3com.com/infodeli/tools/netmgt/rmonprob/product/drmon/chap1.htm" target="_blank">here</a> for more info
Source=Paul Collins Startup list

[drmu]
Number=2544
Confirmed=X
Filename=W95Mm.exe
Description=Homepage hijacker installing a toolbar: http://tdko.com/. Lop.com in disguise
Source=Paul Collins Startup list

[drocher]
Number=2545
Confirmed=X
Filename=d.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[DropSpam Lifestyle]
Number=2546
Confirmed=X
Filename=dslifestyle.exe
Description=<a href="http://vil.mcafeesecurity.com/vil/content/v_137582.htm" target="_blank">Dropspam</a> adware
Source=Paul Collins Startup list

[drvddll.exe]
Number=2547
Confirmed=X
Filename=drvddll.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081712-1706-99" target="_blank">BEAGLE.AP</a> WORM!
Source=Paul Collins Startup list

[Drvddll_exe]
Number=2548
Confirmed=X
Filename=drvddll.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042815-2313-99" target="_blank">BEAGLE.X</a> WORM!
Source=Paul Collins Startup list

[DrvListnr]
Number=2549
Confirmed=?
Filename=DrvListnr.exe
Description=Analog Devices SoundMAX soundcard related.<font color="#FF0000"> What does it do and is it required?</font>
Source=Paul Collins Startup list

[drvlsnr]
Number=2550
Confirmed=U
Filename=drvlsnr.exe
Description=Compaq/ADI SoundMAX integrated digital audio controller related. May solve a problem if your sound cuts out unexpectedly
Source=Paul Collins Startup list

[DrvMon.exe]
Number=2551
Confirmed=U
Filename=DrvMon.exe
Description=<a href="http://www.alcormicro.com/products.php" target="_blank">Alcor</a> drive monitor software
Source=Paul Collins Startup list

[drvnetw]
Number=2552
Confirmed=X
Filename=drvnetw.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbroggerb.html" target=_blank>BROGGER-B</a> TROJAN!
Source=Paul Collins Startup list

[drvr32h]
Number=2553
Confirmed=X
Filename=drvr32h.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[drvrmanager]
Number=2554
Confirmed=X
Filename=drvrquery32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-072806-1847-99" target="_blank">BOOHOO</a> WORM!
Source=Paul Collins Startup list

[drvsys.exe]
Number=2555
Confirmed=X
Filename=drvsys.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042617-0238-99" target="_blank">BEAGLE.W</a> WORM!
Source=Paul Collins Startup list

[drvsyskit]
Number=2556
Confirmed=X
Filename=hidr.exe
Description=Added by the <a href="http://www.f-secure.com/v-descs/email-worm_w32_bagle_hr.shtml" target="_blank">BAGLE.HR</a> WORM!
Source=Paul Collins Startup list

[drvupd]
Number=2557
Confirmed=X
Filename=rundll32 ..drvupd.inf
Description=Hijacker - drvupd.inf file installs a "searchforge.com" hijack
Source=Paul Collins Startup list

[drv_st_key]
Number=2558
Confirmed=X
Filename=hidn.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-062016-4555-99" target="_blank">BEAGLE.FF</a> WORM!
Source=Paul Collins Startup list

[DrWatson]
Number=2559
Confirmed=X
Filename=drwatson_.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlohavs.html" target=_blank>LOHAV-S</a> TROJAN!
Source=Paul Collins Startup list

[DrWatson]
Number=2560
Confirmed=X
Filename=drwatson_32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlohavs.html" target=_blank>LOHAV-S</a> TROJAN!
Source=Paul Collins Startup list

[DrWeb Antivirus]
Number=2561
Confirmed=X
Filename=DRWEBAV.EXE
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Drwebscheduler]
Number=2562
Confirmed=Y
Filename=Drwebscd.exe
Description=<a href="http://www.drweb.com/" target="_blank">DrWeb</a> antivirus related - scheduler that allows you to manage an automatic launch of applications, in particular the antivirus scanner or the update subsystem
Source=Paul Collins Startup list

[DR_S]
Number=2563
Confirmed=X
Filename=DR_S.exe
Description=<a href="http://sarc.com/avcenter/venc/data/adware.adshooter.html" target="_blank">AdShooter</a> adware
Source=Paul Collins Startup list

[ds]
Number=2564
Confirmed=X
Filename=ds.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-112514-4016-99" target=_blank>SPYMON</a> TROJAN!
Source=Paul Collins Startup list

[DS Clock]
Number=2565
Confirmed=U
Filename=dsclock.exe
Description=Digital desktop clock including synchronization with atomic servers - see <a href="http://www.dualitysoft.com/dsclock/" target="_blank">here</a>
Source=Paul Collins Startup list

[dsa]
Number=2566
Confirmed=X
Filename=dsa.exe
Description=Homepage hijacker - redirecting to downseek.com
Source=Paul Collins Startup list

[DSAcass]
Number=2567
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112615-3900-99" target=_blank>RANKY.M</a> TROJAN!
Source=Paul Collins Startup list

[DSB]
Number=2568
Confirmed=X
Filename=DSB.exe
Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.energyplugin.html" target="_blank">EnergyPlugin</a> adware
Source=Paul Collins Startup list

[dsd]
Number=2569
Confirmed=X
Filename=zz.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfox.html" target="_blank">RBOT-FOX</a> WORM!
Source=Paul Collins Startup list

[DSentry]
Number=2570
Confirmed=N
Filename=DSentry.exe
Description=Anti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching, they decided to implement an anti-spyware service. Run manually before installation starts
Source=Paul Collins Startup list

[Dsi]
Number=2571
Confirmed=X
Filename=dp-******.exe
Description=Added by an unidentified adware where ****** are random characters
Source=Paul Collins Startup list

[Dsi]
Number=2572
Confirmed=X
Filename=dp-him.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmultidrah.html" target=_blank>MULTIDR-AH</a> TROJAN!
Source=Paul Collins Startup list

[Dskcompat]
Number=2573
Confirmed=X
Filename=Dskcompat.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list

[DSKEY]
Number=2574
Confirmed=U
Filename=DsKey.exe
Description=Part of <a href="http://www.pcphonehome.com/" target="_blank">PC PhoneHome</a> - "secretly sends an invisible email message to an email address of your choice containing the physical location of your computer every time you get an Internet connection". Security software from Brigadoon Security Group for tracking down lost/stolen computers
Source=Paul Collins Startup list

[DSL Monitor]
Number=2575
Confirmed=N
Filename=spdstrm.exe
Description=Comes with Efficient Networks DSL Modems. Little red/green/yellow flashing icon in system tray
Source=Paul Collins Startup list

[DSLagentexe]
Number=2576
Confirmed=Y
Filename=DSLagent.exe
Description=Used in conjunction with USB connected ADSL modems from <a href="http://www.eicon.com/worldwide/default.htm" target="_blank">Eicon Networks</a> (as used by BT for its Broadband internet service for example). Required for a permanent ADSL connection
Source=Paul Collins Startup list

[dslmon]
Number=2577
Confirmed=Y
Filename=dslmon.exe
Description=Sagem DSL modem related. Apparently needed to detect the modem

Source=Paul Collins Startup list

[DSLSTATEXE]
Number=2578
Confirmed=U
Filename=dslstat.exe
Description=System tray connection status for ADSL modems from Eicon Networks (as used by BT Broadband for example)
Source=Paul Collins Startup list

[DsmSer]
Number=2579
Confirmed=X
Filename=dsm.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030723-2605-99" target=_blank>SERFLOG.B</a> WORM!
Source=Paul Collins Startup list

[DsmSer]
Number=2580
Confirmed=X
Filename=msmpatch.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030723-2605-99" target=_blank>SERFLOG.B</a> WORM!
Source=Paul Collins Startup list

[DsmSer]
Number=2581
Confirmed=X
Filename=svosm.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030723-2605-99" target=_blank>SERFLOG.B</a> WORM!
Source=Paul Collins Startup list

[DsmSer]
Number=2582
Confirmed=X
Filename=sysup.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030723-2605-99" target=_blank>SERFLOG.B</a> WORM!
Source=Paul Collins Startup list

[DsplObjects]
Number=2583
Confirmed=X
Filename=windspl.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-020416-2130-99" target=_blank>BEAGLE.DN</a> WORM!
Source=Paul Collins Startup list

[DSS]
Number=2584
Confirmed=X
Filename=dssagent.exe
Description=DSSAgent by Brřderbund - spyware. Sends encrypted emails about the system back to the originators of the program. Also a resource hog. See <a href="http://cexx.org/dssagent.htm" target="_blank">here</a> for more info
Source=Paul Collins Startup list

[DSS]
Number=2585
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdssdoorc.html" target=_blank>DSSDOOR-C</a> TROJAN!
Source=Paul Collins Startup list

[DSService]
Number=2586
Confirmed=X
Filename=dmrss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotxx.html" target=_blank>AGOBOT-XX</a> WORM!
Source=Paul Collins Startup list

[DSSSGENS]
Number=2587
Confirmed=?
Filename=dssagens.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[DSystemDriver]
Number=2588
Confirmed=X
Filename=windrv.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DELF.WG" target="_blank">DELF.WG</a> TROJAN!
Source=Paul Collins Startup list

[DU Meter]
Number=2589
Confirmed=N
Filename=DUMETER.EXE
Description=<a href="http://www.dumeter.com/main.php" target="_blank">Hagel Technologies</a> internet bandwidth monitor
Source=Paul Collins Startup list

[duck]
Number=2590
Confirmed=X
Filename=duck.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotavg.html" target=_blank>AGOBOT-AVG</a> WORM!
Source=Paul Collins Startup list

[Dumeter Services]
Number=2591
Confirmed=X
Filename=dumeter.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaeq.html" target=_blank>SDBOT-AEQ</a> WORM!
Source=Paul Collins Startup list

[dumprep 0 -k]
Number=2592
Confirmed=N
Filename=dumprep 0 -k
Description=Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out
Source=Paul Collins Startup list

[dumprep 0 -u]
Number=2593
Confirmed=N
Filename=dumprep 0 -u
Description=Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out
Source=Paul Collins Startup list

[DUN_SERVICES3]
Number=2594
Confirmed=X
Filename=dun3.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062715-5302-99" target=_blank>SOKIRON</a> TROJAN!
Source=Paul Collins Startup list

[Duweculey]
Number=2595
Confirmed=X
Filename=yujixit.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BRP&VSect=P" target=_blank>SDBOT.BRP</a> WORM!
Source=Paul Collins Startup list

[dvd43]
Number=2596
Confirmed=N
Filename=DVD43_Tray.exe
Description=<a href="http://www.dvdidle.com/dvd43.htm" target="_blank">DVD43</a> is "a small tool that integrates into Windows and overrides CSS copy-protection found on DVD movies"
Source=Paul Collins Startup list

[DVD43]
Number=2597
Confirmed=U
Filename=DVD43.exe
Description=<a href="http://www.dvdidle.com/dvd43.htm" target="_blank">DVD43</a>  is a small tool that overrides CSS copy-protection found on DVD movies
Source=Paul Collins Startup list

[dvd98]
Number=2598
Confirmed=X
Filename=windvd98.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-022917-5250-99" target="_blank">CULT.P</a> WORM!
Source=Paul Collins Startup list

[DVDBitSet]
Number=2599
Confirmed=U
Filename=DVDBitSet.exe
Description=DVD+RW Drive/Disc Compatibility Setting. Installed with HP DVD+RW drives to enhance compatibility with existing readers. You can also set a DVD+RW default drive write mode which is always used
Source=Paul Collins Startup list

[DVDCheck]
Number=2600
Confirmed=?
Filename=DVDCheck.exe
Description=Related to an <a href="http://www.intervideo.com/jsp/Home.jsp" target=_blank>Intervideo</a> program. <font color="#FF0000">What does it do and is it required in startup?</font>
Source=Paul Collins Startup list

[Dvdcompat]
Number=2601
Confirmed=X
Filename=Dvdcompat.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list

[DVDLauncher]
Number=2602
Confirmed=N
Filename=DVDLauncher.exe
Description=Part of Cyberlink's <a href="http://www.cyberlink.com/multi/products/main_12_ENU.html" target=_blank>Power Cinema</a> - allows you to play DVDs upon insertion

Source=Paul Collins Startup list

[DVDSentry]
Number=2603
Confirmed=N
Filename=DSentry.exe
Description=Anti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching, they decided to implement an anti-spyware service. Run manually before installation starts
Source=Paul Collins Startup list

[DVDTray]
Number=2604
Confirmed=N
Filename=DVDTray.exe
Description=HP CD/DVD Tray icon installed with the DVD writer software. Periodically checks for new drive firmware
Source=Paul Collins Startup list

[DVDUpgrade]
Number=2605
Confirmed=N
Filename=DVDUpgrd.exe
Description=Microsoft program to upgrade your DVD decoder program - see <a href="http://support.microsoft.com/default.aspx?scid=kb;en;306331" target=_blank>Q306331</a>. Available via Start -> Programs
Source=Paul Collins Startup list

[DVDXGhost]
Number=2606
Confirmed=N
Filename=DVDGhost.EXE
Description=<a href="http://www.region-free-dvd.com/" target=_blank>DVD Ghost</a> - "utility to make your software DVD players and DVD copy/backup softwares restriction-free, and copy/backup DVD to hard disk"

Source=Paul Collins Startup list

[Dvp95]
Number=2607
Confirmed=Y
Filename=Dvp95.exe
Description=Scan engine for <a href="http://www.f-secure.com/index.shtml" target="_blank">F-Secure</a> and Command antivirus software based on the <a href="http://www.f-prot.com" target="_blank">F-Prot AntiVirus</a> engine
Source=Paul Collins Startup list

[dvpapi9x]
Number=2608
Confirmed=Y
Filename=DVPAPI9X.exe
Description=Command AntiVirus for Windows 95/98/Me
Source=Paul Collins Startup list

[DvpInitExe]
Number=2609
Confirmed=Y
Filename=Dvpinit.exe
Description=<a href="http://www.authentium.com/command/" target="_blank">Command Antivirus</a> related
Source=Paul Collins Startup list

[dvprpt]
Number=2610
Confirmed=Y
Filename=Dvprpt.exe
Description=<a href="http://www.authentium.com/command/" target="_blank">Command Antivirus</a> related
Source=Paul Collins Startup list

[dvraudio]
Number=2611
Confirmed=X
Filename=dvraudio.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list

[dvsfss]
Number=2612
Confirmed=X
Filename=fbsfsdrs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotqa.html" target="_blank">SDBOT-QA</a> WORM!
Source=Paul Collins Startup list

[DVSync]
Number=2613
Confirmed=U
Filename=dvsync.exe
Description=DVSync is the program that allows you to synchronize your daVinci's PDA's data with your Personal Information Manager on the PC
Source=Paul Collins Startup list

[Dvx]
Number=2614
Confirmed=X
Filename=wsxsvc.exe
Description=<a href="http://www.spywareguide.com/product_show.php?id=727" target=_blank>Delfin Media Viewer</a> or "Promulgate" adware variant
Source=Paul Collins Startup list

[dw]
Number=2615
Confirmed=X
Filename=dw.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=DownloadWare&threatid=4620" target=_blank>DownloadWare</a> adware
Source=Paul Collins Startup list

[DW4]
Number=2616
Confirmed=N
Filename=Weather.exe
Description=<a href="http://www.weather.com/services/desktop.html?from=dt_hugheader&refer=dt_hugheader" target=_blank>Desktop Weather</a>
Source=Paul Collins Startup list

[DWHeartbeatMonitor]
Number=2617
Confirmed=U
Filename=DWHeartbeatMonitor.exe
Description=DWHeartbeatMonitor.exe is installed alongside the Weather.com instant messaging utility. This is a non-essential process. Disabling or enabling this is down to user preference
Source=Paul Collins Startup list

[DwlClient]
Number=2618
Confirmed=N
Filename=support.exe
Description=Download manager for Dell support alerts
Source=Paul Collins Startup list

[dwStart]
Number=2619
Confirmed=Y
Filename=FireWall.exe
Description=<a href="http://www.pcsecurityshield.com/webApp/208.asp" target=_blank>The Shield</a> firewall
Source=Paul Collins Startup list

[Dx]
Number=2620
Confirmed=X
Filename=sys*.exe [* = random number]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DEXTER.A" target="_blank">DEXTER.A</a> WORM!
Source=Paul Collins Startup list

[Dx8compat]
Number=2621
Confirmed=X
Filename=Dx8compat.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list

[dxdiags.exe]
Number=2622
Confirmed=X
Filename=dxdiags.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcertifg.html" target=_blank>CERTIF-G</a> TROJAN!
Source=Paul Collins Startup list

[DxDialog]
Number=2623
Confirmed=X
Filename=dxdlg32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbcxt.html" target="_blank">VB-CXT</a> TROJAN!
Source=Paul Collins Startup list

[dxdll32]
Number=2624
Confirmed=X
Filename=ntxdll.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030115-3820-99" target=_blank>GAOBOT.CPX</a> WORM!
Source=Paul Collins Startup list

[DXDllRegExe]
Number=2625
Confirmed=N
Filename=dxdllreg.exe
Description=Created when you select "Yes" to check the "WHQL Digital signatures" in the DirectX9 files at the first time you open it
Source=Paul Collins Startup list

[DxLoad]
Number=2626
Confirmed=X
Filename=DX3DRndr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-022511-4002-99" target="_blank">GIBE.B</a> WORM!
Source=Paul Collins Startup list

[DXM6Patch_981116]
Number=2627
Confirmed=N
Filename=p_981116.exe
Description=Win32 cabinet self extractor. More info <a href="http://groups.google.com/group/microsoft.public.win98.performance/browse_frm/thread/1bb6d199cdad3c95/24366de20a10c5d6?hl=en&rnum=18&prev=/groups%3Fq%3DP_981116.exe%26hl%3Den%26start%3D10%26sa%3DN#24366de20a10c5d6" target="_blank">here</a>
Source=Paul Collins Startup list

[dxmsrv]
Number=2628
Confirmed=X
Filename=dxmsrv.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Dxsty]
Number=2629
Confirmed=X
Filename=Dxsty.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list

[Dxupdate.exe]
Number=2630
Confirmed=X
Filename=Dxupdate.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102010-4632-99" target="_blank">MAFEG</a> WORM!
Source=Paul Collins Startup list

[dxvid]
Number=2631
Confirmed=X
Filename=dxvid.exe
Description=Added by Trojan-Downloader.Win32.Dluca.by TROJAN!
Source=Paul Collins Startup list

[DyFuCA]
Number=2632
Confirmed=X
Filename=optimize.exe
Description=Adult content dialler - see <a href="http://www.sophos.com/virusinfo/analyses/dialdyfucaa.html" target="_blank">here</a>
Source=Paul Collins Startup list

[DyFuCA Active Alert]
Number=2633
Confirmed=X
Filename=actalert.exe
Description=Adult content dialler - see <a href="http://www.sophos.com/virusinfo/analyses/dialdyfucaa.html" target="_blank">here</a>
Source=Paul Collins Startup list

[Dynamic DHCP]
Number=2634
Confirmed=X
Filename=dydhcp.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_RINBOT.B" target="_blank">RINBOT.B</a> TROJAN!
Source=Paul Collins Startup list

[Dynamic Dns Binary]
Number=2635
Confirmed=X
Filename=dynitora.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotwt.html" target=_blank>RBOT-WT</a> WORM!
Source=Paul Collins Startup list

[Dynamic Dns Binary]
Number=2636
Confirmed=X
Filename=CMD16.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxm.html" target= blank>RBOT-XM</a> WORM!
Source=Paul Collins Startup list

[Dynamic Dns Binary]
Number=2637
Confirmed=X
Filename=winxp34.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Dynamic Dns Binary]
Number=2638
Confirmed=X
Filename=WinHelpcfn.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Dynamic Link Library loader]
Number=2639
Confirmed=X
Filename=Loader32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-031416-1509-99" target=_blank>KOL</a> TROJAN!
Source=Paul Collins Startup list

[DynDNS Updater]
Number=2640
Confirmed=U
Filename=DynDNS.exe
Description=Dynamic DNS IP address updater tool, used as a client for Dynamic DNS service providers such as http://www.DynDNS.org
Source=Paul Collins Startup list

[DynDNS-Updater Traytool]
Number=2641
Confirmed=N
Filename=ddutray.exe
Description=<a href="http://www.dyndns.com/services/dns/dyndns/" target="_blank">DynDNS</a> updater tray icon - allows easy configuration of the Dynamic DNSSM service. Can be run manually
Source=Paul Collins Startup list

[DynHttp Dns Binary]
Number=2642
Confirmed=X
Filename=dynizari.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[DynSite]
Number=2643
Confirmed=U
Filename=DynSite.exe
Description=<a href="http://noeld.com/download.htm" target=_blank>DynSite</a> - dynamic DNS client, also called an automatic IP updater
Source=Paul Collins Startup list

[Dynu Basic Client]
Number=2644
Confirmed=U
Filename=dynubas.exe
Description=<a href="http://www.dynu.com/" target=_blank>Dynu</a> online dynamic IP update client. Useful when using a dial up modem

Source=Paul Collins Startup list

[DZKillMe]
Number=2645
Confirmed=?
Filename=DZSAVEME.EXE
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[D_V_T]
Number=2646
Confirmed=U
Filename=dvt.exe
Description=<a href="http://www.medical.philips.com/main/company/connectivity/dvt-tool/DVT.html" target="_blank">DICOM Validation Tool</a> - "DICOM is increasingly being used as the standard communication mechanism when integrating various medical products in a hospital environment"
Source=Paul Collins Startup list

[D_V_T]
Number=2647
Confirmed=?
Filename=dvt.exe
Description=Installation could be a crack/hack to NOD32 <a href="http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.windowsupdate&tid=bc156de4-638d-4d29-b49f-a9cb9e588a83&p=1" target="_blank">here</a>. Seen and removed in many logs. Investigate it further and if this file is present C:\d_v_t.reg then it should be fixed. Not to be confused with the DICOM entry <a href="http://www.sysinfo.org/startuplist.php?filter=DICOM" target="_blank">here</a>. Both files are located in the Windows/Windir directory
Source=Paul Collins Startup list

[E-Card]
Number=2648
Confirmed=X
Filename=ecard.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082217-3310-99" target="_blank">YODI</a> WORM!
Source=Paul Collins Startup list

[E-color]
Number=2649
Confirmed=U
Filename=IconMgr.Exe
Description=Sets the colour of your monitor when running games that recognise E-Color so that you get 'what the game designer intended' when you see the game. Also allows monitor callibration through a program called 3-Deep. If you play a lot of games it can be useful. Can be disabled from starting up from within the program
Source=Paul Collins Startup list

[E-nrgyPlus]
Number=2650
Confirmed=X
Filename=E-nrgyPlus.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-030816-3717-99" target=_blank>Energyplus</a> TRACKWARE! Tracks internet activity including websites visited and queries made at popular search engines. This information along with some system information is sent to a remote site
Source=Paul Collins Startup list

[e-Surveiller Station]
Number=2651
Confirmed=X
Filename=estation.exe
Description=Added by <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-022415-5224-99" target=_blank>ESurveiller</a> spyware. Note - ESurveiller is spyware that monitors and records keystrokes and mouse clicks, instant message conversations, Internet activity and applications used, must be manually installed
Source=Paul Collins Startup list

[E06DXLRD_7604703]
Number=2652
Confirmed=U
Filename=EDICT.EXE
Description=Related to <a href="http://encarta.msn.com/" target=_blank>Microsoft Encarta</a> dictionary functions
Source=Paul Collins Startup list

[E6TaskPanel]
Number=2653
Confirmed=N
Filename=TaskPanl.exe
Description=Earthlink Task Panel - part of <a href="http://www.earthlink.net/home/software/" target="_blank">Earthlink TotalAccess 2003</a> internet access software. Quick access to internet, E-mail and web-space
Source=Paul Collins Startup list

[eabconfg.cpl]
Number=2654
Confirmed=U
Filename=EabServr.exe
Description=Easy Access Buttons control panel on Compaq laptops. Only required if you use the extra keys
Source=Paul Collins Startup list

[Eac Download]
Number=2655
Confirmed=X
Filename=download.exe
Description=Webcelerator from eAcceleration speeds your Web browsing by both remembering where you have been and anticipating where you will go. Only needed if you find it improves web browsing. Now no longer available and supported and when available was classed as spyware - see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">here</a>
Source=Paul Collins Startup list

[EACLEAN]
Number=2656
Confirmed=U
Filename=eaclean.exe
Description=For Compaq PC's. <a href="http://h18000.www1.hp.com/support/techpubs/whitepapers/13W1-1200a-wwen.html" target="_blank"> Easy Access</a> button support for the keyboard
Source=Paul Collins Startup list

[Eac_Cnry]
Number=2657
Confirmed=X
Filename=canary.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcanary.html" target="_blank"> CANARY</a> TROJAN!
Source=Paul Collins Startup list

[Eac_rnvdl]
Number=2658
Confirmed=?
Filename=ANTIVIRUS_INSTALL.EXE
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[EanthologyApp]
Number=2659
Confirmed=U
Filename=EANTHO~1.EXE
Description=eAcceleration Stop-Sign security software related. Previously not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">here</a>
Source=Paul Collins Startup list

[EanthologyApp]
Number=2660
Confirmed=U
Filename=eanthology.exe
Description=eAcceleration Stop-Sign security software related. Previously not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">here</a>
Source=Paul Collins Startup list

[eanthology_install.exe]
Number=2661
Confirmed=U
Filename=eanthology_install.exe
Description=eAcceleration Stop-Sign security software related. Previously not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">here</a>
Source=Paul Collins Startup list

[eanth_critical_update_alert]
Number=2662
Confirmed=U
Filename=sys_alert.exe
Description=eAcceleration Stop-Sign security software related. Previously not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">here</a>
Source=Paul Collins Startup list

[eanth_system_patcher]
Number=2663
Confirmed=U
Filename=sys_alert.exe
Description=eAcceleration Stop-Sign security software related. Previously not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">here</a>
Source=Paul Collins Startup list

[Eapcisetup]
Number=2664
Confirmed=N
Filename=sbsetup.exe
Description=Rockwell RipTide soundcard application software. Sound works without it
Source=Paul Collins Startup list

[EAPCISETUP]
Number=2665
Confirmed=N
Filename=wizard.exe
Description=Part of the Creative Sounblaster PIC Installation Wizard. Probably left as a result of a failed installation
Source=Paul Collins Startup list

[Earthlink Protection Control Center]
Number=2666
Confirmed=Y
Filename=elnk_pcc.exe
Description=EarthLink <a href="http://www.earthlink.net/software/pcc/" target="_blank">Protection Control Center</a> - "powerful, integrated security program makes it easier than ever to protect yourself against viruses, spyware, and hackers-all from one convenient location"
Source=Paul Collins Startup list

[EarthLink ToolBar 5.0]
Number=2667
Confirmed=N
Filename=etoolbar.exe
Description=EarthLink Toolbar is a tool to help you get to all of the resources of the internet. EarthLink 5.0 Setup adds a few basic buttons to the Toolbar, but you can delete these or add more buttons any time
Source=Paul Collins Startup list

[Easy Key]
Number=2668
Confirmed=U
Filename=easykey.exe
Description=For programming of the built-in functions keys on some laptops (and maybe desktops). Required if these are used
Source=Paul Collins Startup list

[Easy Start Button]
Number=2669
Confirmed=N
Filename=esb.exe
Description=Provides functionality on certain laptops that have additional keys. Not required unless you use the extra keys
Source=Paul Collins Startup list

[Easy-PrintToolBox]
Number=2670
Confirmed=U
Filename=BJPSMAIN.EXE
Description=A utility to launch the applications that are bundled with a Canon bubblejet printer
Source=Paul Collins Startup list

[EasyAV]
Number=2671
Confirmed=X
Filename=EasyAV.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040512-2436-99" target="_blank">NETSKY.S</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040616-1824-99" target="_blank">NETSKY.T</a> WORMS!
Source=Paul Collins Startup list

[EasyDates]
Number=2672
Confirmed=X
Filename=EasyDates.exe
Description=Premium rate adult content dialler

Source=Paul Collins Startup list

[EasyDates_nl]
Number=2673
Confirmed=X
Filename=EasyDates_nl.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[EasyKey]
Number=2674
Confirmed=U
Filename=easykey.exe
Description=For programming of the built-in functions keys on some laptops (and maybe desktops). Required if these are used
Source=Paul Collins Startup list

[EasyKeyboardLogger]
Number=2675
Confirmed=U
Filename=EasyKeyboardLogger.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042216-1324-99" target=_blank>EasyKeyLogger</a> keystroke logger/monitoring program - remove unless you installed it yourself!

Source=Paul Collins Startup list

[EasyMessage]
Number=2676
Confirmed=U
Filename=em2.exe
Description=Easy Messenger, instant messenger for MSN, AOL, ICQ, and Yahoo. See <a href="http://www.easymessage.net/" target="_blank">here</a>
Source=Paul Collins Startup list

[EasySearchBar]
Number=2677
Confirmed=X
Filename=ESBUpdate.exe
Description=EasySearchBar adware downloader
Source=Paul Collins Startup list

[easyServ]
Number=2678
Confirmed=X
Filename=Server.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-080619-3837-99" target="_blank">EASYSERV</a> TROJAN!
Source=Paul Collins Startup list

[EasySync Pro]
Number=2679
Confirmed=U
Filename=XCPCMenu.exe
Description=<a href="http://www-142.ibm.com/software/sw-lotus/products/product4.nsf/wdocs/easysyncprohome" target="_blank">EasySync Pro</a> is a Lotus (now owned by IBM) program for synchronizing a PDA with Lotus Notes
Source=Paul Collins Startup list

[EasyTuneIII]
Number=2680
Confirmed=U
Filename=EasyTune.exe
Description=Tuning (overclocking) utility for Gigabyte motherboards. Shortcut available
Source=Paul Collins Startup list

[EasyTuneIV]
Number=2681
Confirmed=U
Filename=ET4Tray.exe
Description=Tuning (overclocking) utility for Gigabyte motherboards. Shortcut available
Source=Paul Collins Startup list

[easywww]
Number=2682
Confirmed=X
Filename=easywww2.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[EbatesMoeMoneyMaker]
Number=2683
Confirmed=N
Filename=wjview ...Code
Description=<a href="http://www.kephyr.com/spywarescanner/library/ebatesmoemoneymaker/index.phtml" target="_blank">Ebates</a> adware
Source=Paul Collins Startup list

[EbatesMoeMoneyMaker0]
Number=2684
Confirmed=X
Filename=EbatesMoeMoneyMaker0.exe
Description=<a href="http://www.kephyr.com/spywarescanner/library/ebatesmoemoneymaker/index.phtml" target="_blank">Ebates</a> adware
Source=Paul Collins Startup list

[eBay Toolbar]
Number=2685
Confirmed=X
Filename=EBAYTBAR.EXE
Description=<a href="http://pages.ebay.com/ebay_toolbar/" target="_blank">eBay Toolbar</a> - reportes as spyware as it &quot;phones home&quot;
Source=Paul Collins Startup list

[eBayToolbar]
Number=2686
Confirmed=U
Filename=eBayTBDaemon.exe
Description=<a href="http://pages.ebay.com/ebay_toolbar/" target=_blank>eBay</a> toolabar related - also contains eBay account Guard which monitors for fraudulent eBay sites
Source=Paul Collins Startup list

[eBoard]
Number=2687
Confirmed=U
Filename=Eboard.exe
Description=eMachines multimedia keyboard manager. Required if you use the extra keys
Source=Paul Collins Startup list

[eBot]
Number=2688
Confirmed=N
Filename=DownloadWizard.exe
Description=eBot from Digital River - "helps ensure your computer always has the latest technology, fixes, add-ons, upgrades and 'cool stuff'." Can optionally be installed with software such as Net Nanny internet filtering software. Available via Start -> Programs
Source=Paul Collins Startup list

[EC21]
Number=2689
Confirmed=U
Filename=EZQ.EXE
Description=Related to EC21. "<a href="http://www.ec21.com/" target="_blank">EC21</a> is the world’s largest B2B marketplace to facilitate online trades between exporters and importers from all around the world"
Source=Paul Collins Startup list

[ecko]
Number=2690
Confirmed=X
Filename=claro.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadraqj.html" target="_blank">DLOADR-AQJ</a> TROJAN!
Source=Paul Collins Startup list

[ecpe]
Number=2691
Confirmed=?
Filename=ECPE.EXE
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[eDataSecurity Loader]
Number=2692
Confirmed=U
Filename=eDSloader.exe
Description=Part of Acer Empowering Technology. "<a href="http://www.acer-euro.com/et/en/notebooks01.htm#1" target="_blank">Acer eDataSecurity Management</a> is a handy file encryption utility that protects files from being accessed by unauthorized persons, using passwords and advanced encryption algorithms"
Source=Paul Collins Startup list

[edexter]
Number=2693
Confirmed=N
Filename=edexter.exe
Description=<a href="http://www.pyrenean.com/edexter.php" target=_blank>eDexter</a> supplements internet filtering by substituting local images for filtered images in order to prevent browser stalls and other annoyances. Can be activated manually when starting the browser
Source=Paul Collins Startup list

[editpad]
Number=2694
Confirmed=X
Filename=editpad.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojconsperb.html" target="_blank">CONSPER-B</a> TROJAN!
Source=Paul Collins Startup list

[EDLoader]
Number=2695
Confirmed=N
Filename=DTLoader.exe
Description=Effective Desktop from MiniStars Software - desktop management software no longer being supported
Source=Paul Collins Startup list

[eDonkey2000]
Number=2696
Confirmed=U
Filename=edonkey2000.exe
Description=File sharing network - not recommended as the free version of this application should be avoided as it installs, without permission, New.Net, Webhancer, WebSearch Toolbar and WinTools
Source=Paul Collins Startup list

[EDRestore]
Number=2697
Confirmed=U
Filename=??
Description=<a href="http://www.easydesksoftware.com/spoint.htm" target="_blank">Set Point</a> from Easy Desk Software - "small utility that automatically sets System Restore points for WinME/XP"
Source=Paul Collins Startup list

[educational writer]
Number=2698
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlz.html" target="_blank">RBOT-LZ</a> WORM!
Source=Paul Collins Startup list

[Edwizard]
Number=2699
Confirmed=U
Filename=Edwizard.exe
Description=<a href="http://www.ediport.hu/_sgeasy.html" target="_blank">SafeGuard Easy</a> - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks"
Source=Paul Collins Startup list

[EDxMC110]
Number=2700
Confirmed=X
Filename=Isass.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vbnia.html" target="_blank">VB-NIA</a> WORM!
Source=Paul Collins Startup list

[EEventManager]
Number=2701
Confirmed=N
Filename=EEventManager.exe
Description=Part of the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/eeventmanager/" target="_blank">Epson Creativity Suite</a> supplied with their multi-function printer/scanners, Event Manager launches File Manager or PageManager for EPSON automatically when you press the B&W Start or Color Start button on the control panel in Scan mode
Source=Paul Collins Startup list

[eFax DllCmd]
Number=2702
Confirmed=U
Filename=J2GDllCmd.exe
Description=<a href="http://www.efax.com/en/efax/twa/page/download?rqcp=1" target="_blank">eFax Messenger</a> fax software
Source=Paul Collins Startup list

[eFax Tray Menu]
Number=2703
Confirmed=N
Filename=HotTray.exe
Description=eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available <a href="http://home.efax.com/I18N/FAQ/faq_uk.html" target="_blank">here</a>
Source=Paul Collins Startup list

[eFax Tray Menu]
Number=2704
Confirmed=U
Filename=J2GTray.exe
Description=<a href="http://www.efax.com/en/efax/twa/page/download?rqcp=1" target="_blank">eFax Messenger</a> fax software tray menu
Source=Paul Collins Startup list

[eFax.com Tray Menu]
Number=2705
Confirmed=N
Filename=HotTray.exe
Description=eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available <a href="http://home.efax.com/I18N/FAQ/faq_uk.html" target="_blank">here</a>
Source=Paul Collins Startup list

[efaxs lptt01]
Number=2706
Confirmed=X
Filename=efaxs.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "efaxs" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[efaxs ml097e]
Number=2707
Confirmed=X
Filename=efaxs.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "efaxs" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[EFI Job Monitor]
Number=2708
Confirmed=U
Filename=[path] efjm.dll,run
Description=Ricoh Imagio Printer/Scanner driver status monitor
Source=Paul Collins Startup list

[Efpap.exe]
Number=2709
Confirmed=U
Filename=Efpap.exe
Description=<a href="http://www.softstack.com/fileprotpro.html" target="_blank">Easy File &amp; Folder Protector</a>. Deny access to certain files and folders, or to hide them securely from viewing and searching
Source=Paul Collins Startup list

[ehTray]
Number=2710
Confirmed=U
Filename=ehtray.exe
Description=Enables the user to access Windows Messenger from within <a href="http://msdn.microsoft.com/library/en-us/MedctrSDK/htm/formoreinformation.asp" target="_blank">Windows Media Center Edition</a>
Source=Paul Collins Startup list

[ei10.exe]
Number=2711
Confirmed=X
Filename=ei10.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotnk.html" target=_blank>AGOBOT-NK</a> WORM!
Source=Paul Collins Startup list

[Eicon NetworksLAN_DAEMON]
Number=2712
Confirmed=U
Filename=watch.exe
Description=Associated with an <a href="http://www.eicon.com/worldwide/default.htm" target="_blank">Eicon Networks</a> ISDN or ADSL modem. Watch protocols your connection with numbers and duration. You need callvu.exe (from Start Menu) to see your connection statistics. You can manually start watch.exe before you go online. Needs diinfo.exe (started by DiTask) to work correctly which can be started manually
Source=Paul Collins Startup list

[Eicon TechnologyLAN_DAEMON]
Number=2713
Confirmed=U
Filename=watch.exe
Description=Associated with an <a href="http://www.eicon.com/worldwide/default.htm" target="_blank">Eicon Networks</a> ISDN or ADSL modem. Watch protocols your connection with numbers and duration. You need callvu.exe (from Start Menu) to see your connection statistics. You can manually start watch.exe before you go online. Needs diinfo.exe (started by DiTask) to work correctly which can be started manually
Source=Paul Collins Startup list

[eixfi]
Number=2714
Confirmed=X
Filename=china.bat
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BAT_WCUP.A" target="_blank">WCUP.A</a> WORM!
Source=Paul Collins Startup list

[Elbycheck]
Number=2715
Confirmed=U
Filename=ElbyCheck.exe
Description=From <a href="http://www.elby.org/" target="_blank">Elaborate Bytes</a> who make CloneCD - monitors the installed filters of CD-ROMs/DVD-ROMs. Note - under Win2K removing this from startup causes the CD drive in the computer to not be recognized in the OS and after rechecking it prompts that the driver has been corrupted and asks you to restart the computer to fix it
Source=Paul Collins Startup list

[Electron Microscope]
Number=2716
Confirmed=U
Filename=EMIII.exe
Description=Electron Microscope or <a href="http://www.em-dc.com/" target=_blank>EM</a> - is a program used to track Stanford's distributed computing program client called Folding at Home, <a href="http://folding.stanford.edu/" target=_blank>FAH</a>. It will monitor up to 50 clients and give you the details about each client's progress as the FAH client runs. EM will also show you what each change in the protein looks like as the process continues

Source=Paul Collins Startup list

[Element]
Number=2717
Confirmed=X
Filename=Element.txt
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2001-112112-1947-99" target="_blank">ELEM</a> TROJAN!
Source=Paul Collins Startup list

[element furth]
Number=2718
Confirmed=X
Filename=[path] repcale.exe [path] palsp.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDON.AN" target="_blank">RANDON.AN</a> WORM!
Source=Paul Collins Startup list

[elitemedia]
Number=2719
Confirmed=X
Filename=elitemediapop.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlowzonebb.html" target=_blank>LOWZONE-BB</a> TROJAN! Also known as Elitebar/EliteToolbar/EliteSidebar adware

Source=Paul Collins Startup list

[elm]
Number=2720
Confirmed=N
Filename=Elmenv.exe
Description=ViaTech eLicense for securing, distributing and selling music online
Source=Paul Collins Startup list

[ELNKProxy]
Number=2721
Confirmed=X
Filename=smproxy.exe
Description=<a href="http://www.spyany.com/program/article_spw_rm_Surfmonkey.html" target=_blank>Surfmonkey</a> adware
Source=Paul Collins Startup list

[ELSA WINman Suite]
Number=2722
Confirmed=U
Filename=Winmsuit.exe
Description=Allows you to totally customize your ELSA graphics card settings, including overclocking the GPU
Source=Paul Collins Startup list

[ElsaCapiCtl]
Number=2723
Confirmed=Y
Filename=Rcapi.exe
Description=Assumed to stand for Remote Common Application Programming Interface (RCAPI), this was installed with an Elsa Microlink ISDN modem. If it is not there you can not bring up the dialog box which is sometimes needed to reset the modem
Source=Paul Collins Startup list

[ELSAChipGuard]
Number=2724
Confirmed=U
Filename=elsavect.exe
Description=ChipGuard for ELSA graphics cards - monitoring solution which monitors both the GPU temperature and fan speed, and will halt the system if either are at dangerous levels and restore the default clock speeds upon reboot. Leave enabled if overclocking
Source=Paul Collins Startup list

[ELSBLaunch]
Number=2725
Confirmed=U
Filename=ELSBLaunch.exe
Description=EarthLink <a href="http://www.earthlink.net/software/free/spamblocker/" target="_blank">SpamBlocker</a>
Source=Paul Collins Startup list

[EMA.exe]
Number=2726
Confirmed=N
Filename=EMA.EXE
Description=Time management system which helps you to manage your time and appointments
Source=Paul Collins Startup list

[eMachines eBoard]
Number=2727
Confirmed=U
Filename=Eboard.exe
Description=eMachines multimedia keyboard manager. Required if you use the extra keys
Source=Paul Collins Startup list

[Email Protection]
Number=2728
Confirmed=Y
Filename=emlproxy.exe
Description=<a href="http://www.quickheal.co.in/" target="_blank">AntiVirus Quick Heal</a> - E-mail protection
Source=Paul Collins Startup list

[EmailScan]
Number=2729
Confirmed=Y
Filename=mcvsescn.exe
Description=Related to McAfee AntiVirus suite - used to automatically scan incoming e-mails

Source=Paul Collins Startup list

[eMakeSV]
Number=2730
Confirmed=X
Filename=EMAKESV.EXE
Description=<a href="http://www.spywareguide.com/product_show.php?id=1949" target=_blank>Switch</a> premium rate adult content dialler variant
Source=Paul Collins Startup list

[eMakeSV]
Number=2731
Confirmed=X
Filename=EMAKE2B.EXE
Description=<a href="http://www.spywareguide.com/product_show.php?id=1949" target=_blank>Switch</a> premium rate adult content dialer variant
Source=Paul Collins Startup list

[EMBASSY Trust Suite Secure Update]
Number=2732
Confirmed=U
Filename=AutoUpdate.exe
Description=Updates for Wave Systems Corp. <a href="http://www.wavesys.com/products/ets.html" target="_blank">Embassy Trust Suite</a> - "delivers advanced levels of security to the client PC using the TPM security chip found on most enterprise PCs today"
Source=Paul Collins Startup list

[eMCryT Sh3ars Panagers]
Number=2733
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawi.html" target=_blank>RBOT-AWI</a> WORM!
Source=Paul Collins Startup list

[EMMeter]
Number=2734
Confirmed=U
Filename=EMMeter.exe
Description="<a href="http://www.expressmetrix.com/products/em.asp" target="_blank">Express Meter</a> provides detailed information about how your software assets are being used. With Express Meter you can monitor application usage, identify software usage patterns, and control application launches—all of which can help you make better decisions about your IT investments"
Source=Paul Collins Startup list

[emoc0re]
Number=2735
Confirmed=X
Filename=emo.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotage.html" target= blank>AGOBOT-AGE</a> WORM!
Source=Paul Collins Startup list

[empin]
Number=2736
Confirmed=X
Filename=e121307.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076775" target="_blank">Delfin Media Viewer</a> adware related
Source=Paul Collins Startup list

[empin]
Number=2737
Confirmed=X
Filename=e121307.Stub.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076775" target="_blank">Delfin Media Viewer</a> adware related
Source=Paul Collins Startup list

[emsw.exe]
Number=2738
Confirmed=X
Filename=emsw.exe
Description=Attune HelpExpress - spyware. Disable and uninstall - see <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453075079" target="_blank">here</a>
Source=Paul Collins Startup list

[emule]
Number=2739
Confirmed=X
Filename=emule.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotalz.html" target=_blank>RBOT-ALZ</a> WORM!
Source=Paul Collins Startup list

[eMusicClient Systray]
Number=2740
Confirmed=N
Filename=eMusicClient.exe
Description=<a href="http://www.emusic.com/about/index.html" target=_blank>eMusic</a> MP3 download software
Source=Paul Collins Startup list

[EM_EXEC]
Number=2741
Confirmed=U
Filename=EM_EXEC.EXE
Description=Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as &quot;SmartMove&quot;. If you disable it and find you don't need it leave it disabled
Source=Paul Collins Startup list

[EN4060C Taskbar]
Number=2742
Confirmed=N
Filename=en4060ct.exe
Description=Comes with Efficient Networks DSL Modems. Little red/green/yellow flashing icon in system tray
Source=Paul Collins Startup list

[enBrowser]
Number=2743
Confirmed=X
Filename=[name of file]
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062915-3210-99" target=_blank>WINBO</a> adware
Source=Paul Collins Startup list

[encapsulated command tool]
Number=2744
Confirmed=?
Filename=wintr.com
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Encarta Dictionary Quickshelf]
Number=2745
Confirmed=N
Filename=QSHLFED.EXE
Description=<font color="#FF0000">Provides quick access to Encarta's Dictionary features?</font>
Source=Paul Collins Startup list

[ENCMONITOR]
Number=2746
Confirmed=N
Filename=monitor.exe
Description=The Encompass Monitor. This program is the Connect Direct Program.&nbsp; It is more trouble than it is worth and few use it
Source=Paul Collins Startup list

[Encoder Agent]
Number=2747
Confirmed=N
Filename=WMENCAGT.EXE
Description=MS Windows Media Encoder, which&nbsp;already has a shortcut in&nbsp;the Start Menu if installed
Source=Paul Collins Startup list

[Encompass_ENCMONTR]
Number=2748
Confirmed=U
Filename=ENCMONTR.EXE
Description=Optional simple browser from Yahoo (Encompass)
Source=Paul Collins Startup list

[ENCSurf]
Number=2749
Confirmed=?
Filename=surfboard.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Energizer FileSaver]
Number=2750
Confirmed=N
Filename=Energizer FileSaver.exe
Description=<a href="http://www.energizerups.com/productline.asp" target="_blank">Energizer FileSaver</a> - UPS back-up utility for Energizer UPS products. From their Tech Support staff this is known to have a memory leak since it's release - with no fix planned! It will grab 2-5 handles per second and crash the average system in less than 3 days - therefore not recommended
Source=Paul Collins Startup list

[EnergyPlugIn]
Number=2751
Confirmed=X
Filename=EnergyPlugin.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-061315-1440-99" target=_blank>EnergyPlugin</a> adware variant
Source=Paul Collins Startup list

[enginecs2]
Number=2752
Confirmed=U
Filename=enginecs2.exe
Description=<a href="http://www.securitysoft.com/myspace_filtering.asp?pageid=82" target="_blank">Cyber Sentinel</a> - internet filtering software
Source=Paul Collins Startup list

[EngUtil]
Number=2753
Confirmed=Y
Filename=EngUtil.exe
Description=Part of Roxio EasyCD Creator 6.0 - corrects any modification made to the Roxio Engine, it exits after checking
Source=Paul Collins Startup list

[Enh Win Updt]
Number=2754
Confirmed=X
Filename=enhupdt.exe
Description=Adware downloader - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan-Downloader.Win32.OneClickNetSearch.h
Source=Paul Collins Startup list

[enhance32]
Number=2755
Confirmed=X
Filename=enhance32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list

[EnigmaPopupStop]
Number=2756
Confirmed=N
Filename=EnigmaPopupStop.exe
Description=Part of Enigma SpyHunter - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#sh_note" target="_blank">note</a>
Source=Paul Collins Startup list

[ENSApServer2_0]
Number=2757
Confirmed=?
Filename=APSERVER.EXE
Description=<a target="_blank" href="http://www.intel.com/support/network/anypoint/">Intel AnyPoint</a> Wireless II Home Network related. Now discontinued. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[ENSMIX32.EXE]
Number=2758
Confirmed=?
Filename=ENSMIX32.EXE
Description=Sound card driver. <font color="#FF0000"> Is it required?</font>
Source=Paul Collins Startup list

[EnsoniqMixer]
Number=2759
Confirmed=U
Filename=starter.exe
Description=Puts the Ensoniq mixer in system tray. From Ensoniq Technologies "Our mixer is a critical part of the soundcard as it fixes sound problems and replaces the MS mixer which can no longer be used". If you find you don't need it - try one of the solutions on <a href="http://www.pacs-portal.co.uk/startup_pages/starter_exe.htm" target=_blank>this</a> special page. Similar to Creative PCI Audio Configuration Utility
Source=Paul Collins Startup list

[Entbloess 2]
Number=2760
Confirmed=U
Filename=Entbloess2.exe
Description=Related to Window-Switcher (now <a href="http://www.reflexvision.net/" target=_blank>Reflex Vision</a>) - it allows you to see previews of all your open applications via a single keystroke in a manner similar to Apple's Exposé, for Windows 2K/XP
Source=Paul Collins Startup list

[Enterra Icon Keeper]
Number=2761
Confirmed=U
Filename=IcnKeepr.exe
Description=<a href="http://www.enterra-soft.com/" target=_blank>Icon Keeper</a> - "tool to save and restore icon positions on the desktop"

Source=Paul Collins Startup list

[Enumerate Service]
Number=2762
Confirmed=X
Filename=wsys.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-112614-4025-99" target="_blank">MANIFEST</a> TROJAN!
Source=Paul Collins Startup list

[EnvyHFCPL]
Number=2763
Confirmed=Y
Filename=EnMixCPL.exe
Description=VIA <a href="http://www.via.com.tw/en/products/audio/controllers/envy24/" target= blank>Envy24</a> PCI Audio Controller driver
Source=Paul Collins Startup list

[eonemng]
Number=2764
Confirmed=U
Filename=eOneMng.exe
Description=eOne Manager, provides access to the buttons on the keyboard and on the front of the console for the eMachines eOne PC
Source=Paul Collins Startup list

[EOUApp]
Number=2765
Confirmed=U
Filename=EOUWiz.exe
Description=Intel ProSET Wireless related - provides additional configuration options for these devices
Source=Paul Collins Startup list

[EOUWiz]
Number=2766
Confirmed=U
Filename=EOUWiz.exe
Description=Intel ProSET Wireless related - provides additional configuration options for these devices
Source=Paul Collins Startup list

[ePower_DMC]
Number=2767
Confirmed=U
Filename=ePower_DMC.exe
Description=Part of Acer Empowering Technology. "<a href="http://www.acer-euro.com/et/en/notebooks01.htm#7" target="_blank">Acer ePower Management</a> is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles"
Source=Paul Collins Startup list

[EPoXUSDM]
Number=2768
Confirmed=U
Filename=USDM.EXE
Description=<a href="http://www.epox.com.tw/eng/index.php" target=_blank>EPoX</a> Universal Serial Data Monitor - a diagnostics tool that shows Temps, Fan Speeds, Voltages...etc
Source=Paul Collins Startup list

[ePrint 3.0 Service]
Number=2769
Confirmed=N
Filename=EPRINT3.EXE
Description=LEADTOOLS <a href="http://www.eprintdriver.com/" target=_blank>ePrint</a> file conversion software - "convert any file to and from over 150 document and image formats including searchable PDF, DOC, HTML, TXT, Multi-page TIFF, JPG, GIF, PNG and many more!" Can be started manually

Source=Paul Collins Startup list

[ePrint 4.0 Service]
Number=2770
Confirmed=N
Filename=EPRINT4.EXE
Description=A component of the "LEADTOOLS <a href="http://www.eprintdriver.com/" target=_blank>ePrint</a> File Conversion Software - Convert ANY file to and from over 150 document and image formats including searchable PDF, DOC, HTML, TXT , Multi-page TIFF, JPG, GIF, PNG and many more!" Can be started manually
Source=Paul Collins Startup list

[ePrompter]
Number=2771
Confirmed=U
Filename=ePrompter.exe
Description=<a href="http://www.eprompter.com/" target="_blank">ePrompter</a> - E-mail notification software
Source=Paul Collins Startup list

[EPS]
Number=2772
Confirmed=N
Filename=e_srcv02.exe
Description=According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
Source=Paul Collins Startup list

[EPS]
Number=2773
Confirmed=N
Filename=e_srcv03.exe
Description=According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
Source=Paul Collins Startup list

[EPSON Background Monitor]
Number=2774
Confirmed=N
Filename=STMS.EXE
Description=Supposed to keep an Epson printer ready for quick printing.&nbsp; Users report little difference whether it is on or not
Source=Paul Collins Startup list

[EPSON CardMonitor]
Number=2775
Confirmed=U
Filename=EPSON CardMonitor1.0.exe
Description=Monitors the PCMCIA memory card slot on EPSON cameras and printers and launches PhotoStarter or PhotoPrint
Source=Paul Collins Startup list

[EPSON Status Monitor 3 Environment Check]
Number=2776
Confirmed=N
Filename=e_srcv03.exe
Description=According to the Epson info: &quot;Use this utility to automatically check for errors and also check the level of ink remaining.&quot; This utility can also be started on demand when about to print as follows: File menu &gt; Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
Source=Paul Collins Startup list

[EPSON Status Monitor 3 Environment Check]
Number=2777
Confirmed=N
Filename=e_srcv02.exe
Description=According to the Epson info: &quot;Use this utility to automatically check for errors and also check the level of ink remaining.&quot; This utility can also be started on demand when about to print as follows: File menu &gt; Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
Source=Paul Collins Startup list

[EPSON Status Monitor 3 Environment Check 2]
Number=2778
Confirmed=N
Filename=e_srcv03.exe
Description=According to the Epson info: &quot;Use this utility to automatically check for errors and also check the level of ink remaining.&quot; This utility can also be started on demand when about to print as follows: File menu &gt; Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
Source=Paul Collins Startup list

[EPSON Status Monitor 3 Environment Check 2]
Number=2779
Confirmed=N
Filename=e_srcv02.exe
Description=According to the Epson info: &quot;Use this utility to automatically check for errors and also check the level of ink remaining.&quot; This utility can also be started on demand when about to print as follows: File menu &gt; Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
Source=Paul Collins Startup list

[EPSON Stylus C44 Series]
Number=2780
Confirmed=U
Filename=E_S10IC2.EXE
Description=Epson Stylus C44 Series printer monitor - for checking ink levels, etc
Source=Paul Collins Startup list

[EPSON Stylus C46 Series]
Number=2781
Confirmed=U
Filename=E_S4I0T1.EXE
Description=Epson Stylus C46 Series printer monitor - for checking ink levels, etc
Source=Paul Collins Startup list

[Epson Stylus C62 Series]
Number=2782
Confirmed=U
Filename=E-S0BIC1.EXE
Description=Required for an interface to some versions of MS Word to ensure that some fonts are printed correctly. Start it manually if required
Source=Paul Collins Startup list

[Epson Stylus C82 Series]
Number=2783
Confirmed=U
Filename=e_s0hic1.EXE
Description=Required for an interface to some versions of MS Word to ensure that some fonts are printed correctly. Start it manually if required
Source=Paul Collins Startup list

[EPSON Stylus DX4800 Series]
Number=2784
Confirmed=?
Filename=E_FATIADE.EXE
Description=Related to Epson Stylus DX4800 Series printer - <font color="#FF0000">what does it do and is it required in startup?</font>
Source=Paul Collins Startup list

[EPSON Stylus Photo R300 Series]
Number=2785
Confirmed=U
Filename=E_S4I2F1.EXE
Description=Epson Status Monitor 3 for the Epson Stylus Photo R300 (and probably others) printers - monitors the status of ink levels, a print job spooled to that printer, etc
Source=Paul Collins Startup list

[EPSON Stylus Photo RX420 Series]
Number=2786
Confirmed=U
Filename=E_FATI9CE.EXE
Description=Related to the EPSON Stylus Photo RX420 Series printer/scanner/copier
Source=Paul Collins Startup list

[EpsonPhotoStarter]
Number=2787
Confirmed=U
Filename=EPSON_PhotoStarter.exe
Description=Only needed if you want to make full use of the capabilities of an Epson printer that included this&nbsp;
Source=Paul Collins Startup list

[Eptr]
Number=2788
Confirmed=X
Filename=nopdb.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[EQAdvice]
Number=2789
Confirmed=X
Filename=EQAdvice.exe
Description=Added by <a href="http://www.superadblocker.com/definition/eqadvice/" target=_blank>NewAds1</a> ADAWARE!

Source=Paul Collins Startup list

[EQArticle]
Number=2790
Confirmed=U
Filename=EQArticle.exe
Description=<a href="http://www.spyany.com/program/article_adw_rm_EQArticle.html" target="_blank">EQArticle</a> adware
Source=Paul Collins Startup list

[Equipmen]
Number=2791
Confirmed=?
Filename=Equipmen.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Eraser]
Number=2792
Confirmed=U
Filename=eraser.exe
Description=<a href="http://www.heidi.ie/eraser/" target=_blank>Eraser</a> allows for complete removal of data from your hard drive
Source=Paul Collins Startup list

[eRecoveryService]
Number=2793
Confirmed=U
Filename=check.exe
Description=Acer Notebook related. Acer eRecovery allows the user to restore the operating system or backup the current system profile, thus ensuring system integrity
Source=Paul Collins Startup list

[eRecoveryService]
Number=2794
Confirmed=U
Filename=Monitor.exe
Description=Part of Acer Empowering Technology. "<a href="http://www.acer-euro.com/et/en/notebooks01.htm#4" target="_blank">Acer eRecovery Management</a> is a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager"
Source=Paul Collins Startup list

[EReg]
Number=2795
Confirmed=N
Filename=reg32.exe
Description=EReg is a software registration tool incorporated on products such as those by Brřderbund, Connectix, Hewlett-Packard, The Learning Company, and Sierra. Needless to say you don't need it
Source=Paul Collins Startup list

[erfgddfk]
Number=2796
Confirmed=X
Filename=wind2ll2.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-112515-0448-99" target=_blank>BEAGLE.CQ</a> WORM!
Source=Paul Collins Startup list

[erghgjhgdr]
Number=2797
Confirmed=X
Filename=windlhhl.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030110-5115-99" target=_blank>BEAGLE.BG</a> WORM!
Source=Paul Collins Startup list

[erghgjhjgdr]
Number=2798
Confirmed=X
Filename=windlhhl.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030110-5115-99" target=_blank>BEAGLE.BG</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030113-2829-99" target=_blank>BEAGLE.BH</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030115-3932-99" target=_blank>BEAGLE.BI</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030115-4032-99" target=_blank>BEAGLE.BJ</a> WORMS!
Source=Paul Collins Startup list

[erm]
Number=2799
Confirmed=?
Filename=erm.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[eros.exe]
Number=2800
Confirmed=X
Filename=eros.exe
Description=Adult content dailler
Source=Paul Collins Startup list

[Error Nuker]
Number=2801
Confirmed=N
Filename=ErrorNuker.exe
Description=<a href="http://www.errornuker.com/" target= blank>ErrorNuker</a> registry cleaner - only required if you want the application to run a scan at startup. The program can be launched manually if required
Source=Paul Collins Startup list

[Error Safe]
Number=2802
Confirmed=N
Filename=ers.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-012017-0346-99" target="_blank">ErrorSafe</a> security risk that may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported threats
Source=Paul Collins Startup list

[ErrorGuard]
Number=2803
Confirmed=X
Filename=ErrorGuard.exe
Description=Spyware remover - not recommended, see <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094197" target="_blank">here</a>
Source=Paul Collins Startup list

[errorhandler]
Number=2804
Confirmed=X
Filename=errorhandler.exe
Description=Added by <a href="http://www.fileresearchcenter.com/E/ERRORHANDLER.EXE-7350.html" target=_blank>ErrorHandler</a> ADAWARE!

Source=Paul Collins Startup list

[ERS]
Number=2805
Confirmed=N
Filename=ers_startupmon.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-012017-0346-99" target="_blank">ErrorSafe</a> security risk that may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported threats
Source=Paul Collins Startup list

[erscw]
Number=2806
Confirmed=N
Filename=erscw.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-012017-0346-99" target="_blank">ErrorSafe</a> security risk that may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported threats
Source=Paul Collins Startup list

[ERS_check]
Number=2807
Confirmed=N
Filename=ers_startupmon.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-012017-0346-99" target="_blank">ErrorSafe</a> security risk that may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported threats
Source=Paul Collins Startup list

[erthegdr]
Number=2808
Confirmed=X
Filename=windll2.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-091216-4524-99" target=_blank>BEAGLE.CG</a> WORM!
Source=Paul Collins Startup list

[erthgdr]
Number=2809
Confirmed=X
Filename=windll.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080911-3251-99" target="_blank">BEAGLE.AO</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-083115-2542-99" target="_blank">BEAGLE.AQ</a> WORMS!
Source=Paul Collins Startup list

[erthgdr]
Number=2810
Confirmed=X
Filename=svc.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041600-0244-99" target= blank>BEAGLE.BN</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042115-2906-99" target= blank>BEAGLE.BP</a> WORM!
Source=Paul Collins Startup list

[erthgdr2]
Number=2811
Confirmed=X
Filename=svc23.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.CG&VSect=P" target=_blank>BAGLE.CG</a> WORM!
Source=Paul Collins Startup list

[ERTS0749]
Number=2812
Confirmed=?
Filename=ERTS0749.exe
Description=IBM Warranty Notification - <font color="#FF0000">presumably it's a reminder to either register or that warranty is about to expire?</font>
Source=Paul Collins Startup list

[ERUNT AutoBackup]
Number=2813
Confirmed=U
Filename=AUTOBACK.EXE
Description=<a href="http://www.larshederer.homepage.t-online.de/erunt/" target="_blank">ERUNT</a> backup utility - when added to the user's startup folder automatically backs up the registry each time the system boots, resulting in numerous backups that can be restored
Source=Paul Collins Startup list

[eSafe Protect]
Number=2814
Confirmed=Y
Filename=ESPWatch.exe
Description=<a href="http://www.esafe.com/esafe/default.asp?cf=tl" target="_blank">eSafe</a> from Aladdin - internet security for gateway and E-mail servers
Source=Paul Collins Startup list

[ESB]
Number=2815
Confirmed=U
Filename=esb.exe
Description=Easy Start Button - provides functionality on certain laptops that have additional keys. Not required unless you use the extra keys
Source=Paul Collins Startup list

[eScan Monitor]
Number=2816
Confirmed=Y
Filename=AVKWCTL9X.EXE
Description=MicroWorld <a href="http://www.mwti.net/products/escan/escan_antivirus/escanantivirus.asp" target="_blank">eScan</a> antivirus
Source=Paul Collins Startup list

[eScan Scheduler]
Number=2817
Confirmed=U
Filename=avkserv.exe
Description=MicroWorld <a href="http://www.mwti.net/products/escan/escan_antivirus/escanantivirus.asp" target="_blank">eScan</a> antivirus scheduler
Source=Paul Collins Startup list

[eScan Updater]
Number=2818
Confirmed=U
Filename=Trayicos.exe
Description=MicroWorld <a href="http://www.mwti.net/products/escan/escan_antivirus/escanantivirus.asp" target="_blank">eScan</a> antivirus updater - allows users to automatically download updates and set the auto time interval for downloads
Source=Paul Collins Startup list

[EScorcher]
Number=2819
Confirmed=X
Filename=escorcher.exe
Description=Part of <a href="http://www.escorcher.com/" target="_blank">eScorcher</a> anti-virus software - responsible for performing virus checks and deletions. Used to collect information about the user and therefore treated as spyware - now the web-site is dead
Source=Paul Collins Startup list

[ESFTP]
Number=2820
Confirmed=N
Filename=esftp.exe
Description=<a href="http://esftp.com/features.html" target="_blank">ESftp</a> - FTP client for transfering files between a local PC and another remote computer
Source=Paul Collins Startup list

[Esoh]
Number=2821
Confirmed=X
Filename=Esoh123.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.FF" target=_blank>AGOBOT.FF</a> WORM!

Source=Paul Collins Startup list

[Especial]
Number=2822
Confirmed=X
Filename=Deneca.bat
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050909-4602-99" target= blank>DELUZ</a> VIRUS!
Source=Paul Collins Startup list

[ESPN BottomLine]
Number=2823
Confirmed=N
Filename=bline.exe
Description=ESPN BottomLine. "You can dock the BottomLine to the top or bottom of your screen or drag it around on your desktop, without even worrying about a browser. As long you keep the BottomLine running, you will continue to receive live scores and breaking news, and by clicking on any score or news item, you will be taken directly to the corresponding page on ESPN.com for a full break down."
Source=Paul Collins Startup list

[ESS Daemon]
Number=2824
Confirmed=?
Filename=Essd.exe
Description=Related to an ESS based soundacard. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list

[essapm]
Number=2825
Confirmed=?
Filename=essapm.exe
Description=ESS Solo soundcard driver. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list

[Essdc]
Number=2826
Confirmed=Y
Filename=essdc.exe
Description=Related to an ESS Solo soundcard. Seems as though it's required
Source=Paul Collins Startup list

[ESSNDSYS]
Number=2827
Confirmed=?
Filename=ESSNDSYS.EXE
Description=Related to an ESS based soundacard. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list

[ESSOLO]
Number=2828
Confirmed=Y
Filename=ESSOLO.exe
Description=Sound card driver that re-instates itself every time it's removed
Source=Paul Collins Startup list

[esspk]
Number=2829
Confirmed=Y
Filename=esspk.exe
Description=ESS Technology modem speaker driver file. Required to get on-line with this modem
Source=Paul Collins Startup list

[EssSpkPhone]
Number=2830
Confirmed=U
Filename=essspk.exe
Description=ESS Technologies Call waiting, which gets installed by the drivers for V92 modems based on ESS Technologies chipsets
Source=Paul Collins Startup list

[eSupInit]
Number=2831
Confirmed=?
Filename=eSupCmd.exe
Description=Related to <a href="http://www.support.com/" target="_blank">SupportSoft</a> (aka Support.com) "Real-Time Service Management software". <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[ETB Tester]
Number=2832
Confirmed=X
Filename=etbtest.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabr.html" target= blank>RBOT-ABR</a> WORM!
Source=Paul Collins Startup list

[etbrun]
Number=2833
Confirmed=X
Filename=elit***32.exe [* = random char]
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-083109-1455-99" target=_blank>EliteBar</a> adware
Source=Paul Collins Startup list

[Ethernet]
Number=2834
Confirmed=N
Filename=tcaudiag.exe
Description=3Com NIC Installation/Diagnostic MFC application. Diagnostics may be run from the Start -&gt; Programs
Source=Paul Collins Startup list

[ethernet]
Number=2835
Confirmed=X
Filename=airftp.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[ethernet]
Number=2836
Confirmed=X
Filename=msnger.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[ethernet]
Number=2837
Confirmed=X
Filename=msftp.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BXJ&VSect=P" target=_blank>SDBOT.BXJ</a> WORM!
Source=Paul Collins Startup list

[Ethernet Drivers]
Number=2838
Confirmed=X
Filename=smrrs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaak.html" target=_blank>RBOT-AAK</a> WORM!
Source=Paul Collins Startup list

[Ethernet Drivers]
Number=2839
Confirmed=X
Filename=ethernet.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-012609-1021-99" target= blank>GAOBOT.CEZ</a> WORM!
Source=Paul Collins Startup list

[Etraffic]
Number=2840
Confirmed=X
Filename=JavaRun.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453059998" target="_blank">TopMoxie</a> adware
Source=Paul Collins Startup list

[eTrust EZ Firewall]
Number=2841
Confirmed=Y
Filename=efpeadm.exe
Description=<a href="http://www1.my-etrust.com/products/Firewall.cfm" target="_blank">eTrust EZ Firewall</a>
Source=Paul Collins Startup list

[eTrust PestPatrol Active Protection]
Number=2842
Confirmed=U
Filename=PPActiveDetection.exe
Description=<a href="http://www.pestpatrol.com/" target=_blank>PestPatrol</a> real-time protection feature. "Stops spyware before it infects your system"
Source=Paul Collins Startup list

[eTrust Realtime Monitor]
Number=2843
Confirmed=X
Filename=realmon.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LAZAR.B" target="_blank">LAZAR.B</a> TROJAN!
Source=Paul Collins Startup list

[eTrustCIPE]
Number=2844
Confirmed=Y
Filename=ezdsmain.exe
Description=eTrust EZ Deskshield from Computer Associates. Protects against malicious email attachments and unauthorized use of email by detecting and blocking unusual behavior
Source=Paul Collins Startup list

[eTunnel]
Number=2845
Confirmed=X
Filename=winfw.exe
Description=Added by an unidentified TROJAN!
Source=Paul Collins Startup list

[EUP Service]
Number=2846
Confirmed=X
Filename=eupsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotq.html" target="_blank">DELBOT-Q</a> WORM!
Source=Paul Collins Startup list

[EuroGlot]
Number=2847
Confirmed=U
Filename=EuroGlot.exe
Description=<a href="http://www.euroglot.nl/en/producten.html?category=over_euroglot" target="_blank">Euroglot</a> - "multilanguage translating system, available in the languages Dutch, English, French, German, Spanish and Italian"
Source=Paul Collins Startup list

[Event Log]
Number=2848
Confirmed=?
Filename=eventlog.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Event Planner Reminders]
Number=2849
Confirmed=N
Filename=PLNRnote.exe
Description=Sierra Event Planner tray icon
Source=Paul Collins Startup list

[Event Reminder]
Number=2850
Confirmed=N
Filename=pmremind.exe
Description=A calendar/alarm program that installs with Brřderbund Printmaster
Source=Paul Collins Startup list

[EventApplicationCmd]
Number=2851
Confirmed=X
Filename=smschk.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotao.html" target=_blank>IRCBOT-AO</a> TROJAN!
Source=Paul Collins Startup list

[EVENTLISTENER]
Number=2852
Confirmed=U
Filename=EvLstnr.exe
Description=Used with a Nikon digital camera to recognize when the camera is plugged in
Source=Paul Collins Startup list

[eventmgr]
Number=2853
Confirmed=N
Filename=eventmgr.exe
Description=Used with a Microtek scanner. Manages the scanner's button events. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[eventwvr]
Number=2854
Confirmed=X
Filename=eventwvr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcosiamg.html" target=_blank>COSIAM_G</a> TROJAN!

Source=Paul Collins Startup list

[Evidence Cleaner]
Number=2855
Confirmed=U
Filename=ecleaner.exe
Description=<a href="http://www.evidence-cleaner.net/" target= blank>Evidence Cleaner</a> cleans up tracks left by your PC and Internet activities
Source=Paul Collins Startup list

[Evidence Eliminator]
Number=2856
Confirmed=N
Filename=ee.exe
Description=<a href="http://www.evidence-eliminator.com/product.d2w" target="_blank">Evidence Eliminator</a> - cover the tracks of your browsing habits and E-mails if you think you need to. Run manually on a regular basis
Source=Paul Collins Startup list

[Evil]
Number=2857
Confirmed=X
Filename=Evil.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-091514-0637-99" target=_blank>MYTOB.JM</a> WORM!
Source=Paul Collins Startup list

[evntsvc]
Number=2858
Confirmed=N
Filename=evntsc.exe
Description=Application Scheduler installed along with <a href="http://www.real.com/" target="_blank">RealOne Player</a>. Once installed, it runs independently of RealOne Player. See <a href="http://www.mikescomputerinfo.com/TkBellExe.htm" target="_blank">here</a> for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
Source=Paul Collins Startup list

[EVOLOSTA]
Number=2859
Confirmed=U
Filename=EVOLOSTA.EXE
Description=Evolo Status Monitor for wireless network cards. Allows a user to enter a specific access-point mode SSID, peer-to-peer mode channel, link speed, WEP encryption options, and has enable/disable and rescan buttons. It is not needed if using Windows XP or higher, as they have this built-in to the control panel. Also, if the user is very sure that there is ONLY ONE network available to connect to, then they can remove this. If it is not in startup, and the user needs to run it, they can simply type EVOLOSTA in the Start -> Run dialog to run it
Source=Paul Collins Startup list

[Evoluent Mouse Manager]
Number=2860
Confirmed=U
Filename=EvoMouExec.exe
Description=Mouse manager for Evoluent <a href="http://www.evoluent.com/vmouse2.html" target="_blank">VertcialMouse</a>
Source=Paul Collins Startup list

[EvtHtm]
Number=2861
Confirmed=X
Filename=evthtm.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list

[EW Message Server]
Number=2862
Confirmed=U
Filename=msg32.exe
Description=Conexant (older versions are Brooktree) Wavestream Message Server - associated with Conexant based audio devices
Source=Paul Collins Startup list

[eWare Startup]
Number=2863
Confirmed=N
Filename=iWareStart.exe
Description=<a href="http://www.eware.com/about/index.asp" target="_blank">eWare</a> iWare task bar. Not required
Source=Paul Collins Startup list

[ewupdater]
Number=2864
Confirmed=X
Filename=ewupdater.exe
Description=<a href="http://www.kephyr.com/spywarescanner/library/easywebsearch/index.phtml" target="_blank">EasyWebSearch</a> adware updater
Source=Paul Collins Startup list

[example]
Number=2865
Confirmed=X
Filename=[random filename].exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-112915-5158-99" target=_blank>NUCLEAR</a> TROJAN! Note - this trojan file is found in the Windows\NR or Winnt\NR folder
Source=Paul Collins Startup list

[Excite Platform]
Number=2866
Confirmed=N
Filename=Exlaunch.exe
Description=Loads an Icon in the startup tray that allows you to receive service update notices for Excite@Home if you desire (note that since Excite@Home appears to be winding down this becomes irrelevant). May also allow you to kill the Excite Toolbar that automatically loads in Internet Explorer
Source=Paul Collins Startup list

[Excite Private Messenger Pipe]
Number=2867
Confirmed=?
Filename=x8impipe.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[ExciteAssistantEXE]
Number=2868
Confirmed=N
Filename=ASSISTANT.EXE
Description=With Excite Assistant, you can access a wide variety of online information, including email, news, and stock quotes without having to have a browser window open
Source=Paul Collins Startup list

[exdl.exe]
Number=2869
Confirmed=X
Filename=exdl.exe
Description=<a href="http://sarc.com/avcenter/venc/data/adware.bargainbuddy.html" target="_blank">BargainBuddy</a> foistware
Source=Paul Collins Startup list

[exe lptt01]
Number=2870
Confirmed=X
Filename=exe.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Exe" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[exe ml097e]
Number=2871
Confirmed=X
Filename=exe.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Exe" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[execfg4]
Number=2872
Confirmed=X
Filename=execfg4.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-081509-0110-99" target="_blank">ELECTRON</a> WORM!
Source=Paul Collins Startup list

[ExecUser]
Number=2873
Confirmed=X
Filename=ExecUser.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!

Source=Paul Collins Startup list

[Execute]
Number=2874
Confirmed=?
Filename=delfolders.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[ExeName32]
Number=2875
Confirmed=X
Filename=Warm.scr
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121115-2525-99" target="_blank">SCOLD</a> WORM!
Source=Paul Collins Startup list

[ExFilter]
Number=2876
Confirmed=X
Filename=Rundll32.exe [path] cdnspie.dll, ExecFilter
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453097703" target="_blank">CNNIC Update</a> pest
Source=Paul Collins Startup list

[exgiwsl]
Number=2877
Confirmed=?
Filename=exgiwsl.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Exif Launcher]
Number=2878
Confirmed=U
Filename=Exiflaquickdcr.exe
Description=USB mass storage driver used by some digital cameras such as the Fuji Finepix. Only required if you use it regularly
Source=Paul Collins Startup list

[Exif Launcher]
Number=2879
Confirmed=U
Filename=QuickDCF.exe
Description=USB mass storage driver used by some digital cameras such as the Fuji Finepix. Only required if you use it regularly
Source=Paul Collins Startup list

[ExitKiller]
Number=2880
Confirmed=U
Filename=Ekiller.exe
Description=<a href="http://www.exitkiller.net/" target="_blank">Exit Killer</a> - automatically closes pop-up windows in your browser
Source=Paul Collins Startup list

[exmon]
Number=2881
Confirmed=?
Filename=hpimoniter.exe
Description=<font color="#FF0000">Some kind of hp digital camera maybe or a photo smart connection probe?</font>
Source=Paul Collins Startup list

[Exn]
Number=2882
Confirmed=X
Filename=exn.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_IRCBOT.RJ" target="_blank">IRCBOT.RJ</a> WORM!
Source=Paul Collins Startup list

[EXPL0RE.EXE]
Number=2883
Confirmed=X
Filename=EXPL0RE.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpopnoa.html" target=_blank>POPNO-A</a> TROJAN! Note that the filename is spelled using the digit "0" instead of the uppercase letter "o"
Source=Paul Collins Startup list

[Expl0rer soft]
Number=2884
Confirmed=X
Filename=expl0rer.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqr.html" target=_blank>RBOT-AQR</a> WORM!
Source=Paul Collins Startup list

[expler]
Number=2885
Confirmed=X
Filename=Updadv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassn.html" target=_blank>QQPASS-N</a> TROJAN!
Source=Paul Collins Startup list

[Explkw]
Number=2886
Confirmed=X
Filename=expup.exe
Description=Keywords hijacker
Source=Paul Collins Startup list

[explore]
Number=2887
Confirmed=X
Filename=explore.exe
Description=Added by any number of VIRUSES, WORMS or TROJANS!
Source=Paul Collins Startup list

[Explore]
Number=2888
Confirmed=X
Filename=Explorer.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080713-1333-99" target=_blank>IRC.FLOOD.G</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually!
Source=Paul Collins Startup list

[Explore]
Number=2889
Confirmed=X
Filename=explore.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[explore manager]
Number=2890
Confirmed=X
Filename=explore.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DONBOMB.A&VSect=P" target=_blank>DONBOMB.A</a> TROJAN!
Source=Paul Collins Startup list

[explore.exe]
Number=2891
Confirmed=X
Filename=Explore.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091414-5731-99" target="_blank">GRAYBIRD.G</a> TROJAN!
Source=Paul Collins Startup list

[exploreff.exe]
Number=2892
Confirmed=X
Filename=exploreff.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-102516-5127-99" target=_blank>FINFANSE</a> TROJAN!
Source=Paul Collins Startup list

[explorer]
Number=2893
Confirmed=U
Filename=explorer.exe
Description=Starts Windows Explorer. Unless this has been manually added to startups or added by another program it could be a virus such as <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_BISTRO" target="_blank">PE_BISTRO</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-031016-5849-99" target="_blank">DVLDR</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-012816-3647-99" target="_blank">MYDOOM.C</a>. Note that it is also not the explorer.exe task/service you'll see when via CTRL+ALT+DEL
Source=Paul Collins Startup list

[explorer]
Number=2894
Confirmed=X
Filename=wscript.exe [filename]
Description=Sneaky way to start any VBS script. Many viruses use VBS files
Source=Paul Collins Startup list

[Explorer]
Number=2895
Confirmed=X
Filename=shellexpl.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082915-1318-99" target="_blank">SHELDOR</a> TROJAN!
Source=Paul Collins Startup list

[explorer]
Number=2896
Confirmed=X
Filename=expl32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-050220-1346-99" target="_blank">RATSOU</a> TROJAN!
Source=Paul Collins Startup list

[Explorer]
Number=2897
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111308-1926-99" target="_blank">AUTEX</a> WORM!
Source=Paul Collins Startup list

[Explorer]
Number=2898
Confirmed=X
Filename=shellexp.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082915-1318-99" target=_blank>SHELDOR</a> TROJAN!

Source=Paul Collins Startup list

[EXPLORER]
Number=2899
Confirmed=X
Filename=EXPL0RER.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbeastdoy.html" target=_blank>BEASTDO-Y</a> TROJAN! Note the "0" in the filename rather than upper case "o"
Source=Paul Collins Startup list

[EXPLORER]
Number=2900
Confirmed=X
Filename=sys.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsillyfdca.html" target=_blank>SILLYFDC-A</a> TROJAN!
Source=Paul Collins Startup list

[Explorer]
Number=2901
Confirmed=X
Filename=config_.com
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32floppyd.html" target=_blank>FLOPPY-D</a> WORM!
Source=Paul Collins Startup list

[Explorer]
Number=2902
Confirmed=X
Filename=drv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallfd.html" target=_blank>SMALL-FD</a> TROJAN!
Source=Paul Collins Startup list

[explorer]
Number=2903
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagenteu.html" target=_blank>AGENT-EU</a> TROJAN!
Source=Paul Collins Startup list

[explorer]
Number=2904
Confirmed=X
Filename=explorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkeylogak.html" target=_blank>KEYLOG-AK</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in a "service" subfolder of the System folder
Source=Paul Collins Startup list

[EXPLORER]
Number=2905
Confirmed=X
Filename=EXPLORER.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojnethiefp.html" target=_blank>NETHIEF-P</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in a "SHELLEXT" subfolder of the System folder
Source=Paul Collins Startup list

[explorer]
Number=2906
Confirmed=X
Filename=explorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojblockeya.html" target=_blank>BLOCKEY-A</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in a "config" subfolder of the System folder
Source=Paul Collins Startup list

[explorer]
Number=2907
Confirmed=X
Filename=Yinstall.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[Explorer]
Number=2908
Confirmed=X
Filename=Windows Explorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sillyfdci.html" target="_blank">SILLYFDC-I</a> WORM!
Source=Paul Collins Startup list

[Explorer Loader]
Number=2909
Confirmed=X
Filename=explr32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.N" target= blank>AGOBOT.N</a> WORM!
Source=Paul Collins Startup list

[Explorer Loader]
Number=2910
Confirmed=X
Filename=explorerl.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotadi.html" target=_blank>SDBOT-ADI</a> WORM!
Source=Paul Collins Startup list

[Explorer lptt01]
Number=2911
Confirmed=X
Filename=explorer.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "explorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>.Note - this is not the legitimate Windows Explorer (explorer.exe) which would not normally appear in Msconfig/Startup unless you added it manually!
Source=Paul Collins Startup list

[EXPLORER MICROSOFT SYSTEM]
Number=2912
Confirmed=X
Filename=explore.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Explorer ml097e]
Number=2913
Confirmed=X
Filename=explorer.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "explorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>.Note - this is not the legitimate Windows Explorer (explorer.exe) which would not normally appear in Msconfig/Startup unless you added it manually!
Source=Paul Collins Startup list

[Explorer soft]
Number=2914
Confirmed=X
Filename=explorer.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotapk.html" target=_blank>RBOT-APK</a> WORM!
Source=Paul Collins Startup list

[Explorer soft]
Number=2915
Confirmed=X
Filename=explorer.com
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotarm.html" target=_blank>RBOT-ARM</a> WORM!
Source=Paul Collins Startup list

[Explorer Updater]
Number=2916
Confirmed=X
Filename=IEXPLORE.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwo.html" target=_blank>SDBOT-WO</a> WORM! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[explorer.exe]
Number=2917
Confirmed=X
Filename=explorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentew.html" target="_blank">AGENT-EW</a> or <a href="http://www.sophos.com/virusinfo/analyses/trojpwscy.html" target="_blank">PWS-CY</a> TROJANS! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[explorer.exe]
Number=2918
Confirmed=X
Filename=explorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfacl.html" target="_blank">DELF-ACL</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the Program Files folder
Source=Paul Collins Startup list

[Explorer32]
Number=2919
Confirmed=X
Filename=Expl32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_HACKTACK.B" target="_blank">HACKTACK.B</a> TROJAN!
Source=Paul Collins Startup list

[Explorer32]
Number=2920
Confirmed=X
Filename=explorer6s4.exe
Description=Added by the Downloader.Win32.Small.biq TROJAN!
Source=Paul Collins Startup list

[Explorer32]
Number=2921
Confirmed=X
Filename=efsdfgxg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojclickery.html" target=_blank>CLICKER-Y</a> TROJAN!
Source=Paul Collins Startup list

[ExploreUpdSched]
Number=2922
Confirmed=X
Filename=[random filename].exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094810" target="_blank">ZenoSearch</a> adware
Source=Paul Collins Startup list

[exporet]
Number=2923
Confirmed=X
Filename=winset.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassi.html" target=_blank>QQPASS-I</a> TROJAN!
Source=Paul Collins Startup list

[Express ClickYes]
Number=2924
Confirmed=U
Filename=ClickYes.exe
Description="<a href="http://www.contextmagic.com/" target="_blank">Express ClickYes</a> is a handy tool that runs in the system tray automatically clicks the Yes button for the Outlook Security security prompt, that asks you to confirm mail sending from third party applications"
Source=Paul Collins Startup list

[Exshow95]
Number=2925
Confirmed=U
Filename=EXSHOW95.exe
Description=Support software for some of the Kensington mice. Provides access to extra features like those available with enhanced Logitech and MS devices
Source=Paul Collins Startup list

[External Dependencies]
Number=2926
Confirmed=X
Filename=External.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061101-2338-99" target=_blank>MYTOB.EC</a> WORM!
Source=Paul Collins Startup list

[ExtraDNS]
Number=2927
Confirmed=U
Filename=ExtraDNS.exe
Description=<a href="http://www.extratools.com/" target="_blank">ExtraDNS</a> - DNS configuration tool
Source=Paul Collins Startup list

[Extranet AutoDial]
Number=2928
Confirmed=?
Filename=AutoExt.exe
Description=Nortel Networks Contivity Extranet Switching Software
Source=Paul Collins Startup list

[ExxtremeHelperDemon]
Number=2929
Confirmed=?
Filename=exxdemon.exe
Description=<font color="#FF0000">Creative Exxtreme graphics card related?</font>
Source=Paul Collins Startup list

[Eye Tide Launcher]
Number=2930
Confirmed=N
Filename=oneeyetideone.exe
Description=Nascar wallpaper
Source=Paul Collins Startup list

[EZ Firewall]
Number=2931
Confirmed=Y
Filename=ca.exe
Description=eTrust <a href="http://www3.ca.com/Solutions/Product.asp?ID=3243" target=_blank>EZ Armor</a> Internet Security
Source=Paul Collins Startup list

[ezagent]
Number=2932
Confirmed=N
Filename=ezagent.exe
Description=<a href="http://www.asus.com/products/vga/tvfm/overview.htm" target="_blank">EzVCR</a> recording software for the ASUS TV FM card. Available via Start -> Programs
Source=Paul Collins Startup list

[EzButton]
Number=2933
Confirmed=N
Filename=EzButton.EXE
Description=EZbutton is a quick launcher for the Media player app that comes with certain laptops
Source=Paul Collins Startup list

[EZDesk]
Number=2934
Confirmed=N
Filename=EZDESK.EXE
Description=Utility that remembers icon locations for each user and resolution. Available <a href="http://www.ezwaretech.com/" target="_blank">here</a>
Source=Paul Collins Startup list

[EzEjMnAp]
Number=2935
Confirmed=N
Filename=EzEjMnAp.exe
Description=For IBM Thinkpad Notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually". Available via Start -> Programs
Source=Paul Collins Startup list

[eZmmod]
Number=2936
Confirmed=X
Filename=mmod.exe
Description=eZula <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=eZula.TopText&threatid=5117" target="_blank">TopText</a> adware
Source=Paul Collins Startup list

[EZNORUN]
Number=2937
Confirmed=?
Filename=EZNORUN.EXE
Description=<font color="#FF0000">Easy Internet related?</font>
Source=Paul Collins Startup list

[EzPrint]
Number=2938
Confirmed=N
Filename=ezprint.exe
Description=Configuration options for Lexmark printing devices

Source=Paul Collins Startup list

[ezPS_Px]
Number=2939
Confirmed=Y
Filename=ezSP_PxEngine.exe
Description=Engine that allows PrimoDVD from Veritas (was Prassi) and <a href="http://www.easy.co.jp/dd2e/sony/cd/" target="_blank">Drag'n Drop CD</a> from Easy Systems (and maybe others) to record and protects against other software overwriting the settings
Source=Paul Collins Startup list

[ezPS_Px]
Number=2940
Confirmed=Y
Filename=ezSP_Px.exe
Description=Engine that allows PrimoDVD from Veritas (was Prassi) and <a href="http://www.easy.co.jp/dd2e/sony/cd/" target="_blank">Drag'n Drop CD</a> from Easy Systems (and maybe others) to record and protects against other software overwriting the settings
Source=Paul Collins Startup list

[ezShieldProtector for Px]
Number=2941
Confirmed=Y
Filename=ezSP_Px.exe
Description=Engine that allows PrimoDVD from Veritas (was Prassi) and <a href="http://www.easy.co.jp/dd2e/sony/cd/" target="_blank">Drag'n Drop CD</a> from Easy Systems (and maybe others) to record and protects against other software overwriting the settings
Source=Paul Collins Startup list

[ezShieldProtector for Px]
Number=2942
Confirmed=Y
Filename=ezSP_PxEngine.exe
Description=Engine that allows PrimoDVD from Veritas (was Prassi) and <a href="http://www.easy.co.jp/dd2e/sony/cd/" target="_blank">Drag'n Drop CD</a> from Easy Systems (and maybe others) to record and protects against other software overwriting the settings
Source=Paul Collins Startup list

[EZSMART App]
Number=2943
Confirmed=U
Filename=ezsmart.exe
Description=EZ-S.M.A.R.T. hard drive monitoring software from StorageSoft - appears to be no longer supported
Source=Paul Collins Startup list

[ezula]
Number=2944
Confirmed=X
Filename=eZmmod.exe
Description=eZula <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=eZula.TopText&threatid=5117" target="_blank">TopText</a> adware
Source=Paul Collins Startup list

[eZulaMain]
Number=2945
Confirmed=X
Filename=eZulaMain.exe
Description=eZula <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=eZula.TopText&threatid=5117" target="_blank">TopText</a> adware
Source=Paul Collins Startup list

[eZuluMain]
Number=2946
Confirmed=X
Filename=eZuluMain.exe
Description=Comes with &quot;KaZaA&quot; installation. Advertising Spyware. Not required but KaZaA won't work
Source=Paul Collins Startup list

[eZWO]
Number=2947
Confirmed=X
Filename=wo.exe
Description=eZula <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=eZula.TopText&threatid=5117" target="_blank">TopText</a> adware
Source=Paul Collins Startup list

[E_S10IC2]
Number=2948
Confirmed=U
Filename=E_S10IC2.exe
Description=Epson Stylus C44 Series printer monitor - for checking ink levels, etc
Source=Paul Collins Startup list

[E_S23]
Number=2949
Confirmed=U
Filename=E_SICN03.exe
Description=Epson printer status monitor - for checking ink levels, etc.
Source=Paul Collins Startup list

[E_S4I2F1]
Number=2950
Confirmed=U
Filename=E_S4I2F1.exe
Description=Epson Status Monitor 3 for the Epson Stylus Photo R300 (and probably others) printers - monitors the status of ink levels, a print job spooled to that printer, etc
Source=Paul Collins Startup list

[E_S4I2G1]
Number=2951
Confirmed=N
Filename=E_S4I2G1.EXE
Description=Epson Status Monitor 3 for the Epson Stylus CX5400 printer/scanner/copier (and probably others) - monitors the status of ink levels, a print job spooled to that printer, etc
Source=Paul Collins Startup list

[E_SOEIC1]
Number=2952
Confirmed=U
Filename=E_SOEIC1.exe
Description=Epson Stylus printer monitor - for checking ink levels, etc.
Source=Paul Collins Startup list

[F-Secure 2005]
Number=2953
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifrosech.html" target=_blank>BIFROSE-CH</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[F-Secure 2006]
Number=2954
Confirmed=Y
Filename=fspex.exe
Description=<a href="http://www.f-secure.com/" target="_blank">F-Secure</a> Anti-Virus automatic updater
Source=Paul Collins Startup list

[F-Secure Management Agent]
Number=2955
Confirmed=U
Filename=FSMA32.EXE
Description=<a href="http://www.f-secure.com/" target="_blank">F-Secure</a> antivirus - F-Secure Policy Manager provides tools for administering F-Secure software products
Source=Paul Collins Startup list

[F-Secure Manager]
Number=2956
Confirmed=Y
Filename=FSM32.EXE
Description=<a href="http://www.f-secure.com/" target="_blank">F-Secure</a> antivirus - carry out scheduled virus scans automatically
Source=Paul Collins Startup list

[F-Secure Startup Wizard]
Number=2957
Confirmed=Y
Filename=FSSW.EXE
Description=<a href="http://www.f-secure.com/" target="_blank">F-Secure</a> antivirus
Source=Paul Collins Startup list

[F-Secure TNB]
Number=2958
Confirmed=Y
Filename=TNBUtil.exe
Description=<a href="http://www.f-secure.com/" target="_blank">F-Secure</a> antivirus
Source=Paul Collins Startup list

[F-StopW]
Number=2959
Confirmed=Y
Filename=F-StopW.exe
Description=<a href="http://www.f-prot.com">F-Prot</a> anti-virus background scanner by F-Risk Software
Source=Paul Collins Startup list

[f1Tray.exe]
Number=2960
Confirmed=U
Filename=F1TRAY.EXE
Description=System Tray icon for FusionOne's <a href="http://www.mightyphone.com/index.php" target="_blank">MightyPhone</a> software. "MightyPhone is a concept for wirelessly synchronizing the data on your mobile phone with your web-based or PC based organizer"
Source=Paul Collins Startup list

[f607]
Number=2961
Confirmed=X
Filename=f607.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082712-0129-99" target="_blank">URAT.B</a> TROJAN!
Source=Paul Collins Startup list

[f73cdc8ee94e]
Number=2962
Confirmed=X
Filename=btsendto.exe
Description=Associated with mysearchnow.com/searchbar.html 
Source=Paul Collins Startup list

[FamilyKeyLogger]
Number=2963
Confirmed=U
Filename=cisvc.exe
Description=<a href="http://www.spyarsenal.com/familykeylogger/" target=_blank>Family Keylogger</a> is a program that lets you record to a special file and then view all the keystrokes typed by everyone using your computer. Keystroke logger/monitoring program - remove unless you installed it yourself!

Source=Paul Collins Startup list

[Fantasia injector]
Number=2964
Confirmed=X
Filename=wincfg.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.US&VSect=P" target=_blank>AGOBOT.US</a> WORM!
Source=Paul Collins Startup list

[fapmon]
Number=2965
Confirmed=?
Filename=fapmon.exe
Description=<a href="http://www.copperhead.cc/fap.html" target="_blank">Fair Access Policy</a> monitor for DirecPC/DirecWay internet access
Source=Paul Collins Startup list

[farmmext]
Number=2966
Confirmed=X
Filename=farmmext.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=VX2.Transponder&threatid=12517" target=_blank>VX2.Transponder</a> parasite updater/installer related
Source=Paul Collins Startup list

[Fash]
Number=2967
Confirmed=X
Filename=Fash.exe
Description=Unidentified adware
Source=Paul Collins Startup list

[fast]
Number=2968
Confirmed=N
Filename=fast.exe
Description=Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user &amp; one by the system). Optional install in PowerToys
Source=Paul Collins Startup list

[FAST Defrag]
Number=2969
Confirmed=N
Filename=FAST2.EXE
Description=<a href="http://www.amsn.ro/" target="_blank">FastDefrag</a> defragmenting software
Source=Paul Collins Startup list

[Fast Home]
Number=2970
Confirmed=X
Filename=svcnvt.exe
Description=Recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan-Downloader.Win32.Delf.ks This file may be found in the System folder on 9x machines, however as of this writing it has only been seen in the System32 folder
Source=Paul Collins Startup list

[Fast Search]
Number=2971
Confirmed=X
Filename=svcnv.exe
Description=Homepage, Startpage hijacker. Possible variant of Trojan-Downloader.Win32.Delf
Source=Paul Collins Startup list

[Fast start]
Number=2972
Confirmed=X
Filename=Ntut.exe
Description=Adware - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan.Win32.Favadd.I
Source=Paul Collins Startup list

[Fast start]
Number=2973
Confirmed=X
Filename=svcnt.exe
Description=Adware - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as a variant of the FAVADD TROJAN!
Source=Paul Collins Startup list

[FastCache]
Number=2974
Confirmed=U
Filename=fc.exe
Description=<a href="http://www.analogx.com/contents/download/network/fc.htm" target="_blank">FastCache</a> from AnalogX - speeds up browsing by resolving DNS requests locally
Source=Paul Collins Startup list

[FastStart]
Number=2975
Confirmed=X
Filename=ntnut32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031511-4645-99" target=_blank>STARTPAGE.L</a> TROJAN!
Source=Paul Collins Startup list

[FastStart]
Number=2976
Confirmed=X
Filename=svcnut.exe
Description=Browser hijacker - a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031511-4645-99" target=_blank>STARTPAGE.L</a> TROJAN!
Source=Paul Collins Startup list

[FastStart]
Number=2977
Confirmed=X
Filename=svcnut32.exe
Description=Browser hijacker - a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031511-4645-99" target=_blank>STARTPAGE.L</a> TROJAN!
Source=Paul Collins Startup list

[FastTrack Accelerator]
Number=2978
Confirmed=N
Filename=SPEED UP.EXE
Description=<a href="http://www.speedup.tk/" target="_blank">FastTrack Accelerator</a> - "speedup" utility for programs that use the FastTrack network such as KaZaA Media Desktop, Grokster and Morpheus
Source=Paul Collins Startup list

[FASTTRACKNETVISION]
Number=2979
Confirmed=X
Filename=NETVISION.exe
Description=<a href="http://www.sophos.com/virusinfo/analyses/dialdialcarz.html" target="_blank">DialCar-Z</a> premium rate dialer
Source=Paul Collins Startup list

[FastUser]
Number=2980
Confirmed=N
Filename=fast.exe
Description=Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys
Source=Paul Collins Startup list

[FastUsr]
Number=2981
Confirmed=N
Filename=fast.exe
Description=Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user &amp; one by the system). Optional install in PowerToys
Source=Paul Collins Startup list

[FatPipe]
Number=2982
Confirmed=U
Filename=DHCP
Description=Software enabling high speed internet browsing (2-4 times faster) and internet connection sharing for up to 5 users
Source=Paul Collins Startup list

[Fatpipe Dialer]
Number=2983
Confirmed=U
Filename=fpdialer.exe
Description=Dailler for Fatpipe - software enabling high speed internet browsing (2-4 times faster) and internet connection sharing for up to 5 users
Source=Paul Collins Startup list

[fatrecov]
Number=2984
Confirmed=U
Filename=fatrecov.exe
Description=SCKeyLog.j keystroke logger/monitoring program - remove unless you installed it yourself!

Source=Paul Collins Startup list

[FaxCenterServer]
Number=2985
Confirmed=U
Filename=fm3032.exe
Description=<a href="http://www.data-tech.com/content/fax.aspx" target=_blank>FaxMan</a> integrates complete fax send and receive support into Windows applications without requiring additional fax software. Incorporated into software by Lexmark, MCI, Lotus, My Software, Broderbund, Traffic Software and many others
Source=Paul Collins Startup list

[FaxCtrl.exe]
Number=2986
Confirmed=U
Filename=ASMediaProxyServer.exe
Description=Part of Avaya's <a href="http://www.avaya.com/gcm/master-usa/en-us/products/offers/contactcenterexpress.htm" target="_blank">Contact Center Express</a> - "a multi-channel, high-volume software solution from Avaya designed specifically for the intelligent routing and computer telephony integration (CTI) needs of medium-sized contact centers"
Source=Paul Collins Startup list

[FaxTalk CallControl 6.0]
Number=2987
Confirmed=N
Filename=FTClCtrl.EXE
Description=This allows the software to handle incoming and outgoing communications without requiring the FaxTalk Communicator application to be loaded into memory. Can be started manually
Source=Paul Collins Startup list

[FBDirect]
Number=2988
Confirmed=U
Filename=FBDirect.exe
Description=Software that monitors the status of a Visioneer OneTouch scanner button and allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop!. The **** represents the model, 5300, 7600, etc. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[FBI]
Number=2989
Confirmed=?
Filename=FBISM.exe
Description=<font color="#FF0000">Compaq related but what does it do?</font>
Source=Paul Collins Startup list

[fc]
Number=2990
Confirmed=X
Filename=runfc.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-010216-2213-99" target="_blank">CAMPURF</a> WORM!
Source=Paul Collins Startup list

[FCEngine]
Number=2991
Confirmed=X
Filename=FCEngine.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ConsumerAlertSystem.CASClient&threatid=40038" target="_blank">CASClient</a> adware
Source=Paul Collins Startup list

[FCHelp]
Number=2992
Confirmed=X
Filename=FCHelp.exe
Description=Added by either <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-011109-4115-99" target=_blank>FCHelp</a> adware or a variant of it
Source=Paul Collins Startup list

[FCMan]
Number=2993
Confirmed=X
Filename=FCMan.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-011109-4115-99" target="_blank">FCHelp</a> adware
Source=Paul Collins Startup list

[FDD SYSTEM]
Number=2994
Confirmed=X
Filename=Fdd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobfo.html" target=_blank>MYTOB-FO</a> WORM!
Source=Paul Collins Startup list

[Fdr Command Module]
Number=2995
Confirmed=X
Filename=sp2.exe
Description=Added by the <a href="http://www.virus-buster.com/en/viruslab/descriptions/sdbot.wp?VBSESSION=aa76c5b7d679e7a1eb5abe8b697fb08e" target=_blank>SDBOT.WP</a> WORM!
Source=Paul Collins Startup list

[FDriver]
Number=2996
Confirmed=X
Filename=windrv.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DELF.WG" target="_blank">DELF.WG</a> TROJAN!
Source=Paul Collins Startup list

[FD_SAP]
Number=2997
Confirmed=U
Filename=FD.exe
Description=Reported to be the autopassword program from the Sony Microvault thumb drive
Source=Paul Collins Startup list

[feelalright]
Number=2998
Confirmed=X
Filename=mirc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ircfloodm.html" target=_blank>IRCFLOOD-M</a> WORM!
Source=Paul Collins Startup list

[FEELitDeviceManager]
Number=2999
Confirmed=U
Filename=feelitdm.exe
Description=Associated with Immersion TouchSense devices (Logitech Wingman Force Feedback Mouse and possibly other peripherals)
Source=Paul Collins Startup list

[fegoze]
Number=3000
Confirmed=X
Filename=SVCH0ST.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-062811-4412-99" target=_blank>GRAYBIRD.D</a> VIRUS! Note - the filename has the digit 0 rather then the uppercase "o"
Source=Paul Collins Startup list

[Fellowes Proxy]
Number=3001
Confirmed=U
Filename=R3proxy.exe
Description=Installed with Fellowes EasyPoint mouse software. Not necessary for normal functioning of Fellowes mice but it is necessary to use the extended features of all Fellowes mice
Source=Paul Collins Startup list

[Fen Startups]
Number=3002
Confirmed=X
Filename=fensvc32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-122117-1029-99" target=_blank>RANDEX.CCF</a> WORM!
Source=Paul Collins Startup list

[FerrariWallPaper]
Number=3003
Confirmed=U
Filename=FerrariWP.exe
Description=Calendar that replaces the default desktop background image. It comes with every Acer Ferrari 3000 laptop. Also downloadable for members of www.ferrari.com
Source=Paul Collins Startup list

[ffis]
Number=3004
Confirmed=X
Filename=ffisearch.exe
Description=<a href="http://vil.nai.com/vil/content/v_133320.htm" target="_blank">iSearch</a> "Desktop Search" hijacker
Source=Paul Collins Startup list

[FG1_00]
Number=3005
Confirmed=U
Filename=frntgate.exe
Description=<a href="http://www.presorium.com/en_au/products/fg/index.shtml" target="_blank">FrontGate MX</a> - e-mail spam blocker
Source=Paul Collins Startup list

[fGQEGqHOME]
Number=3006
Confirmed=X
Filename=gwwgtp.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102813-3829-99" target=_blank>RANKY.J</a> TROJAN!
Source=Paul Collins Startup list

[FHPage]
Number=3007
Confirmed=X
Filename=shdochp.exe
Description=Added by the <a href="http://www.pctools.com/mrc/infections/id/Trojan.Downloader.Delf.KS/" target=_blank>DELF-Ks</a> TROJAN!
Source=Paul Collins Startup list

[FHStart]
Number=3008
Confirmed=X
Filename=shdocsvc.exe
Description=Added by the <a href="http://www.pctools.com/mrc/infections/id/Trojan.Downloader.Delf.KS/" target=_blank>DELF-Ks</a> TROJAN!
Source=Paul Collins Startup list

[Fhtisxk]
Number=3009
Confirmed=U
Filename=fhtisxk.exe
Description=XtraKeys keystroke logger/monitoring program - remove unless you installed it yourself!

Source=Paul Collins Startup list

[FieldForms Sync]
Number=3010
Confirmed=U
Filename=SyncService.exe
Description=Resco <a href="http://www.resco.net/pocketpc/fieldforms/default.asp" target="_blank">FieldForms</a>. A solution for building of mobile forms that can be viewed or filled in on the run, on a wide range of mobile devices. Supports Microsoft Access databases, and provides for synchronization of other data as well
Source=Paul Collins Startup list

[FiendlyType]
Number=3011
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091409-4900-99" target="_blank">WEBUS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[FILE]
Number=3012
Confirmed=X
Filename=abcdefg.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061416-3817-99" target=_blank>KELVIR.DD</a> WORM!
Source=Paul Collins Startup list

[file indexing service]
Number=3013
Confirmed=?
Filename=msfindfile.exe
Description=<font color="#FF0000">New version of MS FindFast and still a resource hog?</font>
Source=Paul Collins Startup list

[file laoder configuration]
Number=3014
Confirmed=X
Filename=rnd32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BQJ&VSect=T" target=_blank>RBOT.BQJ</a> WORM!
Source=Paul Collins Startup list

[File System]
Number=3015
Confirmed=X
Filename=taskmqrs.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=41911" target=_blank>TOXBOT/CODBOT</a> WORM!
Source=Paul Collins Startup list

[File System]
Number=3016
Confirmed=X
Filename=taskmqr.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BWQ" target="_blank">RBOT.BWQ</a> WORM!
Source=Paul Collins Startup list

[File System Service]
Number=3017
Confirmed=X
Filename=wmiprvsc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagobothz.html" target="_blank">AGOBOT-HZ</a> TROJAN!
Source=Paul Collins Startup list

[File0_0]
Number=3018
Confirmed=X
Filename=MD1.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderor.html" target=_blank>DLOADER-OR</a> TROJAN!
Source=Paul Collins Startup list

[File1]
Number=3019
Confirmed=X
Filename=Dia Claro.htm
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderor.html" target=_blank>DLOADER-OR</a> TROJAN!
Source=Paul Collins Startup list

[FileFreedom_Plugin]
Number=3020
Confirmed=X
Filename=wtm.exe
Description=<a href="http://www.filefreedom.com/" target="_blank">FileFreedom</a> peer-to-peer sharing program
Source=Paul Collins Startup list

[FileManager32]
Number=3021
Confirmed=X
Filename=Wscript.exe ..ChkMgr32.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101510-3740-99" target="_blank">NOTUP.A</a> WORM!
Source=Paul Collins Startup list

[FileSoft]
Number=3022
Confirmed=X
Filename=Wscript.exe UpdataFiles.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-033112-4827-99" target="_blank">SST.B</a> WORM!
Source=Paul Collins Startup list

[FilmLoop]
Number=3023
Confirmed=U
Filename=FilmLoopService.exe
Description=Related to <a href="http://www.filmloop.com/" target=_blank>FilmLoop</a> - a photocasting network. Share your pictures with your family and friends
Source=Paul Collins Startup list

[FilterGate]
Number=3024
Confirmed=U
Filename=filtergate.exe
Description=<a href="http://www.filtergate.com/" target="_blank">Filtergate</a> internet filtering software - filters sounds, popup ads, background sound and other unnecessary website items
Source=Paul Collins Startup list

[Filterguard]
Number=3025
Confirmed=U
Filename=Filtrgrd.exe
Description=An icon located in the lower left of the screen and looks like a lifesaver. This icon is a "short-cut" to access the basic features of SOS-Guardian, SOS-KidProof Lite, SOS Best Defense and SOS Pro such as Internet filtering utility. You can access this menu by "right-clicking" on the icon
Source=Paul Collins Startup list

[Find]
Number=3026
Confirmed=X
Filename=find.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051810-1834-99" target=_blank>OPANKI</a> WORM!
Source=Paul Collins Startup list

[Find Fast]
Number=3027
Confirmed=X
Filename=Findfast.exe
Description=Complete utter waste of space! Part of MS Office - searches disk drives for Office file types to make opening them easier
Source=Paul Collins Startup list

[Find Virus Launch Program]
Number=3028
Confirmed=Y
Filename=fvlaunch.exe
Description=Part of <a target="_blank" href="http://www.drsolomon.com/">Dr. Solomon's Antivirus</a>
Source=Paul Collins Startup list

[FindHack]
Number=3029
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kelvirba.html" target=_blank>KELVIR-BA</a> TROJAN!
Source=Paul Collins Startup list

[FinePrint Dispatcher v4]
Number=3030
Confirmed=U
Filename=fpdisp4a.exe
Description=<a href="http://www.fineprint.com/products/fineprint/index.html" target="_blank">FinePrint</a> Dispatcher - handles the spooling of print jobs to the FinePrint printer. Version 4.x of the software. "FinePrint saves ink, paper, time and money by controlling and enhancing printed output"
Source=Paul Collins Startup list

[FinePrint Dispatcher v4]
Number=3031
Confirmed=U
Filename=fpdisp4.exe
Description=<a href="http://www.fineprint.com/products/fineprint/index.html" target="_blank">FinePrint</a> Dispatcher - handles the spooling of print jobs to the FinePrint printer. Version 4.x of the software. "FinePrint saves ink, paper, time and money by controlling and enhancing printed output"
Source=Paul Collins Startup list

[FinePrint Dispatcher v5]
Number=3032
Confirmed=U
Filename=fpdisp5a.exe
Description=<a href="http://www.fineprint.com/products/fineprint/index.html" target="_blank">FinePrint</a> Dispatcher - handles the spooling of print jobs to the FinePrint printer. Version 5.x of the software. "FinePrint saves ink, paper, time and money by controlling and enhancing printed output"
Source=Paul Collins Startup list

[FineReader7NewsReaderPro]
Number=3033
Confirmed=N
Filename=AbbyyNewsReader.exe
Description=ABBYY <a href="http://www.abbyy.com/finereader8/?param=44890" target="_blank">FineReader</a> OCR software - version 7
Source=Paul Collins Startup list

[Fire Wall services]
Number=3034
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ircbotqy.html" target="_blank">IRCBOT-QY</a> WORM!
Source=Paul Collins Startup list

[FireFox]
Number=3035
Confirmed=X
Filename=firefox.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotatp.html" target=_blank>RBOT-ATP</a> WORM! Note - this is not the popular <a href="http://www.mozilla.com/firefox/" target=_blank>FireFox</a> web browser and is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[FireFox Service Drivers]
Number=3036
Confirmed=X
Filename=ssmss.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[FireFox Startup Drivers]
Number=3037
Confirmed=X
Filename=wuaclt.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BYX&VSect=T" target=_blank>RBOT.BYX</a> WORM!
Source=Paul Collins Startup list

[firefox.exe]
Number=3038
Confirmed=X
Filename=firefox.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerebo.html" target="_blank">BANKER-EBO</a> TROJAN! Note - this is not the popular <a href="http://www.mozilla.com/firefox/" target="_blank">FireFox</a> web browser and is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[Firewall]
Number=3039
Confirmed=X
Filename= wmlaunch .exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022718-0647-99" target= blank>ELIPTER.A</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031010-2242-99" target= blank>ELIPTER.B</a> WORMS!
Source=Paul Collins Startup list

[Firewall]
Number=3040
Confirmed=X
Filename=wmlaunch .exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031416-4252-99" target=_blank>ELIPTER.D</a> WORM!
Source=Paul Collins Startup list

[Firewall]
Number=3041
Confirmed=X
Filename=SP2 UPDATE.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-032516-4935-99" target=_blank>ELITPER.E</a> WORM!
Source=Paul Collins Startup list

[Firewall]
Number=3042
Confirmed=X
Filename=Firewall.bat
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061716-0240-99" target=_blank>YPSAN.G</a> WORM!
Source=Paul Collins Startup list

[firewall]
Number=3043
Confirmed=X
Filename=fw_304.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorjq.html" target=_blank>JQ</a> TROJAN!
Source=Paul Collins Startup list

[Firewall auto setup]
Number=3044
Confirmed=X
Filename=winlogon.exe
Description=Added by a TROJAN - see <a href="http://sandbox.norman.no/live_2.html?logfile=1368956" target="_blank">here</a>. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[Firewall Policy]
Number=3045
Confirmed=X
Filename=MidiDef32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpiebota.html" target=_blank>PIEBOT-A</a> TROJAN!
Source=Paul Collins Startup list

[Firewall Sp2 system]
Number=3046
Confirmed=X
Filename=sys32Conf.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabt.html" target= blank>Rbot-ABT</a> WORM!
Source=Paul Collins Startup list

[Firewall Update System1]
Number=3047
Confirmed=X
Filename=WinedowsUpdater1.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaru.html" target=_blank>RBOT-ARU</a> WORM!
Source=Paul Collins Startup list

[Firewall Updater]
Number=3048
Confirmed=X
Filename=msnupdateit.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaaq.html" target=_blank>RBOT-AAQ</a> WORM!
Source=Paul Collins Startup list

[Firewall.exe]
Number=3049
Confirmed=X
Filename=Firewall.exe
Description=Added by the AGENT.AGL WORM!
Source=Paul Collins Startup list

[FirewallActivies]
Number=3050
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankeraq.html" target=_blank>BANKER-AQ</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "3041" subfolder
Source=Paul Collins Startup list

[FirewallStartup]
Number=3051
Confirmed=U
Filename=Firewallstartup.exe
Description=<a href="http://www.innovative-sol.com/products.htm#firewall" target=_blank>Innovative Startup Firewall</a> - "designed to protect your computer from programs that install themselves in the StartUp area of your Windows without asking for your approval. Innovative StartUp Firewall will help you keep your computer clean, fast and in it's best shape"
Source=Paul Collins Startup list

[FirewallSvr]
Number=3052
Confirmed=X
Filename=FirewallSvr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042010-3056-99" target="_blank">NETSKY.X</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042011-2621-99" target="_blank">NETSKY.Y</a> WORMS!
Source=Paul Collins Startup list

[firewall_anti]
Number=3053
Confirmed=X
Filename=firewall_anti.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojnetdenyb.html" target=_blank>NETDENY-B</a> TROJAN!
Source=Paul Collins Startup list

[FireWire Driver]
Number=3054
Confirmed=X
Filename=samx.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102512-0820-99" target=_blank>SDBOT.AE</a> WORM!
Source=Paul Collins Startup list

[FireWire Service]
Number=3055
Confirmed=X
Filename=nvscv32.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[FireWire Services]
Number=3056
Confirmed=X
Filename=nvcsv32.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[First Home Page]
Number=3057
Confirmed=X
Filename=http://find.naupoint.com
Description=<a href="http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx" target=_blank>Naupoint</a> browser hijacker
Source=Paul Collins Startup list

[FIX]
Number=3058
Confirmed=X
Filename=WinFIX1.0.vbs
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/vbsgormleza.html" target=_blank>GORMLEZ-A</a> WORM!
Source=Paul Collins Startup list

[Fix-it]
Number=3059
Confirmed=Y
Filename=mxtask.exe
Description=Part of Ontrack's Fix-it Utilities Suite. Loads a System Tray icon that lets you access the full program. Needed if you run the crash guard, intellicluster, anti-virus, or autoupdater. Otherwise not required
Source=Paul Collins Startup list

[Fix-it AV]
Number=3060
Confirmed=Y
Filename=memcheck.exe
Description=Part of Ontrack's Fix-it Utilities Suite anti-virus. Performs a quick check of memory for signs of any virus. Exits afterward and returns all resources used in one user's experience. Not required but could be left without a drain on resources
Source=Paul Collins Startup list

[FjMenu]
Number=3061
Confirmed=U
Filename=FjMenu.exe
Description=From the "Fujitsu Menu" tray icon you have instant access to the Control Panel, Tablet pc keyboard, Tablet and pen settings, Fujitsu display controls, brightness control, sounds and audio devices, capture screen, capture window, organize favorites, power options, printers and faxes, LCD brightness MIN, LCD brightness MAX, Enable/disable Button Panel and the Fujitsu menu settings, which are customizable
Source=Paul Collins Startup list

[FJTWAIN Setup]
Number=3062
Confirmed=U
Filename=FjtwSetup.exe
Description=Fujitsu scanner utility
Source=Paul Collins Startup list

[FKS v2.0]
Number=3063
Confirmed=X
Filename=msngr.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[fkSysMon]
Number=3064
Confirmed=N
Filename=fksysmon.exe
Description=<a href="http://www.fkware.com/sysmon/index.html" target="_blank">fkWrae SysMon</a> - system monitor - "displays the current memory consumption, CPU and resource usage, date, time, Windows uptime, IP address and a lot more"
Source=Paul Collins Startup list

[FlaCPY]
Number=3065
Confirmed=X
Filename=flacpy.exe
Description=<a href="http://sarc.com/avcenter/venc/data/adware.flashenhancer.html" target=_blank>FlashEnhancer</a> adware variant
Source=Paul Collins Startup list

[FLASH32]
Number=3066
Confirmed=?
Filename=-flash32.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[FlashEnc]
Number=3067
Confirmed=U
Filename=FlashEnc.exe
Description=Supplied with EasyDisk USB pen devices. The utility manages the encryption and compressed folders options. It will create these folders if running on the USB key without permission, which is a pain. No need for it if you do not want these features
Source=Paul Collins Startup list

[Flashget Download Manager]
Number=3068
Confirmed=X
Filename=Flashget.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagz.html" target=_blank>RBOT-AGZ</a> WORM!
Source=Paul Collins Startup list

[FlashPath Monitor]
Number=3069
Confirmed=N
Filename=SDSTAT.EXE
Description=System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[FlashPath Monitor]
Number=3070
Confirmed=N
Filename=FLSHSTAT.EXE
Description=System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[FlashPath Status]
Number=3071
Confirmed=N
Filename=SDSTAT.EXE
Description=System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[FlashPath Status]
Number=3072
Confirmed=N
Filename=FLSHSTAT.EXE
Description=System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[Flash_Player_Install]
Number=3073
Confirmed=X
Filename=ying.exe
Description=<a href="http://fileinfo.prevx.com/fileinfo.asp?PXC=a7c073784121" target="_blank">Constructor VC2000</a> malware
Source=Paul Collins Startup list

[FlenCPY]
Number=3074
Confirmed=X
Filename=flencpy.exe
Description=<a href="http://sarc.com/avcenter/venc/data/adware.flashenhancer.html" target=_blank>FlashEnhancer</a> adware variant
Source=Paul Collins Startup list

[Flexicd]
Number=3075
Confirmed=U
Filename=Flexicd.exe
Description=CD player - part of the <a href="http://www.microsoft.com/windows95/downloads/contents/WUToys/W95PwrToysSet/Default.asp" target="_blank">Win95 Power Toys</a>
Source=Paul Collins Startup list

[FLMK08KB]
Number=3076
Confirmed=U
Filename=MMKEYBD.EXE
Description=Multimedia keyboard manager. Required if you use the additional keys
Source=Paul Collins Startup list

[FLMOFFICE4DMOUSE]
Number=3077
Confirmed=U
Filename=moffice.exe
Description=<a href="http://www.mic-innovations.com/display.cfm?id=Mice" target="_blank">Micro Innovations</a> mouse management
Source=Paul Collins Startup list

[FLMOFFICE4DMOUSE]
Number=3078
Confirmed=U
Filename=mouse32a.exe
Description=<a href="http://www.mic-innovations.com/display.cfm?id=Mice" target="_blank">Micro Innovations</a> mouse management
Source=Paul Collins Startup list

[FLMTRUSTKB]
Number=3079
Confirmed=?
Filename=KbdAp32A.exe
Description=Keyboard utility for a Trust brand keyboard.<font color="#FF0000"> What does it do and is it required?</font>
Source=Paul Collins Startup list

[FLMTRUSTMOUSE]
Number=3080
Confirmed=U
Filename=mouse32a.exe
Description=Mouse utility for a Trust brand mouse
Source=Paul Collins Startup list

[FlnCPY]
Number=3081
Confirmed=X
Filename=flncpy.exe
Description=<a href="http://sarc.com/avcenter/venc/data/adware.flashenhancer.html" target= blank>FlashEnhancer</a> adware variant
Source=Paul Collins Startup list

[FLooDNeT]
Number=3082
Confirmed=X
Filename=FLooDeR.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-110116-4108-99" target="_blank">ENDOOL</a> TROJAN!
Source=Paul Collins Startup list

[Floppy Master]
Number=3083
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzonitf.html" target=_blank>ZONIT-F</a> TROJAN!
Source=Paul Collins Startup list

[Flow Go TV]
Number=3084
Confirmed=?
Filename=flogotv.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[flps]
Number=3085
Confirmed=X
Filename=flps.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111314-3449-99" target="_blank">BYRON</a> WORM!
Source=Paul Collins Startup list

[flpycntl]
Number=3086
Confirmed=X
Filename=flpycntl.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list

[FLSVCI]
Number=3087
Confirmed=?
Filename=FLSVCI.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[FltProcess]
Number=3088
Confirmed=Y
Filename=msinet.exe
Description=Part of <a href="http://www.cyberpatrol.com/">Cyber Patrol</a> internet filtering software to restrict access to certain types of material on the internet. It can be disabled but do not ask how it's done
Source=Paul Collins Startup list

[FlyswatDesktop]
Number=3089
Confirmed=X
Filename=flydesk.exe
Description=Advertising spyware
Source=Paul Collins Startup list

[FmctrlTray]
Number=3090
Confirmed=U
Filename=Fmctrl.EXE
Description=Genius SM-Live Control Panel. Enhances&nbsp;audio output&nbsp;through Genius sound cards (makes a big difference and&nbsp;worth the 3MB Ram used)
Source=Paul Collins Startup list

[fmnwebassist]
Number=3091
Confirmed=X
Filename=fmnwebassist.exe
Description=Adware popup generator
Source=Paul Collins Startup list

[FMStart]
Number=3092
Confirmed=U
Filename=Fmstart.exe
Description=<a href="http://www.gfi.com/faxmaker/" target="_blank">GFI FAXmaker</a> - native fax connector for Microsoft Exchange Server or for networks, allows all users to send and receive faxes right from their desktop
Source=Paul Collins Startup list

[FMSZ]
Number=3093
Confirmed=X
Filename=fmsz.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453079140" target="_blank">FMSZ</a> TROJAN!
Source=Paul Collins Startup list

[fnmwebassist]
Number=3094
Confirmed=X
Filename=fnmwebassist.exe
Description=<a href="http://allentech.net/parasite/WinPL.html" target="_blank">WinPL</a> adware

Source=Paul Collins Startup list

[Focus]
Number=3095
Confirmed=?
Filename=Focus.exe
Description=<font color="#FF0000">ISDN configuration wizard?</font>
Source=Paul Collins Startup list

[Folder Service]
Number=3096
Confirmed=X
Filename=wssdtu.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-112614-4025-99" target="_blank">MANIFEST</a> TROJAN!
Source=Paul Collins Startup list

[Folder View]
Number=3097
Confirmed=U
Filename=folderview.exe
Description=<a href="http://www.folderview.com/folderview/" target=_blank>Folder View</a> enhances the Windows file Explorer by making all folders you need available in a single click
Source=Paul Collins Startup list

[FolderClone v*.*.*]
Number=3098
Confirmed=U
Filename=folderclone.exe
Description=<a href="http://www.folderclone.com/fcinfo.htm" target=_blank>Folderclone</a> backup and synchronization software
Source=Paul Collins Startup list

[Folding@home]
Number=3099
Confirmed=N
Filename=WINFAH.EXE
Description=Folding@Home is a distributed computing project which studies protein folding, misfolding, aggregation, and related diseases - must be running in order to access the internet to upload to the servers. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[FoneSyncSystemTray]
Number=3100
Confirmed=N
Filename=FoneSyncSystemTray.exe
Description=System Tray icon for Nokia FoneSync utility for the 7160/7190 mobiles. Useful to send data from/to the cell phone and the computer. You can use it to backup data or even to input data through the computer keyboard (which naturally is much more comfortable). Run manually when required
Source=Paul Collins Startup list

[FontFix]
Number=3101
Confirmed=X
Filename=fontfix.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[fontnav]
Number=3102
Confirmed=N
Filename=FontNav.exe
Description=Font Navigator from <a href="http://www.bitstream.com/" target=_blank>Bitstream Inc.</a> - a font management utility
Source=Paul Collins Startup list

[FontsLoader]
Number=3103
Confirmed=X
Filename=ldfnt32.hta
Description=Unidentified malware
Source=Paul Collins Startup list

[FONTVIEW]
Number=3104
Confirmed=X
Filename=FONTVIEW.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T" target="_blank">OPASERV.T</a> WORM!
Source=Paul Collins Startup list

[FooBar 1.0]
Number=3105
Confirmed=U
Filename=FooBar.exe
Description=<a href="http://matrixsoftware.com/" target="_blank">FooBar</a> - "combines fifteen high-quality productivity tools in a single toolbar that floats on your desktop or runs in the Windows task bar"
Source=Paul Collins Startup list

[foobin lptt01]
Number=3106
Confirmed=X
Filename=adaware.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "foo1" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[foobin ml097e]
Number=3107
Confirmed=X
Filename=adaware.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "foo1" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[FoolProof]
Number=3108
Confirmed=Y
Filename=fpwinldr.exe
Description=<a href="http://www.smartstuff.com/fps/fpsinfo.html" target="_blank">FoolProof Security</a> PC security software from SmartStuff
Source=Paul Collins Startup list

[FoolProofSweep]
Number=3109
Confirmed=Y
Filename=??
Description=Part of <a href="http://www.smartstuff.com/fps/fpsinfo.html" target="_blank">FoolProof Security</a> PC security software from SmartStuff
Source=Paul Collins Startup list

[Forbes]
Number=3110
Confirmed=N
Filename=ForbesAlerts.exe
Description=Forbes Business News Alerts - displays business news headlines in a little window on the screen
Source=Paul Collins Startup list

[ForceShow]
Number=3111
Confirmed=X
Filename=rundll32.exe QaBar.dll, ForceShowBar
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=AdultLinks.QBar&threatid=10158" target=_blank>AdultLinks.QBar</a> parasite related
Source=Paul Collins Startup list

[Forget Me Not]
Number=3112
Confirmed=N
Filename=AGRemind.exe
Description=Calendar reminder part of <a href="http://www.broderbund.com/SubCategory.asp?CID=107" target="_blank">Broderbund's</a> American Greetings® CreataCard®
Source=Paul Collins Startup list

[FortiClient]
Number=3113
Confirmed=X
Filename=FortiClient.exe
Description=<a href="http://www.fortinet.com/" target="_blank">Fortinet</a> security systems are the new generation of real time network protection systems
Source=Paul Collins Startup list

[Fortis Secure Layer Config]
Number=3114
Confirmed=U
Filename=cseinst.exe
Description=Fortis Bank Home Banking part. Installed during the installation of the software necessary to run the Home Banking. According to Fortis Bank this will not in any way be harmful to the system or relay system information
Source=Paul Collins Startup list

[FotoStation Easy AutoLaunch]
Number=3115
Confirmed=N
Filename=FotoStation Easy AutoLaunch.exe
Description=Installed with a Nikon digital camera. Used to collect photos uploaded from camera program NkVwMon.exe. If your camera is not connected (via USB port) you do not need this program loaded either
Source=Paul Collins Startup list

[Foul PX]
Number=3116
Confirmed=U
Filename=FoulPX.exe
Description=Foul PX, Optusnet usage stat checker
Source=Paul Collins Startup list

[FourthDay]
Number=3117
Confirmed=U
Filename=FourthDay.exe
Description=<a href="http://www.starstonesoftware.com/fourthday.htm" target="_blank">The Fourth Day</a> - "astronomical clock and almanac for your system tray"
Source=Paul Collins Startup list

[foxdh]
Number=3118
Confirmed=X
Filename=foxdhend.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-063015-2354-99" target=_blank>MENGHUAN</a> TROJAN!
Source=Paul Collins Startup list

[foxdh]
Number=3119
Confirmed=X
Filename=foxdh.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojgwghostq.html" target=_blank>GWGHOST-Q</a> TROJAN!
Source=Paul Collins Startup list

[foxrxjh]
Number=3120
Confirmed=X
Filename=foxrxjh.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojgwghostt.html" target=_blank>GWGHOST-T</a> TROJAN!
Source=Paul Collins Startup list

[foxwudy9912]
Number=3121
Confirmed=X
Filename=service.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosbt.html" target= blank>BANCOS-BT</a> TROJAN!
Source=Paul Collins Startup list

[FP Loader]
Number=3122
Confirmed=Y
Filename=loadfp.exe
Description=<a href="http://www.smartstuff.com/fps/fpsinfo.html" target="_blank">FoolProof Security</a> - PC security software from SmartStuff
Source=Paul Collins Startup list

[FPWGMWZD]
Number=3123
Confirmed=?
Filename=FPWGMWZD.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Fpx]
Number=3124
Confirmed=N
Filename=mnmsrvc.exe
Description=Remote Desktop Sharing service part of Microsoft's Netmeeting allowing users to share items on their screens across remote locations
Source=Paul Collins Startup list

[fqor]
Number=3125
Confirmed=X
Filename=stub_113_4_0_4_0.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=TargetSaver&threatid=15121" target=_blank>TargetSaver</a> adware

Source=Paul Collins Startup list

[FrameWork 2.5]
Number=3126
Confirmed=X
Filename=FrameWork.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfmw.html" target="_blank">RBOT-FMW</a> WORM! Note - can terminate AV related processes
Source=Paul Collins Startup list

[France]
Number=3127
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120112-2230-99" target=_blank>MIMAIL.L</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[Fraps]
Number=3128
Confirmed=U
Filename=fraps.exe
Description=Fraps Real-Time Video Capture software
Source=Paul Collins Startup list

[Free Download Manager]
Number=3129
Confirmed=N
Filename=fdm.exe
Description="Free Download Manager" - see <a href="http://www.freedownloadmanager.org/" target="_blank">here</a>
Source=Paul Collins Startup list

[Free Downloads Monitor]
Number=3130
Confirmed=?
Filename=fdcmon.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Free Ram Optimizer]
Number=3131
Confirmed=U
Filename=fro.exe
Description=<a href="http://www.acelogix.com/freeware.html" target=_blank>Free Ram Optimizer</a> monitors your memory, and frees up ram if it falls below a certain minimum. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/ME. See <a href="http://aumha.org/win4/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
Source=Paul Collins Startup list

[Freedom]
Number=3132
Confirmed=Y
Filename=Freedom.exe
Description=<a href="http://www.freedom.net/" target="_blank">Freedom</a> Internet Security & Privacy - anti-virus, personal firewall and parental control. It also blocks ads, safeguards your personal information, encrypts your passwords, and much more. No longer available for sale
Source=Paul Collins Startup list

[FreeMem Pro]
Number=3133
Confirmed=U
Filename=FMEMPRO.EXE
Description=FreeMem Pro - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://aumha.org/win4/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
Source=Paul Collins Startup list

[FreeMemVn2]
Number=3134
Confirmed=U
Filename=FreeMem.exe
Description=FreeMem - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://aumha.org/win4/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
Source=Paul Collins Startup list

[FreeMP3download]
Number=3135
Confirmed=X
Filename=rundll32.exe MSA64CHK.dll, DllMostrar
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MatrixDialer&threatid=14914" target=_blank>MatrixDialer</a> related
Source=Paul Collins Startup list

[FreeRAM XP]
Number=3136
Confirmed=U
Filename=FreeRAM XP Pro *.exe
Description=<a href="http://www.yourwaresolutions.com/software.html#framxpro" target="_blank">FreeRAM XP Pro</a> - memory optimizer where * represents the version. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://aumha.org/win4/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
Source=Paul Collins Startup list

[freestyle]
Number=3137
Confirmed=X
Filename=lockx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotath.html" target=_blank>RBOT-ATH</a> WORM!
Source=Paul Collins Startup list

[freesurfer]
Number=3138
Confirmed=U
Filename=fs20.exe
Description=<a href="http://www.kolumbus.fi/eero.muhonen/FS/" target="_blank">EMS Free Surfer mk II</a> - pop-up stopper
Source=Paul Collins Startup list

[freexstyle]
Number=3139
Confirmed=X
Filename=lockbar.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-010615-2712-99" target=_blank>LOXBOT.D</a> WORM!
Source=Paul Collins Startup list

[freexstyle]
Number=3140
Confirmed=X
Filename=lockbr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-010515-3159-99" target=_blank>LOXBOT.C</a> WORM!
Source=Paul Collins Startup list

[Fresh Desktop]
Number=3141
Confirmed=U
Filename=freshdesktop.exe
Description=<a href="http://www.softcows.com/fresh_desktop.htm" target=_blank>Fresh Desktop</a> is a utility that lets you manage vast collections of wallpapers for your desktop with ease. When run on bootup it changes the desktop wallpaper at startup or at specified intervals
Source=Paul Collins Startup list

[freshclam]
Number=3142
Confirmed=N
Filename=freshclam.exe
Description=Auto update agent of the open source <a href="http://www.clamwin.com/" target=_blank>Clamwin</a> virus scanner

Source=Paul Collins Startup list

[frguk]
Number=3143
Confirmed=?
Filename=shdrkmck.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[FridaysInHellInstaller]
Number=3144
Confirmed=?
Filename=FridaysInHellInstaller.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[FriendlyType]
Number=3145
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100519-0947-99" target=_blank>WEBUS.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
Source=Paul Collins Startup list

[FriendlyTypeName]
Number=3146
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081700-2526-99" target="_blank">NEVEG.B</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081614-3605-99" target="_blank">NEVEG.C</a> WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[FriendlyTypeName]
Number=3147
Confirmed=X
Filename=winlogon.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081623-4258-99" target="_blank">NEVEG.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[FriendlyWebQuick-Launch]
Number=3148
Confirmed=N
Filename=SELFCERT.EXE
Description=selfcert.exe is a stand alone program for creating your own digital certificates for macros - the .exe is installed as an extra basically by clicking on MS Office in add/remove programs and selecting remove - also I would do away with the FriendlyWebQuickLaunchBar as well
Source=Paul Collins Startup list

[FRISK FP-Scheduler]
Number=3149
Confirmed=U
Filename=F-Sched.exe
Description=Scheduler for <a href="http://www.f-prot.com/" target="_blank"> F-Prot</a> anitvirus software. Leave enabled unless you scan manually on a regular basis
Source=Paul Collins Startup list

[FRITZ!DSL Startcenter]
Number=3150
Confirmed=?
Filename=StCenter.exe
Description=FRITZ! ISP software "StartCenter" User interface that allows you to manage, tweak and diagnose many aspects of your internet connection - <font color="#FF0000">is it required?</font>
Source=Paul Collins Startup list

[FRITZ!webProtect]
Number=3151
Confirmed=U
Filename=FwebProt.exe
Description=Firewall included in FRITZ! ISP DSL software
Source=Paul Collins Startup list

[Fromine WinPopup]
Number=3152
Confirmed=N
Filename=winpopup.exe
Description=Instant Messenger program
Source=Paul Collins Startup list

[Frsk]
Number=3153
Confirmed=X
Filename=frsk.exe
Description=Unidentified adware downloader trojan
Source=Paul Collins Startup list

[FRW_EXE]
Number=3154
Confirmed=Y
Filename=FRW.EXE
Description=<a href="http://www.claymania.com/rate-conseal.html" target="_blank">ConSeal Signal9</a> firewall - now McAfee Personal firewall
Source=Paul Collins Startup list

[frxmxins]
Number=3155
Confirmed=Y
Filename=frxmxins.exe
Description=ATI 3D Studio MAX/VIZ driver
Source=Paul Collins Startup list

[FS Agent]
Number=3156
Confirmed=X
Filename=fagent.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvolverb.html" target=_blank>VOLVER-B</a> TROJAN!
Source=Paul Collins Startup list

[FS6519]
Number=3157
Confirmed=X
Filename=FS6519.dll.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2007-022116-1047-99" target="_blank">SOLOW.B</a> WORM!
Source=Paul Collins Startup list

[fsaa]
Number=3158
Confirmed=Y
Filename=fsaa.exe
Description=<a href="http://www.f-secure.com/" target=_blank>F-Secure</a> antivirus Authentication Agent - creates and stores private keys used by a client to access servers
Source=Paul Collins Startup list

[FSCBoss]
Number=3159
Confirmed=N
Filename=FSCBoss.exe
Description=Free Store Club shop online software
Source=Paul Collins Startup list

[FSDPSRV]
Number=3160
Confirmed=?
Filename=FSDPSRV.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[FSH]
Number=3161
Confirmed=X
Filename=svcnva.exe
Description=Malware, detected by <a href="http://www.ewido.net/en/" target=_blank>Ewido Security Suite</a> as TrojanDownloader.Delf.ks
Source=Paul Collins Startup list

[fsp]
Number=3162
Confirmed=U
Filename=fsp.exe
Description=<a href="http://www.baxbex.com/foldershield.html" target="_blank">Folder Shield</a> - hide entire directories and thus prevent access by anyone else to your personal files and documents
Source=Paul Collins Startup list

[fspr]
Number=3163
Confirmed=Y
Filename=FolderShield.exe
Description=<a href="http://www.baxbex.de/foldershield.html" target="_blank">Folder Shield</a> - hide personal files and folders
Source=Paul Collins Startup list

[FSScrCtl]
Number=3164
Confirmed=N
Filename=FSScrCtl.exe
Description=Screen saver control applet used by the &quot;Stardust Screen Saver Toolkit&quot; and &quot;SolidWorks Screen Saver&quot;
Source=Paul Collins Startup list

[fsserv]
Number=3165
Confirmed=U
Filename=fserv.exe
Description=<a target="_blank" href="http://www.bysoft.se/sureshot/farsighter/manual.html">Farsighter Server</a> - monitors a remote computer invisibly by streaming video to a viewer on your computer. You will know exactly what is happening on the remote computer as you see it in real-time
Source=Paul Collins Startup list

[FSW]
Number=3166
Confirmed=X
Filename=FSW.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=FreeScratchAndWin&threatid=5475" target=_blank>FreeScratchAndWin</a> parasite
Source=Paul Collins Startup list

[FSWebServer]
Number=3167
Confirmed=U
Filename=fsws.exe
Description=<a href="http://www.sharing-file.com/" target=_blank>Easy File Sharing Web Server</a> is a Windows program that allows you to host a secure peer-to-peer and web-based file sharing system without any additional software or services
Source=Paul Collins Startup list

[FtkCPY]
Number=3168
Confirmed=X
Filename=ftkcpy.exe
Description=<a href="http://sarc.com/avcenter/venc/data/adware.flashenhancer.html" target="_blank">FlashEnhancer</a> adware variant
Source=Paul Collins Startup list

[FtLnSOP_setup]
Number=3169
Confirmed=U
Filename=FtLnSOP.exe
Description=Fujitsu scanner utility
Source=Paul Collins Startup list

[FTMSFLT(USB)]
Number=3170
Confirmed=U
Filename=FTMSFLTU.EXE
Description=Fujitsu's Touch Panel Message Notifier
Source=Paul Collins Startup list

[FTP FOR WINDOWS]
Number=3171
Confirmed=X
Filename=ftpwin32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[FTPGraber]
Number=3172
Confirmed=X
Filename=FTPGraber.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderdt.html" target=_blank>DLOADER-DT</a> TROJAN!

Source=Paul Collins Startup list

[FTPManager]
Number=3173
Confirmed=N
Filename=FTPDM.exe
Description="<a href="http://www.robust.ws/ftpdm.html" target=_blank>Robust FTP</a> is a Windows-based file transfer client application that transfers files between a user's local PC and another, remote computer system connected via a modem and telephone lines or by a local-area network (with upload transfer resume and download transfer resume)". Can be started manually
Source=Paul Collins Startup list

[Ftpqueue]
Number=3174
Confirmed=U
Filename=Ftpsched.exe
Description=Part of <a href="http://www.ipswitch.com/Products/WS_FTP/" target="_blank">WS_FTP Pro</a> from Ipswitch. Queueing facility for scheduling FTP transfers
Source=Paul Collins Startup list

[ftutil2]
Number=3175
Confirmed=U
Filename=rundll32.exe [path] ftutil2.dll, SetWriteCacheMode
Description=Related to Promise Technology's <a href="http://www.promise.com/marketing/datasheet/file/2_FT%20SX4030_4060%20DS.pdf" target="_blank">FastTrak SX4030/4060</a> PCI ATA Raid 5 controller (and possibly others)
Source=Paul Collins Startup list

[Fucker]
Number=3176
Confirmed=X
Filename=fucker.vbs
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32catchera.html" target="_blank">CATCHER-A</a> WORM!
Source=Paul Collins Startup list

[Fujitsu Menu]
Number=3177
Confirmed=U
Filename=FjMnuIco.exe
Description=From the "Fujitsu Menu" tray icon you have instant access to the Control Panel, Tablet pc keyboard, Tablet and pen settings, Fujitsu display controls, brightness control, sounds and audio devices, capture screen, capture window, organize favorites, power options, printers and faxes, LCD brightness MIN, LCD brightness MAX, Enable/disable Button Panel and the Fujitsu menu settings, which are customizable
Source=Paul Collins Startup list

[fukerservice]
Number=3178
Confirmed=X
Filename=fukerz.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[FUKLBAR]
Number=3179
Confirmed=X
Filename=bar.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[FusionHdtvTray]
Number=3180
Confirmed=U
Filename=FusionHdtvTray.exe
Description=FusionTrayAgent - main executable for <a href="http://www.fusionhdtv.co.kr/eng/" target="_blank">DVICO FusionHDTV</a> software. It adds an icon to system tray that allows you to easily access Fusion HDTV software
Source=Paul Collins Startup list

[FusionRC]
Number=3181
Confirmed=U
Filename=FusionRC.exe
Description=Remote control manager for <a href="http://www.fusionhdtv.co.kr/eng/" target="_blank">DVICO FusionHDTV</a>
Source=Paul Collins Startup list

[FusionRemote]
Number=3182
Confirmed=U
Filename=FusionRc.exe
Description=Remote control manager for <a href="http://www.fusionhdtv.co.kr/eng/" target="_blank">DVICO FusionHDTV</a>
Source=Paul Collins Startup list

[FusionTrayAgent]
Number=3183
Confirmed=N
Filename=FusionHdtvTray.exe
Description=FusionTrayAgent - main executable for <a href="http://www.fusionhdtv.co.kr/eng/" target="_blank">DVICO FusionHDTV</a> software. It adds an icon to system tray that allows you to easily access Fusion HDTV software
Source=Paul Collins Startup list

[fvek]
Number=3184
Confirmed=X
Filename=fvek.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdrivola.html" target=_blank>DRIVOL-A</a> TROJAN!
Source=Paul Collins Startup list

[FW Manager]
Number=3185
Confirmed=X
Filename=fwcheck.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delboth.html" target="_blank">DELBOT-H</a> WORM!
Source=Paul Collins Startup list

[FWDMON.EXE]
Number=3186
Confirmed=X
Filename=fwdmon.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojproxys.html" target=_blank>PROXY-S</a> TROJAN!
Source=Paul Collins Startup list

[fwenc.exe]
Number=3187
Confirmed=Y
Filename=fwenc.exe
Description=<a href="http://www.checkpoint.com/" target="_blank">Check Point</a> SecuRemote VPN client - "dynamic and fixed IP addressing for all ISP services - dial-up, cable modem, or DSL - the ideal solution for telecommuters and mobile workers"
Source=Paul Collins Startup list

[Fwr Command Module]
Number=3188
Confirmed=X
Filename=fwr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpp.html" target="_blank">SDBOT-PP</a> WORM!
Source=Paul Collins Startup list

[fwrastrc]
Number=3189
Confirmed=N
Filename=fwrastrc.exe
Description=Dial-up software for Friendly Technologies/1NationOnLine free ISP
Source=Paul Collins Startup list

[fwservice]
Number=3190
Confirmed=U
Filename=fwservice
Description=eAcceleration Stop-Sign security software related. Previously not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">here</a>
Source=Paul Collins Startup list

[FX]
Number=3191
Confirmed=X
Filename=ieloader.exe
Description=Added by the SMALL.RR TROJAN!
Source=Paul Collins Startup list

[fxredir]
Number=3192
Confirmed=U
Filename=fxredir.exe
Description=Canon MultiPASS fax redirector
Source=Paul Collins Startup list

[fzg]
Number=3193
Confirmed=X
Filename=svhost32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DLOADER.BDK" target="_blank">DLOADER.BDK</a> TROJAN!
Source=Paul Collins Startup list

[f~a]
Number=3194
Confirmed=X
Filename=ra32.exe
Description=Added by the <a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101037&affid=125" target=_blank>CAY</a> TROJAN!
Source=Paul Collins Startup list

[g.exe]
Number=3195
Confirmed=X
Filename=g.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-091016-5719-99" target=_blank>GRAYBIRD.Q</a> TROJAN!
Source=Paul Collins Startup list

[G00123]
Number=3196
Confirmed=X
Filename=[worm filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010215-0626-99" target="_blank">BUGBROS</a> WORM!
Source=Paul Collins Startup list

[G0mez]
Number=3197
Confirmed=X
Filename=G0mez.vbs
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/vbsgormleza.html" target=_blank>GORMLEZ-A</a> WORM!
Source=Paul Collins Startup list

[G3]
Number=3198
Confirmed=X
Filename=GSMedia3.exe
Description=Malware downloader - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan.Win32.VB.ux
Source=Paul Collins Startup list

[g3dctl]
Number=3199
Confirmed=?
Filename=g3dctl.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Gadu-Gadu]
Number=3200
Confirmed=N
Filename=gg.exe
Description=Polish language Instant Messaging client
Source=Paul Collins Startup list

[Gadwin PrintScreen]
Number=3201
Confirmed=N
Filename=PrintScreen.exe
Description=Gadwin <a href="http://www.gadwin.com/printscreen/" target="_blank">PrintScreen</a> - utility to capture, print or save the current window
Source=Paul Collins Startup list

[GAELICUM.EXE]
Number=3202
Confirmed=X
Filename=GAELICUM.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpentaa.html" target=_blank>PENTA-A</a> TROJAN!
Source=Paul Collins Startup list

[gah95on6]
Number=3203
Confirmed=X
Filename=gah95on6.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076082" target=_blank>ShopAtHome/SAHagent</a> adware
Source=Paul Collins Startup list

[gaim]
Number=3204
Confirmed=U
Filename=gaim.exe
Description=<a href="http://gaim.sourceforge.net/" target=_blank>Gaim</a> is an instant messenger client with capability to connect to AIM, ICQ, MSN Messenger, Yahoo, IRC, Jabber, Gadu-Gadu and Zephyr networks
Source=Paul Collins Startup list

[Gainward]
Number=3205
Confirmed=U
Filename=TBPanel.exe
Description=Configuration utility for Gainward graphics cards. Not required unless you use non-default settings. Available via Start -&gt; Settings -&gt; Control Panel
Source=Paul Collins Startup list

[game]
Number=3206
Confirmed=X
Filename=shit.exe
Description=Added by the Netclap Gold backdoor TROJAN!
Source=Paul Collins Startup list

[Game Device]
Number=3207
Confirmed=N
Filename=JOYUPDRV.EXE
Description=Genius game controller profile activator
Source=Paul Collins Startup list

[Game House]
Number=3208
Confirmed=X
Filename=GameHouse.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delfdra.html" target="_blank">DELF-DRA</a> WORM!
Source=Paul Collins Startup list

[GameDrive]
Number=3209
Confirmed=N
Filename=GDTask.exe
Description=<a href="http://www.farstone.com/software/gamedrive.htm" target="_blank">GameDrive</a> Virtual Driver from FarStone Technology, Inc. Run PC games without the disc
Source=Paul Collins Startup list

[Games Acceleration]
Number=3210
Confirmed=X
Filename=svshost.exe
Description=<a href="http://sarc.com/avcenter/venc/data/adware.easysearch.html" target=_blank>EasySearch</a> adware
Source=Paul Collins Startup list

[Games Acceleration]
Number=3211
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmutsrcha.html" target=_blank>SMUTSRCH-A</a> TROJAN!
Source=Paul Collins Startup list

[Games Acceleration]
Number=3212
Confirmed=X
Filename=svshost1.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadrawd.html" target="_blank">DLOADR-AWD</a> TROJAN!
Source=Paul Collins Startup list

[Games toolbar]
Number=3213
Confirmed=X
Filename=rundll32.exe [path] tbGame.dll, DllShowTB
Description=Topconverting.com\180Search "Games Toolbar" adware

Source=Paul Collins Startup list

[GameSpot]
Number=3214
Confirmed=N
Filename=kontiki.exe
Description=<a href="http://www.kontiki.com/products/deliverymanager/index.html" target="_blank">Kontiki Delivery Manager</a> - Windows-based client software that enables secure delivery of content to users' desktops
Source=Paul Collins Startup list

[gameutil.exe]
Number=3215
Confirmed=U
Filename=gameutil.exe
Description=Part of Redline RegTweak as supplied with Sapphire ATI graphics cards. You can configure different overlclocking settings on a per game basis and this sets those conditions following a re-boot
Source=Paul Collins Startup list

[GammaHotKeys]
Number=3216
Confirmed=U
Filename=setgamma.exe
Description=Part of the <a href="http://radeontweaker.sourceforge.net/" target="_blank">RadeonTweaker</a> program for adjusting ATI Radeon graphics cards. Allows you to adjust the gamma (or brightness) when playing a full-screen game without switching back to the desktop
Source=Paul Collins Startup list

[gaSrv]
Number=3217
Confirmed=X
Filename=gaSrv.exe
Description=Adware downloader, identified by <a href="http://www.pandasoftware.com/" target="_blank">Panda</a> antivirus as Trojan.Downloader.ALQ
Source=Paul Collins Startup list

[gaSrve]
Number=3218
Confirmed=X
Filename=gaSrve.exe
Description=Adware downloader, identified by <a href="http://www.pandasoftware.com/" target="_blank">Panda</a> antivirus as Trojan.Downloader.ALQ
Source=Paul Collins Startup list

[Gate Personal Firewall]
Number=3219
Confirmed=X
Filename=Systpl.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ADC&VSect=P" target=_blank>RBOT.ADC</a> WORM
Source=Paul Collins Startup list

[Gateway Extended Warranty]
Number=3220
Confirmed=N
Filename=GWCares.exe
Description=Gateway Extended Warranty reminder
Source=Paul Collins Startup list

[Gator]
Number=3221
Confirmed=X
Filename=gator.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Claria.Gator.eWallet&threatid=3722" target="_blank">Gator eWallet</a> adware. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
Source=Paul Collins Startup list

[Gator eWallet]
Number=3222
Confirmed=X
Filename=gator.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Claria.Gator.eWallet&threatid=3722" target="_blank">Gator eWallet</a> adware. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
Source=Paul Collins Startup list

[Gay_Sexy_**]
Number=3223
Confirmed=X
Filename=Gay_Sexy_**.exe
Description=Premium rate adult content dialler (where * is a random char)
Source=Paul Collins Startup list

[GazelDisplay]
Number=3224
Confirmed=U
Filename=gsyno.exe
Description=<a href="http://www.bt.com/homehighway/more_info.htm">BT Digital Access USB</a> - Gazel ISDN installation System Tray icon
Source=Paul Collins Startup list

[GBSpaceMan]
Number=3225
Confirmed=Y
Filename=SpaceMan.exe
Description=<a href="http://greenborder.com/" target="_blank">GreenBorder</a> - secure your browsing activities on the internet
Source=Paul Collins Startup list

[GBTray]
Number=3226
Confirmed=U
Filename=GBTray.exe
Description=System Tray icon access to <a href="http://www.roxio.com/enu/default.html" target="_blank">Roxio's</a> (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users
Source=Paul Collins Startup list

[gCac]
Number=3227
Confirmed=X
Filename=gcac.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.U</a> TROJAN!
Source=Paul Collins Startup list

[gcasDtServ]
Number=3228
Confirmed=X
Filename=gcasDtServ.exe
Description=Added by an unidentified WORM or TROJAN. Note - this is not related to Microsoft Antispyware which has a process bearing the same name which doesn't appear as a startup
Source=Paul Collins Startup list

[gcasServ]
Number=3229
Confirmed=U
Filename=gcasServ.exe
Description=<a href="http://www.giantcompany.com/p_antiSpyware.htm" target=_blank>Giant Antipsyware</a> - now superseeded by <a href="http://www.microsoft.com/athome/security/spyware/software/default.mspx" target=_blank>Microsoft Windows AntiSpyware</a>
Source=Paul Collins Startup list

[gcasServ]
Number=3230
Confirmed=X
Filename=realsched.exe
Description=Added by a variant of the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN! Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name
Source=Paul Collins Startup list

[GCC Reminder]
Number=3231
Confirmed=?
Filename=gccrem.exe
Description=Associated with AcraMax Greeting Card Creator. <font color="#FF0000">Is it a registration reminder?</font>
Source=Paul Collins Startup list

[GCS]
Number=3232
Confirmed=N
Filename=GrabClipSave.exe
Description=<a href="http://www.boumchalak.net/Tools/GCS/gcs.html" target="_blank">GrabClipSave</a> screen capture tool
Source=Paul Collins Startup list

[GDAX]
Number=3233
Confirmed=X
Filename=[path to backdoor]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102814-0756-99" target=_blank>RANKY.K</a> TROJAN!
Source=Paul Collins Startup list

[gdien32]
Number=3234
Confirmed=X
Filename=gdien32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsingup.html" target=_blank>SINGU-P</a> TROJAN!
Source=Paul Collins Startup list

[gdimx]
Number=3235
Confirmed=X
Filename=gdimx.exe
Description=<a href="http://www.sophos.com/virusinfo/analyses/dialmpbd.html" target="_blank">MPB-D</a> dialer. Note - provides an uninstall option which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "gdimx"
Source=Paul Collins Startup list

[GDMgr.exe]
Number=3236
Confirmed=U
Filename=gdmgr.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-052615-2337-99" target="_blank">GuardMon</a> is a commercial surveillance software program designed to monitor all forms of user activity on a computer
Source=Paul Collins Startup list

[GDrive]
Number=3237
Confirmed=N
Filename=GDriver.exe
Description=Found on IBM systems. All it does is set the CDROM drive letter to G:. Set your drive letter manually via Start -&gt; Settings -&gt; Control Panel -&gt; System -&gt; Device Manager
Source=Paul Collins Startup list

[Gearbox]
Number=3238
Confirmed=N
Filename=confsvr.exe
Description=NTL's Gearbox software for configuring internet connections with their NTLWorld software - does a similar job to the Internet Connection Wizard which can be used instead using the dial-up details available <a href="http://www.ntlworld.com/help/settings.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[GEARsec]
Number=3239
Confirmed=N
Filename=gearsec.exe
Description=Installed by Apple Quicktime package - iPod/iTunes CDRW support. Can be disabled if you only require Quicktime player
Source=Paul Collins Startup list

[GEDZAC]
Number=3240
Confirmed=X
Filename=GEDZAC.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-020411-4428-99" target="_blank">GEMEL</a> WORM!

Source=Paul Collins Startup list

[GemStRmW]
Number=3241
Confirmed=N
Filename=GemStRmW.exe
Description=For a GemPlus smart card reader. If it doesn't start automatically when you insert the smart card, start it manually
Source=Paul Collins Startup list

[Gene USB Monitor]
Number=3242
Confirmed=U
Filename=USBMonit.exe
Description=Monitors USB ports for insertion of Sandisk USB flashdrives
Source=Paul Collins Startup list

[general lptt01]
Number=3243
Confirmed=X
Filename=general.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "General" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[general ml097e]
Number=3244
Confirmed=X
Filename=general.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "General" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[Generic host proccess for windows]
Number=3245
Confirmed=X
Filename=SVCHOSTS.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotgq.html" target= blank>SPYBOT-GQ</a> WORM!
Source=Paul Collins Startup list

[Generic Host Process]
Number=3246
Confirmed=X
Filename=SCHOST.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotnc.html" target=_blank>RBOT-NC</a> WORM!

Source=Paul Collins Startup list

[Generic Host Process]
Number=3247
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadernx.html" target=_blank>DLOADER-NX</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[Generic Host Process for Win32 Service]
Number=3248
Confirmed=X
Filename=svlhost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.EX" target="_blank">WOOTBOT.EX</a> WORM!
Source=Paul Collins Startup list

[Generic Host Process for Win32 Service]
Number=3249
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.NC" target="_blank">SPYBOT.NC</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[Generic Host Process for Win32 Services]
Number=3250
Confirmed=X
Filename=ntspcv.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010813-5603-99" target="_blank">SDBOT.S</a> TROJAN!
Source=Paul Collins Startup list

[Generic Host Process for Win32 Services]
Number=3251
Confirmed=X
Filename=intspvc.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031712-4905-99" target="_blank">DINFOR.D</a> WORM!
Source=Paul Collins Startup list

[Generic Host Process for Win32 Services]
Number=3252
Confirmed=X
Filename=winsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdboto.html" target="_blank">SDBOT-O</a> WORM!
Source=Paul Collins Startup list

[Generic Host Process for Win32 Services]
Number=3253
Confirmed=X
Filename=bazzi.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022311-5800-99" target=_blank>AHKER.E</a> WORM!
Source=Paul Collins Startup list

[Generic Host Process for Win32 Services]
Number=3254
Confirmed=X
Filename=winsvc32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotp.html" target= blank>SDBOT-P</a> WORM!
Source=Paul Collins Startup list

[Generic Host Process for Win32 Services]
Number=3255
Confirmed=X
Filename=lspsvc.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MUMU.C" target="_blank">MUMU.C</a> WORM!
Source=Paul Collins Startup list

[Generic Host Process for Win32 Services]
Number=3256
Confirmed=X
Filename=SPSVC.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.DA" target="_blank">SDBOT.DA</a> WORM!
Source=Paul Collins Startup list

[Generic Host Process for Win32 Services]
Number=3257
Confirmed=X
Filename=svchost32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.ALH" target="_blank">AGOBOT.ALH</a> WORM!
Source=Paul Collins Startup list

[Generic Host Process for Win32 Services]
Number=3258
Confirmed=X
Filename=svńhîst.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DLOADER.AK" target="_blank">DLOADER.AK</a> TROJAN!
Source=Paul Collins Startup list

[Generic Host Process2 System Backup]
Number=3259
Confirmed=X
Filename=scvhost2.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbah.html" target=_blank>RBOT-BAH</a> WORM!
Source=Paul Collins Startup list

[Generic Host Process326a System Backup]
Number=3260
Confirmed=X
Filename=scvhost326a.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Generic Host Service]
Number=3261
Confirmed=X
Filename=lshost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.LU&VSect=T" target="_blank">RBOT.LU</a> WORM!
Source=Paul Collins Startup list

[Generic Service Process]
Number=3262
Confirmed=X
Filename=regsvc32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040114-5626-99" target="_blank">GAOBOT.UJ</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040212-0834-99" target="_blank">GAOBOT.UL</a> WORMS!
Source=Paul Collins Startup list

[Generic Service Process]
Number=3263
Confirmed=X
Filename=serv1ces.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotjk.html" target=_blank>AGOBOT-JK</a> WORM!
Source=Paul Collins Startup list

[Generic Service Process]
Number=3264
Confirmed=X
Filename=nvsvc.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.BY" target="_blank">AGOBOT.BY</a> WORM! Note - this is not the valid <a href="http://www.sysinfo.org/startuplist.php?filter=NvSvc" target=_blank>NVIDIA Driver Helper Service</a> and is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[Generic Services Process]
Number=3265
Confirmed=X
Filename=regsvc32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040112-0028-99" target="_blank">GAOBOT.SY</a> WORM!
Source=Paul Collins Startup list

[GenericHostXP]
Number=3266
Confirmed=X
Filename=WinLoaderXP.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooracx.html" target="_blank">BDOOR-ACX</a> TROJAN!
Source=Paul Collins Startup list

[Genie USB Monitor]
Number=3267
Confirmed=Y
Filename=USBmonitor.exe
Description=Port monitor for an external USB hard drive. Required to enable access to the drive
Source=Paul Collins Startup list

[Geography TX 1.0 NT]
Number=3268
Confirmed=X
Filename=CompuSpeed.vbs
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/vbsnewleya.html" target= blank>NEWLEY-A</a> WORM!
Source=Paul Collins Startup list

[Gerenciamento de arquivos do Windows]
Number=3269
Confirmed=X
Filename=Winmod32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderwg.html" target=_blank>DLOADER-WG</a> TROJAN!
Source=Paul Collins Startup list

[german.exe]
Number=3270
Confirmed=X
Filename=winsystems.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbagledlae.html" target=_blank>BAGLEDl-AE</a> TROJAN!
Source=Paul Collins Startup list

[german.exe]
Number=3271
Confirmed=X
Filename=wintems.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbagleas.html" target=_blank>BAGLE-AS</a> TROJAN!
Source=Paul Collins Startup list

[Gestionnaire de disques universel]
Number=3272
Confirmed=X
Filename=sysoobe.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtoadera.html" target=_blank>TOADER-A</a> TROJAN!
Source=Paul Collins Startup list

[Get Smile]
Number=3273
Confirmed=N
Filename=getsmile.exe
Description=Puts smilie faces in your E-mail. Run manually when required
Source=Paul Collins Startup list

[GetRight Tray Icon]
Number=3274
Confirmed=N
Filename=GETRIGHT.EXE
Description=GetRight from Headlight Software - download manager for resuming downloads and choosing multiple download locations. The freeware version is/was spyware. The registered version isn't if you don't install the Aureate/Radiate software. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[GetTheMusic]
Number=3275
Confirmed=X
Filename=rundll32.exe MSA64CHK.dll, DllMostrar
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MatrixDialer&threatid=14914" target=_blank>MatrixDialer</a> related
Source=Paul Collins Startup list

[getwin]
Number=3276
Confirmed=X
Filename=winB_.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerhs.html" target=_blank>BANKER-HS</a> TROJAN!
Source=Paul Collins Startup list

[GhostSecuritySuite]
Number=3277
Confirmed=U
Filename=gss.exe
Description=<a href="http://www.ghostsecurity.com/" target=_blank>Ghost Security Suite</a> - protect the registry from unauthorized reading and modification and other tools

Source=Paul Collins Startup list

[GhostStartService]
Number=3278
Confirmed=N
Filename=GhostStartService.exe
Description=Required to run the Windows based wizard in <a href="http://www.symantec.com/sabu/ghost/ghost_personal/" target="_blank">Norton Ghost</a> - added from the 2003 version. Will start automatically when you run the wizard
Source=Paul Collins Startup list

[GhostStartTrayApp]
Number=3279
Confirmed=N
Filename=GhostStartTrayApp.exe
Description=System Tray access to <a href="http://www.symantec.com/sabu/ghost/ghost_personal/" target="_blank">Norton Ghost</a> - added from the 2003 version
Source=Paul Collins Startup list

[GhostSurfDelSatellite]
Number=3280
Confirmed=?
Filename=DeleteSatellite.exe
Description=<a href="http://www.tenebril.com/products/ghostsurf/spycatcher.html" target=_blank>SpyCatcher</a> spyware remover related. <font color="#FF0000">What does it do and is it required?</font>

Source=Paul Collins Startup list

[GhostSurfDelSatellite]
Number=3281
Confirmed=Y
Filename=DeleteSatellite.exe
Description=Part of <a href="http://www.tenebril.com/consumer/spyware/spycatcher.php" target=_blank>SpyCatcher</a> spyware remover from Tenebril. Prevents rogue programs from sending personal information to a remote user via the Internet. If you use SpyCatcher with real time scanning, you'll want to leave this file in place

Source=Paul Collins Startup list

[gigabit.exe]
Number=3282
Confirmed=X
Filename=gigabit.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032609-0734-99" target="_blank">BEAGLE.U</a> WORM!
Source=Paul Collins Startup list

[GigaByte]
Number=3283
Confirmed=X
Filename=Cheatle.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042012-2931-99" target="_blank">SHODI.B</a> VIRUS!
Source=Paul Collins Startup list

[Gilat SOM Enumerator]
Number=3284
Confirmed=Y
Filename=dllhost.exe
Description=For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system
Source=Paul Collins Startup list

[GilatFTC]
Number=3285
Confirmed=Y
Filename=ftc.exe
Description=For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system
Source=Paul Collins Startup list

[gimmygames]
Number=3286
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadrln.html" target=_blank>DLOADR-LN</a> TROJAN!
Source=Paul Collins Startup list

[gimmysmileys]
Number=3287
Confirmed=X
Filename=gimmysmileys.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=GimmySmileys&threatid=44087" target="_blank">GimmySmileys</a> adware
Source=Paul Collins Startup list

[GinaDll]
Number=3288
Confirmed=X
Filename=ntgina.dll
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ANIG.A" target="_blank">ANIG.A</a> WORM!
Source=Paul Collins Startup list

[GisdnLog]
Number=3289
Confirmed=?
Filename=gisdnlog.exe
Description=<a href="http://www.bt.com/homehighway/more_info.htm">BT Digital Access USB</a>
Source=Paul Collins Startup list

[Glass2k]
Number=3290
Confirmed=U
Filename=Glass2k.exe
Description=&quot;<a href="http://www.chime.tv/products/glass2k.shtml" target="_blank">Glass2k</a> is a small little program that allows Win2K/XP users to make any window transparent&quot;
Source=Paul Collins Startup list

[GLF Network Lan Monitor]
Number=3291
Confirmed=X
Filename=NPFMNTOR.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagy.html" target=_blank>RBOT-AGY</a> WORM!
Source=Paul Collins Startup list

[Glide]
Number=3292
Confirmed=Y
Filename=Glidew32.exe
Description=<a href="http://www.cirque.com/" target="_blank">Cirque</a> touchpad driver
Source=Paul Collins Startup list

[Global Startup]
Number=3293
Confirmed=X
Filename=WinDash.EXE
Description=Recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as IM-Worm.Win32.VB.q, may be related to the <a href="http://www.sophos.com/virusinfo/analyses/w32attechc.html" target="_blank">ATTECH-C</a> WORM
Source=Paul Collins Startup list

[GlobalSCAPE]
Number=3294
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaym.html" target=_blank>RBOT-AYM</a> WORM!
Source=Paul Collins Startup list

[GLSetIT32]
Number=3295
Confirmed=X
Filename=msiexec16.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=39482" target="_blank">OPTIX PRO</a> TROJAN!
Source=Paul Collins Startup list

[GLSetIT32]
Number=3296
Confirmed=X
Filename=isass.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=39482" target="_blank">OPTIX PRO</a> TROJAN!
Source=Paul Collins Startup list

[GLSetT32]
Number=3297
Confirmed=X
Filename=smsiexec.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojoptixd.html" target=_blank>OPTIX-D</a> TROJAN!
Source=Paul Collins Startup list

[gluon]
Number=3298
Confirmed=?
Filename=gluon.exe
Description=<font color="#FF0000">In a gluon/bin sub-directory</font>
Source=Paul Collins Startup list

[glv]
Number=3299
Confirmed=X
Filename=glv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderng.html" target= blank>DLOADER-NG</a> TROJAN!
Source=Paul Collins Startup list

[GMedia2]
Number=3300
Confirmed=X
Filename=GSM2.exe
Description=Malware downloader - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan.Win32.VB.ux
Source=Paul Collins Startup list

[GMedia2]
Number=3301
Confirmed=X
Filename=GSMedia3.exe
Description=Malware downloader - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan.Win32.VB.ux
Source=Paul Collins Startup list

[Gmouse]
Number=3302
Confirmed=Y
Filename=Gmouse.exe
Description=Amouse mouse driver - required if you use non-standard Windows driver features
Source=Paul Collins Startup list

[Gnetmous]
Number=3303
Confirmed=U
Filename=gnetmous.exe
Description=<a href="http://www.geniusnet.com/" target="_blank">Genius</a> NetScroll+ mouse driver - required if you use non-standard Windows driver features
Source=Paul Collins Startup list

[GNETMOUSE]
Number=3304
Confirmed=U
Filename=gnetmouse.exe
Description=Genius mouse driver - required if you use non-standard Windows driver features

Source=Paul Collins Startup list

[GNP Generic Host Process]
Number=3305
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzapchasf.html" target= blank>ZAPCHAS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list

[GNP Generic Host Process]
Number=3306
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzapchasr.html" target=_blank>ZAPCHAS-R</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup and is always located in the System32 folder. This worm file is found in the System folder
Source=Paul Collins Startup list

[GNP Generic Host Process]
Number=3307
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzapchasaa.html" target=_blank>ZAPCHAS-AA</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This one replaces svchost.exe in the System32 folder with a copy of Mirc on (NT/2K/XP) systems and just adds svchost.exe to the System folder on (9x/Me) systems
Source=Paul Collins Startup list

[gnub]
Number=3308
Confirmed=?
Filename=gnub.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[go]
Number=3309
Confirmed=X
Filename=cvir.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32silova.html" target="_blank">SILOV-A</a> WORM!
Source=Paul Collins Startup list

[Go!Zilla]
Number=3310
Confirmed=X
Filename=gozilla.exe
Description=Download manager for resuming downloads and choosing multiple download locations. Advertising spyware
Source=Paul Collins Startup list

[Go!Zilla Monster Downloads]
Number=3311
Confirmed=X
Filename=Go.exe
Description=Download manager for resuming downloads and choosing multiple download locations. Advertising spyware
Source=Paul Collins Startup list

[GoBack]
Number=3312
Confirmed=U
Filename=GBMenu.exe
Description=<a href="http://www.roxio.com/enu/default.html" target="_blank">Roxio's</a> (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users
Source=Paul Collins Startup list

[GoBack]
Number=3313
Confirmed=U
Filename=GBTray.exe
Description=System Tray icon access to <a href="http://www.roxio.com/enu/default.html" target="_blank">Roxio's</a> (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users
Source=Paul Collins Startup list

[GoBack Polling Service]
Number=3314
Confirmed=U
Filename=GBPoll.exe
Description=<a href="http://www.roxio.com/enu/default.html" target="_blank">Roxio's</a> (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users
Source=Paul Collins Startup list

[GoBack Tray Icon]
Number=3315
Confirmed=U
Filename=GBTray.exe
Description=<a href="http://www.roxio.com/enu/default.html" target="_blank">Roxio's</a> (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users
Source=Paul Collins Startup list

[GOG]
Number=3316
Confirmed=X
Filename=GOG.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040217-5954-99" target="_blank">PHILIS.B</a> VIRUS!
Source=Paul Collins Startup list

[goidr]
Number=3317
Confirmed=X
Filename=goidr.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081916-0353-99" target= blank>Goidr</a> adware
Source=Paul Collins Startup list

[Goldensoft_MndlSvr]
Number=3318
Confirmed=U
Filename=MndlSvr.exe
Description=Goldensoft CD Ghost related - turns a computer into a 200X-speed CD-ROM tower. Working from the hard drive, users can simultaneously access as many as 23 virtual CD-ROM drives at a speed of 200X for true multitasking
Source=Paul Collins Startup list

[Golum]
Number=3319
Confirmed=X
Filename=services.exe
Description=Added by the GOLUM.A TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[golumm]
Number=3320
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderet.html" target=_blank>DLOADER-ET</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "golumm" subfolder
Source=Paul Collins Startup list

[good]
Number=3321
Confirmed=X
Filename=badvir.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32silovb.html" target="_blank">SILOV-B</a> WORM!
Source=Paul Collins Startup list

[google]
Number=3322
Confirmed=X
Filename=google.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotamw.html" target=_blank>RBOT-AMW</a> WORM!
Source=Paul Collins Startup list

[Google Desktop]
Number=3323
Confirmed=U
Filename=GoogleDesktop.exe
Description=<a href="http://desktop.google.com/about.html" target="_blank">Google Desktop Search</a> - "a desktop search application that provides full text search over your email, computer files, chats, and the web pages you've viewed. By making your computer searchable, Google Desktop Search puts your information easily within your reach and frees you from having to manually organize your files, emails, and bookmarks"
Source=Paul Collins Startup list

[Google Desktop Search]
Number=3324
Confirmed=N
Filename=GoogleDesktop.exe
Description=<a href="http://desktop.google.com/about.html" target="_blank">Google Desktop Search</a> - "a desktop search application that provides full text search over your email, computer files, chats, and the web pages you've viewed. By making your computer searchable, Google Desktop Search puts your information easily within your reach and frees you from having to manually organize your files, emails, and bookmarks"
Source=Paul Collins Startup list

[Google Earth]
Number=3325
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxk.html" target=_blank>RBOT-AXK</a> TROJAN!
Source=Paul Collins Startup list

[Google Earth Viewer]
Number=3326
Confirmed=N
Filename=GOOGLEMAPS.EXE
Description=<a href="http://earth.google.com/" target=_blank>Google Earth</a> "combines satellite imagery, maps and the power of Google Search to put the world's geographic information at your fingertips"
Source=Paul Collins Startup list

[google Intrenet Explorer]
Number=3327
Confirmed=X
Filename=google.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotara.html" target=_blank>RBOT-ARA</a> WORM!
Source=Paul Collins Startup list

[Google service]
Number=3328
Confirmed=X
Filename=Googlesetup.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ircbotrj.html" target="_blank">IRCBOT-RJ</a> WORM!
Source=Paul Collins Startup list

[google toolbar]
Number=3329
Confirmed=X
Filename=ggtb32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotrr.html" target= blank>AGOBOT-RR</a> WORM!
Source=Paul Collins Startup list

[Google Updater]
Number=3330
Confirmed=N
Filename=GOOGLE~1.EXE
Description=Downloads and installs updates for Google applications (Google Earth, Google Desktop, etc.)
Source=Paul Collins Startup list

[GoogleDCClient]
Number=3331
Confirmed=N
Filename=GoogleDCC.exe
Description=<a href="http://en.wikipedia.org/wiki/Google_Toolbar#Google_Compute" target="_blank">Google Compute Client</a> - only present if you installed the Google Toolbar with "Google Compute" client active. Does complex calculations in the background when idle. If you want to turn it off go to your browser, click on the little double-helix on the Google Toolbar, and click "Stop Computing". No longer supported
Source=Paul Collins Startup list

[googletalk]
Number=3332
Confirmed=U
Filename=googletalk.exe
Description=<a href="http://www.google.com/talk/" target=_blank>Google Talk</a> "enables you to call or send instant messages to your friends for free-anytime, anywhere in the world". Can be launched manually
Source=Paul Collins Startup list

[GoToMyPC]
Number=3333
Confirmed=U
Filename=g2svc.exe
Description=<a href="https://www.gotomypc.com/en_US/entry.tmpl?_sid=143317649%3A2E0C1B936B629C7&Action=rgoto&_sf=2" target="_blank">ExpertCity GoToMyPc</a> logon - web-based remote-access solution that allows individuals and companies to register their computers online and then securely access those computers from any web browser
Source=Paul Collins Startup list

[GotSmiley]
Number=3334
Confirmed=X
Filename=GotSmiley.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Claria.GotSmiley&threatid=40046" target="_blank">GotSmiley</a> - ad supported program that provides the user with smileys for use in emails. Not recommended. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
Source=Paul Collins Startup list

[gouday.exe]
Number=3335
Confirmed=X
Filename=readme.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-022715-1724-99" target="_blank">BEAGLE.C</a> WORM!
Source=Paul Collins Startup list

[GRA]
Number=3336
Confirmed=N
Filename=gra.exe
Description=Looks at system resources at startup and warns you if they have dropped. Contains links to the Disk Clean Up, Defrag&nbsp;and Start Up Menu. It does have a link to a startup configuration utility. Similar to msconfig but can keep a list of disabled apps. Not really necessary. Only appears if you load the Gateway Startup Utility
Source=Paul Collins Startup list

[gramdate]
Number=3337
Confirmed=?
Filename=2Stop.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Graphic Driver]
Number=3338
Confirmed=X
Filename=smss32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Graphic Loader]
Number=3339
Confirmed=X
Filename=ntvdm32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Gravis Appawareloader]
Number=3340
Confirmed=U
Filename=dbserver.exe
Description=Looks like it's associated with <a href="http://www.gravis.com/" target="_blank"> Gravis</a> game controllers and the Keyset Manager, allowing the user to program the buttons for games that don't support them
Source=Paul Collins Startup list

[Gravis Xperience Driver Support]
Number=3341
Confirmed=U
Filename=Grxp4exe.exe
Description=Driver for <a href="http://www.gravis.com/" target="_blank">Gravis</a> game controllers such as the Eliminator Aftershock. Must be loaded if you run the supplied application software for the controller to be recognized. Start it manually via a shortcut if not used
Source=Paul Collins Startup list

[GrdSys32]
Number=3342
Confirmed=?
Filename=GrdSys32.exe
Description=X-Stream ISP software. Offers free Net access funded by on-screen ads. <font color="#FF0000">Is it required or can you create your own dial-up networking connection to use on demand?</font>
Source=Paul Collins Startup list

[Greetings Workshop]
Number=3343
Confirmed=N
Filename=GWREMIND.EXE
Description=You really want to be reminded about somebody's birthday at the expense of resources?
Source=Paul Collins Startup list

[gremier]
Number=3344
Confirmed=X
Filename=wscript.exe gpremier.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-020622-3859-99" target="_blank">GPREMIER</a> WORM!
Source=Paul Collins Startup list

[Gremlin]
Number=3345
Confirmed=X
Filename=intrenat.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-020909-2916-99" target="_blank">DOOMJUICE</a> WORM!
Source=Paul Collins Startup list

[Grokster]
Number=3346
Confirmed=N
Filename=Grokster.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453060425" target="_blank">Grokster</a> Peer-To-Peer File Sharing program
Source=Paul Collins Startup list

[GrooveMonitor]
Number=3347
Confirmed=Y
Filename=GrooveMonitor.exe
Description=Microsoft Office <a href="http://office.microsoft.com/en-us/groove/HA101680011033.aspx" target="_blank">Groove 2007</a> - Groove Folder Sharing synchronization (GFS). If you kill it, your GFS workspaces may not synchronize properly (particularly around unread-marks), and you might experience some nagging discomfort
Source=Paul Collins Startup list

[GrpConv]
Number=3348
Confirmed=N
Filename=grpconv.exe
Description=Microsoft Windows Program Group Converter - used by installers (ONLY in the RunOnce keys) - provides the translation of groups and group items to folders and links. Also see <a href="http://support.microsoft.com/?kbid=119941" target= blank>this</a> MS Knowledge Base article
Source=Paul Collins Startup list

[GsAds]
Number=3349
Confirmed=X
Filename=gms2.exe
Description=<a href="http://www.benedelman.org/spyware/installations/pacerd/" target=_blank>PacerD_Media/Pacimedia.com</a> adware
Source=Paul Collins Startup list

[Gscbc]
Number=3350
Confirmed=?
Filename=Gscbc.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[gshp]
Number=3351
Confirmed=X
Filename=zzgshp.vbs
Description=Homepage hi-jacker
Source=Paul Collins Startup list

[Gsiconexe]
Number=3352
Confirmed=N
Filename=Gsicon.exe
Description=ADSL modem monitor from <a href="http://www.eicon.com/worldwide/default.htm" target="_blank">Eicon Networks</a> (as used by BT for its Broadband internet service for example). Can safely be disabled without affecting the connection - all this does is give an indication of connectivity and access to the diagnostic facilities
Source=Paul Collins Startup list

[GsiFinal]
Number=3353
Confirmed=?
Filename=rundll32 gspndll.dll, postInstall final
Description=USB DSL modem related - [what does it do and is it required in startup?</font>
Source=Paul Collins Startup list

[GSISETUP]
Number=3354
Confirmed=?
Filename=[path] GsiInst.exe INSTALL [path] V205Res 13
Description=BT Voyager ADSL modem related - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list

[GSOrganizer]
Number=3355
Confirmed=N
Filename=GSOrganizer.exe
Description=<a href="http://www.tgslabs.com/en/winorganizer/" target="_blank">GoldenSection Organizer</a> (now WinOrganizer - personal information manager
Source=Paul Collins Startup list

[gssomatic]
Number=3356
Confirmed=X
Filename=gssomatic.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453077927" target="_blank">Searchcentrix</a> hijacker
Source=Paul Collins Startup list

[GStartup]
Number=3357
Confirmed=X
Filename=GMT.exe
Description=Gator spyware component - see <a href="http://www.cexx.org/gator.htm" target="_blank">here</a>. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
Source=Paul Collins Startup list

[gsv]
Number=3358
Confirmed=X
Filename=gsv.exe
Description=Added by the ROBAL 1.0 backdoor TROJAN!
Source=Paul Collins Startup list

[GT]
Number=3359
Confirmed=X
Filename=GT.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaj.html" target="_blank">SDBOT-AJ</a> WORM!
Source=Paul Collins Startup list

[GTVEpg]
Number=3360
Confirmed=U
Filename=GTVEpg.exe
Description=Part of <a href="http://www.gallm.com/" target="_blank">Got All Media</a> - control your TV tuner and other utilities from your PC
Source=Paul Collins Startup list

[GTVRec]
Number=3361
Confirmed=X
Filename=GTVRec.exe
Description=Part of <a href="http://www.gallm.com/" target="_blank">Got All Media</a> - control your TV tuner and other utilities from your PC
Source=Paul Collins Startup list

[Gtwatch]
Number=3362
Confirmed=N
Filename=gtwatch.exe
Description=Associated with a Mustec scanner and not required
Source=Paul Collins Startup list

[gtydf]
Number=3363
Confirmed=X
Filename=iisca.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojclaggerbb.html" target="_blank">CLAGGER-BB</a> TROJAN!
Source=Paul Collins Startup list

[gtydf]
Number=3364
Confirmed=X
Filename=iscca.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdwnldrgtk.html" target="_blank">DWNLDR-GTK</a> TROJAN!
Source=Paul Collins Startup list

[Guard]
Number=3365
Confirmed=U
Filename=Guard.exe
Description=Related to <a href="http://www.phoenix.com/" target=_blank>Phoenix Technologies</a> Core Managed Environment (cME) Integration and Certification program
Source=Paul Collins Startup list

[Guardian]
Number=3366
Confirmed=N
Filename=CMGrdian.exe
Description=McAfee's QuickClean, an offline version of the one in their online Clinic. Normally run offline and not needed. Incidentally, incorporates more cleanup programs than the likes of WinOptimizer and System Mechanic
Source=Paul Collins Startup list

[Guardian PC Security Tools]
Number=3367
Confirmed=U
Filename=Pfft.exe
Description=Boomerang Software's Guardian PC Security Tools - now rebranded as the <a href="http://www.boomerangsoftware.com/Products/Security/eSecurity.htm" target=_blank>eXtendia Security Suite</a>

Source=Paul Collins Startup list

[guarnset]
Number=3368
Confirmed=X
Filename=guarnset.exe
Description=<a href="http://sarc.com/avcenter/venc/data/adware.adlogix.html" target="_blank">Adlogix</a> adware
Source=Paul Collins Startup list

[GURL]
Number=3369
Confirmed=X
Filename=gurl.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-063018-3752-99" target="_blank">GURLWatcher</a> spyware
Source=Paul Collins Startup list

[GuruNet]
Number=3370
Confirmed=U
Filename=GuruNet.exe
Description=<a href="http://www.gurunet.com/what_tools.jsp" target=_blank>GuruNet</a> lets you click on any word on your screen to get the relevant information you want
Source=Paul Collins Startup list

[GustavVED]
Number=3371
Confirmed=X
Filename=[filename].exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-111119-3659-99" target="_blank">OPASERV.H</a> WORM!
Source=Paul Collins Startup list

[gvagfxj]
Number=3372
Confirmed=X
Filename=rundll32 ...gvagfxj.dll
Description=Unidentified adware, spyware or virus
Source=Paul Collins Startup list

[gw port controller]
Number=3373
Confirmed=Y
Filename=PORTCT95.EXE
Description=From a visitor - &quot;I must keep it active in start up or my Lexmark printer and RCA Cam program cannot discover a working port to work&quot;. From the file properties, the file is known as &quot;Smart Thru Fax Drive Spy&quot; and is supplied by Samsung
Source=Paul Collins Startup list

[GWInkMonitor]
Number=3374
Confirmed=N
Filename=GWInkMonitor.exe
Description=Gateway ink monitor - makes an annoying popup that says your printer may be running out of ink, do you want to buy some!
Source=Paul Collins Startup list

[gwiz]
Number=3375
Confirmed=X
Filename=ntsystem.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=58686" target="_blank">NITWIZ.A</a> TROJAN!
Source=Paul Collins Startup list

[GWMDMMSG]
Number=3376
Confirmed=N
Filename=GWMDMMSG.exe
Description=Used with internal modems on Gateway and vprMatrix PCs. This is the &quot;GTW modem messaging applet&quot; and is not required for the modem to work correctly
Source=Paul Collins Startup list

[GWMDMpi]
Number=3377
Confirmed=U
Filename=GWMDMpi.exe
Description=Used with internal modems on Gateway PCs such as the 450SX Notebook. Required for audio settings to be maintained and does not remain in memory once run. See <a href="http://support.gateway.com/support/drivers/moreinfo.asp?readmeURL=ftp%3A//ftp.gateway.com/pub/hardware_support/drivers/win_xp/portable/450sx4/7512994.txt" target="_blank">here</a> for more information
Source=Paul Collins Startup list

[gwum]
Number=3378
Confirmed=U
Filename=gwum.exe
Description=Gigabyte utility manager. Loads if you have a Gigabyte motherboard and got a full bundle of utilities installed. Monitors CPU, fans, BIOS etc. Only used by system &quot;tweakers&quot;
Source=Paul Collins Startup list

[gyy]
Number=3379
Confirmed=?
Filename=gyy.exe
Description=<font color="#FF0000">Possibly <a href="#Gator">Gator</a> (and therefore spyware) related?</font>
Source=Paul Collins Startup list

[G_Server.exe]
Number=3380
Confirmed=X
Filename=G_Server.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfeutelc.html" target=_blank>FEUTEL-C</a> TROJAN!
Source=Paul Collins Startup list

[G_Server1.2.exe]
Number=3381
Confirmed=X
Filename=G_Server1.2.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojgraybirdz.html" target=_blank>GRAYBIRD-Z</a> TROJAN!
Source=Paul Collins Startup list

[H/PC Connection Agent]
Number=3382
Confirmed=U
Filename=WCESCOMM.EXE
Description=Active sync for use with Windows CE based palm PC
Source=Paul Collins Startup list

[H2OWIBU]
Number=3383
Confirmed=U
Filename=CXWibu.exe
Description=Related to <a href="http://wibu.com/start.php?lang=en" target="_blank">CodeMeter</a> from WIBU-SYSTEMS AG. Software protection hardware
Source=Paul Collins Startup list

[h4te Service Drivers]
Number=3384
Confirmed=X
Filename=h4te.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[hachimitsu-lemon]
Number=3385
Confirmed=X
Filename=hachimitsu-lemon.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-070812-1520-99" target=_blank>HACHILEM</a> TROJAN!
Source=Paul Collins Startup list

[hagent]
Number=3386
Confirmed=X
Filename=avp.exe
Description=Added by the "Herman Agent" remote access TROJAN!
Source=Paul Collins Startup list

[HalifaxHowardCluster]
Number=3387
Confirmed=U
Filename=skinkers.exe
Description="Howard the Weatherman" desktop client from Halifax by <a href="http://www.skinkers.com/" target="_blank">Skinkers</a> - marketing/messaging tool. Leave enabled if you want to receive messages
Source=Paul Collins Startup list

[HaMFrontPanel]
Number=3388
Confirmed=U
Filename=hampanel.exe
Description=Displays a panel simulating modem lights for the Intel HaM internal modem. The lights are useful as a reminder to disconnect from the net if you are likely to forget, but otherwise pointless
Source=Paul Collins Startup list

[Handy Backup 3.9]
Number=3389
Confirmed=U
Filename=hbagent.exe
Description=<a href="http://www.handybackup.com/" target="_blank">Handy Backup</a> - automatic backup of your critical data to virtually any type of storage media including CD-RW devices and remote FTP servers
Source=Paul Collins Startup list

[HanUpdate]
Number=3390
Confirmed=X
Filename=hanz.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotglj.html" target="_blank">RBOT-GLJ</a> WORM!
Source=Paul Collins Startup list

[Hard drive Controller]
Number=3391
Confirmed=X
Filename=hdcontroller.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-020812-4733-99" target=_blank>KIMAN.B</a> WORM!
Source=Paul Collins Startup list

[Hardware Doctor]
Number=3392
Confirmed=U
Filename=Hwdoctor.exe
Description=Winbond Hardware Doctor - as included on some motherboard using Winbond's hardware monitoring chips. Displays fan speeds, voltages, temperatures. Only required if you're concerned about your system temperature - typically for "overclocked" systems
Source=Paul Collins Startup list

[Hardware Monitor Service]
Number=3393
Confirmed=X
Filename=mshms.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojwollfa.html" target=_blank>WOLLF-A</a> TROJAN!
Source=Paul Collins Startup list

[Hardware Profile]
Number=3394
Confirmed=X
Filename=hxdef.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list

[Hardware Profile]
Number=3395
Confirmed=X
Filename=hxdef.exe...
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list

[Hardware Sensors Monitor]
Number=3396
Confirmed=U
Filename=hmonitor.exe
Description=Utility to monitor fan speed and temperatures - similar to Motherboard Monitor. Only required if you're concerned about your system temperature - typically for &quot;overclocked&quot; systems
Source=Paul Collins Startup list

[Hardware Shell Detection]
Number=3397
Confirmed=X
Filename=WinHSD.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Hare]
Number=3398
Confirmed=U
Filename=hare.exe
Description=<a href="http://www.foxpop.ndirect.co.uk/pc/dachshund_03.htm" target="_blank">Hare</a> - improve and optimize performance of desktop/laptop PCs
Source=Paul Collins Startup list

[HATAPE]
Number=3399
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerqf.html" target=_blank>BANKER-QF</a> TROJAN!
Source=Paul Collins Startup list

[HawkEye]
Number=3400
Confirmed=U
Filename=HAWK_95.EXE
Description=Control Panel application for the old Number Nine graphics cards to change resolution, colour depth, etc. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[HawkEye IV Control Panel]
Number=3401
Confirmed=U
Filename=HAWK_32.EXE
Description=Control Panel application for the old Number Nine graphics cards to change resolution, colour depth, etc. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[Hbinst]
Number=3402
Confirmed=X
Filename=Hbinst.exe
Description=<a href="http://www.hotbar.com/" target="_blank">Hotbar</a> enhances the surfing experience offering a variety of innovative and fresh skins to the browser while providing users worldwide with access to various services of added value and fun. Also regarded as adware/spyware due to it's adds and browsing habits information gathering - see <a href="http://www.safersite.com/pestinfo/H/HotBar_Adware.asp" target="_blank">here</a>
Source=Paul Collins Startup list

[HC Reminder]
Number=3403
Confirmed=N
Filename=hc.exe
Description=For Compaq PC's. Help Compiler, crunches help database, will run without being in startup when needed
Source=Paul Collins Startup list

[HCDetect]
Number=3404
Confirmed=N
Filename=HCDetect.exe
Description=MS HomeClick Network - simple home network setup and configuration program included with 3Com HomeConnect home networking products. Runs in the background for network printer notification, detection, and Internet Connection Sharing (ICS) taskbar icon. Not required - network can be set-up manually, also has a known memory leak problem
Source=Paul Collins Startup list

[hcenter]
Number=3405
Confirmed=U
Filename=tgcmd.exe
Description=See also TgAddServer. This part ensures the software is installed correctly (similar to an installation wizard) as reported by <a href="http://www.cox.com/policy/#pp_1" target="_blank">Cox</a> Regarded as spyware by <a href="http://www.answersthatwork.com/Tasklist_pages/tasklist_t.htm" target="_blank">some</a> as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation
Source=Paul Collins Startup list

[hclean32.exe]
Number=3406
Confirmed=X
Filename=hclean32.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[Hcontrol]
Number=3407
Confirmed=U
Filename=hcontrol.exe
Description=Hotkeys on an ASUS Notebook. Only required if you use the additional keys
Source=Paul Collins Startup list

[hcsystray]
Number=3408
Confirmed=N
Filename=hc_tray.exe
Description=<a href="http://www.kumagames.com/help.html#shootout" target="_blank">Kuma Notifier</a> for the <a href="http://www.history.com/minisites/shootout/" target="_blank">Shootout!</a> game from the History Channel. "It lets you know whenever there’s a new episode that’s been released or an announcement from the Kuma team. Just click it to get up-to-the-minute game and event information"
Source=Paul Collins Startup list

[HDAShCut]
Number=3409
Confirmed=N
Filename=HDAShCut.exe
Description=High definition audio page shortcut - not required
Source=Paul Collins Startup list

[HDAudio]
Number=3410
Confirmed=X
Filename=hda.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.U</a> TROJAN!
Source=Paul Collins Startup list

[HDAudio Driver 1.0]
Number=3411
Confirmed=X
Filename=[random filename].exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojteadoord.html" target=_blank>TEADOOR-D</a> TROJAN!
Source=Paul Collins Startup list

[HDAudio Driver 2.0]
Number=3412
Confirmed=X
Filename=[random filename].exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojteadoore.html" target=_blank>TEADOOR-E</a> TROJAN!
Source=Paul Collins Startup list

[HDDHealth]
Number=3413
Confirmed=U
Filename=hddhealth.exe
Description=<a href="http://www.panterasoft.com/" target=_blank>HDD Health</a> is a "full-featured failure-prediction agent for machines using Windows 95, 98, NT, Me, 2000 and XP. Sitting in the system tray, it monitors hard disks and alerts you to impending failure" 
Source=Paul Collins Startup list

[HDDlife]
Number=3414
Confirmed=U
Filename=HDDlife.exe
Description=<a href="http://www.hddlife.com/" target=_blank>HDDlife</a> checks the health of your hard drives at regular intervals and informs you about the results of these checks
Source=Paul Collins Startup list

[HDhelp]
Number=3415
Confirmed=?
Filename=tbhdhelp.exe
Description=Associated with Philips Edge series soundcards. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list

[hdlfoe df98ndf]
Number=3416
Confirmed=X
Filename=svchots.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[hdlpscom]
Number=3417
Confirmed=X
Filename=[8 random letters].exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotful.html" target="_blank">RBOT-FUL</a> WORM!
Source=Paul Collins Startup list

[HDtray]
Number=3418
Confirmed=N
Filename=HDtray.exe
Description=Philips Edge Series Control Panel Tray Utility - system tray icon for a Philips Edge series soundcards. Available via Start -> Settings -> Control Panel
Source=Paul Collins Startup list

[he3bbcff]
Number=3419
Confirmed=X
Filename=rundll32.exe [path] he3bbcff.dll, EnableRunDLL32
Description=<a href="http://www.spywareguide.com/product_show.php?id=853" target=_blank>LZIO.com</a> adware downloader
Source=Paul Collins Startup list

[he3e3fc4]
Number=3420
Confirmed=X
Filename=rundll32.exe [path] he3e3fc4.dll, EnableRunDLL32
Description=<a href="http://www.spywareguide.com/product_show.php?id=853" target="_blank">LZIO.com</a> adware downloader
Source=Paul Collins Startup list

[HELLBOT TEST]
Number=3421
Confirmed=X
Filename=1hellbot.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050803-1959-99" target= blank>MYDOOM.BO</a> WORM!
Source=Paul Collins Startup list

[HELLBOT3]
Number=3422
Confirmed=X
Filename=coolbot.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.AB&VSect=T" target=_blank>MYTOB.AB</a> WORM!
Source=Paul Collins Startup list

[hellodolly]
Number=3423
Confirmed=X
Filename=shost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082916-1108-99" target="_blank">YODO</a> WORM!
Source=Paul Collins Startup list

[helloworld]
Number=3424
Confirmed=X
Filename=nb32ext2.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_135474.htm" target=_blank>MYDOOM.BV</a> WORM!
Source=Paul Collins Startup list

[helloworld]
Number=3425
Confirmed=X
Filename=nb32ext3.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.JT&VSect=P" target=_blank>MYTOB.JT</a> WORM!
Source=Paul Collins Startup list

[Help]
Number=3426
Confirmed=?
Filename=helpext.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[help]
Number=3427
Confirmed=X
Filename=help.scr
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosbbu.html" target="_blank">BANCOS-BBU</a> TROJAN!
Source=Paul Collins Startup list

[Help Temp Files]
Number=3428
Confirmed=X
Filename=netreg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotem.html" target= blank>FORBOT-EM</a> WORM!
Source=Paul Collins Startup list

[helpctl.exe]
Number=3429
Confirmed=X
Filename=helpctl.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082609-2823-99" target="_blank">GASLIDE</a> TROJAN!
Source=Paul Collins Startup list

[Helper]
Number=3430
Confirmed=X
Filename=eschlp.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042117-1932-99" target="_blank">BLASTER.T</a> WORM!
Source=Paul Collins Startup list

[HELPER]
Number=3431
Confirmed=X
Filename=greece nm.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant

Source=Paul Collins Startup list

[HELPER]
Number=3432
Confirmed=X
Filename=Netherlands.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
Source=Paul Collins Startup list

[HELPER]
Number=3433
Confirmed=X
Filename=new zealand.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
Source=Paul Collins Startup list

[HELPER]
Number=3434
Confirmed=X
Filename=sweden.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
Source=Paul Collins Startup list

[HELPER]
Number=3435
Confirmed=X
Filename=canada.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialler variant
Source=Paul Collins Startup list

[HELPER]
Number=3436
Confirmed=X
Filename=france.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialler variant
Source=Paul Collins Startup list

[HELPER]
Number=3437
Confirmed=X
Filename=temp532.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialler variant
Source=Paul Collins Startup list

[helper.dll]
Number=3438
Confirmed=X
Filename=[path] rundll32.exe [path] helper.dll
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=3721%20Chinese%20Keywords%20(CNSMin)&threatid=3678" target=_blank>CnsMin</a> (Chinese Keywords) hijacker related
Source=Paul Collins Startup list

[HelpExp.exe]
Number=3439
Confirmed=X
Filename=HelpExp.exe
Description=Attune HelpExpress - spyware. Disable and uninstall - see <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453075079" target="_blank">here</a>
Source=Paul Collins Startup list

[helpmanager]
Number=3440
Confirmed=X
Filename=spoler.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090510-4423-99" target="_blank">RANDEX.J</a> WORM!
Source=Paul Collins Startup list

[helpw]
Number=3441
Confirmed=X
Filename=helpw.exe
Description=Adware downloader

Source=Paul Collins Startup list

[hen]
Number=3442
Confirmed=X
Filename=[filename].exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042617-4204-99" target="_blank">TARNO.G</a> TROJAN!
Source=Paul Collins Startup list

[heomstool]
Number=3443
Confirmed=X
Filename=heomstool.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-110911-5626-99" target=_blank>HEOMS</a> TROJAN!
Source=Paul Collins Startup list

[hErcUnes]
Number=3444
Confirmed=X
Filename=softhost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112712-4629-99" target=_blank>GARROCH</a> WORM!
Source=Paul Collins Startup list

[Hermes Messenger]
Number=3445
Confirmed=U
Filename=DGDRHE~1.EXE
Description=A LAN messenger alternative to WinPopUp - <a href="http://www.dgdr.com/" target="_blank">Digital Dreams Software</a>
Source=Paul Collins Startup list

[Hewlett Packard Manager]
Number=3446
Confirmed=X
Filename=hpmanager.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-100711-1841-99" target=_blank>MYTOB.KE</a> WORM! Note - this is not a valid Hewlett-Packard program
Source=Paul Collins Startup list

[Hewlett Packard Recorder]
Number=3447
Confirmed=N
Filename=Remind32.exe
Description=HP multifunction registration
Source=Paul Collins Startup list

[Hf]
Number=3448
Confirmed=U
Filename=Hf.exe
Description=<a href="http://www.fspro.net/hide-folders/" target="_blank">Hide Folders</a> - hide your folders so only you can view them
Source=Paul Collins Startup list

[HF Security]
Number=3449
Confirmed=X
Filename=hfsecure.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotti.html" target=_blank>AGOBOT-TI</a> WORM!
Source=Paul Collins Startup list

[hffsrv]
Number=3450
Confirmed=U
Filename=hffsrv.exe
Description=<a href="http://www.softstack.com/hff.html" target=_blank>Hide Files & Folders</a> is a "password-protected security utility working at the Windows kernel level allowing you to password-protect files and folders, or to hide them securely from viewing and searching"
Source=Paul Collins Startup list

[hfxp]
Number=3451
Confirmed=U
Filename=hfxp.exe
Description=<a href="http://www.fspro.net/hide-folders-xp/" target="_blank">Hide Folders XP</a> - hide your folders so only you can view them
Source=Paul Collins Startup list

[hgqhp.exe]
Number=3452
Confirmed=X
Filename=hgqhp.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-091512-3355-99" target=_blank>FLUSH.F</a> TROJAN!
Source=Paul Collins Startup list

[HGTXPEI]
Number=3453
Confirmed=N
Filename=FirstReboot.exe
Description=Herucles Audio tool for the Hercules Game Theater XP soundcard. Available via Start -&gt; Settings -&gt; Control Panel
Source=Paul Collins Startup list

[HiberMonitor]
Number=3454
Confirmed=?
Filename=HCount.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Hibernation]
Number=3455
Confirmed=U
Filename=hib32.exe
Description=Reduces the power consumption when the laptop isn't being used to preserve battery power. Similar programs on other laptops reduce the processor clock rate, etc. Required if you run of battery regularly
Source=Paul Collins Startup list

[Hid.exe]
Number=3456
Confirmed=X
Filename=hid.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-051918-1128-99" target="_blank">RATSOU.B</a> TROJAN!
Source=Paul Collins Startup list

[HideOE]
Number=3457
Confirmed=U
Filename=HideOE.exe
Description=<a href="http://www.r2.com.au/software.php?page=2&show=hideoe&PHPSESSID=2256bb0c52a103fac2bd9a885f0ca787" target=_blank>HideOE</a> - allows you to 'hide' Outlook Express or minimize it to the System Tray
Source=Paul Collins Startup list

[HideRun.exe]
Number=3458
Confirmed=X
Filename=Hiderun.exe and svhost.exe and pro.gif
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-072806-1847-99" target="_blank">BOOHOO</a> WORM!
Source=Paul Collins Startup list

[HideStyle]
Number=3459
Confirmed=X
Filename=Ante Browse Trust.exe
Description=IE toolbar taking you to Lop.com. If the exe is running, end it and remove the "Stupidmore" directory from C:\Program Files
Source=Paul Collins Startup list

[hidserv]
Number=3460
Confirmed=U
Filename=hidserv.exe
Description=This is the Human Interface Device Server for Win98SE/2000/Me/XP, it is required only if you are using USB Audio Devices you can disable via Msconfig. See <a href="http://www.microsoft.com/whdc/device/input/audctrl.mspx" target="_blank">here</a>. Typical examples are USB multimedia keyboards with volume control and web-ready keyboards. For example - loaded by default with MS DSS80 Speakers because they have Volume, Mute and Bass controls on the speaker. Some users may experience problems disabling this - if this is the case then re-enable it. Equivalent to MMHid in Win98. On HP Computers, HIDSERV is the controller for the keyboard sound controls on the USB and PS/2 keyboards
Source=Paul Collins Startup list

[High Definition Audio Property Page Shortcut]
Number=3461
Confirmed=N
Filename=HDAudPropShortcut.exe
Description=Realtek audio card related - probably adds the odd feature to one of the "Sounds" Control Panel applet tabs - doesn't appear to be required
Source=Paul Collins Startup list

[HighPoint ATA RAID Management Software]
Number=3462
Confirmed=Y
Filename=raidman.exe
Description=<a href="http://www.highpoint-tech.com/" target="_blank">HighPoint</a> RAID management - hard disk striping/mirroring utility for increased performance and reliability. See here for more information on <a href="http://data-recovery.lsoft.net/concept_raid.html" target="_blank">RAID</a>
Source=Paul Collins Startup list

[HijackThis startup scan]
Number=3463
Confirmed=U
Filename=HijackThis.exe
Description=<a href="http://www.spywareinfo.com/~merijn/downloads.html" target= blank>HijackThis</a> lists the contents of key areas of the Registry and hard drive areas that are used by both legitimate programmers and hijackers. The program is continually updated to detect and remove new hijacks. It does not target specific programs and URLs, only the methods used by hijackers to force you onto their sites. As a result, false positives are imminent, and unless you're sure about what you're doing, you always should consult with knowledgable folks before deleting anything. Required if you'd like HijackThis to run a scan at startup, and show the results when new items are found (if so, check the appropriate box in the "Config" section")
Source=Paul Collins Startup list

[HijSrv32]
Number=3464
Confirmed=X
Filename=hijsrv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankgermd.html" target=_blank>BANKGERM-D</a> TROJAN!
Source=Paul Collins Startup list

[HistoryKill]
Number=3465
Confirmed=N
Filename=histkill.exe
Description=HistoryKill removes your web surfing path by removing the URL drop-list history, detailed history file, cache, and cookies in both IE and Netscape Navigator browsers. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[Hitman Pro SurfRight Helper]
Number=3466
Confirmed=U
Filename=srhelper.exe
Description=<a href="http://process.networktechs.com/srhelper.exe.php" target=_blank>Hitman Pro</a> - a utility to start a number of Security Protection software. They can be started individualy

Source=Paul Collins Startup list

[HitQ]
Number=3467
Confirmed=X
Filename=HitQ.exe
Description=Hijacker, for more information see <a href="http://www.talkaboutshareware.com/group/alt.comp.freeware/messages/289755.html" target=_blank>here</a>
Source=Paul Collins Startup list

[HitwarePKLite]
Number=3468
Confirmed=U
Filename=HITWAR~1.EXE
Description=<a href="http://www.rightutilities.com/products/hitwarelite/hitware_lite.htm" target="_blank">Hitware Popup Killer Lite</a>
Source=Paul Collins Startup list

[HIV]
Number=3469
Confirmed=X
Filename=HIV.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-083114-4604-99" target="_blank">HIVA</a> TROJAN!
Source=Paul Collins Startup list

[hk]
Number=3470
Confirmed=U
Filename=hk.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050512-3309-99" target=blank>KeyLoggerExp</a> keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[hkcmd]
Number=3471
Confirmed=U
Filename=hkcmd.exe
Description=Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. If the user wishes to have "HotKey" access to Intel's customised graphics properties, it is required, otherwise not. It can be disabled via the Display Properties in the Control Panel
Source=Paul Collins Startup list

[HKEYok]
Number=3472
Confirmed=X
Filename=runlli32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassu.html" target=_blank>QQPASS-U</a> TROJAN!
Source=Paul Collins Startup list

[HKLM\Run]
Number=3473
Confirmed=X
Filename=windowsupdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbj.html" target=_blank>FORBOT-BJ</a> WORM! (where HKLM\Run represents HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run)
Source=Paul Collins Startup list

[hkserv]
Number=3474
Confirmed=U
Filename=HKserv.exe
Description=Keyboard manager program required to use programmable power and function keys on some laptops such as the Sony PCG R505TS
Source=Paul Collins Startup list

[hkss]
Number=3475
Confirmed=U
Filename=hkss.exe
Description=Compaq HotKey Support - multimedia keyboard support
Source=Paul Collins Startup list

[HLcleanup]
Number=3476
Confirmed=X
Filename=hlsetup2.exe
Description=<a href="http://vil.mcafeesecurity.com/vil/content/v_134892.htm" target=_blank>LinkReplacer/FFinder</a> adware
Source=Paul Collins Startup list

[hldrrr]
Number=3477
Confirmed=X
Filename=hldrrr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32baglekf.html" target="_blank">BAGLE-KF</a> WORM!
Source=Paul Collins Startup list

[hlhtxo.exe]
Number=3478
Confirmed=X
Filename=hlhtxo.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_135291.htm" target=_blank>QLOWZONES-27</a> TROJAN!
Source=Paul Collins Startup list

[HLL Data Parameter]
Number=3479
Confirmed=X
Filename=hllcxpa.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AFG" target="_blank">RBOT.AFG</a> WORM!
Source=Paul Collins Startup list

[HMI PowerSystem]
Number=3480
Confirmed=X
Filename=hmisvc32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031510-5713-99" target=_blank>RANDEX.CZZ</a> WORM!
Source=Paul Collins Startup list

[HML PowerSource]
Number=3481
Confirmed=X
Filename=hmlsvc32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxl.html" target= blank>SDBOT-XL</a> WORM!
Source=Paul Collins Startup list

[Hmonitor]
Number=3482
Confirmed=U
Filename=Hmonitor.exe
Description=Hardware sensor monitoring program. Only required if you overclock your system and want to check on the status
Source=Paul Collins Startup list

[HMV PowerSource]
Number=3483
Confirmed=X
Filename=hmusvc32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotyw.html" target=_blank>SDBOT-YW</a> WORM!
Source=Paul Collins Startup list

[ho2stdll.exe]
Number=3484
Confirmed=X
Filename=ho2stdll.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerho.html" target=_blank>BANKER-HO</a> TROJAN!
Source=Paul Collins Startup list

[HOI Services]
Number=3485
Confirmed=X
Filename=holsvc32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotsf.html" target= blank>AGOBOT-SF</a> WORM!
Source=Paul Collins Startup list

[Holiday Lights]
Number=3486
Confirmed=N
Filename=Holiday Lights.exe
Description=<a href="http://www.tigertech.com/hlights.html" target="_blank">Holiday Lights</a> from Tiger Technologies. Festive desktop enhancement that adds lights. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[Hollaback]
Number=3487
Confirmed=X
Filename=slvhosts.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BMO&VSect=P" target=_blank>SDBOT.BMO</a> WORM!
Source=Paul Collins Startup list

[Home Theater SchSvr]
Number=3488
Confirmed=N
Filename=SchSvr.exe
Description=<a href="http://www.intervideo.com" target="_blank">WinScheduler</a> is installed with Home Theater Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs
Source=Paul Collins Startup list

[HomeAlarm]
Number=3489
Confirmed=U
Filename=HomeAlarm.exe
Description=<a href="http://www.softshape.com/cham/" target="_blank">Chameleon Clock</a> - system tray clock replacement
Source=Paul Collins Startup list

[HomeCentre WakeUp]
Number=3490
Confirmed=?
Filename=LGWAKEUP.EXE
Description=<font color="#FF0000">Associated with the no longer supported Xerox HomeCentre printer/scanner</font>
Source=Paul Collins Startup list

[Homeland Network]
Number=3491
Confirmed=X
Filename=HomelandNetwork.exe
Description=Homeland Network Notifier - pops ads
Source=Paul Collins Startup list

[Honor]
Number=3492
Confirmed=?
Filename=honor.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Hook99startup]
Number=3493
Confirmed=U
Filename=hk2re.exe
Description=&quot;<a href="http://thunder.prohosting.com/~ladi/e_hook.html" target="_blank">Hook99</a> enables the user to customize the start button. You can change or remove the text and replace the Windows flag on button with icon of your choice. Supports Windows icons, bitmaps and can extract icons from executables and libraries. Hook99 can also make the background of desktop icons captions transparent"
Source=Paul Collins Startup list

[HookSys]
Number=3494
Confirmed=U
Filename=HookSys.exe
Description=SurfinGuard Pro from <a href="http://www.finjan.com/" target="_blank">Finjan</a> - internet protection software, protects against all malicious code delivered through executables, scripting files, ActiveX and Java
Source=Paul Collins Startup list

[HornetMonitor]
Number=3495
Confirmed=U
Filename=MntrHrnt.exe
Description=<a href="http://www.bvsystems.com/Products/WLAN/Hornet/hornet.htm" target="_blank">Hornet Monitor</a> - monitoring system that detects and responds to unauthorized access attempts and sources of channel interference on any local DSSS network
Source=Paul Collins Startup list

[HorngTech4D]
Number=3496
Confirmed=Y
Filename=bally4d.exe
Description=HorngTech 4D mouse driver
Source=Paul Collins Startup list

[Host]
Number=3497
Confirmed=X
Filename=N/A
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-041016-4416-99" target="_blank">POPDIS</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080815-4711-99" target="_blank">STARTPAGE.F</a> TROJANS!
Source=Paul Collins Startup list

[host]
Number=3498
Confirmed=X
Filename=help.exe
Description=Identified as the DELF.LF by <a href="http://www.ewido.net/en/" target=_blank>Ewido Security Suite</a>
Source=Paul Collins Startup list

[Host Process]
Number=3499
Confirmed=X
Filename=mame.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotapo.html" target=_blank>RBOT-APO</a> WORM!
Source=Paul Collins Startup list

[hostdll.exe]
Number=3500
Confirmed=X
Filename=hostdll.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerbo.html" target=_blank>BANKER-BO</a> TROJAN!
Source=Paul Collins Startup list

[HostManager]
Number=3501
Confirmed=U
Filename=AOLHostManager.exe
Description=Manages a component essential to the operation of most current AOL software. If you remove it from startup it will load when IE is launched, increasing lauching time
Source=Paul Collins Startup list

[HostManager]
Number=3502
Confirmed=N
Filename=AOLSoftware.exe
Description=Quoted from AOL Beta Team, "Manages a component essential to the operation of most current AOL software, client or not. You should be able to remove it from Startup (it'll just load when Explorer is launched, which will extend load time a bit), but do leave it on your system".
Source=Paul Collins Startup list

[Hostren.exe]
Number=3503
Confirmed=X
Filename=Hostren.exe
Description=Added by PWS.BANKER.F, a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerbo.html" target=_blank>BANKER-BO</a> TROJAN!
Source=Paul Collins Startup list

[hostserv]
Number=3504
Confirmed=X
Filename=hostserv.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BPZ&VSect=P" target=_blank>RBOT.BPZ</a> WORM!
Source=Paul Collins Startup list

[hostserv]
Number=3505
Confirmed=X
Filename=wiz98.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[HostsMan]
Number=3506
Confirmed=U
Filename=hm.exe
Description="<a href="http://hostsman.abelhadigital.com/" target="_blank">HostsMan</a> is a freeware application that lets you manage your Hosts file with ease". It is mainly intended to block specific domains (mostly advertising servers) by redirecting them to localhost, but can also be used to add any other domain/Ip combination that you want to be included in the HOSTS file
Source=Paul Collins Startup list

[HostSrv]
Number=3507
Confirmed=X
Filename=sachostx.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-011812-1823-99" target=_blank>LOOKSKY.H</a> WORM! Drops multiple files in the System (9x/ME) or System32 (NT/2K/XP) folders
Source=Paul Collins Startup list

[HostSrv]
Number=3508
Confirmed=X
Filename=sachostx.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_LOOKSKY.A&VSect=P" target=_blank>LOOKSKY.A</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-010517-1744-99" target=_blank>LOOKSKY.F</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-010815-3955-99" target=_blank>LOOKSKY.G</a> WORMS!
Source=Paul Collins Startup list

[HostSrv]
Number=3509
Confirmed=X
Filename=sachostx.exe...
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120910-5842-99" target=_blank>LOOKSKY.E</a> WORM!
Source=Paul Collins Startup list

[HostSVC syse]
Number=3510
Confirmed=X
Filename=HostSVC.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotanz.html" target=_blank>RBOT-ANZ</a> WORM!
Source=Paul Collins Startup list

[Hot Corners]
Number=3511
Confirmed=U
Filename=Hotc.exe
Description=<a href="http://www.southbaypc.com/HotCorners/" target="_blank">Hot Corners</a> - "lets you quickly activate or disable your screen saver by moving the mouse into a given corner of the screen"
Source=Paul Collins Startup list

[Hot Key Kbd 2690 Daemon]
Number=3512
Confirmed=U
Filename=SK9910DM.exe
Description=Multimedia keyboard manager - required if you use any special keys
Source=Paul Collins Startup list

[Hot Key Keybd 9910 Daemon]
Number=3513
Confirmed=U
Filename=SK9910DM.exe
Description=Multimedia keyboard manager - required if you use any special keys
Source=Paul Collins Startup list

[Hot Party 22]
Number=3514
Confirmed=?
Filename=hotpart22.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[HotAction_hr]
Number=3515
Confirmed=X
Filename=hotaction_hr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/dialsiteiconb.html" target=_blank>SITEICON-B</a> DIALER! An uninstall option can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "HotAction_hr"
Source=Paul Collins Startup list

[Hotbar]
Number=3516
Confirmed=X
Filename=Hbinst.exe
Description=<a href="http://www.hotbar.com/" target="_blank">Hotbar</a> enhances the surfing experience offering a variety of innovative and fresh skins to the browser while providing users worldwide with access to various services of added value and fun. Also regarded as adware/spyware due to it's adds and browsing habits information gathering - see <a href="http://www.safersite.com/pestinfo/H/HotBar_Adware.asp" target="_blank">here</a>
Source=Paul Collins Startup list

[Hotbar]
Number=3517
Confirmed=X
Filename=HbOEAddOn.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/adware.hotbar.html" target=_blank>Hotbar</a> adware
Source=Paul Collins Startup list

[Hotfix Updat]
Number=3518
Confirmed=X
Filename=svdhost32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-041411-2703-99" target="_blank">GAOBOT.ZW</a> WORM!
Source=Paul Collins Startup list

[HotIDE]
Number=3519
Confirmed=U
Filename=hotide.exe
Description=HotIDE allows Acer TravelMate owners to hot-swap external drives without switching of their notebooks
Source=Paul Collins Startup list

[HotkeyApp]
Number=3520
Confirmed=U
Filename=HotkeyApp.exe
Description=Programmable keys on Acer, Fujitsu and other laptops
Source=Paul Collins Startup list

[HotKeysCmds]
Number=3521
Confirmed=U
Filename=hkcmd.exe
Description=Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. If the user wishes to have "HotKey" access to Intel's customised graphics properties, it is required, otherwise not. It can be disabled via the Display Properties in the Control Panel
Source=Paul Collins Startup list

[HotPix]
Number=3522
Confirmed=X
Filename=hotpix.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[hotplug]
Number=3523
Confirmed=X
Filename=hotplug.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=39574" target="_blank">SILLYDL</a> TROJAN!
Source=Paul Collins Startup list

[Hotplug]
Number=3524
Confirmed=U
Filename=hot_plug.exe
Description=Related to the <a href="http://www.whatsrunning.net/whatsrunning/QueryProductID.aspx?Product=10086" target="_blank">SiS_Hot_Plug_Application</a>. Enables automated driver loading for hotpluggable devices. If this service is stopped, hotplug devices will no longer function
Source=Paul Collins Startup list

[HotSync Manager]
Number=3525
Confirmed=N
Filename=hotsync.exe
Description=Installed when connecting a Palm HotSync cradle up to a USB port. The Blue and Red Arrow Icon that enables Palm / Handspring Synchronizing.&nbsp; Available via Start -&gt; Programs
Source=Paul Collins Startup list

[hotwetlove]
Number=3526
Confirmed=X
Filename=hotwetlove.exe
Description=Adult content dialler. Will not uninstall - components have to be manually deleted
Source=Paul Collins Startup list

[Hot_Kiss]
Number=3527
Confirmed=X
Filename=Hot_Kiss.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[Hot_Tarts]
Number=3528
Confirmed=X
Filename=Hot_Tarts.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[Hot_Tarts_**]
Number=3529
Confirmed=X
Filename=Hot_Tarts_**.exe
Description=Premium rate adult content dialer (where * is a random char)
Source=Paul Collins Startup list

[Hot_Tarts_Au]
Number=3530
Confirmed=X
Filename=Hot_Tarts_Au.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list

[Hot_Tarts_mc]
Number=3531
Confirmed=X
Filename=Hot_Tarts_mc.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453068396" target=_blank>HotTarts</a> adult content dialer

Source=Paul Collins Startup list

[HoverDesk]
Number=3532
Confirmed=U
Filename=HoverDesk.exe
Description=<a href="http://www.hoverdesk.net/" target="_blank">HoverDesk</a> - desktop replacement software
Source=Paul Collins Startup list

[hp 1000 firmware]
Number=3533
Confirmed=?
Filename=fwdl.exe
Description=HP LaserJet 1000 related. <font color="#FF0000">Is it a driver or automatic firmware update (based upon the filename)?</font>
Source=Paul Collins Startup list

[HP AutoIndexer]
Number=3534
Confirmed=U
Filename=hppautoindexer.exe
Description=Installed by HP multi-function printer driver software, related to PC faxing. If you are not using the PC faxing feature you can go ahead and disable these services from the startup
Source=Paul Collins Startup list

[HP CD Writer]
Number=3535
Confirmed=N
Filename=hpcdtray.exe
Description=System Tray access to a HP CD-Writer's functions. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[HP CD-DVD]
Number=3536
Confirmed=N
Filename=hpcdtray.exe
Description=System Tray access to a HP CD-Writer's functions. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[HP CD-Writer]
Number=3537
Confirmed=N
Filename=hpcdtray.exe
Description=System Tray access to a HP CD-Writer's functions. Available via Start -> Programs
Source=Paul Collins Startup list

[hp center]
Number=3538
Confirmed=X
Filename=BACKWEB-*****.exe
Description=See <a href="http://h10025.www1.hp.com/ewfrf/wc/genericDocument?cc=us&docname=bph05170&lc=en&jumpid=reg_R1002_USEN#bph05170_G5" target="_blank">here</a> - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners". Applies to certain HP Pavilion desktop computers between Fall 2001 and Spring 2003. * can be any digit
Source=Paul Collins Startup list

[hp center UI]
Number=3539
Confirmed=N
Filename=ShadowBar.exe
Description=User Interface for HP Center - see <a href="http://www.sysinfo.org/startuplist.php?filter=BACKWEB-******.exe" target="_blank">here</a>
Source=Paul Collins Startup list

[HP Component Manager]
Number=3540
Confirmed=N
Filename=hpcmpmgr.exe
Description=Checks the internet for updated drivers/utilities for your HP product - update manually. Disabling will remove the error "Windows can't shutdown the computer because hpcmpmgr.exe can't be ended"
Source=Paul Collins Startup list

[HP Deskjet]
Number=3541
Confirmed=X
Filename=HP_DeskJet_500.exe
Description=Added by the <a href="http://www.sophos.com.au/virusinfo/analyses/w32forbotda.html" target=_blank>FORBOT-DA</a> WORM!
Source=Paul Collins Startup list

[HP Digital Imaging Monitor]
Number=3542
Confirmed=U
Filename=hpqtra08.exe
Description=System Tray access to HP Director. Required if you prefer to use the all-in-one buttons to manually scan documents or transfer photos froma camera, for example
Source=Paul Collins Startup list

[HP Display Settings]
Number=3543
Confirmed=U
Filename=hpdisply.exe
Description=Sets default display settings. Unchecking this item has been reported to cure a "Problem sending command to keyboard" error message
Source=Paul Collins Startup list

[HP IDScheduler]
Number=3544
Confirmed=?
Filename=HPIDSCHD.exe
Description=<font color="#FF0000">HP Instant Delivery Scheduler</font>
Source=Paul Collins Startup list

[HP Image Zone Fast Start]
Number=3545
Confirmed=N
Filename=hpqthb08.exe
Description=Improves the startup time of HP Image Zone. If you disable it, HP Image Zone takes a long time to start up only the first time you run it. Subsequent startups are much faster than the first time
Source=Paul Collins Startup list

[HP Info Express]
Number=3546
Confirmed=N
Filename=??
Description=On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb
Source=Paul Collins Startup list

[HP Instant Support]
Number=3547
Confirmed=U
Filename=matcli.exe
Description=&quot;matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file&quot;. HP Instant Support is required to run with the Help and Support program. If you uncheck HP Instant Support and and then run Help and Support it will add another HP Instant Support in the startup menu. If you remove the HP Instant Support in the add/remove program some help menus in help and support will not be available. You decide
Source=Paul Collins Startup list

[HP Internet Center]
Number=3548
Confirmed=N
Filename=SURFBRD.EXE
Description=Loads the HP Internet center surfboard on startup. HP Internet Center allows you to customize the multimedia keys on the fly without having to go the Control Panel --&gt; Keyboards to change them
Source=Paul Collins Startup list

[HP JetDiscovery]
Number=3549
Confirmed=N
Filename=HPJETDSC.EXE
Description=HP JetAdmin software which monitors printing jobs on a network environment
Source=Paul Collins Startup list

[HP JetSpeed Autostart]
Number=3550
Confirmed=N
Filename=AUTOSTART.EXE
Description=Autostart executable for the old multiplayer game HP Jetspeed
Source=Paul Collins Startup list

[HP Laser Jet Director]
Number=3551
Confirmed=U
Filename=hppdirector.exe
Description=System Tray icon that opens various functions such as copy, fax, email, scan, copy plus, etc. Right-click on it and you see a few options such as the preceding bar plus About, Help, ToolBox, Exit, etc
Source=Paul Collins Startup list

[HP Network Registry Agent]
Number=3552
Confirmed=?
Filename=hpnra.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[HP OfficeJet Series xxx Startup]
Number=3553
Confirmed=?
Filename=HPOSTR03.EXE
Description=xxx represents the series number - such as 700. <font color="#FF0000">What does it do and it it required?</font>
Source=Paul Collins Startup list

[HP OfficeJet Series xxx Startup]
Number=3554
Confirmed=?
Filename=HPOstr05.exe
Description=xxx represents the series number - such as 700. <font color="#FF0000">What does it do and it it required?</font>
Source=Paul Collins Startup list

[HP Parallel Port Test]
Number=3555
Confirmed=N
Filename=hppt.exe
Description=Associated with a HP ScanJet scanner
Source=Paul Collins Startup list

[HP Photo Manager]
Number=3556
Confirmed=X
Filename=HPPhotoManager.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AXU&VSect=T" target=_blank>SDBOT.AXU</a> WORM!
Source=Paul Collins Startup list

[HP Port Resolver]
Number=3557
Confirmed=?
Filename=hpbpro.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[HP Precision Scan]
Number=3558
Confirmed=N
Filename=hpmdlbwx.exe
Description=HP multifunction scanner software. Available from HP Office Jet R Toolbox so not required
Source=Paul Collins Startup list

[HP Presentation Ready]
Number=3559
Confirmed=N
Filename=PresRdy.exe
Description=HP Omnibook related:&nbsp; &quot;Press a dedicated button above the keyboard and the system will instantly load your presentation software and change the screen resolution to match your display device&quot;
Source=Paul Collins Startup list

[hp psc 2000 Series]
Number=3560
Confirmed=U
Filename=hpobnz08.exe
Description=System Tray icon indicating when the printer is ready. Can be started manually with HP Director but takes time to start
Source=Paul Collins Startup list

[HP RecordNow]
Number=3561
Confirmed=U
Filename=??
Description=From HP &quot;Software for the CD writer. Do not prevent from starting unless the CD writer is never going to be used.&quot;
Source=Paul Collins Startup list

[HP ScanPatch]
Number=3562
Confirmed=U
Filename=HPScanFix.exe
Description=Program that starts up and automatically fixes earlier versions of the Scanjet 5100c software. If a Scanjet 5100C scanner is not going to be used, then it is safe to remove or prevent from starting
Source=Paul Collins Startup list

[HP ScanPicture]
Number=3563
Confirmed=N
Filename=hpsplmwa.exe
Description=HP multifunction scanner software. Available from HP Office Jet R Toolbox so not required
Source=Paul Collins Startup list

[HP SchedIndexer]
Number=3564
Confirmed=U
Filename=hppschedindexer.exe
Description=Installed by HP multi-function printer driver software, related to PC faxing. If you are not using the PC faxing feature you can go ahead and disable these services from the startup
Source=Paul Collins Startup list

[HP Service Drivers]
Number=3565
Confirmed=X
Filename=hdsys.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotze.html" target=_blank>SDBOT-ZE</a> WORM!
Source=Paul Collins Startup list

[hp Silent Service]
Number=3566
Confirmed=?
Filename=HpSrvUI.exe
Description=<font color="#FF0000">HP related</font>
Source=Paul Collins Startup list

[HP Simple Trax]
Number=3567
Confirmed=N
Filename=Hpcron.exe
Description=Supplied with HP CD-RW drives - stores information about CD contents on your hard drive. Available via Start -&gt; Programs or Desktop Icon
Source=Paul Collins Startup list

[HP software update]
Number=3568
Confirmed=N
Filename=HPWuSchd2.exe
Description=HP software updates. If a shortcut doesn't exist create your own and run it manually
Source=Paul Collins Startup list

[HP software update]
Number=3569
Confirmed=N
Filename=HPWuSchd.exe
Description=HP software updates. If a shortcut doesn't exist, create your own and run it manually
Source=Paul Collins Startup list

[HP Status]
Number=3570
Confirmed=N
Filename=hpstatus.exe
Description=HP Printer Status and Alerts
Source=Paul Collins Startup list

[HP Status Server]
Number=3571
Confirmed=?
Filename=hpboid.exe
Description=Copied during installation of HP Inkjet Printer Drivers in Win2K/XP. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[HP TV Now]
Number=3572
Confirmed=U
Filename=HpTvNow.exe
Description=Application supplied with HP notebooks. It activates the S-Video port and is said to improve the quality of the output signal (resolution/timeouts)
Source=Paul Collins Startup list

[HP Updates]
Number=3573
Confirmed=N
Filename=??
Description=On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb
Source=Paul Collins Startup list

[HP Visualize Init]
Number=3574
Confirmed=?
Filename=HpVisIni.exe
Description=HP Visualize software related. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[HP-Aio Flight]
Number=3575
Confirmed=N
Filename=Remind32.exe
Description=HP multifunction registration
Source=Paul Collins Startup list

[hpaiodevice]
Number=3576
Confirmed=N
Filename=hpodev07.exe
Description=Direct from HP - &quot;Device Objects Server - detects all device events and handles all ongoing communication on the device. Loads in the Startup group (except when &quot;portable&quot; is chosen during installation)&quot;. Related to various HP all-in-one printer/scanner/copier devices. They print and copy fine with those files disabled, and the icon installed on the desktop that points to &quot;hpodir07.exe&quot; works just fine if you need to use the scanner
Source=Paul Collins Startup list

[HPAiODevice(hp officejet g series)]
Number=3577
Confirmed=?
Filename=hpoavn07.exe
Description=HP Printer related, reportedly lets file transfers from an HP device pass files through Windows firewall. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list

[HPAiODevice(hp psc 900 series) -1]
Number=3578
Confirmed=N
Filename=hpobrt07.exe
Description=Installed with a Hewlett Packard 900 series colour printer, scanner, fax, photo card slot printer, copier. Assumed to perform an identical function to the hpaiodevice entry
Source=Paul Collins Startup list

[HPAIO_PrintFolderMgr]
Number=3579
Confirmed=N
Filename=hpoopm07.exe
Description=Directly from HP: &quot;This process has one purpose - detects if the device moves to a different port, and notifies other processes to look on the new port.&quot; For various HP all-in-one printer/scanner/copier devices. They print and copy fine with those files disabled, and the HP icon installed on the desktop that points to &quot;hpodir07.exe&quot; works just fine if you need to use the scanner
Source=Paul Collins Startup list

[HPBootOp]
Number=3580
Confirmed=U
Filename=HPBootOp.exe
Description="<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/hpbootop/" target="_blank">HP Boot Optimizer</a> intelligently and dynamically launches software during startup, based on available resources, to improve startup performance"
Source=Paul Collins Startup list

[hpcmd]
Number=3581
Confirmed=X
Filename=cmd.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/trojadclickds.html" target="_blank">ADCLICK-DS</a> TROJAN!
Source=Paul Collins Startup list

[hpcmpmgr]
Number=3582
Confirmed=N
Filename=hpcmpmgr.exe
Description=Checks the internet for updated drivers/utilities for your HP product - update manually. Disabling will remove the error "Windows can't shutdown the computer because hpcmpmgr.exe can't be ended"
Source=Paul Collins Startup list

[HPDJ Taskbar Utility]
Number=3583
Confirmed=U
Filename=hpztsbol.exe
Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
Source=Paul Collins Startup list

[HPDJ Taskbar Utility]
Number=3584
Confirmed=U
Filename=hpztsd02.exe
Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
Source=Paul Collins Startup list

[HPDJ Taskbar Utility]
Number=3585
Confirmed=U
Filename=hpztsb04.exe
Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
Source=Paul Collins Startup list

[HPDJ Taskbar Utility]
Number=3586
Confirmed=U
Filename=hpztsb05.exe
Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
Source=Paul Collins Startup list

[HPDJ Taskbar Utility]
Number=3587
Confirmed=U
Filename=hpztsb07.exe
Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
Source=Paul Collins Startup list

[HPDJ Taskbar Utility]
Number=3588
Confirmed=U
Filename=hpztsb09.exe
Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
Source=Paul Collins Startup list

[hpfsched]
Number=3589
Confirmed=N
Filename=hpfsched.exe
Description=HPFSCHED is a small TSR that will remind you to clean the cartridges in your DeskJet from time to time in order to keep print quality high. It can be removed from the run line in win.ini if you do not want that feature
Source=Paul Collins Startup list

[HPGamesActiveMenu]
Number=3590
Confirmed=U
Filename=ActiveMenu.exe
Description=Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
Source=Paul Collins Startup list

[hpgs2wnd]
Number=3591
Confirmed=N
Filename=hpgs2wnd.exe
Description="HP's exclusive <a href="http://h10025.www1.hp.com/ewfrf/wc/genericDocument?docname=bps05210&cc=us&dlc=en&lc=en&jumpid=reg_R1002_USEN" target="_blank">Share-to-Web</a> software makes it easy to share content with others through our affiliate Internet websites".<font color="#FF0000"> </font>Available via Start -> Programs
Source=Paul Collins Startup list

[Hpha1mon]
Number=3592
Confirmed=U
Filename=Hpha1mon.exe
Description=Media card reader for some HP series printers allowing them to read digital camera memory cards directly. Only needed if you use this feature
Source=Paul Collins Startup list

[HPHAxMON]
Number=3593
Confirmed=U
Filename=HPHAxMON.EXE
Description=Media card reader for some HP series printers allowing them to read digital camera memory cards directly. Only needed if you use this feature and known to cause system crashes in some cases. "x" can be 1, 2 or 3 and depends upon driver version. Replaced by HPHmon** (where ** is the version number) from version 4 onwards
Source=Paul Collins Startup list

[HPHmon**]
Number=3594
Confirmed=U
Filename=HPHMON**.EXE
Description=Monitors the status of the memory card reader slot on a HP printers and displays a tray icon if a memory card isn't inserted. Also creates a virtual drive and assigns it the first available drive letter - which can lead to problems with drive management. ** represents the version number. Disable if you don't use the reader
Source=Paul Collins Startup list

[HPHmon03]
Number=3595
Confirmed=U
Filename=hphmon03.exe
Description=Related to the Hewlett-Packard Photosmart's configuration and diagnostics module
Source=Paul Collins Startup list

[HPHmon04]
Number=3596
Confirmed=U
Filename=hphmon04.exe
Description=Media card reader for some HP series printers allowing them to read digital camera memory cards directly. Only needed if you use this feature
Source=Paul Collins Startup list

[HPHmon05]
Number=3597
Confirmed=?
Filename=hphmon05.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[HPHmon06]
Number=3598
Confirmed=U
Filename=hphmon06.exe
Description=Related to the Hewlett Packard software HP Photosmart printer, it provides easy access to flash card reading functions. This program is not essential to the running of the system. Your choice
Source=Paul Collins Startup list

[Hphome]
Number=3599
Confirmed=X
Filename=hphome.js
Description=Homepage hijacker
Source=Paul Collins Startup list

[HPHUPD**]
Number=3600
Confirmed=N
Filename=hphupd**.exe
Description=HP software update checker and wizard launcher. ** represents the version number. Available via Start -> Programs
Source=Paul Collins Startup list

[hpjsiroute]
Number=3601
Confirmed=?
Filename=hpjsira.exe
Description=<font color="#FF0000">Related to HP laserjet printers and IP addresses. An IP address is appended to the name field - ie &quot;hpjsiroute192.168.1.2&quot;</font>
Source=Paul Collins Startup list

[HPl Services]
Number=3602
Confirmed=X
Filename=hmlsvc32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotsi.html" target=_blank>AGOBOT-SI</a> WORM and variants!
Source=Paul Collins Startup list

[HpLamp]
Number=3603
Confirmed=Y
Filename=HPLAMP.EXE
Description=HP Scanner Utility that controls your scanners light bulb. Needed if it's switched on
Source=Paul Collins Startup list

[hplampc]
Number=3604
Confirmed=U
Filename=hplampc.exe
Description=HP Scanner Lamp Utility - fixes an issue with the scanner lamp not going off
Source=Paul Collins Startup list

[HPLaptopGamesActiveMenu]
Number=3605
Confirmed=U
Filename=ActiveMenu.exe
Description=Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
Source=Paul Collins Startup list

[HPLJ Config]
Number=3606
Confirmed=Y
Filename=SetConfig.exe
Description=Connects system to networked HP printer.
Source=Paul Collins Startup list

[HPLogiFinder]
Number=3607
Confirmed=U
Filename=hp_finder.exe
Description=HP LogiFinder helps detect and allows the use of the centre button for the Logitech mouse. Can be disabled if not used
Source=Paul Collins Startup list

[HpMmKbd]
Number=3608
Confirmed=U
Filename=HpMmKbd.exe
Description=HP's multimedia keyboard driver which enables the end-user to use the automation features of the HP multimedia keyboard
Source=Paul Collins Startup list

[HPMVTray]
Number=3609
Confirmed=U
Filename=HPMVTray.exe
Description=<a href="http://h10025.www1.hp.com/ewfrf/wc/document?docname=c00809011&lc=en&cc=id&dlc=en&product=3193065" target="_blank">HP Media Vault</a> Networked Storage Device - System Tray management utility
Source=Paul Collins Startup list

[HPNT]
Number=3610
Confirmed=X
Filename=hpdll.exe
Description=Malware - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan-Downloader.Win32.VB.ku
Source=Paul Collins Startup list

[hpodblia]
Number=3611
Confirmed=N
Filename=hpodblia.exe
Description=HP OfficeJet Scan Button Monitor on a multi-function printer/copier/scanner. Start your scanning software manually
Source=Paul Collins Startup list

[hpoddt01.exe]
Number=3612
Confirmed=N
Filename=N/A
Description=Installed by the "HP Photo and Imaging Director" software. If you ask for the imaging software, this program will be started
Source=Paul Collins Startup list

[hpodlb08]
Number=3613
Confirmed=N
Filename=hpodlb08.exe
Description=HP OfficeJet Scan Button Monitor on a multi-function printer/copier/scanner. Start your scanning software manually
Source=Paul Collins Startup list

[hpotdd01.exe]
Number=3614
Confirmed=Y
Filename=hpotdd01.exe
Description=Detection of new imaging, printing and other peripherals on HP machines such as USB printers, cameras and Bluetooth products. "This program is a non-essential process, but should not be terminated unless suspected to be causing problems"
Source=Paul Collins Startup list

[hpppta]
Number=3615
Confirmed=Y
Filename=HPPPTA.exe
Description=HP parallel port driver for certain hardware
Source=Paul Collins Startup list

[HpPrinter]
Number=3616
Confirmed=X
Filename=hpserver.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcmjspyw.html" target=_blank>CMJSPY-W</a> TROJAN!
Source=Paul Collins Startup list

[HPPROPTY]
Number=3617
Confirmed=N
Filename=HPPROPTY.EXE
Description=<a href="http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=bpl05860&amp;locale=en_US&amp;docId=35185" target="_blank">HP LaserJet Toolbox</a>
Source=Paul Collins Startup list

[HPPWRSAV]
Number=3618
Confirmed=U
Filename=HPPWRSAV.EXE
Description=Power save related for HP Scanners. Many users have complained of system freezes with it running but it stops the light from remaining on all the time. Try <a href="http://www.hp.com">www.hp.com</a>, pick your OS option under the SUPPORT tab, follow the&nbsp;instructions and you will find an updated lamp control patch
Source=Paul Collins Startup list

[hpqcmon]
Number=3619
Confirmed=?
Filename=hpqcmon.exe
Description=<font color="#FF0000">From HP and related to digital imaging</font>
Source=Paul Collins Startup list

[HPSCANMonitor]
Number=3620
Confirmed=U
Filename=hpsjvxd.exe
Description=HP scanning software that enables you to scan images from your scanner. Needed if you're using the scanner
Source=Paul Collins Startup list

[hpScannerFirstBoot]
Number=3621
Confirmed=?
Filename=scannerfb.exe
Description=<font color="#FF0000">HP scanner related</font>
Source=Paul Collins Startup list

[hpsjbmgr]
Number=3622
Confirmed=N
Filename=hpsjbmgr.exe
Description=HP ScanJet Button Manager. It allows users of the HPScanJet scanners to indicate what the buttons on the scanner will do automatically if pushed. Not required at startup, unless the scanner is used every day, such as in a business environment
Source=Paul Collins Startup list

[HPStart]
Number=3623
Confirmed=N
Filename=hpstart.wsf
Description=This a script used by HP that runs the first time one of their computers is started. Can't imagine why it would be starting up after the first boot
Source=Paul Collins Startup list

[hpsysconf1]
Number=3624
Confirmed=X
Filename=[random filename]
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_VIVIA.A" target="_blank">VIVIA.A</a> TROJAN!
Source=Paul Collins Startup list

[hpsysdrv]
Number=3625
Confirmed=U
Filename=hpsysdrv.exe
Description=This item keeps track of how many times the system has been recovered and the times of the first and last recoveries done on the system. Leaving unchecked will sometimes prevent the Keyboard Manager program from detecting that the computer is an HP. Since this program/driver was only made to run on HP, if it can't tell that it is an HP it will not run. If unchecked, it can prevent the running of the Application Recovery CDs, the use of the multimedia keys, and the HP Instant Support. Also seen that without it running, the Riptide Sound card that was installed on some older HP computers stops working
Source=Paul Collins Startup list

[hptools]
Number=3626
Confirmed=X
Filename=hptools.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[hptools]
Number=3627
Confirmed=X
Filename=microsoft.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[HPU]
Number=3628
Confirmed=N
Filename=ProvenTactics.exe
Description=<a href="http://www.proventactics.com/" target="_blank">Proven Internet Marketing</a> software
Source=Paul Collins Startup list

[hpWirelessAssistant]
Number=3629
Confirmed=U
Filename=HP Wireless Assistant.exe
Description=The HP Wireless Assistant is a user application that provides a way to control the enablement of individual wireless devices (such as Bluetooth or WLAN devices) and that shows the state of the radios for these wireless devices
Source=Paul Collins Startup list

[HPZTS04]
Number=3630
Confirmed=N
Filename=hpzts04.exe
Description=Hewlett Packard printer toolbox shortcut that resides in the system tray
Source=Paul Collins Startup list

[hpztsb02]
Number=3631
Confirmed=U
Filename=hpztsb02.exe
Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
Source=Paul Collins Startup list

[hpztsb04]
Number=3632
Confirmed=U
Filename=hpztsb04.exe
Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
Source=Paul Collins Startup list

[hpztsb05]
Number=3633
Confirmed=U
Filename=hpztsb05.exe
Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
Source=Paul Collins Startup list

[hpztsb07]
Number=3634
Confirmed=U
Filename=hpztsb07.exe
Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer

Source=Paul Collins Startup list

[hpztsb09]
Number=3635
Confirmed=U
Filename=hpztsb09.exe
Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
Source=Paul Collins Startup list

[hpztsbol]
Number=3636
Confirmed=U
Filename=hpztsbol.exe
Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
Source=Paul Collins Startup list

[HP_dla]
Number=3637
Confirmed=N
Filename=dlatray.exe
Description=On HP PCs, tray icon for dla - which provides drive letter access to HP's and Veritas' version of DirectCD
Source=Paul Collins Startup list

[HQI Services]
Number=3638
Confirmed=X
Filename=hqisvc32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotro.html" target= blank>AGOBOT-RO</a> WORM!
Source=Paul Collins Startup list

[HQI Services]
Number=3639
Confirmed=X
Filename=hqlsvc32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotrp.html" target= blank>AGOBOT-RP</a> WORM!
Source=Paul Collins Startup list

[HR]
Number=3640
Confirmed=U
Filename=Hr.exe
Description=<a href="http://sarc.com/avcenter/venc/data/spyware.hiddenrecorder.html" target=_blank>HiddenRecorder</a> periodically takes screenshots of the computer. If you didn't install this yourself remove it
Source=Paul Collins Startup list

[HREF.OCX]
Number=3641
Confirmed=U
Filename=regsvr32.exe ....HREF.OCX
Description=HREF.OCX is an ActiveX control developed by xFX JumpStart and used to provide HTML-alike clickable links on Windows-based programs such as <a href="http://software.xfx.net/utilities/popupkiller/index.php" target="_blank">PopUpKiller</a>
Source=Paul Collins Startup list

[Hrn_qtv]
Number=3642
Confirmed=X
Filename=hrnsvc32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaet.html" target=_blank>SDBOT-AET</a> WORM!
Source=Paul Collins Startup list

[hsim]
Number=3643
Confirmed=X
Filename=isearch.exe
Description=Unidentified malware
Source=Paul Collins Startup list

[hsim]
Number=3644
Confirmed=X
Filename=sexgame.exe
Description=Unidentified malware
Source=Paul Collins Startup list

[hsim]
Number=3645
Confirmed=X
Filename=toolbar.exe
Description=Unidentified malware
Source=Paul Collins Startup list

[HSLAB Logger]
Number=3646
Confirmed=U
Filename=logger.exe
Description=<a href="http://sarc.com/avcenter/venc/data/spyware.hslablogger.html" target=_blank>HSLABLogger</a> logs user activity and Internet activity. The gathered information can be sent to a predetermined email address. If you didn't install this yourself uninstall it
Source=Paul Collins Startup list

[HSTrans]
Number=3647
Confirmed=U
Filename=hstrans.exe
Description=Homescan Internet Transporter - part of <a href="http://www2.acnielsen.com/products/cps_homescan.shtml" target=_blank>ACNielson Homescan</a>. Recognizes when the ACNielsen Homescan Scanner is attached to the computer and allows it to transmit scanner information to ACNielsen
Source=Paul Collins Startup list

[HsuGuiControl]
Number=3648
Confirmed=?
Filename=HsuGuiControl.exe
Description=Part of the Starband Internet satellite client. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[Hti]
Number=3649
Confirmed=U
Filename=npdor.exe
Description=Appears in startup if you have chosen to participate in on survey by <a href="http://www.npdor.com/" target="_blank"> NPD Online Research</a>. Required for the survey to work correctly. Otherwise not required
Source=Paul Collins Startup list

[HTML Help System]
Number=3650
Confirmed=X
Filename=hhs.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotatb.html" target=_blank>RBOT-ATB</a> WORM!
Source=Paul Collins Startup list

[HTML32 Help System]
Number=3651
Confirmed=X
Filename=hhs32.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotate.html" target=_blank>RBOT-ATE</a> WORM!
Source=Paul Collins Startup list

[HTpatch]
Number=3652
Confirmed=U
Filename=htpatch.exe
Description=HTpatch.exe is part of the SiS AGP patch - BUT unless your processor (and motherboard) supports HyperThreading (HT) and this feature is enabled it will actually SLOW your graphics card by around 6%
Source=Paul Collins Startup list

[HtProtect]
Number=3653
Confirmed=X
Filename=AVprotect.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-030913-1913-99" target="_blank">NETSKY.L</a> WORM!
Source=Paul Collins Startup list

[HTTP Tunneling Server]
Number=3654
Confirmed=X
Filename=mstunnel.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=49612" target="_blank">RBOT.EDL</a> WORM!
Source=Paul Collins Startup list

[http://www.lienvandekelder.be]
Number=3655
Confirmed=X
Filename=LienVandeKelder.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobaz.html" target= blank>MYTOB-AZ</a> WORM!
Source=Paul Collins Startup list

[http://www.lienvandekelder.be]
Number=3656
Confirmed=X
Filename=Lien Van de Kelder.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobap.html" target=_blank>MYTOB-AP</a> WORM and variants!
Source=Paul Collins Startup list

[http://www.lienvandekelder.be]
Number=3657
Confirmed=X
Filename=Lien Vande Kelder.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobaq.html" target=_blank>MYTOB-AQ</a> WORM!
Source=Paul Collins Startup list

[http://www.lienvandekelder.be]
Number=3658
Confirmed=X
Filename=Lien vd Kelder.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobm.html" target=_blank>MYTOB-M</a> WORM!
Source=Paul Collins Startup list

[http://www.lienvandekelder.be]
Number=3659
Confirmed=X
Filename=Lien.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobcz.html" target=_blank>MYTOB-CZ</a> WORM!
Source=Paul Collins Startup list

[http://www.lienvandekelder.be]
Number=3660
Confirmed=X
Filename=Lientjeuh.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobp.html" target=_blank>MYTOB-P</a> WORM!
Source=Paul Collins Startup list

[http://www.lienvandekelder.be]
Number=3661
Confirmed=X
Filename=LienVdK.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobu.html" target=_blank>MYTOB-U</a> WORM!
Source=Paul Collins Startup list

[http://www.lienvandekelder.be]
Number=3662
Confirmed=X
Filename=Van de Kelder Lien.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobbf.html" target=_blank>MYTOB-BF</a> WORM!
Source=Paul Collins Startup list

[http://www.lienvandekelder.be]
Number=3663
Confirmed=X
Filename=We Love Lien Van de Kelder.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobcv.html" target=_blank>MYTOB-CV</a> WORM!
Source=Paul Collins Startup list

[http://www.lienvandekelder.com]
Number=3664
Confirmed=X
Filename=Lien Van de Kelder.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobeq.html" target=_blank>MYTOB-EQ</a> WORM!
Source=Paul Collins Startup list

[http://www.lienvandekelder.com/]
Number=3665
Confirmed=X
Filename=LienVandeKelder.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobeo.html" target=_blank>MYTOB-EO</a> WORM!
Source=Paul Collins Startup list

[httpd]
Number=3666
Confirmed=X
Filename=c_pan.exe
Description=Added by a variant of the DELF-A TROJAN!
Source=Paul Collins Startup list

[httpd]
Number=3667
Confirmed=X
Filename=deamon.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
Source=Paul Collins Startup list

[httpd]
Number=3668
Confirmed=X
Filename=msgaol.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
Source=Paul Collins Startup list

[httpd]
Number=3669
Confirmed=X
Filename=s_menu.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
Source=Paul Collins Startup list

[httpd]
Number=3670
Confirmed=X
Filename=browse.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
Source=Paul Collins Startup list

[httpd]
Number=3671
Confirmed=X
Filename=deamon.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
Source=Paul Collins Startup list

[https-ssl]
Number=3672
Confirmed=X
Filename=https.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100918-0303-99" target="_blank">MOEGA.D</a> WORM!
Source=Paul Collins Startup list

[huhdir]
Number=3673
Confirmed=?
Filename=huhdir.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[huigezi]
Number=3674
Confirmed=X
Filename=HgzServer.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-041516-5125-99" target="_blank">GRAYBIRD.C</a> TROJAN!
Source=Paul Collins Startup list

[Hvid]
Number=3675
Confirmed=X
Filename=Hvid.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list

[HWINFO*]
Number=3676
Confirmed=X
Filename=HWINFO*
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-041115-4727-99" target="_blank"> PUROL</a> WORM! where * is a random character
Source=Paul Collins Startup list

[HWinst]
Number=3677
Confirmed=Y
Filename=N/A
Description=For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out
Source=Paul Collins Startup list

[Hwp]
Number=3678
Confirmed=X
Filename=system_wc.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-090719-0424-99" target=_blank>Eziin</a> adware
Source=Paul Collins Startup list

[hws]
Number=3679
Confirmed=X
Filename=hws.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpact.html" target=_blank>STARTPA-CT</a> TROJAN!
Source=Paul Collins Startup list

[HWSetup]
Number=3680
Confirmed=U
Filename=HWSetup.exe hwSetUP
Description="Toshiba Hardware Setup is the Toshiba configuration management tool available through Windows." Allows the user to change BIOS, hard disk, memory, boot disk priority and other settings
Source=Paul Collins Startup list

[hxadsec]
Number=3681
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojadclickap.html" target=_blank>ADCLICK-AP</a> TROJAN!
Source=Paul Collins Startup list

[HXDL.EXE]
Number=3682
Confirmed=X
Filename=HXDL.EXE
Description=Attune HelpExpress - spyware. Disable and uninstall - see <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453075079" target="_blank">here</a>
Source=Paul Collins Startup list

[HXIUL.EXE]
Number=3683
Confirmed=X
Filename=HXIUL.EXE
Description=Attune HelpExpress - spyware. Disable and uninstall - see <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453075079" target="_blank">here</a>
Source=Paul Collins Startup list

[HydarVisionDesktopManager]
Number=3684
Confirmed=U
Filename=desk95.exe
Description=ATI's HydraVision desktop management software, allowing for multi-monitor support, as included in ATI HydraVision versions 2.5 and earlier. Has been reported to cause problems, such as <a href="http://support.microsoft.com/?id=810937" target=_blank>this one</a>. HydraVision can be uninstalled through Add/Remove Programs
Source=Paul Collins Startup list

[HydraVisionDesktopManager]
Number=3685
Confirmed=U
Filename=desk98.exe
Description=ATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setup
Source=Paul Collins Startup list

[HydraVisionViewport]
Number=3686
Confirmed=U
Filename=viewport.exe
Description=ATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setup
Source=Paul Collins Startup list

[Hyper Start]
Number=3687
Confirmed=X
Filename=instantmsgrs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotnh.html" target=_blank>RBOT-NH</a> WORM!

Source=Paul Collins Startup list

[I am not Ranky. I am eTunnel!]
Number=3688
Confirmed=X
Filename=msyervice.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[I am not Ranky. I am eTunnel!]
Number=3689
Confirmed=X
Filename=winsys.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[I am not Ranky. I am eTunnel!]
Number=3690
Confirmed=X
Filename=disney.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[I-Worm.GiGu]
Number=3691
Confirmed=X
Filename=uGiG.eXe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-083016-1736-99" target="_blank">GINK</a> WORM!
Source=Paul Collins Startup list

[I/O Controllers]
Number=3692
Confirmed=X
Filename=svcnet.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtibikb.html" target=_blank>TIBIK-B</a> TROJAN!
Source=Paul Collins Startup list

[I386]
Number=3693
Confirmed=X
Filename=I386.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-062412-1734-99" target="_blank"> MYPOWER</a> WORM!
Source=Paul Collins Startup list

[I81SHELL]
Number=3694
Confirmed=?
Filename=I81SHELL.exe
Description=<font color="#FF0000">Appears to be related to drivers for an Intel 810 graphics chipset on an ASUS motherboard</font>
Source=Paul Collins Startup list

[i8kfangui]
Number=3695
Confirmed=U
Filename=i8kfangui.exe
Description=Graphical interface for fan speed control
Source=Paul Collins Startup list

[IAAnotif]
Number=3696
Confirmed=U
Filename=iaanotif.exe
Description=IAA Event Monitor User Notification Tool - part of <a href="http://www.intel.com/support/chipsets/iaa/" target="_blank">Intel® Application Accelerator</a> - "a performance software package for desktop PCs using select Intel® chipsets" that "replaces the ATA drivers that come with Windows with drivers optimized for desktop and mobile PCs." If you use the RAID version it's required to notify you if a RAID 1 disk has failed
Source=Paul Collins Startup list

[iamapp]
Number=3697
Confirmed=Y
Filename=iamapp.exe
Description=AtGuard personal firewall engine. As Atguard was bought by Symantec some time ago, it's now the Norton Personal Firewall executable as well
Source=Paul Collins Startup list

[Iamnacho On Irc.MusIrc.com Is a Homosexual!]
Number=3698
Confirmed=X
Filename=XBox64.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110515-2026-99" target="_blank">RANDEX.Y</a> WORM!
Source=Paul Collins Startup list

[Iap]
Number=3699
Confirmed=?
Filename=iap.exe
Description=<font color="#FF0000">Possibly part of <a href="http://docs.us.dell.com/support/edocs/software/smcliins/cli60/en/ug/intro.htm" target="_blank">Dell OpenManage Client Instrumentation</a> - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely?</font>
Source=Paul Collins Startup list

[ias]
Number=3700
Confirmed=U
Filename=ias.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120115-5305-99" target= blank>InvisibleASpy</a> keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[IASHLPR]
Number=3701
Confirmed=X
Filename=IASHLPR.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T" target="_blank">OPASERV.T</a> WORM!
Source=Paul Collins Startup list

[ibin]
Number=3702
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojperdac.html" target=_blank>PERDA-C</a> TROJAN!
Source=Paul Collins Startup list

[ibm]
Number=3703
Confirmed=X
Filename=ibm.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmirah.html" target=_blank>LEGMIR-AH</a> TROJAN!
Source=Paul Collins Startup list

[IBM Warranty Notification]
Number=3704
Confirmed=?
Filename=ERTS0749.exe
Description=IBM Warranty Notification - <font color="#FF0000">presumably it's a reminder to either register or that warranty is about to expire?</font>
Source=Paul Collins Startup list

[ibmmessages]
Number=3705
Confirmed=N
Filename=ibmmessages.exe
Description=Allows IBM to push messages onto users' computers. Quote: "The Access IBM Message Center can display messages to inform you about software and solutions available from IBM as well as messages from IBM eSupport"
Source=Paul Collins Startup list

[Ibmmon.exe]
Number=3706
Confirmed=?
Filename=Ibmmon.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Ibmpmsvc]
Number=3707
Confirmed=U
Filename=ibmpmsvc.exe
Description=Power management driver for IBM laptops. Provides support for the use of four keys on the thinkpad keyboard with blue key tops - Fn, F3, F4 &amp; F12 - which have specific functions to control the standby and hibernate buttons. Not required if you don't plan to go into standy or hibernate modes
Source=Paul Collins Startup list

[IBMPRC]
Number=3708
Confirmed=?
Filename=ibmprc.exe
Description=IBM application - <font color=#FF0000>what does it do and is it required?</font>
Source=Paul Collins Startup list

[IBMUltraBayHotSwapCPLLoader]
Number=3709
Confirmed=U
Filename=IBMBAY2N.EXE
Description=Supports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops
Source=Paul Collins Startup list

[IBMUltraBayHotSwapSound]
Number=3710
Confirmed=?
Filename=IBMBAYSN.EXE
Description=<font color="#FF0000">Supports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops. Is it needed though - does it just play a sound?</font>
Source=Paul Collins Startup list

[IBM_PWMGR]
Number=3711
Confirmed=Y
Filename=pwmgr.exe
Description=IBM Password Manager

Source=Paul Collins Startup list

[IBWin Background process]
Number=3712
Confirmed=U
Filename=IBackground.exe
Description=<a href="http://www.ibackup.com/ibwin_new.htm" target=_blank>IBackup</a> for Windows
Source=Paul Collins Startup list

[IBWin Monitor]
Number=3713
Confirmed=U
Filename=IBMonitor.exe
Description=<a href="http://www.ibackup.com/ibwin_new.htm" target=_blank>IBackup</a> for Windows
Source=Paul Collins Startup list

[IcaBar]
Number=3714
Confirmed=Y
Filename=icabar.exe
Description=Related to Citrix MetaFrame
Source=Paul Collins Startup list

[icasServ]
Number=3715
Confirmed=X
Filename=icasServ.exe
Description=Browser hijacker, redirecting to Searchforfree.info. Also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojicaserva.html" target= blank>ICASERV-A</a> TROJAN!
Source=Paul Collins Startup list

[ICcontrol]
Number=3716
Confirmed=X
Filename=iccontrol.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-091412-0643-99" target=_blank>ICcontrol</a> premium rate adult content dialer
Source=Paul Collins Startup list

[icdd7ee6]
Number=3717
Confirmed=X
Filename=rundll32.exe [path] icdd7ee6.dll, EnableRunDLL32
Description=<a href="http://www.spywareguide.com/product_show.php?id=853" target="_blank">LZIO.com</a> adware downloader
Source=Paul Collins Startup list

[icddefff]
Number=3718
Confirmed=X
Filename=rundll32.exe [path] icddefff.dll, EnableRunDLL32
Description=<a href="http://www.spywareguide.com/product_show.php?id=853" target=_blank>LZIO.com</a> adware downloader
Source=Paul Collins Startup list

[ICH Synth]
Number=3719
Confirmed=N
Filename=eusexe.exe
Description=Sound related and can be disabled without affecting performance although advanced sound features may be sacrificed. <font color="#FF0000">May be related to Compaq PC's with &quot;SoundMAX integrated Digital Audio&quot; (Analog Devices Inc.) devices</font>
Source=Paul Collins Startup list

[icifati]
Number=3720
Confirmed=X
Filename=yujixit.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ZZH&VSect=P" target=_blank>SDBOT.ZZH</a> WORM!
Source=Paul Collins Startup list

[iClean]
Number=3721
Confirmed=U
Filename=iClean.exe
Description=<a href="http://www.nsclean.com/ieclean.html" target="_blank">IEClean</a> - "advanced, comprehensive package of tools which perform a number of functions to allow you to control your online privacy"
Source=Paul Collins Startup list

[ICM]
Number=3722
Confirmed=U
Filename=ICM.EXE
Description=Starts <a href="http://www.infointeractive.com/" target="_blank">Internet Call Manager</a> dialog box and/or taskbar icons at bootup. This is a subscription program from internetcallmanager.com that monitors a dialup phone line for incoming calls and handles voicemail
Source=Paul Collins Startup list

[iCn]
Number=3723
Confirmed=N
Filename=NAG.EXE
Description=iChoose - shopping browser enhancement that alerts you to cheaper deals for goods you want to buy, if they exist. Not related to the Mac icon program of the same name
Source=Paul Collins Startup list

[ICO]
Number=3724
Confirmed=N
Filename=ICO.EXE
Description=Found on Sony Vaio and IBM Thinkpad (and possibly other) laptops and seems to be related to Mouse Suite 98 Daemon according to the properties. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated games
Source=Paul Collins Startup list

[Icon Animation]
Number=3725
Confirmed=N
Filename=HDE.EXE
Description=Part of McAfee Nuts &amp; Bolts. Provides entertaining animation of your desktop icons
Source=Paul Collins Startup list

[Icon Hearit 95]
Number=3726
Confirmed=N
Filename=hearit95.exe
Description=Audio desktop customization utility from Moon Valley Software. Resource hog
Source=Paul Collins Startup list

[Icon Hearit 98]
Number=3727
Confirmed=N
Filename=hearit98.exe
Description=Audio desktop customization utility from Moon Valley Software. Resource hog
Source=Paul Collins Startup list

[Icon lptt01]
Number=3728
Confirmed=X
Filename=icon.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Icon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[Icon ml097e]
Number=3729
Confirmed=X
Filename=icon.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Icon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[ICONCLNT]
Number=3730
Confirmed=Y
Filename=iconclnt.exe
Description=APC PowerChute Tray Icon. Associated with the <a href="#UPS"> UPS</a> listing
Source=Paul Collins Startup list

[ICONDESK]
Number=3731
Confirmed=U
Filename=ICONDESK.EXE
Description=Small utility which will allow you the option of hiding or showing your desktop icons
Source=Paul Collins Startup list

[Iconfig.exe]
Number=3732
Confirmed=N
Filename=Iconfig.exe
Description=Icon for LS-120 &quot;Superdisk&quot;
Source=Paul Collins Startup list

[iConfigLoader]
Number=3733
Confirmed=X
Filename=DIIhost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
Source=Paul Collins Startup list

[Iconoid]
Number=3734
Confirmed=N
Filename=Iconoid.exe
Description=<a href="http://www.sillysot.com/index.html" target="_blank">Iconoid</a> is a desktop icon manager
Source=Paul Collins Startup list

[Iconsaver]
Number=3735
Confirmed=N
Filename=Iconsaver.exe
Description=<a href="http://www.iconsaver.com/index.html" target="_blank">IconSaver</a> is a desktop icon manager
Source=Paul Collins Startup list

[ICQ]
Number=3736
Confirmed=X
Filename=ICQNET.vbs
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/vbsgormleza.html" target=_blank>GORMLEZ-A</a> WORM!
Source=Paul Collins Startup list

[ICQ Center]
Number=3737
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-092114-2153-99" target="_blank">RANDIN</a> WORM!
Source=Paul Collins Startup list

[ICQ Chat Service]
Number=3738
Confirmed=X
Filename=icqjdhs.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[ICQ Hacking Pro]
Number=3739
Confirmed=X
Filename=ICQpro.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NETSPY" target="_blank">NETSPY</a> TROJAN!
Source=Paul Collins Startup list

[ICQ Lite]
Number=3740
Confirmed=N
Filename=ICQLite.exe
Description=<a target="_blank" href="http://www.icq.com/download/">ICQ Lite</a> - compact version of the popular messaging program
Source=Paul Collins Startup list

[icq lite]
Number=3741
Confirmed=X
Filename=scvhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentdsf.html" target="_blank">AGENT-DSF</a> TROJAN!
Source=Paul Collins Startup list

[icq lite]
Number=3742
Confirmed=X
Filename=winlog.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbottj.html" target="_blank">IRCBOT-TJ</a> TROJAN!
Source=Paul Collins Startup list

[ICQ Lite Messenger]
Number=3743
Confirmed=X
Filename=[random filename]
Description=Added by an unidentified VIRUS, WORM or TROJAN! Unlike the legitimate ICQ Lite executable, which will be located in the ICQLITE folder in Program Files, this particular impostor is located in the Windows or Winnt\System32 directory
Source=Paul Collins Startup list

[ICQ Messenger 2002]
Number=3744
Confirmed=X
Filename=ICQ2002.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotabl.html" target=_blank>SDBOT-ABL</a> WORM!
Source=Paul Collins Startup list

[ICQ Net]
Number=3745
Confirmed=X
Filename=winlogon.exe
Description=Added by variants of the NETSKY WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[ICQ Plus]
Number=3746
Confirmed=N
Filename=vplus.exe
Description=<a href="http://www.freedownloadscenter.com/Business/Application_Add-ins/ICQ_Plus.html" target="_blank">ICQ Plus</a> is a freeware utility makes your ICQ skinnable (change the look). Available via Start -> Programs
Source=Paul Collins Startup list

[IcqBeta]
Number=3747
Confirmed=X
Filename=webcamupdate.exe
Description=Added by an unidentified TROJAN!
Source=Paul Collins Startup list

[ICQNet]
Number=3748
Confirmed=X
Filename=winlogon.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32netskyc.html" target=_blank>NETSKY-C</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target=_blank>winlogon.exe</a> process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder
Source=Paul Collins Startup list

[icrosof Avps32 Control]
Number=3749
Confirmed=X
Filename=av32.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotavc.html" target=_blank>RBOT-AVC</a> WORM!
Source=Paul Collins Startup list

[icrosoft Visual]
Number=3750
Confirmed=X
Filename=plscx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotayo.html" target=_blank>RBOT-AYO</a> WORM!
Source=Paul Collins Startup list

[icrosoft Visual InterDevc]
Number=3751
Confirmed=X
Filename=zvslmqb.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotayp.html" target=_blank>RBOT-AYP</a> WORM!
Source=Paul Collins Startup list

[icrosoft Windows DLL Services Configuration]
Number=3752
Confirmed=X
Filename=poker3.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaer.html" target=_blank>SDBOT-AER</a> WORM!
Source=Paul Collins Startup list

[icrosoftf Avpx Control]
Number=3753
Confirmed=X
Filename=avpx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotayn.html" target=_blank>RBOT-AYN</a> WORM!
Source=Paul Collins Startup list

[ICSDCLT]
Number=3754
Confirmed=U
Filename=rundll32.exe Icsdclt.dll, ICSClient
Description=Internet Connection Sharing allows more than one computer to simultaneously access the internet with a single connection. Also required when networking two machines
Source=Paul Collins Startup list

[ICServer]
Number=3755
Confirmed=N
Filename=Icserver.exe
Description=Intel Intercast viewer software. Gives access to selected internet pages which are broadcasted by several TV stations
Source=Paul Collins Startup list

[ICSMGR]
Number=3756
Confirmed=Y
Filename=ICSMGR.EXE
Description=Monitors DNS and DHCP requests for ICS (Internet Connection Sharing). Needed if you're sharing the internet on various computers
Source=Paul Collins Startup list

[IC_KEY_3]
Number=3757
Confirmed=N
Filename=spvic.exe
Description=<a href="http://www.instantchess.com/?SN=Z4dMzyutgpE9Pspv&amp;ABT=3" target="_blank">Instant Chess</a> related
Source=Paul Collins Startup list

[ID Commander]
Number=3758
Confirmed=N
Filename=IDCom.exe
Description=Caller ID utility for identifying incoming telephone numbers
Source=Paul Collins Startup list

[ID8525]
Number=3759
Confirmed=X
Filename=ID8525.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_ID8525.A" target="_blank">ID8525.A</a> TROJAN!
Source=Paul Collins Startup list

[ID8525]
Number=3760
Confirmed=X
Filename=id85255.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_ID8525.A" target="_blank">ID8525.A</a> TROJAN!
Source=Paul Collins Startup list

[IDA]
Number=3761
Confirmed=?
Filename=IDA.EXE
Description=<font color="#FF0000">HP related - in a Program FilesHewlett-PackardPC COE folder</font>
Source=Paul Collins Startup list

[IDE]
Number=3762
Confirmed=X
Filename=ide.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-042919-4416-99" target="_blank">ASSASIN.F</a> TROJAN!
Source=Paul Collins Startup list

[IDE Loader]
Number=3763
Confirmed=X
Filename=IDElibr32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-121812-2137-99" target="_blank">XILON</a> TROJAN! Related to the game "Diablo II"
Source=Paul Collins Startup list

[idecntl]
Number=3764
Confirmed=X
Filename=idecntl.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list

[iDesktop]
Number=3765
Confirmed=U
Filename=idesktop.exe
Description=<a href="http://www.immersion.com/products/ce/generaldownloads.shtml" target="_blank">Immersion TouchWare Desktop</a> software for devices such as the Logitech iFeel Mouse
Source=Paul Collins Startup list

[IDMan]
Number=3766
Confirmed=N
Filename=IDMan.exe
Description=<a href="http://www.internetdownloadmanager.com/" target="_blank">Internet Download Manager</a> - download files faster, schedule and resume
Source=Paul Collins Startup list

[IDTemplates]
Number=3767
Confirmed=X
Filename=IDTemplate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32brontokh.html" target=_blank>BRONTOK-H</a> WORM!
Source=Paul Collins Startup list

[IDW Logging Tool]
Number=3768
Confirmed=N
Filename=idwlog.exe
Description=Added with WinXP SP1. Usually only found in internal builds only to indicate the current build being used. Can cause slow network logon problems
Source=Paul Collins Startup list

[IE configure]
Number=3769
Confirmed=X
Filename=explorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagec.html" target="_blank">LINEAGE-C</a> TROJAN! Note - this is not the legitimate Windows Explorer (explorer.exe) which would not normally appear in Msconfig/Startup unless you added it manually!
Source=Paul Collins Startup list

[IE Doctor]
Number=3770
Confirmed=U
Filename=IEDoctor.exe
Description=IE Doctor Toolbar - "IE Doctor can help you to Repair IE easily, protect IE and OE from all malicious changes. It can Repair the HomePage, context menu, IE toolbar button, startup items, Favorites, typed URLs and the entire Internet Options"
Source=Paul Collins Startup list

[IE Java Update]
Number=3771
Confirmed=X
Filename=iejava.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagenthd.html" target=_blank>AGENT-HD</a> TROJAN!
Source=Paul Collins Startup list

[IE Menu Extension toolbar]
Number=3772
Confirmed=X
Filename=rundll32.exe [path] tbextn.dll DllShowTB
Description=Topconverting.com\180Search "IEMenuExtension" toolbar

Source=Paul Collins Startup list

[IE New Window Maximizer]
Number=3773
Confirmed=U
Filename=iemaximizer.exe
Description=<a href="http://www.jiisoft.com/iemaximizer/" target=_blank>IE New Window Maximizer</a> - automatically maximize new Internet Explorer and Outlook Express windows
Source=Paul Collins Startup list

[IE Runtime]
Number=3774
Confirmed=X
Filename=wini.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041813-3041-99" target=_blank>PICRATE.B</a> WORM!
Source=Paul Collins Startup list

[IE Runtimes]
Number=3775
Confirmed=X
Filename=winis.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadz.html" target="_blank">RBOT-ADZ</a> TROJAN!
Source=Paul Collins Startup list

[IE**.exe [* = random char]]
Number=3776
Confirmed=X
Filename=IE**.exe [* = random char]
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
Source=Paul Collins Startup list

[IE**32.exe [* = random char]]
Number=3777
Confirmed=X
Filename=IE**32.exe [* = random char]
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
Source=Paul Collins Startup list

[IE-Bar]
Number=3778
Confirmed=X
Filename=iebar.exe
Description=<a href="http://www3.cai.com/securityadvisor/pest/pest.aspx?id=453099723" target="_blank">DesktopMedia</a> adware
Source=Paul Collins Startup list

[IE6]
Number=3779
Confirmed=X
Filename=wkstmg.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[IE6]
Number=3780
Confirmed=X
Filename=ssmss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082217-1116-99" target=_blank>GAOBOT.DXO</a> WORM!
Source=Paul Collins Startup list

[IE6]
Number=3781
Confirmed=X
Filename=porn.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotatf.html" target=_blank>RBOT-ATF</a> WORM!
Source=Paul Collins Startup list

[IEACCESS]
Number=3782
Confirmed=X
Filename=temp532.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
Source=Paul Collins Startup list

[IEACCESS]
Number=3783
Confirmed=X
Filename=surfya.exe
Description=<a href="http://www.extremetech.com/article2/0,1697,1125674,00.asp" target=_blank>IEAccess</a> premium rate adult content dialer variant
Source=Paul Collins Startup list

[IEAgent update check]
Number=3784
Confirmed=X
Filename=iewatch.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-012514-0250-99" target=_blank>BOMKA</a> TROJAN!
Source=Paul Collins Startup list

[iecheck]
Number=3785
Confirmed=N
Filename=iecheck.exe
Description=Integrity checker for <a href="http://www.iconedit2.com/" target="_blank">IconEdit2</a> icon editor. It serves for IconEdit2 internal tasks only and can be safely deleted from the system if you are running the latest version of IconEdit2
Source=Paul Collins Startup list

[IECheck]
Number=3786
Confirmed=X
Filename=MSDTCs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32tirbotd.html" target=_blank>TIRBOT-D</a> WORM!
Source=Paul Collins Startup list

[IECheck]
Number=3787
Confirmed=X
Filename=xpssl.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32tirbote.html" target= blank>TIRBOT-E</a> WORM!
Source=Paul Collins Startup list

[IECheck]
Number=3788
Confirmed=X
Filename=mssvp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32tirbotg.html" target=_blank>TIRBOT-G</a> WORM!
Source=Paul Collins Startup list

[IECleanAux]
Number=3789
Confirmed=U
Filename=Ieboot6.exe
Description=<a href="http://www.nsclean.com/ieclean.html" target="_blank">IEClean</a> by Kevin McAleavy - cookie manager, cache cleaner, history cleaner, etc. Performs cleaning tasks at startup
Source=Paul Collins Startup list

[iedll]
Number=3790
Confirmed=X
Filename=iedll.exe
Description=Homepage hijacker, redirecting to coolwwwsearch.com
Source=Paul Collins Startup list

[IEDriver]
Number=3791
Confirmed=X
Filename=IEDriver.exe
Description=Installed as part of adware (Cydoor) based peer-to-peer file sharing software called URLBlaze
Source=Paul Collins Startup list

[IEDriver]
Number=3792
Confirmed=X
Filename=xplore.exe
Description=<a href="http://sarc.com/avcenter/venc/data/adware.iedriver.html" target=_blank>IEDriver</a> adware variant
Source=Paul Collins Startup list

[IEDriver]
Number=3793
Confirmed=X
Filename=TD.exe
Description=<a href="http://sarc.com/avcenter/venc/data/adware.iedriver.html" target=_blank>IEDriver</a> adware variant
Source=Paul Collins Startup list

[IEengine]
Number=3794
Confirmed=X
Filename=IEeng.exe
Description=<a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_STARTPAG.AI" target="_blank">STARTPAG.AI</a> hijacker
Source=Paul Collins Startup list

[IEFeatures]
Number=3795
Confirmed=X
Filename=IEFeatures.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_POPMON.A" target="_blank">POPMON.A</a> TROJAN! - also known as PopMonster adware
Source=Paul Collins Startup list

[IEFeatures]
Number=3796
Confirmed=X
Filename=Internetfeatures.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_POPMON.A" target="_blank">POPMON.A</a> TROJAN! - also known as PopMonster adware
Source=Paul Collins Startup list

[IefxTray]
Number=3797
Confirmed=X
Filename=IefxTray.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojrilerh.html" target=_blank>RILER-H</a> TROJAN!
Source=Paul Collins Startup list

[ieharv.exe]
Number=3798
Confirmed=X
Filename=ieharv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerhh.html" target=_blank>BANKER-HH</a> TROJAN!
Source=Paul Collins Startup list

[Iehelper]
Number=3799
Confirmed=X
Filename=syslaunch.exe
Description=Outwar adware downloader
Source=Paul Collins Startup list

[iel2cde8]
Number=3800
Confirmed=X
Filename=rundll32.exe [path] iel2cde8.dll, EnableRunDLL32
Description=<a href="http://www.spywareguide.com/product_show.php?id=853" target="_blank">LZIO.com</a> adware downloader
Source=Paul Collins Startup list

[ielcaabe]
Number=3801
Confirmed=X
Filename=rundll32.exe [path] ielcaabe.dll, EnableRunDLL32
Description=<a href="http://www.spywareguide.com/product_show.php?id=853" target=_blank>LZIO.com</a> adware downloader
Source=Paul Collins Startup list

[IELoader32]
Number=3802
Confirmed=X
Filename=iexplore32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-070417-1048-99" target="_blank"> SPEX</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112617-3418-99" target="_blank"> SPEX.B</a> WORMS!
Source=Paul Collins Startup list

[Iesar]
Number=3803
Confirmed=X
Filename=Iesar.exe
Description=Browser hijacker - redirecting to an adult web page
Source=Paul Collins Startup list

[Iesearch.exe]
Number=3804
Confirmed=X
Filename=Iesearch.exe
Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.looknsearch.html" target="_blank">LookNSearch</a> adware
Source=Paul Collins Startup list

[IESet]
Number=3805
Confirmed=X
Filename=IExplorer.dll
Description=Added by the <a href="http://vil.nai.com/vil/content/v_132935.htm" target="_blank">PWS-BLUEDIT</a> TROJAN!
Source=Paul Collins Startup list

[iestart]
Number=3806
Confirmed=X
Filename=iexp1orer.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091023-5351-99" target="_blank">NEMOG.C</a> TROJAN!
Source=Paul Collins Startup list

[ietsr]
Number=3807
Confirmed=N
Filename=ietsr.exe
Description=<a href="http://www.nsclean.com/ieclean.html" target="_blank">IEClean</a> by Kevin McAleavy - cookie manager, cache cleaner, history cleaner, etc
Source=Paul Collins Startup list

[ieupdate]
Number=3808
Confirmed=X
Filename=MCP****.exe [**** = random char]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112617-0033-99" target="_blank">ASOXY</a> TROJAN!
Source=Paul Collins Startup list

[ieupdate]
Number=3809
Confirmed=X
Filename=mcpdll32.exe
Description=Adware downloader trojan
Source=Paul Collins Startup list

[IEXPL0RER]
Number=3810
Confirmed=X
Filename=IEXPL0RER.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotql.html" target= blank>AGOBOT-QL</a> WORM!
 Note the filename has a "0" rather than an upper case "o"
Source=Paul Collins Startup list

[iexpl0res]
Number=3811
Confirmed=X
Filename=iexpl0res.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AEX&VSect=T" target=_blank>RBOT.AEX</a> WORM! Note - this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot
Source=Paul Collins Startup list

[IExploer]
Number=3812
Confirmed=X
Filename=svshosts.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_IRCBOT.BT" target="_blank">IRCBOT.BT</a> TROJAN!
Source=Paul Collins Startup list

[Iexploit]
Number=3813
Confirmed=X
Filename=Iexploit.html
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-091412-3836-99" target=_blank>INKER.B</a> WORM!
Source=Paul Collins Startup list

[Iexplore]
Number=3814
Confirmed=X
Filename=iexplore.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091117-1653-99" target=_blank>BOXER</a> TROJAN! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[IEXPLORE]
Number=3815
Confirmed=X
Filename=iexplore.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-012817-3358-99" target=_blank>APHEXDOOR</a> TROJAN! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[IExplore]
Number=3816
Confirmed=X
Filename=IEXPLORE.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderyz.html" target=_blank>DLOADER-YZ</a> TROJAN! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in a "Custom" subfolder
Source=Paul Collins Startup list

[IExplore]
Number=3817
Confirmed=X
Filename=IEXPLORE.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadraam.html" target=_blank>DLOADR-AAM</a> TROJAN! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the "Arquivos de programas\Internet Explorer\Custom" folder
Source=Paul Collins Startup list

[IEXPLORE]
Number=3818
Confirmed=X
Filename=IEXPLORE.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerbwe.html" target="_blank">BANKER-BWE</a> TROJAN! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target="_blank">iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[Iexplore Services]
Number=3819
Confirmed=X
Filename=iexplore.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup!
Source=Paul Collins Startup list

[IEXPLORE.EXE]
Number=3820
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancoscj.html" target=_blank>BANCOS-CJ</a> TROJAN!
Source=Paul Collins Startup list

[IEXPLORE.EXE]
Number=3821
Confirmed=X
Filename=goot.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifrosec.html" target=_blank>BIFROSE-C</a> TROJAN!
Source=Paul Collins Startup list

[IExplorer]
Number=3822
Confirmed=X
Filename=Iexplor32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorby.html" target=_blank>BDOOR-BY</a> TROJAN!
Source=Paul Collins Startup list

[IExplorer]
Number=3823
Confirmed=X
Filename=IExplorer.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosch.html" target=_blank>BANCOS-CH</a> TROJAN!
Source=Paul Collins Startup list

[IEXPLORER]
Number=3824
Confirmed=X
Filename=msiecfg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorju.html" target=_blank>JU</a> or <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanip.html" target=_blank>BANCBAN-IP</a> TROJANS!
Source=Paul Collins Startup list

[Iexplorer]
Number=3825
Confirmed=X
Filename=explorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzapchasac.html" target=_blank>ZAPCHAS-AC</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System folder
Source=Paul Collins Startup list

[iexplorer lptt01]
Number=3826
Confirmed=X
Filename=iexplorer.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "iexplorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[iexplorer ml097e]
Number=3827
Confirmed=X
Filename=iexplorer.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "iexplorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[Iexplorer.exe]
Number=3828
Confirmed=X
Filename=Iexplorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanen.html" target=_blank>BANCBAN-EN</a> TROJAN!
Source=Paul Collins Startup list

[IExplorer32 Java Scripting]
Number=3829
Confirmed=X
Filename=IExplore32b.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ABO&VSect=P" target=_blank>RBOT.ABO</a> WORM!
Source=Paul Collins Startup list

[IExplorer32c Java Scripting]
Number=3830
Confirmed=X
Filename=IExplore32cb.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ABN" target="_blank">RBOT.ABN</a> WORM!
Source=Paul Collins Startup list

[IExplorer6 Java Scripting]
Number=3831
Confirmed=X
Filename=IExplore326.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[IExplorer7 Java Scripting]
Number=3832
Confirmed=X
Filename=IExplore327.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[ifp]
Number=3833
Confirmed=X
Filename=ipf.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojclaggerag.html" target="_blank">CLAGGER-AG</a> TROJAN!
Source=Paul Collins Startup list

[IFSplash.exe]
Number=3834
Confirmed=U
Filename=IFSplash.exe
Description=I-FORCE driver for force feedback steering wheel
Source=Paul Collins Startup list

[igamatu]
Number=3835
Confirmed=X
Filename=ekor.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051316-2854-99" target= blank>SDBOT.AQ</a> TROJAN!
Source=Paul Collins Startup list

[igamatu]
Number=3836
Confirmed=X
Filename=atecaca.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_IRCBOT.R&VSect=P" target=_blank>IRCBOT.R</a> WORM!
Source=Paul Collins Startup list

[igfxtray]
Number=3837
Confirmed=U
Filename=igfxtray.exe
Description=Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. Quick access to the control panel via a System Tray icon. Available via Start -> Settings -> Control Panel
Source=Paul Collins Startup list

[Iglpbv]
Number=3838
Confirmed=?
Filename=Iglpbv.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[igndlm.exe]
Number=3839
Confirmed=N
Filename=DLM.exe
Description=IGN Download Manager has become a requirement for downloading files through FilePlanet.com. It is based on Internet Explorer and it installs through an ActiveX-plugin, hence Internet Explorer must be installed beforehand and downloads has to be initialized through that browser
Source=Paul Collins Startup list

[igsex2x]
Number=3840
Confirmed=X
Filename=igsex2x.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102813-2445-99" target=_blank>NewDial</a> premium rate adult content dialler
Source=Paul Collins Startup list

[iHP-100]
Number=3841
Confirmed=?
Filename=iHPDetect.exe
Description=Drive Letter Searcher, <a href="http://www.redchairsoftware.com/irivium/" target=_blank>iRiver</a> iHP-100 iHP and H Series player related - <font color="#FF0000">does it need to start with Windows every time?</font>
Source=Paul Collins Startup list

[iilc]
Number=3842
Confirmed=X
Filename=IILC.EXE
Description=Homepage hijacker
Source=Paul Collins Startup list

[Iinl]
Number=3843
Confirmed=X
Filename=iptl.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[iisvers]
Number=3844
Confirmed=X
Filename=iisvers.exe
Description=Added by an unidentified TROJAN or adware
Source=Paul Collins Startup list

[iIWiper]
Number=3845
Confirmed=N
Filename=Systemwiper.exe
Description=<a href="http://iisoftware.net/index.php?clean.html" target="_blank">System Wiper</a> from iI Software - allows you to clear the history of your activites from you computer. Run manually on a regular basis
Source=Paul Collins Startup list

[IJ75P2PSERVER]
Number=3846
Confirmed=Y
Filename=IJ75P2PS.EXE
Description=Printer utility which is required in order to make the printer work correctly
Source=Paul Collins Startup list

[IKE Service 95]
Number=3847
Confirmed=Y
Filename=IKEService.exe
Description=Associated with <a href="http://www.pgpi.org/" target="_blank">PGP</a>. The PGP Tray can be
disabled, but without IKESERVICE you won't be able to de- or encrypt anything
Source=Paul Collins Startup list

[iKeyWorks]
Number=3848
Confirmed=U
Filename=IKEYMAIN.EXE
Description=<a href="http://www.a4tech.com/a4techenglish/index.html" target="_blank">A4Tech</a> wireless keyboard driver and utility
Source=Paul Collins Startup list

[iLLeGaL]
Number=3849
Confirmed=X
Filename=Mplayer.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOLAR.C" target="_blank">HOLAR.C</a> (or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-120413-1702-99" target="_blank">GALIL</a>) WORM! Note - this should not be comfused with Windows Media Player which has the same filename
Source=Paul Collins Startup list

[iLLeGaL.exe]
Number=3850
Confirmed=X
Filename=Mplayer.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOLAR.C" target="_blank">HOLAR.C</a> (or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-120413-1702-99" target="_blank">GALIL</a>) WORM! Note - this should not be comfused with Windows Media Player which has the same filename
Source=Paul Collins Startup list

[ILO_Office_Manager]
Number=3851
Confirmed=?
Filename=IntEdReg.exe /OFFMAN
Description=<a href="http://www.intense.co.uk/" target="_blank">Intense Educational Ltd</a> - Language Office Software. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list

[iLyric]
Number=3852
Confirmed=U
Filename=iLyric.exe
Description=<a href="http://www.ilyric.net/winamp.html" target=_blank>iLyric</a> plugin for Winamp media player. Allows you to retrieve the lyrics for your songs with the press of a button

Source=Paul Collins Startup list

[iM Start Center]
Number=3853
Confirmed=N
Filename=iM_Tray.exe
Description=Installed with the Sound Blaster Audigy range of soundcards. A radio tuner installed if the user chooses during installation. Available via Start -&gt; Programs -&gt; iM Networks -&gt; iM Radio Tuner
Source=Paul Collins Startup list

[Image]
Number=3854
Confirmed=X
Filename=rundll32 image.dll, Install
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list

[Image & Restore]
Number=3855
Confirmed=Y
Filename=IMAGE32.exe
Description=Part of McAfee Nuts &amp; Bolts. Image/Restore can recover from drives that have been accidentally formatted or completely erased, if Image was recently run
Source=Paul Collins Startup list

[Image Transfer]
Number=3856
Confirmed=N
Filename=SonyTray.exe
Description=Sony Image Transfer software provides direct image transfer from your digital camera to a PC - can be started manually
Source=Paul Collins Startup list

[ImageDrive-{hex numbers}]
Number=3857
Confirmed=U
Filename=ImageDrive.exe
Description=<a href="http://www.nero.com/en/631910958042754.html" target="_blank">Nero ImageDrive</a> from Ahead - virtual CD/DVD drive software
Source=Paul Collins Startup list

[Imagefox]
Number=3858
Confirmed=U
Filename=imagefox.exe
Description=ImageFox 2.0 (formerly available from <a href="http://www.acdsee.com/" target="_blank">ACDSee</a>) is an "add-on" graphics previewer for most Windows Open/Save As dialog boxes
Source=Paul Collins Startup list

[Imagemgt32]
Number=3859
Confirmed=X
Filename=Imagemgt32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list

[ImagePath]
Number=3860
Confirmed=X
Filename=taskbarmngr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxb.html" target=_blank>SDBOT-XB</a> WORM!
Source=Paul Collins Startup list

[IMAPI]
Number=3861
Confirmed=X
Filename=load.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdowndela.html" target=_blank>DOWNDEL-A</a> TROJAN!
Source=Paul Collins Startup list

[iMarkup Client]
Number=3862
Confirmed=N
Filename=iUtil.exe
Description=Enables the <a href="http://www.imarkup.com/products/imarkup_client.asp" target=blank>iMarkup Client</a> web page annotation utility to run in the background and be available in systray. Shortcut available via Start -> Programs
Source=Paul Collins Startup list

[Imatio]
Number=3863
Confirmed=U
Filename=imation.exe
Description=<a href="http://www.imation.com/products/flash_devices/downloads.html" target="_blank">Imation Disk Manager</a> - enables you to create a password protected area on your Imation USB flash drive
Source=Paul Collins Startup list

[IMClass]
Number=3864
Confirmed=X
Filename=Svhosl.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[imekrig]
Number=3865
Confirmed=N
Filename=imekrig.exe
Description=Part of MS <a href="http://www.microsoft.com/windows/ie/downloads/recommended/ime/default.asp" target="_blank">Input Method Editor</a> which is used to ease the input of Asian characters in MS Office (Chinese, Japanese and this one is Korean)
Source=Paul Collins Startup list

[IMEKRMIG6.1]
Number=3866
Confirmed=N
Filename=IMEKRMIG.EXE
Description=Part of MS <a href="http://www.microsoft.com/windows/ie/downloads/recommended/ime/default.asp" target="_blank">Input Method Editor</a> which is used to ease the input of Asian characters in MS Office (Chinese, Japanese and this one is Korean)
Source=Paul Collins Startup list

[Imesh]
Number=3867
Confirmed=N
Filename=??
Description=<a href="http://www.imesh.com" target="_blank">Imesh</a> is a file sharing system
Source=Paul Collins Startup list

[Imesh Auto Update]
Number=3868
Confirmed=N
Filename=??
Description=Update check for the <a href="http://www.imesh.com" target=_blank>Imesh</a> file sharing system. Turn the update off under "options"
Source=Paul Collins Startup list

[IMEvtMgr.exe]
Number=3869
Confirmed=X
Filename=IMEvtMgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkeylogar.html" target=_blank>KEYLOG-AR</a> TROJAN!
Source=Paul Collins Startup list

[ImgIcon]
Number=3870
Confirmed=U
Filename=ImgIcon.exe
Description=Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running
Source=Paul Collins Startup list

[imgit]
Number=3871
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerem.html" target=_blank>BANKER-EM</a> TROJAN!
Source=Paul Collins Startup list

[ImgStart]
Number=3872
Confirmed=N
Filename=ImgStart.exe
Description=Used by Iomega drives. Details of its purpose can be found <a href="http://pw2.netcom.com/~deepone/zipjaz/ioware.html#startup" target="_blank">here</a>. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[Imjpmig*.*]
Number=3873
Confirmed=N
Filename=IMJPMIG.EXE
Description=Part of MS <a href="http://www.microsoft.com/windows/ie/downloads/recommended/ime/default.asp" target="_blank">Input Method Editor</a> which is used to ease the input of Asian characters in MS Office (Chinese, Korean and this one is Japanese). *.* represents the version number
Source=Paul Collins Startup list

[immcheck.exe]
Number=3874
Confirmed=?
Filename=immcheck.exe
Description=<font color="#FF0000">Related to I-FORCE driver for force feedback steering wheel?</font>
Source=Paul Collins Startup list

[ImMsn]
Number=3875
Confirmed=X
Filename=timed.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=3&VName=BKDR_WEBDOR.AK" target="_blank">WEBDOR.AK</a> TROJAN!
Source=Paul Collins Startup list

[IMOL]
Number=3876
Confirmed=U
Filename=IMOLApp.exe
Description=<a href="http://www.incredimail.com/" target=_blank>IncrediMail</a> for Office Outlook Add-On
Source=Paul Collins Startup list

[Imonitor]
Number=3877
Confirmed=N
Filename=Plguni.exe
Description=<a href="http://www.mcafee.com/myapps/qc3/default.asp" target="_blank">McAfee QuickClean 3.0</a> - removes internet clutter and unwanted programs
Source=Paul Collins Startup list

[imonitor]
Number=3878
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojimonia.html" target="_blank">IMONI-A</a> TROJAN!
Source=Paul Collins Startup list

[IMONTRAY]
Number=3879
Confirmed=U
Filename=imontray.exe
Description=System tray monitoring of fans, temperature, voltage, etc for Intel motherboards. Only needed if you "overclock" or live in hot environment. Can also cause problems when running on a laptop if you change PCMCIA cards
Source=Paul Collins Startup list

[IMprocess]
Number=3880
Confirmed=X
Filename=IM-svr.EXE
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-041214-2538-99" target="_blank">IMNames</a> adware
Source=Paul Collins Startup list

[IMStart]
Number=3881
Confirmed=U
Filename=IMStart.exe
Description=<a href="http://www.intermute.com/products/index.html" target=_blank>InterMute</a> security software related
Source=Paul Collins Startup list

[imwinsrvc]
Number=3882
Confirmed=X
Filename=acpmonsrv.exe
Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan-Proxy.Win32.Slaper.e&threatid=76053" target="_blank">SLAPER.E</a> TROJAN!
Source=Paul Collins Startup list

[IMwire]
Number=3883
Confirmed=X
Filename=imwireup.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050804-2316-99" target=_blank>SafeSurfing</a> adware variant

Source=Paul Collins Startup list

[im_autorn]
Number=3884
Confirmed=X
Filename=im_1.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-012610-4055-99" target=_blank>IMAV.A</a> WORM!
Source=Paul Collins Startup list

[im_autorn]
Number=3885
Confirmed=X
Filename=im_2.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbagledlbo.html" target=_blank>BAGLEDL-BO</a> TROJAN!
Source=Paul Collins Startup list

[InCD]
Number=3886
Confirmed=Y
Filename=incd.exe
Description=Ahead <a href="http://www.nero.com/" target=_blank>InCD</a> packet writing software - similar to DirectCD. For Nero 5.0 or 5.5 (InCD3), it does not need to start with Windows. You can run InCD.exe manually before inserting an appropriately formatted CD-RW (CD-MRW) disk. For Nero 6.0, 6.3 or 6.6 (InCD4), it does need to start with Windows. It does not function correctly when you try to run it manually, and you will not have write access to MRW (Mount Rainier) formatted CD-RW (CD-MRW) or DVD-MRW disks. To regain write access and other features, InCD 4 must start with Windows
Source=Paul Collins Startup list

[IncMail]
Number=3887
Confirmed=N
Filename=IncMail.exe
Description="<a href="http://www.incredimail.com/english/index.html" target="_blank">IncrediMail</a> is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality"
Source=Paul Collins Startup list

[InControl Desktop Manager]
Number=3888
Confirmed=N
Filename=DMHKEY.EXE
Description=For Diamond Multimedia video cards. Allows System Tray access to desktop utilities such as screen resolution. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[Incredimail]
Number=3889
Confirmed=N
Filename=incredimail.exe
Description=&quot;<a href="http://www.incredimail.com/english/index.html" target="_blank">IncrediMail</a> is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality&quot;
Source=Paul Collins Startup list

[Incredimail]
Number=3890
Confirmed=N
Filename=IncMail.exe
Description="<a href="http://www.incredimail.com/english/index.html" target="_blank">IncrediMail</a> is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality"
Source=Paul Collins Startup list

[Index Service]
Number=3891
Confirmed=X
Filename=dllhost32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.CH&VSect=P" target=_blank>AGOBOT.CH</a> WORM!
Source=Paul Collins Startup list

[Index Washer]
Number=3892
Confirmed=U
Filename=WashIdx.exe
Description=<a href="http://www.webroot.com/consumer/products/windowwasher/" target="_blank">Window Washer</a> from Webroot Software. Useful utility that deletes safe to remove files, cookies, browsing history, etc. Available via from Start -> Programs. Disable within the program options - otherwise it is re-enabled in MSCONFIG
Source=Paul Collins Startup list

[Indexindicator]
Number=3893
Confirmed=X
Filename=Indexindicator.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022716-1619-99" target=_blank>LAZAR</a> TROJAN!
Source=Paul Collins Startup list

[IndexSearch]
Number=3894
Confirmed=N
Filename=IndexSearch.exe
Description=Associated with PaperPort scanner software from ScanSoft
Source=Paul Collins Startup list

[IndexTray]
Number=3895
Confirmed=U
Filename=IndexTray.exe
Description=Part of <a href="http://www.sharpusa.com/products/applications/sharpdesk/1,2693,3-3,00.html" target="_blank">Sharpdesk</a> from Sharp Electronics. "A desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents"
Source=Paul Collins Startup list

[ine]
Number=3896
Confirmed=X
Filename=svchosts.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=41546" target= blank>RBOT.BNL</a> WORM!
Source=Paul Collins Startup list

[Inet DataBase]
Number=3897
Confirmed=X
Filename=Inetdbs.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-121309-1750-99" target=_blank>QEDS</a> WORM!
Source=Paul Collins Startup list

[Inet Delivery]
Number=3898
Confirmed=X
Filename=inetdl.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/adware.intdel.html" target=_blank>Inet Delivery</a> adware
Source=Paul Collins Startup list

[Inet Delivery]
Number=3899
Confirmed=X
Filename=inetdl_2.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/adware.intdel.html" target=_blank>Inet Delivery</a> adware
Source=Paul Collins Startup list

[Inetapi]
Number=3900
Confirmed=X
Filename=Netapi.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_NETDEVIL.14" target="_blank">NETDEVIL.14</a> TROJAN!
Source=Paul Collins Startup list

[inetcntrl]
Number=3901
Confirmed=U
Filename=inetcntrl.exe
Description=Bsafe Online - internet filter
Source=Paul Collins Startup list

[InetConf]
Number=3902
Confirmed=?
Filename=inetconf.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Inetd]
Number=3903
Confirmed=U
Filename=INETD32.EXE
Description=<a href="http://www.hummingbird.com/products/nc/inetd/index.html?cks=y" target="_blank">Windows Inet Daemon</a> from Hummingbird Communications. "Hummingbird Inetd has the advanced ability to conserve PC resources by listening for connection requests and launching server daemons". Provides PCs with the full functionality of a UNIX workstation
Source=Paul Collins Startup list

[inetinfo.exe]
Number=3904
Confirmed=U
Filename=inetinfo.exe
Description=Executable used by MS Internet Information Server (IIS). If it's running, then so is IIS. Useful in knowing whether you require the patch for the Code Red worm. Comes with PWS (Personal Web Server) or NT4 and handles ASP-, PHP code (+ more)
Source=Paul Collins Startup list

[inetinfomon manager]
Number=3905
Confirmed=X
Filename=inetinfomon.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DONBOMB.A&VSect=P" target=_blank>DONBOMB.A</a> TROJAN!
Source=Paul Collins Startup list

[inetmgr]
Number=3906
Confirmed=X
Filename=inetmgr.exe
Description=Actual Names <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453075255" target="_blank">(AdvSearch)</a> Internet Keywords parasite
Source=Paul Collins Startup list

[InetMSN]
Number=3907
Confirmed=X
Filename=msnet.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99" target="_blank">SDBOT</a> TROJAN!
Source=Paul Collins Startup list

[InetServices]
Number=3908
Confirmed=X
Filename=wsock32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojwock32a.html" target="_blank">WOCK32-A</a> TROJAN!
Source=Paul Collins Startup list

[infamous.exe]
Number=3909
Confirmed=X
Filename=wmplayer.exe
Description=Added by unknown malware. WMPLAYER.EXE is stored in the location and uses the same name as Windows Media Player but that valid Windows program doesn't load at startup. Infamous.exe is identified by <a href="http://www.pandasoftware.com/" target="_blank">Panda</a> antivirus as Trj/Briss.A
Source=Paul Collins Startup list

[Info Select]
Number=3910
Confirmed=U
Filename=is.exe
Description=<a href="http://www.miclog.com/isover.htm" target="_blank">Info Select</a> from Micro Logic - personal information manager
Source=Paul Collins Startup list

[Info32x]
Number=3911
Confirmed=X
Filename=Info32x.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list

[InfoPenMSN]
Number=3912
Confirmed=U
Filename=InfoPenIM.exe
Description=<a href="http://www.infopen.com.tw/english/es/" target=_blank>InfoPenMSN</a> is a MSN Messenger plugin that allows you to send data written/drawn by hand 
Source=Paul Collins Startup list

[Infoplay.exe]
Number=3913
Confirmed=?
Filename=Infoplay.exe
Description=<font color="#FF0000">Written by New Media Properties, LLC and you're asked if you want to download and install it if you visit one of their search engine <a href="http://www.allyoursearch.com/" target="_blank">websites</a> (which I chose not to). What does it do and is it needed?</font>
Source=Paul Collins Startup list

[Information Update]
Number=3914
Confirmed=X
Filename=iu.exe
Description=Recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Downloader.Win32.Centim.ch TROJAN! Note - the file associated with this is located in the Program Files\Information Update folder
Source=Paul Collins Startup list

[Infra-red Monitor]
Number=3915
Confirmed=U
Filename=IRMON.EXE
Description=System Tray access to infra-red devices. Not required unless you use infra-red devices
Source=Paul Collins Startup list

[infus]
Number=3916
Confirmed=X
Filename=infus.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[Infuzer]
Number=3917
Confirmed=U
Filename=Infuzer.exe
Description=<a href="http://www.infuzer.com/IDC/features/" target="_blank">Infuzer</a> - "is a service that copies dates from the web or an email straight to your electronic calendar". Beware of the following adware trait - "Infuzer provides web site owners with a unique opportunity to communicate with their visitors in a way that is useful and relevant to them, as well as increasing return visits and brand awareness, and providing new e-commerce opportunities"
Source=Paul Collins Startup list

[infwin]
Number=3918
Confirmed=X
Filename=infwin.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=VX2.Transponder&threatid=12517" target=_blank>VX2.Transponder</a> parasite updater/installer related
Source=Paul Collins Startup list

[Init32]
Number=3919
Confirmed=X
Filename=Init32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101615-2959-99" target=_blank>WINEX.A</a> TROJAN!
Source=Paul Collins Startup list

[Initial Page]
Number=3920
Confirmed=X
Filename=install.exe
Description=EasySearch browser hijack installer

Source=Paul Collins Startup list

[Initialize8x8]
Number=3921
Confirmed=Y
Filename=8x8_init.exe
Description=Tool that initializes a Pinnacle PCTV card - maybe in capture or in showing overlay
Source=Paul Collins Startup list

[injob]
Number=3922
Confirmed=X
Filename=injobs.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062609-4017-99" target=_blank>BINJO</a> TROJAN!
Source=Paul Collins Startup list

[Ink Monitor]
Number=3923
Confirmed=N
Filename=InkMonitor.exe
Description=Associated with Epson (and maybe other) printers. Tells you when the ink's running low and asks if you want to buy another cartridge on-line
Source=Paul Collins Startup list

[InkWatch]
Number=3924
Confirmed=N
Filename=InkWatch.exe
Description=Associated with Canon (and maybe other) printers. Tells you when the ink's running low and asks if you want to buy another cartridge on-line
Source=Paul Collins Startup list

[InoRPC]
Number=3925
Confirmed=Y
Filename=InoRpc.exe
Description=Associated with <a href="http://www1.my-etrust.com/?CFID=6909348&amp;CFTOKEN=43ce20d-0001f1aa-f6e5-1d77-be1e-2f0eac14303f" target="_blank">eTrust Antivirus/InoculateIT</a>
Source=Paul Collins Startup list

[InoRT]
Number=3926
Confirmed=Y
Filename=InoRT9x.exe
Description=Associated with the Realtime Monitor of <a href="http://www1.my-etrust.com/?CFID=6909348&amp;CFTOKEN=43ce20d-0001f1aa-f6e5-1d77-be1e-2f0eac14303f" target="_blank">eTrust Antivirus/InoculateIT</a> version 6 virus scanners from Computer Associates. For NT/2K/XP users you may need a patch if seeing high CPU useage
Source=Paul Collins Startup list

[InoTask]
Number=3927
Confirmed=U
Filename=InoTask.exe
Description=Scheduled scans and signature updates for <a href="http://www1.my-etrust.com/?CFID=6909348&amp;CFTOKEN=43ce20d-0001f1aa-f6e5-1d77-be1e-2f0eac14303f" target="_blank">eTrust Antivirus/InoculateIT</a> version 6 virus scanners from Computer Associates. Leave enabled unless you manually update signatures or perform routine scans. If enabled it can result in high CPU useage when performing updates
Source=Paul Collins Startup list

[insCOA5]
Number=3928
Confirmed=?
Filename=insCOA5.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[InstaAlert]
Number=3929
Confirmed=U
Filename=InstaAlert.exe
Description="Kayako <a href="http://www.kayako.com/instaalert.php" target="_blank">InstaAlert</a> allows you to receive realtime alerts whenever a ticket gets updated under the assigned departments. The application displays popups as and when the tickets are created or replied to allowing you to answer your customer requests and issues promptly"
Source=Paul Collins Startup list

[InstaFinderK]
Number=3930
Confirmed=X
Filename=InstaFinderK inst.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040516-0442-99" target=_blank>InstaFinder</a> adware
Source=Paul Collins Startup list

[Install]
Number=3931
Confirmed=X
Filename=Install.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanhg.html" target=_blank>BANCBAN-HG</a> TROJAN!
Source=Paul Collins Startup list

[Install Pending Files]
Number=3932
Confirmed=?
Filename=sifxinst.exe
Description=Uninstall program for <a href="http://www.lanovation.com/" target="_blank">Lanovation's</a> Prism Deploy and Prism Pack adminstrators software deployement tools. For specific information see <font color="#FF0000"><a href="http://www.lanovation.com/support/docs/General/rollbackfiles_prism.htm" target="_blank">here</a>. Is it required?</font>
Source=Paul Collins Startup list

[InstallAurealDemos]
Number=3933
Confirmed=N
Filename=InstallAurealDemos.js
Description=Used to initialize the Aureal A3D demos InstallShield wizard
Source=Paul Collins Startup list

[InstallBuddy]
Number=3934
Confirmed=U
Filename=Ibtna.exe
Description=<a href="http://www.bluenomad.com/ib/prod_installbuddy_details.html" target="_blank">InstallBuddy</a> - automatically translates and installs your desktop documents, such as Adobe PDF, HTML, Microsoft Word, Excel and PowerPoint files, to your Palm organizer when you HotSync
Source=Paul Collins Startup list

[Installed shell32.dll]
Number=3935
Confirmed=X
Filename=Office.exe...
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list

[Installer]
Number=3936
Confirmed=X
Filename=dial.exe
Description=Malware - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as the AGENT.MM TROJAN!
Source=Paul Collins Startup list

[InstallNAIProduct]
Number=3937
Confirmed=?
Filename=SETUP.EXE
Description=<font color="#FF0000">Could be related to Network Associates Inc who own the McAfee VirusScan product amongst others. This was found in a directory called &quot;VSC&quot;. Could it be an installation that failed and &quot;SETUP.EXE&quot; was left to run at startup as an error?</font>
Source=Paul Collins Startup list

[Installs SP2]
Number=3938
Confirmed=X
Filename=[path] repcale.exe [path] palsp.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDON.AN" target="_blank">RANDON.AN</a> WORM!
Source=Paul Collins Startup list

[Installstub]
Number=3939
Confirmed=U
Filename=installstub.exe
Description=Tool for Outlook and Outlook Express from <a href="http://www.plaxo.com/" target="_blank">Plaxo</a> for organising and keeping contacts organised and updated and providing online access to your contacts and access from PDA or mobile phone
Source=Paul Collins Startup list

[Instance 001]
Number=3940
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32alasroua.html" target=_blank>Alasrou-A</a> WORM!
Source=Paul Collins Startup list

[Instant Access]
Number=3941
Confirmed=X
Filename=rundll32.exe EGDHTML_1023.dll, InstantAccess
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010517-1801-99" target=_blank>Electronic_Group/InstantAccess</a> premium rate adult content dialer variant
Source=Paul Collins Startup list

[Instant Access]
Number=3942
Confirmed=X
Filename=rundll32.exe eg_auth_****.dll, InstantAccess [**** = digits]
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010517-1801-99" target=_blank>Electronic_Group/InstantAccess</a> premium rate adult content dialer variant
Source=Paul Collins Startup list

[Instant Access]
Number=3943
Confirmed=X
Filename=rundll32.exe EGCOMLIB_****.dll, InstantAccess [**** = digits]
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010517-1801-99" target=_blank>Electronic_Group/InstantAccess</a> premium rate adult content dialer variant
Source=Paul Collins Startup list

[Instant Access]
Number=3944
Confirmed=X
Filename=rundll32.exe EGCOMSERVICE_****.dll, InstantAccess [**** = digits]
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010517-1801-99" target=_blank>Electronic_Group/InstantAccess</a> premium rate adult content dialer variant
Source=Paul Collins Startup list

[Instant Access]
Number=3945
Confirmed=X
Filename=rundll32.exe EGDACCESS_****.dll, InstantAccess [**** = digits]
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010517-1801-99" target=_blank>Electronic_Group/InstantAccess</a> premium rate adult content dialer variant
Source=Paul Collins Startup list

[Instant Access]
Number=3946
Confirmed=X
Filename=rundll32.exe p2esocks_****.dll, InstantAccess [**** = digits]
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010517-1801-99" target=_blank>Electronic_Group/InstantAccess</a> premium rate adult content dialer variant
Source=Paul Collins Startup list

[Instant Access]
Number=3947
Confirmed=X
Filename=mwsrvacc.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010517-1801-99" target="_blank">InstantAccess</a> premium rate adult content dialer
Source=Paul Collins Startup list

[Instant Access]
Number=3948
Confirmed=X
Filename=linewsrv.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010517-1801-99" target="_blank">InstantAccess</a> premium rate adult content dialer variant
Source=Paul Collins Startup list

[Instant Buzz Daemon]
Number=3949
Confirmed=X
Filename=IBDaemon.exe
Description=<a href="http://www.publishingcentral.com/news.php?story=72" target="_blank">Instant Buzz</a> adware
Source=Paul Collins Startup list

[Instant Update Center]
Number=3950
Confirmed=N
Filename=reminder.exe
Description=From Broderbund's PrintMaster 10. It is an event reminder (for calendar dates, etc). Delete from the startup using Startup Manager program because it keeps re-checking itself when using MSCONFIG.&nbsp; PrintMaster 11 uses filename PMremind.exe - it has to be unchecked in startup in the same manner
Source=Paul Collins Startup list

[Instant Wireless Configuration Utility]
Number=3951
Confirmed=U
Filename=WUSB11cfg.exe
Description=Utility used by the <a href="http://www.linksys.com/default.asp" target="_blank">LINKSYS</a> LINKSYS wireless USB Adapter (WUSB11) and indicates when a wireless access connection is made by a screen colour change. Also used for configuration
Source=Paul Collins Startup list

[Instant Wireless Configuration Utility]
Number=3952
Confirmed=U
Filename=WPC11Cfg.exe
Description=Utility used by the <a href="http://www.linksys.com/default.asp" target=_blank>LINKSYS</a> wireless USB Adapter (WUSB11) and indicates when a wireless access connection is made by a screen colour change. Also used for configuration
Source=Paul Collins Startup list

[InstantAccess]
Number=3953
Confirmed=N
Filename=INSTAN~1.EXE
Description=From TextBridge Pro 9.0 OCR scanner software. Available via Start -> Programs
Source=Paul Collins Startup list

[InstantDrive]
Number=3954
Confirmed=U
Filename=InstantDrive.exe
Description=<a href="http://www.pinnaclesys.com" target="_blank">Pinnacle Systems</a> (ex VOB) InstantDrive - creates a virtual CD-ROM drive on the computer's hard drive. Part of InstantCD/DVD burning software
Source=Paul Collins Startup list

[InstantPleasure]
Number=3955
Confirmed=X
Filename=instantpleasure.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[InstantPleasureXXX]
Number=3956
Confirmed=X
Filename=instantpleasurexxx.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[InstantTray]
Number=3957
Confirmed=N
Filename=PCLETray.exe
Description=<a href="http://www.pinnaclesys.com/ProductPage_n.asp?Product_ID=1431&Langue_ID=7" target=_blank>Pinnacle InstantCD/DVD</a> disc creation software. Tray icon enabling a pop-up menu that lets you call up any of Instant CD/DVD's tools with one click. Can be started manually
Source=Paul Collins Startup list

[instit]
Number=3958
Confirmed=X
Filename=instit.bat
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-111119-3659-99" target="_blank">OPASERV.H</a> WORM!
Source=Paul Collins Startup list

[instit]
Number=3959
Confirmed=X
Filename=INSTIT.BAT
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.K" target="_blank">OPASERV.K</a> WORM!
Source=Paul Collins Startup list

[InstUtlR.exe]
Number=3960
Confirmed=?
Filename=InstUtlR.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[intdctrr]
Number=3961
Confirmed=X
Filename=idctup20.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050804-2316-99" target=_blank>SafeSurfing</a> adware variant

Source=Paul Collins Startup list

[Intec Service Drivers]
Number=3962
Confirmed=X
Filename=msmsgrs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotadn.html" target=_blank>SDBOT-ADN</a> WORM!
Source=Paul Collins Startup list

[Intec Service Drivers]
Number=3963
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotglu.html" target="_blank">RBOT-GLU</a> WORM!
Source=Paul Collins Startup list

[Intec Services Driverrs]
Number=3964
Confirmed=X
Filename=winrvc.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Intel Active Monitor]
Number=3965
Confirmed=U
Filename=imontray.exe
Description=System tray monitoring of fans, temperature, voltage, etc for Intel motherboards. Only needed if you &quot;overclock&quot; or live in hot environment. Can also cause problems when running on a laptop if you change PCMCIA cards
Source=Paul Collins Startup list

[Intel Driver]
Number=3966
Confirmed=X
Filename=csrs.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Intel File Transfer]
Number=3967
Confirmed=U
Filename=xfr.exe
Description=Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients
Source=Paul Collins Startup list

[Intel PDS]
Number=3968
Confirmed=U
Filename=pds.exe
Description=Intel Ping Discovery Service (PDS). Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients. Will start the dial-up if installed and enabled
Source=Paul Collins Startup list

[Intel Product Number Utility]
Number=3969
Confirmed=U
Filename=IntelProcNumUtility.exe
Description=Intel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information <a href="http://www.intel.com/support/processors/pentiumiii/sb/cs-007578.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[Intel PROSet Tray Icon]
Number=3970
Confirmed=N
Filename=promon.exe
Description=System Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic features
Source=Paul Collins Startup list

[Intel Service Drivers]
Number=3971
Confirmed=X
Filename=msconfig16.exe
Description=Added by the <a href="http://www.superadblocker.com/M/MSCONFIG16.EXE-6417.html" target=_blank>MSCONFIG16</a> TROJAN!
Source=Paul Collins Startup list

[Intel system tool]
Number=3972
Confirmed=X
Filename=hookdump.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojspyreh.html" target=_blank>SPYRE-H</a> TROJAN!
Source=Paul Collins Startup list

[Intel system tool]
Number=3973
Confirmed=X
Filename=winnook.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojspyrec.html" target=_blank>SPYRE-C</a> TROJAN!
Source=Paul Collins Startup list

[Intel system tool]
Number=3974
Confirmed=X
Filename=svehost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentebt.html" target="_blank">AGENT-EBT</a> TROJAN!
Source=Paul Collins Startup list

[Intel system works]
Number=3975
Confirmed=X
Filename=iis.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.QGA" target="_blank">RBOT.QGA</a> WORM!
Source=Paul Collins Startup list

[Intel(R) Common User Interface]
Number=3976
Confirmed=U
Filename=hkcmd.exe
Description=Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. If the user wishes to have "HotKey" access to Intel's customised graphics properties, it is required, otherwise not. It can be disabled via the Display Properties in the Control Panel
Source=Paul Collins Startup list

[Intel(R) Common User Interface]
Number=3977
Confirmed=N
Filename=igfxpers.exe
Description=Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. Not known exactly what it does but apparently it isn't required
Source=Paul Collins Startup list

[intel32.exe]
Number=3978
Confirmed=X
Filename=intel32.exe
Description=Added by the SmitFraud alias <a href="http://www.sophos.com/virusinfo/analyses/trojspyjackb.html" target="_blank">SPYJACK-B</a> TROJAN!
Source=Paul Collins Startup list

[IntelAPMClient]
Number=3979
Confirmed=U
Filename=amclient.exe
Description=LANDesk <a href="http://www.landesk.com/Products/LDMS/" target=_blank>Management Suite</a> software component
Source=Paul Collins Startup list

[IntelAudioStudio]
Number=3980
Confirmed=N
Filename=IntelAudioStudio.exe
Description="<a href="http://www.intel.com/design/motherbd/software/ias/index.htm" target="_blank">Intel Audio Studio</a> combines Intel® High Definition audio hardware features with Sonic Focus* Audio Refinement and Dolby* technologies to provide you with a comprehensive tool that puts you in control of your audio experience". Audio utility supplied with Intel motherboards
Source=Paul Collins Startup list

[InteliSys]
Number=3981
Confirmed=X
Filename=smss.exe
Description=Advertisingvision adware! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[intell32.exe]
Number=3982
Confirmed=X
Filename=intell32.exe
Description=Added by the SmitFraud alias <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-072415-2405-99" target="_blank">Desktophijack.C</a> TROJAN!
Source=Paul Collins Startup list

[intell321.exe]
Number=3983
Confirmed=X
Filename=intell321.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfakealec.html" target=_blank>SPYJACK-B</a> TROJAN! 

Source=Paul Collins Startup list

[Intelliflag_be.exe]
Number=3984
Confirmed=X
Filename=Intelliflag_be.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-012616-2554-99" target=_blank>Intelliflag</a> SPYWARE!
Source=Paul Collins Startup list

[IntelliPoint]
Number=3985
Confirmed=U
Filename=point32.exe
Description=Microsoft Intellipoint software for their Intellimouse series of mice - required if you use non-standard Windows driver features
Source=Paul Collins Startup list

[Intellitype]
Number=3986
Confirmed=U
Filename=type32.exe
Description=For MS programmable keyboards. If you disable Intellitype in Startup, any &quot;Hot Keys&quot; that are changed by the user to perform functions other than default settings, defer back to their default settings unless you have changed them
Source=Paul Collins Startup list

[IntelMEM]
Number=3987
Confirmed=U
Filename=IntelMEM.exe
Description=Related to connection events on an Intel chipset based modem. It can alert you if the telephone line is being used when you're trying to get online (when you're using dial-up). It can also alert you if your modem line is disconnected. Furthermore, it can alert you if you have made a wrong connection with your modem line
Source=Paul Collins Startup list

[IntelProcNumUtility]
Number=3988
Confirmed=U
Filename=cpunumber.exe
Description=Intel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information <a href="http://www.intel.com/support/processors/pentiumiii/sb/cs-007578.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[IntelWireless]
Number=3989
Confirmed=Y
Filename=ifrmewrk.exe
Description=Associated with the Intel PRO/Set Wireless software
Source=Paul Collins Startup list

[IntelZeroConfig]
Number=3990
Confirmed=U
Filename=ZCfgSvc.exe
Description=Zero Config MFC Application, part of Intel's ProSET utilities and installed by the drivers for many of Intel wireless network cards - essential to the proper functioning of many of the Intel ProSET utilities (but not all) and these System Tray ProSET utilities are a must if you are using your wireless connection, if only so you know when the signal is fading or dropping. The problem is that, in some PCs, ZCFGSVC can be incredibly badly behaved : taking up to 100% of CPU time and therefore resulting in an extremely slow PC, preventing the installation of software or Windows updates, or causing "Not Responding" or "End this Program" shutdown problems. If you experience this, try first the very latest drivers from Intel or your laptop manufacturer. If that still does not solve the problem and you have WinXP/2003, try setting the "Wireless Zero Configuration" service to disabled
Source=Paul Collins Startup list

[Intel® Common User Interface]
Number=3991
Confirmed=U
Filename=igfxtray.exe
Description=Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. Quick access to the control panel via a System Tray icon. Available via Start -> Settings -> Control Panel
Source=Paul Collins Startup list

[Intense Registry Service]
Number=3992
Confirmed=?
Filename=IntEdReg.exe /CHECK
Description=<a href="http://www.intense.co.uk/" target="_blank">Intense Educational Ltd</a> - Language Office Software. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list

[InterceptedSystem]
Number=3993
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32anaconb.html" target=_blank>ANACON-B</a> WORM!
Source=Paul Collins Startup list

[InterCheck Monitor]
Number=3994
Confirmed=Y
Filename=Icmon.exe
Description=Part of <a href="http://www.sophos.com/products/software/" target="_blank">Sophos</a> ant-virus sofware
Source=Paul Collins Startup list

[InterCheckMonitor]
Number=3995
Confirmed=Y
Filename=ICMON.EXE
Description=Part of <a href="http://www.sophos.com/products/software/" target="_blank">Sophos</a> anti-virus sofware
Source=Paul Collins Startup list

[Interdll]
Number=3996
Confirmed=X
Filename=Interdll.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-050207-0707-99" target="_blank">DELF</a> family of TROJANS!
Source=Paul Collins Startup list

[Internal]
Number=3997
Confirmed=X
Filename=[trojan filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092310-2135-99" target="_blank">SMOTHER</a> and <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092413-3334-99" target="_blank">TRANSLAT</a> TROJANS!
Source=Paul Collins Startup list

[Internal]
Number=3998
Confirmed=X
Filename=regedit.exe /s %windir%c:\[month number]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102412-1446-99" target="_blank">FORTNIGHT.D</a> TROJAN!
Source=Paul Collins Startup list

[Internal Memory File]
Number=3999
Confirmed=X
Filename=sysintmemory.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgkt.html" target="_blank">RBOT-GKT</a> WORM!
Source=Paul Collins Startup list

[InternalSystray]
Number=4000
Confirmed=X
Filename=Kazza.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=16106" target="_blank">OPTIX</a> TROJAN! Note - unlike the valid KaZaA executable, this is located in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP)
Source=Paul Collins Startup list

[internat]
Number=4001
Confirmed=X
Filename=internat.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlydraf.html" target=_blank>LYDRA-F</a> TROJAN! Note - the real internat.exe resides in %windir%\system (where %windir% is the Windows directory - C:\Windows or C:\Winnt) whereas this version resides in %windir%
Source=Paul Collins Startup list

[Internat]
Number=4002
Confirmed=X
Filename=systray.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-041019-1534-99" target=_blank>ALADINZ.P</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/systray/" target=_blank>systray.exe</a> process. If you right-click on the real systray.exe the "Properties" reveal it to be a Microsoft file
Source=Paul Collins Startup list

[Internat]
Number=4003
Confirmed=X
Filename=msgsrv32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojnyrubota.html" target= blank>NYRUBOT-A</a> WORM!
Source=Paul Collins Startup list

[Internat]
Number=4004
Confirmed=X
Filename=[trojan filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcmjspyy.html" target=_blank>CMJSPY-Y</a> TROJAN!
Source=Paul Collins Startup list

[Internat Conf]
Number=4005
Confirmed=X
Filename=bootconf.exe
Description=Homepage hijacker, redirecting to coolwwwsearch.com; see for example <a href="http://boards.cexx.org/viewtopic.php?p=2464#2464" target="_blank"> here</a>
Source=Paul Collins Startup list

[internat.exe]
Number=4006
Confirmed=N
Filename=internat.exe
Description=Microsoft language selection icon in system tray, located in the System (Win98/Me) or System32 (WinNT/2K/XP) folder
Source=Paul Collins Startup list

[Internat.exe]
Number=4007
Confirmed=X
Filename=internat.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-081216-0215-99" target="_blank">NETSNAKE</a> TROJAN! Note - the real internat.exe resides in %windir%system (Win98/Me) or %windir%System32 (WinNT/2K/XP) (where %windir% is the Windows directory - C:Windows or C:Winnt) and has a "?" icon wheras this version resides in %windir% and has a ZIP icon
Source=Paul Collins Startup list

[internct]
Number=4008
Confirmed=X
Filename=WinSocks5.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090308-0128-99" target="_blank">GRAYBIRD.F</a> TROJAN!
Source=Paul Collins Startup list

[internet]
Number=4009
Confirmed=X
Filename=smss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmifengk.html" target=_blank>MIFENG-K</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target="_blank">smss.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list

[Internet]
Number=4010
Confirmed=X
Filename=Internet.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpwscs.html" target=_blank>PWS-CS</a> TROJAN!
Source=Paul Collins Startup list

[Internet]
Number=4011
Confirmed=X
Filename=recruit.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajg.html" target=_blank>RBOT-AJG</a> WORM!
Source=Paul Collins Startup list

[internet]
Number=4012
Confirmed=X
Filename=[trojan filename].exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmifengd.html" target=_blank>MIFENG-D</a> TROJAN!
Source=Paul Collins Startup list

[Internet]
Number=4013
Confirmed=X
Filename=winlogom.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Internet]
Number=4014
Confirmed=X
Filename=nteusodp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgfj.html" target="_blank">RBOT-GFJ</a> WORM!
Source=Paul Collins Startup list

[internet]
Number=4015
Confirmed=X
Filename=winsas32.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Internet Answering Machine]
Number=4016
Confirmed=U
Filename=IAMNET~1.EXE
Description=From <a href="http://www.callwave.com/" target="_blank">Callwave</a>. It offers a free utility to monitor your incoming phonecalls if you only have a single telephone line for internet access
Source=Paul Collins Startup list

[Internet Answering Machine]
Number=4017
Confirmed=U
Filename=IAM.exe
Description=From <a href="http://www.callwave.com/" target=_blank>Callwave</a> - offers a free utility to monitor your incoming phonecalls if you only have a single telephone line for internet access
Source=Paul Collins Startup list

[Internet Call Manager]
Number=4018
Confirmed=U
Filename=ICM.EXE
Description=Starts <a href="http://www.infointeractive.com/" target="_blank">Internet Call Manager</a> dialog box and/or taskbar icons at bootup. This is a subscription program from internetcallmanager.com that monitors a dialup phone line for incoming calls and handles voicemail
Source=Paul Collins Startup list

[Internet Config]
Number=4019
Confirmed=X
Filename=svchosts.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99" target="_blank">SDBOT</a> TROJAN!
Source=Paul Collins Startup list

[Internet Connection Wizard]
Number=4020
Confirmed=X
Filename=stisvsq.exe
Description=<a href="http://sarc.com/avcenter/venc/data/adware.easysearch.html" target=_blank>EasySearch</a> adware
Source=Paul Collins Startup list

[Internet Connection Wizard]
Number=4021
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmutsrcha.html" target=_blank>SMUTSRCH-A</a> TROJAN!
Source=Paul Collins Startup list

[Internet Connection Wizard]
Number=4022
Confirmed=X
Filename=stisvsq1.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadrawd.html" target="_blank">DLOADR-AWD</a> TROJAN!
Source=Paul Collins Startup list

[Internet Content Publisher]
Number=4023
Confirmed=X
Filename=ICP.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotud.html" target=_blank>RBOT-UD</a> WORM!
Source=Paul Collins Startup list

[Internet Download Accelerator]
Number=4024
Confirmed=U
Filename=ida.exe
Description=<a href="http://www.westbyte.com/ida/" target=_blank>Internet Download Accelerator</a> download manager 

Source=Paul Collins Startup list

[Internet download manager service]
Number=4025
Confirmed=X
Filename=idman.exe
Description=Added by the <a href="http://www.quickheal.co.in/public/alerts/rbot_bms.asp" target="_blank">RBOT-BMS</a> WORM!
Source=Paul Collins Startup list

[Internet Exploere Services]
Number=4026
Confirmed=X
Filename=urlmon32.dll.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-022814-1723-99" target="_blank">EVIAN.C</a> WORM!
Source=Paul Collins Startup list

[Internet Explore Microsoft]
Number=4027
Confirmed=X
Filename=lEXPLORE.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaof.html" target=_blank>RBOT-AOF</a> WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer
Source=Paul Collins Startup list

[Internet Explorer]
Number=4028
Confirmed=X
Filename=iexplorer.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-072806-1840-99" target="_blank">LORSIS</a> WORM! Note - the legitimate IE (iexplore.exe) does not figure in Msconfig/Startup unless added manually and this loads from the "RunServices" key
Source=Paul Collins Startup list

[Internet Explorer]
Number=4029
Confirmed=X
Filename=IEXPLORE.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotey.html" target=_blank>RBOT-EY</a> WORM! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[Internet Explorer]
Number=4030
Confirmed=X
Filename=IExplorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojnethiefo.html" target=_blank>NETHIEF-O</a> TROJAN!
Source=Paul Collins Startup list

[Internet Explorer]
Number=4031
Confirmed=X
Filename=http.exe
Description=Added as part of a new potential CWS infection, and part of a suite of programs that installs a web server, php, ftp server, socks, and mail server on your computer without your knowledge. These files are known to be part of an infection that transmits information about your bank accounts, passwords, and other financial information. It should be deleted immediately, you should enable your firewall, and you should contact your financial services in order to report the issue and to have your passwords changed
Source=Paul Collins Startup list

[Internet Explorer]
Number=4032
Confirmed=X
Filename=iexpiore.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotazc.html" target=_blank>RBOT-AZC</a> WORM!
Source=Paul Collins Startup list

[Internet Explorer Configuration]
Number=4033
Confirmed=X
Filename=IEXPLORE.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotul.html" target=_blank>SDBOT-UL</a> WORM! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a>) process, which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup unless you add it manually! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[Internet Explorer Security]
Number=4034
Confirmed=X
Filename=iexplore.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotalq.html" target=_blank>RBOT-ALQ</a> WORM!
Source=Paul Collins Startup list

[Internet Explorer Updater]
Number=4035
Confirmed=X
Filename=lexbac.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-101518-4323-99" target="_blank">DOWNLOAD</a> TROJAN!
Source=Paul Collins Startup list

[Internet Explorer Updater]
Number=4036
Confirmed=X
Filename=iexplorer.exe
Description=Added by the  <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-030517-5811-99" target="_blank">REUR.B</a> WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)
Source=Paul Collins Startup list

[Internet History Eraser]
Number=4037
Confirmed=U
Filename=HERASER.exe
Description=<a href="http://www.internet-history-eraser.com/index.html" target="_blank">Internet History Eraser</a> - deletes your browsing tracks
Source=Paul Collins Startup list

[Internet Loader1]
Number=4038
Confirmed=X
Filename=MSInstall61.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-010214-5039-99" target="_blank">KWBOT.B</a> WORM!
Source=Paul Collins Startup list

[Internet Mail and News]
Number=4039
Confirmed=X
Filename=msqdevl.exe
Description=<a href="http://sarc.com/avcenter/venc/data/adware.easysearch.html" target=_blank>EasySearch</a> adware
Source=Paul Collins Startup list

[Internet Mail and News]
Number=4040
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmutsrcha.html" target=_blank>SMUTSRCH-A</a> TROJAN!
Source=Paul Collins Startup list

[Internet Mail and News]
Number=4041
Confirmed=X
Filename=msqdevl1.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadrawd.html" target="_blank">DLOADR-AWD</a> TROJAN!
Source=Paul Collins Startup list

[Internet Optimizer]
Number=4042
Confirmed=U
Filename=optimize.exe
Description=Internet connection optimizer. Leave this enabled if you find it improves your connection
Source=Paul Collins Startup list

[Internet Optimizer]
Number=4043
Confirmed=X
Filename=optimize.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076206" target="_blank">Internet Optimizer</a> parasite, MoneyTree variant - ActiveX control used to download premium-rate dialers

Source=Paul Collins Startup list

[Internet Security Service]
Number=4044
Confirmed=X
Filename=msq32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgfp.html" target="_blank">RBOT-GFP</a> WORM!
Source=Paul Collins Startup list

[Internet Send]
Number=4045
Confirmed=X
Filename=More log.exe
Description=Unidentfied adware
Source=Paul Collins Startup list

[Internet Server]
Number=4046
Confirmed=X
Filename=inetsrv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpaem.html" target=_blank>STARTPA-EM</a> TROJAN!
Source=Paul Collins Startup list

[Internet Service]
Number=4047
Confirmed=X
Filename=intersvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotde.html" target=_blank>SPYBOT-DE</a> WORM!
Source=Paul Collins Startup list

[internet service]
Number=4048
Confirmed=X
Filename=syscfg32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqs.html" target=_blank>RBOT-QS</a> WORM!
Source=Paul Collins Startup list

[internet service]
Number=4049
Confirmed=X
Filename=ssvhost.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[internet service]
Number=4050
Confirmed=X
Filename=svho0st98.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.EAT" target="_blank">RBOT.EAT</a> WORM!
Source=Paul Collins Startup list

[Internet Services]
Number=4051
Confirmed=X
Filename=systemdev.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpw.html" target="_blank">SDBOT-PW</a> WORM!
Source=Paul Collins Startup list

[Internet Services]
Number=4052
Confirmed=X
Filename=internet.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050315-2441-99" target= blank>MYTOB.BT</a> WORM!
Source=Paul Collins Startup list

[Internet Services]
Number=4053
Confirmed=X
Filename=interserv.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BNT&VSect=P" target=_blank>RBOT.BNT</a> WORM!
Source=Paul Collins Startup list

[Internet Services]
Number=4054
Confirmed=X
Filename=Netsvc.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120611-4253-99" target=_blank>MYTOB.MN</a> WORM!
Source=Paul Collins Startup list

[INTERNET SERVISES]
Number=4055
Confirmed=X
Filename=winz32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-103014-5627-99" target="_blank">KWBOT.Z</a> WORM!
Source=Paul Collins Startup list

[Internet Sharing Server]
Number=4056
Confirmed=Y
Filename=iss_srvr.exe
Description=<a target="_blank" href="http://www.intel.com/support/network/anypoint/">Intel AnyPoint</a> internet sharing software. Now discontinued
Source=Paul Collins Startup list

[Internet Suspention]
Number=4057
Confirmed=X
Filename=story.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.HV&VSect=T" target=_blank>WOOTBOT.HV</a> WORM!
Source=Paul Collins Startup list

[Internet Sweeper]
Number=4058
Confirmed=N
Filename=Sweeper.exe
Description=<a href="http://www.bmesite.com/" target="_blank">Internet Sweeper</a> - removes unnecessart left over files after browsing the internet
Source=Paul Collins Startup list

[Internet Timer]
Number=4059
Confirmed=U
Filename=ITIMER.exe
Description=Shareware dial-up connection call cost calculator from <a href="http://www.rat-software.com/" target="_blank">Ratsoft</a>
Source=Paul Collins Startup list

[Internet Washer Pro]
Number=4060
Confirmed=X
Filename=iw.exe
Description=<a href="http://www.internetwasher.com/" target="_blank">Internet Washer</a> manages temporary browser files, cookies, etc - a 'trial' Internet Washer Pro seems to have been widely stealth-installed around March 2003
Source=Paul Collins Startup list

[Internet.exe]
Number=4061
Confirmed=X
Filename=Internet.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-090216-3906-99" target="_blank">MAGICCALL</a> VIRUS!
Source=Paul Collins Startup list

[internet.exe]
Number=4062
Confirmed=X
Filename=yinyin3345.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040611-5356-99" target=_blank>YINI</a> MACRO!
Source=Paul Collins Startup list

[Internet2 Optimizer]
Number=4063
Confirmed=X
Filename=wkfix.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[InternetExplorer2]
Number=4064
Confirmed=X
Filename=windows.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotczp.html" target="_blank">SDBOT-CZP</a> WORM!
Source=Paul Collins Startup list

[InternetSpy]
Number=4065
Confirmed=U
Filename=InternetSpy.exe
Description=<a href="http://www.spyarsenal.com/internet-spy/" target="_blank">Internet Spy</a> - freeware keylogger that tracks all visited websites including the date and exact time these sites were visited. The information is stored in a file that may be accessed by the person who knows where it is saved. Remove unless you installed it yourself!
Source=Paul Collins Startup list

[InternetWasherPro]
Number=4066
Confirmed=X
Filename=iw.exe
Description=<a href="http://www.internetwasher.com/" target="_blank">Internet Washer</a> manages temporary browser files, cookies, etc - a 'trial' Internet Washer Pro seems to have been widely stealth-installed around March 2003
Source=Paul Collins Startup list

[INTERNET_SERVISES]
Number=4067
Confirmed=X
Filename=winz32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100716-1337-99" target="_blank">SDBOT.Q</a> TROJAN!
Source=Paul Collins Startup list

[InternodeUsage]
Number=4068
Confirmed=U
Filename=mum.exe
Description=Australian ISP's free monthly download meter
Source=Paul Collins Startup list

[Internt]
Number=4069
Confirmed=X
Filename=Internt.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091918-3229-99" target="_blank">PEEPER</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-041911-4812-99" target="_blank">CARUFAX.A</a> TROJANS!
Source=Paul Collins Startup list

[Intersoft Msngr]
Number=4070
Confirmed=X
Filename=intersoftmsngr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotnw.html" target=_blank>AGOBOT-NW</a> WORM!
Source=Paul Collins Startup list

[InterTrust Quick Start]
Number=4071
Confirmed=N
Filename=it_cpq~1.exe
Description=<a href="http://www.intertrust.com/index.html" target="_blank">InterTrust</a> offers something known as Digital Rights Management to control legal software download and other E-commerce related business
Source=Paul Collins Startup list

[InterU]
Number=4072
Confirmed=X
Filename=WINDRV.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_IRCINTER.A" target="_blank">IRCINTER.A</a> TROJAN!
Source=Paul Collins Startup list

[Intervideo Win Cinema Manager]
Number=4073
Confirmed=N
Filename=WinCinemaMgr.exe
Description=<a href="http://www.intervideo.com/jsp/WinCinema_Manager_Download.jsp" target="_blank">WinCinema Manager</a> is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[Intervideo Win Cinema Manager]
Number=4074
Confirmed=N
Filename=WINCIN~1.EXE
Description=<a href="http://www.intervideo.com/jsp/WinCinema_Manager_Download.jsp" target="_blank">WinCinema Manager</a> is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[Intervideo WinCinema Manager]
Number=4075
Confirmed=N
Filename=WinCinemaMgr.exe
Description=<a href="http://www.intervideo.com/jsp/WinCinema_Manager_Download.jsp" target="_blank">WinCinema Manager</a> is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[Intervideo WinCinema Manager]
Number=4076
Confirmed=N
Filename=WINCIN~1.EXE
Description=<a href="http://www.intervideo.com/jsp/WinCinema_Manager_Download.jsp" target="_blank">WinCinema Manager</a> is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[Intervideo WinScheduler]
Number=4077
Confirmed=N
Filename=WinScheduler.exe
Description=<a href="http://www.intervideo.com" target="_blank">WinScheduler</a> is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[Intervideo WinScheduler]
Number=4078
Confirmed=N
Filename=SchSvr.exe
Description=<a href="http://www.intervideo.com" target="_blank">WinScheduler</a> is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs
Source=Paul Collins Startup list

[InterWARN]
Number=4079
Confirmed=U
Filename=interwarn.exe
Description=<a href="http://www.interwarn.com/interwarn.html" target="_blank">InterWARN</a> by Storm Alert Inc. Provides customized, automated access to critical weather and civil emergency information from the US National Weather Service. Required if audio and screen crawler alerts are desired. Also available via Start -&gt; Programs
Source=Paul Collins Startup list

[Intespention]
Number=4080
Confirmed=X
Filename=IEXPLORE.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotfl.html" target=_blank>FORBOT-FL</a> WORM! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[Intmgr]
Number=4081
Confirmed=X
Filename=Intmgr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list

[intranet]
Number=4082
Confirmed=X
Filename=SYS32CFG.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotdw.html" target=_blank>SPYBOT-DW</a> WORM!
Source=Paul Collins Startup list

[Intranet]
Number=4083
Confirmed=X
Filename=intranet.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CHIMOZ.AC" target="_blank">CHIMOZ.AC</a> TROJAN!
Source=Paul Collins Startup list

[Intrenat]
Number=4084
Confirmed=X
Filename=Intrenat.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091918-1348-99" target="_blank">LEMIR.E</a> TROJAN!
Source=Paul Collins Startup list

[Introducing Media Manager]
Number=4085
Confirmed=N
Filename=SPLASHA.EXE
Description=<a href="http://www.frontpageworld.com/frontpagetools/mediamanager/default.htm" target="_blank">MS Media Manager</a> tour. Not required
Source=Paul Collins Startup list

[Introduction-Registration]
Number=4086
Confirmed=N
Filename=??
Description=For Compaq PC's. Should only run first time, PC Introduction &amp; Compaq registration
Source=Paul Collins Startup list

[IntruderAlert]
Number=4087
Confirmed=X
Filename=ia99.exe
Description=<a href="http://www.safersite.com/PestInfo/db/i/internetalert.asp" target="_blank">Intruder Alert '99</a> from Bonzi - spyware
Source=Paul Collins Startup list

[IntSys1]
Number=4088
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbanloaase.html" target="_blank">BANLOA-ASE</a> TROJAN!
Source=Paul Collins Startup list

[Inventory Scan]
Number=4089
Confirmed=U
Filename=LDISCN32.EXE
Description=LANDesk <a href="http://www.landesk.com/Products/LDMS/" target=_blank>Management_Suite</a> software component
Source=Paul Collins Startup list

[Ioadqm]
Number=4090
Confirmed=X
Filename=Media Player.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-031911-0624-99" target="_blank">HAWAWI</a> WORM!
Source=Paul Collins Startup list

[iobi]
Number=4091
Confirmed=N
Filename=iobiClient.exe
Description=<a href="https://www22.verizon.com/iobihome/" target=_blank>iobi Home</a> - a mail/voice service by Verizon
Source=Paul Collins Startup list

[Iolo Task Agent]
Number=4092
Confirmed=U
Filename=Task_Agent.exe
Description=Iolo <a href="http://www.iolo.com/sm/index.cfm" target="_blank">System Mechanic</a> Task Agent. Scheduled maintenance
Source=Paul Collins Startup list

[iolo Utility Bar]
Number=4093
Confirmed=N
Filename=SMUtilityBar.exe
Description=Iolo System Mechanic <a href="http://www.iolo.com/sm/4/tool.cfm?tool=66&collection=SM" target="_blank">Utility Bar</a> - can be launched manually
Source=Paul Collins Startup list

[ioloDelayModule]
Number=4094
Confirmed=U
Filename=delay.exe
Description=Part of Iolo <a href="http://www.iolo.com/sm/index.cfm" target="_blank">System Mechanic</a>. Used to delay the start of an application which loads automatically as Windows loads
Source=Paul Collins Startup list

[Iomega Automatic Backup]
Number=4095
Confirmed=U
Filename=ibackup.exe
Description=<a href="http://www.iomega.com/global/index.jsp" target="_blank">Iomega</a> Automatic Backup - automatic backups for use with Iomega portable HDD
Source=Paul Collins Startup list

[Iomega Automatic Backup 1.0.1]
Number=4096
Confirmed=U
Filename=ibackup.exe
Description=<a href="http://www.iomega.com/global/index.jsp" target="_blank">Iomega</a> Automatic Backup - automatic backups for use with Iomega portable HDD
Source=Paul Collins Startup list

[Iomega Backup Scheduler]
Number=4097
Confirmed=N
Filename=dtiom98.exe
Description=Used by Iomega drives. Details of its purpose can be found <a href="http://pw2.netcom.com/~deepone/zipjaz/ioware.html#startup" target="_blank">here</a>. Available via Start -> Programs
Source=Paul Collins Startup list

[Iomega Disk Icons]
Number=4098
Confirmed=U
Filename=IMGICON.EXE
Description=Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running
Source=Paul Collins Startup list

[Iomega Drive Icons]
Number=4099
Confirmed=U
Filename=IMGICON.EXE
Description=Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running
Source=Paul Collins Startup list

[Iomega ImIconXP]
Number=4100
Confirmed=U
Filename=imiconxp.exe
Description=Iomega <a href="http://iomega-na-en.custhelp.com/cgi-bin/iomega_na_en.cfg/php/enduser/std_adp.php?p_faqid=16454" target="_blank">REV System</a> Software - allows your Iomega REV drive to interact with the operating system via the Iomega REV UDF file system, and provides drag-and-drop file access, access and write protection, and formatting of the disks
Source=Paul Collins Startup list

[Iomega QuickSync]
Number=4101
Confirmed=?
Filename=Quicksync.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Iomega Startup Options]
Number=4102
Confirmed=N
Filename=IMGSTART.EXE
Description=Used by Iomega drives. Details of its purpose can be found <a href="http://pw2.netcom.com/~deepone/zipjaz/ioware.html#startup" target="_blank">here</a>. Available via Start -> Programs
Source=Paul Collins Startup list

[Iomega Watch]
Number=4103
Confirmed=N
Filename=IOWATCH.EXE
Description=Used by Iomega drives. Available via Start -> Programs
Source=Paul Collins Startup list

[IomegaWare]
Number=4104
Confirmed=N
Filename=COMMANDER.EXE
Description=Used by Iomega drives. Details of its purpose can be found <a href="http://pw2.netcom.com/~deepone/zipjaz/ioware.html#startup" target="_blank">here</a>. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[Iomon98.exe]
Number=4105
Confirmed=U
Filename=Iomon98.exe
Description=PC-Cillin 98 real time virus check. Can cause floppy disk accesses to hang
Source=Paul Collins Startup list

[IP Stack]
Number=4106
Confirmed=X
Filename=ipstack.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.CW" target="_blank">AGOBOT.CW</a> WORM!
Source=Paul Collins Startup list

[IP**.exe [* = random char]]
Number=4107
Confirmed=X
Filename=IP**.exe [* = random char]
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
Source=Paul Collins Startup list

[IP**32.exe [* = random char]]
Number=4108
Confirmed=X
Filename=IP**32.exe [* = random char]
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
Source=Paul Collins Startup list

[iPalm]
Number=4109
Confirmed=N
Filename=mon.exe
Description=Installed with a Panasonic <a href="http://www.steves-digicams.com/dc3000.html" target="_blank">iPalm</a> digital camera. Used to upload photos from the camera. If your camera is not connected (via USB port) you do not need this program loaded
Source=Paul Collins Startup list

[IPC Connection]
Number=4110
Confirmed=X
Filename=ipcconn.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaeg.html" target=_blank>RBOT-AEG</a> WORM!
Source=Paul Collins Startup list

[IPC Spool Manager]
Number=4111
Confirmed=X
Filename=wnmgre.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzc.html" target= blank>SDBOT-ZC</a> WORM!
Source=Paul Collins Startup list

[IPC Spool Manager]
Number=4112
Confirmed=X
Filename=winspec.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotblu.html" target=_blank>SDBOT-BLU</a> WORM!
Source=Paul Collins Startup list

[ipcfg.exe]
Number=4113
Confirmed=X
Filename=ipcfg.exe
Description=Adware - recognized by McAfee antivirus as a variant of the <a href="http://vil.mcafeesecurity.com/vil/content/v_130215.htm" target=_blank>AdClicker-BM</a> trojan
Source=Paul Collins Startup list

[IPConfig]
Number=4114
Confirmed=X
Filename=svcxnv32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-101417-2331-99" target=_blank>HACARMY.E</a> TROJAN!
Source=Paul Collins Startup list

[IPConfig]
Number=4115
Confirmed=X
Filename=svcxnw32.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-101417-2331-99" target=_blank>HACARMY.E</a> TROJAN!
Source=Paul Collins Startup list

[IpCtrl]
Number=4116
Confirmed=X
Filename=ipcon32.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!

Source=Paul Collins Startup list

[IPFW]
Number=4117
Confirmed=X
Filename=ipwf.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderyf.html" target=_blank>DLOADER-YF</a> TROJAN!
Source=Paul Collins Startup list

[IPHSend]
Number=4118
Confirmed=?
Filename=IPHSend.exe
Description=AOL related. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[IPInSightLAN 0*]
Number=4119
Confirmed=X
Filename=ipclient.exe
Description=Installed with Verizon DSL accounts. IP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see <a href="http://www.dslreports.com/faq/1247" target=_blank>here</a> for more information. This one constantly "phones home" and wastes resources. * represents 1 or 2

Source=Paul Collins Startup list

[IPInSightMonitor  0*]
Number=4120
Confirmed=N
Filename=ipmon32.exe
Description=Installed with Verizon DSL accounts. IP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see <a href="http://www.dslreports.com/faq/1247" target=_blank>here</a> for more information. * represents 1 or 2

Source=Paul Collins Startup list

[IPinst]
Number=4121
Confirmed=Y
Filename=N/A
Description=For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out
Source=Paul Collins Startup list

[iPlusAgent2]
Number=4122
Confirmed=?
Filename=iAgent2.exe
Description=Related to <a href="http://www.iriver.com/" target="_blank">iriver</a> portable media products. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[ipmon.exe]
Number=4123
Confirmed=X
Filename=ipmon.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-042813-0206-99" target="_blank">RECERV</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032316-3538-99" target="_blank">R3C.B</a> TROJANS!
Source=Paul Collins Startup list

[IpNetwork]
Number=4124
Confirmed=X
Filename=ipnetwork.exe
Description=Maxifiles adware
Source=Paul Collins Startup list

[Ipnuker]
Number=4125
Confirmed=X
Filename=Ipnuker.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-091412-3836-99" target=_blank>INKER.B</a> WORM!
Source=Paul Collins Startup list

[iPOD USB Driver]
Number=4126
Confirmed=X
Filename=IPODUSB.EXE
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[iPod USB Service]
Number=4127
Confirmed=X
Filename=iPODService.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM! Do NOT confuse with the Apple iPod process of the same name. The legitimate iPod file will always be located in the Program Files\iPod\bin folder, and is implemented as a system service, thus NOT listed in Msconfig/Startup!
Source=Paul Collins Startup list

[iPodManager]
Number=4128
Confirmed=U
Filename=iPodManager.exe
Description=Apple iPod Management software for the iPod MP3 player. Allows updating, formating, restoring and other functions associated with iPods
Source=Paul Collins Startup list

[iPodWatcher]
Number=4129
Confirmed=?
Filename=iPodWatcher.exe
Description=Associated with Apple's iPod MP3 player. <font color="#FF0000">Detects when the iPod is connected?</font>
Source=Paul Collins Startup list

[IPOT Service Drivers]
Number=4130
Confirmed=X
Filename=compaq.exe
Description=Added by a variant of the <a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=127131" target=_blank>FUROOTKIT</a> TROJAN!
Source=Paul Collins Startup list

[IPOT Service Drivers]
Number=4131
Confirmed=X
Filename=compaq.exe
Description=Added by a variant of the <a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=127131" target=_blank>FUROOTKIT</a> TROJAN!
Source=Paul Collins Startup list

[IPOT USB Service DRIVER]
Number=4132
Confirmed=X
Filename=hpsebc087.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwa.html" target= blank>SDBOT-WA</a> WORM!
Source=Paul Collins Startup list

[IPOT USB Service DRV32]
Number=4133
Confirmed=X
Filename=hpsebc08.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwh.html" target=_blank>SDBOT-WH</a> WORM!
Source=Paul Collins Startup list

[IPPDetect]
Number=4134
Confirmed=N
Filename=IPP4Detect.exe
Description=Part of Presto! <a href="http://www.newsoftinc.com/" target=_blank>Mr.Photo</a> - "an ideal program for creating, sharing, and manag-ing digital images and videos"

Source=Paul Collins Startup list

[ipreg]
Number=4135
Confirmed=X
Filename=ipreg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzagabanh.html" target=_blank>ZAGABAN-H</a> TROJAN!
Source=Paul Collins Startup list

[iPrint Tray]
Number=4136
Confirmed=N
Filename=iprntctl.exe
Description=Novell® <a href="http://www.novell.com/products/netware/printing/quicklook.html" target=_blank>iPrint</a> - based on Novell Distributed Print Services - enables you to send documents to printers located throughout the Net
Source=Paul Collins Startup list

[iProtectYou]
Number=4137
Confirmed=U
Filename=ip.exe
Description=<a href="http://www.softforyou.com/ip-index.html" target="_blank">iProtectYou</a> - internet filtering/parental control and network monitoring software
Source=Paul Collins Startup list

[iprun]
Number=4138
Confirmed=X
Filename=iPY.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080315-2028-99" target=_blank>iProtectYou</a> spyware
Source=Paul Collins Startup list

[ipsecdialer]
Number=4139
Confirmed=U
Filename=IPSECD~1.EXE
Description=Cisco <a href="http://www.cisco.com/en/US/products/sw/secursw/ps2308/" target=_blank>VPN Client</a> - lets local users gain Administrator privileges on the operating system
Source=Paul Collins Startup list

[ipsecdialer]
Number=4140
Confirmed=U
Filename=ipsecdialer.exe
Description=Cisco <a href="http://www.cisco.com/en/US/products/sw/secursw/ps2308/" target=_blank>VPN Client</a> - lets local users gain Administrator privileges on the operating system
Source=Paul Collins Startup list

[IPSecMon]
Number=4141
Confirmed=Y
Filename=IPSecMon.exe
Description=<a href="http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/l2tpclient.asp" target="_blank">Microsoft L2TP/IPSec VPN Client</a> for Win98/Me/NT. Secure technology for making remote access virtual private network (VPN) connections across public networks such as the Internet
Source=Paul Collins Startup list

[IPTable Configuration]
Number=4142
Confirmed=X
Filename=Winipcfgs.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[iptray]
Number=4143
Confirmed=N
Filename=iptray.exe
Description=System Tray access to <a href="http://www.intel.com/design/motherbd/software/idu/" target="_blank">Intel Desktop Utilities</a> - "provides you with the means to monitor system temperatures, voltages, fan speeds, and hard drive health; view detailed system information, and test your system hardware for common errors"
Source=Paul Collins Startup list

[IPv6 Helper Driver]
Number=4144
Confirmed=X
Filename=csass.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.TC" target=_blank>AGOBOT.TC</a> WORM!
Source=Paul Collins Startup list

[IPv6 STUN Service]
Number=4145
Confirmed=X
Filename=netstun.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[IPW]
Number=4146
Confirmed=N
Filename=IPW.exe
Description=<a href="http://www.actiontec.com/index.php" target=_blank>Internet Phone Wizard</a> from Actiontec - Voice over IP (VoIP) that allows you to "make and receive free Internet calls on your regular phone" whilst "at the same time, make and receive regular (landline) calls on your phone"
Source=Paul Collins Startup list

[ipwf]
Number=4147
Confirmed=X
Filename=ipwf.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-091217-1451-99" target=_blank>SCHOEBERL</a> TROJAN!
Source=Paul Collins Startup list

[IpWins]
Number=4148
Confirmed=X
Filename=ipwins.exe
Description=Added by <a href="http://fileinfo.prevx.com/QQe40518491950-IPWI14714762/IPWINS.EXE.html" target=_blank>Maxfiles</a> adware

Source=Paul Collins Startup list

[ipxwshel]
Number=4149
Confirmed=X
Filename=ipxwshel.exe
Description=Added by the <a href="http://www.f-secure.com/v-descs/warezov_dg.shtml" target="_blank">WAREZOV.DG</a> WORM!
Source=Paul Collins Startup list

[IQES.exe]
Number=4150
Confirmed=?
Filename=iqes.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Ir41_32.ax]
Number=4151
Confirmed=U
Filename=regsvr32.exe [path] Ir41_32.ax
Description=Intel® Indeo® video 4.4 Decompression Filter related

Source=Paul Collins Startup list

[irassync]
Number=4152
Confirmed=X
Filename=irasyncd.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Adw.NewAds.IRASSync&threatid=42624" target="_blank">IRASSync</a> adware
Source=Paul Collins Startup list

[irc session]
Number=4153
Confirmed=X
Filename=sessionmgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotace.html" target=_blank>SDBOT-ACE</a> WORM!
Source=Paul Collins Startup list

[IREIKE]
Number=4154
Confirmed=Y
Filename=IreIKE.exe
Description=<a href="http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/l2tpclient.asp" target="_blank">Microsoft L2TP/IPSec VPN Client</a> for Win98/Me/NT. Secure technology for making remote access virtual private network (VPN) connections across public networks such as the Internet
Source=Paul Collins Startup list

[iRis Active Monitor]
Number=4155
Confirmed=N
Filename=winmon32.exe
Description=Iris Antivirus - discontinued, replace with good alternative
Source=Paul Collins Startup list

[iRiS AntiVirus Active Monitor]
Number=4156
Confirmed=N
Filename=WIMMUN32.exe
Description=Iris Antivirus - discontinued, replace with good alternative
Source=Paul Collins Startup list

[iRiver AutoDB]
Number=4157
Confirmed=U
Filename=MLService.exe
Description=Associated with the <a href="http://www.iriver.com/" target=_blank>iRiver</a> Music Manager
Source=Paul Collins Startup list

[iRiver Updater]
Number=4158
Confirmed=N
Filename=Updater.exe
Description=Updates for the <a href="http://www.iriver.com/" target="_blank">iRiver Music Manager</a> - used with their digital music players
Source=Paul Collins Startup list

[IrMon]
Number=4159
Confirmed=U
Filename=IRMON.EXE
Description=System Tray access to infra-red devices. Not required unless you use infra-red devices
Source=Paul Collins Startup list

[IRPMonitor]
Number=4160
Confirmed=?
Filename=itcnmon.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[irssyncd]
Number=4161
Confirmed=X
Filename=irssyncd.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050804-2316-99" target=_blank>SafeSurfing</a> adware variant
Source=Paul Collins Startup list

[Irwftp]
Number=4162
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosap.html" target=_blank>BANCOS-AP</a> TROJAN!

Source=Paul Collins Startup list

[irwftp]
Number=4163
Confirmed=X
Filename=iexplorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankeran.html" target=_blank>BANKER-AN</a> TROJAN!
Source=Paul Collins Startup list

[irwftp]
Number=4164
Confirmed=X
Filename=ftpmon.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanbo.html" target= blank>BANCBAN-BO</a> TROJAN!
Source=Paul Collins Startup list

[IrXfer]
Number=4165
Confirmed=U
Filename=IrXfer.exe
Description=Microsoft Infrared Transfer application
Source=Paul Collins Startup list

[ir_ftp]
Number=4166
Confirmed=X
Filename=ir_ftp.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031212-3211-99" target="_blank">IRFTP</a> TROJAN!
Source=Paul Collins Startup list

[ir_ftp]
Number=4167
Confirmed=X
Filename=irwftp.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040611-2418-99" target="_blank">BANCOS.H</a> TROJAN!
Source=Paul Collins Startup list

[IS CfgWiz]
Number=4168
Confirmed=N
Filename=cfgwiz.exe
Description=Norton Internet Security configuration wizard
Source=Paul Collins Startup list

[Isass]
Number=4169
Confirmed=X
Filename=Isass.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102709-3103-99" target=_blank>FUTRO</a> TROJAN!
Source=Paul Collins Startup list

[ISBMgr.exe]
Number=4170
Confirmed=U
Filename=ISBMgr.exe
Description=Related to Sony ISB Utility. This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems
Source=Paul Collins Startup list

[iscch]
Number=4171
Confirmed=X
Filename=iscch.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lcpranka.html" target="_blank">LCPRANK-A</a> WORM!
Source=Paul Collins Startup list

[isdbdc]
Number=4172
Confirmed=N
Filename=isdbdc.exe
Description=For Compaq PC's. May install properties in dial-up networking when you register with an ISP
Source=Paul Collins Startup list

[isDeleteMe]
Number=4173
Confirmed=U
Filename=isDel.bat
Description=Used by Norton Internet Security to remove certain files and directories on reboot when uninstalling their product
Source=Paul Collins Startup list

[ISDN Monitor]
Number=4174
Confirmed=N
Filename=Linksts.exe
Description=Tray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor or configure your ISDN card. Once you have configured your ISDN card correctly, you will never need to use this icon
Source=Paul Collins Startup list

[ISDNwatch]
Number=4175
Confirmed=U
Filename=IWatch.exe
Description=<a href="http://www.avm.de/en/press/announcements/2003/2003_05_19_1.php3" target="_blank">FRITZ!X ISDNWatch</a> - "dialing filter for more security and control on the ISDN PC. The PC is doubly protected against dialer programs and premium-service numbers: ISDNWatch allows the user to block calls to and from both individual numbers and whole number blocks"
Source=Paul Collins Startup list

[ISHelp]
Number=4176
Confirmed=U
Filename=help.exe
Description=<a href="http://sarc.com/avcenter/venc/data/spyware.ispy.html" target=_blank>ISpy</a> is a security risk that logs keystrokes and captures screenshots. If you didn't install this yourself uninstall it
Source=Paul Collins Startup list

[iShield]
Number=4177
Confirmed=U
Filename=iShield.exe
Description="GuardWare <a href="http://www.guardwareinc.com/ishield/isaboutus.html" target="_blank">iShield</a> blocks pornographic images when you surf the Internet on your computer using a web browser"
Source=Paul Collins Startup list

[ISLP2STA]
Number=4178
Confirmed=Y
Filename=ISLP2STA.EXE
Description=A process from Cisco Systems Inc associated with Windows Update for wireless NIC drivers
Source=Paul Collins Startup list

[ISP.COM High Speed]
Number=4179
Confirmed=Y
Filename=slipgui.exe
Description=User interface for <a href="http://www.slipstream.com/our_solutions/value-added.html" target=_blank>Slipstream</a> - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pix. Used by popular ISPs such as IceNet, Wanadoo, Terra, OnSpeed, United Online and AOL Canada. Required if the user's account is locked in to that proxy server
Source=Paul Collins Startup list

[ISPSERVICE]
Number=4180
Confirmed=X
Filename=psycho.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircfloodo.html" target="_blank">IRCFLOOD-O</a> TROJAN!
Source=Paul Collins Startup list

[iSpyNOW]
Number=4181
Confirmed=U
Filename=ispynow.exe
Description=<a href="http://www.ispynow.com/" target="_blank">iSpyNOW</a> - remote monitoring and surveillance software
Source=Paul Collins Startup list

[Israfel]
Number=4182
Confirmed=X
Filename=Israfel.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040815-5555-99" target="_blank">GAGGLE.D</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-070814-1115-99" target="_blank">GAGGLE.E</a> WORMS!
Source=Paul Collins Startup list

[IsReminder]
Number=4183
Confirmed=N
Filename=ISPopup.exe
Description=Related to GuardWare <a href="http://www.guardwareinc.com/ishield/isaboutus.html" target="_blank">iShield</a> - this is the registration reminder for the trial version, so not required in startup
Source=Paul Collins Startup list

[issEnc32Svr]
Number=4184
Confirmed=X
Filename=issEnc32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[ISSI EZUpdate Service]
Number=4185
Confirmed=N
Filename=issimsvc.exe
Description=Part of IBM Global Services - used internally by IBM for automatic updating of software and Microsoft patching
Source=Paul Collins Startup list

[ISStart]
Number=4186
Confirmed=U
Filename=ISStart.exe
Description=LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendation
Source=Paul Collins Startup list

[ISSVC]
Number=4187
Confirmed=Y
Filename=ISSVC.exe
Description=Part of Norton Internet Security Suite
Source=Paul Collins Startup list

[ISS_Certtool]
Number=4188
Confirmed=Y
Filename=certtool.exe
Description=<a href="http://www.fileresearchcenter.com/C/CERTTOOL.EXE-3761.html" target=_blank>IBM Client Security</a> Certification Tool

Source=Paul Collins Startup list

[IST Service]
Number=4189
Confirmed=X
Filename=istsvc.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091913-2632-99" target="_blank">ISTBar</a> adware
Source=Paul Collins Startup list

[ist service uninstall]
Number=4190
Confirmed=X
Filename=[random filename]
Description=<a href="http://sarc.com/avcenter/venc/data/adware.istbar.html" target="_blank">ISTBar</a> parasite related
Source=Paul Collins Startup list

[istinstall zazzer.exe]
Number=4191
Confirmed=X
Filename=istinstall zazzer.exe
Description=Unidentified adware downloader/installer
Source=Paul Collins Startup list

[ISUSPM Startup]
Number=4192
Confirmed=N
Filename=ISUSPM.exe
Description=InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you're always working with the most current version
Source=Paul Collins Startup list

[ISUSScheduler]
Number=4193
Confirmed=N
Filename=issch.exe
Description=InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you're always working with the most current version
Source=Paul Collins Startup list

[isxa]
Number=4194
Confirmed=X
Filename=isxa.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmalleiv.html" target="_blank">SMALL-EIV</a> TROJAN!
Source=Paul Collins Startup list

[isystem]
Number=4195
Confirmed=X
Filename=isystem.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojchorusa.html" target=_blank>CHORUS-A</a> TROJAN! Searchforfree browser hijacker
Source=Paul Collins Startup list

[ItalU]
Number=4196
Confirmed=X
Filename=italfds.exe
Description=Added by a TROJAN! See <a href="http://www.fileresearchcenter.com/I/ITALFDS.EXE-9030.html" target="_blank">here</a> TROJAN!
Source=Paul Collins Startup list

[Itk]
Number=4197
Confirmed=U
Filename=Itk.exe
Description=<a href="http://www.itksoft.com/index.asp" target="_blank">In The Know</a> - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it
Source=Paul Collins Startup list

[itk.exe]
Number=4198
Confirmed=U
Filename=itk.exe
Description=<a href="http://www.mlin.net/other.shtml" target="_blank">Insert ToggleKey</a> by Mike Lin. ITK sounds a tone whenever you press Insert
Source=Paul Collins Startup list

[iTouch]
Number=4199
Confirmed=U
Filename=iTouch.exe
Description=iTouch loads the iTouch configuration program for Logitech keyboards. It's needed if your keyboard has shortcut buttons and if you use them. It's also needed if your keyboard does not have the num lock, caps lock, and scroll lock lights on it and you use the on-screen displays for num lock, caps lock, and scroll lock
Source=Paul Collins Startup list

[ItsDeductiblePopUp]
Number=4200
Confirmed=N
Filename=ItsDeductible.exe
Description=<a href="http://www.itsdeductible2.com/" target="_blank">ItsDeductible</a> from Income Dynamics. Calculates your noncash donations quickly and easily. This startup entry checks a registry entry for the next 'PopUp' date and if it is a past or current date displays a program related tip
Source=Paul Collins Startup list

[ITUNES]
Number=4201
Confirmed=X
Filename=itune.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotzu.html" target= blank>RBOT-ZU</a> WORM!
Source=Paul Collins Startup list

[ITUNES]
Number=4202
Confirmed=X
Filename=itunes.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32oscabotl.html" target="_blank">OSCABOT-L</a> WORM! Note - this file will be placed in the Windows\System32 or Winnt\System32 folder, and should not be confused with the (legitimate) Apple iTunes process, always located in the Program Files\iTunes folder
Source=Paul Collins Startup list

[Itunes]
Number=4203
Confirmed=X
Filename=dials.exe
Description=Detected as Trojan-Dropper.Win32.Agent.mm by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> Anti-Virus
Source=Paul Collins Startup list

[iTunes Helper]
Number=4204
Confirmed=Y
Filename=iTunesHelper.exe
Description=Installed with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendation
Source=Paul Collins Startup list

[iTunes Music]
Number=4205
Confirmed=X
Filename=iTunesHelper32.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[iTunesAgent]
Number=4206
Confirmed=X
Filename=ita.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.U</a> TROJAN!
Source=Paul Collins Startup list

[itunesff]
Number=4207
Confirmed=X
Filename=itunesff.exe
Description=Added by the <a href="http://www.bleepingcomputer.com/startups/itunesff.exe-14014.html" target="_blank">EB</a> adult premium dialer
Source=Paul Collins Startup list

[iTunesHelper]
Number=4208
Confirmed=Y
Filename=iTunesHelper.exe
Description=Installed with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendation
Source=Paul Collins Startup list

[itype]
Number=4209
Confirmed=?
Filename=itype.exe
Description=<a href="http://www.microsoft.com/downloads/details.aspx?familyid=3D0BA152-5D92-4772-A2FD-5AB35C750685&displaylang=en" target=_blank>Microsoft IntelliType Pro</a> keyboard related - <font color=#FF0000>what does it do and is it required?</font>

Source=Paul Collins Startup list

[Iusage]
Number=4210
Confirmed=N
Filename=netdet.exe
Description=<a href="http://members.tripod.com/gauravdhup0/iumos.html" target="_blank">Internet Usage Monitor</a> - utility to calculate the cost and time on the internet via dial-up
Source=Paul Collins Startup list

[iut75]
Number=4211
Confirmed=X
Filename=uzcx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadraxv.html" target="_blank">DLOADER-AXV</a> TROJAN!
Source=Paul Collins Startup list

[IVPServiceMgr]
Number=4212
Confirmed=N
Filename=ivpsvmgr.exe
Description=Toshiba IVP Service Manager application which appears as a red satellite dish icon in the System Tray. This is Toshiba's equivalent to the Windows Automatic Update feature as, whenever you are connected to the Internet, it will check for Windows updates and Toshiba updates
Source=Paul Collins Startup list

[ivy.exe]
Number=4213
Confirmed=X
Filename=ivy.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentenz.html" target="_blank">AGENT-ENZ</a> TROJAN!
Source=Paul Collins Startup list

[IW ControlCenter]
Number=4214
Confirmed=N
Filename=iwctrl.exe
Description=<a href="http://www.pinnaclesys.com/" target="_blank">Pinnacle Systems</a> InstantWrite enables you to use your CD-R, CD-RW and DVD-RAM drive just like a hard disk or floppy disk. You can drag and drop files, create new directories right on your CD-R, CD-RW or DVD-RAM. Maybe required if you use this feature on a regular basis
Source=Paul Collins Startup list

[iwctrl]
Number=4215
Confirmed=U
Filename=iwctrl.exe
Description=<a href="http://www.pinnaclesys.com/" target="_blank">Pinnacle Systems</a> InstantWrite enables you to use your CD-R, CD-RW and DVD-RAM drive just like a hard disk or floppy disk. You can drag and drop files, create new directories right on your CD-R, CD-RW or DVD-RAM. Maybe required if you use this feature on a regular basis
Source=Paul Collins Startup list

[ixplore]
Number=4216
Confirmed=X
Filename=ixplore.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsdbotcy.html" target=_blank>SDBOT-CY</a> TROJAN!
Source=Paul Collins Startup list

[ixproxy]
Number=4217
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojxorpixa.html" target=_blank>XORPIX-A</a> TROJAN!
Source=Paul Collins Startup list

[iyelejiv]
Number=4218
Confirmed=X
Filename=yujixit.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BJK&VSect=P" target=_blank>SDBOT.BJK</a> WORM!
Source=Paul Collins Startup list

[IZE]
Number=4219
Confirmed=?
Filename=N/A
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[j2 Tray Menu]
Number=4220
Confirmed=N
Filename=HotTray.exe
Description=eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available <a href="http://home.efax.com/I18N/FAQ/faq_uk.html" target="_blank">here</a>
Source=Paul Collins Startup list

[JA Cfg Util v2]
Number=4221
Confirmed=X
Filename=jacfg2.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotal.html" target=_blank>RBOT-AL</a> WORM!
Source=Paul Collins Startup list

[JA Config 32]
Number=4222
Confirmed=X
Filename=Awesome32.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Jammer]
Number=4223
Confirmed=U
Filename=jammer.exe
Description=Jammer by Agnitum - "Jammer is the last word in Internet security. It combines a user-friendly interface with very sophisticated and powerful security measures that protect your Windows system while you are surfing the web"
Source=Paul Collins Startup list

[Jammer2nd]
Number=4224
Confirmed=X
Filename=Jammer2nd.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042110-2302-99" target="_blank">NETSKY.Z</a> WORM!
Source=Paul Collins Startup list

[Java applet]
Number=4225
Confirmed=X
Filename=javaup.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotacf.html" target=_blank>SDBOT-ACF</a> WORM!
Source=Paul Collins Startup list

[Java Auto Update]
Number=4226
Confirmed=X
Filename=ujm.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotadh.html" target=_blank>SDBOT-ADH</a> WORM!
Source=Paul Collins Startup list

[Java Runtime Environment]
Number=4227
Confirmed=X
Filename=jbuild.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotj.html" target="_blank">DELBOT-J</a> WORM!
Source=Paul Collins Startup list

[Java Runtime Value]
Number=4228
Confirmed=X
Filename=runjava.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotddj.html" target="_blank">RBOT-DDJ</a> WORM!
Source=Paul Collins Startup list

[Java Runtimes]
Number=4229
Confirmed=X
Filename=iexplore.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090717-4224-99" target=_blank>KILLAV.B</a> WORM! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in a Winnt\Java\Java folder
Source=Paul Collins Startup list

[Java Virtual Machine]
Number=4230
Confirmed=X
Filename=javaw.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Java**.exe [* = random char]]
Number=4231
Confirmed=X
Filename=Java**.exe [* = random char]
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
Source=Paul Collins Startup list

[Java**32.exe [* = random char]]
Number=4232
Confirmed=X
Filename=Java**32.exe [* = random char]
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
Source=Paul Collins Startup list

[java-plugin]
Number=4233
Confirmed=X
Filename=javasctp.exe
Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan-Downloader.Win32.VB.amx&threatid=55378" target="_blank">VB.AMX</a> TROJAN!
Source=Paul Collins Startup list

[Javascript]
Number=4234
Confirmed=X
Filename=jscript.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotad.html" target="_blank">DELBOT-AD</a> WORM!
Source=Paul Collins Startup list

[JavaScript Debugging Service]
Number=4235
Confirmed=X
Filename=JsDbgMan.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022416-1432-99" target=_blank>DERDEO.E</a> WORM!
Source=Paul Collins Startup list

[JavaUpdate0.07]
Number=4236
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112120-2343-99" target=_blank>JUPDATE</a> TROJAN!
Source=Paul Collins Startup list

[JavaUpdateSched]
Number=4237
Confirmed=X
Filename=jusched32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbckdrckb.html" target=_blank>CKB</a> TROJAN!
Source=Paul Collins Startup list

[JavaVM]
Number=4238
Confirmed=X
Filename=java.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-072615-3527-99" target="_blank">MYDOOM.M</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-072915-1153-99" target="_blank">MYDOOM.N</a> or other variants of the MYDOOM WORMS! Note - not to be confused with the valid Windows "java.exe" which resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K) or C:\Windows\System32 (WinXP) as this resides in C:\Windows or C:\Winnt
Source=Paul Collins Startup list

[jawa32]
Number=4239
Confirmed=X
Filename=jawa32.exe
Description=Added by the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/aqadcup/" target="_blank">AGENT.BG</a> WORM!
Source=Paul Collins Startup list

[Jawa322]
Number=4240
Confirmed=X
Filename=jawa32.exe
Description=Added by a variant of the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/jawa32/" target=_blank>AGENT.BG</a> trojan

Source=Paul Collins Startup list

[JB]
Number=4241
Confirmed=N
Filename=Jiffybar.exe
Description=&quot;Get Paid As You surf&quot; application
Source=Paul Collins Startup list

[Jet Detection]
Number=4242
Confirmed=N
Filename=ADGJDet.exe
Description=Added with SoundBlaster Live! or Audigy soundcards for headphone autodetection
Source=Paul Collins Startup list

[JetAdmin Discovery Indicator]
Number=4243
Confirmed=Y
Filename=HPJETDSC.EXE
Description=HP JetAdmin software for HP JetDirect Print Servers. HPJETDSC.EXE is the file necessary for the JetAdmin Discovery Indicator (paper airplane in the taskbar). It gets launched automatically through the registry, and remains active to control the Discovery Indicator
Source=Paul Collins Startup list

[jete]
Number=4244
Confirmed=X
Filename=yujixit.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BRT&VSect=P" target=_blank>SDBOT.BRT</a> WORM!
Source=Paul Collins Startup list

[jiahus]
Number=4245
Confirmed=X
Filename=svchqs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojwowpwsal.html" target="_blank">WOWPWS-AL</a> TROJAN!
Source=Paul Collins Startup list

[jijbl]
Number=4246
Confirmed=X
Filename=ezlwy.bat
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031609-5722-99" target="_blank">REDDW</a> WORM!
Source=Paul Collins Startup list

[JMB36X Configure]
Number=4247
Confirmed=U
Filename=JMRaidTool.exe
Description=<a href="http://www.jmicron.com/Product_JMB363.htm" target="_blank">JMB36x</a> series Raid configuration utility from JMicron Technology
Source=Paul Collins Startup list

[Job-oversigt]
Number=4248
Confirmed=U
Filename=taskmon.exe
Description=Task Monitor (on Danish language versions of Windows) - checks the disk-access patterns of programs when they are started and stores this information in log files in the Applog folder. Task Monitor also records the number of times you use a program. Task Monitor also records the number of times you use a program. The Disk Defragmenter tool uses this information to optimize your hard disk so that programs that you use frequently are loaded faster. Not required - but can be useful. Note: for Norton Anti-Virus 2002 users, loading TaskMonitor will typically solve many, if not most, of those annoying IE scripting errors (per Symantec's Knowledgebase)
Source=Paul Collins Startup list

[JobHisInit]
Number=4249
Confirmed=U
Filename=JobHisInit.exe
Description=Used by Ricoh network printers to enable network printing from the client
Source=Paul Collins Startup list

[Jog Serve]
Number=4250
Confirmed=U
Filename=JogServ2.exe
Description=&quot;Jog Dial&quot; on a Sony Vaio laptop.&nbsp; The dial can select various functions such as control audio. Needed if you use its features
Source=Paul Collins Startup list

[JogServ2]
Number=4251
Confirmed=U
Filename=JogServ2.exe
Description=&quot;Jog Dial&quot; on a Sony Vaio laptop.&nbsp; The dial can select various functions such as control audio. Needed if you use its features
Source=Paul Collins Startup list

[john315]
Number=4252
Confirmed=X
Filename=srrvc.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[jon315]
Number=4253
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmailbotbi.html" target="_blank">MAILBOT-BI</a> TROJAN!
Source=Paul Collins Startup list

[jotl]
Number=4254
Confirmed=?
Filename=millenzje.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[JOYTECH USB Neo S Controller]
Number=4255
Confirmed=U
Filename=JoytechNeoSTrayIcon.exe
Description=System Tray access to Joytech <a href="http://www.joytech.net/products.php?section=viewprod&productID=74&lang=1&catID=8" target="_blank">Neo S</a> PC gamepad controller software
Source=Paul Collins Startup list

[Jreg]
Number=4256
Confirmed=X
Filename=Jreg2b.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080114-4631-99" target="_blank">BroadcastPC</a> adware variant
Source=Paul Collins Startup list

[Jufualt]
Number=4257
Confirmed=X
Filename=winxp2.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaab.html" target=_blank>SDBOT-AAB</a> WORM!
Source=Paul Collins Startup list

[Jufualt]
Number=4258
Confirmed=X
Filename=svhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotadj.html" target=_blank>SDBOT-ADJ</a> WORM!
Source=Paul Collins Startup list

[Juno_uoltray]
Number=4259
Confirmed=N
Filename=exec.exe
Description=Juno ISP software - not required
Source=Paul Collins Startup list

[jusched]
Number=4260
Confirmed=N
Filename=jusched.exe
Description=Checks with Sun's Java updates site to see if newer Java versions are available. Visit <a href="http://java.sun.com" target="_blank"> http://java.sun.com</a> or just run the Java Plug-In Control Panel
Source=Paul Collins Startup list

[jusched]
Number=4261
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerbwr.html" target="_blank">BANKER-BWR</a> TROJAN!
Source=Paul Collins Startup list

[jushed32.exe]
Number=4262
Confirmed=X
Filename=jushed32.exe
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant - also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojbiztenl.html" target= blank>BIZTEN-L</a> TROJAN!
Source=Paul Collins Startup list

[jusodl]
Number=4263
Confirmed=X
Filename=severe.exe
Description=Added by the <a href="http://kr.ahnlab.com/SecuInfoVirusViewEngNew3.ahn?SEQ_NO=6907" target="_blank">QQPASS.48436</a> TROJAN!
Source=Paul Collins Startup list

[JussDropUtility]
Number=4264
Confirmed=U
Filename=JussDrop.exe
Description=Related to <a href="http://www.dropshots.com/" target=_blank>DropShots</a> Inc. A subscription based service for family to connect, converse and share photos and videos
Source=Paul Collins Startup list

[jutsu]
Number=4265
Confirmed=X
Filename=jutsu.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotls.html" target=_blank>RBOT-LS</a> WORM!
Source=Paul Collins Startup list

[jv16 PT TempFileTool]
Number=4266
Confirmed=U
Filename=TempTool.exe
Description=jv16 PowerTools <a href="http://www.macecraft.com/pt2006/file_cleaner/" target="_blank">File Cleaner</a> - "allows you to find obsolete and left-over temporary files"
Source=Paul Collins Startup list

[jv16PT - Privacy Protector]
Number=4267
Confirmed=U
Filename=Task.jvb
Description=jv16 PowerTools <a href="http://www.macecraft.com/pt2006/privacy_protector/" target= blank>Privacy Protector</a> - "allows you to protect your privacy by automatically clearing out all the unwanted history items and cookies from you computer, every time you start your computer"
Source=Paul Collins Startup list

[Jv16pt Network Resident]
Number=4268
Confirmed=U
Filename=jv16pt_network.exe
Description=<a href="http://www.macecraft.com/jv16powertools2006/" target="_blank">jv16 PowerTools</a> network resident program. Only needed if you are using the program's network features
Source=Paul Collins Startup list

[jvdnlssn]
Number=4269
Confirmed=X
Filename=fljzsshc.exe
Description=Flingstone.com adware - and its Golden Palace Casino program
Source=Paul Collins Startup list

[JVM0]
Number=4270
Confirmed=X
Filename=JVM0.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbanloaax.html" target="_blank">BANLOA-AX</a> TROJAN!
Source=Paul Collins Startup list

[JVM0.12]
Number=4271
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojteadoora.html" target= blank>TEADOOR-A</a> TROJAN!
Source=Paul Collins Startup list

[JVM0.14]
Number=4272
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojteadoorb.html" target=_blank>TEADOOR-B</a> TROJAN!
Source=Paul Collins Startup list

[JW Manager]
Number=4273
Confirmed=X
Filename=jwmngr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotg.html" target="_blank">DELBOT-G</a> WORM!
Source=Paul Collins Startup list

[jxef1104]
Number=4274
Confirmed=X
Filename=jxef1104.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32xipia.html" target=_blank>XIPI-A</a> WORM!
Source=Paul Collins Startup list

[JXL Radio]
Number=4275
Confirmed=X
Filename=jxl.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotebe.html" target="_blank">RBOT-EBE</a> WORM!
Source=Paul Collins Startup list

[Jzi16]
Number=4276
Confirmed=?
Filename=jzi16.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[K2ps_full.task]
Number=4277
Confirmed=X
Filename=K2ps_full.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_JUNTADOR.K" target="_blank">JUNTADOR.K</a> TROJAN!
Source=Paul Collins Startup list

[K6CPU.EXE]
Number=4278
Confirmed=N
Filename=K6CPU.EXE
Description=Authenticates CPU as K6 in system properties
Source=Paul Collins Startup list

[Kadoc]
Number=4279
Confirmed=X
Filename=[random filename].exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030918-0821-99" target=_blank>STAPREW</a> TROJAN!
Source=Paul Collins Startup list

[kak]
Number=4280
Confirmed=X
Filename=kak.hta
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2000-121908-3951-99" target="_blank">KAKWORM</a> WORM!
Source=Paul Collins Startup list

[Kalibump]
Number=4281
Confirmed=U
Filename=Kalibump.exe
Description=Used with the now unsupported <a href="http://www.kali.net/" target="_blank">Kali</a> software for on-line gaming. This is used to automatically bump up the priority of WinProxy to GREATLY improve game speed when using a SOCKS proxy
Source=Paul Collins Startup list

[kalvsys]
Number=4282
Confirmed=X
Filename=kalv****.exe [* = random char]
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-083109-1455-99" target=_blank>EliteBar</a> adware
Source=Paul Collins Startup list

[kalvsys]
Number=4283
Confirmed=X
Filename=kalv***32.exe [* = random char]
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-083109-1455-99" target=_blank>EliteBar</a> adware
Source=Paul Collins Startup list

[Kana Reminder]
Number=4284
Confirmed=N
Filename=Reminder.exe
Description=<a href="http://kanasolution.com/index.php?i=55" target="_blank">Kana Reminder</a> is a program which can be used to set a reminder to be triggered at a specified time
Source=Paul Collins Startup list

[Karen's Once-A-Day II]
Number=4285
Confirmed=U
Filename=PTOAD.exe
Description="Have a job that should be run exactly once each day? <a href="http://www.karenware.com/powertools/ptoad.asp" target=_blank>Karen's Once-A-Day II</a> is just what you need!" Scheduler that lets you specify progams, web pages and files that be run or opened automatically, the first time
Source=Paul Collins Startup list

[KASP]
Number=4286
Confirmed=U
Filename=OESpamTest.exe
Description=Kaspersky <a href="http://www.kaspersky.com/antispamenterprise" target=_blank>Anti-Spam</a>
Source=Paul Collins Startup list

[Kasper Antivirus]
Number=4287
Confirmed=X
Filename=KASPERANTIVIRUS.EXE
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Kaspersky Anti-Hacker]
Number=4288
Confirmed=Y
Filename=KAVPF.exe
Description=Kaspersky <a href="http://www.kaspersky.com/productupdates?chapter=146244114" target="_blank">Anti-Hacker</a> firewall
Source=Paul Collins Startup list

[Kaspersky Antivirus]
Number=4289
Confirmed=X
Filename=KasperskyAV.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!

Source=Paul Collins Startup list

[KasperskyAv]
Number=4290
Confirmed=X
Filename=kaspersky.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-020510-3255-99" target="_blank">MIMAIL.T</a> WORM! Note - this has nothing to do with the real Kaspersky AntiVirus
Source=Paul Collins Startup list

[KasperskyAVEng]
Number=4291
Confirmed=X
Filename=Kasperskyaveng.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-041509-2004-99" target="_blank">NETSKY.V</a> WORM!
Source=Paul Collins Startup list

[KAT]
Number=4292
Confirmed=X
Filename=KAT.vbs
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/vbssoadd.html" target="_blank">SOAD-D</a> WORM!
Source=Paul Collins Startup list

[kav]
Number=4293
Confirmed=Y
Filename=avp.exe
Description=AOL's <a href="http://www.securitycadets.com/2006/08/aols-active-virus-shield-in-a-nutshell/" target="_blank">Active Virus Shield</a>
Source=Paul Collins Startup list

[KAVFOX]
Number=4294
Confirmed=X
Filename=win1ogoin.exe
Description=Added by <a href="http://www.sophos.com/virusinfo/analyses/trojgwghostm.html" target=_blank>GWGHOST-M</a> TROJAN!
Source=Paul Collins Startup list

[KAVPersonal]
Number=4295
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagev.html" target=_blank>LINEAGE-V</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[KAVPersonal50]
Number=4296
Confirmed=Y
Filename=Kav.exe
Description=<a href="http://www.kaspersky.com/personal" target="_blank">Kaspersky</a> Anti-Virus Personal 5.0
Source=Paul Collins Startup list

[KAVPersonal90]
Number=4297
Confirmed=X
Filename=wscntfy.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerfz.html" target=_blank>BANKER-FZ</a> TROJAN!
Source=Paul Collins Startup list

[KavPFW]
Number=4298
Confirmed=Y
Filename=KavPFW.exe
Description=<a href="http://www.kingsoft.com/en/" target=_blank>KingSoft</a> Personal Firewall
Source=Paul Collins Startup list

[KavRuns]
Number=4299
Confirmed=X
Filename=Windll.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-041516-4618-99" target="_blank">TRYNOMA</a> TROJAN!
Source=Paul Collins Startup list

[KavStart]
Number=4300
Confirmed=Y
Filename=KAVStart.exe
Description=<a href="http://www.kingsoft.com/en/" target=_blank>KingSoft</a> Personal Firewall
Source=Paul Collins Startup list

[kavsvc]
Number=4301
Confirmed=Y
Filename=kavsvc.exe
Description=<a href="http://www.kaspersky.com/personal" target=_blank>Kaspersky</a> antivirus
Source=Paul Collins Startup list

[kavsvc]
Number=4302
Confirmed=X
Filename=[random 6 char filename]
Description=Qoologic downloader trojan variant using random file names (examples: nzkklz.exe, rzazzi.exe, ivpaan.exe) - do not confuse with the Kaspersky antivirus startup item, as described <a href="http://www.sysinfo.org/startuplist.php?filter=kavsvc.exe" target="_blank">here</a>
Source=Paul Collins Startup list

[KavSvc]
Number=4303
Confirmed=X
Filename=******.exe reg_run [* = random char]
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=43264" target=_blank>QOOLOGIC</a> TROJAN!
Source=Paul Collins Startup list

[kavsvc]
Number=4304
Confirmed=X
Filename=[random 6 char filename]
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=43264" target=_blank>QOOLOGIC</a> TROJAN! Uses random file names (examples: nzkklz.exe, rzazzi.exe, ivpaan.exe)
Source=Paul Collins Startup list

[KAVutil]
Number=4305
Confirmed=X
Filename=[worm filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102417-3925-99" target="_blank">WINTOO.B</a> WORM!
Source=Paul Collins Startup list

[KAZAA]
Number=4306
Confirmed=N
Filename=kazaa.exe
Description=KAZAA is a file-sharing program which unfortunately being ad-based includes &quot;Cy-door&quot; adware. Check <a href="http://www.cexx.org/cydoor.htm" target="_blank">here</a> for information about &quot;Cy-door&quot; and <a href="http://www.lavasoft.de/software/adaware/" target="_blank">here</a> for a program that can remove it
Source=Paul Collins Startup list

[Kazaa Download Accelerator Updater (required)]
Number=4307
Confirmed=X
Filename=regsvr32 [path] kdp****.dll [* = random char]
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453082734" target="_blank">SafeguardProtect/Veevo</a> hijacker

Source=Paul Collins Startup list

[Kazaa lptt01]
Number=4308
Confirmed=X
Filename=kazaa.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "kazaa" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>. Note - this is not the valid KaZaA file sharing program which has the same executable name
Source=Paul Collins Startup list

[Kazaa ml097e]
Number=4309
Confirmed=X
Filename=kazaa.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "kazaa" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>. Note - this is not the valid KaZaA file sharing program which has the same executable name
Source=Paul Collins Startup list

[KAZAACuf]
Number=4310
Confirmed=X
Filename=9
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-070414-5310-99" target="_blank"> KITRO.D</a> (or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ARGEN.A&amp;VSect=T" target="_blank">ARGEN.A</a>) WORM!

Source=Paul Collins Startup list

[kazaalite]
Number=4311
Confirmed=N
Filename=kazaalite.exe
Description=<a href="http://www.webattack.com/get/kazaalite.shtml" target="_blank">Kazaalite</a> is a file sharing client - not to be confused with the original Kazaa program. Unlike the original, this one does not contain any advertising or tracking mechanisms
Source=Paul Collins Startup list

[KaZooM]
Number=4312
Confirmed=N
Filename=KaZooM.Exe
Description=KaZoom from <a href="http://www.bluehavenmedia.com/" target="_blank"> Blue Haven Media</a> - "add-on application that automatically speeds up the download process and finds the files you want with far more power than regular KaZaA searches"
Source=Paul Collins Startup list

[KB891711]
Number=4313
Confirmed=Y
Filename=KB891711.exe
Description=Installed by the Windows KB891711 critical update, see <a href="http://www.microsoft.com/technet/security/Bulletin/MS05-002.mspx" target=_blank>this</a> security bulletin - this file reportedly needs to continue running in order to patch the vulnerability, at least until a more practical solution is found. There have however been reports of fatal exception errors in systems running Windows 98, and in such a case Microsoft advises to either uninstall the patch (Add/Remove Programs) or prevent it from running at startup
Source=Paul Collins Startup list

[KB918547]
Number=4314
Confirmed=Y
Filename=KB918547.EXE
Description=Bug-fix for a Microsoft graphics rendering engine vulnerability - see <a href="http://support.microsoft.com/kb/918547" target="_blank">here</a>. Windows 98/Me only
Source=Paul Collins Startup list

[KB926239]
Number=4315
Confirmed=Y
Filename=rundll32.exe [path] apphelp.dll, ShimFlushCache
Description=Microsoft <a href="http://support.microsoft.com/kb/926239" target="_blank">KB926239</a> fix. Windows Media Player 10 may close unexpectedly on a Windows XP-based computer
Source=Paul Collins Startup list

[KBD]
Number=4316
Confirmed=U
Filename=KBD.EXE
Description=Multimedia keyboard manager. Required if you use the multimedia keys
Source=Paul Collins Startup list

[KBD MediaCenter]
Number=4317
Confirmed=U
Filename=MEDIACTR.EXE
Description=Multimedia keyboard manager. Required if you use the multimedia keys
Source=Paul Collins Startup list

[kbddrv32]
Number=4318
Confirmed=X
Filename=kbddrv32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list

[kbddrvinf]
Number=4319
Confirmed=X
Filename=kbddrvinf.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list

[KCeasy]
Number=4320
Confirmed=N
Filename=KCeasy.exe
Description=<a href="http://kceasy.com/about/" target=_blank>KCeasy</a> - a Windows peer-to-peer filesharing application which uses <a href="http://www.encyclopedia-online.info/GiFT_P2P" target=_blank>giFT</a> as its 'back end' foundation. The networks currently supported are OpenFT and Gnutella
Source=Paul Collins Startup list

[KClient]
Number=4321
Confirmed=U
Filename=kstatus.exe
Description=KClient Kerberos client software for Win32 systems. It provides the libraries and utilities needed to use Kerberos-based PC applications developed by Computing Services such as KWeb and NiftyTelnet
Source=Paul Collins Startup list

[kdx]
Number=4322
Confirmed=N
Filename=KHost.exe
Description=KonTiki <a href="http://help.kontiki.com/enduser/group.jsp?node=11761" target="_blank">Secure Delivery Plug In</a> related. "The Kontiki Delivery Management System (DMS) is a secure delivery network for distribution of video, software, audio, documents, and other digital media. The Kontiki DMS enables enterprises to efficiently publish, secure, deliver and track digital media to employees, partners, and customers"
Source=Paul Collins Startup list

[KE9801]
Number=4323
Confirmed=U
Filename=DriBat32.exe
Description=KE9801 multimedia keyboard driver - required if you use the multimedia keys
Source=Paul Collins Startup list

[Keenvalue]
Number=4324
Confirmed=X
Filename=Keenvalue.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/adware.keenval.html" target=_blank>eUniverse/KeenValue</a> adware
Source=Paul Collins Startup list

[KEMailKb]
Number=4325
Confirmed=U
Filename=KEMailKb.EXE
Description=Controls the buttons at the top of the <a href="http://www.mic-innovations.com/details.cfm?id=KB650I" target="_blank"> Micro Innovations 650i Internet Access Keyboard</a>. If you disable it you cannot use the buttons - like volume control or shut down
Source=Paul Collins Startup list

[Kemet]
Number=4326
Confirmed=?
Filename=kemet.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Kerio VPN Client]
Number=4327
Confirmed=U
Filename=kvpnclient.exe
Description=<a href="http://www.kerio.com/kwf_vpn.html" target=_blank>Kerio</a> VPN Client
Source=Paul Collins Startup list

[kern64dll]
Number=4328
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-092913-1837-99" target="_blank">TARNO.J</a> TROJAN!
Source=Paul Collins Startup list

[Kernal Fault Check]
Number=4329
Confirmed=X
Filename=ntosrkl.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[kernctl32]
Number=4330
Confirmed=X
Filename=rundll32 kctl32.dll, initialize
Description=Added by the AGENT.AT TROJAN!
Source=Paul Collins Startup list

[Kerne0223]
Number=4331
Confirmed=X
Filename=Kerne0223.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmirza.html" target="_blank">LEGMIR-ZA</a> TROJAN!
Source=Paul Collins Startup list

[Kernel]
Number=4332
Confirmed=X
Filename=bboy.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MUMU.B" target="_blank">MUMU.B</a> WORM!
Source=Paul Collins Startup list

[Kernel]
Number=4333
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfooza.html" target=_blank>FOOZ-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
Source=Paul Collins Startup list

[KERNEL 32]
Number=4334
Confirmed=X
Filename=SKERNEL32.com
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32semapia.html" target= blank>SEMAPI-A</a> WORM
Source=Paul Collins Startup list

[Kernel and Hardware Abstraction Layer]
Number=4335
Confirmed=U
Filename=KHALMNPR.EXE
Description=Part of the Logitech Setpoint software for their wired and wireless mice and trackballs. Sets the Windows mouse sensitivity to minimum. The idea is that you will use the SetPoint Control Panel to adjust your mouse sensitivity. This setting is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, KHALMNPR sets the Windows setting to 0 so it doesn't alter the one you set in SetPoint
Source=Paul Collins Startup list

[Kernel Faults]
Number=4336
Confirmed=X
Filename=ftphost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BHU&VSect=P" target=_blank>RBOT.BHU</a> WORM!
Source=Paul Collins Startup list

[Kernel Loader]
Number=4337
Confirmed=X
Filename=ntkrnl.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-032215-5106-99" target="_blank">CERVIVEC.A</a> WORM!
Source=Paul Collins Startup list

[Kernel Manager]
Number=4338
Confirmed=X
Filename=krnlmgr.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_JUNY.A&VSect=P" target=_blank>JUNY.A</a> TROJAN!
Source=Paul Collins Startup list

[Kernel Services]
Number=4339
Confirmed=X
Filename=service32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojprxb.html" target="_blank">PRX-B</a> TROJAN!
Source=Paul Collins Startup list

[kernel system daemon]
Number=4340
Confirmed=X
Filename=ACTIVAT0R.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112412-4515-99" target="_blank">RANDEX.AW</a> WORM!
Source=Paul Collins Startup list

[kernel12.exe]
Number=4341
Confirmed=X
Filename=kernel12.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[kernel32]
Number=4342
Confirmed=X
Filename=kern32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BADTRANS.A" target="_blank">BADTRANS.A</a> WORM!
Source=Paul Collins Startup list

[Kernel32]
Number=4343
Confirmed=X
Filename=Kernel32.exe
Description=Added by a number of VIRUSES, WORMS and TROJANS!
Source=Paul Collins Startup list

[kernel32]
Number=4344
Confirmed=X
Filename=kernel.dli
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-122712-0302-99" target="_blank">NETDEVIL.B</a> TROJAN!
Source=Paul Collins Startup list

[Kernel32]
Number=4345
Confirmed=X
Filename=Kernel.dll
Description=Added by the <a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=99476" target="_blank">REDLOF.M</a> VIRUS!
Source=Paul Collins Startup list

[kernel32]
Number=4346
Confirmed=X
Filename=kernel32.dlI
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-072012-2102-99" target="_blank">NETDEVIL.15</a> TROJAN!
Source=Paul Collins Startup list

[Kernel32]
Number=4347
Confirmed=X
Filename=krnl32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120213-3044-99" target="_blank">EPON</a> WORM!
Source=Paul Collins Startup list

[Kernel32]
Number=4348
Confirmed=X
Filename=Kernel32.win
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040815-5555-99" target="_blank">GAGGLE.D</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-070814-1115-99" target="_blank">GAGGLE.E</a> WORMS!
Source=Paul Collins Startup list

[Kernel32]
Number=4349
Confirmed=X
Filename=kernel32s.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbckdrcic.html" target=_blank>SDBOT-PU</a> TROJAN!

Source=Paul Collins Startup list

[kernel32]
Number=4350
Confirmed=X
Filename=kernel32.dll.vbs
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32wekodea.html" target="_blank">WEKODE-A</a> WORM!
Source=Paul Collins Startup list

[Kernel32]
Number=4351
Confirmed=X
Filename=svchosts.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[kernel32dll]
Number=4352
Confirmed=X
Filename=guardpc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotcu.html" target=_blank>FORBOT-CU</a> WORM!
Source=Paul Collins Startup list

[KernelCheck]
Number=4353
Confirmed=X
Filename=sys****.exe [* = digit]
Description=Added by an unidentified TROJAN!
Source=Paul Collins Startup list

[KernelCheck]
Number=4354
Confirmed=X
Filename=winser.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY%5FLMIR%2ESL" target="_blank">TSPY_LMIR.SL</a> TROJAN!
Source=Paul Collins Startup list

[kernelfaultcheck]
Number=4355
Confirmed=N
Filename=dumprep 0 -k
Description=Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out
Source=Paul Collins Startup list

[kernelfaultcheck]
Number=4356
Confirmed=N
Filename=dumprep 0 -u
Description=Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out
Source=Paul Collins Startup list

[KernelFaultCheck]
Number=4357
Confirmed=X
Filename=ptool32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmirbn.html" target=_blank>LEGMIR-BN</a> TROJAN!
Source=Paul Collins Startup list

[KernelFaultChk]
Number=4358
Confirmed=X
Filename=sms.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-020619-0805-99" target="_blank">DEADHAT</a> WORM! Do not confuse with the valid "kernelfaultcheck" which runs "dumprep 0 -k" or "dumprep 0 -u"
Source=Paul Collins Startup list

[Kernell]
Number=4359
Confirmed=X
Filename=systems.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032016-1636-99" target="_blank">TARNO.C</a> TROJAN!
Source=Paul Collins Startup list

[Kernell32]
Number=4360
Confirmed=X
Filename=Kernell.dll
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DESTINY.A" target="_blank">DESTINY.A</a> TROJAN!
Source=Paul Collins Startup list

[KernellApps]
Number=4361
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanac.html" target=_blank>BANCBAN-AC</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!

Source=Paul Collins Startup list

[KernellApps]
Number=4362
Confirmed=X
Filename=lexplore.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanbs.html" target= blank>BANCBAN-BS</a> TROJAN! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer
Source=Paul Collins Startup list

[KernellApps32]
Number=4363
Confirmed=X
Filename=smss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanan.html" target=_blank>BANCBAN-AN</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which should not normally figure in Msconfig/Startup!
Source=Paul Collins Startup list

[Kernelw]
Number=4364
Confirmed=X
Filename=Kernelw32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-071618-2746-99" target="_blank">INDOR.E</a> WORM!
Source=Paul Collins Startup list

[Kernel_check]
Number=4365
Confirmed=X
Filename=wmiprvse.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sonebotb.html" target=_blank>SONEBOT-B</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/wmiprvse/" target=_blank>wmiprvse.exe</a> process which is always located in the System32\wbem folder and should not normally figure in Msconfig/Startup!
Source=Paul Collins Startup list

[key]
Number=4366
Confirmed=X
Filename=sysxp.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-071514-3909-99" target="_blank">BEAGLE.AB</a> WORM!
Source=Paul Collins Startup list

[key]
Number=4367
Confirmed=X
Filename=sys_xp.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-071713-1933-99" target="_blank">BEAGLE.AC</a> WORM!
Source=Paul Collins Startup list

[key]
Number=4368
Confirmed=X
Filename=winxp.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-071912-1847-99" target="_blank">BEAGLE.AG</a> WORM!
Source=Paul Collins Startup list

[Key Logger]
Number=4369
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102211-4845-99" target=_blank>BUCHON.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the root folder - normally C:
Source=Paul Collins Startup list

[Key Text]
Number=4370
Confirmed=N
Filename=KeyText.exe
Description=<a href="http://www.mjmsoft.com/keytext.htm" target="_blank">Key Text 2000</a> from MJMSoft Design - utility to automate repetitive keyboard tasks. Available via Start -> Programs
Source=Paul Collins Startup list

[Key1]
Number=4371
Confirmed=X
Filename=Rlid.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100816-5051-99" target="_blank">LIXY</a> TROJAN!
Source=Paul Collins Startup list

[Key2]
Number=4372
Confirmed=?
Filename=serve.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[key2]
Number=4373
Confirmed=X
Filename=winlog.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbagledlal.html" target=_blank>BAGLEDI-AL</a> TROJAN!
Source=Paul Collins Startup list

[KeyAccess]
Number=4374
Confirmed=Y
Filename=keyacc32.exe
Description=KeyServer KeyAccess client software - "when the KeyServer program is launched, the KeyServer process becomes active so license requests from client computers can be serviced. Without KeyAccess, a keyed program cannot run, so license control is very secure"
Source=Paul Collins Startup list

[Keybdcntl]
Number=4375
Confirmed=X
Filename=keybdcntl.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list

[KeyBoard]
Number=4376
Confirmed=U
Filename=Keyboard.exe
Description=<a href="http://www.labtec.com/index.cfm/gear/listing/AMR/EN,crid=28" target=_blank>Labtec</a> keyboard utility

Source=Paul Collins Startup list

[keyboard]
Number=4377
Confirmed=X
Filename=keyboard*.exe [* = number]
Description=Recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as TrojanDownloader.VB.zg
Source=Paul Collins Startup list

[keyboard]
Number=4378
Confirmed=X
Filename=kybrdef_7.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=DollarRevenue&threatid=42948" target="_blank">DollarRevenue</a> adware
Source=Paul Collins Startup list

[keyboard]
Number=4379
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadraoz.html" target="_blank">DLOADR-AOZ</a> TROJAN!
Source=Paul Collins Startup list

[Keyboard Manager]
Number=4380
Confirmed=U
Filename=MMKeybd.exe
Description=Multimedia keyboard manager. Required if you use the additional keys
Source=Paul Collins Startup list

[Keyboard Preload Check]
Number=4381
Confirmed=Y
Filename=Preload.exe
Description=Millenium Multi-Function Keyboard driver
Source=Paul Collins Startup list

[keyboard_enum]
Number=4382
Confirmed=X
Filename=keyboard_enum.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorgp.html" target= blank>GP</a> TROJAN!
Source=Paul Collins Startup list

[KeyMaestro]
Number=4383
Confirmed=U
Filename=kmaestro.exe
Description=Multimedia keyboard manager. Required if you use the multimedia keys
Source=Paul Collins Startup list

[keymap]
Number=4384
Confirmed=U
Filename=keymap.exe
Description=System Tray utility and background task used by games produced by Kesmai (published by Interactive Magic) and which enables you to program keys to do specific actions during the game
Source=Paul Collins Startup list

[keymgrldr]
Number=4385
Confirmed=X
Filename=rundll32 setupapi, InstallHinfSection... keymgr3.inf
Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#oemsyspnp" target=_blank>Oemsyspnp</a> parasite variant
Source=Paul Collins Startup list

[KeyPatrol]
Number=4386
Confirmed=U
Filename=KeyPatrol.exe
Description=KeyPatrol - key logger detector using both behavioral and pattern-matching algorithms that used to be part of <a href="http://www.pestpatrol.com/default.asp" target="_blank">PestPatrol</a> before CA's aquisition
Source=Paul Collins Startup list

[keyserv]
Number=4387
Confirmed=X
Filename=keyserv.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080311-0918-99" target=_blank>KeyThief</a> spyware
Source=Paul Collins Startup list

[Keyspan Digital Media Remote]
Number=4388
Confirmed=U
Filename=KDMRdmn.exe
Description=Remote control driver for <a href="http://www.keyspan.com/products/homepage.2.productList.Remotes.spml" target="_blank">Keyspan Digital Media Remote</a> devices
Source=Paul Collins Startup list

[keystroke]
Number=4389
Confirmed=U
Filename=keystroke.exe
Description=<a href="http://sarc.com/avcenter/venc/data/spyware.quicklaunch.html" target="_blank">QuickLaunch</a>  surveillance software. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list

[KeyWallet]
Number=4390
Confirmed=U
Filename=KWallet.exe
Description=&quot;<a href="http://www.keywallet.com/index.php" target="_blank">KeyWallet</a> is a useful and convenient desktop utility that spares you the trouble of filling in your logins, passwords and other personal data manually&quot;
Source=Paul Collins Startup list

[kfienq]
Number=4391
Confirmed=X
Filename=masbl.bat
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-021012-5330-99" target="_blank">KIFER</a> TROJAN!
Source=Paul Collins Startup list

[Kgjg]
Number=4392
Confirmed=X
Filename=rnnypbw.exe
Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=QuickLinks/Forethought&threatid=44217" target="_blank">QuickLinks/Forethought</a> adware
Source=Paul Collins Startup list

[khooker]
Number=4393
Confirmed=N
Filename=khooker.exe
Description=SiS Keyboard Daemon. System Tray utility which gets installed by the drivers of the latter day SiS VGA cards. Can cause errors at startup and isn't required
Source=Paul Collins Startup list

[KICKMON.EXE]
Number=4394
Confirmed=U
Filename=KICKMON.EXE
Description=KeepItClean - utility that deletes safe to remove files, cookies, browsing history, etc. This is the scheduler - if you don't schedule clean-ups it isn't required
Source=Paul Collins Startup list

[Kill Popup]
Number=4395
Confirmed=U
Filename=KillPopup.exe
Description=<a href="http://www.killpopup.shareware-rating.com/" target="_blank">KillPopup</a> - pop-up stopper
Source=Paul Collins Startup list

[KillAndClean]
Number=4396
Confirmed=N
Filename=KillAndClean.exe
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[kimochiz.exe]
Number=4397
Confirmed=X
Filename=kimochiz.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmdropbb.html" target=_blank>MDROP-BB</a> TROJAN!
Source=Paul Collins Startup list

[Kinberlink]
Number=4398
Confirmed=N
Filename=Kinberlink.exe
Description=<a href="http://www.kinberlin.com/kinberlink/index.asp" target="_blank">Kinberlink</a> network messaging. Available via Start -> Programs
Source=Paul Collins Startup list

[KIT3]
Number=4399
Confirmed=X
Filename=hpprintqueue.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/trojadclickds.html" target="_blank">ADCLICK-DS</a> TROJAN!
Source=Paul Collins Startup list

[KK Loader]
Number=4400
Confirmed=U
Filename=loadkk.exe
Description=<a href="http://www.keykey.com/index1.html" target="_blank">KeyKey XP Professional</a> from KeyKey.com. &quot;Monitor Instant Messages, Chats, Emails, Web Site URLs, Passwords, Computer Programs, Start Up and Shut Down time and much more completely undetected to the user.&quot;
Source=Paul Collins Startup list

[KKM Service]
Number=4401
Confirmed=X
Filename=kkm.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32nanpyi.html" target=_blank>NANPY-I</a> WORM!
Source=Paul Collins Startup list

[KL AntiFunLove]
Number=4402
Confirmed=X
Filename=flcss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2000-122010-2651-99" target=_blank>FUNLOVE.4099</a> WORM!
Source=Paul Collins Startup list

[KLog]
Number=4403
Confirmed=U
Filename=Keyspy.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080313-1109-99" target=blank>KeyLoggPro.B</a> keystroke logger/monitoring program - remove unless you installed it yourself!

Source=Paul Collins Startup list

[klop]
Number=4404
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentwq.html" target=_blank>AGENT-WQ</a> TROJAN!
Source=Paul Collins Startup list

[klop]
Number=4405
Confirmed=X
Filename=[random].tmp
Description=Found with Trojan.Win32.StartPage.aw. Possibly a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojagentwq.html" target=_blank>AGENT-WQ</a> TROJAN! 
Source=Paul Collins Startup list

[klp]
Number=4406
Confirmed=U
Filename=run32dll.exe
Description=<a href="http://www.newfreeware.com/internet/480/" target="_blank">PAL PC Spy</a> - key recorder and screen capture utility which controls and monitors everything that happens on your pc and online
Source=Paul Collins Startup list

[klp]
Number=4407
Confirmed=U
Filename=explorer.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051014-3610-99" target=blank>ComSurveilSys</a> keystroke logger/monitoring program - remove unless you installed it yourself! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is found in a System\PAL\CSS subfolder
Source=Paul Collins Startup list

[KM9801U]
Number=4408
Confirmed=U
Filename=MMHotKey.exe
Description=Multimedia key handling for the relevant type of Turbo-Media keyboard. Shortcut available. Note that with this running it can crash DirectX8/9 under WinXP when a game switches to full-screen
Source=Paul Collins Startup list

[kmw_run.exe]
Number=4409
Confirmed=U
Filename=kmw_run.exe
Description=Kensington MouseWorks - mouse/trackball software. Not required unles you use any special features
Source=Paul Collins Startup list

[kmw_show.exe]
Number=4410
Confirmed=U
Filename=kmw_show.exe
Description=Kensington MouseWorks - mouse/trackball software. Not required unles you use any special features
Source=Paul Collins Startup list

[KN_PanelApp]
Number=4411
Confirmed=U
Filename=PanelApp.exe
Description=<a href="http://www.knowledgenetworks.com/knpanel/index.html" target="_blank">KnowledgePanel</a> online survey software
Source=Paul Collins Startup list

[Kodak Batch Transfer]
Number=4412
Confirmed=N
Filename=pezdow1.exe
Description=Part of &quot;Kodak Picture Easy&quot; software for digital cameras. Includes the display of an icon in the System Tray to quickly transfer photos to a PC
Source=Paul Collins Startup list

[Kodak EasyShare software]
Number=4413
Confirmed=U
Filename=EasyShare.exe
Description=Software bundled with Kodak digital cameras to manage the connection between the PC and the Camera. Can be started manually
Source=Paul Collins Startup list

[Kodak Picture Easy *.* Batch Transfer]
Number=4414
Confirmed=N
Filename=PezDownload.exe
Description=Part of "Kodak Picture Easy" software for digital cameras. Includes the display of an icon in the System Tray to quickly transfer photos to a PC. *.* represents the version
Source=Paul Collins Startup list

[Kodak Picture Transfer Software]
Number=4415
Confirmed=N
Filename=pts.exe
Description=Looks for Kodak camera connection and media insertion. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[Kodak Software Updater]
Number=4416
Confirmed=N
Filename=backweb*****.exe
Description=Software updater for <a href="http://www.kodak.com/global/en/digital/easyShare/indexFlash.jhtml" target="_blank">Kodak Easyshare</a> digital cameras
Source=Paul Collins Startup list

[KodakCCS]
Number=4417
Confirmed=Y
Filename=KodakCCS.exe
Description=Kodak DC File System Driver
Source=Paul Collins Startup list

[Komunikator]
Number=4418
Confirmed=U
Filename=tlen.exe
Description=<a href="http://tlen.pl/" target=_blank>Tlen</a> - a Polish language instant messaging client
Source=Paul Collins Startup list

[KONICA MINOLTA magicolor 2400W STD]
Number=4419
Confirmed=U
Filename=MSTMON_S.EXE
Description=Konica Minolta Magicolor 2400W colour printer monitor
Source=Paul Collins Startup list

[Konni Symbol Autostart]
Number=4420
Confirmed=N
Filename=KonniSymbol.exe
Description=Gives configuration access to <a href="http://www.besoftware.com/index.html" target="_blank">RagTime Solo</a> professional business publishing software. RagTime Solo is the private user version of RagTime 5
Source=Paul Collins Startup list

[kontiki]
Number=4421
Confirmed=N
Filename=kontiki.exe
Description=<a href="http://www.kontiki.com/products/deliverymanager/index.html" target="_blank">Kontiki Delivery Manager</a> - Windows-based client software that enables secure delivery of content to users' desktops
Source=Paul Collins Startup list

[KPDrv4XP]
Number=4422
Confirmed=Y
Filename=KPDrv4XP.exe
Description=MediaKey USB Keypad Driver
Source=Paul Collins Startup list

[KPFW32.EXE]
Number=4423
Confirmed=Y
Filename=KPFW32.EXE
Description=<a href="http://www.kingsoft.com/en/" target="_blank">KingSoft</a> Personal Firewall
Source=Paul Collins Startup list

[KPFWSvc.EXE]
Number=4424
Confirmed=Y
Filename=KPFWSvc.EXE
Description=<a href="http://www.kingsoft.com/en/" target="_blank">KingSoft</a> Personal Firewall
Source=Paul Collins Startup list

[Kraidman]
Number=4425
Confirmed=U
Filename=Kraidman.exe
Description="Toshiba RAID Support is a <a href="http://eu.computers.toshiba-europe.com/cgi-bin/ToshibaCSG/workshop.jsp?service=EU&WORKSHOP_ID=EXP-Toshiba-RAID-Support-EN" target="_blank">Toshiba EasyGuard</a> feature that uses RAID Level 1 technology to minimise downtime by protecting against data loss and ensuring quick data recovery" - for Toshiba laptops
Source=Paul Collins Startup list

[KREC32]
Number=4426
Confirmed=U
Filename=krec32.exe
Description=StarrCommander Pro Keystroke logging software
Source=Paul Collins Startup list

[KRNL]
Number=4427
Confirmed=X
Filename=Kernl32.exe
Description=Added by the <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=47767" target="_blank">ZOMBY.B</a> TROJAN!
Source=Paul Collins Startup list

[Krnlcheck]
Number=4428
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-032920-0830-99" target=_blank>BOTNACHALA</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
Source=Paul Collins Startup list

[Krnlmod]
Number=4429
Confirmed=U
Filename=Krnlmod.exe
Description=Keystroke logger/monitoring program - remove unless you installed it yourself!

Source=Paul Collins Startup list

[Kryptel Component Start]
Number=4430
Confirmed=U
Filename=Kicker.exe
Description=<a href="http://www.kryptel.com/products/kryptel/" target="_blank">Kryptel</a> encryption software
Source=Paul Collins Startup list

[ksrlnhm]
Number=4431
Confirmed=X
Filename=zxatgso.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderli.html" target=_blank>DLOADER-LI</a> TROJAN!
Source=Paul Collins Startup list

[Ksrv32]
Number=4432
Confirmed=X
Filename=Ksrv32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotpi.html" target=_blank>AGOBOT-PI</a> WORM!
Source=Paul Collins Startup list

[KTAX Auto Loader]
Number=4433
Confirmed=X
Filename=ktax.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotmz.html" target=_blank>SDBOT-MZ</a> WORM!
Source=Paul Collins Startup list

[ktchnsnk]
Number=4434
Confirmed=U
Filename=ktchnsnk.exe
Description=HP program found with the Office Jet 500/600/700 series which initializes the Office Jet manager each time the computer is booted up or rebooted
Source=Paul Collins Startup list

[KV2005]
Number=4435
Confirmed=X
Filename=word.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbiw.html" target=_blank>IW</a> TROJAN!
Source=Paul Collins Startup list

[kv3000]
Number=4436
Confirmed=X
Filename=lover.vbe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-011918-3314-99" target="_blank">ZSYANG.B</a> WORM!
Source=Paul Collins Startup list

[kvern16.dll]
Number=4437
Confirmed=X
Filename=regsvr32.exe [path] kvern16.dll
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=DailyWinner&threatid=4143" target=_blank>DailyWinner</a> adware

Source=Paul Collins Startup list

[KV_HOST]
Number=4438
Confirmed=X
Filename=cxjx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmirbb.html" target=_blank>LEGMIR-BB</a> TROJAN!
Source=Paul Collins Startup list

[kw3eef76]
Number=4439
Confirmed=X
Filename=rundll32.exe [path] kw3eef76.dll, EnableRunDLL32
Description=<a href="http://www.spywareguide.com/product_show.php?id=853" target="_blank">LZIO.com</a> adware downloader
Source=Paul Collins Startup list

[kX Mixer]
Number=4440
Confirmed=N
Filename=kxmixer.exe
Description=Provides Mixer and Control functionality to KxProject Audio driver for EMU10k based soundcards
Source=Paul Collins Startup list

[KX509]
Number=4441
Confirmed=U
Filename=kx509_kfwk5.exe
Description=<a href="http://web.mit.edu/Kerberos/" target="_blank">Kerberos</a> Secure Authentication for Windows
Source=Paul Collins Startup list

[KYE_Showicon]
Number=4442
Confirmed=?
Filename=shwicon.exe
Description=Card reader for memory cards from digital cameras.<font color="#FF0000"> Is it required? </font>
Source=Paul Collins Startup list

[KYK Control Settings]
Number=4443
Confirmed=X
Filename=KYSVCXD.EXE
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[KYM Control Settings]
Number=4444
Confirmed=X
Filename=phqghum.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BQD&VSect=P" target=_blank>RBOT.BQD</a> WORM!
Source=Paul Collins Startup list

[L4r1$$a]
Number=4445
Confirmed=X
Filename=L4r1$$a.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32assiralc.html" target= blank>ASSIRAL-C</a> WORM!
Source=Paul Collins Startup list

[laltin]
Number=4446
Confirmed=X
Filename=L90112201.Stub.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076775" target="_blank">Delfin Media Viewer</a> adware related
Source=Paul Collins Startup list

[LAN Driver]
Number=4447
Confirmed=X
Filename=landriver32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BT&VSect=P" target=_blank>RBOT.BT</a> WORM!
Source=Paul Collins Startup list

[lanbrup]
Number=4448
Confirmed=X
Filename=lanbrup.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050804-2316-99" target=_blank>SafeSurfing</a> adware
Source=Paul Collins Startup list

[LanguageMonitor]
Number=4449
Confirmed=U
Filename=Oplmsb01.exe
Description=OKI Printer language support monitor
Source=Paul Collins Startup list

[LanGuard]
Number=4450
Confirmed=X
Filename=languard.exe
Description=Adware downloader - also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojsecondtc.html" target=_blank>SECONDT-C</a> TROJAN!
Source=Paul Collins Startup list

[LanGuard]
Number=4451
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadervo.html" target=_blank>DLOADER-VO</a> TROJAN!
Source=Paul Collins Startup list

[LANMessage Pro]
Number=4452
Confirmed=U
Filename=LANMES~1.exe
Description=<a href="http://www.dimaware.com/lanmessage/lanmessage.html" target="_blank">LANMessage Pro</a> - "a powerful tool for communicating with other people on your office/home network"
Source=Paul Collins Startup list

[LanSpeed2]
Number=4453
Confirmed=U
Filename=LanSpeed2.exe
Description=Monitors any traffic that is using a LAN adapter (Ethernet or Token ring network card)
Source=Paul Collins Startup list

[LaoKey]
Number=4454
Confirmed=U
Filename=LaoKey.exe
Description=Lao Script for Windows <a href="http://www.laoscript.net/" target="_blank">(LSWin)</a> is an extension to the Windows operating system to allow Lao language to be used with many different Windows-based applications
Source=Paul Collins Startup list

[LapLink scheduler]
Number=4455
Confirmed=U
Filename=Llsched.exe
Description=Utility that automatically performs file transfers as unattended background operations
Source=Paul Collins Startup list

[Lar]
Number=4456
Confirmed=X
Filename=Llass.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojinora.html" target="_blank">INOR-A</a> TROJAN!
Source=Paul Collins Startup list

[lar]
Number=4457
Confirmed=X
Filename=[trojan filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121018-2721-99" target="_blank">ROXY.C</a> TROJAN!
Source=Paul Collins Startup list

[LARISSA ANTI VIRUS]
Number=4458
Confirmed=X
Filename=LARISSA_ANTI_VIRUS.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030223-4952-99" target=_blank>KLASSIR</a> TROJAN!
Source=Paul Collins Startup list

[Lasb]
Number=4459
Confirmed=?
Filename=ewat.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[LasErma]
Number=4460
Confirmed=X
Filename=Ermasys32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lermaa.html" target=_blank>LERMA-A</a> WORM!
Source=Paul Collins Startup list

[LAsIAf32]
Number=4461
Confirmed=X
Filename=RePEAtLD.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101919-5717-99" target="_blank">REPEATLD</a> WORM!
Source=Paul Collins Startup list

[LASTinst]
Number=4462
Confirmed=Y
Filename=N/A
Description=For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out
Source=Paul Collins Startup list

[Later]
Number=4463
Confirmed=?
Filename=later.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[LaunApp]
Number=4464
Confirmed=U
Filename=LaunApp.exe
Description=Part of Acer Launch Manager - programmable keys on such laptops as the TravelMate 610
Source=Paul Collins Startup list

[Launcg]
Number=4465
Confirmed=?
Filename=launcg.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Launch Ai Booster]
Number=4466
Confirmed=U
Filename=OverClk.exe
Description=ASUS Ai Booster is an application that allows you to overclock the CPU either manually or automatically without the hassle of entering the BIOS Setup
Source=Paul Collins Startup list

[Launch Context 5.0]
Number=4467
Confirmed=N
Filename=Launch.exe
Description=<a href="http://www.informatic.ru/" target="_blank">Context</a> - electronic dictionary
Source=Paul Collins Startup list

[Launch LCDMon]
Number=4468
Confirmed=U
Filename=LCDMon.exe
Description=<a href="http://www.logitech.com/index.cfm/downloads/software/US/EN,CRID=322,CONTENTID=10824" target=_blank>Logitech</a> LCD G-Series software driver

Source=Paul Collins Startup list

[Launch LCDMon]
Number=4469
Confirmed=N
Filename=LCDMon.exe
Description=Driver/utility for Logitech G-Series gaming keyboards and mice
Source=Paul Collins Startup list

[Launch LGDCore]
Number=4470
Confirmed=U
Filename=LGDCore.exe
Description=Driver/utility for Logitech G-Series gaming keyboards and mice
Source=Paul Collins Startup list

[Launch Norton AntiVirus 2000]
Number=4471
Confirmed=X
Filename=jorgf.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaui.html" target=_blank>RBOT-AUI</a> WORM!
Source=Paul Collins Startup list

[Launch YahooPOPs! at Windows startup]
Number=4472
Confirmed=N
Filename=YAHOOPOPS.EXE
Description=<a href="http://yahoopops.sourceforge.net/" target="_blank">YahooPOPs</a> - enables free POP3/SMTP access to Yahoo! Mail through a service on localhost that emulates the web interface. Available via Start -&gt Programs
Source=Paul Collins Startup list

[LaunchAp]
Number=4473
Confirmed=U
Filename=LaunchAp.exe
Description=Programmable keys on Acer, Fujitsu and other laptops
Source=Paul Collins Startup list

[LaunchApp]
Number=4474
Confirmed=U
Filename=Alaunch.exe
Description=<a href="http://global.acer.com/" target="_blank">Acer</a> Launch tool utility on laptops
Source=Paul Collins Startup list

[Launchboard]
Number=4475
Confirmed=U
Filename=lnchbrd.exe
Description=&quot;LaunchBoard software from Darwin turns your keyboard into a remote control for the Internet and your computer! With LaunchBoard 2.0, you can customize up to 38 keys on your PC keyboard to instantly launch Web Sites, start applications, perform custom macros, handle Windows shortcuts, store passwords, and perform loads of other customizable functions&quot;
Source=Paul Collins Startup list

[Launcher]
Number=4476
Confirmed=X
Filename=launcher.exe
Description=Spyware component related to DownloadWare and found in Program FilesKFH
Source=Paul Collins Startup list

[Launcher]
Number=4477
Confirmed=N
Filename=relaunch.exe
Description=Audio Applications Launcher for the Philips Rythmic Edge soundcard (the Philips Rhythmic Edge is the same as the Thunderbird PCI soundcard - see TBtray). Available via Start -> Programs
Source=Paul Collins Startup list

[Lavasoft Ad-Aware]
Number=4478
Confirmed=X
Filename=Ad-Aware.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotso.html" target=_blank>RBOT-SO</a> WORM! Note - this is not the popular <a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-aware</a> spware/adware removal tool
Source=Paul Collins Startup list

[Lavasoft Adwatch]
Number=4479
Confirmed=U
Filename=Ad-watch.exe
Description=Part of Lavasoft <a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-aware Plus</a> - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system
Source=Paul Collins Startup list

[laxmsp32.exe]
Number=4480
Confirmed=Y
Filename=laxmsp32.exe
Description=Lexmark Scan and Copy Control Program for the X63 (and maybe others) printer/scanner. Required for the scanner to work&nbsp;
Source=Paul Collins Startup list

[layersldm]
Number=4481
Confirmed=X
Filename=hostplsrvc.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Laz]
Number=4482
Confirmed=X
Filename=Kernn.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosln.html" target= blank>BANCOS-LN</a> WORM!
Source=Paul Collins Startup list

[Lcass]
Number=4483
Confirmed=X
Filename=Lcass.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sillyfdcw.html" target="_blank">SILLYFDC-W</a> WORM!
Source=Paul Collins Startup list

[LCDC]
Number=4484
Confirmed=U
Filename=LCDC.exe
Description=<a href="http://www.lcdc.cc/about.htm" target="_blank">LCDC</a> is an application that displays various information on your LCD or VFD screen. The number of things that LCDC can do is expandable by Plugins
Source=Paul Collins Startup list

[LCDMon]
Number=4485
Confirmed=Y
Filename=LCDMon.exe
Description=Driver/utility for Logitech G-Series gaming keyboards and mice
Source=Paul Collins Startup list

[LCDPlayer]
Number=4486
Confirmed=Y
Filename=LCDPlyer.exe
Description=Related to <a href="http://www.superadblocker.com/" target=_blank>SuperAdBlocker</a>
Source=Paul Collins Startup list

[lcfep]
Number=4487
Confirmed=N
Filename=lcfep.exe
Description=Tivoli 'TME' System Tray icon - "'lcfep' is the program that displays statistics about the Endpoint. Apparently stopping/removing this process has no impact on the Endpoint itself which will continue to function normally"
Source=Paul Collins Startup list

[LCIDConfig]
Number=4488
Confirmed=?
Filename=lcidchng.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[LClock]
Number=4489
Confirmed=U
Filename=lclock.exe
Description=<a href="http://www.softpedia.com/get/Desktop-Enhancements/Clocks-Time-Management/LClock.shtml" target=_blank>LClock</a> is a program that makes the Windows' clock look like a Windows Longhorn Clock
Source=Paul Collins Startup list

[lcvga]
Number=4490
Confirmed=X
Filename=lcvga.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojhostola.html" target=_blank>HOSTOL-A</a> TROJAN!

Source=Paul Collins Startup list

[ld]
Number=4491
Confirmed=X
Filename=ld.exe
Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#tooncomics" target=_blank>Tooncomics</a> parasite affiliate variant - redirects to fastwebfinder.com
Source=Paul Collins Startup list

[LDM]
Number=4492
Confirmed=N
Filename=backweb-8876480.exe
Description=Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech
Source=Paul Collins Startup list

[LDM]
Number=4493
Confirmed=N
Filename=ldmconf.exe
Description=Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech
Source=Paul Collins Startup list

[LDM]
Number=4494
Confirmed=N
Filename=LogitechDesktopMessenger.exe
Description=Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech
Source=Paul Collins Startup list

[ldriver]
Number=4495
Confirmed=X
Filename=ldriver.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojchorusa.html" target=_blank>CHORUS-A</a> TROJAN! Searchforfree browser hijacker
Source=Paul Collins Startup list

[LED TRAY]
Number=4496
Confirmed=U
Filename=LEDTRAY.EXE
Description=Installs a USB compact flash card reader or drive on start-up. The device is distributed by Microtech and is made by a company called SnapShot. Required if you want the reader to work
Source=Paul Collins Startup list

[ledpointer]
Number=4497
Confirmed=U
Filename=CNYHKey.exe
Description=Chicony Electronics Multimedia Keyboard Hotkey Driver
Source=Paul Collins Startup list

[LeechGet]
Number=4498
Confirmed=N
Filename=LeechGet.exe
Description=<a href="http://www.leechget.de/">LeechGet</a> download manager
Source=Paul Collins Startup list

[leeman]
Number=4499
Confirmed=X
Filename=leeman.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcosiamd.html" target=_blank>COSIAM-D</a> TROJAN!
Source=Paul Collins Startup list

[LEMSRV]
Number=4500
Confirmed=X
Filename=lemsrv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbottc.html" target="_blank">IRCBOT-TC</a> TROJAN!
Source=Paul Collins Startup list

[LetsSearch]
Number=4501
Confirmed=X
Filename=LetsSearch.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrowserAid&threatid=3342" target="_blank">BrowserAid/BrowserPal</a> foistware
Source=Paul Collins Startup list

[Letum]
Number=4502
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_LETUM.A" target="_blank">LETUM.A</a> WORM!
Source=Paul Collins Startup list

[Lexmark **** Series]
Number=4503
Confirmed=U
Filename=lxbabmgr.exe
Description=Lexmark System Tray application (where "****" is the model) that enables scan or fax functions to run directly from the printer via the buttons. Can be launched from a desktop shortcut
Source=Paul Collins Startup list

[Lexmark **** Series]
Number=4504
Confirmed=U
Filename=lxbkbmgr.exe
Description=Lexmark System Tray application (where "****" is the model) that enables scan or fax functions to run directly from the printer via the buttons. Can be launched from a desktop shortcut
Source=Paul Collins Startup list

[Lexmark **** series]
Number=4505
Confirmed=U
Filename=lxbtbmgr.exe
Description=Lexmark System Tray application (where "****" is the model) that enables scan or fax functions to run directly from the printer via the buttons. Can be launched from a desktop shortcut
Source=Paul Collins Startup list

[Lexmark **** Series]
Number=4506
Confirmed=U
Filename=lxbmbmgr.exe
Description=Lexmark System Tray application (where "****" is the model) that enables scan or fax functions to run directly from the printer via the buttons. Can be launched from a desktop shortcut
Source=Paul Collins Startup list

[Lexmark 2200 Series Button Manager]
Number=4507
Confirmed=Y
Filename=lxbvbmgr.exe
Description=Lexmark printer button manager. Required for correct operation
Source=Paul Collins Startup list

[Lexmark 3100 Series]
Number=4508
Confirmed=Y
Filename=lxbrbmgr.exe
Description=Lexmark printer button manager. Required for correct operation

Source=Paul Collins Startup list

[Lexmark X6100 Series]
Number=4509
Confirmed=Y
Filename=lxbfbmgr.exe
Description=Lexmark X6100 printer button manager - required for correct operation
Source=Paul Collins Startup list

[Lexmark Xxx Button Manager]
Number=4510
Confirmed=Y
Filename=AcBtnMgr_Xxx.exe
Description=Associated with the Lexmark Xxx (where &quot;xx&quot; is the model) all-in-one printer/scanner/copier. Required for correct operation
Source=Paul Collins Startup list

[Lexmark Xxx Button Monitor]
Number=4511
Confirmed=Y
Filename=ACMonitor_Xxx.exe
Description=Associated with the Lexmark Xxx (where &quot;xx&quot; is the model) all-in-one printer/scanner/copier. Required for correct operation
Source=Paul Collins Startup list

[LexmarkPrinTray]
Number=4512
Confirmed=N
Filename=printray.exe
Description=Lexmark Printer icon in the System Tray for quick access. Not required - uncheck via Printer configuration rather than MSCONFIG. Can also be listed as PrinTray
Source=Paul Collins Startup list

[Lexmark_X79-55]
Number=4513
Confirmed=X
Filename=lsasss.exe
Description=Added by the <a href="http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-091612-5500-99" target="_blank">ZONEBAC</a> TROJAN!
Source=Paul Collins Startup list

[lexplore]
Number=4514
Confirmed=X
Filename=lexplore.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-012013-2855-99" target=_blank>BROPIA</a> WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer
Source=Paul Collins Startup list

[lexpps]
Number=4515
Confirmed=N
Filename=lexpps.exe
Description=For Lexmark printers. From Lexmark: &quot;This enables bi-directional printing over a peer to peer network. If the printer is connected directly to your PC, the file is not used, (or should not be used) at all&quot;. It is known that firewalls can however alert you to &quot;lexpps.exe&quot; requesting server privileges
Source=Paul Collins Startup list

[LexStart]
Number=4516
Confirmed=U
Filename=lexstart.exe
Description=Lexmark printer software may add Lexstart.exe in the startup folder to handle print commands that you send to the printer. Sometimes required for the printer to work correctly - not in the case of a Lexmark Z42 for instance
Source=Paul Collins Startup list

[Lfh]
Number=4517
Confirmed=X
Filename=Lfh.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzaurgaa.html" target= blank>ZAURGA-A</a> TROJAN!
Source=Paul Collins Startup list

[Lfsndmng]
Number=4518
Confirmed=U
Filename=lfsndmng.exe
Description=<a href="http://www.lightningfax.com/" target="_blank">LightningFAX</a> Enterprise Fax Server - "puts faxing at the fingertips of networked enterprise users. It enables rapid, secure sending and Direct-To-Desktop Delivery of mission-critical documents"
Source=Paul Collins Startup list

[LGDCore]
Number=4519
Confirmed=U
Filename=LGDCore.exe
Description=Driver/utility for Logitech G-Series gaming keyboards and mice
Source=Paul Collins Startup list

[lgm]
Number=4520
Confirmed=X
Filename=lgm.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32acidf.html" target="_blank">ACID-F</a> WORM!
Source=Paul Collins Startup list

[LGODDFU]
Number=4521
Confirmed=U
Filename=fwupdate.exe
Description=Auto firmware update program for LG Electronics CD-ROM/DVD writer
Source=Paul Collins Startup list

[LgWDskTp]
Number=4522
Confirmed=U
Filename=LgWDskTp.exe
Description=Logitech <a href="http://www.logitech.com/" target="_blank">Wireless Desktop</a> mouse and keyboard software. There is an icon for this program on the taskbar next to the clock
Source=Paul Collins Startup list

[lhttseng]
Number=4523
Confirmed=N
Filename=rundll32.exe ..lhttseng.inf, RemoveCabinet
Description=Left over after installation of the British English version of the Lernout &amp; Hauspie Text To Speech (TTS) Engine
Source=Paul Collins Startup list

[li-multi****]
Number=4524
Confirmed=X
Filename=li-multi****.exe
Description=Adult web-dialler - **** is random
Source=Paul Collins Startup list

[li-rcash00001]
Number=4525
Confirmed=X
Filename=vldial.exe
Description=Added by the <a href="http://www.actualresearch.fr/arunlist-306.html" target=_blank>Vl</a> TROJAN! 
Source=Paul Collins Startup list

[li-speed****]
Number=4526
Confirmed=X
Filename=dlres.exe
Description=Adult web-dialler - **** is random
Source=Paul Collins Startup list

[li-thund****]
Number=4527
Confirmed=X
Filename=li-thund****.exe
Description=Adult web-dialler - **** is random
Source=Paul Collins Startup list

[li-vita****]
Number=4528
Confirmed=X
Filename=li-vita****.exe
Description=Adult web-dialler - **** is random
Source=Paul Collins Startup list

[li01f948]
Number=4529
Confirmed=X
Filename=rundll32.exe [path] li01f948.dll, EnableRunDLL32
Description=<a href="http://www.spywareguide.com/product_show.php?id=853" target="_blank">LZIO.com</a> adware downloader
Source=Paul Collins Startup list

[LicCrtl]
Number=4530
Confirmed=N
Filename=runservice.exe
Description=Part of the <a href="http://www.elicense.com/" target=_blank>eLicense</a> Copy Protection scheme employed by some software and games. When this service is not running, the eLicense wrapper is unable to extract and execute the program
Source=Paul Collins Startup list

[LicCtrl]
Number=4531
Confirmed=U
Filename=rundll32.exe [path] MMFS.DLL, Service
Description=Part of the eLicense Copy Protection scheme employed by some software and games. When this service is not running, the eLicense wrapper is unable to extract and execute the program

Source=Paul Collins Startup list

[License Manager]
Number=4532
Confirmed=X
Filename=license_manager.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453097812" target=_blank>MediaPipe</a> peer-to-peer file swapping program also <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MediaPipe/MovieLand&threatid=44525" target=_blank>reported</a> as a hijacker
Source=Paul Collins Startup list

[lich]
Number=4533
Confirmed=X
Filename=lich.exe
Description=Added by <a href="http://www.sophos.com/virusinfo/analyses/trojqlowzonbn.html" target=_blank>QLOWZON-BN</a> TROJAN!
Source=Paul Collins Startup list

[LidPolicy]
Number=4534
Confirmed=U
Filename=pwrschem.exe
Description=A utility for configuring certain HP notebook models to enter Standby mode when the lid is closed only when running on battery
Source=Paul Collins Startup list

[Life FireWall Update1]
Number=4535
Confirmed=X
Filename=FireWall-Update1.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotars.html" target=_blank>RBOT-ARS</a> WORM!
Source=Paul Collins Startup list

[LifeCam]
Number=4536
Confirmed=?
Filename=LifeExp.exe
Description=Related to Microsoft's <a href="http://www.microsoft.com/hardware/digitalcommunication/Productlist.aspx?type=LifeCam" target="_blank">LifeCam</a> series of webcams. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[LifeDrive Manager]
Number=4537
Confirmed=N
Filename=LifeDriveMgr.exe
Description=Keeps the Palm <a href="http://www.palm.com/us/products/mobilemanagers/lifedrive/" target=blank>LifeDrive Manager</a> utility in the systray. Shortcut available via Start -> Programs
Source=Paul Collins Startup list

[LifeDrive™ Manager]
Number=4538
Confirmed=U
Filename=LifeDriveMgrTray.exe
Description=System Tray utility for the Palm <a href="http://www.palm.com/us/products/mobilemanagers/lifedrive/" target="_blank">LifeDrive</a> Mobile Manager
Source=Paul Collins Startup list

[LifeScape Media Detector]
Number=4539
Confirmed=N
Filename=PicasaMediaDetector.exe
Description=Media detector for <a href="http://www.picasa.net/" target="_blank">Picasa</a>'s automatic photo organizer
Source=Paul Collins Startup list

[lify]
Number=4540
Confirmed=X
Filename=yujixit.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Lightning Download]
Number=4541
Confirmed=U
Filename=Lightning.exe
Description=<a href="http://www.lightningdownload.com/index.shtml" target=_blank>Lightning Download</a> download manager. Can be launched manually, but will need to start up if you want it to "catch clicks" off Internet Explorer

Source=Paul Collins Startup list

[Limewire]
Number=4542
Confirmed=X
Filename=LimeWire.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagh.html" target=_blank>RBOT-AGH</a> WORM!
Source=Paul Collins Startup list

[LimeWire x.x]
Number=4543
Confirmed=N
Filename=LimeWire.exe
Description=<a href="http://www.limewire.com/" target="_blank">LimeWire</a> - Peer to Peer (P2P) file-sharing client. x.x represents the version number. Note - as with all P2P sharing programs they are susceptible to various forms of malware
Source=Paul Collins Startup list

[Limpet]
Number=4544
Confirmed=X
Filename=explorer16.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajd.html" target=_blank>RBOT-AJD</a> WORM!
Source=Paul Collins Startup list

[Line Speed Meter V3.0]
Number=4545
Confirmed=N
Filename=LineSpeedMeter.exe
Description=<a href="http://www.tcpiq.com/tcpiq/linespeed/Default.asp" target="_blank">LineSpeedMeter</a> - detect the download and upload speed of your internet connection
Source=Paul Collins Startup list

[Lingvo Launcher]
Number=4546
Confirmed=U
Filename=Lvagent.exe
Description=<a href="http://www.abbyy.com/lingvo/" target="_blank">ABBYY Lingvo</a> Electronic Dictionaries
Source=Paul Collins Startup list

[LingvoTraining]
Number=4547
Confirmed=U
Filename=Tutor.exe
Description=<a href="http://www.abbyy.com/lingvo/" target="_blank">ABBYY Lingvo</a> Electronic Dictionaries
Source=Paul Collins Startup list

[Linker]
Number=4548
Confirmed=X
Filename=LinkMaker.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-112515-1837-99" target=_blank>Links</a> adware
Source=Paul Collins Startup list

[links]
Number=4549
Confirmed=X
Filename=links.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlowzonebi.html" target=_blank>LOWZONE-BI</a> TROJAN!
Source=Paul Collins Startup list

[Linksts]
Number=4550
Confirmed=N
Filename=linksts.exe
Description=Tray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor or configure your ISDN card. Once you have configured your ISDN card correctly, you will never need to use this icon
Source=Paul Collins Startup list

[Linksts]
Number=4551
Confirmed=X
Filename=linksts.exe
Description=Tray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor or configure your ISDN card. Once you have configured your ISDN card correctly, you will never need to use this icon
Source=Paul Collins Startup list

[Linksys Modem Drivers]
Number=4552
Confirmed=X
Filename=linksys.exe
Description=Added by the IRCBOT.VD WORM!
Source=Paul Collins Startup list

[linkyuu]
Number=4553
Confirmed=X
Filename=linkuyy.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DLOADER.MC" target="_blank">DLOADER.MC</a> TROJAN!
Source=Paul Collins Startup list

[Linux]
Number=4554
Confirmed=X
Filename=Linux.vbs
Description=Added by the <a href="http://vil.nai.com/vil/content/v_98684.htm" target="_blank">LOVELETTER.AS</a> VIRUS!
Source=Paul Collins Startup list

[LiquidView]
Number=4555
Confirmed=U
Filename=lviewj.exe
Description="Liquid View lets you increase the legibility of the Microsoft Windows interface regardless of your display's native resolution. The software lets you increase the size of items that are hard to read on your monitor"
Source=Paul Collins Startup list

[Lisa]
Number=4556
Confirmed=X
Filename=Lisa.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/dialscomd.html" target= blank>SCOM-D</a> premium rate adult content dialler
Source=Paul Collins Startup list

[List checker 32 BIT]
Number=4557
Confirmed=X
Filename=list32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaho.html" target=_blank>RBOT-AHO</a> WORM!
Source=Paul Collins Startup list

[Litebot]
Number=4558
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlitebota.html" target=_blank>LITEBOT-A</a> TROJAN!
Source=Paul Collins Startup list

[LIU]
Number=4559
Confirmed=N
Filename=LIU.exe
Description=Logitech Internet Update. Used to update drivers/software for Logitech's Wingman, QuickCam, etc devices. Reports claim it doesn't work very well and you can manually update the files anyway
Source=Paul Collins Startup list

[LIU]
Number=4560
Confirmed=N
Filename=Rubicon.exe
Description=Logitech Internet Update. Used to update drivers/software for Logitech's Wingman, QuickCam, etc devices. Reports claim it doesn't work very well and you can manually update the files anyway
Source=Paul Collins Startup list

[Live Menu]
Number=4561
Confirmed=N
Filename=Dllcmd32.exe
Description=eFax Send button for eFax Messenger Plus. Available via Start -> Programs Disabling instructions available <a href="http://home.efax.com/I18N/FAQ/faq_uk.html" target="_blank">here</a>
Source=Paul Collins Startup list

[Live-Help]
Number=4562
Confirmed=X
Filename=lmns.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotghe.html" target="_blank">RBOT-GHE</a> WORM!
Source=Paul Collins Startup list

[LiveMonitor]
Number=4563
Confirmed=N
Filename=LMonitor.exe
Description=MSI Live Update - auto-detects and suggests the latest BIOS/Driver/Utilities information
Source=Paul Collins Startup list

[LiveNote]
Number=4564
Confirmed=N
Filename=Livenote.exe
Description=Asus graphics card driver live update feature
Source=Paul Collins Startup list

[LiveSexCams]
Number=4565
Confirmed=X
Filename=LiveSexCams.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list

[LiveUpdate]
Number=4566
Confirmed=U
Filename=LiveUpdate.exe
Description=Web-update utility as used by various types of software - see <a href="http://liveupdate.openwares.org/" target="_blank">here</a>
Source=Paul Collins Startup list

[LiveUpdate]
Number=4567
Confirmed=X
Filename=[Windows username]05.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-011211-3355-99" target=_blank>LINEAGE</a> TROJAN!
Source=Paul Collins Startup list

[Livre]
Number=4568
Confirmed=X
Filename=Dibane.bat
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-122111-3421-99" target=_blank>BANEDI</a> VIRUS!
Source=Paul Collins Startup list

[Ljx]
Number=4569
Confirmed=X
Filename=rundll32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagabd.html" target="_blank">LINEAG-ABD</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll32/" target="_blank">rundll32.exe</a> process, which is found in the Windows folder (98\ME) or the System32 folder(NT\2000\XP). This file is located in the "inf" sub-folder
Source=Paul Collins Startup list

[lk3h1]
Number=4570
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmosuckg.html" target=_blank>MOSUCK-G</a> TROJAN!
Source=Paul Collins Startup list

[LLMODCL2]
Number=4571
Confirmed=?
Filename=rundll.exe setupx.dll, InstallHinfSection ..LLMODCL2.INF
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[llsass]
Number=4572
Confirmed=X
Filename=llsass.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojproxygg.html" target=_blank>PROXY-GG</a> TROJAN! Note - this malware actually changes the default value data of the registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
Source=Paul Collins Startup list

[LM Status]
Number=4573
Confirmed=N
Filename=LMSTATUS.EXE
Description=Xerox WorkCenter XE - language monitor status application
Source=Paul Collins Startup list

[LMA Manager]
Number=4574
Confirmed=X
Filename=lmamanager.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32tilebotad.html" target=_blank>TILEBOT-AD</a> WORM!
Source=Paul Collins Startup list

[LManager]
Number=4575
Confirmed=U
Filename=QtZgAcer.EXE
Description=Acer Launch Manager - on Acer laptops it allows users to configure shortcut keys and to set the operating state of the WLAN module and the (optional) Bluetooth radio
Source=Paul Collins Startup list

[LManager]
Number=4576
Confirmed=U
Filename=QtZpAcer.exe
Description=Acer Launch Manager - on Acer laptops it allows users to configure shortcut keys and to set the operating state of the WLAN module and the (optional) Bluetooth radio

Source=Paul Collins Startup list

[LManager]
Number=4577
Confirmed=U
Filename=HotkeyApp.exe
Description=Acer Launch Manager - on Acer laptops it allows users to configure shortcut keys and to set the operating state of the WLAN module and the (optional) Bluetooth radio
Source=Paul Collins Startup list

[LManager]
Number=4578
Confirmed=U
Filename=QtaET2S.EXE
Description=Acer Launch Manager - on Acer laptops, provides configurability for the special keys on their range of multimedia keyboards

Source=Paul Collins Startup list

[lMAPl]
Number=4579
Confirmed=X
Filename=lMAPl.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotre.html" target= blank>AGOBOT-RE</a> WORM!
Source=Paul Collins Startup list

[LMgrOSD]
Number=4580
Confirmed=U
Filename=OSDCtrl.exe
Description=OSD (on-screen-display) utility - part of Acer Launch Manager. Gives you control to customize the monitor to your liking...from sound, brightness, contrast, horizontal and vertical positions, phase, pixel clock, color and language
Source=Paul Collins Startup list

[LMonitor]
Number=4581
Confirmed=N
Filename=LMonitor.exe
Description=MSI Live Update - auto-detects and suggests the latest BIOS/Driver/Utilities information
Source=Paul Collins Startup list

[lmpdpsrv]
Number=4582
Confirmed=?
Filename=lmpdpsrv.exe
Description=<font color="#FF0000">Related to a Lexmark printer/scanner. Printer sharing server? Is it required?</font>
Source=Paul Collins Startup list

[lmrt]
Number=4583
Confirmed=X
Filename=lmrt.exe
Description=Unidentified adware
Source=Paul Collins Startup list

[LMSTATUS]
Number=4584
Confirmed=N
Filename=LMSTATUS.EXE
Description=Xerox WorkCenter XE - language monitor status application
Source=Paul Collins Startup list

[LMSXXD]
Number=4585
Confirmed=Y
Filename=LMSXXD.exe
Description=Driver for Xerox XD series printer/copiers

Source=Paul Collins Startup list

[lmu]
Number=4586
Confirmed=X
Filename=LMU.exe
Description=Downloader trojan, recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Agent.bg
Source=Paul Collins Startup list

[lnternet Explorer]
Number=4587
Confirmed=X
Filename=AMSNDMGR.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102417-3931-99" target="_blank">KWBOT.R</a> WORM! Note that the "l" is a lower case "L" and not an upper case "I"
Source=Paul Collins Startup list

[lnwin.exe]
Number=4588
Confirmed=X
Filename=lnwin.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadratc.html" target="_blank">DLOADR-ATC</a> TROJAN!
Source=Paul Collins Startup list

[load]
Number=4589
Confirmed=X
Filename=mdm.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030215-5059-99" target=_blank>BINGHE</a> TROJAN!
Source=Paul Collins Startup list

[load]
Number=4590
Confirmed=X
Filename=msgsr32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotqr.html" target=_blank>SDBOT-QR</a> WORM!
Source=Paul Collins Startup list

[load]
Number=4591
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042215-3749-99" target= blank>KELVIR.AI</a> WORM!
Source=Paul Collins Startup list

[Load]
Number=4592
Confirmed=X
Filename=MyGame.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lameyeara.html" target=_blank>LAMEYEAR-A</a> WORM!
Source=Paul Collins Startup list

[load]
Number=4593
Confirmed=X
Filename=_Kerne1.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagean.html" target=_blank>LINEAGE-AN</a> TROJAN!
Source=Paul Collins Startup list

[load]
Number=4594
Confirmed=X
Filename=Internat.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-073115-1710-99" target=_blank>WOWCRAFT</a> TROJAN!
Source=Paul Collins Startup list

[load]
Number=4595
Confirmed=X
Filename=rundll32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-073115-1710-99" target=_blank>WOWCRAFT</a> TROJAN!
Source=Paul Collins Startup list

[load]
Number=4596
Confirmed=X
Filename=svhost32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-073115-1710-99" target=_blank>WOWCRAFT</a> TROJAN!
Source=Paul Collins Startup list

[load]
Number=4597
Confirmed=X
Filename=svchsot.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojgwghosto.html" target=_blank>GWGHOST-O</a> TROJAN!
Source=Paul Collins Startup list

[load]
Number=4598
Confirmed=X
Filename=explorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineageoz.html" target="_blank">LINEAGE-OZ</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[load]
Number=4599
Confirmed=X
Filename=Kerne121.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineageon.html" target=_blank>LINEAGE-ON</a> TROJAN!
Source=Paul Collins Startup list

[load]
Number=4600
Confirmed=X
Filename=Kerne1211.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagedy.html" target="_blank">LINEAGE-DY</a> TROJAN!
Source=Paul Collins Startup list

[load]
Number=4601
Confirmed=X
Filename=rundl132.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lookedck.html" target="_blank">LOOKED-CK</a> WORM!
Source=Paul Collins Startup list

[Load Service]
Number=4602
Confirmed=X
Filename=SvHost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32pesind.html" target=_blank>PESIN-D</a> WORM!
Source=Paul Collins Startup list

[LOAD WB]
Number=4603
Confirmed=U
Filename=LOADWB.EXE
Description=Part of Stardock's <a href="http://www.windowblinds.net/" target="_blank">WindowBlinds</a> custom desktop program. &quot;WindowBlinds is the first utility of its kind. It extends Win98/NT/2K/XP to have a fully skinnable user interface. You can change the style of title bars, buttons, toolbars and much&nbsp;more&quot;. If you use it - keep it if not then uninstall it
Source=Paul Collins Startup list

[Load-Guard]
Number=4604
Confirmed=X
Filename=Wscript.exe LGuarg.exe.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110112-5735-99" target=_blank>YENO.B</a> and <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110113-0557-99" target=_blank>YENO.C</a> WORMS!
Source=Paul Collins Startup list

[LOAD32]
Number=4605
Confirmed=X
Filename=Lorena.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-070111-2336-99" target="_blank">MAPSON.C</a> WORM!
Source=Paul Collins Startup list

[load32]
Number=4606
Confirmed=X
Filename=load32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-073018-0732-99" target="_blank">NIBU</a>, <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-070217-3754-99" target="_blank">BAMBO</a> TROJANS and <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081610-1957-99" target="_blank">DUMARU</a> WORM!
Source=Paul Collins Startup list

[load32]
Number=4607
Confirmed=X
Filename=l32x.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-012516-4421-99" target="_blank">DUMARU.Z</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-012316-2557-99" target="_blank">DUMARU.Y</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-020314-4015-99" target="_blank">DUMARU.AD</a> WORM!
Source=Paul Collins Startup list

[load32]
Number=4608
Confirmed=X
Filename=1111a.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-021016-2312-99" target="_blank">DUMARU.AH</a> WORM!
Source=Paul Collins Startup list

[load32]
Number=4609
Confirmed=X
Filename=swchost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_TURTA.A" target="_blank">TURTA.A</a> WORM!
Source=Paul Collins Startup list

[load32]
Number=4610
Confirmed=X
Filename=netda.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-051115-0917-99" target=_blank>NIBU.E</a> TROJAN!
Source=Paul Collins Startup list

[load32]
Number=4611
Confirmed=X
Filename=winldra.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-032410-4542-99" target=_blank>BACKDOOR.NIBU.J</a> or <a href="http://www.sophos.com/virusinfo/analyses/trojdumarubi.html" target=_blank>DUMARU-BI</a> TROJANS! Note - also known as Srv.SSA-KeyLogger by Sunbelt Software which has developed a <a href="http://research.sunbelt-software.com/ssaclean.cfm" target=_blank>free removal tool</a> for this keylogger
Source=Paul Collins Startup list

[load=]
Number=4612
Confirmed=N
Filename=adw30.exe
Description=After Dark for Windows - screen saver program. Popular before screen savers were integrated into Win95
Source=Paul Collins Startup list

[load=]
Number=4613
Confirmed=U
Filename=asistat.exe
Description=Status monitor for an NEC SuperScript printer
Source=Paul Collins Startup list

[load=]
Number=4614
Confirmed=?
Filename=cfgsys32.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[load=]
Number=4615
Confirmed=U
Filename=esspk.exe
Description=Speakerphone capability through a soundcard for an <a href="http://www.esstech.com/" target="_blank">ESS</a> modem
Source=Paul Collins Startup list

[load=]
Number=4616
Confirmed=Y
Filename=hotkey.exe
Description=Solo 5300 display driver for Win2K on some Gateway laptops
Source=Paul Collins Startup list

[load=]
Number=4617
Confirmed=N
Filename=HPWHRC.EXE
Description=Loads the Status Window software for the HP Laserjet printers
Source=Paul Collins Startup list

[load=]
Number=4618
Confirmed=?
Filename=WPSLOAD.EXE
Description=<font color="#FF0000">Windows printing system that comes with the setup for Canon BJC series on the manufacturer's disk</font>
Source=Paul Collins Startup list

[load=]
Number=4619
Confirmed=N
Filename=vi_grm.exe
Description=Monitor drivers for Trio2x/3x based video cards - displays control panel for quick access to display settings
Source=Paul Collins Startup list

[load=]
Number=4620
Confirmed=?
Filename=WINOSCFG.EXE
Description=<font color="#FF0000">Could it be something to do with configuring Windows on a new PC from an OEM supplier?</font>
Source=Paul Collins Startup list

[load=]
Number=4621
Confirmed=Y
Filename=wpshrc.exe
Description=Required to prevent configuration errors on a Compaq LBP-660 and LBP-460 parallel port laser printers (and maybe others)
Source=Paul Collins Startup list

[load=]
Number=4622
Confirmed=Y
Filename=Bfrecv.exe
Description=Bitware modem driver
Source=Paul Collins Startup list

[load=]
Number=4623
Confirmed=X
Filename=msater.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102615-0959-99" target="_blank">RETSAM</a> TROJAN!
Source=Paul Collins Startup list

[load=]
Number=4624
Confirmed=X
Filename=shambl3r.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101611-1053-99" target="_blank">REMABL</a> WORM!
Source=Paul Collins Startup list

[load=]
Number=4625
Confirmed=X
Filename=Spoolsv.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112315-1255-99" target="_blank">CIADOOR.B</a> TROJAN! Note - "Spoolsv.exe" is located in the Windows or Winnt directory, and not in System32, like the legitimate Spoolsv.exe system file
Source=Paul Collins Startup list

[Load=]
Number=4626
Confirmed=?
Filename=wtfeat.exe
Description=<font color="#FF0000">Associated with the Wintab Digitizer</font>
Source=Paul Collins Startup list

[load=]
Number=4627
Confirmed=Y
Filename=AICLIENT.EXE
Description=Asset Insight from <a href="http://www.tangram.com/index.htm" target="_blank">Tangram</a> - asset managing software. Required if an organisation is running a centrally administered asset management system
Source=Paul Collins Startup list

[load=]
Number=4628
Confirmed=X
Filename=hint.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-071411-2649-99" target="_blank">ATAK</a> WORM!
Source=Paul Collins Startup list

[load=]
Number=4629
Confirmed=X
Filename=win32exec.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-101313-3332-99" target=_blank>BITTER</a> WORM!
Source=Paul Collins Startup list

[load=]
Number=4630
Confirmed=X
Filename=a1g.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120309-3312-99" target=_blank>ATAK.B</a> WORM!
Source=Paul Collins Startup list

[load=]
Number=4631
Confirmed=X
Filename=dapdll.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120709-3922-99" target=_blank>ATAK.E</a> WORM!
Source=Paul Collins Startup list

[load=]
Number=4632
Confirmed=X
Filename=svhost32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineageab.html" target=_blank>LINEAGE-AB</a> TROJAN!
Source=Paul Collins Startup list

[load=]
Number=4633
Confirmed=Y
Filename=01comm32.exe
Description=Related to <a href="http://www.elsa.com/EN/" target=_blank>Elsa</a> CommPro (Communicate Pro) access software for Microlink modems - this software contains answering machine and fax functions, plus a terminal program, a WWW-browser launch function, Internet telephony, and address management. Required if you use those
Source=Paul Collins Startup list

[load=]
Number=4634
Confirmed=X
Filename=inetinfo.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojproxygg.html" target=_blank>PROXY-GG</a> TROJAN!
Source=Paul Collins Startup list

[load=]
Number=4635
Confirmed=X
Filename=Kerne14.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineageba.html" target=_blank>LINEAGE-BA</a> TROJAN!
Source=Paul Collins Startup list

[Loadab1]
Number=4636
Confirmed=X
Filename=explorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineageaj.html" target="_blank">LINEAGE-AJ</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the Program Files folder
Source=Paul Collins Startup list

[LoadBlackD]
Number=4637
Confirmed=Y
Filename=blackd.exe
Description=This is the &quot;intrusion detection system&quot; of the <a href="http://blackice.iss.net/product_pc_protection.php" target="_blank">BlackICE PC Protection</a> (was Defender) firewall which loads independently of the &quot;user interface&quot; (BlackICE Utility)
Source=Paul Collins Startup list

[LoadBtnHnd]
Number=4638
Confirmed=?
Filename=BtnHnd.exe
Description=<font color="#FF0000">Fujitsu LifeBook related</font>
Source=Paul Collins Startup list

[LoadDBackUp]
Number=4639
Confirmed=X
Filename=BcTool.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-030413-4714-99" target="_blank">GIBE</a> WORM!

Source=Paul Collins Startup list

[loaddll]
Number=4640
Confirmed=X
Filename=loaddll.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-062413-4700-99" target=_blank>Winvest</a> spyware
Source=Paul Collins Startup list

[LoadDvpApi9x]
Number=4641
Confirmed=?
Filename=DVPAPI9X.exe
Description=<font color="#FF0000">Part of Command AntiVirus for Windows 95/98/Me. Is it needed?</font>
Source=Paul Collins Startup list

[loader]
Number=4642
Confirmed=X
Filename=loader.exe
Description=Homepage hijacker, redirecting to coolwwwsearch.com. Downloader for iedll.exe
Source=Paul Collins Startup list

[loader]
Number=4643
Confirmed=X
Filename=WMPLAYER.EXE
Description=Unknown baddie - WMPLAYER.EXE is stored in the location and uses the same name as Windows Media Player but that valid Windows program doesn't load at startup
Source=Paul Collins Startup list

[loader32]
Number=4644
Confirmed=X
Filename=Loader32.exe
Description=Added by an unidentified TROJAN!
Source=Paul Collins Startup list

[loader32 ]
Number=4645
Confirmed=X
Filename=sys*****.exe [***** = random digit]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031711-1511-99" target=_blank>DOMCOM</a> TROJAN!
Source=Paul Collins Startup list

[Loaders]
Number=4646
Confirmed=X
Filename=HeIp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotadb.html" target=_blank>SDBOT-ADB</a> WORM!
Source=Paul Collins Startup list

[loadfax]
Number=4647
Confirmed=X
Filename=loadfax.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojwinfluxc.html" target=_blank>WINFLUX-C</a> TROJAN!
Source=Paul Collins Startup list

[LoadFonts]
Number=4648
Confirmed=X
Filename=LoadFonts.vbs
Description=Homepage hijacker that changes your homepage to an adult content site
Source=Paul Collins Startup list

[LoadFonts]
Number=4649
Confirmed=X
Filename=Tahoma.vbs
Description=Homepage hijacker that changes your homepage to an adult content site
Source=Paul Collins Startup list

[LoadGolfCourses]
Number=4650
Confirmed=X
Filename=LoadGolfCourses.exe
Description=PlayMiniGolf.com foistware - stealth installed!
Source=Paul Collins Startup list

[LoadHTML]
Number=4651
Confirmed=X
Filename=rundll32.exe mshtmpre.dll, MShtmpre
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-032111-1154-99" target=_blank>Mshtmpre</a> adware
Source=Paul Collins Startup list

[LoadingAgent]
Number=4652
Confirmed=X
Filename=ZipLoader32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2001-102313-2131-99" target="_blank">OBLIVION</a> TROJAN! This executable is one of the most common but there are more
Source=Paul Collins Startup list

[LoadingAgent]
Number=4653
Confirmed=X
Filename=msload32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2001-102313-2131-99" target="_blank">OBLIVION</a> TROJAN! This executable is one of the most common but there are more
Source=Paul Collins Startup list

[LoadManager]
Number=4654
Confirmed=X
Filename=msload.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T" target="_blank">OPASERV.T</a> WORM!
Source=Paul Collins Startup list

[loadMecq0]
Number=4655
Confirmed=X
Filename=explorer.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022809-5525-99" target="_blank">MUMUBOY.C</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the Program Files folder
Source=Paul Collins Startup list

[loadMecq3]
Number=4656
Confirmed=X
Filename=rundll32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmiras.html" target=_blank>LEGMIR-AS</a> TROJAN!
Source=Paul Collins Startup list

[loadMect1]
Number=4657
Confirmed=X
Filename=explorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagel.html" target="_blank">LINEAGE-L</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the Program Files folder
Source=Paul Collins Startup list

[loadMefs]
Number=4658
Confirmed=X
Filename=rundll32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmirjb.html" target=_blank>LEGMIR-JB</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll32/" target=_blank>rundll32.exe</a> process, which is found in the Windows folder (98\ME) or the System32 folder(NT\2000\XP). This file is located in the Windows\inf or Winnt\inf folder
Source=Paul Collins Startup list

[loadMefs]
Number=4659
Confirmed=X
Filename=smss32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfloodel.html" target= blank>FLOOD-EL</a> TROJAN!
Source=Paul Collins Startup list

[LoadMSvcmm]
Number=4660
Confirmed=N
Filename=msvcmm32.exe
Description=Auto-update for <a href="http://www.movielink.com/" target="_blank">Movielink</a> - internet movie rental System Tray access
Source=Paul Collins Startup list

[LoadOrderVerification]
Number=4661
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_TRON.A" target="_blank">TRON.A</a> TROJAN!
Source=Paul Collins Startup list

[Loadout Manager]
Number=4662
Confirmed=U
Filename=nost_LM.exe
Description=Manager for the Belkin Nostromo n50 SpeedPad game controller - see <a href="http://www.lanparty.com/articles/belkinn50/belkinn50.shtml" target="_blank"> here</a>
Source=Paul Collins Startup list

[LoadPFW]
Number=4663
Confirmed=X
Filename=wmimgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32qedsb.html" target=_blank>QEDS-B</a> WORM!
Source=Paul Collins Startup list

[LoadPowerProfile]
Number=4664
Confirmed=X
Filename=ASDAPI.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-081913-0507-99" target="_blank">CABRO</a> TROJAN! Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dll
Source=Paul Collins Startup list

[LoadPowerProfile]
Number=4665
Confirmed=U
Filename=Rundll32.exe powrprof.dll
Description=Power management specifics such as monitor shut-off, system standby, etc. Associated with power management and is listed twice - see <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;187611" target="_blank">here</a>. Loads your selected power scheme. May not be required - depends upon whether you modify the default Control Panel -&gt; Power Options settings
Source=Paul Collins Startup list

[LoadPowerProfile]
Number=4666
Confirmed=X
Filename=Rundll.exe powerprof.dll
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-112217-2953-99" target=_blank>LOXOSCAM</a> TROJAN! Note - do not confuse with the valid LoadPowerProfile entry! Notice that the infected version uses "Rundll.exe" whereas the uninfected version uses "Rundll32.exe"
Source=Paul Collins Startup list

[LoadPowerProfile]
Number=4667
Confirmed=X
Filename=rundl.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101610-3648-99" target="_blank">TOFAZZOL</a> TROJAN! Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dll
Source=Paul Collins Startup list

[LoadPowerProfile]
Number=4668
Confirmed=X
Filename=Rundll32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010314-0257-99" target="_blank">MIROOT</a> WORM! Note - do not confuse with the valid LoadPowerProfile entry which has "powrprof.dll" appended to the command/data line
Source=Paul Collins Startup list

[LoadPowerScheme]
Number=4669
Confirmed=X
Filename=rundll32.exe powerprof.dll CheckPowerProfile
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042610-2151-99" target=_blank>Ulubione</a> adult content dialer
Source=Paul Collins Startup list

[LoadQM]
Number=4670
Confirmed=U
Filename=loadqm.exe
Description=Installed with MSN Explorer and loads the <a href="http://support.microsoft.com/default.aspx?scid=KB;EN-US;q309418" target="_blank"> MSN Queue Manager</a>. Required to enable the WU AutoUpdate feature. Note that disabling this can sometimes prevent internet sharing working on Win2K Pro SP2. Reports also suggest that removing it will re-enable internet access - hence the "users choice" recommendation. If you have problems leave it, otherwise I recommend you disable it
Source=Paul Collins Startup list

[loads.exe]
Number=4671
Confirmed=X
Filename=loads.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MediaMotor&threatid=15001" target="_blank">MediaMotor</a> adware
Source=Paul Collins Startup list

[loads.exe]
Number=4672
Confirmed=X
Filename=medload.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120718-0513-99" target="_blank">Medload</a> adware
Source=Paul Collins Startup list

[loads.exe]
Number=4673
Confirmed=X
Filename=suploads.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentbz.html" target=_blank>AGENT-BZ</a> TROJAN!

Source=Paul Collins Startup list

[LoadService]
Number=4674
Confirmed=X
Filename=Rest In Peace
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kangarooa.html" target=_blank>KANGAROO-A</a> WORM!
Source=Paul Collins Startup list

[LoadService]
Number=4675
Confirmed=X
Filename=Maaf, tempatmu bukan di sin
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkagena.html" target=_blank>KAGEN-A</a> TROJAN!
Source=Paul Collins Startup list

[LoadService]
Number=4676
Confirmed=X
Filename=Virus
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CAGER.A&VSect=P" target=_blank>CAGER.A</a> WORM!
Source=Paul Collins Startup list

[LoadSIPS]
Number=4677
Confirmed=X
Filename=rundll32.exe [path] SIPSPI32.dll, SIPSPI32
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=123Mania&threatid=14915" target=_blank>123Mania</a> adware
Source=Paul Collins Startup list

[LoadWatcher]
Number=4678
Confirmed=?
Filename=Test.exe
Description=<font color="#FF0000">Reportedly part of a webcam surveillance program that's supposed to test SMTP dialling in the event of an alert? Is this correct?</font>
Source=Paul Collins Startup list

[LoadWatcher]
Number=4679
Confirmed=X
Filename=watcher.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-010615-4526-99" target=_blank>Watcher</a> spyware
Source=Paul Collins Startup list

[loadwin]
Number=4680
Confirmed=X
Filename=winset.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassi.html" target=_blank>QQPASS-I</a> TROJAN!
Source=Paul Collins Startup list

[loadwin]
Number=4681
Confirmed=X
Filename=winsys.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassj.html" target=_blank>QQPASS-J</a> TROJAN!
Source=Paul Collins Startup list

[LoadWindowsFile]
Number=4682
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-080812-2923-99" target="_blank">DELF.B</a> TROJAN! where [filename] is the infected file
Source=Paul Collins Startup list

[Local Area Network]
Number=4683
Confirmed=X
Filename=OpenGL.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Local Authority Service]
Number=4684
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmarktmanc.html" target=_blank>AMRKTMAN-C</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[Local Internet Connection]
Number=4685
Confirmed=X
Filename=LIC.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotya.html" target= blank>SDBOT-YA</a> WORM!
Source=Paul Collins Startup list

[LOCAL INTERNET WEB DRIVERS FOR WIN32]
Number=4686
Confirmed=X
Filename=phqghume.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Local Page]
Number=4687
Confirmed=X
Filename=http://find.naupoint.com
Description=<a href="http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx" target=_blank>Naupoint</a> browser hijacker
Source=Paul Collins Startup list

[Local runole service]
Number=4688
Confirmed=X
Filename=srvc32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmalldp.html" target= blank>SMALL-DP</a> TROJAN!
Source=Paul Collins Startup list

[Local Security Authority Servce]
Number=4689
Confirmed=X
Filename=lssas.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32poebott.html" target=_blank>POEBOT-T</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process
Source=Paul Collins Startup list

[Local Security Authority Service]
Number=4690
Confirmed=X
Filename=lssas.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32poebotj.html" target= blank>POEBOT-J</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process
Source=Paul Collins Startup list

[Local Security Authority Service]
Number=4691
Confirmed=X
Filename=Isass.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-052109-2651-99" target=_blank>LINKBOT.M</a> WORM!
Source=Paul Collins Startup list

[Local Service]
Number=4692
Confirmed=X
Filename=Intenat.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojnuclearj.html" target=_blank>NUCLEAR-J</a> TROJAN!
Source=Paul Collins Startup list

[Local Service]
Number=4693
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32p2pwormt.html" target="_blank">P2PWORM-T</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Cursors" subfolder of the Windows or Winnt folder
Source=Paul Collins Startup list

[Local-Settings-of-[User Name]]
Number=4694
Confirmed=X
Filename=[User Name].exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-072109-3404-99" target="_blank">GAVGENT.A</a> WORM!
Source=Paul Collins Startup list

[LocalProxy]
Number=4695
Confirmed=U
Filename=proxy4free.exe
Description="<a href="http://proxytools.sourceforge.net/" target=_blank>ProxyTools</a> is a package of Perl network utilities designed mainly to assist those whose Internet access is censored, unreliable, or otherwise damaged. Uncensored access is provided to any outside service required (Usenet News, Web browsing, IRC, Socks etc.). Setup requires installation of Perl and some modules"

Source=Paul Collins Startup list

[LocalSystem]
Number=4696
Confirmed=X
Filename=svchost.exe
Description=<a href="http://www.sophos.com/virusinfo/analyses/ehu.html" target="_blank">EHU</a> adware. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list

[Locator Service]
Number=4697
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotky.html" target=_blank>AGOBOT-KY</a> TROJAN!
Source=Paul Collins Startup list

[Lock My PC]
Number=4698
Confirmed=U
Filename=lockpc.exe
Description=<a href="http://www.fspro.net/lock-my-pc/" target="_blank">Lock My PC</a> - a tool for quick computer locking when you leave it unattended. It shows a lock screen, disables Windows hot keys and mouse
Source=Paul Collins Startup list

[logg]
Number=4699
Confirmed=X
Filename=logo_1.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32pwfuzza.html" target="_blank">PWFUZZ-A</a> WORM!
Source=Paul Collins Startup list

[Login]
Number=4700
Confirmed=U
Filename=winlog.exe
Description=Salfeld <a href="http://www.salfeld.com/software/childcontrol/index.html" target="_blank">Child Control</a> - parental control software
Source=Paul Collins Startup list

[login]
Number=4701
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojhotworda.html" target=_blank>HOTWORD-A</a> TROJAN!
Source=Paul Collins Startup list

[Login]
Number=4702
Confirmed=X
Filename=Login.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanah.html" target=_blank>BANCBAN-AH</a> TROJAN!
Source=Paul Collins Startup list

[Login]
Number=4703
Confirmed=X
Filename=lala.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbugspra.html" target="_blank">BUGSPR-A</a> TROJAN!
Source=Paul Collins Startup list

[Login Screen Saver]
Number=4704
Confirmed=X
Filename=login.scr
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotavn.html" target=_blank>RBOT-AVN</a> WORM!
Source=Paul Collins Startup list

[Login Service]
Number=4705
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.f-secure.com/v-descs/migmaf.shtml" target="_blank">MIGMAF</a> TROJAN!
Source=Paul Collins Startup list

[LoginPassport]
Number=4706
Confirmed=X
Filename=Lgnpsp32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-071009-5318-99" target="_blank">REDIST.C</a> WORM!
Source=Paul Collins Startup list

[Logitech]
Number=4707
Confirmed=X
Filename=Logitech.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BJH&VSect=P" target=_blank>RBOT.BJH</a> WORM!
Source=Paul Collins Startup list

[Logitech Camera]
Number=4708
Confirmed=X
Filename=Soundcane.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.MUC&VSect=T" target=_blank>SDBOT.MUC</a> WORM!
Source=Paul Collins Startup list

[Logitech Desktop]
Number=4709
Confirmed=X
Filename=ApPache.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyp.html" target= blank>RBOT-YP</a> WORM!
Source=Paul Collins Startup list

[Logitech Desktop]
Number=4710
Confirmed=X
Filename=IPCONN.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwe.html" target= blank>SDBOT-WE</a> WORM!
Source=Paul Collins Startup list

[Logitech Desktop Controller]
Number=4711
Confirmed=X
Filename=wrcam.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Logitech Desktop Messenger]
Number=4712
Confirmed=N
Filename=backweb-8876480.exe
Description=Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech
Source=Paul Collins Startup list

[Logitech Desktop Messenger]
Number=4713
Confirmed=N
Filename=ldmconf.exe
Description=Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech
Source=Paul Collins Startup list

[Logitech Hardware Abstraction Layer]
Number=4714
Confirmed=U
Filename=Khalmnpr.exe
Description=Part of the Logitech Setpoint software for their wired and wireless mice and trackballs. Sets the Windows mouse sensitivity to minimum. The idea is that you will use the SetPoint Control Panel to adjust your mouse sensitivity. This setting is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, KHALMNPR sets the Windows setting to 0 so it doesn't alter the one you set in SetPoint
Source=Paul Collins Startup list

[Logitech SetPoint]
Number=4715
Confirmed=U
Filename=KEM.exe
Description=Keyboard and mouse drivers and utilities for Logitech's latest products - supersedes iTouch and MouseWare on their older products. Required if you use special features such as multimedia keys
Source=Paul Collins Startup list

[Logitech SetPoint]
Number=4716
Confirmed=U
Filename=KHALMNPR.EXE
Description=Part of the Logitech Setpoint software for their wired and wireless mice and trackballs. Sets the Windows mouse sensitivity to minimum. The idea is that you will use the SetPoint Control Panel to adjust your mouse sensitivity. This setting is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, KHALMNPR sets the Windows setting to 0 so it doesn't alter the one you set in SetPoint
Source=Paul Collins Startup list

[Logitech SetPoint]
Number=4717
Confirmed=U
Filename=Setpoint.exe
Description=Logitech SetPoint Event Manager for their range of mice and keyboards. Required if you want to use the advanced features of these devices and is located in the Logitech\Setpoint sub-folder of Program Files
Source=Paul Collins Startup list

[Logitech Utility]
Number=4718
Confirmed=U
Filename=Logi_MwX.exe
Description=Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as &quot;SmartMove&quot;. If you disable it and find you don't need it leave it disabled
Source=Paul Collins Startup list

[Logitech Wakeup]
Number=4719
Confirmed=N
Filename=lgwakeup.exe
Description=Loads at startup and monitors the scanner. When a document is inserted in the scanner the wakeup program feeds the document a fraction of a inch into the scanner and then it launches the control center software. From the control center you can select whether to fax or copy or print the scanned documents. If you uncheck the Logitech wakeup software from the startup it no longer launches the control center or feeds the document a fraction of an inch. You can manually launch the control center software via Start -&gt;Programs and still be able to scan images
Source=Paul Collins Startup list

[Logitech Wireless]
Number=4720
Confirmed=X
Filename=logitechwls.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobbs.html" target=_blank>MYTOB-BS</a> WORM!
Source=Paul Collins Startup list

[LogitechCameraAssistant]
Number=4721
Confirmed=U
Filename=CameraAssistant.exe
Description=Related to Logitech QuickCams and provides additional configuration options for these devices

Source=Paul Collins Startup list

[LogitechCameraService(E)]
Number=4722
Confirmed=U
Filename=ElkCtrl.exe
Description=Related to Logitech Camera Service and provides additional configuration options for these devices

Source=Paul Collins Startup list

[LogitechCommunicationsManager]
Number=4723
Confirmed=Y
Filename=communications_helper.exe
Description=Installed with a Logitech Quickcam Messenger and if disabled the camera will not work - at least not in the quick capture mode
Source=Paul Collins Startup list

[LogitechDesktopMessenger]
Number=4724
Confirmed=N
Filename=LogitechDesktopMessenger.exe
Description=Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech
Source=Paul Collins Startup list

[LogitechGalleryRepair]
Number=4725
Confirmed=U
Filename=ISStart.exe
Description=LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendation
Source=Paul Collins Startup list

[LogitechImageStudioTray]
Number=4726
Confirmed=N
Filename=LogiTray.exe
Description=Logitech Image Studio - installed with Logitech QuickCams
Source=Paul Collins Startup list

[LogitechQuickCamRibbon]
Number=4727
Confirmed=N
Filename=quickcam10.exe
Description=Installed with a Logitech Quickcam Messenger. Camera's software which is non-essential. When you open it, it allows you to open the quick capture, camera settings, etc
Source=Paul Collins Startup list

[Logitechs]
Number=4728
Confirmed=X
Filename=Logitechs.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=1&VName=WORM_SDBOT.BWE" target=_blank>SDBOT.BWE</a> WORM!
Source=Paul Collins Startup list

[LogitechSoftwareUpdate]
Number=4729
Confirmed=N
Filename=ManifestEngine.exe
Description=Updater, part of Logitech Image Studio - installed with Logitech QuickCam cameras

Source=Paul Collins Startup list

[LogitechVideoRepair]
Number=4730
Confirmed=U
Filename=ISStart.exe
Description=LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendation
Source=Paul Collins Startup list

[LogitechVideoTray]
Number=4731
Confirmed=N
Filename=LogiTray.exe
Description=Logitech Image Studio - installed with Logitech QuickCams
Source=Paul Collins Startup list

[LogitechVideo[inspector]]
Number=4732
Confirmed=N
Filename=InstallHelper.exe
Description=Logitech QuickCam software installation helper
Source=Paul Collins Startup list

[LogiTray]
Number=4733
Confirmed=N
Filename=LogiTray.exe
Description=Logitech Image Studio - installed with Logitech QuickCams
Source=Paul Collins Startup list

[Logi_Mwx]
Number=4734
Confirmed=U
Filename=Logi_MwX.exe
Description=Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as &quot;SmartMove&quot;. If you disable it and find you don't need it leave it disabled
Source=Paul Collins Startup list

[LogMeIn GUI]
Number=4735
Confirmed=U
Filename=LogMeInSystray.exe
Description=<a href="http://www.remotelyanywhere.com/" target=_blank>RemotelyAnywhere</a> is a remote administration and remote control solution for Windows. It allows access to the host computer via the network (the LAN, an intranet or the Internet) - and on the client side all you need is a web browser, a terminal emulator or a WAP-enabled phone
Source=Paul Collins Startup list

[LogMeIn GUI]
Number=4736
Confirmed=U
Filename=ragui.exe
Description=<a href="http://www.remotelyanywhere.com/" target=_blank>RemotelyAnywhere</a> is a remote administration and remote control solution for Windows. It allows access to the host computer via the network (the LAN, an intranet or the Internet) - and on the client side all you need is a web browser, a terminal emulator or a WAP-enabled phone
Source=Paul Collins Startup list

[Logo]
Number=4737
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderrh.html" target=_blank>DLOADER-RH</a> TROJAN!
Source=Paul Collins Startup list

[Logon Loader]
Number=4738
Confirmed=U
Filename=LogonLoader.exe
Description=<a href="http://logonloader.danielmilner.com/" target=_blank>Logon Loader</a> - customize boot & login screens
Source=Paul Collins Startup list

[Logon Loader Random]
Number=4739
Confirmed=U
Filename=LogonLoader.exe
Description=<a href="http://logonloader.danielmilner.com/" target=_blank>Logon Loader</a> - customize boot & login screens
Source=Paul Collins Startup list

[Logon.exe]
Number=4740
Confirmed=X
Filename=logon.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_ZINS.A" target="_blank">ZINS.A</a> TROJAN!
Source=Paul Collins Startup list

[LogonStudio]
Number=4741
Confirmed=U
Filename=logonstudio.exe
Description=WinCustomize <a href="http://www.stardock.com/products/logonstudio/" target="_blank">LogonStudio</a> - &quot;Allows Windows XP users to edit, change, and apply new logon screens. LogonStudio comes built with a visual editor to make it easy to create your own logons which can then be uploaded to websites to be used by others users&quot;
Source=Paul Collins Startup list

[LogService]
Number=4742
Confirmed=X
Filename=wincalc.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-051916-3739-99" target=_blank>PAPROXY</a> TROJAN!
Source=Paul Collins Startup list

[LogService]
Number=4743
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooriu.html" target=_blank>IU</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[LogService]
Number=4744
Confirmed=X
Filename=lsrss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpaproxyd.html" target="_blank">PAPROXY-D</a> TROJAN!
Source=Paul Collins Startup list

[LogWatch]
Number=4745
Confirmed=U
Filename=logwat95.exe
Description=Licensing patch for products installed on NT by Computer Associates such as eTrust. Detects and updates old versions of lic98.dll. Not required if you already have a newer version or the patch has been applied
Source=Paul Collins Startup list

[longos]
Number=4746
Confirmed=X
Filename=WIWT.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankercd.html" target=_blank>BANKER-CD</a> TROJAN!
Source=Paul Collins Startup list

[Look 'n' Stop]
Number=4747
Confirmed=Y
Filename=looknstop.exe
Description=<a href="http://www.looknstop.com/En/index2.htm">Look 'n' Stop</a> personal firewall
Source=Paul Collins Startup list

[LookNMeet]
Number=4748
Confirmed=N
Filename=Agent.exe
Description=<a href="http://217.22.55.178/rdl/lnm_v4.3/nl/index.html" target=_blank>LooknMeet</a> dating service
Source=Paul Collins Startup list

[Lookup_Sys]
Number=4749
Confirmed=X
Filename=lookupsys.exe
Description=P04n trojan
Source=Paul Collins Startup list

[Lotus Organizer EasyClip]
Number=4750
Confirmed=N
Filename=easyclip.exe
Description=&quot;The Easy Clip icon automates the collection of information from sources such as e-mail to create an Organizer address, appointment, task or Notepad page.&quot; Available via Start -> Programs
Source=Paul Collins Startup list

[Lotus QuickStart]
Number=4751
Confirmed=N
Filename=smartctr.exe
Description=Lotus central application, called SmartCenter, which runs on the Windows desktop. SmartCenter toolbar stretches across the top or, optionally, the bottom of the screen. Uses a lot of resources. Available via Start -> Programs
Source=Paul Collins Startup list

[Lotus SuiteStart]
Number=4752
Confirmed=U
Filename=suitest.exe
Description=Puts the individual Lotus components in the system tray taskbar when you start Windows. Can be disabled via MSCONFIG -&gt; Startup as &quot;Lotus SuiteStart 97 Edition&quot;. All individual components available via Start -&gt; Programs
Source=Paul Collins Startup list

[LowVersionSupport]
Number=4753
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082111-4035-99" target="_blank">LASTRAS</a> TROJAN!
Source=Paul Collins Startup list

[LPManager]
Number=4754
Confirmed=U
Filename=LPMGR.exe
Description=Part of Lenovo's IBM <a href="http://www.pc.ibm.com/ca/think/thinkvantagetech/productivitycenter.html" target="_blank">ThinkVantage Productivity Center</a> for - "guides you to a host of information and tools to help you set up, understand, maintain, and enhance your ThinkPad® notebook or ThinkCentre® desktop"
Source=Paul Collins Startup list

[Lpr]
Number=4755
Confirmed=X
Filename=Lpr123.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080616-5258-99" target=_blank>REMPSTEAL</a> password stealer TROJAN!
Source=Paul Collins Startup list

[Lpr123]
Number=4756
Confirmed=X
Filename=Lpr123.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080616-5258-99" target=_blank>REMPSTEAL</a> password stealer TROJAN!
Source=Paul Collins Startup list

[LPS]
Number=4757
Confirmed=U
Filename=Lps.exe
Description=Local Port Scanner - "With LPS you're able to check your computer for open or listening ports"
Source=Paul Collins Startup list

[LPtask]
Number=4758
Confirmed=U
Filename=lptask.exe
Description=<a href="http://www.sanegroup.com/sanegroup/lppro.html" target="_blank">Program Lock It And Protect Pro</a> - lock and protect your folders from being opened, moved or deleted
Source=Paul Collins Startup list

[LRBZ Utility 32]
Number=4759
Confirmed=X
Filename=lrbz32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotjq.html" target=_blank>AGOBOT-JQ</a> WORM!
Source=Paul Collins Startup list

[LS120 Superdisk]
Number=4760
Confirmed=N
Filename=??
Description=Supposed to accelerate transfer rate on LS-120, contributes to system lockups
Source=Paul Collins Startup list

[LSA]
Number=4761
Confirmed=X
Filename=wfdmgr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022816-2838-99" target=_blank>MYTOB.C</a> WORM!
Source=Paul Collins Startup list

[LSA]
Number=4762
Confirmed=X
Filename=lsa.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotyv.html" target=_blank>SDBOT-YV</a> WORM!
Source=Paul Collins Startup list

[LSA Service]
Number=4763
Confirmed=X
Filename=LSASS.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042116-5517-99" target= blank>AHKER.G</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target="_blank">lsass.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[lsa Services]
Number=4764
Confirmed=X
Filename=lsa2srv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32tamec.html" target=_blank>TAME-C</a> WORM!
Source=Paul Collins Startup list

[LSA Shell (Export Version)]
Number=4765
Confirmed=X
Filename=LSASS.exe
Description=Added by several variants of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AHKER.K&VSect=P" target=_blank>AHKER</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[LsaManager]
Number=4766
Confirmed=X
Filename=lsamgr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-021313-2753-99" target=_blank>BEAGLE.DR</a> WORM!
Source=Paul Collins Startup list

[lsass]
Number=4767
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-051918-1128-99" target=_blank>RATSOU.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Debug\UserMode subfolder of the Winnt or Windows folder
Source=Paul Collins Startup list

[lsass]
Number=4768
Confirmed=X
Filename=start.bat
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzcrew.html" target="_blank">ZCREW</a> TROJAN!
Source=Paul Collins Startup list

[lsass]
Number=4769
Confirmed=X
Filename=[path to lsass.exe]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010114-3236-99" target="_blank">ALADINZ.F</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target="_blank">lasss.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list

[lsass]
Number=4770
Confirmed=X
Filename=lsasrv.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102612-1249-99" target=_blank>MYDOOM.AG</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021013-2446-99" target=_blank>MYDOOM.AS</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021013-5936-99" target=_blank>MYDOOM.AU</a> WORMS!
Source=Paul Collins Startup list

[Lsass]
Number=4771
Confirmed=X
Filename=woekd.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[lsass]
Number=4772
Confirmed=X
Filename=elite***32.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-083109-1455-99" target=_blank>EliteBar</a> adware
Source=Paul Collins Startup list

[Lsass]
Number=4773
Confirmed=X
Filename=Lsass.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32alcopb.html" target=_blank>ALCOP-B</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[Lsass]
Number=4774
Confirmed=X
Filename=Lsass.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32voumita.html" target=_blank>VOUMIT-A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "mirc32" folder
Source=Paul Collins Startup list

[LsasS]
Number=4775
Confirmed=X
Filename=Sygate.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BCA" target="_blank">SDBOT.BCA</a> WORM!
Source=Paul Collins Startup list

[Lsass]
Number=4776
Confirmed=X
Filename=kavmm.exe
Description=Added by an unidentified WORM or TROJAN! NOTE - do NOT confuse with the legitimate Kaspersky antivirus module as described <a href="http://www.processlibrary.com/directory/files/kavmm/" target="_blank">here</a>. Contrary to this impostor, the legitimate file will always be located in the Kaspersky Lab folder in Program Files
Source=Paul Collins Startup list

[LSASS 32]
Number=4777
Confirmed=X
Filename=ISASS32.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32assiralc.html" target= blank>ASSIRAL-C</a> WORM!
Source=Paul Collins Startup list

[LSASS Authority]
Number=4778
Confirmed=X
Filename=lshosts32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsdbotuy.html" target= blank>SDBOT-UY</a> TROJAN!
Source=Paul Collins Startup list

[LSASS Authority]
Number=4779
Confirmed=X
Filename=lsvhosts.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BCE" target="_blank">SDBOT.BCE</a> WORM!
Source=Paul Collins Startup list

[LSASS Daemon]
Number=4780
Confirmed=X
Filename=LSASSd.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list

[lsass service]
Number=4781
Confirmed=X
Filename=lsass2.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list

[lsass16]
Number=4782
Confirmed=X
Filename=lsass16.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerbxx.html" target="_blank">BANKER-BXX</a> TROJAN!
Source=Paul Collins Startup list

[lsass2k Update]
Number=4783
Confirmed=X
Filename=lsass2k.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[LSASS32]
Number=4784
Confirmed=X
Filename=Isass32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040417-3944-99" target=_blank>KELVIR.M</a> WORM!
Source=Paul Collins Startup list

[lsass32]
Number=4785
Confirmed=X
Filename=lsass32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlydrab.html" target=_blank>LYDRA-B</a> TROJAN!
Source=Paul Collins Startup list

[lsass64BiT.exe]
Number=4786
Confirmed=X
Filename=lsass64BiT.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotck.html" target=_blank>FORBOT-CK</a> WORM!
Source=Paul Collins Startup list

[lsassig]
Number=4787
Confirmed=X
Filename=lsassig.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosec.html" target=_blank>BANCOS-EC</a> TROJAN!
Source=Paul Collins Startup list

[lsasss]
Number=4788
Confirmed=X
Filename=lsasss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojgeekmya.html" target=_blank>GEEKMY-A</a> TROJAN!
Source=Paul Collins Startup list

[lsasss.exe]
Number=4789
Confirmed=X
Filename=lsasss.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SASSER.E" target="_blank">SASSER.E</a> WORM!
Source=Paul Collins Startup list

[lsburnwatcher]
Number=4790
Confirmed=N
Filename=lsburnwatcher.exe
Description=Used for automatically updating HP programs
Source=Paul Collins Startup list

[lsess]
Number=4791
Confirmed=X
Filename=lsess.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041601-3725-99" target=_blank>SINNAKA.A</a> WORM!
Source=Paul Collins Startup list

[lsmass]
Number=4792
Confirmed=X
Filename=lsmass.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojwallopb.html" target=_blank>WALLOP-B</a> TROJAN!
Source=Paul Collins Startup list

[lsmss.exe]
Number=4793
Confirmed=X
Filename=lsmss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojproxygg.html" target=_blank>PROXY-GG</a> TROJAN!
Source=Paul Collins Startup list

[LSPFix]
Number=4794
Confirmed=U
Filename=LSPmonitor.exe
Description=eAcceleration Stop-Sign security software related. Previously not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">here</a>
Source=Paul Collins Startup list

[lspins]
Number=4795
Confirmed=X
Filename=igps.exe
Description=Reported as the VB.KC TROJAN by Kapersky Anti-Virus
Source=Paul Collins Startup list

[LSPmonitor]
Number=4796
Confirmed=U
Filename=LSPmonitor.exe
Description=eAcceleration Stop-Sign security software related. Previously not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">here</a>
Source=Paul Collins Startup list

[lssass]
Number=4797
Confirmed=X
Filename=lssas.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.RL" target=_blank>AGOBOT.RL</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process
Source=Paul Collins Startup list

[LSvr]
Number=4798
Confirmed=X
Filename=LSvr.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=PowerStrip&threatid=14844" target="_blank">PowerStrip</a> foistware. Note - this is not the same as the video tweaking utility of the same name <a href="http://www.entechtaiwan.com/util/ps.shtm" target="_blank">here</a>
Source=Paul Collins Startup list

[LT DAEMON]
Number=4799
Confirmed=Y
Filename=ltdaemon.exe
Description=Acts as a data spooler for the DSL modem (similar to a cache). Do not uncheck if the DSL modem is being used
Source=Paul Collins Startup list

[LTDMgr]
Number=4800
Confirmed=X
Filename=LTDMgr.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=PowerStrip&threatid=14844" target="_blank">PowerStrip</a> foistware. Note - this is not the same as the video tweaking utility of the same name <a href="http://www.entechtaiwan.com/util/ps.shtm" target="_blank">here</a>
Source=Paul Collins Startup list

[LTM2]
Number=4801
Confirmed=X
Filename=MSGSRV32.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.A&amp;VSect=T" target="_blank">LITMUS.A</a> TROJAN! Note - MSGSRV32.EXE in this case is in a Litmus sub-directory and is not to be confused with the valid version in C:\Windows\System
Source=Paul Collins Startup list

[LTM2]
Number=4802
Confirmed=X
Filename=MPGSRV32.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.201" target="_blank">LITMUS.201</a> TROJAN!
Source=Paul Collins Startup list

[LTM2]
Number=4803
Confirmed=X
Filename=MSGSRV320.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.C" target="_blank">LITMUS.C</a> TROJAN!
Source=Paul Collins Startup list

[LTM2]
Number=4804
Confirmed=X
Filename=winupdate.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.203">LITMUS.203</a> TROJAN!
Source=Paul Collins Startup list

[LTM2]
Number=4805
Confirmed=X
Filename=bible.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.203">LITMUS.203</a> TROJAN!

Source=Paul Collins Startup list

[LTM2]
Number=4806
Confirmed=X
Filename=winscan.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlitmusb.html" target= blank>LITMUS-B</a> TROJAN!
Source=Paul Collins Startup list

[LTM2]
Number=4807
Confirmed=X
Filename=lssas.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.203" target="_blank">LITMUS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process
Source=Paul Collins Startup list

[LTM2]
Number=4808
Confirmed=X
Filename=MSGSSV32.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_FC.C" target="_blank">FC.C</a> TROJAN!
Source=Paul Collins Startup list

[LTM2]
Number=4809
Confirmed=X
Filename=msns6
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.C" target="_blank">LITMUS.C</a> TROJAN!
Source=Paul Collins Startup list

[LTM2]
Number=4810
Confirmed=X
Filename=RundlI.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_MULTIDRP.BG" target="_blank">MULTIDRP.BG</a> TROJAN!
Source=Paul Collins Startup list

[LTM2]
Number=4811
Confirmed=X
Filename=SVCHOST32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.203B" target="_blank">LITMUS.203B</a> TROJAN!
Source=Paul Collins Startup list

[LTM2]
Number=4812
Confirmed=X
Filename=SVCHOST˙.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DROPPERFL.A" target="_blank">DROPPERFL.A</a> TROJAN!
Source=Paul Collins Startup list

[LTM2]
Number=4813
Confirmed=X
Filename=winvers16.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.ND" target="_blank">SMALL.ND</a> TROJAN!
Source=Paul Collins Startup list

[LtMoh]
Number=4814
Confirmed=U
Filename=Ltmoh.exe
Description=Modem On Hold utility - manages incoming/outgoing voice calls on a single phone line while being connected to the internet
Source=Paul Collins Startup list

[LTMSG]
Number=4815
Confirmed=Y
Filename=ltmsg.exe
Description=One of the "popular" WinModem series. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See <a href="http://modemsite.com/56k/winmodems.asp" target="_blank">here</a> for more WinModem information
Source=Paul Collins Startup list

[Lto Manager]
Number=4816
Confirmed=Y
Filename=DesktopLtoManager.exe
Description=Related to <a href="http://www.globallocate.com/" target=_blank>Global Positioning System</a> (GPS) found on HP iPAQ hw6500 unit and others

Source=Paul Collins Startup list

[LTSMMSG]
Number=4817
Confirmed=N
Filename=LTSMMSG.exe
Description=Lucent Tech. Soft Modem Messaging application - may be found on Fujitsu Lifebook, Acer and Sony Vaio notebooks, maybe others too
Source=Paul Collins Startup list

[LTSMSG]
Number=4818
Confirmed=X
Filename=Shell32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080813-1612-99" target="_blank">LEMIR.B</a> TROJAN!
Source=Paul Collins Startup list

[LTT2]
Number=4819
Confirmed=X
Filename=rundll32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagebi.html" target=_blank>LINEAGE-BI</a> TROJAN!
Source=Paul Collins Startup list

[LTWinModem1]
Number=4820
Confirmed=Y
Filename=ltmsg.exe
Description=One of the "popular" WinModem series. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See <a href="http://modemsite.com/56k/winmodems.asp" target="_blank">here</a> for more WinModem information
Source=Paul Collins Startup list

[ltwob]
Number=4821
Confirmed=X
Filename=formatsys.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030709-3841-99" target=_blank>SERFLOG.A</a> WORM!
Source=Paul Collins Startup list

[ltwob]
Number=4822
Confirmed=X
Filename=msmbw.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030709-3841-99" target=_blank>SERFLOG.A</a> WORM!
Source=Paul Collins Startup list

[ltwob]
Number=4823
Confirmed=X
Filename=serbw.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030709-3841-99" target=_blank>SERFLOG.A</a> WORM!
Source=Paul Collins Startup list

[LUGuard]
Number=4824
Confirmed=U
Filename=LUGuard.exe
Description=PC-Duo <a href="http://www.vector-networks.com/pc-duo-enterprise/remote-control.php" target=_blank>Remote Control</a> enables your help desk technicians to take instant control of any remote desktop PC at any location across the LAN, WAN or internet
Source=Paul Collins Startup list

[lup]
Number=4825
Confirmed=X
Filename=lup.exe
Description=Added by the <a href="http://virusinfo.prevx.com/pxparall.asp?PXC=361b20416169" target=_blank>IRCBOT_GEN</a> WORM!

Source=Paul Collins Startup list

[Lusetup]
Number=4826
Confirmed=Y
Filename=LUSetup.exe
Description=Symantec <a href="http://service1.symantec.com/support/sharedtech.nsf/docid/1999051911110813" target=_blank>LiveUpdate installer</a> - required to install a new version of the application. Will only run once, and the entry is automatically deleted after a reboot
Source=Paul Collins Startup list

[LVComs]
Number=4827
Confirmed=U
Filename=lvcoms.exe
Description=Lvcomm server. Related to Logitech Quick Cam - works fine without it but it is needed for the Logitech ImageStudio software to connect to the camera
Source=Paul Collins Startup list

[LVCOMSX]
Number=4828
Confirmed=N
Filename=LVCOMSX.EXE
Description=It provides extra functionality for Logitech multimedia webcam devices. When disabled the camera still works in quick capture but you can get a slight increase in picture quality - not so snowy and the movement wasn't so jerky
Source=Paul Collins Startup list

[LWBMOUSE]
Number=4829
Confirmed=U
Filename=lwbwheel.exe
Description=Mouse driver - required if you use non-standard Windows driver features
Source=Paul Collins Startup list

[LWBMOUSE]
Number=4830
Confirmed=U
Filename=MOUSE32A.EXE
Description=Mouse driver - required if you use non-standard Windows driver features
Source=Paul Collins Startup list

[Lwinst Run Profiler]
Number=4831
Confirmed=N
Filename=lwtest.exe
Description=Logitech Wingman Profiler for the Logitech joysticks. Available via Start -> Programs
Source=Paul Collins Startup list

[lwjcjuti.exe]
Number=4832
Confirmed=X
Filename=lwjcjuti.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdwnldrgtq.html" target="_blank">DWNLDR-GTQ</a> TROJAN!
Source=Paul Collins Startup list

[lxamsp32]
Number=4833
Confirmed=?
Filename=lxamsp32.exe
Description=<font color="#FF0000">Associated with a Lexmark Printer - is it required?</font>
Source=Paul Collins Startup list

[LXbbmgr]
Number=4834
Confirmed=?
Filename=LXbbmgr.exe
Description=<font color="#FF0000">Lexmark printer button manager? Is it required?</font>
Source=Paul Collins Startup list

[LXBLKsk]
Number=4835
Confirmed=?
Filename=LXBLKsk.exe
Description=Lexmark related. <font color="#FF0000">What does it do, and is it required?</font>
Source=Paul Collins Startup list

[lxbrbmgr]
Number=4836
Confirmed=Y
Filename=lxbrbmgr.exe
Description=Lexmark printer button manager. Required for correct operation

Source=Paul Collins Startup list

[LXBRKsk]
Number=4837
Confirmed=?
Filename=LXBRKsk.exe
Description=Lexmark printer related. <font color="#FF0000">What does it do and is it required?</font>

Source=Paul Collins Startup list

[LXBSCATS]
Number=4838
Confirmed=?
Filename=rundll32 [path] LXBStime.dll, _RunDLLEntry@16
Description=Related to the <a href="http://www.dltlibraries.com/dlt_libraryxpress_lxb.html" target=_blank>DLT LibraryXpressLXB</a> tape backup storage device - <font color=#FF0000>what does it do and is it required?</font>

Source=Paul Collins Startup list

[LXBTCATS]
Number=4839
Confirmed=?
Filename=rundll32 [path] LXBTtime.dll, _RunDLLEntry@16
Description=Lexmark printer related - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list

[lxbxmon.exe]
Number=4840
Confirmed=?
Filename=lxbxmon.exe
Description=Lexmark 7100 series device monitor. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list

[LXCCCATS]
Number=4841
Confirmed=?
Filename=rundll32 [path] LXCCtime.dll, _RunDLLEntry@16
Description=Lexmark printer related - <font color=#FF0000>what does it do and is it required?</font>

Source=Paul Collins Startup list

[lxccmon.exe]
Number=4842
Confirmed=U
Filename=lxccmon.exe
Description=Lexmark 3300 series printers/scanners

Source=Paul Collins Startup list

[LXCGCATS]
Number=4843
Confirmed=U
Filename=LXCGtime.dll
Description=Lexmark printing software - reports back on printer and cartridge useage

Source=Paul Collins Startup list

[lxcgmon.exe]
Number=4844
Confirmed=?
Filename=lxcgmon.exe
Description=Lexmark printer related - <font color=#FF0000>what does it do and is it required?</font>

Source=Paul Collins Startup list

[lxcrmon.exe]
Number=4845
Confirmed=?
Filename=lxcrmon.exe
Description=Lexmark 2400 series printer monitor - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list

[lxctmon.exe]
Number=4846
Confirmed=?
Filename=lxctmon.exe
Description=Lexmark 5400 series device monitor. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list

[LXSUPMON]
Number=4847
Confirmed=N
Filename=LXSUPMON.EXE
Description=Lexmark Printer. The printer should work fine without it
Source=Paul Collins Startup list

[lycosInside]
Number=4848
Confirmed=?
Filename=Lyc_SysTray.exe
Description=<a href="http://email.about.com/gi/dynamic/offsite.htm?zi=1/XJ&sdn=email&zu=http://mail.lycos.com/" target=_blank>Lycos eMail</a> related - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list

[LyraHD2TrayApp]
Number=4849
Confirmed=U
Filename=LYRAHD2TrayApp.exe
Description=Related to RCA Lyra MP3 Player
Source=Paul Collins Startup list

[LzioMediaUpdater]
Number=4850
Confirmed=X
Filename=LzioMediaUpdater.exe
Description=<a href="http://www.spywareguide.com/product_show.php?id=853" target="_blank">LZIO.com</a> adware downloader
Source=Paul Collins Startup list

[M Player Post Installer]
Number=4851
Confirmed=?
Filename=postinstallm.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[M S DVD DirectX Dll Drivers]
Number=4852
Confirmed=X
Filename=msxdl.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotbjn.html" target= blank>SDBOT-BJN</a> WORM!
Source=Paul Collins Startup list

[M-Audio Delta Taskbar Icon]
Number=4853
Confirmed=N
Filename=DeltTray.exe
Description=M-Audio Delta Control Panel for M-Audio brand Delta series audio cards. System Tray access to audio settings - available through Control Panel

Source=Paul Collins Startup list

[M-soft Office]
Number=4854
Confirmed=X
Filename=M-soft Office.hta
Description=HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site!
Source=Paul Collins Startup list

[M1cr0s0ft S3rcurity]
Number=4855
Confirmed=X
Filename=systemconfig.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BKB" target="_blank">RBOT.BKB</a> WORM!
Source=Paul Collins Startup list

[M1cr0s0ft Upd4t4zS]
Number=4856
Confirmed=X
Filename=update32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmi.html" target=_blank>RBOT-MI</a> WORM!

Source=Paul Collins Startup list

[m32info]
Number=4857
Confirmed=X
Filename=m32info.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list

[M3Tray]
Number=4858
Confirmed=N
Filename=m3tray.exe
Description=<a href="http://www.movielink.com/" target="_blank">Movielink</a> - internet movie rental System Tray access
Source=Paul Collins Startup list

[Macfee Security Patch]
Number=4859
Confirmed=X
Filename=Mpfsheild.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotnp.html" target=_blank>RBOT-NP</a> WORM!

Source=Paul Collins Startup list

[Machine Debug Manager]
Number=4860
Confirmed=U
Filename=mdm.exe
Description=Used by developers for debugging. Those who have encountered it have unchecked it with no degradation in performance. May cause your computer to "hang" if you have MS Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendatioon. Can also be listed as MDM7. See <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;321410" target="_blank"> here</a> to disable
Source=Paul Collins Startup list

[Machine Debug Manager]
Number=4861
Confirmed=X
Filename=msdn.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Machine Update Soft]
Number=4862
Confirmed=X
Filename=wusas.exe
Description=Added by an unidfentified WORM! 
Source=Paul Collins Startup list

[MacLic]
Number=4863
Confirmed=N
Filename=MacLic.exe
Description=Part of <a href="http://www.dataviz.com/products/conversionsplus/index.html" target="_blank">Conversions Plus</a> from DataViz - allowing PC and MAC owners to share disks
Source=Paul Collins Startup list

[MacName]
Number=4864
Confirmed=N
Filename=MacName.exe
Description=Part of <a href="http://www.dataviz.com/products/conversionsplus/index.html" target="_blank">Conversions Plus</a> from DataViz - allowing PC and MAC owners to share disks
Source=Paul Collins Startup list

[Macromedia 8]
Number=4865
Confirmed=X
Filename=Flash Player.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32jambua.html" target="_blank">JAMBU-A</a> WORM!
Source=Paul Collins Startup list

[Macromedia Critical Updater]
Number=4866
Confirmed=X
Filename=rarww.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Macromedia Dreamweaver XM]
Number=4867
Confirmed=X
Filename=macdwXM.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotri.html" target=_blank>AGOBOT-RI</a> WORM!
Source=Paul Collins Startup list

[Macromedia Drive]
Number=4868
Confirmed=X
Filename=Iexplor32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Macromedia Flash Update]
Number=4869
Confirmed=X
Filename=scvhost.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[MAD.EXE]
Number=4870
Confirmed=Y
Filename=MAD.EXE
Description=MAD.exe is the MS Exchange 5.5 System Attendant and can also consume a large amount of resources - resolved by the latest Exchange 5.5 Service Pack. Also part of Exchange 2000 Server but does it have the same problems?. Apparently you need to leave this running but is it needed at start-up?
Source=Paul Collins Startup list

[MadExe]
Number=4871
Confirmed=N
Filename=LaunchRA.exe
Description=Part of <a href="http://support.dell.com/support/topics/global.aspx/support/dsn/en/document?c=us&l=en&s=gen&dn=FA1033021#1" target="_blank">Dell Resolution Assistant</a> - "a diagnostic program that allows you to contact Dell. When factory-installed by Dell, it allowed you to perform hardware and software diagnostics that provided alerts to potential problems and enabled real-time communication with Dell RA techs. You can now use RA only to contact Dell by e-mail"
Source=Paul Collins Startup list

[MAFWTaskbarApp]
Number=4872
Confirmed=U
Filename=MAFWTray.exe
Description=Drivers for the M-Audio Firewire Audiophile - Interface
Source=Paul Collins Startup list

[MagicDsk]
Number=4873
Confirmed=U
Filename=MAGICDSK.EXE
Description=Magic DeskTop is a small and novel utility which will allow you the option of hiding or showing your desktop icons
Source=Paul Collins Startup list

[MagicKeyboard]
Number=4874
Confirmed=U
Filename=PreMKBD.exe
Description=Related to <a href="http://www.samsung.com/" target=_blank>Samsung</a> laptops. Provides ability to program keys to perform specific functions
Source=Paul Collins Startup list

[MagicLinker3]
Number=4875
Confirmed=U
Filename=MagicLnk.exe
Description=<a href="http://www.bangkokbest.com/So-Dictionary.htm" target="_blank">ThaiSoftware</a> Thai Dictionary
Source=Paul Collins Startup list

[Magitime]
Number=4876
Confirmed=N
Filename=Magitime.exe
Description=<a href="http://www.magistonesystems.com/magitime.htm" target="_blank">Magitime</a> - connection tracking utility which monitors online time, expense, data transfer
Source=Paul Collins Startup list

[Mail.com]
Number=4877
Confirmed=?
Filename=mcalert.exe
Description=<a href="http://mail01.mail.com/" target="_blank">Mail.com</a> - free web-mail service. <font color="#FF0000">Does mcalert.exe notify you when new mail has arrived?</font>
Source=Paul Collins Startup list

[MailBell]
Number=4878
Confirmed=U
Filename=mailbell.exe
Description=<a href="http://www.emtec.com/mailbell/" target="_blank">MailBell</a> e-mail notification tool that will notify you about new messages arrived to your mailbox. Works with both POP3 mailboxes and web-mail based systems. You should be able to set your mail system to check all accounts at regular intervals anyway if you prefer (in Outlook for instance)
Source=Paul Collins Startup list

[Mailbox Verifier]
Number=4879
Confirmed=U
Filename=mboxvrfy.exe
Description=<a href="http://www.mailutilities.com/mv/" target="_blank">Mailbox Verifier (MV)</a> is free software that will notify you about new messages arrived to your mailbox. Only works with POP3 mailboxes (not web-mail based systems). You should be able to set your mail system to check all accounts at regular intervals anyway if you prefer (in Outlook for instance)
Source=Paul Collins Startup list

[MailCleaner]
Number=4880
Confirmed=U
Filename=MAILCLEANER.EXE
Description=<a href="http://www.mailcleaner.com/main.htm" target=_blank>MailCleaner</a> "protect your computer from viruses sent to your machine via the popular e-Mail reader Incredimail. In addition the program will check all incoming files downloaded by Internet Explorer, Netscape Navigator, ICQ and iMesh". Not recommended as it bundles <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Claria.GAIN.CommonElements&threatid=5605" target=_blank>GAIN</a> adware. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
Source=Paul Collins Startup list

[mailman.exe]
Number=4881
Confirmed=X
Filename=mailman.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcertife.html" target=_blank>CERTIF-E</a> TROJAN!
Source=Paul Collins Startup list

[MailScan Dispatcher]
Number=4882
Confirmed=Y
Filename=Launch.exe
Description=MicroWorld <a href="http://www.mspl.net/" target="_blank">MailScan</a> Dispatcher splits each e-mail message into various components such as the header, body and attachment. Compressed formats (ZIP, ARJ, etc.) are scanned for viruses and cleaned
Source=Paul Collins Startup list

[Mail_Check]
Number=4883
Confirmed=X
Filename=Mail_Check.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_PANOIL.C" target="_blank">PANOIL.C</a> WORM!
Source=Paul Collins Startup list

[MAIN]
Number=4884
Confirmed=U
Filename=main.exe
Description=<a href="http://www.spycop.com/" target="_blank">SpyCop</a> surveillance software detection - checks to see when your machine was last scanned and if it was more than a week asks if you want to scan
Source=Paul Collins Startup list

[Main Executable (HP)]
Number=4885
Confirmed=?
Filename=HP05T0R5.exe
Description=<font color="#FF0000">HP (Hewlett-Packard) related. Maybe related to printers. Now - what does it do?</font>
Source=Paul Collins Startup list

[main16]
Number=4886
Confirmed=X
Filename=main16.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list

[main32]
Number=4887
Confirmed=X
Filename=main32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list

[MainStart]
Number=4888
Confirmed=X
Filename=svcmfte32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstinxa.html" target=_blank>STINX-A</a> TROJAN!
Source=Paul Collins Startup list

[mainviewex]
Number=4889
Confirmed=X
Filename=mainviewex.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=40493" target=_blank>GEMA.D</a> TROJAN!
Source=Paul Collins Startup list

[Major Microsoft Windows Driver Boot loader]
Number=4890
Confirmed=X
Filename=bpool.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041019-4940-99" target=_blank>MYTOB.AJ</a> WORM!
Source=Paul Collins Startup list

[Malware Sweeper]
Number=4891
Confirmed=U
Filename=MalSwep.exe
Description=<a href="http://www.malwaresweeper.com/" target=_blank>Malware Sweeper</a> - "Protects the user from malicious malware and monitors the sanity of the running programs"

Source=Paul Collins Startup list

[Malware-Wipe]
Number=4892
Confirmed=N
Filename=Malware-Wipe.exe
Description=Malware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[Malware-Wiped]
Number=4893
Confirmed=N
Filename=Malware-Wiped.exe
Description=Malware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[MalwareWipe]
Number=4894
Confirmed=N
Filename=MalwareWipe.exe
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[MalwareWiped]
Number=4895
Confirmed=N
Filename=MalwareWiped.exe
Description=Malware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[MalwareWiper]
Number=4896
Confirmed=N
Filename=MalwareWiper.exe
Description=Malware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[ManageDesk Lite]
Number=4897
Confirmed=U
Filename=ManageDesk Lite.exe
Description=<a href="http://www.managebytes.com/" target="_blank">ManageDesk Lite</a> from Managebytes Desktop management software. Each desktop is a separate working space for you to use
Source=Paul Collins Startup list

[ManageProtocolCtrl]
Number=4898
Confirmed=X
Filename=csmsv.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-102510-4121-99" target=_blank>LOOKSKY.B</a> TROJAN!
Source=Paul Collins Startup list

[Manager Monitor]
Number=4899
Confirmed=U
Filename=monitor.exe
Description=<a href="http://www.securesa.com" target=_blank>MindStorm AnalyzerPro</a> from Secure Associates. "A security management tool for customers easy to manage report and analyze security events across heterogeneous security devices"

Source=Paul Collins Startup list

[Managment Service]
Number=4900
Confirmed=X
Filename=[random filename]
Description=Added by the RBOT.BIS TROJAN!
Source=Paul Collins Startup list

[Mania Win Restore]
Number=4901
Confirmed=N
Filename=RESWIN.EXE
Description=Pinball Mania for Windows from 21st Century Entertainment LTD (1995). Runs briefly at start-up then terminates. Available via Start -> Programs
Source=Paul Collins Startup list

[Mantis]
Number=4902
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082212-1032-99" target="_blank">MANTIBE</a> VIRUS!
Source=Paul Collins Startup list

[MapiDrv]
Number=4903
Confirmed=X
Filename=mpisvc.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042717-2702-99" target="_blank">MIPSIV</a> TROJAN!
Source=Paul Collins Startup list

[mapisvc32]
Number=4904
Confirmed=X
Filename=mapisvc32.exe
Description=Added by the KX VIRUS and also recognised by Symantec as <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101506-0320-99" target="_blank"> FPAI</a> adware
Source=Paul Collins Startup list

[mark the service]
Number=4905
Confirmed=X
Filename=xxtra32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.APP&VSect=T" target=_blank>SDBOT.APP</a> WORM!
Source=Paul Collins Startup list

[Martini]
Number=4906
Confirmed=X
Filename=pinmart.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Mascro soft SDK updates2]
Number=4907
Confirmed=X
Filename=SDKrepair2.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BXM&VSect=P" target=_blank>SDBOT.BXM</a> WORM!
Source=Paul Collins Startup list

[masqform.exe]
Number=4908
Confirmed=N
Filename=masqform.exe
Description=PureEdge Viewer 6.0, reportedly associated with viewing and text editing US Air Force electronic forms
Source=Paul Collins Startup list

[masqform.exe]
Number=4909
Confirmed=U
Filename=masqform.exe
Description=PureEdge Viewer - provides automation framework to manage and deploy XML forms-based processes for e-business and e-government systems. PureEdge was taken over by IBM (see <a href="http://www-306.ibm.com/software/swnews/swnews.nsf/n/nhan6eerne?OpenDocument&Site=lotus" target=_blank>here</a>) and the product became <a href="http://www-128.ibm.com/developerworks/workplace/products/forms/" target=_blank>Workplace Forms</a>

Source=Paul Collins Startup list

[Mass storage check registry]
Number=4910
Confirmed=N
Filename=rundll32.exe MSDServ.dll, check registry
Description=Used with a USB based smartmedia card reader
Source=Paul Collins Startup list

[Master Card Updaate 32]
Number=4911
Confirmed=X
Filename=Mastercard32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Master Volume Spy]
Number=4912
Confirmed=U
Filename=MASTERVOLUMESPY.EXE
Description=Volume control for the Gateway Destination "DestiVu" media interface
Source=Paul Collins Startup list

[Matador]
Number=4913
Confirmed=U
Filename=mlfbuddy.exe
Description=<a href="http://www.mailfrontier.com/products_matador.html" target="_blank">MailFrontier</a> - anti-spam application
Source=Paul Collins Startup list

[Matador]
Number=4914
Confirmed=U
Filename=mantispm.exe
Description=<a href="http://www.mailfrontier.com/products_matador.html" target=_blank>MailFrontier Desktop</a> (Matador) email spam blocker software
Source=Paul Collins Startup list

[MatrixScreen]
Number=4915
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-113009-1726-99" target=_blank>MATRIXSCREEN</a> TROJAN!
Source=Paul Collins Startup list

[MatrixScreenSaver]
Number=4916
Confirmed=X
Filename=mss.exe
Description=Malware, see <a href="http://www.spywareinfo.com/forums/index.php?s=&amp;act=ST&amp;f=11&amp;t=7278" target="_blank"> here</a>
Source=Paul Collins Startup list

[Matrox Color Control]
Number=4917
Confirmed=N
Filename=hgcctl95.exe
Description=For Matrox video cards. Quick access to changing colors
Source=Paul Collins Startup list

[Matrox Control Center]
Number=4918
Confirmed=N
Filename=mgactrl.exe
Description=For Matrox video cards. Quick access to settings
Source=Paul Collins Startup list

[Matrox Diagnostic]
Number=4919
Confirmed=N
Filename=mgadiag.exe
Description=For Matrox video cards. Quick access to diagnostics
Source=Paul Collins Startup list

[Matrox Powerdesk]
Number=4920
Confirmed=N
Filename=PDesk.exe
Description=For Matrox video cards. Quick access to tweak your card to your liking
Source=Paul Collins Startup list

[Matrox PowerDesk 8]
Number=4921
Confirmed=N
Filename=Matrox.PowerDesk.exe /silent
Description=For Matrox video cards. Quick access to tweak your card to your liking
Source=Paul Collins Startup list

[Matrox QuickDesk]
Number=4922
Confirmed=N
Filename=mgaqdesk.exe
Description=For Matrox video cards. Quick access to tweak your card to your liking
Source=Paul Collins Startup list

[MAV_check]
Number=4923
Confirmed=N
Filename=mav_startupmon.exe
Description=WinAntiVirus Pro 2007 virus software - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[MaxAlerts]
Number=4924
Confirmed=X
Filename=max.exe
Description=Bonzi MaxALERT - spyware
Source=Paul Collins Startup list

[MaxtorCombo]
Number=4925
Confirmed=Y
Filename=ComboButton.exe
Description=Required to be able to use the Maxtor OneTouch button on your external Maxtor harddrive. It is used to start up backup software (Retrospect)
Source=Paul Collins Startup list

[MaxtorOneTouch]
Number=4926
Confirmed=U
Filename=OneTouch.exe
Description=Maxtor <a href="http://www.maxtor.com/portal/site/Maxtor/menuitem.6adb6b8313633595062e6be791346068/?channelpath=/en_us/Products/External" target="_blank">OneTouch</a> Hard Drives/OneTouch Family hard disk backup software
Source=Paul Collins Startup list

[MaxtorReg]
Number=4927
Confirmed=U
Filename=AUTOREG.EXE
Description=Part of SYSagent - small utility for retrieving all the hardware and software information required by anyone administering a machine and/or the network it's a part of
Source=Paul Collins Startup list

[MayaPan]
Number=4928
Confirmed=Y
Filename=MayaPan.Exe
Description=Audiotrak <a href="http://www.soundcard-drivers.com/drivers/50/50137.htm" target=_blank>Maya</a> soundcard driver
Source=Paul Collins Startup list

[mb2np]
Number=4929
Confirmed=X
Filename=[random filename]
Description=Added by the IRCBOT.TJ  WORM!
Source=Paul Collins Startup list

[MBM 4]
Number=4930
Confirmed=U
Filename=MBM4.exe
Description=Motherboard Monitor 4 - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[MBM 5]
Number=4931
Confirmed=U
Filename=MBM5.exe
Description=<a href="http://www.softpedia.com/get/System/System-Info/Motherboard-Monitor.shtml" target=_blank>Motherboard Monitor 5</a> - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start -> Programs
Source=Paul Collins Startup list

[MBMon]
Number=4932
Confirmed=?
Filename=Rundll32 CTMBHA.DLL, MBMon
Description=<a href="http://www.greatis.com/appdata/a/c/ctmbha.dll.htm" target=_blank>Creative Filter AudioControlMB Module</a> - related to the Creative Audigy line of sound cards. <font color=#FF0000>What does it do and is it required?</font>

Source=Paul Collins Startup list

[MBNet]
Number=4933
Confirmed=U
Filename=mbnet.exe
Description=MBNet (Portugal) Credit Card Processing software
Source=Paul Collins Startup list

[MBProbe]
Number=4934
Confirmed=U
Filename=mbrpobe.exe
Description=<a href="http://www.majorgeeks.com/download283.html" target="_blank">MBProbe</a> - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start -> Programs
Source=Paul Collins Startup list

[mbssm32]
Number=4935
Confirmed=U
Filename=mbssm32.exe
Description=Reported as <a href="http://sophos.com/security/analyses/microbillsystems.html" target="_blank">Micro Bill Systems</a> foistware - but not according to the company themselves, see <a href="http://www.microbillsys.com/pagecontrol.php?pgidx=CH1SEC0" target="_blank">here</a>
Source=Paul Collins Startup list

[MC]
Number=4936
Confirmed=X
Filename=wintrims.exe
Description=Added by the <a href="http://www.f-secure.com/v-descs/wintrim.shtml" target="_blank">WINTRIM</a> TROJAN!
Source=Paul Collins Startup list

[MC]
Number=4937
Confirmed=X
Filename=MAGICON.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_MAGICON.A" target=_blank>MAGICON.A</a> TROJAN!
Source=Paul Collins Startup list

[MC]
Number=4938
Confirmed=X
Filename=N/A
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112414-3016-99" target=_blank>SIMCSS</a> TROJAN!
Source=Paul Collins Startup list

[MC]
Number=4939
Confirmed=X
Filename=WINTRIM.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_WINTRIM.A" target=_blank>WINTRIM_A</a> TROJAN!
Source=Paul Collins Startup list

[McAfee]
Number=4940
Confirmed=X
Filename=McAffeAv.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NETSKY.AL&VSect=P" target=_blank>NETSKY.AL</a> WORM!
Source=Paul Collins Startup list

[mcafee]
Number=4941
Confirmed=X
Filename=Win32.dll.vbs
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32catcherb.html" target="_blank">CATCHER-B</a> WORM!
Source=Paul Collins Startup list

[Mcafee Anti Scan]
Number=4942
Confirmed=X
Filename=NortonScn.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[McAfee Antivirus]
Number=4943
Confirmed=X
Filename=McAfeeAV.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Mcafee Antivirus Monitoring System326]
Number=4944
Confirmed=X
Filename=VSStatmn326.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Mcafee Antivirus Monitoring System32mn]
Number=4945
Confirmed=X
Filename=VSStatmn32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[McAfee Antivirus Protection]
Number=4946
Confirmed=X
Filename=mcafeeAV.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Mcafee Auto Protect]
Number=4947
Confirmed=X
Filename=mcafeshield.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotuh.html" target=_blank>RBOT-UH</a> WORM!
Source=Paul Collins Startup list

[McAfee Desktop Firewall Tray]
Number=4948
Confirmed=Y
Filename=FireTray.exe
Description=<a href="http://www.mcafee.com/us/" target="_blank">McAfee</a> Desktop Firewall
Source=Paul Collins Startup list

[McAfee Firewall]
Number=4949
Confirmed=Y
Filename=CPD.EXE
Description=Firewall bundled with McAfee VirusScan 6.*.&nbsp;Can also be listed as CPD_EXE
Source=Paul Collins Startup list

[McAfee Guardian]
Number=4950
Confirmed=N
Filename=CMGRDIAN.EXE
Description=McAfee's QuickClean, an offline version of the one in their online Clinic. Normally run offline and not needed. Incidentally, incorporates more cleanup programs than the likes of WinOptimizer and System Mechanic
Source=Paul Collins Startup list

[McAfee Online virus Scanner]
Number=4951
Confirmed=X
Filename=avp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgcv.html" target="_blank">RBOT-GCV</a> WORM! Not to be confused with AOL's <a href="http://www.securitycadets.com/2006/08/aols-active-virus-shield-in-a-nutshell/" target="_blank">Active Virus Shield</a> (by Kaspersky)
Source=Paul Collins Startup list

[McAfee QuickClean Imonitor]
Number=4952
Confirmed=N
Filename=Plguni.exe
Description=<a href="http://www.mcafee.com/myapps/qc3/default.asp" target=_blank>McAfee QuickClean 3.0</a> - removes internet clutter and unwanted programs
Source=Paul Collins Startup list

[mcafee Software Intrenet]
Number=4953
Confirmed=X
Filename=mcafee.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotatr.html" target=_blank>RBOT-ATR</a> WORM! Note - this is not a valid McAfee program
Source=Paul Collins Startup list

[McAfee Windows Protection]
Number=4954
Confirmed=X
Filename=mcafee32.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[McAfee Winguage]
Number=4955
Confirmed=N
Filename=??
Description=Part of McAfee Nuts &amp; Bolts. &quot;WinGuage is a dynamic reporting tool that constantly monitors your use of Windows and your applications, to alert you to potential problems before they become serious&quot;. Resource hog. Available via Start -> Programs
Source=Paul Collins Startup list

[McAfee.InstantUpdate.Monitor]
Number=4956
Confirmed=U
Filename=RuLaunch.exe
Description=Instant Updater for McAfee's VirusScan, Internet Security, Quick Clean, Uninstaller and Firewall products. In the case of VirusScan leave it enabled unless you update manually on a regular basis
Source=Paul Collins Startup list

[McAfeeFireTray]
Number=4957
Confirmed=Y
Filename=Firetray.exe
Description=<a href="http://www.mcafee.com/us/" target="_blank">McAfee</a> Desktop Firewall
Source=Paul Collins Startup list

[McAfeeScanPlus]
Number=4958
Confirmed=X
Filename=McAfeeScanPlus.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082411-2427-99" target=_blank>MEPCOD</a> TROJAN! This trojan file does not belong to any McAfee Antivirus Software and is found in the Windows or Winnt folder
Source=Paul Collins Startup list

[McAfeeUpdaterUI]
Number=4959
Confirmed=Y
Filename=UpdaterUI.exe
Description=Associated with McAfee Enterprise 7.0.0. - background process
Source=Paul Collins Startup list

[McAfeeVirusScanService]
Number=4960
Confirmed=Y
Filename=Avsynmgr.exe
Description=From McAfee VirusScan version 5.x. Runs VirusScan System Tray (Vsstat.exe), WebScanX (Webscanx.exe), VirusScan System Scan (Vshwin32.exe) and VirusScan Console (Avconsol.exe) under one application
Source=Paul Collins Startup list

[McAfeeWebscanX]
Number=4961
Confirmed=Y
Filename=WebScanX.exe
Description=From McAfee VirusScan up to version 4.x. Provides functionality for VShield Download Scan and Internet Filter modules. Enables internet scanning. Guards against malicious ActiveX programs, etc
Source=Paul Collins Startup list

[Mcaffe Antivirus]
Number=4962
Confirmed=X
Filename=Mcafeescn.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[McAgentExe]
Number=4963
Confirmed=U
Filename=mcagent.exe
Description=From McAfee VirusScan On-line. The Agent is a red M icon that appears in the Windows system tray or Notification Area (if you're running Windows XP). If you don't see the agent icon, VirusScan Online may not be installed
Source=Paul Collins Startup list

[Mcappins.exe]
Number=4964
Confirmed=Y
Filename=mcappins.exe
Description=Used by McAfee Virusscan to perform product updates. When updates are available the program will download and install them automatically. Recommended to leave enabled
Source=Paul Collins Startup list

[MChanger]
Number=4965
Confirmed=N
Filename=MChanger.exe
Description=Media Changer - utility that allows you to change wallpapers, sounds, themes, etc
Source=Paul Collins Startup list

[McLogLch_exe]
Number=4966
Confirmed=N
Filename=McLogLch.exe
Description=Related to <a href="http://www.spyany.com/files/McLogLch_exe.html" target="_blank">McAfee</a> security suite. This is a non-essential program, but should not be disabled unless suspected to be causing problems
Source=Paul Collins Startup list

[MCM3]
Number=4967
Confirmed=X
Filename=mcm3.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076082" target= blank>ShopAtHome/SAHagent</a> adware variant
Source=Paul Collins Startup list

[McRegWiz]
Number=4968
Confirmed=?
Filename=mcregwiz.exe
Description=McAfee antivirus related. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[Mcrosoftr Update]
Number=4969
Confirmed=X
Filename=Mcrosoftr.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[McShld9x]
Number=4970
Confirmed=Y
Filename=mcshld9x.exe
Description=Part of McAfee's Virusscan Online. Must be enabled for scanning to work

Source=Paul Collins Startup list

[MCTskShd]
Number=4971
Confirmed=Y
Filename=mctskshd.exe
Description=Part of <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/mctskshd/" target=_blank>McAfee SecurityCenter</a>. Runs in the background controlling critcal updates and control antivirus related actions. This program is important for the stable and secure running of your computer

Source=Paul Collins Startup list

[McUpdateExe]
Number=4972
Confirmed=U
Filename=mcupdate.exe
Description=From McAfee VirusScan On-line. Automatically updates your virus definitions. Leave enabled unless you regularly update these definitions
Source=Paul Collins Startup list

[McVsRte]
Number=4973
Confirmed=Y
Filename=mcvsrte.exe
Description=Part of McAfee's <a href="http://us.mcafee.com/root/product.asp?productid=msc" target="_blank">SecurityCenter</a>. Must remain checked but one user reports Windows glitches with no response from McAfee as to why
Source=Paul Collins Startup list

[mcvsshld]
Number=4974
Confirmed=Y
Filename=mcvsshld.exe
Description=McAfee VirusScan On-line. See also the McAgentExe entry
Source=Paul Collins Startup list

[MCX Update]
Number=4975
Confirmed=X
Filename=wisp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqh.html" target=_blank>RBOT-AQH</a> WORM!
Source=Paul Collins Startup list

[MCX Updte]
Number=4976
Confirmed=X
Filename=scorti.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotarp.html" target=_blank>RBOT-ARP</a> WORM!
Source=Paul Collins Startup list

[MD IE Plugin]
Number=4977
Confirmed=X
Filename=md.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112314-3336-99" target= blank>Marketdart</a> spyware
Source=Paul Collins Startup list

[MD IE Plugin]
Number=4978
Confirmed=X
Filename=winy.exe
Description=Adware
Source=Paul Collins Startup list

[mdac_runonce]
Number=4979
Confirmed=N
Filename=runonce.exe
Description=Associated with MS Data Access Components (MDAC). Sometimes left over after installation - not required. NOTE :- don't delete &quot;runonce.exe&quot;.&nbsp;
Source=Paul Collins Startup list

[MDDiskProtect.exe]
Number=4980
Confirmed=N
Filename=MDDiskProtect.exe
Description=MediaFour <a href="http://www.mediafour.com/products/macdrive6/" target= blank>MacDrive</a> for Windows - easily open, edit and save files from Mac-formatted disks, format Mac disks and burn Mac CDs and DVDs!
Source=Paul Collins Startup list

[mdetect]
Number=4981
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-070410-2002-99" target="_blank">SPABOT</a> TROJAN!
Source=Paul Collins Startup list

[Mdm]
Number=4982
Confirmed=X
Filename=Mdm.vbs
Description=Added by the <a href="http://vil.nai.com/vil/content/v_99145.htm" target="_blank">WHITEHO</a> VIRUS or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2001-090709-3833-99" target="_blank">TRAPPY</a> WORM!
Source=Paul Collins Startup list

[mdm]
Number=4983
Confirmed=X
Filename=mdm.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlydraf.html" target=_blank>LYDRA-F</a> TROJAN! Note - this is not the valid Machine Debug Manager which shares the same filename
Source=Paul Collins Startup list

[MDM7]
Number=4984
Confirmed=U
Filename=mdm.exe
Description=Used by developers for debugging. Those who have encountered it have unchecked it with no degradation in performance. May cause your computer to "hang" if you have MS Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendatioon. Can also be listed as Machine Debug Manager. See <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;321410" target="_blank"> here</a> to disable
Source=Paul Collins Startup list

[Mdmdll]
Number=4985
Confirmed=X
Filename=mdmdll.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453078028" target="_blank">CRYPTER</a> TROJAN!
Source=Paul Collins Startup list

[Mdmdll32]
Number=4986
Confirmed=X
Filename=mdmdll32.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list

[MDN]
Number=4987
Confirmed=X
Filename=MDNS.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021517-1533-99" target=_blank>SPYBOT.JPB</a> WORM!
Source=Paul Collins Startup list

[MDN]
Number=4988
Confirmed=X
Filename=MDNZ.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AQD" target=_blank>RBOT.AQD</a> WORM!
Source=Paul Collins Startup list

[MDN]
Number=4989
Confirmed=X
Filename=MDN.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AOA" target="_blank">RBOT.AOA</a> WORM!
Source=Paul Collins Startup list

[mds.exe]
Number=4990
Confirmed=X
Filename=mds.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmadsa.html" target= blank>MADS-A</a> TROJAN!
Source=Paul Collins Startup list

[MDSA Sentinel X]
Number=4991
Confirmed=X
Filename=smss.exe
Description=Added by <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-021716-5932-99" target=_blank>SentinelX</a> spyware. Note - SentinelX is spyware that logs keystrokes. It also monitors and records Web sites visited and applications used. The risk can capture periodic screen shots and may be configured so as to block access to specific Web sites and chat rooms, must be manually installed. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "MDSA Software" subfolder of the Program Files folder
Source=Paul Collins Startup list

[mdwmdmsp]
Number=4992
Confirmed=X
Filename=mdwmdmsp.exe
Description=Adware - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as TrojanDownloader.Win32.Agent.am
Source=Paul Collins Startup list

[MECA]
Number=4993
Confirmed=N
Filename=Meca.exe
Description=<a href="http://www.meca.com/website/controller.php" target="_blank">Meca</a> cross-platform communications technology, branded messengers will connect with AOL, MSN, Yahoo!, and ICQ users
Source=Paul Collins Startup list

[MedGS]
Number=4994
Confirmed=X
Filename=MEDGS1.exe
Description=<a href="http://www.benedelman.org/spyware/installations/pacerd/" target=_blank>PacerD_Media/Pacimedia.com</a> adware
Source=Paul Collins Startup list

[Media Access]
Number=4995
Confirmed=X
Filename=MediaAccK.exe
Description=Windupdates <a href="http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW%5FMEDIAPAS%2EA" target="_blank">MEDIAPAS.A</a> adware
Source=Paul Collins Startup list

[Media Access]
Number=4996
Confirmed=X
Filename=MediaAccK.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpodropc.html" target=_blank>PODROP-C</a> TROJAN!
Source=Paul Collins Startup list

[Media Gateway]
Number=4997
Confirmed=X
Filename=MediaGateway.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453090677" target="_blank">180Solutions</a> adware related
Source=Paul Collins Startup list

[Media Load]
Number=4998
Confirmed=X
Filename=msn32.exe
Description=Added by a unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Media Manager Indexer]
Number=4999
Confirmed=U
Filename=AIRSVCU.EXE
Description=Part of MS Visual InterDev, Media Manager is an easy media file management system that works in conjunction with Windows Explorer. The Media Manager Indexer is a program that indexes all the information about your media files and puts it into a database
Source=Paul Collins Startup list

[Media Pass]
Number=5000
Confirmed=X
Filename=MediaPassK.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042012-0135-99" target=_blank>MediaPass</a> adware
Source=Paul Collins Startup list

[Media Pass]
Number=5001
Confirmed=X
Filename=MediaPass.exe
Description=WindUpdates <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042012-0135-99" target= blank>MediaPass</a> adware
Source=Paul Collins Startup list

[Media Player]
Number=5002
Confirmed=X
Filename=media.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfldmediaa.html" target="_blank">FLDMEDIA-A</a> TROJAN!
Source=Paul Collins Startup list

[Media Player]
Number=5003
Confirmed=X
Filename=wmplayer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotbm.html" target="_blank">AGOBOT-BM</a> WORM!
Source=Paul Collins Startup list

[Media Player]
Number=5004
Confirmed=X
Filename=Sysdll.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerbr.html" target= blank>BANKER-BR</a> TROJAN!
Source=Paul Collins Startup list

[Media Player]
Number=5005
Confirmed=X
Filename=Sysnet.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/grayware/ve_GraywareDetails.asp?GNAME=TSPY%5FBANKER%2EMW" target="_blank">BANKER.MW</a> WORM!
Source=Paul Collins Startup list

[Media Player Update]
Number=5006
Confirmed=X
Filename=xpsp1mfh.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Media Plug x.1.2]
Number=5007
Confirmed=X
Filename=msdm.exe
Description=Added by the MULDROP.352 VIRUS!
Source=Paul Collins Startup list

[Media Service]
Number=5008
Confirmed=X
Filename=msn64.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.EV" target="_blank">SPYBOT.EV</a> WORM!
Source=Paul Collins Startup list

[Media service]
Number=5009
Confirmed=X
Filename=msnmsgxr.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.TF" target="_blank">SDBOT.TF</a> WORM!
Source=Paul Collins Startup list

[Media service]
Number=5010
Confirmed=X
Filename=SYSTEM64.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.QV" target="_blank">RBOT.QV</a> WORM!
Source=Paul Collins Startup list

[Media service]
Number=5011
Confirmed=X
Filename=notpad.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list

[Media Software UPdater]
Number=5012
Confirmed=X
Filename=sscs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabe.html" target= blank>RBOT-ABE</a> WORM!
Source=Paul Collins Startup list

[Media X Services]
Number=5013
Confirmed=X
Filename=MSNGRx.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AUL" target="_blank">RBOT.AUL</a> WORM!
Source=Paul Collins Startup list

[Media-XP-Service-Pack3]
Number=5014
Confirmed=X
Filename=msnzx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotacw.html" target=_blank>SDBOT-ACW</a> WORM!
Source=Paul Collins Startup list

[MEDIA32]
Number=5015
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpurscanz.html" target=_blank>PURSCAN-Z</a> TROJAN!
Source=Paul Collins Startup list

[MediaFace Integration]
Number=5016
Confirmed=N
Filename=Sethook.exe
Description=Fellowes Neato™ cd label design software. "Launch NEATO's MediaFACE II label making software directly from the productname toolbar"
Source=Paul Collins Startup list

[Mediafour Mac Volume Notifications]
Number=5017
Confirmed=U
Filename=Macvntfy.exe
Description=<a href="http://www.mediafour.com/products/xplay/" target="_blank">Mediafour Xplay</a> - allows you to use an Apple iPod digital music player with a PC running Windows. If not used regularily start manually before connecting the iPod
Source=Paul Collins Startup list

[Mediafour XPlay Tray Notification Icon]
Number=5018
Confirmed=U
Filename=Xptryicn.exe
Description=<a href="http://www.mediafour.com/products/xplay/" target=_blank>Mediafour Xplay</a> - allows you to use an Apple iPod digital music player with a PC running Windows. If not used regularily start manually before connecting the iPod
Source=Paul Collins Startup list

[MediaKey]
Number=5019
Confirmed=U
Filename=MediaKey.exe
Description=<a href="http://www.futurepowerusa.com/support/kb_911/help/overview.htm" target="_blank">Multimedia keyboard</a> manager. Required if you use the multimedia keys
Source=Paul Collins Startup list

[MediaLifeService]
Number=5020
Confirmed=U
Filename=MediaLifeService.exe
Description=Related to <a href="http://www.logitech.com/index.cfm/products/details/US/EN,CRID=2135,CONTENTID=9340" target="_blank">MediaPlay Cordless Mouse</a> from Logitech
Source=Paul Collins Startup list

[MediaLoads]
Number=5021
Confirmed=X
Filename=dw.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=DownloadWare.MediaLoads&threatid=8419" target=_blank>Medialoads</a> adware
Source=Paul Collins Startup list

[MediaLoads Installer]
Number=5022
Confirmed=X
Filename=dw.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=DownloadWare.MediaLoads&threatid=8419" target=_blank>Medialoads</a> adware
Source=Paul Collins Startup list

[MediaMonitor]
Number=5023
Confirmed=N
Filename=Mediam~1.exe
Description=Installed by Smartdisk MVP CD burning software. Software will work fine without it
Source=Paul Collins Startup list

[mediamotor.exe]
Number=5024
Confirmed=X
Filename=mmups.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentby.html" target=_blank>AGENT-BY</a> TROJAN!

Source=Paul Collins Startup list

[MediaPath]
Number=5025
Confirmed=X
Filename=Proyecto1.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-071316-1355-99" target="_blank">GRUEL</a> WORM!
Source=Paul Collins Startup list

[MediaPath]
Number=5026
Confirmed=X
Filename=Root.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-071316-1355-99" target="_blank">GRUEL</a> WORM!
Source=Paul Collins Startup list

[MediaPipe P2P Loader]
Number=5027
Confirmed=X
Filename=mpp2pl.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453097812" target=_blank>MediaPipe</a> peer-to-peer file swapping program also <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MediaPipe/MovieLand&threatid=44525" target=_blank>reported</a> as a hijacker
Source=Paul Collins Startup list

[mediapluscash.exe]
Number=5028
Confirmed=X
Filename=mediapluscash.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=WindUpdates.MediaGateway&threatid=40218" target="_blank">MediaGateway</a> adware
Source=Paul Collins Startup list

[MediaRing Talk]
Number=5029
Confirmed=N
Filename=mrtalk.exe
Description=Media Ring Talk, voice recognition software, Resource hog. Available via Start -> Programs
Source=Paul Collins Startup list

[MediaXPServicePack]
Number=5030
Confirmed=X
Filename=mxpsp.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.CDT&VSect=T" target=_blank>SDBOT.CDT</a> WORM!
Source=Paul Collins Startup list

[media_driver]
Number=5031
Confirmed=X
Filename=media_driver.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010114-4910-99" target=_blank>TUPEG</a> VIRUS! Note - this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
Source=Paul Collins Startup list

[media_manager]
Number=5032
Confirmed=X
Filename=mediaman.exe
Description=<a target="_blank" href="http://www.mini-player.com/">Mini-Player</a>,&nbsp; IMESH related foistware, see <a target="_blank" href="http://www.spywareinfo.com/yabbse/index.php?board=10;action=display;threadid=2633;start=0#msg20371">here</a>
Source=Paul Collins Startup list

[media_stub]
Number=5033
Confirmed=X
Filename=stub.exe
Description=<a target="_blank" href="http://www.mini-player.com/">Mini-Player</a>,&nbsp; IMESH related foistware, see <a target="_blank" href="http://www.spywareinfo.com/yabbse/index.php?board=10;action=display;threadid=2633;start=0#msg20371">here</a>
Source=Paul Collins Startup list

[MedionVFD]
Number=5034
Confirmed=?
Filename=MdionLCM.exe
Description=Related to <a href="http://www.medion.de/" target="_blank">Medion</a> Display Information. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[Meeting Connection]
Number=5035
Confirmed=X
Filename=comsutil.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojppdoore.html" target= blank>PPDOOR-E</a> TROJAN!
Source=Paul Collins Startup list

[Meeting Connection]
Number=5036
Confirmed=X
Filename=wowdache.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojppdoord.html" target= blank>PPDOOR-D</a> TROJAN!
Source=Paul Collins Startup list

[Meeting Connection]
Number=5037
Confirmed=X
Filename=hgakdl32.exe
Description=Looks like a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojppdoore.html" target=_blank>PPDOOR-E</a> TROJAN!
Source=Paul Collins Startup list

[MegaPanel]
Number=5038
Confirmed=U
Filename=HSTrans.exe
Description=Homescan Internet Transporter - part of <a href="http://www2.acnielsen.com/products/cps_homescan.shtml" target=_blank>ACNielson Homescan</a>. Recognizes when the ACNielsen Homescan Scanner is attached to the computer and allows it to transmit scanner information to ACNielsen
Source=Paul Collins Startup list

[melg34]
Number=5039
Confirmed=X
Filename=mdmd.exe
Description=Added by an unidentified WORM or TROJAN - see <a href="http://www.greatis.com/appdata/d/m/mdmd.exe.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[Members area]
Number=5040
Confirmed=X
Filename=******.exe [* = random digit]
Description=Premium rate adult content dialer
Source=Paul Collins Startup list

[MemConfig]
Number=5041
Confirmed=X
Filename=SetupIE.com
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112012-0423-99" target="_blank">TAPLAK</a> WORM!
Source=Paul Collins Startup list

[Memento]
Number=5042
Confirmed=N
Filename=Memento.exe
Description=<a href="http://www.guyswithtowels.com/dev/apps/memento.html" target="_blank">Memento</a> - simple app to keep text notes on your desktop
Source=Paul Collins Startup list

[MemMonster]
Number=5043
Confirmed=U
Filename=memmnstr.exe
Description=<a href="http://www.daolnwod.com/memmonster_2923.htm" target="_blank">MemMonster</a> - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://aumha.org/win4/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
Source=Paul Collins Startup list

[MemoKit]
Number=5044
Confirmed=U
Filename=MK.EXE
Description=Memory optimizer. It loads from startup group and it goes off as soon as the program (memokit.exe) is loaded in the System Tray. Mk.exe does not run while the memokit.exe is running. Probably loads a flash screen at startup and shutdown that stays on screen less than 5 seconds and gives you a button to push to purchase the full version. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://aumha.org/win4/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
Source=Paul Collins Startup list

[memory]
Number=5045
Confirmed=X
Filename=outlookrem.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060416-5102-99" target=_blank>NOPIR.C</a> WORM!
Source=Paul Collins Startup list

[Memory Check]
Number=5046
Confirmed=X
Filename=memore.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110912-1140-99" target="_blank">KILLAV.C</a> TROJAN!
Source=Paul Collins Startup list

[Memory manager]
Number=5047
Confirmed=X
Filename=himem32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-020216-3646-99" target=_blank>MANCSYN</a> TROJAN!
Source=Paul Collins Startup list

[Memory Service]
Number=5048
Confirmed=X
Filename=freememory.exe
Description=Added by the RBOT.GEN WORM!
Source=Paul Collins Startup list

[Memory Stick Monitor]
Number=5049
Confirmed=N
Filename=MSTAT.exe
Description=Used with the Sony floppy disk adapter for memory sticks, showing if there is a stick in the computer
Source=Paul Collins Startup list

[Memory Stick Monitor]
Number=5050
Confirmed=U
Filename=MSstat.exe
Description=Sony/SmartDisk memorystick-floppydisk-adapter software - allows you to read memorysticks in a normal floppydrive
Source=Paul Collins Startup list

[Memory Watcher]
Number=5051
Confirmed=X
Filename=MemoryWatcher.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453080910" target=_blank>MemoryWatcher</a> spyware
Source=Paul Collins Startup list

[Memory+]
Number=5052
Confirmed=U
Filename=tfimemsr.exe
Description=Memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://aumha.org/win4/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
Source=Paul Collins Startup list

[MemoryBoost]
Number=5053
Confirmed=U
Filename=MemoryBoost.exe
Description=<a href="http://www.tenebril.com/consumer/memboost/" target="_blank">MemoryBoost</a> - memory optimizing program made by Tenebril Inc. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/ME. See <a href="http://aumha.org/win4/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
Source=Paul Collins Startup list

[MemoryCardManager]
Number=5054
Confirmed=U
Filename=MemCard.exe
Description=<a href="http://www.file.net/process/memcard.exe.html" target=_blank>Memory Card Manager</a> - for removable memory cards found on Dell or Lexmark photo printers

Source=Paul Collins Startup list

[MemoryMeter]
Number=5055
Confirmed=X
Filename=MemoryMeter.exe
Description=Autoinstalling spyware by <a href="http://www.totalvelocity.com/" target="_blank">Total Velocity</a>
Source=Paul Collins Startup list

[MemoryZipperPlus]
Number=5056
Confirmed=U
Filename=memzip.exe
Description=<a href="http://www.systweak.com/memzip/" target=_blank>Memory Zipper Plus</a> - "optimizes the memory management of your system and boost-up its performance amazingly!"

Source=Paul Collins Startup list

[memreader.exe]
Number=5057
Confirmed=X
Filename=memreader.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotty.html" target=_blank>AGOBOT-TY</a> WORM!
Source=Paul Collins Startup list

[MEMreaload]
Number=5058
Confirmed=X
Filename=MEMreaload.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022716-1619-99" target=_blank>LAZAR</a> TROJAN!
Source=Paul Collins Startup list

[MemScanner]
Number=5059
Confirmed=N
Filename=MemScanner.exe
Description=Part of Enigma SpyHunter - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#sh_note" target="_blank">note</a>
Source=Paul Collins Startup list

[MemTurbo]
Number=5060
Confirmed=U
Filename=memturbo.exe
Description=<a href="http://www.memturbo.com/" target="_blank">MemTurbo</a> memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://aumha.org/win4/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
Source=Paul Collins Startup list

[MenuSnap]
Number=5061
Confirmed=N
Filename=MenuSnap.exe
Description=<a href="http://www.rietta.com/menusnap/" target="_blank">MenuSnap</a> from Rietta Solutions. Utility that re-orders your Start Menu items alphabetically. You may not want this utility if you're able to do this manually by selecting Start -&gt; Programs and right-clicking and choosing &quot;Sort by Name&quot; if availabe
Source=Paul Collins Startup list

[Mercora]
Number=5062
Confirmed=N
Filename=MercoraClient.exe
Description=<a href="http://search.mercora.com/v6/_front/web.jsp" target="_blank">Mercora MusicSearch</a> "Search, find and listen to music on the world's largest jukebox, built by people just like you". Note - if you subscribe make sure you read the <a href="http://www.mercora.com/privacy.asp" target="_blank">Privacy Policy</a>
Source=Paul Collins Startup list

[Message Queuing]
Number=5063
Confirmed=X
Filename=msmqs.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120217-1031-99" target="_blank">FREEFORS</a> TROJAN!
Source=Paul Collins Startup list

[MessagerStarter Freeserve]
Number=5064
Confirmed=N
Filename=StartMessager.exe
Description=Freeserve Messenger
Source=Paul Collins Startup list

[Message_Blocker]
Number=5065
Confirmed=U
Filename=messageblock.exe
Description=<a href="http://www.ograhl.com/en/messageblocker/" target="_blank">Message Blocker</a> - &quot;prevents Outlook Express from loading images or other content from the internet without confirmation, as well as executing scripts when displaying a formatted email message&quot;
Source=Paul Collins Startup list

[Messanger]
Number=5066
Confirmed=X
Filename=trillian.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CKI" target="_blank">RBOT.CKI</a> WORM!
Source=Paul Collins Startup list

[Messanger]
Number=5067
Confirmed=X
Filename=deamon.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
Source=Paul Collins Startup list

[Messanger]
Number=5068
Confirmed=X
Filename=msgaol.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
Source=Paul Collins Startup list

[Messanger]
Number=5069
Confirmed=Y
Filename=s_menu.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
Source=Paul Collins Startup list

[Messanger]
Number=5070
Confirmed=X
Filename=browse.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
Source=Paul Collins Startup list

[Messenger]
Number=5071
Confirmed=X
Filename=messenger.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102516-2731-99" target="_blank">KUTEX</a> TROJAN!
Source=Paul Collins Startup list

[Messenger]
Number=5072
Confirmed=X
Filename=ntsubsys.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BGE&VSect=P" target=_blank>SDBOT.BGE</a> WORM!
Source=Paul Collins Startup list

[Messenger]
Number=5073
Confirmed=X
Filename=Wmsngr.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Messenger]
Number=5074
Confirmed=Y
Filename=SCANMSG.EXE
Description=<a href="http://www.quickheal.co.in/" target="_blank">AntiVirus Quick Heal</a> - virus protection
Source=Paul Collins Startup list

[Messenger Block]
Number=5075
Confirmed=X
Filename=msngrblock.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091216-0113-99" target="_blank">PATOO</a> WORM!
Source=Paul Collins Startup list

[Messenger Protocol]
Number=5076
Confirmed=X
Filename=netsender.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotacc.html" target=_blank>SDBOT-ACC</a> WORM!
Source=Paul Collins Startup list

[Messenger Service]
Number=5077
Confirmed=X
Filename=msmsgs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzb.html" target= blank>SDBOT-ZB</a> WORM!
Source=Paul Collins Startup list

[Messenger Service]
Number=5078
Confirmed=X
Filename=nvhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32jloka.html" target=_blank>JLOK-A</a> WORM!
Source=Paul Collins Startup list

[Messenger Service Updater]
Number=5079
Confirmed=X
Filename=svshost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.GC" target="_blank">MYTOB.GC</a> WORM!
Source=Paul Collins Startup list

[Messenger start-up]
Number=5080
Confirmed=X
Filename=Msgran.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100714-1840-99" target="_blank">GRAMOS</a> WORM!
Source=Paul Collins Startup list

[Messenger6]
Number=5081
Confirmed=X
Filename=command.pif
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112319-1247-99" target=_blank>INZAE.B</a> WORM!
Source=Paul Collins Startup list

[MessengerDiscovery]
Number=5082
Confirmed=U
Filename=MessengerDiscovery.exe
Description=MessengerDiscovery is a MSN Messenger add-on - adding over 70 new features. Now superseeded by <a href="http://live.msgdiscovery.com/" target="_blank">MessengerDiscovery Live</a> - with support added for Windows Live
Source=Paul Collins Startup list

[MessengerPlus]
Number=5083
Confirmed=N
Filename=MsgPlus.exe
Description=<a href="http://www.msgplus.net/" target=_blank>MessengerPlus</a> - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media <a href="http://inetexplorer.mvps.org/data/messenger_plus.htm" target=_blank>LOP</a> adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"!
Source=Paul Collins Startup list

[MessengerPlus2]
Number=5084
Confirmed=N
Filename=MsgPlus.exe
Description=<a href="http://www.msgplus.net/" target=_blank>MessengerPlus</a> - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media <a href="http://inetexplorer.mvps.org/data/messenger_plus.htm" target=_blank>LOP</a> adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"!
Source=Paul Collins Startup list

[MessengerPlus3]
Number=5085
Confirmed=N
Filename=MsgPlus.exe
Description=<a href="http://www.msgplus.net/" target=_blank>MessengerPlus</a> - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media <a href="http://inetexplorer.mvps.org/data/messenger_plus.htm" target=_blank>LOP</a> adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"!
Source=Paul Collins Startup list

[messnger]
Number=5086
Confirmed=X
Filename=[worm filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-030812-5056-99" target="_blank">DELODER</a> WORM!
Source=Paul Collins Startup list

[messnger]
Number=5087
Confirmed=X
Filename=Dvldr32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DELODER.A" target="_blank">DELODER.A</a> WORM!
Source=Paul Collins Startup list

[Metacafe]
Number=5088
Confirmed=N
Filename=MetacafeAgent.exe
Description=<a href="http://www.metacafe.com/" target=_blank>Metacafe</a> - video sharing on the web. Note - if you subscribe make sure you read the <a href="http://www.metacafe.com/privacy/" target=_blank>Privacy Policy</a>

Source=Paul Collins Startup list

[MeTaLRoCk (irc.musirc.com) has sex with printers]
Number=5089
Confirmed=X
Filename=metalrock-is-gay.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDEX.Q" target=_blank>RANDEX.Q</a> WORM!
Source=Paul Collins Startup list

[MeuPrograma]
Number=5090
Confirmed=X
Filename=accwizz.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082312-1953-99" target=_blank>RULAND.A</a> WORM!
Source=Paul Collins Startup list

[Mfc**.exe [* = random char]]
Number=5091
Confirmed=X
Filename=Mfc**.exe [* = random char]
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
Source=Paul Collins Startup list

[Mfc**32.exe [* = random char]]
Number=5092
Confirmed=X
Filename=Mfc**32.exe [* = random char]
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
Source=Paul Collins Startup list

[mfgboot]
Number=5093
Confirmed=?
Filename=??
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[mFilter]
Number=5094
Confirmed=X
Filename=MNeck.exe
Description=Added by the <a href="http://www.sophos.de/virusinfo/analyses/trojclickerag.html" target=_blank>CLICKER-AG</a> TROJAN!
Source=Paul Collins Startup list

[mfin32]
Number=5095
Confirmed=X
Filename=mfin32.exe
Description=MyFreeInternetUpdate - adware downloader
Source=Paul Collins Startup list

[MGA Hook]
Number=5096
Confirmed=?
Filename=Mgahook.exe
Description=MATROX Graphics card related. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[MGA Quickdesk]
Number=5097
Confirmed=N
Filename=MGAQDESK.EXE
Description=For Matrox video cards. Quick access to tweak your card to your liking
Source=Paul Collins Startup list

[Mgabg]
Number=5098
Confirmed=U
Filename=Mgabg.exe
Description=Matrox BIOS Guard - monitors a Matrox card's BIOS, and will reflash it when needed. Cards like the G400 have a nasty habit of losing their BIOS, especially on poor power supplies. If you make an emergency BIOS disk with the utility in their BIOS package, you can disable Mgabg.exe and just use the crash disk if/when needed
Source=Paul Collins Startup list

[mgavctrl]
Number=5099
Confirmed=Y
Filename=mgavrtcl.exe
Description=McAfee's Virus Scan Online
Source=Paul Collins Startup list

[mgavctrl]
Number=5100
Confirmed=Y
Filename=mgavrte.exe
Description=McAfee's Virus Scan Online

Source=Paul Collins Startup list

[mgavrtclexe]
Number=5101
Confirmed=Y
Filename=mgavrtcl.exe
Description=McAfee's Virus Scan Online
Source=Paul Collins Startup list

[mgavrtclexe]
Number=5102
Confirmed=Y
Filename=mgavrte.exe
Description=McAfee's Virus Scan Online

Source=Paul Collins Startup list

[MGA_CD_Install]
Number=5103
Confirmed=N
Filename=mgasetup.exe
Description=Matrox Millennium video driver. Not required once drivers installed
Source=Paul Collins Startup list

[mgmtapi]
Number=5104
Confirmed=X
Filename=mgmtapi.exe
Description=Unidentified malware
Source=Paul Collins Startup list

[MHDOGStart]
Number=5105
Confirmed=X
Filename=mhdogst.EXE
Description=Added by an unidentified VIRUS, WORM or TROJAN! A possibility is a trojan known as PENIS
Source=Paul Collins Startup list

[MHINIT]
Number=5106
Confirmed=N
Filename=MHINIT.EXE
Description=Part of the Cybermedia Clean Sweep package
Source=Paul Collins Startup list

[mhs3]
Number=5107
Confirmed=X
Filename=mhs3.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpwsalz.html" target="_blank">PWS-ALZ</a> TROJAN!
Source=Paul Collins Startup list

[Mi7sft sdce]
Number=5108
Confirmed=X
Filename=b0yz.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CWG" target="_blank">RBOT.CWG</a> WORM!
Source=Paul Collins Startup list

[Mi7sft sdce]
Number=5109
Confirmed=X
Filename=MNSQ.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.DMU" target="_blank">RBOT.DMU</a> WORM!
Source=Paul Collins Startup list

[Mi7sft sdce]
Number=5110
Confirmed=X
Filename=scorti.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp;vic-sessionid=EBk6vUvCbzJVNYvJMICK7qh2akbU9yu9HNW3y8s81UURXvxlEK1y!90955832?VId=51060" target="_blank">RBOT.ELC</a> WORM!
Source=Paul Collins Startup list

[Mickey Mouse Cereal]
Number=5111
Confirmed=X
Filename=[random filename].exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-011217-4546-99" target=_blank>RANKY.Q</a> TROJAN!
Source=Paul Collins Startup list

[Micosoft Data Core]
Number=5112
Confirmed=X
Filename=runservice.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_IRCBOT.BK" target="_blank">IRCBOT.BK</a> WORM!
Source=Paul Collins Startup list

[Micr Update]
Number=5113
Confirmed=X
Filename=soundblaster.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.NP" target="_blank">SDBOT.NP</a> WORM!
Source=Paul Collins Startup list

[Micr0s0ft Ms D0s]
Number=5114
Confirmed=X
Filename=msdx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaon.html" target=_blank>RBOT-AON</a> WORM!
Source=Paul Collins Startup list

[Micr0s0ft Upd4t4z]
Number=5115
Confirmed=X
Filename=svchost32.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=44933" target="_blank">RBOT.ALF</a> WORM!
Source=Paul Collins Startup list

[Micrcoft Exploerer]
Number=5116
Confirmed=X
Filename=spoolsal.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotakk.html" target=_blank>RBOT-AKK</a> WORM!
Source=Paul Collins Startup list

[Micrcoft Exploerer]
Number=5117
Confirmed=X
Filename=svchose.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasl.html" target=_blank>RBOT-ASL</a> WORM!
Source=Paul Collins Startup list

[Micrcoft Updat]
Number=5118
Confirmed=X
Filename=spoolsae.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaib.html" target=_blank>RBOT-AIB</a> WORM!
Source=Paul Collins Startup list

[Micrcoft Updat]
Number=5119
Confirmed=X
Filename=spoolsaex.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajm.html" target=_blank>RBOT-AJM</a> WORM!
Source=Paul Collins Startup list

[Micrcoft Updat]
Number=5120
Confirmed=X
Filename=Internet.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotana.html" target=_blank>RBOT-ANA</a> WORM!
Source=Paul Collins Startup list

[Micrcsoft Certificate Services]
Number=5121
Confirmed=X
Filename=cflmon.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfwv.html" target="_blank">RBOT-FWV</a> WORM!
Source=Paul Collins Startup list

[Micro CRC Protocol]
Number=5122
Confirmed=X
Filename=scrc32.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Micro Process]
Number=5123
Confirmed=X
Filename=appconf.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Micro Update]
Number=5124
Confirmed=X
Filename=dailin.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rboter.html" target=_blank>RBOT-ER</a> WORM!
Source=Paul Collins Startup list

[Microangelo Desktop]
Number=5125
Confirmed=N
Filename=Muamgr.exe
Description=Using <a href="http://www.microangelo.us/" target="_blank">MicroAngelo</a> On Display, you can easily select the icon images that you prefer rather than the default icons displayed by Windows. On Display provides a consistent and elegant method to customize the icon display for almost every icon on your system
Source=Paul Collins Startup list

[microAttuneDownload]
Number=5126
Confirmed=N
Filename=atmdlusr.exe
Description=Application Launcher, MS Office application. USR (US Robotics) modem auto updater. May be a sub-set of Attune
Source=Paul Collins Startup list

[MicroCQ0]
Number=5127
Confirmed=X
Filename=explorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineageak.html" target="_blank">LINEAGE-AK</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the Program Files folder
Source=Paul Collins Startup list

[MicroDialler]
Number=5128
Confirmed=U
Filename=atdialler1.exe
Description=Part of the <a href="https://www.freeserve.com/time/anytimereg/migration/?redirect=int" target="_blank">Freeserve Connection Kit</a> - changes the dial-up for Freeserve AnyTime if access problems are encountered
Source=Paul Collins Startup list

[MicroedSoft Toolbar]
Number=5129
Confirmed=X
Filename=Smoked.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaln.html" target=_blank>RBOT-ALN</a> WORM!
Source=Paul Collins Startup list

[Microfinder lptt01]
Number=5130
Confirmed=X
Filename=mcf.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "mcf" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[Microfinder ml097e]
Number=5131
Confirmed=X
Filename=mcf.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "mcf" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[Microfot Update]
Number=5132
Confirmed=X
Filename=winldx32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microft Exploerer]
Number=5133
Confirmed=X
Filename=spoolsac.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotamd.html" target=_blank>RBOT-AMD</a> WORM!
Source=Paul Collins Startup list

[Microft Update 32]
Number=5134
Confirmed=X
Filename=winssx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqs.html" target=_blank>RBOT-AQS</a> WORM!
Source=Paul Collins Startup list

[MicroLoad]
Number=5135
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082921-0607-99" target="_blank">DARBY</a> WORM!
Source=Paul Collins Startup list

[Micromedia Flash Update]
Number=5136
Confirmed=X
Filename=wdfmrg.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Micromedia Flash Update]
Number=5137
Confirmed=X
Filename=xptxt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgab.html" target="_blank">RBOT-GAB</a> WORM!
Source=Paul Collins Startup list

[Microoft Timing]
Number=5138
Confirmed=X
Filename=pupdate.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[MICROSFT ANTIVIRUS UPDATE SUPPORT]
Number=5139
Confirmed=X
Filename=[random 10-letter filename].EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqa.html" target=_blank>RBOT-AQA</a> WORM!
Source=Paul Collins Startup list

[MICROSFT ANTIVIRUS UPDATE SUPPORT]
Number=5140
Confirmed=X
Filename=MSGUPDATED.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotapz.html" target=_blank>RBOT-APZ</a> WORM!
Source=Paul Collins Startup list

[Microsft Conf 32]
Number=5141
Confirmed=X
Filename=msaconf.exe
Description=Added by the <a href="http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=53685" target="_blank">RBOT.EYA</a> WORM!
Source=Paul Collins Startup list

[Microsft Confige 32]
Number=5142
Confirmed=X
Filename=msaconfigurez.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CLC&VSect=P" target=_blank>RBOT.CLC</a> WORM!
Source=Paul Collins Startup list

[MICROSFT MX UPDATE SUPPORT]
Number=5143
Confirmed=X
Filename=taskmngrs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotauz.html" target=_blank>RBOT-AUZ</a> WORM!
Source=Paul Collins Startup list

[MICROSFT MX UPDATE SUPPORT]
Number=5144
Confirmed=X
Filename=winmx32.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ircbotfd.html" target="_blank">IRCBOT-FD</a> WORM!
Source=Paul Collins Startup list

[MICROSFT RAMA UPDATE SUPPORT]
Number=5145
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasm.html" target=_blank>RBOT-ASM</a> or <a href="http://www.sophos.com/virusinfo/analyses/w32rbotauw.html" target=_blank>RBOT-AUW</a> WORMS!
Source=Paul Collins Startup list

[MICROSFT RAMA UPDATE SUPPORT]
Number=5146
Confirmed=X
Filename=MSN32.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawj.html" target=_blank>RBOT-AWJ</a> WORM!
Source=Paul Collins Startup list

[MICROSFT RAMA UPDATE SUPPORT]
Number=5147
Confirmed=X
Filename=mtakthmyn.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotauj.html" target=_blank>RBOT-AUJ</a> WORM!
Source=Paul Collins Startup list

[Microsft Security Monitor Process]
Number=5148
Confirmed=X
Filename=cmh.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsft Security Monitor Process]
Number=5149
Confirmed=X
Filename=mssmppp.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsft Security Monitor Process]
Number=5150
Confirmed=X
Filename=mssmpp.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfub.html" target="_blank">RBOT-FUB</a> WORM!
Source=Paul Collins Startup list

[Microsft Updtes]
Number=5151
Confirmed=X
Filename=sarvice.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsft Upgraed]
Number=5152
Confirmed=X
Filename=[random filename].exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[microsft windows updates]
Number=5153
Confirmed=X
Filename=mwupdate32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=41911" target=_blank>TOXBOT/CODBOT</a> WORM!
Source=Paul Collins Startup list

[Microsof Value]
Number=5154
Confirmed=X
Filename=nmatt.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsof Windows Host]
Number=5155
Confirmed=X
Filename=svhost32.exe
Description=Added by the <a href="http://www.trendmicro.co.jp/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ADY" target=_blank>RBOT.ADY</a> WORM!
Source=Paul Collins Startup list

[Microsof Winlog Host]
Number=5156
Confirmed=X
Filename=wilogon32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.XC" target=_blank>RBOT.XC</a> WORM! 

Source=Paul Collins Startup list

[Microsofot x386 System Monitor]
Number=5157
Confirmed=X
Filename=system32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.M" target="_blank">WOOTBOT.M</a> WORM!
Source=Paul Collins Startup list

[microsoft]
Number=5158
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082710-5900-99" target="_blank">ASTEF</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100514-2403-99" target="_blank">RESPAN</a> WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list

[microsoft]
Number=5159
Confirmed=X
Filename=microsoft.hta
Description=HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site!
Source=Paul Collins Startup list

[Microsoft]
Number=5160
Confirmed=X
Filename=win32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-081910-3934-99" target=_blank>DARKMOON</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft]
Number=5161
Confirmed=X
Filename=iexplore.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqrobr.html" target=_blank>QQROB-R</a> TROJAN! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[Microsoft]
Number=5162
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojaduyoa.html" target=_blank>ADUYO-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[Microsoft]
Number=5163
Confirmed=X
Filename=wuauclt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqrobaaq.html" target="_blank">QQROB-AQ</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/wuauclt/" target="_blank">wuauclt.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[Microsoft]
Number=5164
Confirmed=X
Filename=guard.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft]
Number=5165
Confirmed=X
Filename=wcsntfy.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotaht.html" target="_blank">AGOBOT-AHT</a> WORM!
Source=Paul Collins Startup list

[Microsoft]
Number=5166
Confirmed=X
Filename=ssmss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfzf.html" target="_blank">RBOT-FZF</a> WORM!
Source=Paul Collins Startup list

[Microsoft]
Number=5167
Confirmed=X
Filename=lsass.ppf
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgaa.html" target="_blank">RBOT-GAA</a> WORM!
Source=Paul Collins Startup list

[Microsoft]
Number=5168
Confirmed=X
Filename=msvchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgaw.html" target="_blank">RBOT-GAW</a> WORM!
Source=Paul Collins Startup list

[Microsoft]
Number=5169
Confirmed=X
Filename=mixers.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotahu.html" target="_blank">AGOBOT-AHU</a> WORM!
Source=Paul Collins Startup list

[Microsoft]
Number=5170
Confirmed=X
Filename=msmsger.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft]
Number=5171
Confirmed=X
Filename=MSUPDATE.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Microsoft]
Number=5172
Confirmed=X
Filename=radnom.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgho.html" target="_blank">RBOT-GHO</a> WORM!
Source=Paul Collins Startup list

[Microsoft]
Number=5173
Confirmed=X
Filename=rtvcscan.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotggu.html" target="_blank">RBOT-GGU</a> WORM!
Source=Paul Collins Startup list

[Microsoft]
Number=5174
Confirmed=X
Filename=taskbar.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft]
Number=5175
Confirmed=X
Filename=updater.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotghp.html" target="_blank">RBOT-GHP</a> WORM!
Source=Paul Collins Startup list

[Microsoft]
Number=5176
Confirmed=X
Filename=windl32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotdcz.html" target="_blank">SDBOT-DCZ</a> WORM!
Source=Paul Collins Startup list

[Microsoft  Associates, Inc.]
Number=5177
Confirmed=X
Filename=iexplorer.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list

[Microsoft (C) HTML Application host]
Number=5178
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyb.html" target= blank>RBOT-YB</a> WORM!
Source=Paul Collins Startup list

[Microsoft (R) Windows Configuration Backup Service]
Number=5179
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-081415-2212-99" target="_blank">RANKY.X</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in either a "config", "mapping" or "security" subfolder of the Winnt or Windows folder
Source=Paul Collins Startup list

[Microsoft (R) Windows DLL Loader]
Number=5180
Confirmed=X
Filename=rundll32.exe
Description=Added by the <a href="http://www.sarc.com/avcenter/venc/data/backdoor.ranky.w.html" target="_blank">RANKY.W</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll32/" target="_blank">rundll32.exe</a> process, which is found in the Windows folder (98\ME) or the System32 folder(NT\2000\XP). This file is located in a "dll" subfolder of the Winnt or Windows folder
Source=Paul Collins Startup list

[Microsoft (R) Windows Network Latency Controller]
Number=5181
Confirmed=X
Filename=1.tmp
Description=Added by a generic password stealer TROJAN - see <a href="http://spywarefiles.prevx.com/RRDAAG28799036/SP2VC.EXE.html" target="_blank">here</a>
Source=Paul Collins Startup list

[Microsoft (R) Windows Network Latency Controller]
Number=5182
Confirmed=X
Filename=nlc.exe
Description=Added by a generic password stealer TROJAN - see <a href="http://spywarefiles.prevx.com/RRDAAG28799036/SP2VC.EXE.html" target="_blank">here</a>
Source=Paul Collins Startup list

[Microsoft (R) Windows Network Latency Controller]
Number=5183
Confirmed=X
Filename=sp2vc.exe
Description=Added by a generic password stealer TROJAN - see <a href="http://spywarefiles.prevx.com/RRDAAG28799036/SP2VC.EXE.html" target="_blank">here</a>
Source=Paul Collins Startup list

[Microsoft (R) Windows Network Security Management Service]
Number=5184
Confirmed=X
Filename=nsms.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_RANKY.LC" target="_blank">RANKY.LC</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft (R) Windows Protected Content Restoration Service]
Number=5185
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_AGENT.AGV" target="_blank">AGENT.AGV</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft (R) Windows Protocol Deployment Manager]
Number=5186
Confirmed=X
Filename=[random].tmp
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Microsoft (R) Windows TCP/IP Socket Driver]
Number=5187
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojproxydd.html" target="_blank">PROXY-DD</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft (R) Windows Update Service]
Number=5188
Confirmed=X
Filename=wuauclt.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/wuauclt/" target="_blank">wuauclt.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[Microsoft (R) Windows Vista/NT Runtime Compatibility Service]
Number=5189
Confirmed=X
Filename=nrcs.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-081415-2212-99" target="_blank">RANKY.X</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft .NET Confingurator]
Number=5190
Confirmed=X
Filename=msnconf.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[Microsoft 16Bit Update]
Number=5191
Confirmed=X
Filename=wuapdate16.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CZ" target="_blank">RBOT.CZ</a> WORM!
Source=Paul Collins Startup list

[Microsoft 64 Bit Runtime Updater]
Number=5192
Confirmed=X
Filename=wupdt64.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft ActiveX Debugger NT]
Number=5193
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosdo.html" target=_blank>BANCOS-DO</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft ADservice]
Number=5194
Confirmed=X
Filename=[random filename]
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Agent]
Number=5195
Confirmed=X
Filename=mdss32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkeylogag.html" target=_blank>KEYLOG-AG</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft ALG32 Protocol]
Number=5196
Confirmed=X
Filename=alg32.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft ALGXP Protocol]
Number=5197
Confirmed=X
Filename=alg32.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Announcement Listener]
Number=5198
Confirmed=N
Filename=Annclist.exe
Description=MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it
Source=Paul Collins Startup list

[Microsoft Ansti Update]
Number=5199
Confirmed=X
Filename=msie.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotle.html" target="_blank">RBOT-LE</a> WORM!
Source=Paul Collins Startup list

[Microsoft Anti-Spy]
Number=5200
Confirmed=X
Filename=[random filename]
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft AntiSpyware]
Number=5201
Confirmed=X
Filename=Bazzi.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AHKER.J&VSect=P" target=_blank>AHKER.J</a> WORM!
Source=Paul Collins Startup list

[Microsoft AntiSpyware]
Number=5202
Confirmed=X
Filename=KT06.pif
Description=Added by the <a href="http://virusinfo.prevx.com/pxparall.asp?PXC=85d717083566" target="_blank">IRCBOT.GEN</a> WORM!
Source=Paul Collins Startup list

[Microsoft AOL Instant Messenger]
Number=5203
Confirmed=X
Filename=MSAOL32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaai.html" target=_blank>RBOT-AAI</a> WORM!
Source=Paul Collins Startup list

[Microsoft AOL32 Protocol]
Number=5204
Confirmed=X
Filename=aol32.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Application Center]
Number=5205
Confirmed=X
Filename=mappc.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Application Manager]
Number=5206
Confirmed=X
Filename=msapl32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbropiaae.html" target=_blank>BROPIA-AE</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft AUT Update]
Number=5207
Confirmed=X
Filename=MSlti32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotx.html" target="_blank">RBOT-X</a> WORM!
Source=Paul Collins Startup list

[Microsoft AUT Update]
Number=5208
Confirmed=X
Filename=MSlti16.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.EB&VSect=T" target=_blank>RBOT.EB</a> WORM!
Source=Paul Collins Startup list

[Microsoft Authority Service]
Number=5209
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kaleld.html" target=_blank>KALEL-D</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target="_blank">lsass.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[Microsoft auto update]
Number=5210
Confirmed=X
Filename=winupdate.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021418-3605-99" target="_blank">BMBOT</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Auto Update]
Number=5211
Confirmed=X
Filename=WINHLP16.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.GY" target="_blank">RBOT.GY</a> WORM!
Source=Paul Collins Startup list

[Microsoft auto update]
Number=5212
Confirmed=Y
Filename=wuauclt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcultb.html" target="_blank">CULT-B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/wuauclt/" target="_blank">wuauclt.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[Microsoft Automatic Update Serivce]
Number=5213
Confirmed=X
Filename=msautou.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaob.html" target=_blank>RBOT-AOB</a> WORM!
Source=Paul Collins Startup list

[Microsoft Automatic Updater]
Number=5214
Confirmed=X
Filename=Explorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotsg.html" target="_blank">RBOT-SG</a> WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System32 subfolder
Source=Paul Collins Startup list

[Microsoft AutoUpdater]
Number=5215
Confirmed=X
Filename=svhost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.QG" target="_blank">RBOT.QG</a> WORM!
Source=Paul Collins Startup list

[Microsoft Bool Value]
Number=5216
Confirmed=X
Filename=MV2.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft boot system cfg32]
Number=5217
Confirmed=X
Filename=actboost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022210-2736-99" target=_blank>BROPIA.R</a> WORM!
Source=Paul Collins Startup list

[Microsoft Broadband Networking]
Number=5218
Confirmed=U
Filename=MSBNTray.exe
Description=Microsoft Broadband Networking Tray Application
Source=Paul Collins Startup list

[Microsoft Cab Manager]
Number=5219
Confirmed=X
Filename=exec.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120910-4256-99" target=_blank>Affilred</a> adware
Source=Paul Collins Startup list

[Microsoft checker]
Number=5220
Confirmed=X
Filename=MsPMSPTv.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Client]
Number=5221
Confirmed=X
Filename=mshost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotand.html" target=_blank>RBOT-AND</a> WORM!
Source=Paul Collins Startup list

[Microsoft Client Pc]
Number=5222
Confirmed=X
Filename=spoolsrv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqm.html" target=_blank>RBOT-AQM</a> WORM!
Source=Paul Collins Startup list

[Microsoft Client/Server Runtime Server Subsystem]
Number=5223
Confirmed=X
Filename=csrs.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target="_blank">AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Client/Server Runtime Server Subsystem]
Number=5224
Confirmed=X
Filename=csrssa.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Command Line]
Number=5225
Confirmed=X
Filename=wincmd.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Conf Ldr]
Number=5226
Confirmed=X
Filename=sysconf.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99" target="_blank">SDBOT</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft ConfgKeys]
Number=5227
Confirmed=X
Filename=wurmgrd32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotarx.html" target=_blank>RBOT-ARX</a> WORM!
Source=Paul Collins Startup list

[Microsoft Config]
Number=5228
Confirmed=X
Filename=msconf.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.PV" target="_blank">RBOT.PV</a> WORM!
Source=Paul Collins Startup list

[Microsoft Config]
Number=5229
Confirmed=X
Filename=MSCONF.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlg.html" target=_blank>RBOT-LG</a> WORM!
Source=Paul Collins Startup list

[Microsoft Config 32]
Number=5230
Confirmed=X
Filename=msconfigx32.exe
Description=Reported as the MSCONFIGX32 TROJAN! Possible Rbot variant
Source=Paul Collins Startup list

[Microsoft Config 32bit]
Number=5231
Confirmed=X
Filename=mscnfg32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotz.html" target=_blank>RBOT-Z</a> WORM!
Source=Paul Collins Startup list

[Microsoft Config File]
Number=5232
Confirmed=X
Filename=config.exe
Description=Added by the KILLFILES.GR TROJAN! This is malware that will attempt to delete all system dlls!
Source=Paul Collins Startup list

[Microsoft Configoration Service]
Number=5233
Confirmed=X
Filename=msconfigs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotett.html" target="_blank">RBOT-ETT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Configs 32]
Number=5234
Confirmed=X
Filename=msgconfigrs.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Configuration 35]
Number=5235
Confirmed=X
Filename=microsot1.exe
Description=Added by an unidentified <a href="http://www.greatis.com/appdata/d/m/microsot1.exe.htm" target="_blank">TROJAN</a>!
Source=Paul Collins Startup list

[Microsoft Configure 32]
Number=5236
Confirmed=X
Filename=msgconfigre.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>GAOBOT/AGOBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Connection Manager Monitor]
Number=5237
Confirmed=X
Filename=cmmon.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotakv.html" target=_blank>RBOT-AKV</a> WORM!
Source=Paul Collins Startup list

[Microsoft Control Center]
Number=5238
Confirmed=X
Filename=crtl.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotvx.html" target= blank>RBOT-VX</a> WORM!
Source=Paul Collins Startup list

[Microsoft Core Support]
Number=5239
Confirmed=X
Filename=MSxUP32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotanr.html" target=_blank>RBOT-ANR</a> WORM!
Source=Paul Collins Startup list

[Microsoft Core Support]
Number=5240
Confirmed=X
Filename=[random filename]
Description=Added by a variant of the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=RBOT&threatid=14953" target="_blank">RBOT</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Corp SQL Certificates]
Number=5241
Confirmed=X
Filename=sqlcer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32zybotc.html" target="_blank">ZYBOT-C</a> WORM!
Source=Paul Collins Startup list

[Microsoft Corp SSL Certificates]
Number=5242
Confirmed=X
Filename=windowz.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgcz.html" target="_blank">RBOT-GCZ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Corp TLS Certificates]
Number=5243
Confirmed=X
Filename=msauth.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgac.html" target="_blank">RBOT-GAC</a> WORM!
Source=Paul Collins Startup list

[Microsoft Corp Updates]
Number=5244
Confirmed=X
Filename=wupdates.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotauu.html" target=_blank>RBOT-AUU</a> WORM!
Source=Paul Collins Startup list

[Microsoft Corporaticn SQL Handler]
Number=5245
Confirmed=X
Filename=sqlhandler.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Corporation]
Number=5246
Confirmed=X
Filename=[random filename]
Description=Added by various VIRUSES, WORMS & TROJANS!
Source=Paul Collins Startup list

[Microsoft Corporation]
Number=5247
Confirmed=X
Filename=jview.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaod.html" target=_blank>RBOT-AOD</a> WORM!
Source=Paul Collins Startup list

[Microsoft Corporation SYM monitor]
Number=5248
Confirmed=X
Filename=mssym.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgdb.html" target="_blank">RBOT-GDB</a> WORM!
Source=Paul Collins Startup list

[Microsoft CPXP Protocol]
Number=5249
Confirmed=X
Filename=cpxp.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ATP" target="_blank">RBOT.ATP</a> WORM!
Source=Paul Collins Startup list

[Microsoft Crs Fix Serv]
Number=5250
Confirmed=X
Filename=wincrs.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BWF&VSect=P" target=_blank>SDBOT.BWF</a> WORM!
Source=Paul Collins Startup list

[Microsoft CSRSS32 Protocol]
Number=5251
Confirmed=X
Filename=csrss32.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft CSRSS386 Protocol]
Number=5252
Confirmed=X
Filename=csrss386.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Cvrt]
Number=5253
Confirmed=X
Filename=mscvrt32.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[Microsoft Data Helper]
Number=5254
Confirmed=X
Filename=cihost.exe
Description=Malware, possibly a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031918-3320-99" target="_blank">LINST</a> TROJAN
Source=Paul Collins Startup list

[Microsoft Data Machine]
Number=5255
Confirmed=X
Filename=csdata32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!

Source=Paul Collins Startup list

[Microsoft Database Handler]
Number=5256
Confirmed=X
Filename=mssql32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112521-1453-99" target="_blank">RANDEX.AX</a> WORM!
Source=Paul Collins Startup list

[Microsoft Datalog Application]
Number=5257
Confirmed=X
Filename=msdata.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft DDE Control]
Number=5258
Confirmed=X
Filename=wupades.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft DDEs Control]
Number=5259
Confirmed=X
Filename=Erun.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotamu.html" target=_blank>RBOT-AMU</a> WORM!
Source=Paul Collins Startup list

[Microsoft Debug Service]
Number=5260
Confirmed=X
Filename=dbgbgr.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Decryption Technology]
Number=5261
Confirmed=X
Filename=Msfenoe.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotdg.html" target=_blank>SPYBOT-DG</a> WORM!

Source=Paul Collins Startup list

[Microsoft Desktop Manager]
Number=5262
Confirmed=X
Filename=msdesk32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Dev]
Number=5263
Confirmed=X
Filename=iexplorer32.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Development Debugger]
Number=5264
Confirmed=X
Filename=msdev.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Development Services]
Number=5265
Confirmed=X
Filename=msdevelop.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfws.html" target="_blank">RBOT-FWS</a> WORM!
Source=Paul Collins Startup list

[Microsoft Device Manager]
Number=5266
Confirmed=X
Filename=msdevmgr32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-011714-4950-99" target=_blank>LATEDA.B</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Diagnostic]
Number=5267
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www3.ca.com/virusinfo/Virus.asp?ID=11532" target="_blank">ACEBOT</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Diagnostic]
Number=5268
Confirmed=X
Filename=msdiag32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotuc.html" target=_blank>RBOT-UC</a> WORM!
Source=Paul Collins Startup list

[Microsoft Digital Clock]
Number=5269
Confirmed=X
Filename=msclock.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32nackbotd.html" target="_blank">NACKBOT-D</a> WORM!
Source=Paul Collins Startup list

[Microsoft DirectX]
Number=5270
Confirmed=X
Filename=Spoolserv.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-020617-4635-99" target="_blank">DINFOR</a> WORM!
Source=Paul Collins Startup list

[Microsoft DirectX]
Number=5271
Confirmed=X
Filename=rasmngr.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft DirectX]
Number=5272
Confirmed=X
Filename=PDSched.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.CN&VSect=T" target=_blank>SDBOT.CN</a> WORM!

Source=Paul Collins Startup list

[Microsoft DirectX]
Number=5273
Confirmed=X
Filename=wuamgrd.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.MY&VSect=T" target=_blank>SDBOT.MY</a> WORM!
Source=Paul Collins Startup list

[Microsoft DirectX]
Number=5274
Confirmed=X
Filename=time123.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.MD" target="_blank">SDBOT.MD</a> WORM!
Source=Paul Collins Startup list

[Microsoft Directx]
Number=5275
Confirmed=X
Filename=directxat.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotbxf.html" target="_blank">SDBOT-BXF</a> WORM! Note - disables autostart for the SharedAccess service and deactivates the Microsoft Internet Connection Firewall (ICF)
Source=Paul Collins Startup list

[Microsoft Directx click]
Number=5276
Confirmed=X
Filename=directxclick.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotght.html" target="_blank">RBOT-GHT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Directx clicks]
Number=5277
Confirmed=X
Filename=directxclickers.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotght.html" target="_blank">RBOT-GHT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Directx push]
Number=5278
Confirmed=X
Filename=directxpushup.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotght.html" target="_blank">RBOT-GHT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Directxsp]
Number=5279
Confirmed=X
Filename=directxbt.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotght.html" target="_blank">RBOT-GHT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Directxspnew]
Number=5280
Confirmed=X
Filename=directxnew.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotght.html" target="_blank">RBOT-GHT</a> WORM!
Source=Paul Collins Startup list

[Microsoft DirktorWin]
Number=5281
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://sandbox.norman.no/live_2.html?logfile=856072" target="_blank">SPYBOT.GEN3</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft DLL]
Number=5282
Confirmed=X
Filename=fumeta.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaug.html" target=_blank>RBOT-AUG</a> WORM!
Source=Paul Collins Startup list

[Microsoft DLL Extensions]
Number=5283
Confirmed=X
Filename=SystemDll.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadv.html" target=_blank>RBOT-ADV</a> WORM!
Source=Paul Collins Startup list

[Microsoft dll Host Service]
Number=5284
Confirmed=X
Filename=wkssr.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Dll Management]
Number=5285
Confirmed=X
Filename=windll.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmt.html" target=_blank>RBOT-MT</a> WORM! 

Source=Paul Collins Startup list

[Microsoft Dll Printer Manager]
Number=5286
Confirmed=X
Filename=dllpt.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BIH&VSect=P" target=_blank>SDBOT.BIH</a> WORM!
Source=Paul Collins Startup list

[Microsoft DLL Verifier]
Number=5287
Confirmed=X
Filename=file.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaed.html" target=_blank>RBOT-AED</a> WORM!
Source=Paul Collins Startup list

[Microsoft DLL Verifier]
Number=5288
Confirmed=X
Filename=chkfile.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaoc.html" target=_blank>RBOT-AOC</a> WORM!
Source=Paul Collins Startup list

[Microsoft DLL Verifier]
Number=5289
Confirmed=X
Filename=csrssv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotatk.html" target=_blank>RBOT-ATK</a> WORM!
Source=Paul Collins Startup list

[Microsoft DLL Verifier]
Number=5290
Confirmed=X
Filename=mscon.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.EAH" target="_blank">SDBOT.EAH</a> WORM!
Source=Paul Collins Startup list

[Microsoft DLL Verifier]
Number=5291
Confirmed=X
Filename=winavguard.exe
Description=Added by the SDBOT.AAD WORM!
Source=Paul Collins Startup list

[Microsoft DLLSet32]
Number=5292
Confirmed=X
Filename=dllset32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.OZ" target="_blank">RBOT.OZ</a> WORM!
Source=Paul Collins Startup list

[Microsoft DNS Query]
Number=5293
Confirmed=X
Filename=msdns.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN" target=_blank>WOOTBOT</a> WORM!

Source=Paul Collins Startup list

[Microsoft DNSx]
Number=5294
Confirmed=X
Filename=mdnex.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotai.html" target="_blank">DELBOT-AI</a> WORM!
Source=Paul Collins Startup list

[Microsoft Document]
Number=5295
Confirmed=X
Filename=krisp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotrq.html" target=_blank>SDBOT-RQ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Domain Controller]
Number=5296
Confirmed=X
Filename=mstc.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-043016-0900-99" target="_blank">NUGACHE.A</a> WORM!
Source=Paul Collins Startup list

[Microsoft Driver]
Number=5297
Confirmed=X
Filename=faet.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Driver Control]
Number=5298
Confirmed=X
Filename=windrv.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.FW" target="_blank">SDBOT.FW</a> WORM!
Source=Paul Collins Startup list

[Microsoft Driver Manager]
Number=5299
Confirmed=X
Filename=mswindrv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotez.html" target=_blank>FORBOT-EZ</a> WORM!
Source=Paul Collins Startup list

[Microsoft driver update]
Number=5300
Confirmed=X
Filename=Mshome.exe
Description=Added by the SDBOT.BL WORM!
Source=Paul Collins Startup list

[Microsoft Drivers]
Number=5301
Confirmed=X
Filename=WSconf.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft ErgoPack]
Number=5302
Confirmed=X
Filename=wserb32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotri.html" target=_blank>RBOT-RI</a> WORM!
Source=Paul Collins Startup list

[Microsoft EV32 Service]
Number=5303
Confirmed=X
Filename=MSev32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Event Engine]
Number=5304
Confirmed=X
Filename=EvtEngn.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxv.html" target="_blank">RBOT-XV</a> WORM!
Source=Paul Collins Startup list

[Microsoft Excel]
Number=5305
Confirmed=X
Filename=msexcel.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbottq.html" target=_blank>RBOT-TQ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Excell]
Number=5306
Confirmed=X
Filename=wuamngr32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqh.html" target=_blank>RBOT-QH</a> WORM!
Source=Paul Collins Startup list

[Microsoft Executing]
Number=5307
Confirmed=X
Filename=microsoft.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.UV" target=_blank>AGOBOT.UV</a> WORM!
Source=Paul Collins Startup list

[Microsoft Explorer]
Number=5308
Confirmed=X
Filename=svapache.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotvr.html" target=_blank>RBOT-VR</a> WORM!
Source=Paul Collins Startup list

[Microsoft Explorer]
Number=5309
Confirmed=X
Filename=explorer.scr
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadh.html" target=_blank>RBOT-ADH</a> WORM!
Source=Paul Collins Startup list

[Microsoft Explorer]
Number=5310
Confirmed=X
Filename=explorer.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotacx.html" target=_blank>SDBOT-ACX</a> WORM!
Source=Paul Collins Startup list

[Microsoft explorer Update]
Number=5311
Confirmed=X
Filename=internal.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Microsoft Explorer2]
Number=5312
Confirmed=X
Filename=system.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_IRCBOT.BS" target="_blank">IRCBOT.BS</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Explorer2]
Number=5313
Confirmed=X
Filename=nome.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDEX.AA" target="_blank">RANDEX.AA</a> WORM!
Source=Paul Collins Startup list

[Microsoft Explorer2]
Number=5314
Confirmed=X
Filename=bitchbot.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.EV" target="_blank">SDBOT.EV</a> WORM!
Source=Paul Collins Startup list

[Microsoft EXPLOREXP Protocol]
Number=5315
Confirmed=X
Filename=explorexp.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Features]
Number=5316
Confirmed=X
Filename=ms32cfg.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.HO" target="_blank">RBOT.HO</a> WORM!
Source=Paul Collins Startup list

[Microsoft Features]
Number=5317
Confirmed=X
Filename=msie.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft File Demand Manager]
Number=5318
Confirmed=X
Filename=wmgrdf.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Find Fast]
Number=5319
Confirmed=X
Filename=Findfast.exe
Description=Complete utter waste of space! Part of MS Office - searches disk drives for Office file types and creates an index to make opening them easier
Source=Paul Collins Startup list

[Microsoft Firewall]
Number=5320
Confirmed=X
Filename=firewallsp2.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmc.html" target="_blank">RBOT-MC</a> WORM!
Source=Paul Collins Startup list

[MICROSOFT FIREWALL CLIENT]
Number=5321
Confirmed=Y
Filename=ISATRAY.EXE
Description=MS Internet Security and Acceleration Server - see <a href="http://www.microsoft.com/isaserver/default.mspx" target=_blank>here</a>
Source=Paul Collins Startup list

[Microsoft FixUp]
Number=5322
Confirmed=X
Filename=pevblbvr.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.DWK" target="_blank">RBOT.DWK</a> WORM!
Source=Paul Collins Startup list

[Microsoft FixUp]
Number=5323
Confirmed=X
Filename=wnpzjpuw.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Games]
Number=5324
Confirmed=X
Filename=gamemanager.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.AHQ&VSect=P" target=_blank>SPYBOT.AHQ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Generic Update Manager]
Number=5325
Confirmed=X
Filename=wupdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawc.html" target=_blank>RBOT-AWC</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Genetic Procress]
Number=5326
Confirmed=X
Filename=svchost.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Gina V Encryption]
Number=5327
Confirmed=X
Filename=MSGINAV.EXE
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[Microsoft Greetings Reminders]
Number=5328
Confirmed=N
Filename=MHPRMIND.EXE
Description=Microsoft Home Publishing greetings reminder
Source=Paul Collins Startup list

[Microsoft Greetings Workshop Reminder]
Number=5329
Confirmed=N
Filename=Gwremind.exe
Description=You really want to be reminded about somebody's birthday at the expense of resources?
Source=Paul Collins Startup list

[Microsoft Greetings  Reminder]
Number=5330
Confirmed=N
Filename=MHPRMINF.EXE
Description=You really want to be reminded about somebody's birthday at the expense of resources?
Source=Paul Collins Startup list

[Microsoft Help]
Number=5331
Confirmed=X
Filename=svh0st.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Help Support]
Number=5332
Confirmed=X
Filename=mshelp32.exe
Description=Addded by the <a href="http://www.sophos.com/virusinfo/analyses/w32kelvirbf.html" target=_blank>KELVIR-BF</a> WORM!
Source=Paul Collins Startup list

[Microsoft Help SVC]
Number=5333
Confirmed=X
Filename=msnmngr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpq.html" target="_blank">SDBOT-PQ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Help System]
Number=5334
Confirmed=X
Filename=mshelp32.exe
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list

[Microsoft Host Protocol]
Number=5335
Confirmed=X
Filename=svhost.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Hosting Service]
Number=5336
Confirmed=X
Filename=WINHOSTING.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AEV&VSect=P" target=_blank>RBOT.AEV</a> WORM!
Source=Paul Collins Startup list

[Microsoft Hosts Service]
Number=5337
Confirmed=X
Filename=Isass.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[microsoft hotmail monitor]
Number=5338
Confirmed=U
Filename=mshotmon.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobfl.html" target="_blank">MYTOB-FL</a> WORM!
Source=Paul Collins Startup list

[Microsoft Hyptertext Helper]
Number=5339
Confirmed=X
Filename=mshtha.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft IDCN]
Number=5340
Confirmed=X
Filename=mshe1p.exe
Description=Added by an unidentified TROJAN!
Source=Paul Collins Startup list

[Microsoft IE]
Number=5341
Confirmed=X
Filename=Iexplore.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotag.html" target=_blank>FORBOT-AG</a> WORM! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[Microsoft IE Execute shell]
Number=5342
Confirmed=X
Filename=IEExec.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032415-5510-99" target="_blank">ALADINZ.N</a> TROJAN!
Source=Paul Collins Startup list

[MicroSoft IE Sasser]
Number=5343
Confirmed=X
Filename=ISASS.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.MX&VSect=P" target=_blank>SDBOT.MX</a> WORM!
Source=Paul Collins Startup list

[Microsoft IIS]
Number=5344
Confirmed=X
Filename=syshost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111806-5041-99" target="_blank">FRANCETTE</a> WORM!
Source=Paul Collins Startup list

[Microsoft IIS]
Number=5345
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32francettes.html" target=_blank>FRANCETTE-S</a> WORM!
Source=Paul Collins Startup list

[Microsoft Inc.]
Number=5346
Confirmed=X
Filename=iexplorer.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list

[Microsoft Incroporate]
Number=5347
Confirmed=X
Filename=mfs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotanf.html" target=_blank>RBOT-ANF</a> WORM!
Source=Paul Collins Startup list

[Microsoft Inet Xp..]
Number=5348
Confirmed=X
Filename=teekids.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081312-1554-99" target="_blank">BLASTER.C</a> WORM!
Source=Paul Collins Startup list

[Microsoft Installshield]
Number=5349
Confirmed=X
Filename=nundll32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotahz.html" target="_blank">AGOBOT-AHZ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Instant Messenger]
Number=5350
Confirmed=X
Filename=msngmsngr32.exe
Description=Added by the <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=24975" target=_blank>SPYBOTER.GEN</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Int Service]
Number=5351
Confirmed=X
Filename=MsIntSrv.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Intellitype Pro]
Number=5352
Confirmed=U
Filename=speedkey.exe
Description=Additional keyboard shortcuts on MS programmable keyboard
Source=Paul Collins Startup list

[Microsoft Internal AntiVirus Systems]
Number=5353
Confirmed=X
Filename=dIlhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaev.html" target=_blank>RBOT-AEV</a> WORM!
Source=Paul Collins Startup list

[Microsoft Internet]
Number=5354
Confirmed=X
Filename=expl0rer.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Internet]
Number=5355
Confirmed=X
Filename=windows32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotf.html" target="_blank">SDBOT-F</a> WORM!
Source=Paul Collins Startup list

[Microsoft Internet]
Number=5356
Confirmed=X
Filename=wincfg16.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Internet Acceleration Utility]
Number=5357
Confirmed=X
Filename=iau.exe
Description=<a href="http://sarc.com/avcenter/venc/data/adware.easysearch.html" target=_blank>EasySearch</a> adware
Source=Paul Collins Startup list

[Microsoft Internet Acceleration Utility]
Number=5358
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentcx.html" target= blank>AGENT-CX</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Internet Acceleration Utility]
Number=5359
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmutsrcha.html" target=_blank>SMUTSRCH-A</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Internet Exp]
Number=5360
Confirmed=X
Filename=iiexplorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotkx.html" target="_blank">RBOT-KX</a> WORM!
Source=Paul Collins Startup list

[Microsoft Internet Explorer]
Number=5361
Confirmed=X
Filename=iexplore.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32poebotj.html" target=_blank>POEBOT-J</a> WORM! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[Microsoft Internet Explorer]
Number=5362
Confirmed=X
Filename=iexplorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxn.html" target= blank>SDBOT-XN</a> WORM!
Source=Paul Collins Startup list

[Microsoft Internet Explorer]
Number=5363
Confirmed=X
Filename=crsys32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.UZ&VSect=P" target=_blank>RBOT.UZ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Internet Explorer]
Number=5364
Confirmed=X
Filename=movies.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosdz.html" target=_blank>BANCOS-DZ</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Internet Explorer]
Number=5365
Confirmed=X
Filename=svzhost.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Internet Explorer]
Number=5366
Confirmed=X
Filename=mccagent.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderud.html" target=_blank>DLOADER-UD</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Internet Explorer]
Number=5367
Confirmed=X
Filename=sysini.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfln.html" target=_blank>DELF-LN</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Internet Explorer]
Number=5368
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotak.html" target=_blank>IRCBOT-AK</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "drivers" subfolder
Source=Paul Collins Startup list

[Microsoft Internet Explorer]
Number=5369
Confirmed=X
Filename=lEXPLORE.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotamm.html" target="_blank">RBOT-AMM</a> WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer
Source=Paul Collins Startup list

[Microsoft Internet Firewall Manager]
Number=5370
Confirmed=X
Filename=GMT16.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112118-0413-99" target="_blank">RANDEX.AT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Internet Services]
Number=5371
Confirmed=X
Filename=Smss32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.MS" target="_blank">RBOT.MS</a> WORM!
Source=Paul Collins Startup list

[Microsoft Intrenet Explorer]
Number=5372
Confirmed=X
Filename=goaw.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotapi.html" target=_blank>RBOT-API</a> WORM!
Source=Paul Collins Startup list

[Microsoft Intrenet Explorer]
Number=5373
Confirmed=X
Filename=Soundsyst.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqu.html" target=_blank>RBOT-AQU</a> WORM!
Source=Paul Collins Startup list

[Microsoft Intrenet Explorer]
Number=5374
Confirmed=X
Filename=cnsg.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaro.html" target=_blank>RBOT-ARO</a> WORM!
Source=Paul Collins Startup list

[Microsoft Intrenet Explorer]
Number=5375
Confirmed=X
Filename=wcumrg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotafd.html" target=_blank>SDBOT-AFD</a> WORM!
Source=Paul Collins Startup list

[Microsoft IPC]
Number=5376
Confirmed=X
Filename=system.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-090916-5835-99" target="_blank">NULLBOT</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft IPC]
Number=5377
Confirmed=X
Filename=svshost.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[Microsoft IT Update]
Number=5378
Confirmed=X
Filename=win64.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.GA" target="_blank">RBOT.GA</a> WORM!
Source=Paul Collins Startup list

[Microsoft IT Update]
Number=5379
Confirmed=X
Filename=[random filename]
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft IT Update]
Number=5380
Confirmed=X
Filename=IEserv.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft IT Update]
Number=5381
Confirmed=X
Filename=msupdate.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft IT Update]
Number=5382
Confirmed=X
Filename=winn43.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft IT Update]
Number=5383
Confirmed=X
Filename=svchsst.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotdh.html" target=_blank>RBOT-DH</a> WORM!
Source=Paul Collins Startup list

[Microsoft IT Update]
Number=5384
Confirmed=X
Filename=win43.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotsa.html" target=_blank>RBOT-SA</a> WORM!
Source=Paul Collins Startup list

[Microsoft IT Update]
Number=5385
Confirmed=X
Filename=windows.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotjm.html" target=_blank>RBOT-GL</a> WORM!
Source=Paul Collins Startup list

[Microsoft IT Update]
Number=5386
Confirmed=X
Filename=winsyst32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfc.html" target=_blank>RBOT-FC</a> WORM!
Source=Paul Collins Startup list

[Microsoft Java Virtual Machine]
Number=5387
Confirmed=X
Filename=winscr32.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN" target=_blank>WOOTBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Java Virtual Machine]
Number=5388
Confirmed=X
Filename=MsConfiG.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotdv.html" target=_blank>FORBOT-DV</a> WORM!
Source=Paul Collins Startup list

[Microsoft Java Virtual Machine]
Number=5389
Confirmed=X
Filename=msjvm.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Java Virtual Machine]
Number=5390
Confirmed=X
Filename=javavm.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Java Windows Update]
Number=5391
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotdz.html" target=_blank>RBOT-DZ</a> WORM!
Source=Paul Collins Startup list

[Microsoft JavaVM]
Number=5392
Confirmed=X
Filename=msjarun.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotjw.html" target="_blank">RBOT-JW</a> WORM!
Source=Paul Collins Startup list

[Microsoft Kernel]
Number=5393
Confirmed=X
Filename=Windows_kernel32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102522-4640-99" target=_blank>NETSKY.AE</a> WORM!
Source=Paul Collins Startup list

[Microsoft LAN32 Protocol]
Number=5394
Confirmed=X
Filename=lanXp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotss.html" target= blank>RBOT-SS</a> WORM!
Source=Paul Collins Startup list

[Microsoft Lmhosting Service]
Number=5395
Confirmed=X
Filename=lmhosts.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotrc.html" target=_blank>RBOT-RC</a> WORM!
Source=Paul Collins Startup list

[Microsoft Locals 332]
Number=5396
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotku.html" target="_blank">RBOT-KU</a> WORM!
Source=Paul Collins Startup list

[Microsoft Login]
Number=5397
Confirmed=X
Filename=winlogin.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajp.html" target=_blank>RBOT-AJP</a> WORM!
Source=Paul Collins Startup list

[Microsoft LSA layer]
Number=5398
Confirmed=X
Filename=MSLSA32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotakz.html" target=_blank>RBOT-AKZ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Lsass Center]
Number=5399
Confirmed=X
Filename=Isass.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Lsass Center]
Number=5400
Confirmed=X
Filename=telecomes.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft LSASS386 Protocol]
Number=5401
Confirmed=X
Filename=scvhost32.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft LV]
Number=5402
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorbdl.html" target= blank>BDL</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Machine]
Number=5403
Confirmed=X
Filename=winjava.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Machine Script]
Number=5404
Confirmed=X
Filename=iexplorersis.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotcmh.html" target="_blank">RBOT-CMH</a> WORM!
Source=Paul Collins Startup list

[Microsoft Macro Protection SubSsy]
Number=5405
Confirmed=X
Filename=msacroprots386.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpn.html" target="_blank">RBOT-KE</a> WORM!
Source=Paul Collins Startup list

[Microsoft Macro Protection Subsystems]
Number=5406
Confirmed=X
Filename=msmacroprotxz.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Macro Protection Subsystems]
Number=5407
Confirmed=X
Filename=Msmacroprot32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.KN" target=_blank>RBOT.KN</a> WORM!

Source=Paul Collins Startup list

[Microsoft Management]
Number=5408
Confirmed=X
Filename=lmas.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotcz.html" target=_blank>FORBOT-CZ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Management Console]
Number=5409
Confirmed=X
Filename=lssas.exe
Description=<a href="http://sarc.com/avcenter/venc/data/adware.easysearch.html" target=_blank>EasySearch</a> adware
Source=Paul Collins Startup list

[Microsoft Management Console]
Number=5410
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmutsrcha.html" target=_blank>SMUTSRCH-A</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Management Console]
Number=5411
Confirmed=X
Filename=lssas1.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadrawd.html" target="_blank">DLOADR-AWD</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Manager]
Number=5412
Confirmed=X
Filename=msmanager.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.LF&VSect=P" target=_blank>MYTOB.LF</a> WORM!
Source=Paul Collins Startup list

[Microsoft Map PC]
Number=5413
Confirmed=X
Filename=mappc.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Mapped PC]
Number=5414
Confirmed=X
Filename=mappedpc.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft media]
Number=5415
Confirmed=X
Filename=winmplayers.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Media player 9]
Number=5416
Confirmed=X
Filename=msmedia32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotado.html" target=_blank>RBOT-ADO</a> WORM!
Source=Paul Collins Startup list

[Microsoft media services]
Number=5417
Confirmed=X
Filename=Iassd.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target="_blank">AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft media services]
Number=5418
Confirmed=X
Filename=winmplayer.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ZO" target="_blank">RBOT.ZO</a> WORM!
Source=Paul Collins Startup list

[Microsoft MediaScope]
Number=5419
Confirmed=X
Filename=winmes.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxu.html" target=_blank>RBOT-XU</a> WORM!
Source=Paul Collins Startup list

[Microsoft Message Machine]
Number=5420
Confirmed=X
Filename=msmesg32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.BI" target=_blank>SPYBOT.BI</a> WORM!
Source=Paul Collins Startup list

[Microsoft Messenger Management Controls]
Number=5421
Confirmed=X
Filename=msmgmctl.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotapa.html" target=_blank>RBOT-APA</a> WORM!
Source=Paul Collins Startup list

[Microsoft Messenger Service]
Number=5422
Confirmed=X
Filename=msmsg32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BOK&VSect=P" target=_blank>RBOT.BOK</a> WORM!
Source=Paul Collins Startup list

[Microsoft Messenger XP]
Number=5423
Confirmed=X
Filename=MSMSN32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotzp.html" target=_blank>RBOT-ZP</a> WORM!
Source=Paul Collins Startup list

[Microsoft MicroP Protocol]
Number=5424
Confirmed=X
Filename=wdgmr32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Movie Maker]
Number=5425
Confirmed=X
Filename=Mmaker.exe
Description=Added by the <a href="http://www.symantec.com/region/jp/avcenter/venc/data/w32.ircbot.c.html" target="_blank">IRCBOT.C</a> TROJAN! Note that this is not a valid Microsoft program
Source=Paul Collins Startup list

[Microsoft MSGPLUS32 Protocol]
Number=5426
Confirmed=X
Filename=msgplus32.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft MSNGR32 Protocol]
Number=5427
Confirmed=X
Filename=msngr32.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft msnseru]
Number=5428
Confirmed=X
Filename=msnseru.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotapb.html" target=_blank>RBOT-APB</a> WORM!
Source=Paul Collins Startup list

[Microsoft MsnST]
Number=5429
Confirmed=X
Filename=msnst32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft MSUPDATE]
Number=5430
Confirmed=X
Filename=SpoolSvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsxtba.html" target="_blank">SXTB-A</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Neser Experience]
Number=5431
Confirmed=X
Filename=nese.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyh.html" target=_blank>RBOT-YH</a> WORM!
Source=Paul Collins Startup list

[Microsoft NetMeeting Associates, Inc.]
Number=5432
Confirmed=X
Filename=NetMeeting.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list

[Microsoft Netview]
Number=5433
Confirmed=X
Filename=gesfm32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-061812-1316-99" target="_blank">RANDEX.C</a> WORM!
Source=Paul Collins Startup list

[Microsoft Netview]
Number=5434
Confirmed=X
Filename=mssvc32.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[Microsoft Netview Component v5.1]
Number=5435
Confirmed=X
Filename=msnv32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081412-2646-99" target="_blank">RANDEX.F</a> WORM!
Source=Paul Collins Startup list

[Microsoft Network]
Number=5436
Confirmed=X
Filename=msnet.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-022608-5242-99" target="_blank">MOCKBOT.A</a> WORM!
Source=Paul Collins Startup list

[Microsoft Network]
Number=5437
Confirmed=X
Filename=Networksystem.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaai.html" target=_blank>SDBOT-AAI</a> WORM!
Source=Paul Collins Startup list

[Microsoft Network Daemon for Win32]
Number=5438
Confirmed=X
Filename=Netd32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101019-3203-99" target="_blank">SDBOT.R</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Network Host]
Number=5439
Confirmed=X
Filename=svc0host.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaen.html" target=_blank>SDBOT-AEN</a> WORM!
Source=Paul Collins Startup list

[Microsoft Network Services Controller]
Number=5440
Confirmed=X
Filename=mmsvc32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32nanpya.html" target=_blank>NANPY-A</a> WORM!
Source=Paul Collins Startup list

[Microsoft Networking Agent For SP2]
Number=5441
Confirmed=X
Filename=msnac32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051916-0450-99" target=_blank>SPYBOT.PEN</a> WORM!
Source=Paul Collins Startup list

[Microsoft Nod32 Service]
Number=5442
Confirmed=X
Filename=nood32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.EJP" target="_blank">RBOT.EJP</a> WORM!
Source=Paul Collins Startup list

[Microsoft NotePad]
Number=5443
Confirmed=X
Filename=notepad.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft NT Drivers]
Number=5444
Confirmed=X
Filename=ntdrv.exe
Description=Added by the SDBOT.AJN TROJAN!

Source=Paul Collins Startup list

[Microsoft NT Update]
Number=5445
Confirmed=X
Filename=winexec32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Nvidia Video]
Number=5446
Confirmed=X
Filename=nvidia.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Office]
Number=5447
Confirmed=N
Filename=Osa.exe
Description=Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show
Source=Paul Collins Startup list

[Microsoft Office]
Number=5448
Confirmed=N
Filename=Msoffice.exe
Description=Alternative shortcuts to the Start -&gt; Programs way of running applications installed as part of MS Office. Some people prefer it but a better way is to create Desktop Shortcuts if you want access these programs quickly
Source=Paul Collins Startup list

[Microsoft Office]
Number=5449
Confirmed=X
Filename=MSMSGR.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102208-5004-99" target="_blank">GAOBOT.BB</a> WORM!
Source=Paul Collins Startup list

[Microsoft Office]
Number=5450
Confirmed=N
Filename=Osa9.exe
Description=Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show
Source=Paul Collins Startup list

[Microsoft Office]
Number=5451
Confirmed=X
Filename=lserv.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.MH&VSect=T" target=_blank>SDBOT.MH</a> WORM!
Source=Paul Collins Startup list

[Microsoft Office]
Number=5452
Confirmed=X
Filename=Microsoft Office.hta
Description=HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site!
Source=Paul Collins Startup list

[Microsoft Office]
Number=5453
Confirmed=X
Filename=msoicons.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotzi.html" target=_blank>RBOT-ZI</a> WORM! - NOTE - do no confuse with the legitimate Msoicons.exe file described <a href="http://www.fileproperties.com/m/MSOICONS-EXE.htm" target=_blank>here</a>. The latter wil not be listed among your startups!
Source=Paul Collins Startup list

[Microsoft Office]
Number=5454
Confirmed=X
Filename=Nxcao.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotze.html" target= blank>RBOT-ZE</a> WORM!
Source=Paul Collins Startup list

[Microsoft Office]
Number=5455
Confirmed=X
Filename=nxcxtpr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyg.html" target= blank>RBOT-YG</a> WORM!
Source=Paul Collins Startup list

[Microsoft Office]
Number=5456
Confirmed=X
Filename=svxhost.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Office]
Number=5457
Confirmed=X
Filename=msoffice32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Office]
Number=5458
Confirmed=X
Filename=msoff.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojrakerc.html" target=_blank>RAKER-C</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Office]
Number=5459
Confirmed=X
Filename=microsoft.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankervf.html" target=_blank>BANKER-VF</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Office]
Number=5460
Confirmed=X
Filename=msvcp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentxk.html" target="_blank">AGENT-XK</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Office]
Number=5461
Confirmed=X
Filename=msmsgr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102208-5004-99" target="_blank">GAOBOT.BB</a> WORM!
Source=Paul Collins Startup list

[Microsoft Office Fast Cache]
Number=5462
Confirmed=N
Filename=Fastboot.exe
Description=Part of MS Office 95 (v7.0). According to <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q132755" target=_blank>this</a> it improves the performance. Most likely a predecessor of MS Find Fast and can be disabled
Source=Paul Collins Startup list

[Microsoft Office Monitor]
Number=5463
Confirmed=X
Filename=alg2k.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotczo.html" target="_blank">SDBOT-CZO</a> WORM!
Source=Paul Collins Startup list

[Microsoft Office Monitor]
Number=5464
Confirmed=X
Filename=aql32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojrbotgcy.html" target="_blank">RBOT-GCY</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Office OneNote 2003 Quick Launch]
Number=5465
Confirmed=U
Filename=ONENOTEM.EXE
Description=ONENOTEM.EXE is a part of the note taking program that ships with Microsoft Office 2003. It's required for the side note windows to work
Source=Paul Collins Startup list

[Microsoft Office Quick Launcher]
Number=5466
Confirmed=X
Filename=iau1.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadrawd.html" target="_blank">DLOADR-AWD</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Office Shortcut Bar]
Number=5467
Confirmed=N
Filename=Msoffice.exe
Description=Alternative shortcuts to the Start -&gt; Programs way of running applications installed as part of MS Office. Some people prefer it but a better way is to create Desktop Shortcuts if you want access these programs quickly
Source=Paul Collins Startup list

[Microsoft Office Start]
Number=5468
Confirmed=X
Filename=winupdates.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102411-5646-99" target="_blank">GAOBOT.BC</a> WORM!
Source=Paul Collins Startup list

[Microsoft Office Startup]
Number=5469
Confirmed=N
Filename=Osa.exe
Description=Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show
Source=Paul Collins Startup list

[Microsoft Office Startup]
Number=5470
Confirmed=N
Filename=Osa9.exe
Description=Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show
Source=Paul Collins Startup list

[Microsoft Office Studio]
Number=5471
Confirmed=X
Filename=scvhvst.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022417-5047-99" target=_blank>RANDEX.CST</a> WORM!
Source=Paul Collins Startup list

[Microsoft OfficeXP]
Number=5472
Confirmed=X
Filename=officeXP.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_KILLAV.MA&VSect=P" target=_blank>KILLAV.MA</a> WORM!
Source=Paul Collins Startup list

[Microsoft Opeions]
Number=5473
Confirmed=X
Filename=IEXwe.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Outlook Express Protocol]
Number=5474
Confirmed=X
Filename=svchst.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Patch Update]
Number=5475
Confirmed=X
Filename=bootini.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfmn.html" target="_blank">RBOT-FMN</a> WORM!
Source=Paul Collins Startup list

[Microsoft PC Health Remote Assistance File Open & Save controls]
Number=5476
Confirmed=X
Filename=sfrcdlg32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotavy.html" target=_blank>RBOT-AVY</a> WORM!
Source=Paul Collins Startup list

[Microsoft PCHealth32]
Number=5477
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojnicea.html" target= blank>NICE-A</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft PCHealth32]
Number=5478
Confirmed=X
Filename=NDDENB.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpwsyahooa.html" target=_blank>PWSYAHOO-A</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft PCI Manager]
Number=5479
Confirmed=X
Filename=mspci.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Personal Firewalls]
Number=5480
Confirmed=X
Filename=bakw.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotks.html" target="_blank">RBOT-KS</a> WORM!
Source=Paul Collins Startup list

[Microsoft Proc Driver32]
Number=5481
Confirmed=X
Filename=msprc.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN" target=_blank>WOOTBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Procedure Call]
Number=5482
Confirmed=X
Filename=MSPCALL.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft PSTCP32 Data]
Number=5483
Confirmed=X
Filename=pstcp32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft QMGR]
Number=5484
Confirmed=X
Filename=msnqmgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbots.html" target=_blank>IRCBOT-S</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft RDLL]
Number=5485
Confirmed=X
Filename=sysconf32.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99" target="_blank">SDBOT</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Redirect]
Number=5486
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerfw.html" target=_blank>BANKER-FW</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Redirect]
Number=5487
Confirmed=X
Filename=systen.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosfo.html" target=_blank>BANCOS-FO</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Registro]
Number=5488
Confirmed=X
Filename=svchostt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosdh.html" target=_blank>BANCOS-DH</a> TROJAN!

Source=Paul Collins Startup list

[Microsoft Registry]
Number=5489
Confirmed=X
Filename=csrse.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpc.html" target=_blank>RBOT-PC</a> WORM!

Source=Paul Collins Startup list

[MicroSoft Remote Secure Service]
Number=5490
Confirmed=X
Filename=MSRSS.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Restore]
Number=5491
Confirmed=X
Filename=scrgrd.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.BR" target=_blank>SPYBOT.BR</a> WORM!
Source=Paul Collins Startup list

[Microsoft Rundll]
Number=5492
Confirmed=X
Filename=windos.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwf.html" target= blank>SDBOT-WF</a> WORM!
Source=Paul Collins Startup list

[Microsoft Runtime]
Number=5493
Confirmed=X
Filename=CfgDll32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120918-0007-99" target="_blank">RANDEX.BD</a> WORM!
Source=Paul Collins Startup list

[Microsoft Scanreg]
Number=5494
Confirmed=X
Filename=microsoftscanreg.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_FRANRIV.A" target="_blank">FRANRIV.A</a> WORM!
Source=Paul Collins Startup list

[Microsoft SCVHOST32 Protocol]
Number=5495
Confirmed=X
Filename=scvhost32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft sddcE Contol]
Number=5496
Confirmed=X
Filename=taskmnegr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaum.html" target=_blank>RBOT-AUM</a> WORM!
Source=Paul Collins Startup list

[Microsoft sdk temp]
Number=5497
Confirmed=X
Filename=sdktemp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotanp.html" target=_blank>RBOT-ANP</a> WORM!
Source=Paul Collins Startup list

[Microsoft SDKP3]
Number=5498
Confirmed=X
Filename=mswinsdq.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotary.html" target=_blank>RBOT-ARY</a> WORM!
Source=Paul Collins Startup list

[Microsoft Secure Messenger.NET Service]
Number=5499
Confirmed=X
Filename=securitychk.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.VT" target="_blank">SDBOT.VT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Security]
Number=5500
Confirmed=X
Filename=winService.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Security Center]
Number=5501
Confirmed=X
Filename=savservices.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotanu.html" target=_blank>RBOT-ANU</a> WORM!
Source=Paul Collins Startup list

[Microsoft Security Center]
Number=5502
Confirmed=X
Filename=wcsntfy.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BYD" target="_blank">SDBOT.BYD</a> WORM!
Source=Paul Collins Startup list

[Microsoft Security Controlers]
Number=5503
Confirmed=X
Filename=fxsecues.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Security GManagers]
Number=5504
Confirmed=X
Filename=[random filename]
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Security Hot Fix Update]
Number=5505
Confirmed=X
Filename=mshotfix.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120910-4256-99" target=_blank>Affilred</a> adware
Source=Paul Collins Startup list

[Microsoft Security Management]
Number=5506
Confirmed=X
Filename=winnt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmq.html" target=_blank>RBOT-MQ</a> WORM!

Source=Paul Collins Startup list

[Microsoft Security Management]
Number=5507
Confirmed=X
Filename=winserv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmj.html" target=_blank>RBOT-MJ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Security Management]
Number=5508
Confirmed=X
Filename=winamp.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM! Note - this is NOT the popular <a href="http://www.winamp.com/" target="_blank">Winamp</a> media player which resides in a "Winamp" subdirectory of the Program Files directory
Source=Paul Collins Startup list

[Microsoft Security Management]
Number=5509
Confirmed=X
Filename=wuauct1.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Security Management]
Number=5510
Confirmed=X
Filename=bling.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.XL" target="_blank">RBOT.XL</a> WORM!
Source=Paul Collins Startup list

[Microsoft Security Management]
Number=5511
Confirmed=X
Filename=sp2fix.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.UB" target="_blank">RBOT.UB</a> WORM!
Source=Paul Collins Startup list

[Microsoft Security Manager]
Number=5512
Confirmed=X
Filename=winamp.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.TU" target="_blank">RBOT</a> WORM! Note - this is NOT the popular <a href="http://www.winamp.com/" target="_blank">Winamp</a> media player which resides in a "Winamp" subdirectory of the Program Files directory. This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[Microsoft Security Monitor Process]
Number=5513
Confirmed=X
Filename=mssmp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfub.html" target="_blank">RBOT-FUB</a> WORM!
Source=Paul Collins Startup list

[Microsoft Security Monitor Process]
Number=5514
Confirmed=X
Filename=mnsmp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfub.html" target="_blank">RBOT-FUB</a> WORM!
Source=Paul Collins Startup list

[Microsoft Security Monitor Process]
Number=5515
Confirmed=X
Filename=msmp.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfub.html" target="_blank">RBOT-FUB</a> WORM!
Source=Paul Collins Startup list

[Microsoft Security Panager]
Number=5516
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotanl.html" target=_blank>RBOT-ANL</a> WORM!
Source=Paul Collins Startup list

[Microsoft Security Panagers]
Number=5517
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaig.html" target=_blank>RBOT-AIG</a> WORM!
Source=Paul Collins Startup list

[Microsoft Security Panagers]
Number=5518
Confirmed=X
Filename=zzoboony.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaoi.html" target=_blank>RBOT-AOI</a> WORM!
Source=Paul Collins Startup list

[Microsoft Security Process]
Number=5519
Confirmed=X
Filename=wininit.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfkm.html" target="_blank">RBOT-FKM</a> WORM!
Source=Paul Collins Startup list

[Microsoft Server]
Number=5520
Confirmed=X
Filename=rserv.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AVS" target="_blank">AGOBOT.AVS</a> WORM!
Source=Paul Collins Startup list

[Microsoft Server Applacations]
Number=5521
Confirmed=X
Filename=msnmsg.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Server Applacations]
Number=5522
Confirmed=X
Filename=wuauct1.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Server Applacations]
Number=5523
Confirmed=X
Filename=lsasss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqq.html" target=_blank>RBOT-AQQ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Server Applacations]
Number=5524
Confirmed=X
Filename=Q8See.exe
Description=Added by the <a href="http://sandbox.norman.no/live_2.html?logfile=725823" target="_blank">SPYBOT.GEN3</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Server Applacations]
Number=5525
Confirmed=X
Filename=cli.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgaq.html" target="_blank">RBOT-GAQ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Server Application]
Number=5526
Confirmed=X
Filename=Sound.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotne.html" target=_blank>RBOT-NE</a> WORM!

Source=Paul Collins Startup list

[microsoft server base]
Number=5527
Confirmed=X
Filename=lass.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Service]
Number=5528
Confirmed=X
Filename=microhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlc.html" target="_blank">RBOT-LC</a> WORM!
Source=Paul Collins Startup list

[Microsoft Service]
Number=5529
Confirmed=X
Filename=winsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotdb.html" target="_blank">SPYBOT-DB</a> WORM!
Source=Paul Collins Startup list

[Microsoft Service]
Number=5530
Confirmed=X
Filename=rundll.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32popoa.html" target=_blank>POPO-A</a> WORM! Note - this is NOT the Windows system file of the same name as described <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll/" target=_blank>here</a>
Source=Paul Collins Startup list

[Microsoft Service Controller]
Number=5531
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kaleld.html" target=_blank>KALEL-D</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[Microsoft Service Drivers]
Number=5532
Confirmed=X
Filename=System.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Service Drivers]
Number=5533
Confirmed=X
Filename=VSADNIM.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Service Host Process]
Number=5534
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_KRYNOS.B&VSect=P" target=_blank>KRYNOS.B</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Help" subfolder of the Winnt or Windows folder
Source=Paul Collins Startup list

[Microsoft Service Pack]
Number=5535
Confirmed=X
Filename=WindowsSP.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotrf.html" target=_blank>RBOT-RF</a> WORM!
Source=Paul Collins Startup list

[Microsoft Service Pack2.1]
Number=5536
Confirmed=X
Filename=svchost2.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Services]
Number=5537
Confirmed=X
Filename=lsserv.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[Microsoft Services]
Number=5538
Confirmed=X
Filename=lssrv.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CW&VSect=T" target="_blank">RBOT.CW</a> WORM!
Source=Paul Collins Startup list

[Microsoft Services]
Number=5539
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-083116-5118-99" target="_blank">ALETS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
Source=Paul Collins Startup list

[Microsoft Services]
Number=5540
Confirmed=X
Filename=lsrv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbk.html" target="_blank">RBOT-BK</a> WORM!
Source=Paul Collins Startup list

[Microsoft Services]
Number=5541
Confirmed=X
Filename=svshost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-010617-2801-99" target=_blank>ALETS.B</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Services]
Number=5542
Confirmed=X
Filename=bsc32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooraw.html" target=_blank>BDOOR-AW</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Services]
Number=5543
Confirmed=X
Filename=Smss32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotad.html" target=_blank>RBOT-AD</a> WORM!
Source=Paul Collins Startup list

[Microsoft Services]
Number=5544
Confirmed=X
Filename=svssshost.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Services]
Number=5545
Confirmed=X
Filename=module.exe
Description=Added by the <a href="http://www.auditmypc.com/process/module.asp" target="_blank">LAVITS</a> WORM!
Source=Paul Collins Startup list

[Microsoft Services Unitd]
Number=5546
Confirmed=X
Filename=MSU32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Servicez Manager]
Number=5547
Confirmed=X
Filename=servicemgrz.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasn.html" target=_blank>RBOT-ASN</a> WORM!
Source=Paul Collins Startup list

[Microsoft Session Manager Subsystem]
Number=5548
Confirmed=X
Filename=smss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kaleld.html" target=_blank>KALEL-D</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target="_blank">smss.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list

[Microsoft Sidewinder Game Controller Software]
Number=5549
Confirmed=N
Filename=SWTRAY.EXE
Description=MS SideWinder game controller system tray icon. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[Microsoft Sinsup]
Number=5550
Confirmed=X
Filename=odjiwjf.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotdn.html" target= blank>RBOT-DN</a> WORM!
Source=Paul Collins Startup list

[Microsoft Software]
Number=5551
Confirmed=X
Filename=sysinfo33.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.LS" target="_blank">RBOT.LS</a> WORM!
Source=Paul Collins Startup list

[microsoft software]
Number=5552
Confirmed=X
Filename=****.exe E255 [* = random char]
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Microsoft software]
Number=5553
Confirmed=X
Filename=cdaccess.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ABK" target=_blank>RBOT.ABK</a> WORM!
Source=Paul Collins Startup list

[Microsoft Software Update]
Number=5554
Confirmed=X
Filename=nmon.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.HZ" target="_blank">RBOT.HZ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Sound Driver]
Number=5555
Confirmed=X
Filename=sound32.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Sound Technology]
Number=5556
Confirmed=X
Filename=winsound.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagg.html" target=_blank>RBOT-AGG</a> WORM!
Source=Paul Collins Startup list

[Microsoft Sound Volume Tool]
Number=5557
Confirmed=N
Filename=mssvol.exe
Description=This is a Blue version of the yellow speaker icon on the system tray and is used to edit advanced Sound Features that the MS DSS80 Speakers add. Should be accessible via Start -&gt; Settings -&gt; Control Panel
Source=Paul Collins Startup list

[Microsoft Sounds]
Number=5558
Confirmed=X
Filename=soundman.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgci.html" target="_blank">RBOT-GCI</a> WORM!
Source=Paul Collins Startup list

[Microsoft SourceSafe]
Number=5559
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091409-4900-99" target="_blank">WEBUS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[Microsoft SpA Service]
Number=5560
Confirmed=X
Filename=msapps.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotvi.html" target= blank>RBOT-VI</a> WORM!
Source=Paul Collins Startup list

[Microsoft SpA Service]
Number=5561
Confirmed=X
Filename=win32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ATS&VSect=T" target=_blank>RBOT.ATS</a> WORM!
Source=Paul Collins Startup list

[Microsoft SpA Service]
Number=5562
Confirmed=X
Filename=Winupd32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.LT&VSect=P" target=_blank>RBOT.LT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Special offer]
Number=5563
Confirmed=X
Filename=infoebay.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Spool Server for Win32]
Number=5564
Confirmed=X
Filename=spoolsrv.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081617-3006-99" target="_blank">RANDEX.H</a> WORM!
Source=Paul Collins Startup list

[Microsoft SSISVRI32 Protocol]
Number=5565
Confirmed=X
Filename=ssisvri.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Standard Executions Library]
Number=5566
Confirmed=X
Filename=win32lib.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotauk.html" target=_blank>RBOT-AUK</a> WORM!
Source=Paul Collins Startup list

[Microsoft standard protector]
Number=5567
Confirmed=X
Filename=winsocks5.exe
Description=Added by the SMALL.CF TROJAN!
Source=Paul Collins Startup list

[Microsoft standard protector]
Number=5568
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstoxc.html" target=_blank>STOX-C</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Sum32]
Number=5569
Confirmed=X
Filename=sum32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyw.html" target= blank>RBOT-YW</a> WORM!
Source=Paul Collins Startup list

[Microsoft Support]
Number=5570
Confirmed=X
Filename=sys32ms.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahi.html" target=_blank>RBOT-AHI</a> WORM!
Source=Paul Collins Startup list

[microsoft support]
Number=5571
Confirmed=X
Filename=svchostt.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AWN" target="_blank">AGOBOT.AWN</a> WORM!
Source=Paul Collins Startup list

[Microsoft Svchost local services]
Number=5572
Confirmed=X
Filename=winoem.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfpe.html" target="_blank">RBOT-FPE</a>
Source=Paul Collins Startup list

[Microsoft Svchost local services]
Number=5573
Confirmed=X
Filename=winoem.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfpe.html" target="_blank">RBOT-FPE</a> WORM!
Source=Paul Collins Startup list

[Microsoft Svchost local services]
Number=5574
Confirmed=X
Filename=nzm23.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgmc.html" target="_blank">RBOT-GMC</a> WORM!
Source=Paul Collins Startup list

[Microsoft Synchronization Manager]
Number=5575
Confirmed=X
Filename=asgard.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaea.html" target="_blank">SDBOT-AEA</a> WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[Microsoft Synchronization Manager]
Number=5576
Confirmed=X
Filename=bot.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.IH" target="_blank">SDBOT.IH</a> WORM!
Source=Paul Collins Startup list

[Microsoft Synchronization Manager]
Number=5577
Confirmed=X
Filename=netscape.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDEX.AE" target="_blank">RANDEX.AE</a> WORM!
Source=Paul Collins Startup list

[Microsoft Synchronization Manager]
Number=5578
Confirmed=X
Filename=slhost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.YH" target="_blank">SDBOT.YH</a> WORM!
Source=Paul Collins Startup list

[Microsoft Synchronization Manager]
Number=5579
Confirmed=X
Filename=svhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpy.html" target="_blank">SDBOT-PY</a> WORM!
Source=Paul Collins Startup list

[Microsoft Synchronization Manager]
Number=5580
Confirmed=X
Filename=WinLoginnn.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.FO" target="_blank">SPYBOT.FO</a> WORM!
Source=Paul Collins Startup list

[Microsoft Synchronization Manager]
Number=5581
Confirmed=X
Filename=winupdate.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ER" target="_blank">SDBOT.ER</a> WORM!
Source=Paul Collins Startup list

[Microsoft Synchronization Manager]
Number=5582
Confirmed=X
Filename=xXx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotkz.html" target="_blank">SDBOT-KZ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Synchronization Manager]
Number=5583
Confirmed=X
Filename=___synmgr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120815-1506-99" target=_blank>MASLAN.A</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120914-3308-99" target=_blank>MASLAN.C</a> WORMS!
Source=Paul Collins Startup list

[Microsoft Synchronization Manager]
Number=5584
Confirmed=X
Filename=al.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_OPTXPRO.132" target="_blank">OPTXPRO.132</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Synchronization Manager]
Number=5585
Confirmed=X
Filename=win.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-011415-2748-99" target=_blank>SDBOT.AK</a> WORM!
Source=Paul Collins Startup list

[Microsoft Synchronization Manager]
Number=5586
Confirmed=X
Filename=java.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Synchronization Manager]
Number=5587
Confirmed=X
Filename=svchosts.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotlm.html" target= blank>SDBOT-LM</a> WORM!
Source=Paul Collins Startup list

[Microsoft Synchronization Manager]
Number=5588
Confirmed=X
Filename=winlogon32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AEU&VSect=T" target=_blank>SDBOT.AEU</a> WORM!
Source=Paul Collins Startup list

[Microsoft Synchronization Manager]
Number=5589
Confirmed=X
Filename=svxhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzu.html" target=_blank>SDBOT-ZU</a> WORM!
Source=Paul Collins Startup list

[Microsoft Synchronization Manager]
Number=5590
Confirmed=X
Filename=wincfg32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.DO&VSect=T" target=_blank>SDBOT.DO</a> WORM!
Source=Paul Collins Startup list

[Microsoft Synchronization Manager]
Number=5591
Confirmed=X
Filename=screen.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaco.html" target=_blank>SDBOT-ACO</a> WORM!
Source=Paul Collins Startup list

[Microsoft Synchronization Manager]
Number=5592
Confirmed=X
Filename=devldr32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM! Note - do not confuse with the legitimate Creative Labs <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>devldr32.exe</a> file
Source=Paul Collins Startup list

[Microsoft Synchronization Manager]
Number=5593
Confirmed=X
Filename=explorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaea.html" target=_blank>SDBOT-AEA</a> WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would only be in startups if you added it manually. This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[Microsoft Synchronization Manager]
Number=5594
Confirmed=X
Filename=firewire.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotafc.html" target=_blank>SDBOT-AFC</a> WORM!
Source=Paul Collins Startup list

[Microsoft Synchronization Manager]
Number=5595
Confirmed=X
Filename=wmedia.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BFC" target="_blank">SDBOT.BFC</a> WORM!
Source=Paul Collins Startup list

[Microsoft System]
Number=5596
Confirmed=X
Filename=msupdtm.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060610-4756-99" target=_blank>SPYBOT.PKC</a> WORM!
Source=Paul Collins Startup list

[Microsoft System]
Number=5597
Confirmed=X
Filename=mssys32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_PETTICK.A" target="_blank">PETTICK.A</a> WORM!
Source=Paul Collins Startup list

[Microsoft System]
Number=5598
Confirmed=X
Filename=sys.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AKI" target="_blank">RBOT.AKI</a> WORM!
Source=Paul Collins Startup list

[Microsoft System Backup]
Number=5599
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagm.html" target=_blank>RBOT-AGM</a> WORM!
Source=Paul Collins Startup list

[Microsoft System Checkup]
Number=5600
Confirmed=X
Filename=Cool.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092716-2152-99" target="_blank">DONK.B</a> WORM!
Source=Paul Collins Startup list

[Microsoft System Checkup]
Number=5601
Confirmed=X
Filename=Wnetlib.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100914-4749-99" target="_blank">DONK.C</a> WORM!
Source=Paul Collins Startup list

[Microsoft System Checkup]
Number=5602
Confirmed=X
Filename=dbnetlib.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032318-2655-99" target="_blank">DONK.L</a> WORM!
Source=Paul Collins Startup list

[Microsoft System Checkup]
Number=5603
Confirmed=X
Filename=Keymgr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040815-2440-99" target="_blank">DONK.M</a> WORM!
Source=Paul Collins Startup list

[Microsoft System Checkup]
Number=5604
Confirmed=X
Filename=inetman.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-041911-2523-99" target="_blank">DONK.O</a> WORM!
Source=Paul Collins Startup list

[Microsoft System Checkup]
Number=5605
Confirmed=X
Filename=ntsysmgr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-092117-0635-99" target="_blank">DONK.S</a> WORM!
Source=Paul Collins Startup list

[Microsoft System Checkup]
Number=5606
Confirmed=X
Filename=ntsysman.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotqw.html" target=_blank>SDBOT-QW</a> WORM!

Source=Paul Collins Startup list

[Microsoft System Checkup]
Number=5607
Confirmed=X
Filename=libsysmgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotcaf.html" target=_blank>SDBOT-CAF</a> WORM!
Source=Paul Collins Startup list

[Microsoft System Checkup]
Number=5608
Confirmed=X
Filename=sysmgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotoo.html" target=_blank>SDBOT-OO</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft System Checkup]
Number=5609
Confirmed=X
Filename=netapi32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32donke.html" target=_blank>DONK-E</a> WORM!
Source=Paul Collins Startup list

[Microsoft System Checkup]
Number=5610
Confirmed=X
Filename=wnetmgr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-051015-2700-99" target= blank>DONK.Q</a> WORM!
Source=Paul Collins Startup list

[Microsoft System Checkup]
Number=5611
Confirmed=X
Filename=libsys32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotack.html" target=_blank>SDBOT-ACK</a> WORM!
Source=Paul Collins Startup list

[Microsoft System Debug]
Number=5612
Confirmed=X
Filename=services32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AKH&VSect=P" target=_blank>RBOT.AKH</a> WORM!
Source=Paul Collins Startup list

[Microsoft System DLL Services Configuration]
Number=5613
Confirmed=X
Filename=windir32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotacy.html" target=_blank>SDBOT-ACY</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft System File]
Number=5614
Confirmed=X
Filename=svchots.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BYU" target="_blank">RBOT.BYU</a> WORM!
Source=Paul Collins Startup list

[Microsoft System Firewall 2006.2]
Number=5615
Confirmed=X
Filename=msmsgr.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft System Firewall 2006.2]
Number=5616
Confirmed=X
Filename=msnmsgr.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM! Note - this is not the valid MSN Messenger (now <a href="http://get.live.com/messenger/overview" target="_blank">Windows Live Messenger</a>) utility
Source=Paul Collins Startup list

[Microsoft System Firewall 2006.2]
Number=5617
Confirmed=X
Filename=reg32.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft System Init]
Number=5618
Confirmed=X
Filename=mtmnr0.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.BR" target="_blank">SDBOT.BR</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft System NT]
Number=5619
Confirmed=X
Filename=svhost.exe
Description=Added by the <a href="http://www.enciclopediavirus.com/virus/vervirus.php?id=1446&alerta=1" target=_blank>SDBOT.COU</a> WORM!
Source=Paul Collins Startup list

[Microsoft System Restore Configuration]
Number=5620
Confirmed=X
Filename=CBRSS.EXE
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft System Saver]
Number=5621
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BSK" target="_blank">RBOT.BSK</a> WORM!

Source=Paul Collins Startup list

[Microsoft System Security Agent]
Number=5622
Confirmed=X
Filename=MSTSA.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CCM" target="_blank">RBOT.CCM</a> WORM!
Source=Paul Collins Startup list

[Microsoft System Services]
Number=5623
Confirmed=X
Filename=msnmgsr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-033116-4030-99" target=_blank>KELVIR.K</a> WORM!
Source=Paul Collins Startup list

[Microsoft System Services]
Number=5624
Confirmed=X
Filename=msmsgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotzh.html" target= blank>RBOT-ZH</a> WORM!
Source=Paul Collins Startup list

[Microsoft System Update]
Number=5625
Confirmed=X
Filename=sysupdate.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.DG&VSect=P" target=_blank>SDBOT.DG</a> WORM!
Source=Paul Collins Startup list

[Microsoft System32 Update]
Number=5626
Confirmed=X
Filename=cmsrg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgn.html" target=_blank>RBOT-GN</a> WORM!
Source=Paul Collins Startup list

[Microsoft Task32 Protocol]
Number=5627
Confirmed=X
Filename=taskmgr32.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Taskmanager Updater]
Number=5628
Confirmed=X
Filename=keyboard.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotalu.html" target=_blank>RBOT-ALU</a> WORM!
Source=Paul Collins Startup list

[Microsoft TCP/IP Connection Monitor]
Number=5629
Confirmed=X
Filename=svchost32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.KS" target="_blank">RBOT.KS</a> WORM!
Source=Paul Collins Startup list

[Microsoft Telecom Center]
Number=5630
Confirmed=X
Filename=tellecom.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Telecoma Center]
Number=5631
Confirmed=X
Filename=tellcoma.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawx.html" target=_blank>RBOT-AWX</a> WORM!
Source=Paul Collins Startup list

[Microsoft Telecoms Center]
Number=5632
Confirmed=X
Filename=telcoms.exe
Description=Added by the <a href="http://www.greatis.com/appdata/d/SysDir/t/telcoms.exe_Removal.htm" target=_blank>IRCBOT.GEN</a> WORM!

Source=Paul Collins Startup list

[Microsoft Telecoms Center]
Number=5633
Confirmed=X
Filename=xpfilesys.exe
Description=Added by the RBOT.BCJ TROJAN!
Source=Paul Collins Startup list

[Microsoft Telecoms Center]
Number=5634
Confirmed=X
Filename=winupn.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Telecoms Center]
Number=5635
Confirmed=X
Filename=svcchost.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Time Manager]
Number=5636
Confirmed=X
Filename=dveldr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbothq.html" target="_blank">RBOT-HQ</a> WORM!
Source=Paul Collins Startup list

[MicroSoft Toolbar]
Number=5637
Confirmed=X
Filename=key.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaew.html" target=_blank>RBOT-AEW</a> WORM!
Source=Paul Collins Startup list

[Microsoft Transfer File Server]
Number=5638
Confirmed=X
Filename=mtfs.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AFE" target="_blank">RBOT.AFE</a> WORM!
Source=Paul Collins Startup list

[Microsoft Tray]
Number=5639
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.vsantivirus.com/back-delf-bz.htm" target="_blank">DELF.BZ</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft TTL Verifier]
Number=5640
Confirmed=X
Filename=msttl.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgap.html" target="_blank">RBOT-GAP</a> WORM!
Source=Paul Collins Startup list

[Microsoft U]
Number=5641
Confirmed=X
Filename=wuamkopxp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahc.html" target=_blank>RBOT-AHC</a> WORM!
Source=Paul Collins Startup list

[Microsoft UMA Update]
Number=5642
Confirmed=X
Filename=MSuma32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.FS" target="_blank">RBOT.FS</a> WORM!
Source=Paul Collins Startup list

[MICROSOFT UNPACCKER SYSTEM]
Number=5643
Confirmed=X
Filename=unpak32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[MICROSOFT UNPACK SYSTEM]
Number=5644
Confirmed=X
Filename=winrarx.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Updat3]
Number=5645
Confirmed=X
Filename=mswkst32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5646
Confirmed=X
Filename=Microsoft.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042914-1054-99" target="_blank">GAOBOT.AFJ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5647
Confirmed=X
Filename=mssmgrd.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.JT" target="_blank">SDBOT.JT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5648
Confirmed=X
Filename=mvsc.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-082710-2418-99" target="_blank">SPYBOT.DAZ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5649
Confirmed=X
Filename=ascdl.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040112-0028-99" target="_blank">GAOBOT.SY</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5650
Confirmed=X
Filename=Isac.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotau.html" target="_blank">RBOT-AU</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5651
Confirmed=X
Filename=automgr32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5652
Confirmed=X
Filename=mediap.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5653
Confirmed=X
Filename=Microsoftx.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5654
Confirmed=X
Filename=msconfg.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39662" target=_blank>RBOT.H</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5655
Confirmed=X
Filename=Mslti32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlx.html" target="_blank">RBOT-LX</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5656
Confirmed=X
Filename=muamgrd.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target="_blank">AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5657
Confirmed=X
Filename=navmgrd.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.DP" target="_blank">SDBOT.DP</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5658
Confirmed=X
Filename=Smss32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotcb.html" target="_blank">RBOT.CB</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5659
Confirmed=X
Filename=sys32cfg.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.DR" target="_blank">RBOT.DR</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5660
Confirmed=X
Filename=VPC32.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.XM" target="_blank">AGOBOT.XM</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5661
Confirmed=X
Filename=winsys32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5662
Confirmed=X
Filename=wuamgrd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlk.html" target="_blank">RBOT-LK</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5663
Confirmed=X
Filename=wuammgr32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaw.html" target="_blank">RBOT-AW</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5664
Confirmed=X
Filename=wudmate.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AP" target="_blank">RBOT.AP</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5665
Confirmed=X
Filename=msawindows.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042914-1054-99" target="_blank">GAOBOT.AFJ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5666
Confirmed=X
Filename=msiwin84.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042914-1054-99" target="_blank">GAOBOT.AFJ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5667
Confirmed=X
Filename=wuamgrd32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ZB" target=_blank>RBOT.ZB</a> WORM!

Source=Paul Collins Startup list

[Microsoft Update]
Number=5668
Confirmed=X
Filename=NAV.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotiv.html" target=_blank>RBOT-IV</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5669
Confirmed=X
Filename=systemi32.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5670
Confirmed=X
Filename=xpupdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqe.html" target=_blank>RBOT-QE</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5671
Confirmed=X
Filename=webm.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.WK" target="_blank">SDBOT.WK</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5672
Confirmed=X
Filename=wuagrd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfk.html" target=_blank>RBOT-FK</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5673
Confirmed=X
Filename=aaupdt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotrq.html" target=_blank>RBOT-RQ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5674
Confirmed=X
Filename=lsac.exe
Description=Added by the <a href="http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?lst=det&idvirus=48428" target="_blank">GAOBOT.XW</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5675
Confirmed=X
Filename=Mupdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotag.html" target=_blank>RBOT-AG</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5676
Confirmed=X
Filename=prowind32.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5677
Confirmed=X
Filename=snlogsvc.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5678
Confirmed=X
Filename=svhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpi.html" target=_blank>RBOT-PI</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5679
Confirmed=X
Filename=wauguard.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AEE" target="_blank">RBOT.AEE</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5680
Confirmed=X
Filename=winscv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbh.html" target=_blank>RBOT-BH</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5681
Confirmed=X
Filename=winsys.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgv.html" target=_blank>RBOT-GV</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5682
Confirmed=X
Filename=wserv32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AF&VSect=T" target=_blank>RBOT.AF</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5683
Confirmed=X
Filename=wtm32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaq.html" target=_blank>RBOT-AQ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5684
Confirmed=X
Filename=wumgrd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotky.html" target=_blank>SDBOT-KY</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5685
Confirmed=X
Filename=wuampd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotut.html" target=_blank>RBOT-UT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5686
Confirmed=X
Filename=msupdate32.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5687
Confirmed=X
Filename=Botnet.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AFL" target="_blank">RBOT.AFL</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5688
Confirmed=X
Filename=sghost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AKV&VSect=P" target=_blank>SDBOT.AKV</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5689
Confirmed=X
Filename=update_w.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotew.html" target=_blank>RBOT-EW</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5690
Confirmed=X
Filename=windows24.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5691
Confirmed=X
Filename=wingrd32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotdw.html" target=_blank>RBOT-DW</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5692
Confirmed=X
Filename=wssvr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotod.html" target=_blank>RBOT-OD</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5693
Confirmed=X
Filename=wuamagr32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.CG" target="_blank">SPYBOT.CG</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5694
Confirmed=X
Filename=WinUpdate32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotti.html" target= blank>RBOT-TI</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5695
Confirmed=X
Filename=wkfix.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabz.html" target= blank>RBOT-ABZ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5696
Confirmed=X
Filename=Kkk.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahl.html" target=_blank>RBOT-AHL</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5697
Confirmed=X
Filename=mcupdate.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.XT" target="_blank">RBOT.XT</a> WORM! Note - this file is located in the Windows\System32 or Winnt\System32 folder, and should not be confused with the McAfee antivirus executable as described <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/mcupdate/" target="_blank">here</a>
Source=Paul Collins Startup list

[Microsoft Update]
Number=5698
Confirmed=X
Filename=Micr0s0ft.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AAR&VSect=P" target=_blank>AGOBOT.AAR</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5699
Confirmed=X
Filename=Msnmsngr.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BQS&VSect=P" target=_blank>RBOT.BQS</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5700
Confirmed=X
Filename=msupdate32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.LZ&VSect=P" target=_blank>SPYBOT.LZ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5701
Confirmed=X
Filename=scvhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaem.html" target=_blank>RBOT-AEM</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5702
Confirmed=X
Filename=svghost.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5703
Confirmed=X
Filename=sys.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaj.html" target=_blank>RBOT-AJ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5704
Confirmed=X
Filename=up2dat5.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5705
Confirmed=X
Filename=winamp.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM! Note - this is NOT the popular <a href="http://www.winamp.com/" target="_blank">Winamp</a> media player
Source=Paul Collins Startup list

[Microsoft Update]
Number=5706
Confirmed=X
Filename=win-mang.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafk.html" target=_blank>RBOT-AFK</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5707
Confirmed=X
Filename=winupdater.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BIN&VSect=P" target=_blank>RBOT.BIN</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5708
Confirmed=X
Filename=wuamk0032.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5709
Confirmed=X
Filename=wuamk032.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahd.html" target=_blank>RBOT-AHD</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5710
Confirmed=X
Filename=wuamk0p32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5711
Confirmed=X
Filename=wuamkop.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafi.html" target=_blank>RBOT-AFI</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5712
Confirmed=X
Filename=wuamkop32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BGU&VSect=P" target=_blank>RBOT.BGU</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5713
Confirmed=X
Filename=wuampkd.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BBX&VSect=P" target=_blank>SDBOT.BBX</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5714
Confirmed=X
Filename=svzhost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.OX&VSect=P" target=_blank>RBOT.OX</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5715
Confirmed=X
Filename=win32.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5716
Confirmed=X
Filename=wininit.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotakr.html" target=_blank>RBOT-AKR</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5717
Confirmed=X
Filename=wuamgrd3.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotamc.html" target=_blank>RBOT-AMC</a> WORM! 
Source=Paul Collins Startup list

[Microsoft Update]
Number=5718
Confirmed=X
Filename=Wudates.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5719
Confirmed=X
Filename=ms.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.CC" target="_blank">SDBOT.CC</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5720
Confirmed=X
Filename=wuagmsd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotax.html" target=_blank>RBOT-AX</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5721
Confirmed=X
Filename=cmss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotatq.html" target=_blank>RBOT-ATQ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5722
Confirmed=X
Filename=wuamgrb.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaze.html" target=_blank>RBOT-AZE</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5723
Confirmed=X
Filename=WINDOC.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.PF" target="_blank">SDBOT.PF</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5724
Confirmed=X
Filename=phqghumea.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AFO" target="_blank">SDBOT.AFO</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5725
Confirmed=X
Filename=system32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.IS" target="_blank">RBOT.IS</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5726
Confirmed=X
Filename=bling.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotavk.html" target="_blank">RBOT-AVK</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5727
Confirmed=X
Filename=Sygate.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5728
Confirmed=X
Filename=update.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5729
Confirmed=X
Filename=WinDrv32.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=50951" target="_blank">RBOT.EGW</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5730
Confirmed=X
Filename=devmks32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5731
Confirmed=X
Filename=devmks32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft update]
Number=5732
Confirmed=X
Filename=winupdate.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5733
Confirmed=X
Filename=msupdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojboroboti.html" target="_blank">BOROBOT-I</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5734
Confirmed=X
Filename=mixer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotair.html" target="_blank">RBOT-AIR</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5735
Confirmed=X
Filename=taskmgr32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotcv.html" target="_blank">RBOT-CV</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5736
Confirmed=X
Filename=drive.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32bifrosepn.html" target="_blank">BIFROSE-PN</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update]
Number=5737
Confirmed=X
Filename=wangard.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlh.html" target="_blank">RBOT-LH</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update 23]
Number=5738
Confirmed=X
Filename=NtKernelSystem.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update 23]
Number=5739
Confirmed=X
Filename=spoolvs.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update 32]
Number=5740
Confirmed=X
Filename=explore32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091416-0348-99" target="_blank">SPYBOT.CYM</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update 32]
Number=5741
Confirmed=X
Filename=MSupdate32.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update 32]
Number=5742
Confirmed=X
Filename=wininit.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotany.html" target=_blank>RBOT-ANY</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update 32]
Number=5743
Confirmed=X
Filename=wininit32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update 32]
Number=5744
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajj.html" target=_blank>RBOT-AJJ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update 32]
Number=5745
Confirmed=X
Filename=mscnfg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotalm.html" target=_blank>RBOT-ALM</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update 32]
Number=5746
Confirmed=X
Filename=servic.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxn.html" target=_blank>RBOT-AXN</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update 32]
Number=5747
Confirmed=X
Filename=winitXP32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update 32]
Number=5748
Confirmed=X
Filename=mssetup32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update 32]
Number=5749
Confirmed=X
Filename=wiit.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotams.html" target=_blank>RBOT-AMS</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update 32]
Number=5750
Confirmed=X
Filename=explorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotarf.html" target="_blank">RBOT-ARF</a> WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[Microsoft Update 32]
Number=5751
Confirmed=X
Filename=network.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotarz.html" target=_blank>RBOT-ARZ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update 32]
Number=5752
Confirmed=X
Filename=om4r.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqp.html" target=_blank>RBOT-AQP</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update 32]
Number=5753
Confirmed=X
Filename=winin.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotarr.html" target=_blank>RBOT-ARR</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update 32]
Number=5754
Confirmed=X
Filename=wuinit.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotue.html" target=_blank>AGOBOT-UE</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update 32]
Number=5755
Confirmed=X
Filename=neta.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotami.html" target="_blank">RBOT-AMI</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update 33]
Number=5756
Confirmed=X
Filename=init.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotatt.html" target=_blank>RBOT-ATT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update 64 BIT]
Number=5757
Confirmed=X
Filename=wininit32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahe.html" target=_blank>RBOT-AHE</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update 64 BIT]
Number=5758
Confirmed=X
Filename=winman32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaki.html" target=_blank>RBOT-AKI</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update 64 BIT]
Number=5759
Confirmed=X
Filename=schvost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CAU&VSect=P" target=_blank>RBOT.CAU</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update 64 BIT]
Number=5760
Confirmed=X
Filename=winl32xe.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqo.html" target=_blank>RBOT-AQO</a> WORM!
Source=Paul Collins Startup list

[MICROSOFT UPDATE CONFIGURATION]
Number=5761
Confirmed=X
Filename=WIN32SNC.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotai.html" target=_blank>RBOT-AI</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Control]
Number=5762
Confirmed=X
Filename=Ms64.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Debugger]
Number=5763
Confirmed=X
Filename=wincfg32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.ZC&VSect=T" target=_blank>SPYBOT.ZC</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Device Drivers]
Number=5764
Confirmed=X
Filename=wuauclt.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/wuauclt/" target="_blank">wuauclt.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[Microsoft Update DLL]
Number=5765
Confirmed=X
Filename=rxxhost.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Drivers]
Number=5766
Confirmed=X
Filename=explorers.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Emulator]
Number=5767
Confirmed=X
Filename=kern-mxe.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Loader]
Number=5768
Confirmed=X
Filename=[random filename]
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!

Source=Paul Collins Startup list

[Microsoft Update Loaders 2005]
Number=5769
Confirmed=X
Filename=winusers.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaiq.html" target="_blank">RBOT-AIQ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Loaders 2006]
Number=5770
Confirmed=X
Filename=winusersystem32.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5771
Confirmed=X
Filename=expl0rer.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.OK&VSect=T" target="_blank">SDBOT.OK</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5772
Confirmed=X
Filename=rxhost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.FC" target="_blank">RBOT.FC</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5773
Confirmed=X
Filename=servicz.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbothu.html" target="_blank">RBOT-HU</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5774
Confirmed=X
Filename=SP2.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.FP" target="_blank">SPYBOT.FP</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5775
Confirmed=X
Filename=winini.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotkv.html" target="_blank">RBOT-KV</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5776
Confirmed=X
Filename=xvshost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.QP" target="_blank">RBOT.QP</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5777
Confirmed=X
Filename=memstat.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotom.html" target=_blank>RBOT-OM</a> WORM!

Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5778
Confirmed=X
Filename=ntce.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfa.html" target=_blank>RBOT-FA</a> WORM!

Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5779
Confirmed=X
Filename=system03.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotnm.html" target=_blank>RBOT-NM</a> WORM!

Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5780
Confirmed=X
Filename=wuawx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotce.html" target=_blank>RBOT-CE</a> WORM!

Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5781
Confirmed=X
Filename=zonealarm.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbz.html" target=_blank>RBOT-BZ</a> WORM! Note - this is not the valid Zone Labs firewall program!

Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5782
Confirmed=X
Filename=systemll.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotjt.html" target=_blank>RBOT-JT</a> WORM!

Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5783
Confirmed=X
Filename=winupdt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfp.html"target=_blank>RBOT-FP</a> WORM!

Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5784
Confirmed=X
Filename=svshost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AK" target=_blank>RBOT.AK</a> WORM!

Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5785
Confirmed=X
Filename=wuamgd.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.HQ" target=_blank>SDBOT.HQ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5786
Confirmed=X
Filename=wupdt32x.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!

Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5787
Confirmed=X
Filename=[random filename]
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5788
Confirmed=X
Filename=linux.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotim.html" target=_blank>RBOT-IM</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5789
Confirmed=X
Filename=lmrss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotdy.html" target=_blank>RBOT-DY</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5790
Confirmed=X
Filename=windowsu.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5791
Confirmed=X
Filename=wininigo.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5792
Confirmed=X
Filename=winmgr.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5793
Confirmed=X
Filename=Winmsixp32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.DN&VSect=T" target=_blank>RBOT.DN</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5794
Confirmed=X
Filename=Winregs32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.DN&VSect=T" target=_blank>RBOT.DN</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5795
Confirmed=X
Filename=winxpini.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotob.html" target=_blank>RBOT-OB</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5796
Confirmed=X
Filename=wuamgrd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbothe.html" target=_blank>RBOT-HE</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5797
Confirmed=X
Filename=wuagrd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgf.html" target=_blank>RBOT-GF</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5798
Confirmed=X
Filename=LANWAKE.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqz.html" target=_blank>RBOT-QZ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5799
Confirmed=X
Filename=scvhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgs.html" target=_blank>RBOT-GS</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5800
Confirmed=X
Filename=winhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgk.html" target=_blank>RBOT-GK</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5801
Confirmed=X
Filename=winss.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.JU" target=_blank>RBOT.JU</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5802
Confirmed=X
Filename=WUAMGRDXS.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgl.html" target=_blank>RBOT-GL</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5803
Confirmed=X
Filename=crss32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5804
Confirmed=X
Filename=lsasse.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotdi.html" target=_blank>RBOT-DI</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5805
Confirmed=X
Filename=qwerty.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5806
Confirmed=X
Filename=rxxhost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.EP" target=_blank>RBOT.EP</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5807
Confirmed=X
Filename=servicez.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.BI" target=_blank>SPYBOT.BI</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5808
Confirmed=X
Filename=spoolserv.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5809
Confirmed=X
Filename=Systemnt.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.DA" target="_blank">RBOT.DA</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5810
Confirmed=X
Filename=systemse.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbd.html" target=_blank>RBOT-BD</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5811
Confirmed=X
Filename=taskmngrs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotcr.html" target=_blank>RBOT-CR</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5812
Confirmed=X
Filename=windowsup.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfv.html" target=_blank>RBOT-FV</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5813
Confirmed=X
Filename=wuamgard.exe
Description=Added by the <a href="http://fr.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_SPYBOT.CS" target=_blank>SPYBOT.CS</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5814
Confirmed=X
Filename=wupdate32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5815
Confirmed=X
Filename=system.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5816
Confirmed=X
Filename=TMEMSER.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotnq.html" target= blank>RBOT-NQ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5817
Confirmed=X
Filename=winnie.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotacd.html" target= blank>RBOT-ACD</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5818
Confirmed=X
Filename=winortho.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotnw.html" target= blank>RBOT-NW</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5819
Confirmed=X
Filename=wins32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.EZ" target="_blank">RBOT.EZ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5820
Confirmed=X
Filename=serviz.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5821
Confirmed=X
Filename=TASKMAN4.EXE
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5822
Confirmed=X
Filename=wftestb.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafz.html" target=_blank>RBOT-AFZ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5823
Confirmed=X
Filename=Win32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.UV&VSect=T" target=_blank>SDBOT.UV</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5824
Confirmed=X
Filename=windns.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.EF&VSect=P" target=_blank>RBOT.EF</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5825
Confirmed=X
Filename=MSOICONS.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AWS&VSect=T" target=_blank>RBOT.AWS</a> WORM! Note - do no confuse with the legitimate Msoicons.exe file described <a href="http://www.fileproperties.com/m/MSOICONS-EXE.htm" target=_blank>here</a>. The latter should not normally figure in Msconfig/Startup!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5826
Confirmed=X
Filename=WINSVC32.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CU" target="_blank">RBOT.CU</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5827
Confirmed=X
Filename=ntsystem.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.GF" target="_blank">RBOT.GF</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Machine]
Number=5828
Confirmed=X
Filename=winupdte.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgkl.html" target="_blank">RBOT-GKL</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Manager]
Number=5829
Confirmed=X
Filename=WINRLS.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaf.html" target=_blank>RBOT-AF</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Manager]
Number=5830
Confirmed=X
Filename=svshost.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Manager]
Number=5831
Confirmed=X
Filename=scvhost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AXJ&VSect=P" target=_blank>AGOBOT.AXJ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Manager]
Number=5832
Confirmed=X
Filename=scvideo.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotcvp.html" target="_blank">SDBOT-CVP</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Update Mechene]
Number=5833
Confirmed=X
Filename=Updatez.exe
Description=Added by the <a href="http://www.sophos.com.au/virusinfo/analyses/w32rbotgi.html" target=_blank>RBOT-GI</a> WORM!

Source=Paul Collins Startup list

[Microsoft Update Module]
Number=5834
Confirmed=X
Filename=rundll24.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotps.html" target=_blank>RBOT-PS</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Process]
Number=5835
Confirmed=X
Filename=wmipcvse.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagobotjf.html" target=_blank>AGOBOT-JF</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Update Security Patch]
Number=5836
Confirmed=X
Filename=mssecurityupdatepatch.exe
Description=Added by the AGENT.EF TROJAN!

Source=Paul Collins Startup list

[Microsoft Update Server]
Number=5837
Confirmed=X
Filename=mssrv.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[Microsoft Update Service]
Number=5838
Confirmed=X
Filename=csrss32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobothc.html" target="_blank">AGOBOT-HC</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Service]
Number=5839
Confirmed=X
Filename=mswin32.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft update service]
Number=5840
Confirmed=X
Filename=systemm.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update SERVICE]
Number=5841
Confirmed=X
Filename=phqghum.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Service]
Number=5842
Confirmed=X
Filename=msupdate.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqb.html" target=_blank>RBOT-AQB</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Services]
Number=5843
Confirmed=X
Filename=wcsnfty.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagk.html" target=_blank>RBOT-AGK</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Services]
Number=5844
Confirmed=X
Filename=wsnfty.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafu.html" target=_blank>RBOT-AFU</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Time]
Number=5845
Confirmed=X
Filename=wuam.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotm.html" target="_blank">RBOT-M</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update USB2]
Number=5846
Confirmed=X
Filename=wuammgrd32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadt.html" target=_blank>RBOT-ADT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update v2.6]
Number=5847
Confirmed=X
Filename=lxxex.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Win32a]
Number=5848
Confirmed=X
Filename=winupdate32a.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlo.html" target="_blank">RBOT-LO</a> WORM!
Source=Paul Collins Startup list

[Microsoft Update Win32x]
Number=5849
Confirmed=X
Filename=winupdate32x.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajn.html" target=_blank>RBOT-AJN</a> WORM!
Source=Paul Collins Startup list

[Microsoft Updater]
Number=5850
Confirmed=X
Filename=Winsys32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Updater Resources]
Number=5851
Confirmed=X
Filename=WinFixd32.exe
Description=Added by the <a href="http://ae.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_SPYBOT.CA" target=_blank>SPYBOT.CA</a> WORM!
Source=Paul Collins Startup list

[Microsoft UPDATER32]
Number=5852
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111910-2515-99" target="_blank">RANDEX.AR</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target="_blank">Lsass.exe</a> system file should normally NOT figure in Msconfig/Startup!
Source=Paul Collins Startup list

[Microsoft Updaters]
Number=5853
Confirmed=X
Filename=tskmgr.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Updaters]
Number=5854
Confirmed=X
Filename=sysconfigs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotdf.html" target= blank>RBOT-DF</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Updaters Pros]
Number=5855
Confirmed=X
Filename=WINDLL32XP.EXE
Description=Added by the SPYBOTTER.GEN VIRUS!
Source=Paul Collins Startup list

[Microsoft Updates]
Number=5856
Confirmed=X
Filename=systemc32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgr.html" target=_blank>RBOT-GR</a> WORM!
Source=Paul Collins Startup list

[Microsoft Updates]
Number=5857
Confirmed=X
Filename=wkssvr.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.R&VSect=P" target=_blank>RBOT.R</a> WORM!
Source=Paul Collins Startup list

[Microsoft Updates]
Number=5858
Confirmed=X
Filename=wkssvrs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rboteb.html" target=_blank>RBOT-EB</a> WORM!
Source=Paul Collins Startup list

[Microsoft Updates]
Number=5859
Confirmed=X
Filename=wuamgrd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotco.html" target=_blank>RBOT-CO</a> WORM!
Source=Paul Collins Startup list

[Microsoft Updates]
Number=5860
Confirmed=X
Filename=wtemp32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahq.html" target=_blank>RBOT-AHQ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Updates 2 USB]
Number=5861
Confirmed=X
Filename=wgafixer.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Updates 5 USB]
Number=5862
Confirmed=X
Filename=sp3fixer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotads.html" target=_blank>RBOT-ADS</a> WORM!
Source=Paul Collins Startup list

[Microsoft Updates Resources]
Number=5863
Confirmed=X
Filename=WinFixIDs.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!

Source=Paul Collins Startup list

[Microsoft Updating]
Number=5864
Confirmed=X
Filename=navguard.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.HW&VSect=P" target=_blank>RBOT.HW</a> WORM!
Source=Paul Collins Startup list

[Microsoft Updating]
Number=5865
Confirmed=X
Filename=syswr.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Updating]
Number=5866
Confirmed=X
Filename=wuamguards.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotby.html" target=_blank>RBOT-BY</a> WORM!
Source=Paul Collins Startup list

[Microsoft Updating Client]
Number=5867
Confirmed=X
Filename=websvc.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AQ" target="_blank">RBOT.AQ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Updating Machine]
Number=5868
Confirmed=X
Filename=sysc0de.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.RB" target="_blank">RBOT.RB</a> WORM!
Source=Paul Collins Startup list

[Microsoft Updatting]
Number=5869
Confirmed=X
Filename=miroupdate.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Updote]
Number=5870
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotarc.html" target=_blank>RBOT-ARC</a> WORM!
Source=Paul Collins Startup list

[Microsoft UpMachine]
Number=5871
Confirmed=X
Filename=doezs.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BCT&VSect=P" target=_blank>RBOT.BCT</a> WORM!
Source=Paul Collins Startup list

[Microsoft upnp Update]
Number=5872
Confirmed=X
Filename=msie.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlq.html" target="_blank">RBOT-LQ</a> WORM!
Source=Paul Collins Startup list

[Microsoft uptime Service]
Number=5873
Confirmed=X
Filename=sysuptime.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotacg.html" target= blank>RBOT-ACG</a> WORM!
Source=Paul Collins Startup list

[Microsoft uptime Service]
Number=5874
Confirmed=X
Filename=sycuptime.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahy.html" target=_blank>RBOT-AHY</a> WORM!
Source=Paul Collins Startup list

[Microsoft UpToDate Driver (32-bits)]
Number=5875
Confirmed=X
Filename=[random filename].exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040516-2515-99" target=_blank>SPYBOT.LXJ</a> WORM!
Source=Paul Collins Startup list

[Microsoft USB2 Driver]
Number=5876
Confirmed=X
Filename=crmss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotvk.html" target= blank>RBOT-VK</a> WORM!
Source=Paul Collins Startup list

[Microsoft Utility Startup]
Number=5877
Confirmed=N
Filename=OSA9.exe
Description=Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show
Source=Paul Collins Startup list

[Microsoft Values]
Number=5878
Confirmed=X
Filename=igfkishc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotglo.html" target="_blank">RBOT-GLO</a> WORM!
Source=Paul Collins Startup list

[Microsoft Vertupdate]
Number=5879
Confirmed=X
Filename=MSvert32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobcy.html" target=_blank>MYTOB-CY</a> WORM!
Source=Paul Collins Startup list

[Microsoft Video Capture Controls]
Number=5880
Confirmed=X
Filename=MSsrvs32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaak.html" target=_blank>SDBOT-AAK</a> WORM!
Source=Paul Collins Startup list

[Microsoft Video Controls]
Number=5881
Confirmed=X
Filename=tskmsgr.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Virual Machine]
Number=5882
Confirmed=X
Filename=sms.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotsp.html" target=_blank>RBOT-SP</a> WORM!
Source=Paul Collins Startup list

[Microsoft Visual SourceSafe]
Number=5883
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081700-2526-99" target="_blank">NEVEG.B</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081614-3605-99" target="_blank">NEVEG.C</a> WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[Microsoft Visual SourceSafe]
Number=5884
Confirmed=X
Filename=winlogon.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081623-4258-99" target="_blank">NEVEG.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[Microsoft Visual Studio]
Number=5885
Confirmed=X
Filename=plscdksxg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawv.html" target=_blank>RBOT-AWV</a> WORM!
Source=Paul Collins Startup list

[Microsoft Visual Studio VSA]
Number=5886
Confirmed=X
Filename=varpc32.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Web Device]
Number=5887
Confirmed=X
Filename=wdevice.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft web update]
Number=5888
Confirmed=X
Filename=webmsn.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotemq.html" target="_blank">RBOT-EMQ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Webserver]
Number=5889
Confirmed=U
Filename=svctrl.exe
Description=Personal web server program which enables you to create and host a web server from your computer. Not required for most people
Source=Paul Collins Startup list

[Microsoft Win Corp TLS Verification]
Number=5890
Confirmed=X
Filename=mswintls.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgct.html" target="_blank">RBOT-GCT</a> WORM!
Source=Paul Collins Startup list

[Microsoft WIN32 DOS]
Number=5891
Confirmed=X
Filename=MSdos32.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft WIN32 Security]
Number=5892
Confirmed=X
Filename=MSsec32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotdoq.html" target="_blank">RBOT-DOQ</a> TROJAN!
Source=Paul Collins Startup list

[MicroSoft Wind0ws Updater]
Number=5893
Confirmed=X
Filename=winsupdater.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows]
Number=5894
Confirmed=X
Filename=mstask0.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.FQ" target=_blank>SDBOT.FQ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows]
Number=5895
Confirmed=X
Filename=atup
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows]
Number=5896
Confirmed=X
Filename=Microsoft Windows.hta
Description=HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site!
Source=Paul Collins Startup list

[Microsoft Windows]
Number=5897
Confirmed=X
Filename=explorar.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows]
Number=5898
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorli.html" target=_blank>LI</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Windows]
Number=5899
Confirmed=X
Filename=bootini.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vanebotk.html" target="_blank">VANEBOT-K</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows 128bit Subsystem]
Number=5900
Confirmed=X
Filename=system12.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojranckcz.html" target=_blank>RANCK-CZ</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Windows 16Bit]
Number=5901
Confirmed=X
Filename=mswinn16.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows 2000]
Number=5902
Confirmed=X
Filename=Winupdsdgm.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows 32Bit]
Number=5903
Confirmed=X
Filename=mswinn32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows 64 Bit]
Number=5904
Confirmed=X
Filename=mswin32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Client Firewall]
Number=5905
Confirmed=X
Filename=msclt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vanebotf.html" target="_blank">VANEBOT-F</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Communicator for NT/XP]
Number=5906
Confirmed=X
Filename=wincomm.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ATH" target="_blank">RBOT.ATH</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Control]
Number=5907
Confirmed=X
Filename=mswctl32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.JP" target=_blank>RBOT.JP</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows CSRSS]
Number=5908
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kalela.html" target=_blank>KALEL-A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[Microsoft Windows DHCP]
Number=5909
Confirmed=X
Filename=___r.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120815-1506-99" target=_blank>MASLAN.A</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120914-3308-99" target=_blank>MASLAN.C</a> WORMS!
Source=Paul Collins Startup list

[Microsoft Windows DLL 32-BIT]
Number=5910
Confirmed=X
Filename=msncheck32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxx.html" target= blank>SDBOT-XX</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows DLL Services]
Number=5911
Confirmed=X
Filename=mwindll.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotvx.html" target= blank>SDBOT-VX</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows DLL Services Configuration]
Number=5912
Confirmed=X
Filename=newdll.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzr.html" target=_blank>SDBOT-ZR</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows DLL Services Configuration]
Number=5913
Confirmed=X
Filename=newdll2.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotabd.html" target=_blank>SDBOT-ABD</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows DLL Services Configuration]
Number=5914
Confirmed=X
Filename=poker.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzy.html" target=_blank>SDBOT-ZY</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows DLL Services Configuration]
Number=5915
Confirmed=X
Filename=poker3.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaah.html" target=_blank>SDBOT-AAH</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows DLL Services Configuration]
Number=5916
Confirmed=X
Filename=proxy.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzl.html" target=_blank>SDBOT-ZL</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows DLL Services Configuration]
Number=5917
Confirmed=X
Filename=windir32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BHF&VSect=T" target=_blank>SDBOT.BHF</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows DLL Services Configuration]
Number=5918
Confirmed=X
Filename=windir32a.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BHF&VSect=T" target=_blank>SDBOT.BHF</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows DLL Services Configuration]
Number=5919
Confirmed=X
Filename=windll32.exe
Description=Added by the <a href="http://ae.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=3&VName=WORM_SDBOT.BHD" target=_blank>SDBOT.BHD</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows DLL Services Configuration]
Number=5920
Confirmed=X
Filename=winDSL.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzg.html" target=_blank>SDBOT-ZG</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows DLL Services Configuration]
Number=5921
Confirmed=X
Filename=dllmanager32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotbtu.html" target="_blank">SDBOT-BTU</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows DLLHandler]
Number=5922
Confirmed=X
Filename=bitpaint.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AHG" target=_blank>SDBOT.AHG</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Drivers]
Number=5923
Confirmed=X
Filename=windrv.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows DVR]
Number=5924
Confirmed=X
Filename=windvr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxd.html" target=_blank>RBOT-AXD</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Explorer]
Number=5925
Confirmed=X
Filename=iexplorer.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Explorer]
Number=5926
Confirmed=X
Filename=explorewin.exe
Description=Added by the <a href="http://kr.ahnlab.com/SecuInfoVirusViewEngNew3.ahn?SEQ_NO=7217" target="_blank">IRCBOT.WORM.212480.H</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Files Loader]
Number=5927
Confirmed=X
Filename=cgy32win.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxr.html" target=_blank>RBOT-AXR</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Game Updater]
Number=5928
Confirmed=X
Filename=msgame32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows GUI]
Number=5929
Confirmed=X
Filename=Windowz.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-050615-3701-99" target="_blank">RANDEX.AEV</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows GUI]
Number=5930
Confirmed=X
Filename=msmonk32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpe.html" target=_blank>SDBOT-PE</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Kernel Services]
Number=5931
Confirmed=X
Filename=winkrnl386.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082113-3132-99" target="_blank">ZEBROXY</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Windows Loader]
Number=5932
Confirmed=X
Filename=wloader.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Logon Process]
Number=5933
Confirmed=X
Filename=winlogon.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojproxyserr.html" target="_blank">PROXYSER-R</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This worm file is placed in the Winnt or Windows folder
Source=Paul Collins Startup list

[Microsoft Windows Media Player]
Number=5934
Confirmed=X
Filename=mediaplayer.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Media Player]
Number=5935
Confirmed=X
Filename=wimp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfn.html" target=_blank>RBOT-FN</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Secure]
Number=5936
Confirmed=X
Filename=windocs.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Secure]
Number=5937
Confirmed=X
Filename=windocs.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Secure Server]
Number=5938
Confirmed=X
Filename=rpcxWindows.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotll.html" target="_blank">RBOT-LL</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Secure Update]
Number=5939
Confirmed=X
Filename=rpcxwinupdt.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Microsoft Windows Securety]
Number=5940
Confirmed=X
Filename=wurguar.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotky.html" target=_blank>RBOT-KY</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Security]
Number=5941
Confirmed=X
Filename=spvsper.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Security]
Number=5942
Confirmed=X
Filename=wscndrives.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajk.html" target=_blank>RBOT-AJK</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Service]
Number=5943
Confirmed=X
Filename=winsys.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadp.html" target=_blank>RBOT-ADP</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Service Pack]
Number=5944
Confirmed=X
Filename=winspkn.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotayd.html" target=_blank>RBOT-AYD</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Services]
Number=5945
Confirmed=X
Filename=msw32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfwq.html" target="_blank">RBOT-FWQ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Services Edt]
Number=5946
Confirmed=X
Filename=ssvvcchhoosst.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfyf.html" target="_blank">RBOT-FYF</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Windows Services Edt]
Number=5947
Confirmed=X
Filename=dllrun32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgaf.html" target="_blank">RBOT-GAF</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Session Manager Subsystem]
Number=5948
Confirmed=X
Filename=smss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojproxyserr.html" target="_blank">PROXYSER-R</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target="_blank">smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[Microsoft Windows Socketx32 Services]
Number=5949
Confirmed=X
Filename=winsockx32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfwt.html" target="_blank">RBOT-FWT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Storage Machine Service]
Number=5950
Confirmed=X
Filename=winms.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahk.html" target=_blank>RBOT-AHK</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows System]
Number=5951
Confirmed=X
Filename=srwhost.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasw.html" target=_blank>RBOT-ASW</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows System]
Number=5952
Confirmed=X
Filename=syshost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasw.html" target=_blank>RBOT-ASW</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows System Kernel]
Number=5953
Confirmed=X
Filename=kernel32.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102711-3533-99" target="_blank">IRC.BOT</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Windows System Service Manager]
Number=5954
Confirmed=X
Filename=winsvc.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.LR&VSect=P" target=_blank>SPYBOT.LR</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Task Management]
Number=5955
Confirmed=X
Filename=mstasks.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Task Manger]
Number=5956
Confirmed=X
Filename=Mstosk.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotww.html" target="_blank">SDBOT-WW</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Tasks Management]
Number=5957
Confirmed=X
Filename=taskmng.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfxk.html" target="_blank">RBOT-FXK</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Updata]
Number=5958
Confirmed=X
Filename=scvhost.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Updata]
Number=5959
Confirmed=X
Filename=windows.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Update]
Number=5960
Confirmed=X
Filename=rundlls.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081217-1008-99" target="_blank">HABRACK</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Update]
Number=5961
Confirmed=X
Filename=msoffice2.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgb.html" target="_blank">RBOT-GB</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Update]
Number=5962
Confirmed=X
Filename=spools.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.TD" target="_blank">SDBOT.TD</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Update]
Number=5963
Confirmed=X
Filename=svchos.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100415-4933-99" target="_blank">SDBOT.AC</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Update]
Number=5964
Confirmed=X
Filename=svcshost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotcf.html" target=_blank>FORBOT-CF</a> WORM!

Source=Paul Collins Startup list

[Microsoft Windows Update]
Number=5965
Confirmed=X
Filename=svmhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotch.html" target=_blank>FORBOT-CH</a> WORM!

Source=Paul Collins Startup list

[Microsoft Windows Update]
Number=5966
Confirmed=X
Filename=svshost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.CJ" target=_blank>WOOTBOT.CJ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Update]
Number=5967
Confirmed=X
Filename=msnmessenger.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-011009-1754-99" target=_blank>SDBOT.AJ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Update]
Number=5968
Confirmed=X
Filename=msnwun.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotrm.html" target=_blank>SDBOT-RM</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Update]
Number=5969
Confirmed=X
Filename=scvvhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotdh.html" target=_blank>FORBOT-DH</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Update]
Number=5970
Confirmed=X
Filename=swwhost.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Update]
Number=5971
Confirmed=X
Filename=MSNMSGR.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwm.html" target= blank>SDBOT-WM</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Update]
Number=5972
Confirmed=X
Filename=svzhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotev.html" target= blank>FORBOT-EV</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Update]
Number=5973
Confirmed=X
Filename=sccvhost.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Update]
Number=5974
Confirmed=X
Filename=scrhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaow.html" target=_blank>RBOT-AOW</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Update]
Number=5975
Confirmed=X
Filename=mnswinsx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawh.html" target=_blank>RBOT-AWH</a> WORM!
Source=Paul Collins Startup list

[MICROSOFT Windows update]
Number=5976
Confirmed=X
Filename=pdate.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BZT" target="_blank">RBOT.BZT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Update]
Number=5977
Confirmed=X
Filename=srshost.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Update Application]
Number=5978
Confirmed=X
Filename=wuap.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Update Logon]
Number=5979
Confirmed=X
Filename=win-logon.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Update Service]
Number=5980
Confirmed=X
Filename=wupdmgr32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-051822-4126-99" target="_blank">DOS.AUTOCAT</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Windows Update XP64]
Number=5981
Confirmed=X
Filename=********.exe [* = random char]
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Updater]
Number=5982
Confirmed=X
Filename=winupdgm.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102717-5454-99" target="_blank">GAOBOT.BI</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Updater]
Number=5983
Confirmed=X
Filename=WINIUPDATES.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotkk.html" target="_blank">RBOT-KK</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Updater]
Number=5984
Confirmed=X
Filename=WINUPDATE.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotli.html" target=_blank>SDBOT-PU</a> WORM!

Source=Paul Collins Startup list

[Microsoft Windows Updater]
Number=5985
Confirmed=X
Filename=TMNTSrv.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Updater]
Number=5986
Confirmed=X
Filename=win32upd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotec.html" target=_blank>RBOT-EC</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Updater]
Number=5987
Confirmed=X
Filename=msnupdateit.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotrl.html" target=_blank>AGOBOT-RL</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Updater]
Number=5988
Confirmed=X
Filename=windates.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.TE&VSect=P" target=_blank>SDBOT.TE</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Updater]
Number=5989
Confirmed=X
Filename=spoolvs.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ACQ&VSect=P" target=_blank>RBOT.ACQ</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Updater]
Number=5990
Confirmed=X
Filename=suvhost.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows updaterD]
Number=5991
Confirmed=X
Filename=log32zx.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091411-5523-99" target="_blank">MYDOOM.W</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Updates]
Number=5992
Confirmed=X
Filename=explorer32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.VQ&VSect=T" target=_blank>SDBOT.VQ</a> WORM!

Source=Paul Collins Startup list

[Microsoft Windows Updates]
Number=5993
Confirmed=X
Filename=wsap32.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Updating System]
Number=5994
Confirmed=X
Filename=msresource.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rboteam.html" target="_blank">RBOT-EAM</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows W32 Services]
Number=5995
Confirmed=X
Filename=mssw32.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows WinSaSS Management]
Number=5996
Confirmed=X
Filename=winsass.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotapw.html" target=_blank>RBOT-APW</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows WKS Service]
Number=5997
Confirmed=X
Filename= gt.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.FV" target="_blank">SDBOT.FV</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows Workstation]
Number=5998
Confirmed=X
Filename=devcode.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawl.html" target=_blank>RBOT-AWL</a> WORM!
Source=Paul Collins Startup list

[Microsoft Windows XP Configuration Loader]
Number=5999
Confirmed=X
Filename=m32svco.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_132310.htm" target= blank>SDBOT.WORM!.48548</a> WORM!
Source=Paul Collins Startup list

[Microsoft WINGS32 Protocol]
Number=6000
Confirmed=X
Filename=WinSGR32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotapu.html" target=_blank>RBOT-APU</a> WORM!
Source=Paul Collins Startup list

[Microsoft WinRaR]
Number=6001
Confirmed=X
Filename=winrar.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaec.html" target=_blank>RBOT-AEC</a> WORM!
Source=Paul Collins Startup list

[Microsoft Winsock]
Number=6002
Confirmed=X
Filename=mswinsck.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotank.html" target=_blank>RBOT-ANK</a> WORM!
Source=Paul Collins Startup list

[Microsoft Winsock Service]
Number=6003
Confirmed=X
Filename=msusvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotans.html" target=_blank>RBOT-ANS</a> WORM!
Source=Paul Collins Startup list

[Microsoft Winsock Wrapper]
Number=6004
Confirmed=X
Filename=ws2_32s.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft WinSound]
Number=6005
Confirmed=X
Filename=[random filename]
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft WinUpdate]
Number=6006
Confirmed=X
Filename=mntcgf032.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpf.html" target=_blank>RBOT-PF</a> WORM!
Source=Paul Collins Startup list

[Microsoft WinUpdate]
Number=6007
Confirmed=X
Filename=svh0st.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.DL&VSect=T" target="_blank">SPYBOT.DL</a> WORM!
Source=Paul Collins Startup list

[Microsoft WinUpdate]
Number=6008
Confirmed=X
Filename=syslx32.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[Microsoft WinUpdate]
Number=6009
Confirmed=X
Filename=syswin32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotho.html" target=_blank>RBOT-HO</a> WORM!
Source=Paul Collins Startup list

[Microsoft WinUpdate]
Number=6010
Confirmed=X
Filename=spfix.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft WinUpdate]
Number=6011
Confirmed=X
Filename=Winamp61.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft WinUpdate]
Number=6012
Confirmed=X
Filename=Winupd32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.MQ&VSect=P" target=_blank>RBOT.MQ</a> WORM!
Source=Paul Collins Startup list

[Microsoft WinUpdate]
Number=6013
Confirmed=X
Filename=WinNTinit32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.VS" target="_blank">RBOT.VS</a> WORM!
Source=Paul Collins Startup list

[Microsoft WinUpdates]
Number=6014
Confirmed=X
Filename=serm32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.GE&VSect=T" target="_blank">RBOT.GE</a> WORM!
Source=Paul Collins Startup list

[Microsoft WM]
Number=6015
Confirmed=X
Filename=mswm32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbckdram.html" target=_blank>BCKDR-AM</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Word]
Number=6016
Confirmed=X
Filename=BootSector.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft Word Profissional]
Number=6017
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbandb.html" target=_blank>BANCBAN-DB</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "s1613" subfolder
Source=Paul Collins Startup list

[Microsoft Word Profissional]
Number=6018
Confirmed=X
Filename=Java Plug In close.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerel.html" target=_blank>BANKER-EL</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft Word Profissional]
Number=6019
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerdj.html" target=_blank>BANKER-DJ</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "protect" subfolder
Source=Paul Collins Startup list

[Microsoft Word Profissional]
Number=6020
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerdj.html" target=_blank>BANKER-DJ</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "JavaVM" subfolder
Source=Paul Collins Startup list

[Microsoft Works Calendar Reminders]
Number=6021
Confirmed=N
Filename=wkcalrem.exe
Description=Produces a pop-up reminder of events scheduled using the MS Works Calendar
Source=Paul Collins Startup list

[Microsoft Works Portfolio]
Number=6022
Confirmed=N
Filename=WksSb.exe
Description=The Works Portfolio tool lets you collect and organize text and pictures from the Web or your favorite program.Can be prevented from starting from a setting within Portfolio
Source=Paul Collins Startup list

[Microsoft Works Update Detection ]
Number=6023
Confirmed=N
Filename=wkdetect.exe
Description=Checks for updates to MS Works
Source=Paul Collins Startup list

[Microsoft World Service]
Number=6024
Confirmed=X
Filename=winworld.exe
Description=Added by an unidentified IRC worm with backdoor capability!

Source=Paul Collins Startup list

[Microsoft WPCEmail]
Number=6025
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsniffern.html" target="_blank">SNIFFER-N</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft WWW]
Number=6026
Confirmed=X
Filename=free.exe
Description=Added by a variant of the CWS.AK TROJAN!
Source=Paul Collins Startup list

[Microsoft Wxdate]
Number=6027
Confirmed=X
Filename=Syswu32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.HZ&VSect=T" target=_blank>SPYBOT.HZ</a> WORM!
Source=Paul Collins Startup list

[Microsoft X Update]
Number=6028
Confirmed=X
Filename=wuamkoppnp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotani.html" target=_blank>RBOT-ANI</a> WORM!
Source=Paul Collins Startup list

[microsoft xdaemon 2.0]
Number=6029
Confirmed=X
Filename=xdaemon.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-102817-4837-99" target="_blank">DELF.D</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft XML Service]
Number=6030
Confirmed=X
Filename=msxmlx.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.KS" target="_blank">RBOT.KS</a> WORM!
Source=Paul Collins Startup list

[Microsoft Xp Systems loader]
Number=6031
Confirmed=X
Filename=winsystem32xp.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041514-1510-99" target=_blank>KELVIR.W</a> WORM!
Source=Paul Collins Startup list

[Microsoft Xp Systems loaders]
Number=6032
Confirmed=X
Filename=win32xpsys.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041715-4455-99" target=_blank>SPYBOT.NYT</a> WORM!
Source=Paul Collins Startup list

[Microsoft XPSP Protocol]
Number=6033
Confirmed=X
Filename=xp386.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft xpsp2]
Number=6034
Confirmed=X
Filename=Networksystem.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft xpsp2]
Number=6035
Confirmed=X
Filename=xpsp2.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotyq.html" target=_blank>SDBOT-YQ</a> WORM!
Source=Paul Collins Startup list

[Microsoft's System Module]
Number=6036
Confirmed=X
Filename=Sysmodule.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorfj.html" target= blank>FJ</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft--Updates]
Number=6037
Confirmed=X
Filename=sxvhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfh.html" target="_blank">RBOT-FH</a> WORM! 
Source=Paul Collins Startup list

[Microsoft-software]
Number=6038
Confirmed=X
Filename=****.exe [* = random char]
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoft-Update]
Number=6039
Confirmed=X
Filename=wngard.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotjv.html" target="_blank">RBOT-JV</a> WORM!
Source=Paul Collins Startup list

[Microsoft-Updates]
Number=6040
Confirmed=X
Filename=svxhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotct.html" target="_blank">RBOT-CT</a> WORM!
Source=Paul Collins Startup list

[microsoft420]
Number=6041
Confirmed=X
Filename=microsoft420.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MENACE.B" target="_blank">MENACE.B</a> WORM!
Source=Paul Collins Startup list

[Microsoft64]
Number=6042
Confirmed=X
Filename=antiv.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102410-5713-99" target=_blank>SOBER</a> WORM!
Source=Paul Collins Startup list

[Microsoftf DDEs ContDLL]
Number=6043
Confirmed=X
Filename=rune.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagf.html" target=_blank>RBOT-AGF</a> WORM!
Source=Paul Collins Startup list

[Microsoftf DDEs ContrDL]
Number=6044
Confirmed=X
Filename=runm.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafq.html" target=_blank>RBOT-AFQ</a> WORM!
Source=Paul Collins Startup list

[Microsoftf DDEs Control]
Number=6045
Confirmed=X
Filename=lxes.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BOF&VSect=T" target=_blank>RBOT.BOF</a> WORM!
Source=Paul Collins Startup list

[Microsoftf DDEs Control]
Number=6046
Confirmed=X
Filename=wees.exe
Description=Added by a variant of the the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BOF&VSect=T" target=_blank>RBOT.BOF</a> WORM!
Source=Paul Collins Startup list

[Microsoftf DDEs Control]
Number=6047
Confirmed=X
Filename=soff.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotakh.html" target=_blank>RBOT-AKH</a> WORM!
Source=Paul Collins Startup list

[Microsoftf DDEs Control]
Number=6048
Confirmed=X
Filename=why-.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotamv.html" target=_blank>RBOT-AMV</a> WORM!
Source=Paul Collins Startup list

[Microsoftf DDEs Control]
Number=6049
Confirmed=X
Filename=msnn.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxt.html" target=_blank>RBOT-AXT</a> WORM!
Source=Paul Collins Startup list

[Microsoftf DDEs Control]
Number=6050
Confirmed=X
Filename=FEnR.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaim.html" target="_blank">RBOT-AIM</a> WORM!
Source=Paul Collins Startup list

[Microsoftkeysd]
Number=6051
Confirmed=X
Filename=systemproc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbi.html" target=_blank>FORBOT-BI</a> WORM!

Source=Paul Collins Startup list

[Microsoftkeysd]
Number=6052
Confirmed=X
Filename=systemwin32s.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.CO" target="_blank">WOOTBOT.CO</a> WORM!
Source=Paul Collins Startup list

[Microsoftkeysds]
Number=6053
Confirmed=X
Filename=lass32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[MicrosoftKs]
Number=6054
Confirmed=X
Filename=Drivers.bat
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojshutdownf.html" target=_blank>SHUTDOWN-F</a> TROJAN!
Source=Paul Collins Startup list

[microsoftm eegs cuntrol]
Number=6055
Confirmed=X
Filename=loor.pif
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsoftmsn32.exe]
Number=6056
Confirmed=X
Filename=microsoftmsn32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcertifc.html" target=_blank>CERTIF-C</a> TROJAN!

Source=Paul Collins Startup list

[MicrosoftMultimediaTask]
Number=6057
Confirmed=X
Filename=Mmtask.exe
Description=Adware downloader - not the valid MusicMatch Jukebox which shares the same filename
Source=Paul Collins Startup list

[MicrosoftNetwork Daemon for Win32]
Number=6058
Confirmed=X
Filename=NETD32.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081412-2646-99" target="_blank">RANDEX.F</a> WORM!
Source=Paul Collins Startup list

[MicrosoftOEM]
Number=6059
Confirmed=X
Filename=smvss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdedlerg.html" target=_blank>DEDLER-G</a> TROJAN!
Source=Paul Collins Startup list

[Microsofts media]
Number=6060
Confirmed=X
Filename=winmplayd.exe
Description=Added by an undidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Microsofts media]
Number=6061
Confirmed=X
Filename=wingtp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotvo.html" target=_blank>RBOT-VO</a> WORM!
Source=Paul Collins Startup list

[Microsofts MediaScope]
Number=6062
Confirmed=X
Filename=winmep.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotwb.html" target=_blank>RBOT-WB</a> WORM!
Source=Paul Collins Startup list

[Microsofts MediaScope]
Number=6063
Confirmed=X
Filename=winmedplay.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsofts Security Manager]
Number=6064
Confirmed=X
Filename=****.exe [**** = random char]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotwh.html" target=_blank>RBOT-WH</a> TROJAN!
Source=Paul Collins Startup list

[Microsofts Service]
Number=6065
Confirmed=X
Filename=lcsrv16.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Microsofts Updates]
Number=6066
Confirmed=X
Filename=lsasss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaex.html" target=_blank>RBOT-AEX</a> WORM!
Source=Paul Collins Startup list

[Microsofts Updatez]
Number=6067
Confirmed=X
Filename=cmsssr.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[Microsofts Updatez]
Number=6068
Confirmed=X
Filename=exploirez.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[MicrosoftServiceManager]
Number=6069
Confirmed=X
Filename=mstask32.exe
Description=Added by the <a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100092" target="_blank">YAHA.P</a> WORM!
Source=Paul Collins Startup list

[MicrosoftServiceManager]
Number=6070
Confirmed=X
Filename=Wintsk32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-070117-2046-99" target="_blank">YAHA.U</a> WORM!
Source=Paul Collins Startup list

[MicrosoftServiceManager]
Number=6071
Confirmed=X
Filename=EXPLORERE.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091712-0724-99" target="_blank">YAHA.AB</a> WORM!
Source=Paul Collins Startup list

[MicrosoftServiceManager]
Number=6072
Confirmed=X
Filename=msupdat.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091707-1011-99" target="_blank">YAHA.AA</a> WORM!
Source=Paul Collins Startup list

[MicrosoftSourceSafe]
Number=6073
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100519-0947-99" target=_blank>WEBUS.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
Source=Paul Collins Startup list

[MicrosoftSys]
Number=6074
Confirmed=X
Filename=SPOOLSYS.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-080210-3705-99" target=_blank>TARNO.N</a> TROJAN!
Source=Paul Collins Startup list

[MicrosoftUpdate]
Number=6075
Confirmed=X
Filename=syshelper.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.AC&VSect=P" target=_blank>WOOTBOT.AC</a> WORM!
Source=Paul Collins Startup list

[MicrosoftUpdate]
Number=6076
Confirmed=X
Filename=WinUp32.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[MicrosoftUpdates]
Number=6077
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelflo.html" target=_blank>DELF-LO</a> TROJAN!
Source=Paul Collins Startup list

[MicrosoftValue]
Number=6078
Confirmed=X
Filename=syscnfg.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in C:\windows\fonts (or C:\winnt\fonts) directory where no *.exe files should reside
Source=Paul Collins Startup list

[Microsoftvirus]
Number=6079
Confirmed=X
Filename=sysoverload.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotal.html" target="_blank">FORBOT-AL</a> WORM!
Source=Paul Collins Startup list

[MicrosoftWindows]
Number=6080
Confirmed=X
Filename=[various filenames]
Description=MagicSearch - a <a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list

[MicrosoftWindows]
Number=6081
Confirmed=X
Filename=a@26m.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkillparb.html" target="_blank">KILLPAR-B</a> TROJAN!
Source=Paul Collins Startup list

[MicrosoftXP Service Pack 2]
Number=6082
Confirmed=X
Filename=servicepack2.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=51085" target="_blank">RBOT.EMC</a> WORM!
Source=Paul Collins Startup list

[Microsoftz turn Control]
Number=6083
Confirmed=X
Filename=aexl.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BCO&VSect=P" target=_blank>SDBOT.BCO</a> WORM!
Source=Paul Collins Startup list

[Microsoftz turn Control]
Number=6084
Confirmed=X
Filename=read.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafs.html" target=_blank>RBOT-AFS</a> WORM!
Source=Paul Collins Startup list

[Microsoft© PID Lex]
Number=6085
Confirmed=X
Filename=PIDLex.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-103118-2307-99" target="_blank">NIOVADOOR</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft« ActiveX Debugger NT]
Number=6086
Confirmed=X
Filename=setdebugnt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancoscz.html" target=_blank>BANCOS-CZ</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft® System Mapper]
Number=6087
Confirmed=X
Filename=SysMap.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-120615-0547-99" target="_blank">MAPSY</a> TROJAN!
Source=Paul Collins Startup list

[Microsoft® Windows® Operating System]
Number=6088
Confirmed=U
Filename=ehTray.exe
Description=Enables the user to access Windows Messenger from within <a href="http://msdn.microsoft.com/library/en-us/MedctrSDK/htm/formoreinformation.asp" target="_blank">Windows Media Center Edition</a>
Source=Paul Collins Startup list

[Microsoft® Windows® Operating System]
Number=6089
Confirmed=N
Filename=RunDLL32.exe [path] ehuihlp.dll, BootMediaCenter
Description=Starts Windows Media Center every time Windows Vista (Home Premium or Ultimate) boots. Disable by unchecking the "Start Windows Media Center when Windows Starts" option via Windows Media Center -> Tasks -> Settings -> General -> Startup and Window Behaviour
Source=Paul Collins Startup list

[Microsoft® Windows® Operating System]
Number=6090
Confirmed=N
Filename=rundll32.exe [path] oobefldr.dll, ShowWelcomeCenter
Description=Shows the Welcome Center every time you boot into Windows Vista
Source=Paul Collins Startup list

[Microsong]
Number=6091
Confirmed=X
Filename=svchosts11.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotev.html" target="_blank">SDBOT-EV</a> WORM!
Source=Paul Collins Startup list

[Microsot NT Support]
Number=6092
Confirmed=X
Filename=[random filename].exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotcti.html" target="_blank">RBOT-CTI</a> WORM!
Source=Paul Collins Startup list

[Microszoft Update Mach1nezs]
Number=6093
Confirmed=X
Filename=svchst.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rboted.html" target=_blank>RBOT-ED</a> WORM!

Source=Paul Collins Startup list

[Microtek Scanner Finder]
Number=6094
Confirmed=U
Filename=ScannerFinder.exe
Description=Monitors whether a scanner is present. Provided with Microtek scanners
Source=Paul Collins Startup list

[Microzoft_Ofiz]
Number=6095
Confirmed=X
Filename=KdzEregli.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080612-0026-99" target="_blank">AMUS.A</a> WORM!
Source=Paul Collins Startup list

[Micrsoft CFG 32]
Number=6096
Confirmed=X
Filename=lrbzus32.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target="_blank">AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list

[Micrsoft Driver]
Number=6097
Confirmed=X
Filename=windrive.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-111811-0117-99" target=_blank>SDBOT.AF</a> TROJAN!
Source=Paul Collins Startup list

[Micrsoft Driver]
Number=6098
Confirmed=X
Filename=msdriver.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxd.html" target=_blank>SDBOT-XD</a> WORM!
Source=Paul Collins Startup list

[Micrsoft Internet Explorer]
Number=6099
Confirmed=X
Filename=IEXPL0RE.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqv.html" target=_blank>RBOT-AQV</a> WORM! Note the number "0" in the filename
Source=Paul Collins Startup list

[Micsoft-Published-Software]
Number=6100
Confirmed=X
Filename=explrer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgfl.html" target="_blank">RBOT-GFL</a> WORM!
Source=Paul Collins Startup list

[Micsorosft Security Center]
Number=6101
Confirmed=X
Filename=wcnsfty.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahu.html" target=_blank>RBOT-AHU</a> WORM!
Source=Paul Collins Startup list

[MightyFAX Controller]
Number=6102
Confirmed=N
Filename=MFNTCTL.EXE
Description=<a href="http://www.rkssoftware.com/mightyfax/overview.html" target="_blank">Mighty FAX</a> from RKS Software - &quot;installs a printer driver so that you can fax directly from Windows software&quot;
Source=Paul Collins Startup list

[MigrationVendorSetupCaller]
Number=6103
Confirmed=?
Filename=rundll32.exe migrate.dll, CallVendorSetupDlls
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Military Net Killer]
Number=6104
Confirmed=X
Filename=MNK.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32millneta.html" target="_blank">MILLNET-A</a> WORM!
Source=Paul Collins Startup list

[MilShieldSlave]
Number=6105
Confirmed=U
Filename=ShieldWorker.exe
Description=<a href="http://www.milincorporated.com/milshield2.html" target="_blank">Mil Shield</a> from Mil Incorporated. It protects your privacy by removing all tracks from your online or offline computer activities
Source=Paul Collins Startup list

[MimBoot]
Number=6106
Confirmed=N
Filename=mimboot.exe
Description=Starts <a href="http://www.musicmatch.com/" target=_blank>Musicmatch Jukebox</a> at bootup - can be started manually
Source=Paul Collins Startup list

[Mincer]
Number=6107
Confirmed=X
Filename=Mincer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/wm97mincemea.html" target=_blank>MINCEME-A</a> WORM!
Source=Paul Collins Startup list

[MINIBUG]
Number=6108
Confirmed=X
Filename=MINIBUG.EXE
Description=Displays ads inside Weatherbug - see <a href="http://spybot.safer-networking.de/index.php?lang=en&amp;page=knowledgebase/threats/spybots-minibug" target="_blank">here</a>
Source=Paul Collins Startup list

[MiniEYE-MiniREAD Launch]
Number=6109
Confirmed=N
Filename=ARLaunch.exe
Description=<a href="http://www.infmind.com/what/" target="_blank">eyeQ</a> - improve your reading speed
Source=Paul Collins Startup list

[MINIFERT.EXE]
Number=6110
Confirmed=N
Filename=MINIFERT.EXE
Description=Part of Backweb
Source=Paul Collins Startup list

[minilog]
Number=6111
Confirmed=U
Filename=MINILOG.EXE
Description=If you don't have ZoneAlarm or ZoneAlarm Pro running you don't need this. This must be enabled if programs such as VisualZone Report utility or ZoneLog Analyzer are in use
Source=Paul Collins Startup list

[MiniMavis]
Number=6112
Confirmed=N
Filename=MiniMavis.exe
Description=Mavis Beacon typing tutor
Source=Paul Collins Startup list

[minimo]
Number=6113
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmosuckx.html" target= blank>MOSUCK-X</a> TROJAN!
Source=Paul Collins Startup list

[MiniNote]
Number=6114
Confirmed=N
Filename=MININOTE.EXE
Description=<a href="http://www.fookes.com/software/mininote.htm" target="_blank">Mini NoteTab</a> was the first in the family of &quot;NoteTab&quot; text and HTML editors from Fookes Software
Source=Paul Collins Startup list

[Miniphone]
Number=6115
Confirmed=?
Filename=glophone.exe
Description=<a href="http://www.voiceglo.com/" target=_blank>VoiceGlo</a> Glophone Voice over Internet Protocol (VOIP) communications software - "an affordable and convenient way to call friends and family throughout the world using a dial-up or broadband Internet connection on your computer" - <font color="#FF0000">is it required in startup?</font>
Source=Paul Collins Startup list

[miniport]
Number=6116
Confirmed=X
Filename=usb2chk.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlazara.html" target=_blank>LAZAR-A</a> TROJAN!
Source=Paul Collins Startup list

[MiniPortRt]
Number=6117
Confirmed=X
Filename=miniport_mp.exe
Description=Malware - see <a href="http://www.protext.com/support/Miniport_mpVirus.htm" target=_blank>here</a>
Source=Paul Collins Startup list

[MiniServer.exe]
Number=6118
Confirmed=X
Filename=MiniServer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlittlewe.html" target=_blank>LITTLEW-E</a> TROJAN!
Source=Paul Collins Startup list

[MinMaxExtender]
Number=6119
Confirmed=U
Filename=Mmext.exe
Description=<a href="http://www.geocities.com/revenger_inc/mmext.html" target="_blank">MinMaxExtender</a> - window handling tool
Source=Paul Collins Startup list

[Miosf Update]
Number=6120
Confirmed=X
Filename=wimsqaad.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-111817-1202-99" target=_blank>SDBOT.AG</a> TROJAN!
Source=Paul Collins Startup list

[Mirabilis ICQ]
Number=6121
Confirmed=N
Filename=NDetect.exe
Description=If connected to the internet, automatically runs up ICQ. Convenience more than anything. ICQ can be started from Start -&gt; Programs
Source=Paul Collins Startup list

[Mirabilis ICQ]
Number=6122
Confirmed=N
Filename=icq.exe
Description=If connected to the internet, automatically runs up ICQ. Convenience more than anything. ICQ can be started from Start -&gt; Programs
Source=Paul Collins Startup list

[Mirabilis ICQ]
Number=6123
Confirmed=N
Filename=ICQNet.exe
Description=If connected to the internet, automatically runs up ICQ. Convenience more than anything. ICQ can be started from Start -&gt; Programs
Source=Paul Collins Startup list

[Miramar Systems, Inc.]
Number=6124
Confirmed=U
Filename=atmsg.exe
Description=Miramar PC/Mac networking software
Source=Paul Collins Startup list

[Miranda IM]
Number=6125
Confirmed=N
Filename=miranda32.exe
Description=<a href="http://www.miranda-im.org/" target=_blank>Miranda</a> instant messaging client
Source=Paul Collins Startup list

[Mirate Sp 2 Information]
Number=6126
Confirmed=X
Filename=miratesp2.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.QH" target=_blank>RBOT.QH</a> WORM!
Source=Paul Collins Startup list

[Mircosoft DNS Service]
Number=6127
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotak.html" target=_blank>IRCBOT-AK</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "drivers" subfolder
Source=Paul Collins Startup list

[Mircosoft Sockets SP2]
Number=6128
Confirmed=X
Filename=mssck.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.ET" target="_blank">MYTOB.ET</a> WORM!
Source=Paul Collins Startup list

[Mircosoft Update]
Number=6129
Confirmed=X
Filename=wuampkd.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Mircrosoft Svchost32]
Number=6130
Confirmed=X
Filename=svchost32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotazw.html" target=_blank>RBOT-AZW</a> WORM!
Source=Paul Collins Startup list

[Mircrosoft Windows Config DLL]
Number=6131
Confirmed=X
Filename=rundllc32b.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotzy.html" target=_blank>RBOT-ZY</a> WORM!
Source=Paul Collins Startup list

[miroVIDEO Tray Tool]
Number=6132
Confirmed=N
Filename=misitray.exe
Description=Tool for quickly changing options for miro/Pinnacle capture cards during capture/playback/output. When this program is closed, another program (mv-ctrl) is also closed, but mv-ctrl does not have its own EXE file. Only needed when using the capture card,&nbsp;e.g. for the above actions
Source=Paul Collins Startup list

[MirrorFolderShell]
Number=6133
Confirmed=U
Filename=mrfshl.exe
Description=<a href="http://download.e-not.net/utilities/11696/mirrorfolder.html" target=_blank>MirrorFolder</a> backup software
Source=Paul Collins Startup list

[Mirsoft sdcE]
Number=6134
Confirmed=X
Filename=taskmegr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawy.html" target=_blank>RBOT-AWY</a> WORM!
Source=Paul Collins Startup list

[Mirsoft sdcE]
Number=6135
Confirmed=X
Filename=taskmegr.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.DFQ" target="_blank">RBOT.DFQ</a> WORM!
Source=Paul Collins Startup list

[Miscrosoft Windows Explorer]
Number=6136
Confirmed=X
Filename=IEEXPLORER.exe
Description=Reported as the SDBOT.YX WORM!
Source=Paul Collins Startup list

[misiCTRL]
Number=6137
Confirmed=?
Filename=misiCTRL.exe
Description=<a href="http://www.video-drivers.com/drivers/26/26750.htm" target="_blank">Miro</a> video driver related.<font color="#FF0000"> Is it required?</font>
Source=Paul Collins Startup list

[misiTRAY]
Number=6138
Confirmed=?
Filename=misiTRAY.exe
Description=<a href="http://www.video-drivers.com/drivers/26/26750.htm" target="_blank">Miro</a> video driver related.<font color="#FF0000"> Is it required?</font>
Source=Paul Collins Startup list

[Mismo]
Number=6139
Confirmed=X
Filename=win32x.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotjp.html" target=_blank>RBOT-JP</a> WORM!
Source=Paul Collins Startup list

[Mixer]
Number=6140
Confirmed=N
Filename=Mixer.exe
Description=C-Media Mixer - C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start -&gt; Settings -&gt; Control Panel or Start -&gt; Programs
Source=Paul Collins Startup list

[Mixersel]
Number=6141
Confirmed=N
Filename=mixersel.exe
Description=Configuration for Realtek audio devices
Source=Paul Collins Startup list

[Mixghost]
Number=6142
Confirmed=N
Filename=mixghost.exe
Description=Management software for Altec Lansing speakers.&nbsp; If a change is needed, the user can launch it from the Start menu
Source=Paul Collins Startup list

[ml00!.exe]
Number=6143
Confirmed=X
Filename=ml00!.exe
Description=Malware, detected by <a href="<a href="http://www.pandasoftware.com/home/particulares/default" target="_blank">Panda Antivirus</a> as Trj/Downloader.BWD
Source=Paul Collins Startup list

[ML1HelperStartUp]
Number=6144
Confirmed=U
Filename=ML1HEL~1.EXE
Description=ScreenScenes "Midnight Lake" screensaver. The freeware version comes with <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Claria.GAIN.CommonElements&threatid=5605" target="_blank">GAIN</a> branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
Source=Paul Collins Startup list

[ML1HelperStartUp]
Number=6145
Confirmed=U
Filename=ML1Helper.exe
Description=ScreenScenes "Midnight Lake" screensaver. The freeware version comes with <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Claria.GAIN.CommonElements&threatid=5605" target="_blank">GAIN</a> branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
Source=Paul Collins Startup list

[ml34]
Number=6146
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmailbotbh.html!" target="_blank">MAILBOT-BH</a> TROJAN!
Source=Paul Collins Startup list

[Mlcr0s0ftf DDEs C0ntr0i]
Number=6147
Confirmed=X
Filename=WAed.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbjw.html" target="_blank">RBOT-BJW</a> WORM!
Source=Paul Collins Startup list

[mlibsysmc]
Number=6148
Confirmed=X
Filename=comzcinc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotcxs.html" target="_blank">SDBOT-CXS</a> WORM!
Source=Paul Collins Startup list

[mload]
Number=6149
Confirmed=X
Filename=lxmstart.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[MM Install]
Number=6150
Confirmed=?
Filename=setup.exe
Description=<font color="#FF0000">Possibly <a href="http://www.moneysoft.co.uk/" target="_blank">Money Manager</a> from Moneysoft?</font>
Source=Paul Collins Startup list

[MMB2]
Number=6151
Confirmed=X
Filename=explorer.exe
Description=Added by an unidentified WORM or TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[MMC]
Number=6152
Confirmed=X
Filename=inisys.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32oscaboti.html" target=_blank>OSCABOT-I</a> WORM!
Source=Paul Collins Startup list

[mmcndmgr]
Number=6153
Confirmed=X
Filename=mmcndmgr.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[MMCWINMGMT]
Number=6154
Confirmed=N
Filename=winmgmt.exe
Description=Used for Enterprise Management. If you are not an IT Administrator you don't need it to be running. Also runs from the PCHealth "scheduler" - refer <a href="http://groups.google.com/group/microsoft.public.windowsme.general/msg/5af2d1219f43359e?q=PCHealth%2Bpchschd.exe&hl=en&rnum=1" target="_blank">here</a>
Source=Paul Collins Startup list

[mmemdrv]
Number=6155
Confirmed=X
Filename=mmemdrv.exe
Description=Added by <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-022010-1625-99" target=_blank>SecondSight</a> spyware. Note - SecondSight is spyware that captures keystrokes and screen shots, and logs user activity on the compromised computer. The risk can then send the logged information to a remote attacker via email, must be manually installed
Source=Paul Collins Startup list

[MMERefresh]
Number=6156
Confirmed=U
Filename=MMERefresh.exe
Description=Part of <a href="http://www.digidesign.com/index.cfm?" target="_blank">Digidesgin</a> Protools. Refreshes your midi ports on the 002(R) (the 002R is a hardware audio/midi converter connected to your computer via firewire). Must be running in order to use the MIDI functionality of the Digi002R
Source=Paul Collins Startup list

[Mmessenger]
Number=6157
Confirmed=X
Filename=messenger.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GM" target="_blank">AGOBOT.GM</a> WORM!
Source=Paul Collins Startup list

[Mmgsvc]
Number=6158
Confirmed=X
Filename=mmgsvc.exe
Description=Mmgsvc spyware

Source=Paul Collins Startup list

[MMhid]
Number=6159
Confirmed=U
Filename=mmhid.dll
Description=This is the Human Interface Device Server for Win98, it is required only if you are using USB Audio Devices you can disable via Msconfig. See <a href="http://www.microsoft.com/whdc/device/input/audctrl.mspx" target="_blank">here</a>. Typical examples are USB multimedia keyboards with volume control and web-ready keyboards. For example - loaded by default with MS DSS80 Speakers because they have Volume, Mute and Bass controls on the speaker. Some users may experience problems disabling this - if this is the case then re-enable it. Equivalent to Hidserv in Win98SE/2000/Me/XP
Source=Paul Collins Startup list

[MMHK]
Number=6160
Confirmed=?
Filename=mmhk.exe
Description=<font color="#FF0000">A driver found on a Compaq Presario 800T notebook. Possibly something to do with multimedia hot keys?</font>
Source=Paul Collins Startup list

[MMHotKey]
Number=6161
Confirmed=N
Filename=MMHotKey.exe
Description=Multimedia key handling for the relevant type of Turbo-Media keyboard. Shortcut available. Note that with this running it can crash DirectX8/9 under WinXP when a game switches to full-screen
Source=Paul Collins Startup list

[MMicrosoft Security Management]
Number=6162
Confirmed=X
Filename=inetforn.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AFZ" target="_blank">RBOT.AFZ</a> WORM!
Source=Paul Collins Startup list

[MMKeybd]
Number=6163
Confirmed=U
Filename=MMKeybd.exe
Description=Multimedia keyboard manager. Required if you use the additional keys
Source=Paul Collins Startup list

[Mmm]
Number=6164
Confirmed=U
Filename=Mmm.exe
Description=Hace <a href="http://www.hace.us-inc.com/mmm.shtml" target="_blank">Mmm</a> - free utility to configure your Windows menus and move and remove menu-items you never use
Source=Paul Collins Startup list

[mmod]
Number=6165
Confirmed=X
Filename=mmod.exe
Description=eZula <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=eZula.TopText&threatid=5117" target="_blank">TopText</a> adware
Source=Paul Collins Startup list

[mmpti]
Number=6166
Confirmed=N
Filename=m1mmpti.exe
Description=Mpact Mediaware Properties Taskbar Icon - multimedia software icon for Chromatic Research Mpact video cards
Source=Paul Collins Startup list

[MMReminderService]
Number=6167
Confirmed=N
Filename=MMReminderService.exe
Description=<a href="http://www.mindjet.com/" target=_blank>Mind Manager</a> from Mindjet - "easy way to organize ideas and information". Registration reminder

Source=Paul Collins Startup list

[MMRun]
Number=6168
Confirmed=?
Filename=mmrun.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[mmsys]
Number=6169
Confirmed=?
Filename=recover.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[MMSystem]
Number=6170
Confirmed=X
Filename=RunDll32
Description=Added by the FUNNER-A WORM!

Source=Paul Collins Startup list

[MMTASK]
Number=6171
Confirmed=Y
Filename=mmtask.tsk
Description=A check on the file's properties reveals &quot;Multimedia background task support module&quot;. MMTASK is a very simple 16-bit program used by certain multimedia drivers (which are still 16-bit on Win9x) to perform background processing. Some soundcards need this to support MIDI, etc
Source=Paul Collins Startup list

[mmtask]
Number=6172
Confirmed=N
Filename=mmtask.exe
Description=Part of <a href="http://www.musicmatch.com/download/plus/jukebox_intro.htm?os=pc&amp;mode=input&amp;BTD=1&amp;DID=" target="_blank"> MusicMatch Jukebox</a> - digital music player / CD burner and ripper / music organizer / playlist creator
Source=Paul Collins Startup list

[MMtask Service]
Number=6173
Confirmed=X
Filename=mmtask.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbackgata.html" target="_blank">BACKGAT.A</a> TROJAN! Not the valid MusicMatch Jukebox which has the same filename
Source=Paul Collins Startup list

[MMTray]
Number=6174
Confirmed=N
Filename=mm_tray.exe
Description=<a href="http://www.musicmatch.com/download/plus/jukebox_intro.htm?os=pc&amp;mode=input&amp;BTD=1&amp;DID=" target="_blank">MusicMatch Jukebox</a> icon in the task tray - digital music player / CD burner and ripper / music organizer / playlist creator
Source=Paul Collins Startup list

[MMTray]
Number=6175
Confirmed=N
Filename=MMTray.exe
Description=Part of <a href="http://www.morgan-multimedia.com/" target="_blank"> Morgan Multimedia Codecs</a>. Only required when the codecs are used
Source=Paul Collins Startup list

[MMTray2K]
Number=6176
Confirmed=N
Filename=MMTray2K.exe
Description=Part of <a href="http://www.morgan-multimedia.com/" target="_blank"> Morgan Multimedia Codecs</a>. Only required when the codecs are used
Source=Paul Collins Startup list

[MMTrayLSI]
Number=6177
Confirmed=N
Filename=MMTrayLSI.exe
Description=Part of <a href="http://www.morgan-multimedia.com/" target="_blank"> Morgan Multimedia Codecs</a>. Only required when the codecs are used
Source=Paul Collins Startup list

[mmusrstp]
Number=6178
Confirmed=?
Filename=procrun.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[mmxp2passion.exe]
Number=6179
Confirmed=X
Filename=mmxp2passion.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MediaMotor&threatid=15001" target="_blank">MediaMotor</a> adware
Source=Paul Collins Startup list

[mmxrun]
Number=6180
Confirmed=X
Filename=msosa.exe
Description=Added by an unidentified TROJAN or WORM!

Source=Paul Collins Startup list

[mmxrun]
Number=6181
Confirmed=X
Filename=mswinindex.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110516-2239-99" target=_blank>TwoSeven</a> spyware
Source=Paul Collins Startup list

[mnklins]
Number=6182
Confirmed=X
Filename=mnklins.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=VX2.Transponder&threatid=12517" target=_blank>VX2.Transponder</a> parasite updater/installer related
Source=Paul Collins Startup list

[MNPol]
Number=6183
Confirmed=X
Filename=mnpol.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091104-3134-99" target=_blank>DLUCA.B</a> TROJAN!
Source=Paul Collins Startup list

[MNS]
Number=6184
Confirmed=U
Filename=MNS.exe
Description=<a href="http://www.mobilenetswitch.com/" target=_blank>Mobile Net Switch</a> enables you to use your computer on more then one network with the click of a button. It allows you to automatically select the correct drive mappings, printer settings, IP settings and much more
Source=Paul Collins Startup list

[mnsvc]
Number=6185
Confirmed=X
Filename=mnsvc.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-042320-3206-99" target="_blank">AUTOUPDER</a> TROJAN!
Source=Paul Collins Startup list

[mnsvcsp]
Number=6186
Confirmed=X
Filename=mnsvcsp.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[Mobile Phone Suite]
Number=6187
Confirmed=U
Filename=MobilePhoneSuite.exe
Description=Logitech Mobile Phone Suite

Source=Paul Collins Startup list

[mobile PhoneTools]
Number=6188
Confirmed=U
Filename=mPhonetools.exe
Description=Motorola <a href="http://www.bvrp.com/customers/motorola/upgrade/US/" target="_blank">Phone Tools</a>
Source=Paul Collins Startup list

[Mobipocket Reader Notifications]
Number=6189
Confirmed=U
Filename=readernotify.exe
Description=Part of <a href="http://www.mobipocket.com/en/DownloadSoft/ProductDetailsReader.asp" target="_blank">Mobipocket Reader</a> - "Store all your eBooks, eNews & self-published eDocs on your PC. Download eBooks in Mobi format from your favorite ebookstores to read on your smartphone, PDA, laptop or on your desktop PC"
Source=Paul Collins Startup list

[mobsync]
Number=6190
Confirmed=N
Filename=mobsync.exe
Description=MS Syncrhonization Manager - updates the network copy of materials that were edited offline, such as documents, calendars, and e-mail messages
Source=Paul Collins Startup list

[MOBSYNC32.EXE]
Number=6191
Confirmed=X
Filename=mobsync32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100313-3137-99" target="_blank">FINERO</a> TROJAN!
Source=Paul Collins Startup list

[MOD]
Number=6192
Confirmed=N
Filename=muamgr.exe
Description=Using <a href="http://www.microangelo.us/" target="_blank">MicroAngelo</a> On Display, you can easily select the icon images that you prefer rather than the default icons displayed by Windows. On Display provides a consistent and elegant method to customize the icon display for almost every icon on your system
Source=Paul Collins Startup list

[Modem]
Number=6193
Confirmed=X
Filename=locatesvc.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Modem Driverz Updates]
Number=6194
Confirmed=X
Filename=mdmdrv.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[MODEMBTR]
Number=6195
Confirmed=U
Filename=MODEMBTR.EXE
Description=Modem Booster from <a href="http://inklineglobal.com/" target="_blank">inKline Global</a> to improve ISP connections
Source=Paul Collins Startup list

[Modeminf]
Number=6196
Confirmed=X
Filename=Modeminf.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list

[ModemOnHold]
Number=6197
Confirmed=U
Filename=MOH.EXE
Description=NetWaiting Modem-on-Hold Application
Source=Paul Collins Startup list

[ModemUtility]
Number=6198
Confirmed=N
Filename=mdmsetpe.exe
Description=System Tray configuration icon for Aztech modems
Source=Paul Collins Startup list

[ModularConfig]
Number=6199
Confirmed=X
Filename=syscnfg.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in C:\windows\fonts (or C:\winnt\fonts) directory where no *.exe files should reside
Source=Paul Collins Startup list

[Module Call initialize]
Number=6200
Confirmed=X
Filename=RUNDLL32.EXE reg.dll, ondll_reg
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list

[Modulo 00FE0F01 Host Internet]
Number=6201
Confirmed=X
Filename=syschost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfkw.html" target="_blank">DELF-KW</a> TROJAN!
Source=Paul Collins Startup list

[Money Express]
Number=6202
Confirmed=N
Filename=moneyexpress.exe
Description=Part of MS Money. Available via Start -> Programs
Source=Paul Collins Startup list

[MoneyAgent]
Number=6203
Confirmed=N
Filename=money express.exe
Description=Part of MS Money. Available via Start -> Programs
Source=Paul Collins Startup list

[MoneyAgent]
Number=6204
Confirmed=N
Filename=mnyexpr.exe
Description=Microsoft Money
Source=Paul Collins Startup list

[MoneyStartUp]
Number=6205
Confirmed=N
Filename=Money Startup.exe
Description=Microsoft Money
Source=Paul Collins Startup list

[MoneyStartUp10.0]
Number=6206
Confirmed=N
Filename=Activation.exe
Description=Part of MS Money 2002. Available via Start -> Programs
Source=Paul Collins Startup list

[monitor]
Number=6207
Confirmed=X
Filename=monitor.exe
Description=Browser hijacker, redirecting to NCM Search
Source=Paul Collins Startup list

[Monitor]
Number=6208
Confirmed=U
Filename=SD Monitor.exe
Description="Transfer data quickly between your memory card and your computer with SanDisk's <a href="http://www.sandisk.com/Products/Catalog(1086)-Readers_Writers_and_Adapters.aspx" target="_blank">Readers, Writers and Adapters</a>"
Source=Paul Collins Startup list

[Monitor Apache Servers]
Number=6209
Confirmed=U
Filename=ApacheMonitor.exe
Description=Part of the Apache Web Server package. Useful only if you're running such a server on your PC. Available via Start -> Programs
Source=Paul Collins Startup list

[Monitor Helper]
Number=6210
Confirmed=U
Filename=monitor.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080508-3152-99" target= blank>MyLittleSpy</a> keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[Monitoring Service]
Number=6211
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-030912-4419-99" target=_blank>CONE.C</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "tasks" subfolder of the Winnt or Windows folder
Source=Paul Collins Startup list

[Monitormgt]
Number=6212
Confirmed=X
Filename=Monitormgt.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list

[MonitorSD]
Number=6213
Confirmed=U
Filename=SDMonitor.exe
Description=Spyware Detector - spyware remover. Initially not recommended due to false positives but the later versions have since improved - see  <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#swdetect_note" target="_blank">here</a>
Source=Paul Collins Startup list

[MONPluginSrIvcs]
Number=6214
Confirmed=X
Filename=n3monap23.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Monstersoundtray]
Number=6215
Confirmed=N
Filename=Freectrl.exe
Description=Diamond Multimedia sound card control panel
Source=Paul Collins Startup list

[MonTest]
Number=6216
Confirmed=X
Filename=vccxzq.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotea.html" target=_blank>SDBOT-EA</a> WORM!
Source=Paul Collins Startup list

[MoodBook]
Number=6217
Confirmed=U
Filename=mb.exe
Description=<a href="http://www.moodbook.com/" target=_blank>MoodBook</a> is a free Windows utility that brings art to your desktop 
Source=Paul Collins Startup list

[moon phase]
Number=6218
Confirmed=N
Filename=moon.exe
Description=<a href="http://www.locutuscodeware.com" target="_blank">Moon Phase</a> - tray icon that indicates the phases of the moon
Source=Paul Collins Startup list

[MoreResults]
Number=6219
Confirmed=X
Filename=MoreResults.exe
Description=<a href="http://www.superadblocker.com/M/MORERESULTS.EXE-4789.html" target="_blank">MoreResults</a> adware
Source=Paul Collins Startup list

[Morpheus]
Number=6220
Confirmed=N
Filename=morpheus.exe
Description=MusicCity Networks' Morpheus - another peer-to-peer client based on Kazaa. Notable in that this one doesn't seem to install the adware that clog the Kazaa download. They claim they are adware free, and a visitor quotes &quot;I have seen no instance of any since using it&quot;
Source=Paul Collins Startup list

[morphstb]
Number=6221
Confirmed=X
Filename=morphstb.exe
Description=Adware downloader - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan-Downloader.Win32.Stubby.c
Source=Paul Collins Startup list

[mosearch]
Number=6222
Confirmed=X
Filename=mosearch.exe
Description=Fast Search in Office XP - similar to the new revision of the Find Fast feature in Office 2000. Fast Search uses the Indexing Services in Office XP to create a catalog of Office files on your computer's hard disk. As with Find Fast - a waste of resources. If it can't be disabled via MSCONFIG try <a href="http://support.microsoft.com/kb/q282106/" target="_blank">here</a>
Source=Paul Collins Startup list

[Motherboard Config]
Number=6223
Confirmed=X
Filename=Ati2xxx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaik.html" target="_blank">RBOT-AIK</a> WORM!
Source=Paul Collins Startup list

[MotherBoard Sounds]
Number=6224
Confirmed=X
Filename=Sounds.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaap.html" target=_blank>RBOT-AAP</a> WORM!
Source=Paul Collins Startup list

[Motive SmartBridge]
Number=6225
Confirmed=N
Filename=mpbtn.exe
Description=System tray icon for the Virtual Assistant from AT&T Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not required
Source=Paul Collins Startup list

[Motive SmartBridge]
Number=6226
Confirmed=N
Filename=MotiveSB.exe
Description=System tray icon for the Virtual Assistant from AT&T Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not required
Source=Paul Collins Startup list

[Motive SmartBridge]
Number=6227
Confirmed=N
Filename=BTHelpNotifier.exe
Description=System tray icon for help from BT Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not required
Source=Paul Collins Startup list

[MotiveMonitor]
Number=6228
Confirmed=U
Filename=motmon.exe
Description=Found on HP/Dell and Compaq systems (and maybe others). MotiveMonitor is used the suppliers on-line support and allows the agent at the far end to do harddrive/ram/video/etc tests on the computer. Can cause some users problems with IE and Netscape by disabling this - in this case leave it to run. You may also wish to leave it alone if the PC is still within the support period from the manufcaturer. For most users it's not required
Source=Paul Collins Startup list

[MotiveSB]
Number=6229
Confirmed=N
Filename=MotiveSB.exe
Description=System tray icon for the Virtual Assistant from AT&T Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not required
Source=Paul Collins Startup list

[MotMon]
Number=6230
Confirmed=U
Filename=motmon.exe
Description=Found on HP/Dell and Compaq systems (and maybe others). MotiveMonitor is used the suppliers on-line support and allows the agent at the far end to do harddrive/ram/video/etc tests on the computer. Can cause some users problems with IE and Netscape by disabling this - in this case leave it to run. You may also wish to leave it alone if the PC is still within the support period from the manufcaturer. For most users it's not required
Source=Paul Collins Startup list

[motoin]
Number=6231
Confirmed=X
Filename=mm15201518.Stub.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-050515-5939-99" target= blank>Delfin Promulgate</a> adware variant
Source=Paul Collins Startup list

[Motorola Desktop Suite]
Number=6232
Confirmed=U
Filename=DesktopSuite.exe
Description=Related to Motorola Desktop Suite - PC software managing Motorola mobiles such as the <a href="http://developer.motorola.com/?path=1.2.5.22.112" target="_blank">A1000</a>
Source=Paul Collins Startup list

[Motorola Desktop Suite mRouter Config]
Number=6233
Confirmed=U
Filename=mRouterConfig.exe
Description=Configuration for Intuwave's <a href="http://www.intuwave.com/index.php?page=mrouter" target="_blank">mRouter</a> - "that enables easy connectivity between mobile devices and PCs across Bluetooth, Infrared, USB and serial cable connections". An integral component of Symbian OS that is provided to all Symbian licensees
Source=Paul Collins Startup list

[Mount Safe & Sound]
Number=6234
Confirmed=U
Filename=Fbmount.exe
Description=From McAfee VirusScan version 5.x. Creates back-up sets of critical files in a separate area of a hard drive. If you make regular back-ups it's not needed and can be painful during system start
Source=Paul Collins Startup list

[mouse]
Number=6235
Confirmed=X
Filename=mouse.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahj.html" target=_blank>RBOT-AHJ</a> WORM!
Source=Paul Collins Startup list

[Mouse 32A]
Number=6236
Confirmed=N
Filename=Mouse32A.exe
Description=Mouse driver to control mouse functions from Azona. Available via Start -> Programs
Source=Paul Collins Startup list

[Mouse Suite 98 Daemon]
Number=6237
Confirmed=N
Filename=pelmiced.exe
Description=Mouse driver. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated games
Source=Paul Collins Startup list

[Mouse Suite 98 Daemon]
Number=6238
Confirmed=N
Filename=ICO.EXE
Description=Found on Sony Vaio and IBM Thinkpad (and possibly other) laptops and seems to be related to Mouse Suite 98 Daemon according to the properties. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated games
Source=Paul Collins Startup list

[mousebut]
Number=6239
Confirmed=X
Filename=mousebut.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list

[Mousecntl]
Number=6240
Confirmed=X
Filename=mousecntl.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list

[MouseCount]
Number=6241
Confirmed=N
Filename=MC.exe
Description=<a href="http://www.kittyfeet.com/mousecount.htm" target="_blank">MouseCount</a> by Kittyfeet Software. &quot;Utility for counting how many times us computer junkies click our mouse in a given session/day/week/month/year.&quot; Not required
Source=Paul Collins Startup list

[MouseDrv]
Number=6242
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32zoloadb.html" target=_blank>ZOLOAD-B</a> WORM!
Source=Paul Collins Startup list

[MouseDrv]
Number=6243
Confirmed=X
Filename=update.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ZOTOB.N&VSect=P" target=_blank>ZOTOB.N</a> WORM!
Source=Paul Collins Startup list

[mouseElf]
Number=6244
Confirmed=U
Filename=MC.exe
Description=<a href="http://www.geniusnet.com.tw/" target=_blank>Genius</a> NetScroll mouse driver - required if you use non-standard Windows driver features
Source=Paul Collins Startup list

[mouseElf]
Number=6245
Confirmed=U
Filename=mouseElf.exe
Description=System Tray access to the mouse control panel for Genius Netscroll mice. Required if you use non-standard Windows driver features
Source=Paul Collins Startup list

[MouseImp]
Number=6246
Confirmed=U
Filename=MImpHost.exe
Description=MouseImp Pro - &quot;A reliable assistant that turns your mouse into a simple, native but powerful controlling device&quot;
Source=Paul Collins Startup list

[mousepad]
Number=6247
Confirmed=X
Filename=mousepad.exe
Description=Added by the <a href="http://www.f-secure.com/v-descs/trojclik.shtml" target=_blank>CLICKER</a> TROJAN!

Source=Paul Collins Startup list

[Mousinfo]
Number=6248
Confirmed=U
Filename=mousinfo.exe
Description=MS mouse information tool - for troubleshooting mouse problems
Source=Paul Collins Startup list

[MoussaEvil]
Number=6249
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32musanuba.html" target=_blank>MUSANUB-A</a> WORM!
Source=Paul Collins Startup list

[MoveSearch]
Number=6250
Confirmed=X
Filename=Search.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-101816-5730-99" target=_blank>PigSearch</a> adware
Source=Paul Collins Startup list

[Movielink Manager Uninstall]
Number=6251
Confirmed=N
Filename=msvcmm32.exe
Description=Auto-update for <a href="http://www.movielink.com/" target="_blank">Movielink</a> - internet movie rental System Tray access
Source=Paul Collins Startup list

[MovieM]
Number=6252
Confirmed=X
Filename=lmovie.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-021611-2701-99" target=_blank>BEAGLE.DS</a> WORM!
Source=Paul Collins Startup list

[moviemk]
Number=6253
Confirmed=X
Filename=moviemk.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdwnldrgtb.html" target="_blank">DWNLDR-GTB</a> TROJAN!
Source=Paul Collins Startup list

[MovieNetworks]
Number=6254
Confirmed=X
Filename=MovieNetworks.exe
Description=<a href="http://www.movienetworks.com/" target="_blank">MovieNetworks</a> will connect you by DOMESTIC PREMIUM RATE TELEPHONE NUMBER 900-xxx-xxxx. So you get xxx rated pictures and junk. And it will allow you to stay on the internet on their line and $$$ and remove the C:\Program Files\MovieNetworks directory
Source=Paul Collins Startup list

[Movieplace]
Number=6255
Confirmed=X
Filename=Movieplace.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453060662" target="_blank">MoviePlace</a> malware
Source=Paul Collins Startup list

[Mozila]
Number=6256
Confirmed=X
Filename=mozila.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotaj.html" target="_blank">DELBOT-AJ</a> WORM!
Source=Paul Collins Startup list

[Mozila Firefox]
Number=6257
Confirmed=X
Filename=firebox.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaip.html" target="_blank">RBOT-AIP</a> WORM!
Source=Paul Collins Startup list

[Mozilla Firefox]
Number=6258
Confirmed=X
Filename=F1REF0X.EXE
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Mozilla Quick Launch]
Number=6259
Confirmed=N
Filename=Netscp6.exe
Description=Netscape 6 and Mozilla browsers
Source=Paul Collins Startup list

[Mozilla Quick Launch]
Number=6260
Confirmed=N
Filename=Mozilla.exe
Description=Netscape 6 and Mozilla browsers
Source=Paul Collins Startup list

[Mozy Status]
Number=6261
Confirmed=U
Filename=mozystat.exe
Description=<a href="http://mozy.com/" target="_blank">Mozy</a> - free backup at a secure, remote location
Source=Paul Collins Startup list

[MP Tcloakss]
Number=6262
Confirmed=X
Filename=mptclock.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32nackbotb.html" target="_blank">NACKBOT-B</a> WORM!
Source=Paul Collins Startup list

[MP Tcloaxs]
Number=6263
Confirmed=X
Filename=mptcloaxs.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDEX.CT" target="_blank">RANDEX.CT</a> WORM!
Source=Paul Collins Startup list

[MP Tclockvv]
Number=6264
Confirmed=X
Filename=mptclock.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32nackbota.html" target="_blank">NACKBOT-A</a> WORM!
Source=Paul Collins Startup list

[Mp3 Loader]
Number=6265
Confirmed=X
Filename=Sysdata.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32avettea.html" target=_blank>AVETTE-A</a> VIRUS!
Source=Paul Collins Startup list

[MP3download]
Number=6266
Confirmed=X
Filename=rundll32.exe MSA64CHK.dll, DllMostrar
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MatrixDialer&threatid=14914" target=_blank>MatrixDialer</a> related
Source=Paul Collins Startup list

[MPEO]
Number=6267
Confirmed=U
Filename=Csinsm32.exe
Description=Automatic logging of installs from Norton CleanSweep - available via Start -&gt; Programs
Source=Paul Collins Startup list

[MPFExe]
Number=6268
Confirmed=Y
Filename=mpf.exe
Description=McAfee Personal Firewall
Source=Paul Collins Startup list

[MPFExe]
Number=6269
Confirmed=Y
Filename=MpfTray.exe
Description=McAfee Personal Firewall
Source=Paul Collins Startup list

[MPFTray]
Number=6270
Confirmed=Y
Filename=MpfTray.exe
Description=McAfee Personal Firewall
Source=Paul Collins Startup list

[MPL32 driver]
Number=6271
Confirmed=X
Filename=MPL32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojloonym.html" target="_blank">LOONY-M</a> TROJAN!
Source=Paul Collins Startup list

[MPlay64]
Number=6272
Confirmed=X
Filename=mplay64.exe
Description=Added by the <a href="http://www.superadblocker.com/M/MPLAY64.EXE-6741.html" target=_blank>MPLAY64</a> TROJAN!
Source=Paul Collins Startup list

[MplSetup]
Number=6273
Confirmed=U
Filename=MplSetup.exe
Description=Used by Ricoh network printers to enable network printing from the client
Source=Paul Collins Startup list

[MPM Manager]
Number=6274
Confirmed=X
Filename=MPM.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DONBOMB.A&VSect=P" target=_blank>DONBOMB.A</a> TROJAN!
Source=Paul Collins Startup list

[MPNet]
Number=6275
Confirmed=X
Filename=mpn.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotw.html" target="_blank">DELBOT-W</a> WORM!
Source=Paul Collins Startup list

[MPower]
Number=6276
Confirmed=U
Filename=MPower.exe
Description=<a href="http://www.mindbeat.com/" target="_blank">MPower</a> from MindBeat. "Defragments and frees your RAM giving more stability to your system and avoiding needless use of swap file. Willl also benchmark (speed test) your hard disk drives and your CPU load". MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://aumha.org/win4/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
Source=Paul Collins Startup list

[mppdds]
Number=6277
Confirmed=X
Filename=mppdds.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpwsakz.html" target="_blank">PWS-AKZ</a> TROJAN!
Source=Paul Collins Startup list

[mppds]
Number=6278
Confirmed=X
Filename=mppds.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY_LEGMIR.AQZ" target="_blank">LEGMIR.AQZ</a> TROJAN!
Source=Paul Collins Startup list

[MPR MSG]
Number=6279
Confirmed=X
Filename=mprmsg32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051510-2144-99" target= blank>MYTOB.CF</a> WORM!
Source=Paul Collins Startup list

[MPREXE]
Number=6280
Confirmed=X
Filename=MPREXE.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T" target="_blank">OPASERV.T</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/mprexe/" target="_blank"> Mprexe.exe</a> system file
Source=Paul Collins Startup list

[MPREXE.exe]
Number=6281
Confirmed=Y
Filename=mprexe.exe
Description=WIN32 Network Service Interface Process. MPREXE.exe enables the computer to have multiple clients/protocols for networks. There are some problems with it sometimes though - see <a href="http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q178084&ID=KB;EN-US;Q178084" target="_blank">here</a>. Note - why some people have it listed in start-up programs I don't know but I was asked to include it here. It automatically runs in the background. NOTE : sometimes it will appear in start-ups if you have a virus
Source=Paul Collins Startup list

[MprHTML]
Number=6282
Confirmed=X
Filename=MprHTML.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_VAGRNOCK.12" target="_blank">VAGRNOCKER</a> TROJAN!
Source=Paul Collins Startup list

[mprocessor]
Number=6283
Confirmed=X
Filename=mprocessor.exe
Description=InstallDollars.com foistware
Source=Paul Collins Startup list

[MPSExe]
Number=6284
Confirmed=U
Filename=mscifapp.exe
Description=McAfee.com Privacy Service - &quot;combines personal identifiable information (PII) protection with online advertisement blocking and content filtering&quot;
Source=Paul Collins Startup list

[MpsOnn]
Number=6285
Confirmed=Y
Filename=MpsOnn.exe
Description=Canon printer driver
Source=Paul Collins Startup list

[MPT]
Number=6286
Confirmed=?
Filename=MPT.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[MPtask Services]
Number=6287
Confirmed=X
Filename=mptask.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-122014-1523-99" target="_blank">LALA</a> or <a href="http://vil.nai.com/vil/content/v_99788.htm" target="_blank">AOT</a> TROJANS!
Source=Paul Collins Startup list

[MPTBox]
Number=6288
Confirmed=N
Filename=MPTBOX.EXE
Description=Cannon Multi-Pass toolbox - a button bar
Source=Paul Collins Startup list

[mptsgsvc.exe]
Number=6289
Confirmed=X
Filename=mptsgsvc.exe
Description=<a href="http://www.f-secure.com/v-descs/hacktool.shtml" target="_blank">Hacker Tool</a> - detected by <a href="http://www.diamondcs.com.au/" target= blank>DiamondCS</a> TDS-3 anti-trojan as "HackTool.Win32.Hidd.j"
Source=Paul Collins Startup list

[MPXTray]
Number=6290
Confirmed=N
Filename=mpxptray.exe
Description=Windows Media Player PowerToy which is run from the taskbar. It can be used to hide Windows Media Player (when in use) and choose various standard buttons (play/pause, next,previous) etc
Source=Paul Collins Startup list

[MP_STATUS_MONITOR]
Number=6291
Confirmed=U
Filename=monitr32.exe
Description=Cannon Multi-Pass status monitor - your choice
Source=Paul Collins Startup list

[mqbkup]
Number=6292
Confirmed=X
Filename=mqbkup.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-122416-1629-99" target="_blank">OPASERV.K</a> WORM!
Source=Paul Collins Startup list

[mrsvctr]
Number=6293
Confirmed=X
Filename=mrsvctr.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[mrtMngr]
Number=6294
Confirmed=N
Filename=mrtMngr.exe
Description=Maintenance Release Task Manager for Intuit's QuickBooks or Quicken
Source=Paul Collins Startup list

[MRU-Blaster Scheduler]
Number=6295
Confirmed=U
Filename=scheduler.exe
Description=Scheduler for <a href="http://www.javacoolsoftware.com/mrublaster.html" target="_blank">MRU-Blaster</a> - "a program made to do one large task - detect and clean MRU (most recently used) lists on your computer"
Source=Paul Collins Startup list

[MRU-Blaster Silent Clean]
Number=6296
Confirmed=N
Filename=mrublaster.exe
Description=<a href="http://www.wilderssecurity.com/mrublaster.html" target="_blank">MRU-Blaster</a> - performs silent cleaning of MRU lists at boot
Source=Paul Collins Startup list

[MRUBlaster]
Number=6297
Confirmed=U
Filename=indexcleaner.exe
Description=<a href="http://www.wilderssecurity.com/mrublaster.html" target=_blank>MRU-Blaster</a> related - runs once in order to delete the index.dat file in the Temporary Internet Files and/or Cookies folder
Source=Paul Collins Startup list

[ms]
Number=6298
Confirmed=X
Filename=svhost32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmiraqo.html" target="_blank">LEGMIR-AQO</a> TROJAN!
Source=Paul Collins Startup list

[MS Auto-IPSec Protection]
Number=6299
Confirmed=X
Filename=MSASP32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaer.html" target=_blank>RBOT-AER</a> WORM!

Source=Paul Collins Startup list

[MS Autoloader 32]
Number=6300
Confirmed=X
Filename=MSAuto32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.BD" target="_blank">SPYBOT.BD</a> WORM!
Source=Paul Collins Startup list

[Ms Builders]
Number=6301
Confirmed=X
Filename=Wupated.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotss.html" target=_blank>AGOBOT-SS</a> WORM!
Source=Paul Collins Startup list

[MS Config]
Number=6302
Confirmed=X
Filename=msdconfig.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotczh.html" target="_blank">RBOT-CZH</a> WORM!
Source=Paul Collins Startup list

[MS Config Loader]
Number=6303
Confirmed=X
Filename=svchos1.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.R" target="_blank">AGOBOT.R</a> WORM!
Source=Paul Collins Startup list

[MS Config Loader]
Number=6304
Confirmed=X
Filename=MSWin32bck.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082113-0023-99" target="_blank">GAOBOT.AA</a> WORM!
Source=Paul Collins Startup list

[MS Config Loader]
Number=6305
Confirmed=X
Filename=svcrhost.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[MS Config Service]
Number=6306
Confirmed=X
Filename=Msloader32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotkj.html" target="_blank">RBOT-KJ</a> WORM!
Source=Paul Collins Startup list

[MS Config v13]
Number=6307
Confirmed=U
Filename=lrbz32.exe
Description=Added by the <a href="http://www.sarc.com/avcenter/venc/data/w32.gaobot.aol.html" target=_blank>GAOBOT.AOL</a> WORM!
Source=Paul Collins Startup list

[Ms configsu]
Number=6308
Confirmed=X
Filename=msconfigsu.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[MS Configuration]
Number=6309
Confirmed=X
Filename=MSFramer.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032615-0559-99" target="_blank">RANDEX.OL</a> WORM!
Source=Paul Collins Startup list

[Ms Configuration]
Number=6310
Confirmed=X
Filename=microsoftsa32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041621-4123-99" target=_blank>KELVIR.X</a> WORM!
Source=Paul Collins Startup list

[MS DATABASE]
Number=6311
Confirmed=X
Filename=MSDATA32.EXE
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[MS Decryption Software]
Number=6312
Confirmed=X
Filename=active.exe
Description=<a href="http://www.spywareguide.com/product_show.php?id=813" target="_blank">MediaTickets</a> adware variant
Source=Paul Collins Startup list

[MS DirectX Sound Drivers]
Number=6313
Confirmed=X
Filename=msdrvdx.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BCX&VSect=T" target=_blank>RBOT.BCX</a> WORM!
Source=Paul Collins Startup list

[MS DLL Library Manager]
Number=6314
Confirmed=X
Filename=dllsys64.exe
Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan.Ranky&threatid=39385" target="_blank">RANKY</a> TROJAN!
Source=Paul Collins Startup list

[MS Domain Name Server Deamon]
Number=6315
Confirmed=X
Filename=MSDNSD32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotcmz.html" target="_blank">RBOT-CMZ</a> WORM!
Source=Paul Collins Startup list

[MS Domain Name System]
Number=6316
Confirmed=X
Filename=MSWDNS32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgky.html" target="_blank">RBOT-GKY</a> WORM!
Source=Paul Collins Startup list

[MS DVD DirectX Dll Drivers]
Number=6317
Confirmed=X
Filename=mdxdl.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxi.html" target= blank>SDBOT-XI</a> WORM!
Source=Paul Collins Startup list

[MS DVD DirectX Sound Drivers]
Number=6318
Confirmed=X
Filename=msdrvdx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxj.html" target= blank>SDBOT-XJ</a> WORM!
Source=Paul Collins Startup list

[MS Explorer]
Number=6319
Confirmed=X
Filename=mexplore.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102707-4458-99" target="_blank">YAHA.AE</a> WORM!
Source=Paul Collins Startup list

[MS FIREWALL]
Number=6320
Confirmed=X
Filename=msfrewall.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpu.html" target=_blank>SDBOT-PU</a> WORM!
Source=Paul Collins Startup list

[MS FIREWALL]
Number=6321
Confirmed=X
Filename=msfirewall.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotqh.html" target=_blank>SDBOT-QH</a> WORM!

Source=Paul Collins Startup list

[MS HTML]
Number=6322
Confirmed=X
Filename=msHtml.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_PESTDOOR.31" target="_blank">PESTDOOR.31</a> TROJAN!
Source=Paul Collins Startup list

[MS HTML]
Number=6323
Confirmed=X
Filename=mslat.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LATINUS.SVR" target="_blank">LATINUS.SVR</a> TROJAN!
Source=Paul Collins Startup list

[MS HTML Location Class]
Number=6324
Confirmed=X
Filename=MSHTML32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyd.html" target= blank>RBOT-YD</a> WORM!
Source=Paul Collins Startup list

[MS Internet Executor 32]
Number=6325
Confirmed=X
Filename=MSIXEC32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaeq.html" target=_blank>RBOT-AEQ</a> WORM!
Source=Paul Collins Startup list

[MS Java Applets for Windows NT & XP]
Number=6326
Confirmed=X
Filename=javaapplet.exe
Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Backdoor.Win32.Rbot.bhg&threatid=49487" target="_blank">RBOT.BHG</a> WORM!
Source=Paul Collins Startup list

[MS Java Applets for Windows NT, ME & XP]
Number=6327
Confirmed=U
Filename=javaapplets.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vanebotb.html" target="_blank">VANEBOT-B</a> WORM!
Source=Paul Collins Startup list

[Ms Java for Windows 98, NT, ME & XP]
Number=6328
Confirmed=X
Filename=msjavames.exe
Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Backdoor.Win32.Rbot.bhj&threatid=49488" target="_blank">RBOT.BHJ</a> WORM!
Source=Paul Collins Startup list

[Ms Java for Windows 98, NT, XP & ME]
Number=6329
Confirmed=X
Filename=msjavaxps.exe
Description=Added by the <a href="http://virusinfo.prevx.com/pxparall.asp?PX5=94ecff2c00a4a555c64602e0e6c7f3004273fc9b&psection=desc" target="_blank">BACKDOOR.GEN</a> TROJAN!
Source=Paul Collins Startup list

[Ms Java for Windows NT]
Number=6330
Confirmed=X
Filename=MS32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vaneboth.html" target="_blank">VANEBOT-H</a> WORM!
Source=Paul Collins Startup list

[Ms Java for Windows NT]
Number=6331
Confirmed=X
Filename=msi32java.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vaneboti.html" target="_blank">VANEBOT-I</a> WORM!
Source=Paul Collins Startup list

[Ms Java for Windows NT]
Number=6332
Confirmed=X
Filename=msjava.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vanebote.html" target="_blank">VANEBOT-E</a> WORM!
Source=Paul Collins Startup list

[MS Java for Windows NT, XP & ME]
Number=6333
Confirmed=X
Filename=xpjavams.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kassbotv.html" target="_blank">KASSBOT-V</a> WORM!
Source=Paul Collins Startup list

[MS Java for Windows XP & NT]
Number=6334
Confirmed=X
Filename=javanet.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vanebota.html" target="_blank">VANEBOT-A</a> WORM!
Source=Paul Collins Startup list

[MS Java Service Wrapper for Windows NT & XP]
Number=6335
Confirmed=U
Filename=wrapper.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vanebotd.html" target="_blank">VANEBOT-D</a> WORM!
Source=Paul Collins Startup list

[Ms Java Update For Windows NT/XP]
Number=6336
Confirmed=X
Filename=msijavaupdt32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDEX.AF" target="_blank">RANDEX.AF</a> WORM!
Source=Paul Collins Startup list

[MS lsass Startup]
Number=6337
Confirmed=X
Filename=lsass135.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.WM" target="_blank">RBOT.WM</a> WORM!
Source=Paul Collins Startup list

[MS management console]
Number=6338
Confirmed=?
Filename=mms.exe
Description=<font color="#FF0000">Suspicious as the legitimate "Microsoft Management Console" is "mmc.exe" and not "mms.exe" and doesn't normally run at startup</font>
Source=Paul Collins Startup list

[MS Microsoft Socket Deamon]
Number=6339
Confirmed=X
Filename=MSSCKD32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[MS MSN Menssenger 7.0]
Number=6340
Confirmed=X
Filename=MSMSN7.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaca.html" target= blank>RBOT-ACA</a> WORM!
Source=Paul Collins Startup list

[MS MSN Menssenger 7.0]
Number=6341
Confirmed=X
Filename=MSEXPORT.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[MS Network Control]
Number=6342
Confirmed=X
Filename=mswin.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-091616-5442-99" target="_blank">DUMBA</a> TROJAN!
Source=Paul Collins Startup list

[ms ownage]
Number=6343
Confirmed=X
Filename=winPE.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajl.html" target=_blank>RBOT-AJL</a> WORM!
Source=Paul Collins Startup list

[MS PLUS INC]
Number=6344
Confirmed=X
Filename=wpad.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytoban.html" target=_blank>MYTOB-AN</a> WORM!
Source=Paul Collins Startup list

[Ms Processe Manager]
Number=6345
Confirmed=X
Filename=msproc.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ATO" target="_blank">RBOT.ATO</a> WORM!
Source=Paul Collins Startup list

[MS Real Player]
Number=6346
Confirmed=X
Filename=RealPlyr.exe
Description=Added by the <a href="http://de.trendmicro-europe.com/consumer/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=1&VName=WORM_RBOT.MR" target=_blank>RBOT.MR</a> WORM!
Source=Paul Collins Startup list

[MS Registry Service]
Number=6347
Confirmed=X
Filename=MSRMS32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotakp.html" target=_blank>RBOT-AKP</a> WORM!
Source=Paul Collins Startup list

[MS Remote Procedure Call]
Number=6348
Confirmed=X
Filename=msrpc32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotql.html" target=_blank>RBOT-QL</a> WORM!
Source=Paul Collins Startup list

[MS Screen Saver]
Number=6349
Confirmed=X
Filename=scrsave.scr
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagt.html" target=_blank>RBOT-AGT</a> WORM!
Source=Paul Collins Startup list

[MS Security]
Number=6350
Confirmed=X
Filename=systm.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqn.html" target=_blank>RBOT-AQN</a> WORM!
Source=Paul Collins Startup list

[MS Security Authority Service]
Number=6351
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kalelb.html" target=_blank>KALEL-B</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
Source=Paul Collins Startup list

[MS Security Hotfix]
Number=6352
Confirmed=X
Filename=service5.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092318-4059-99" target="_blank">GAOBOT.AG</a> WORM!
Source=Paul Collins Startup list

[MS Security Update 993]
Number=6353
Confirmed=X
Filename=msident.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[MS service]
Number=6354
Confirmed=X
Filename=msservice.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotzg.html" target= blank>RBOT-ZG</a> WORM!
Source=Paul Collins Startup list

[MS Service Drivers]
Number=6355
Confirmed=X
Filename=winscv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotcog.html" target="_blank">SDBOT-COG</a> WORM!
Source=Paul Collins Startup list

[Ms sock for Windows NT]
Number=6356
Confirmed=X
Filename=winser.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[MS Sound Config 16bit]
Number=6357
Confirmed=X
Filename=sndcfg16.exe
Description=Added by the <a href="http://www.f-secure.com/v-descs/sdbot_mb.shtml" target="_blank">SDBOT.MB</a> TROJAN!
Source=Paul Collins Startup list

[Ms Sound Drivers]
Number=6358
Confirmed=X
Filename=msdrv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwr.html" target=_blank>SDBOT-WR</a> WORM!
Source=Paul Collins Startup list

[Ms Spool32]
Number=6359
Confirmed=X
Filename=MS SPOOL32.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-070311-2607-99" target="_blank">ASASSIN</a> TROJAN!
Source=Paul Collins Startup list

[MS SyS Restore]
Number=6360
Confirmed=X
Filename=sysrestore.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.XM" target="_blank">RBOT.XM</a> WORM!
Source=Paul Collins Startup list

[MS Sys Security]
Number=6361
Confirmed=X
Filename=mswin.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotapj.html" target=_blank>RBOT-APJ</a> WORM!
Source=Paul Collins Startup list

[MS System Call Function]
Number=6362
Confirmed=X
Filename=msscf32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgbz.html" target="_blank">RBOT-GBZ</a> WORM!
Source=Paul Collins Startup list

[Ms System Config]
Number=6363
Confirmed=X
Filename=Mscfg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotccr.html" target="_blank">SDBOT-CCR</a> WORM!
Source=Paul Collins Startup list

[Ms System Config]
Number=6364
Confirmed=X
Filename=pcedit.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[MS System Security]
Number=6365
Confirmed=X
Filename=mswin32.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaox.html" target=_blank>RBOT-AOX</a> WORM!
Source=Paul Collins Startup list

[Ms task manager]
Number=6366
Confirmed=X
Filename=tskmgr.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.CCD" target="_blank">SDBOT.CCD</a> WORM!
Source=Paul Collins Startup list

[MS taskbar]
Number=6367
Confirmed=X
Filename=crssr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotago.html" target=_blank>RBOT-AGO</a> WORM!
Source=Paul Collins Startup list

[MS taskbar]
Number=6368
Confirmed=X
Filename=nts.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagb.html" target=_blank>RBOT-AGB</a> WORM! 
Source=Paul Collins Startup list

[MS taskbar]
Number=6369
Confirmed=X
Filename=taskbars.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BRW&VSect=P" target=_blank>RBOT.BRW</a> WORM!
Source=Paul Collins Startup list

[MS Taskbars]
Number=6370
Confirmed=X
Filename=taskbars.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotacv.html" target=_blank>SDBOT-ACV</a> WORM!
Source=Paul Collins Startup list

[MS taskmanager]
Number=6371
Confirmed=X
Filename=tskmgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaka.html" target=_blank>RBOT-AKA</a> WORM!
Source=Paul Collins Startup list

[MS UniX]
Number=6372
Confirmed=X
Filename=navupdate64.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[MS Unix Binary]
Number=6373
Confirmed=X
Filename=win32ttb.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.OQ&VSect=P" target=_blank>SPYBOT.OQ</a> WORM!
Source=Paul Collins Startup list

[MS Unix Binary]
Number=6374
Confirmed=X
Filename=msmq2inst.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyf.html" target=_blank>RBOT-YF</a> WORM!
Source=Paul Collins Startup list

[MS Unix Binary]
Number=6375
Confirmed=X
Filename=msnupdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaam.html" target=_blank>RBOT-AAM</a> WORM!
Source=Paul Collins Startup list

[MS Unix Binary]
Number=6376
Confirmed=X
Filename=outlookexpressupdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyu.html" target=_blank>RBOT-YU</a> WORM!
Source=Paul Collins Startup list

[MS Unix Binary]
Number=6377
Confirmed=X
Filename=Win32Update.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbas.html" target=_blank>RBOT-BAS</a> WORM!
Source=Paul Collins Startup list

[MS Unix Binary]
Number=6378
Confirmed=X
Filename=Norton2005Update.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[MS Unix Binary]
Number=6379
Confirmed=X
Filename=trmupdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotacc.html" target= blank>RBOT-ACC</a> WORM!
Source=Paul Collins Startup list

[MS Unix Binary]
Number=6380
Confirmed=X
Filename=WinGuard.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotacl.html" target= blank>RBOT-ACL</a> WORM!
Source=Paul Collins Startup list

[MS Unix Binary]
Number=6381
Confirmed=X
Filename=msnq3insller.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[MS Update]
Number=6382
Confirmed=X
Filename=syshost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32evamanf.html" target="_blank">EVAMAN-F</a> WORM!
Source=Paul Collins Startup list

[Ms Update WinServices NT/XP]
Number=6383
Confirmed=X
Filename=winservnt32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vanebotg.html" target="_blank">VANEBOT-G</a> WORM!
Source=Paul Collins Startup list

[MS Updates]
Number=6384
Confirmed=X
Filename=mscache.exe
Description=Spyware web downloader
Source=Paul Collins Startup list

[MS Updates]
Number=6385
Confirmed=X
Filename=syshosts.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091518-1442-99" target="_blank">MYDOOM.Y</a> WORM!
Source=Paul Collins Startup list

[MS Updates]
Number=6386
Confirmed=X
Filename=aupd.exe
Description=Spyware web downloader
Source=Paul Collins Startup list

[MS Updating Utility]
Number=6387
Confirmed=X
Filename=msupdater.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxr.html" target= blank>RBOT-XR</a> WORM!
Source=Paul Collins Startup list

[MS USB 2.0 Windows Support]
Number=6388
Confirmed=X
Filename=msusb32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Ms Valud Loader]
Number=6389
Confirmed=X
Filename=Svhots.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotsp.html" target=_blank>AGOBOT-SP</a> WORM!
Source=Paul Collins Startup list

[ms window update]
Number=6390
Confirmed=X
Filename=******.exe [* = random character]
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[MS Windows AOL Driver]
Number=6391
Confirmed=X
Filename=MSAOLdrv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasp.html" target=_blank>RBOT-ASP</a> WORM!
Source=Paul Collins Startup list

[MS windows Data list process]
Number=6392
Confirmed=X
Filename=MSDATLST.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[MS Windows procces 32]
Number=6393
Confirmed=X
Filename=msprocces.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaez.html" target=_blank>RBOT-AEZ</a> WORM!
Source=Paul Collins Startup list

[MS Windows Process Class]
Number=6394
Confirmed=X
Filename=MSPRCSS32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyq.html" target= blank>RBOT-YQ</a> WORM!
Source=Paul Collins Startup list

[MS Windows Process Init]
Number=6395
Confirmed=X
Filename=MSWPI32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasq.html" target=_blank>RBOT-ASQ</a> WORM!
Source=Paul Collins Startup list

[MS Windows Security Updater]
Number=6396
Confirmed=X
Filename=updater.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaky.html" target=_blank>RBOT-AKY</a> WORM!
Source=Paul Collins Startup list

[MS Windows System Alert]
Number=6397
Confirmed=X
Filename=MSWSA32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbfn.html" target="_blank">RBOT-BFN</a> WORM!
Source=Paul Collins Startup list

[MS Windows Update]
Number=6398
Confirmed=X
Filename=scguard.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyz.html" target= blank>RBOT-YZ</a> WORM!
Source=Paul Collins Startup list

[MS WINS Binary]
Number=6399
Confirmed=X
Filename=ign32.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasb.html" target=_blank>RBOT-ASB</a> WORM!
Source=Paul Collins Startup list

[ms************* [* = random digit]]
Number=6400
Confirmed=X
Filename=ms*************.exe [* = random digit]
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062915-3210-99" target=_blank>WINBO</a> adware
Source=Paul Collins Startup list

[Ms**.exe [* = random char]]
Number=6401
Confirmed=X
Filename=Ms**.exe [* = random char]
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
Source=Paul Collins Startup list

[Ms**32.exe [* = random char]]
Number=6402
Confirmed=X
Filename=Ms**32.exe [* = random char]
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
Source=Paul Collins Startup list

[MS-Connect]
Number=6403
Confirmed=X
Filename=arr.exe
Description=Adult content dialler - see <a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=99972" target="_blank">here</a>
Source=Paul Collins Startup list

[MS-Connect]
Number=6404
Confirmed=X
Filename=cdm.exe
Description=Adult content dialler - see <a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=99972" target="_blank">here</a>
Source=Paul Collins Startup list

[MS-Connect]
Number=6405
Confirmed=X
Filename=game.exe
Description=Adult content dialler - see <a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=99972" target="_blank">here</a>
Source=Paul Collins Startup list

[MS-Connect]
Number=6406
Confirmed=X
Filename=msite18.exe
Description=Adult content dialler - see <a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=99972" target="_blank">here</a>
Source=Paul Collins Startup list

[MS-Connect]
Number=6407
Confirmed=X
Filename=web.exe
Description=Adult content dialler - see <a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=99972" target="_blank">here</a>
Source=Paul Collins Startup list

[MS-DOS Boot Service]
Number=6408
Confirmed=X
Filename=Boot32.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotamf.html" target=_blank>RBOT-AMF</a> WORM!
Source=Paul Collins Startup list

[MS-DOS Security Service]
Number=6409
Confirmed=X
Filename=ms-dos.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotamr.html" target=_blank>RBOT-AMR</a> WORM!
Source=Paul Collins Startup list

[MS-DOS Service]
Number=6410
Confirmed=X
Filename=MS-DOS.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaii.html" target="_blank">RBOT-AII</a> WORM!
Source=Paul Collins Startup list

[MS-DOS Windows Service]
Number=6411
Confirmed=X
Filename=MS-DOS.PIF
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajw.html" target=_blank>RBOT-AJW</a> WORM!
Source=Paul Collins Startup list

[MS-HTML]
Number=6412
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LATINUS.15" target="_blank">LATINUS.15</a> TROJAN!
Source=Paul Collins Startup list

[MS-patch]
Number=6413
Confirmed=X
Filename=msconfig32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotauf.html" target=_blank>RBOT-AUF</a> WORM!
Source=Paul Collins Startup list

[MS-patch]
Number=6414
Confirmed=X
Filename=mspatch32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawf.html" target=_blank>RBOT-AWF</a> TROJAN!
Source=Paul Collins Startup list

[MS-RunKey]
Number=6415
Confirmed=X
Filename=arr.exe
Description=MS-Connect dialler/hijacker
Source=Paul Collins Startup list

[ms2src]
Number=6416
Confirmed=X
Filename=ms2src.exe
Description=Added by a TROJAN - see <a href="http://greatis.com/appdata/d/m/ms2src.exe_Removal.htm" target=_blank>here</a> 

Source=Paul Collins Startup list

[MS32DLL]
Number=6417
Confirmed=X
Filename=achi.dll.vbs
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojachia.html" target="_blank">ACHI-A</a> TROJAN!
Source=Paul Collins Startup list

[MS32DLL]
Number=6418
Confirmed=X
Filename=Bha.dll.vbs
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/vbsbutsura.html" target="_blank">BUTSUR-A</a> WORM!
Source=Paul Collins Startup list

[MS32DLL]
Number=6419
Confirmed=X
Filename=Bha.dll.vbs
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/vbsbutsura.html" target="_blank">BUTSUR-A</a> WORM!
Source=Paul Collins Startup list

[MS7531]
Number=6420
Confirmed=X
Filename=ms7531.exe
Description=Homepage hijacker
Source=Paul Collins Startup list

[MSACM]
Number=6421
Confirmed=X
Filename=msacm.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32opaservo.html" target="_blank">OPASERV-O</a> WORM!
Source=Paul Collins Startup list

[msadcheck]
Number=6422
Confirmed=X
Filename=msadcheck32.exe
Description=Browser hijacker, redirecting to search-system.com

Source=Paul Collins Startup list

[MSAdmin]
Number=6423
Confirmed=X
Filename=jdbgmrg.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DASMIN.A" target="_blank">DASMIN.A</a> TROJAN! Note - this is not the valid JDBGMGR.EXE file - see <a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=99436" target="_blank">here</a>
Source=Paul Collins Startup list

[MSAgent]
Number=6424
Confirmed=X
Filename=mshtm.exe
Description=Browser hijacker - redirecting to buldog-search.com

Source=Paul Collins Startup list

[MSAgent]
Number=6425
Confirmed=X
Filename=hhnt.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY_AGENT.JI" target=_blank>AGENT.JI</a> spyware
Source=Paul Collins Startup list

[MSAgentXP]
Number=6426
Confirmed=X
Filename=MSAgentXP.exe
Description=Reported by <a href="http://www.ewido.net/en/" target=_blank>Ewido Security Suite</a> as TrojanDownloader.Reqlook.c
Source=Paul Collins Startup list

[msaim]
Number=6427
Confirmed=U
Filename=msaolim.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050516-5740-99" target= blank>MessageSpy</a> keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[msappts32]
Number=6428
Confirmed=X
Filename=msappts32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojelburroa.html" target=_blank>ELBURRO-A</a> TROJAN!
Source=Paul Collins Startup list

[MsAudio]
Number=6429
Confirmed=X
Filename=explorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmirby.html" target=_blank>LEGMIR-BY</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[MsAudio]
Number=6430
Confirmed=X
Filename=MsVM_STI.EXE RunDll32 cmicnfg.cpl, CMICtrlWnd
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmirby.html" target=_blank>LEGMIR-BY</a> TROJAN! Note - this is not associated with C-Media based audio which uses a similar command entry (see <a href="http://www.sysinfo.org/startuplist.php?filter=CMICtrlWnd" target=_blank>here</a>)
Source=Paul Collins Startup list

[MSbackups]
Number=6431
Confirmed=X
Filename=backups.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbanloadtl.html" target="_blank">BANLOAD-TL</a> TROJAN!
Source=Paul Collins Startup list

[MSBB]
Number=6432
Confirmed=X
Filename=msbb.exe
Description=Advertising spyware
Source=Paul Collins Startup list

[msbcs]
Number=6433
Confirmed=X
Filename=msbcs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdadobrag.html" target=_blank>DADOBRA-G</a> TROJAN!
Source=Paul Collins Startup list

[MsBootMgr.exe]
Number=6434
Confirmed=X
Filename=MsBootMgr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040711-2720-99" target=_blank>VERIFY</a> TROJAN!
Source=Paul Collins Startup list

[msbsc]
Number=6435
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerdf.html" target=_blank>BANKER-DF</a> TROJAN!
Source=Paul Collins Startup list

[msccrt]
Number=6436
Confirmed=X
Filename=msccrt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpwsala.html" target="_blank">PWS-ALA</a> TROJAN!
Source=Paul Collins Startup list

[mschkdf.exe]
Number=6437
Confirmed=X
Filename=mschkdf.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[MSChoExE]
Number=6438
Confirmed=X
Filename=suge.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!

Source=Paul Collins Startup list

[msci]
Number=6439
Confirmed=?
Filename=mcinfo.exe
Description=McAfee Internet Security related. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[mscman]
Number=6440
Confirmed=X
Filename=mscman.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClientMan&threatid=3754" target=_blank>ClientMan</a> parasite variant
Source=Paul Collins Startup list

[mscn]
Number=6441
Confirmed=U
Filename=mscn.exe
Description=Part of the SafeChildNet internet filtering program - required if you use it
Source=Paul Collins Startup list

[Mscnt]
Number=6442
Confirmed=X
Filename=mscnt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdlucac.html" target=_blank>DLUCA-C</a> TROJAN!
Source=Paul Collins Startup list

[Mscolour]
Number=6443
Confirmed=X
Filename=mscolour.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=40574" target=_blank>GEMA</a> TROJAN!
Source=Paul Collins Startup list

[MSCommX]
Number=6444
Confirmed=X
Filename=mscommx.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[MSCONFG32.EXE]
Number=6445
Confirmed=X
Filename=MSCONFG32.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-102319-1255-99" target="_blank">OPTIX.04.C</a> TROJAN!
Source=Paul Collins Startup list

[MSConfig]
Number=6446
Confirmed=N
Filename=msconfig.exe
Description=Entry that appears when you uncheck an item in the MSConfig Startup group, and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode
Source=Paul Collins Startup list

[MSConfig]
Number=6447
Confirmed=X
Filename=MSCONFIG32.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.B&VSect=P" target=_blank>SPYBOT.B</a> WORM!
Source=Paul Collins Startup list

[msconfig]
Number=6448
Confirmed=X
Filename=msconfig.exe
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite related. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/msconfig/" target=_blank>msconfig.exe</a> which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting
Source=Paul Collins Startup list

[Msconfig]
Number=6449
Confirmed=X
Filename=msconfig.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-020316-5130-99" target="_blank">WINUR</a> WORM! Note - this is not the real msconfig.exe as it's located in C:\winrun\
Source=Paul Collins Startup list

[msconfig]
Number=6450
Confirmed=X
Filename=wins.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.PF&VSect=P" target=_blank>RBOT.PF</a> WORM!
Source=Paul Collins Startup list

[MSConfig]
Number=6451
Confirmed=X
Filename=MSCONFIG35.EXE
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[msconfig]
Number=6452
Confirmed=X
Filename=scvhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentdsf.html" target="_blank">AGENT-DSF</a> TROJAN!
Source=Paul Collins Startup list

[msconfig]
Number=6453
Confirmed=X
Filename=winlog.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbottj.html" target="_blank">IRCBOT-TJ</a> TROJAN!
Source=Paul Collins Startup list

[Msconfig]
Number=6454
Confirmed=X
Filename=icpldrvx.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BANLOAD.BFT" target="_blank">BANLOAD.BFT</a> TROJAN!
Source=Paul Collins Startup list

[msconfig]
Number=6455
Confirmed=X
Filename=msconfig.com
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ircbotsm.html" target="_blank">IRCBOT-SM</a> WORM!
Source=Paul Collins Startup list

[Msconfig lptt01]
Number=6456
Confirmed=X
Filename=msconfig.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "msconfig" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>. Note - this is not the valid Windows Msconfig which has the same executable name
Source=Paul Collins Startup list

[MSConfig Manager]
Number=6457
Confirmed=X
Filename=msupdate.exe
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list

[Msconfig ml097e]
Number=6458
Confirmed=X
Filename=msconfig.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "msconfig" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>. Note - this is not the valid Windows Msconfig which has the same executable name
Source=Paul Collins Startup list

[msconfig service]
Number=6459
Confirmed=X
Filename=MSupdate32.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[msconfig.exe]
Number=6460
Confirmed=X
Filename=proxy.exe
Description=Added by a variant of the AGENT.AH downloader TROJAN!
Source=Paul Collins Startup list

[msconfig.exe]
Number=6461
Confirmed=X
Filename=uline.exe
Description=Added by a variant of the AGENT.AH downloader TROJAN!
Source=Paul Collins Startup list

[msconfig38]
Number=6462
Confirmed=X
Filename=mssvcc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbjv.html" target=_blank>RBOT-BJV</a> WORM!

Source=Paul Collins Startup list

[MSConfig45]
Number=6463
Confirmed=X
Filename=MSConfig45.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.OJ" target="_blank">SDBOT.OJ</a> TROJAN!
Source=Paul Collins Startup list

[MSConfigr]
Number=6464
Confirmed=X
Filename=jdbgmrg.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DASMIN.C" target="_blank">DASMIN.C</a> TROJAN! Note - this is not the valid JDBGMGR.EXE file - see <a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=99436" target="_blank">here</a>
Source=Paul Collins Startup list

[MSConfigReminder]
Number=6465
Confirmed=N
Filename=msconfig.exe
Description=Entry that appears when you uncheck an item in the MSConfig Startup group, and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode
Source=Paul Collins Startup list

[MsConfigs]
Number=6466
Confirmed=X
Filename=MsConfigs.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ALCAN.A" target=_blank>ALCAN.A</a> WORM!
Source=Paul Collins Startup list

[MSControl28]
Number=6467
Confirmed=X
Filename=crsss.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.AJX&VSect=P" target=_blank>SPYBOT.AJX</a> WORM!
Source=Paul Collins Startup list

[MSControl31]
Number=6468
Confirmed=X
Filename=winnsyst.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CFY&VSect=P" target=_blank>RBOT.CFY</a> WORM!
Source=Paul Collins Startup list

[MSControl3d1]
Number=6469
Confirmed=X
Filename=isasse.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CGU&VSect=P" target=_blank>RBOT.CGU</a> WORM!
Source=Paul Collins Startup list

[MSCORE]
Number=6470
Confirmed=X
Filename=syscnfg.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in C:\windows\fonts (or C:\winnt\fonts) directory where no *.exe files should reside
Source=Paul Collins Startup list

[Mscsgs]
Number=6471
Confirmed=X
Filename=MSCSGS.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100116-5607-99" target="_blank">ZEZER</a> WORM!
Source=Paul Collins Startup list

[Mscsgs32]
Number=6472
Confirmed=X
Filename=MSCSGS32.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100116-5607-99" target="_blank">ZEZER</a> WORM!
Source=Paul Collins Startup list

[mscsvc.exe]
Number=6473
Confirmed=X
Filename=mscsvc.exe
Description=Added by the <a href="http://www.sarc.com/avcenter/venc/data/pwsteal.bancos.t.html" target= blank>BANCOS.T</a> TROJAN!
Source=Paul Collins Startup list

[Msctrl32]
Number=6474
Confirmed=X
Filename=Msctrl32.scr
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-051917-5210-99" target="_blank">REDIST</a> WORM!
Source=Paul Collins Startup list

[MSCVT]
Number=6475
Confirmed=X
Filename=MSCVT.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120414-4935-99" target="_blank">SLIDESHOW</a> WORM!
Source=Paul Collins Startup list

[MSDcom]
Number=6476
Confirmed=X
Filename=MSDcom.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[msdev]
Number=6477
Confirmed=X
Filename=msdev.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotcr.html" target=_blank>FORBOT-CR</a> WORM!
Source=Paul Collins Startup list

[msdev]
Number=6478
Confirmed=X
Filename=msconfig.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AAU&VSect=T" target=_blank>AGOBOT.AAU</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/msconfig/" target=_blank>msconfig.exe</a> which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting
Source=Paul Collins Startup list

[msdirect.exe]
Number=6479
Confirmed=X
Filename=msdirect.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcertifl.html" target=_blank>CERTIF-L</a> TROJAN!
Source=Paul Collins Startup list

[MSDLL]
Number=6480
Confirmed=X
Filename=syscnfg.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in C:\windows\fonts (or C:\winnt\fonts) directory where no *.exe files should reside
Source=Paul Collins Startup list

[Msdmxm]
Number=6481
Confirmed=X
Filename=msdmxm.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaddc.html" target=_blank>DLOAD-DC</a> TROJAN!
Source=Paul Collins Startup list

[MSDN]
Number=6482
Confirmed=X
Filename=nese.exe
Description=Added by the SDBOT.AHY WORM!
Source=Paul Collins Startup list

[MSDN for Windows NT & WinXP]
Number=6483
Confirmed=X
Filename=msdnxp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ircbotpe.html" target="_blank">IRCBOT-PE</a> WORM!
Source=Paul Collins Startup list

[MSDN for Windows with NT's]
Number=6484
Confirmed=X
Filename=msdn-nt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotewd.html" target="_blank">RBOT-EWD</a> WORM!
Source=Paul Collins Startup list

[MSDN HELP]
Number=6485
Confirmed=X
Filename=msdn.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AIB&VSect=P" target=_blank>AGOBOT.AIB</a> WORM!
Source=Paul Collins Startup list

[MSDOS Security Service]
Number=6486
Confirmed=X
Filename=msdos.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotamp.html" target=_blank>RBOT-AMP</a> WORM!
Source=Paul Collins Startup list

[MSDOS Service]
Number=6487
Confirmed=X
Filename=MSDOS.PIF
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaiy.html" target=_blank>RBOT-AIY</a> WORM!
Source=Paul Collins Startup list

[MSDOS Windows Service]
Number=6488
Confirmed=X
Filename=MSDOS.PIF
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotakf.html" target=_blank>RBOT-AKF</a> WORM!
Source=Paul Collins Startup list

[Msdos32]
Number=6489
Confirmed=X
Filename=Msdos32.pif
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-123122-0347-99" target="_blank">RECORY</a> WORM!
Source=Paul Collins Startup list

[msdos423]
Number=6490
Confirmed=X
Filename=msdos423.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MENACE.A" target="_blank">MENACE.A</a> WORM!
Source=Paul Collins Startup list

[MSDosdrv]
Number=6491
Confirmed=N
Filename=msdosdrv.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-101915-0010-99" target=_blank>BACROS</a> WORM!
Source=Paul Collins Startup list

[MSDTC]
Number=6492
Confirmed=N
Filename=msdtc.exe
Description=MS Distributed Transaction Coordinator - handles transactions across multiple servers and is installed by MS Personal Web Server and MS SQL Server
Source=Paul Collins Startup list

[Msemu32]
Number=6493
Confirmed=X
Filename=Msemu32.exe
Description=Unidentified spyware/adware/hijacker
Source=Paul Collins Startup list

[mservices.exe]
Number=6494
Confirmed=X
Filename=mservices.exe
Description=Added by the <a href="http://it.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_SDBOT.WJ" target=_blank>SDBOT.WJ</a> WORM!
Source=Paul Collins Startup list

[Msfind]
Number=6495
Confirmed=X
Filename=Msfind.exe
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list

[MSFind32]
Number=6496
Confirmed=X
Filename=msfind32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121609-1754-99" target="_blank">CAYAM</a> WORM!
Source=Paul Collins Startup list

[msfindosa.exe]
Number=6497
Confirmed=X
Filename=msfindosa.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_99960.htm" target="_blank">DOWNLOADER-BS</a> TROJAN!
Source=Paul Collins Startup list

[MSFTP Service Config]
Number=6498
Confirmed=X
Filename=r3grun.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[MSFWAVTSM]
Number=6499
Confirmed=X
Filename=FTPDev.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotacf.html" target= blank>RBOT-ACF</a> WORM!
Source=Paul Collins Startup list

[Msg Fixage]
Number=6500
Confirmed=X
Filename=msgfixed.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ZD" target=_blank>SDBOT.ZD</a> WORM!
Source=Paul Collins Startup list

[MsgApi]
Number=6501
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdedlerd.html" target="_blank">DEDLER-D</a> TROJAN!
Source=Paul Collins Startup list

[msgb1]
Number=6502
Confirmed=X
Filename=msgb1.exe
Description=Added by the DLUCA.GEN TROJAN!
Source=Paul Collins Startup list

[MsgCenterExe]
Number=6503
Confirmed=N
Filename=RealOneMessageCenter.exe
Description=RealNetworks <a href="http://www.real.com/" target=_blank>RealPlayer</a> related - disabling this application will not affect Real Player in any way
Source=Paul Collins Startup list

[msgex32]
Number=6504
Confirmed=X
Filename=msgex32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32appfleta.html" target=_blank>APPFLET-A</a> WORM!
Source=Paul Collins Startup list

[Msgmgr]
Number=6505
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-072314-3721-99" target="_blank">BABYBEAR</a> WORM!
Source=Paul Collins Startup list

[msgserv_]
Number=6506
Confirmed=X
Filename=Syss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-110517-3735-99" target=_blank>FANTA</a> TROJAN!
Source=Paul Collins Startup list

[msgsm32]
Number=6507
Confirmed=X
Filename=msgsm32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasg.html" target=_blank>RBOT-ASG</a> WORM!
Source=Paul Collins Startup list

[Msgsrv16]
Number=6508
Confirmed=X
Filename=Msgsrv16.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-050207-0707-99" target="_blank">DELF</a> family of TROJANS!
Source=Paul Collins Startup list

[MSGSRV32.exe]
Number=6509
Confirmed=Y
Filename=msgsrv32.exe
Description=Windows 32-bit VxD Message Server. For more information on its function and why it's needed, see <a href="http://support.microsoft.com/kb/q138708/" target="_blank">here</a>. Note - why some people have it listed in start-up programs I don't know but I was asked to include it here. It automatically runs in the background
Source=Paul Collins Startup list

[Msgsvc32]
Number=6510
Confirmed=X
Filename=[worm filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32nauticala.html" target="_blank">NAUTICAL-A</a> TROJAN!

Source=Paul Collins Startup list

[MsgSvcMgr32]
Number=6511
Confirmed=X
Filename=cmdzxdll.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaek.html" target=_blank>RBOT-AEK</a> WORM!
Source=Paul Collins Startup list

[msgsvr32]
Number=6512
Confirmed=X
Filename=msgsvr32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-021217-0427-99" target="_blank">DEADHAT.B</a> WORM! Note - not to be confused with the valid "msgsrv32.exe" file which resides in the same directory (C:\Windows\System) on a Win9x/Me machine
Source=Paul Collins Startup list

[MSGTAG]
Number=6513
Confirmed=U
Filename=MSGTAG.exe
Description=<a href="http://www.msgtag.com/home/" target=_blank>MSGTAG</a> is an application that tells you when your emails have been received and opened
Source=Paul Collins Startup list

[Msgtray]
Number=6514
Confirmed=X
Filename=sys16.exe
Description=Added by an unknown VIRUS!
Source=Paul Collins Startup list

[Mshelp32]
Number=6515
Confirmed=X
Filename=mshelp32.exe
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list

[MSHT@]
Number=6516
Confirmed=X
Filename=MSHT@.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_MAGISTR.A" target="_blank">MAGISTR.A</a> VIRUS!
Source=Paul Collins Startup list

[mshtmll]
Number=6517
Confirmed=X
Filename=mshtmll.dll
Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan-Downloader.Win32.Delf.bas&threatid=90253" target="_blank">DELF.BAS</a> TROJAN!
Source=Paul Collins Startup list

[msident]
Number=6518
Confirmed=X
Filename=msident.exe
Description=Unidentified adware or trojan
Source=Paul Collins Startup list

[msidle]
Number=6519
Confirmed=X
Filename=msidle.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32opaservo.html" target="_blank">OPASERV-O</a> WORM!
Source=Paul Collins Startup list

[MsIdle32.exe]
Number=6520
Confirmed=X
Filename=MsIdle32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040711-2720-99" target=_blank>VERIFY</a> TROJAN!
Source=Paul Collins Startup list

[MSIdll]
Number=6521
Confirmed=X
Filename=winmp.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[MSIE Parsers]
Number=6522
Confirmed=X
Filename=MSIE32ab.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.MV" target="_blank">SDBOT.MV</a> WORM!
Source=Paul Collins Startup list

[msiew]
Number=6523
Confirmed=X
Filename=mseiw.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-033001-2340-99" target=_blank>LITTLOG</a> TROJAN!
Source=Paul Collins Startup list

[MSIEXEC]
Number=6524
Confirmed=X
Filename=MSIEXEC32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-062520-3058-99" target="_blank">AINESEY.A</a> WORM!
Source=Paul Collins Startup list

[MSIEXEC]
Number=6525
Confirmed=X
Filename=MSIEXEC.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/vbsyosenioa.html" target=_blank>YOSENIO-A</a> VIRUS!
Source=Paul Collins Startup list

[msiexecs.exe]
Number=6526
Confirmed=X
Filename=msiexecs.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[MSIMN32]
Number=6527
Confirmed=X
Filename=MSIMN32.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcwsm.html" target=_blank>CWS-M</a> TROJAN!
Source=Paul Collins Startup list

[MSIN]
Number=6528
Confirmed=?
Filename=MSin.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Msinet]
Number=6529
Confirmed=X
Filename=Msinet.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaoa.html" target=_blank>RBOT-AOA</a> WORM!
Source=Paul Collins Startup list

[MSInfo]
Number=6530
Confirmed=X
Filename=msinfo.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-022515-4233-99" target="_blank">ALADINZ.M</a> TROJAN!
Source=Paul Collins Startup list

[MSInfo]
Number=6531
Confirmed=X
Filename=AVBgle.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031709-3728-99" target="_blank">NETSKY.O</a> WORM!
Source=Paul Collins Startup list

[MSInstall]
Number=6532
Confirmed=X
Filename=smvss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdedlerg.html" target=_blank>DEDLER-G</a> TROJAN!
Source=Paul Collins Startup list

[msjava service]
Number=6533
Confirmed=X
Filename=xpcd.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.VM" target="_blank">SDBOT.VM</a> WORM!
Source=Paul Collins Startup list

[MSKAGENTEXE]
Number=6534
Confirmed=U
Filename=MskAgent.exe
Description=McAfee <a href="http://www.mcafeestore.com/dr/sat4/ec_MAIN.Entry10?SP=10023&PN=1&xid=39695&V1=749687&CUR=826&DSP=&PGRP=0&ABCODE=&CACHE_ID=0" target="_blank">Spamkiller</a>
Source=Paul Collins Startup list

[MSKCES32]
Number=6535
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-022010-0405-99" target="_blank">CLONER</a> TROJAN!
Source=Paul Collins Startup list

[MSKDetectorExe]
Number=6536
Confirmed=U
Filename=MSKDetct.exe
Description=Part of McAfee <a href="http://www.mcafeestore.com/dr/sat4/ec_MAIN.Entry10?SP=10023&PN=1&xid=39695&V1=749687&CUR=826&DSP=&PGRP=0&ABCODE=&CACHE_ID=0" target="_blank">Spamkiller</a>
Source=Paul Collins Startup list

[MSKernel32]
Number=6537
Confirmed=X
Filename=MSKernel32.vbs
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=VBS_LOVELETTER" target="_blank"> LOVELETTER</a> (I LOVE YOU) VIRUS!
Source=Paul Collins Startup list

[MSkernel32]
Number=6538
Confirmed=X
Filename=System.exe 4820
Description=Added by the <a href="http://www.sarc.com/avcenter/venc/data/backdoor.tuxder.html" target="_blank">TUXDER</a> TROJAN!
Source=Paul Collins Startup list

[MSKExe]
Number=6539
Confirmed=U
Filename=spamkiller.exe
Description=McAfee <a href="http://www.mcafeestore.com/dr/sat4/ec_MAIN.Entry10?SP=10023&PN=1&xid=39695&V1=749687&CUR=826&DSP=&PGRP=0&ABCODE=&CACHE_ID=0" target="_blank">Spamkiller</a>
Source=Paul Collins Startup list

[mskj]
Number=6540
Confirmed=X
Filename=mskj.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031217-2631-99" target=_blank>KAEMON</a> TROJAN!
Source=Paul Collins Startup list

[MSKServerExe]
Number=6541
Confirmed=U
Filename=MSKSrvr.exe
Description=Part of McAfee <a href="http://www.mcafeestore.com/dr/sat4/ec_MAIN.Entry10?SP=10023&PN=1&xid=39695&V1=749687&CUR=826&DSP=&PGRP=0&ABCODE=&CACHE_ID=0" target="_blank">Spamkiller</a>
Source=Paul Collins Startup list

[mslagent]
Number=6542
Confirmed=X
Filename=mslagent.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojwintrimf.html" target=_blank>WINTRIM-F</a> TROJAN!
Source=Paul Collins Startup list

[MSLARISSA]
Number=6543
Confirmed=X
Filename=MSLARISSA.pif
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030222-1459-99" target=_blank>ASSIRAL.B</a> WORM!
Source=Paul Collins Startup list

[MSLIB32]
Number=6544
Confirmed=?
Filename=mswatch32.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[MSLog]
Number=6545
Confirmed=X
Filename=MicrosoftLog.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Mslogon lptt01]
Number=6546
Confirmed=X
Filename=mslogon.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Mslogon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[Mslogon ml097e]
Number=6547
Confirmed=X
Filename=mslogon.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Mslogon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[MsManager]
Number=6548
Confirmed=X
Filename=msmgr32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111215-5603-99" target="_blank">YAHA.AF</a> WORM!
Source=Paul Collins Startup list

[msmanager32]
Number=6549
Confirmed=X
Filename=msmngr32.exe
Description=Added by the <a href="http://www.us.sophos.com/virusinfo/analyses/w32randonr.html" target="_blank">RANDON-R</a> (or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_WOMANIZ.A" target="_blank">WOMANIZ.A</a>) WORM!
Source=Paul Collins Startup list

[msmautoprotect]
Number=6550
Confirmed=X
Filename=msmssgs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifroseaj.html" target= blank>BIFROSE-AJ</a> TROJAN!
Source=Paul Collins Startup list

[msmc]
Number=6551
Confirmed=X
Filename=mscpbo.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClientMan&threatid=3754" target=_blank>ClientMan</a> parasite variant
Source=Paul Collins Startup list

[msmc]
Number=6552
Confirmed=X
Filename=msgdmf.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClientMan&threatid=3754" target=_blank>ClientMan</a> parasite variant
Source=Paul Collins Startup list

[msmc]
Number=6553
Confirmed=X
Filename=msongn.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClientMan&threatid=3754" target=_blank>ClientMan</a> parasite variant
Source=Paul Collins Startup list

[msmc]
Number=6554
Confirmed=X
Filename=msmc.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClientMan&threatid=3754" target=_blank>ClientMan</a> parasite variant
Source=Paul Collins Startup list

[msmc]
Number=6555
Confirmed=X
Filename=ms****.exe [* = random char]
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClientMan&threatid=3754" target=_blank>ClientMan</a> parasite variant
Source=Paul Collins Startup list

[MSMcAfeee]
Number=6556
Confirmed=X
Filename=Avsynmgr32e.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120314-1133-99" target="_blank">FRAMAR</a> TROJAN!
Source=Paul Collins Startup list

[MSMcAfeeh]
Number=6557
Confirmed=X
Filename=Avsynmgr32h.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101816-5050-99" target="_blank">FRANGO</a> TROJAN!
Source=Paul Collins Startup list

[MSMcAfeeS]
Number=6558
Confirmed=X
Filename=Avsynmgr32S.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121108-2958-99" target="_blank">VOLAC</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121107-2003-99" target="_blank">VOLAC.DR</a> TROJANS!
Source=Paul Collins Startup list

[MSMessnger]
Number=6559
Confirmed=X
Filename=msnupd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotady.html" target=_blank>RBOT-ADY</a> WORM!
Source=Paul Collins Startup list

[msmgr]
Number=6560
Confirmed=?
Filename=msmgr.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[msMGR]
Number=6561
Confirmed=X
Filename=rtkmsg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotbpy.html" target=_blank>SDBOT-BPY</a> WORM!
Source=Paul Collins Startup list

[Msmgt]
Number=6562
Confirmed=X
Filename=msmgt.exe
Description=<a href="http://www.totalvelocity.com/" target="_blank">Total Velocity</a> adware/hijacker
Source=Paul Collins Startup list

[MSMNTGNT]
Number=6563
Confirmed=X
Filename=MSMNTGNT.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerie.html" target=_blank>BANKER-IE</a> TROJAN!
Source=Paul Collins Startup list

[MSMNTJBE]
Number=6564
Confirmed=X
Filename=MSMNTJBE.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosef.html" target=_blank>Bancos-EF</a> TROJAN!
Source=Paul Collins Startup list

[MSMNTJNG]
Number=6565
Confirmed=X
Filename=MSMNTJNG.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojgraberg.html" target=_blank>GRABER-G</a> TROJAN!
Source=Paul Collins Startup list

[MSMNTMTS]
Number=6566
Confirmed=X
Filename=MSMNTMTS.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankergz.html" target=_blank>BANKER-GZ</a> TROJAN!
Source=Paul Collins Startup list

[msmon]
Number=6567
Confirmed=X
Filename=msmon.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=40493" target=_blank>GEMA.D</a> TROJAN!
Source=Paul Collins Startup list

[MsMovies]
Number=6568
Confirmed=X
Filename=MsMovies.exe
Description=Malware - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan-Dropper.Win32.WinAD.h
Source=Paul Collins Startup list

[MsmqIntCert]
Number=6569
Confirmed=?
Filename=regsvr32 /s mqrt.dll
Description=Microsoft Message Queue Server - Internal Certificate - see <a href="http://www.microsoft.com/windowsserver2003/technologies/msmq/default.mspx" target="_blank">here</a> for more info and <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;230050" target="_blank">here</a> for a potential problem.<font color="#FF0000"> Is it required?</font>
Source=Paul Collins Startup list

[MSMSGNER]
Number=6570
Confirmed=X
Filename=[4-8 random letters].exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfowldogen.html" target="_blank">FOWLDO-GEN</a> TROJAN!
Source=Paul Collins Startup list

[msmsgr]
Number=6571
Confirmed=X
Filename=msmsgss.exe
Description=Recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as RBOT.AJJ
Source=Paul Collins Startup list

[MSMSGS]
Number=6572
Confirmed=U
Filename=msmsgs.exe
Description=<a href="http://www.microsoft.com/windowsxp/windowsmessenger/default.asp"_blank">Windows Messenger</a> utility. If you don't use Windows Messenger, this can be annoying. Available via Start -> Programs. Go to Windows Messenger &gt; Tools &gt; Options &gt; Preferences and uncheck &quot;Run this program when Windows starts&quot;
Source=Paul Collins Startup list

[MSMsgs]
Number=6573
Confirmed=X
Filename=msmessgs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallew.html" target=_blank>SMALL-EW</a> TROJAN!
Source=Paul Collins Startup list

[MsMsgSrv]
Number=6574
Confirmed=X
Filename=msmsgsrv.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_132938.htm" target= blank>CQO</a> TROJAN!
Source=Paul Collins Startup list

[MSMsgSvc]
Number=6575
Confirmed=X
Filename=MSMSGSVC.exe
Description=Browser hijacker, identified by some antiviruses as a variant of the StartPage.QC TROJAN!

Source=Paul Collins Startup list

[msmsngr]
Number=6576
Confirmed=X
Filename=msmsngr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32dopbotb.html" target=_blank>DOPBOT-B</a> WORM!
Source=Paul Collins Startup list

[msn]
Number=6577
Confirmed=X
Filename=system32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_KITRO.A" target="_blank"> KITRO.A</a> WORM!
Source=Paul Collins Startup list

[msn]
Number=6578
Confirmed=X
Filename=msnmsg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgo.html" target="_blank">RBOT-GO</a> WORM!
Source=Paul Collins Startup list

[MSN]
Number=6579
Confirmed=X
Filename=msnmsgs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotkl.html" target="_blank">RBOT-KL</a> WORM! Note - not to be confused with msmsgs.exe, the well known MSN Instant Messaging application!
Source=Paul Collins Startup list

[MSN]
Number=6580
Confirmed=X
Filename=ctfmoons.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.HI" target="_blank">SPYBOT.HI</a> WORM!
Source=Paul Collins Startup list

[MSN]
Number=6581
Confirmed=X
Filename=msnmesengers.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotme.html" target=_blank>RBOT-ME</a> WORM!
Source=Paul Collins Startup list

[MSN]
Number=6582
Confirmed=X
Filename=MSN.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-010722-5132-99" target=_blank>MINIT</a> WORM!
Source=Paul Collins Startup list

[MSN]
Number=6583
Confirmed=X
Filename=msnmsgr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022614-4627-99" target=_blank>MYTOB</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022810-1111-99" target=_blank>MYTOB.B</a> WORMS! Note - this is not the valid MSN Messenger (now <a href="http://get.live.com/messenger/overview" target="_blank">Windows Live Messenger</a>) utility
Source=Paul Collins Startup list

[msn]
Number=6584
Confirmed=X
Filename=msnsvc.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[MSN]
Number=6585
Confirmed=X
Filename=msn16.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotvn.html" target= blank>SDBOT-VN</a> WORM!
Source=Paul Collins Startup list

[MSN]
Number=6586
Confirmed=X
Filename=msnsgr.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[MSN 9.0 Plus]
Number=6587
Confirmed=X
Filename=[random letters].exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaly.html" target=_blank>RBOT-ALY</a> WORM!
Source=Paul Collins Startup list

[MSN Administration For Windows]
Number=6588
Confirmed=X
Filename=msnadp32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BROPIA.W&VSect=P" target=_blank>BROPIA.W</a> WORM!
Source=Paul Collins Startup list

[MSN ang]
Number=6589
Confirmed=X
Filename=cssrss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotce.html" target=_blank>FORBOT-CE</a> WORM!

Source=Paul Collins Startup list

[MSN BETA]
Number=6590
Confirmed=X
Filename=service.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AUU&VSect=P" target=_blank>RBOT.AUU</a> WORM!
Source=Paul Collins Startup list

[MSN Checker]
Number=6591
Confirmed=X
Filename=msnchecker.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotagb.html" target="_blank">SDBOT-AGB</a> WORM!
Source=Paul Collins Startup list

[Msn Config]
Number=6592
Confirmed=X
Filename=msngf.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqg.html" target=_blank>RBOT-QG</a> WORM!
Source=Paul Collins Startup list

[Msn Configuration Loader]
Number=6593
Confirmed=X
Filename=msngms.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041414-0115-99" target=_blank>KELVIR.T</a> WORM!
Source=Paul Collins Startup list

[MSN Explorer]
Number=6594
Confirmed=X
Filename=msnexplorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentcax.html" target="_blank">AGENT-CAX</a> TROJAN!
Source=Paul Collins Startup list

[MSN Explorer]
Number=6595
Confirmed=X
Filename=explorer..exe
Description=Dropper for the <a href="http://www.sophos.com/virusinfo/analyses/trojciadoorcb.html" target="_blank">Ciadoor.cb</a> TROJAN!
Source=Paul Collins Startup list

[MSN Funny Images]
Number=6596
Confirmed=X
Filename=imsngsr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobottt.html" target=_blank>AGOBOT-TT</a> WORM!
Source=Paul Collins Startup list

[MSN Internet Access]
Number=6597
Confirmed=N
Filename=trayclnt.exe
Description=Quick way to connect to MSN internet service - replaces &quot;MSN Quick View&quot; from V5.6 onwards
Source=Paul Collins Startup list

[MSN Manager]
Number=6598
Confirmed=X
Filename=cvss.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[MSN Manager]
Number=6599
Confirmed=X
Filename=mscmgr.exe
Description=Unidentified malware - causes multiple browser windows to open
Source=Paul Collins Startup list

[MSN Message Background loader]
Number=6600
Confirmed=X
Filename=msnmesg.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[MSN Messages]
Number=6601
Confirmed=X
Filename=msnmesg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotacn.html" target=_blank>RBOT-ACN</a> WORM!
Source=Paul Collins Startup list

[MSN Messanger]
Number=6602
Confirmed=X
Filename=msnmsng.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.XN" target="_blank">SDBOT.XN</a> WORM!
Source=Paul Collins Startup list

[MSN messanger]
Number=6603
Confirmed=X
Filename=msnmsgsm.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfmp.html" target="_blank">RBOT-FMP</a> WORM!
Source=Paul Collins Startup list

[MSN Messanger]
Number=6604
Confirmed=X
Filename=msnmsgsmn.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfoq.html" target="_blank">RBOT-FOQ</a> WORM!
Source=Paul Collins Startup list

[Msn Messeng]
Number=6605
Confirmed=X
Filename=windns.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Msn Messenge]
Number=6606
Confirmed=X
Filename=IExplorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfll.html" target=_blank>DELF-LL</a> TROJAN!
Source=Paul Collins Startup list

[MSN messenger]
Number=6607
Confirmed=X
Filename=messenger.exe
Description=Added by an unidentified TROJAN! Note - this is not the real MSN Messenger
Source=Paul Collins Startup list

[Msn Messenger]
Number=6608
Confirmed=X
Filename=msnmsgs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojloonyp.html" target=_blank>LOONY-P</a> TROJAN! Note - not to be confused with msmsgs.exe, the well known MSN Instant Messaging application!
Source=Paul Collins Startup list

[MSN Messenger]
Number=6609
Confirmed=X
Filename=Reosmsngr.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[MSN MESSENGER]
Number=6610
Confirmed=X
Filename=msmmsgr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041213-2840-99" target=_blank>KELVIR.Q</a> WORM!
Source=Paul Collins Startup list

[MSN Messenger]
Number=6611
Confirmed=X
Filename=msmsgs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderln.html" target=_blank>DLOADER-LN</a> or <a href="http://www.sophos.com/virusinfo/analyses/trojzlobc.html" target=_blank>ZLOB-C</a> or <a href="http://www.sophos.com/virusinfo/analyses/trojzlobdropc.html" target=_blank>ZLOBDROP-C</a> TROJANS! Note - this particular msmsgs.exe file is located in the Windows\System32 or Winnt\System32 folder, and should not be mistaken for the MSN Messenger file of the same name!
Source=Paul Collins Startup list

[MSN Messenger]
Number=6612
Confirmed=X
Filename=msnmsgr.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=2&VName=WORM_AGOBOT.AOQ" target=_blank>AGOBOT.AOQ</a> WORM! Note - this is not the valid MSN Messenger utility
Source=Paul Collins Startup list

[MSN Messenger]
Number=6613
Confirmed=X
Filename=msmsgs.exe
Description=Added by the <a href="http://www.symantec.com/region/jp/avcenter/venc/data/jp-trojan.zhopa.html" target= blank>ZHOPA</a> TROJAN! Note -  this particular msmsgs.exe file is located in the Windows\System32 or Winnt\System32 folder, and should not be mistaken for the MSN Messenger file of the same name!
Source=Paul Collins Startup list

[MSN Messenger]
Number=6614
Confirmed=X
Filename=msnmsngr.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[MSN Messenger]
Number=6615
Confirmed=X
Filename=IExplorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankereu.html" target=_blank>BANKER-EU</a> TROJAN!
Source=Paul Collins Startup list

[Msn Messenger]
Number=6616
Confirmed=X
Filename=msnmsnr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankergg.html" target=_blank>BANKER-GG</a> TROJAN!
Source=Paul Collins Startup list

[MSN Messenger]
Number=6617
Confirmed=X
Filename=PIC1324.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_99184.htm" target=_blank>CHOKE.C</a> WORM!
Source=Paul Collins Startup list

[MSN Messenger]
Number=6618
Confirmed=X
Filename=explorer..exe
Description=Dropper for the <a href="http://www.sophos.com/virusinfo/analyses/trojciadoorcb.html" target="_blank">Ciadoor.cb</a> TROJAN!
Source=Paul Collins Startup list

[MSN Messenger 32]
Number=6619
Confirmed=X
Filename=msniu.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawb.html" target=_blank>RBOT-AWB</a> WORM!
Source=Paul Collins Startup list

[MSN Messenger 323]
Number=6620
Confirmed=X
Filename=msniu3.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxb.html" target=_blank>RBOT-AXB</a> WORM!
Source=Paul Collins Startup list

[MSN Messenger 6.2]
Number=6621
Confirmed=X
Filename=tyd.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[MSN MESSENGER 9.0]
Number=6622
Confirmed=X
Filename=messengerr.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[MSN messenger service]
Number=6623
Confirmed=X
Filename=mssgs.exe
Description=Added by an unidentified TROJAN! Note - this is not the real MSN Messenger
Source=Paul Collins Startup list

[MSN Messenger Service Starter]
Number=6624
Confirmed=X
Filename=msnmgsr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaos.html" target=_blank>RBOT-AOS</a> WORM!
Source=Paul Collins Startup list

[Msn Messenger Update]
Number=6625
Confirmed=X
Filename=msnupdate.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[MSN Messenger User Controls]
Number=6626
Confirmed=X
Filename=msmsgr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082416-5051-99" target=_blank>KELVIR.HI</a> WORM!
Source=Paul Collins Startup list

[Msn Messengers]
Number=6627
Confirmed=X
Filename=MSNMSGR.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.KX&VSect=T" target="_blank">RBOT.KX</a> WORM!
Source=Paul Collins Startup list

[MSN MMISSENGER]
Number=6628
Confirmed=X
Filename=mssmmspgr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042217-0207-99" target=_blank>KELVIR.AJ</a> WORM!
Source=Paul Collins Startup list

[Msn Patch]
Number=6629
Confirmed=X
Filename=msndp.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_RBOT.AAI" target=_blank>RBOT.AAI</a> WORM!
Source=Paul Collins Startup list

[Msn Patches]
Number=6630
Confirmed=X
Filename=msndr.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Msn Plus Updater]
Number=6631
Confirmed=X
Filename=msnplus.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmu.html" target=_blank>RBOT-MU</a> WORM!
Source=Paul Collins Startup list

[Msn Processe Manager]
Number=6632
Confirmed=X
Filename=msni32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadx.html" target=_blank>RBOT-ADX</a> WORM!
Source=Paul Collins Startup list

[MSN Quick View]
Number=6633
Confirmed=N
Filename=Msndc.exe
Description=Quick way to connect to MSN internet service
Source=Paul Collins Startup list

[MSN Registry loader]
Number=6634
Confirmed=X
Filename=msmnwin.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-071517-0520-99" target=_blank>KELVIR.FK</a> WORM!
Source=Paul Collins Startup list

[MSN service]
Number=6635
Confirmed=X
Filename=msnmgr16.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[MSN Service]
Number=6636
Confirmed=X
Filename=amsnmsgrs.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Msn Service]
Number=6637
Confirmed=X
Filename=matrixcam.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.JH&VSect=T" target=_blank>MYTOB.JH</a> WORM!
Source=Paul Collins Startup list

[Msn Service]
Number=6638
Confirmed=X
Filename=raloded.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobdy.html" target=_blank>MYTOB-DY</a> WORM!
Source=Paul Collins Startup list

[MSN service]
Number=6639
Confirmed=X
Filename=msnmsgr16.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotrz.html" target=_blank>RBOT-RZ</a> WORM!
Source=Paul Collins Startup list

[MSN service]
Number=6640
Confirmed=X
Filename=NTDKRN.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.UJ" target="_blank">RBOT.UJ</a> WORM!
Source=Paul Collins Startup list

[MSN Service Updates]
Number=6641
Confirmed=X
Filename=winproc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kelvirbb.html" target=_blank>KELVIR-BB</a> WORM!
Source=Paul Collins Startup list

[MSN Service Utilities]
Number=6642
Confirmed=X
Filename=nkn.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kelvirbc.html" target=_blank>KELVIR-BC</a> WORM!
Source=Paul Collins Startup list

[MSN Start]
Number=6643
Confirmed=X
Filename=msnmsgr7.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotph.html" target=_blank>RBOT-PH</a> WORM!

Source=Paul Collins Startup list

[MSN Update]
Number=6644
Confirmed=X
Filename=mscon.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqa.html" target=_blank>RBOT-QA</a> WORM!
Source=Paul Collins Startup list

[MSN Update]
Number=6645
Confirmed=X
Filename=msn32.exe
Description=Added by the <a href="http://origin.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AHN&VSect=Sn" target=_blank>RBOT.AHN</a> WORM!
Source=Paul Collins Startup list

[MSN Update]
Number=6646
Confirmed=X
Filename=DLLCON.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotea.html" target=_blank>RBOT-EA</a> WORM!

Source=Paul Collins Startup list

[Msn Update Manager (Sp2)]
Number=6647
Confirmed=X
Filename=MSMSGS.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotnl.html" target=_blank>AGOBOT-NL</a> WORM!

Source=Paul Collins Startup list

[Msn Update Service]
Number=6648
Confirmed=X
Filename=userx.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082510-2930-99" target=_blank>MYTOB.JF</a> WORM!
Source=Paul Collins Startup list

[MSN Updater]
Number=6649
Confirmed=X
Filename=msnms.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotcg.html" target=_blank>FORBOT-CG</a> WORM!

Source=Paul Collins Startup list

[Msn Updater]
Number=6650
Confirmed=X
Filename=msnplugins.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rboths.html" target=_blank>RBOT-HS</a> WORM!
Source=Paul Collins Startup list

[Msn Updater]
Number=6651
Confirmed=X
Filename=windatemanager.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.TS" target="_blank">SDBOT.TS</a> WORM!
Source=Paul Collins Startup list

[MSN UPDATERS]
Number=6652
Confirmed=X
Filename=virtualmemory.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotjk.html" target="_blank">RBOT-JK</a> WORM!
Source=Paul Collins Startup list

[msn.exe]
Number=6653
Confirmed=X
Filename=son.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpags.html" target=_blank>STARTPA-GS</a> TROJAN!
Source=Paul Collins Startup list

[MSN32 X Service]
Number=6654
Confirmed=X
Filename=MSN32x.EXE
Description=Added by an unidentified WORM!
Source=Paul Collins Startup list

[MSN8m Startup]
Number=6655
Confirmed=X
Filename=msn8m.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[msnager32]
Number=6656
Confirmed=X
Filename=svchostt.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_WOMANIZ.E&VSect=P" target=_blank>WOMANIZ.E</a> TROJAN!
Source=Paul Collins Startup list

[msnappau]
Number=6657
Confirmed=N
Filename=msnappau.exe
Description=Updater for the MSN toolbar that can be downloaded onto IE. Calls home every day or so to "update" the toolbar
Source=Paul Collins Startup list

[Msnarrator]
Number=6658
Confirmed=X
Filename=msnarrator.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NARAT.A" target="_blank">NARAT.A</a> TROJAN! - also identified as <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010214-1222-99" target="_blank">MPGCOM Toolbar</a> adware
Source=Paul Collins Startup list

[MSNavWH]
Number=6659
Confirmed=X
Filename=MSWkwrH.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32anava.html" target= blank>ANAV-A</a> WORM!
Source=Paul Collins Startup list

[msndrvsys]
Number=6660
Confirmed=X
Filename=msndrvsys.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbroggerd.html" target=_blank>BROGGER-D</a> TROJAN!
Source=Paul Collins Startup list

[MSNET]
Number=6661
Confirmed=X
Filename=msnet.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-050113-3507-99" target="_blank">BOA</a> WORM!
Source=Paul Collins Startup list

[MsnExplorer]
Number=6662
Confirmed=X
Filename=winagent.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooreq.html" target=_blank>EQ</a> TROJAN!
Source=Paul Collins Startup list

[MsnExplorer]
Number=6663
Confirmed=X
Filename=MSEXPLOREN.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooreb.html" target=_blank>EB</a> TROJAN!
Source=Paul Collins Startup list

[MsnExplorer]
Number=6664
Confirmed=X
Filename=SHCH.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooreb.html" target=_blank>EB</a> TROJAN!
Source=Paul Collins Startup list

[MsnExplorer]
Number=6665
Confirmed=X
Filename=SVCHST.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooreb.html" target=_blank>EB</a> TROJAN!
Source=Paul Collins Startup list

[MsnExplorer]
Number=6666
Confirmed=X
Filename=msnexploren.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.B</a> TROJAN!
Source=Paul Collins Startup list

[MsnExplorer]
Number=6667
Confirmed=X
Filename=sdhch.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.B</a> TROJAN!
Source=Paul Collins Startup list

[MsnFixer]
Number=6668
Confirmed=?
Filename=msnfixjs.js
Description=<font color="#FF0000">Located in the HPbinmsnfix directory of a HP PC</font>
Source=Paul Collins Startup list

[MSNGrabber]
Number=6669
Confirmed=X
Filename=MSNgrabber.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-111312-2642-99" target=_blank>ENVID.A</a> WORM!
Source=Paul Collins Startup list

[msngta32]
Number=6670
Confirmed=X
Filename=msngta32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[MSNIA]
Number=6671
Confirmed=N
Filename=MSNIASVC.EXE
Description=Added with MSN version 9. Resets certain internet settings upon bootup and can't be disabled via MSCONFIG
Source=Paul Collins Startup list

[msnload32.exe]
Number=6672
Confirmed=X
Filename=msnload32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-092816-5111-99" target="_blank">BANCOS.M</a> TROJAN!
Source=Paul Collins Startup list

[MSNMESENGER]
Number=6673
Confirmed=X
Filename=Main.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-061315-4216-99" target="_blank">PRORAT</a> TROJAN!
Source=Paul Collins Startup list

[msnmessenger]
Number=6674
Confirmed=X
Filename=msnmessenger.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbankj.html" target="_blank">BANCBAN-KJ</a> TROJAN!
Source=Paul Collins Startup list

[msnmsg]
Number=6675
Confirmed=X
Filename=asgag.exe
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list

[msnmsg]
Number=6676
Confirmed=X
Filename=TBC.exe
Description=Added by an unidentified TROJAN!
Source=Paul Collins Startup list

[msnmsg]
Number=6677
Confirmed=X
Filename=msnmsg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerclx.html" target="_blank">BANKER-CLX</a> TROJAN!
Source=Paul Collins Startup list

[msnmsg.exe]
Number=6678
Confirmed=X
Filename=mscmd32.exe
Description=Added by a variant of the AGENT.AH TROJAN!
Source=Paul Collins Startup list

[msnmsgq32]
Number=6679
Confirmed=X
Filename=msnmsgq.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.H</a> TROJAN!
Source=Paul Collins Startup list

[msnmsgq32]
Number=6680
Confirmed=X
Filename=msnmsgq32.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.F</a> TROJAN!
Source=Paul Collins Startup list

[msnmsgq32]
Number=6681
Confirmed=X
Filename=sssasasb32.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.F</a> TROJAN!
Source=Paul Collins Startup list

[msnmsgr]
Number=6682
Confirmed=N
Filename=msnmsgr.exe
Description=MSN Messenger (now superseeded by <a href="http://get.live.com/messenger/overview" target="_blank">Windows Live Messenger</a>) utility. If you don't use MSN Messenger, this can be annoying. Available via Start -> Programs. Go to MS Messenger -> Tools -> Options -> Preferences and uncheck "Run this program when Windows starts"
Source=Paul Collins Startup list

[MsnMsgr]
Number=6683
Confirmed=X
Filename=MsnMsgrs.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-101313-4906-99" target=_blank>NETSKY-AD</a> WORM!
Source=Paul Collins Startup list

[MsnMsgr]
Number=6684
Confirmed=X
Filename=msnmsgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32annewfam.html" target="_blank">ANNEW-FAM</a> WORM! Note - this is not the valid MSN Messenger utility
Source=Paul Collins Startup list

[msnmsgr32-.exe]
Number=6685
Confirmed=X
Filename=msnmsgr-.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[MSNMSGR5]
Number=6686
Confirmed=X
Filename=MSNMSGR5.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.PQ" target="_blank">RBOT.PQ</a> WORM!
Source=Paul Collins Startup list

[MSNMSGRE]
Number=6687
Confirmed=X
Filename=swef.bat
Description=IRC backdoor TROJAN or WORM!
Source=Paul Collins Startup list

[MSNMSGRR]
Number=6688
Confirmed=X
Filename=swin.bat
Description=IRC backdoor TROJAN or WORM!
Source=Paul Collins Startup list

[MSNMSGRS]
Number=6689
Confirmed=X
Filename=swe.bat
Description=IRC worm or backdoor trojan!
Source=Paul Collins Startup list

[MSNMSGRS]
Number=6690
Confirmed=X
Filename=swiss.bat
Description=IRC worm or backdoor trojan!
Source=Paul Collins Startup list

[MSNMSGRS1]
Number=6691
Confirmed=X
Filename=swed.bat
Description=IRC backdoor TROJAN or WORM!
Source=Paul Collins Startup list

[msnmsgs.exe]
Number=6692
Confirmed=X
Filename=msnmsgs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerhk.html" target=_blank>BANKER-HK</a> TROJAN! Note - not to be confused with msmsgs.exe, the well known MSN Instant Messaging application!
Source=Paul Collins Startup list

[msnmsgsgs]
Number=6693
Confirmed=X
Filename=msnmsgsgs.exe
Description=Added by the "Catal" alias Spy.Delitall.B backdoor TROJAN!

Source=Paul Collins Startup list

[msnmsgy]
Number=6694
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankereq.html" target="_blank">BANKER-EQ</a> TROJAN!
Source=Paul Collins Startup list

[msnnt]
Number=6695
Confirmed=X
Filename=winampb.exe
Description=Chinese originated adware - detected by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan.Win32.Agent.tl
Source=Paul Collins Startup list

[msnnt]
Number=6696
Confirmed=X
Filename=winampf.exe
Description=Added by the SMALL.DTS TROJAN!
Source=Paul Collins Startup list

[MSNPluginSrIvcs]
Number=6697
Confirmed=X
Filename=n3vasap23.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[MSNPluginSrvcs]
Number=6698
Confirmed=X
Filename=p6.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AKJ&VSect=P" target=_blank>SDBOT.AKJ</a> or <a href="http://www.sophos.com/virusinfo/analyses/w32rbotvj.html" target=_blank>RBOT-VJ</a> WORMS!
Source=Paul Collins Startup list

[MSNPluginSrvcs]
Number=6699
Confirmed=X
Filename=sagate.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AKJ&VSect=P" target=_blank>SDBOT.AKJ</a> WORM!
Source=Paul Collins Startup list

[MSNPlus]
Number=6700
Confirmed=X
Filename=msnplus.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/trojbankerdan.html" target="_blank">BANKER-DAN</a> TROJAN!
Source=Paul Collins Startup list

[MSNS PLUS XP2]
Number=6701
Confirmed=X
Filename=msdupd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbce.html" target="_blank">RBOT-BCE</a> WORM!
Source=Paul Collins Startup list

[msnsched2]
Number=6702
Confirmed=X
Filename=msnsched2.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041412-5949-99" target=_blank>SPYBOT.NNT</a> WORM!
Source=Paul Collins Startup list

[MSNService]
Number=6703
Confirmed=X
Filename=MSNService.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110415-2939-99" target="_blank">CARPET.C</a> WORM!
Source=Paul Collins Startup list

[msnsgs]
Number=6704
Confirmed=X
Filename=msnsgs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcheukob.html" target=_blank>CHEUKO-B</a> TROJAN!
Source=Paul Collins Startup list

[msnshed]
Number=6705
Confirmed=X
Filename=msnshed.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyn.html" target= blank>RBOT-YN</a> WORM!
Source=Paul Collins Startup list

[msnsmgr]
Number=6706
Confirmed=X
Filename=MsnMsr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojloonyn.html" target="_blank">LOONY-N</a> TROJAN!
Source=Paul Collins Startup list

[msnsyslog]
Number=6707
Confirmed=N
Filename=msnappm.exe
Description=Related to <a href="http://www.file.net/process/msnappm.exe.html" target="_blank">Messenger Applications</a>. When you uninstall the trial version the msnappm keeps saying (You have xx days left) this is adware and it very annoying
Source=Paul Collins Startup list

[MSNSysRestore]
Number=6708
Confirmed=X
Filename=pc32.exe
Description=Added by a variant of the MASTAK VIRUS!
Source=Paul Collins Startup list

[msnToolbaar]
Number=6709
Confirmed=X
Filename=msnmsgesc.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BMF&VSect=P" target=_blank>RBOT.BMF</a> WORM!
Source=Paul Collins Startup list

[MSObject32]
Number=6710
Confirmed=X
Filename=MSObject32.js
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120111-2845-99" target="_blank">PUN</a> TROJAN!
Source=Paul Collins Startup list

[Msoffice]
Number=6711
Confirmed=X
Filename=msoffice.hta
Description=Hijacker - redirecting to Searchdot.net
Source=Paul Collins Startup list

[MSOffice]
Number=6712
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadereu.html" target=_blank>DLOADER-EU</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in an "MSOffice" subfolder
Source=Paul Collins Startup list

[MSOffice32]
Number=6713
Confirmed=X
Filename=msjcf.exe
Description=Added by the <a href="http://www.us.sophos.com/virusinfo/analyses/trojrakera.html" target=_blank>RAKER-A</a> TROJAN!
Source=Paul Collins Startup list

[MSOfficeCfg]
Number=6714
Confirmed=X
Filename=msocfg.exe
Description=Premium rate adult content dialer
Source=Paul Collins Startup list

[MSOfficeCfg]
Number=6715
Confirmed=X
Filename=navchk.exe
Description=Premium rate adult content dialer
Source=Paul Collins Startup list

[MSOfficeCfg]
Number=6716
Confirmed=X
Filename=qservice.exe
Description=Premium rate adult content dialer
Source=Paul Collins Startup list

[MSOfficeCfg]
Number=6717
Confirmed=X
Filename=shman.exe
Description=Premium rate adult content dialer
Source=Paul Collins Startup list

[MSOfficeCfg]
Number=6718
Confirmed=X
Filename=ssvr.exe
Description=Premium rate adult content dialer
Source=Paul Collins Startup list

[msoffwz]
Number=6719
Confirmed=X
Filename=msoffwz.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanhq.html" target=_blank>BANCBAN-HQ</a> TROJAN!
Source=Paul Collins Startup list

[msoft-updater23]
Number=6720
Confirmed=X
Filename=mssysstems.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotatu.html" target=_blank>RBOT-ATU</a> WORM!
Source=Paul Collins Startup list

[msoft-updater23]
Number=6721
Confirmed=X
Filename=slssystem.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasr.html" target=_blank>RBOT-ASR</a> WORM!
Source=Paul Collins Startup list

[MSOleath32]
Number=6722
Confirmed=X
Filename=winss.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_100491.htm" target=_blank>KATHER</a> TROJAN!
Source=Paul Collins Startup list

[MSOOBD]
Number=6723
Confirmed=X
Filename=MSOOBD.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_MAGISTR.A" target="_blank">MAGISTR.A</a> VIRUS!
Source=Paul Collins Startup list

[mspaint.exe]
Number=6724
Confirmed=X
Filename=check32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentah.html" target=_blank>AGENT.AH</a> TROJAN!
Source=Paul Collins Startup list

[Mspatch69]
Number=6725
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092417-2624-99" target="_blank">MPROX</a> TROJAN!
Source=Paul Collins Startup list

[Mspatch89]
Number=6726
Confirmed=X
Filename=cnqmax.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092417-1527-99" target="_blank">RANDEX.P</a> WORM!
Source=Paul Collins Startup list

[MSPetServ]
Number=6727
Confirmed=X
Filename=PET32.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ircbotve.html" target="_blank">IRCBOT-VE</a> WORM!
Source=Paul Collins Startup list

[msping]
Number=6728
Confirmed=X
Filename=msping.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062110-0844-99" target=_blank>FLOODBLACK</a> TROJAN!
Source=Paul Collins Startup list

[msping.exe]
Number=6729
Confirmed=X
Filename=msping.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoormz.html" target=_blank>MZ</a> TROJAN!
Source=Paul Collins Startup list

[MSPluginSrvc]
Number=6730
Confirmed=X
Filename=p3.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotwv.html" target= blank>RBOT-WV</a> WORM!
Source=Paul Collins Startup list

[MSPLUS]
Number=6731
Confirmed=X
Filename=msplus32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobam.html" target=_blank>MYTOB-AM</a> or <a href="http://www.sophos.com/virusinfo/analyses/w32mytobcl.html" target=_blank>MYTOB-CL</a> WORMS!
Source=Paul Collins Startup list

[MSPP System Update 64]
Number=6732
Confirmed=X
Filename=wiaadmgr.exe
Description=Recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as the RANKY.GEN TROJAN!
Source=Paul Collins Startup list

[MSPQFile]
Number=6733
Confirmed=X
Filename=MSA****.TMP
Description=Homepage hijacker. See <a href="http://www.spywareinfo.com/yabbse/index.php?board=11;action=display;threadid=776;start=10" target="_blank">here</a> for more information. **** can be anything
Source=Paul Collins Startup list

[MSPRO32]
Number=6734
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-091616-2741-99" target=_blank>IBERIO</a> WORM!
Source=Paul Collins Startup list

[MSPRO32]
Number=6735
Confirmed=X
Filename=pnp.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ZOTOB.O&VSect=P" target=_blank>ZOTOB.O</a> WORM!
Source=Paul Collins Startup list

[MSprotect.exe]
Number=6736
Confirmed=X
Filename=MSprotect.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_DABYREV.A" target="_blank">DABYREV.A</a> VIRUS!
Source=Paul Collins Startup list

[mspwr]
Number=6737
Confirmed=U
Filename=pupstman.exe
Description="Transparent icon background" feature of <a href="http://www.ashampoo.com/frontend/homepage/php/index.php?session_langid=2" target="_blank">Ashampoo's</a>PowerUp XP (WinNT/2K/XP) and PowerUp Deluxe (Win98/Me)
Source=Paul Collins Startup list

[mspwr]
Number=6738
Confirmed=U
Filename=pupxpman.exe
Description=Related to <a href="http://www.ashampoo.com/frontend/homepage/php/index.php?session_langid=2" target="_blank">Ashampoo's</a> PowerUp XP
Source=Paul Collins Startup list

[mspwr]
Number=6739
Confirmed=U
Filename=pwrupst.exe
Description=<a href="http://www.ashampoo.com/frontend/homepage/php/index.php?session_langid=2" target="_blank">Ashampoo's</a> PowerUp XP is a "tool for fine-tuning your Windows NT4, 2000, 2003 Server and XP configuration"
Source=Paul Collins Startup list

[mspwr]
Number=6740
Confirmed=U
Filename=PuXpMan2.exe
Description=Related to <a href="http://www.ashampoo.com/frontend/homepage/php/index.php?session_langid=2" target="_blank">Ashampoo's</a> Magic Defrag Utility
Source=Paul Collins Startup list

[MSPY2002]
Number=6741
Confirmed=N
Filename=ImScInst.exe
Description=Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word
Source=Paul Collins Startup list

[msqssr]
Number=6742
Confirmed=X
Filename=msqssr.exe
Description=Detected by Kaspersky as the DLUCA.GEN TROJAN!
Source=Paul Collins Startup list

[MSR]
Number=6743
Confirmed=X
Filename=msr.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.RT" target="_blank">AGOBOT.RT</a> WORM!
Source=Paul Collins Startup list

[Msrc]
Number=6744
Confirmed=X
Filename=Msrc.exe
Description=Added by the KRYPTONIC GHOST TROJAN!
Source=Paul Collins Startup list

[msrdc]
Number=6745
Confirmed=X
Filename=msrdc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotcxo.html" target="_blank">SDBOT-CXO</a> WORM!
Source=Paul Collins Startup list

[msreg.exe]
Number=6746
Confirmed=X
Filename=msrege.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111014-3109-99" target="_blank">ZINX</a> TROJAN!
Source=Paul Collins Startup list

[msReg32 Loader]
Number=6747
Confirmed=X
Filename=msreg32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.IU" target="_blank">AGOBOT.IU</a> WORM!
Source=Paul Collins Startup list

[MSREGIT]
Number=6748
Confirmed=X
Filename=Msgp.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_KRYPGHOS.13" target="_blank">KRYPGHOS.13</a> TROJAN!
Source=Paul Collins Startup list

[MSRegScan]
Number=6749
Confirmed=U
Filename=SGP.exe
Description=<a href="http://sarc.com/avcenter/venc/data/spyware.spygator.html" target="_blank">SpyGator</a>  surveillance software. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list

[MSRegScan]
Number=6750
Confirmed=X
Filename=SSDemo.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-010614-5630-99" target=_blank>Supremespy</a> spyware
Source=Paul Collins Startup list

[MSRegScan]
Number=6751
Confirmed=U
Filename=ETNKL.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-072214-3110-99" target="_blank">ComKeylogger</a> surveillance software. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list

[MSRegSvc]
Number=6752
Confirmed=X
Filename=regsvc32.exe
Description=Homepage hijacker that changes your homepage to an adult content site
Source=Paul Collins Startup list

[msresear]
Number=6753
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojweasywb.html" target=_blank>WEASYW-B</a> TROJAN!
Source=Paul Collins Startup list

[msresearch]
Number=6754
Confirmed=X
Filename=msresearch.exe
Description=TROJAN! - <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453090677" target=_blank>180SearchAssistant</a> adware related
Source=Paul Collins Startup list

[msresearch]
Number=6755
Confirmed=X
Filename=tool3.exe
Description=Spy Sheriff/SpywareNO malware, also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojspyhoaxa.html" target=_blank>SPYHOAX-A</a> TROJAN, pretends to be a spyware remover! - file names spotted sofar include VXH8JKDQ2.EXE, NS6281400.so, CVXH8JKDQ2.EXE, down3.exe, sefe.exe, winstall.exe, and tool2.exe
Source=Paul Collins Startup list

[msrundll]
Number=6756
Confirmed=X
Filename=msrund1l32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030215-5059-99" target=_blank>BINGHE</a> TROJAN!
Source=Paul Collins Startup list

[msrunocx32]
Number=6757
Confirmed=X
Filename=msrunocx32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110415-2940-99" target="_blank">SKUS</a> WORM!
Source=Paul Collins Startup list

[MSSCDL]
Number=6758
Confirmed=U
Filename=MSSCDLL.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-062217-4252-99" target= blank>SpyCapture</a> keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[msserv]
Number=6759
Confirmed=X
Filename=msserv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojblackloga.html" target=_blank>BLACKLOG-A</a> TROJAN!
Source=Paul Collins Startup list

[msserv]
Number=6760
Confirmed=X
Filename=lvsrev.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbrowmonb.html" target="_blank">BROWMON-B</a> TROJAN!
Source=Paul Collins Startup list

[msserv32]
Number=6761
Confirmed=X
Filename=msserv32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotack.html" target= blank>RBOT-ACK</a> WORM!
Source=Paul Collins Startup list

[msservice]
Number=6762
Confirmed=X
Filename=msserv.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2001-061412-5404-99" target="_blank">HYD</a> WORM!
Source=Paul Collins Startup list

[MSService_v1.0]
Number=6763
Confirmed=X
Filename=realsched.exe
Description=<a href="http://www.sophos.com/virusinfo/analyses/ehu.html" target="_blank">EHU</a> adware. Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name
Source=Paul Collins Startup list

[MSService_v1.0]
Number=6764
Confirmed=X
Filename=vfp02.exe
Description=<a href="http://www.sophos.com/virusinfo/analyses/newweb.html" target="_blank">NewWeb</a> adware
Source=Paul Collins Startup list

[mssfos]
Number=6765
Confirmed=X
Filename=sfool.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-081614-2307-99" target=_blank>RANDEX.EUS</a> WORM!
Source=Paul Collins Startup list

[MSSGisg]
Number=6766
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-121317-0552-99" target=_blank>RANKY.N</a> TROJAN!
Source=Paul Collins Startup list

[MSShow]
Number=6767
Confirmed=X
Filename=MSShow.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqrobm.html" target=_blank>QQROB-M</a> TROJAN!
Source=Paul Collins Startup list

[MSSHVC]
Number=6768
Confirmed=X
Filename=MSSHVC.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080717-0327-99" target="_blank">NUFFY.A</a> WORM!
Source=Paul Collins Startup list

[mssonfig]
Number=6769
Confirmed=X
Filename=winupdate.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[mssoul]
Number=6770
Confirmed=X
Filename=msmscc2.exe
Description=Added by the DAPIZL.A banker WORM! (A "banker worm" is designed to pillage banking information and send it back to the perpetrators!)

Source=Paul Collins Startup list

[mssp3]
Number=6771
Confirmed=X
Filename=mssp22.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojibankd.html" target=_blank>IBANK-D</a> TROJAN!
Source=Paul Collins Startup list

[MSSQL]
Number=6772
Confirmed=X
Filename=Mssql.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99" target="_blank">SDBOT</a> TROJAN!
Source=Paul Collins Startup list

[MSSQL for Windows NT & XP]
Number=6773
Confirmed=X
Filename=mssqlsnt.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Msstart]
Number=6774
Confirmed=X
Filename=msstart.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LIVUP.C" target="_blank">LIVUP.C</a> TROJAN!
Source=Paul Collins Startup list

[MSStartOptimizer]
Number=6775
Confirmed=X
Filename=Iexpres.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdasmine.html" target=_blank>DASMIN-E</a> TROJAN!

Source=Paul Collins Startup list

[MSStartOptimizer]
Number=6776
Confirmed=X
Filename=WINUPD.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdasmine.html" target=_blank>DASMIN-E</a> TROJAN!

Source=Paul Collins Startup list

[MSStartOptimizer]
Number=6777
Confirmed=X
Filename=SCVHOST.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdasmine.html" target=_blank>DASMIN-E</a> TROJAN!

Source=Paul Collins Startup list

[msstask]
Number=6778
Confirmed=X
Filename=msstask.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-012722-4614-99" target="_blank">MYPARTY</a> WORM!
Source=Paul Collins Startup list

[mssurfer lptt01]
Number=6779
Confirmed=X
Filename=mssurfer.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "surfer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[mssurfer ml097e]
Number=6780
Confirmed=X
Filename=mssurfer.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "surfer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[mssvc]
Number=6781
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-072515-2959-99" target="_blank">PSK</a> TROJAN!
Source=Paul Collins Startup list

[MSSVC]
Number=6782
Confirmed=X
Filename=svcsys.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfatoosc.html" target=_blank>FATOOS-C</a> TROJAN!
Source=Paul Collins Startup list

[MSSVC.EXE]
Number=6783
Confirmed=Y
Filename=MSSVC.EXE
Description=<a href="http://www.stealthdisk.com/" target="_blank">Stealthdisk</a> - hides folders, files and applications. Will also encrypt them for better protection
Source=Paul Collins Startup list

[mssvc32]
Number=6784
Confirmed=X
Filename=mssvc32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotme.html" target=_blank>AGOBOT-ME</a> WORM!
Source=Paul Collins Startup list

[mssync20]
Number=6785
Confirmed=X
Filename=mssync20.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojldpincqc.html" target="_blank">LDPINC-QC</a> TROJAN!
Source=Paul Collins Startup list

[mssys]
Number=6786
Confirmed=X
Filename=mssys.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100210-0759-99" target="_blank">MYSS.B</a> TROJAN!
Source=Paul Collins Startup list

[mssysint]
Number=6787
Confirmed=X
Filename=Iexplore .exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-060511-5140-99" target="_blank">PWSTEAL.ABCHLP</a> and <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-083109-1242-99" target="_blank">PSPIDER.310.B</a> TROJANS! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target="_blank">iexplore.exe</a>) process as there is a space before the ".exe"
Source=Paul Collins Startup list

[mssysint]
Number=6788
Confirmed=X
Filename=comime.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojnetsnakei.html" target=_blank>NETSNAKE-I</a> TROJAN!
Source=Paul Collins Startup list

[mssyslanhelper]
Number=6789
Confirmed=X
Filename=msmsgri32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-062715-3031-99" target="_blank">RANDEX.D</a> WORM!
Source=Paul Collins Startup list

[MsSystem]
Number=6790
Confirmed=X
Filename=msdos.exe
Description=Adult content downloader - see <a href="http://vil.nai.com/vil/content/v_100801.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[MsSystem]
Number=6791
Confirmed=X
Filename=mssys.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_VANTA.A" target="_blank">VANTA.A</a> TROJAN!
Source=Paul Collins Startup list

[MSSYSTEM]
Number=6792
Confirmed=X
Filename=svcsys.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfatoosc.html" target=_blank>FATOOS-C</a> TROJAN!
Source=Paul Collins Startup list

[Mstapi]
Number=6793
Confirmed=U
Filename=Mstapi.exe
Description=Keystroke logger/monitoring program - remove unless you installed it yourself!

Source=Paul Collins Startup list

[Mstask]
Number=6794
Confirmed=X
Filename=mstask.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.N" target="_blank">OPASERV.N</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/mstask/" target="_blank">mstask.exe</a> system file and the executable resides in C:\Windows or C:\WINNT
Source=Paul Collins Startup list

[mstask]
Number=6795
Confirmed=X
Filename=mstask.exe
Description=Browser hijacker - redirecting to find-more.net. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/mstask/" target=_blank>mstask.exe</a> system file
Source=Paul Collins Startup list

[MSTask]
Number=6796
Confirmed=X
Filename=run dll.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-123011-1258-99" target= blank>Yuupsearch</a> adware
Source=Paul Collins Startup list

[MStask]
Number=6797
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojldpinchbv.html" target=_blank>LDPINCH-BV</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder!
Source=Paul Collins Startup list

[MsTask]
Number=6798
Confirmed=X
Filename=wstask32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobfe.html" target=_blank>MYTOB-FE</a> WORM!
Source=Paul Collins Startup list

[Mstask32driver]
Number=6799
Confirmed=X
Filename=Mstask32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojloonyd.html" target="_blank">LOONY-D</a> TROJAN!
Source=Paul Collins Startup list

[MSTaskbar 32]
Number=6800
Confirmed=X
Filename=tbsvc32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BQZ&VSect=P" target=_blank>RBOT.BQZ</a> WORM!
Source=Paul Collins Startup list

[mstasks]
Number=6801
Confirmed=X
Filename=mstasks.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmultidray.html" target=_blank>MULTIDR-AY</a> TROJAN!
Source=Paul Collins Startup list

[Mstcgww]
Number=6802
Confirmed=?
Filename=MSTCGWW.EXE
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[mstds.exe]
Number=6803
Confirmed=X
Filename=mstds.exe
Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan.IPtables&threatid=70511" target="_blank">IPTABLES</a> TROJAN!
Source=Paul Collins Startup list

[mstg32.exe]
Number=6804
Confirmed=X
Filename=mstg32.exe
Description=Added by the AGENT.BI TROJAN!
Source=Paul Collins Startup list

[MSTMON_N]
Number=6805
Confirmed=N
Filename=MSTMON_N.EXE
Description=Generates an error message on startup if a Konica Minolta printer is not turned on and ready
Source=Paul Collins Startup list

[MSTMON_Q]
Number=6806
Confirmed=N
Filename=MSTMON_Q.exe
Description=Generates an error message on startup if the Konica Minolta PagePro 1350W printer is not turned on and ready
Source=Paul Collins Startup list

[Mstng32]
Number=6807
Confirmed=X
Filename=MSTng32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021716-3437-99" target="_blank">TANG</a> WORM!
Source=Paul Collins Startup list

[mstsdsc.exe]
Number=6808
Confirmed=X
Filename=mstsdsc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcimuzcd.html" target="_blank">CIMUZ-CD</a> TROJAN!
Source=Paul Collins Startup list

[msupd]
Number=6809
Confirmed=X
Filename=msupd.exe
Description=Added by the <a href="http://forums.spywareinfo.com/index.php?showtopic=54649" target=_blank>IEACCESS</a> DIALER! 

Source=Paul Collins Startup list

[MSUpdate]
Number=6810
Confirmed=X
Filename=wupd.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-022515-4233-99" target="_blank">ALADINZ.M</a> TROJAN!
Source=Paul Collins Startup list

[MSUpdate]
Number=6811
Confirmed=X
Filename=svchosthlp.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042117-1932-99" target="_blank">BLASTER.T</a> WORM!
Source=Paul Collins Startup list

[msupdate]
Number=6812
Confirmed=X
Filename=msupdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmz.html" target=_blank>RBOT-MZ</a> WORM!

Source=Paul Collins Startup list

[MSUpdate]
Number=6813
Confirmed=X
Filename=criticalUpdate.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120910-4256-99" target=_blank>Affilred</a> adware
Source=Paul Collins Startup list

[msupdate]
Number=6814
Confirmed=X
Filename=update.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Msupdate]
Number=6815
Confirmed=X
Filename=expIorer.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
Source=Paul Collins Startup list

[Msupdate]
Number=6816
Confirmed=X
Filename=outIook.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
Source=Paul Collins Startup list

[Msupdate]
Number=6817
Confirmed=X
Filename=svchosts.exe
Description=Added by a variant of the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY</a> TROJAN!
Source=Paul Collins Startup list

[Msupdate]
Number=6818
Confirmed=X
Filename=svcrhost.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
Source=Paul Collins Startup list

[Msupdate]
Number=6819
Confirmed=X
Filename=svcshost.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
Source=Paul Collins Startup list

[MSupdate.exe]
Number=6820
Confirmed=X
Filename=N/A
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant - resets home page to an adult content site
Source=Paul Collins Startup list

[MSUpdateDevKit]
Number=6821
Confirmed=X
Filename=axfd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzd.html" target= blank>SDBOT-ZD</a> WORM!
Source=Paul Collins Startup list

[MsUpdater System]
Number=6822
Confirmed=X
Filename=udpsys32.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/smb/security_info/ve_detail.php?id=66137&VName=WORM_RBOT.AAA&VSect=O" target=_blank>RBOT.AAA</a> WORM!
Source=Paul Collins Startup list

[MSupdater.exe]
Number=6823
Confirmed=X
Filename=N/A
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant. Installs the Winshow.dll browser plugin
Source=Paul Collins Startup list

[msupdater25]
Number=6824
Confirmed=X
Filename=lsasser.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotats.html" target=_blank>RBOT-ATS</a> WORM!
Source=Paul Collins Startup list

[msupdates]
Number=6825
Confirmed=X
Filename=msupdt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotjo.html" target="_blank">RBOT-JO</a> WORM!
Source=Paul Collins Startup list

[MSUpdSrv]
Number=6826
Confirmed=X
Filename=msupdsrv.exe
Description=Browser hijacker, redirecting to a adult content site

Source=Paul Collins Startup list

[msurl]
Number=6827
Confirmed=X
Filename=msurl32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list

[msuser32.exe]
Number=6828
Confirmed=X
Filename=msuser32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110712-2413-99" target="_blank">ANDROV</a> TROJAN!
Source=Paul Collins Startup list

[MsVBdll]
Number=6829
Confirmed=X
Filename=sys32dll.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021614-4255-99" target=_blank>AIMDES.B</a> or  <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021615-4720-99" target=_blank>AIMDES.C</a> WORMS!
Source=Paul Collins Startup list

[MsVBdll]
Number=6830
Confirmed=X
Filename=MsVBdll.pif
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021111-0439-99" target=_blank>AIMDES.A</a> WORM!
Source=Paul Collins Startup list

[MSVBVM60]
Number=6831
Confirmed=X
Filename=MSVBVBM60.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32scoldb.html" target= blank>SCOLD-B</a> WORM!
Source=Paul Collins Startup list

[msvc32]
Number=6832
Confirmed=X
Filename=msvc32.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClientMan&threatid=3754" target=_blank>ClientMan</a> parasite variant
Source=Paul Collins Startup list

[msvc32]
Number=6833
Confirmed=X
Filename=msvc32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotnt.html" target=_blank>AGOBOT-NT</a> WORM!
Source=Paul Collins Startup list

[msvcc]
Number=6834
Confirmed=X
Filename=msvchost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010912-0405-99" target="_blank">XOMBE</a> TROJAN!
Source=Paul Collins Startup list

[msvcc25]
Number=6835
Confirmed=X
Filename=svcchost.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[msvcc25]
Number=6836
Confirmed=X
Filename=salvage.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[msvccc66]
Number=6837
Confirmed=X
Filename=svcchosst.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/w32rbotgls.html" target="_blank">RBOT-GLS</a> WORM!
Source=Paul Collins Startup list

[MSVersion]
Number=6838
Confirmed=X
Filename=INTERNETFEATURES.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_POPMON.A" target="_blank">POPMON.A</a> TROJAN! - also known as PopMonster adware
Source=Paul Collins Startup list

[MSVersion]
Number=6839
Confirmed=X
Filename=clrschp038.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_POPMON.A" target="_blank">POPMON.A</a> TROJAN! - also known as PopMonster adware
Source=Paul Collins Startup list

[msvhost]
Number=6840
Confirmed=X
Filename=aig.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojaimbotbc.html" target=_blank>AIMBOT-BC</a> TROJAN!
Source=Paul Collins Startup list

[msvload32]
Number=6841
Confirmed=X
Filename=msvload32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaci.html" target= blank>RBOT-ACI</a> WORM!
Source=Paul Collins Startup list

[msvsc32]
Number=6842
Confirmed=X
Filename=msdev.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgj.html" target=_blank>RBOT-GJ</a> WORM!

Source=Paul Collins Startup list

[MSVsmt]
Number=6843
Confirmed=X
Filename=rpcxctx.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[MSVSync]
Number=6844
Confirmed=X
Filename=videosync.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[MSVXD]
Number=6845
Confirmed=X
Filename=MSVXD.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DATOM.A" target="_blank">DATOM.A</a> WORM!
Source=Paul Collins Startup list

[mswave]
Number=6846
Confirmed=X
Filename=mswave.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list

[Mswavedll]
Number=6847
Confirmed=X
Filename=mswavedll.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER-C</a> TROJAN!
Source=Paul Collins Startup list

[MSwheel]
Number=6848
Confirmed=U
Filename=mswheel.exe
Description=Microsoft Intellipoint software for their Intellimouse series of mice - required if you use non-standard Windows driver features
Source=Paul Collins Startup list

[MSWin]
Number=6849
Confirmed=X
Filename=mswin.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankercu.html" target=_blank>BANKER-CU</a> TROJAN!
Source=Paul Collins Startup list

[Mswincfg]
Number=6850
Confirmed=X
Filename=Mswincfg32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_CYBERSPY.D" target="_blank">CYBRSPY.D</a> TROJAN!
Source=Paul Collins Startup list

[MsWindows DRT Drivers]
Number=6851
Confirmed=X
Filename=wsdrt32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ALT&VSect=T" target=_blank>RBOT.ALT</a> WORM!
Source=Paul Collins Startup list

[MsWindows SSL Drivers]
Number=6852
Confirmed=X
Filename=mssl32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.API&VSect=T" target=_blank>SPYBOT.API</a> WORM!
Source=Paul Collins Startup list

[MsWindows SysDate]
Number=6853
Confirmed=X
Filename=sysmsvc.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-101912-5125-99" target=_blank>SPYBOT.FCD</a> WORM!
Source=Paul Collins Startup list

[MSWindows Syspg]
Number=6854
Confirmed=X
Filename=mspg32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbottb.html" target=_blank>RBOT-TB</a> WORM!
Source=Paul Collins Startup list

[MSWindowsUpdate]
Number=6855
Confirmed=X
Filename=Systern.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafd.html" target=_blank>RBOT-AFD</a> WORM!
Source=Paul Collins Startup list

[MSWindowsUpdate]
Number=6856
Confirmed=X
Filename=mswinup.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Mswinpid32]
Number=6857
Confirmed=X
Filename=mswinpid32.exe
Description=Added by the LAPOS.A TROJAN! This is a keylogger which emails back to China PayPal passwords and account information - thus allowing the perpetrators to steal PayPal funds in the name of the victim!

Source=Paul Collins Startup list

[MSWinSrv]
Number=6858
Confirmed=X
Filename=MSWinSrv.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-052712-1255-99" target=_blank>MTRON</a> TROJAN!
Source=Paul Collins Startup list

[MSWinSrv32]
Number=6859
Confirmed=X
Filename=MSWinSrv32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmtronb.html" target=_blank>MTRON-B</a> TROJAN!
Source=Paul Collins Startup list

[MSWinupd]
Number=6860
Confirmed=U
Filename=winupd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderye.html" target=_blank>DLOADER-YE</a> or <a href="http://www.sophos.com/virusinfo/analyses/trojdloadraaa.html" target=_blank>DLOADR-AAA</a> or <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderzf.html" target=_blank>DLOADER-ZF</a> TROJAN!
Source=Paul Collins Startup list

[MSWinupdate]
Number=6861
Confirmed=X
Filename=winupdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadraaw.html" target=_blank>DLOADR-AAW</a> TROJAN!
Source=Paul Collins Startup list

[MsWinVgr]
Number=6862
Confirmed=X
Filename=msvgr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-101815-3906-99" target=_blank>MYTOB.LE</a> WORM!
Source=Paul Collins Startup list

[mswiz32]
Number=6863
Confirmed=X
Filename=mswiz32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32stratiobg.html" target="_blank">STRATIO-BG</a> WORM!
Source=Paul Collins Startup list

[mswkork Service]
Number=6864
Confirmed=X
Filename=msework.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[msword]
Number=6865
Confirmed=X
Filename=msword.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadr.html" target=_blank>RBOT-ADR</a> WORM!
Source=Paul Collins Startup list

[mswspl]
Number=6866
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.IQ" target="_blank">SMALL.IQ</a> TROJAN!
Source=Paul Collins Startup list

[mswspl]
Number=6867
Confirmed=X
Filename=searchbarcash.exe
Description=SearchBarCash adware
Source=Paul Collins Startup list

[mswspl]
Number=6868
Confirmed=X
Filename=vnmispoisn downloader.exe
Description=SearchBarCash adware variant
Source=Paul Collins Startup list

[mswspl]
Number=6869
Confirmed=X
Filename=plugin1.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.IQ" target=_blank>SMALL.IQ</a> TROJAN!
Source=Paul Collins Startup list

[msxct]
Number=6870
Confirmed=X
Filename=msxct.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453072519" target=_blank>eXact Advertising</a> (NaviSearch, BargainBuddy, CashBack) adware
Source=Paul Collins Startup list

[Msy1 Startups]
Number=6871
Confirmed=X
Filename=msyj32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotqq.html" target= blank>AGOBOT-QQ</a> WORM!
Source=Paul Collins Startup list

[msys lptt01]
Number=6872
Confirmed=X
Filename=msys.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Msyss" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[Msys32]
Number=6873
Confirmed=X
Filename=morfitwebentrance.exe
Description=Morfit ADjectPager - "uses home page rental technology for generating revenues". Homepage hi-jacker that re-defines your IE or Netscape start page as http://www.web-entrance.com/. Any installed application including this must be un-installed before you can reset your homepage
Source=Paul Collins Startup list

[MSysDrv]
Number=6874
Confirmed=X
Filename=msdrv.exe
Description=Added by the VB.WF TROJAN!
Source=Paul Collins Startup list

[ms_anti_spyware]
Number=6875
Confirmed=X
Filename=mwfirewall.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-102012-4020-99" target=_blank>GAMQOWI</a> TROJAN!
Source=Paul Collins Startup list

[ms_anti_spywarebxp]
Number=6876
Confirmed=X
Filename=mwfirebpx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsurilad.html" target=_blank>SURILA-D</a> TROJAN!
Source=Paul Collins Startup list

[ms_anti_spywarebxp]
Number=6877
Confirmed=X
Filename=mwfibpx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsurilaj.html" target=_blank>SURILA-J</a> TROJAN!
Source=Paul Collins Startup list

[MS_LARISSA]
Number=6878
Confirmed=X
Filename=MS_LARISSA.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022300-0309-99" target=_blank>ASSIRAL</a> WORM!
Source=Paul Collins Startup list

[MS_NETD_WIN32]
Number=6879
Confirmed=X
Filename=netd32.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081412-2646-99" target="_blank">RANDEX.F</a> WORM!
Source=Paul Collins Startup list

[MS_SETUP.EXE]
Number=6880
Confirmed=X
Filename=MS_SETUP.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-061213-3711-99" target="_blank">CHARGE</a> TROJAN!
Source=Paul Collins Startup list

[MS_Update Check]
Number=6881
Confirmed=X
Filename=wdfmgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobottb.html" target=_blank>AGOBOT-TB</a> WORM!
Source=Paul Collins Startup list

[Mtr2]
Number=6882
Confirmed=X
Filename=mtr2.exe
Description=Added by the KRYPTONIC GHOST TROJAN!
Source=Paul Collins Startup list

[MUAL]
Number=6883
Confirmed=U
Filename=mual.exe
Description=Millesky video mail updater and launcher
Source=Paul Collins Startup list

[muamgr]
Number=6884
Confirmed=N
Filename=muamgr.exe
Description=Using <a href="http://www.microangelo.us/" target="_blank">MicroAngelo</a> On Display, you can easily select the icon images that you prefer rather than the default icons displayed by Windows. On Display provides a consistent and elegant method to customize the icon display for almost every icon on your system
Source=Paul Collins Startup list

[Mufix]
Number=6885
Confirmed=?
Filename=mufix.exe
Description=Part of INFOConnect, web-based, enterprise client configuration, management, and deployment software, as used by ABSS (a financial management system used by the US military which will allow purchase request packages to be electronically submitted to contracting, and which also facilitates electronic receipt of items and EFT) - <font color="#FF0000">what does it do and is it required</font>
Source=Paul Collins Startup list

[mule_st_key]
Number=6886
Confirmed=X
Filename=flec006.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BAGLE.AV" target="_blank">BAGLE.AV</a> TROJAN!
Source=Paul Collins Startup list

[Multi-function keyboard]
Number=6887
Confirmed=U
Filename=GWHotkey.exe
Description=Software that sets up the Gateway AnyKey keyboard shortcuts (a series of buttons that allow one-click access to e-mail, browser, volume and CD/DVD controls, etc)
Source=Paul Collins Startup list

[MultiCAM Initializer]
Number=6888
Confirmed=U
Filename=MCamBoot.exe
Description=The MultiCAM Initializer is part of the MultiCAM software package provided by <a href="http://www.vistaimaging.com/multicam.htm" target="_blank">Vista Imaging</a> in order to run up to 10 USB ViCAM or 3Com Home Connect PC Digital cameras on a single computer. Clears itself from memory once initialized but can also be safely disabled
Source=Paul Collins Startup list

[Multimedia Codecs]
Number=6889
Confirmed=X
Filename=mcc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadermb.html" target=_blank>DLOADER-MB</a> TROJAN!
Source=Paul Collins Startup list

[Multimedia extensions]
Number=6890
Confirmed=X
Filename=mservice.exe
Description=<a href="http://sarc.com/avcenter/venc/data/adware.easysearch.html" target=_blank>EasySearch</a> adware
Source=Paul Collins Startup list

[Multimedia extensions]
Number=6891
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojSMUTSRCHa.html" target=_blank>SMUTSRCH-A</a> TROJAN!
Source=Paul Collins Startup list

[Multimedia extensions]
Number=6892
Confirmed=X
Filename=mservice1.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadrawd.html" target="_blank">DLOADR-AWD</a> TROJAN!
Source=Paul Collins Startup list

[Multimedia KBD]
Number=6893
Confirmed=U
Filename=MMKeybd.exe
Description=Multimedia keyboard manager. Required if you use the additional keys
Source=Paul Collins Startup list

[MULTIMEDIA KEYBOARD]
Number=6894
Confirmed=U
Filename=MMKeybd.exe
Description=Multimedia keyboard manager. Required if you use the additional keys
Source=Paul Collins Startup list

[multiran]
Number=6895
Confirmed=X
Filename=multiran.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcosiame.html" target=_blank>COSIAM-E</a> TROJAN!
Source=Paul Collins Startup list

[MultiRes]
Number=6896
Confirmed=U
Filename=MultiRes.exe
Description=<a href="http://www.entechtaiwan.com/" target="_blank">MultiRes</a> - system tray utility allowing quick access to changing desktop resolutions and has the ability to lock the screen refresh rate in WinNT/2K/XP
Source=Paul Collins Startup list

[MUPS]
Number=6897
Confirmed=U
Filename=MUPS.exe
Description=Lauches the <a href="http://www.belkin.com/" target="_blank">Belkin</a> Bulldog Plus Service - required if you want to access the UPS advanced functions
Source=Paul Collins Startup list

[murphy shield]
Number=6898
Confirmed=Y
Filename=lmgui.exe
Description=Firewall part of <a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> virus scanner/firewall
Source=Paul Collins Startup list

[Music01 Server]
Number=6899
Confirmed=N
Filename=Music01 Server.exe
Description=J River <a target="_blank" href="http://www.musicex.com/mediajukebox/">Media Jukebox</a>
Source=Paul Collins Startup list

[MusIRC (irc.music.com) client]
Number=6900
Confirmed=X
Filename=musirc4.71.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDEX.Q" target=_blank>RANDEX.Q</a> WORM!
Source=Paul Collins Startup list

[Mustek MDC 3000]
Number=6901
Confirmed=?
Filename=Mounter.exe
Description=Related to software for the Mustek <a href="http://www.ciao.co.uk/Mustek_MDC_3000__5303302" target="_blank">MDC 3000</a> digital camera - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list

[MutexServiceEx]
Number=6902
Confirmed=N
Filename=Sys32Smm.exe
Description=Webroot Sofware's discontinued "Privacy Master"
Source=Paul Collins Startup list

[MVRescue]
Number=6903
Confirmed=U
Filename=mvrescue
Description=Related to Multivision Computers back up/restore program. Multivision Computers ceased operating in 2004

Source=Paul Collins Startup list

[mvsyswina]
Number=6904
Confirmed=X
Filename=acsysiom.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[MW1HelperStartUp]
Number=6905
Confirmed=U
Filename=Mw1helper.exe
Description=ScreenScenes "Magic Waterfall" screensaver. The freeware version comes with <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Claria.GAIN.CommonElements&threatid=5605" target="_blank">GAIN</a> branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
Source=Paul Collins Startup list

[MW1HelperStartUp]
Number=6906
Confirmed=U
Filename=MW1HEL~1.EXE
Description=ScreenScenes "Magic Waterfall" screensaver. The freeware version comes with <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Claria.GAIN.CommonElements&threatid=5605" target="_blank">GAIN</a> branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
Source=Paul Collins Startup list

[mwavscan]
Number=6907
Confirmed=U
Filename=mwavscan.com
Description=MicroWorld Anti Virus Toolkit is a free anti-virus scanner that runs on-demand. You can choose to scan your entire system, including memory, services, starup items and registry, or only scan files in a specified folder or drive
Source=Paul Collins Startup list

[MWLExe]
Number=6908
Confirmed=U
Filename=MwlGui.exe
Description=Part of McAfee <a href="http://us.mcafee.com/root/package.asp?pkgid=278" target="_blank">Wireless Protection</a> for Wi-Fi users
Source=Paul Collins Startup list

[MWProEng]
Number=6909
Confirmed=N
Filename=MWProEng.exe
Description=Logitech Mouseware Pro software - only required when using special functions
Source=Paul Collins Startup list

[MWSnap]
Number=6910
Confirmed=N
Filename=MWSnap.exe
Description=<a href="http://www.mirekw.com/winfreeware/mwsnap.html" target="_blank">MWSnap</a> - screen capture utility. Start manually when required
Source=Paul Collins Startup list

[mwsoemon]
Number=6911
Confirmed=X
Filename=mwsoemon.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MyWebSearch%20Toolbar&threatid=14137" target="_blank">MyWebSearch</a> parasite
Source=Paul Collins Startup list

[Mwsvm]
Number=6912
Confirmed=X
Filename=mwsvm.exe
Description=SeekSeek search hijacker related - see <a href="http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW_SECTHOUGHT.A&VSect=Sn" target=_blank>here</a>

Source=Paul Collins Startup list

[mxb2]
Number=6913
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ixbotg.html" target=_blank>IXBOT-G</a> WORM!

Source=Paul Collins Startup list

[MxHLp32]
Number=6914
Confirmed=X
Filename=MxHLp32.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_VAGRNOCK.12" target="_blank">VAGRNOCKER</a> TROJAN!
Source=Paul Collins Startup list

[MXO Auto Loader]
Number=6915
Confirmed=U
Filename=MXOaldr.exe
Description=Maxtor includes a driver to bypass the Windows certified drivers check just when it detects an external drive. MXOaldr.exe is installed with the new driver and if disabled the button on a Maxtor OneTouch External Store no longer functions
Source=Paul Collins Startup list

[MXOBG]
Number=6916
Confirmed=U
Filename=MXOALDR.EXE
Description=Maxtor includes a driver to bypass the Windows certified drivers check just when it detects an external drive. MXOaldr.exe is installed with the new driver and if disabled the button on a Maxtor OneTouch External Store no longer functions
Source=Paul Collins Startup list

[mxomssmenu]
Number=6917
Confirmed=?
Filename=maxmenumgr.exe
Description=Related to <a href="http://www.maxtor.com/" target="_blank">Maxtor's</a> One Touch series of external hard drives. <font color="#FF0000">What does it do and is it required?</a>
Source=Paul Collins Startup list

[MxRunner]
Number=6918
Confirmed=U
Filename=MxRunner.exe
Description=EasyUninstall from Aladdin Systems (formerly by Ontrack)
Source=Paul Collins Startup list

[My Agent]
Number=6919
Confirmed=X
Filename=msagent.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NEGASMS.A" target="_blank">NEGASMS.A</a> TROJAN!
Source=Paul Collins Startup list

[My App]
Number=6920
Confirmed=X
Filename=SMSSvc.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NEGASMS.A" target="_blank">NEGASMS.A</a> TROJAN!
Source=Paul Collins Startup list

[My Search Bar Eq]
Number=6921
Confirmed=X
Filename=S4BAREQ.EXE
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453090717" target="_blank">MySearch</a> parasite

Source=Paul Collins Startup list

[My Web Search Bar]
Number=6922
Confirmed=X
Filename=MWSBAR.DLL
Description=<a href="http://www.spyany.com/files/Mwsbar_dll.html" target="_blank">MyWay</a> - an IE Browser Helper Object used by adware WebSearch to add an IE toolbar to provide search features, and hijack browser search requests to its controlling servers run by MyWay
Source=Paul Collins Startup list

[My-disgo]
Number=6923
Confirmed=U
Filename=MyKey disgo.exe
Description=Related to <a href="http://www.mydisgo.com/" target="_blank">disgo</a> pro. Program will synchronize data
Source=Paul Collins Startup list

[MyAccessMedia]
Number=6924
Confirmed=X
Filename=tmp**.exe [* = random char/digit]
Description=My AccessMedia toolbar related, stealth installed!
Source=Paul Collins Startup list

[MyAgtTry]
Number=6925
Confirmed=U
Filename=MyAgtTry.exe
Description=System tray notification for McAfee <a href="http://www.mcafeeasap.com/content/virusscan_asap/default.asp" target="_blank">VirusScan ASaP</a> on-line scanner. Not required to be protected but you lose notifications
Source=Paul Collins Startup list

[Myapp]
Number=6926
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092617-0957-99" target="_blank">FATEE.B</a> WORM!
Source=Paul Collins Startup list

[Myapp]
Number=6927
Confirmed=X
Filename=service.exe
Description=Homepage hijacker
Source=Paul Collins Startup list

[MyAV]
Number=6928
Confirmed=X
Filename=avpguard.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-030815-2837-99" target="_blank">NETSKY.J</a> WORM!
Source=Paul Collins Startup list

[MyCIO Agent Service]
Number=6929
Confirmed=Y
Filename=myagtsvc.exe
Description=McAfee <a href="http://www.mcafeeasap.com/content/virusscan_asap/default.asp" target="_blank">VirusScan ASaP</a> Agent service
Source=Paul Collins Startup list

[myCIO.com ASaP]
Number=6930
Confirmed=U
Filename=MyAgtTry.exe
Description=System tray notification for McAfee <a href="http://www.mcafeeasap.com/content/virusscan_asap/default.asp" target="_blank">VirusScan ASaP</a> on-line scanner. Not required to be protected but you lose notifications
Source=Paul Collins Startup list

[myCIO.com Splash]
Number=6931
Confirmed=N
Filename=Splash.exe
Description=Splash screen for McAfee <a href="http://www.mcafeeasap.com/content/virusscan_asap/default.asp" target="_blank">VirusScan ASaP</a> on-line scanner
Source=Paul Collins Startup list

[MyCometCursor]
Number=6932
Confirmed=X
Filename=MYCOME~1.EXE
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Comet%20Cursor&threatid=29168" target=_blank>Comet Cursor</a> adware
Source=Paul Collins Startup list

[MyDailyHoroscope]
Number=6933
Confirmed=X
Filename=MYDAIL~1.EXE
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-090414-4356-99" target="_blank">MyDailyHoroscope</a> foistware
Source=Paul Collins Startup list

[MyDailyHoroscope]
Number=6934
Confirmed=X
Filename=MyDailyHoroscope.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-090414-4356-99" target="_blank">MyDailyHoroscope</a> foistware
Source=Paul Collins Startup list

[MyEmoticons]
Number=6935
Confirmed=U
Filename=MYEMOTICONS.EXE
Description=<a href="http://www.myemoticons.com/" target=_blank>MyEmoticons</a> from Persona Ltd - add icons (emoticons) to your E-mail

Source=Paul Collins Startup list

[MyFastAccess]
Number=6936
Confirmed=X
Filename=myfastupdate.exe
Description=My-Fast-Access toolbar updater
Source=Paul Collins Startup list

[myhuy]
Number=6937
Confirmed=X
Filename=huy.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32blasterc.html" target=_blank>BLASTER-C</a> WORM!
Source=Paul Collins Startup list

[myhuy]
Number=6938
Confirmed=X
Filename=huy2.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32blasterl.html" target=_blank>BLASTER-L</a> WORM!
Source=Paul Collins Startup list

[MyIE.exe]
Number=6939
Confirmed=U
Filename=MyIE.exe
Description=<a href="http://www.myie2.com/html_en/home.htm" target="_blank">MyIE2/Maxthon</a> browser related
Source=Paul Collins Startup list

[MyLife]
Number=6940
Confirmed=X
Filename=CmdServ.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOLAR.A" target="_blank">HOLAR.A</a> WORM!
Source=Paul Collins Startup list

[myMh2]
Number=6941
Confirmed=X
Filename=iexpl0re.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DELF.FAI" target="_blank">DELF.FAI</a> TROJAN!
Source=Paul Collins Startup list

[myNetWatchman]
Number=6942
Confirmed=U
Filename=nwclient.exe
Description=Sends your firewall alerts to a <a href="http://www.mynetwatchman.com/" target="_blank">website</a>, which then filters them and forwards details of suspicious activities to the host ISP they originated from. Only needs to be running when your firewall is running
Source=Paul Collins Startup list

[MyPointsPointAlert]
Number=6943
Confirmed=X
Filename=wjview ...MyPointsPointAlertrun.exe
Description="With MyPoints you can earn rewards from name-brand merchants. You can even earn vacations and frequent flyer miles". Dubious privacy policy
Source=Paul Collins Startup list

[MyPopupKiller]
Number=6944
Confirmed=U
Filename=mpk.exe
Description=<a href="http://www.nirsoft.net/utils/mpk.html" target=_blank>MyPopupKiller</a> - popup killer

Source=Paul Collins Startup list

[myprint mileage]
Number=6945
Confirmed=U
Filename=mpm.exe
Description=Reports battery status on a portable printer
Source=Paul Collins Startup list

[Mysee Alert]
Number=6946
Confirmed=X
Filename=Mysee Alert.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MySee%20Alert&threatid=45751" target="_blank">MySee Alert</a> adware
Source=Paul Collins Startup list

[MyShares]
Number=6947
Confirmed=X
Filename=MyShares.exe
Description=<a href="http://www.sophos.com/virusinfo/analyses/ehu.html" target="_blank">EHU</a> adware
Source=Paul Collins Startup list

[MySLScan]
Number=6948
Confirmed=X
Filename=msvc32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forboteh.html" target=_blank>FORBOT-EH</a> WORM!
Source=Paul Collins Startup list

[mysoft]
Number=6949
Confirmed=X
Filename=winexplor.exe
Description=Browser hijacker, also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpajr.html" target= blank>STARTPA-JR</a> TROJAN!
Source=Paul Collins Startup list

[MySoftware NewsFlash]
Number=6950
Confirmed=N
Filename=Newsflsh.exe
Description=Runs in your task bar and receives alerts and release information on <a href="http://www.avanquestusa.com/products/mysoftware/default.asp" target="_blank">MySoftware</a> products from Avenquest
Source=Paul Collins Startup list

[MySpaceIM]
Number=6951
Confirmed=N
Filename=MySpaceIM.exe
Description=<a href="http://collect.myspace.com/index.cfm?fuseaction=im.download" target="_blank">MySpaceIM</a> internet messenger
Source=Paul Collins Startup list

[mysvcig38]
Number=6952
Confirmed=X
Filename=mysvcc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfou.html" target="_blank">RBOT-FOU</a> WORM!
Source=Paul Collins Startup list

[mysvcig38]
Number=6953
Confirmed=X
Filename=recsl.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfou.html" target="_blank">RBOT-FOU</a> WORM!
Source=Paul Collins Startup list

[MyTam]
Number=6954
Confirmed=X
Filename=MyTam.exe
Description=<a href="http://spywarefiles.prevx.com/RRHJEF27863284/MYTAM.EXE.html" target="_blank">Covert Sys Exec</a> malware variant
Source=Paul Collins Startup list

[MytekSystrayExePath]
Number=6955
Confirmed=U
Filename=MyTekSystray.exe
Description=<a href="http://www.mytek.com.au/" target="_blank">MyTek</a> system tray - web site providing computer tech support in Australia
Source=Paul Collins Startup list

[MyTotalSearch Email Plugin]
Number=6956
Confirmed=X
Filename=mtsoemon.exe
Description=<a href="http://www.spynet.com/spyware/spyware-My-Total-Search-Toolbar.aspx" target=_blank>MyTotalSearchBar</a> adware
Source=Paul Collins Startup list

[MyVBApp]
Number=6957
Confirmed=X
Filename=SysNT.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/adware.referad.html" target=_blank>ReferAd</a> adware
Source=Paul Collins Startup list

[MyVBApp]
Number=6958
Confirmed=X
Filename=install.exe
Description=Detected as Generic Downloader.s by McAfee, probable variant of <a href="http://www.sarc.com/avcenter/venc/data/adware.referad.html" target=_blank>ReferAd</a> adware!
Source=Paul Collins Startup list

[MyVBApp]
Number=6959
Confirmed=X
Filename=setup.exe
Description=Recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as the Clicker.Win32.VB.kb TROJAN! File location is in the Root folder (C:\), (D:\), etc
Source=Paul Collins Startup list

[MyVirt.exe]
Number=6960
Confirmed=X
Filename=MyVirt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojremadmc.html" target=_blank>REMADM-C</a> TROJAN!

Source=Paul Collins Startup list

[MyVitalAgent]
Number=6961
Confirmed=U
Filename=VtlAgent.exe
Description=<a href="http://www.lucent.com/solutions/netops_enter.html" target=_blank>MyVitalAgent</a> from Lucent Technologies. Replacement for Net.Medic, monitoring all popular internet transactions and alerting the user of the location of connection problems. Available via Start -> Programs

Source=Paul Collins Startup list

[MyWebSearch Email Plugin]
Number=6962
Confirmed=X
Filename=mwsoemon.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MyWebSearch%20Toolbar&threatid=14137" target="_blank">MyWebSearch</a> parasite
Source=Paul Collins Startup list

[N2PTray]
Number=6963
Confirmed=U
Filename=Net2fone.exe
Description=An Internet telephony application. Needed only if you have an account at <a href="http://web.net2phone.com/" target="_blank">Net2Phone, Inc</a>
Source=Paul Collins Startup list

[NADaemon]
Number=6964
Confirmed=N
Filename=NADAEMON.EXE
Description=Program by NetActive which appears to be piggybacked onto some Nvidia graphics cards software. They seem to look after "digital rights management". One user reports disabling it has no detrimental affect - not required
Source=Paul Collins Startup list

[Naggerrunkey]
Number=6965
Confirmed=N
Filename=nagger.exe
Description=Packard Bell Free Internet Signup screen
Source=Paul Collins Startup list

[Naimagent_service]
Number=6966
Confirmed=Y
Filename=EPOAgentnaimas32.exe
Description=Networked version of McAfee VirusScan. Installs, configures and updates the software and DAT (virus definition) files on local computers from a network server. A resource hog but required for DAT updates and if disabled can also cause random freezes and error messages
Source=Paul Collins Startup list

[Naimagent_UI]
Number=6967
Confirmed=Y
Filename=EPOAgentnaimag32.exe
Description=Workstation background program for Network Associates McAfee ePolicy Orchestrator - a network management tool for enforcing antivirus protection of the workstations using system policies. Works with both McAfee and Norton AntiVirus. NAIMAG32 and NAIMAS32 communicate with the ePolicy Orchestrator processes on the network fileserver to check for virus updates or for the need to perform a virus scan
Source=Paul Collins Startup list

[Naimagent_UI]
Number=6968
Confirmed=Y
Filename=naimag32.exe
Description=Workstation background program for Network Associates McAfee ePolicy Orchestrator - a network management tool for enforcing antivirus protection of the workstations using system policies. Works with both McAfee and Norton AntiVirus. NAIMAG32 and NAIMAS32 communicate with the ePolicy Orchestrator processes on the network fileserver to check for virus updates or for the need to perform a virus scan
Source=Paul Collins Startup list

[Name]
Number=6969
Confirmed=X
Filename=Iexplorer0.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-011013-2241-99" target="_blank">THREADSYS</a> TROJAN!
Source=Paul Collins Startup list

[Name Server]
Number=6970
Confirmed=X
Filename=mswins.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[NAMEDPIPE SYSTEM]
Number=6971
Confirmed=X
Filename=namedpipe.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobfh.html" target=_blank>MYTOB-FH</a> TROJAN!
Source=Paul Collins Startup list

[nano]
Number=6972
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojnanoa.html" target=_blank>NANO-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[NAP32]
Number=6973
Confirmed=X
Filename=NAP32.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list

[Narrator]
Number=6974
Confirmed=X
Filename=******.exe [* = random char]
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=43264" target=_blank>QOOLOGIC</a> TROJAN!
Source=Paul Collins Startup list

[Narrator]
Number=6975
Confirmed=U
Filename=Narrator.exe
Description=Associated with the Narrator accessibility feature on Windows XP. It is used to convert text to speech
Source=Paul Collins Startup list

[Natal]
Number=6976
Confirmed=X
Filename=Natal.scr
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010716-2851-99" target="_blank">OPASERV.AE</a> WORM!
Source=Paul Collins Startup list

[NAV]
Number=6977
Confirmed=X
Filename=RuxDLL32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-083013-5647-99" target="_blank">MAPSON.D</a> WORM!
Source=Paul Collins Startup list

[NAV Agent]
Number=6978
Confirmed=Y
Filename=navapw32.exe
Description=Norton Anti-Virus's background scanning process 
Source=Paul Collins Startup list

[nAv AGENT]
Number=6979
Confirmed=X
Filename=N/A
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090917-5916-99" target="_blank">RIOSYS</a> MACRO! Note the lower-case "n" and "v" in the name as this is not the valid Norton AntiVirus entry of the same name - indeed it closes Norton AV processes
Source=Paul Collins Startup list

[NAV Agent]
Number=6980
Confirmed=X
Filename=systems.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032016-1636-99" target="_blank">TARNO.C</a> TROJAN! Note - this is not the valid Norton Antivirus entry of the same name
Source=Paul Collins Startup list

[NAV Agent]
Number=6981
Confirmed=X
Filename=winsnav.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-0016-99" target=_blank>ANPES</a> WORM!
Source=Paul Collins Startup list

[NAV Agent]
Number=6982
Confirmed=X
Filename=wmilib32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbxu.html" target=_blank>VB-XU</a> TROJAN!
Source=Paul Collins Startup list

[NAV Auto Prot]
Number=6983
Confirmed=X
Filename=navprot1.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ZAC" target="_blank">RBOT.ZAC</a> WORM!
Source=Paul Collins Startup list

[NAV Auto Protect]
Number=6984
Confirmed=X
Filename=msfwe1.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[NAV Auto Protect]
Number=6985
Confirmed=X
Filename=navprotect.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[NAV Auto Protect]
Number=6986
Confirmed=X
Filename=dnsserv.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[NAV Auto Protect]
Number=6987
Confirmed=X
Filename=mcafee32.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[NAV Auto Update]
Number=6988
Confirmed=X
Filename=Navautoupdate.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[NAV Auto Updates]
Number=6989
Confirmed=X
Filename=csrssp.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[NAV Auto Updates]
Number=6990
Confirmed=X
Filename=navwindows.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[NAV Auto Updates]
Number=6991
Confirmed=X
Filename=slserves.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[NAV Auto Updates]
Number=6992
Confirmed=X
Filename=navupdaters.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotun.html" target=_blank>RBOT-UN</a> WORM!
Source=Paul Collins Startup list

[NAV Auto Updates]
Number=6993
Confirmed=X
Filename=navupdaterx.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[NAV CfgWiz]
Number=6994
Confirmed=N
Filename=cfgwiz.exe
Description=Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it
Source=Paul Collins Startup list

[NAV Configuration Wizard]
Number=6995
Confirmed=N
Filename=cfgwiz.exe
Description=Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it
Source=Paul Collins Startup list

[NAV DefAlert]
Number=6996
Confirmed=U
Filename=DefAlert.exe
Description=Norton Anti-Virus Definitions Alert. Warns you if virus definitions are out of date. Leave enabled unless you manually update virus definitions on a regular basis
Source=Paul Collins Startup list

[NAV Live Update]
Number=6997
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-050118-3243-99" target="_blank">DEBORMS.C</a> WORM! Note - this is not a valid Norton Anti-Virus (NAV) function from Symantec
Source=Paul Collins Startup list

[NAV Scan Service]
Number=6998
Confirmed=X
Filename=NAVSCAN32.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.VG" target="_blank">SDBOT.VG</a> WORM!
Source=Paul Collins Startup list

[NavAgent32]
Number=6999
Confirmed=X
Filename=lasvr32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-071515-5912-99" target="_blank">FEMOT.D</a> WORM!
Source=Paul Collins Startup list

[NavAgent32]
Number=7000
Confirmed=X
Filename=SCardSvr32.Exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MOFEI.B" target="_blank">MOFEI.B</a> WORM!
Source=Paul Collins Startup list

[navapp]
Number=7001
Confirmed=X
Filename=navapp.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453074928" target="_blank">NavExcel</a> adware variant

Source=Paul Collins Startup list

[navapw32]
Number=7002
Confirmed=Y
Filename=navapw32.exe
Description=Norton Anti-Virus's background scanning process 
Source=Paul Collins Startup list

[NAVCheck]
Number=7003
Confirmed=X
Filename=navchk.exe
Description=Premium rate adult content dialer
Source=Paul Collins Startup list

[NAVCheck]
Number=7004
Confirmed=X
Filename=shman.exe
Description=Premium rate adult content dialer
Source=Paul Collins Startup list

[Naviscope]
Number=7005
Confirmed=U
Filename=naviscope.exe
Description=<a href="http://naviscope.com/" target="_blank">Naviscope</a> is a multipurpose browser enhancement that can speed up Web searches, lock out cookies, examine HTML send/receive headers, provide single-click network diagnostics, and much more
Source=Paul Collins Startup list

[NaviSearch]
Number=7006
Confirmed=X
Filename=nls.exe
Description=NaviSearch, eXact Advertising variant
Source=Paul Collins Startup list

[NavLoad]
Number=7007
Confirmed=N
Filename=NAVBrowser.exe
Description=Registration reminder for CorelDRAW 10
Source=Paul Collins Startup list

[navman_20]
Number=7008
Confirmed=X
Filename=sysnav32.exe
Description=Hijacker, possibly a <a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list

[NAVMD25]
Number=7009
Confirmed=?
Filename=UpdtNv28.exe
Description=Added by Symantec for updating the MicroDefs for their AV products - <font color=#FF0000>is it required?</font>

Source=Paul Collins Startup list

[NAVNet]
Number=7010
Confirmed=X
Filename=***.tmp [* = random digit]
Description=Unidentified adware
Source=Paul Collins Startup list

[navp.exe]
Number=7011
Confirmed=X
Filename=navp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotoe.html" target=_blank>AGOBOT-OE</a> WORM!
Source=Paul Collins Startup list

[NavPass]
Number=7012
Confirmed=X
Filename=NavPass.exe
Description=Free system for gaining access to and downloading from adult content web-sites
Source=Paul Collins Startup list

[NavScan]
Number=7013
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102917-0924-99" target="_blank">OBSORB</a> TROJAN!
Source=Paul Collins Startup list

[NAVSCAN32.EXE]
Number=7014
Confirmed=X
Filename=NAVSCAN32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotdo.html" target=_blank>SDBOT-DO</a> WORM!
Source=Paul Collins Startup list

[NAVSCANNER32]
Number=7015
Confirmed=X
Filename=NAVSCANNER32.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.QC" target="_blank">RBOT.QC</a> WORM!
Source=Paul Collins Startup list

[NAVUpd]
Number=7016
Confirmed=X
Filename=rundll32.exe navupd.dll, Startup
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082117-0007-99" target="_blank">NAVU</a> TROJAN!
Source=Paul Collins Startup list

[NAV_Update]
Number=7017
Confirmed=X
Filename=NAV_Update.exe
Description=Unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[nawadll32]
Number=7018
Confirmed=X
Filename=nawadll32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzi.html" target=_blank>SDBOT-ZI</a> WORM!
Source=Paul Collins Startup list

[nawdll32]
Number=7019
Confirmed=X
Filename=nawdll32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzm.html" target=_blank>SDBOT-ZM</a> WORM!
Source=Paul Collins Startup list

[NB Common Dialog Enhancements]
Number=7020
Confirmed=N
Filename=COMDLGEX.EXE
Description=Part of McAfee Nuts &amp; Bolts. With Common Dialog Enhancements, you can add MRU list box to open dialogs
Source=Paul Collins Startup list

[NB Start Menu]
Number=7021
Confirmed=N
Filename=STARTM.EXE
Description=Part of McAfee Nuts &amp; Bolts. Provides the same control as MSCONFIG and can be used instead if you have N&amp;B
Source=Paul Collins Startup list

[NB Windows Patterns]
Number=7022
Confirmed=N
Filename=WINDBKGND.EXE
Description=Part of McAfee Nuts &amp; Bolts. With Background Patterns, you can change background patterns of wizard and dialog windows
Source=Paul Collins Startup list

[NBJ]
Number=7023
Confirmed=U
Filename=NBJ.exe
Description=Ahead Nero BackItUp - backup program. Only required for if you have scheduled back-ups
Source=Paul Collins Startup list

[NbkCtrl]
Number=7024
Confirmed=U
Filename=NbkCtrl.exe
Description=Scheduling engine of <a href="http://www.no-panic.com/backup/n_backup.html" target="_blank"> NovaSTOR Backup</a> Service. Only required if scheduling is enabled and wanted - see <a href="http://www.no-panic.com/backup/tech_supt/nbackup7_commandline.html" target="_blank"> here</a>
Source=Paul Collins Startup list

[NBKeyScan]
Number=7025
Confirmed=U
Filename=NBKeyScan.exe
Description=This tool comes with a special version of <a href="http://www.nero.com/nero7/eng/Nero_BackItUp_2.html" target="_blank">Nero BackItUp</a> for some external harddisks. Controls two buttons on the drive - one button power off the drive and the other directly calls Nero BackItUp to make a quick backup
Source=Paul Collins Startup list

[NBT System alias]
Number=7026
Confirmed=X
Filename=[path] repcale.exe [path] beird.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDON.AN" target="_blank">RANDON.AN</a> WORM!
Source=Paul Collins Startup list

[nbustrce1D]
Number=7027
Confirmed=?
Filename=nbustrce1D.exe
Description=Device driver, possibly CD/DVD - <font color="#FF0000">what exactly is it and is it required in startup?</font>
Source=Paul Collins Startup list

[NC1565]
Number=7028
Confirmed=X
Filename=winntsrv -l -p10001 -d -e cmd.exe -L
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/vbsnewleya.html" target=_blank>NEWLEY-A</a> WORM!
Source=Paul Collins Startup list

[Ncao]
Number=7029
Confirmed=X
Filename=osoa.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[Ncao]
Number=7030
Confirmed=X
Filename=urpo.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target=_blank>PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[NCClient]
Number=7031
Confirmed=?
Filename=N/A
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[NCD]
Number=7032
Confirmed=N
Filename=ncd.exe
Description=Norton Change Directory - from the DOS days that allows the user to change directories on their machine without typing the complete path
Source=Paul Collins Startup list

[NCLAUNCH]
Number=7033
Confirmed=?
Filename=NCLAUNCH.exe
Description=Part of SWF Studio from <a href="http://www.northcode.com/index.php" target="_blank">Northcode Inc.</a> - an extension to Flash. Bundled when you create a self-installing screen-saver on Win2K/XP. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list

[nClient]
Number=7034
Confirmed=X
Filename=cnen.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotal.html" target="_blank">DELBOT-AL</a> WORM!
Source=Paul Collins Startup list

[NCS_SS]
Number=7035
Confirmed=N
Filename=Csinsm32.exe
Description=Same as CleanSweep Smart Sweep-Internet Sweep
Source=Paul Collins Startup list

[NDAv]
Number=7036
Confirmed=X
Filename=csnss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031500-0556-99" target=_blank>SERFLOG.C</a> WORM!
Source=Paul Collins Startup list

[NDAv]
Number=7037
Confirmed=X
Filename=svhost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031500-0556-99" target=_blank>SERFLOG.C</a> WORM!
Source=Paul Collins Startup list

[NDDEAGNT]
Number=7038
Confirmed=?
Filename=NDDEAGNT.EXE
Description=WinNT default process. Network Dynamic Data Exchange (DDE) Agent, handles requests for network DDE services
Source=Paul Collins Startup list

[NDIS Adapter]
Number=7039
Confirmed=X
Filename=ndis.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.VF&VSect=T" target="_blank">SDBOT.VF</a> WORM!
Source=Paul Collins Startup list

[NDIS Adapter]
Number=7040
Confirmed=X
Filename=windows.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbr.html" target=_blank>FORBOT-BR</a> WORM!

Source=Paul Collins Startup list

[NDIS Adapter]
Number=7041
Confirmed=X
Filename=lsass2.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.CW&VSect=P" target=_blank>WOOTBOT.CW</a> WORM!
Source=Paul Collins Startup list

[NDIS Adapter]
Number=7042
Confirmed=X
Filename=servenxpp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotgp.html" target= blank>FORBOT-GP</a> WORM!
Source=Paul Collins Startup list

[ndlhosta]
Number=7043
Confirmed=X
Filename=uiremsyl.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Ndpldaemon]
Number=7044
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rpcsdbota.html" target=_blank>RPCSDBOT-A</a> TROJAN!
Source=Paul Collins Startup list

[NDplDeamon]
Number=7045
Confirmed=X
Filename=nstask32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081213-3232-99" target="_blank">RANDEX.E</a> WORM!
Source=Paul Collins Startup list

[NDplDeamon]
Number=7046
Confirmed=X
Filename=winlogin.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081213-3232-99" target="_blank">RANDEX.E</a> WORM!
Source=Paul Collins Startup list

[NDPS]
Number=7047
Confirmed=U
Filename=DPMW32.EXE
Description=Novell Distributed Printer Services - part of Novell's <a href="http://www.novell.com/products/netware/" target="_blank">Netware</a> Client and <a href="http://www.novell.com/products/groupwise/" target="_blank"> Groupwise</a> products. Not required if you don't use this feature
Source=Paul Collins Startup list

[NDrv]
Number=7048
Confirmed=X
Filename=NDrv.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[NDSTray]
Number=7049
Confirmed=U
Filename=NDSTray.exe
Description=ConfigFree Tray on a Toshiba laptop. Tray utility for their network switching application which permits switching network devices and settings with a click on the tray icon. While it is not required, for people who span multiple networks and want an easy way to go from wired to wireless and change addresses and other network settings, it's a must have
Source=Paul Collins Startup list

[NDSTray.exe]
Number=7050
Confirmed=U
Filename=NDSTray.exe
Description=ConfigFree Tray on a Toshiba laptop. Tray utility for their network switching application which permits switching network devices and settings with a click on the tray icon. While it is not required, for people who span multiple networks and want an easy way to go from wired to wireless and change addresses and other network settings, it's a must have
Source=Paul Collins Startup list

[Ndtstat]
Number=7051
Confirmed=X
Filename=Ndtstat.exe
Description=Added by a variant of the BANLOAD family of TROJANS!
Source=Paul Collins Startup list

[Necbar]
Number=7052
Confirmed=N
Filename=Necbar.exe
Description=Nec Assistant; Ark's Navigator, a graphical interface for NEC computers
Source=Paul Collins Startup list

[NECMFK]
Number=7053
Confirmed=Y
Filename=necmfk.exe
Description=NEC wireless keyboard driver
Source=Paul Collins Startup list

[Necutray]
Number=7054
Confirmed=U
Filename=Necutray.exe
Description=Driver for external USB storage devices (hard drives, flsh disks, etc)
Source=Paul Collins Startup list

[neqprvfy.exe]
Number=7055
Confirmed=?
Filename=neqprvfy.exe
Description=<font color="#FF0000">Appears to be related to the downloading of some application - possibly verifying updates?</font>
Source=Paul Collins Startup list

[Nero]
Number=7056
Confirmed=X
Filename=shch.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooreb.html" target= blank>EB</a> TROJAN!
Source=Paul Collins Startup list

[Nero Checker]
Number=7057
Confirmed=X
Filename=nerocheck.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojproxyx.html" target=_blank>PROXY-X</a> TROJAN! Note - this is not related to "Nero Burning Rom" CD writing software
Source=Paul Collins Startup list

[Nero DriveSpeed]
Number=7058
Confirmed=N
Filename=DRIVESPEED.EXE
Description=Ahead <a href="http://www.nero.com/nero7/eng/Nero_Toolkit_Features.html" target=_blank>Nero DriveSpeed</a> - set the CD reading speed of a CD/DVD drive on-the-fly to reduce the noise on high-speed drives

Source=Paul Collins Startup list

[Nero Updater.6.12]
Number=7059
Confirmed=X
Filename=wmp9.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotaag.html" target=_blank>AGOBOT-AAG</a> WORM!
Source=Paul Collins Startup list

[Nero.ma]
Number=7060
Confirmed=X
Filename=***.exe [*** = 2 to 3 digits]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090509-3811-99" target="_blank">JONBARR.D</a> WORM!
Source=Paul Collins Startup list

[NeroAutoStartClient]
Number=7061
Confirmed=X
Filename=NeroASM.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.VG&VSect=T" target=_blank>AGOBOT.VG</a> WORM!
Source=Paul Collins Startup list

[NeroCheck]
Number=7062
Confirmed=U
Filename=nerocheck.exe
Description=Associated with &quot;Nero Burning Rom&quot; CD writing software. Checks for driver issues
Source=Paul Collins Startup list

[NeroCheck]
Number=7063
Confirmed=X
Filename=regedit.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-021110-1955-99" target=_blank>DOOMJUICE.B</a> WORM! Note - this is not the valid Ahead Nero CD/DVD burning program. Also, it is not the valid Windows registry editor which resides in Windows or Winnt and will not figure in Msconfig/Startup! This version resides in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[NeroFil]
Number=7064
Confirmed=X
Filename=NeroFil.EXE
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=47970" target="_blank">RBOT.EAM</a> TROJAN!
Source=Paul Collins Startup list

[NeroFilterCheck]
Number=7065
Confirmed=U
Filename=NeroCheck.exe
Description=Associated with &quot;Nero Burning Rom&quot; CD writing software. Checks for driver issues
Source=Paul Collins Startup list

[NeroHomeFirstStart]
Number=7066
Confirmed=U
Filename=NMFirstStart.exe
Description=Associated with <a href="http://www.nero.com/nero7/eng/Nero_Scout.html" target="_blank">Nero Scout</a>, added by version 7 of the Nero digital media suite (CD & DVD burning, authoring, etc). Thanks to Help2Go.com, if you feel this is draining more resources that necessary you can disable it by <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=58686" target="_blank">clicking here</a>
Source=Paul Collins Startup list

[NeroLoader]
Number=7067
Confirmed=X
Filename=NeroLoader.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanej.html" target=_blank>BANCBAN-EJ</a> TROJAN!
Source=Paul Collins Startup list

[NeroNETTrayIcon]
Number=7068
Confirmed=N
Filename=NNServiceCtrl.exe
Description=System tray access to <a href="http://www.nero.com/us/631898255953125.html" target="_blank">NeroNET</a> - Ahead Software's network-capable extension of their CD/DVD burning program. NeroNET allows a burner to be shared across a network
Source=Paul Collins Startup list

[NeroUpdater6.8]
Number=7069
Confirmed=X
Filename=winjava.exe
Description=Added by the <a href="http://www.trendmicro.co.jp/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AMK" target=_blank>AGOBOT.AMK</a> WORM!
Source=Paul Collins Startup list

[Net]
Number=7070
Confirmed=X
Filename=WINREG.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-123011-0304-99" target="_blank">ASSASIN.D</a> TROJAN!
Source=Paul Collins Startup list

[Net Accelerator]
Number=7071
Confirmed=U
Filename=NetAccelerator.exe
Description=<a href="http://www.rizalsoftware.com/" target="_blank">Rizal</a> NetAccelerator - "Optimizing Dial-Up, Lan, Cable, DSL, and Satellite connections do you want to speed up your Internet access up to 200% - 300% ???". Only required if you find it helps improve your performance
Source=Paul Collins Startup list

[Net Activity Diagram]
Number=7072
Confirmed=U
Filename=nad.exe
Description=<a href="http://www.metaproducts.com/mp/mpProducts_Detail.asp?id=20" target="_blank">Net Activity Diagram</a> from MetaProducts. Monitors your computer internet activity. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[NET Bios Stats]
Number=7073
Confirmed=X
Filename=ntbstats.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzx.html" target=_blank>SDBOT-ZX</a> WORM!
Source=Paul Collins Startup list

[NET DEMON]
Number=7074
Confirmed=X
Filename=ndemon.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotla.html" target="_blank">AGOBOT-LA</a> WORM!
Source=Paul Collins Startup list

[Net iD]
Number=7075
Confirmed=U
Filename=iid.exe
Description="With the <a href="http://www.netmaker-cg.com/" target="_blank">Net_iD</a> program,  you can easily and securely logon with a smart card into a domain, a virtual private network (VPN) or in Citrix and Terminal Server environments"
Source=Paul Collins Startup list

[Net**.exe [* = random char]]
Number=7076
Confirmed=X
Filename=Net**.exe [* = random char]
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
Source=Paul Collins Startup list

[Net**32.exe [* = random char]]
Number=7077
Confirmed=X
Filename=Net**32.exe [* = random char]
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
Source=Paul Collins Startup list

[Net-It Launcher]
Number=7078
Confirmed=N
Filename=NILaunch.exe
Description=<a href="http://www.net-it.com/" target="_blank">Net-It</a> - web publishing software
Source=Paul Collins Startup list

[NetAccelerator]
Number=7079
Confirmed=U
Filename=NetAccel.exe
Description=<a href="http://www.netaccelerator.net/" target="_blank">NetAccelerator</a> is a &quot;software utility that optimizes your internet access up to 1200% faster!. NetAccelerator speeds all modems allowing you to download faster, browse faster, surf faster!. Only required if you find it helps improve your performance
Source=Paul Collins Startup list

[NetAdm7]
Number=7080
Confirmed=X
Filename=NETADM7.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031617-3734-99" target="_blank">BANCOS.F</a> TROJAN!
Source=Paul Collins Startup list

[Netapi]
Number=7081
Confirmed=X
Filename=Netapi.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_NETDEVIL.14" target="_blank">NETDEVIL.14</a> TROJAN!
Source=Paul Collins Startup list

[netapi32]
Number=7082
Confirmed=X
Filename=netapi32.exe
Description=Added by an unidentified TROJAN!
Source=Paul Collins Startup list

[NetApp]
Number=7083
Confirmed=X
Filename=winserv.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SHADOWTHIEF" target="_blank">SHADOWTHIEF</a> TROJAN!
Source=Paul Collins Startup list

[Netbeans]
Number=7084
Confirmed=X
Filename=netbeans.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotr.html" target="_blank">DELBOT-R</a> WORM!
Source=Paul Collins Startup list

[Netbios Helper]
Number=7085
Confirmed=X
Filename=nbthlp.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_134470.htm" target=_blank>BANKER.Y</a> TROJAN!
Source=Paul Collins Startup list

[NetBiosSrvc]
Number=7086
Confirmed=X
Filename=HPSrvPrt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotcol.html" target="_blank">SDBOT-COL</a> WORM!
Source=Paul Collins Startup list

[netconfig]
Number=7087
Confirmed=X
Filename=netconfig.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=4090" target="_blank">NETWARE</a> TROJAN!
Source=Paul Collins Startup list

[NetCruiser Dialer]
Number=7088
Confirmed=U
Filename=NCDialer.exe
Description=<a href="http://www.netcruiser-software.com/products.html" target="_blank">NetCruiser Dialer</a> from NetCruiser Software. &quot;An Internet dialer and connection monitor with features to launch applications when a connection is detected, dial and hangup at predefined times and automatic redialing of dropped connections&quot;
Source=Paul Collins Startup list

[netdaemon]
Number=7089
Confirmed=X
Filename=netdaemon /v
Description=Malware designed to "kill" a number of antispyware applications (SpyBot, Giant, SpyDoctor, SpySweeper, SpyHunter, Anvir, WinPatrol, and more)
Source=Paul Collins Startup list

[netdll32]
Number=7090
Confirmed=X
Filename=netdll32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list

[netdllex]
Number=7091
Confirmed=X
Filename=netdllex.Exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list

[NetDy]
Number=7092
Confirmed=X
Filename=VisualGuard.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031613-2027-99" target="_blank">NETSKY.N</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-041612-2421-99" target="_blank">NETSKY.W</a> WORMS!
Source=Paul Collins Startup list

[NETFP32.EXE]
Number=7093
Confirmed=X
Filename=NETFP32.EXE
Description=Added by the AGENT.CD TROJAN!
Source=Paul Collins Startup list

[netfxupdate]
Number=7094
Confirmed=?
Filename=netfxupdate.exe
Description=<font color="#FF0000">Would appear to be a valid Microsoft .NET file (see <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;827801" target="_blank">here</a>) but other sources suggest it could be a trojan</font>
Source=Paul Collins Startup list

[NetFxUpdate_v1.0.3705]
Number=7095
Confirmed=?
Filename=netfxupdate.exe
Description=<font color="#FF0000">Would appear to be a valid Microsoft .NET file (see <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;827801" target="_blank">here</a>) but other sources suggest it could be a trojan</font>
Source=Paul Collins Startup list

[NETGEAR WG111T Smart Wizard]
Number=7096
Confirmed=U
Filename=wlan111t.exe
Description=Configuration utility for the Netgear <a href="http://www.netgear.com/Products/Adapters/SuperGWirelessAdapters/WG111T.aspx" target="_blank">WG111T</a> multi-rate Wireless USB 2.0 Adapter that "provides wireless access to your desktop or notebook PC through the computer's USB port"
Source=Paul Collins Startup list

[NetGuard]
Number=7097
Confirmed=U
Filename=NetGuard.exe
Description=FBM Software ZeroSpyware 2004 spyware detector and remover - real time monitor
Source=Paul Collins Startup list

[nethost.exe]
Number=7098
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojperdaj.html" target=_blank>PERDA-J</a> TROJAN!
Source=Paul Collins Startup list

[Netlimiter]
Number=7099
Confirmed=U
Filename=Netlimiter.exe
Description=<a href="http://www.netlimiter.com/" target="_blank">Netlimiter</a> - "An internet traffic control tool to monitor applications which access the internet and actively control their internet traffic. Use it o set (download/upload) speed limits for applications or even single connection. NetLimiter also allows you to share your internet connection bandwidth among all applications running on your PC."
Source=Paul Collins Startup list

[Netline User]
Number=7100
Confirmed=N
Filename=netchk.exe
Description=Netline supplies internet related products and services and this program identifies user ID and IP information. Found installed along with the Falcon 4 game, for example
Source=Paul Collins Startup list

[NetLink]
Number=7101
Confirmed=X
Filename=netlink32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040712-2418-99" target="_blank">GAOBOT.WO</a> WORM!
Source=Paul Collins Startup list

[NetLogon]
Number=7102
Confirmed=X
Filename=userint.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotbc.html" target=_blank>SDBOT-BC</a> WORM!
Source=Paul Collins Startup list

[NetManageImport]
Number=7103
Confirmed=U
Filename=nmcpdata.exe
Description=<a href="http://www.netmanage.com/products/" target="_blank">NetManage</a> business software related
Source=Paul Collins Startup list

[NetManagerService]
Number=7104
Confirmed=X
Filename=ntss.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_BESTPICS.A" target="_blank">BESTPICS.A</a> TROJAN!
Source=Paul Collins Startup list

[NetMeter]
Number=7105
Confirmed=X
Filename=NetMeter.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=NetRatings%20Premeter&threatid=8994" target=_blank>NetRatings Premeter</a> spyware

Source=Paul Collins Startup list

[NetMeter]
Number=7106
Confirmed=X
Filename=NielsenOnline.exe
Description=Appears to have possible Malware functions, for more information see <a href="http://www.file.net/process/nielsenonline.exe.html" target=_blank>here</a>
Source=Paul Collins Startup list

[NetMon]
Number=7107
Confirmed=X
Filename=netmon.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120314-2603-99" target="_blank">MIMAIL.M</a> WORM!
Source=Paul Collins Startup list

[Netmonw]
Number=7108
Confirmed=X
Filename=Netmonw.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorfx.html" target=_blank>BDOOR-FX</a> TROJAN!
Source=Paul Collins Startup list

[netmsg]
Number=7109
Confirmed=U
Filename=netmsg.exe
Description=<a href="http://users.pandora.be/Grrrippp/" target=_blank>Net_Message</a> is a small tool to send messages across the network, using the Windows Messenger Service, so there is no client install required to receive the messages. It has a number of other features as well

Source=Paul Collins Startup list

[NetPatrol]
Number=7110
Confirmed=U
Filename=winclient.exe
Description=<a href="http://www.digitalweb.com.br/netpatrol/" target="_blank">NetPatrol</a> network monitoring software
Source=Paul Collins Startup list

[netpc32.exe]
Number=7111
Confirmed=X
Filename=netpc32.exe
Description=Malware, probably a <a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list

[NetPerSec]
Number=7112
Confirmed=N
Filename=NetPerSec.exe
Description=<a href="http://www.pcmag.com/article2/0,4149,1735,00.asp" target="_blank">NetPerSec</a> - measures the real-time speed of your Internet connection
Source=Paul Collins Startup list

[NetPumper]
Number=7113
Confirmed=N
Filename=NetPumperIEProxy.exe
Description=<a href="http://www.netpumper.com/" target=_blank>NetPumper</a> download manager - bundles Cydoor and SaveNow adware, see <a href="http://www.kephyr.com/spywarescanner/library/netpumper/index.phtml" target=_blank>here</a>
Source=Paul Collins Startup list

[NetReach]
Number=7114
Confirmed=X
Filename=nrcheck.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[Netropa Internet Receiver]
Number=7115
Confirmed=X
Filename=Netropa.exe
Description=Netropa Internet Receiver. Shows a scrolling bar with the news. Major resource hog and flagged as spyware
Source=Paul Collins Startup list

[NetRun]
Number=7116
Confirmed=U
Filename=NetRun.exe
Description=<a href="http://www.czarsoft.shorturl.com/" target="_blank">NetRun</a> - will 'RUN' a 'List' of programs only when a internet connection is detected, and close/kill the same 'List' when the connection is lost
Source=Paul Collins Startup list

[Netscape Messenger]
Number=7117
Confirmed=N
Filename=NETSCAPE.EXE
Description=In Netscape 6 (I know for sure with 6.2.1, maybe with 6.0) Netscape.exe is the main executable file for Netscape Navigator, Netscape Mail and News, and Netscape Messenger (the new name for the embedded AIM, no doubt to make it sound like Windows Messenger, the XP version of MSN Messenger). Basically, netscape.exe can be more than just Netscape Messenger, and Messenger can be more then just AIM in disguise, depending on the version of Netscape installed
Source=Paul Collins Startup list

[Netscp6]
Number=7118
Confirmed=N
Filename=Netscp6.exe
Description=Netscape 6
Source=Paul Collins Startup list

[NetScreen-Remote]
Number=7119
Confirmed=U
Filename=SafeCfg.exe
Description=<a href="http://www.nscreensales.com/products/nsremote.php" target=_blank>NetScreen Remote</a> VPN client software
Source=Paul Collins Startup list

[NetService]
Number=7120
Confirmed=X
Filename=ntsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassdu.html" target=_blank>QQPASS-DU</a> TROJAN!
Source=Paul Collins Startup list

[netservices]
Number=7121
Confirmed=X
Filename=recall.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[netservices]
Number=7122
Confirmed=X
Filename=svchostn.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.GI" target="_blank">SDBOT.GI</a> WORM!
Source=Paul Collins Startup list

[NETServices]
Number=7123
Confirmed=X
Filename=csxrs.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[NetShow Powerpoint Helper]
Number=7124
Confirmed=U
Filename=NSPPTHLP.EXE
Description=If disabled, user created fonts can no longer be seen by other programs
Source=Paul Collins Startup list

[NetStart]
Number=7125
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mkara.html" target=_blank>MKAR-A</a> VIRUS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a NETSTART subfolder
Source=Paul Collins Startup list

[NetStat Live]
Number=7126
Confirmed=N
Filename=Nsl.exe
Description=AnalogX <a href="http://www.analogx.com/contents/download/network/nsl.htm" target="_blank">NetStat Live</a> - TCP/IP protocol monitor which can be used to see your exact throughput on both incoming and outgoing data
Source=Paul Collins Startup list

[netsv32]
Number=7127
Confirmed=X
Filename=netsv32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpx.html" target="_blank">SDBOT-PX</a> WORM!
Source=Paul Collins Startup list

[NettGain2000]
Number=7128
Confirmed=Y
Filename=WgwMngr.exe
Description=Part of Flash-Networks NettGain2000 product. NettGain 2000 is a combined hardware/software networking solution, which is designed to improve performance of satellite networks by increasing data transmission speeds and maximizing the existing bandwidth for complete utilization when sending TCP/IP applications over a satellite. It is needed when connecting to the internet via satellite to provide speed faster than 60k or so
Source=Paul Collins Startup list

[NettGain2000 Verifier]
Number=7129
Confirmed=Y
Filename=NettGain2000 Verifier.exe
Description=Part of the Starband satellite client that attempts to optimize your satellite connection to increase speed
Source=Paul Collins Startup list

[NetTime]
Number=7130
Confirmed=U
Filename=NETTIME.EXE
Description=From a visitor - &quot;This is the executable for NetTime. It is started from the registry when you check the box to start at startup. NetTime allows you to synchronize your computers' clock with a server on your local net or the internet using any of several protocols, e.g. NTP.&quot;
Source=Paul Collins Startup list

[NetTurbo]
Number=7131
Confirmed=U
Filename=netturbo.exe
Description=<a href="http://www.netturbo.com/" target="_blank">NetTurbo</a> from SharewareOnline.com. &quot;Accelerate Your Internet Connections by up to 600%&quot;. If you find it helps your connectivity leave it enabled
Source=Paul Collins Startup list

[Netunit32]
Number=7132
Confirmed=X
Filename=wunit32.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[NETVISIONAdulti]
Number=7133
Confirmed=X
Filename=[random filename]
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-121917-5031-99" target="_blank">Trafficadvance</a> dialer
Source=Paul Collins Startup list

[NETVISIONPasse-partout]
Number=7134
Confirmed=X
Filename=Passe-partout.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/dialdialcarm.html" target=_blank>DIALCAR-M</a> DIALER!
Source=Paul Collins Startup list

[NetWatch32]
Number=7135
Confirmed=X
Filename=netwatch.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-103114-2352-99" target="_blank">MIMAIL.C</a> WORM!
Source=Paul Collins Startup list

[Netword Agent]
Number=7136
Confirmed=N
Filename=nwant33.exe
Description=An interesting browser utility that allows you to navigate by typing a single word or phrase (a &quot;NetWord&quot;) related to what you're looking for into your browser's location field. It also puts an icon in the system tray icon that is a circle with the letter N in the center to access the menu faster. Available via Start -> Programs
Source=Paul Collins Startup list

[NetWork]
Number=7137
Confirmed=X
Filename=csrs.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.JJ" target="_blank">AGOBOT.JJ</a> WORM!
Source=Paul Collins Startup list

[Network Access]
Number=7138
Confirmed=X
Filename=winssh.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Network Administration]
Number=7139
Confirmed=X
Filename=NAS.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082907-5935-99" target="_blank">ANTILAM.20.Q</a> TROJAN!
Source=Paul Collins Startup list

[Network Administration Service]
Number=7140
Confirmed=X
Filename=rsvc32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ABH" target=_blank>RBOT.ABH</a> WORM!
Source=Paul Collins Startup list

[Network Associates Error Reporting Service]
Number=7141
Confirmed=U
Filename=TBMon.exe
Description=Network Associates Error Reporting Tool - tool traps errors and requests submission to NAI for the purpose of betatesting new software
Source=Paul Collins Startup list

[Network Connections]
Number=7142
Confirmed=X
Filename=internat.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbzd.html" target=_blank>ZD</a> TROJAN!
Source=Paul Collins Startup list

[network device driver]
Number=7143
Confirmed=X
Filename=msfirewall.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelflb.html" target=_blank>DELF-LB</a> TROJAN!
Source=Paul Collins Startup list

[NetWork Device Switch]
Number=7144
Confirmed=U
Filename=NetDevSW.exe
Description=Toshiba laptops with built-in Wi-Fi. Allows switching between Wi-Fi and internal ethernet. Only necessary if you have regular need to switch back and forward between these network interfaces. Located in Startup folder so make own shortcut to it and disable if not really necessary
Source=Paul Collins Startup list

[Network Host Controller]
Number=7145
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112612-2255-99" target="_blank">WHISPER</a> TROJAN!
Source=Paul Collins Startup list

[Network Host Service]
Number=7146
Confirmed=X
Filename=msmnart32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotcjv.html" target=_blank>RBOT-CJV</a> WORM!
Source=Paul Collins Startup list

[Network Host Service]
Number=7147
Confirmed=X
Filename=[random]32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbab.html" target=_blank>RBOT-BAB</a> WORM!
Source=Paul Collins Startup list

[Network Protocol Service]
Number=7148
Confirmed=X
Filename=wuamgrd.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.EA" target="_blank">RBOT.EA</a> WORM!
Source=Paul Collins Startup list

[Network protocol service]
Number=7149
Confirmed=X
Filename=wintcp.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!

Source=Paul Collins Startup list

[Network Security]
Number=7150
Confirmed=X
Filename=secsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotalx.html" target=_blank>RBOT-ALX</a> WORM!
Source=Paul Collins Startup list

[Network Security Guard]
Number=7151
Confirmed=X
Filename=**********.exe [* = random char]
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list

[Network Security Guard]
Number=7152
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcolema.html" target=_blank>COLEM-A</a> TROJAN!
Source=Paul Collins Startup list

[Network Service]
Number=7153
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpacc.html" target=_blank>STARTPA-CC</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[Network Service]
Number=7154
Confirmed=X
Filename=svhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojhacdefk.html" target=_blank>HACDEF-K</a> TROJAN!
Source=Paul Collins Startup list

[Network Service]
Number=7155
Confirmed=X
Filename=MccTrayApp.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Network Service Manager]
Number=7156
Confirmed=X
Filename=netsvc.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target="_blank">AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list

[Network Service Manager]
Number=7157
Confirmed=X
Filename=netsvc.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>GAOBOT/AGOBOT</a> WORM!
Source=Paul Collins Startup list

[NetworkAssociates Inc]
Number=7158
Confirmed=X
Filename=internet.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list

[NetworkClient]
Number=7159
Confirmed=X
Filename=NetworkClient.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082106-5659-99" target="_blank">LEMUR</a> WORM!
Source=Paul Collins Startup list

[NetworkKey]
Number=7160
Confirmed=X
Filename=netkey.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotaj.html" target=_blank>IRCBOT-AJ</a> TROJAN!
Source=Paul Collins Startup list

[Networks Configurator]
Number=7161
Confirmed=X
Filename=NetConfs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotox.html" target=_blank>RBOT-OX</a> WORM!

Source=Paul Collins Startup list

[Networks Controler]
Number=7162
Confirmed=X
Filename=Netsis.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotng.html" target=_blank>RBOT-NG</a> WORM!

Source=Paul Collins Startup list

[NetworkSetup]
Number=7163
Confirmed=N
Filename=dlink.exe
Description=<a href="http://www.dlink.com/" target="_blank">D-Link</a> System Tray icon
Source=Paul Collins Startup list

[Netzip Smart Downloader]
Number=7164
Confirmed=X
Filename=npnzdad.exe
Description=Advertising spyware
Source=Paul Collins Startup list

[NetZIPFolders]
Number=7165
Confirmed=N
Filename=nzfprop.exe
Description=<a href="http://www.netzip.com/products/info_netzip_win.html?src=site,netzip,plugin,nzc" target="_blank">Netzip Classic</a> zip file manager
Source=Paul Collins Startup list

[NeuroMedia(IESpeaker)]
Number=7166
Confirmed=X
Filename=NeuroMedia.exe
Description=Part of an older freeware version of <a href="http://www.neurospeech.com/Products/IESpeaker.aspx" target="_blank"> IESpeaker</a> - a program that allows you to listen to web pages. NeuroMedia.exe only downloads advertisments. Not included in the paid-for version currently available
Source=Paul Collins Startup list

[NeuroSpeech OESpeaker]
Number=7167
Confirmed=N
Filename=OEMonitor.exe
Description=Part of <a href="http://www.neurospeech.com/Products/IESpeaker.aspx" target="_blank">OESpeaker</a> - a program that allows you to listen to long E-mails instead of reading them in Outlook Express. OEMonitor.exe checks whether OE is open or not
Source=Paul Collins Startup list

[New Csnm Manager]
Number=7168
Confirmed=X
Filename=csmn.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BZS&VSect=P" target=_blank>SDBOT.BZS</a> WORM!
Source=Paul Collins Startup list

[New.net]
Number=7169
Confirmed=X
Filename=rundll32.exe NewDotNetStartup Newdot~2.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=NewDotNet&threatid=9108" target="_blank">NewDotNet</a> foistware
Source=Paul Collins Startup list

[New.net Startup]
Number=7170
Confirmed=X
Filename=rundll32 [path], NewDotNetStartup -s
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=NewDotNet&threatid=9108" target="_blank">NewDotNet</a> foistware
Source=Paul Collins Startup list

[NEWDOT~1]
Number=7171
Confirmed=X
Filename=rundll32.exe NewDotNetStartup Newdot~2.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=NewDotNet&threatid=9108" target="_blank">NewDotNet</a> foistware
Source=Paul Collins Startup list

[Newman]
Number=7172
Confirmed=X
Filename=playavi.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineageat.html" target=_blank>LINEAGE-AT</a> TROJAN! Note - This trojan file is found in the Windows\java or Winnt\java folder
Source=Paul Collins Startup list

[newname]
Number=7173
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdrsmartls.html" target=_blank>DRSMARTL-S</a> TROJAN!

Source=Paul Collins Startup list

[News Service]
Number=7174
Confirmed=?
Filename=ispnews.exe
Description=<a href="http://www.f-secure.com/" target="_blank">F-Secure</a> antivirus related. <font color="#FF0000" target="_blank">However, is this particular item required?</font>
Source=Paul Collins Startup list

[Newsalrt]
Number=7175
Confirmed=N
Filename=NEWSALRT.EXE
Description=MSNBC News system tray utility to alert you to new news
Source=Paul Collins Startup list

[Newsgroup lptt01]
Number=7176
Confirmed=X
Filename=newsgroup.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "newsgroup" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[Newsgroup ml097e]
Number=7177
Confirmed=X
Filename=newsgroup.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "newsgroup" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[NewsUpd]
Number=7178
Confirmed=N
Filename=newsupd.exe
Description=For Creative Soundblaster Live! series soundcards. System tray application for News updates. Available via Start -> Programs. Also spyware - see <a href="http://cexx.org/newsupd.htm" target="_blank">here</a>.
Source=Paul Collins Startup list

[NewtonKnowsUpd]
Number=7179
Confirmed=X
Filename=NewtKnow.exe ...NewtnUpd.dll, runkey
Description=<a href="http://allentech.net/parasite/NewtonKnows.html" target="_blank">NewtonKnows</a> hijacker

Source=Paul Collins Startup list

[NexusServer]
Number=7180
Confirmed=U
Filename=PNXSERVR.exe
Description=Related to <a href="http://www.canopus.com/" target=_blank>ProCoder 2.0</a> from Canopus. "ProCoder 2.0 software combines speed and flexibility into a streamlined video conversion tool for professionals. Featuring, extensive input/output options, advanced filtering, batch processing and an easy-to-use interface, ProCoder 2.0 is the ideal solution for high-quality multi-format video creation"

Source=Paul Collins Startup list

[NFM Service]
Number=7181
Confirmed=U
Filename=NPDOR9x.exe
Description=Appears in startup if you have chosen to participate in on survey by <a href="http://www.npdor.com/" target="_blank"> NPD Online Research</a>. Required for the survey to work correctly. Otherwise not required
Source=Paul Collins Startup list

[Nfo]
Number=7182
Confirmed=X
Filename=nfomon.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076775" target="_blank">Delfin Media Viewer</a> adware related
Source=Paul Collins Startup list

[nForce Tray Options]
Number=7183
Confirmed=N
Filename=sstray.exe
Description=nVidia nForce Taskbar Utility - quick access to the nForce2 &quot;Sound Storm&quot; control panel and related utilitys
Source=Paul Collins Startup list

[NGClient]
Number=7184
Confirmed=U
Filename=ngctw32.exe
Description=Symantec Ghost Server software - needed for a "a Ghost multicast" (transfer images to multiple machines). Can be launched manually
Source=Paul Collins Startup list

[ngpw36]
Number=7185
Confirmed=X
Filename=ngpw36.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051216-4630-99" target=_blank>AdBlaster</a> adware variant
Source=Paul Collins Startup list

[NGServer]
Number=7186
Confirmed=N
Filename=ngserver.exe
Description=Symantec/Norton Ghost Console service
Source=Paul Collins Startup list

[NI.UERSM_0001_N68M1602]
Number=7187
Confirmed=N
Filename=UERSM_0001_N68M1602NetInstaller.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-012017-0346-99" target="_blank">ErrorSafe</a> security risk that may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported threats
Source=Paul Collins Startup list

[NI.UWA6P_0001_N56M1001]
Number=7188
Confirmed=X
Filename=WinAntiVirusPro2006Installer.exe
Description=WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see <a href="http://www.superadblocker.com/definition/winantiviruspro2006installer/" target="_blank">here</a>
Source=Paul Collins Startup list

[NI.UWA6P_0001_N69M0303]
Number=7189
Confirmed=U
Filename=WinAntiVirusPro2006Installer[1].exe
Description=WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see <a href="http://www.superadblocker.com/definition/winantiviruspro2006installer/" target="_blank">here</a>
Source=Paul Collins Startup list

[NI.UWA6P_0001_N73M1004]
Number=7190
Confirmed=N
Filename=WinAntiVirusPro2006FreeInstall.exe
Description=WinAntiVirus Pro 2006 virus software - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[NI.UWA6P_0001_N91M1807]
Number=7191
Confirmed=N
Filename=winantiviruspro2006freeinstall[1].exe
Description=WinAntiVirus Pro 2006 virus software - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[NI.UWA7P_0001_N91M0809]
Number=7192
Confirmed=N
Filename=winantiviruspro2007freeinstall[1].exe
Description=WinAntiVirus Pro 2007 virus software - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[NI.UWAS6_0001_N68M2301]
Number=7193
Confirmed=X
Filename=UWAS6_0001_N68M2301NetInstaller.exe
Description=WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see <a href="http://www.superadblocker.com/1/196_150_NI.EXE-5442.html" target=_blank>here</a>

Source=Paul Collins Startup list

[NI.UWFX5]
Number=7194
Confirmed=X
Filename=UWFX5NetInstaller.exe
Description=WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see <a href="http://www.superadblocker.com/definition/uwfx5netinstaller/" target=_blank>here</a>

Source=Paul Collins Startup list

[NI.UWFX5T]
Number=7195
Confirmed=X
Filename=UWFX5TNetInstaller.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdownldrbo.html" target=_blank>DOWNLDR-BO</a> TROJAN!
Source=Paul Collins Startup list

[NI.UWFX5[various]]
Number=7196
Confirmed=X
Filename=[various filenames]
Description=WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see <a href="http://www.superadblocker.com/1/196_150_NI.EXE-5442.html" target=_blank>here</a>. Example filenames are UWFX5LP_0001_0802NetInstaller.exe, UWFX5V_0001_0802NetInstaller.exe, UWFX5_0001_N66M1101NETINSTALLER.EXE, 1D7C.tmp, WinFixerScannerInstall[1].exe

Source=Paul Collins Startup list

[NiceDownloads]
Number=7197
Confirmed=X
Filename=rundll32.exe MSA64CHK.dll, DllMostrar
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MatrixDialer&threatid=14914" target=_blank>MatrixDialer</a> related
Source=Paul Collins Startup list

[Nielsen NetRatings]
Number=7198
Confirmed=X
Filename=insight.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=NetRatings%20Premeter&threatid=8994" target=_blank>NetRatings Premeter</a> spyware
Source=Paul Collins Startup list

[NIHomeAM]
Number=7199
Confirmed=U
Filename=LiteClientAM.exe
Description=A managed web based internet security service that provides comprehensive & total protection for laptops/desktops - regardless of how, when or where they connect to the Internet. Made by <a href="http://www.netintelligence.com/" target=_blank>Netintelligence Ltd</a>
Source=Paul Collins Startup list

[nikLaus]
Number=7200
Confirmed=X
Filename=nikLaus.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080616-0728-99" target="_blank">NIKLAS</a> WORM!
Source=Paul Collins Startup list

[NInit]
Number=7201
Confirmed=N
Filename=NInit.exe
Description=Norton Uninstall Deluxe. Monitors programs being installed and logs them for removing later. Available via Start -&gt; Programs for manual logging - not required
Source=Paul Collins Startup list

[nisserv]
Number=7202
Confirmed=Y
Filename=NISSERV.EXE
Description=Norton Personal Firewall
Source=Paul Collins Startup list

[Nisum]
Number=7203
Confirmed=Y
Filename=NISUM.EXE
Description=Norton Personal Firewall
Source=Paul Collins Startup list

[niSvcLoc]
Number=7204
Confirmed=U
Filename=niSvcLoc.exe
Description=Related to National Instruments Corp. <a href="http://www.ni.com/labview/" target=_blank>LabView</a>
Source=Paul Collins Startup list

[NJG40]
Number=7205
Confirmed=X
Filename=NJG40.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-122215-5815-99" target="_blank">BANCOS.D</a> TROJAN!
Source=Paul Collins Startup list

[NkbMonitor]
Number=7206
Confirmed=N
Filename=NkbMonitor.exe
Description=Part of <a href="http://www.nikonimaging.com/global/products/software/pictureproject/index.htm" target=blank>Nikon PictureProject</a> - image management for Nikon digital cameras
Source=Paul Collins Startup list

[NkvMon.exe]
Number=7207
Confirmed=N
Filename=NkvMon.exe
Description=Nikon View 5 - for transferring pictures from Nikon digital cameras
Source=Paul Collins Startup list

[NkVwMon.exe]
Number=7208
Confirmed=N
Filename=NkVwMon.exe
Description=Nikon View - for transferring pictures from Nikon digital cameras
Source=Paul Collins Startup list

[NliaClient]
Number=7209
Confirmed=U
Filename=Netpia.exe
Description=Netpia <a href="http://e.netpia.com/service/service01_02_01.asp" target="_blank">NLIA System</a> - "In the existing Internet address system, the Domain Name System (DNS) layer runs on the IP address layer. In the NLIA system, however, the upper layer is implemented on DNS"
Source=Paul Collins Startup list

[NLS Keyboard]
Number=7210
Confirmed=X
Filename=keyboard.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[NLS Monitor]
Number=7211
Confirmed=X
Filename=nlsmon.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxj.html" target=_blank>RBOT-AXJ</a> WORM!
Source=Paul Collins Startup list

[nmapp]
Number=7212
Confirmed=U
Filename=nmapp.exe
Description=Pure Networks "<a href="http://www.networkmagic.com/" target="_blank">Network Magic</a> eliminates common frustrations and saves time by simplifying and automating set up, management and repair of home networks, and makes printer and file sharing effortless"
Source=Paul Collins Startup list

[NMBgMonitor]
Number=7213
Confirmed=U
Filename=NMBgMonitor.exe
Description=Associated with <a href="http://www.nero.com/nero7/eng/Nero_Scout.html" target="_blank">Nero Scout</a>, added by version 7 of the Nero digital media suite (CD & DVD burning, authoring, etc). Thanks to Help2Go.com, if you feel this is draining more resources that necessary you can disable it by <a href="http://www.help2go.com/Tutorials/Software_Utilities/Disable_Nero_Scout_in_Nero_7.html" target="_blank">clicking here</a>
Source=Paul Collins Startup list

[NMFirstStart]
Number=7214
Confirmed=U
Filename=NMFirstStart.exe
Description=Associated with <a href="http://www.nero.com/nero7/eng/Nero_Scout.html" target="_blank">Nero Scout</a>, added by version 7 of the Nero digital media suite (CD & DVD burning, authoring, etc). Thanks to Help2Go.com, if you feel this is draining more resources that necessary you can disable it by <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=58686" target="_blank">clicking here</a>
Source=Paul Collins Startup list

[nmgr]
Number=7215
Confirmed=X
Filename=nnmgr.exe
Description=Added by the <a href="http://www.sarc.com/avcenter/venc/data/adware.fftoolbar.html" target=_blank>Adware.FFToolBar</a> adware toolbar
Source=Paul Collins Startup list

[NMSSvc]
Number=7216
Confirmed=?
Filename=NMSSVC.EXE
Description=NIC Management Service - diagnostics program for Intel Pro family network cards
Source=Paul Collins Startup list

[NMSVC]
Number=7217
Confirmed=Y
Filename=nmSvc.exe
Description=<a href="http://www.covenanteyes.com/help_and_support/category/?c=20" target="_blank">Covenant Eyes</a> - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it. Disabling it means loss of internet connection until renabled - therefore required if you use it
Source=Paul Collins Startup list

[nMTaskBarService]
Number=7218
Confirmed=?
Filename=nMtsk.exe
Description=Taskbar control for ISDN <a href="http://netmod.intracom.gr/" target=_blank>NetMod</a> modem. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[NNLL]
Number=7219
Confirmed=U
Filename=nnll.exe
Description=<a href="http://www.netnanny.com/p/page?sb=product" target=_blank>Net Nanny</a> internet filter

Source=Paul Collins Startup list

[nnqcouu]
Number=7220
Confirmed=X
Filename=nnqcouu.exe
Description=<a href="http://www.geekstogo.com/forum/The_ABI_Network-t42642.html" target="_blank">The Abi Network</a> adware
Source=Paul Collins Startup list

[NNSvc]
Number=7221
Confirmed=U
Filename=nnsvc.exe
Description=<a href="http://www.netnanny.com/p/page?sb=product" target="_blank">Net Nanny</a> internet filter
Source=Paul Collins Startup list

[No Credit Card]
Number=7222
Confirmed=X
Filename=plugin-[random].exe
Description=Adult content pop-up dialler
Source=Paul Collins Startup list

[No-IP DUC]
Number=7223
Confirmed=U
Filename=DUC20.exe
Description=Part of <a href="http://www.no-ip.com" target="_blank">http://www.no-ip.com</a>&nbsp;provided service. Keeps No-IP's dynamic nameserver (DNS) updated if and when your computer's (network's) dynamic IP-address changes so that you can run servers on computers with dynamic IP. Shortcut available
Source=Paul Collins Startup list

[NoAds]
Number=7224
Confirmed=U
Filename=NoAds.exe
Description=Blocks advertisement banners in Internet Explorer
Source=Paul Collins Startup list

[NoAdware]
Number=7225
Confirmed=U
Filename=NoAdware.exe
Description=NoAdware - spyware remover. This version is not recommended - see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#naw_note" target=_blank>here</a>
Source=Paul Collins Startup list

[NoAdware3]
Number=7226
Confirmed=U
Filename=NoAdware3.exe
Description=NoAdware - spyware remover. Initially not recommended due to false positives and aggressive advertising but the later versions have since improved - see  <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#naw_note" target=_blank>here</a>
Source=Paul Collins Startup list

[NoAdware4]
Number=7227
Confirmed=U
Filename=NoAdware4.exe
Description=NoAdware - spyware remover. Initially not recommended due to false positives and aggressive advertising but the later versions have since improved - see  <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#naw_note" target=_blank>here</a>
Source=Paul Collins Startup list

[Nocana]
Number=7228
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32anaconb.html" target=_blank>ANACON-B</a> WORM!
Source=Paul Collins Startup list

[NOD32 FiX]
Number=7229
Confirmed=X
Filename=regedt32.exe
Description=<a href="http://www.sophos.com/virusinfo/analyses/nodfix.html" target="_blank">NodFix</a> is a is a potentially unwanted application. This application is given an (X) status because we does not and will not support Cracks or Warez. Do not delete the regedt32.exe as it is the legitimate Windows application. NodFix interferes with the default settings of the NOD32 AV application allowing to bypass its free using period as well as changes the default update server to that eval signatures thus allowing to update NOD32 without password. Note - to avoid interfering with the NOD32 application original settings no full cleanup can be provided
Source=Paul Collins Startup list

[Nod32 Free antivirus]
Number=7230
Confirmed=X
Filename=nod32krn.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaao.html" target="_blank">RBOT-AAO</a> WORM! Note - not the popular free <a href="http://www.eset.com/products/index.php" target="_blank">NOD32</a> antivirus software, which shares the same filename
Source=Paul Collins Startup list

[Nod32 Service]
Number=7231
Confirmed=X
Filename=nod64.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Nod32 Service]
Number=7232
Confirmed=X
Filename=alserv32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.DHN" target="_blank">RBOT.DHN</a> WORM!
Source=Paul Collins Startup list

[Nod32CC]
Number=7233
Confirmed=U
Filename=nod32cc.exe
Description=Control Center part of Eset's <a href="http://www.eset.com/products/index.php" target="_blank">NOD32</a> virus-scanner. Leave this enabled if you want to update your virus data files via the click of a button
Source=Paul Collins Startup list

[NOD32kernel]
Number=7234
Confirmed=Y
Filename=Nod32krn.exe
Description=<a href="http://www.eset.com/products/index.php" target="_blank">NOD32</a> antivirus
Source=Paul Collins Startup list

[nod32kui]
Number=7235
Confirmed=Y
Filename=nod32kui.exe
Description=<a href="http://www.eset.com/products/index.php" target="_blank">NOD32</a> antivirus
Source=Paul Collins Startup list

[NOD32POP3]
Number=7236
Confirmed=Y
Filename=Pop3scan.exe
Description=POP3 E-mail part of Eset's <a href="http://www.eset.com/products/index.php" target="_blank">NOD32</a> virus-scanner
Source=Paul Collins Startup list

[Nod3d2 Free antivirus]
Number=7237
Confirmed=X
Filename=N0D32KRN.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabq.html" target= blank>RBOT-ABQ</a> WORM!
Source=Paul Collins Startup list

[NodeMnger]
Number=7238
Confirmed=?
Filename=Nodemngr.exe
Description=<font color="#FF0000">Part of the Dell OpenManage Client installation - to allow Dell representatives to remote logon?</font>
Source=Paul Collins Startup list

[nodriver]
Number=7239
Confirmed=X
Filename=AUEKXRZ.EXE
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Noha]
Number=7240
Confirmed=X
Filename=aasd.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[Nokia Check]
Number=7241
Confirmed=X
Filename=nokiacheck.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CDC" target="_blank">WORM_RBOT.CDC</a> WORM!
Source=Paul Collins Startup list

[Nokia Connection Monitor]
Number=7242
Confirmed=N
Filename=NclConf.exe
Description=Monitors the infrared port, the serial ports and the Bluetooth for a Nokia phone connection. It is installed by the Nokia PC Suite (and Nokia PC Connectivity SDK), and the tray icon shows if a phone has been connected. If you have a conflict with another program, such as TV tuner card remote control monitor, you can disable it, and run only when needed. Available via a desktop shortcut or Start -&gt; Programs - not required
Source=Paul Collins Startup list

[Nokia Tray Application]
Number=7243
Confirmed=U
Filename=NclTray.exe
Description=Nokia PC Suite 5 - "A collection of powerful tools that you can use to manage your phone features and data." Synchronize the phone with, for example Outlook. You can also use it to browse your phone, edit the phone list and so on
Source=Paul Collins Startup list

[NOMAD Detector]
Number=7244
Confirmed=U
Filename=ctnmrun.exe
Description=Detects the Creative NOMAD jukebox/MP3 player at the time it is attached to USB and starts the needed application (Creative PlayCentre 2) that you use to copy MP3 files to and from it. This is required if you want PlayCentre 2 to take control of the NOMAD once connected
Source=Paul Collins Startup list

[NomdCheck]
Number=7245
Confirmed=N
Filename=nomdchek.exe
Description=Part of Intel's Native Audio
Source=Paul Collins Startup list

[nomtray]
Number=7246
Confirmed=U
Filename=nomtray.exe
Description=System Tray access to NetMotion Wireless options - including connectivity status (see <a href="http://www.netmotionwireless.com/support/technotes/2140.asp" target=_blank>here</a>)
Source=Paul Collins Startup list

[Nord]
Number=7247
Confirmed=X
Filename=nordsys.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32drefs.html" target="_blank">DREF-S</a> WORM!
Source=Paul Collins Startup list

[Norman ZANDA]
Number=7248
Confirmed=U
Filename=ZLH.EXE
Description=System Tray icon for <a href="http://www.norman.com/" target="_blank">Norman Antivirus</a>
Source=Paul Collins Startup list

[NortE Antivirus]
Number=7249
Confirmed=X
Filename=norte.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BQQ&VSect=P" target=_blank>RBOT.BQQ</a> WORM!
Source=Paul Collins Startup list

[NortE Antivirus]
Number=7250
Confirmed=X
Filename=norten.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaff.html" target=_blank>RBOT-AFF</a> WORM!
Source=Paul Collins Startup list

[norten Software Intrenet]
Number=7251
Confirmed=X
Filename=norten.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawa.html" target=_blank>RBOT-AWA</a> WORM!
Source=Paul Collins Startup list

[Norton Antiviral Scanner]
Number=7252
Confirmed=X
Filename=navscnr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotk.html" target="_blank">DELBOT-K</a> WORM!
Source=Paul Collins Startup list

[Norton Antivirus]
Number=7253
Confirmed=X
Filename=nortonav.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaye.html" target=_blank>RBOT-AYE</a> TROJAN! Note - this is not the real Norton AV!
Source=Paul Collins Startup list

[Norton Antivirus 2004]
Number=7254
Confirmed=X
Filename=SYMANTECAV2.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotdy.html" target=_blank>SPYBOT-DY</a> WORM! Note - this is not the real Norton AV!
Source=Paul Collins Startup list

[Norton Antivirus 7.0a]
Number=7255
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojperdab.html" target=_blank>PERDA-B</a> or <a href="http://www.sophos.com/virusinfo/analyses/trojranckct.html" target=_blank>RANCK-CT</a> TROJANS!
Source=Paul Collins Startup list

[Norton Antivirus AV]
Number=7256
Confirmed=X
Filename=FVProtect.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032110-4938-99" target="_blank">NETSKY.P</a> WORM! Note - this is not the popular AV software!
Source=Paul Collins Startup list

[Norton AntiVirus Sys]
Number=7257
Confirmed=X
Filename=NAVsys32.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN" target=_blank>WOOTBOT</a> WORM!
Source=Paul Collins Startup list

[Norton Antivirus Updater]
Number=7258
Confirmed=X
Filename=nortonav.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbott.html" target="_blank">DELBOT-T</a> WORM! Note - this is not the real Norton AV!
Source=Paul Collins Startup list

[Norton Auto Protect]
Number=7259
Confirmed=X
Filename=nava.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Norton Auto Protect]
Number=7260
Confirmed=X
Filename=crss32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ATF" target="_blank">SDBOT.ATF</a> WORM!
Source=Paul Collins Startup list

[Norton Auto-Protect]
Number=7261
Confirmed=Y
Filename=navapw32.exe
Description=Norton Anti-Virus's background scanning process 
Source=Paul Collins Startup list

[Norton Auto-Protect]
Number=7262
Confirmed=X
Filename=ccApp.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021610-0732-99" target=_blank>AKHER.D</a> WORM! Note - for the valid Norton AV entry the filename is "navapexe". This is also not the valid Norton AV file with the same filename
Source=Paul Collins Startup list

[Norton Auto-Protect]
Number=7263
Confirmed=X
Filename=SERVICES.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-012611-2803-99" target=_blank>Ahker.B</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder. Also, this is not part of Norton AV
Source=Paul Collins Startup list

[Norton AV Preload]
Number=7264
Confirmed=?
Filename=Premend.exe
Description=Norton Antivirus related. <font color="#FF0000"> What does it do and is it required</font>
Source=Paul Collins Startup list

[Norton AV Protection Startup]
Number=7265
Confirmed=X
Filename=Ati2xxx.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Norton Crashguard Monitor]
Number=7266
Confirmed=N
Filename=cgmenu.exe
Description=Troublesome program that doesn't actually work with WinME so Norton removed it from SystemWorks 2001
Source=Paul Collins Startup list

[Norton Disk Doctor]
Number=7267
Confirmed=N
Filename=Ndd32.exe
Description=Norton Disk Doctor from Norton Utilities. Automatically runs at start-up, checking for disk errors. Better than ScanDisk but can be started manually via Start -&gt; Programs. Delete the shortcut in the Start -&gt; Programs -&gt; Startup folder as well
Source=Paul Collins Startup list

[Norton Drive Protection]
Number=7268
Confirmed=X
Filename=msdt32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotgb.html" target=_blank>FORBOT-GB</a> WORM! Note - this not a valid Norton program!
Source=Paul Collins Startup list

[Norton eMail Protect]
Number=7269
Confirmed=Y
Filename=POPROXY.EXE
Description=Proxy E-mail protection from Norton Anti-Virus (prior to 2002). If you have it installed, leave it enabled to automatically check for suspect attachments in E-mails that may contain viruses. It downloads the E-mail into poproxy, which serves as a proxy server on the local machine, before scanning it
Source=Paul Collins Startup list

[Norton Firewall]
Number=7270
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankeret.html" target=_blank>BANKER-ET</a> TROJAN!
Source=Paul Collins Startup list

[Norton Ghost 9.0]
Number=7271
Confirmed=N
Filename=GhostTray.exe
Description=<a href="http://www.symantec.com/sabu/ghost/ghost_personal/" target=_blank>Norton Ghost</a> tray icon - the application can be launched manually
Source=Paul Collins Startup list

[Norton Guard 32]
Number=7272
Confirmed=X
Filename=ntguard32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Norton Live Update Server]
Number=7273
Confirmed=X
Filename=cpsdv.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.EW" target="_blank">AGOBOT.EW</a> TROJAN!
Source=Paul Collins Startup list

[Norton Live Updater]
Number=7274
Confirmed=X
Filename=Cavapsvc.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
Source=Paul Collins Startup list

[Norton Live Updater]
Number=7275
Confirmed=X
Filename=Sochost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
Source=Paul Collins Startup list

[Norton Navigator Loader]
Number=7276
Confirmed=N
Filename=nnloader.exe
Description=An older Norton utility for file management under Windows 95. More information <a href="http://www.mg.co.za/mg/pc/history/dec10-nortnavigator.html" target="_blank">here</a>
Source=Paul Collins Startup list

[Norton Personal Firewall]
Number=7277
Confirmed=X
Filename=jah.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Norton Personal Firewall]
Number=7278
Confirmed=X
Filename=npfw.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotui.html" target=_blank>RBOT-UI</a> WORM!
Source=Paul Collins Startup list

[Norton Personal Firewall]
Number=7279
Confirmed=X
Filename=lah.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Norton Personal Firewall]
Number=7280
Confirmed=X
Filename=npfw32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotuq.html" target=_blank>RBOT-UQ</a> WORM!
Source=Paul Collins Startup list

[Norton Personal Firewall]
Number=7281
Confirmed=Y
Filename=IntroWiz.exe
Description=Part of Norton Personal Firewall or Norton Internet Security
Source=Paul Collins Startup list

[Norton Program Scheduler]
Number=7282
Confirmed=U
Filename=nsched32.exe
Description=Installed on a Windows system where the Windows Task Scheduler isn't used as part of the OS (Win95, WinNT(?), Win2K(?)) to schedule automatic tasks such as Norton Anti-Virus scans
Source=Paul Collins Startup list

[Norton Program Scheduler]
Number=7283
Confirmed=U
Filename=NPSsvc.exe
Description=Installed on a Windows system where the Windows Task Scheduler isn't used as part of the OS (Win95, WinNT(?), Win2K(?)) to schedule automatic tasks such as Norton Anti-Virus scans
Source=Paul Collins Startup list

[Norton Program Scheduler Event Checker]
Number=7284
Confirmed=?
Filename=npscheck.exe
Description=<font color="#FF0000">Part of Norton Anti-Virus. What does it do? Apparently it can safely be disabled without causing problems. Can also be listed as NPS Event Checker</font>
Source=Paul Collins Startup list

[Norton Protect]
Number=7285
Confirmed=X
Filename=npprotect.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotww.html" target= blank>RBOT-WW</a> WORM!
Source=Paul Collins Startup list

[Norton protect]
Number=7286
Confirmed=X
Filename=nvsvc.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Norton Protect Activies]
Number=7287
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankercz.html" target=_blank>BANKER-CZ</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "D5133" subfolder
Source=Paul Collins Startup list

[Norton Service Driver]
Number=7288
Confirmed=X
Filename=wsul.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabi.html" target= blank>RBOT-ABI</a> WORM!
Source=Paul Collins Startup list

[Norton Service Process]
Number=7289
Confirmed=X
Filename=navapvc.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list

[Norton SpySweeper AutoUpdate]
Number=7290
Confirmed=X
Filename=navsw.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotas.html" target="_blank">FORBOT-AS</a> WORM!
Source=Paul Collins Startup list

[Norton System]
Number=7291
Confirmed=X
Filename=csrs.scr
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbanloaafm.html" target="_blank">BANLOA-AFM</a> TROJAN!
Source=Paul Collins Startup list

[Norton System Doctor]
Number=7292
Confirmed=N
Filename=Sysdoc32.exe
Description=Norton Disk Doctor from Norton Utilities. Automatically runs at start-up, major resource hog and best started manually form Start -&gt; Programs. Delete the shortcut in the Start -&gt; Programs -&gt; Startup folder as well
Source=Paul Collins Startup list

[Norton SystemWorks]
Number=7293
Confirmed=N
Filename=cfgwiz.exe
Description=Norton System Works configuration wizard. Reportedly a resource hog. Many users find they can live without loading it
Source=Paul Collins Startup list

[Norton Update]
Number=7294
Confirmed=X
Filename=ccUpdate.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!

Source=Paul Collins Startup list

[Norton Update]
Number=7295
Confirmed=X
Filename=winsvc.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.ALP&VSect=P" target=_blank>AGOBOT.ALP</a> WORM!
Source=Paul Collins Startup list

[Norton Update]
Number=7296
Confirmed=X
Filename=cUpdate.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=49211" target="_blank">AGOBOT.APP</a> WORM!
Source=Paul Collins Startup list

[Norton updated]
Number=7297
Confirmed=X
Filename=NVSV32.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ABH&VSect=P" target=_blank>SDBOT.ABH</a> WORM!
Source=Paul Collins Startup list

[Norton Updater]
Number=7298
Confirmed=X
Filename=winset.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Norton Updater]
Number=7299
Confirmed=X
Filename=lsa.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Norton Updater]
Number=7300
Confirmed=X
Filename=NortonUpdate.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Norton Updater]
Number=7301
Confirmed=X
Filename=ccUpdate.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list

[Norton Updater]
Number=7302
Confirmed=X
Filename=navupdtr.exe
Description=Added by the <a href="http://de.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=1&VName=WORM_SDBOT.AXV" target=_blank>SDBOT.AXV</a> WORM!
Source=Paul Collins Startup list

[Norton Wizzard]
Number=7303
Confirmed=X
Filename=nwiz.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042217-0801-99" target="_blank">GAOBOT.ADV</a> WORM! Note - this is not the valid nVidia application that shares the same name
Source=Paul Collins Startup list

[norton32]
Number=7304
Confirmed=X
Filename=norton32.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[NortonAntivirus]
Number=7305
Confirmed=X
Filename=LSASS.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-091615-0246-99" target=_blank>PEXMOR</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Temp" subfolder of the Winnt or Windows folder. It also has nothing to do with Norton AV
Source=Paul Collins Startup list

[NortonAV]
Number=7306
Confirmed=X
Filename=norton_antivirus.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-111613-5136-99" target=_blank>NETJOE</a> TROJAN! Note - this is not the legitimate Symantec AV program
Source=Paul Collins Startup list

[nortonav]
Number=7307
Confirmed=X
Filename=CCUPD32.EXE
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[nortonp]
Number=7308
Confirmed=X
Filename=nortonp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojjda.html" target="_blank">JD-A</a> TROJAN!
Source=Paul Collins Startup list

[Nortons AV SYSTEM]
Number=7309
Confirmed=X
Filename=scvchost.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Nortons AVS Systems]
Number=7310
Confirmed=X
Filename=arse.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AWY" target="_blank">RBOT.AWY</a> WORM!
Source=Paul Collins Startup list

[nortonsantivirus]
Number=7311
Confirmed=X
Filename=ccEvtMngr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojhzdoora.html" target=_blank>HZDOOR-A</a> TROJAN!
Source=Paul Collins Startup list

[NortonVPlus]
Number=7312
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojroamera.html" target=_blank>ROAMER-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which should not normally figure in Msconfig/Startup!
Source=Paul Collins Startup list

[Notebook Maximizer]
Number=7313
Confirmed=U
Filename=maximizer_startup.exe
Description=Toshiba Notebook Maximizer software - adjust settings to save battery power and increase efficiency
Source=Paul Collins Startup list

[NotebookManager]
Number=7314
Confirmed=?
Filename=nbm.exe
Description=<font color="#FF0000">Associated with Acer notebook PCs. What does it do and is it required?</font>
Source=Paul Collins Startup list

[NOTEPAD]
Number=7315
Confirmed=X
Filename=NOTEPAD.exe
Description=Added as the result of the RUSTY VIRUS! Note - not to be confused with the valid Windows "NOTEPAD" text editor! This malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
Source=Paul Collins Startup list

[NotePad]
Number=7316
Confirmed=X
Filename=[worm filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sillyfdcg.html" target="_blank">SILLYFDC-G</a> WORM!
Source=Paul Collins Startup list

[Notepad]
Number=7317
Confirmed=X
Filename=ntoepad.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotak.html" target="_blank">DELBOT-AK</a> WORM!
Source=Paul Collins Startup list

[Notepad lptt01]
Number=7318
Confirmed=X
Filename=notepad.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Notepad" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>. Note - this is not Windows Notepad which has the same executable name
Source=Paul Collins Startup list

[Notepad ml097e]
Number=7319
Confirmed=X
Filename=notepad.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Notepad" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>. Note - this is not Windows Notepad which has the same executable name
Source=Paul Collins Startup list

[notepad.exe]
Number=7320
Confirmed=X
Filename=upx.exe
Description=Added by a variant of the AGENT.AH TROJAN!
Source=Paul Collins Startup list

[notepad.exe]
Number=7321
Confirmed=X
Filename=msmsgs.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojfakespyb.html" target= blank>FAKESPY-B</a> TROJAN! Note - this particular msmsgs.exe file is located in the Windows\System32 or Winnt\System32 folder, and should not be mistaken for the MSN Messenger file of the same name!
Source=Paul Collins Startup list

[notepad.exe]
Number=7322
Confirmed=X
Filename=msmsgs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzlobi.html" target= blank>ZLOB-I</a> TROJAN!
 Note - not be mistaken for the MSN Messenger file of the same name!
Source=Paul Collins Startup list

[notepad.exe]
Number=7323
Confirmed=X
Filename=msmsgs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzlobi.html" target=_blank>ZLOB-I</a> and <a href="http://www.sophos.com/virusinfo/analyses/trojzlobh.html" target=_blank>ZLOB-H</a> TROJANS! Note - not to be confused with msmsgs.exe, the well known MSN Instant Messaging application!
Source=Paul Collins Startup list

[notepad2.exe]
Number=7324
Confirmed=X
Filename=popuper.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpupere.html" target= blank>PUPER-E</a> TROJAN!
Source=Paul Collins Startup list

[notes]
Number=7325
Confirmed=X
Filename=notepaad.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BME&VSect=P" target=_blank>RBOT.BME</a> WORM!
Source=Paul Collins Startup list

[Notification Utility]
Number=7326
Confirmed=X
Filename=altpayV2.exe
Description=Reported by <a href="http://www.ewido.net/en/" target="_blank">Ewido Security Suite</a> as WeirWeb adware
Source=Paul Collins Startup list

[Notn]
Number=7327
Confirmed=X
Filename=Eber.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[Notn]
Number=7328
Confirmed=X
Filename=wtta.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[NovaBackup * Tray Control]
Number=7329
Confirmed=U
Filename=NbkCtrl.exe
Description=Scheduling engine of <a href="http://www.no-panic.com/backup/n_backup.html" target="_blank">NovaSTOR Backup</a> Service. Only required if scheduling is enabled and wanted - see <a href="http://www.no-panic.com/backup/tech_supt/nbackup7_commandline.html" target="_blank">here</a>. * represents the version number
Source=Paul Collins Startup list

[NovaPortal Single User Service]
Number=7330
Confirmed=?
Filename=NPSU.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[NovastorSchedulerd]
Number=7331
Confirmed=U
Filename=SCHENGD.EXE
Description=NovaStor NovaBACKUP Scheduler - back-up utility. If you don't have regularly scheduled back-ups you don't need it
Source=Paul Collins Startup list

[NOYPI_KANG_ASTIG]
Number=7332
Confirmed=X
Filename=Exit to DosPrompt.pif
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062709-3249-99" target=_blank>FILUKIN.A</a> WORM!
Source=Paul Collins Startup list

[np]
Number=7333
Confirmed=X
Filename=upnp.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_YABE.AE" target="_blank">YABE.AE</a> TROJAN!
Source=Paul Collins Startup list

[NPF Value]
Number=7334
Confirmed=X
Filename=NPFMONTR.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[NPFMonitor]
Number=7335
Confirmed=?
Filename=NPFMntor.exe
Description=Norton AntiVirus Firewall Install Monitor. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[NPROTECT]
Number=7336
Confirmed=U
Filename=nprotect.exe
Description=Norton Protected Recycle Bin from Norton Utilities. Adds an extra layer of safety before you remove deleted files from the Recycled Bin. Can be listed twice which is valid
Source=Paul Collins Startup list

[NPS Event Checker]
Number=7337
Confirmed=?
Filename=npscheck.exe
Description=<font color="#FF0000">Part of Norton Anti-Virus. What does it do? Apparently it can safely be disabled without causing problems. Can also be listed as </font>Norton Program Scheduler Event Checker
Source=Paul Collins Startup list

[NS]
Number=7338
Confirmed=X
Filename=ns.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agoboths.html" target=_blank>AGOBOT-HS</a> WORM!
Source=Paul Collins Startup list

[NSCheck]
Number=7339
Confirmed=X
Filename=NSCHECK.EXE
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=43974" target="_blank">MarketScore</a> parasite - ActiveX control used to download premium-rate dialers

Source=Paul Collins Startup list

[nscntrl]
Number=7340
Confirmed=X
Filename=nscntrl.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaddc.html" target=_blank>DLOAD-DC</a> TROJAN!
Source=Paul Collins Startup list

[nsdcmd services]
Number=7341
Confirmed=X
Filename=nsdcmdav.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list

[nsdcmd vid process]
Number=7342
Confirmed=X
Filename=nsdcmdwin.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list

[nsdlua]
Number=7343
Confirmed=X
Filename=nsdlua.exe
Description=All-In-One Telcom - adult content dialler
Source=Paul Collins Startup list

[nsdriver]
Number=7344
Confirmed=X
Filename=nssys32.exe
Description=<a href="http://allentech.net/parasite/NetShagg.html" target="_blank">NetShagg</a> adware

Source=Paul Collins Startup list

[nse]
Number=7345
Confirmed=X
Filename=nse.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotml.html" target=_blank>AGOBOT-ML</a> WORM!
Source=Paul Collins Startup list

[Nsengine]
Number=7346
Confirmed=U
Filename=Nsengine.exe
Description=Scheduling engine of <a href="http://www.no-panic.com/backup/n_backup.html" target="_blank"> NovaSTOR Backup</a> Service. Only required if scheduling is enabled and wanted - see <a href="http://www.no-panic.com/backup/tech_supt/nbackup7_commandline.html" target="_blank"> here</a>
Source=Paul Collins Startup list

[NSHelper]
Number=7347
Confirmed=U
Filename=aexnsinstallhelper.exe
Description=Altiris Express Notification Server Install helper - monitors integrity of the installation
Source=Paul Collins Startup list

[nssysconf]
Number=7348
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_VIVIA.A" target="_blank">VIVIA.A</a> TROJAN!
Source=Paul Collins Startup list

[nstat]
Number=7349
Confirmed=X
Filename=netstat.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[NSupdate]
Number=7350
Confirmed=X
Filename=NSupdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/diallaetb.html" target=_blank>Dial/Laet-B</a> premium rate dialer!
Source=Paul Collins Startup list

[Nsv]
Number=7351
Confirmed=X
Filename=nsvsvc.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-050515-5939-99" target=_blank>Delfin Promulgate</a> adware
Source=Paul Collins Startup list

[nsvcin]
Number=7352
Confirmed=X
Filename=n20050308.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076775" target="_blank">Delfin Media Viewer</a> adware related
Source=Paul Collins Startup list

[Nsvdr]
Number=7353
Confirmed=X
Filename=nsvdr.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[nsys]
Number=7354
Confirmed=U
Filename=nsys.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080510-5653-99" target= blank>NetSpy</a> keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[nsys32]
Number=7355
Confirmed=X
Filename=nsys32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotsu.html" target=_blank>AGOBOT-SU</a> WORM!
Source=Paul Collins Startup list

[NSystemMonitor]
Number=7356
Confirmed=N
Filename=Symmon.exe
Description=Norton Uninstall Deluxe - monitors programs being installed and logs them for removing later. Available via Start -> Programs for manual logging
Source=Paul Collins Startup list

[NT Kernel Patch]
Number=7357
Confirmed=N
Filename=ntkrnlpt.exe
Description=<a href="http://www.2point.com/FAXserve/" target="_blank">FaxServe</a> network fax software
Source=Paul Collins Startup list

[NT Logging Service]
Number=7358
Confirmed=X
Filename=Syslog32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092716-2152-99" target="_blank">DONK.B</a> WORM and variants!
Source=Paul Collins Startup list

[NT MICROSOFT SVCD]
Number=7359
Confirmed=X
Filename=ntvsvcd.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[NT security]
Number=7360
Confirmed=X
Filename=rundll32.com
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajc.html" target=_blank>RBOT-AJC</a> WORM!
Source=Paul Collins Startup list

[NT Service]
Number=7361
Confirmed=X
Filename=NTOKSRNL.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaag.html" target=_blank>RBOT-AAG</a> WORM!
Source=Paul Collins Startup list

[NT Services]
Number=7362
Confirmed=X
Filename=ntsvc.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.VJ" target="_blank">AGOBOT.VJ</a> WORM!
Source=Paul Collins Startup list

[Nt System Protocol]
Number=7363
Confirmed=X
Filename=ntsystem.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=47332" target="_blank">RBOT.DSB</a> TROJAN!
Source=Paul Collins Startup list

[NT Virtual Machine]
Number=7364
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32scaerbota.html" target= blank>SCAERBOT-A</a> WORM!
Source=Paul Collins Startup list

[Nt**.exe [* = random char]]
Number=7365
Confirmed=X
Filename=Nt**.exe [* = random char]
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
Source=Paul Collins Startup list

[Nt**32.exe [* = random char]]
Number=7366
Confirmed=X
Filename=Nt**32.exe [* = random char]
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
Source=Paul Collins Startup list

[NT-Virtual Device Manager]
Number=7367
Confirmed=X
Filename=ntvdmn.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaaa.html" target=_blank>SDBOT-AAA</a> WORM!
Source=Paul Collins Startup list

[Ntcheck]
Number=7368
Confirmed=X
Filename=mapserver.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtompaib.html" target=_blank>TOMPAI-B</a> WORM!
Source=Paul Collins Startup list

[NTCommLib3]
Number=7369
Confirmed=X
Filename=NTCommLib3.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-061915-5855-99" target=_blank>Admess</a> adware variant
Source=Paul Collins Startup list

[ntddetect]
Number=7370
Confirmed=X
Filename=ntddetect.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentcu.html" target=_blank>AGENT-CU</a> TROJAN!
Source=Paul Collins Startup list

[NTdhcp]
Number=7371
Confirmed=X
Filename=NTdhcp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqrobc.html" target=_blank>QQROB-C</a> TROJAN!
Source=Paul Collins Startup list

[NTdhcp]
Number=7372
Confirmed=X
Filename=CiKewl.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqrobn.html" target=_blank>QQROB-N</a> TROJAN!
Source=Paul Collins Startup list

[ntdll]
Number=7373
Confirmed=X
Filename=ntdll.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110416-1452-99" target="_blank">BIONET.404</a> TROJAN!
Source=Paul Collins Startup list

[ntdll.dll]
Number=7374
Confirmed=X
Filename=TrustCleaner.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094215" target="_blank">Smitfraud</a> variant
Source=Paul Collins Startup list

[NTDLM]
Number=7375
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080516-2036-99" target=_blank>HALE</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Qossrv" subfolder
Source=Paul Collins Startup list

[Ntech.patchs]
Number=7376
Confirmed=X
Filename=[trojan filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-033014-4558-99" target="_blank">LEMIR.G</a> TROJAN!
Source=Paul Collins Startup list

[ntechin]
Number=7377
Confirmed=X
Filename=n20050308.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076775" target="_blank">Delfin Media Viewer</a> adware related
Source=Paul Collins Startup list

[nternet Explorer]
Number=7378
Confirmed=X
Filename=iexplore.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotct.html" target=_blank>FORBOT-CT</a> WORM! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a>) process, which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup unless you add it manually! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[NTFS16]
Number=7379
Confirmed=X
Filename=ntfs16.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotly.html" target="_blank">RBOT-LY</a> WORM!
Source=Paul Collins Startup list

[NTFSCLUP]
Number=7380
Confirmed=Y
Filename=NTFSCLUP.EXE
Description=Part of ConfigSafe- "checks if an ntfssos restore has been performed since it was last run. It exits immediately after running. 99+% of the time it will only execute about a dozen instructions before exiting"
Source=Paul Collins Startup list

[ntfsmonitorpro]
Number=7381
Confirmed=X
Filename=ntfs64.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forboteb.html" target=_blank>FORBOT-EB</a> WORM!
Source=Paul Collins Startup list

[NTFSS Microsoft System]
Number=7382
Confirmed=X
Filename=filees.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.GAB" target="_blank">RBOT.GAB</a> WORM!
Source=Paul Collins Startup list

[NTFSS MICROSOFT SYSTEM]
Number=7383
Confirmed=X
Filename=filess.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AXZ&VSect=P" target=_blank>RBOT.AXZ</a> WORM!
Source=Paul Collins Startup list

[ntl Netguard]
Number=7384
Confirmed=Y
Filename=RPS.exe
Description=<a href="http://www.ntlworld.com/helpsupport/netguard/index.php" target=_blank>ntl Netguard</a> - anti-virus a package of services, specifically designed to keep you safe and secure with their ntlworld online services

Source=Paul Collins Startup list

[ntldr]
Number=7385
Confirmed=X
Filename=ntldr.exe
Description=Browser hijacker to search-control.com (TrojanDropper.Win32.Small.ig). In addition to Registry changes found by HijackThis, also creates the following system files: C:\WINDOWS\SYSTEM\ntldr.exe, C:\m.exe, C:\WINDOWS\Search-For-You.url, C:\n.bat, C:\q.exe, C:\r.bat
Source=Paul Collins Startup list

[ntlfreedom]
Number=7386
Confirmed=N
Filename=rundll32 [path] RyDial.dll, QuickStart
Description=<a href="http://secure.ntlfreedom.com/bundled/bundle_DialUp.aspx" target="_blank">NTL Freedom</a> dial-up ISP software - not required
Source=Paul Collins Startup list

[ntmsevt]
Number=7387
Confirmed=X
Filename=ntmsevt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstopedb.html" target="_blank">STOPED-B</a> TROJAN
Source=Paul Collins Startup list

[NTP Server]
Number=7388
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040119-5250-99" target="_blank">RANKY.F</a> TROJAN!
Source=Paul Collins Startup list

[nTrayFw]
Number=7389
Confirmed=Y
Filename=ntrayfw.exe
Description=Software interface for NVIDIA ActiveArmor - hardware firewall built into nVidia nForce motherboard chipsets
Source=Paul Collins Startup list

[NTrtc]
Number=7390
Confirmed=N
Filename=ntrtc.exe
Description=Dell year 2000 tool to deal with non-standard applications. Only required on older Dell PCs that may need this support
Source=Paul Collins Startup list

[NTSet32]
Number=7391
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojwinspyc.html" target=_blank>WINSPY-C</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "dll32" subfolder of the Windows or Winnt folder
Source=Paul Collins Startup list

[NTSF Microsoft System]
Number=7392
Confirmed=X
Filename=fylez.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[NTSF MICROSOFT SYSTEM]
Number=7393
Confirmed=X
Filename=wntsf.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ATC&VSect=P" target=_blank>RBOT.ATC</a> WORM!
Source=Paul Collins Startup list

[NTSF MICROSOFT SYSTEM]
Number=7394
Confirmed=X
Filename=fufffy.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotael.html" target=_blank>RBOT-AEL</a> WORM!
Source=Paul Collins Startup list

[NTSF MICROSOFT SYSTEM]
Number=7395
Confirmed=X
Filename=ntssf.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[NTSF MICROSOFT SYSTEM]
Number=7396
Confirmed=X
Filename=scvhost.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[NTSF MICROSOFT SYSTEM]
Number=7397
Confirmed=X
Filename=winsis32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[NTSF MICROSOFT SYSTEM]
Number=7398
Confirmed=X
Filename=marya.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxy.html" target=_blank>RBOT-AXY</a> WORM!
Source=Paul Collins Startup list

[NTSF MICROSOFT SYSTEM]
Number=7399
Confirmed=X
Filename=sysman.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.EDP" target="_blank">RBOT.EDP</a> WORM!
Source=Paul Collins Startup list

[ntsmod]
Number=7400
Confirmed=X
Filename=ntsmod.exe
Description=Adware downloader/installer, probably <a href="http://sarc.com/avcenter/venc/data/adware.look2me.html" target=_blank>VX2/Look2Me</a> related - also detected as the WIN32.VB.RL TROJAN!
Source=Paul Collins Startup list

[NTsocket]
Number=7401
Confirmed=X
Filename=NoeWinnt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojatakae.html" target="_blank">ATAKA-E</a> TROJAN!
Source=Paul Collins Startup list

[NTsrv.exe]
Number=7402
Confirmed=X
Filename=NTsrv.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojservuo.html" target=_blank>SERVU-O</a> TROJAN!
Source=Paul Collins Startup list

[Ntsysv]
Number=7403
Confirmed=X
Filename=ntsysv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmifenge.html" target=_blank>MIFENG-E</a> TROJAN!

Source=Paul Collins Startup list

[nTune]
Number=7404
Confirmed=U
Filename=nTune.exe
Description=nVidia <a href="http://www.nvidia.com/object/sysutility.html" target="_blank">nTune</a> - motherboard monitoring and overclocking utility for nVidia nForce chipset based motherboards
Source=Paul Collins Startup list

[ntupd32]
Number=7405
Confirmed=X
Filename=ntupd32.exe
Description=Unidentified adware/spyware
Source=Paul Collins Startup list

[ntupdate]
Number=7406
Confirmed=X
Filename=dnsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbottc.html" target=_blank>SDBOT-TC</a> WORM!
Source=Paul Collins Startup list

[NTupdater]
Number=7407
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdigarixd.html" target=_blank>DIGARIX-D</a> TROJAN!
Source=Paul Collins Startup list

[NTVDM]
Number=7408
Confirmed=U
Filename=NTVDM.EXE
Description=Windows NT Virtual DOS Machine (NTVDM) for running 16-bit tasks on the 32-bit OS's (Windows NT, 2K and XP). Required if hardware on a machine with these OS's needs 16-bit DOS drivers. You can find a bit more about NTVDM <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/ntvdm/" target="_blank">here</a>
Source=Paul Collins Startup list

[ntvdmd]
Number=7409
Confirmed=X
Filename=ntvdmd.exe
Description=Adware downloader - also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderyp.html" target=_blank>DLOADER-YP</a> TROJAN!
Source=Paul Collins Startup list

[ntvdscm]
Number=7410
Confirmed=X
Filename=ntvdscm.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsckeylogi.html" target="_blank">SCKEYLOG-I</a> TROJAN!
Source=Paul Collins Startup list

[ntx32]
Number=7411
Confirmed=X
Filename=ntx32.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Numerical Xterm Agent]
Number=7412
Confirmed=X
Filename=0x32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfwp.html" target="_blank">RBOT-FWP</a> WORM!
Source=Paul Collins Startup list

[Numerical Xterm Agents]
Number=7413
Confirmed=X
Filename=2x32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfwy.html" target="_blank">RBOT-FWY</a> WORM!
Source=Paul Collins Startup list

[Numerical Xtermz Agent]
Number=7414
Confirmed=X
Filename=1x32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfwx.html" target="_blank">RBOT-FWX</a> WORM!
Source=Paul Collins Startup list

[NuTCSetupEnviron]
Number=7415
Confirmed=Y
Filename=ncoeenv.exe
Description=Used by the <a href="http://www.mkssoftware.com/products/tk/ds_tkedev.asp" target="_blank">MKS Toolkit for Enterprise Developers</a> product. NuTCracker is a Unix runtime environment for Windows, so disabling this would be unwise if you are using NuTCracker or any 3rd party package that is using it. Since you might not know what is actually using it it's probably best left alone
Source=Paul Collins Startup list

[NvagNT]
Number=7416
Confirmed=X
Filename=nvagNT.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotrv.html" target= blank>AGOBOT-RV</a> WORM!
Source=Paul Collins Startup list

[nvc Win32]
Number=7417
Confirmed=X
Filename=nvcvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadd.html" target=_blank>RBOT-ADD</a> WORM!
Source=Paul Collins Startup list

[nvchost]
Number=7418
Confirmed=X
Filename=winlogon.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojklonej.html" target="_blank">KLONE-J</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target=_blank>winlogon.exe</a> process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder
Source=Paul Collins Startup list

[NvClipRsv]
Number=7419
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32dumaruak.html" target=_blank>DUMARU-K</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list

[NvClipRsv]
Number=7420
Confirmed=X
Filename=swchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32dumaruak.html" target=_blank>DUMARU-AK</a> WORM!
Source=Paul Collins Startup list

[NVCLOCK]
Number=7421
Confirmed=?
Filename=rundll32 nvclock.dll, fnNvclock
Description=<font color="#FF0000">Overclocking utility for nVidia based graphics cards?</font>
Source=Paul Collins Startup list

[NvColorInit]
Number=7422
Confirmed=?
Filename=rundll32.exe NvQtwk.dll, NvColorInit
Description=<font color="#FF0000">Associated with Nvidia based graphics cards</font>
Source=Paul Collins Startup list

[NVCOM]
Number=7423
Confirmed=X
Filename=NVCOM.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotsb.html" target= blank>AGOBOT-SB</a> WORM!
Source=Paul Collins Startup list

[NvCpl]
Number=7424
Confirmed=U
Filename=rundll32.exe NvCpl.dll, NvStartup
Description=Intializes the clock and memory settings on nVidia based graphics cards. Enable if you overclock your card
Source=Paul Collins Startup list

[NvCpl]
Number=7425
Confirmed=X
Filename=NvCpl.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112216-2050-99" target=_blank>YANZ.B</a> WORM!
Source=Paul Collins Startup list

[NvCpl]
Number=7426
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotapj.html" target=_blank>AGOBOT-APJ</a> WORM!
Source=Paul Collins Startup list

[NvCpl]
Number=7427
Confirmed=X
Filename=windowsp.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[NvCpl]
Number=7428
Confirmed=X
Filename=rundl32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotto.html" target=_blank>AGOBOT-TO</a> WORM! Note - the valid version of this entry has the command line as "rundll32.exe NvCpl.dll,NvStartup"
Source=Paul Collins Startup list

[NvCpl32Deamon]
Number=7429
Confirmed=X
Filename=nvcpl.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=1&VName=WORM_RPCSDBOT.B&highlight=WORM_RPCSDBOT.B" target=_blank>RPCSDBOT.B</a> WORM!
Source=Paul Collins Startup list

[NvCplD]
Number=7430
Confirmed=X
Filename=m2gr32.exe
Description=<a href="http://www.sophos.com/virusinfo/analyses/dialswitchb.html" target=_blank>"Switch"</a> premium rate adult content dialler
Source=Paul Collins Startup list

[NvCplD]
Number=7431
Confirmed=X
Filename=ntcpl.exe
Description=<a href="http://www.sophos.com/virusinfo/analyses/dialswitchb.html" target=_blank>Switch</a> adult content dialler
Source=Paul Collins Startup list

[NvCplDaemon]
Number=7432
Confirmed=N
Filename=rundll32.exe NvQtwk.dll, NvCplDaemon
Description=System Tray icon used to change display settings, change the clock rate and memory speed for nVidia based graphics cards. This is unnecessary since you can easily configure these settings the way you want them in the Display Properties and not have to mess with them again. Also disable the "NVIDIA Driver Helper Service" if enabled as it can cause this entry to be re-enabled on re-boot (note that this service can also cause extreme shutdown delays if enabled - see <a href="http://www.blackviper.com/WinXP/strangeservice.htm" target="_blank">here</a>)
Source=Paul Collins Startup list

[NvCplDaemon]
Number=7433
Confirmed=U
Filename=rundll32.exe NvCpl.dll, NvStartup
Description=Intializes the clock and memory settings on nVidia based graphics cards. Enable if you overclock your card
Source=Paul Collins Startup list

[NvCplDaemon]
Number=7434
Confirmed=X
Filename=msmsgrs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderyi.html" target=_blank>DLOADER-YI</a> TROJAN!
Source=Paul Collins Startup list

[NvCplDaemon32]
Number=7435
Confirmed=X
Filename=anvshell32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbxu.html" target=_blank>XU</a> TROJAN!
Source=Paul Collins Startup list

[NvCplDeamon]
Number=7436
Confirmed=X
Filename=nvdisp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpeepviei.html" target=_blank>PEEPVIE-I</a> TROJAN!
Source=Paul Collins Startup list

[NvCplDmn]
Number=7437
Confirmed=X
Filename=NAVSVC.EXE
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[NvCplScan]
Number=7438
Confirmed=X
Filename=msc32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotdd.html" target=_blank>FORBOT-DD</a> WORM!
Source=Paul Collins Startup list

[NvCplScan]
Number=7439
Confirmed=X
Filename=winasp.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_FORBOT.BZ&VSect=T" target=_blank>FORBOT.BZ</a> WORM!
Source=Paul Collins Startup list

[NvCplScan]
Number=7440
Confirmed=X
Filename=nvsc32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021515-4514-99" target=_blank>BROPIA.N</a> WORM!
Source=Paul Collins Startup list

[NvCplScan]
Number=7441
Confirmed=X
Filename=kav32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotew.html" target= blank>FORBOT-EW</a> WORM!
Source=Paul Collins Startup list

[nvctrl.exe]
Number=7442
Confirmed=X
Filename=nvctrl.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-121311-5012-99" target=_blank>ZLOB.G</a> TROJAN!
Source=Paul Collins Startup list

[nvd32 lptt01]
Number=7443
Confirmed=X
Filename=nvd32.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "nvd32" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[nvd32 ml097e]
Number=7444
Confirmed=X
Filename=nvd32.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "nvd32" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[NVHotkey]
Number=7445
Confirmed=U
Filename=rundll32.exe [path] nvHotkey.dll
Description=Enables the use of "hot keys" for changing setting on Nvidia graphics
Source=Paul Collins Startup list

[Nvid]
Number=7446
Confirmed=X
Filename=[8 random charachters]
Description=Unidentified adware
Source=Paul Collins Startup list

[Nvid32]
Number=7447
Confirmed=X
Filename=Nvid32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list

[Nvidex32]
Number=7448
Confirmed=X
Filename=Nvidex32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list

[NVIDIA ActiveArmor]
Number=7449
Confirmed=Y
Filename=ntrayfw.exe
Description=Software interface for NVIDIA ActiveArmor - hardware firewall built into nVidia nForce motherboard chipsets
Source=Paul Collins Startup list

[Nvidia Control Daemon]
Number=7450
Confirmed=X
Filename=nksvc32.exe
Description=Added by an unidentified WORM or TROJAN!

Source=Paul Collins Startup list

[Nvidia Control Panel]
Number=7451
Confirmed=X
Filename=ncsvc32.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[NVIDIA Driver]
Number=7452
Confirmed=X
Filename=MSPMSPSU.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.Y" target="_blank">WOOTBOT.Y</a> WORM!
Source=Paul Collins Startup list

[nVidia Drivers]
Number=7453
Confirmed=X
Filename=nVidiaDrvers.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotafx.html" target=_blank>SDBOT-AFX</a> WORM! Note - this is not related to any nVidia based motherboard or graphics card
Source=Paul Collins Startup list

[NVIDIA nForce APU1 Utilities]
Number=7454
Confirmed=N
Filename=NVATray.exe
Description=nVidia's nForce Audio Processing Unit (<a href="http://www.nvidia.com/object/apu.html" target="_blank">APU</a>)- "provides 3D positional audio and DirectX 8.0 compatibility, and encodes and decodes Dolby Digital 5.1 audio in real time"
Source=Paul Collins Startup list

[NVIDIA nTune]
Number=7455
Confirmed=U
Filename=nTune.exe
Description=nVidia <a href="http://www.nvidia.com/object/sysutility.html" target="_blank">nTune</a> - motherboard monitoring and overclocking utility for nVidia nForce chipset based motherboards
Source=Paul Collins Startup list

[NVidia System Utility]
Number=7456
Confirmed=U
Filename=NVSystemUtility.exe
Description=NVidia System Utility (now <a href="http://www.nvidia.com/object/sysutility.html" target="_blank">nTune</a>) lets you adjust bus speeds, hardware voltages, memory controller timings, and fan speed as well as additional settings to increase performance aggressiveness and hardware voltages. Will also display a dynamic graph of CPU and system temperatures, hardware voltages, and memory bus speeds
Source=Paul Collins Startup list

[NVIDIA Video drivers]
Number=7457
Confirmed=X
Filename=video_32D.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.KV" target="_blank">AGOBOT.KV</a> WORM!
Source=Paul Collins Startup list

[NVIDIA Video drivers]
Number=7458
Confirmed=X
Filename=video_32sD.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbb.html" target=_blank>RBOT-BB</a> WORM!
Source=Paul Collins Startup list

[Nvidia32]
Number=7459
Confirmed=X
Filename=nvidia32.exe
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant - also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojhostsb.html" target= blank>HOSTS-B</a> TROJAN!
Source=Paul Collins Startup list

[NvidiaQuickTweak]
Number=7460
Confirmed=N
Filename=rundll32.exe NvQtwk.dll, NvTaskbarInit
Description=System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties
Source=Paul Collins Startup list

[nvidll32]
Number=7461
Confirmed=X
Filename=nvidll32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxk.html" target= blank>RBOT-XK</a> WORM!
Source=Paul Collins Startup list

[NVIEW]
Number=7462
Confirmed=U
Filename=rundll32.exe nview.dll, nViewLoadHook
Description=This is a DLL to enable multiple display monitors on a single computer. It can be a cause of numerous problems on some computers
Source=Paul Collins Startup list

[nviload32]
Number=7463
Confirmed=X
Filename=nviload32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotvt.html" target=_blank>SDBOT-VT</a> WORM!

Source=Paul Collins Startup list

[NvInitialize]
Number=7464
Confirmed=N
Filename=rundll32.exe NvQtwk.dll, NvXTInit
Description=Thought to enable the clock frequency option on nVidia control panels. You can overclock without leaving this enabled
Source=Paul Collins Startup list

[nvirundll]
Number=7465
Confirmed=X
Filename=nvirundll.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041512-0913-99" target=_blank>SPYBOT.NPS</a> WORM!
Source=Paul Collins Startup list

[nvjxue]
Number=7466
Confirmed=X
Filename=nvjxue.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32eyevegj.html" target=_blank>EYEVEG-J</a> WORM!
Source=Paul Collins Startup list

[NVmax]
Number=7467
Confirmed=Y
Filename=NVmax.exe
Description=NVmax is a old tweaking utility for NVidia graphics cards. In the startup list if the user chooses to overclock their card
Source=Paul Collins Startup list

[NVMCTRAY]
Number=7468
Confirmed=N
Filename=RUNDLL32.EXE ...NVMCTRAY.DLL, NvTaskbarInit
Description=System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties
Source=Paul Collins Startup list

[NvMediaCenter]
Number=7469
Confirmed=U
Filename=RunDLL32.exe NvMCTray.dll, NvTaskbarInit
Description=System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties
Source=Paul Collins Startup list

[NVMixerTray]
Number=7470
Confirmed=N
Filename=NVMixerTray.exe
Description=System Tray access to audio controls from nVidia's motherboard ForceWare software
Source=Paul Collins Startup list

[nvmsgdwn]
Number=7471
Confirmed=X
Filename=NVMSGDWN.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojgraberd.html" target=_blank>GRABER-D</a> TROJAN!
Source=Paul Collins Startup list

[nvpatch]
Number=7472
Confirmed=X
Filename=napatch.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sasserf.html" target=_blank>SASSER-F</a> WORM!
Source=Paul Collins Startup list

[NvPvrNetMon]
Number=7473
Confirmed=U
Filename=NvPvrNetMon.exe
Description=Network monitor for the Personal Video Recorder function of the <a href="http://www.networkautomation.com/automate/index.htm" target="_blank">NVIDIA ForceWare Multimedia</a> application - "makes sure you don’t miss your favorite show. If you won’t be home to watch the show, just use the PVR to set future recordings"
Source=Paul Collins Startup list

[NVQuickTweak]
Number=7474
Confirmed=N
Filename=rundll32.exe NvQtwk.dll, NvTaskbarInit
Description=System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties
Source=Paul Collins Startup list

[NVRaidService]
Number=7475
Confirmed=N
Filename=nvraidservice.exe
Description=nVidia <a href="http://www.nvidia.com/object/feature_raid.html" target="_blank">NVRaid</a> - hard disk striping/mirroring utility for increased performance and reliability. Doesn't seem to be required if you have a <a href="http://data-recovery.lsoft.net/concept_raid.html" target="_blank">RAID</a> setup as there is no performance difference without it
Source=Paul Collins Startup list

[NVRotateSysTray]
Number=7476
Confirmed=?
Filename=nvsysrot.dll
Description=Related to <a href="http://www.fileresearchcenter.com/N/NVSYSROT.DLL-6190.html" target="_blank">NVIDIA</a> nView Control Panel. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[NVRT]
Number=7477
Confirmed=N
Filename=nvrt.exe
Description=NVRefreshTool is a utility that will automatically detect the maximum refresh rate at each resolution that your monitor supports
Source=Paul Collins Startup list

[NVRTClk]
Number=7478
Confirmed=?
Filename=NVRTClk.exe
Description=Related to a Gigabyte video card. <font color="#FF0000">What does it do, and is it required?</font>
Source=Paul Collins Startup list

[nvsv32.exe]
Number=7479
Confirmed=X
Filename=nvsv32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotdi.html" target=_blank>FORBOT-DI</a> WORM!
Source=Paul Collins Startup list

[nvsv32.exe]
Number=7480
Confirmed=X
Filename=cstr.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[nvsv32.exe]
Number=7481
Confirmed=X
Filename=asr_fnt.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GE&VSect=P" target=_blank>WOOTBOT.GE</a> WORM!
Source=Paul Collins Startup list

[nvsv32.exe]
Number=7482
Confirmed=X
Filename=nvsv33.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.FP&VSect=P" target=_blank>WOOTBOT.FP</a> WORM!
Source=Paul Collins Startup list

[NvSvc]
Number=7483
Confirmed=N
Filename=nvsvc.exe
Description=NVIDIA Driver Helper Service - installed when you change from the WDM drivers to nVidia's latest versions but not requied. Extreme shutdown delays can be encountered with this service active, but no adverse side effects with it disabled. NOTE: If using drivers other than nVidia's, such as Asus, this service may have been renamed to reflect that
Source=Paul Collins Startup list

[nvsvc]
Number=7484
Confirmed=X
Filename=nvsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerhq.html" target=_blank>BANKER-HQ</a> TROJAN! Note - this is not the valid <a href="http://www.sysinfo.org/startuplist.php?filter=NvSvc" target=_blank>NVIDIA Driver Helper Service</a> and is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[NVSVC]
Number=7485
Confirmed=X
Filename=nvsvc.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.ALX" target="_blank">AGOBOT.ALX</a> WORM! Note - this is not the valid <a href="http://www.sysinfo.org/startuplist.php?filter=NvSvc" target=_blank>NVIDIA Driver Helper Service</a> and is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[nvsvca32]
Number=7486
Confirmed=X
Filename=nvsvca32.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.E</a> TROJAN!
Source=Paul Collins Startup list

[nvsvca32]
Number=7487
Confirmed=X
Filename=clfmon.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.E</a> TROJAN!
Source=Paul Collins Startup list

[NVSystem32]
Number=7488
Confirmed=X
Filename=nvscv32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotno.html" target=_blank>AGOBOT-NO</a> WORM!

Source=Paul Collins Startup list

[NvUpdater]
Number=7489
Confirmed=X
Filename=nwiz32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[NvXplDeamon]
Number=7490
Confirmed=X
Filename=xstyles.exe
Description=Added by the SMALL.AJ VIRUS!
Source=Paul Collins Startup list

[NWEReboot]
Number=7491
Confirmed=?
Filename=dummy.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[nwiz]
Number=7492
Confirmed=U
Filename=nwiz.exe
Description=Nvidia nView Wizard - present with the newer versions of nVidia graphics cards drivers.  Allows you to immensely improve desktop layouts by setting preferences and optimizations. If you use any of the special nView features available in the control panel leave this alone - otherwise you can disable it
Source=Paul Collins Startup list

[nwiz32]
Number=7493
Confirmed=X
Filename=nwiz32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsinbanka.html" target=_blank>SINBANK-A</a> TROJAN!
Source=Paul Collins Startup list

[Nwpopup]
Number=7494
Confirmed=Y
Filename=Nwpopup.exe
Description=Broadcast message handler part of <a href="http://www.novell.com/products/netware/" target=_blank>Novell Netware</a> that displays server, printer and other messages
Source=Paul Collins Startup list

[nwrecmsg]
Number=7495
Confirmed=U
Filename=nwrecmsg.exe
Description=Broadcast message handler part of <a href="http://www.novell.com/products/netware/" target=_blank>Novell Netware</a> that displays server, printer and other messages - can cause crashes
Source=Paul Collins Startup list

[nwss]
Number=7496
Confirmed=U
Filename=Sp0.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-052614-0022-99" target="_blank">SpyOutside</a> surveillance software. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list

[NWTRAY]
Number=7497
Confirmed=Y
Filename=nwtray.exe
Description=<a href="http://www.novell.com/products/netware/" target="_blank">Novell Netware</a>. Displays the red &quot;N&quot; tray icon which can be disabled (by right-click on the icon) but is also needed by the client
Source=Paul Collins Startup list

[oadaemon]
Number=7498
Confirmed=?
Filename=oadaemon.exe
Description=Background process that establishes connection with a C3-1000 scanner and watch general status of the device and for scanner button presses. <font color="#FF0000">Can it be started manually?</font>
Source=Paul Collins Startup list

[oahstifr]
Number=7499
Confirmed=Y
Filename=oahstifr.exe
Description=Comes with <a href="http://www.hypertextstudio.com" target="_blank">HyperTextStudio</a>. From the supplier - &quot;The Osserver maintains the database for HyperText Studio projects - absolutely vital, it verifies all the links etc in a site. It runs as a service in NT, 2K and XP but needs to start up in Win 9.x so you'll see a DOS box for a short while during boot up.&quot;
Source=Paul Collins Startup list

[OAKSTART]
Number=7500
Confirmed=U
Filename=OAKSTART.EXE
Description=Sets the spindown timeout and access speeds at startup and displays a splash screen for CD-RW.
Source=Paul Collins Startup list

[OAKTASK]
Number=7501
Confirmed=N
Filename=OAKTASK.EXE
Description=Taskbar utility for a &quot;control panel&quot; for a CD-RW
Source=Paul Collins Startup list

[OASClnt]
Number=7502
Confirmed=U
Filename=oasclnt.exe
Description=McAfee VirusScan On-Access Scan Client service
Source=Paul Collins Startup list

[Object Store Server]
Number=7503
Confirmed=Y
Filename=osserver.exe
Description=Comes with <a href="http://www.hypertextstudio.com" target="_blank">HyperTextStudio</a>. From the supplier - &quot;The Osserver maintains the database for HyperText Studio projects - absolutely vital, it verifies all the links etc in a site. It runs as a service in NT, 2K and XP but needs to start up in Win 9.x so you'll see a DOS box for a short while during boot up.&quot;
Source=Paul Collins Startup list

[objtjprx]
Number=7504
Confirmed=?
Filename=objtjprx.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[obsver]
Number=7505
Confirmed=?
Filename=obsver.exe
Description=Part of <a href="http://www.lingoware.com/english/" target=_blank>LingoWare</a> translating software - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list

[OCAudioIni]
Number=7506
Confirmed=N
Filename=OCAudioIni.exe
Description=<a href="http://www.streamware-dev.com/products.html" target="_blank">One-click Audio Converter</a> - allows you to convert files of multiple audio formats right from Windows Explorer
Source=Paul Collins Startup list

[ocraware]
Number=7507
Confirmed=N
Filename=ocraware.exe
Description=<u>O</u>ptical <u>C</u>haracter <u>R</u>ecognition software as part of OmniPage Limited Edition - supplied with some scanners. Scan directly into most word processor applications, such as Word, WordPerfect, etc. Available via Start -> Programs
Source=Paul Collins Startup list

[Octoshape Streaming Services]
Number=7508
Confirmed=U
Filename=OctoshapeClient.exe
Description=<a href="http://www.octoshape.com/" target="_blank">Octoshape</a> Live Streaming - "is a revolutionary technology that will reduce your bandwidth cost and improve the quality in sound and picture"
Source=Paul Collins Startup list

[ocx32]
Number=7509
Confirmed=X
Filename=ocx32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082710-5900-99" target="_blank">ASTEF</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100514-2403-99" target="_blank">RESPAN</a> WORMS!
Source=Paul Collins Startup list

[OCXUPDT32]
Number=7510
Confirmed=X
Filename=ocxupdt32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotif.html" target=_blank>AGOBOT-IF</a> WORM!
Source=Paul Collins Startup list

[OD]
Number=7511
Confirmed=X
Filename=SYSCNTR.EXE
Description=HotVideo dialler
Source=Paul Collins Startup list

[od-matrxx]
Number=7512
Confirmed=X
Filename=od-matrxx.exe
Description=Adult dialler - xx can be any number
Source=Paul Collins Startup list

[od-stndxx]
Number=7513
Confirmed=X
Filename=od-stndxx.exe
Description=Adult dialler - xx can be any number
Source=Paul Collins Startup list

[od-teenxx]
Number=7514
Confirmed=X
Filename=od-teenxx.exe
Description=Adult dialler - xx can be any number
Source=Paul Collins Startup list

[ODBC BackUp]
Number=7515
Confirmed=U
Filename=fdxxl.exe
Description=G Data "PC Spion". PC monitoring and surveilling software, captures all users activity on the PC, see <a href="http://archiv.chip.de/artikel/c1_archiv_artikel_17080599.html" target="_blank">here</a>. Disable/remove if you didn't install it yourself!
Source=Paul Collins Startup list

[oddworldz.exe]
Number=7516
Confirmed=X
Filename=oddworldz.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmultidreg.html" target=_blank>MULTIDR-EG</a> TROJAN!
Source=Paul Collins Startup list

[Odometer]
Number=7517
Confirmed=N
Filename=Odometer.EXE
Description=Mouse odometer - tracks how far your pointer/arrow has traveled on the screen. Shortcut available
Source=Paul Collins Startup list

[ODSPConfig]
Number=7518
Confirmed=U
Filename=ODSPConfig.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-092111-1952-99" target="_blank">DsktopSurveil</a> surveillance software. Uninstall this software if you did not install it yourself
Source=Paul Collins Startup list

[Oeloader]
Number=7519
Confirmed=X
Filename=Oeloader.exe
Description=Xupiter <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Orbit%20Explorer&threatid=14913" target=_blank>OrbitExplorer</a> toolbar related. Drive-by foistware. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see <a href="http://www.alanluber.com/pcfearfactor/officialxupiterpage.htm" target=_blank>here</a>
Source=Paul Collins Startup list

[OEM Tools 32]
Number=7520
Confirmed=X
Filename=tres32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.QB&VSect=T" target="_blank">RBOT.QB</a> WORM!
Source=Paul Collins Startup list

[OEM32 Tools]
Number=7521
Confirmed=X
Filename=sres32.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[OEMCLEANUP]
Number=7522
Confirmed=N
Filename=oemreset.exe
Description=Resets OEM installation settings at bootup. Not required unless you're new to PC's
Source=Paul Collins Startup list

[OEMRESET]
Number=7523
Confirmed=U
Filename=oemreset.exe
Description=Resets OEM installation settings at bootup. Not required unless you're new to PC's
Source=Paul Collins Startup list

[OEMRUNONCE]
Number=7524
Confirmed=U
Filename=oemrun.exe
Description=Windows Millennium file - used by setup when installing the OEM 'express' version of the operating system. Uncheck after setup has finished
Source=Paul Collins Startup list

[oeplugin]
Number=7525
Confirmed=U
Filename=bxOEPlugin.exe
Description=<a href="http://www.baxbex.com/nohtml.html" target=_blank>noHTML</a> for Outlook Express is an add-on that protects Outlook Express from email viruses and email scripts by converting incoming email messages from HTML format to simple text
Source=Paul Collins Startup list

[OEPowerPlugs]
Number=7526
Confirmed=?
Filename=winoeinit.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[oepsrv]
Number=7527
Confirmed=U
Filename=oepsrv.exe
Description=<a href="http://www.softheap.com/oeprot.html" target=_blank>Outlook Express Protector</a> is designed for controlling access to Outlook Express and its e-mail and address data bases
Source=Paul Collins Startup list

[OESET]
Number=7528
Confirmed=X
Filename=setup60.exe
Description=Added by the <a href="http://kr.ahnlab.com/SecuInfoVirusViewEngNew3.ahn?SEQ_NO=7349" target="_blank">WAREZDL.28672</a> TROJAN!
Source=Paul Collins Startup list

[OESpamTest]
Number=7529
Confirmed=U
Filename=OESpamTest.ExE
Description=Kaspersky <a href="http://www.kaspersky.com/antispamenterprise" target=_blank>Anti-Spam</a>
Source=Paul Collins Startup list

[OEXCheck]
Number=7530
Confirmed=N
Filename=EA2Check.exe
Description=<a href="http://www.ajsystems.com/oexhome.html" target="_blank">Express Assist</a> from AJSystems.com. Utility for use with Outlook Express to backup, restore, synchronize amongst others
Source=Paul Collins Startup list

[oe_drop_spam]
Number=7531
Confirmed=X
Filename=oesrv.exe
Description=<a href="http://vil.mcafeesecurity.com/vil/content/v_137582.htm" target="_blank">Dropspam</a> adware
Source=Paul Collins Startup list

[OE_OEM]
Number=7532
Confirmed=Y
Filename=TMAS_OEMon.exe
Description=Related to Trend Micro PC-cillin - Internet Security 12

Source=Paul Collins Startup list

[Offer Companion]
Number=7533
Confirmed=X
Filename=offers.exe
Description=Adware
Source=Paul Collins Startup list

[Offers]
Number=7534
Confirmed=X
Filename=offers.exe
Description=Adware
Source=Paul Collins Startup list

[Office]
Number=7535
Confirmed=X
Filename=Office.exe
Description=Added by the <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=41605" target="_blank">KRAIMER.12</a> TROJAN!
Source=Paul Collins Startup list

[Office Mail]
Number=7536
Confirmed=U
Filename=off_mail.exe
Description=<a href="http://www.burrotech.com/officemail.php" target=_blank>Office Mail</a> from Burrotech Ltd - "complete email solution for small/medium businesses, homes, schools and colleges. It is a small email server which forms the perfect gateway between your internal and external email"

Source=Paul Collins Startup list

[Office Mail Alerter]
Number=7537
Confirmed=U
Filename=om_Alerter.exe
Description=<a href="http://www.burrotech.com/om_alerter.php" target=_blank>Office Mail Alerter</a> - "alert <a href="http://www.burrotech.com/officemail.php" target=_blank>Office Mail</a> users when they receive new emails" via a System Tray icon

Source=Paul Collins Startup list

[Office Monitor]
Number=7538
Confirmed=X
Filename=adv32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotcwo.html" target="_blank">SDBOT-CWO</a> WORM!
Source=Paul Collins Startup list

[Office Monitorse]
Number=7539
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotczx.html" target="_blank">SDBOT-CZX</a> WORM!
Source=Paul Collins Startup list

[Office Startup]
Number=7540
Confirmed=N
Filename=Osa.exe
Description=Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show
Source=Paul Collins Startup list

[Office Startup]
Number=7541
Confirmed=X
Filename=Exploer.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-103117-5243-99" target="_blank">GAOBOT.BV</a> WORM! Note the different filename to the valid MS Office entries
Source=Paul Collins Startup list

[Office Startup]
Number=7542
Confirmed=N
Filename=Osa9.exe
Description=Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show
Source=Paul Collins Startup list

[Office SturtUp]
Number=7543
Confirmed=X
Filename=osa9.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojclickerec.html" target="_blank">CLICKER-EC</a> TROJAN! Note - this trojan is located in the Windows or Winnt folder and should not be confused with the Microsoft office program, located in Program Files\Microsoft Office\...
Source=Paul Collins Startup list

[OfficeAgent]
Number=7544
Confirmed=X
Filename=expIorer.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
Source=Paul Collins Startup list

[OfficeAgent]
Number=7545
Confirmed=X
Filename=outIook.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
Source=Paul Collins Startup list

[OfficeAgent]
Number=7546
Confirmed=X
Filename=svcrhost.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
Source=Paul Collins Startup list

[OfficeAgent]
Number=7547
Confirmed=X
Filename=svcshost.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
Source=Paul Collins Startup list

[OfficeDeamon]
Number=7548
Confirmed=X
Filename=msorunner.exe
Description=Added by a variant of the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY</a> TROJAN!
Source=Paul Collins Startup list

[OfficeGuard RegChecker]
Number=7549
Confirmed=Y
Filename=ogrc.exe
Description=<a href="http://www.kaspersky.com/" target="_blank">Kaspersky Labs</a> anti-virus
Source=Paul Collins Startup list

[OfficeGuardUI]
Number=7550
Confirmed=X
Filename=svcss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdedlerc.html" target=_blank>DEDLER-C</a> TROJAN!
Source=Paul Collins Startup list

[officejet 6100]
Number=7551
Confirmed=?
Filename=hposol08.exe
Description=Associated with a HP PSC2110 (and maybe others) all-in-one machine
Source=Paul Collins Startup list

[OFFICEKB]
Number=7552
Confirmed=U
Filename=kbdap32a.EXE
Description=<a href="http://www.mic-innovations.com/display.cfm?id=Keyboards" target="_blank">Micro Innovations</a> keyboard management
Source=Paul Collins Startup list

[OfficeQuickAccess]
Number=7553
Confirmed=X
Filename=OfficeHost.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-091615-0246-99" target=_blank>PEXMOR</a> WORM!
Source=Paul Collins Startup list

[Offices]
Number=7554
Confirmed=X
Filename=msnmgd32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotdv.html" target=_blank>FORBOT-DV</a> WORM!
Source=Paul Collins Startup list

[Offices Monitors]
Number=7555
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgko.html" target="_blank">RBOT-GKO</a> WORM!
Source=Paul Collins Startup list

[Offices Monitorse]
Number=7556
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgko.html" target="_blank">RBOT-GKO</a> WORM!
Source=Paul Collins Startup list

[Offices Monitorse]
Number=7557
Confirmed=X
Filename=algose32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgdd.html" target="_blank">RBOT-GDD</a> WORM!
Source=Paul Collins Startup list

[OfficeScan95]
Number=7558
Confirmed=Y
Filename=pccwin97.exe
Description=Trend Micro antivirus <a href="http://www.trendmicro.com/en/products/desktop/osce/evaluate/overview.htm" target=_blank>OfficeScan</a>
Source=Paul Collins Startup list

[OfficeScanNT Monitor]
Number=7559
Confirmed=Y
Filename=pccntmon.exe
Description=Trend Micro <a href="http://www.trendmicro.com/en/products/desktop/osce/evaluate/overview.htm" target="_blank">OfficeScan</a> Antivirus real-time scan monitor
Source=Paul Collins Startup list

[OFFICEXP]
Number=7560
Confirmed=X
Filename=OFFICEXP.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.HE&VSect=P" target=_blank>WOOTBOT.HE</a> WORM!
Source=Paul Collins Startup list

[office_update]
Number=7561
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderzb.html" target=_blank>DLOADER-ZB</a> TROJAN!
Source=Paul Collins Startup list

[OfotoNow USB Detection]
Number=7562
Confirmed=N
Filename=Rundll32.exe OFUSBS.DLL, WatchForConnection OfotoNow
Description=Autodetects when a digital camera is attached to a USB port and launches <a href="http://www.ofoto.com/DownloadClient30.jsp?UV=673857175481_20140377403&amp;US=0&amp;c=f_on">OfotoNow</a> image software. Available via Start -> Programs
Source=Paul Collins Startup list

[ogrc]
Number=7563
Confirmed=Y
Filename=ogrc.exe
Description=<a href="http://www.kaspersky.com/" target="_blank">Kaspersky Labs</a> anti-virus
Source=Paul Collins Startup list

[Oil Change]
Number=7564
Confirmed=N
Filename=OCTray32.exe
Description=From CyberMedia/Network Associates. Checks for updates to software installed on your PC. Available via Start -> Programs
Source=Paul Collins Startup list

[OIM]
Number=7565
Confirmed=?
Filename=oim.exe
Description=<font color="#FF0000">Related to the <a href="http://www.o2.co.uk/" target="_blank">O2</a> (was "genie") mobile phone service. What does it do and is it required?</font>
Source=Paul Collins Startup list

[OKI LPR Utility]
Number=7566
Confirmed=U
Filename=okilpr.exe
Description=OKI printer utility
Source=Paul Collins Startup list

[OLE]
Number=7567
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-012915-2315-99" target="_blank">STAWIN</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040611-1006-99" target="_blank">TARNO.D</a> TROJANS!
Source=Paul Collins Startup list

[OLE Automation Server]
Number=7568
Confirmed=X
Filename=ole32aut.vbe
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list

[oleaccrc]
Number=7569
Confirmed=X
Filename=oleaccrc.exe
Description=Adware downloader - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as TrojanDownloader.Agent.am
Source=Paul Collins Startup list

[OLEDb Service]
Number=7570
Confirmed=X
Filename=runoledb32.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojspyreb.html" target=_blank>SPYRE.B</a> TROJAN!
Source=Paul Collins Startup list

[olehelp]
Number=7571
Confirmed=X
Filename=olehelp.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-012315-4733-99" target="_blank">BOOKMARKER.D</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031918-3240-99" target="_blank">BOOKMARKER.G</a> TROJANS!
Source=Paul Collins Startup list

[OleLoader]
Number=7572
Confirmed=X
Filename=ole32.exe
Description=Added by the DELF.BR TROJAN!
Source=Paul Collins Startup list

[olesvr]
Number=7573
Confirmed=U
Filename=olesvr.exe
Description=Salfeld <a href="http://www.salfeld.com/software/childcontrol/index.html" target="_blank">Child Control</a> - parental control software
Source=Paul Collins Startup list

[Olive System]
Number=7574
Confirmed=X
Filename=Szchost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042216-3333-99" target="_blank">MERCURYCAS.A</a> TROJAN!
Source=Paul Collins Startup list

[Olympic]
Number=7575
Confirmed=X
Filename=IE4321.exe
Description=Adult content premium rate dialer - also detected as SMALL.CZ
Source=Paul Collins Startup list

[Omf4]
Number=7576
Confirmed=X
Filename=OMF4.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-011116-0904-99" target="_blank">FREEMEGA</a> TROJAN!
Source=Paul Collins Startup list

[OmgStartup]
Number=7577
Confirmed=N
Filename=omgstartup.exe
Description=Sony program called OpenMG Jukebox - player and music organizer
Source=Paul Collins Startup list

[OmniHTTPd]
Number=7578
Confirmed=U
Filename=ohttpd.exe
Description=<a href="http://www.omnicron.ca/httpd/" target="_blank">OmniHTTPd</a> web server from Omnicron
Source=Paul Collins Startup list

[OmniPage]
Number=7579
Confirmed=N
Filename=Opware32.exe
Description=Part of <a href="http://www.nuance.com/omnipage/" target="_blank">OmniPage</a> from Nuance (was Scansoft) - "the fastest, easiest way to turn paper documents into digital files you can edit". Links Word, via OLE, with OmniPage. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page". Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is Available via Start -> Programs
Source=Paul Collins Startup list

[OmniPass]
Number=7580
Confirmed=U
Filename=scureapp.exe
Description=OmniPass from <a href="http://www.softexinc.com/" target="_blank">Softex Inc.</a> - secure password management software
Source=Paul Collins Startup list

[OM_Monitor]
Number=7581
Confirmed=U
Filename=FirstStart.exe
Description=<a href="http://www.olympus.co.uk/consumer/205_Olympus_Master_Software.htm" target=_blank>Olympus Master</a> - digital camera management tools

Source=Paul Collins Startup list

[OM_Monitor]
Number=7582
Confirmed=U
Filename=MONITOR.EXE
Description=<a href="http://www.olympus.co.uk/consumer/205_Olympus_Master_Software.htm" target=_blank>Olympus Master</a> - digital camera management tools

Source=Paul Collins Startup list

[On Screen Display]
Number=7583
Confirmed=U
Filename=OSD.EXE
Description=By Netropa for HP and other brands. Same group as KBD MediaCenter &amp; Touch Manager. Pressing a &quot;hot key&quot; on such a keyboard brings a corresponding panel on the screen for volume, etc. Nice but not required if you don't adjust things regularly - can also freeze
Source=Paul Collins Startup list

[once]
Number=7584
Confirmed=X
Filename=help.exe
Description=Identified as the DELF.LF by <a href="http://www.ewido.net/en/" target=_blank>Ewido Security Suite</a>
Source=Paul Collins Startup list

[One Touch Monitor]
Number=7585
Confirmed=N
Filename=OneTouchMonitor.exe
Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
Source=Paul Collins Startup list

[One Touch Monitor]
Number=7586
Confirmed=N
Filename=1tou~2.exe
Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
Source=Paul Collins Startup list

[One Touch Monitor]
Number=7587
Confirmed=N
Filename=ONETOU~2.EXE
Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
Source=Paul Collins Startup list

[OneCareUI]
Number=7588
Confirmed=Y
Filename=winssnotify.exe
Description=Related to <a href="http://www.windowsonecare.com/" target=_blank>Windows OneCare Live</a> from Microsoft
Source=Paul Collins Startup list

[OneTouch Monitor]
Number=7589
Confirmed=N
Filename=OneTouchMon.exe
Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
Source=Paul Collins Startup list

[OneTouchMonitor]
Number=7590
Confirmed=N
Filename=OneTouchMonitor.exe
Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
Source=Paul Collins Startup list

[OneTouchMonitor]
Number=7591
Confirmed=N
Filename=1tou~2.exe
Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
Source=Paul Collins Startup list

[OneTouchMonitor]
Number=7592
Confirmed=N
Filename=ONETOU~2.EXE
Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
Source=Paul Collins Startup list

[ONETOU~2]
Number=7593
Confirmed=N
Filename=OneTouchMonitor.exe
Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
Source=Paul Collins Startup list

[ONETOU~2]
Number=7594
Confirmed=N
Filename=1tou~2.exe
Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
Source=Paul Collins Startup list

[ONETOU~2]
Number=7595
Confirmed=N
Filename=ONETOU~2.EXE
Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
Source=Paul Collins Startup list

[Onflow]
Number=7596
Confirmed=X
Filename=onflow.exe
Description=Onflow is a internet company that offers an online advertising program. Not required - uninstall
Source=Paul Collins Startup list

[OnfolioStorage]
Number=7597
Confirmed=U
Filename=onfserv.exe
Description="<a href="http://www.onfolio.com/" target="_blank">Onfolio</a> is the complete solution for collecting, organizing and sharing online content"
Source=Paul Collins Startup list

[online cdrom]
Number=7598
Confirmed=?
Filename=Active acid.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Online Service]
Number=7599
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111717-3802-99" target="_blank">HOSTIDEL.B</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-020316-5221-99" target="_blank">HOSTIDEL.C</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-022617-1556-99" target="_blank">TARNO.B</a> TROJANS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list

[OnlinePCfix SmoothSurfer]
Number=7600
Confirmed=U
Filename=SS.exe
Description=<a href="http://www.smooth-surfer.com/" target="_blank">Smooth-Surfer</a> - blocks banners, ads, popups, and cleans MRU and Recent file lists
Source=Paul Collins Startup list

[OnlineTime]
Number=7601
Confirmed=N
Filename=onlinetime.exe
Description=<a target="_blank" href="http://www.freedownloadscenter.com/Network_and_Internet/Online_Timers/OnlineTimer_Pro.html">OnlineTimer</a> - monitors your Windows dial-up network and logs the time you spend online as well as the resulting costs
Source=Paul Collins Startup list

[online_party]
Number=7602
Confirmed=X
Filename=online_party.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[Onluna Sarvice]
Number=7603
Confirmed=X
Filename=sachost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtofgeraa.html" target="_blank">TOFGER-AA</a> TROJAN!
Source=Paul Collins Startup list

[Onlune Sarvice]
Number=7604
Confirmed=X
Filename=sachost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdaemonij.html" target="_blank">DAEMONI-J</a> TROJAN!
Source=Paul Collins Startup list

[only23]
Number=7605
Confirmed=X
Filename=SCVHOST.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbckdrpuq.html" target="_blank">PUQ</a> TROJAN!
Source=Paul Collins Startup list

[OnSrvr]
Number=7606
Confirmed=X
Filename=OnSrvr.exe
Description=OnWebMedia adware
Source=Paul Collins Startup list

[oo4]
Number=7607
Confirmed=X
Filename=RunDLL32.EXE [path] oo4.dll, DllRun
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BookedSpace&threatid=3275" target=_blank>BookedSpace</a> parasite
Source=Paul Collins Startup list

[OOLHELPT]
Number=7608
Confirmed=?
Filename=OOLHELPT.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[OP12 Reminder]
Number=7609
Confirmed=N
Filename=Ereg.exe
Description=Registration reminder for <a href="http://www.nuance.com/omnipage/" target="_blank">OmniPage</a> from Nuance (was Scansoft)
Source=Paul Collins Startup list

[OpAgent]
Number=7610
Confirmed=U
Filename=OpAgent.exe
Description=Part of Nuance (was Scansoft) <a href="http://www.nuance.com/omnipage/" target=_blank>OmniPage Pro</a> document conversion software
Source=Paul Collins Startup list

[Open Service Drivers]
Number=7611
Confirmed=X
Filename=opiater.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Open Site]
Number=7612
Confirmed=X
Filename=opnste.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102717-1431-99" target="_blank">OpenSite</a> adware
Source=Paul Collins Startup list

[Open Site]
Number=7613
Confirmed=X
Filename=opensite.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102717-1431-99" target="_blank">OpenSite</a> adware
Source=Paul Collins Startup list

[Open2Enter]
Number=7614
Confirmed=X
Filename=runme.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[Open2Enter]
Number=7615
Confirmed=X
Filename=runme2.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[OpenGL Drivers]
Number=7616
Confirmed=X
Filename=0penGLD.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32yimpa.html" target=_blank>YIMP-A</a> WORM!
Source=Paul Collins Startup list

[OpenMstart]
Number=7617
Confirmed=X
Filename=mcmgr32.exe
Description=<a href="http://www.sophos.com/virusinfo/analyses/dialswitchb.html" target=_blank>"Switch"</a> adult content dialler

Source=Paul Collins Startup list

[OpenMstart]
Number=7618
Confirmed=X
Filename=mmgr32.exe
Description=<a href="http://www.sophos.com/virusinfo/analyses/dialswitchb.html" target=_blank>"Switch"</a> adult content dialler

Source=Paul Collins Startup list

[OpenMstart]
Number=7619
Confirmed=X
Filename=Snt.exe
Description=<a href="http://www.sophos.com/virusinfo/analyses/dialswitchd.html" target= blank>"Switch"</a> premium rate adult content dialler
Source=Paul Collins Startup list

[OpenOffice.org *.*.*]
Number=7620
Confirmed=N
Filename=quickstart.exe
Description=<a href="http://www.openoffice.org/" target=_blank>OpenOffice.org</a> office suite quick start (where "*.*.*" is the version number)
Source=Paul Collins Startup list

[OpenOffice.org x]
Number=7621
Confirmed=N
Filename=QUICKS~1.EXE
Description=Displays <a href="http://www.openoffice.org/" target="_blank">OpenOffice</a> quick start applet in System tray. Right clicking on the icon allows rapid starting up of components of the OpenOffice suite. Available via Start -&gt; Programs. Will automatically be started when any OpenOffice component is started from Start -&gt; Programs. A resource hog (takes &gt; 16 MB of memory). &quot;x&quot; represents the version number
Source=Paul Collins Startup list

[openvpn-gui]
Number=7622
Confirmed=U
Filename=openvpn-gui.exe
Description="<a href="http://openvpn.se/" target=_blank>OpenVPN</a> is a full-featured SSL VPN solution which can accomodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls"

Source=Paul Collins Startup list

[Openwares LiveUpdate]
Number=7623
Confirmed=U
Filename=LiveUpdate.exe
Description=Web-update utility as used by various types of software - see <a href="http://liveupdate.openwares.org/" target="_blank">here</a>
Source=Paul Collins Startup list

[Operations Typhoon Rising Registration]
Number=7624
Confirmed=N
Filename=NOVG.EXE
Description=<a href="http://www.gamespot.com/pc/action/jointoperations/" target=_blank>Joint Operations</a> registration reminder
Source=Paul Collins Startup list

[Operator]
Number=7625
Confirmed=N
Filename=??
Description=Media Pilot operator, in Win.ini. Locks port open
Source=Paul Collins Startup list

[Operator]
Number=7626
Confirmed=U
Filename=xtmop.exe
Description=Fax/Phone answering facility for Extreem Machine - as supplied with the old Diamond SupraExpress modems. No longer supported
Source=Paul Collins Startup list

[OpiStat]
Number=7627
Confirmed=N
Filename=OPISTAT.EXE
Description=<a href="http://www.opistat.com/mp/index.html" target="_blank">OpiStat</a> is a European Research Institute whose goal is to understand consumer needs and opinions better
Source=Paul Collins Startup list

[OPQFile]
Number=7628
Confirmed=X
Filename=regedit.exe /s ...rad03FA6.tmp
Description=Unsavoury program that resets your homepage every time you restart - uncheck in MSCONFIG and delete it via a registry edit
Source=Paul Collins Startup list

[opr]
Number=7629
Confirmed=X
Filename=opr.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MediaMotor&threatid=15001" target="_blank">MediaMotor</a> adware
Source=Paul Collins Startup list

[OpScheduler]
Number=7630
Confirmed=U
Filename=OpScheduler.exe
Description=Part of Nuance (was Scansoft) <a href="http://www.nuance.com/omnipage/" target=_blank>OmniPage Pro</a> document conversion software
Source=Paul Collins Startup list

[opsql update check]
Number=7631
Confirmed=X
Filename=opsql.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotacj.html" target= blank>RBOT-ACJ</a> WORM!
Source=Paul Collins Startup list

[OPTIMIZER]
Number=7632
Confirmed=X
Filename=iexplore.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042518-0520-99" target=_blank>EVEVINC</a> TROJAN! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[Optimum Online]
Number=7633
Confirmed=X
Filename=Netsurf.exe
Description=OptimumOnline ISP software related spyware - displays advertising popups and collects information about user activity
Source=Paul Collins Startup list

[Optional Web Drivers For WIN32]
Number=7634
Confirmed=X
Filename=phqghume.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[OPTMOUSEMOUSE]
Number=7635
Confirmed=U
Filename=optmouse.exe
Description=Related to a <a href="http://www.samsung.com/" target=_blank>Samsung</a> optical mouse
Source=Paul Collins Startup list

[Optus Cable Data Monitor]
Number=7636
Confirmed=U
Filename=datamonitor.exe
Description=Allows Optus customers to monitor their actual data usage against Optus' "data allowance limits"
Source=Paul Collins Startup list

[OptusNetUsage]
Number=7637
Confirmed=U
Filename=OptusNet Usage Meter.exe
Description=Designed specifically for OptusNet users who wish to have their connection monitored on a frequent basis. It can also estimate when you are going to hit your usage limit, and how far over your suggested limit you should be
Source=Paul Collins Startup list

[Opware12]
Number=7638
Confirmed=N
Filename=Opware12.exe
Description=<a href="http://www.nuance.com/omnipage/" target="_blank">OmniPage</a> from Nuance (was Scansoft) - version 12. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start -> Programs
Source=Paul Collins Startup list

[Opware14]
Number=7639
Confirmed=N
Filename=Opware14.exe
Description=<a href="http://www.nuance.com/omnipage/" target="_blank">OmniPage</a> from Nuance (was Scansoft) - version 14. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start -> Programs
Source=Paul Collins Startup list

[Opware15]
Number=7640
Confirmed=N
Filename=Opware15.exe
Description=<a href="http://www.nuance.com/omnipage/" target="_blank">OmniPage</a> from Nuance (was Scansoft) - version 14. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start -> Programs
Source=Paul Collins Startup list

[OpwareSE2]
Number=7641
Confirmed=N
Filename=OpwareSE2.exe
Description=Hardware bundled version of <a href="http://www.nuance.com/omnipage/" target="_blank">OmniPage</a> from Nuance (was Scansoft). If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start -> Programs
Source=Paul Collins Startup list

[OpwareSE4]
Number=7642
Confirmed=N
Filename=OpwareSE4.exe
Description=Hardware bundled version of <a href="http://www.nuance.com/omnipage/" target="_blank">OmniPage</a> from Nuance (was Scansoft). If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start -> Programs
Source=Paul Collins Startup list

[Oracle Web-to-Go]
Number=7643
Confirmed=U
Filename=webtogo.exe
Description="<a href="http://www.oracle.com/technology/docs/tech/java/oc4j/jsp1131/orajspov.htm#1012705," target="_blank">Oracle Web-to-go</a>, a component of Oracle9i Lite, consists of a collection of modules and services that facilitate development, deployment, and management of mobile Web applications"
Source=Paul Collins Startup list

[OrbitUpdate]
Number=7644
Confirmed=X
Filename=update.exe
Description=Xupiter <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Orbit%20Explorer&threatid=14913" target=_blank>OrbitExplorer</a> toolbar related. Drive-by foistware. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see <a href="http://www.alanluber.com/pcfearfactor/officialxupiterpage.htm" target=_blank>here</a>
Source=Paul Collins Startup list

[OrbitView]
Number=7645
Confirmed=X
Filename=view.exe
Description=Xupiter <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Orbit%20Explorer&threatid=14913" target=_blank>OrbitExplorer</a> toolbar related. Drive-by foistware. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see <a href="http://www.alanluber.com/pcfearfactor/officialxupiterpage.htm" target=_blank>here</a>
Source=Paul Collins Startup list

[OrderReminder]
Number=7646
Confirmed=N
Filename=OrderReminder.exe
Description=The HP Order Reminder utility is installed with the HP LaserJet printer software and allows you to set specific times for reminders to check the current level of toner in the print cartridge - it also contains an Order Now link to a Web page that helps you order supplies online from a reseller of your choice
Source=Paul Collins Startup list

[orderShell]
Number=7647
Confirmed=X
Filename=order****.exe [* = random char]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadrun.html" target=_blank>DLOADR-UN</a> TROJAN!

Source=Paul Collins Startup list

[order_Shell]
Number=7648
Confirmed=X
Filename=order_smey.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbanksnifh.html" target=_blank>BANKSNIF-H</a> TROJAN!
Source=Paul Collins Startup list

[org5.exe]
Number=7649
Confirmed=?
Filename=org5.exe
Description=Lotus Organizer 5 application file, Lotus Organizer software. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[OrgyCam]
Number=7650
Confirmed=X
Filename=OrgyCam.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[OrigRage128Tweaker]
Number=7651
Confirmed=U
Filename=RAGE128TWEAK.EXE
Description=Third party tweaker for ATI Rage 128 Video cards from http://www.rageunderground.com
Source=Paul Collins Startup list

[ORiNOCO]
Number=7652
Confirmed=U
Filename=Cmluc.exe
Description=Client Manager software for a Proxim <a href="http://www.proxim.com/products/cp/pci.html" target="_blank">ORiNOCO</a> 11a/b/g wireless LAN PCI card
Source=Paul Collins Startup list

[OS Security]
Number=7653
Confirmed=X
Filename=mswind32.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasu.html" target=_blank>RBOT-ASU</a> WORM!
Source=Paul Collins Startup list

[OSA]
Number=7654
Confirmed=X
Filename=winword.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kangarooa.html" target=_blank>KANGAROO-A</a> TROJAN!
Source=Paul Collins Startup list

[Osa32]
Number=7655
Confirmed=X
Filename=NTOSA32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-012912-1745-99" target="_blank">ANIG</a> WORM!
Source=Paul Collins Startup list

[osCheck]
Number=7656
Confirmed=?
Filename=osCheck.exe
Description=Part of <a href="http://www.symantec.com/index.htm" target="_blank">Norton Antivirus</a>. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[OSD]
Number=7657
Confirmed=U
Filename=OSD.exe
Description=By Netropa for HP and other brands. Same group as KBD MediaCenter &amp; Touch Manager. Pressing a &quot;hot key&quot; on such a keyboard brings a corresponding panel on the screen for volume, etc. Nice but not required if you don't adjust things regularly - can also freeze
Source=Paul Collins Startup list

[OSS]
Number=7658
Confirmed=X
Filename=ossproxy.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=43974" target="_blank">MarketScore</a> parasite - ActiveX control used to download premium-rate dialers

Source=Paul Collins Startup list

[OSS]
Number=7659
Confirmed=X
Filename=rk.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=43974" target="_blank">MarketScore</a> parasite - ActiveX control used to download premium-rate dialers

Source=Paul Collins Startup list

[OSS]
Number=7660
Confirmed=X
Filename=rlvknlg.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=43974" target="_blank">MarketScore</a> parasite - ActiveX control used to download premium-rate dialers

Source=Paul Collins Startup list

[OSSProxy]
Number=7661
Confirmed=X
Filename=OSSPROXY.EXE
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=43974" target="_blank">MarketScore</a> parasite - ActiveX control used to download premium-rate dialers

Source=Paul Collins Startup list

[OStivityInvAgt]
Number=7662
Confirmed=U
Filename=ostivity.exe
Description=<a href="http://www.somix.com/products/ostivity.php" target="_blank">OStivity</a> - &quot;a desktop and server hardware and software asset/inventory solution for small to enterprise sized organizations that need to quickly gain knowledge of 'what's installed' without having to manually touch every computer in the company. The next time the computer logs into the network, a complete inventory (software and hardware) is taken of the system&quot;
Source=Paul Collins Startup list

[Osus]
Number=7663
Confirmed=X
Filename=acao.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[Osus]
Number=7664
Confirmed=X
Filename=rrup.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware. The executable is located in the user's "Application Data" folder or the Program Files\htwu folder
Source=Paul Collins Startup list

[otcx]
Number=7665
Confirmed=X
Filename=otcxxh.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-050417-5258-99" target="_blank">CAROOL</a> TROJAN!
Source=Paul Collins Startup list

[outlook]
Number=7666
Confirmed=X
Filename=outlook.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotru.html" target=_blank>SDBOT-RU</a> WORM!
Source=Paul Collins Startup list

[outlook]
Number=7667
Confirmed=X
Filename=outlook.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-021712-3034-99" target=_blank>ALCRA.F</a> WORM! Note - this is not the valid MS Office program which is found in Program Files\Microsoft Office\Office. This file is found in Program Files\Outlook
Source=Paul Collins Startup list

[Outlook Express Config]
Number=7668
Confirmed=X
Filename=*****.exe [* = random char]
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Outlook Express Protocol]
Number=7669
Confirmed=X
Filename=look.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotacs.html" target=_blank>RBOT-ACS</a> WORM!
Source=Paul Collins Startup list

[Outlook Mail Services]
Number=7670
Confirmed=X
Filename=express.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CJN&VSect=P" target=_blank>RBOT.CJN</a> WORM!
Source=Paul Collins Startup list

[Outlook Mail Services]
Number=7671
Confirmed=X
Filename=outlook.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbka.html" target="_blank">RBOT-BKA</a> TROJAN! Note that the valid MS Outlook executeable is located in the Program Files\Microsoft Office\Office directory wheras this one is found in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[OutLooks]
Number=7672
Confirmed=X
Filename=InSane.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050414-5512-99" target= blank>SWOOP</a> TROJAN!
Source=Paul Collins Startup list

[Outpost Firewall]
Number=7673
Confirmed=Y
Filename=outpost.exe
Description=<a href="http://www.agnitum.com/products/outpost/" target="_blank">Outpost</a> personal firewall
Source=Paul Collins Startup list

[OutpostFeedBack]
Number=7674
Confirmed=Y
Filename=feedback.exe
Description=Part of <a href="http://www.agnitum.co.uk/index.php?page=products&sub=ofp1" target="_blank">Outpost</a> firewall by Agnitum. The feedback service is for reporting issues directly to Agnitum from within OP
Source=Paul Collins Startup list

[outpostupdate]
Number=7675
Confirmed=X
Filename=outpostupdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcosiamc.html" target=_blank>COSIAM-C</a> TROJAN!
Source=Paul Collins Startup list

[Outwar]
Number=7676
Confirmed=X
Filename=syslaunch.exe
Description=Outwar adware downloader
Source=Paul Collins Startup list

[OVCJ]
Number=7677
Confirmed=?
Filename=ovcj.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Overnet]
Number=7678
Confirmed=N
Filename=Overnet.exe
Description=<a href="http://www.overnet.com/" target="_blank">Overnet</a> peer-to-peer (P2P) file sharing program
Source=Paul Collins Startup list

[ovyriwi]
Number=7679
Confirmed=X
Filename=telace.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=1&VName=WORM_SDBOT.BVS" target=_blank>SDBOT.BVS</a> WORM!
Source=Paul Collins Startup list

[OWCCardbusTray]
Number=7680
Confirmed=U
Filename=ocbtray.exe
Description=Icon in the system tray for safely removing PCMCIA cards. Only required if you have a laptop or desktop which includes a PCMCIA card interface
Source=Paul Collins Startup list

[OWCWebCamDV]
Number=7681
Confirmed=U
Filename=wcdvtray.exe
Description=<a href="http://www.orangemicro.com/webcamdv.html" target="_blank">WebCamDV</a> from Orange Micro, Inc - enables the user to use a DV camera connected via Firewire as a Webcam
Source=Paul Collins Startup list

[OWMngr]
Number=7682
Confirmed=X
Filename=OWMngr.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112514-4643-99" target="_blank">OnWebMedia/SearchSeekFind</a> advertising foistware
Source=Paul Collins Startup list

[OxigenClientAdmin]
Number=7683
Confirmed=U
Filename=Oxigen.exe
Description=Open University Oxigen screensaver admin client. Downloads the latest information from the net to display in the screen saver
Source=Paul Collins Startup list

[oz2]
Number=7684
Confirmed=X
Filename=oz2.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091411-5523-99" target="_blank">MYDOOM.W</a> WORM!
Source=Paul Collins Startup list

[P0w3rF1Y]
Number=7685
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoormm.html" target=_blank>MM</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[P17Helper]
Number=7686
Confirmed=U
Filename=Rundll32 P17.dll, P17Helper
Description=<a href="http://www.soundblaster.com/resources/read.asp?articleid=53937&page=1&cat=2" target="_blank">ASIO</a> (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality
Source=Paul Collins Startup list

[P2P NETWORKING]
Number=7687
Confirmed=N
Filename=P2P Networking.exe
Description=Peer to Peer (P2P) sharing of files on the internet
Source=Paul Collins Startup list

[P2P Networking]
Number=7688
Confirmed=N
Filename=P2P
Description=Peer to Peer (P2P) sharing of files on the internet
Source=Paul Collins Startup list

[p2p networking]
Number=7689
Confirmed=X
Filename=p2pnetworking.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotecp.html" target="_blank">RBOT-ECP</a> WORM!
Source=Paul Collins Startup list

[P2P Networking2]
Number=7690
Confirmed=X
Filename= P2P Networking2.exe
Description=P2P Networking2.exe is an advertising program by Joltid. This process monitors your browsing habits and distributes the data back to the author's servers for analysis. This also prompts advertising popups. This program is a registered security risk and should be removed immediately
Source=Paul Collins Startup list

[P2P Networking3]
Number=7691
Confirmed=N
Filename=P2P Networking3.exe
Description=P2P Networking, a component bundled with Kazaa that enables other applications to use Peer-to-Peer functionality. Not required - see <a href="http://www.kephyr.com/spywarescanner/library/p2pnetworking/index.phtml" target="_blank">here</a>
Source=Paul Collins Startup list

[p2pnetwork]
Number=7692
Confirmed=X
Filename=p2pnetwork.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ALCAN.A" target=_blank>ALCAN.A</a> WORM!
Source=Paul Collins Startup list

[p2pnetworking]
Number=7693
Confirmed=X
Filename=p2pnetworking.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafl.html" target=_blank>RBOT-AFL</a> WORM!
Source=Paul Collins Startup list

[P3p4chk]
Number=7694
Confirmed=X
Filename=P3p4chk.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list

[p4mx4]
Number=7695
Confirmed=X
Filename=p4mx4.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list

[PaciSoft]
Number=7696
Confirmed=X
Filename=pacis.exe
Description=<a href="http://www.benedelman.org/spyware/installations/pacerd/" target= blank>PacerD Media/Pacimedia.com</a> adware installer
Source=Paul Collins Startup list

[Packard Bell EverSafe Tray Control]
Number=7697
Confirmed=?
Filename=TrayControl.exe
Description=Packard Bell EverSafe software. <font color="#FF0000">What does it do, and is it required?</font>
Source=Paul Collins Startup list

[PadTouch]
Number=7698
Confirmed=N
Filename=PadExe.exe
Description=Toshiba Touch and Launch - offers easy movement and freedom of programs navigation with TouchPad
Source=Paul Collins Startup list

[Pagekeeper Jobs]
Number=7699
Confirmed=U
Filename=pkjobs.exe
Description=PageKeeper Jobs is a separate PageKeeper program that handles the analysis of new documents and keeps track of the location and content of current documents in PageKeeper. Pagekeeper comes bundled with scanners such has HP, Microtek, etc
Source=Paul Collins Startup list

[Pagekeeper Lite]
Number=7700
Confirmed=U
Filename=pkjobs.exe
Description=PageKeeper Jobs is a separate PageKeeper program that handles the analysis of new documents and keeps track of the location and content of current documents in PageKeeper. Pagekeeper comes bundled with scanners such has HP, Microtek, etc
Source=Paul Collins Startup list

[PAgent]
Number=7701
Confirmed=X
Filename=PAgent.exe
Description=Scans your hard drive for the popular P2P file-sharing applications BearShare, Grokster, Kazaa, Limewire and Morpheus. After searching the entire local filesystem for any files with those names it connects to the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=DownloadWare&threatid=4620" target=_blank>DownloadWare</a> servers and tells it what, if anything, is found
Source=Paul Collins Startup list

[Pagis Scheduler]
Number=7702
Confirmed=N
Filename=Monitor.exe
Description=Scheduler for the Pagis scanning suite from Scansoft (now Nuance)
Source=Paul Collins Startup list

[pagmstart]
Number=7703
Confirmed=?
Filename=client.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Pagoo]
Number=7704
Confirmed=N
Filename=PAGOO.EXE
Description=<a href="http://www.pagoo.com/cc.asp" target="_blank">Pagoo</a> - internet call waiting. Intercepts telephone calls like an answering machine and plays the voice message on your PC. Only required when you're on-line and via dial-up modem
Source=Paul Collins Startup list

[paint.exe]
Number=7705
Confirmed=X
Filename=shnlog.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpupera.html" target= blank>PUPER-A</a> TROJAN!
Source=Paul Collins Startup list

[PaintingRoom evidence monitor]
Number=7706
Confirmed=X
Filename=paintingroom.exe
Description=Paintingroom.com smiley software - not recommended as the site tries to drop a trojan on you...
Source=Paul Collins Startup list

[PaintingRoom smile monitor]
Number=7707
Confirmed=X
Filename=paintingroom.exe
Description=Paintingroom.com smiley software - not recommended as the site tries to drop a trojan on you...
Source=Paul Collins Startup list

[PAL Evidence Eliminator]
Number=7708
Confirmed=N
Filename=Cleaner.exe
Description=<a href="http://www.pal-evidence-eliminator.com/" target=_blank>PAL Evidence Eliminator</a> - cover the tracks of your browsing habits and E-mails if you think you need to. Run manually on a regular basis

Source=Paul Collins Startup list

[Palm Desktop]
Number=7709
Confirmed=N
Filename=Palm.exe
Description=<a href="http://www.palm.com/us/support/downloads/win_desktop.html" target="_blank">Palm Desktop Software</a> for use with Palm handheld devices. Available via Start -> Programs
Source=Paul Collins Startup list

[Palm MultiUser Config]
Number=7710
Confirmed=?
Filename=Configtool.exe
Description=<font color="#FF0000">MultiUser configuration for a Palm PDA device?. Is it required?</font>
Source=Paul Collins Startup list

[palmOne Registration]
Number=7711
Confirmed=N
Filename=register.exe
Description=Registration reminder for <a href="http://www.palm.com/us/" target=blank>Palm</a> products
Source=Paul Collins Startup list

[PalNetaware]
Number=7712
Confirmed=X
Filename=pnetaware.exe
Description=PalTalk adware - as included in Morpheus
Source=Paul Collins Startup list

[PaltalkNetaware.exe]
Number=7713
Confirmed=N
Filename=PALNETAW~1.EXE
Description=Voice chat program. This program stores all buddy list info&nbsp;apparently on the server itself so you never lose your buddy list should you need to reinstall the program due for whatever reason or even reformat. Available via Start -> Programs. Delete the shortcut in Start -&gt; Programs -&gt; StartUp as well otherwise it will be reinstated
Source=Paul Collins Startup list

[pamela.exe]
Number=7714
Confirmed=U
Filename=pamela.exe
Description=<a href="http://www.pamela-systems.com/" target=_blank>Pamela</a> is a plug-in or add-on that adds features to <a href="http://www.skype.com/" target=_blank>Skype</a> peer to peer voice service
Source=Paul Collins Startup list

[Panasonic Communications Utility]
Number=7715
Confirmed=U
Filename=Mfpscdl.exe
Description=Port manager for <a href="http://www.panasonic.ca/English/Office/officefax/index.asp" target=_blank>Panasonic Panafax</a> fax_machines

Source=Paul Collins Startup list

[Panasonic HotKey Manager]
Number=7716
Confirmed=U
Filename=HKEYAPP.EXE
Description=HotKey management for Panasonic rugged mobile PCs
Source=Paul Collins Startup list

[Panda Antispam Server Service]
Number=7717
Confirmed=U
Filename=PasSrv.exe
Description=AntiSpam software, part of <a href="http://www.pandasoftware.com/home/particulares/default" target="_blank">Panda</a> Platinum Internet Security
Source=Paul Collins Startup list

[Panda Cleaner]
Number=7718
Confirmed=Y
Filename=pavdr.exe
Description=<a href="http://www.pandasoftware.com/home/particulares/default" target= blank>Panda</a> software related - possibly Panda ActiveScan
Source=Paul Collins Startup list

[Panda Preventium+ Service]
Number=7719
Confirmed=Y
Filename=PREVSRV.EXE
Description=<a href="http://www.pandasoftware.com/home/particulares/default" target="_blank">Panda Antivirus</a>
Source=Paul Collins Startup list

[Panda Scheduler]
Number=7720
Confirmed=U
Filename=pavsched.exe
Description=<a href="http://www.pandasoftware.com/home/particulares/default" target="_blank">Panda Antivirus</a> scan scheduler. Required if this is your virus scanner program and you have scans scheduled on a regular basis. I recommend that you scan manually so you don't need this but if you tend to forget then leave it
Source=Paul Collins Startup list

[Panda Software Intrenet]
Number=7721
Confirmed=X
Filename=panda.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotatz.html" target="_blank">RBOT-ATZ</a> WORM!
Source=Paul Collins Startup list

[PandaAVEngine]
Number=7722
Confirmed=X
Filename=PandaAVEngine.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-033114-0628-99" target="_blank">NETSKY.R</a> WORM!
Source=Paul Collins Startup list

[PandaScheduler]
Number=7723
Confirmed=U
Filename=pavsched.exe
Description=<a href="http://www.pandasoftware.com/home/particulares/default" target="_blank">Panda Antivirus</a> scan scheduler. Required if this is your virus scanner program and you have scans scheduled on a regular basis. I recommend that you scan manually so you don't need this but if you tend to forget then leave it
Source=Paul Collins Startup list

[Pando]
Number=7724
Confirmed=U
Filename=Pando.exe
Description="<a href="http://www.pando.com/" target="_blank">Pando</a> is free software that lets you send and receive files and folders of any size* with your existing email address"
Source=Paul Collins Startup list

[Pantera]
Number=7725
Confirmed=X
Filename=pantera.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AYN&VSect=P" target=_blank>SDBOT.AYN</a> WORM!
Source=Paul Collins Startup list

[Paperport]
Number=7726
Confirmed=N
Filename=runppdrv.exe
Description=Loads the drivers associated with monitoring scanner status associated with PaperPort software. Can be a resource hog - see <a href="http://groups.google.com/group/alt.comp.periphs.scanner/msg/cda2c8dde3e1e8fe?q=runppdrv.exe&hl=en&rnum=7" target="_blank">here</a>
Source=Paul Collins Startup list

[PaperPort PTD]
Number=7727
Confirmed=N
Filename=pptd40nt.exe
Description=&quot;PaperPort&quot; software associated with scanners
Source=Paul Collins Startup list

[PaperQuote System Tray Icon]
Number=7728
Confirmed=N
Filename=PQTRAY.EXE
Description=PaperQuote is a &quot;wallpaper&quot; changer with daily quotes that are either for inspiration or motivation
Source=Paul Collins Startup list

[Parallel Tasking]
Number=7729
Confirmed=X
Filename=ptask.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallcj.html" target= blank>SMALL-CJ</a> TROJAN!
Source=Paul Collins Startup list

[ParetoLogic Anti-Spyware]
Number=7730
Confirmed=U
Filename=Pareto_AS.exe
Description="ParetoLogic <a href="http://paretologic.com/products/paretologicas/" target="_blank">Anti-Spyware</a> delivers Active Protection in the form of real-time blocking"
Source=Paul Collins Startup list

[PartSeal]
Number=7731
Confirmed=U
Filename=PartSeal.exe
Description=System backup for Sony Vaio PCs. Adds a recovery mechanism for users over and above any System Restore features - allowing users to revert a drive back to the state it was when bought form the factory by hitting F10. The user obviously loses any data stored if not backed-up elsewhere
Source=Paul Collins Startup list

[Password Door Loader]
Number=7732
Confirmed=U
Filename=PDMonitor.exe
Description=<a href="http://www.toplang.com/passworddoor.htm" target="_blank">Password Door</a> - password protection software
Source=Paul Collins Startup list

[Password Tracker Deluxe]
Number=7733
Confirmed=U
Filename=PwTrkr.exe
Description="<a href="http://www.clrpc.com/" target="_blank">Password Tracker Deluxe</a> stores passwords and usernames neatly and securely (encrypted) on your computer"
Source=Paul Collins Startup list

[PasteLister]
Number=7734
Confirmed=N
Filename=plister.exe
Description=<a href="http://www.progency.com/pastelister.html" target="_blank">PasteLister</a> - clipboard extender. Start manually when required
Source=Paul Collins Startup list

[PAS_Check]
Number=7735
Confirmed=N
Filename=udcpas.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-062217-0726-99" target="_blank">DriveCleaner</a> is a security assesment tool which gives exaggerated reports of security and privacy risks on a computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported risks
Source=Paul Collins Startup list

[pas_check]
Number=7736
Confirmed=N
Filename=pasmon.exe
Description=<a href="http://www.symantec.com/smb/security_response/writeup.jsp?docid=2006-062015-2622-99" target="_blank">SystemDoctor</a> is a security risk that may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported threats
Source=Paul Collins Startup list

[Patch]
Number=7737
Confirmed=X
Filename=patch.exe
Description=Added by the <a href="http://www.dark-e.com/archive/trojans/netbusworm/index.shtml" target="_blank"> NETBUS</a> WORM!
Source=Paul Collins Startup list

[Patches Value]
Number=7738
Confirmed=X
Filename=WinGamed.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BR" target="_blank">SDBOT.BR</a> WORM!
Source=Paul Collins Startup list

[Path]
Number=7739
Confirmed=?
Filename=lide.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[pathname]
Number=7740
Confirmed=X
Filename=pathname.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-111818-3014-99" target=_blank>IRCCONTACT</a> TROJAN!
Source=Paul Collins Startup list

[PathNvidiaTV]
Number=7741
Confirmed=?
Filename=patchnvidiaTVout.exe
Description=Appears to be related to Nvidia Gigabyte Video card. Typical file location is the Program Files\Gigabyte\Nvidia folder
Source=Paul Collins Startup list

[PAV.EXE]
Number=7742
Confirmed=X
Filename=%Number%
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-070414-5310-99" target="_blank"> KITRO.D</a> (or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ARGEN.A&amp;VSect=T" target="_blank">ARGEN.A</a>) WORM! %Number% can be any number
Source=Paul Collins Startup list

[PAV.EXE]
Number=7743
Confirmed=Y
Filename=PAV.EXE
Description=<a href="http://www.perantivirus.com/antivir.htm" target="_blank">PER Antivirus</a>
Source=Paul Collins Startup list

[PAVFIRES]
Number=7744
Confirmed=Y
Filename=PavFires.exe
Description=<a href="http://www.pandasoftware.com/home/particulares/default" target="_blank">Panda Antivirus</a>
Source=Paul Collins Startup list

[PAVFNSVR]
Number=7745
Confirmed=Y
Filename=PavFnSvr.exe
Description=<a href="http://www.pandasoftware.com/home/particulares/default" target="_blank">Panda Antivirus</a>
Source=Paul Collins Startup list

[Pavkre9x]
Number=7746
Confirmed=Y
Filename=pavkre9x.exe
Description=<a href="http://www.pandasoftware.com/home/particulares/default" target="_blank">Panda Antivirus</a>
Source=Paul Collins Startup list

[PavProc]
Number=7747
Confirmed=Y
Filename=PavPrS9x.exe
Description=<a href="http://www.pandasoftware.com/home/particulares/default" target="_blank">Panda Antivirus</a>
Source=Paul Collins Startup list

[PavProt]
Number=7748
Confirmed=Y
Filename=PavProt.exe
Description=<a href="http://www.pandasoftware.com/home/particulares/default" target="_blank">Panda Antivirus</a>
Source=Paul Collins Startup list

[Pavprot9]
Number=7749
Confirmed=Y
Filename=Pavprot9.exe
Description=<a href="http://www.pandasoftware.com/home/particulares/default" target="_blank">Panda Antivirus</a>
Source=Paul Collins Startup list

[PayTime]
Number=7750
Confirmed=X
Filename=paytime.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpayr.html" target=_blank>STARTPA-YR</a> TROJAN!
Source=Paul Collins Startup list

[pbagent]
Number=7751
Confirmed=U
Filename=pbagent.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-090811-5438-99" target= blank>Probot</a> keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[PBKScheduler]
Number=7752
Confirmed=U
Filename=PBKScheduler.exe
Description=Scheduler for CyberLink <a href="http://www.cyberlink.com/multi/products/main_29_ENU.html" target=_blank>PowerBackup</a> - archiving/backup utility
Source=Paul Collins Startup list

[PC Alert III]
Number=7753
Confirmed=U
Filename=alert.exe
Description=MSI PC Alert III - allows you to view your system and cpu temperature, fan rpm and more. Only required if you overclock
Source=Paul Collins Startup list

[PC Booster]
Number=7754
Confirmed=U
Filename=pcbooster.exe
Description=<a href="http://www.inklineglobal.net/products/pcb/index.html" target="_blank">PC Booster</a> from inKline Global - "easy-to-use computer system optimizer that gives your system the extra speed and stability you want while ensuring that your computer is kept clean and in tip-top condition"
Source=Paul Collins Startup list

[PC Doc Pro - 3.1]
Number=7755
Confirmed=U
Filename=pcdocpro.exe
Description=<a href="http://www.pcdocpro.com/" target="_blank">PC Doc Pro</a> (now Win Doc Pro) - system health check and fix utility
Source=Paul Collins Startup list

[PC Dynamics SdwMon32]
Number=7756
Confirmed=U
Filename=sdwmon32.exe
Description=<a href="http://www.pcdynamics.com/SafeHousePP/" target=_blank>SafeHouse</a> "Personal Privacy" protects and hides your private and personal photos, videos, files and folders by making them "invisible" and encrypted
Source=Paul Collins Startup list

[PC Pitstop Optimize Scheduler]
Number=7757
Confirmed=U
Filename=PCPOptimize.exe
Description=<a href="http://www.pcpitstop.com/store/optimize.asp" target="_blank">PC Pitstop Optimize</a> - "an application that will make your PC run faster, make it more stable, and clean up hard drive space"
Source=Paul Collins Startup list

[PC Spy Keylogger]
Number=7758
Confirmed=U
Filename=ToolKeylogger.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-022411-2100-99" target=blank>PCSpyKeyLogger</a> keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[PC-Config32]
Number=7759
Confirmed=X
Filename=corona.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32coronexa.html" target="_blank">CORONEX.A</a> WORM!
Source=Paul Collins Startup list

[PC2X]
Number=7760
Confirmed=X
Filename=initial.bat
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdwnldrfzz.html" target="_blank">DWNLDR-FZZ</a> TROJAN!
Source=Paul Collins Startup list

[pcAnywhere Agent]
Number=7761
Confirmed=U
Filename=pcamgt.exe
Description=Part of  <a href="http://www.symantec.com/pcanywhere/Consumer/index.html" target= blank>pcAnywhere</a> 9.0 or later. This process listens for incoming PC Anywhere connections if your PC is configured as a PC Anywhere host
Source=Paul Collins Startup list

[PCBG]
Number=7762
Confirmed=Y
Filename=PCBODYGUARD.EXE
Description=<a href="http://www.calluna.com/pcbody.html" target="_blank">PC Bodyguard</a> from Calluna - protects system files and settings from being deleted, modified, etc
Source=Paul Collins Startup list

[PCBODYGUARD]
Number=7763
Confirmed=Y
Filename=PCBODYGUARD.EXE
Description=<a href="http://www.calluna.com/pcbody.html" target="_blank">PC Bodyguard</a> from Calluna - protects system files and settings from being deleted, modified, etc
Source=Paul Collins Startup list

[PcBoost]
Number=7764
Confirmed=U
Filename=PcBoost.exe
Description=<a href="http://www.pgware.com/" target=_blank>PCBoost</a> from PGWARE, LLC increases computer performance by allocating higher portions of CPU power to active applications and games
Source=Paul Collins Startup list

[PCCClient.exe]
Number=7765
Confirmed=Y
Filename=PCCClient.exe
Description=PC-Cillin 2002 antivirus software
Source=Paul Collins Startup list

[pccguide.exe]
Number=7766
Confirmed=Y
Filename=pccguide.exe
Description=PC-Cillin 2002 antivirus software
Source=Paul Collins Startup list

[PCCIOMON.EXE]
Number=7767
Confirmed=Y
Filename=PCCIOMON.EXE
Description=PC-Cillin 2000 antivirus software. This is the actual virus-scanner
Source=Paul Collins Startup list

[PCClient.exe]
Number=7768
Confirmed=Y
Filename=PCClient.exe
Description=Trend Micro <a href="http://www.trendmicro.com/en/products/desktop/pc-cillin/evaluate/overview.htm" target="_blank">PC-Cillin</a> Internet Security
Source=Paul Collins Startup list

[PccPfw]
Number=7769
Confirmed=Y
Filename=PccPfw.exe
Description=Trend Micro <a href="http://www.trendmicro.com/en/products/desktop/pc-cillin/evaluate/overview.htm" target="_blank">PC-Cillin</a> Internet Security
Source=Paul Collins Startup list

[PcCtlCom]
Number=7770
Confirmed=Y
Filename=Pcctlcom.exe
Description=Trend Micro <a href="http://www.trendmicro.com/en/products/desktop/pc-cillin/evaluate/overview.htm" target=_blank>PC-cillin</a> Internet Security
Source=Paul Collins Startup list

[PCDRealtime]
Number=7771
Confirmed=N
Filename=realtime.exe
Description=Apparently the monitoring device for PC Doctor Online. It provides a "free" examination on system files (i.e. registry), reports the number of errors it finds, and invites you to "order" the fee-based fixes from its web site
Source=Paul Collins Startup list

[PcEXPLODE]
Number=7772
Confirmed=X
Filename=specialfile.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.RH" target="_blank">RBOT.RH</a> WORM!
Source=Paul Collins Startup list

[PCHbutton]
Number=7773
Confirmed=N
Filename=PCHbutton.exe
Description=Used by HP Instant Support
Source=Paul Collins Startup list

[PCHealth]
Number=7774
Confirmed=N
Filename=pchschd.exe
Description=This is a "scheduler" and does not turn off PC Health. For more information refer <a href="http://groups.google.com/group/microsoft.public.windowsme.general/msg/5af2d1219f43359e?q=PCHealth%2Bpchschd.exe&hl=en&rnum=1" target="_blank">here</a>
Source=Paul Collins Startup list

[PCHEasySearch]
Number=7775
Confirmed=X
Filename=STUpdate.exe
Description=PCH EasySearch bar
Source=Paul Collins Startup list

[PCIMODEM]
Number=7776
Confirmed=?
Filename=pcimodem.exe
Description=Associated with Lucent based Aztech MDP7800-U PCI modems. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list

[PCLEPCI]
Number=7777
Confirmed=U
Filename=ppe.exe
Description=Pinnacle Systems <a href="http://www.pinnaclesys.com/docsupport1.asp?division_id=1&langue_id=2&product_id=469&product_name=Studio%20version%207&page_id=146" target="_blank">PCI Performance Enhancer</a>. &quot;This tool helps to increase the PCI Busmaster performance of all Pinnacle PCI boards.&quot;
Source=Paul Collins Startup list

[PClK]
Number=7778
Confirmed=X
Filename=PClK.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmirbl.html" target=_blank>LEGMIR-BL</a> TROJAN!
Source=Paul Collins Startup list

[PCMCIA Resource Monitor]
Number=7779
Confirmed=?
Filename=nvp2pmon.exe
Description=NVIDIA nForce P2P Driver. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[PCMMRealtime]
Number=7780
Confirmed=U
Filename=pcmm.exe
Description=<a href="http://www.pcmightymax.net/cgi-bin/view.cgi/index.html" target="_blank">PC MightyMax</a> - diagnostic program that identifies and fixes problems. However, some users report it does the opposite and messes up their systems (see <a href="http://www.techspot.com/vb/topic21210.html" target="_blank">here</a>) and they also have problems removing it (see <a href="http://www.bullguard.com/forum/9/PC-MightyMax-removal_8719.html" target="_blank">here</a>)
Source=Paul Collins Startup list

[PCMService]
Number=7781
Confirmed=U
Filename=PCMService.exe
Description=Part of Cyberlink's <a href="http://www.cyberlink.com/multi/products/main_12_ENU.html" target=_blank>Power Cinema</a>. Commonly distributed with the Dell MultiMedia software suite. It is used to watch movies, play music and even watch TV in a central location

Source=Paul Collins Startup list

[PCPitStopEraser]
Number=7782
Confirmed=U
Filename=PCPitStopErase.exe
Description="<a href="http://www.pcpitstop.com/store/erase.asp" target="_blank">PC PitStop Erase</a> is both a free privacy scanner and paid tracks cleaner"
Source=Paul Collins Startup list

[PCPOptimize]
Number=7783
Confirmed=U
Filename=PCPOptimize.exe
Description=<a href="http://www.pcpitstop.com/store/optimize.asp" target="_blank">PC Pitstop Optimize</a> - "an application that will make your PC run faster, make it more stable, and clean up hard drive space"
Source=Paul Collins Startup list

[PCprot]
Number=7784
Confirmed=X
Filename=crcss.exe
Description=Added by an unidentified WORM!
Source=Paul Collins Startup list

[pcqmqgn.exe]
Number=7785
Confirmed=?
Filename=pcqmqgn.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[PCRecSA]
Number=7786
Confirmed=U
Filename=PCRecSA.exe
Description=Part of the IBM/XPoint Rapid Restore backup utility. If you choose, you can use it to create a "clean" backup of your hard drive. The process involves the software partitioning your hard drive, making a compressed image of the working drive which will then allow you to revert to that should you need to
Source=Paul Collins Startup list

[pcServer]
Number=7787
Confirmed=X
Filename=server.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-050618-4623-99" target=_blank>Ssppyy</a> spyware
Source=Paul Collins Startup list

[PCShield]
Number=7788
Confirmed=X
Filename=regsvr32 [path] sfg_****.dll [* = random char]
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453082734" target="_blank">SafeguardProtect/Veevo</a> hijacker
Source=Paul Collins Startup list

[PCStart]
Number=7789
Confirmed=N
Filename=Pcm25.exe
Description=Runs as part of <a href="http://pcmonitor.com/" target="_blank">PCMonitor</a> which is a program for monitoring your activity on your system. It makes screen dumps and key logging. It can hang-up your system because the screen dump page gets VERY big
Source=Paul Collins Startup list

[PCSuiteTrayApplication]
Number=7790
Confirmed=N
Filename=TrayApplication.exe
Description=System Tray icon for Nokia PC Suite. PC Suite lets you synchronize, edit, and back up many of your phone's files on a compatible PC through a wireless or cable connection. PC Suite can also be launched through Start Menu
Source=Paul Collins Startup list

[PCSuiteTrayApplication]
Number=7791
Confirmed=N
Filename=LaunchApplication.exe
Description=System Tray icon for Nokia PC Suite. PC Suite lets you synchronize, edit, and back up many of your phone's files on a compatible PC through a wireless or cable connection. PC Suite can also be launched through Start Menu
Source=Paul Collins Startup list

[Pcsv]
Number=7792
Confirmed=X
Filename=pcsvc.exe
Description=<a href="http://www.spywareguide.com/product_show.php?id=727" target=_blank>Delfin Media Viewer</a> or "Promulgate" adware
Source=Paul Collins Startup list

[PcSync]
Number=7793
Confirmed=N
Filename=PcSync.exe
Description=If a Nokia phone has been connected, synchronises the phone with MS Outlook or other organiser software. It is installed by the Nokia PC Suite, and the tray icon shows if a phone has been connected. Available via a desktop shortcut or Start -&gt; Programs
Source=Paul Collins Startup list

[PcSync]
Number=7794
Confirmed=X
Filename=PcSync.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxj.html" target= blank>RBOT-XJ</a> WORM! Note - do not confuse with the Nokia application described <a href="http://www.sysinfo.org/startuplist.php?filter=PCsync.exe" target= blank>here</a>
Source=Paul Collins Startup list

[PCTAVApp]
Number=7795
Confirmed=Y
Filename=PCTAV.exe
Description=Related to <a href="http://www.pctools.com/anti-virus/" target=_blank>PC TOOLS</a> Antivirus software
Source=Paul Collins Startup list

[PcThrust]
Number=7796
Confirmed=U
Filename=PcThrust.exe
Description=<a href="http://www.swiftdog.com/" target=_blank>PCThrust</a> from SwiftDog - "increases computer performance by allocating higher portions of CPU power to active applications and games"

Source=Paul Collins Startup list

[pctspk]
Number=7797
Confirmed=U
Filename=pctspk.exe
Description=Used for modems based upon PC-TEL chipsets. Normally used for some Voice and Speakerphone functions and also for some Power management options. If you remove it you may not be able to use any of those functions
Source=Paul Collins Startup list

[PCTVOICE]
Number=7798
Confirmed=U
Filename=pctvoice.exe
Description=The program PCTVoice is used by the modem to interface with your computer and also used for some V.80 functions for Video Conferencing. if you uncheck it, it comes back. It's better to leave it
Source=Paul Collins Startup list

[PCTVRemote]
Number=7799
Confirmed=U
Filename=remoterm.exe
Description=Controls the remote control on some Pinnacle TV tuners
Source=Paul Collins Startup list

[PCWatch]
Number=7800
Confirmed=U
Filename=pcwatch.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/spyware.pcwatch.html" target="_blank">PCWatch</a> surveillance software. Uninstall this software if you did not install it yourself
Source=Paul Collins Startup list

[PDA Commander]
Number=7801
Confirmed=X
Filename=stisvc32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobottx.html" target=_blank>AGOBOT-TX</a> WORM!
Source=Paul Collins Startup list

[PdaNet Desktop]
Number=7802
Confirmed=U
Filename=PdaNetPC.exe
Description=<a href="http://www.junefabrics.com/" target="_blank">PdaNet</a> from June Fabrics Technology Inc. Use Windows Mobile Smartphone or PocketPC Phone as wireless modem for your PC
Source=Paul Collins Startup list

[PDASCAN]
Number=7803
Confirmed=X
Filename=pdascan.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotqy.html" target= blank>AGOBOT-QY</a> WORM!
Source=Paul Collins Startup list

[PDDM]
Number=7804
Confirmed=U
Filename=pddm.exe
Description=<a href="http://www.patchlink.com/products/update.html" target="_blank">Patchlink Update</a> - "core product of the leading patch and vulnerability management software solution for medium and large enterprise network security"
Source=Paul Collins Startup list

[PDEngine]
Number=7805
Confirmed=U
Filename=PDEngine.exe
Description=<a href="http://www.raxco.com/products/perfectdisk2k/" target="_blank">PerfectDisk</a> from Raxco - disk defragmenter. Only required if you schedule disk defragmenting at re-boot
Source=Paul Collins Startup list

[pdexplo]
Number=7806
Confirmed=N
Filename=PDEXPLO.EXE
Description=PowerDesk Pro by PowerDesk Pro by <a href="http://www.ontrack.com/" target="_blank">Ontrack</a>. Enhanced desktop and file manager. Available via Start -> Programs
Source=Paul Collins Startup list

[PDF Converter Registry Controller]
Number=7807
Confirmed=?
Filename=RegistryController.exe
Description=Nuance (was Scansoft) <a href="http://www.nuance.com/pdfconverter/" target="_blank">PDF Converter Registry Controller
</a> related - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list

[pdfFactory Dispatcher v1]
Number=7808
Confirmed=U
Filename=fppdis1a.exe
Description=FinePrint <a href="http://www.fineprint.com/products/pdffactory/index.html" target="_blank">pdfFactory</a> Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory printer. Version 1.x of the software. "pdfFactory products offer a unique approach to PDF creation that is simpler, more effective and less expensive than that offered by other programs"
Source=Paul Collins Startup list

[pdfFactory Dispatcher v2]
Number=7809
Confirmed=U
Filename=fppdis2a.exe
Description=FinePrint <a href="http://www.fineprint.com/products/pdffactory/index.html" target="_blank">pdfFactory</a> Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory printer. Version 2.x of the software. "pdfFactory products offer a unique approach to PDF creation that is simpler, more effective and less expensive than that offered by other programs"
Source=Paul Collins Startup list

[pdfFactory Pro Dispatcher v1]
Number=7810
Confirmed=U
Filename=fppdis1.exe
Description=FinePrint <a href="http://www.fineprint.com/products/pdffactory/index.html#pfp" target="_blank">pdfFactory Pro</a> Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory PRO printer. Version 1.x of the software. "pdfFactory products offer a unique approach to PDF creation that is simpler, more effective and less expensive than that offered by other programs"
Source=Paul Collins Startup list

[pdfFactory Pro Dispatcher v3]
Number=7811
Confirmed=U
Filename=fppdis3a.exe
Description=FinePrint <a href="http://www.fineprint.com/products/pdffactory/index.html#pfp" target="_blank">pdfFactory Pro</a> Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory Pro printer. Version 3.x of the software. "pdfFactory products offer a unique approach to PDF creation that is simpler, more effective and less expensive than that offered by other programs"
Source=Paul Collins Startup list

[pdfMachine dispatcher]
Number=7812
Confirmed=U
Filename=mapisnd.exe
Description=<a href="http://www.pdfmachine.com/genp/overview.html" target="_blank">pdfMachine</a> Windows print driver
Source=Paul Collins Startup list

[pdfSaver3]
Number=7813
Confirmed=N
Filename=pdfSaver3.exe
Description=<a href="http://www.docu-track.com/home/prod_user/pdfxchange_pro/" target=_blank>PDF-XChange</a> - create Adobe compatible PDF files from virtually any Windows software such as MS Word, Excel, AutoCAD, MS Publisher etc
Source=Paul Collins Startup list

[PDirect]
Number=7814
Confirmed=N
Filename=PDirect.exe
Description=IBM Presentation Director software
Source=Paul Collins Startup list

[pdp Server]
Number=7815
Confirmed=U
Filename=ctpdpsrvr.exe
Description=Included and setup with the drivers for my Compaq A3000 all-in-one printer/scanner - maybe for networking. Works fine without it - but may be needed when used over a network
Source=Paul Collins Startup list

[PDService.exe]
Number=7816
Confirmed=U
Filename=pdservice.exe
Description=Related to <a href="http://www.utimaco.com/" target=_blank>Utimaco</a> Safeware Easy. "Your electronic safe for protecting confidential data"
Source=Paul Collins Startup list

[PDVDServ]
Number=7817
Confirmed=U
Filename=PDVDServ.exe
Description=Remote Control background application for Cyberlink's <a href="http://www.cyberlink.com/multi/products/main_1_ENU.html" target=_blank>PowerDVD</a> version 5 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one

Source=Paul Collins Startup list

[Pe2ckfnt SE]
Number=7818
Confirmed=N
Filename=chkfont.exe
Description=Used to check whether the fonts are installed properly on your computer or not for a scanner. If you don't want to execute it, you can uncheck it in the startup menu
Source=Paul Collins Startup list

[PECarlin]
Number=7819
Confirmed=X
Filename=PECarlin.exe
Description=Adware - see <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453098420" target=_blank>here</a>

Source=Paul Collins Startup list

[Peeramid]
Number=7820
Confirmed=?
Filename=PService.exe
Description=In a "Koptimizer" folder in Program Files. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[PeerGuardian]
Number=7821
Confirmed=U
Filename=PeerGuardian_1.99b_pr14.exe
Description=<a href="http://phoenixlabs.org/pg2/" target="_blank">PeerGuardian</a> - IP blocker for Windows. Used to protect privacy on P2P networks by blocking IP addresses specified in blocklists. Features support for multiple lists, a list editor, automatic blocklist updates, and blocking all of IPv4 (TCP, UDP, ICMP, etc)
Source=Paul Collins Startup list

[PeerGuardian]
Number=7822
Confirmed=U
Filename=pg2.exe
Description=<a href="http://phoenixlabs.org/pg2/" target="_blank">PeerGuardian</a> - IP blocker for Windows. Used to protect privacy on P2P networks by blocking IP addresses specified in blocklists. Features support for multiple lists, a list editor, automatic blocklist updates, and blocking all of IPv4 (TCP, UDP, ICMP, etc)
Source=Paul Collins Startup list

[Pent@VALUE 3.2]
Number=7823
Confirmed=U
Filename=Pent@VALUE.exe
Description=Pent@VALUE Digital Satellite Internet PC Receiver
Source=Paul Collins Startup list

[PeqBL100]
Number=7824
Confirmed=X
Filename=PEQBL100.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-122009-1421-99" target=_blank>ENVID.D</a> WORM!
Source=Paul Collins Startup list

[PER Email Protection]
Number=7825
Confirmed=Y
Filename=pavmail.exe
Description=<a href="http://www.perantivirus.com/antivir.htm" target="_blank">PER Antivirus</a>
Source=Paul Collins Startup list

[PerfectPrint]
Number=7826
Confirmed=N
Filename=pfppop70.exe
Description=Print engine used by Corel WordPerfect 7 and Presentations 7
Source=Paul Collins Startup list

[PerfFont (Performance True Type Font)]
Number=7827
Confirmed=X
Filename=perfont.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmuteche.html" target=_blank>MUTECH-E</a> TROJAN!
Source=Paul Collins Startup list

[perfmon]
Number=7828
Confirmed=U
Filename=perfmon.vbs
Description=<a href="http://www.securesa.com" target=_blank>MindStorm AnalyzerPro</a> from Secure Associates. "A security management tool for customers easy to manage report and analyze security events across heterogeneous security devices"

Source=Paul Collins Startup list

[Perfomance Monitor]
Number=7829
Confirmed=X
Filename=davcsync.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lamuda.html" target=_blank>LAMUD-A</a> WORM!
Source=Paul Collins Startup list

[Perfomance Settings]
Number=7830
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtofgerap.html" target=_blank>TOFGER-AP</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list

[Performance]
Number=7831
Confirmed=X
Filename=MyHeart.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32pesind.html" target=_blank>PESIN-D</a> WORM!
Source=Paul Collins Startup list

[Performs peer to peer connection]
Number=7832
Confirmed=X
Filename=WinPTTP.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgmi.html" target="_blank">RBOT-GMI</a> WORM!
Source=Paul Collins Startup list

[PersFw]
Number=7833
Confirmed=Y
Filename=PersFw.exe
Description=<a href="http://www.kerio.com/us/kpf_home.html" target="_blank">Kerio</a> or <a href="http://www.tinysoftware.com/home/tiny2?la=EN" target="_blank">Tiny</a> Personal Firewall
Source=Paul Collins Startup list

[Persistence]
Number=7834
Confirmed=N
Filename=igfxpers.exe
Description=Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. Not known exactly what it does but apparently it isn't required
Source=Paul Collins Startup list

[Personal Computer]
Number=7835
Confirmed=X
Filename=scvhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaje.html" target=_blank>RBOT-AJE</a> WORM!
Source=Paul Collins Startup list

[Personal Firwall]
Number=7836
Confirmed=X
Filename=ptmedsrv.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.XY" target="_blank">SDBOT.XY</a> WORM!

Source=Paul Collins Startup list

[Pervasive.SQL Workgroup Engine]
Number=7837
Confirmed=U
Filename=W3dbsmgr.exe
Description=Database Service Manager for Pervasive SQL 2000 Workgroup edition. Required if you use Pervasive SQL but it's recommended you start it manually before using it as it has a tendancy to crash/freeze if loaded with other applications at startup
Source=Paul Collins Startup list

[PestPatrol Control Center]
Number=7838
Confirmed=U
Filename=PPControl.exe
Description=PestPatrol Control Terminal - utility that launched <a href="http://www.pestpatrol.com/default.asp" target="_blank">PestPatrol</a> features such as PPMemCheck and CookiePatrol before CA's acquisition
Source=Paul Collins Startup list

[PestPatrolCL]
Number=7839
Confirmed=?
Filename=PestPatrolCL.exe
Description=<a href="http://www.pestpatrol.com/" target= blank>PestPatrol's</a> command line scanner, combines with the Windows Task scheduler and is required in cases where schedules for regular scanning are set
Source=Paul Collins Startup list

[PestTrap]
Number=7840
Confirmed=N
Filename=PestTrap.exe
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>

Source=Paul Collins Startup list

[Petit Larousse 2001]
Number=7841
Confirmed=U
Filename=HIPL2000Popup.exe
Description=Popup dictionary tool
Source=Paul Collins Startup list

[Pex Sound Driver]
Number=7842
Confirmed=X
Filename=Today's Results.vbs
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32trodea.html" target=_blank>TRODE-A</a> WORM!
Source=Paul Collins Startup list

[pex Sound driver 2]
Number=7843
Confirmed=X
Filename=Today's Results.vbs
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32trodea.html" target=_blank>TRODE-A</a> WORM!
Source=Paul Collins Startup list

[PFW_CfgEngine]
Number=7844
Confirmed=?
Filename=PFWCFG~1.EXE
Description=<font color="#FF0000">Personal Firewall related?</font>
Source=Paul Collins Startup list

[PFW_PullSrv]
Number=7845
Confirmed=?
Filename=PULL.EXE
Description=<font color="#FF0000">Personal Firewall related?</font>
Source=Paul Collins Startup list

[PgMonitr]
Number=7846
Confirmed=X
Filename=PgMonitr.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-050515-5939-99" target="_blank">Delfin Promulgate</a> adware variant
Source=Paul Collins Startup list

[PGPSDKSVC]
Number=7847
Confirmed=Y
Filename=pgpsdkserv.exe
Description=PGPsdkServ.exe is the new SDK service which is responsible for performing all PGP key management and cryptographic functions. This functionality was moved into a service to allow multiple modules simultaneous read/write access to the keyrings, among other things. As you can imagine, it is necessary for PGPsdkServ to be running in order to perform practically any PGP functionality
Source=Paul Collins Startup list

[PGPSERVICE]
Number=7848
Confirmed=U
Filename=pgpservice.exe
Description=PGPservice.exe has two main purposes: (1) it handles a large part of the PGPnet functionality (along with the PGPnet driver) and (2) it allows efficient access to the PGP preferences database. The individual PGP modules normally access the preferences through PGPservice, but they are capable of a &quot;fall-back&quot; mode where they can handle such access on their own. Thus, if you are not running PGPnet, you may not immediately notice much of a difference if you disable PGPservice. If you are running PGPnet, you will notice a big difference
Source=Paul Collins Startup list

[PGPtray]
Number=7849
Confirmed=N
Filename=pgptray.exe
Description=PGP 7.x. Provides icon tray shortcuts to PGP programs from Network Associates. Available via Start -> Programs
Source=Paul Collins Startup list

[PGQL]
Number=7850
Confirmed=X
Filename=pgql.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbckdrpqn.html" target="_blank">PQN</a> TROJAN!
Source=Paul Collins Startup list

[PGStub.exe]
Number=7851
Confirmed=X
Filename=[various filenames]
Description=Unidentified adware
Source=Paul Collins Startup list

[pgtaff]
Number=7852
Confirmed=X
Filename=pgtaff.exe
Description=AdRotator adware variant
Source=Paul Collins Startup list

[phc700]
Number=7853
Confirmed=U
Filename=vphc700.exe
Description=Related to the <a href="http://www.philips.com/" target="_blank">Philips</a> SPC700NC web camera
Source=Paul Collins Startup list

[PhiBtn]
Number=7854
Confirmed=Y
Filename=PhiBtn.exe
Description=Snapshot and Launch button application from Philips belonging to Philips SPC 900NC Camera
Source=Paul Collins Startup list

[Phime2002a]
Number=7855
Confirmed=N
Filename=TINTSETP.EXE
Description=Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word
Source=Paul Collins Startup list

[PHIME2002ASync]
Number=7856
Confirmed=N
Filename=TINTSETP.EXE
Description=Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word
Source=Paul Collins Startup list

[PHIME2004C]
Number=7857
Confirmed=X
Filename=CTFMDN.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadramv.html" target="_blank">DLOADR-AMV</a> TROJAN!
Source=Paul Collins Startup list

[PHIME2OO2ASyst]
Number=7858
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdbdoorb.html" target=_blank>DBDOOR-B</a> TROJAN!
Source=Paul Collins Startup list

[PhoneFree version 6.2]
Number=7859
Confirmed=U
Filename=PHONEF??.EXE
Description=An Internet telephony application. Complicated registration and ad banners tailored to your profile - see <a href="http://www.phonefree.com/" target="_blank">here</a>
Source=Paul Collins Startup list

[Photo Express Calendar Checker SE]
Number=7860
Confirmed=N
Filename=CALCHECK.EXE
Description=If you create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper, Photo Express will replace the wallpaper automatically. Photo Express 2.0 has a calendar checker which checks the date on your system and updates your wallpaper accordingly
Source=Paul Collins Startup list

[Photo Loader supervisory]
Number=7861
Confirmed=N
Filename=Plauto.exe
Description=Casio's Photo Loader software. Hook up your camera to the USB port, and it pops up and asks you if you want to load your pictures
Source=Paul Collins Startup list

[Photoshop]
Number=7862
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcdopene.html" target=_blank>CDOPEN-E</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the "Program Files" folder
Source=Paul Collins Startup list

[PhotoShow Deluxe Media Manager]
Number=7863
Confirmed=N
Filename=mssysmgr.exe
Description=Simple Star <a href="http://www.simplestar.com/site_html/index.php" target=blank>PhotoShow Deluxe</a> photo editing and organizing software, makes it easy to send and share digital photos. Bundled with software from Nero, ComCast, SnapFish, MacroMedia and others
Source=Paul Collins Startup list

[PhotoWise QuickLink]
Number=7864
Confirmed=N
Filename=quicklnk.exe
Description=Agfa PhotoWise - &quot;PhotoWise QuickLinkTM lets you drag and drop photos right from the camera into your document (applications must be OLE-compliant). Use PhotoWise to print contact sheets and photographic prints. Create slide shows, screen savers, wallpaper and more.&quot;
Source=Paul Collins Startup list

[PhraseExpress]
Number=7865
Confirmed=U
Filename=phrase.exe
Description="<a href="http://www.phraseexpress.com/" target="_blank">PhraseExpress</a> organizes your frequently used text phrases and allows pasting them into any application"
Source=Paul Collins Startup list

[PIC SYSTEM]
Number=7866
Confirmed=X
Filename=picx.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.LL&VSect=P" target=_blank>MYTOB.LL</a> WORM!
Source=Paul Collins Startup list

[Picasa Media Detector]
Number=7867
Confirmed=N
Filename=PicasaMediaDetector.exe
Description=Media detector for <a href="http://www.picasa.net/" target="_blank">Picasa</a>'s automatic photo organizer
Source=Paul Collins Startup list

[PicasaNet]
Number=7868
Confirmed=N
Filename=Hello.exe
Description=<a href="http://www.hello.com/index.php" target=_blank>Hello</a> is an application that allows Blogger users to post digital photos and captions directly to their personal weblogs, or blogs
Source=Paul Collins Startup list

[Pickatag]
Number=7869
Confirmed=N
Filename=pickatag.exe
Description=<a href="http://www.freedownloadscenter.com/Email_Tools/Mail_Signature_Tools/Pick_a_Tag.html" target="_blank">Pick-a-tag</a> - "freeware utility for random selection of your taglines. This utility randomly picks a tagline out of a list of taglines. It will create a signature file which your mailer can use to place under your messages"
Source=Paul Collins Startup list

[PICPRTR]
Number=7870
Confirmed=N
Filename=PICPRTR.EXE
Description=Program for viewing and measuring a variety of 3D CAD data formats
Source=Paul Collins Startup list

[picsvr]
Number=7871
Confirmed=X
Filename=picsvr.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-050515-5939-99" target=_blank>Delfin Promulgate</a> adware
Source=Paul Collins Startup list

[pictureBUZZTray]
Number=7872
Confirmed=N
Filename=swtray.exe
Description=System Tray access to <a href="http://www.picturebuzz.com" target="_blank">PictureBUZZ</a> on-line printing software from Streetwise Software. If you use the software set the page you use as a favourite in your browser and run it manually
Source=Paul Collins Startup list

[PiDunHK]
Number=7873
Confirmed=U
Filename=PIDUNHK.EXE
Description=Part of the Prodigy Internet software - part of the dialer/DUN. Presumably needed for users of that service otherwise you may not be able to connect, although you may try creating your own shortcut and see what happens
Source=Paul Collins Startup list

[pigglett]
Number=7874
Confirmed=X
Filename=pigglett.exe
Description=Added by a variant of the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan-Proxy.Small.EP&threatid=45711" target="_blank">SMALL.EP</a> TROJAN!
Source=Paul Collins Startup list

[piiserviceOE]
Number=7875
Confirmed=U
Filename=N/A
Description=<a href="http://www.giantcompany.com/" target=_blank>Spam Inspector</a> (nee Postal Inspector) from The Giant Company or <a href="http://www.sunbelt-software.com/product.cfm?id=930" target=_blank>iHateSpam</a> from Sunbelt Software - spam filter add-ons for OE
Source=Paul Collins Startup list

[pilif]
Number=7876
Confirmed=X
Filename=pilif.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100613-1042-99" target="_blank">FILI</a> WORM!
Source=Paul Collins Startup list

[Pinger]
Number=7877
Confirmed=N
Filename=pinger.exe
Description=Pinger is the resident program for Toshiba updates. Periodically checks to see if there are any software/driver upgrades for your particular computer model. If it finds any, it posts a notification
Source=Paul Collins Startup list

[PingTimeout Institution]
Number=7878
Confirmed=X
Filename=pingchek.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotvy.html" target=_blank>SDBOT-VY</a> WORM!
Source=Paul Collins Startup list

[PingTimeout Institution]
Number=7879
Confirmed=X
Filename=internal.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BMH" target="_blank">SDBOT.BMH</a> WORM!
Source=Paul Collins Startup list

[PinnacleDriverCheck]
Number=7880
Confirmed=Y
Filename=PSDrvCheck.exe
Description=Part of <a href="http://www.pinnaclesys.com/" target="_blank">Pinnacle Systems</a> InstantCD/DVD and InstantCopy CD/DVD copying software that verifies drive settings. Once loaded it doesn't use any resources so you can leave it enabled
Source=Paul Collins Startup list

[Piolet]
Number=7881
Confirmed=N
Filename=piolet.exe
Description=<a href="http://www.piolet.com/" target="_blank">Piolet</a> - peer-to-peer file sharing client
Source=Paul Collins Startup list

[PIPE SYSTEM]
Number=7882
Confirmed=X
Filename=pipe.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobff.html" target=_blank>MYTOB-FF</a> WORM!
Source=Paul Collins Startup list

[Piracy]
Number=7883
Confirmed=N
Filename=SysUtil.exe
Description=Software Piracy Alert feature bundled with <a href="http://www.pgware.com/products/gamegain/" target=_blank>PGWare</a> software. Cries foul when it detects an 'illegal' version. The alerts are reported to disappear as soon as the software is correctly registered. There are privacy issues though: "The Software includes a feature that assigns a unique order number to GameGain based on purchase information. The Software reports this number to us via the internet either when you run the Software or enter the registration number, or both. The Software may also identify and report to us your IP address, date and time of installation, registration and/or use. We use this information strictly to count the number of installations, detect unauthorized access or piracy of the Software, and develop rough statistical data regarding the geographic location of our users"

Source=Paul Collins Startup list

[PivotSoftware]
Number=7884
Confirmed=N
Filename=wpctrl.exe
Description=PivotPro from <a href="http://www.portrait.com/" target="_blank"> Portrait Studios</a> - allows a screen to be rotated to match rotated LCD screens, for example). Shortcut available via Display Properties
Source=Paul Collins Startup list

[Pixel32]
Number=7885
Confirmed=X
Filename=Pixel32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list

[Pixelpwr32]
Number=7886
Confirmed=X
Filename=Pixelpwr32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list

[Pixelsvr]
Number=7887
Confirmed=X
Filename=Pixelsvr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list

[pjWebCam]
Number=7888
Confirmed=U
Filename=pjWebCam.exe
Description=Webcam automation software that saves regular photos from webcam and can also act as HTTP server
Source=Paul Collins Startup list

[PK Guard]
Number=7889
Confirmed=X
Filename=pkguard32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082311-0208-99" target=_blank>GUAPIM</a> WORM!
Source=Paul Collins Startup list

[PK Services]
Number=7890
Confirmed=X
Filename=pksvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbw.html" target=_blank>FORBOT-BW</a> WORM!

Source=Paul Collins Startup list

[PktAnything]
Number=7891
Confirmed=U
Filename=PocketCompanion.exe
Description=<a href="http://www.o2pocket.com/pocketanythinginfo" target=_blank>PocketAnything</a> lets you save anything on your computer to your mobile, with one click
Source=Paul Collins Startup list

[Planlćgningsagent]
Number=7892
Confirmed=U
Filename=mstask.exe
Description=Windows Task Scheduler (on Danish language versions of Windows) - displayed as a box with a stopwatch in the System Tray. Required if you have regularly scheduled tasks like defragmenting, ScanDisk, weekly virus scans and so on
Source=Paul Collins Startup list

[Plasdll service]
Number=7893
Confirmed=X
Filename=[random filename]
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Playboy]
Number=7894
Confirmed=X
Filename=playavi.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-092709-2346-99" target=_blank>GAMANLOCK</a> TROJAN!
Source=Paul Collins Startup list

[PLEAPCPUCPL]
Number=7895
Confirmed=U
Filename=pleapu.exe
Description=CPU Control Panel for the <a href="http://www.powerleap.com/" target="_blank">Powerleap</a> CPU upgrade
Source=Paul Collins Startup list

[PLFFAP]
Number=7896
Confirmed=?
Filename=HotfixQ0306270.exe
Description=Prolific Technology Inc. USB Flash Disk driver - <font color="#FF0000">is it required in startup?</font>
Source=Paul Collins Startup list

[Plguni]
Number=7897
Confirmed=N
Filename=Plguni.exe
Description=<a href="http://www.mcafee.com/myapps/qc3/default.asp" target="_blank">McAfee QuickClean 3.0</a> - removes internet clutter and unwanted programs
Source=Paul Collins Startup list

[plmg.exe]
Number=7898
Confirmed=U
Filename=plmg.exe
Description=Paragon Last Minute Bidder - auction assistant software
Source=Paul Collins Startup list

[PLoader]
Number=7899
Confirmed=?
Filename=umsd.exe
Description=USB Mass Storage Disk related tray icon. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list

[Plob]
Number=7900
Confirmed=X
Filename=kernel.com
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_OPTIXPRO.12" target="_blank">OPTIXPRO.12</a> TROJAN!
Source=Paul Collins Startup list

[Plook]
Number=7901
Confirmed=X
Filename=plook.exe
Description=AffiliateTarget.com alias <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-101114-0118-99" target=_blank>PLook</a> adware
Source=Paul Collins Startup list

[Pluck Tray]
Number=7902
Confirmed=U
Filename=PluckTray.exe
Description=RSS (XML TAGS) reader program
Source=Paul Collins Startup list

[PluckSvr]
Number=7903
Confirmed=?
Filename=PluckUpdater.exe
Description=<a href="http://www.pluck.com/" target=_blank>Pluck</a> Toolbar updater
Source=Paul Collins Startup list

[Plug And Play]
Number=7904
Confirmed=X
Filename=msnmsg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotid.html" target=_blank>RBOT-ID</a> WORM!
Source=Paul Collins Startup list

[Pluto! Pager]
Number=7905
Confirmed=X
Filename=srvhandle.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-011714-3251-99" target=_blank>REDPLUT</a> VIRUS!
Source=Paul Collins Startup list

[PLXSTART]
Number=7906
Confirmed=U
Filename=PLXSTART.EXE
Description=Sets the spindown timeout and access speeds at startup and displays the &quot;Plextor Manager 2000&quot; splash screen for Plextor CD-RW.
Source=Paul Collins Startup list

[PLXTASK]
Number=7907
Confirmed=N
Filename=PLXTASK.EXE
Description=Taskbar utility for a &quot;control panel&quot; for a Plextor CD-RW. Has MVP 2000 (audio CD player), DiscDupe 2000 (self explanatory CD copying program) and AudioCapture 2000 (rips audio CDs into MP3 or WAV files)
Source=Paul Collins Startup list

[pm32ctrl]
Number=7908
Confirmed=X
Filename=pwr32crtl.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list

[pm32info]
Number=7909
Confirmed=X
Filename=pm32info.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list

[pmc]
Number=7910
Confirmed=X
Filename=764.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[pmcqt]
Number=7911
Confirmed=X
Filename=pmcqt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdlucav.html" target=_blank>DLUCA-V</a> TROJAN!
Source=Paul Collins Startup list

[Pmedia]
Number=7912
Confirmed=X
Filename=winsrvc.exe
Description=Internet marketing sofware from Permissioned Media Inc as used in E-Card FriendGreetings foistware - see <a href="http://vil.nai.com/vil/content/v_99760.htm" target="_blank">here</a>. Treated by Trend as the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_FRIENDGRT.B" target="_blank">FRIENDGRT.B</a> WORM!
Source=Paul Collins Startup list

[PmProxy]
Number=7913
Confirmed=?
Filename=PmProxy.exe
Description=Associated with Analog Devices "SoundMAX" audio chipset - often built-in to motherboards. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[pmr]
Number=7914
Confirmed=X
Filename=pmr.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=PowerStrip&threatid=14844" target="_blank">PowerStrip</a> foistware. Note - this is not the same as the video tweaking utility of the same name <a href="http://www.entechtaiwan.com/util/ps.shtm" target="_blank">here</a>
Source=Paul Collins Startup list

[PMT]
Number=7915
Confirmed=U
Filename=personalmoneytree.exe
Description=According to the web site <a href="http://www.personalmoneytree.com/" target=_blank>Personal Money Tree</a> is an automatic cash rebate program. Note: Not recommended
Source=Paul Collins Startup list

[PMTSHOOT]
Number=7916
Confirmed=N
Filename=pmtshoot.exe
Description=MS tool for troubleshooting power management problems
Source=Paul Collins Startup list

[PMXInit]
Number=7917
Confirmed=U
Filename=pmxinit.exe
Description=Restores user display preferences Kyro2 based graphics cards. Not required unless you change the default settings - such as gamma&nbsp;
Source=Paul Collins Startup list

[PNAgent]
Number=7918
Confirmed=N
Filename=PNAgent.exe
Description=<a href="http://www.phatnoise.com/products/software/music_manager.php" target="_blank">PhatNoise Music Manager</a> - manages WMA, MP3, WAV, etc music files
Source=Paul Collins Startup list

[PNP]
Number=7919
Confirmed=X
Filename=wuaaclt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lilbrea.html" target=_blank>LILBRE-A</a> WORM!
Source=Paul Collins Startup list

[PnP Driver]
Number=7920
Confirmed=X
Filename=playboy.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotfr.html" target=_blank>FORBOT-FR</a> WORM!
Source=Paul Collins Startup list

[PNP FIX]
Number=7921
Confirmed=X
Filename=[worm filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotakq.html" target=_blank>RBOT-AKQ</a> WORM!
Source=Paul Collins Startup list

[Pnpchk]
Number=7922
Confirmed=U
Filename=Pnpchk.exe
Description=<a target="_blank" href="http://www.aztech.com/">Aztech Labs</a> Sound 3 PnP driver
Source=Paul Collins Startup list

[pnpsvc_lock]
Number=7923
Confirmed=X
Filename=******.exe [* = random digit]
Description=Browser hijacker
Source=Paul Collins Startup list

[pnpsvc_lock]
Number=7924
Confirmed=X
Filename=startsvs.exe
Description=Browser hijacker
Source=Paul Collins Startup list

[PNSetup]
Number=7925
Confirmed=U
Filename=PNSetup.exe
Description=<a href="http://www.hdsoft.com/?0.1" target="_blank">PopNot</a> - pop-up killer
Source=Paul Collins Startup list

[PNtask Services]
Number=7926
Confirmed=X
Filename=pntask.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080516-5345-99" target="_blank">LALA.C</a> TROJAN!
Source=Paul Collins Startup list

[pnvifj]
Number=7927
Confirmed=X
Filename=jusodl.exe 
Description=Added by the <a href="http://kr.ahnlab.com/SecuInfoVirusViewEngNew3.ahn?SEQ_NO=6907" target="_blank">QQPASS.48436</a> TROJAN!
Source=Paul Collins Startup list

[Pocket Sheet Sync]
Number=7928
Confirmed=U
Filename=PSXLTRAY.EXE
Description=Casio <a href="http://www.pcsync.de/download/e_pocketsheet.asp" target="_blank"> Pocket Sheet</a> synchronization software
Source=Paul Collins Startup list

[Poet]
Number=7929
Confirmed=X
Filename=Poet.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-063013-4800-99" target="_blank">DOEP.A</a> WORM!
Source=Paul Collins Startup list

[Pofatch]
Number=7930
Confirmed=X
Filename=nstrue.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110610-2833-99" target="_blank">RANDEX.Z</a> WORM!
Source=Paul Collins Startup list

[point32]
Number=7931
Confirmed=U
Filename=point32.exe
Description=Microsoft Intellipoint software for their Intellimouse series of mice - required if you use non-standard Windows driver features
Source=Paul Collins Startup list

[POINTER]
Number=7932
Confirmed=U
Filename=point32.exe
Description=Microsoft Intellipoint software for their Intellimouse series of mice - required if you use non-standard Windows driver features
Source=Paul Collins Startup list

[Points Manager]
Number=7933
Confirmed=X
Filename=points manager.exe
Description=Altnet <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080415-0053-99" target=_blank>TopSearch</a> adware
Source=Paul Collins Startup list

[Pollon]
Number=7934
Confirmed=X
Filename=pollone.exe
Description=Added by the <a href="http://se.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_SPYBOT.FW" target=_blank>SPYBOT.FW</a> WORM!
Source=Paul Collins Startup list

[polo.exe]
Number=7935
Confirmed=X
Filename=polo.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentpe.html" target=_blank>AGENT-PE</a> TROJAN!
Source=Paul Collins Startup list

[POP]
Number=7936
Confirmed=X
Filename=PopSrv***.exe
Description=<a href="http://www.pchell.com/support/peopleonpage.shtml" target="_blank">PeopleonPage</a> foistware, bundled with Grokster where *** are random digits
Source=Paul Collins Startup list

[POP Manager]
Number=7937
Confirmed=X
Filename=popmgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbckdrpyv.html" target="_blank">BCKDR-PYV</a> TROJAN!
Source=Paul Collins Startup list

[Pop-Up Smasher]
Number=7938
Confirmed=U
Filename=PopupSmasher.exe
Description=<a href="http://www.popupsmasher.com/" target="_blank">Pop-Up Smasher</a> - pop-up killer
Source=Paul Collins Startup list

[Pop-Up Stopper]
Number=7939
Confirmed=U
Filename=dpps2.exe
Description=<a href="http://www.popupstopper.net/product_dpps.html" target="_blank">Pop-Up Stopper</a> Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group
Source=Paul Collins Startup list

[Pop-Up_Blocker]
Number=7940
Confirmed=U
Filename=Popup.exe
Description=A <a href="http://www.totalidea.com/frameset-tweakxp.htm" target=_blank>Tweak-XP</a> component, blocks advertisement pop-up windows in Internet Explorer. Can be enabled/disabled via Tweak-XP -> Internet Tweaks
Source=Paul Collins Startup list

[Pop-Up_Scanner]
Number=7941
Confirmed=U
Filename=Popupscn.exe
Description=<a href="http://www.panicware.com/" target=_blank>Panicware</a> popup blocker
Source=Paul Collins Startup list

[pop06ap]
Number=7942
Confirmed=X
Filename=pop06ap2.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MediaMotor&threatid=15001" target="_blank">MediaMotor</a> adware
Source=Paul Collins Startup list

[pop06apelt]
Number=7943
Confirmed=X
Filename=thiselt.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094810" target="_blank">ZenoSearch</a> adware
Source=Paul Collins Startup list

[pop3 Server]
Number=7944
Confirmed=U
Filename=config.cfg
Description=Part of <a href="http://sourceforge.net/projects/html2pop3/" target="_blank">HTML2POP3</a> - "Convert Webmail to POP3.Is also included a SMTP/POP3 tunneling system that allow send and receive email in a private network HTTP PROXY based. All connection are plugin based. Over 250 email server supported and tested"
Source=Paul Collins Startup list

[pop3trap.exe]
Number=7945
Confirmed=Y
Filename=pop3trap.exe
Description=PC-Cillin 2000 antivirus software -&gt; E-mail scanner
Source=Paul Collins Startup list

[PopeSvr]
Number=7946
Confirmed=X
Filename=PopeSvr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmiraj.html" target=_blank>LEGMIR-AJ</a> TROJAN!
Source=Paul Collins Startup list

[PopMark]
Number=7947
Confirmed=X
Filename=WinTask.exe
Description="Pop Marketing" adware
Source=Paul Collins Startup list

[PopNot]
Number=7948
Confirmed=U
Filename=PopNot.exe
Description=<a href="http://www.hdsoft.com/?0.1" target="_blank">PopNot</a> - pop-up killer
Source=Paul Collins Startup list

[PopOops]
Number=7949
Confirmed=U
Filename=PopOops.exe
Description=<a href="http://www.gasanov.net/PopOops.htm" target="_blank">PopOops</a> - pop-up killer
Source=Paul Collins Startup list

[Popopen]
Number=7950
Confirmed=U
Filename=popopen.exe
Description=<a href="http://www.pcworld.com/downloads/file/fid,4719-order,1-page,1-c,alldownloads/description.html" target="_blank">PopOpen</a> makes your windows spring open with animation effects
Source=Paul Collins Startup list

[Poproxy]
Number=7951
Confirmed=Y
Filename=POPROXY.EXE
Description=Proxy E-mail protection from Norton Anti-Virus (prior to 2002). If you have it installed, leave it enabled to automatically check for suspect attachments in E-mails that may contain viruses. It downloads the E-mail into poproxy, which serves as a proxy server on the local machine, before scanning it
Source=Paul Collins Startup list

[popsrv146]
Number=7952
Confirmed=X
Filename=popsrv146.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=AproposMedia&threatid=14978" target="_blank">AproposMedia</a> adware
Source=Paul Collins Startup list

[PopSubtract]
Number=7953
Confirmed=U
Filename=PopSub.exe
Description=<a href="http://www.popsubtract.com/features.html" target="_blank">PopSubtract</a> - pop-up killer
Source=Paul Collins Startup list

[Popup Ad Filter]
Number=7954
Confirmed=U
Filename=PopFilter.exe
Description=<a href="http://www.meaya.com/" target="_blank">Popup Ad Filter</a> - pop-up killer
Source=Paul Collins Startup list

[Popup and Advertisement Killers]
Number=7955
Confirmed=U
Filename=adkillers.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotddh.html" target="_blank">RBOT-DDH</a> WORM!
Source=Paul Collins Startup list

[Popup Blocker System]
Number=7956
Confirmed=X
Filename=PopUpBlocker.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Popup Blocker System326a Monitoring]
Number=7957
Confirmed=X
Filename=PopUpBlocker6a.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AUH&VSect=P" target=_blank>RBOT.AUH</a> WORM!
Source=Paul Collins Startup list

[Popup Blocker System8 Monitoring]
Number=7958
Confirmed=X
Filename=PopUpBlocker8.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Popup Blocker Updater]
Number=7959
Confirmed=X
Filename=regsvr32 [path] veev****.dll [* = random char]
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453082734" target="_blank">SafeguardProtect/Veevo</a> hijacker
Source=Paul Collins Startup list

[PopUp Buster+]
Number=7960
Confirmed=U
Filename=popupbuster.exe
Description=PopUp Buster - free Pop-up blocker
Source=Paul Collins Startup list

[Popup Defence Updater]
Number=7961
Confirmed=X
Filename=regsvr32 [path] pdf****.dll [* = random char]
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453082734" target="_blank">SafeguardProtect/Veevo</a> hijacker
Source=Paul Collins Startup list

[Popup Defender]
Number=7962
Confirmed=U
Filename=PD.exe
Description=<a  href="http://www.pcworld.com/downloads/file/fid,22573-order,1-page,1-c,alldownloads/description.html" target="_blank">Popup Defender</a> - pop-up killer
Source=Paul Collins Startup list

[Popup Terminator]
Number=7963
Confirmed=U
Filename=GLADManager.exe
Description=<a href="http://www.gleanersoft.com/popupterminator/info.html" target="_blank">Popup Terminator</a> - pop-up killer
Source=Paul Collins Startup list

[PopupEliminator]
Number=7964
Confirmed=U
Filename=Popup Eliminator.exe
Description=<a href="http://www.popupeliminator.info/" target="_blank">Popup Eliminator</a> - pop-up killer
Source=Paul Collins Startup list

[PopUpKiller]
Number=7965
Confirmed=U
Filename=PopUpKiller.exe
Description=<a href="http://software.xfx.net/utilities/popupkiller/index.php" target="_blank">PopUpKiller</a> - pop-up killer
Source=Paul Collins Startup list

[popuppers]
Number=7966
Confirmed=X
Filename=newpop63.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120718-0513-99" target="_blank">Medload</a> adware
Source=Paul Collins Startup list

[popuppers64]
Number=7967
Confirmed=X
Filename=a64sddd.exe
Description=Popuppers adware, also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojlowzoneaa.html" target= blank>LOWZONE-AA</a> TROJAN!
Source=Paul Collins Startup list

[popuppers65]
Number=7968
Confirmed=X
Filename=[path to file]
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120718-0513-99" target="_blank">Medload</a> adware
Source=Paul Collins Startup list

[PopUpStopperCompanion]
Number=7969
Confirmed=U
Filename=PSComp.exe
Description=<a href="http://www.panicware.com/product_companion.html" target=_blank>PopupStopper Companion</a> popup blocker

Source=Paul Collins Startup list

[PopUpStopperFreeEdition]
Number=7970
Confirmed=U
Filename=PSFREE.EXE
Description=Panicware's <a href="http://www.panicware.com/product_psfree.html" target="_blank">Pop-Up Stopper</a> - free limited features version
Source=Paul Collins Startup list

[PopUpStopperProfessional]
Number=7971
Confirmed=U
Filename=PopUpStopperProfessional.exe
Description=Panicware's <a href="http://www.panicware.com/popupstopper.html" target="_blank">Pop-Up Stopper</a> - paid for version
Source=Paul Collins Startup list

[PopupVanish]
Number=7972
Confirmed=U
Filename=PopupVanish.exe
Description=Pop-up blocker
Source=Paul Collins Startup list

[PopUpWasher]
Number=7973
Confirmed=U
Filename=PopUpWasher.exe
Description=<a href="http://www.webroot.com/consumer/products/popupwasher/" target="_blank">PopUpWasher</a> pop-up killer
Source=Paul Collins Startup list

[PopUpWatch]
Number=7974
Confirmed=N
Filename=PopUpWatch.exe
Description=BPS spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[POS-Partnerbatchprocessor]
Number=7975
Confirmed=?
Filename=BATCH.EXE
Description=VISA credit card batch processing related to Appcon. <font color="#FF0000">Is it needed or can it be started manually via Start -&gt; Programs or a manually created shortcut?</font>
Source=Paul Collins Startup list

[Post-It(r) Software]
Number=7976
Confirmed=N
Filename=Psnotes.exe
Description=Pop-up &quot;yellow&quot; notes on screen. Available via Start -> Programs
Source=Paul Collins Startup list

[POW!]
Number=7977
Confirmed=U
Filename=pow.exe
Description=Pop-up killer
Source=Paul Collins Startup list

[Power Scan]
Number=7978
Confirmed=X
Filename=powerscan.exe
Description=Foistware by Integrated Search Technologies - the people behind <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091913-2632-99" target="_blank">ISTBar</a> adware

Source=Paul Collins Startup list

[Power2GoExpress]
Number=7979
Confirmed=U
Filename=Power2GoExpress.exe
Description=<a href="http://www.cyberlink.com/multi/products/main_24_ENU.html" target=_blank>Power2GoExpress</a> - all media disc burning software

Source=Paul Collins Startup list

[PowerBar]
Number=7980
Confirmed=N
Filename=Powerbar.exe
Description=Part of Cyberlink's <a href="http://www.cyberlink.com/multi/products/main_1_ENU.html" target=_blank>PowerDVD</a> software. Not sure what exactly it does, but not required in startup

Source=Paul Collins Startup list

[PowerChute]
Number=7981
Confirmed=Y
Filename=Pwrchute.exe
Description=&quot;During a power outage, if you're not available to save your files &amp; close down Windows....PowerChute will do that for you. PowerChute will save your application files, close your applications and shut down your computer just like you would...otherwise, the APC UPS (Uninterruptible Power Supply) unit would go to battery until it wore down, then your computer would shutoff&quot;
Source=Paul Collins Startup list

[PowerChute]
Number=7982
Confirmed=X
Filename=Pwrchute.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlazara.html" target=_blank>LAZAR-A</a> TROJAN! Note - this is located in the Program Files\APC_Power directory
Source=Paul Collins Startup list

[PowerDOCSAPIHost]
Number=7983
Confirmed=U
Filename=papihost.exe
Description=<a href="http://www.imageware.ch/tr/products/dms/powerdocs.jsp" target="_blank">Hummingbird PowerDOCS</a> - "delivers powerful enterprise document management functionality via a tightly integrated Microsoft WinNT/98/2K environment"
Source=Paul Collins Startup list

[PowerDVD]
Number=7984
Confirmed=N
Filename=PowerDVD.exe
Description=Launches Cyberlink's <a href="http://www.cyberlink.com/multi/products/main_1_ENU.html" target=_blank>PowerDVD</a> software and creates a system tray icon. If enabled, PowerDVD will open automatically when a DVD movie is inserted. Launch manually

Source=Paul Collins Startup list

[PowerKey]
Number=7985
Confirmed=U
Filename=PowerKey.exe
Description=Part of <a href="http://global.acer.com/" target="_blank">Acer</a> Launch Manager - programmable keys on such laptops as the TravelMate 610
Source=Paul Collins Startup list

[PowerManagement]
Number=7986
Confirmed=X
Filename=Rundlll.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091909-3458-99" target="_blank">SURDUX</a> TROJAN!
Source=Paul Collins Startup list

[PowerManager]
Number=7987
Confirmed=X
Filename=Svchost.exe
Description=Added by the <a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100277" target=_blank>JEEFO</a> VIRUS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list

[PowerPanel]
Number=7988
Confirmed=Y
Filename=POWPANEL.EXE
Description=Power management utility on notebooks/laptops - automatically switches modes when running on battery
Source=Paul Collins Startup list

[PowerPanel Personal Edition User Interaction]
Number=7989
Confirmed=U
Filename=pppeuser.exe
Description=CyberPower <a href="http://www.cyberpowersystems.com/pp_pe.asp" target="_blank">PowerPanel Personal Edition</a> UPS Monitoring & Control Software - "is included with CyberPower's products. This exclusive software allows control and monitoring of your UPS to provide protection for your computer system, components, peripherals, and most importantly, your data"
Source=Paul Collins Startup list

[PowerPrifile]
Number=7990
Confirmed=X
Filename=rundl132 kenel.dll, PowerProfileEnable
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101016-3833-99" target="_blank">INMOTA</a> WORM!
Source=Paul Collins Startup list

[PowerPro]
Number=7991
Confirmed=U
Filename=powerpro.exe
Description=Part of the power professional program that loads the floating menu bar. Can be accessed from Start -&gt; Programs, but I'd leave it alone if you use this program
Source=Paul Collins Startup list

[PowerProf]
Number=7992
Confirmed=X
Filename=PowerProf.exe
Description=Added by the LOREX.B TROJAN!
Source=Paul Collins Startup list

[PowerProfile]
Number=7993
Confirmed=X
Filename=mfcp30.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojrindasa.html" target= blank>RINDAS-A</a> TROJAN!
Source=Paul Collins Startup list

[PowerQuest Startup Utility]
Number=7994
Confirmed=N
Filename=PQINIT.EXE
Description=From a visitor - &quot;This seems to be installed when you install Power Quest Partition Magic. I think that it implements the changes when you use the magic mover app. If you don't have any mappings set up, it does nothing (except waste bytes and cycles). I disabled it using msconfig.exe with no problems&quot;
Source=Paul Collins Startup list

[PowerReg Scheduler]
Number=7995
Confirmed=N
Filename=PowerReg Scheduler.exe
Description=<a href="http://www.leadertech.com/register.htm" target="_blank">PowerREGISTER</a> from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst others
Source=Paul Collins Startup list

[PowerReg SchedulerV2]
Number=7996
Confirmed=N
Filename=PowerReg SchedulerV2.exe
Description=<a href="http://www.leadertech.com/register.htm" target="_blank">PowerREGISTER</a> from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst others
Source=Paul Collins Startup list

[PowerReg SchedulerV3]
Number=7997
Confirmed=N
Filename=PowerReg SchedulerV3.exe
Description=<a href="http://www.leadertech.com/register.htm" target="_blank">PowerREGISTER</a> from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst others
Source=Paul Collins Startup list

[POWERR~1]
Number=7998
Confirmed=?
Filename=POWERR~1.exe
Description=<font color="#FF0000">Power monitoring?</font>
Source=Paul Collins Startup list

[PowerS]
Number=7999
Confirmed=?
Filename=PowerS.exe
Description=<a href="http://www.prolink-usa.com/" target="_blank">Prolink</a>Test for either their AGP graphics card or TV/FM capture card. <font color="#FF0000">Is it required?</font>

Source=Paul Collins Startup list

[PowerSet]
Number=8000
Confirmed=?
Filename=Regedit.exe /s ...PowerSet_8100_CU.REG
Description=<font color="#FF0000">Appears to be Toshiba power management related</font>
Source=Paul Collins Startup list

[PowerStrip]
Number=8001
Confirmed=N
Filename=powerstrip.exe
Description=<a href="http://www.entechtaiwan.com/util/ps.shtm" target="_blank">PowerStrip</a> is a Video Mode Editor to allow special Refresh Rates and Tweaking of Video Settings
Source=Paul Collins Startup list

[PowerStrip]
Number=8002
Confirmed=N
Filename=PSTRIP.EXE
Description=<a href="http://www.entechtaiwan.com/util/ps.shtm" target="_blank">PowerStrip</a> is a Video Mode Editor to allow special Refresh Rates and Tweaking of Video Settings
Source=Paul Collins Startup list

[PowerTools Tray Icon]
Number=8003
Confirmed=U
Filename=pttray.exe
Description=<a href="http://www.bpssoft.com/PowerTools/index.htm" target="_blank">PowerTools</a> - add-on for AOL
Source=Paul Collins Startup list

[Powertweak]
Number=8004
Confirmed=U
Filename=PT2.EXE
Description=&quot;<a href="http://www.powertweak.com/" target="_blank">Powertweak</a> is designed to configure your system in the best way. A processor, the core of the system, or a chipset (a set of components that manage the data flows between the different parts of the system) can be configured.&quot; This item is added to startup if 'Use predefined settings' is enabled in the programs options
Source=Paul Collins Startup list

[Powertweak]
Number=8005
Confirmed=U
Filename=PTCTRL.EXE
Description=&quot;<a href="http://www.powertweak.com/" target="_blank">Powertweak</a> is designed to configure your system in the best way. A processor, the core of the system, or a chipset (a set of components that manage the data flows between the different parts of the system) can be configured.&quot; This item is added to startup if 'Configure system at logon' is enabled in the programs options
Source=Paul Collins Startup list

[Power_Gear]
Number=8006
Confirmed=U
Filename=BatteryLife.exe
Description=Power management for all Asus notebook. Useful but not critical
Source=Paul Collins Startup list

[PP Gamma]
Number=8007
Confirmed=U
Filename=ppgamma.exe
Description=<a href="http://www.ddisoftware.com/prism/" target="_blank">Profile Prism</a> software that allows monitor calibration and can generate ICC profiles for digital cameras
Source=Paul Collins Startup list

[PP****usb]
Number=8008
Confirmed=N
Filename=FBDirect.exe
Description=Software that monitors the status of a Visioneer OneTouch scanner button and allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop!. The **** represents the model, 5300, 7600, etc. Available via Start -> Programs
Source=Paul Collins Startup list

[PP2000 Instaupdate]
Number=8009
Confirmed=U
Filename=PPInupdt.exe
Description=Protector Plus anti-virus software - instant update program for virus data updates. Not required if you regularly update virus data manually
Source=Paul Collins Startup list

[PP2000 Real Time Scan]
Number=8010
Confirmed=Y
Filename=PPVstop.exe
Description=Protector Plus anti-virus software - real time scanner
Source=Paul Collins Startup list

[PP2000 Taskbar Control]
Number=8011
Confirmed=Y
Filename=PPTbc.exe
Description=Protector Plus anti-virus software - system tray access
Source=Paul Collins Startup list

[PP3100b]
Number=8012
Confirmed=N
Filename=flatbed.exe
Description=Twain driver for the Visioneer PaperPort 3100b scanner that allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop
Source=Paul Collins Startup list

[ppass]
Number=8013
Confirmed=U
Filename=Antispy.exe
Description=<a href="http://www.antivirus-program.com/antivirus_program/antispy/" target="_blank">AntiSpy</a> firewall - &quot;program designed to combat against various types of intrusion and monitoring programs currently in use or presently being developed worldwide&quot;
Source=Paul Collins Startup list

[PPControl]
Number=8014
Confirmed=U
Filename=PPControl.exe
Description=PestPatrol Control Terminal - utility that launched <a href="http://www.pestpatrol.com/default.asp" target="_blank">PestPatrol</a> features such as PPMemCheck and CookiePatrol before CA's acquisition
Source=Paul Collins Startup list

[PPCRunonce]
Number=8015
Confirmed=U
Filename=PPCRunOnce.exe
Description=Related to PeoplePC ISP software - may display advertising, see <a href="http://www.spywaredata.com/spyware/threat_list/PEOPLEPC/result.php" target="_blank">here</a>
Source=Paul Collins Startup list

[PPHIDPAD]
Number=8016
Confirmed=U
Filename=pphidpad.exe
Description=<a href="http://www.penpowerusa.com/ProductInfo.asp?Product ID=PPEJWCRC" target= blank>PenPower</a> Chinese handwriting recognition software
Source=Paul Collins Startup list

[PPK Setup(Server)]
Number=8017
Confirmed=U
Filename=SEServe.exe
Description=Programmable Power Key on Sony Vaio laptops. &quot;Using the Programmable Power Key (PPK) button, collect your e-mail automatically with one key stroke. You can also program your PPK to turn on your SuperSlim Notebook at a predetermined time and perform simple tasks - completely unattended&quot;
Source=Paul Collins Startup list

[PPMemCheck]
Number=8018
Confirmed=U
Filename=ppmemcheck.exe
Description=PPMemCheck - used to be part of <a href="http://www.pestpatrol.com/default.asp" target="_blank">PestPatrol</a> before CA's acquisition
Source=Paul Collins Startup list

[PPPOEO]
Number=8019
Confirmed=X
Filename=pingppac.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022817-3323-99" target=_blank>SPYBOT.KHC</a> WORM!
Source=Paul Collins Startup list

[PProTray]
Number=8020
Confirmed=N
Filename=pprotray.exe
Description=Part of the power professional program. Loads the System Tray control
Source=Paul Collins Startup list

[PPScheduler]
Number=8021
Confirmed=?
Filename=PPScheduler.exe
Description=Nuance (was ScanSoft) <a href="http://www.nuance.com/paperport/" target="_blank">PaperPort Scheduler</a> - <font color=#FF0000>what does it do and is it required?</font>
Source=Paul Collins Startup list

[PPSVC]
Number=8022
Confirmed=U
Filename=[path to file]
Description=<a href="http://sarc.com/avcenter/venc/data/spyware.pcpolice.html" target="_blank">PC Police</a> surveillance software that logs keystrokes, files looked at, applications used, and chats on either MSN, Yahoo, ICQ or AOL. This information can then be transmitted to a remote user. Uninstall this software if you did not install it yourself
Source=Paul Collins Startup list

[PPSYS]
Number=8023
Confirmed=U
Filename=ppsys.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=PC Police&threatid=29174" target="_blank">PC Police</a> commercial keystroke logger. Uninstall this software if you did not install it yourself
Source=Paul Collins Startup list

[pptd40nt]
Number=8024
Confirmed=N
Filename=pptd40nt.exe
Description=&quot;PaperPort&quot; software associated with scanners
Source=Paul Collins Startup list

[PPUpdate]
Number=8025
Confirmed=U
Filename=ppupdater.exe
Description=PPUpdater - updater that used to be part of <a href="http://www.pestpatrol.com/default.asp" target="_blank">PestPatrol</a> before CA's acquisition
Source=Paul Collins Startup list

[PPWWebCap]
Number=8026
Confirmed=N
Filename=PPWebCap.exe
Description=&quot;PaperPort&quot; software associated with scanners
Source=Paul Collins Startup list

[pqhelper]
Number=8027
Confirmed=X
Filename=pqhelper.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453077927" target="_blank">Searchcentrix</a> hijacker
Source=Paul Collins Startup list

[PractiSearch]
Number=8028
Confirmed=U
Filename=PSearch.exe
Description=<a href="http://www.practisearch.com/" target="_blank">PractiSearch</a> web search software
Source=Paul Collins Startup list

[Praize Messenger]
Number=8029
Confirmed=U
Filename=itLoad.exe
Description=<a target="_blank" href="http://www.praize.com/IM/">Praize IM</a> Christian chat instant messenger
Source=Paul Collins Startup list

[Prayer]
Number=8030
Confirmed=U
Filename=PTW.EXE
Description=Islamic <a href="http://www.muhaddith.org/" target="_blank">Adhan</a> program (call fpr daily prayers)
Source=Paul Collins Startup list

[prdtect]
Number=8031
Confirmed=X
Filename=prdtect.exe
Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list

[PreAnnotate]
Number=8032
Confirmed=?
Filename=PreAnntt.exe
Description=Genius Wizard Pen Tablet driver related. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list

[Precision Time Clock Checker]
Number=8033
Confirmed=N
Filename=PrecisionTime.exe
Description=Precision Time 2.0. Checks your computer clock time against the Naval Observatory or some other source to assure accurate time
Source=Paul Collins Startup list

[PrecisionTime]
Number=8034
Confirmed=X
Filename=PrecisionTime.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Claria.PrecisionTime&threatid=9962" target="_blank">PrecisionTime</a> - clock synchronizing software containg spyware by Claria/GAIN. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
Source=Paul Collins Startup list

[precpop2]
Number=8035
Confirmed=X
Filename=starter.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-021414-1601-99" target="_blank">PrecisionPop</a> adware
Source=Paul Collins Startup list

[Prein]
Number=8036
Confirmed=X
Filename=APP****.tmp [* = random char or digit]
Description=Unidentified adware
Source=Paul Collins Startup list

[Preload]
Number=8037
Confirmed=Y
Filename=Preload.exe
Description=Millenium Multi-Function Keyboard driver
Source=Paul Collins Startup list

[PreloadApp]
Number=8038
Confirmed=?
Filename=hphprld.exe
Description=HP PhotoSmart printers related. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[Premeter]
Number=8039
Confirmed=X
Filename=nrpr.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=NetRatings%20Premeter&threatid=8994" target=_blank>NetRatings Premeter</a> spyware
Source=Paul Collins Startup list

[Premeter]
Number=8040
Confirmed=X
Filename=prmt.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=NetRatings%20Premeter&threatid=8994" target=_blank>NetRatings Premeter</a> spyware
Source=Paul Collins Startup list

[Preview AdService]
Number=8041
Confirmed=X
Filename=PrevAdServ.exe
Description=Windupdates adware variant
Source=Paul Collins Startup list

[PrevX]
Number=8042
Confirmed=X
Filename=prevx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ircbottf.html" target="_blank">IRCBOT-TF</a> WORM! Note - this worm is located in the System (Win9x/Me) or System32 (XP/WinNT/2K) directory and is not the <a href="http://www.prevx.com/" target="_blank">PrevX Home</a> intrusion prevention software
Source=Paul Collins Startup list

[PrevxHome]
Number=8043
Confirmed=Y
Filename=SAGUI.exe
Description=<a href="http://www.prevx.com/" target=_blank>PrevX Home</a> intrusion prevention software
Source=Paul Collins Startup list

[PrevxOne]
Number=8044
Confirmed=Y
Filename=PXConsole.exe
Description=<a href="http://www.prevx.com/" target=_blank>Prevx</a> intrusion prevention software
Source=Paul Collins Startup list

[PrevxPro]
Number=8045
Confirmed=Y
Filename=SAGUI.exe
Description=<a href="http://www.prevx.com/" target=_blank>PrevX Home</a> intrusion prevention software
Source=Paul Collins Startup list

[prgtect]
Number=8046
Confirmed=X
Filename=prgtect.exe
Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list

[Price Patrol]
Number=8047
Confirmed=N
Filename=neo.exe
Description=<a href="http://corp.half.ebay.com/20010612.html" target="_blank">Price Patrol</a> by Half.com - internet shopping companion for finding the best on-line prices
Source=Paul Collins Startup list

[PrimaLauncher]
Number=8048
Confirmed=?
Filename=Launcher.exe
Description=Associated with <a href="http://www.primascan.com/" target="_blank">PrimaScan</a> scanners.<font color="#FF0000"> Is it required?</font>
Source=Paul Collins Startup list

[Primax 3D Mouse]
Number=8049
Confirmed=U
Filename=3dmoused.exe
Description=Enables the scroll button on the Primax 3-D Scroll mouse
Source=Paul Collins Startup list

[Primsta]
Number=8050
Confirmed=?
Filename=Primsta.exe
Description=Linksys Wireless CompactFlash Card driver related. <font color="#FF0000"> Is it required?</font>
Source=Paul Collins Startup list

[Print Driver Helper Service]
Number=8051
Confirmed=X
Filename=crsrr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentbc.html" target=_blank>AGENT-BC</a> TROJAN!
Source=Paul Collins Startup list

[Print Master Event Reminder]
Number=8052
Confirmed=N
Filename=PMremind.exe
Description=Print Master Gold - calander feature that pops up reminders, such as birthdays
Source=Paul Collins Startup list

[Print Screen Deluxe]
Number=8053
Confirmed=N
Filename=psdeluxe.exe
Description=Utility allows &quot;Print Scrn&quot; or &quot;Print Screen&quot; key to capture, print or save the current window
Source=Paul Collins Startup list

[Print Services]
Number=8054
Confirmed=X
Filename=spolserv32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ZP" target="_blank">RBOT.ZP</a> WORM!
Source=Paul Collins Startup list

[print sharing]
Number=8055
Confirmed=X
Filename=start.bat
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzcrew.html" target="_blank">ZCREW</a> TROJAN!
Source=Paul Collins Startup list

[print sharing]
Number=8056
Confirmed=X
Filename=[path] hidden32.exe [path] explorer.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090519-2614-99" target="_blank">ZCREW.B</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually!
Source=Paul Collins Startup list

[Print Spooler]
Number=8057
Confirmed=X
Filename=Spoolsv.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112315-1255-99" target="_blank">CIADOOR.B</a> TROJAN! Note - "Spoolsv.exe" is located in the Windows or Winnt directory, and not in System32, like the legitimate Spoolsv.exe system file
Source=Paul Collins Startup list

[Print Spooler]
Number=8058
Confirmed=X
Filename=spoolsvc32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.BB" target="_blank">SDBOT.BB</a> TROJAN!
Source=Paul Collins Startup list

[Print Spooler]
Number=8059
Confirmed=X
Filename=spools.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotld.html" target="_blank">RBOT-LD</a> WORM!
Source=Paul Collins Startup list

[Print Spooler]
Number=8060
Confirmed=X
Filename=spool.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooris.html" target=_blank>IS</a> TROJAN!
Source=Paul Collins Startup list

[Print Spooler]
Number=8061
Confirmed=X
Filename=spoolsv32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.SW&VSect=P" target=_blank>RBOT.SW</a> WORM!
Source=Paul Collins Startup list

[Printer]
Number=8062
Confirmed=N
Filename=Spyassault.exe
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>
Source=Paul Collins Startup list

[Printer]
Number=8063
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-101411-3637-99" target=_blank>LOWTAPER</a> TROJAN!
Source=Paul Collins Startup list

[Printer]
Number=8064
Confirmed=X
Filename=dipset.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/Print119618.htm" target=_blank>FBSR</a> TROJAN!

Source=Paul Collins Startup list

[printer]
Number=8065
Confirmed=U
Filename=SpyAssaultScanner.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080410-3022-99" target= blank>SpyAssault</a> keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[printer]
Number=8066
Confirmed=N
Filename=SpyAssaultScanner.exe
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>
Source=Paul Collins Startup list

[Printer]
Number=8067
Confirmed=X
Filename=vmmon32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotcsb.html" target="_blank">RBOT-CSB</a> WORM!
Source=Paul Collins Startup list

[Printer Monitor]
Number=8068
Confirmed=X
Filename=webprinter.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotz.html" target= blank>IRCBOT-Z</a> TROJAN!
Source=Paul Collins Startup list

[Printer Spool]
Number=8069
Confirmed=X
Filename=updater.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Printer spool Service]
Number=8070
Confirmed=X
Filename=spool.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotacp.html" target= blank>RBOT-ACP</a> WORM!
Source=Paul Collins Startup list

[printer spooler]
Number=8071
Confirmed=X
Filename=commonaccess.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelflb.html" target=_blank>DELF-LB</a> TROJAN!
Source=Paul Collins Startup list

[Printer Spooler Subsystem]
Number=8072
Confirmed=X
Filename=spoolss.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM! - Note - this is NOT the legitimate Windows <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/spoolss/" target= blank>spoolss.exe</a> process, located in the Winnt/System32 or Windows\System32 folder, and which should NOT figure in Msconfig/Startup!
Source=Paul Collins Startup list

[Printer Update]
Number=8073
Confirmed=?
Filename=CFGREG.EXE
Description=<font color="#FF0000">Maybe a registration reminder or automatically updates drivers or application software for a printer?</font>
Source=Paul Collins Startup list

[PrinterSpool]
Number=8074
Confirmed=X
Filename=[path] RESTORE.EXE [path] SPOOL.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-021917-2136-99" target="_blank">ALADINZ.K</a> TROJAN!
Source=Paul Collins Startup list

[Printing Driver]
Number=8075
Confirmed=X
Filename=msprint.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.JH" target=_blank>RBOT.JH</a> WORM!
Source=Paul Collins Startup list

[Printkey2000]
Number=8076
Confirmed=N
Filename=printkey2000.exe
Description=Screen grabber that intercepts the pressing of the Print Screen (Prn Scrn) key. Start manually when required
Source=Paul Collins Startup list

[PrintMngr]
Number=8077
Confirmed=X
Filename=system.exe
Description=Added by an unidentified TROJAN!
Source=Paul Collins Startup list

[printnow]
Number=8078
Confirmed=N
Filename=printnow.exe
Description=<a href="http://www.pcmag.com/article2/0,4149,8418,00.asp" target="_blank">PrintNow</a> - a utility that primarily allows &quot;Print Srceen&quot; or &quot;Alt+Print Screen&quot; screenshots to be sent directly to a printer
Source=Paul Collins Startup list

[PrinTray]
Number=8079
Confirmed=N
Filename=Printray.exe
Description=Lexmark/Compaq printer icon in the System Tray for quick access. Not required - uncheck via Printer configuration rather than MSCONFIG. See also LexmarkPrintray and CompaqPrinTray
Source=Paul Collins Startup list

[PrintScreen]
Number=8080
Confirmed=N
Filename=UNWISE.EXE
Description=Gadwin <a href="http://www.gadwin.com/printscreen/" target="_blank">PrintScreen</a> - utility to capture, print or save the current window
Source=Paul Collins Startup list

[Printscreen 95]
Number=8081
Confirmed=N
Filename=PRT95MIN.EXE
Description=<a href="http://www.printscreen95.com/" target="_blank">Printscreen 95</a> - utility to capture, print or save the current window
Source=Paul Collins Startup list

[PrintSpoolSv]
Number=8082
Confirmed=X
Filename=System.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoors.html" target="_blank">BDOOR-S</a> TROJAN!
Source=Paul Collins Startup list

[PRISMSTA.EXE]
Number=8083
Confirmed=U
Filename=PRISMSTA.EXE
Description=Creates a system tray icon for accessing information about Intersil Prism Wireless Settings. Intersil silicon is used by Trendware/Trendnet for example
Source=Paul Collins Startup list

[PRISMSVR]
Number=8084
Confirmed=U
Filename=PRISMSVR.EXE
Description=Configuration and settings utility for PRISM chipset based wireless modems such as the 2Wire Wireless Gateway (2701HG) and Siemens Gigaset USB Adapter
Source=Paul Collins Startup list

[Privacy Eraser Pro]
Number=8085
Confirmed=N
Filename=PrivacyEraser.exe
Description=<a href="http://www.privacyeraser.com/" target="_blank">Privacy Eraser Pro</a> - protects your Internet privacy by cleaning up all Internet history tracks and past computer activities
Source=Paul Collins Startup list

[PrivacyKeyboard]
Number=8086
Confirmed=U
Filename=PrivacyKeyboard.exe
Description=<a href="http://www.privacykeyboard.com/privacy-keyboard.html" target=_blank>PrivacyKeyboard</a> is a product "that can provide every computer with strong protection against ALL types of keylogging programs and keylogging hardware devices, both known and unknown, currently in use or presently being developed worldwide"
Source=Paul Collins Startup list

[PrivacyScanner]
Number=8087
Confirmed=X
Filename=pscan.exe
Description=Privacy Champion, a stealth installed 'Privacy Scanner'. It purportedly scans your PC for links to adult content websites, and then offers to "clean" them. Produces loads of False Positives as goad to purchase

Source=Paul Collins Startup list

[PrivateNet]
Number=8088
Confirmed=X
Filename=[various filenames]
Description=Premium rate adult content dialler
Source=Paul Collins Startup list

[Privoxy]
Number=8089
Confirmed=U
Filename=privoxy.exe
Description=<a href="http://www.privoxy.org/" target="_blank">Privoxy</a> - web proxy with advanced filtering capabilities for protecting privacy, filtering web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk
Source=Paul Collins Startup list

[PrizeSurfer]
Number=8090
Confirmed=X
Filename=prizesurfer.exe
Description="PrizeSurfer is the free software that automatically enters you to win cash and prizes just for surfing the web and shopping online!" Stealth installed malware
Source=Paul Collins Startup list

[prjtect]
Number=8091
Confirmed=X
Filename=prjtect.exe
Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list

[prktect]
Number=8092
Confirmed=X
Filename=prktect.exe
Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list

[prltect]
Number=8093
Confirmed=X
Filename=prltect.exe
Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list

[prmt]
Number=8094
Confirmed=X
Filename=prmt.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=NetRatings%20Premeter&threatid=8994" target=_blank>NetRatings Premeter</a> spyware
Source=Paul Collins Startup list

[prmtect]
Number=8095
Confirmed=X
Filename=prmtect.exe
Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list

[PrnSys Executable]
Number=8096
Confirmed=U
Filename=PrnSys.exe
Description=Print screen utility bundled with some HP printer software - not required, but your choice if you like that feature
Source=Paul Collins Startup list

[pro]
Number=8097
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojspywadf.html" target=_blank>SPYWAD-F</a> TROJAN!
Source=Paul Collins Startup list

[pro]
Number=8098
Confirmed=X
Filename=SpySheriff.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojspywadi.html" target=_blank>SPYWAD-I</a> TROJAN!
Source=Paul Collins Startup list

[Pro PCL Status Monitor]
Number=8099
Confirmed=U
Filename=PENGSS.EXE
Description=Xerox printer/fax/copier status monitor (PCL = printer control language)
Source=Paul Collins Startup list

[ProAntiVirus]
Number=8100
Confirmed=X
Filename=ProAntiVirus.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotftp.html" target="_blank">RBOT-FTP</a> WORM!
Source=Paul Collins Startup list

[ProArt]
Number=8101
Confirmed=?
Filename=ProArt.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Proc992]
Number=8102
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ixbotc.html" target=_blank>IXBOT-C</a> WORM!
Source=Paul Collins Startup list

[Proc993]
Number=8103
Confirmed=X
Filename=wqxfne.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ixbotd.html" target=_blank>IXBOT-D</a> WORM!
Source=Paul Collins Startup list

[process.exe]
Number=8104
Confirmed=X
Filename=process.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021316-4133-99" target=_blank>BANCOS.P</a> TROJAN!
Source=Paul Collins Startup list

[ProcessGovernor]
Number=8105
Confirmed=U
Filename=processgovernor.exe
Description=<a href="http://www.symplasson.de/leistungen/standardsoftware/processgovernor/english" target="_blank">ProcessGuvernor</a> "helps regulate the CPU load on a computer running Microsoft Windows. It keeps single programs from hijacking the computer's performance and effectively causing a freeze for several minutes. ProcessGovernor automatically adjusts process priorities according to a predefined ruleset"
Source=Paul Collins Startup list

[ProcessSupervisorGUI]
Number=8106
Confirmed=U
Filename=ProcessSupervisor.exe
Description=<a href="http://www.softpedia.com/get/Tweak/System-Tweak/Process-Supervisor.shtml" target="_blank">Process Supervisor</a> "is a technology designed to automatically configure and manage processes on one or more computers for the goal of maintaining system stability and responsiveness, restricting executables from running, and logging of program executions"
Source=Paul Collins Startup list

[ProcessTamer]
Number=8107
Confirmed=U
Filename=ProcessTamerTray.exe
Description=Mouser's Software <a href="http://www.donationcoder.com/Software/Mouser/proctamer/index.html" target="_blank">Process Tamer</a> "is a tiny (140k) and super efficient utility for Microsoft Windows XP/2K/NT that runs in your system tray and constantly monitors the cpu usage of other processes"
Source=Paul Collins Startup list

[procmon]
Number=8108
Confirmed=X
Filename=procmon.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2001-070414-0814-99" target="_blank">BIONET.40A</a> TROJAN!
Source=Paul Collins Startup list

[Prodigy DSL]
Number=8109
Confirmed=?
Filename=EnterNetDUN.Exe
Description=Prodigy EnterNet DUN PPPoE Client - <font color="#FF0000">is it required?</font>
Source=Paul Collins Startup list

[ProdikeysAutorun]
Number=8110
Confirmed=N
Filename=Prodload.exe
Description=Creative <a href="http://www.prodikeys.com/products/prodikeys/" target=_blank>Prodikeys</a> software. "an interactive music entertainment device which not only functions as a full-featured, ergonomic “QWERTY” keyboard but also comes equipped with 37 touch-sensitive music keys and accessible music controls for endless entertainment at your desktop. Coupled with the Sound Blaster audio card, you can explore a wide array of realistic instrument sounds and have non-stop fun making music right at your desktop"
Source=Paul Collins Startup list

[ProDsl]
Number=8111
Confirmed=N
Filename=ProDsl.exe
Description=Intel Pro/DSL 2100 modem connection manager. Available via Start -> Programs
Source=Paul Collins Startup list

[Profile]
Number=8112
Confirmed=X
Filename=Profile.vbs
Description=Added by the <a href="http://vil.nai.com/vil/content/v_99145.htm" target="_blank">WHITEHO</a> VIRUS or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2001-090709-3833-99" target="_blank">TRAPPY</a> WORM!
Source=Paul Collins Startup list

[Profiler]
Number=8113
Confirmed=N
Filename=Profiler.exe
Description=Enables the &quot;Profiler&quot; to be launched from a System Tray icon for <a href="http://www.saitek.com/" target="_blank">Saitek</a>'s game controllers. Available via Start -> Programs
Source=Paul Collins Startup list

[profiler]
Number=8114
Confirmed=X
Filename=liteout.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzapchasg.html" target= blank>ZAPCHAS-G</a> WORM!
Source=Paul Collins Startup list

[profiler]
Number=8115
Confirmed=X
Filename=prof.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzapchasg.html" target= blank>ZAPCHAS-G</a> WORM!
Source=Paul Collins Startup list

[Prog]
Number=8116
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091409-4900-99" target="_blank">WEBUS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[Prog]
Number=8117
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100519-0947-99" target=_blank>WEBUS.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
Source=Paul Collins Startup list

[Program File]
Number=8118
Confirmed=X
Filename=Progmon.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091918-3229-99" target="_blank">PEEPER</a> TROJAN!
Source=Paul Collins Startup list

[Program in Windows]
Number=8119
Confirmed=X
Filename=iexplore.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lovgatew.html" target=_blank>LOVGATE-W</a> WORM! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a>) process, which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup unless you add it manually! This file is located in the System32 folder
Source=Paul Collins Startup list

[Program Neighborhood Agent]
Number=8120
Confirmed=U
Filename=pnagent.exe
Description=Citrix <a href="http://www.citrix.com/site/SS/downloads/details.asp?dID=2755&downloadID=13025&pID=186" target=_blank>Program Neighborhood Agent</a>
Source=Paul Collins Startup list

[ProgramWindow]
Number=8121
Confirmed=?
Filename=more comp.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[projselector]
Number=8122
Confirmed=N
Filename=projselector.exe
Description=Roxio Project Selector - can be started manually
Source=Paul Collins Startup list

[Promon.exe]
Number=8123
Confirmed=N
Filename=promon.exe
Description=System Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic features
Source=Paul Collins Startup list

[PromulGate]
Number=8124
Confirmed=X
Filename=PgMonitr.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-050515-5939-99" target="_blank">Delfin Promulgate</a> adware variant
Source=Paul Collins Startup list

[PRONoMgr.exe]
Number=8125
Confirmed=N
Filename=PRONoMgr.exe
Description=System Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic features
Source=Paul Collins Startup list

[PRONoMgrWired]
Number=8126
Confirmed=U
Filename=PRONoMgr.exe
Description=Intel's Pro 100 Ethernet card manager
Source=Paul Collins Startup list

[Propel Accelerator]
Number=8127
Confirmed=U
Filename=PropelAC.exe
Description=<a href="http://www.propel.com/" target="_blank">Propel</a> Internet Accelerator
Source=Paul Collins Startup list

[ProPort Startup]
Number=8128
Confirmed=U
Filename=ProPort.exe
Description=<a href="http://www.tdupage.com/main.htm" target="_blank">Proport</a> is a port monitor/protector. Monitors an infinite amount of ports for trojans and nukes. Some additional features are auto connection-kill, and IP resolving
Source=Paul Collins Startup list

[ProSiteFinder]
Number=8129
Confirmed=X
Filename=prositefinder.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453090677" target="_blank">180Solutions</a> adware related
Source=Paul Collins Startup list

[Proteçăo de tela]
Number=8130
Confirmed=X
Filename=ssmaze.scr
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanfb.html" target=_blank>BANCBAN-FB</a> TROJAN!
Source=Paul Collins Startup list

[Protect]
Number=8131
Confirmed=U
Filename=SHVRTF.EXE
Description=<a href="http://www.pcangelle.com/" target=_blank>PC Angel</a> takes a 5-second snapshot of the current system registry each time the PC boots up. In the event of a crash, PC ANGEL will retrieve everything up to the minute before the crash or the last known stable registry
Source=Paul Collins Startup list

[protect]
Number=8132
Confirmed=X
Filename=protect.scr
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadertq.html" target=_blank>DLOADER-TQ</a> TROJAN!
Source=Paul Collins Startup list

[Protected Storage]
Number=8133
Confirmed=X
Filename=RUNDLL32.EXE MSSIGN30.DLL ondll_reg
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lovgatew.html" target=_blank>LOVGATE-W</a> WORM!
Source=Paul Collins Startup list

[Protection]
Number=8134
Confirmed=X
Filename=[path] runtask.exe [path] protection.exe
Description=Added by a variant of the AGENT.3.AU TROJAN!

Source=Paul Collins Startup list

[Protection]
Number=8135
Confirmed=X
Filename=Protection.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32febelnecka.html" target=_blank>FEBELNECK-A</a> WORM!

Source=Paul Collins Startup list

[Protection]
Number=8136
Confirmed=X
Filename=Firewall.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022718-0647-99" target= blank>ELIPTER.A</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031010-2242-99" target= blank>ELIPTER.B</a> WORMS!
Source=Paul Collins Startup list

[Protection]
Number=8137
Confirmed=X
Filename=IExplore .exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031416-4252-99" target=_blank>ELIPTER.D</a> WORM! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target="_blank">iexplore.exe</a>) process as there is a space before the ".exe"
Source=Paul Collins Startup list

[Protection]
Number=8138
Confirmed=X
Filename=Norton Internet Security.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-032516-4935-99" target=_blank>ELITPER.E</a> WORM!
Source=Paul Collins Startup list

[ProtocolDiskChk]
Number=8139
Confirmed=X
Filename=ssrms.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorml.html" target=_blank>ML</a> TROJAN!
Source=Paul Collins Startup list

[ProtocolDiskChk]
Number=8140
Confirmed=X
Filename=svcvlw32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstinxy.html" target="_blank">STINX-Y</a> TROJAN!
Source=Paul Collins Startup list

[ProtocolEventTsk]
Number=8141
Confirmed=X
Filename=csrwjd.exe
Description=Added by <a href="http://www.sophos.com/virusinfo/analyses/trojstinxn.html" target=_blank>STINX-N</a> TROJAN!
Source=Paul Collins Startup list

[Provan Security]
Number=8142
Confirmed=X
Filename=psecure.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BRV&VSect=P" target=_blank>RBOT.BRV</a> WORM!
Source=Paul Collins Startup list

[proxim_orinoco_11abg]
Number=8143
Confirmed=Y
Filename=orinoco.exe
Description=Proxim <a href="http://www.proxim.com/products/cp/pci.html" target="_blank">ORiNOCO</a> 11a/b/g PCI Card wireless configuration utility
Source=Paul Collins Startup list

[PROXOMITRON]
Number=8144
Confirmed=N
Filename=PROXOMITRON.EXE
Description=HTML proxy
Source=Paul Collins Startup list

[PROXOMITRON]
Number=8145
Confirmed=N
Filename=PROXOM~1.EXE
Description=HTML proxy
Source=Paul Collins Startup list

[ProxyWay]
Number=8146
Confirmed=U
Filename=proxyway.exe
Description=<a href="http://www.proxyway.com/www/downloads/" target= blank>ProxyWay</a> anonymous proxy surfing software
Source=Paul Collins Startup list

[PRPCMonitor]
Number=8147
Confirmed=U
Filename=PRPCUI.exe
Description=Intel® SpeedStep™ interface. This automatically detects whether a mobile PC is using battery or AC power. When using battery power, SpeedStep scales the processor clock frequency and voltage to reduce the power it needs by 40%
Source=Paul Collins Startup list

[prqtect]
Number=8148
Confirmed=X
Filename=prqtect.exe
Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list

[prrtect]
Number=8149
Confirmed=X
Filename=prrtect.exe
Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list

[prstect]
Number=8150
Confirmed=X
Filename=prstect.exe
Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list

[prtcct]
Number=8151
Confirmed=X
Filename=prtcct.exe
Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list

[prttect]
Number=8152
Confirmed=X
Filename=prttect.exe
Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list

[PrU Async Service]
Number=8153
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ircbotug.html" target="_blank">IRCBot-UG</a> WORM!
Source=Paul Collins Startup list

[prutcct]
Number=8154
Confirmed=X
Filename=prutcct.exe
Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list

[prutdct]
Number=8155
Confirmed=X
Filename=prutdct.exe
Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list

[prutgct]
Number=8156
Confirmed=X
Filename=prutgct.exe
Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list

[pruthct]
Number=8157
Confirmed=X
Filename=pruthct.exe
Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list

[prutict]
Number=8158
Confirmed=X
Filename=prutict.exe
Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list

[prutlct]
Number=8159
Confirmed=X
Filename=prutlct.exe
Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list

[prutpct]
Number=8160
Confirmed=X
Filename=prutpct.exe
Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list

[prutsct]
Number=8161
Confirmed=X
Filename=prutsct.exe
Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list

[prvtect]
Number=8162
Confirmed=X
Filename=prvtect.exe
Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list

[prxtect]
Number=8163
Confirmed=X
Filename=prxtect.exe
Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list

[ps1]
Number=8164
Confirmed=X
Filename=ps1.exe
Description=<a href="http://www.benedelman.org/spyware/installations/pacerd/" target=_blank>PacerD Media/Pacimedia.com</a> adware
Source=Paul Collins Startup list

[PS2]
Number=8165
Confirmed=U
Filename=ps2.exe
Description=Multimedia Keyboard companion on HP computers. If this is prevented from starting, then some keyboard functionality will be lost.
Source=Paul Collins Startup list

[psaload32]
Number=8166
Confirmed=X
Filename=psaload32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadl.html" target=_blank>RBOT-ADL</a> WORM!
Source=Paul Collins Startup list

[PSC main]
Number=8167
Confirmed=X
Filename=sttool32.exe
Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan.Win32.Obfuscated.ev&threatid=128937" target="_blank">OBFUSCATED.EV</a> TROJAN!
Source=Paul Collins Startup list

[PSCastor]
Number=8168
Confirmed=X
Filename=PSCastor.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453100501" target="_blank">PSCastor</a> TROJAN!
Source=Paul Collins Startup list

[PSCMain]
Number=8169
Confirmed=X
Filename=pscmain2.exe
Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan.Win32.Obfuscated.ev&threatid=128937" target="_blank">OBFUSCATED.EV</a> TROJAN!
Source=Paul Collins Startup list

[PSD Tools Channel]
Number=8170
Confirmed=X
Filename=ChannelUp.exe
Description=<a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101007" target="_blank">BuddyLinks</a> adware
Source=Paul Collins Startup list

[PSDrvCheck]
Number=8171
Confirmed=Y
Filename=PSDrvCheck.exe
Description=Part of <a href="http://www.pinnaclesys.com/" target="_blank">Pinnacle Systems</a> InstantCD/DVD and InstantCopy CD/DVD copying software that verifies drive settings. Once loaded it doesn't use any resources so you can leave it enabled
Source=Paul Collins Startup list

[PService]
Number=8172
Confirmed=X
Filename=svcnow32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojspybotdj.html" target= blank>SPYBOT-DJ</a> TROJAN!
Source=Paul Collins Startup list

[PSFree]
Number=8173
Confirmed=U
Filename=PSFree.exe
Description=<a href="http://www.panicware.com/product_psfree.html" target="_blank">Pop-Up Stopper Free</a> from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group
Source=Paul Collins Startup list

[PSGuard]
Number=8174
Confirmed=X
Filename=PSGuard.exe
Description=Variant of the SmitFraud alias <a href="http://www.sophos.com/virusinfo/analyses/trojfakealec.html" target=_blank>FAKEALE-C</a> TROJAN!
Source=Paul Collins Startup list

[PSGuard spyware remover]
Number=8175
Confirmed=X
Filename=PSGuard.exe
Description=Variant of the SmitFraud alias <a href="http://www.sophos.com/virusinfo/analyses/trojfakealec.html" target=_blank>FAKEALE-C</a> TROJAN!
Source=Paul Collins Startup list

[pshower]
Number=8176
Confirmed=X
Filename=pshwr.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050804-2316-99" target=_blank>SafeSurfing</a> adware variant

Source=Paul Collins Startup list

[PSIMSVC]
Number=8177
Confirmed=Y
Filename=PSIMSVC.exe
Description=<a href="http://www.pandasoftware.com/home/particulares/default" target="_blank">Panda Antivirus</a>
Source=Paul Collins Startup list

[PSIWin2.3 Connection Server]
Number=8178
Confirmed=N
Filename=Psconsv.exe
Description=Allows connectivity between a PC and a Psion device. Access can be gained from the Desktop or Start -&gt; Programs
Source=Paul Collins Startup list

[pskl]
Number=8179
Confirmed=U
Filename=keyspy.exe
Description=<a href="http://sarc.com/avcenter/venc/data/spyware.keyboardlogger.html" target=blank>KeyboardLogger</a> keystroke logger/monitoring program - remove unless you installed it yourself!

Source=Paul Collins Startup list

[PSLister]
Number=8180
Confirmed=X
Filename=PSLister.exe
Description=Added by <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453099577" target="_blank">PurityScan C</a> adware
Source=Paul Collins Startup list

[PsMFCard]
Number=8181
Confirmed=U
Filename=PsMFCard.exe
Description=Component of the Toshiba Controls. Provides power-saving functions for the PCMCIA slots. Through the Power Save Mode Properties dialogue, the user can select from 3 PCMCIA power options - On, Auto1 and Auto2. Disabling this item has no adverse effects, except disabling the ability to reduce power consumption by powering-down the PCMCIA slots when not in use
Source=Paul Collins Startup list

[PSNotify]
Number=8182
Confirmed=Y
Filename=psnotify.exe
Description=<a href="http://www.pharos.com/" target="_blank">Pharos</a> SignUp Vx - "PC reservation and management application that addresses the PC scheduling needs of public libraries and higher education labs and libraries"
Source=Paul Collins Startup list

[PSof1]
Number=8183
Confirmed=X
Filename=PSof1.exe
Description=<a href="http://www.benedelman.org/spyware/installations/pacerd/" target=_blank>PacerD Media/Pacimedia.com</a> adware installer
Source=Paul Collins Startup list

[PSoft1]
Number=8184
Confirmed=X
Filename=psoft1.exe
Description=<a href="http://www.benedelman.org/spyware/installations/pacerd/" target= blank>PacerD Media/Pacimedia.com</a> adware installer
Source=Paul Collins Startup list

[PsPCCard]
Number=8185
Confirmed=Y
Filename=PsPCCard.EXE
Description=Background Power Saving task found on Toshiba laptops and which handles turning Power Saving ON and OFF on any inserted PC Card (PCMCIA card). Only ever disable if you do not use any power saving or hibernation settings (ie: they are all OFF)
Source=Paul Collins Startup list

[PspContr]
Number=8186
Confirmed=U
Filename=pspcontr.exe
Description=Driver/controller for the Philips SpeechMike 6174. As the Philips FreeSpeech application is no longer supported it can be disabled but the Mike can still be used for certain functions using this driver
Source=Paul Collins Startup list

[PSQLLauncher]
Number=8187
Confirmed=Y
Filename=launcher.exe
Description=IBM <a href="http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=TVAN-EAPFPR" target="_blank">ThinkVantage Fingerprint Software</a>
Source=Paul Collins Startup list

[PsSound]
Number=8188
Confirmed=U
Filename=PsSound.exe
Description=On a Toshiba laptop. Operates your sound in one of 4 modes, off, on , on only with powerr, same as #3 but longer delay
Source=Paul Collins Startup list

[pst]
Number=8189
Confirmed=U
Filename=memaker2.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-072016-3209-99" target="_blank">SpymodePCSpy</a> surveillance software. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list

[PSTORES]
Number=8190
Confirmed=?
Filename=PSTORES.EXE
Description=<font color="#FF0000">Part of Windows Services Protected Storage?</font>
Source=Paul Collins Startup list

[ptfb]
Number=8191
Confirmed=N
Filename=ptfb.exe
Description=<a href="http://www.bobos.demon.co.uk/par/PTFB.htm" target="_blank">Push the Freakin' Button</a> - &quot;When a dialog causes irritation, you simply tell PTFB which button should be pressed, and it will handle the dialog in future&quot;
Source=Paul Collins Startup list

[Ptipbmf]
Number=8192
Confirmed=?
Filename=rundll32.exe ptipbmf.dll, SetWriteCacheMode
Description=Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. <font color="#FF0000">May be necessary in order to maintain preferences applied to the RAID array connected to the Promise controller</font>
Source=Paul Collins Startup list

[PtiuPbmd]
Number=8193
Confirmed=U
Filename=Rundll32.exe ptipbm.dll, SetWriteBack
Description=Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. Tells the drivers that the connected Drives should use the "Write Back" Caching. You can disable this if you don't want to use "Write Back" Caching or if you have not connected any driver to your Promise Controller

Source=Paul Collins Startup list

[PTRGMYGK]
Number=8194
Confirmed=X
Filename=rundll32.exe ptmg1v.dll, DllRunMain
Description=Added by an unidentified TROJAN, WORM or other malware!

Source=Paul Collins Startup list

[ptrun32]
Number=8195
Confirmed=U
Filename=ptrun32.exe
Description=<a href="http://www.parent-tools.com/" target="_blank">Parent Tools</a> for AIM
Source=Paul Collins Startup list

[PTRUN32]
Number=8196
Confirmed=U
Filename=ptr32w.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/spyware.parenttools.html" target="_blank">ParentTools</a> surveillance software. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list

[Ptsnoop]
Number=8197
Confirmed=N
Filename=Ptsnoop.exe
Description=These descriptions I've come across - all valid as far as I can see :- (1) Program installed with some modems that monitors the COM ports for the modem driver. Not required from what I've read - may need a registry edit to get rid of it (2) Backdoor trojan virus that copies itself as PTSNOOP.EXE -see <a href="http://www.f-secure.com/v-descs/ptsnoop.shtml" target="_blank">here</a> for more info(3) Apparently the people who put it out claim it's a driver for a Voice modems (don't know who they are though - Ed) Note: If using AOL and you disable this you may lose your connection or lock up (4) Can also be an older Logitech scanner program. Remove from the Win.ini tab under Load='path'PTSNOOP and the System.ini tab under drivers='path'ptrtkr.drb. Can cause parallel port conflicts big time dragging system resources way down when a conflict exists (5) Allows audio monitoring of modem phone dialling tones and can be useful if you have connection problems (6) Karen Kenworthy's <a href="http://www.karenware.com/" target="_blank"> Snooper</a> - "logs the start and stop time of all programs run under Windows"
Source=Paul Collins Startup list

[pttrun]
Number=8198
Confirmed=U
Filename=pttrun.exe
Description=Transmeta Crusoe processor related. Reduces application launch times and makes the computer "more responsive"
Source=Paul Collins Startup list

[PtUDFApp]
Number=8199
Confirmed=N
Filename=PtUDFApp.exe
Description=Sony abCD program, included on the CD Xtreme install CD, used to format CD-RWs for packet writing (similar to DirectCD). Available via Start -> Programs. Note that you must add a /T switch to the command line to get it to load to the taskbar
Source=Paul Collins Startup list

[PUAC v2.0.7]
Number=8200
Confirmed=U
Filename=Puac.exe
Description=<a href="http://www.puac.net/index.html" target=_blank>"Peter's Ultimate Alarm Clock"</a>
Source=Paul Collins Startup list

[Public Microsoft ODBC]
Number=8201
Confirmed=X
Filename=ODBC32*.exe [* = random char]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MASLAN.D&VSect=T" target=_blank>MASLAN.D</a> WORM!
Source=Paul Collins Startup list

[pumcfgp]
Number=8202
Confirmed=U
Filename=proxycfg.exe
Description="GuardWare <a href="http://www.guardwareinc.com/ishield/isaboutus.html" target="_blank">iShield</a> blocks pornographic images when you surf the Internet on your computer using a web browser"
Source=Paul Collins Startup list

[Pure Networks Port Magic]
Number=8203
Confirmed=N
Filename=PortAOL.exe
Description=Pure Networks Port Magic, as available in the latest version of the AOL® 9.0 Optimized SE software; automatically configures most in-home Internet gateways, improving access and performance for applications such as instant messaging, online gaming, and streaming music and video. See <a href="http://www.networkmagic.com/product/" target="_blank">here</a>
Source=Paul Collins Startup list

[Purgative]
Number=8204
Confirmed=U
Filename=PURGATIVE100.EXE
Description=AIM (AOL Instant Messenger) Ad Remover Using Active Memory Edits instead of a patch/crack
Source=Paul Collins Startup list

[Purgatory]
Number=8205
Confirmed=X
Filename=Purga.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32purgoryb.html" target=_blank>PORGORY-B</a> WORM!
Source=Paul Collins Startup list

[Push Client]
Number=8206
Confirmed=N
Filename=pull.exe
Description=Client software from <a href="http://www.interwise.com/" target="_blank">Interwise</a> that MS use for their webcasts
Source=Paul Collins Startup list

[Push The Freakin' Button]
Number=8207
Confirmed=N
Filename=ptfb.exe
Description=<a href="http://www.bobos.demon.co.uk/par/PTFB.htm" target="_blank">Push the Freakin' Button</a> - &quot;When a dialog causes irritation, you simply tell PTFB which button should be pressed, and it will handle the dialog in future&quot;
Source=Paul Collins Startup list

[PUSH6599]
Number=8208
Confirmed=N
Filename=PUSH6599.EXE
Description=Scan button monitor for Relysis Episode MF6599 USB scanner as you can start scanning manually via the scanning software
Source=Paul Collins Startup list

[PutA!!]
Number=8209
Confirmed=X
Filename=PutA!!.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.L" target="_blank">OPASERV.L</a> WORM!
Source=Paul Collins Startup list

[PutAS!]
Number=8210
Confirmed=X
Filename=PutA!!.com
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.Z" target="_blank">OPASERV.Z</a> WORM!
Source=Paul Collins Startup list

[putil]
Number=8211
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110315-5340-99" target="_blank">LDPINCH</a> TROJAN!
Source=Paul Collins Startup list

[PV92TRAY]
Number=8212
Confirmed=U
Filename=PV92Tray.exe
Description=<a href="http://www.modemsite.com/56k/pctel.asp" target=_blank>PCtel</a> HSP V.92 modem configuration utility
Source=Paul Collins Startup list

[PVModule]
Number=8213
Confirmed=X
Filename=pvmodule.exe
Description=Adperform.com/adoptim.com adware, file located in a Program Files\PrintView folder and detected by <a href="http://www.avira.com/" target="_blank">AntiVir</a> antivirus as TR/Dldr.Agent.alb. NOTE: the 'real' <a href="http://www.cbr.com.tr/print_man.htm" target="_blank">PrintView</a> installs in a C:\CBR folder instead!
Source=Paul Collins Startup list

[PVR]
Number=8214
Confirmed=N
Filename=PVR.exe
Description=<a href="http://www.xemico.com/pvr/" target="_blank">Pocket Voice Recorder</a> - freeware sound recorder that records from microphone and any other input line available with your sound card
Source=Paul Collins Startup list

[PVUnInst1]
Number=8215
Confirmed=U
Filename=PVUnInst1.exe
Description=<a href="http://www.privacyview.com/" target=_blank>Privacy View</a> - privacy software that ensures that all your private computer files, photos, documents, and websites remain secure from prying eyes
Source=Paul Collins Startup list

[Pwr32ctr]
Number=8216
Confirmed=X
Filename=Pwr32ctr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list

[Pwr32ctrl]
Number=8217
Confirmed=X
Filename=Pwr32ctrl.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list

[Pwr32mgt]
Number=8218
Confirmed=X
Filename=Pwr32mgt.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list

[PWRESET]
Number=8219
Confirmed=U
Filename=pwreset.exe
Description=Related to the Avaya <a href="http://www.avaya.com/gcm/master-usa/en-us/products/offers/ip_softphone01.htm" target="_blank">IP Softphone</a>
Source=Paul Collins Startup list

[PWRISOVM.EXE]
Number=8220
Confirmed=N
Filename=PWRISOVM.EXE
Description=<a href="http://www.poweriso.com/" target="_blank">PowerISO</a> - a powerful CD/DVD image file processing tool
Source=Paul Collins Startup list

[PWRMGRTR]
Number=8221
Confirmed=Y
Filename=PWRMGRTR.DLL
Description=<a href="http://www.spyany.com/files/PWRMGRTR_dll.html" target=_blank>Power Manager</a> - background monitor module for IBM ThinkPad laptops. Leave it alone to ensure proper power management functions

Source=Paul Collins Startup list

[Pwrmonit]
Number=8222
Confirmed=Y
Filename=Rundll32 PwrMonit.dll
Description=IBM's proprietary 'battery maximiser' and power monitoring software for laptops
Source=Paul Collins Startup list

[Pwroff]
Number=8223
Confirmed=X
Filename=Pwroff.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list

[Pwrsave]
Number=8224
Confirmed=U
Filename=Pwrsave.exe
Description=Toshiba Power Saver utilities. Required on a laptop if you run of a battery and want to conserve power
Source=Paul Collins Startup list

[Pwruplogin]
Number=8225
Confirmed=?
Filename=pulogin.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[PwrupTweakMe]
Number=8226
Confirmed=U
Filename=PUPXPTWK.EXE
Description=<a href="http://www.ashampoo.com/frontend/homepage/php/index.php?session_langid=2" target="_blank">Ashampoo's</a> PowerUp XP is a "tool for fine-tuning your Windows NT4, 2000, 2003 Server and XP configuration". Boot-up options won't work if disabled
Source=Paul Collins Startup list

[PWS Tray]
Number=8227
Confirmed=U
Filename=PwsTray.exe
Description=Microsoft's Personal Web Server, an application which allows PCs to behave as web servers (allows you to test your .asp pages on your own PC without having to load them onto the internet). Available via Start -> Programs
Source=Paul Collins Startup list

[p_981116]
Number=8228
Confirmed=N
Filename=p_981116.exe
Description=Win32 cabinet self extractor. More info <a href="http://groups.google.com/group/microsoft.public.win98.performance/browse_frm/thread/1bb6d199cdad3c95/24366de20a10c5d6?hl=en&rnum=18&prev=/groups%3Fq%3DP_981116.exe%26hl%3Den%26start%3D10%26sa%3DN#24366de20a10c5d6" target="_blank">here</a>
Source=Paul Collins Startup list

[Q152404]
Number=8229
Confirmed=N
Filename=wsript.exe Q152404.VBS
Description=Appears to run Scandisk at bootup on NEC PCs
Source=Paul Collins Startup list

[q36i36O]
Number=8230
Confirmed=X
Filename=lms2cenu.exe
Description=Added by the SECONDTHOUGHT VIRUS!
Source=Paul Collins Startup list

[QAGENT]
Number=8231
Confirmed=N
Filename=qagent.exe
Description=Quicken program is controlled by a separate utility program called the Quicken Download Manager (also known as Qagent). When Quicken Download Manager option is enabled, background downloading takes advantage of unused bandwidth to download current financial information anytime your computer is connected to the Internet
Source=Paul Collins Startup list

[qappsrvc32.exe]
Number=8232
Confirmed=X
Filename=qappsrvc32.exe
Description=Recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan-Proxy.Win32.Webber.m
Source=Paul Collins Startup list

[QBCD autorun]
Number=8233
Confirmed=N
Filename=autorun.exe
Description=Quick Books CD
Source=Paul Collins Startup list

[qbkupdbs]
Number=8234
Confirmed=X
Filename=mqbkup.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-122416-1629-99" target="_blank">OPASERV.K</a> WORM!
Source=Paul Collins Startup list

[qbotd]
Number=8235
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-022317-3413-99" target="_blank">BOTTEN</a> TROJAN!
Source=Paul Collins Startup list

[qBrowse]
Number=8236
Confirmed=?
Filename=qbrowse.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[QBRSR]
Number=8237
Confirmed=X
Filename=QuickBrowser.exe
Description=top-banners.com adware
Source=Paul Collins Startup list

[Qchex Tray Icon]
Number=8238
Confirmed=U
Filename=Qchex.exe
Description=Related to <a href="http://www.g7ps.com/" target=_blank>G7 Productivity Systems</a> Check Software
Source=Paul Collins Startup list

[QCTRAY]
Number=8239
Confirmed=U
Filename=Qctray.exe
Description=System Tray icon providing access to the "IBM Access Connections" wizard on ThinkPad laptops and also allows to change the network environment. Not the same as QCWLIcon, which is pertinent only to the Wireless LAN
Source=Paul Collins Startup list

[QCWLICON]
Number=8240
Confirmed=U
Filename=Qcwlicon.exe
Description=Used by IBM Thinkpad laptops with built-in wireless card (802.11). System Tray icon that provides a shortcut to "Wireless Connection Status" and allows to turn WL on and off
Source=Paul Collins Startup list

[QD FastAndSafe]
Number=8241
Confirmed=N
Filename=QDCSFS.exe
Description=Automatically runs Fast &amp; Safe clean-up from Norton/Quarterdeck Cleansweep. Deletes safe to remove files such as Temporary Internet Files (cache). Recommended you run it manually
Source=Paul Collins Startup list

[QDM]
Number=8242
Confirmed=U
Filename=QdmStart.exe
Description=QDM (QDI Desktop Manager) - part of QDI ManageEasy for QDI's series of motherboards for monitoring PSU, temperatures, BIOS information, etc. Only required if you overclock system components and need to monitor temperatures, etc
Source=Paul Collins Startup list

[QDMStart]
Number=8243
Confirmed=U
Filename=QdmStart.exe
Description=QDM (QDI Desktop Manager) - part of QDI ManageEasy for QDI's series of motherboards for monitoring PSU, temperatures, BIOS information, etc. Only required if you overclock system components and need to monitor temperatures, etc
Source=Paul Collins Startup list

[Qdsafe]
Number=8244
Confirmed=?
Filename=??
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Qexplo]
Number=8245
Confirmed=?
Filename=Qexplo.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[qgqqft]
Number=8246
Confirmed=X
Filename=[path to Trojan]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030913-4611-99" target=_blank>RANKY.T</a> TROJAN!
Source=Paul Collins Startup list

[QH Live Update Scheduler]
Number=8247
Confirmed=Y
Filename=UPSCHD.EXE
Description=<a href="http://www.quickheal.co.in/public/products/homeuser.asp" target=_blank>Quick Heal</a> Anti-Virus
Source=Paul Collins Startup list

[QH Office 2K Check]
Number=8248
Confirmed=Y
Filename=O2KCHECK.EXE
Description=<a href="http://www.quickheal.co.in/public/products/homeuser.asp" target=_blank>Quick Heal</a> Anti-Virus MS Office documents virus checker
Source=Paul Collins Startup list

[QlbCtrl]
Number=8249
Confirmed=U
Filename=QlbCtrl.exe
Description=HP <a href="http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&swItem=ob-45287-1&jumpid=reg_R1002_USEN" target="_blank">Quick Launch Buttons</a> control center on their laptops
Source=Paul Collins Startup list

[QMusic]
Number=8250
Confirmed=?
Filename=QMAgent.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[QNPlus]
Number=8251
Confirmed=N
Filename=QNPlus.exe
Description=<a href="http://www.conceptworld.com/QNP/default.asp" target="_blank">Quick Notes Plus</a> by Conceptworld - sticky notes tool
Source=Paul Collins Startup list

[Qoeloader]
Number=8252
Confirmed=U
Filename=Qoeloader.exe
Description=<a href="http://www.qurb.com/" target="_blank">Qurb 2.0</a> anti-spam tool for Outlook/Outlook Express. Required when supporting OE but not for Outlook. Shortcut available via Start -> Programs
Source=Paul Collins Startup list

[QPService]
Number=8253
Confirmed=U
Filename=QPService.exe
Description=HP <a href="http://h71036.www7.hp.com/hho/cache/303777-0-0-225-121.html?jumpid=reg_R1002_USEN" target=_blank>QuickPlay</a> - "brings your favorite music and movies to life with the touch of a button"

Source=Paul Collins Startup list

[QQ]
Number=8254
Confirmed=X
Filename=sendmess.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092510-2220-99" target="_blank">SEMES</a> TROJAN!
Source=Paul Collins Startup list

[QQ.exe]
Number=8255
Confirmed=X
Filename=QQ.exe
Description=Added by a variant of the <a href="http://en.wikipedia.org/wiki/QQ" target="_blank">SDBOT</a> WORM! Note - this is not the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">Tencent QQ</a> Asian instant messanger program and resides in the Windows folder
Source=Paul Collins Startup list

[QQKAV]
Number=8256
Confirmed=X
Filename=scvhsot.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_QQROB.ARQ" target="_blank">QQROB.ARQ</a> WORM!
Source=Paul Collins Startup list

[QQServer]
Number=8257
Confirmed=X
Filename=QQ.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdownldran.html" target=_blank>DOWNLDR-AN</a> TROJAN!
Source=Paul Collins Startup list

[qservices]
Number=8258
Confirmed=X
Filename=qservice.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojprogenta.html" target=_blank>PROGENT-A</a> TROJAN!
Source=Paul Collins Startup list

[QSort2000]
Number=8259
Confirmed=N
Filename=QSORT.EXE
Description=Utility that sorts your Start menu and Favourites in alphanumerical order. Not required - at any time you can right-click on these lists and choose &quot;Sort by Name&quot;
Source=Paul Collins Startup list

[QT4HPOT]
Number=8260
Confirmed=U
Filename=OneTouch.exe
Description=Hewlett Packard One Touch keyboard driver. Required if you use the additional keys
Source=Paul Collins Startup list

[QTaskStartup]
Number=8261
Confirmed=U
Filename=qtask.exe
Description=Feature of Quicken.com Brokerage to customize and display <a href="http://www.quicken.com/support/investments/email/help/?desktop.q.howdoi&amp;pop" target="_blank">Desktop Alerts</a> and icon. It is not required for the Quicken Program to run correctly, it is only required for the Desktop Alerts feature
Source=Paul Collins Startup list

[QTime]
Number=8262
Confirmed=X
Filename=nrchk.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list

[QTSTUB.EXE]
Number=8263
Confirmed=N
Filename=Qtstub.exe
Description=Part of an old version of the Quick Tax application. It enables Quick Tax Calendar Popup to show tax calendar reminders
Source=Paul Collins Startup list

[QTSvc]
Number=8264
Confirmed=X
Filename=msocfg.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list

[QTSvc]
Number=8265
Confirmed=X
Filename=navchk.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list

[QTSvc]
Number=8266
Confirmed=X
Filename=shman.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list

[QTSvc]
Number=8267
Confirmed=X
Filename=ssvr.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list

[qttask]
Number=8268
Confirmed=N
Filename=Qttask.exe
Description=System Tray access to Apple's &quot;Quick Time&quot; viewer from version 5 onwards
Source=Paul Collins Startup list

[QtVprMtx]
Number=8269
Confirmed=U
Filename=QTVPRMTX.EXE
Description=Multimedia keyboard driver from <a href="http://www.dritek.com.tw/Dritek_Eng.htm" target="_blank">Dritek System Inc</a>
Source=Paul Collins Startup list

[Quantifier Security]
Number=8270
Confirmed=X
Filename=qsecue.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082215-2821-99" target=_blank>SPYBOT.UOL</a> WORM!
Source=Paul Collins Startup list

[QUBCity]
Number=8271
Confirmed=?
Filename=qtp.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Queensla]
Number=8272
Confirmed=?
Filename=Queensla.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Quick Controls]
Number=8273
Confirmed=U
Filename=Astrotoolbar.exe
Description=Gateway Astro Screen and Sound Controls tray icon
Source=Paul Collins Startup list

[Quick Heal Firewall Pro]
Number=8274
Confirmed=U
Filename=qhfw.exe
Description=<a href="http://www.quickheal.co.in/" target="_blank">Quick Heal</a> Firewall Pro
Source=Paul Collins Startup list

[Quick Heal Messenger]
Number=8275
Confirmed=U
Filename=QHM32.EXE
Description=<a href="http://www.quickheal.co.in/public/products/homeuser.asp" target=_blank>Quick Heal</a> Anti-Virus Messenger - keeps you informed about the latest threats, hoaxes etc
Source=Paul Collins Startup list

[Quick Heal On-Line Protection]
Number=8276
Confirmed=Y
Filename=Cateye.exe
Description=<a href="http://www.quickheal.com/qh95.htm" target="_blank">Quick Heal</a> - virus scanner
Source=Paul Collins Startup list

[Quick Heal Startup Scan]
Number=8277
Confirmed=Y
Filename=QHSTRT32.EXE
Description=<a href="http://www.quickheal.com/qh95.htm" target="_blank">Quick Heal</a> - virus scanner
Source=Paul Collins Startup list

[Quick Shelf xx]
Number=8278
Confirmed=N
Filename=qushelfxx.exe
Description=Places an icon in the system tray for launching MS Bookshelf. Available via Start -> Programs&quot;xx&quot; represents the version number - ie, 98, 99
Source=Paul Collins Startup list

[Quick Startup]
Number=8279
Confirmed=Y
Filename=Fquick32.exe
Description=For a Nisis G6 USB Graphics Tablet. Re-enables itself if disabled therefore best left alone
Source=Paul Collins Startup list

[Quick Time Task]
Number=8280
Confirmed=N
Filename=qttask.exe
Description=System Tray access to Apple's "Quick Time" viewer from version 5 onwards
Source=Paul Collins Startup list

[Quick View Plus]
Number=8281
Confirmed=N
Filename=QVP32.EXE
Description=Quick View Plus from Inso Corporation. Multiple file type viewer. Available via Start -> Programs
Source=Paul Collins Startup list

[QuickBooks Delivery Agent]
Number=8282
Confirmed=N
Filename=QBDAGENT.EXE
Description=As far QAGENT but for QuickBooks. Can also have the version number in the name
Source=Paul Collins Startup list

[Quickbooks Update Agent]
Number=8283
Confirmed=N
Filename=qbupdate.exe
Description=Associated with Intuit's Quickbooks but not required. Possibly to do with the payroll update service but you're prompted to check for updates when appropriate whether this is running or not
Source=Paul Collins Startup list

[QuickCamPro]
Number=8284
Confirmed=U
Filename=QuickCamPro.exe
Description=System Tray for Picture Capture utility that can run unattended. Pictures every 30 seconds for example, auto FTP Upload, etc
Source=Paul Collins Startup list

[quicken]
Number=8285
Confirmed=X
Filename=quicken.exe
Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#therealsearch" target=_blank>Therealsearch</a> parasite variant
Source=Paul Collins Startup list

[quicken]
Number=8286
Confirmed=X
Filename=Winrar.exe
Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#therealsearch" target=_blank>Therealsearch</a> parasite variant. Note - this is not the file zipping utility also known as <a href="http://www.rarlab.com/" target="_blank">WinRAR</a>!
Source=Paul Collins Startup list

[quicken]
Number=8287
Confirmed=X
Filename=Waol.exe
Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#therealsearch" target=_blank>Therealsearch</a> parasite variant
Source=Paul Collins Startup list

[Quicken Scheduled Updates]
Number=8288
Confirmed=N
Filename=bagent.exe
Description=Quicken background downloading module
Source=Paul Collins Startup list

[Quicken Startup]
Number=8289
Confirmed=N
Filename=QWDLLS.EXE
Description=Quicken option to load DLLs at startup
Source=Paul Collins Startup list

[QuickenSEMessage]
Number=8290
Confirmed=N
Filename=Qsemsg.exe
Description=Quicken option
Source=Paul Collins Startup list

[QuickFinder Scheduler]
Number=8291
Confirmed=N
Filename=QFSCHD100.exe
Description=Used in Corel 2002 &amp; Corel Suite 7 - finds files faster by indexing your files (similar to Microsoft's Find Fast or Fast Search for its Office products)
Source=Paul Collins Startup list

[QuickFinder Scheduler]
Number=8292
Confirmed=N
Filename=QFSched.exe
Description=Used in Corel 2002 &amp; Corel Suite 7 - finds files faster by indexing your files (similar to Microsoft's Find Fast or Fast Search for its Office products)
Source=Paul Collins Startup list

[QuickLaunchEr]
Number=8293
Confirmed=Y
Filename=QuickLaunchEr.Exe
Description=QuickLaunchEr - allows you to quickly launch programs from an icon in the system tray
Source=Paul Collins Startup list

[Quicklink III]
Number=8294
Confirmed=N
Filename=QL.EXE
Description=HP fax program and only needs to be in the start-up group if you allow your phone to automatically answer your phone in fax mode, that is, to receive faxes after a certain number of rings. Available via Start -> Programs
Source=Paul Collins Startup list

[Quicknote]
Number=8295
Confirmed=N
Filename=quicknote.exe
Description=<a href="http://www.metz-furniere.de/jens/jcmb/quicknen.html" target="_blank">JC&amp;MB Quicknote</a> Virtual Scrapbook
Source=Paul Collins Startup list

[QuickPassword]
Number=8296
Confirmed=U
Filename=agquickp.exe
Description=Smart card-based authentication and digital signature client software
Source=Paul Collins Startup list

[QuickRes]
Number=8297
Confirmed=N
Filename=QUICKRES.EXE
Description=Utility to quickly change desktop resolution - left over from Win95 Power Toys. In Win98 and above incorporated via Control Panel -&gt; Display. Not required unless you have to change resolutions on a regular basis
Source=Paul Collins Startup list

[quickset]
Number=8298
Confirmed=N
Filename=quickset.exe
Description=Dell taskbar icon allowing you to quickly change settings
Source=Paul Collins Startup list

[Quicktime]
Number=8299
Confirmed=X
Filename=qttasks.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojadclickak.html" target= blank>ADCLICK-AK</a> TROJAN!
Source=Paul Collins Startup list

[Quicktime]
Number=8300
Confirmed=X
Filename=shch.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooreb.html" target= blank>EB</a> TROJAN!
Source=Paul Collins Startup list

[Quicktime Mediaplayer]
Number=8301
Confirmed=X
Filename=winmplyer32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpm.html" target=_blank>RBOT-PM</a> WORM!

Source=Paul Collins Startup list

[Quicktime Mediaplayr]
Number=8302
Confirmed=X
Filename=wnmplyr.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Quicktime Pro 3.0]
Number=8303
Confirmed=X
Filename=winuodps.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102714-0859-99" target="_blank">GAOBOT.BH</a> WORM!
Source=Paul Collins Startup list

[QuickTime Task]
Number=8304
Confirmed=N
Filename=Qttask.exe
Description=System Tray access to Apple's &quot;Quick Time&quot; viewer from version 5 onwards
Source=Paul Collins Startup list

[QuickTime Task]
Number=8305
Confirmed=X
Filename=qttasks.exe
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list

[Quicktime Task]
Number=8306
Confirmed=X
Filename=[random filename]
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-121917-5031-99" target=_blank>Trafficadvance</a> dialer
Source=Paul Collins Startup list

[QuickTime Update Completion x]
Number=8307
Confirmed=N
Filename=quicktimeupdatehelper.exe
Description=Different numbers caused by number of launches. So if 3 updates are made separately, 3 would appear (in theory)
Source=Paul Collins Startup list

[QuicktimeMngr]
Number=8308
Confirmed=X
Filename=QUICKTIMEMNGR.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.AW" target="_blank">WOOTBOT.AW</a> WORM!
Source=Paul Collins Startup list

[QuickTimeUpdate]
Number=8309
Confirmed=X
Filename=QuickUpdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifrosecw.html" target=_blank>BIFROSE-CW</a> TROJAN!
Source=Paul Collins Startup list

[Quicktlme]
Number=8310
Confirmed=X
Filename=ru.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[QuickTV]
Number=8311
Confirmed=U
Filename=QuickTV.exe
Description=Infra-red remote control driver for the <a href="http://www.aver.com/products/tvtuner_AVerTV_studio.shtml" target="_blank"> AVerTV Studio</a> TV tuner/personal video recoder from AVerMedia. Required if you use the remote control
Source=Paul Collins Startup list

[Quickzip]
Number=8312
Confirmed=X
Filename=Ls.exe
Description=MsConnect browser hijacker and dialler
Source=Paul Collins Startup list

[QuickZip]
Number=8313
Confirmed=X
Filename=lu.exe
Description=MsConnect browser hijacker and dialler
Source=Paul Collins Startup list

[QuikShield]
Number=8314
Confirmed=N
Filename=qkshield.exe
Description=QuikShield popup blocker - reportedly stealth installed, see <a href="http://groups.google.com/groups?num=50&hl=en&lr=&ie=UTF-8&oe=UTF-8&q=quikshield" target="_blank">here</a>
Source=Paul Collins Startup list

[QuikSync]
Number=8315
Confirmed=N
Filename=QUIKSYNC.EXE
Description=Used by Iomega drives. Available via Start -> Programs
Source=Paul Collins Startup list

[qwe]
Number=8316
Confirmed=X
Filename=qwe.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagef.html" target= blank>LINEAGE-F</a> TROJAN!
Source=Paul Collins Startup list

[QWERTY]
Number=8317
Confirmed=?
Filename=qwerty.exe
Description=Possibly adult content related adware
Source=Paul Collins Startup list

[qwertybot.exe]
Number=8318
Confirmed=X
Filename=qwertybot.exe
Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Backdoor.Win32.Agent.alf&threatid=124536" target="_blank">AGENT.ALF</a> TROJAN!
Source=Paul Collins Startup list

[QWS3270 Sessions]
Number=8319
Confirmed=U
Filename=sessions.exe
Description=QWS3270 Secure terminal emulation software
Source=Paul Collins Startup list

[R]
Number=8320
Confirmed=X
Filename=[path] rundll32.exe msprt.dll
Description=Chinese originated browser hijacker - redirecting to 4199.com
Source=Paul Collins Startup list

[RA Server]
Number=8321
Confirmed=X
Filename=Slave.exe
Description=Added by the RA TROJAN!
Source=Paul Collins Startup list

[RabbitWannaHome]
Number=8322
Confirmed=X
Filename=rabbit.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-012910-3640-99" target="_blank">MIMAIL.S</a> WORM!
Source=Paul Collins Startup list

[Rabo Session Monitor]
Number=8323
Confirmed=Y
Filename=RaboSessionMon.exe
Description=Related to <a href="http://www.rabobank.com/" target="_blank">RaboBank</a> electronic banking software
Source=Paul Collins Startup list

[RaConfig2500]
Number=8324
Confirmed=N
Filename=RaConfig2500.exe
Description=<a href="http://www.ralinktech.com/home.asp" target=_blank>RaLink</a> wireless LAN configuration utility

Source=Paul Collins Startup list

[RadarSync]
Number=8325
Confirmed=N
Filename=RadarSync.exe
Description=Radarsync utility comes from DFI with their latest motherboards, e.g., DFI LanParty Ultra - checks for BIOS and driver updates periodically
Source=Paul Collins Startup list

[RadBoot]
Number=8326
Confirmed=U
Filename=RadBoot.exe
Description=RadLinker - tweaker/linker for ATI Radeon based graphics cards. It allows you easy access to per game settings
Source=Paul Collins Startup list

[Radio365Agent]
Number=8327
Confirmed=U
Filename=Radio365TrayAgent.exe
Description=<a href="http://www.live365.com/downloads/" target="_blank">Radio365</a> - create playlists and broadcast live straight from your PC!
Source=Paul Collins Startup list

[RadioSvr]
Number=8328
Confirmed=U
Filename=RadioSvr.EXE
Description=Used to configure wire less networks. Windows automatically detects the Wireless network and it configures the network
Source=Paul Collins Startup list

[RAID Event Monitor]
Number=8329
Confirmed=U
Filename=iaanotif.exe
Description=IAA Event Monitor User Notification Tool - part of <a href="http://www.intel.com/support/chipsets/iaa/" target="_blank">Intel® Application Accelerator</a> - "a performance software package for desktop PCs using select Intel® chipsets" that "replaces the ATA drivers that come with Windows with drivers optimized for desktop and mobile PCs." If you use the RAID version it's required to notify you if a RAID 1 disk has failed
Source=Paul Collins Startup list

[RaidTool]
Number=8330
Confirmed=U
Filename=raid_tool.exe
Description=VIA V-RAID Tool - hard disk striping/mirroring utility for increased performance and reliability

Source=Paul Collins Startup list

[Rainlendar]
Number=8331
Confirmed=U
Filename=Rainlendar.exe
Description=<a href="http://www.rainlendar.net/" target="_blank">Rainlendar</a> is a customizable calendar that displays the current month
Source=Paul Collins Startup list

[Rainlendar2]
Number=8332
Confirmed=U
Filename=Rainlendar2.exe
Description=<a href="http://www.rainlendar.net/" target="_blank">Rainlendar</a> is a customizable calendar that displays the current month
Source=Paul Collins Startup list

[RAM Idle Professional]
Number=8333
Confirmed=U
Filename=RAM_XP.exe
Description=<a href="http://www.tweaknow.com/ramidleLE.html" target="_blank">RAM Idle LE</a> - "A smart memory management program that will keep your computer running better, faster, and longer. RAM Idle works by freeing up physical RAM wasted by Windows and other applications. In addition, RAM Idle also includes Cache and startup manager program that will give you more power to optimize your Windows." MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://aumha.org/win4/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
Source=Paul Collins Startup list

[RAMASST]
Number=8334
Confirmed=U
Filename=RAMASST.exe
Description=Optionally installed with some DVD drives (LG, Panasonic, etc). Disables Windows XP's CD-burning abilities because they cause some incompatibilities. It does not affect your ability to burn CDs. If you do not have this program running, you may have some compatibility issues with burnt DVDs
Source=Paul Collins Startup list

[RamBooster2]
Number=8335
Confirmed=X
Filename=rb.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-090212-3727-99" target="_blank">AKAK</a> TROJAN!
Source=Paul Collins Startup list

[RAMDef]
Number=8336
Confirmed=U
Filename=ramdef.exe
Description=<a href="http://www.softpedia.com/get/Tweak/Memory-Tweak/RAM-Def-XTreme.shtml" target="_blank">Ram Def Xtreme</a> - monitors and defragments your system RAM to improve reliability and speed. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://aumha.org/win4/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
Source=Paul Collins Startup list

[RAMDrive]
Number=8337
Confirmed=U
Filename=RDTask.exe
Description=<a href="http://www.farstone.com/software/virtual-hard-drive.htm" target=_blank>Virtual Hard Drive</a> (Ram Drive) from Farstone - takes a portion of your system memory (RAM) and uses it to simulate a hard disk drive
Source=Paul Collins Startup list

[RamIdle]
Number=8338
Confirmed=U
Filename=ramidle.exe
Description=<a href="http://www.tweaknow.com/ramidleLE.html" target="_blank">RAM Idle LE</a> - "A smart memory management program that will keep your computer running better, faster, and longer. RAM Idle works by freeing up physical RAM wasted by Windows and other applications. In addition, RAM Idle also includes Cache and startup manager program that will give you more power to optimize your Windows." MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://aumha.org/win4/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
Source=Paul Collins Startup list

[RAMpage]
Number=8339
Confirmed=U
Filename=RAMpage.exe
Description=Small Windows utility that displays the amount of available memory in an icon in the System Tray. It can also free memory by double clicking the tray icon, or by setting a threshold that activates the program automatically, or by having it run automatically when an application exits. RAMpage is free, and open source
Source=Paul Collins Startup list

[Randex virus built for IRBMe]
Number=8340
Confirmed=X
Filename=irbme.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-051716-4252-99" target="_blank">RANDEX.RH</a> WORM!
Source=Paul Collins Startup list

[random]
Number=8341
Confirmed=X
Filename=random.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderkm.html" target=_blank>DLOADER-KM</a> TROJAN!
Source=Paul Collins Startup list

[Random Interface Network]
Number=8342
Confirmed=X
Filename=rst.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotp.html" target="_blank">DELBOT-P</a> WORM!
Source=Paul Collins Startup list

[Random Interface Network Manager]
Number=8343
Confirmed=X
Filename=rinsv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotl.html" target="_blank">DELBOT-L</a> WORM!
Source=Paul Collins Startup list

[Random Unique ID]
Number=8344
Confirmed=X
Filename=[worm filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32xrovea.html" target=_blank>XROVE-A</a> WORM!

Source=Paul Collins Startup list

[RandomWin32]
Number=8345
Confirmed=X
Filename=mgnwin32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotdv.html" target=_blank>SDBOT-DV</a> WORM!
Source=Paul Collins Startup list

[rant]
Number=8346
Confirmed=Y
Filename=rant.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotzb.html" target= blank>RBOT-ZB</a> WORM!
Source=Paul Collins Startup list

[RapApp]
Number=8347
Confirmed=Y
Filename=RAPAPP.EXE
Description=Application protection component of <a href="http://blackice.iss.net/product_pc_protection.php" target="_blank">BlackICE PC Protection</a> (was Defender) firewall, informing you of any modifications to programs, files or folders and detecting unknown programs trying to launch
Source=Paul Collins Startup list

[Rapdata]
Number=8348
Confirmed=X
Filename=ravsecs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassv.html" target=_blank>QQPASS-V</a> TROJAN!
Source=Paul Collins Startup list

[Rapdatae]
Number=8349
Confirmed=X
Filename=rabseuser.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpasss.html" target=_blank>QQPASS-S</a> TROJAN!
Source=Paul Collins Startup list

[Rapdatybs]
Number=8350
Confirmed=X
Filename=ravseteyns.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpwsacp.html" target="_blank">PWS-ACP</a> TROJAN!
Source=Paul Collins Startup list

[Rapid Restore]
Number=8351
Confirmed=U
Filename=rrpcsb.exe
Description=<a href="http://www.xpointdirect.com/jp/IBMRRPC/XPRRPC_why.asp" target="_blank">XPoint</a> "Rapid Restore PC" - a "Managed Recovery™ solution that enables IT Administrators to protect the corporate image, while offloading personal data backup and recovery chores to the end user"
Source=Paul Collins Startup list

[RapidBlaster]
Number=8352
Confirmed=X
Filename=rb32.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> parasite. Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[Raptelnet]
Number=8353
Confirmed=X
Filename=ravspeger.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassaa.html" target=_blank>QQPASS-AA</a> TROJAN!
Source=Paul Collins Startup list

[Raptelt]
Number=8354
Confirmed=X
Filename=ravspegtl.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassab.html" target=_blank>QQPASS-AB</a> TROJAN!
Source=Paul Collins Startup list

[Raptor Mobile]
Number=8355
Confirmed=Y
Filename=vpnservices.exe
Description=<a href="http://www.symantec.com/" target="_blank">Symantec</a> VPN Client used to connect to corporate networks. If unchecked, must be uninstalled using Add/Remove Programs as it tightly integrates into networking
Source=Paul Collins Startup list

[RasCon Remote Access Service Manager]
Number=8356
Confirmed=X
Filename=rasmngr.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.EM&VSect=T" target="_blank">SPYBOT.EM</a> WORM!
Source=Paul Collins Startup list

[rasctrs]
Number=8357
Confirmed=X
Filename=rasctrs.exe
Description=Hijacker, also detected as the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-050218-0540-99" target="_blank">ADWAHECK</a> TROJAN!
Source=Paul Collins Startup list

[Rase]
Number=8358
Confirmed=X
Filename=boln.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[rasman]
Number=8359
Confirmed=X
Filename=rasman32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbckdrqgn.html" target="_blank">BCKDR-QGN</a> TROJAN!
Source=Paul Collins Startup list

[RasMan.exe]
Number=8360
Confirmed=X
Filename=RasMan.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfeutelh.html" target=_blank>FEUTEL-H</a> TROJAN!
Source=Paul Collins Startup list

[rate.exe]
Number=8361
Confirmed=X
Filename=i11r54n4.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-022809-3232-99&tabid=1" target="_blank">BEAGLE.E</a> WORM and variants!
Source=Paul Collins Startup list

[rate.exe]
Number=8362
Confirmed=X
Filename=********.exe [* = random char]
Description=Unidentified adware

Source=Paul Collins Startup list

[RAV8Tray]
Number=8363
Confirmed=Y
Filename=ravtray8.exe
Description=<a href="http://www.ravantivirus.com/index.php" target="_blank">RAV</a> anti-virus related
Source=Paul Collins Startup list

[RavAv]
Number=8364
Confirmed=X
Filename=RavMon.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoordij.html" target="_blank">BDOOR-DIJ</a> TROJAN! Note - this file is located in the %WinDir% directory, and must NOT be confused with the legitimate <a href="http://www.ravantivirus.com/" target="_blank">RAV</a> antivirus file of the same name!
Source=Paul Collins Startup list

[RavAv]
Number=8365
Confirmed=X
Filename=RavMonE.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rjumpf.html" target="_blank">RJUMPF-F</a> WORM!
Source=Paul Collins Startup list

[RavAv]
Number=8366
Confirmed=X
Filename=AdobeR.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RJUMP.D" target="_blank">RJUMP.D</a> WORM!
Source=Paul Collins Startup list

[RAVEN_VLZS.EXE]
Number=8367
Confirmed=X
Filename=RAVEN_VLZS.EXE
Description=<a href="http://allentech.net/parasite/DownloadReceiver.html" target="_blank">DownloadReceiver</a> parasite - no longer in existence
Source=Paul Collins Startup list

[RavMon]
Number=8368
Confirmed=Y
Filename=RavMon.exe
Description=<a href="http://www.ravantivirus.com/" target=_blank>RAV</a> AntiVirus

Source=Paul Collins Startup list

[ravshell]
Number=8369
Confirmed=X
Filename=expl0rer.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DLOADER.MAR" target="_blank">DLOADER.MAR</a> TROJAN!
Source=Paul Collins Startup list

[Ravshell]
Number=8370
Confirmed=X
Filename=explore3.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_PAKES.HZ" target="_blank">PAKES.HZ</a> TROJAN!
Source=Paul Collins Startup list

[Ravshell]
Number=8371
Confirmed=X
Filename=IEXPLORER.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.URZ" target="_blank">AGENT.URZ</a> TROJAN!
Source=Paul Collins Startup list

[Ravshell]
Number=8372
Confirmed=X
Filename=rund1132.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.OKZ" target="_blank">AGENT.OKZ</a> TROJAN!
Source=Paul Collins Startup list

[Ravshell]
Number=8373
Confirmed=X
Filename=svch0st.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NSPM.PU" target="_blank">NSPM.PU</a> TROJAN!
Source=Paul Collins Startup list

[ravtask]
Number=8374
Confirmed=X
Filename=rund1132.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DLOADER.IYT" target="_blank">DLOADER.IYT</a> TROJAN!
Source=Paul Collins Startup list

[ravtask]
Number=8375
Confirmed=X
Filename=svch0st.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagain.html" target="_blank">LINEAG-AIN</a> TROJAN!
Source=Paul Collins Startup list

[RavTime]
Number=8376
Confirmed=X
Filename=Mstray.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WUKILL.A" target="_blank">WUKILL.A</a> WORM!
Source=Paul Collins Startup list

[RavTimer]
Number=8377
Confirmed=X
Filename=RavTimer.exe
Description=<a href="http://www.ravantivirus.com/" target=_blank>RAV</a> AntiVirus

Source=Paul Collins Startup list

[RavTimer]
Number=8378
Confirmed=X
Filename=explores.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojhomeya.html" target=_blank>HOMEY-A</a> TROJAN!
Source=Paul Collins Startup list

[RavTimeXP]
Number=8379
Confirmed=X
Filename=[worm filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110607-0328-99" target="_blank">WULLIK.B</a> WORM!
Source=Paul Collins Startup list

[RavTimeXP]
Number=8380
Confirmed=X
Filename=Virus
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CAGER.A&VSect=P" target=_blank>CAGER.A</a> WORM!
Source=Paul Collins Startup list

[RavTimXP]
Number=8381
Confirmed=X
Filename=[worm filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110607-0328-99" target="_blank">WULLIK.B</a> WORM!
Source=Paul Collins Startup list

[RavUptets]
Number=8382
Confirmed=X
Filename=agetlke.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassak.html" target=_blank>QQPASS-AK</a> TROJAN!
Source=Paul Collins Startup list

[RavUptkt]
Number=8383
Confirmed=X
Filename=agetlktz.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassaj.html" target=_blank>QQPASS-AJ</a> TROJAN!
Source=Paul Collins Startup list

[RavUptpe]
Number=8384
Confirmed=X
Filename=ravsesur.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpasst.html" target=_blank>QQPASS-T</a> TROJAN!
Source=Paul Collins Startup list

[rav_temp.exe]
Number=8385
Confirmed=?
Filename=rav_temp.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[RAX SYSTEM]
Number=8386
Confirmed=X
Filename=scrigz.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.KR&VSect=P" target=_blank>MYTOB.KR</a> WORM!
Source=Paul Collins Startup list

[Ray Process Killer]
Number=8387
Confirmed=N
Filename=Prkill.exe
Description=<a href="http://www.delphi32.com/vcl/4248/" target="_blank">Ray Process Killer</a> - clicking right mouse button produces popup menu with current active tasks. You can choose any task and click &quot;Ok&quot; to terminate it. Use CTRL+ALT+DEL instead
Source=Paul Collins Startup list

[razer]
Number=8388
Confirmed=U
Filename=razerhid.exe
Description=<a href="http://www.razerzone.com/" target=_blank>Razer</a> mouse driver

Source=Paul Collins Startup list

[rb32 lptt01]
Number=8389
Confirmed=X
Filename=rb32.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "RapidBlaster" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[rb32 ml097e]
Number=8390
Confirmed=X
Filename=rb32.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "RapidBlaster" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[rbenh ml***e]
Number=8391
Confirmed=X
Filename=rbenh.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "RBEnhance" folder in Program Files) where *** represents random digits. Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[RBOT v2 with NetAPI exploit traded with billgates I gave my mother Greetz - OG - Bluehell Irc Server]
Number=8392
Confirmed=X
Filename=glossary.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vanebotj.html" target="_blank">VANEBOT-J</a> WORM!
Source=Paul Collins Startup list

[Rcf Driver]
Number=8393
Confirmed=X
Filename=rcf.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-092715-5310-99" target="_blank">RANDEX.BLD</a> WORM!
Source=Paul Collins Startup list

[rCron]
Number=8394
Confirmed=X
Filename=rcron.exe
Description=<a href="http://www.sophos.com/virusinfo/analyses/dialswitchb.html" target=_blank>"Switch"</a> adult content dialler
Source=Paul Collins Startup list

[rCron]
Number=8395
Confirmed=X
Filename=dservice.exe
Description=Switch  premium rate adult content dialer
Source=Paul Collins Startup list

[RCScheduleCheck]
Number=8396
Confirmed=U
Filename=RCSCHED.EXE
Description=Scheduler for VCOM's <a href="http://www.v-com.com/product/Recovery_Commander_Home.html" target="_blank">Recovery Commander</a> - which "can restore your non-booting system back to normal. It only takes a few minutes to get your system back up and running"
Source=Paul Collins Startup list

[RCSync]
Number=8397
Confirmed=X
Filename=RCSync.exe
Description=PrizeSurfer related. "PrizeSurfer is the free software that automatically enters you to win cash and prizes just for surfing the web and shopping online!" Stealth installed malware
Source=Paul Collins Startup list

[RCSystem]
Number=8398
Confirmed=U
Filename=DLLML.exe RCSystem
Description=Related to <a href="http://www.creative.com/" target=_blank>Creative</a> DLL Module Loader for the Sound Blaster X-Fi (and maybe others). This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems
Source=Paul Collins Startup list

[RDClient]
Number=8399
Confirmed=U
Filename=RDCLIENT.EXE
Description=<a href="http://www.twiga.ltd.uk/rdu.asp" target="_blank">Remote Disconnection Utility</a> from Twiga. Used for connecting and disconnecting dial up connections on a network - only needed if there is a shared internet connection
Source=Paul Collins Startup list

[RDLL]
Number=8400
Confirmed=X
Filename=RunDll16.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-040116-1651-99" target="_blank">SDBOT.F</a> TROJAN!
Source=Paul Collins Startup list

[rdvs]
Number=8401
Confirmed=X
Filename=[worm filename]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ULTIMAX.B&amp;VSect=T" target="_blank"> ULTIMAX</a> WORM!
Source=Paul Collins Startup list

[Reactor3]
Number=8402
Confirmed=X
Filename=[random name]32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110916-0038-99" target=_blank>BOFRA.A</a> WORM!
Source=Paul Collins Startup list

[Reactor5]
Number=8403
Confirmed=X
Filename=[random name]32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110911-3939-99" target=_blank>BOFRA.D</a> WORM!
Source=Paul Collins Startup list

[Reactor6]
Number=8404
Confirmed=X
Filename=[random name]32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-111113-3948-99" target=_blank>BOFRA.C</a> WORM!
Source=Paul Collins Startup list

[Reactor7]
Number=8405
Confirmed=X
Filename=[random name]32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-111015-1646-99" target=_blank>BOFRA.B</a> WORM!
Source=Paul Collins Startup list

[Reactor8]
Number=8406
Confirmed=X
Filename=[random name]32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-111213-5143-99" target=_blank>BOFRA.E</a> WORM!
Source=Paul Collins Startup list

[Reactor9]
Number=8407
Confirmed=X
Filename=[random name]32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-111213-5143-99" target=_blank>BOFRA.E</a> WORM!
Source=Paul Collins Startup list

[readdb40]
Number=8408
Confirmed=X
Filename=rundll32.exe [path] readdb40.dll, EnableRunDLL32
Description=<a href="http://www.spywareguide.com/product_show.php?id=853" target="_blank">LZIO.com</a> adware downloader
Source=Paul Collins Startup list

[REAL]
Number=8409
Confirmed=N
Filename=realjbox.exe
Description=<a href="http://www.real.com/" target=_blank>Real</a> Jukebox - MP3 and music files player

Source=Paul Collins Startup list

[Real Internet Player]
Number=8410
Confirmed=X
Filename=Reaiplay.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Real player updater]
Number=8411
Confirmed=X
Filename=realupd.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_100830.htm" target="_blank">PARLAY</a> TROJAN!
Source=Paul Collins Startup list

[real scheduler.hta]
Number=8412
Confirmed=X
Filename=RealAudio.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102612-2849-99" target=_blank>CEEGAR</a> TROJAN! Note - this is not associated with the popular <a href="http://www.real.com/" target=_blank>RealPlayer</a> media player
Source=Paul Collins Startup list

[Real Spy Monitor]
Number=8413
Confirmed=U
Filename=Winrsm.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112917-4626-99" target= blank>Realspy</a> keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[Real Statics Agent]
Number=8414
Confirmed=X
Filename=ccreal.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Real-Tens]
Number=8415
Confirmed=X
Filename=Real-Tens.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=DownloadWare&threatid=4620" target=_blank>DownloadWare</a> adware
Source=Paul Collins Startup list

[RealAudio]
Number=8416
Confirmed=X
Filename=RealAudio.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102612-2849-99" target=_blank>CEEGAR</a> TROJAN! Note - this is not associated with the popular <a href="http://www.real.com/" target=_blank>RealPlayer</a> media player
Source=Paul Collins Startup list

[Realaudio Player]
Number=8417
Confirmed=X
Filename=realaudio32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AFR" target="_blank">AGOBOT.AFR</a> WORM!
Source=Paul Collins Startup list

[RealDownload]
Number=8418
Confirmed=N
Filename=RealPlay.exe
Description=Download manager. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[RealDownload Express]
Number=8419
Confirmed=X
Filename=npnzdad.exe
Description=Advertising spyware
Source=Paul Collins Startup list

[Reality Fusion GameCam SE]
Number=8420
Confirmed=N
Filename=RFTRay.exe
Description=Reality Fusion GameCam Video Interaction Technology Software that comes with the Logitech QuickCam PC video camera and other USB cameras. It's only an icon that appears on your System Tray. Available via Start -> Programs
Source=Paul Collins Startup list

[RealJukeboxSystray]
Number=8421
Confirmed=N
Filename=tsystray.exe
Description=System Tray icon for RealJukebox
Source=Paul Collins Startup list

[realone_nt2003]
Number=8422
Confirmed=X
Filename=moniker.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-092114-4655-99" target="_blank">SNONE.A</a> WORM!
Source=Paul Collins Startup list

[RealP1ayer]
Number=8423
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021416-2835-99" target=_blank>RPLAY.A</a> TROJAN! Note that the name has a number "1" in place of the second lower case "L"
Source=Paul Collins Startup list

[realplay]
Number=8424
Confirmed=N
Filename=realplay.exe
Description=System Tray icon for RealPlayer. If you subsequently start RealPlayer manually it adds itself back to the start-up list. You can stop this from happening by right-clicking on the tray icon and disabling StartCenter via Preferences
Source=Paul Collins Startup list

[realplay lptt01]
Number=8425
Confirmed=X
Filename=realplay.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "RealPlay" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>. Note - this is not RealPlayer which can have the same executable name
Source=Paul Collins Startup list

[realplay ml097e]
Number=8426
Confirmed=X
Filename=realplay.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "RealPlay" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>. Note - this is not RealPlayer which can have the same executable name
Source=Paul Collins Startup list

[RealPlayer Ath Check]
Number=8427
Confirmed=X
Filename=rnathchk.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041009-4908-99" target=_blank>MYTOB.AG</a> WORM!
Source=Paul Collins Startup list

[Realplayer Codec Support]
Number=8428
Confirmed=X
Filename=realsched.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotaad.html" target= blank>AGOBOT-AAD</a> WORM! Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name
Source=Paul Collins Startup list

[Realplayer One]
Number=8429
Confirmed=X
Filename=realplay.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotnk.html" target=_blank>RBOT-NK</a> WORM!

Source=Paul Collins Startup list

[Realplayer.exe]
Number=8430
Confirmed=X
Filename=Realplayer.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DELF.CNV" target="_blank">DELF.CNV</a> TROJAN!
Source=Paul Collins Startup list

[RealPlayer2]
Number=8431
Confirmed=N
Filename=MsgCenterExe
Description=RealNetworks <a href="http://www.real.com/" target=_blank>RealPlayer</a> related - disabling this application will not affect Real Player in any way
Source=Paul Collins Startup list

[RealPlayerUpdater]
Number=8432
Confirmed=X
Filename=realupd32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlohavt.html" target=_blank>LOHAV-T</a> TROJAN!
Source=Paul Collins Startup list

[Realpopup]
Number=8433
Confirmed=?
Filename=Realpopup.exe
Description=<a href="http://www.realpopup.it/" target="_blank">RealPopup</a> - &quot;Replaces old winpopup with a full featured freeware tool which remains stable and simple as its predecessor&quot;
Source=Paul Collins Startup list

[Realsched]
Number=8434
Confirmed=N
Filename=realsched.exe
Description=Application Scheduler installed along with <a href="http://www.real.com/" target="_blank">RealOne Player</a>. Runs independently of RealOne Player, to remind AutoUpdate and Message Center to perform their tasks at pre-scheduled intervals. If it can't be disabled try deleting or renaming realsched.exe and then delete the entry in the registry
Source=Paul Collins Startup list

[RealSPEED]
Number=8435
Confirmed=U
Filename=RealSPEED.Exe
Description=<a href="http://www.semsoftware.com/" target=_blank>RealSPEED</a> - tweaking utility to speed-up your internet connection

Source=Paul Collins Startup list

[Realtime Audio Engine]
Number=8436
Confirmed=U
Filename=mmrtkrnl.exe
Description=Associated with ALCATech <a href="http://www.alcatech.com/html/rebuild.php?src=products_pro.html" target=_blank>BPM Studio</a>
Source=Paul Collins Startup list

[Realtime Monitor]
Number=8437
Confirmed=Y
Filename=realmon.exe
Description=Realtime scanner part of <a href="http://www1.my-etrust.com/?CFID=6909348&amp;CFTOKEN=43ce20d-0001f1aa-f6e5-1d77-be1e-2f0eac14303f" target="_blank">eTrust Antivirus/InoculateIT</a> version 6 virus scanners from Computer Associates
Source=Paul Collins Startup list

[RealTimeUpdate]
Number=8438
Confirmed=?
Filename=RealTimeUpdate.exe
Description=<font color="#FF0000">Product description in properties is "InternetExplorerCommunicationAgent Module" ?</font>
Source=Paul Collins Startup list

[realtpsk]
Number=8439
Confirmed=X
Filename=realsched.exe
Description=Chinese originated adware - detected by <a href="http://www.pandasoftware.com/home/particulares/default" target="_blank">Panda</a> antivirus as NewWeb. Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name
Source=Paul Collins Startup list

[RealTray]
Number=8440
Confirmed=N
Filename=RealPlay.exe
Description=System Tray icon for RealPlayer. If you subsequently start RealPlayer manually it adds itself back to the start-up list. You can stop this from happening by right-clicking on the tray icon and disabling StartCenter via Preferences
Source=Paul Collins Startup list

[RealUpdater]
Number=8441
Confirmed=X
Filename=realupd.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_100830.htm" target="_blank">PARLAY</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-041318-1322-99" target="_blank">MITGLIEDER.I</a> TROJANS!
Source=Paul Collins Startup list

[RebateNation0]
Number=8442
Confirmed=X
Filename=RebateNation0.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=TopRebates.RebateNation&threatid=39730" target=_blank>RebateNation</a> adware
Source=Paul Collins Startup list

[Reboot]
Number=8443
Confirmed=N
Filename=Reboot.exe
Description=MS-DOS/Win3.1 utility use to clean boot a system. Sometimes installed by default from some driver CDs for motherboards
Source=Paul Collins Startup list

[Recguard]
Number=8444
Confirmed=Y
Filename=recguard.exe
Description=On HP computers, Recguard prevents the deletion or corruption of the WinXP Recovery Partition. Without it enabled, it is possible to knock that completely out and force the customer to send the PC back to HP for a re-image, possibly at the customer's expense
Source=Paul Collins Startup list

[Reclip]
Number=8445
Confirmed=N
Filename=reclip.exe
Description=<a href="http://lockettefamily.com/reclip.htm" target="_blank">Reclip Popup Clipboard</a> manager
Source=Paul Collins Startup list

[Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B}]
Number=8446
Confirmed=X
Filename=RH.DLL
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453074758" target="_blank">SmartPops</a> search hijacker

Source=Paul Collins Startup list

[Recover]
Number=8447
Confirmed=N
Filename=N/A
Description=Added during the installation of Comcast High Speed Internet software. During installation the system reboots and if the disk is removed a screen appears asking for the disk to be re-inserted to complete installation. Not required once installion is complete
Source=Paul Collins Startup list

[recover.bmp.exe]
Number=8448
Confirmed=X
Filename=Rundll.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojanaftp01.html" target=_blank>ANAFTP-01</a> TROJAN! Note - this is NOT the Windows system file of the same name as described <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll/" target=_blank>here</a>
Source=Paul Collins Startup list

[RecoverFromReboo]
Number=8449
Confirmed=N
Filename=RECOVE~1.EXE
Description=Part of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry may be left in the registry
Source=Paul Collins Startup list

[RecoverFromReboo]
Number=8450
Confirmed=N
Filename=RecoverFromReboot.exe
Description=Part of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry may be left in the registry
Source=Paul Collins Startup list

[RecoverFromReboot]
Number=8451
Confirmed=N
Filename=RECOVE~1.EXE
Description=Part of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry may be left in the registry
Source=Paul Collins Startup list

[RecoverFromReboot]
Number=8452
Confirmed=N
Filename=RecoverFromReboot.exe
Description=Part of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry may be left in the registry
Source=Paul Collins Startup list

[Recoveru system]
Number=8453
Confirmed=X
Filename=svchast.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojlineageav.html" target="_blank">LINEAGE-AV</a> TROJAN!
Source=Paul Collins Startup list

[Recoveru systems]
Number=8454
Confirmed=X
Filename=svchost.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! ! This file is located in the "temp" folder
Source=Paul Collins Startup list

[RecShe]
Number=8455
Confirmed=N
Filename=RecSche.exe
Description=Recording scheduler for WatchTV Capture Card (TV Tuner card)
Source=Paul Collins Startup list

[Recycle Bin Handler]
Number=8456
Confirmed=X
Filename=recycler.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojshuckbota.html" target= blank>SHUCKBOT-A</a> TROJAN!
Source=Paul Collins Startup list

[Recycle Bin Handler 2005]
Number=8457
Confirmed=X
Filename=system.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorho.html" target= blank>HO</a> TROJAN!
Source=Paul Collins Startup list

[RecycleSTR]
Number=8458
Confirmed=X
Filename=msreg32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbottc.html" target=_blank>RBOT-TC</a> WORM!
Source=Paul Collins Startup list

[Red Flag]
Number=8459
Confirmed=N
Filename=redflag.exe
Description=PMS prediction program with modes for guys and girls - no longer available
Source=Paul Collins Startup list

[Red Swoosh EDN Client]
Number=8460
Confirmed=U
Filename=RSEDNClient.exe
Description=<a href="http://www.redswoosh.net/learn_more_overview.php" target="_blank">Red Swoosh</a> - mechanism used by web sites to allow you to download files from those sites quicker and more efficiently via P2P. Note from the <a href="http://install.redswoosh.com/faq.html#EULA" target="_blank">license agreement</a> they automatically update the software, can download other published content that it feels may interest you without your knowledge and share non-personally identifiable information with others in the network - but you must agree to this when installing the software
Source=Paul Collins Startup list

[redirect]
Number=8461
Confirmed=X
Filename=redirect*.exe
Description=Dotcomtoolbar/Linksummary hijacker installer - where * is a random digit
Source=Paul Collins Startup list

[Redline Taskbar]
Number=8462
Confirmed=N
Filename=taskbar.exe
Description=Taskbar icon for the Redline RegTweak overclocking program as supplied with Sapphire ATI graphics cards
Source=Paul Collins Startup list

[REEGRUN]
Number=8463
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SECDROP.AI" target=_blank>SECDROP.AI</a> TROJAN

Source=Paul Collins Startup list

[Reek 32 Server]
Number=8464
Confirmed=X
Filename=reek32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDEX.AL" target="_blank">RANDEX.AL</a> WORM!
Source=Paul Collins Startup list

[Referee]
Number=8465
Confirmed=U
Filename=referee.exe
Description=<a href="http://www.mc1soft.com/" target="_blank">MediaComm's</a> monitor for file association changes. Stop rogue programs from screwing your settings either on installation or whenever they run
Source=Paul Collins Startup list

[Refresh]
Number=8466
Confirmed=N
Filename=Refresh.exe
Description=(Iomega) Refresh - loads the Iomega desktop icons at startup
Source=Paul Collins Startup list

[Reg]
Number=8467
Confirmed=X
Filename=Reg.hta
Description=<a href="https://www3.cai.com/securityadvisor/virusinfo/virus.aspx?ID=9065" target="_blank">Passon</a> homepage hi-jacker
Source=Paul Collins Startup list

[Reg Check]
Number=8468
Confirmed=?
Filename=lpt.exe
Description=Related to <a href="http://www.supanet.com/" target=_blank>Supanet</a> ISP software - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list

[reg run]
Number=8469
Confirmed=X
Filename=Systen.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosbs.html" target= blank>BANCOS-BS</a> TROJAN!
Source=Paul Collins Startup list

[Reg Service]
Number=8470
Confirmed=X
Filename=winsy.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Reg Service]
Number=8471
Confirmed=X
Filename=winslogon.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotsc.html" target= blank>AGOBOT-SC</a> WORM!
Source=Paul Collins Startup list

[Reg Service]
Number=8472
Confirmed=X
Filename=ipcfg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotso.html" target=_blank>AGOBOT-SO</a> WORM!
Source=Paul Collins Startup list

[Reg Service]
Number=8473
Confirmed=X
Filename=REGSRV32.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ZW&VSect=P" target=_blank>RBOT.ZW</a> WORM!
Source=Paul Collins Startup list

[Reg Service]
Number=8474
Confirmed=X
Filename=WinnConfig.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotpf.html" target=_blank>AGOBOT-PF</a> WORM!
Source=Paul Collins Startup list

[Reg Service]
Number=8475
Confirmed=X
Filename=NT32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_AGOBOT.G" target="_blank">AGOBOT.G</a> TROJAN!
Source=Paul Collins Startup list

[Reg Services]
Number=8476
Confirmed=X
Filename=Winboot32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.PB" target="_blank">RBOT.PB</a> WORM!
Source=Paul Collins Startup list

[reg1.reg]
Number=8477
Confirmed=X
Filename=vuamgard.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102711-3533-99" target=_blank>IRC.BOT</a> TROJAN!
Source=Paul Collins Startup list

[reg2.0]
Number=8478
Confirmed=U
Filename=SVCH0ST.EXE
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-071517-0422-99" target="_blank">eSpyNow</a> surveillance software. Uninstall this software unless you put it there yourself. Note - the filename has the digit 0 rather then the uppercase "o"
Source=Paul Collins Startup list

[Reg32]
Number=8479
Confirmed=X
Filename=Reg32.exe
Description=Hijacker - redirecting to only-virgins.com
Source=Paul Collins Startup list

[reg32]
Number=8480
Confirmed=X
Filename=reg32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032416-4744-99" target="_blank">NOUPDATE.B</a> TROJAN!
Source=Paul Collins Startup list

[Reg32]
Number=8481
Confirmed=X
Filename=reg33.exe
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant - also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpam.html" target= blank>STARTPA-M</a> TROJAN!
Source=Paul Collins Startup list

[Regcheck]
Number=8482
Confirmed=X
Filename=~CAB001.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_CYBRSPY.13A" target="_blank">CYBRSPY.13A</a> or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_CYBRSPY.13B" target="_blank">CYBRSPY.13B</a> TROJANS!
Source=Paul Collins Startup list

[regcheck]
Number=8483
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042610-5101-99" target= blank>SERVPAM</a> TROJAN!
Source=Paul Collins Startup list

[RegCleaner]
Number=8484
Confirmed=X
Filename=SYSio32.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! Note - do not confuse this with the popular RegCleaner registry cleaner freeware
Source=Paul Collins Startup list

[RegCompres]
Number=8485
Confirmed=X
Filename=Regcpm32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-012015-4719-99" target="_blank">POLDO.B</a> TROJAN!
Source=Paul Collins Startup list

[RegCompres]
Number=8486
Confirmed=X
Filename=REGCPM32.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdasmine.html" target=_blank>DASMIN-E</a> TROJAN!

Source=Paul Collins Startup list

[Regcxdinaf]
Number=8487
Confirmed=X
Filename=REGCXDINAF.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosbw.html" target= blank>BANCOS-BW</a> TROJAN!
Source=Paul Collins Startup list

[Regcxn]
Number=8488
Confirmed=X
Filename=Regcxn.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcoiboad.html" target=_blank>COIBOA-D</a> TROJAN!

Source=Paul Collins Startup list

[regdefend]
Number=8489
Confirmed=U
Filename=regdefend.exe
Description="<a href="http://www.ghostsecurity.com/index.php?page=regdefend" target=_blank>RegDefend</a> is a configurable, kernel based registry protection system, designed to intercept selected changes before they occur, thus also preventing malicious software like viruses, trojans and worms from using the registry to their advantage"
Source=Paul Collins Startup list

[RegDone]
Number=8490
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081700-2526-99" target="_blank">NEVEG.B</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081614-3605-99" target="_blank">NEVEG.C</a> WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[RegDone]
Number=8491
Confirmed=X
Filename=winlogon.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081623-4258-99" target="_blank">NEVEG.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[RegDone Ex]
Number=8492
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091409-4900-99" target="_blank">WEBUS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[RegDoneEx]
Number=8493
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100519-0947-99" target=_blank>WEBUS.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
Source=Paul Collins Startup list

[regedit]
Number=8494
Confirmed=X
Filename=regedit.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-110417-1631-99" target=_blank>BRID.A</a> WORM! Note - this is not the valid Windows registry editor which resides in Windows or Winnt and will not figure in Msconfig/Startup! This version resides in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[REGEDIT]
Number=8495
Confirmed=X
Filename=Regsrv32.com
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112812-3725-99" target="_blank">SOUTHGHOST</a> WORM!
Source=Paul Collins Startup list

[regedit]
Number=8496
Confirmed=X
Filename=autoexe.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[regedit]
Number=8497
Confirmed=X
Filename= svchost.exe ccRegVfy
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-053013-5106-99" target=_blank>HOTWORD.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which should not normally figure in Msconfig/Startup!
Source=Paul Collins Startup list

[RegEdit32]
Number=8498
Confirmed=X
Filename=RegEdit32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32voumita.html" target=_blank>VOUMIT-A</a> WORM! Note - this is not the legitimate regedit32.exe application which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "mirc32" folder
Source=Paul Collins Startup list

[Regexit]
Number=8499
Confirmed=X
Filename=runlli32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassu.html" target=_blank>QQPASS-U</a> TROJAN!
Source=Paul Collins Startup list

[Regexit]
Number=8500
Confirmed=X
Filename=Updadv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassn.html" target=_blank>QQPASS-N</a> TROJAN!
Source=Paul Collins Startup list

[RegFreeze]
Number=8501
Confirmed=U
Filename=regfreeze.exe
Description=<a href="http://www.actualresearch.com/rf_overview.shtml" target=_blank>RegFreeze</a> anti-spyware software
Source=Paul Collins Startup list

[reggsdg]
Number=8502
Confirmed=X
Filename=spoolserv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotms.html" target=_blank>SDBOT-MS</a> WORM!
Source=Paul Collins Startup list

[RegHelp]
Number=8503
Confirmed=U
Filename=svchosts.exe
Description=<a href="http://www.cablehead.com/" target=_blank>SpyGraphica</a> spy software - "Stealth monitoring of ALL PC or Network Activity with DVD-like playback. EVERY keystroke can be e-mailed in a detailed activity report every 15 minutes...anywhere in the world."
Source=Paul Collins Startup list

[reginfo32]
Number=8504
Confirmed=?
Filename=reginfo32.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Register Manager]
Number=8505
Confirmed=X
Filename=RegistryManage.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AYH&VSect=P" target=_blank>SDBOT.AYH</a> WORM!
Source=Paul Collins Startup list

[Register MediaRing Talk]
Number=8506
Confirmed=N
Filename=register.exe
Description=If you don't want to register MediaRing and be reminded about it every bootup disable it
Source=Paul Collins Startup list

[Register SeqChk]
Number=8507
Confirmed=?
Filename=regsvr32.exe ..csseqchk.dll
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[RegisterDropHandler]
Number=8508
Confirmed=U
Filename=REGIST~1.EXE
Description=Part of the OCR software TextBridge Pro 9.0 (and possibly earlier versions). Typically used with imaging devices such as scanners and digital cameras for creating text documents from images. This item will probably be displayed twice and will re-instate itself whenever you start the main program so leave it - once started it frees the memory it used. Its purpose and an explanation of how to correct a problem it creates for "Send To" can be found <a href="http://www.nvdi.com/whertra/w950812.htm" target="_blank">here</a>. Note that you don't have to uninstall TextBridge for this fix to work and the program works fine afterwards. Not used on later versions of the software - hence the 'U' recommendation
Source=Paul Collins Startup list

[Registration Service]
Number=8509
Confirmed=X
Filename=toker.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotbb.html" target="_blank">SDBOT-BB</a> WORM!
Source=Paul Collins Startup list

[Registration-Studio 8]
Number=8510
Confirmed=N
Filename=RegTool.exe
Description=Registration for <a href="http://www.pinnaclesys.com/ProductPage_n.asp?Product_ID=577&amp;Langue_ID=2" target="_blank"> Pinnacle Studio Version 8</a> home video software from Pinnacle Systems
Source=Paul Collins Startup list

[Registry]
Number=8511
Confirmed=X
Filename=wscript.exe [path] ShakiraPics.jpg.vbs
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=VBS_VBSWG.AQ" target="_blank">VBSWG.AQ</a> WORM!
Source=Paul Collins Startup list

[Registry]
Number=8512
Confirmed=U
Filename=class0117[random].exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051317-2124-99" target=_blank>Blackbox</a> captures emails and chat logs, and monitors Internet activity - remove if you didn't intentionally install it
Source=Paul Collins Startup list

[Registry Checkup]
Number=8513
Confirmed=X
Filename=winreg.exe
Description=Added by an unidentified WORM or TROJAN!

Source=Paul Collins Startup list

[Registry Checkup System326a Monitor]
Number=8514
Confirmed=X
Filename=Winregs326a.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Registry Integrity Checker]
Number=8515
Confirmed=X
Filename=regintmon.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target="_blank">AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list

[Registry Integritycheck]
Number=8516
Confirmed=X
Filename=WCPDT.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotrf.html" target=_blank>AGOBOT-RF</a> WORM!
Source=Paul Collins Startup list

[Registry Loader]
Number=8517
Confirmed=X
Filename=regloadr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
Source=Paul Collins Startup list

[Registry Loader]
Number=8518
Confirmed=X
Filename=winhlpp32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
Source=Paul Collins Startup list

[Registry oidet]
Number=8519
Confirmed=X
Filename=win32.exe
Description=Added by the <a href="http://ae.trendmicro-middleeast.com/consumer/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=2&VName=WORM_RBOT.BMT" target=_blank>RBOT.BMT</a> WORM!
Source=Paul Collins Startup list

[Registry Protector]
Number=8520
Confirmed=X
Filename=regprotect.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ARIVER.A" target="_blank">ARIVER.A</a> WORM!
Source=Paul Collins Startup list

[Registry Scanner]
Number=8521
Confirmed=X
Filename=regscanr.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=16106" target="_blank">OPTIX</a> TROJAN!
Source=Paul Collins Startup list

[Registry Server]
Number=8522
Confirmed=X
Filename=regsrv32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgm.html" target=_blank>RBOT-GM</a> WORM!

Source=Paul Collins Startup list

[Registry Service]
Number=8523
Confirmed=X
Filename=REGSRV32.EXE
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Registry Service]
Number=8524
Confirmed=X
Filename=resvs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delboti.html" target="_blank">DELBOT-I</a> WORM!
Source=Paul Collins Startup list

[Registry Services]
Number=8525
Confirmed=X
Filename=Registry.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-121215-0104-99" target="_blank">CILE</a> TROJAN!
Source=Paul Collins Startup list

[Registry Startup Check]
Number=8526
Confirmed=X
Filename=checkreg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojremloada.html" target=_blank>REMLOAD-A</a> or <a href="http://www.sophos.com/virusinfo/analyses/trojdanmecb.html" target=_blank>DANMEC-B</a> TROJANS!
Source=Paul Collins Startup list

[Registry System16 Checkup Monitor]
Number=8527
Confirmed=X
Filename=SystemReg16.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Registry System166 Checkup Monitor]
Number=8528
Confirmed=X
Filename=SystemReg166.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Registry Value Name]
Number=8529
Confirmed=X
Filename=roses.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaft.html" target=_blank>RBOT-AFT</a> WORM!
Source=Paul Collins Startup list

[Registry Value Name]
Number=8530
Confirmed=X
Filename=service.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaht.html" target=_blank>RBOT-AHT</a> WORM!
Source=Paul Collins Startup list

[Registry Value Name]
Number=8531
Confirmed=X
Filename=winapi32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Registry Value Name Start]
Number=8532
Confirmed=X
Filename=MsPMSPSa.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[RegistryCheck]
Number=8533
Confirmed=X
Filename=rundll32.exe chkreg.dll, CheckRegistry
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042610-2151-99" target=_blank>Ulubione</a> adult content dialer
Source=Paul Collins Startup list

[RegistryChk]
Number=8534
Confirmed=X
Filename=winbackup.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121117-0813-99" target="_blank">MERTIAN</a> WORM!
Source=Paul Collins Startup list

[RegistryMechanic]
Number=8535
Confirmed=U
Filename=RegMech.exe
Description=<a href="http://www.pctools.com/registry-mechanic/" target="_blank">Registry Mechanic</a> - "you can safely clean and repair Windows registry problems with a few simple mouse clicks! Problems with the Windows registry are a common cause of Windows crashes and error messages"
Source=Paul Collins Startup list

[RegistryMonitor]
Number=8536
Confirmed=X
Filename=registry.pif
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120910-4256-99" target=_blank>Affilred</a> adware
Source=Paul Collins Startup list

[REGIST~1]
Number=8537
Confirmed=U
Filename=REGIST~1.EXE
Description=Part of the OCR software TextBridge Pro 9.0 (and possibly earlier versions). Typically used with imaging devices such as scanners and digital cameras for creating text documents from images. This item will probably be displayed twice and will re-instate itself whenever you start the main program so leave it - once started it frees the memory it used. Its purpose and an explanation of how to correct a problem it creates for "Send To" can be found <a href="http://www.nvdi.com/whertra/w950812.htm" target="_blank">here</a>. Note that you don't have to uninstall TextBridge for this fix to work and the program works fine afterwards. Not used on later versions of the software - hence the 'U' recommendation
Source=Paul Collins Startup list

[Regkey for autostart]
Number=8538
Confirmed=X
Filename=winservice.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotnu.html" target= blank>RBOT-NU</a> WORM!
Source=Paul Collins Startup list

[RegKillTray]
Number=8539
Confirmed=U
Filename=RegKillTray.exe
Description=DVD region killer part of <a href="http://www.elby.ch/products/clone_dvd/index.html" target="_blank">CloneDVD</a> from Elaborate Bytes AG. Copies the main movie, Special Features and/or the original menu onto a DVD Recordable or onto your harddisk
Source=Paul Collins Startup list

[Regmonitor]
Number=8540
Confirmed=X
Filename=regmaping.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-021013-5042-99" target=_blank>BEAGLE.DO</a> WORM!
Source=Paul Collins Startup list

[REGMSYS]
Number=8541
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlowzoneax.html" target=_blank>LOWZONE-AX</a> TROJAN! 
Source=Paul Collins Startup list

[RegMutex]
Number=8542
Confirmed=X
Filename=lexplore_.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmsnopta.html" target=_blank>MSNOPT-A</a> TROJAN!
Source=Paul Collins Startup list

[RegPowerClean]
Number=8543
Confirmed=N
Filename=RegPowerClean.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2007-021515-4552-99" target="_blank">RegistryPowerCleaner</a> is a security risk that may give exaggerated reports of errors in the registry of the compromised computer
Source=Paul Collins Startup list

[RegProt]
Number=8544
Confirmed=Y
Filename=Regprot.exe
Description=<a href="http://www.diamondcs.com.au/index.php?page=regprot" target="_blank">RegistryProt</a> from Diamond Computer Systems - protects the system registry against changes
Source=Paul Collins Startup list

[Regptmens]
Number=8545
Confirmed=X
Filename=REGPTMENS.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosed.html" target=_blank>BANCOS-ED</a> TROJAN!
Source=Paul Collins Startup list

[Regro]
Number=8546
Confirmed=X
Filename=rundll132.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-092110-0056-99" target=_blank>OKARAG</a> TROJAN!
Source=Paul Collins Startup list

[RegRun]
Number=8547
Confirmed=X
Filename=mActiveX.exe
Description=Adware downloader - also detected as a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LOWZONES.BW" target="_blank">LOWZONES.BW</a> or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.RD" target=_blank>AGENT.RD</a> TROJANS!
Source=Paul Collins Startup list

[REGRUN]
Number=8548
Confirmed=X
Filename=winfix22490.exe
Description=Adware downloader - also detected as a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LOWZONES.BW" target="_blank">LOWZONES.BW</a> or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.RD" target=_blank>AGENT.RD</a> TROJANS!
Source=Paul Collins Startup list

[REGRUN]
Number=8549
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlowzoneah.html" target=_blank>LOWZONE-AH</a> TROJAN!
Source=Paul Collins Startup list

[REGRUN]
Number=8550
Confirmed=X
Filename=regeditt.exe
Description=Adware downloader - also detected as a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LOWZONES.BW" target="_blank">LOWZONES.BW</a> or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.RD" target=_blank>AGENT.RD</a> TROJANS!
Source=Paul Collins Startup list

[REGRUN]
Number=8551
Confirmed=X
Filename=sory.exe
Description=Adware downloader - also detected as a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LOWZONES.BW" target="_blank">LOWZONES.BW</a> or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.RD" target=_blank>AGENT.RD</a> TROJANS!
Source=Paul Collins Startup list

[REGRUN]
Number=8552
Confirmed=X
Filename=dialer.exe
Description=Adware downloader - also detected as a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LOWZONES.BW" target="_blank">LOWZONES.BW</a> or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.RD" target=_blank>AGENT.RD</a> TROJANS!
Source=Paul Collins Startup list

[RegRun WinBait]
Number=8553
Confirmed=U
Filename=winbait.exe
Description=Part of <a href="http://www.regrun.com" target= blank>RegRun</a> - used to detect unknown viruses. RegRun compares winbait.exe with the original copy called winbait.org and warns if the files are different..
Source=Paul Collins Startup list

[Regrun2]
Number=8554
Confirmed=Y
Filename=WatchDog.exe
Description=Greatis Software's <a href="http://www.greatis.com/security/" target="_blank">RegRun</a> security suite which amongst other things replaces MSCONFIG. The WatchDog check for registry changes caused by trojan's, viruses, etc
Source=Paul Collins Startup list

[REGRUNM]
Number=8555
Confirmed=X
Filename=autoprotect.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Regrx]
Number=8556
Confirmed=X
Filename=rundll32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojwayica.html" target=_blank>WAYIC-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll32/" target=_blank>rundll32.exe</a> process, which is found in the Windows folder (98\ME) or the System32 folder(NT\2000\XP). The file is located in C:\Windows
Source=Paul Collins Startup list

[Regscan]
Number=8557
Confirmed=X
Filename=regscanr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojoptixse.html" target= blank>OPTIX-SE</a> TROJAN!
Source=Paul Collins Startup list

[RegScan]
Number=8558
Confirmed=X
Filename=DLLSRV32.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AEW&VSect=T" target=_blank>AGOBOT.AEW</a> WORM!
Source=Paul Collins Startup list

[RegScan]
Number=8559
Confirmed=X
Filename=Regscan.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-012114-0753-99" target=_blank>TALEX</a> TROJAN!
Source=Paul Collins Startup list

[RegServer]
Number=8560
Confirmed=?
Filename=regserve.exe
Description=Related to XGI Technology's <a href="http://www.xgitech.com/products/products_2.asp?P=4http://www.xgitech.com/products/products_2.asp?P=4" target=_blank>Volari</a> graphics cards - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list

[regservices.exe]
Number=8561
Confirmed=X
Filename=regservices.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[RegShave]
Number=8562
Confirmed=N
Filename=regshave.exe
Description=Part of the USB driver for your Fuji digital cameras - used when uninstalling the USB drivers, erasing all entries from the registry. Only required BEFORE attempting to uninstall the Fuji software or the uninstall may not work correctly

Source=Paul Collins Startup list

[regsrv]
Number=8563
Confirmed=X
Filename=regsrv.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_OPTIXPRO.11" target="_blank">OPTIXPRO.11</a> TROJAN!
Source=Paul Collins Startup list

[regsrv]
Number=8564
Confirmed=X
Filename=scvhost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_AGOBOT.E&VSect=P" target=_blank>AGOBOT.E</a> WORM!
Source=Paul Collins Startup list

[regsrvc]
Number=8565
Confirmed=X
Filename=regsrvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstopeda.html" target= blank>STOPED-A</a> TROJAN!
Source=Paul Collins Startup list

[Regsv]
Number=8566
Confirmed=X
Filename=regsv.exe
Description=Search hijacker - redirecting to scheo.com
Source=Paul Collins Startup list

[Regsvc]
Number=8567
Confirmed=X
Filename=regsv.exe
Description=Added by an unidentified TROJAN!
Source=Paul Collins Startup list

[regsvc32]
Number=8568
Confirmed=X
Filename=regsvc32.exe
Description=Homepage hijacker that changes your homepage to an adult content site
Source=Paul Collins Startup list

[regsvr]
Number=8569
Confirmed=X
Filename=regsvr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojwebmoneyg.html" target=_blank>WEBMONEY-G</a> TROJAN!

Source=Paul Collins Startup list

[REGSVR32]
Number=8570
Confirmed=U
Filename=regsvr32.exe ctasio.dll
Description=<a href="http://www.soundblaster.com/resources/read.asp?articleid=53937&page=1&cat=2" target="_blank">ASIO</a> (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality
Source=Paul Collins Startup list

[RegSvr32]
Number=8571
Confirmed=X
Filename=msmsgs.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060712-1407-99" target=_blank>ZLOB.B</a> TROJAN!
Source=Paul Collins Startup list

[regsync]
Number=8572
Confirmed=X
Filename=regsync.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050804-2316-99" target=_blank>SafeSurfing</a> adware
Source=Paul Collins Startup list

[regtmlp]
Number=8573
Confirmed=?
Filename=N/A
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[RegTweak]
Number=8574
Confirmed=U
Filename=RegTwk.exe
Description=<a href="http://www.rage3d.com/r3dtweak/" target="_blank">Rage3d Tweak</a> - ATI Radeon tweaker which allows access to registry tweak options, custom display modes, refresh rates and overclocking all through an easy to use interface
Source=Paul Collins Startup list

[RegVer]
Number=8575
Confirmed=X
Filename=REGVER.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LATINUS.16" target="_blank">LATINUS.16</a> TROJAN!
Source=Paul Collins Startup list

[RegVfy32]
Number=8576
Confirmed=X
Filename=Regverif32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-012115-5505-99" target=_blank>SYGYP.A</a> WORM!
Source=Paul Collins Startup list

[RegWrite]
Number=8577
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-083115-4755-99" target=_blank>SOKACAPS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Windows\Media folder
Source=Paul Collins Startup list

[Regx10EXE]
Number=8578
Confirmed=Y
Filename=atix10.exe
Description=ATI <a href="http://www.ati.com/products/pc/remotewonder/" target="_blank">Remote Wonder™</a> - PC wireless remote control driver. Required if you use it
Source=Paul Collins Startup list

[reg_key]
Number=8579
Confirmed=X
Filename=FUKULAMER.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-072214-4513-99" target="_blank">BEAGLE.AH</a> WORM!
Source=Paul Collins Startup list

[reg_key]
Number=8580
Confirmed=X
Filename=loader_name.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-070515-4756-99" target="_blank">BEAGLE.Y</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-070515-0600-99" target="_blank">BEAGLE.Z</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-071214-4817-99" target="_blank">BEAGLE.AA</a> WORMS!
Source=Paul Collins Startup list

[Reg_WFT]
Number=8581
Confirmed=X
Filename=Regsysw.com
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121710-4804-99" target="_blank">WILSEF</a> VIRUS!
Source=Paul Collins Startup list

[Reg_WFT]
Number=8582
Confirmed=X
Filename=scanreg32.com
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsennaspyf.html" target=_blank>SENNASPY-F</a> TROJAN!
Source=Paul Collins Startup list

[ReleaseRAM]
Number=8583
Confirmed=U
Filename=RRAM.exe
Description="<a href="http://www.releaseram.com/" target="_blank">Release RAM</a> allows your computer to run faster and uses your computer's RAM more efficiently". MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://aumha.org/win4/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
Source=Paul Collins Startup list

[reload]
Number=8584
Confirmed=X
Filename=reload.vbs
Description=Added by the <a href="http://vil.nai.com/vil/content/v_98684.htm" target="_blank">LOVELETTER.AS</a> VIRUS!
Source=Paul Collins Startup list

[Reload]
Number=8585
Confirmed=X
Filename=reload.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022716-1619-99" target=_blank>LAZAR</a> TROJAN!
Source=Paul Collins Startup list

[RemHelp]
Number=8586
Confirmed=N
Filename=Remhelp.exe
Description=BT Voyager ADSL Modem Help related
Source=Paul Collins Startup list

[Reminder]
Number=8587
Confirmed=N
Filename=reminder.exe
Description=From MS Money. Reminds you of your bills
Source=Paul Collins Startup list

[Reminder]
Number=8588
Confirmed=N
Filename=Remind_XP.exe
Description=HP-specific program that reminds users to create System Recovery CDs. Once they use the Recovery CD Creator (Start -> PC Help & Tools -> Recovery CD Creator) to make the recovery CDs the entry will remove itself from the startup list
Source=Paul Collins Startup list

[Reminder-cpqXXXXX]
Number=8589
Confirmed=N
Filename=remind32.exe
Description=Compaq printer Registration
Source=Paul Collins Startup list

[Reminder-hpcXXXXX]
Number=8590
Confirmed=N
Filename=remind32.exe
Description=HP CD-Writer Registration
Source=Paul Collins Startup list

[Reminder-ranXXXXX]
Number=8591
Confirmed=N
Filename=remind32.exe
Description=Registration reminder widget for Rand Mcnally maps
Source=Paul Collins Startup list

[reminder-ScanSoft Product Registration]
Number=8592
Confirmed=N
Filename=remind32.exe
Description=Registration reminder for ScanSoft products such as PaperPort
Source=Paul Collins Startup list

[RemindMe]
Number=8593
Confirmed=U
Filename=RemindMe.exe
Description=<a href="http://www.beiley.com/remind-me/" target="_blank">Remind-Me</a> - calendar software
Source=Paul Collins Startup list

[Remind_XP]
Number=8594
Confirmed=N
Filename=Remind_XP.exe
Description=HP-specific program that reminds users to create System Recovery CDs. Once they use the Recovery CD Creator (Start -> PC Help & Tools -> Recovery CD Creator) to make the recovery CDs the entry will remove itself from the startup list
Source=Paul Collins Startup list

[Remndr]
Number=8595
Confirmed=X
Filename=CsRemnd.exe
Description=CasinoOnline foistware
Source=Paul Collins Startup list

[Remote]
Number=8596
Confirmed=U
Filename=Remote.exe
Description=Remote Control driver for <a href="http://www.lifeview.com.tw/html/products/products.htm" target="_blank">LifeView</a> internal and external TV products
Source=Paul Collins Startup list

[Remote Access]
Number=8597
Confirmed=U
Filename=rnaapp.exe
Description=Dial-up networking application - not normally found in the startup locations. It runs when you connect to the net via this method (ie, analogue 56K modem) and terminates after the connection is closed
Source=Paul Collins Startup list

[Remote Access Slave]
Number=8598
Confirmed=X
Filename=Synchost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-112118-0605-99" target="_blank">RIPJAC</a> TROJAN!
Source=Paul Collins Startup list

[Remote Control]
Number=8599
Confirmed=N
Filename=Rc.exe
Description=Hinet Hi-Five ISP software
Source=Paul Collins Startup list

[Remote Controller]
Number=8600
Confirmed=N
Filename=TVRMVCR.EXE
Description=ProLink <a href="http://www.prolink-usa.com/english/product/mmpak/ppro.htm#title1" target=_blank>PlayTVpro</a> TV tuner software
Source=Paul Collins Startup list

[Remote Desktop Computing]
Number=8601
Confirmed=U
Filename=marspc.exe
Description=<a href="http://www.downlinx.com/proghtml/345/34592.htm" target="_blank">Marspc</a> Remote Desktop Computing
Source=Paul Collins Startup list

[Remote Desktop Help Session Manager]
Number=8602
Confirmed=X
Filename=WinRDH.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Remote Management Agent]
Number=8603
Confirmed=U
Filename=zenrc32.exe
Description=Part of Novell's <a href="http://www.novell.com/products/zenworks/" target="_blank">ZENworks</a> - &quot;Complete End-to-End Directory-enabled Network Management&quot;. Installed on a managed workstation fo an administrator to remotely manage the workstation. Required if the PC is a managed workstation
Source=Paul Collins Startup list

[remote master]
Number=8604
Confirmed=U
Filename=remote master.exe
Description=Required if you want your ASUS Remote control to work at all. Available via Start -> Programs
Source=Paul Collins Startup list

[Remote Procedure Call]
Number=8605
Confirmed=X
Filename=winrpc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotkm.html" target="_blank">RBOT-KM</a> WORM!
Source=Paul Collins Startup list

[Remote Procedure Call]
Number=8606
Confirmed=X
Filename=winsysrpc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotps.html" target="_blank">SDBOT-PS</a> WORM!
Source=Paul Collins Startup list

[Remote Procedure Call For Windows 32bit]
Number=8607
Confirmed=X
Filename=rpc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmd.html" target="_blank">RBOT-MD</a> WORM!
Source=Paul Collins Startup list

[Remote Procedure Call Locator]
Number=8608
Confirmed=X
Filename=RUNDLL32.EXE reg678.dll ondll_reg
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list

[Remote Procedure Calls]
Number=8609
Confirmed=X
Filename=mswinrpc.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.KJ" target="_blank">RBOT.KJ</a> WORM!
Source=Paul Collins Startup list

[Remote Procedure Calls]
Number=8610
Confirmed=X
Filename=mswinc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotit.html" target=_blank>RBOT-IT</a> WORM!

Source=Paul Collins Startup list

[Remote Procedure Calls]
Number=8611
Confirmed=X
Filename=win.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotqi.html" target=_blank>SDBOT-QI</a> WORM!

Source=Paul Collins Startup list

[Remote Update Monitor]
Number=8612
Confirmed=Y
Filename=imonitor.exe
Description=<a href="http://www.sophos.com/products/sav/" target=_blank>Sophos</a> Antivirus Remote Update utility - provides an easy way for remote workers to keep up to date with their virus protection via a website or network connection provided by their employer
Source=Paul Collins Startup list

[RemoteAgent]
Number=8613
Confirmed=Y
Filename=RAUAgent.exe
Description=Trend Micro's Office Scan Client, see <a href="http://www.trendmicro-europe.com/relax/uk/" target=_blank>here</a> - "Its Web-based management console gives administrators transparent access to desktop and mobile clients to coordinate automatic deployment of security policies and software updates"
Source=Paul Collins Startup list

[RemoteCenter]
Number=8614
Confirmed=U
Filename=RcMan.exe
Description=Remote control for Creative <a href="http://www.soundblaster.com/mediasource/" target="_blank">MediaSource</a> - plays back music in DVD-Audio, MP3, WMA, WAV and other media formats
Source=Paul Collins Startup list

[RemoteControl]
Number=8615
Confirmed=U
Filename=rmctrl.exe
Description=Remote Control background application for Cyberlink's <a href="http://www.cyberlink.com/multi/products/main_1_ENU.html" target=_blank>PowerDVD</a> version 4 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one

Source=Paul Collins Startup list

[RemoteControl]
Number=8616
Confirmed=U
Filename=PDVDServ.exe
Description=Remote Control background application for Cyberlink's <a href="http://www.cyberlink.com/multi/products/main_1_ENU.html" target=_blank>PowerDVD</a> version 5 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one

Source=Paul Collins Startup list

[Remote_Agent]
Number=8617
Confirmed=N
Filename=RemoteAgent.exe
Description=<a href="http://www.cyberlink.com/" target=_blank>Cyberlink's</a> Power VCR II 3.0 is a TV tuner recording utility. If you want to schedule recordings you'll need this, otherwise can be disabled. Available via Start -> Programs

Source=Paul Collins Startup list

[REMOVE ME]
Number=8618
Confirmed=X
Filename=windos.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.EE&VSect=P" target=_blank>SDBOT.EE</a> WORM!
Source=Paul Collins Startup list

[Removecpl]
Number=8619
Confirmed=N
Filename=Removecpl.exe
Description=Related to a Belkin 54Mbps Wireless Utility Control Panel applet
Source=Paul Collins Startup list

[Removed.exe]
Number=8620
Confirmed=X
Filename=Removed.exe
Description=GatorCheat - adware downloader
Source=Paul Collins Startup list

[RemStart]
Number=8621
Confirmed=?
Filename=remstart.exe
Description=Part of McAfee's Remote Desktop 32 Agent application. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[RenolB]
Number=8622
Confirmed=?
Filename=ib.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Replay Center]
Number=8623
Confirmed=U
Filename=ReplayRadio.exe
Description=<a href="http://www.applian.com/replay-radio/" target="_blank">Replay Radio</a> - "makes it easy to automatically record your favorite radio shows, so you can listen wherever and whenever you like"
Source=Paul Collins Startup list

[Replicator]
Number=8624
Confirmed=U
Filename=PTReplicator.exe
Description=<a href="http://www.karenware.com/powertools/ptreplicator.asp" target="_blank">Replicator</a> from Karen's powertools. "Automatically backup files, directories, even entire drives!"
Source=Paul Collins Startup list

[RepliGo Assistant]
Number=8625
Confirmed=U
Filename=RepliGoMon.exe
Description=Cerience <a href="http://www.cerience.com/docs/ppc/docs/index.htm" target="_blank"> RepliGo</a> software - "any document you have on your PC can be transferred to your mobile device"
Source=Paul Collins Startup list

[ReproPRD]
Number=8626
Confirmed=U
Filename=PrdUsb.exe
Description=Thrustmaster Corporation Presets application - a game controller driver, presumably necessary for certain functions to work
Source=Paul Collins Startup list

[requester]
Number=8627
Confirmed=X
Filename=requester.*.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=41000" target=_blank>MUQUEST.A</a> trojan - NOTE: the * stands for a digit, examples: requester.5.exe, requester.10.exe
Source=Paul Collins Startup list

[Requester]
Number=8628
Confirmed=X
Filename=requester.11.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-111517-1923-99" target=_blank>MUQUEST</a> TROJAN!
Source=Paul Collins Startup list

[Required Service Drivers]
Number=8629
Confirmed=X
Filename=micront.exe
Description=Added by the <a href="http://www.sophos.co.nz/virusinfo/analyses/w32rbotabd.html" target= blank>RBOT-ABD</a> WORM!
Source=Paul Collins Startup list

[resagnt]
Number=8630
Confirmed=X
Filename=restun.exe
Description=Adware downloader, identified by <a href="http://www.pandasoftware.com/" target="_blank">Panda</a> antivirus as Trojan.Downloader.ALQ
Source=Paul Collins Startup list

[reseurce]
Number=8631
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineageai.html" target=_blank>LINEAGE-AI</a> TROJAN!
Source=Paul Collins Startup list

[reseurce]
Number=8632
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagefv.html" target=_blank>LINEAGE-FV</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[Resolution Assistant]
Number=8633
Confirmed=N
Filename=matcli.exe
Description=Dell Resolution Assistant. &quot;matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file&quot;. Resolution Assistant is required to run with the Help and Support program. If you uncheck Resolution Assistant and and then run Help and Support it will add another Resolution Assistant in the startup menu. If you remove the Resolution Assistant in the add/remove program some help menus in help and support will not be available. You decide
Source=Paul Collins Startup list

[Resource Meter]
Number=8634
Confirmed=N
Filename=rsrcmtr.exe
Description=Windows Resource Meter. Available via Start -&gt; Programs. You may want this enabled if your PC is suffering from crashes and want to know potential causes
Source=Paul Collins Startup list

[Restart Watch]
Number=8635
Confirmed=?
Filename=Watch.exe
Description=Associated with an <a href="http://www.eicon.com/worldwide/default.htm" target="_blank">Eicon Networks</a> Diva ISDN or ADSL modem. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[Restart WSC Setting]
Number=8636
Confirmed=U
Filename=wscrestp.exe
Description=WinStart Commander - part of <a href="http://www.wincleaner.com/pc/uti/utiste/uwc_utility_suite.htm" target=_blank>Ultra WinCleaner Utility Suite</a>. Starts Windows faster and controls hidden programs to boost performance and prevent system slow downs and crashes
Source=Paul Collins Startup list

[Restart_VS]
Number=8637
Confirmed=?
Filename=Viewsonic.exe
Description=Could be a left-over from the installation of a Viewsonic flat panel display
Source=Paul Collins Startup list

[RestoreDesktop]
Number=8638
Confirmed=U
Filename=RestoreDesktop.exe
Description=Softwarium <a href="http://www.softwarium.com/rdmac.html" target="_blank">Restore Desktop</a> "is a Windows Context Menu addition that automatically saves and restores the icons' positions on the Windows desktop after a resolution change"
Source=Paul Collins Startup list

[RestoreIT!]
Number=8639
Confirmed=Y
Filename=VBPTASK.EXE
Description=<a href="http://www.farstone.com/software/restoreit.htm" target="_blank">RestoreIT!</a> from FarStone "allows you to recover instantly your files, system configuration, and even your operating system, to any point in time prior to the data loss or system failure"
Source=Paul Collins Startup list

[restory]
Number=8640
Confirmed=X
Filename=restory.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102615-0959-99" target="_blank">RETSAM</a> TROJAN!
Source=Paul Collins Startup list

[Resume Copy]
Number=8641
Confirmed=U
Filename=copyfstq.exe
Description=Part of <a href="http://ranvik.net/totalcopy/" target="_blank">Total Copy</a> - an improved version of the Windows copy function. Allows for resumption file copies or moves in progress when computer was shut down. Not required if your not using the program or don't care about that function
Source=Paul Collins Startup list

[ResumeFixClocks]
Number=8642
Confirmed=U
Filename=resumefix.exe
Description=Part of the <a href="http://radeontweaker.sourceforge.net/" target="_blank">RadeonTweaker</a> utility for overclocking ATI Radeon graphics cards
Source=Paul Collins Startup list

[retime]
Number=8643
Confirmed=X
Filename=retime.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031019-1413-99" target="_blank">GIPMA</a> TROJAN!
Source=Paul Collins Startup list

[RetrieverScheduler]
Number=8644
Confirmed=U
Filename=retrieverscheduler.exe
Description=<a href="http://www.80-20.com/news/press-releases/2003_09_05.asp" target="_blank">80-20 Retriever</a> from 80-20 - "80-20 Retriever is a powerful personal search tool that encompasses email folders, archived email, and local or network file systems, giving users one point of fast, accurate search for all personal information". Real-time scheduler - shortcut available
Source=Paul Collins Startup list

[RetroExpress]
Number=8645
Confirmed=U
Filename=RetroExpress.exe
Description=EMC (was Dantz) <a href="http://www.emcinsignia.com/products/homeandoffice/retroexpress/" target="_blank">Retrospect Express</a> - backup software for external hardware storage devices
Source=Paul Collins Startup list

[RevoTaskbarApp]
Number=8646
Confirmed=U
Filename=RevoTask.exe
Description=Control Application for M-Audio Revolution 7.1 sound card. The sound card will function without it - but changes to speaker setup and sound modification (Bass/Treble etc) will not be available
Source=Paul Collins Startup list

[RexSyMon]
Number=8647
Confirmed=N
Filename=rexsymon.exe
Description=Intellisync for REX sychronization software for <a href="http://support.intel.com/support/peripherals/xc/pda/" target="_blank">Xircom REX MicroPDAs</a> for sharing information between the PDA and PC
Source=Paul Collins Startup list

[RF]
Number=8648
Confirmed=X
Filename=EC.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineageu.html" target=_blank>LINEAGE-U</a> TROJAN!
Source=Paul Collins Startup list

[rfagent]
Number=8649
Confirmed=U
Filename=rfagent.exe
Description=<a href="http://www.rosecitysoftware.com/reg1aid/" target="_blank">Registry First Aid</a> - scans the Windows registry for orphan file/folder references, finds these files or folders on your drives that may have been moved from their initial locations, and then corrects your registry entries to match the located files or folders
Source=Paul Collins Startup list

[rforce]
Number=8650
Confirmed=X
Filename=EXP1ORER.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DROPPER.KN&VSect=T" target=_blank>DROPPER.KN</a> TROJAN! Note the number "1" in the filename rather than letter "L". It also drops another file named DEVICEMAP.SYS which is the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_ROOTKIT.O" target=_blank>ROOTKIT.O</a> TROJAN!
Source=Paul Collins Startup list

[RFTray]
Number=8651
Confirmed=N
Filename=RFTRay.exe
Description=Reality Fusion GameCam Video Interaction Technology Software that comes with the Logitech QuickCam PC video camera and other USB cameras. It's only an icon that appears on your System Tray. Available via Start -> Programs
Source=Paul Collins Startup list

[rfw]
Number=8652
Confirmed=Y
Filename=Rfw.exe
Description=<a href="http://www.ravantivirus.com/" target=_blank>RAV</a> AntiVirus

Source=Paul Collins Startup list

[rfwydg]
Number=8653
Confirmed=?
Filename=rfwydg.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[RFX_auto_upgrade]
Number=8654
Confirmed=N
Filename=rundll32.exe npvpg005.dll
Description=A browser plugin called the RichFX player. <a href="http://download.richfx.com/player/uninstall.exe">Here</a> is a link to download RichFX's solution to removing the auto upgrade
Source=Paul Collins Startup list

[Rg2catbd]
Number=8655
Confirmed=X
Filename=Rg2catbd.exe
Description=Added by a variant of the BANLOAD family of TROJANS!
Source=Paul Collins Startup list

[RH]
Number=8656
Confirmed=U
Filename=rh32.exe
Description=EuroFonts - adds Euro symbols to pre-Euro computers
Source=Paul Collins Startup list

[Rhino]
Number=8657
Confirmed=X
Filename=[random name]32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110916-0038-99" target=_blank>BOFRA.A</a> WORM!
Source=Paul Collins Startup list

[RhinoBlocker]
Number=8658
Confirmed=U
Filename=RhinoBlocker.exe
Description=<a href="http://www.rhinoblocker.com/" target="_blank">RhinoBlocker</a> - pop-up stopper
Source=Paul Collins Startup list

[RHPTray]
Number=8659
Confirmed=N
Filename=RHPTray.exe
Description=System tray access to <a href="http://www.redhotpawn.com/" target=_blank>Red Hot Pawn</a> - online chess

Source=Paul Collins Startup list

[RHSI SHS]
Number=8660
Confirmed=N
Filename=SHS.exe
Description=<a href="http://www.rogershelp.com/help/content/download/software/softwareinfo.shtml" target="_blank">Rogers Hi-Speed Internet</a> software. "Should you ever lose access to your Rogers Hi-Speed Internet connection or e-mail, the Self-Healing Software (SHS.exe) will automatically repair your settings to get you up and running in a flash"
Source=Paul Collins Startup list

[RichMedia]
Number=8661
Confirmed=X
Filename=HBHelper.dll
Description=<a href="http://www.sophos.com/virusinfo/analyses/henbang.html" target="_blank">HenBang</a> adware
Source=Paul Collins Startup list

[RichMedia]
Number=8662
Confirmed=X
Filename=rundll32.exe [path] hbcast.dll, WaitWindows
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-121917-4147-99" target="_blank">Henbang</a> adware variant
Source=Paul Collins Startup list

[richup]
Number=8663
Confirmed=X
Filename=richup.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050804-2316-99" target=_blank>SafeSurfing</a> adware

Source=Paul Collins Startup list

[RightFAX Print-to-Fax Driver]
Number=8664
Confirmed=U
Filename=FaxCtrl.exe
Description=Part of <a href="http://www.captaris.com/rightfax/index.html" target="_blank">RightFAX</a> from Captaris - "the proven market leader in fax server and document delivery software"
Source=Paul Collins Startup list

[Ring Central Fax]
Number=8665
Confirmed=U
Filename=rcenterrll.exe
Description=Only needed if you want a PC to answer faxes automatically
Source=Paul Collins Startup list

[rIOphosIs]
Number=8666
Confirmed=X
Filename=rIOPHosIs.vBS
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090917-5916-99" target="_blank">RIOSYS</a> MACRO!
Source=Paul Collins Startup list

[Riorad Manager]
Number=8667
Confirmed=N
Filename=riomgr.exe
Description="<a href="http://www.redchairsoftware.com/riorad/" target="_blank">Riorad Explorer</a> is hands-down the most advanced Windows software companion for your Rio MP3 player"
Source=Paul Collins Startup list

[RivaTuner]
Number=8668
Confirmed=U
Filename=RivaTuner.exe
Description=<a href="http://guru3d.com/rivatuner/" target="_blank">RivaTuner</a> for tweaking nVidia graphics cards. Required if you make any changes
Source=Paul Collins Startup list

[RivaTunerStartupDaemon]
Number=8669
Confirmed=U
Filename=RivaTuner.exe
Description=<a href="http://guru3d.com/rivatuner/" target="_blank">RivaTuner</a> for tweaking nVidia graphics cards. Required if you make any changes
Source=Paul Collins Startup list

[RjLyraInstaller]
Number=8670
Confirmed=?
Filename=setup.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[rmalt]
Number=8671
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojclickercs.html" target="_blank">CLICKER-CS</a> TROJAN! Filenames spotted inlcude Setup.exe, Keygen.exe, Keygen-Serial.exe, Photoshop.CS2.KeyGen.exe and more
Source=Paul Collins Startup list

[rmctrl]
Number=8672
Confirmed=U
Filename=rmctrl.exe
Description=Remote Control background application for Cyberlink's <a href="http://www.cyberlink.com/multi/products/main_1_ENU.html" target=_blank>PowerDVD</a> version 4 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one

Source=Paul Collins Startup list

[rmdrfje.dll]
Number=8673
Confirmed=X
Filename=rundll32.exe [path] rmdrfje.dll
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadranm.html" target="_blank">DLOADR-ANM</a> TROJAN!
Source=Paul Collins Startup list

[rmmon]
Number=8674
Confirmed=N
Filename=mprmmon.exe
Description=Resource Monitor for the now defunct Chromatic Research MPact2 3DVD graphics card
Source=Paul Collins Startup list

[RMremote]
Number=8675
Confirmed=?
Filename=RmRemote.exe
Description=Remote control driver for <a href="http://www.sigmadesigns.com/products/xcard.htm" target="_blank">REALmagic Xcard</a>.<font color="#FF0000"> Is it required?</font>
Source=Paul Collins Startup list

[rn4d]
Number=8676
Confirmed=X
Filename=dirote.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_MAROON.A" target=_blank>MAROON.A</a> TROJAN!
Source=Paul Collins Startup list

[Rnaomflt]
Number=8677
Confirmed=U
Filename=naomf.exe
Description=<a href="http://www.radiance.m6.net/" target=_blank>Naomi</a> internet filtering software
Source=Paul Collins Startup list

[RNBc Test]
Number=8678
Confirmed=X
Filename=wf32vbs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagr.html" target=_blank>RBOT-AGR</a> WORM!
Source=Paul Collins Startup list

[RNBc Test]
Number=8679
Confirmed=X
Filename=bvldv32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajf.html" target=_blank>RBOT-AJF</a> WORM!
Source=Paul Collins Startup list

[RNBOStart]
Number=8680
Confirmed=U
Filename=sentstrt.exe
Description=Program used to initialise the VxD virtual driver for Sentinel drivers associated with Rainbow H/W keys that plug-in to the parallel port. These are usually supplied with workplace design tools and restrict the use of the software only to the machine to which the H/W key is connected. Required if you have such tools
Source=Paul Collins Startup list

[RNBz Test]
Number=8681
Confirmed=X
Filename=wf32vbc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaey.html" target=_blank>RBOT-AEY</a> WORM!
Source=Paul Collins Startup list

[RNDc Test]
Number=8682
Confirmed=X
Filename=wf32b.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[rndll2]
Number=8683
Confirmed=?
Filename=rndll2.exe
Description=<font color="#FF0000">May be related to the DivX program as a *.dat file in the same directory had "DivXPro505Bundle.exe" mentioned within?</font>
Source=Paul Collins Startup list

[rngmf]
Number=8684
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102714-5526-99" target="_blank">RANKY.C</a> TROJAN!
Source=Paul Collins Startup list

[Rnudll32]
Number=8685
Confirmed=X
Filename=tadxtr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpasso.html" target=_blank>QQPASS-O</a> TROJAN!
Source=Paul Collins Startup list

[rnxqh]
Number=8686
Confirmed=?
Filename=rnxqh.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Roam04]
Number=8687
Confirmed=X
Filename=ActiveX.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojroamera.html" target=_blank>ROAMER-A</a> TROJAN!
Source=Paul Collins Startup list

[RoboForm]
Number=8688
Confirmed=N
Filename=RoboTaskBarIcon.exe
Description=Roboform - password manager and web form filler. Will work without this startup entry, as the "active" component is an integrated Internet Explorer browser plugin
Source=Paul Collins Startup list

[RoboFormWatcher]
Number=8689
Confirmed=N
Filename=RoboFormWatcher.exe
Description=<a href="http://www.roboform.com/" target="_blank">Roboform</a> from Siber Systems. Automatically completes web forms. Available via Start -> Programs
Source=Paul Collins Startup list

[Rocket.Time]
Number=8690
Confirmed=U
Filename=RocketTime.exe
Description=<a href="http://www.rocketsoftware.com/portfolio/rockettime" target="_blank">Rocket.Time</a> - time synchronization software from Rocket Software
Source=Paul Collins Startup list

[Roflcopteur]
Number=8691
Confirmed=X
Filename=seman.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[roketpipe]
Number=8692
Confirmed=?
Filename=rpclient.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Rollback]
Number=8693
Confirmed=U
Filename=RollbackTray.exe
Description=Added by the <a href="http://www.horizondatasys.com/169614.ihtml" target="_blank">RollBack Rx</a> system restore program
Source=Paul Collins Startup list

[rollbk]
Number=8694
Confirmed=X
Filename=dsm.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030723-2605-99" target=_blank>SERFLOG.B</a> WORM!
Source=Paul Collins Startup list

[rollbk]
Number=8695
Confirmed=X
Filename=msmpatch.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030723-2605-99" target=_blank>SERFLOG.B</a> WORM!
Source=Paul Collins Startup list

[rollbk]
Number=8696
Confirmed=X
Filename=svosm.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030723-2605-99" target=_blank>SERFLOG.B</a> WORM!
Source=Paul Collins Startup list

[rollbk]
Number=8697
Confirmed=X
Filename=sysup.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030723-2605-99" target=_blank>SERFLOG.B</a> WORM!
Source=Paul Collins Startup list

[romahere]
Number=8698
Confirmed=X
Filename=matrixhere.exe
Description=<a href="http://allentech.net/parasite/SuperSpider.html" target=_blank>SuperSpider</a> hijacker - a <a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant

Source=Paul Collins Startup list

[romahere2]
Number=8699
Confirmed=X
Filename=************.exe [* = random char]
Description=<a href="http://allentech.net/parasite/SuperSpider.html" target=_blank>SuperSpider</a> hijacker - a <a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant. Also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojkrepperae.html" target= blank>KREPPER-AE</a> TROJAN!

Source=Paul Collins Startup list

[romahere3]
Number=8700
Confirmed=X
Filename=************.exe [* = random char]
Description=<a href="http://allentech.net/parasite/SuperSpider.html" target=_blank>SuperSpider</a> hijacker - a <a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant. Also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojkrepperae.html" target= blank>KREPPER-AE</a> TROJAN!

Source=Paul Collins Startup list

[Root_Machine]
Number=8701
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbandi.html" target=_blank>BANCBAN-DI</a> TROJAN!
Source=Paul Collins Startup list

[ROOT_Machine]
Number=8702
Confirmed=X
Filename=winlogon.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerfi.html" target=_blank>BANKER-FI</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This worm file is placed in the Windows\inf or Winnt\inf folder
Source=Paul Collins Startup list

[ROUTD]
Number=8703
Confirmed=?
Filename=ROUTD.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[RoxAssist]
Number=8704
Confirmed=N
Filename=RoxAssist.exe
Description=Roxio Assistant is designed to correct Engine Initialization errors. If Easy CD & DVD Creator's Engine does not initialize, the applications in Easy CD & DVD Creator will not recognize your recorder. After running this program you should receive the message "Engine initialized successfully with full recorder support". If you do not receive the message, update your Virus software and then check and clean your system for viruses. After the removal of any viruses, uninstall and then reinstall Easy CD & DVD Creator (use "Add Remove Programs" in "Control Panel"). Can be run manually
Source=Paul Collins Startup list

[Roxio Engine]
Number=8705
Confirmed=?
Filename=MSMNGR32.EXE
Description=<font color="#FF0000">Not believed to be a valid Roxio program - more likely a variant on the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_WOMANIZ.A" target="_blank"> WOMANIZ.A</a> TROJAN!</font>
Source=Paul Collins Startup list

[RoxioAudioCentral]
Number=8706
Confirmed=N
Filename=RxMon.exe
Description=Part of Roxio EasyCD Creator 6.0 - places the Roxio AudioCentral icon in you system tray. "Includes a player, media manager, ripper, tag and sound editor - integrated in a single application". Not required for Roxio to work properly. 
Source=Paul Collins Startup list

[RoxioDragToDisc]
Number=8707
Confirmed=N
Filename=DrgToDsc.exe
Description=Part of Roxio EasyCD Creator 6.0 - places the Roxio Drag-to-Disc icon in you system tray. "Easily drag and drop files for burning to CD or DVD. Disc formatting and burning will happen automatically". Not required for Roxio to work properly
Source=Paul Collins Startup list

[RoxioEngineUtility]
Number=8708
Confirmed=Y
Filename=EngUtil.exe
Description=Part of Roxio EasyCD Creator 6.0 - corrects any modification made to the Roxio Engine, it exits after checking
Source=Paul Collins Startup list

[RoxWatchTray]
Number=8709
Confirmed=N
Filename=RoxWatchTray.exe
Description=System Tray icon installed by Roxio Easy Media Creator 8 and which allows you to configure your watched folders or to turn the “Watched Folders” feature of Roxio ON or OFF
Source=Paul Collins Startup list

[RP32]
Number=8710
Confirmed=U
Filename=rp32.exe
Description=<a href="http://www3.ca.com/solutions/Product.aspx?ID=228" target="_blank">Unicenter Remote Control</a> (was Remotely Possible) from Enterprise International for remote control and access to Win9x/NT systems
Source=Paul Collins Startup list

[RPC]
Number=8711
Confirmed=X
Filename=MSschost.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>GAOBOT/AGOBOT</a> WORM!
Source=Paul Collins Startup list

[RPC Patcher]
Number=8712
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112019-2425-99" target="_blank">BOLGI</a> WORM!
Source=Paul Collins Startup list

[RPC Service]
Number=8713
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooraad.html" target="_blank">AAD</a> TROJAN!
Source=Paul Collins Startup list

[rpc Win32]
Number=8714
Confirmed=X
Filename=shost32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabl.html" target= blank>RBOT-ABL</a> WORM!
Source=Paul Collins Startup list

[rpc Win32]
Number=8715
Confirmed=X
Filename=spoolscv.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[rpcc]
Number=8716
Confirmed=X
Filename=rpcc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojspammite.html" target="_blank">SPAMMIT-E</a> TROJAN!
Source=Paul Collins Startup list

[rpcda Win32]
Number=8717
Confirmed=X
Filename=rpcda.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaee.html" target=_blank>RBOT-AE</a> WORM!
Source=Paul Collins Startup list

[RPCser32g]
Number=8718
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ritdoorc.html" target=_blank>RITDOOR-C</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
Source=Paul Collins Startup list

[RPCserr32g]
Number=8719
Confirmed=X
Filename=winlogon.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ritdoorb.html" target=_blank>RITDOOR-B</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target=_blank>winlogon.exe</a> process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder
Source=Paul Collins Startup list

[RPCserv32]
Number=8720
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-012012-2236-99" target=_blank>MYDOOM.AL</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
Source=Paul Collins Startup list

[RPCserv32g]
Number=8721
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-070416-3225-99" target=_blank>BOBAX.AA</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
Source=Paul Collins Startup list

[RPCserv32g]
Number=8722
Confirmed=X
Filename=CSRSS.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BOBAX.AD&VSect=P" target=_blank>BOBAX.AD</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[RPCserv32g]
Number=8723
Confirmed=X
Filename=MSDEFR.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BOBAX.AD&VSect=P" target=_blank>BOBAX.AD</a> WORM!
Source=Paul Collins Startup list

[RPCserv32g]
Number=8724
Confirmed=X
Filename=NB32EXT2.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BOBAX.AD&VSect=P" target=_blank>BOBAX.AD</a> WORM!
Source=Paul Collins Startup list

[RPCserv32g]
Number=8725
Confirmed=X
Filename=WINLOGON.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BOBAX.AD&VSect=P" target=_blank>BOBAX.AD</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target=_blank>winlogon.exe</a> process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder
Source=Paul Collins Startup list

[RPCSS.exe]
Number=8726
Confirmed=Y
Filename=rpcss.exe
Description=Remote Procedure Call. Required by windows for programs to communicate with each other on networks/different machines. Originally for NT only but now installed with Win98/98se. Under Win98/98se, a program may need it to communicate with other components of itself. You could delete the program but if any abnormalities occur soon after then reinstall. Under NT, deleting this critical system component will disable the OS. For a more detailed explanation see <a href="http://www.cexx.org/rpc.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[RpcxWindows Extensions]
Number=8727
Confirmed=X
Filename=rpcxwinex.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ACP" target="_blank">RBOT.ACP</a> WORM!
Source=Paul Collins Startup list

[Rr2]
Number=8728
Confirmed=X
Filename=rundll32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagadi.html" target="_blank">LINEAG-ADI</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll32/" target=_blank>rundll32.exe</a> process, which is found in the Windows folder (98\ME) or the System32 folder(NT\2000\XP). This file is located in an "addins" sub-folder
Source=Paul Collins Startup list

[RRMedic]
Number=8729
Confirmed=X
Filename=rrmedic.exe
Description=Troubleshooting utility for the <a href="http://www.rr.com/rdrun/" target="_blank">RoadRunner</a> cable internet service. Not required and you are advised to completely uninstall it. Provides a lot of false alarms and gets a lot of people panicking about there internet connection
Source=Paul Collins Startup list

[rscmpt]
Number=8730
Confirmed=U
Filename=rscmpt.exe
Description=Required on the GeFroce 64 meg MX card to show the full 64 meg memory and appears to be a software memory emulator running under the Win2K - see <a href="http://www.guru3d.com/comments.php?category=1&amp;id=673" target="_blank">here</a>. High CPU useage results - hence the U status
Source=Paul Collins Startup list

[rsmb]
Number=8731
Confirmed=X
Filename=rsmb.exe
Description=Added by the <a href="http://www.f-secure.com/v-descs/warezov_c.shtml" target="_blank">WAREZOV.C</a> WORM!
Source=Paul Collins Startup list

[rsMenu]
Number=8732
Confirmed=U
Filename=rsMenu.exe
Description=Synchronizes a Casio PDA with MS Outlook
Source=Paul Collins Startup list

[RSPC Driver]
Number=8733
Confirmed=X
Filename=[random filename].exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotsn.html" target=_blank>RBOT-SN</a> WORM!
Source=Paul Collins Startup list

[RSPC Driver D]
Number=8734
Confirmed=X
Filename=[random filename]
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[RSRCMTZ]
Number=8735
Confirmed=?
Filename=RSRCMTZ.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[RSS]
Number=8736
Confirmed=X
Filename=rundll32 RSSToolbar.dll, DllRunMain
Description="Related Sites" toolbar - SearchAndClick hijacker variant
Source=Paul Collins Startup list

[RssReader]
Number=8737
Confirmed=U
Filename=RssReader.exe
Description=<a href="http://www.rssreader.com/" target="_blank">RssReader</a> - a free RSS reader able to display any RSS and Atom news feed (XML)
Source=Paul Collins Startup list

[RSync]
Number=8738
Confirmed=X
Filename=netsync.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050804-2316-99" target=_blank>SafeSurfing</a> adware
Source=Paul Collins Startup list

[rtasks]
Number=8739
Confirmed=N
Filename=rtasks.exe
Description=WinAntiVirus Pro 2007 virus software - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[rtcdll]
Number=8740
Confirmed=U
Filename=rtcdll.exe
Description=RTCDLL is "Real Time Communication" and is associated with Windows Messenger (the IM application, not messenger service). It is only necessary if you use Windows Messenger.  Most people use MSN Messenger instead, so it is not required in those cases
Source=Paul Collins Startup list

[RTHDCPL]
Number=8741
Confirmed=U
Filename=RTHDCPL.EXE
Description=Realtek HD Audio Sound Effect Manager
Source=Paul Collins Startup list

[RtHDVCpl]
Number=8742
Confirmed=U
Filename=RtHDVCpl.exe
Description=High definition audio codec driver from Realtek Semiconductor
Source=Paul Collins Startup list

[RtlMon.exe]
Number=8743
Confirmed=N
Filename=RtlMon.exe
Description=Monitor for RealTek network card
Source=Paul Collins Startup list

[RTMonitor]
Number=8744
Confirmed=Y
Filename=RTMonitor.exe
Description=Cheyenne (now <a href="http://ca.com/" target=_blank>eTrust</a>) antivirus
Source=Paul Collins Startup list

[rtos]
Number=8745
Confirmed=X
Filename=rtos.exe
Description=IRC trojan
Source=Paul Collins Startup list

[RTStartMute]
Number=8746
Confirmed=?
Filename=N/A
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[rtvscn95]
Number=8747
Confirmed=Y
Filename=RTVSCN95.EXE
Description=Real-time virus scanner component of Norton Anti-Virus Corporate Edition
Source=Paul Collins Startup list

[RtWLan]
Number=8748
Confirmed=U
Filename=RtWLan.exe
Description=Configuration utility for the Netgear <a href="http://www.netgear.com/Products/Adapters/GWirelessAdapters/WG111.aspx" target="_blank">WG111</a> 54 Mbps Wireless USB 2.0 Adapter that "provides wireless access to your desktop or notebook PC through the computer's USB port"
Source=Paul Collins Startup list

[Ruby13]
Number=8749
Confirmed=X
Filename=Ruby13.exe
Description=Added by the <a href="http://smallbiz.symantec.com/security_response/writeup.jsp?docid=2004-091516-4052-99&tabid=2" target="_blank">MEXER.E</a> WORM!
Source=Paul Collins Startup list

[Ruby14]
Number=8750
Confirmed=X
Filename=Ruby14.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32fightruba.html" target=_blank>FIGHTRUB-A</a> WORM!

Source=Paul Collins Startup list

[ruin]
Number=8751
Confirmed=X
Filename=system32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfjm.html" target= blank>DELF-JM</a> TROJAN!
Source=Paul Collins Startup list

[RuLaunch]
Number=8752
Confirmed=U
Filename=RuLaunch.exe
Description=Instant Updater for McAfee's VirusScan, Internet Security, Quick Clean, Uninstaller and Firewall products. In the case of VirusScan leave it enabled unless you update manually on a regular basis
Source=Paul Collins Startup list

[run]
Number=8753
Confirmed=X
Filename=Autoexec.com
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022714-4020-99" target=_blank>HOLCAS.A</a> WORM!
Source=Paul Collins Startup list

[run]
Number=8754
Confirmed=X
Filename=inetinfo.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030215-5059-99" target=_blank>BINGHE</a> TROJAN!
Source=Paul Collins Startup list

[Run]
Number=8755
Confirmed=X
Filename=help.exe
Description=Identified as the DELF.LF by <a href="http://www.ewido.net/en/" target=_blank>Ewido Security Suite</a>
Source=Paul Collins Startup list

[run]
Number=8756
Confirmed=X
Filename=[path] rundll32.exe rsrc.dll
Description=Browser hijacker of Chinese origin, redirecting to 4199.com
Source=Paul Collins Startup list

[Run Msn Messenger]
Number=8757
Confirmed=X
Filename=msnmgr.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.HA" target=_blank>AGOBOT.HA</a> WORM!
Source=Paul Collins Startup list

[Run MSupdt32]
Number=8758
Confirmed=X
Filename=wscript MSupdt32.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-022013-4140-99" target="_blank">CASER</a> WORM!
Source=Paul Collins Startup list

[Run Nintendo Wi-Fi USB Connector Registration Tool]
Number=8759
Confirmed=U
Filename=NintendoWFCReg.exe
Description=Related to <a href="http://www.nintendowifi.com/global/index.jsp" target="_blank">Wi-Fi USB Connector</a> from Nintendo
Source=Paul Collins Startup list

[Run POPFile in background]
Number=8760
Confirmed=U
Filename=perl.exe
Description=<a href="http://popfile.sourceforge.net/" target="_blank">POPFile</a> - E-mail spam blocker
Source=Paul Collins Startup list

[Run POPFile in background]
Number=8761
Confirmed=U
Filename=wperl.exe
Description=<a href="http://popfile.sourceforge.net/" target="_blank">POPFile</a> - E-mail spam blocker
Source=Paul Collins Startup list

[Run Services as Application]
Number=8762
Confirmed=X
Filename=localsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Run Services as Application]
Number=8763
Confirmed=X
Filename=netsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Run Services as Application]
Number=8764
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Run Services as Application]
Number=8765
Confirmed=X
Filename=svcadmin.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Run Services as Application]
Number=8766
Confirmed=X
Filename=svcman.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Run Services as Application]
Number=8767
Confirmed=X
Filename=svcrun.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Run Services as Application]
Number=8768
Confirmed=X
Filename=tcpsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Run Services as Application]
Number=8769
Confirmed=X
Filename=websvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Run StartupMonitor]
Number=8770
Confirmed=U
Filename=StartupMonitor.exe
Description=Mike Lin's <a href="http://www.mlin.net/StartupMonitor.shtml" target="_blank"> StartupMonitor</a>, throws up an alert and asks your permission every time any change is made to your start-up configuration, either in the registry or start menu
Source=Paul Collins Startup list

[Run TaskMrg]
Number=8771
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojldpinchw.html" target=_blank>LDPINCH-W</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows folder
Source=Paul Collins Startup list

[run windows]
Number=8772
Confirmed=X
Filename=servic.bat
Description=Added by the <a href="http://vil.nai.com/vil/content/v_135822.htm" target=_blank>REBOOT-AP</a> TROJAN!
Source=Paul Collins Startup list

[Run XP Service Pack]
Number=8773
Confirmed=X
Filename=xpservicepack.exe
Description=Added by the <a href="http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?lst=det&idvirus=51815" target="_blank">SDBOT.AQA</a> WORM!
Source=Paul Collins Startup list

[Run05]
Number=8774
Confirmed=X
Filename=rundll_32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosdt.html" target=_blank>BANCOS-DT</a> TROJAN!
Source=Paul Collins Startup list

[run32]
Number=8775
Confirmed=X
Filename=run32dll.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotcwb.html" target="_blank">SDBOT-CWB</a> WORM!
Source=Paul Collins Startup list

[run32dll]
Number=8776
Confirmed=X
Filename=WINClock.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[run32dll]
Number=8777
Confirmed=X
Filename=task32.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[Run32dll]
Number=8778
Confirmed=X
Filename=ocxdll.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[run=]
Number=8779
Confirmed=N
Filename=cmmpu.exe
Description=MIDI emulator driver for the integrated sound chip by C-Media based on the CMI-8330 chip set normally found in cheap motherboards. Also installed as part of the software for a Guillemot Maxi Muse sound card (PCI)
Source=Paul Collins Startup list

[run=]
Number=8780
Confirmed=N
Filename=hpfsched
Description=HPFSCHED is a small TSR that will remind you to clean the cartridges in your DeskJet from time to time in order to keep print quality high. It can be removed from the run line in win.ini if you do not want that feature
Source=Paul Collins Startup list

[run=]
Number=8781
Confirmed=N
Filename=lxdboxcp.exe
Description=Lexmark DOS-Printing Control Program for the Lexmark 2050. Only required if you need to print from DOS
Source=Paul Collins Startup list

[run=]
Number=8782
Confirmed=N
Filename=pcfix2k.exe
Description=pcfix2k splash screen
Source=Paul Collins Startup list

[run=]
Number=8783
Confirmed=X
Filename=ptlseq.cpl
Description=PhoenixNet BIOS adware. See <a href="http://www.cexx.org/phoenix.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[run=]
Number=8784
Confirmed=U
Filename=ramsys.exe
Description=<a href="http://www.rayslab.com/startup_manager/startup_manager.html" target="_blank">Advanced Startup Manager</a> from Rays Lab
Source=Paul Collins Startup list

[run=]
Number=8785
Confirmed=?
Filename=wallflip.exe
Description=<font color="#FF0000">Desktop wallpaper changer?</font>
Source=Paul Collins Startup list

[run=]
Number=8786
Confirmed=X
Filename=svcinit.exe
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list

[run=]
Number=8787
Confirmed=X
Filename=fntldr.exe
Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#tapicfg" target=_blank>Tapicfg</a> parasite variant
Source=Paul Collins Startup list

[run=]
Number=8788
Confirmed=Y
Filename=smsrun16.exe
Description=Microsoft Systems Management Server (SMS) related - program that reads SMSRUN16.INI on clients running Win 3.1, Windows for Workgroups, Win95, or OS/2 to create program groups on the client and then launch SMS client programs
Source=Paul Collins Startup list

[run=]
Number=8789
Confirmed=?
Filename=win.ini
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[run=]
Number=8790
Confirmed=X
Filename=RAVMOND.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list

[run=]
Number=8791
Confirmed=X
Filename=real.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list

[run=]
Number=8792
Confirmed=X
Filename=dec25.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-121515-3408-99" target=_blank>ATAK.F</a> WORM!
Source=Paul Collins Startup list

[run=]
Number=8793
Confirmed=?
Filename=LXBTppls.exe
Description=Reportedly part of Lexmark printer software - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list

[run=]
Number=8794
Confirmed=N
Filename=fmedia.exe
Description=FMedia FaxWorks related - can be run manually
Source=Paul Collins Startup list

[run=]
Number=8795
Confirmed=Y
Filename=wswpd.exe
Description=Used with some models of Panasonic, Epson and NEC printers - required for printer to work
Source=Paul Collins Startup list

[run=]
Number=8796
Confirmed=X
Filename=cyxid98.exe
Description=Unidentified malware
Source=Paul Collins Startup list

[run=]
Number=8797
Confirmed=X
Filename=info32.exe
Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#tapicfg" target=_blank>Tapicfg</a> parasite variant
Source=Paul Collins Startup list

[run=]
Number=8798
Confirmed=X
Filename=mouse_configurator.win
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-070814-1115-99" target=_blank>GAGGLE.E</a> WORM!
Source=Paul Collins Startup list

[run=]
Number=8799
Confirmed=X
Filename=RegistryReminder.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_10232.htm" target=_blank>APSTROJAN.OB</a> TROJAN!
Source=Paul Collins Startup list

[run=]
Number=8800
Confirmed=X
Filename=sec5dec.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-121710-1755-99" target=_blank>ATAK.G</a> WORM!
Source=Paul Collins Startup list

[run=]
Number=8801
Confirmed=X
Filename=wmplayer.exe
Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#smartsearch" target=_blank>Smartsearch</a> parasite variant
Source=Paul Collins Startup list

[run=]
Number=8802
Confirmed=X
Filename=Autoexec.com
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022714-4020-99" target=_blank>HOLCAS.A</a> WORM!
Source=Paul Collins Startup list

[run=]
Number=8803
Confirmed=X
Filename=htmlsync.exe
Description=Searchforfree.info browser hijacker
Source=Paul Collins Startup list

[run=]
Number=8804
Confirmed=X
Filename=msoffice.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031409-4054-99" target=_blank>ADWARELOADER</a> TROJAN! Note - do not confuse with the legitimate Microsoft Office file, which would typically be located in the Program Files\Microsoft Office\Office folder!
Source=Paul Collins Startup list

[run=]
Number=8805
Confirmed=X
Filename=DRDOOM.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32semapia.html" target= blank>SEMAPI-A</a> WORM!
Source=Paul Collins Startup list

[run=]
Number=8806
Confirmed=X
Filename=svhost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042517-0213-99" target=_blank>ADMINCASH.B</a> TROJAN!
Source=Paul Collins Startup list

[run=]
Number=8807
Confirmed=X
Filename=dllreg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdumarul.html" target=_blank>DUMARU-L</a> TROJAN!
Source=Paul Collins Startup list

[run=]
Number=8808
Confirmed=X
Filename=mdm.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojproxygg.html" target=_blank>PROXY-GG</a> TROJAN!
Source=Paul Collins Startup list

[run=]
Number=8809
Confirmed=X
Filename=Celine.scr
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcelinea.html" target="_blank">CELINE-A</a> TROJAN!
Source=Paul Collins Startup list

[run=]
Number=8810
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkreppern.html" target="_blank">KREPPER-N</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "inet10066" subfolder of the Windows or Winnt folder
Source=Paul Collins Startup list

[RunAlert]
Number=8811
Confirmed=U
Filename=AService.exe
Description=<a target="_blank" href="http://www.msi.com.tw/program/products/pro_index.php">MSI MOtherboard PC Alert III</a> - MSI motherboard monitoring software. Only required if you &quot;overclock&quot; your system
Source=Paul Collins Startup list

[runAP]
Number=8812
Confirmed=N
Filename=runAP.exe
Description=<font color="#FF0000">Not required but what is it?</font>
Source=Paul Collins Startup list

[runapp]
Number=8813
Confirmed=X
Filename=icqchk.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-012514-0250-99" target=_blank>BOMKA</a> TROJAN!
Source=Paul Collins Startup list

[Runapp32]
Number=8814
Confirmed=X
Filename=Runapp32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-110418-0037-99" target="_blank">NEODURK</a> TROJAN!
Source=Paul Collins Startup list

[RunCA]
Number=8815
Confirmed=Y
Filename=InvokeSvc3.exe
Description=Wireless-G USB Wireless Network Adapter related - would appear to be required
Source=Paul Collins Startup list

[Rund11]
Number=8816
Confirmed=X
Filename=Rund11.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32marioc.html" target=_blank>MARIO-C</a> WORM!
Source=Paul Collins Startup list

[rund1132]
Number=8817
Confirmed=X
Filename=rund1132.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32dopbota.html" target= blank>DOPBOT-A</a> WORM!
Source=Paul Collins Startup list

[Rund1132.exe]
Number=8818
Confirmed=X
Filename=Rund1132.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpahs.html" target=_blank>STARTPA-HS</a> TROJAN!
Source=Paul Collins Startup list

[Rund1l32]
Number=8819
Confirmed=X
Filename=Winfi1e32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121117-0813-99" target="_blank">MERTIAN</a> WORM!
Source=Paul Collins Startup list

[Rundil32]
Number=8820
Confirmed=X
Filename=runlli32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassu.html" target=_blank>QQPASS-U</a> TROJAN!
Source=Paul Collins Startup list

[Rundil32]
Number=8821
Confirmed=X
Filename=Updadv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassn.html" target=_blank>QQPASS-N</a> TROJAN!
Source=Paul Collins Startup list

[rundl332]
Number=8822
Confirmed=X
Filename=math.exe ...pluged.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-020909-2916-99" target="_blank">DOOMJUICE</a> WORM!
Source=Paul Collins Startup list

[rundli32]
Number=8823
Confirmed=X
Filename=rundli32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082517-3522-99" target="_blank">LADE</a> WORM!
Source=Paul Collins Startup list

[RunDLL]
Number=8824
Confirmed=X
Filename=rundll32.exe bridge.dll, Load
Description=Flingstone.com browser hijacker
Source=Paul Collins Startup list

[Rundll]
Number=8825
Confirmed=X
Filename=Rundll~.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delfkt.html" target=_blank>DELF-KT</a> TROJAN!
Source=Paul Collins Startup list

[Rundll]
Number=8826
Confirmed=X
Filename=rundll32.exe [random file name].dll "taskmon"
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.IG&VSect=P" target=_blank>MYTOB.IG</a> WORM!
Source=Paul Collins Startup list

[RunDll]
Number=8827
Confirmed=X
Filename=RunDll.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassah.html" target=_blank>QQPASS-AH</a> TROJAN! Note - this is NOT the Windows system file of the same name as described <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll/" target=_blank>here</a>
Source=Paul Collins Startup list

[rundll***]
Number=8828
Confirmed=X
Filename=die.exe [path] mdll.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080116-2904-99" target="_blank">SUMTAX</a> TROJAN! where *** is 134, 569, 777 or 946
Source=Paul Collins Startup list

[rundll***]
Number=8829
Confirmed=X
Filename=die.exe [path] secure.bat
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080116-2904-99" target="_blank">SUMTAX</a> TROJAN! where *** is 134, 569, 777 or 946
Source=Paul Collins Startup list

[rundll***]
Number=8830
Confirmed=X
Filename=die.exe [path] secure.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080116-2904-99" target="_blank">SUMTAX</a> TROJAN! where *** is 134, 569, 777 or 946
Source=Paul Collins Startup list

[rundll***]
Number=8831
Confirmed=X
Filename=die.exe [path] ttg.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080116-2904-99" target="_blank">SUMTAX</a> TROJAN! where *** is 134, 569, 777 or 946
Source=Paul Collins Startup list

[Rundll16]
Number=8832
Confirmed=X
Filename=Rundll16.exe
Description=Added by a number of VIRUSES, WORMS and TROJANS!
Source=Paul Collins Startup list

[Rundll32]
Number=8833
Confirmed=X
Filename=Rundll32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-031016-5849-99" target="_blank">DVLDR</a> TROJAN! Note - this is not the valid "Rundll32.exe" as it's in the Windows\Fonts directory
Source=Paul Collins Startup list

[RUNDLL32]
Number=8834
Confirmed=N
Filename=RUNDLL32.EXE NvQtwk, NvCplDaemon
Description=System Tray icon used to change display settings, change the clock rate and memory speed for nVidia based graphics cards. This is unnecessary since you can easily configure these settings the way you want them in the Display Properties and not have to mess with them again. Also disable the "NVIDIA Driver Helper Service" if enabled as it can cause this entry to be re-enabled on re-boot (note that this service can also cause extreme shutdown delays if enabled - see <a href="http://www.blackviper.com/WinXP/strangeservice.htm" target="_blank">here</a>)
Source=Paul Collins Startup list

[RunDLL32]
Number=8835
Confirmed=N
Filename=RunDLL32.exe NvMCTray.dll, NvTaskbarInit
Description=System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties
Source=Paul Collins Startup list

[rundll32]
Number=8836
Confirmed=U
Filename=Rundll32.exe Wf2kcpl.dll DllLoadDefaultSettings
Description=Loads default settings for Leadtek Winfast graphics cards
Source=Paul Collins Startup list

[RunDLL32]
Number=8837
Confirmed=X
Filename=winupdate.exe
Description=Added by an unidentified TROJAN! - possibly a <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021418-3605-99" target="_blank">BMBOT</a> variant
Source=Paul Collins Startup list

[Rundll32]
Number=8838
Confirmed=X
Filename=Windows.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092815-0339-99" target="_blank">QQPASS.E</a> TROJAN!
Source=Paul Collins Startup list

[Rundll32]
Number=8839
Confirmed=U
Filename=Rundll32.exe ptipbm.dll, SetWriteBack
Description=Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. Tells the drivers that the connected Drives should use the "Write Back" Caching. You can disable this if you don't want to use "Write Back" Caching or if you have not connected any driver to your Promise Controller

Source=Paul Collins Startup list

[rundll32]
Number=8840
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111308-1926-99" target="_blank">AUTEX</a> WORM!
Source=Paul Collins Startup list

[rundll32]
Number=8841
Confirmed=?
Filename=rundll32.exe ptipbmf.dll, SetWriteCacheMode
Description=Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. <font color="#FF0000">May be necessary in order to maintain preferences applied to the RAID array connected to the Promise controller</font>
Source=Paul Collins Startup list

[rundll32]
Number=8842
Confirmed=X
Filename=rundll32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-012217-2400-99" target="_blank">SANKER</a> WORM! Note that the valid "rundll32.exe" resides in C:\Windows\System32 wheras this version resides in C:\Windows
Source=Paul Collins Startup list

[rundll32]
Number=8843
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-020914-0902-99" target=_blank>GUTTA</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows folder
Source=Paul Collins Startup list

[rundll32]
Number=8844
Confirmed=U
Filename=RunDLL32.exe irprops.cpl, BluetoothAuthenticationAgent
Description=Associated with BlueTooth software, and registers the "Infrared Port properties" Control Panel applet. Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click <a href="http://www.winbookcorp.com/_technote/WBTA20000912.htm" target=_blank>here</a> here for more information. In case you no longer have BlueTooth support installed, and don't need it, simply uncheck the entry in Msconfig > Startup
Source=Paul Collins Startup list

[RUNDLL32]
Number=8845
Confirmed=X
Filename=rundl32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32demotrya.html" target=_blank>DEMOTRY-A</a> WORM!
Source=Paul Collins Startup list

[rundll32]
Number=8846
Confirmed=X
Filename=rundll32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentez.html" target=_blank>AGENT-EZ</a> TROJAN! Note - the real rundll32.exe resides in the System (9x/Me) or System32 (NT/2K/XP) folder whereas this file is found in a "SHELLEXT" subfolder
Source=Paul Collins Startup list

[Rundll32]
Number=8847
Confirmed=X
Filename=RUNDDLL32.EXE
Description=Added by the STARTPAGE.AXH TROJAN!
Source=Paul Collins Startup list

[Rundll32 cmicnfg]
Number=8848
Confirmed=N
Filename=Rundll32 cmicnfg.cpl, CMICtrlWnd
Description=System tray control panel for C-Media based soundcards - often included on popular motherboards with in-built audio. Available via Start -> Settings -> Control Panel
Source=Paul Collins Startup list

[RunDll32 essprops]
Number=8849
Confirmed=Y
Filename=RunDll32 essprops.cpl, TaskbarIconWnd
Description=Associated with a Logitech mouse - required for proper operation
Source=Paul Collins Startup list

[Rundll32 P17]
Number=8850
Confirmed=U
Filename=Rundll32 P17.dll, P17Helper
Description=<a href="http://www.soundblaster.com/resources/read.asp?articleid=53937&page=1&cat=2" target="_blank">ASIO</a> (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality
Source=Paul Collins Startup list

[Rundll32.exe]
Number=8851
Confirmed=X
Filename=Proyecto1.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-071316-1355-99" target="_blank">GRUEL</a> WORM!
Source=Paul Collins Startup list

[Rundll32.exe]
Number=8852
Confirmed=X
Filename=Root.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-071316-1355-99" target="_blank">GRUEL</a> WORM!
Source=Paul Collins Startup list

[Rundll32_7]
Number=8853
Confirmed=X
Filename=rundll32.exe MSIEFR40.DLL, DllRunServer
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrowserAid&threatid=3342" target="_blank">BrowserAid/BrowserPal</a> foistware
Source=Paul Collins Startup list

[Rundll32_8]
Number=8854
Confirmed=X
Filename=rundll32.exe inetp60.dll, DllRunServer
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrowserAid&threatid=3342" target="_blank">BrowserAid/BrowserPal</a> foistware
Source=Paul Collins Startup list

[Rundll32_8]
Number=8855
Confirmed=X
Filename=rundll32.exe 1.dll, DllRunServer
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrowserAid&threatid=3342&search=browseraid" target=_blank>BrowserAid/BrowserPal</a> foistware
Source=Paul Collins Startup list

[rundll64]
Number=8856
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111308-1926-99" target="_blank">AUTEX</a> WORM!
Source=Paul Collins Startup list

[RundllSvr]
Number=8857
Confirmed=X
Filename=Rundll.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102516-3248-99" target=_blank>HUAYU</a> WORM! Note - this is NOT the Windows system file of the same name as described <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll/" target=_blank>here</a>
Source=Paul Collins Startup list

[Rundllsystem32]
Number=8858
Confirmed=X
Filename=Rundllsystem32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_NETDEVIL.B" target="_blank"> NETDEVIL.B</a> TROJAN!
Source=Paul Collins Startup list

[Rundnm]
Number=8859
Confirmed=X
Filename=Rundnm.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfha.html" target=_blank>DELF-HA</a> TROJAN!

Source=Paul Collins Startup list

[RUNGogoTools]
Number=8860
Confirmed=X
Filename=LaunchAdware.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061718-0516-99" target=_blank>GoGoTools</a> adware

Source=Paul Collins Startup list

[RUNGogoTools]
Number=8861
Confirmed=X
Filename=GoGoLaunch.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061718-0516-99" target=_blank>GoGoTools</a> adware
Source=Paul Collins Startup list

[RUNHYPER]
Number=8862
Confirmed=X
Filename=hyperx.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[runing]
Number=8863
Confirmed=X
Filename=win.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelflc.html" target=_blank>DELF-LC</a> TROJAN!
Source=Paul Collins Startup list

[RUNLOAD]
Number=8864
Confirmed=X
Filename=l0ad.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[RUNLOUD]
Number=8865
Confirmed=X
Filename=loud.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[Runmarc8mManager]
Number=8866
Confirmed=U
Filename=marc8m95.exe
Description=MARC Sound System Manager for the <a href="http://www.marian.de/en/products/marc_8_midi" target=_blank>Marc 8 MIDI</a> sound card - allows for easy adjustment of the settings
Source=Paul Collins Startup list

[Runner]
Number=8867
Confirmed=X
Filename=lsass.exe [trojan filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdrowsyb.html" target=_blank>DROWSY-B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located the Winnt or Windows folder
Source=Paul Collins Startup list

[Runner]
Number=8868
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojadclickag.html" target=_blank>ADCLICK-AG</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[Runner]
Number=8869
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojadclickag.html" target=_blank>ADCLICK-AG</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[Runner]
Number=8870
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojadclickag.html" target=_blank>ADCLICK-AG</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[runner1]
Number=8871
Confirmed=X
Filename=updater.exe
Description=Added by the CRYPT.ULPM.GEN TROJAN!
Source=Paul Collins Startup list

[RunOnce]
Number=8872
Confirmed=U
Filename=RUNONCE.EXE
Description=Part of MS Data Access Components - only required if you use these
Source=Paul Collins Startup list

[RunOnceEx]
Number=8873
Confirmed=X
Filename=sms.exe
Description=Identified as the DELF.LF by <a href="http://www.ewido.net/en/" target=_blank>Ewido Security Suite</a>
Source=Paul Collins Startup list

[RunProg]
Number=8874
Confirmed=X
Filename=Server.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_OPTIX.04.A" target="_blank">OPTIX.04.A</a> TROJAN!
Source=Paul Collins Startup list

[RunProg]
Number=8875
Confirmed=X
Filename=wini.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021222-1854-99" target="_blank">OPTIX.04.D</a> TROJAN!
Source=Paul Collins Startup list

[runreper]
Number=8876
Confirmed=X
Filename=viewer.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-122709-3359-99" target=_blank>REPER.A</a> VIRUS!
Source=Paul Collins Startup list

[runs]
Number=8877
Confirmed=X
Filename=run.exe
Description=Added by the  <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbwf.html" target=_blank>RBOT-BWF</a> WORM!
Source=Paul Collins Startup list

[RunSearvices]
Number=8878
Confirmed=X
Filename=tread.exe
Description=Identified as the DELF.LF by <a href="http://www.ewido.net/en/" target=_blank>Ewido Security Suite</a>
Source=Paul Collins Startup list

[RunServices]
Number=8879
Confirmed=X
Filename=runsvc32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.QJ" target=_blank>AGOBOT.QJ</a> WORM!

Source=Paul Collins Startup list

[runSubvalues]
Number=8880
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderqy.html" target="_blank">DLOADER-QY</a> TROJAN!
Source=Paul Collins Startup list

[RunSysd32]
Number=8881
Confirmed=U
Filename=RunSysd32.exe
Description=DesktopShield2000 by Stéphane Groleau. Locks the desktop at bootup so that users cannot bypass the Windows screensaver password. Only essential if using the program and is an optional setting. It can be disabled from within
Source=Paul Collins Startup list

[Runtime Process]
Number=8882
Confirmed=X
Filename=Csrss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojciadoorj.html" target=_blank>CIADOOR-J</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[Runtt1]
Number=8883
Confirmed=X
Filename=Internat.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineager.html" target=_blank>LINEAGE-R</a> TROJAN!
Source=Paul Collins Startup list

[Runtt1]
Number=8884
Confirmed=X
Filename=Internet.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineageq.html" target=_blank>LINEAGE-Q</a> TROJAN!
Source=Paul Collins Startup list

[RunWin]
Number=8885
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankeres.html" target=_blank>BANKER-ES</a> TROJAN!
Source=Paul Collins Startup list

[runwin32]
Number=8886
Confirmed=X
Filename=runwin32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojesearcha.html" target="_blank">ESEARCH-A</a> TROJAN!
Source=Paul Collins Startup list

[RUNWIN32]
Number=8887
Confirmed=X
Filename=runwin32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbaet.html" target=_blank>VB-AET</a> TROJAN!
Source=Paul Collins Startup list

[RunWindowsUpdate]
Number=8888
Confirmed=X
Filename=uptodate.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrowserAid&threatid=3342" target="_blank">BrowserAid/BrowserPal</a> foistware
Source=Paul Collins Startup list

[Run[0]]
Number=8889
Confirmed=X
Filename=syscnfg.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in C:\windows\fonts (or C:\winnt\fonts) directory where no *.exe files should reside
Source=Paul Collins Startup list

[Run_cd]
Number=8890
Confirmed=X
Filename=Run_cd.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_GHOST.23" target="_blank">GHOST.23</a> TROJAN!

Source=Paul Collins Startup list

[run_pbnext]
Number=8891
Confirmed=Y
Filename=PBNext.exe
Description=<a href="http://www.pbnext.com/" target=_blank>PBNext</a> is virtual phone system which offers the same functionality as expensive PBX hardware
Source=Paul Collins Startup list

[Rupsw32]
Number=8892
Confirmed=U
Filename=Rupsw32.exe
Description=<a href="http://www.megatec.com.tw/" target= blank>MegaTec</a> Rups, UPS monitoring software - monitor and control DB9 UPS running on either Windows & Novell NetWare (with RUPS 2000) or Unix (with RUPS for Unix / Plus) operating systems
Source=Paul Collins Startup list

[RUSBHOLoader]
Number=8893
Confirmed=?
Filename=rundll32.exe RUSBHOLoader.dll, AutoRegister
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[RVC6Player]
Number=8894
Confirmed=X
Filename=tskdbg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzapchasm.html" target=_blank>ZAPCHAS-M</a> TROJAN!
Source=Paul Collins Startup list

[rvde]
Number=8895
Confirmed=X
Filename=N/A
Description=Related to li-speed****
Source=Paul Collins Startup list

[RVP]
Number=8896
Confirmed=X
Filename=bpc.exe
Description=Spyware included with the latest version of Grokster. Also see <a href="http://www.spywareinfo.com/yabbse/index.php?board=11;action=display;threadid=4585;start=0" target="_blank">here</a>
Source=Paul Collins Startup list

[rx]
Number=8897
Confirmed=X
Filename=rundll32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagebp.html" target=_blank>Lineage-BP</a> TROJAN! Note - this is not the legitimate Windows process (Which is found in the Windows folder for 9x\Me and the System32 folder for NT\2K\XP). This file is found in the Windows or Winnt folder
Source=Paul Collins Startup list

[rx]
Number=8898
Confirmed=X
Filename=explore.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzhengtua.html" target="_blank">ZHENGTU-A</a> TROJAN!
Source=Paul Collins Startup list

[RxMon]
Number=8899
Confirmed=N
Filename=rxmon9x.exe
Description=Part of <a href="http://support.dell.com/support/topics/global.aspx/support/dsn/en/document?c=us&l=en&s=gen&dn=FA1033021#1" target="_blank">Dell Resolution Assistant</a> - "a diagnostic program that allows you to contact Dell. When factory-installed by Dell, it allowed you to perform hardware and software diagnostics that provided alerts to potential problems and enabled real-time communication with Dell RA techs. You can now use RA only to contact Dell by e-mail"
Source=Paul Collins Startup list

[RxUser]
Number=8900
Confirmed=N
Filename=RxUser.exe
Description=Part of <a href="http://support.dell.com/support/topics/global.aspx/support/dsn/en/document?c=us&l=en&s=gen&dn=FA1033021#1" target="_blank">Dell Resolution Assistant</a> - "a diagnostic program that allows you to contact Dell. When factory-installed by Dell, it allowed you to perform hardware and software diagnostics that provided alerts to potential problems and enabled real-time communication with Dell RA techs. You can now use RA only to contact Dell by e-mail"
Source=Paul Collins Startup list

[rzt]
Number=8901
Confirmed=X
Filename=rundll32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY_LINEAGE.BDP" target="_blank">LINEAGE.BDP</a> TROJAN!
Source=Paul Collins Startup list

[r_server]
Number=8902
Confirmed=Y
Filename=r_server.exe
Description=<a href="http://www.antivirus.com.au/radmin/default.htm" target="_blank">Radmin</a> - remote admistrator server
Source=Paul Collins Startup list

[r_server]
Number=8903
Confirmed=X
Filename=service.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmultidrcp.html" target= blank>MULTIDR-CP</a> TROJAN!
Source=Paul Collins Startup list

[S]
Number=8904
Confirmed=X
Filename=svhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotln.html" target="_blank">AGOBOT-LN</a> WORM!
Source=Paul Collins Startup list

[S0undMan]
Number=8905
Confirmed=X
Filename=svch0st.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-070809-3902-99" target=_blank>LOVGATE.AB</a> WORM! Note - the filename has the digit 0 rather then the uppercase "o"
Source=Paul Collins Startup list

[S24EvMon]
Number=8906
Confirmed=?
Filename=S24EvMon.exe
Description=Event Monitor - supports driver extensions to NIC Driver for wireless adapters.<font color="#FF0000"> Is it required?</font>
Source=Paul Collins Startup list

[S3 Internal Chip]
Number=8907
Confirmed=X
Filename=s3serv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotdd.html" target=_blank>AGOBOT-DD</a> WORM!
Source=Paul Collins Startup list

[S3apphk]
Number=8908
Confirmed=N
Filename=S3apphk.exe
Description=A tool installed alongside the drivers for your S3 video output device. It is not necessary but should be allowed to run unless it is causing problems
Source=Paul Collins Startup list

[S3Hotkey]
Number=8909
Confirmed=U
Filename=s3hotkey.exe
Description=Hotkey system tray icon to enable switching between monitors. Found on laptops with an S3 Twister integrated graphics card
Source=Paul Collins Startup list

[S3Mon]
Number=8910
Confirmed=?
Filename=S3Mon.exe
Description=S3DuoVue multi-monitor taskbar helper by S3 Graphics. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[S3TRAY]
Number=8911
Confirmed=N
Filename=S3Tray.exe
Description=S3 display configuration taskbar utility for S3 chipset based graphics cards. Can be run from Start-&gt; Settings -&gt; Control Panel -&gt; Display
Source=Paul Collins Startup list

[s3tray2]
Number=8912
Confirmed=?
Filename=s3tray2.exe
Description=<font color="#FF0000">Same as the s3tray entry in this table?</font>
Source=Paul Collins Startup list

[S3TRAYHP]
Number=8913
Confirmed=?
Filename=S3trayhp.exe
Description=S3 Video driver related. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[S4F]
Number=8914
Confirmed=U
Filename=S4F.exe
Description=<a href="http://www.familyconnect.com/products.html" target="_blank">FilterPak</a> from S4F, Inc - internet filtering software
Source=Paul Collins Startup list

[s4helper]
Number=8915
Confirmed=X
Filename=s4helper.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453077927" target="_blank">Searchcentrix</a> hijacker
Source=Paul Collins Startup list

[SA]
Number=8916
Confirmed=?
Filename=Sa3.exe
Description=Logitech QuickCam driver.<font color="#FF0000"> Is it required?</font>
Source=Paul Collins Startup list

[SA Service]
Number=8917
Confirmed=?
Filename=SAservice.exe
Description=Associated with Cyber Trio and Warner troubleshooting software from<font color="#FF0000"> </font>G-Tek Technologies and pre-installed on some Packard Bell and NEC PCs. <font color="#FF0000">What function does this perform and is it required?</font>
Source=Paul Collins Startup list

[Sa3dsrv]
Number=8918
Confirmed=N
Filename=Sa3dsrv.exe
Description=3D sound extension for Windows
Source=Paul Collins Startup list

[saap]
Number=8919
Confirmed=X
Filename=saap.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=180solutions.NCase&threatid=8869" target="_blank">NCase</a> adware
Source=Paul Collins Startup list

[Sabreserver]
Number=8920
Confirmed=N
Filename=SABSERV.EXE
Description=Airline reservation software from Sabre. Available via Start -> Programs
Source=Paul Collins Startup list

[sac]
Number=8921
Confirmed=X
Filename=sac.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=180solutions.NCase&threatid=8869" target="_blank">NCase</a> adware
Source=Paul Collins Startup list

[SACC]
Number=8922
Confirmed=X
Filename=sacc.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062716-0109-99" target=_blank>SurfAccuracy</a> adware
Source=Paul Collins Startup list

[SAClient]
Number=8923
Confirmed=N
Filename=RegCon.exe
Description=AT&T or ComCast BBClient - monitors system and network-delivered services for availability. Your current network status is displayed on a color-coded web page in near-real time. When problems are detected, you're immediately notified by e-mail, pager, or text messaging
Source=Paul Collins Startup list

[Safe]
Number=8924
Confirmed=X
Filename=SafeWin.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-092915-0555-99" target="_blank">FOCOSENHA</a> TROJAN!
Source=Paul Collins Startup list

[Safe]
Number=8925
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerdt.html" target=_blank>BANKER-DT</a> TROJAN!
Source=Paul Collins Startup list

[SafeGuard Popup Blocker Updater]
Number=8926
Confirmed=X
Filename=regsvr32 [path] sfgupd.dll
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453082734" target="_blank">SafeguardProtect/Veevo</a> hijacker
Source=Paul Collins Startup list

[SafeGuard Popup Blocker Updater (required)]
Number=8927
Confirmed=X
Filename=regsvr32 [path] sfg****.dll [* = ramdom char]
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453082734" target="_blank">SafeguardProtect/Veevo</a> hijacker
Source=Paul Collins Startup list

[SafeGuard Popup Updater (required)]
Number=8928
Confirmed=X
Filename=regsvr32 [path] sfg****.dll [* = random char]
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453082734" target="_blank">SafeguardProtect/Veevo</a> hijacker
Source=Paul Collins Startup list

[SafeGuard Popup Updater (required)]
Number=8929
Confirmed=X
Filename=regsvr32 [path] PDF****.dll [* = random char]
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453082734" target="_blank">SafeguardProtect/Veevo</a> hijacker
Source=Paul Collins Startup list

[SafeHouseSystemTray]
Number=8930
Confirmed=U
Filename=SDWTRAY.EXE
Description=<a href="http://www.pcdynamics.com/SafeHousePP/" target=_blank>SafeHouse</a> "Personal Privacy" system tray icon - PP protects and hides your private and personal photos, videos, files and folders by making them "invisible" and encrypted
Source=Paul Collins Startup list

[SafeInstall.exe]
Number=8931
Confirmed=N
Filename=SAFEIN~1.EXE
Description=Monitors a download and ensures an newer version of a file isn't replaced by an older one
Source=Paul Collins Startup list

[SafeOFF]
Number=8932
Confirmed=N
Filename=SafeOff.exe
Description=Provides protection that if user accidentally presses the power switch a dialog will pop up for confirmation
Source=Paul Collins Startup list

[SafeSearch]
Number=8933
Confirmed=X
Filename=safesearch.exe
Description=<a href="http://www.trendmicro.com/vinfo/grayware/ve_GraywareDetails.asp?GNAME=ADW%5FSAFESEARCH%2EA" target="_blank">SafeSearch.A</a> adware

Source=Paul Collins Startup list

[SafeSurfingUpdate]
Number=8934
Confirmed=X
Filename=SSUpdate.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453072536" target="_blank">MoneyTree</a> parasite - ActiveX control used to download premium-rate dialers

Source=Paul Collins Startup list

[SafetyNet]
Number=8935
Confirmed=U
Filename=ipcTray.exe
Description=<a href="http://www.netveda.com/consumer/safetynet.htm" target=_blank>Safety.Net</a> from Netveda - "offers Internet security, content security and advanced Internet firewall protection for all your LAN computers, and trust controls to block unwanted or harmful applications from accessing the network"

Source=Paul Collins Startup list

[SafetyNet_Notifier]
Number=8936
Confirmed=U
Filename=ipcLn.exe
Description=<a href="http://www.netveda.com/consumer/safetynet.htm" target=_blank>Safety.Net</a> from Netveda - "offers Internet security, content security and advanced Internet firewall protection for all your LAN computers, and trust controls to block unwanted or harmful applications from accessing the network"

Source=Paul Collins Startup list

[Safeworld]
Number=8937
Confirmed=U
Filename=Freedom.exe
Description=SafeWorld Internet Security - now no longer available
Source=Paul Collins Startup list

[Sagate Security Firewall]
Number=8938
Confirmed=X
Filename=sagate.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102715-1124-99" target=_blank>GAOBOT.BOW</a> WORM!
Source=Paul Collins Startup list

[SAgent2ExePath]
Number=8939
Confirmed=N
Filename=SAgent2.exe
Description=Seiko Epson printer status agent. Disable if printer is not used often
Source=Paul Collins Startup list

[SAGENTSERVICE]
Number=8940
Confirmed=U
Filename=Sagent.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-092015-4548-99" target=_blank>TinySpyAgent</a> commercial keystroke logger. Uninstall this software if you did not install it yourself
Source=Paul Collins Startup list

[sagnt]
Number=8941
Confirmed=X
Filename=sagnt.exe
Description=Adware web downloader
Source=Paul Collins Startup list

[SAHagent]
Number=8942
Confirmed=X
Filename=Sahagent.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-052519-4845-99" target="_blank">ShopAtHomeSelect</a> parasite
Source=Paul Collins Startup list

[SAHBundle]
Number=8943
Confirmed=X
Filename=bundle.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-052519-4845-99" target="_blank">ShopAtHomeSelect</a> parasite
Source=Paul Collins Startup list

[SAHBundle]
Number=8944
Confirmed=X
Filename=shop1003.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-052519-4845-99" target="_blank">ShopAtHomeSelect</a> parasite
Source=Paul Collins Startup list

[saie]
Number=8945
Confirmed=X
Filename=saie.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=180solutions.NCase&threatid=8869" target="_blank">NCase</a> adware
Source=Paul Collins Startup list

[SAIMON]
Number=8946
Confirmed=U
Filename=SaiMon.exe
Description=<a href="http://www.saitek.com/" target="_blank">Saitek</a> joystick driver
Source=Paul Collins Startup list

[sain]
Number=8947
Confirmed=X
Filename=sain.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=180solutions.NCase&threatid=8869" target="_blank">NCase</a> adware
Source=Paul Collins Startup list

[sais]
Number=8948
Confirmed=X
Filename=sais.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=180solutions.NCase&threatid=8869" target="_blank">NCase</a> adware
Source=Paul Collins Startup list

[SaiSmart]
Number=8949
Confirmed=?
Filename=SaiSmart.exe
Description="Smart Button Special Sauce" - included with the latest software for Saitek game controllers. Related to the "S", "Shift" or "Smart" button and gives gamers extra features on the buttons. Only required if you use this feature
Source=Paul Collins Startup list

[SaitekAutoConfigure]
Number=8950
Confirmed=U
Filename=saicnfig.exe
Description=Configuration for <a href="http://www.saitek.com/" target="_blank">Saitek</a> game controllers
Source=Paul Collins Startup list

[Sakemsneql]
Number=8951
Confirmed=X
Filename=simenu.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BTO&VSect=P" target=_blank>SDBOT.BTO</a> WORM!
Source=Paul Collins Startup list

[salm]
Number=8952
Confirmed=X
Filename=salm.exe
Description=180Search adware
Source=Paul Collins Startup list

[salm]
Number=8953
Confirmed=X
Filename=salm.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=180solutions.NCase&threatid=8869" target="_blank">NCase</a> adware
Source=Paul Collins Startup list

[Sam-sung]
Number=8954
Confirmed=X
Filename=Sam-sung.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[SAMcal]
Number=8955
Confirmed=U
Filename=SAMcal.exe
Description=<a href="http://home.houston.rr.com/samware/samcal_body.htm" target="_blank">SamCal</a> - calendar/reminder program
Source=Paul Collins Startup list

[Sametime Connect]
Number=8956
Confirmed=U
Filename=Connect.exe
Description=IBM Lotus <a href="http://www-142.ibm.com/software/sw-lotus/products/product3.nsf/wdocs/st75home/" target="_blank">Sametime</a> - instant messaging and Web conferencing software
Source=Paul Collins Startup list

[Samsong]
Number=8957
Confirmed=X
Filename=Samsong.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BNE&VSect=P" target=_blank>SDBOT.BNE</a> WORM!
Source=Paul Collins Startup list

[Samsung]
Number=8958
Confirmed=X
Filename=Samsungs.exe
Description=Added by an <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031015-3147-99" target= blank>IRC TROJAN</a> variant!
Source=Paul Collins Startup list

[SandboxieControl]
Number=8959
Confirmed=U
Filename=Control.exe
Description=<a href="http://www.sandboxie.com/" target="_blank">SandBoxie</a> - allows data to be read from the hard drive by an application but never written back unless you allow it
Source=Paul Collins Startup list

[SandIcon]
Number=8960
Confirmed=N
Filename=SandIcon.exe
Description=SanDisk ImageMate CompactFlash card reader SDDR-31 (USB). Very little use except to place the Sandisk icon beside its drive designation in Windows Explorer. The reader itself will work fine without it. The simplest thing is to just unplug the reader when you're not using it. It may slow the startup by a few nanoseconds, but once the software sees there's no reader, you get back the resources
Source=Paul Collins Startup list

[SANS Service]
Number=8961
Confirmed=X
Filename=sansv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vanebotah.html" target="_blank">VANEBOT-AH</a> WORM!
Source=Paul Collins Startup list

[sapp]
Number=8962
Confirmed=X
Filename=sapp.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=180solutions.NCase&threatid=8869" target="_blank">NCase</a> adware
Source=Paul Collins Startup list

[SaskTel Accelerated Dial-up]
Number=8963
Confirmed=U
Filename=sasktelgui.exe
Description="Experience faster surfing, downloading and e-mail by adding <a href="http://www.sasktel.com/" target="_blank">SaskTel</a> Accelerated Dial-up Internet</a>"
Source=Paul Collins Startup list

[saSyncMgr]
Number=8964
Confirmed=X
Filename=rundll32.exe sasync.dll, SyncWait
Description=Browser hijacker - redirecting to Searchant.com
Source=Paul Collins Startup list

[SATARaid]
Number=8965
Confirmed=U
Filename=SATARaid.exe
Description=RAID driver for serial ATA disks on some motherboards such as the DFI Lanparty range. Only loaded if one is using RAID support on SATA drives
Source=Paul Collins Startup list

[satmat]
Number=8966
Confirmed=X
Filename=satmat.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=VX2.Transponder&threatid=12517" target=_blank>VX2.Transponder</a> parasite updater/installer related
Source=Paul Collins Startup list

[sau]
Number=8967
Confirmed=X
Filename=sau.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453090677" target="_blank">180Solutions</a> adware related
Source=Paul Collins Startup list

[SAUpdate]
Number=8968
Confirmed=U
Filename=SAUpdate.exe
Description=<a href="http://bb4.com/" target="_blank">Big Brother</a> from Quest Software. System and network monitor
Source=Paul Collins Startup list

[SAutoLaunchExe]
Number=8969
Confirmed=U
Filename=SAutoLaunchExe.exe
Description=Sharp Zaurus PDA related, needed to synchronize information with a Desktop or Notebook
Source=Paul Collins Startup list

[SAVAgent]
Number=8970
Confirmed=Y
Filename=SAVAgent.exe
Description=Part of Sophos anti-virus software. Required for centrally administered Sophos updates to work correctly, e.g. automatically updating PCs used by dial-in home or out-of-office users
Source=Paul Collins Startup list

[Save]
Number=8971
Confirmed=X
Filename=Save.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=WhenU.Save&threatid=10810" target=_blank>WhenU.Save</a> adware

Source=Paul Collins Startup list

[SaveDate]
Number=8972
Confirmed=X
Filename=SaveStartDate.Exe
Description=Unidentified adware
Source=Paul Collins Startup list

[Savenow]
Number=8973
Confirmed=X
Filename=SaveNow.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=WhenU.Save&threatid=10810" target=_blank>WhenU.Save</a> adware

Source=Paul Collins Startup list

[Savenow]
Number=8974
Confirmed=X
Filename=savenow.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092620-2739-99" target="_blank">SPREDA.B</a> VIRUS!
Source=Paul Collins Startup list

[SAW]
Number=8975
Confirmed=X
Filename=saw.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051312-2501-99" target=_blank>SmartAdware</a> adware
Source=Paul Collins Startup list

[Say The Time 5.0]
Number=8976
Confirmed=U
Filename=SAYTIME.EXE
Description=This program has audio cues for the system clock in male and female voices, customizes the appearance of the system clock, and can synchronize it to a time server regularly
Source=Paul Collins Startup list

[SB]
Number=8977
Confirmed=U
Filename=SB.exe
Description=Acer Soft Button on Acer Tablet PCs

Source=Paul Collins Startup list

[SB Audigy 2 Startup Menu]
Number=8978
Confirmed=N
Filename=/l:eng
Description=Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function
Source=Paul Collins Startup list

[SB Watchdog]
Number=8979
Confirmed=X
Filename=SBWatchdog.exe
Description=Spyware utility installed by the manufacturers of some laptops (Sony) used to monitor browsing habits and send them back to whoever installed it - released by SoftBank
Source=Paul Collins Startup list

[SB13mini]
Number=8980
Confirmed=X
Filename=RYZO32.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotej.html" target=_blank>SPYBOT-EJ</a> WORM!
Source=Paul Collins Startup list

[SBAutoUpdate]
Number=8981
Confirmed=U
Filename=sbautoupdate.exe
Description=SpywareBlaster <a href="http://www.javacoolsoftware.com/spywareblaster.html" target="_blank">auto-updater</a>
Source=Paul Collins Startup list

[SBC Self Support Tool]
Number=8982
Confirmed=U
Filename=matcli.exe
Description=matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file. The SBC Self Support Tool is required to run with the Help and Support program. If you uncheck SBC and and then run Help and Support it will add another SBC entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide
Source=Paul Collins Startup list

[SBC Yahoo! Connection Manager]
Number=8983
Confirmed=N
Filename=ConnectionManager.exe
Description=Used to create and connect your SBC Yahoo DSL connection. This program has been reported to cause problems for some users. If you find that it causes you pc to become slow or unstable you should uninstall it (using Add/Remove programs) and manually connect your DSL connection
Source=Paul Collins Startup list

[SBCSTray]
Number=8984
Confirmed=U
Filename=SBCSTray.exe
Description=System Tray access to <a href="http://www.sunbelt-software.com/Home-Home-Office/CounterSpy/" target="_blank">CounterSpy</a> anti-spyware from Sunbelt Software
Source=Paul Collins Startup list

[SBDrvDet]
Number=8985
Confirmed=U
Filename=SBDrv.exe
Description=Detects the "Easy Front-Panel Audio Connectivity Drive Internal Drive Bay" on the Sound Blaster Audigy 2 Platinium eX. Can be disabled if you don't have one
Source=Paul Collins Startup list

[sbdrvdet]
Number=8986
Confirmed=N
Filename=sbdrvdet.exe
Description=Checks to see if Creative sound card driver should be updated
Source=Paul Collins Startup list

[SBHC]
Number=8987
Confirmed=X
Filename=sbhc.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453075466" target="_blank">SuperBar</a> parasite - uninstall available <a href="http://www.gigatechsoftware.com/superbaruninstall.html" target="_blank">here</a>

Source=Paul Collins Startup list

[SBMPOP]
Number=8988
Confirmed=X
Filename=SBMPop.exe
Description=SearchByMedia adware
Source=Paul Collins Startup list

[SBMX]
Number=8989
Confirmed=N
Filename=sbmx.exe
Description=SoundMAX MPU401 MIDI device emulator for x86 VM DOS games/apps (for Win9x only)
Source=Paul Collins Startup list

[sbss Launcher]
Number=8990
Confirmed=X
Filename=sbss.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-070514-5200-99" target=_blank>SideBySide</a> adware
Source=Paul Collins Startup list

[SbUsb AudCtrl]
Number=8991
Confirmed=U
Filename=RunDll32 sbusbdll.dll, RCMonitor
Description=Control for Soundblaster MP3 external (USB) sound card
Source=Paul Collins Startup list

[sc]
Number=8992
Confirmed=N
Filename=scrubxp.exe
Description=<a href="http://www.bartdart.com/" target="_blank">ScrubXP</a> - utility that deletes safe to remove files, cookies, browsing history, etc
Source=Paul Collins Startup list

[sc]
Number=8993
Confirmed=U
Filename=sc.exe
Description=<a href="http://www.rhombustechnologies.com/main.asp?page=WatchDog" target="_blank">Watchdog 2.0 Software</a> - monitoring program
Source=Paul Collins Startup list

[sc]
Number=8994
Confirmed=U
Filename=run.exe
Description=<a href="http://www.allinonespy.com/" target=_blank>All-In-One_SPY</a> stealth monitoring software - allows monitoring and recording of all actions performed on a computer. It records all keystrokes, remembers addresses of Internet pages visited, and maintains a log file listing all applicationsrun on the computer. It can create screenshots and record sounds from the computer's microphone to a sound file
Source=Paul Collins Startup list

[sc23exec]
Number=8995
Confirmed=?
Filename=sc23exec.exe
Description=<font color="#FF0000">Possibly related to a digital camera</font>
Source=Paul Collins Startup list

[SC3300CC]
Number=8996
Confirmed=Y
Filename=SC3300CC.exe
Description=SiPix digital camera Twain device driver
Source=Paul Collins Startup list

[scain]
Number=8997
Confirmed=X
Filename=s030109.Stub.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076775" target="_blank">Delfin Media Viewer</a> adware related
Source=Paul Collins Startup list

[ScamDisk]
Number=8998
Confirmed=X
Filename=SVOHOST.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_LEWOR.D&VSect=P" target=_blank>LEWOR.D</a> WORM!
Source=Paul Collins Startup list

[scan]
Number=8999
Confirmed=X
Filename=mscman.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClientMan&threatid=3754" target=_blank>ClientMan</a> parasite variant
Source=Paul Collins Startup list

[Scan Detector]
Number=9000
Confirmed=?
Filename=Pmxdetect.exe
Description=Associated with <a href="http://www.primascan.com/" target="_blank">PrimaScan</a> scanners.<font color="#FF0000"> Is it required?</font>
Source=Paul Collins Startup list

[Scan Register]
Number=9001
Confirmed=X
Filename=ssms.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotat.html" target=_blank>RBOT-AT</a> WORM!
Source=Paul Collins Startup list

[Scan Wizard]
Number=9002
Confirmed=?
Filename=button.exe
Description=Associated with ScanWizard as supplied with Microtek scanners - see also <a href="#Scanner%20Detector"> Scanner Detector</a> or <a href="#SDetect">SDetect</a>.<font color="#FF0000"> What does it do and is it required?</font>
Source=Paul Collins Startup list

[ScanDisc]
Number=9003
Confirmed=X
Filename=satan.exe
Description=Added by the GREGSTAR TROJAN!
Source=Paul Collins Startup list

[ScanDisk]
Number=9004
Confirmed=X
Filename=ScanDisk.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-031706-4103-99" target="_blank">GANDA.A</a> WORM! Note - this is not the valid "ScanDisk" Win9x/Me standard disk error checker
Source=Paul Collins Startup list

[scands32.exe]
Number=9005
Confirmed=X
Filename=scands32.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-091214-5754-99" target=_blank>ADCLICKER</a> TROJAN!
Source=Paul Collins Startup list

[Scandsk2]
Number=9006
Confirmed=X
Filename=scandsk2.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotpk.html" target="_blank">AGOBOT-PK</a> WORM!
Source=Paul Collins Startup list

[scandskx.exe]
Number=9007
Confirmed=X
Filename=scandskx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadrarm.html" target="_blank">DLOADR-ARM</a> TROJAN!
Source=Paul Collins Startup list

[ScanFile]
Number=9008
Confirmed=?
Filename=??
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[ScanInicio]
Number=9009
Confirmed=Y
Filename=Inicio.exe
Description=Part of <a href="http://www.pandasoftware.com/home/particulares/default" target="_blank">Panda Antivirus</a>. Responsible for scanning the boot sector of your disk and your memory at startup to check for viruses that try and load and act before your anti-virus is fully operational. It only adds a fraction of a second to start-up time and is worth leaving active
Source=Paul Collins Startup list

[Scanner Detector]
Number=9010
Confirmed=N
Filename=SDetect.exe
Description=ScanSuite Scanner Detector - part of ScanWizard, supplied with Microtek scanners. Waits until you press the &quot;GO&quot; button and seems to serve no other purpose. Automatically installed without prompting. Not required if you can start your scanning application before pressing the &quot;GO&quot; button
Source=Paul Collins Startup list

[Scanner File Utility]
Number=9011
Confirmed=Y
Filename=NsCatCom.exe
Description=<a href="http://www.kyoceramita.com/" target=_blank>Kycocera Mita</a> network copier/printer/scanner process to dump scanned documents onto a workstation

Source=Paul Collins Startup list

[ScanPanel]
Number=9012
Confirmed=?
Filename=ScanPanel.exe
Description=Trust <a href="http://www.trust.com/products/product.aspx?artnr=12919" target="_blank">Easy Webscan</a> scanner related - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list

[Scanreg]
Number=9013
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092815-0339-99" target="_blank">QQPASS.E</a> TROJAN!
Source=Paul Collins Startup list

[ScanRegistry]
Number=9014
Confirmed=X
Filename=nsrvnt.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2001-110909-3147-99" target="_blank">NERTE</a> TROJAN! Not to be confused with the real ScanRegistry - which is a vital Windows file. This version has the executable as nsrvnt.exe not scanregw.exe
Source=Paul Collins Startup list

[ScanRegistry]
Number=9015
Confirmed=X
Filename=scanregv.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_98023.htm" target="_blank">MASTERLOCK</a> TROJAN!. Not to be confused with the real ScanRegistry - which is a vital Windows file. This version has the executable as scanregv.exe not scanregw.exe
Source=Paul Collins Startup list

[ScanRegistry]
Number=9016
Confirmed=Y
Filename=Scanregw.exe
Description=Scans the system registry and makes back-ups at start-up. Important should the registry become corrupt. The executable &quot;Scanregw.exe&quot; is located in %windir% (where %windir% is the Windows directory - C:\Windows or C:\Winnt)
Source=Paul Collins Startup list

[ScanRegistry]
Number=9017
Confirmed=X
Filename=Scanregw.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2001-042016-4611-99" target=_blank>STATOR</a> WORM! Not to be confused with the legitimate ScanRegistry entry - which is a vital Windows file. The executable "Scanregw.exe" is located in %windir%\System (where %windir% is the Windows directory - C:\Windows or C:\Winnt). Runs from the registry RunServices key as opposed to the Run key
Source=Paul Collins Startup list

[ScanRegistry]
Number=9018
Confirmed=X
Filename=N/A
Description=Added by the <a href="http://www.sarc.com/avcenter/venc/data/w32.dinoxi.html" target=_blank>DINOXI</a> or <a href="http://www.sarc.com/avcenter/venc/data/w32.dinoxi.b.html" target=_blank>DINOXI.B</a> WORMS!
Source=Paul Collins Startup list

[ScanRegistry]
Number=9019
Confirmed=X
Filename=scanregw.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32nyxemd.html" target=_blank>NYXEM-D</a> WORM! Note - do not confuse this with the legitimate Windows process scanregw.exe which is always found in the Windows folder on Win9x/ME machines. This worm file is found in the System (9x/ME) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[ScanRegistry]
Number=9020
Confirmed=X
Filename=update.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdwnldrfzy.html" target="_blank">DWNLDR-FZY</a> TROJAN!
Source=Paul Collins Startup list

[ScanSpyware v *]
Number=9021
Confirmed=N
Filename=Scanner.exe
Description=Spyware remover (where * = the version number) - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[scApp]
Number=9022
Confirmed=X
Filename=scApp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32standoe.html" target=_blank>STANDO-E</a> WORM!
Source=Paul Collins Startup list

[SCardSvr]
Number=9023
Confirmed=N
Filename=scardsvr.exe
Description=Related to SmartCard readers and sometimes uses lots of system resources
Source=Paul Collins Startup list

[SCardSvr]
Number=9024
Confirmed=X
Filename=SCardSvr32.Exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MOFEI.B" target="_blank">MOFEI.B</a> WORM!
Source=Paul Collins Startup list

[SCDEmuApp.exe]
Number=9025
Confirmed=U
Filename=SCDEmuApp.exe
Description=Related to <a href="http://www.poweriso.com/" target=_blank>PowerISO</a> - CD/DVD image file processing tool
Source=Paul Collins Startup list

[scheck45]
Number=9026
Confirmed=X
Filename=scheck45.exe
Description=Related to unknown malware - hidden installer associated with it
Source=Paul Collins Startup list

[schedm]
Number=9027
Confirmed=U
Filename=schedm.exe
Description=Part of <a href="http://www.free-av.com/" target="_blank">Antivir PersonalEdition Classic</a> anti-virus
Source=Paul Collins Startup list

[ScheduIe]
Number=9028
Confirmed=X
Filename=nrchk.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list

[ScheduIr]
Number=9029
Confirmed=X
Filename=msexploren.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[ScheduIr]
Number=9030
Confirmed=X
Filename=shch.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[ScheduIr]
Number=9031
Confirmed=X
Filename=svchst.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[ScheduIr]
Number=9032
Confirmed=X
Filename=winagent.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Schedule]
Number=9033
Confirmed=U
Filename=Schedule.exe
Description=Scheduler for <a href="http://www.mercury-pc.com/product-detail.php?link=p-addcards&subtitle=Add-On%20Cards&productid=653" target="_blank">Mercury Ez View</a> TV Tuner Card
Source=Paul Collins Startup list

[Scheduled Maintenance]
Number=9034
Confirmed=N
Filename=Scheduled_Maintenance.exe
Description=Scheduler for Iolo <a href="http://www.iolo.com/sm/index.cfm" target="_blank">System Mechanic</a> tweaking utility. It can cleans your registry and deletes temporary files at defined intervals. Available via Start -> Programs
Source=Paul Collins Startup list

[Scheduler]
Number=9035
Confirmed=X
Filename=expIorer.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
Source=Paul Collins Startup list

[Scheduler]
Number=9036
Confirmed=X
Filename=MSMSGS.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojhostbanka.html" target= blank>HOSTBANK-A</a> TROJAN! Note - this particular msmsgs.exe file is located in the Windows\System32\Config or Winnt\System32\Config folder, and should not be mistaken for the MSN Messenger file of the same name!
Source=Paul Collins Startup list

[Scheduler]
Number=9037
Confirmed=X
Filename=outIook.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
Source=Paul Collins Startup list

[Scheduler]
Number=9038
Confirmed=X
Filename=svcrhost.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
Source=Paul Collins Startup list

[Scheduler]
Number=9039
Confirmed=X
Filename=svcshost.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
Source=Paul Collins Startup list

[Scheduler]
Number=9040
Confirmed=X
Filename=winagent.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.B</a> TROJAN!
Source=Paul Collins Startup list

[Scheduler]
Number=9041
Confirmed=U
Filename=Scheduler daemon.exe
Description=<a href="http://www.tenebril.com/consumer/" target=_blank>Tenebril</a> GhostSurf or SpyCatcher related scheduler - you can schedule daily, weekly, monthly or one-time only cleanings
Source=Paul Collins Startup list

[Scheduler]
Number=9042
Confirmed=X
Filename=msnexploren.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.B</a> TROJAN!
Source=Paul Collins Startup list

[Scheduler]
Number=9043
Confirmed=X
Filename=sdhch.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.B</a> TROJAN!
Source=Paul Collins Startup list

[Scheduler]
Number=9044
Confirmed=X
Filename=svchst.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.B</a> TROJAN!
Source=Paul Collins Startup list

[Scheduler Service]
Number=9045
Confirmed=X
Filename=wsass.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=42167" target=_blank>LIOTEN.KX</a> WORM!
Source=Paul Collins Startup list

[SchedulerMgr]
Number=9046
Confirmed=X
Filename=navchk.exe
Description=Premium rate adult content dialer
Source=Paul Collins Startup list

[Scheduling Agent]
Number=9047
Confirmed=X
Filename=Scheduler.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-022017-5551-99" target="_blank">SUBWOOFER</a> TROJAN! Note - this is not the real MS Scheduling agent as the executable is incorrect
Source=Paul Collins Startup list

[SchedulingAgant]
Number=9048
Confirmed=X
Filename=MMTASK.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_YAB.A" target="_blank">YAB.A</a> TROJAN! Not the valid MusicMatch Jukebox which has the same filename
Source=Paul Collins Startup list

[SchedulingAgent]
Number=9049
Confirmed=U
Filename=mstask.exe
Description=MS Scheduling Agent displayed as a box with a stopwatch in the System Tray that is only needed if you have regular scheduled disk defragmenting, ScanDisk, etc. Required if you have regularily scheduled events such as weekly virus scans
Source=Paul Collins Startup list

[SchedulingAgent]
Number=9050
Confirmed=U
Filename=mstinit.exe
Description=MS Scheduling Agent displayed as a box with a stopwatch in the System Tray that is only needed if you have regular scheduled disk defragmenting, ScanDisk, etc. Required if you have regularily scheduled events such as weekly virus scans
Source=Paul Collins Startup list

[SchedulingAgent]
Number=9051
Confirmed=X
Filename=N/A
Description=Added by the <a href="http://www.sarc.com/avcenter/venc/data/w32.dinoxi.html" target=_blank>DINOXI</a> or <a href="http://www.sarc.com/avcenter/venc/data/w32.dinoxi.b.html" target=_blank>DINOXI.B</a> WORMS!
Source=Paul Collins Startup list

[Schmaili]
Number=9052
Confirmed=U
Filename=Schmaili.exe
Description=<a href="http://www.schmaili.com/index.htm" target="_blank">Schmaili</a> - insert animated smilies into your e-mail
Source=Paul Collins Startup list

[schost]
Number=9053
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-100415-4002-99" target=_blank>TJSERV.D</a> TROJAN!
Source=Paul Collins Startup list

[SchSvr]
Number=9054
Confirmed=N
Filename=SchSvr.exe
Description=<a href="http://www.intervideo.com" target=_blank>WinScheduler</a> is installed with Home Theater or WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs
Source=Paul Collins Startup list

[SCHWIZEX]
Number=9055
Confirmed=Y
Filename=SCHWIZEX.EXE
Description=Part of <a href="http://www.imaginelan.com/configsafe/index.html" target="_blank"> ConfigSafe</a> - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions - provides a restore function. This part takes a snapshot of your system following a healthy re-boot
Source=Paul Collins Startup list

[ScManager]
Number=9056
Confirmed=X
Filename=scman.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotcw.html" target=_blank>FORBOT-CW</a> WORM!
Source=Paul Collins Startup list

[scopedll]
Number=9057
Confirmed=X
Filename=scopedll.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list

[Scotia OnLine Recovery]
Number=9058
Confirmed=N
Filename=etdirrcv.exe
Description=Scotia OnLine Security Software provided by <a href="http://www.entrust.com/index.cfm" target="_blank">Entrust</a> for <a href="http://www.scotiabank.com/cda/index/0,,LIDen,00.html" target="_blank">Scotiabank</a>. Provides trusted secure access to Scotia OnLine Secure Web sites. *.* represents the version number. Now obsolete after Scotiabank modernised their login process
Source=Paul Collins Startup list

[Scotia OnLine Security v*.* Recovery]
Number=9059
Confirmed=N
Filename=etdirrcv.exe
Description=Scotia OnLine Security Software provided by <a href="http://www.entrust.com/index.cfm" target="_blank">Entrust</a> for <a href="http://www.scotiabank.com/cda/index/0,,LIDen,00.html" target="_blank">Scotiabank</a>. Provides trusted secure access to Scotia OnLine Secure Web sites. *.* represents the version number. Now obsolete after Scotiabank modernised their login process
Source=Paul Collins Startup list

[Scr]
Number=9060
Confirmed=X
Filename=scr.scr
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T" target="_blank">OPASERV.T</a> WORM!
Source=Paul Collins Startup list

[ScrapPad]
Number=9061
Confirmed=N
Filename=Scrappad.exe
Description=ScrapPad allows you to quickly and easily record notes, thoughts, messages, and just about anything you want. Use it like you use scrap paper
Source=Paul Collins Startup list

[scrbmk]
Number=9062
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadervp.html" target=_blank>DLOADER-VP</a> TROJAN!
Source=Paul Collins Startup list

[Screen Calendar]
Number=9063
Confirmed=U
Filename=scrcal.exe
Description=<a href="http://www.screencalendar.com/" target=_blank>Screen Calendar</a> allows you to create custom desktop wallpapers with built in active calendar and scheduler
Source=Paul Collins Startup list

[Screen Guard]
Number=9064
Confirmed=U
Filename=launch.exe
Description=Part of <a href="http://www.johnru.com/" target="_blank">Access Denied</a> security and privacy software
Source=Paul Collins Startup list

[Screen Guard Message Scan]
Number=9065
Confirmed=U
Filename=sgms.exe
Description=Part of <a href="http://www.johnru.com/" target="_blank">Access Denied</a> security and privacy software
Source=Paul Collins Startup list

[Screen Saver]
Number=9066
Confirmed=X
Filename=scrnsaver.scr
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagp.html" target=_blank>RBOT-AGP</a> WORM!
Source=Paul Collins Startup list

[Screen Saver Control]
Number=9067
Confirmed=N
Filename=FSScrCtl.exe
Description=Installs as part of the Hubble Space Telescope screen saver (and possibly others). Lets you control your installed screensavers from a System Tray icon
Source=Paul Collins Startup list

[ScreenHunter 4.0 Free]
Number=9068
Confirmed=N
Filename=ScreenHunter.exe
Description="<a href="http://www.wisdom-soft.com/products/screenhunter_free.htm" target="_blank">ScreenHunter 4.0 Free</a> is a completely free screen capture software for you to easily take screenshots"
Source=Paul Collins Startup list

[ScreenPrint32]
Number=9069
Confirmed=N
Filename=ScreenPrint32.exe
Description=<a href="http://www.provtech.co.uk/software/screenprint32.asp" target=_blank>ScreenPrint32</a> screen capture software - can be launched manually
Source=Paul Collins Startup list

[screxe]
Number=9070
Confirmed=?
Filename=scruser2k.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[script]
Number=9071
Confirmed=?
Filename=script.bat
Description=<font color="#FF0000">Maybe associated with DOS on a Win9x machine</font>
Source=Paul Collins Startup list

[ScriptBlocking]
Number=9072
Confirmed=Y
Filename=SBServ.exe
Description=Update to Norton AntiVirus 2001. Detects certain types of script-based viruses without the need for specific virus definitions - such as JavaScript and VBScript. This will help protect you from these viruses even before virus definitions are available. Note - some users complain of problems once the update is installed - refer <a href="http://www.symantec.com/search/" target="_blank">here</a> for more information
Source=Paul Collins Startup list

[ScriptSentry]
Number=9073
Confirmed=Y
Filename=Scriptsentry.exe
Description=<a href="http://www.jasons-toolbox.com/scriptsentry.asp" target="_blank">Script Sentry</a> from Jason's Toolbox. Blocks malicious scripts and allows safe scripts to run. Only required if you want it to check the file associations it guards at startup. It will function regardlessly
Source=Paul Collins Startup list

[Scroll-In-Mouse V2.0]
Number=9074
Confirmed=U
Filename=SCROLL.EXE
Description=Toolkit for the <a href="http://www.qtronix.com/Lynx3dnet.html" target="_blank">Lynx-3D Net</a> scroll mouse from QTronix. Required if you use the special features
Source=Paul Collins Startup list

[scrss]
Number=9075
Confirmed=X
Filename=scrss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojhacdefr.html" target="_blank">HACDEF-R</a> TROJAN!
Source=Paul Collins Startup list

[scrsvc]
Number=9076
Confirmed=X
Filename=scrsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentds.html" target=_blank>AGENT-DS</a> TROJAN!
Source=Paul Collins Startup list

[ScrSvr]
Number=9077
Confirmed=X
Filename=ScrSvr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-093011-2800-99" target="_blank">OPASERV</a> WORM!
Source=Paul Collins Startup list

[ScrSvrOld]
Number=9078
Confirmed=X
Filename=[worm filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-093011-2800-99" target="_blank">OPASERV</a> WORM!
Source=Paul Collins Startup list

[Scsi]
Number=9079
Confirmed=Y
Filename=Scsi.exe
Description=SCSI Miniport driver
Source=Paul Collins Startup list

[sctrlmgr]
Number=9080
Confirmed=X
Filename=sescmgr.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojdwnldrgah.html" target="_blank">DWNLDR-GAH</a> TROJAN!
Source=Paul Collins Startup list

[scvhost]
Number=9081
Confirmed=X
Filename=svzhost.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[scvhost]
Number=9082
Confirmed=U
Filename=scvhost.exe
Description=<a href="http://sarc.com/avcenter/venc/data/spyware.wiretap.html" target="_blank">Wiretap</a> surveillance software. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list

[scvhost loader]
Number=9083
Confirmed=X
Filename=ixplore.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsdbotcy.html" target=_blank>SDBOT-CY</a> TROJAN!
Source=Paul Collins Startup list

[scvhost.exe]
Number=9084
Confirmed=X
Filename=scvhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlohavn.html" target="_blank">LOHAV-N</a> TROJAN!
Source=Paul Collins Startup list

[sd32info]
Number=9085
Confirmed=X
Filename=sd32info.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list

[SDaemon]
Number=9086
Confirmed=U
Filename=sdaemon.exe
Description=PC Security from Tropical Software. 'PC Security™ 5.1 is the ultimate in computer security, offering multiple locking systems for the Windows environment and internet. Lock files, monitor programs' activities, even detect intruders! PC Security™ offers flexible and complete password protection, "Drag and Drop" support, plus many other handy features'
Source=Paul Collins Startup list

[SDAutoLiveupdate]
Number=9087
Confirmed=U
Filename=LiveUpdateSD.exe
Description=Spyware Detector - spyware remover. Initially not recommended due to false positives but the later versions have since improved - see  <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#swdetect_note" target=_blank>here</a>
Source=Paul Collins Startup list

[SDAv]
Number=9088
Confirmed=X
Filename=csnss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031500-0556-99" target=_blank>SERFLOG.C</a> WORM!
Source=Paul Collins Startup list

[SDAv]
Number=9089
Confirmed=X
Filename=svhost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031500-0556-99" target=_blank>SERFLOG.C</a> WORM!
Source=Paul Collins Startup list

[sdchosts32]
Number=9090
Confirmed=X
Filename=vbdd.exe
Description=Added by the RANKY.AG TROJAN!
Source=Paul Collins Startup list

[SDClientMonitor]
Number=9091
Confirmed=?
Filename=sdclientmonitor.exe
Description=Related to LANDesk Management Suite from <a href="http://www.landesk.com/" target="_blank">LANDesk Software Ltd</a>. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[SDetect]
Number=9092
Confirmed=N
Filename=SDetect.exe
Description=ScanSuite Scanner Detector - part of ScanWizard, supplied with Microtek scanners. Waits until you press the &quot;GO&quot; button and seems to serve no other purpose. Automatically installed without prompting. Not required if you can start your scanning application before pressing the &quot;GO&quot; button
Source=Paul Collins Startup list

[sdfsdfsdf]
Number=9093
Confirmed=X
Filename=sp2update.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[SDIN Adapter]
Number=9094
Confirmed=X
Filename=sdin.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotap.html" target="_blank">FORBOT-AP</a> WORM!
Source=Paul Collins Startup list

[SDJobCheck]
Number=9095
Confirmed=?
Filename=triggusr.exe
Description=Part of <a href="http://www3.ca.com/Solutions/Product.asp?ID=234" target=_blank>CA Unicenter</a> Software Delivery - manage software across various systems, from desktops and servers to PDAs and mobile phones, in a controlled and standardized way - <font color="#FF0000">is it required at startup?</font>
Source=Paul Collins Startup list

[SDK Codre Function22]
Number=9096
Confirmed=X
Filename=sdkimddprovment2.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotyj.html" target=_blank>SDBOT-YJ</a> WORM!
Source=Paul Collins Startup list

[SDK Core Component]
Number=9097
Confirmed=X
Filename=sdkcore.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwc.html" target=_blank>SDBOT-WC</a> WORM!
Source=Paul Collins Startup list

[SDK Core Function]
Number=9098
Confirmed=X
Filename=sdkimprovment.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BHL&VSect=P" target=_blank>RBOT.BHL</a> WORM!
Source=Paul Collins Startup list

[SDK Core Function2]
Number=9099
Confirmed=X
Filename=sdkimprovment2.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050217-0724-99" target= blank>SPYBOT.OGX</a> WORM!
Source=Paul Collins Startup list

[Sdk**.exe [* = random char]]
Number=9100
Confirmed=X
Filename=Sdk**.exe [* = random char]
Description=Sdk**.exe [* = random char]

Source=Paul Collins Startup list

[Sdk**.exe [* = random char]]
Number=9101
Confirmed=X
Filename=Sdk**.exe [* = random char]
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
Source=Paul Collins Startup list

[Sdk**32.exe [* = random char]]
Number=9102
Confirmed=X
Filename=Sdk**32.exe [* = random char]
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
Source=Paul Collins Startup list

[SDKcore Update Components2]
Number=9103
Confirmed=X
Filename=SDKC0R3.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaba.html" target= blank>RBOT-ABA</a> WORM!
Source=Paul Collins Startup list

[sdkupdate22]
Number=9104
Confirmed=X
Filename=SDK0mCORE.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotdt.html" target=_blank>FORBOT-DT</a> WORM!
Source=Paul Collins Startup list

[SDPhotoBar.exe]
Number=9105
Confirmed=N
Filename=SDPhotoBar.exe
Description=SmartDraw Photo (now <a href="http://www.fotofinish.com/products/photo/index.htm" target="_blank">FotoFinsh</a>) - "organize, enhance, print, and share your photos. It's also a powerful graphic editor for creating images and web graphics"
Source=Paul Collins Startup list

[SDR6_Check]
Number=9106
Confirmed=N
Filename=udcsdr.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-062217-0726-99" target="_blank">DriveCleaner</a> is a security assesment tool which gives exaggerated reports of security and privacy risks on a computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported risks
Source=Paul Collins Startup list

[sdrss]
Number=9107
Confirmed=X
Filename=sdrss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotsq.html" target=_blank>SDBOT-SQ</a> WORM!
Source=Paul Collins Startup list

[sds20]
Number=9108
Confirmed=U
Filename=svchost.exe
Description=<a href="http://sarc.com/avcenter/venc/data/spyware.inlookexpress.html" target=_blank>InlookExpress</a> logs keystrokes and captures screenshots. If you didn't install this yourself remove it. Note - this should not be confused with the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> system process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder! This file is located in a "sds20" folder

Source=Paul Collins Startup list

[SDTray]
Number=9109
Confirmed=U
Filename=sdtray.exe
Description=RSA Keon <a href="http://www.rsasecurity.com/node.asp?id=1230" target=_blank>Web PassPort</a> - software that allows organizations to use digital certificates in a Web-based environment to help ensure that their transactions are authentic, confidential and digitally signed
Source=Paul Collins Startup list

[SDTray]
Number=9110
Confirmed=U
Filename=SDTrayApp.exe
Description=<a href="http://www.pctools.com/spyware-doctor/" target="_blank">Spyware Doctor</a> spyware remover - system tray access
Source=Paul Collins Startup list

[sdxsys32]
Number=9111
Confirmed=X
Filename=sdxsys32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbroggera.html" target=_blank>BROGGER-A</a> TROJAN!
Source=Paul Collins Startup list

[sealmon]
Number=9112
Confirmed=U
Filename=sealmon.exe
Description=<a href="http://www.sealedmedia.com/solutions/default.asp" target=_blank>SealedMedia</a> enables you to combine document protection and control with your existing applications - such as Microsoft Word, Microsoft Excel, Microsoft PowerPoint and Email

Source=Paul Collins Startup list

[Search Bar]
Number=9113
Confirmed=X
Filename=taskbar.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32opankif.html" target="_blank">OPANKI-F</a> WORM!
Source=Paul Collins Startup list

[Search Hook]
Number=9114
Confirmed=?
Filename=srchhook.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Search Page]
Number=9115
Confirmed=X
Filename=http://find.naupoint.com
Description=<a href="http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx" target=_blank>Naupoint</a> browser hijacker
Source=Paul Collins Startup list

[Search-Exe]
Number=9116
Confirmed=X
Filename=SE.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076619" target="_blank">Search-Exe</a> hijacker
Source=Paul Collins Startup list

[Search.vbs]
Number=9117
Confirmed=X
Filename=
Description=Hijacker
Source=Paul Collins Startup list

[searchbar]
Number=9118
Confirmed=X
Filename=vnmispoisn downloader.exe
Description=SearchBarCash adware variant
Source=Paul Collins Startup list

[SearchEnhancement]
Number=9119
Confirmed=X
Filename=scbar.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453079937" target="_blank">SCBar</a> foistware

Source=Paul Collins Startup list

[searchnav]
Number=9120
Confirmed=X
Filename=searchnav.exe
Description=SearchNav adware - IEFeatures/Popnav variant
Source=Paul Collins Startup list

[SearchNavVersion]
Number=9121
Confirmed=X
Filename=searchnavversion.exe
Description=SearchNav adware - IEFeatures/Popnav variant
Source=Paul Collins Startup list

[SearchNet_Up]
Number=9122
Confirmed=X
Filename=ServeUp.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-071912-4640-99&tabid=1" target="_blank">SearchNet</a> adware
Source=Paul Collins Startup list

[SearchSetter]
Number=9123
Confirmed=X
Filename=searchsetter[1].exe
Description=Browser hijacker - redirecting to FindWhateverNow.com

Source=Paul Collins Startup list

[SearchSquire[number]]
Number=9124
Confirmed=X
Filename=SearchSquire[number].exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-011416-1519-99" target="_blank">SearchSquire</a> adware
Source=Paul Collins Startup list

[SearchUpgrader]
Number=9125
Confirmed=X
Filename=SearchUpgrader.exe
Description=Hijacker
Source=Paul Collins Startup list

[Secboot]
Number=9126
Confirmed=X
Filename=w32tm.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-012411-2332-99" target=_blank>HAXDOOR.D</a> TROJAN!
Source=Paul Collins Startup list

[secboot]
Number=9127
Confirmed=X
Filename=mszx23.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_HAXDOOR.BC" target=_blank>HAXDOOR.BC</a> TROJAN!
Source=Paul Collins Startup list

[secboot]
Number=9128
Confirmed=X
Filename=vtd 16.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojhaxdoorae.html" target= blank>HAXDOOR-AE</a> TROJAN!
Source=Paul Collins Startup list

[Second Copy 2000]
Number=9129
Confirmed=U
Filename=SecCopy.exe
Description=Related to <a href="http://www.centered.com/" target=_blank>Second Copy®</a> - a files/folders backup utility
Source=Paul Collins Startup list

[SecondChance]
Number=9130
Confirmed=U
Filename=sctray.exe
Description=<a href="http://www.pcug-colorado.org/newsletter/pcoc0200/2ndchanc.htm" target="_blank">Power Quest Second Chance</a>. Sets checkpoints for saving a backup copy of the registry to a disk so you can restore it if you have a crash
Source=Paul Collins Startup list

[Secret]
Number=9131
Confirmed=X
Filename=Secret.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelflw.html" target=_blank>DELF-LW</a> TROJAN!
Source=Paul Collins Startup list

[Secret-Crush]
Number=9132
Confirmed=X
Filename=start.exe
Description=Hijacker that may reset your browser's home page and/or search settings to point to undesired sites
Source=Paul Collins Startup list

[SECRETMAKER]
Number=9133
Confirmed=U
Filename=secretmaker.exe
Description=<a href="http://www.secretmaker.com/" target= blank>Secretmaker</a> is a combonation of eight privacy-defending programs, including Spam Fighter Pro, Worm Hunter, Pop-Up Killer, Banner Blocker, Cookie Eraser, Privacy Protector, History Cleaner, and Garbage Cleaner
Source=Paul Collins Startup list

[SecretSmileys]
Number=9134
Confirmed=U
Filename=ss.exe
Description="<a href="http://www.secretsmileys.com/index.html" target=_blank>Secret Smileys</a> is an add-on for AIM that provides users access to 1000's of new Smileys that can be viewed by anyone using a current version of AIM. Secret Smileys also adds other features such as logging of IM conversations, and it gets rid of that annoying advertisement on your buddy list window"
Source=Paul Collins Startup list

[secserv.exe]
Number=9135
Confirmed=X
Filename=secserv.exe
Description=Reported by Panda as an EasySearch Adware variant. Note - EasySearch modifies the Internet Explorer settings and may download programs onto the infected computer
Source=Paul Collins Startup list

[secsvc32]
Number=9136
Confirmed=X
Filename=secsvcnt.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076716" target=_blank>GLOBAL PATROL</a> TROJAN!
Source=Paul Collins Startup list

[Secsys]
Number=9137
Confirmed=U
Filename=Secsys.exe
Description=UltraSoft <a href="http://www.pcadvisor.co.uk/downloads/index.cfm?categoryID=1443&itemID=22391" target="_blank">Key Interceptor</a> surveillance software - uninstall this unless you put it there yourself!
Source=Paul Collins Startup list

[secure]
Number=9138
Confirmed=X
Filename=secure.exe
Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.dealhelper.html" target=_blank>DealHelper</a> adware
Source=Paul Collins Startup list

[secure]
Number=9139
Confirmed=X
Filename=svshost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafo.html" target=_blank>RBOT-AFO</a> WORM!
Source=Paul Collins Startup list

[secure socket layer]
Number=9140
Confirmed=X
Filename=wins32a.exe
Description=Added by an <a href="http://virusinfo.prevx.com/pxparall.asp?PXC=ec2b32028997" target="_blank">IRCBOT</a> TROJAN!
Source=Paul Collins Startup list

[Secure Socket Layer Certification]
Number=9141
Confirmed=X
Filename=sslcert.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vanebotan.html" target="_blank">VANEBOT-AN</a> WORM!
Source=Paul Collins Startup list

[Secure System]
Number=9142
Confirmed=X
Filename=integitor.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.ACI" target="_blank">AGOBOT.ACI</a> WORM!
Source=Paul Collins Startup list

[SecureClean4RegManager]
Number=9143
Confirmed=N
Filename=scregmanager4.exe
Description=WhiteCanyon <a href="http://www.whitecanyon.com/secureclean-clean-hard-drive.php" target=_blank>SecureClean 4</a> disk cleaner - clean hard drive data, MRUs, temp files and more. Can be started manually
Source=Paul Collins Startup list

[SecureClean4Tray]
Number=9144
Confirmed=N
Filename=sctray4.exe
Description=WhiteCanyon <a href="http://www.whitecanyon.com/secureclean-clean-hard-drive.php" target=_blank>SecureClean 4</a> disk cleaner - clean hard drive data, MRUs, temp files and more. Can be started manually
Source=Paul Collins Startup list

[SecureCleanIEClean]
Number=9145
Confirmed=N
Filename=SCIEClean.exe
Description=SecureClean - scans your system for hidden temporary files, deleted email messages, Internet histories and caches
Source=Paul Collins Startup list

[SecureItPro]
Number=9146
Confirmed=U
Filename=Secureitpro470p.exe
Description=<a href="http://members.optusnet.com.au/quantrixnet/products/secureitpro.htm" target="_blank">SecureIt Pro</a> - lock your computer when you're not there, to stop malicious users from accessing your desktop
Source=Paul Collins Startup list

[SecureLogin]
Number=9147
Confirmed=X
Filename=Mslg32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-061116-5357-99" target="_blank">REDZED</a> WORM!
Source=Paul Collins Startup list

[SecureOnlineAccountNumbers]
Number=9148
Confirmed=U
Filename=SOAN.exe
Description=Related to <a href="http://www.orbiscom.com/" target="_blank">Secure Online Account Numbers</a> by Discover(R) Card from Orbiscom Ltd. Secure and innovative payment solutions
Source=Paul Collins Startup list

[Security]
Number=9149
Confirmed=X
Filename=WindowsSecurityUpdate.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Security Accounts Manager SM]
Number=9150
Confirmed=X
Filename=samsm.exe
Description=Added by the <a href="http://nl.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_SPYBOT.JE" target=_blank>SPYBOT.JE</a> WORM!
Source=Paul Collins Startup list

[Security Agent]
Number=9151
Confirmed=X
Filename=securag.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanf.html" target=_blank>BANCBAN-F</a> TROJAN!
Source=Paul Collins Startup list

[Security Agent Manager]
Number=9152
Confirmed=X
Filename=mssams.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotsv.html" target=_blank>RBOT-SV</a> WORM!
Source=Paul Collins Startup list

[Security Center]
Number=9153
Confirmed=X
Filename=AppControl.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.CFT&VSect=T" target=_blank>SDBOT.CFT</a> WORM!
Source=Paul Collins Startup list

[Security iGuard]
Number=9154
Confirmed=N
Filename=Security iGuard.exe
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[Security Manager]
Number=9155
Confirmed=U
Filename=SecurityManager.exe
Description=A ComCast Internet software suite that provides a variety of features (firewall, popup blocker, parental controls etcetera) to help ensure your computer is secure, and your information is kept private

Source=Paul Collins Startup list

[Security Patch]
Number=9156
Confirmed=X
Filename=scmss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotzw.html" target=_blank>RBOT-ZW</a> WORM!
Source=Paul Collins Startup list

[Security Patch]
Number=9157
Confirmed=X
Filename=WinUpdate32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotbm.html" target= blank>SDBOT-BM</a> WORM!
Source=Paul Collins Startup list

[Security Patches]
Number=9158
Confirmed=X
Filename=msnkn.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.WW" target=_blank>RBOT.WW</a> WORM!
Source=Paul Collins Startup list

[Security Patches]
Number=9159
Confirmed=X
Filename=WinLab32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotkb.html" target= blank>SDBOT-KB</a> WORM!
Source=Paul Collins Startup list

[security service]
Number=9160
Confirmed=X
Filename=syss.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Security Service]
Number=9161
Confirmed=X
Filename=secsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotggf.html" target="_blank">RBOT-GGF</a> WORM!
Source=Paul Collins Startup list

[Security Service Process]
Number=9162
Confirmed=X
Filename=svhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotlc.html" target="_blank">AGOBOT-LC</a> WORM!
Source=Paul Collins Startup list

[securw]
Number=9163
Confirmed=X
Filename=Nctrup.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042715-4734-99" target= blank>NOPIR.A</a> WORM!
Source=Paul Collins Startup list

[SECWIZ98]
Number=9164
Confirmed=Y
Filename=SECWIZ98.EXE
Description=Security Wizard 98 by Chris Farmer. Offers you a variety of ways to restrict access to many of the programs and settings on your PC. Available <a href="http://utilities.softlandmark.com/access_control_utilities/Security_Wizard_98_Info.html" target="_blank">here</a>
Source=Paul Collins Startup list

[seekmo]
Number=9165
Confirmed=X
Filename=seekmo.exe
Description=Seekmo Search, a <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-083106-0253-99" target=_blank>180Solutions</a> adware variant - also see <a href="http://www.mvps.org/winhelp2002/temp/seekmo/seekmo.htm" target=_blank>here</a>
Source=Paul Collins Startup list

[seeve]
Number=9166
Confirmed=X
Filename=seeve.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120718-0513-99" target="_blank">Medload</a> adware
Source=Paul Collins Startup list

[Select server]
Number=9167
Confirmed=X
Filename=slcsvr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderwd.html" target=_blank>DLOADER-WD</a> TROJAN!
Source=Paul Collins Startup list

[SelfHostUtil]
Number=9168
Confirmed=?
Filename=slefhost.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[seli]
Number=9169
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlowzoneas.html" target=_blank>LOWZONE-AS</a> TROJAN!
Source=Paul Collins Startup list

[SemanticInsight]
Number=9170
Confirmed=X
Filename=SemanticInsight.exe
Description=Added by <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094367" target=_blank>RXToolbar</a> ADAWARE! Software that displays pop-up/pop-under advertisements when the primary user interface is not visible

Source=Paul Collins Startup list

[SeMS]
Number=9171
Confirmed=U
Filename=SeMS.exe
Description=<a href="http://www.bostock.com/pcsms.htm" target="_blank">PCsms</a> - tool that enables you to send sms text messages from your PC to any UK mobile phone
Source=Paul Collins Startup list

[Sen]
Number=9172
Confirmed=X
Filename=tlii.exe
Description=Recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Win32.PurityScan.ah. This file is usually found in the Program Files\bama folder
Source=Paul Collins Startup list

[Sensiva]
Number=9173
Confirmed=U
Filename=Sensiva.exe
Description=<a href="http://www.sensiva.com/symbolcommander/" target=_blank>Symbol Commander</a> makes the use of your PC, laptop, Tablet PC, and Pocket PC much easier and much faster. It recognizes your handwriting with unparalled performance and executes commands in a snap. Just by using your mouse, pen, or touchpad, simply draw symbols to execute actions instantly

Source=Paul Collins Startup list

[SENTRY]
Number=9174
Confirmed=X
Filename=SENTRY.exe
Description=From <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=IPInsight&threatid=7223" target="_blank">IP Insight</a>. Allows website owners "to instantly determine the precise geographic location, connection speed and detailed demographics of every visitor to your website". Will be detected by most firewalls and the majority of home users should disable it
Source=Paul Collins Startup list

[Sepate Security Firewall]
Number=9175
Confirmed=X
Filename=sepate.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[septpop06apsept]
Number=9176
Confirmed=X
Filename=septpop06apsept.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MediaMotor.Popupwithcast&threatid=53436" target="_blank">MediaMotor.Popupwithcast</a> adware
Source=Paul Collins Startup list

[Serials]
Number=9177
Confirmed=X
Filename=serials.exe
Description=Any one of a variety of worms and trojans
Source=Paul Collins Startup list

[SernellApp.pcx]
Number=9178
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanbj.html" target=_blank>BANCBAN-BJ</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "D5133" subfolder
Source=Paul Collins Startup list

[serpe]
Number=9179
Confirmed=X
Filename=formatsys.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030709-3841-99" target=_blank>SERFLOG.A</a> WORM!
Source=Paul Collins Startup list

[serpe]
Number=9180
Confirmed=X
Filename=msmbw.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030709-3841-99" target=_blank>SERFLOG.A</a> WORM!
Source=Paul Collins Startup list

[serpe]
Number=9181
Confirmed=X
Filename=serbw.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030709-3841-99" target=_blank>SERFLOG.A</a> WORM!
Source=Paul Collins Startup list

[serrdctl.exe]
Number=9182
Confirmed=Y
Filename=serrdctl.exe
Description=&quot;Shared Modem Service Client Event Viewer&quot; - used when a number of PCs have access to a number of modems. Required to be running on each PC for access to the modems
Source=Paul Collins Startup list

[serrv]
Number=9183
Confirmed=X
Filename=serrv.exe
Description=Added by the <a href="http://www.f-secure.com/v-descs/warezov_dc.shtml" target="_blank">WAREZOV.DC</a> WORM!
Source=Paul Collins Startup list

[SERV PacK2]
Number=9184
Confirmed=X
Filename=nerx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotacp.html" target=_blank>SDBOT-ACP</a> WORM!
Source=Paul Collins Startup list

[Serv-U]
Number=9185
Confirmed=N
Filename=serv-u32.exe
Description=FTP server
Source=Paul Collins Startup list

[Serv-U]
Number=9186
Confirmed=X
Filename=wssdsu.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-112614-4025-99" target="_blank">MANIFEST</a> TROJAN!
Source=Paul Collins Startup list

[server]
Number=9187
Confirmed=X
Filename=server.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DELTAD.A" target="_blank">DELTAD.A</a> WORM!
Source=Paul Collins Startup list

[server]
Number=9188
Confirmed=X
Filename=system.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmethsa.html" target=_blank>METHS-A</a> TROJAN!
Source=Paul Collins Startup list

[server]
Number=9189
Confirmed=X
Filename=server.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsinguq.html" target=_blank>SINGU-Q</a> TROJAN!

Source=Paul Collins Startup list

[Server Backbone]
Number=9190
Confirmed=X
Filename=server05.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotzm.html" target=_blank>RBOT-ZM</a> WORM!
Source=Paul Collins Startup list

[Server Runtime Process]
Number=9191
Confirmed=X
Filename=wbemstest.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotddb.html" target="_blank">SDBOT-DDB</a> WORM!
Source=Paul Collins Startup list

[SERVER.EXE]
Number=9192
Confirmed=X
Filename=SERVER.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbushtro122.html" target="_blank">BUSHTRO122</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100614-0437-99" target="_blank">SMOKODOOR</a> TROJANS!
Source=Paul Collins Startup list

[serverex]
Number=9193
Confirmed=X
Filename=Server.txt.vbs
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DELTAD.A" target="_blank">DELTAD.A</a> WORM!
Source=Paul Collins Startup list

[Service]
Number=9194
Confirmed=X
Filename=service.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-011718-5244-99" target="_blank">ALADINZ.H</a> TROJAN!
Source=Paul Collins Startup list

[Service]
Number=9195
Confirmed=X
Filename=[trojan filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-022014-5559-99" target="_blank">KAITEX.E</a> TROJAN!
Source=Paul Collins Startup list

[Service]
Number=9196
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-021615-4827-99" target=_blank>NETSKY</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-021812-2454-99" target=_blank>NETSKY.B</a> WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
Source=Paul Collins Startup list

[Service]
Number=9197
Confirmed=X
Filename=SYSNT.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_127364.htm" target=_blank>CHA</a> TROJAN!
Source=Paul Collins Startup list

[Service]
Number=9198
Confirmed=X
Filename=Service.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32assiralc.html" target= blank>ASSIRAL-C</a> WORM!
Source=Paul Collins Startup list

[service]
Number=9199
Confirmed=X
Filename=wN2S.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Service Cleaner]
Number=9200
Confirmed=X
Filename=filen.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BRH&VSect=T" target=_blank>RBOT.BRH</a> WORM!
Source=Paul Collins Startup list

[Service Connection]
Number=9201
Confirmed=N
Filename=sccenter.exe
Description=For Compaq PC's. Part of Backweb
Source=Paul Collins Startup list

[Service Connection]
Number=9202
Confirmed=N
Filename=bwtray.exe
Description=For Compaq PC's. Part of Backweb
Source=Paul Collins Startup list

[Service Controller]
Number=9203
Confirmed=X
Filename=Csrrs.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
Source=Paul Collins Startup list

[Service Controller]
Number=9204
Confirmed=X
Filename=service.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-032116-3802-99" target=_blank>PREVERT</a> TROJAN!
Source=Paul Collins Startup list

[Service Drivers]
Number=9205
Confirmed=X
Filename=msnpg.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=1&VName=WORM_RBOT.BMD" target=_blank>RBOT.BMD</a> WORM!
Source=Paul Collins Startup list

[Service Drivers]
Number=9206
Confirmed=X
Filename=PC.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwk.html" target= blank>SDBOT-WK</a> WORM!
Source=Paul Collins Startup list

[Service Drivers]
Number=9207
Confirmed=X
Filename=Compt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotzj.html" target=_blank>RBOT-ZJ</a> WORM!
Source=Paul Collins Startup list

[Service Drivers]
Number=9208
Confirmed=X
Filename=abl.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotyx.html" target=_blank>SDBOT-YX</a> WORM!
Source=Paul Collins Startup list

[Service Drivers]
Number=9209
Confirmed=X
Filename=MSNMEssenger.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Service Host]
Number=9210
Confirmed=X
Filename=[filename].exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101216-2559-99" target="_blank">TORVEL.B</a> WORM!
Source=Paul Collins Startup list

[Service Host]
Number=9211
Confirmed=X
Filename=spoolxx.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091811-4203-99" target=_blank>TORVEL</a> WORM!
Source=Paul Collins Startup list

[Service Host]
Number=9212
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdaosera.html" target=_blank>DAOSER-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Services\{C922CCC4-CF61-4589-A0D1-828160704853} subfolder
Source=Paul Collins Startup list

[Service Host]
Number=9213
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdaoserc.html" target=_blank>DAOSER-C</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Services\[random] subfolder
Source=Paul Collins Startup list

[Service Host ]
Number=9214
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091811-4203-99" target=_blank>TORVEL</a> WORM! Note - this is not the legitimate <a ref="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list

[Service Host Driver]
Number=9215
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-030214-0403-99" target=_blank>HITON</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list

[Service Host Process]
Number=9216
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031915-3501-99" target="_blank">GAOBOT.GEN!POLY</a> WORM!
Source=Paul Collins Startup list

[Service Manager]
Number=9217
Confirmed=N
Filename=sqlmangr.exe
Description=SQL Server&nbsp;Service Manager - provides tray access to SQL server,&nbsp;the server agent and MSDTC. Available via Start -> Programs
Source=Paul Collins Startup list

[Service Manager]
Number=9218
Confirmed=X
Filename=SERVICEMGR.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32passmaild.html" target= blank>PASSMAIL-D</a> VIRUS!
Source=Paul Collins Startup list

[Service Manager]
Number=9219
Confirmed=X
Filename=dxsound.exe
Description=Added by the <a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100886" target="_blank">PROXY-GRIC</a> TROJAN!
Source=Paul Collins Startup list

[service manager]
Number=9220
Confirmed=X
Filename=service.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DONBOMB.A&VSect=P" target=_blank>DONBOMB.A</a> TROJAN!
Source=Paul Collins Startup list

[Service Monitor]
Number=9221
Confirmed=X
Filename=msnfilen.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotale.html" target=_blank>RBOT-ALE</a> WORM!
Source=Paul Collins Startup list

[Service Monitor]
Number=9222
Confirmed=X
Filename=javams32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfnk.html" target=_blank>DELF-NK</a> TROJAN!
Source=Paul Collins Startup list

[Service Monitor]
Number=9223
Confirmed=X
Filename=javams64.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotafo.html" target=_blank>SDBOT-AFO</a> WORM!
Source=Paul Collins Startup list

[Service Monitor]
Number=9224
Confirmed=X
Filename=msnserve.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-101515-4844-99" target=_blank>SPYBOT.YQW</a> WORM!
Source=Paul Collins Startup list

[Service Monitor]
Number=9225
Confirmed=X
Filename=WinOcx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqj.html" target=_blank>RBOT-AQJ</a> WORM!
Source=Paul Collins Startup list

[Service Monitor]
Number=9226
Confirmed=X
Filename=csnss.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=49714" target="_blank">RBOT.EEH</a> WORM!
Source=Paul Collins Startup list

[Service Monitor]
Number=9227
Confirmed=X
Filename=filen.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Service Pack]
Number=9228
Confirmed=X
Filename=[various filenames]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lerpaa.html" target=_blank>LERPA-A</a> WORM! Note - the file name will be one of the following common.exe, common.pif, common.scr, Sexo.exe, Sexo.jpg.pif, ini_file__.pif, load_me__.tmp, msfile.pif, system_load_.pif or zipped.rar.pif
Source=Paul Collins Startup list

[Service Pack DLL Runtime]
Number=9229
Confirmed=X
Filename=spdll32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Service Process]
Number=9230
Confirmed=X
Filename=SVCHOST.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110414-0845-99" target=_blank>DARKER</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list

[Service Process]
Number=9231
Confirmed=X
Filename=winset.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Service Process]
Number=9232
Confirmed=X
Filename=service.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdcmbotc.html" target=_blank>DCMBOT-C</a> TROJAN!
Source=Paul Collins Startup list

[Service Process]
Number=9233
Confirmed=X
Filename=smss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdcmbote.html" target=_blank>DCMBOT-E</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "config" subfolder
Source=Paul Collins Startup list

[Service Process]
Number=9234
Confirmed=X
Filename=smss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdcmbote.html" target=_blank>DCMBOT-E</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in "config" subfolder
Source=Paul Collins Startup list

[Service Process]
Number=9235
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdcmbota.html" target=_blank>DCMBOT-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "config" subfolder
Source=Paul Collins Startup list

[Service Registry NT Save]
Number=9236
Confirmed=X
Filename=jdbgmgrnt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancoscg.html" target=_blank>BANCOS-CG</a> TROJAN!
Source=Paul Collins Startup list

[Service Registry NT Save]
Number=9237
Confirmed=X
Filename=taskmgrnt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosby.html" target=_blank>BANCOS-BY</a> TROJAN!
Source=Paul Collins Startup list

[Service Registry NT Save]
Number=9238
Confirmed=X
Filename=regeditnt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosbm.html" target= blank>BANCOS-BM</a> TROJAN!
Source=Paul Collins Startup list

[Service Scheduler]
Number=9239
Confirmed=X
Filename=scheduler.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotph.html" target= blank>AGOBOT-PH</a> WORM!
Source=Paul Collins Startup list

[Service System]
Number=9240
Confirmed=X
Filename=kernels32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosda.html" target=_blank>BANCOS-DA</a> TROJAN!
Source=Paul Collins Startup list

[Service System]
Number=9241
Confirmed=X
Filename=windowsXP.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosel.html" target=_blank>BANCOS-EL</a> TROJAN!
Source=Paul Collins Startup list

[Service System]
Number=9242
Confirmed=X
Filename=kgbfsm344.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosfs.html" target=_blank>BANCOS-FS</a> TROJAN!
Source=Paul Collins Startup list

[Service System]
Number=9243
Confirmed=X
Filename=wernell87.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosfj.html" target=_blank>BANCOS-FJ</a> TROJAN!
Source=Paul Collins Startup list

[service updaer]
Number=9244
Confirmed=X
Filename=qualityz.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! - probably a <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> variant
Source=Paul Collins Startup list

[Service.exe]
Number=9245
Confirmed=X
Filename=Service.exe
Description="servedby.advertising" popup generator
Source=Paul Collins Startup list

[service32]
Number=9246
Confirmed=X
Filename=service32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotst.html" target="_blank">AGOBOT-ST</a> WORM!
Source=Paul Collins Startup list

[ServiceConfig]
Number=9247
Confirmed=U
Filename=ispbeg.exe
Description=Comcast Transition Wizard. On June 30th, 2003 it will migrate E-mail and web pages from AT&amp;T Broadband Internet to Comcast High-Speed Internet. Until then it will run at startup and then terminate - hence the U recommendation
Source=Paul Collins Startup list

[serviceconnect]
Number=9248
Confirmed=X
Filename=serviceconnect.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AIR" target="_blank">AGOBOT.AIR</a> WORM!
Source=Paul Collins Startup list

[ServiceLayer]
Number=9249
Confirmed=Y
Filename=ServiceLayer.exe
Description=Nokia Connectivity Library support task that is needed by NCLTRAY and by the Nokia Connection Manager for either to work properly
Source=Paul Collins Startup list

[servicemng]
Number=9250
Confirmed=X
Filename=service.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32tamec.html" target=_blank>TAME-C</a> WORM!
Source=Paul Collins Startup list

[services]
Number=9251
Confirmed=X
Filename=start.bat
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzcrew.html" target="_blank">ZCREW</a> TROJAN!
Source=Paul Collins Startup list

[Services]
Number=9252
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101407-2313-99" target="_blank"> METEORSHELL</a> TROJAN!
Source=Paul Collins Startup list

[Services]
Number=9253
Confirmed=X
Filename=back32.exe ...service.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! Back32.exe is the baddie whose purpose is to HIDE the MIRC32 server in service.exe
Source=Paul Collins Startup list

[Services]
Number=9254
Confirmed=X
Filename=services.exe
Description=Added by a number of VIRUSES, WORMS and TROJANS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list

[Services]
Number=9255
Confirmed=X
Filename=winread.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[Services]
Number=9256
Confirmed=X
Filename=windns.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Services]
Number=9257
Confirmed=X
Filename=mshost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlanfiltj.html" target= blank>LANFILT-J</a> TROJAN!
Source=Paul Collins Startup list

[services]
Number=9258
Confirmed=X
Filename=Svchosts.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsdbotn.html" target= blank>SDBOT.N</a> WORM!
Source=Paul Collins Startup list

[Services]
Number=9259
Confirmed=X
Filename=csrss.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-063016-3358-99" target=_blank>RANKY.U</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[Services]
Number=9260
Confirmed=X
Filename=scks32.exe
Description=Added by a <a href="http://www.f-secure.com/v-descs/trojprox.shtml" target=_blank>Proxy Trojan</a> variant
Source=Paul Collins Startup list

[Services]
Number=9261
Confirmed=X
Filename=sockys32.exe
Description=Added by the RANKY.L TROJAN!
Source=Paul Collins Startup list

[Services]
Number=9262
Confirmed=X
Filename=sys.exe
Description=Added by a <a href="http://www.f-secure.com/v-descs/trojprox.shtml" target=_blank>Proxy Trojan</a> variant
Source=Paul Collins Startup list

[services]
Number=9263
Confirmed=X
Filename=windows32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32flyvbc.html" target=_blank>FLYVB-C</a> WORM!
Source=Paul Collins Startup list

[services]
Number=9264
Confirmed=X
Filename=socks.exe
Description=Added by the WIN32.SMALL.N TROJAN!
Source=Paul Collins Startup list

[Services]
Number=9265
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-072615-3305-99" target=_blank>ZINCITE.A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
Source=Paul Collins Startup list

[Services]
Number=9266
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojranckdb.html" target=_blank>RANCK-DB</a> TROJAN!
Source=Paul Collins Startup list

[Services]
Number=9267
Confirmed=X
Filename=iexplore.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-112117-1320-99" target=_blank>MOGI</a> WORM! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[Services]
Number=9268
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32reperb.html" target=_blank>REPER-B</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[Services]
Number=9269
Confirmed=X
Filename=sysamp.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Services]
Number=9270
Confirmed=X
Filename=prosys32.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Services]
Number=9271
Confirmed=X
Filename=iexplorer.exe
Description=Added by an unidentified WORM or TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe)
Source=Paul Collins Startup list

[Services]
Number=9272
Confirmed=X
Filename=iexploler.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453107025" target="_blank">RANCK-LT</a> TROJAN!
Source=Paul Collins Startup list

[Services]
Number=9273
Confirmed=X
Filename=iexpolere.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453107026" target="_blank">RANCK.LU</a> TROJAN!
Source=Paul Collins Startup list

[Services Administrator]
Number=9274
Confirmed=X
Filename=localsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Services Administrator]
Number=9275
Confirmed=X
Filename=netsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Services Administrator]
Number=9276
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Services Administrator]
Number=9277
Confirmed=X
Filename=svcadmin.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Services Administrator]
Number=9278
Confirmed=X
Filename=svcman.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Services Administrator]
Number=9279
Confirmed=X
Filename=svcrun.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Services Administrator]
Number=9280
Confirmed=X
Filename=tcpsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Services Administrator]
Number=9281
Confirmed=X
Filename=websvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Services Controller]
Number=9282
Confirmed=X
Filename=lsassa.exe
Description=Added by the CIADOOR.122 VIRUS!
Source=Paul Collins Startup list

[Services Controller]
Number=9283
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojciadoorf.html" target= blank>CIADOOR-F</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
Source=Paul Collins Startup list

[Services Host]
Number=9284
Confirmed=X
Filename=Scchost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-043013-2626-99" target="_blank">DONK</a> WORM!
Source=Paul Collins Startup list

[Services Host]
Number=9285
Confirmed=X
Filename=svchost32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobottg.html" target=_blank>AGOBOT-TG</a> WORM!
Source=Paul Collins Startup list

[Services Logon]
Number=9286
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-012310-2158-99" target=_blank>CROWT.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! By default this file is located in Documents and Settings\[user name]\Templates
Source=Paul Collins Startup list

[Services Process]
Number=9287
Confirmed=X
Filename=services.exe
Description=Spyware - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Small.X TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[Services Process]
Number=9288
Confirmed=X
Filename=smss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallek.html" target=_blank>SMALL-EK</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "config" subfolder
Source=Paul Collins Startup list

[Services Startup]
Number=9289
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-012310-2158-99" target=_blank>CROWT.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! By default this file is located in Documents and Settings\[user name]\Templates
Source=Paul Collins Startup list

[Services Startup]
Number=9290
Confirmed=X
Filename=svhost33.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Services.dll]
Number=9291
Confirmed=X
Filename=smss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32soberl.html" target=_blank>SOBER-L</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a msagent\system subfolder of the Winnt or Windows folder
Source=Paul Collins Startup list

[Services.EXE]
Number=9292
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-051220-5250-99" target="_blank">KAZPING</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
Source=Paul Collins Startup list

[services.exe]
Number=9293
Confirmed=X
Filename=Services.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojciadoorf.html" target= blank>CIADOOR-F</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
Source=Paul Collins Startup list

[Services004]
Number=9294
Confirmed=X
Filename=[worm filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010215-0626-99" target="_blank">BUGBROS</a> WORM!
Source=Paul Collins Startup list

[services32]
Number=9295
Confirmed=X
Filename=mc-110-12-0000079.exe
Description=Added by the TrojanDownloader.Agent.rv TROJAN!
Source=Paul Collins Startup list

[services32]
Number=9296
Confirmed=X
Filename=mc-58-12-0000120.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060715-4527-99" target=_blank>"Shorty"</a> adware - also detected as the AGENT.FD TROJAN!
Source=Paul Collins Startup list

[services32]
Number=9297
Confirmed=X
Filename=mc-58-12-0000140.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060715-4527-99" target=_blank>"Shorty"</a> adware - also detected as the AGENT.FD TROJAN!
Source=Paul Collins Startup list

[Services32 Startup]
Number=9298
Confirmed=X
Filename=win32dll.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxo.html" target= blank>SDBOT-XO</a> WORM!
Source=Paul Collins Startup list

[ServicesLoad]
Number=9299
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdearisa.html" target=_blank>DEARIS-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[ServicesLog]
Number=9300
Confirmed=X
Filename=ccapp32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotamx.html" target=_blank>RBOT-AMX</a> WORM!
Source=Paul Collins Startup list

[Servicewin]
Number=9301
Confirmed=X
Filename=Hide32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32msnvbd.html" target="_blank">MSNVB-D</a> WORM!
Source=Paul Collins Startup list

[Servicing]
Number=9302
Confirmed=X
Filename=hostd.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BUI&VSect=P" target=_blank>SDBOT.BUI</a> WORM!
Source=Paul Collins Startup list

[Servicio Local]
Number=9303
Confirmed=X
Filename=svhost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.BGX" target="_blank">SPYBOT.BGX</a> WORM!
Source=Paul Collins Startup list

[servics]
Number=9304
Confirmed=X
Filename=servics.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsinguj.html" target=_blank>SINGU-J</a> TROJAN!
Source=Paul Collins Startup list

[SERVlCE]
Number=9305
Confirmed=X
Filename=SERVlCE.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotub.html" target=_blank>AGOBOT-UB</a> WORM!
Source=Paul Collins Startup list

[ServUTrayIcon]
Number=9306
Confirmed=?
Filename=ServUTray.exe
Description=System Tray icon for Serv-U FTP server.<font color="#FF0000"> </font><font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list

[SES Service]
Number=9307
Confirmed=X
Filename=sesvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotczu.html" target="_blank">SDBOT-CZU</a> WORM!
Source=Paul Collins Startup list

[Session Client]
Number=9308
Confirmed=U
Filename=sescli.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-071412-1348-99" target= blank>SurfSpy</a> keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[Session Manager Subsystem]
Number=9309
Confirmed=X
Filename=smssa.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotags.html" target=_blank>RBOT-AGS</a> WORM!
Source=Paul Collins Startup list

[SESync]
Number=9310
Confirmed=X
Filename=sed.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=DownloadWare&threatid=4620" target=_blank>DownloadWare</a> adware
Source=Paul Collins Startup list

[SetDefaultMIDI]
Number=9311
Confirmed=?
Filename=MIDIDef.exe
Description=Related to a Soundblaster Audigy soundcards.<font color="#FF0000"> What does it do and is it required?</font>
Source=Paul Collins Startup list

[SetDefaultPrinter]
Number=9312
Confirmed=Y
Filename=cloaker.exe
Description=Used by HP and Compaq computers to hide the windows of programs passed as arguments to it
Source=Paul Collins Startup list

[setdefprt]
Number=9313
Confirmed=N
Filename=setdefprt.exe
Description=Used to set a Brother MFC printer/copier/scanner as the default printer after installation
Source=Paul Collins Startup list

[SetDefPrt]
Number=9314
Confirmed=N
Filename=BrStDvPt.exe
Description=Used to set a Brother MFC printer/copier/scanner as the default printer after installation
Source=Paul Collins Startup list

[SetecCertUtil]
Number=9315
Confirmed=U
Filename=Certutil.exe
Description=Setec Web and Email Security. Setec PKI smart card software. The PKI technology enables secure and reliable user identification in services offered through Internet, mobile handsets and digital TV
Source=Paul Collins Startup list

[setFTPBack]
Number=9316
Confirmed=X
Filename=createsw.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-061015-4747-99" target="_blank">FTP_BMAIL</a> TROJAN!
Source=Paul Collins Startup list

[SetHook]
Number=9317
Confirmed=N
Filename=SetHook.exe
Description=Fellowes Neato CD label design software. "Launch NEATO's MediaFACE II label making software directly from the productname toolbar"
Source=Paul Collins Startup list

[SETI@home]
Number=9318
Confirmed=N
Filename=SETI@home.exe
Description=SETI@home is a scientific experiment that uses Internet-connected computers in the Search for Extraterrestrial Intelligence (SETI). You can participate by running a free program that downloads and analyzes radio telescope data
Source=Paul Collins Startup list

[seticlient]
Number=9319
Confirmed=N
Filename=SETI@home.exe
Description=SETI@home is a scientific experiment that uses Internet-connected computers in the Search for Extraterrestrial Intelligence (SETI). You can participate by running a free program that downloads and analyzes radio telescope data
Source=Paul Collins Startup list

[SetIcon]
Number=9320
Confirmed=N
Filename=SetIcon.exe
Description=Installed by a 6-in-1 (4 Media Card slots, a floppy drive and a USB connection) device. Constantly updates the icons for the four Media Card slots that it has and is a resource hog
Source=Paul Collins Startup list

[SetiQueue]
Number=9321
Confirmed=N
Filename=Setiqu~1.exe
Description=Provides work unit buffering for Seti@Home clients - see <a href="http://www.setiqueue.org/" target="_blank">here</a> for more details
Source=Paul Collins Startup list

[SetiSpy]
Number=9322
Confirmed=N
Filename=SetiSpy.exe
Description=<a href="http://members.shaw.ca/bbrseti/spyscreen.html" target="_blank">SETI Spy</a> is a little program to "spy" on the progress and performance of the SETI@home client. Called a "spy" because it is unobtrusive as possible
Source=Paul Collins Startup list

[SetPoint]
Number=9323
Confirmed=X
Filename=SetPoint.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbwi.html" target="_blank">RBOT-BWI</a> WORM! Note - this is not the valid Logitech Setpoint mouse and keyboard entry that uses the same filename and is located in the Logitech\Setpoint sub-folder of Program Files. This file is located in the System (9x/Me) or System32 (NT/2K/XP/Vista) folder
Source=Paul Collins Startup list

[SetPoint]
Number=9324
Confirmed=U
Filename=Setpoint.exe
Description=Logitech SetPoint Event Manager for their range of mice and keyboards. Required if you want to use the advanced features of these devices and is located in the Logitech\Setpoint sub-folder of Program Files
Source=Paul Collins Startup list

[SETPOINT Logitech Inc]
Number=9325
Confirmed=X
Filename=KHALMNP.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaax.html" target= blank>RBOT-AAX</a> WORM!
Source=Paul Collins Startup list

[SetRefresh]
Number=9326
Confirmed=?
Filename=SetRefresh.exe
Description=Found on a Compaq PC. <font color="#FF0000">Video refresh rate utility? Is it required?</font>
Source=Paul Collins Startup list

[Setting]
Number=9327
Confirmed=X
Filename=sysweb.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target="_blank">SDBOT.GEN</a> TROJAN!
Source=Paul Collins Startup list

[setup]
Number=9328
Confirmed=N
Filename=hphprld.exe ....setup.exe
Description=HP DeskJet Setup - printers function normally without it
Source=Paul Collins Startup list

[Setup experation]
Number=9329
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtofgeraw.html" target=_blank>TOFGER-AW</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list

[setupa]
Number=9330
Confirmed=X
Filename=runt32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassk.html" target=_blank>QQPASS-K</a> TROJAN!
Source=Paul Collins Startup list

[setupdata]
Number=9331
Confirmed=X
Filename=rnll32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassac.html" target=_blank>QQPASS-AC</a> TROJAN!
Source=Paul Collins Startup list

[SetupICWDesktop]
Number=9332
Confirmed=N
Filename=icwconn1.exe
Description=Appears to be the &quot;Internet Connection Wizard&quot; from Internet Explorer being set-up as a desktop shortcut. Appears under the RunOnce registry key but is available under Start -&gt; Programs -&gt; Accessories -&gt; Communication (or similar) anyway
Source=Paul Collins Startup list

[setupuser]
Number=9333
Confirmed=X
Filename=regedit.exe setupuser.log
Description=Regfile in disguise - another <a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list

[setuzp]
Number=9334
Confirmed=?
Filename=setuzp.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[SetVrc]
Number=9335
Confirmed=X
Filename=setvrc.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-072921-1418-99" target="_blank">HUNTOCX</a> WORM!
Source=Paul Collins Startup list

[Sex Teris]
Number=9336
Confirmed=X
Filename=st01b.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090817-4709-99" target="_blank">REPAD</a> WORM!
Source=Paul Collins Startup list

[Sexnow]
Number=9337
Confirmed=X
Filename=Sexnow.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/dialsenowb.html" target= blank>SENOW-B</a> premium rate adult content dialler

Source=Paul Collins Startup list

[Sexy_Blondes]
Number=9338
Confirmed=X
Filename=Sexy_Blondes.exe
Description=Added by the <a href="http://virusinfo.prevx.com/viruscenter.asp?GRP=4766100024" target=_blank>Sexy</a> DIALER!. Related also to <a href="http://www.superadblocker.com/definition/sexy_blondes/" target=_blank>Hot Tarts</a> DIALER!

Source=Paul Collins Startup list

[Sexy_sg]
Number=9339
Confirmed=X
Filename=Sexy_sg.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list

[sf]
Number=9340
Confirmed=X
Filename=sf.exe
Description=<a href="http://www.surfenhance.com/" target=_blank>SurfEnhance</a> adware component
Source=Paul Collins Startup list

[SFIGUI]
Number=9341
Confirmed=N
Filename=SFIGUI.EXE
Description=<a href="http://www.sonicfocus.com/products/index.htm#" target=_blank>Sonic Focus</a> - "enhances music, movie and game sound by analyzing compressed audio streams in realtime, then restoring and enriching audio back to its original performance qualities"
Source=Paul Collins Startup list

[sfita]
Number=9342
Confirmed=X
Filename=sfita.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfavaddh.html" target=_blank>FAVADD-H</a> TROJAN! Also known as <a href="http://www.surfenhance.com/" target=_blank>SurfEnhance</a> adware
Source=Paul Collins Startup list

[SFP]
Number=9343
Confirmed=N
Filename=vzSFPWin.EXE
Description=Verizon Online Support Center - prompts for online updates
Source=Paul Collins Startup list

[sfpc]
Number=9344
Confirmed=U
Filename=sfpc.exe
Description=<a href="http://sarc.com/avcenter/venc/data/spyware.spy4pc.html" target="_blank">Spy4PC</a> surveillance software. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list

[SFtrb Service]
Number=9345
Confirmed=X
Filename=cftrb32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-061817-3111-99" target="_blank">SOBIG.D</a> WORM!
Source=Paul Collins Startup list

[SfWinStartInfo]
Number=9346
Confirmed=U
Filename=sfWinStartupInfo.exe
Description=<p align=left>SFIRM32 Online Banking software
Source=Paul Collins Startup list

[Sgecrypt]
Number=9347
Confirmed=U
Filename=Sgecrypt.exe
Description=<a href="http://www.ediport.hu/_sgeasy.html" target="_blank">SafeGuard Easy</a> - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks"
Source=Paul Collins Startup list

[Sgeecview]
Number=9348
Confirmed=U
Filename=Ecview.exe
Description=<a href="http://www.ediport.hu/_sgeasy.html" target="_blank">SafeGuard Easy</a> - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks"
Source=Paul Collins Startup list

[sginst]
Number=9349
Confirmed=U
Filename=sginst.exe
Description=eAcceleration Stop-Sign security software related. Previously not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">here</a>
Source=Paul Collins Startup list

[SGTBox]
Number=9350
Confirmed=?
Filename=SGTBox.exe
Description=Canon scanner driver.<font color="#FF0000"> Is it required?</font>
Source=Paul Collins Startup list

[sgtray]
Number=9351
Confirmed=U
Filename=sgtray.exe
Description=<a href="http://www.veritas.com/products/category/ProductDetail.jhtml?productId=storageguard" target="_blank">StorageGuard</a> from Veritas. Free utility that integrates with Backup MyPC (formerly Backup Exec Desktop), Simple Backup and MS Backup. Provides system tray access and background monitoring - warning you of files that haven't recently been backed up. Required unless you backup manually on a regular basis or have scheduled backups
Source=Paul Collins Startup list

[Shadow]
Number=9352
Confirmed=Y
Filename=Shadow.exe
Description="<a href="http://www.ntius.com/shadow.asp" target="_blank">NTI Shadow 3</a> is an award-winning easy-to-use backup application that automatically protects your photo, music, video, and various data files. It makes data restoration as easy as dragging and dropping files from one place to another"
Source=Paul Collins Startup list

[ShadowUser Pro Edition]
Number=9353
Confirmed=U
Filename=ShadowUser.exe
Description="StorageCraft™ <a href="http://www.storagecraft.com/products/ShadowUser/" target="_blank">ShadowUser™</a> provides easy to use desktop security and protection for Windows operating systems. ShadowUser is the best way to prevent unwanted changes to  PCs and laptops"
Source=Paul Collins Startup list

[shambl3r]
Number=9354
Confirmed=X
Filename=cnf.bat
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101611-1053-99" target="_blank">REMABL</a> WORM!
Source=Paul Collins Startup list

[shambl3r*]
Number=9355
Confirmed=X
Filename=shambl3r.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101611-1053-99" target="_blank">REMABL</a> WORM! where * is 2 to 11
Source=Paul Collins Startup list

[Shania]
Number=9356
Confirmed=X
Filename=Shania.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-020217-3141-99" target=_blank>SHANIA</a> VIRUS! - NOTE: this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
Source=Paul Collins Startup list

[Share-to-Web Namespace Daemon]
Number=9357
Confirmed=N
Filename=hpgs2wnd.exe
Description=HP's exclusive <a href="http://h10025.www1.hp.com/ewfrf/wc/genericDocument?docname=bps05210&cc=us&dlc=en&lc=en&jumpid=reg_R1002_USEN" target="_blank">Share-to-Web</a> software makes it easy to share content with others through our affiliate Internet websites. In other words an application that allows users to upload scanned images to their personal webpages if desired. Available via Start -> Programs
Source=Paul Collins Startup list

[Shareaza]
Number=9358
Confirmed=N
Filename=Shareaza.exe
Description=<a href="http://www.shareaza.com/" target=_blank>Shareaza</a> P2P client
Source=Paul Collins Startup list

[Shareaza]
Number=9359
Confirmed=U
Filename=bindata.exe
Description=<a href="http://www.shareaza.com/" target=_blank>Shareaza</a> P2P client related
Source=Paul Collins Startup list

[sharedprem]
Number=9360
Confirmed=X
Filename=sharedprem.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-040311-3929-99" target="_blank">MAKECALL</a> TROJAN!
Source=Paul Collins Startup list

[Sharing and Mapping Software]
Number=9361
Confirmed=Y
Filename=DShmap.exe
Description=<a target="_blank" href="http://www.intel.com/support/network/anypoint/">Intel AnyPoint</a> internet sharing software. Now discontinued
Source=Paul Collins Startup list

[SharkEject]
Number=9362
Confirmed=N
Filename=AEJCT32.exe
Description=Allows you to eject a disk from the Avatar Shark drive from the system tray. When loaded, there is a desktop icon so this isn't required
Source=Paul Collins Startup list

[SharpTray]
Number=9363
Confirmed=U
Filename=SharpTray.exe
Description=Part of <a href="http://www.sharpusa.com/products/applications/sharpdesk/1,2693,3-3,00.html" target="_blank">Sharpdesk</a> from Sharp Electronics. "A desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents"
Source=Paul Collins Startup list

[Shcenter]
Number=9364
Confirmed=N
Filename=chcenter.exe
Description=IMSI <a href="http://www.imsisoft.com/prodinfo.asp?t=1&mcid=100" target="_blank">HiJaak</a> - "the easiest way to convert, capture, and manage all your graphic files"
Source=Paul Collins Startup list

[SheduIer]
Number=9365
Confirmed=X
Filename=svchst.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list

[SheduIer]
Number=9366
Confirmed=X
Filename=shch.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooreb.html" target= blank>EB</a> TROJAN!
Source=Paul Collins Startup list

[SheduIer]
Number=9367
Confirmed=X
Filename=winagent.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooreb.html" target= blank>EB</a> TROJAN!
Source=Paul Collins Startup list

[Shedule Connection]
Number=9368
Confirmed=X
Filename=arpo412.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ppdoorr.html" target=_blank>PPDOOR-R</a> WORM!
Source=Paul Collins Startup list

[Sheduler]
Number=9369
Confirmed=X
Filename=nerocheck.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target=_blank>TACTSLAY.B</a> TROJAN!
Source=Paul Collins Startup list

[Shell]
Number=9370
Confirmed=X
Filename=Shell32.exe
Description=Added by the <a href="http://www.f-secure.com/v-descs/badsec.shtml" target="_blank">BADSECTOR</a> TROJAN!
Source=Paul Collins Startup list

[Shell]
Number=9371
Confirmed=X
Filename=ray.exe
Description=Homepage hijacker re-directing browsers to adult content websites
Source=Paul Collins Startup list

[Shell]
Number=9372
Confirmed=X
Filename=Tray.exe
Description=Homepage hijacker re-directing browsers to adult content websites
Source=Paul Collins Startup list

[Shell]
Number=9373
Confirmed=X
Filename=wmedia16.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-010715-5330-99" target=_blank>GOLDUN</a> TROJAN!
Source=Paul Collins Startup list

[Shell]
Number=9374
Confirmed=X
Filename=Open32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmalldl.html" target= blank>SMALL-DL</a> TROJAN!
Source=Paul Collins Startup list

[Shell]
Number=9375
Confirmed=X
Filename=Explorer.exe sound_drive16.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorgp.html" target="_blank">GP</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System subfolder
Source=Paul Collins Startup list

[Shell]
Number=9376
Confirmed=X
Filename=Explorer.exe, msmsgs.exe
Description=Added by the <a href=" http://www.symantec.com/security_response/writeup.jsp?docid=2005-042316-2917-99" target="_blank">ZLOB</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[Shell]
Number=9377
Confirmed=X
Filename=Explorer.exe [path] svchost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050114-4234-99" target=_blank>DOYORG</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list

[shell]
Number=9378
Confirmed=X
Filename=explorer.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061100-3940-99" target="_blank">KAKKEYS</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System32 subfolder
Source=Paul Collins Startup list

[Shell]
Number=9379
Confirmed=X
Filename=iexplore.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kipisu.html" target=_blank>KIPIS-U</a> TROJAN! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in a "Microsoft" subfolder
Source=Paul Collins Startup list

[Shell]
Number=9380
Confirmed=X
Filename=ibm0000*.exe [* = digit]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtorpigc.html" target=_blank>TORPIG-C</a> and <a href="http://www.sophos.com/virusinfo/analyses/trojtorpigj.html" target=_blank>TORPIG-J</a> TROJANS! Filenames spotted include ibm00001.exe, ibm00002.exe, ibm00005.exe and so on
Source=Paul Collins Startup list

[Shell]
Number=9381
Confirmed=X
Filename=taskmrg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanft.html" target=_blank>BANCBAN-FT</a> TROJAN!
Source=Paul Collins Startup list

[Shell]
Number=9382
Confirmed=X
Filename=Explorer.exe winupdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentfd.html" target=_blank>AGENT-FD</a> TROJAN!
Source=Paul Collins Startup list

[Shell]
Number=9383
Confirmed=X
Filename=ibm[RANDOM 5 DIGIT NUMBER].exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-112315-0608-99" target=_blank>ANSERIN</a> TROJAN!
Source=Paul Collins Startup list

[Shell]
Number=9384
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojgoldspyb.html" target=_blank>GOLDSPY-B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[Shell]
Number=9385
Confirmed=X
Filename=ibm00001.dll
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtorpigq.html" target="_blank">TORPIG-Q</a> TROJAN!
Source=Paul Collins Startup list

[Shell API32]
Number=9386
Confirmed=X
Filename=svcnet.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=41429" target= blank>TIBICK.C</a> WORM!
Source=Paul Collins Startup list

[Shell Extension]
Number=9387
Confirmed=X
Filename=spollsv.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list

[Shell Tray Window]
Number=9388
Confirmed=X
Filename=ShellTraywnd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstultdora.html" target=_blank>STULTDOR-A</a> TROJAN!
Source=Paul Collins Startup list

[shell update]
Number=9389
Confirmed=X
Filename=shellexec.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotanc.html" target=_blank>AGOBOT-TH</a> WORM!
Source=Paul Collins Startup list

[Shell32]
Number=9390
Confirmed=X
Filename=Shell32.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031515-4025-99" target=_blank>SCAFENE</a> WORM!
Source=Paul Collins Startup list

[shell32]
Number=9391
Confirmed=X
Filename=ntldrt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32jloka.html" target=_blank>JLOK-A</a> WORM!
Source=Paul Collins Startup list

[Shell32]
Number=9392
Confirmed=X
Filename=iexplore.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotay.html" target=_blank>IRCBOT-AY</a> TROJAN! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a>) process, which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup unless you add it manually! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[ShellApi]
Number=9393
Confirmed=X
Filename=SHELLMSN.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_NETDEV.B" target="_blank">NETDEV.B</a> TROJAN!
Source=Paul Collins Startup list

[Shellapi32]
Number=9394
Confirmed=X
Filename=Shellapi32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-021310-3452-99" target="_blank">NETDEVIL</a> (or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_NERTE.76.B" target="_blank">NERTE</a>) TROJAN!
Source=Paul Collins Startup list

[Shellapi32]
Number=9395
Confirmed=X
Filename=mcvsrte.exe
Description=Added by an unidentified WORM! Note - do not confuse with the McAfee SecurityCenter file of the same name
Source=Paul Collins Startup list

[ShellCommand]
Number=9396
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojremcona.html" target=_blank>REMCON-A</a> TROJAN!

Source=Paul Collins Startup list

[Shelldaemon]
Number=9397
Confirmed=X
Filename=Shelldaemon.exe
Description=Added by a variant of the AGENT.ALN TROJAN!
Source=Paul Collins Startup list

[ShellEx]
Number=9398
Confirmed=X
Filename=ShellEx.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-062615-5626-99" target="_blank">ANAKHA</a> TROJAN!
Source=Paul Collins Startup list

[ShellN]
Number=9399
Confirmed=X
Filename=isca.exe
Description=Added by the <a href="http://www.avira.com/en/threats/section/fulldetails/id_vir/3554/tr_dldr.ibill.z.html" target="_blank">IBILL.Z</a> TROJAN!
Source=Paul Collins Startup list

[ShellOS]
Number=9400
Confirmed=X
Filename=A+++.exe
Description=Added by the AV TROJAN!
Source=Paul Collins Startup list

[ShellRun]
Number=9401
Confirmed=X
Filename=lexplore_.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmsnopta.html" target=_blank>MSNOPT-A</a> TROJAN!
Source=Paul Collins Startup list

[ShellRun32]
Number=9402
Confirmed=X
Filename=iexplore.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotay.html" target=_blank>IRCBOT-AY</a> TROJAN! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a>) process, which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup unless you add it manually! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[Shellspl]
Number=9403
Confirmed=X
Filename=lsas.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojyalera.html" target= blank>YALER-A</a> TROJAN!
Source=Paul Collins Startup list

[Shellspl]
Number=9404
Confirmed=X
Filename=spools.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojproxagea.html" target=_blank>PROXAGE-A</a> TROJAN!
Source=Paul Collins Startup list

[shellsystem]
Number=9405
Confirmed=X
Filename=shellsystem.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-092312-3316-99" target="_blank">UPCHAN</a> TROJAN!
Source=Paul Collins Startup list

[shhost]
Number=9406
Confirmed=X
Filename=shhost.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453088611" target=_blank>AGENT.CE</a> TROJAN!
Source=Paul Collins Startup list

[shicoxp]
Number=9407
Confirmed=N
Filename=shicoxp.exe
Description=Installed with the drivers for multi card readers of various brands. To differentiate between the various card slots on multi slot readers the shicoxp.exe file assigns and loads unique drive icons for the various card slots that are displayed in Windows Explorer
Source=Paul Collins Startup list

[Shine]
Number=9408
Confirmed=X
Filename=Shine.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-090919-4618-99" target="_blank">HAPPYLOW</a> (or <a href="http://www.sophos.com/virusinfo/analyses/w32nishea.html" target="_blank">NISHE-A</a>) VIRUS!
Source=Paul Collins Startup list

[SHINITV]
Number=9409
Confirmed=?
Filename=shinitv.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Shmgrate.exe]
Number=9410
Confirmed=X
Filename=ibot4.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-122909-2907-99" target="_blank">GASTER</a> TROJAN!
Source=Paul Collins Startup list

[ShockmachineReminder]
Number=9411
Confirmed=N
Filename=SmReminder.exe
Description="<a href="http://www.adobe.com/support/flash/publishexport/shockmachine_flash4/shockmachine_flash402.html" target="_blank">Shockmachine</a> is a stand-alone application that lets users collect Macromedia Shockwave and Flash titles and play them offline". <font color="#FF0000">Could be a registration reminder for the trial version</font>
Source=Paul Collins Startup list

[Shockwave]
Number=9412
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-092009-4537-99" target=_blank>SNDOG</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[Shockwave Init]
Number=9413
Confirmed=N
Filename=SWINIT.EXE
Description=Part of Macromedia Shockwave. Controls the Shockwave Remote Control Panel. The Remote Control can be activated manually from the Start Menu by locating and selecting Shockwave and then Shockwave Remote under Programs
Source=Paul Collins Startup list

[Shockwave Support]
Number=9414
Confirmed=X
Filename=FlashPlayer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delfdra.html" target="_blank">DELF-DRA</a> WORM!
Source=Paul Collins Startup list

[ShortKeys 99]
Number=9415
Confirmed=N
Filename=SHORTKEY.EXE
Description=<a href="http://www.shortkeys.com/" target="_blank">ShortKeys</a> from Insight Software Solutions - allows you to program keys with text strings
Source=Paul Collins Startup list

[sHotKey]
Number=9416
Confirmed=Y
Filename=sHotKey.exe
Description=Special function key manager for Chicony keyboards - see <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/shotkey/" target=_blank>here</a>

Source=Paul Collins Startup list

[Showbehind]
Number=9417
Confirmed=X
Filename=SHOWBEHIND.EXE
Description=Advertisement display which can be stopped <a href="http://www.showbehind.com/adremove.exe" target="_blank">here</a>
Source=Paul Collins Startup list

[ShowFF]
Number=9418
Confirmed=X
Filename=ShowFF.exe
Description=Added by the <a href="http://www.sarc.com/avcenter/venc/data/adware.fftoolbar.html" target=_blank>Adware.FFToolBar</a> adware toolbar
Source=Paul Collins Startup list

[ShowIcon_Justrams_USB Product Driver v2.12r012]
Number=9419
Confirmed=?
Filename=shwicon.exe
Description=Related to <a href="http://www.justrams.com/" target=_blank>Just Rams</a> USB product driver. <font color=#FF0000>Is it required?</font>

Source=Paul Collins Startup list

[ShowIcon_PNY_PNY Attaché]
Number=9420
Confirmed=U
Filename=shwicon.exe
Description=<a href="http://www2.pny.com/Categories/UsbFlashDrives.aspx?Category_ID=12" target="_blank">PNY Attaché</a> USB flash memory stick System Tray icon - shows when the device is plugged in
Source=Paul Collins Startup list

[ShowIcon_SmartDisk Corporation_USB Card Reader v1.14e051]
Number=9421
Confirmed=?
Filename=shwicon.exe
Description=Card reader for memory cards from digital cameras.<font color="#FF0000"> Is it required? </font>
Source=Paul Collins Startup list

[ShowLOMControl]
Number=9422
Confirmed=U
Filename=[strange symbol]
Description=Note that there is a strange symbol in the command field. HKLM\Software\Microsoft\Windows\Current Version\Run\ShowLOMControl Reg_DWORD 0x00000001 (1) LOM = LAN on Motherboard.It mean Show "LAN on Motherboard" Control.On systems where you can install an external LAN interface, it will warn you that you already have a built-in LAN interface. Appears to be a feature on certain Dell systems

Source=Paul Collins Startup list

[Showme]
Number=9423
Confirmed=X
Filename=Ruden.vbs
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/wm97handlea.html" target=_blank>HANDLE-A</a> VIRUS!
Source=Paul Collins Startup list

[ShowWnd]
Number=9424
Confirmed=U
Filename=ShowWnd.exe
Description=Found on Gateway computers (and maybe others) - see <a href="http://support.gateway.com/s/issues/2-1945178247.shtml" target=_blank>here</a>. "Showwnd is included with the Chicony keyboard software and is used by the software to stop the keyboard driver's taskbar entry from reappearing. It is not necessary to remove the keyboard software, however if you wish it can be removed through Add or Remove Programs"
Source=Paul Collins Startup list

[SHPC32]
Number=9425
Confirmed=U
Filename=SHPC32.exe
Description=Port monitor for Lexmark printers on a USB connection. Ties in with the Printer Control Program. Features like cancelling a print are unavailable if disabled
Source=Paul Collins Startup list

[ShStatEXE]
Number=9426
Confirmed=Y
Filename=SHSTAT.EXE
Description=From McAfee VirusScan NT 4.x. Handles program communication among VShield components, displays VShield icon. Can be started automatically or available via Start -&gt; Programs
Source=Paul Collins Startup list

[Shutdownaware]
Number=9427
Confirmed=U
Filename=shutdownaware.exe
Description=Loaded by the <a href="http://www.sweexeurope.com/product.asp?pid=98" target="_blank">SWEEX 6-in-1 Media Card Reader</a> to properly manage the reader while it is connected to your system
Source=Paul Collins Startup list

[ShutDownPro]
Number=9428
Confirmed=U
Filename=ShutDownPro.exe
Description=<a href="http://home.tiscali.de/zdata/shutdownpro_e.htm" target="_blank">ShutDownPro</a> - shutdown, reboot, logoff your System with one mouse click
Source=Paul Collins Startup list

[Si Meter]
Number=9429
Confirmed=N
Filename=SIMETER.EXE
Description=<a href="http://downloads.zdnet.co.uk/0,39025604,39066984s,00.htm" target="_blank">Si Meter</a> - keep track of things like CPU activity, network activity and speed, hard-drive activity, hard-drive space, system memory, running processes, or just date and time
Source=Paul Collins Startup list

[si91e44b]
Number=9430
Confirmed=X
Filename=rundll32.exe [path] si91e44b.dll, EnableRunDLL32
Description=<a href="http://www.spywareguide.com/product_show.php?id=853" target="_blank">LZIO.com</a> adware downloader
Source=Paul Collins Startup list

[SIA2006]
Number=9431
Confirmed=U
Filename=SIA2006.exe
Description=Part of Steganos <a href="https://www.steganos.com/en/products/siavpn/" target="_blank">Internet Anonym</a> privacy software
Source=Paul Collins Startup list

[SIAPRO6]
Number=9432
Confirmed=U
Filename=sia.exe
Description=Steganos <a href="http://www.steganos.com/?product=SIA2006&language=en&layout=web2005" target=_blank>Internet Anonym</a> privacy software
Source=Paul Collins Startup list

[Sicom]
Number=9433
Confirmed=X
Filename=Sicom.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-072917-4037-99" target="_blank">NETLIP</a> WORM!
Source=Paul Collins Startup list

[SideACT]
Number=9434
Confirmed=U
Filename=SideACT.exe
Description=<a href="http://www.actaddons.com/products/jm_getorg.asp" target="_blank">SideACT</a> organizer software
Source=Paul Collins Startup list

[Sidebar]
Number=9435
Confirmed=U
Filename=Sidebar.exe
Description=If you are running Windows Vista it is a part of the operating system. But on other versions of Windows it can be a part of

<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453077927" target="_blank">Searchcentrix</a> hijacker

Source=Paul Collins Startup list

[SIDEBAR]
Number=9436
Confirmed=N
Filename=dsidebar.exe
Description="<a href="http://www.desktopsidebar.com/" target=_blank>Desktop Sidebar</a> provides you with instant access to the information you most desire by grabbing data from your PC and the internet. The result is a dynamic visual display you configure and control"

Source=Paul Collins Startup list

[Sidebar]
Number=9437
Confirmed=U
Filename=sidebar.exe
Description=Windows Sidebar is a pane on the side of the Microsoft Windows Vista desktop where you can keep your gadgets organized and always available
Source=Paul Collins Startup list

[SideWinderTrayV4]
Number=9438
Confirmed=N
Filename=SWTrayV4.exe
Description=MS SideWinder game controller system tray icon. This is specific to version 4 of the software. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[SigmaTel Audio]
Number=9439
Confirmed=N
Filename=setup.exe
Description=<a href="http://www.sigmatel.com/" target="_blank">Sigmatel</a> audio driver
Source=Paul Collins Startup list

[SigmatelSysTrayApp]
Number=9440
Confirmed=N
Filename=stsystra.exe
Description=System tray program for the Sigmatel Audio sound card. Often found on Dell computers
Source=Paul Collins Startup list

[SigmatelSysTrayApp]
Number=9441
Confirmed=N
Filename=sttray.exe
Description=System tray program for the Sigmatel Audio sound card. Often found on Dell computers
Source=Paul Collins Startup list

[SigX]
Number=9442
Confirmed=?
Filename=sigx.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[SigXC]
Number=9443
Confirmed=X
Filename=SigX.exe
Description=<a href="http://sigx.yuriy.net/" target="_blank">SigX</a> is a "dynamic signature image generated based on whatever data your computer sends it though our SigX program. It can display your current Mp3, current OS, Free Ram, your current time and more"
Source=Paul Collins Startup list

[Simcast]
Number=9444
Confirmed=N
Filename=SimcastAlerts.exe
Description=<a href="http://www.simcast.com.au/index.jsp" target="_blank">Simcast</a> is a free service that allows you to subscribe to information on a large variety of topics. Alerts will appear on your desktop when a channel that you have subscribed to has something to say
Source=Paul Collins Startup list

[SimpLite-MSN]
Number=9445
Confirmed=U
Filename=SimpLite-MSN.exe
Description=Required if you use the SimpLite add-on to MSN Messenger (SimpLite adds encryption to the instant messaging service)
Source=Paul Collins Startup list

[Singapore]
Number=9446
Confirmed=X
Filename=singapore.exe
Description=Adds a blue crescent to the taskbar and when double-clicked displays an adult-content web-site. Also known to drop your internet connection and dial an international telephone number. See <a href="http://groups.google.com/group/soc.culture.singapore/msg/1f27820def4eaf8c?q=singapore+singapore.exe&hl=en&lr=&safe=off&rnum=1" target="_blank">here</a> for more information. Must be disabled in MSCONFIG before un-installing or it re-instates itself
Source=Paul Collins Startup list

[SIPPS]
Number=9447
Confirmed=U
Filename=SIPPS\SIPPS.exe
Description=Web.de Internet phone utility
Source=Paul Collins Startup list

[SiS Dns]
Number=9448
Confirmed=X
Filename=dnssvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderue.html" target=_blank>DLOADER-UE</a> TROJAN!
Source=Paul Collins Startup list

[SiS KHooker]
Number=9449
Confirmed=N
Filename=khooker.exe
Description=SiS Keyboard Daemon. System Tray utility which gets installed by the drivers of the latter day SiS VGA cards. Can cause errors at startup and isn't required
Source=Paul Collins Startup list

[SiS Mpc Service]
Number=9450
Confirmed=X
Filename=mpcsvc.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[SiS Mpc Service]
Number=9451
Confirmed=X
Filename=mpcsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojciadoorcj.html" target="_blank">CIAFOOR-CJ</a> TROJAN!
Source=Paul Collins Startup list

[SiS Tray]
Number=9452
Confirmed=U
Filename=sistray.exe
Description=System Tray icon for SiS based graphics. Note - this resides in C:\Windows\System
Source=Paul Collins Startup list

[SiS Windows KeyHook]
Number=9453
Confirmed=U
Filename=keyhook.exe
Description=SIS graphics cards related: "Super VGA Keyboard Daemon" - hooks into the keyboard processing chain in order to enable hotkey settings
Source=Paul Collins Startup list

[SiS7012Utility]
Number=9454
Confirmed=Y
Filename=SiSAudUt.exe
Description=SiS Corporation sound card driver
Source=Paul Collins Startup list

[SISAM10M]
Number=9455
Confirmed=?
Filename=SISAM10M.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[SiSAudio]
Number=9456
Confirmed=N
Filename=MP_S3.exe
Description=WinME patch for an older SiS 961 chipset FERR bug. Enable if you have audio problems
Source=Paul Collins Startup list

[siscolor]
Number=9457
Confirmed=U
Filename=color.exe
Description=Probably on-board graphics related based upon the SiS chipsets. Has been seen on ASUS motherboards with SiS chipsets and known to cause conflicts if you choose another graphics card and disable the on-board
Source=Paul Collins Startup list

[siService.exe]
Number=9458
Confirmed=U
Filename=siService.exe
Description=<a href="http://www.giantcompany.com/" target=_blank>Spam Inspector</a> - anti email spam software
Source=Paul Collins Startup list

[SiSPower]
Number=9459
Confirmed=?
Filename=Rundll32.exe SiSPower.dll, ModeAgent
Description=Responsible for power management for SIS chipsets - <font color="#FF0000">is it required?</font>
Source=Paul Collins Startup list

[SiSRaid]
Number=9460
Confirmed=U
Filename=SRaid.exe
Description=Related to the <a href="http://www.sis.com/" target=_blank>SIS Raid</a> system from Silicon Integrated Systems
Source=Paul Collins Startup list

[SiSSetCDfmt]
Number=9461
Confirmed=?
Filename=SiSSetCDfmt.exe
Description=<font color="#FF0000">Related to a Silicon Integrated Systems Corp (SiS) product?</font>
Source=Paul Collins Startup list

[SISSoundman]
Number=9462
Confirmed=?
Filename=Soundman.exe
Description=<font color="#FF0000">Related to a Silicon Integrated Systems Corp (SiS) product?</font>
Source=Paul Collins Startup list

[SiSSWLED]
Number=9463
Confirmed=U
Filename=sisswled.exe
Description=System Tray utility for SiS 900 network cards
Source=Paul Collins Startup list

[sistrai.exe]
Number=9464
Confirmed=X
Filename=sistrai.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-050212-3451-99" target="_blank"> PROVA</a> TROJAN!
Source=Paul Collins Startup list

[sistray]
Number=9465
Confirmed=X
Filename=sistray.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-050212-3451-99" target="_blank">PROVA</a> TROJAN!
Source=Paul Collins Startup list

[sistray]
Number=9466
Confirmed=U
Filename=sistray.exe
Description=System Tray icon for SiS based graphics. Note - this resides in C:\Windows\System
Source=Paul Collins Startup list

[Sistray32]
Number=9467
Confirmed=X
Filename=remotehost.pif
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022714-4020-99" target=_blank>HOLCAS.A</a> WORM!
Source=Paul Collins Startup list

[Sistray32]
Number=9468
Confirmed=X
Filename=win.bat
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021815-3302-99" target=_blank>JUMPRED.A</a> WORM!
Source=Paul Collins Startup list

[Sistray32]
Number=9469
Confirmed=X
Filename=virus.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtometac.html" target=_blank>TOMETA-C</a> TROJAN!
Source=Paul Collins Startup list

[sistry]
Number=9470
Confirmed=X
Filename=sistry.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111211-1414-99" target="_blank">CEBE</a> WORM!
Source=Paul Collins Startup list

[SiSUSBRG]
Number=9471
Confirmed=N
Filename=SiSUSBrg.exe
Description=SiS USB Registry Patch File - fixes the undetectable problem with SiS USB controller on Windows XP
Source=Paul Collins Startup list

[SiteAdvisor]
Number=9472
Confirmed=U
Filename=SiteAdv.exe
Description=<a href="http://www.siteadvisor.com/" target="_blank">SiteAdvisor</a> from McAfee warns you before you interact with a dangerous Web site
Source=Paul Collins Startup list

[sixtysix]
Number=9473
Confirmed=X
Filename=sixtypopsix.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120718-0513-99" target="_blank">Medload</a> adware
Source=Paul Collins Startup list

[SK51]
Number=9474
Confirmed=U
Filename=SK51.EXE
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080614-0603-99" target= blank>SaveKeys</a> keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[SK60]
Number=9475
Confirmed=U
Filename=SK60.EXE
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080614-0603-99" target= blank>SaveKeys</a> keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[SK9910DM]
Number=9476
Confirmed=U
Filename=SK9910DM.EXE
Description=Multi-function keyboard driver. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys
Source=Paul Collins Startup list

[SKDAEMON]
Number=9477
Confirmed=U
Filename=SKDAEMON.EXE
Description=Multi-function keyboard driver. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys&nbsp;
Source=Paul Collins Startup list

[skinkers]
Number=9478
Confirmed=U
Filename=skinkers.exe
Description=Selection of desktop messaging/marketing tools with celebrity tie-ins including MTV's "Desktop Ozzy" and Arsenal's "Desktop Wenger" - see <a href="http://www.skinkers.com/clients.html" target="_blank">here</a>. Leave enabled if you want to receive messages
Source=Paul Collins Startup list

[sks-32]
Number=9479
Confirmed=X
Filename=SKS32P~1.EXE
Description=<a href="http://sarc.com/avcenter/venc/data/spyware.spykeyspy.html" target=_blank>SpyKeySpy</a> logs keystrokes and sends the stolen information to a configurable email address
Source=Paul Collins Startup list

[Skunk]
Number=9480
Confirmed=X
Filename=Skunk.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sunka.html" target=_blank>SUNK-A</a> WORM! Note - this file is found in the root folder (C:\), (D:\), etc
Source=Paul Collins Startup list

[SkyBlaster Scheduler]
Number=9481
Confirmed=Y
Filename=SSFSch.exe
Description=For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system
Source=Paul Collins Startup list

[skynetave.exe]
Number=9482
Confirmed=X
Filename=skynetave.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-050315-1907-99" target="_blank">SASSER.D</a> WORM!
Source=Paul Collins Startup list

[SkynetRevenge]
Number=9483
Confirmed=X
Filename=winlogon.scr
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042717-0804-99" target="_blank">NETSKY.AA</a> WORM!
Source=Paul Collins Startup list

[Skype]
Number=9484
Confirmed=N
Filename=Skype.exe
Description=&quot;<a href="http://www.skype.com/" target="_blank">Skype</a> is free and simple software that will enable you to make free calls anywhere in the world in minutes&quot;
Source=Paul Collins Startup list

[SkypeMate]
Number=9485
Confirmed=N
Filename=SkypeMate.exe
Description=<a href="http://www.yealink.com/en/index.asp" target="_blank">SkypeMate</a> acts as a bridge between networks of VoIP and PSTN
Source=Paul Collins Startup list

[SkypeStartup]
Number=9486
Confirmed=X
Filename=Skype.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/malpyksea.html" target="_blank">PYKSE-A</a> WORM!
Source=Paul Collins Startup list

[SkySurfer Management Service]
Number=9487
Confirmed=Y
Filename=SmaServ.exe
Description=For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system
Source=Paul Collins Startup list

[SkyTel]
Number=9488
Confirmed=U
Filename=SkyTel.exe
Description=Process associated with <a href="http://www.realtek.com.tw/" target="_blank">Realtek</a> Voice Manager for some of their audio chipsets
Source=Paul Collins Startup list

[sl4 rules]
Number=9489
Confirmed=X
Filename=rbot32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotqc.html" target= blank>SDBOT-QC</a> WORM!
Source=Paul Collins Startup list

[slack12]
Number=9490
Confirmed=X
Filename=mfcee.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Slayhacker734]
Number=9491
Confirmed=X
Filename=slay7383.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsikbota.html" target=_blank>SIKBOT-A</a> TROJAN!
Source=Paul Collins Startup list

[SleepManager]
Number=9492
Confirmed=N
Filename=SleepMgr.exe
Description=This program locates free contiguous disk spaces and allocates them for storing BASE MEMORY, EXTENDED MEMORY, VIDEO MEMORY, and SM RAM. It helps the computer come out of hibernate mode
Source=Paul Collins Startup list

[Slibe.com]
Number=9493
Confirmed=U
Filename=Sliber.EXE
Description=<a href="http://www.sliber.com/" target="_blank">Sliber</a> - freeware screen capturing & online sharing tool
Source=Paul Collins Startup list

[SlickRun]
Number=9494
Confirmed=U
Filename=sr.exe
Description="<a href="http://www.bayden.com/SlickRun/" target="_blank">SlickRun</a> is a floating command line utility for Windows. It gives you almost instant access to any program or website. SlickRun allows you to create command aliases (known as MagicWords), so C:\Program Files\Outlook Express\msimn.exe becomes MAIL"
Source=Paul Collins Startup list

[slide]
Number=9495
Confirmed=X
Filename=Iexplore.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082609-2823-99" target="_blank">GASLIDE</a> TROJAN! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target="_blank">iexplore.exe</a>) process, which should not appear in Msconfig/Startup unless you add it manually!
Source=Paul Collins Startup list

[slimp3]
Number=9496
Confirmed=N
Filename=SliMP3 Server.exe
Description=<a href="http://www.macupdate.com/info.php/id/8973" target="_blank">Slimp3 Server</a> - "presents an entirely new way of accessing and enjoying your music collection. Instead of storing your music on CDs or memory cards, the SliMP3 uses your home network to access the music stored on your PC"
Source=Paul Collins Startup list

[Slingshot]
Number=9497
Confirmed=N
Filename=SLINGS~1.EXE
Description=Atomica Slingshot - "reference tool with access to dictionary and encyclopedia terms, bios, technical terms, history, geography, and much more". Now superseed by <a href="http://www.answers.com/main/download_answers_win.jsp" target="_blank">1-Click Answers</a>
Source=Paul Collins Startup list

[slipcore]
Number=9498
Confirmed=Y
Filename=slipcore.exe
Description=Core module for <a href="http://www.slipstream.com/our_solutions/value-added.html" target=_blank>Slipstream</a> - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pix. Used by popular ISPs such as IceNet, Wanadoo, Terra, OnSpeed, United Online and AOL Canada. Required if the user's account is locked in to that proxy server
Source=Paul Collins Startup list

[slipgui]
Number=9499
Confirmed=Y
Filename=slipgui.exe
Description=User interface for <a href="http://www.slipstream.com/our_solutions/value-added.html" target=_blank>Slipstream</a> - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pix. Used by popular ISPs such as IceNet, Wanadoo, Terra, OnSpeed, United Online and AOL Canada. Required if the user's account is locked in to that proxy server
Source=Paul Collins Startup list

[SlipStream]
Number=9500
Confirmed=Y
Filename=slipcore.exe
Description=Core module for <a href="http://www.slipstream.com/our_solutions/value-added.html" target=_blank>Slipstream</a> - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pix. Used by popular ISPs such as IceNet, Wanadoo, Terra, OnSpeed, United Online and AOL Canada. Required if the user's account is locked in to that proxy server
Source=Paul Collins Startup list

[slmss]
Number=9501
Confirmed=X
Filename=slmss.exe
Description=SeekSeek search hijacker related - see <a href="http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW_SECTHOUGHT.A&VSect=Sn" target=_blank>here</a>

Source=Paul Collins Startup list

[sload]
Number=9502
Confirmed=X
Filename=sload.exe
Description=Win SynchroAd adware, also detected as <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderqg.html" target=_blank>DLOADER-QG</a> TROJAN!
Source=Paul Collins Startup list

[slvchost32]
Number=9503
Confirmed=X
Filename=slvchost32.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[sm]
Number=9504
Confirmed=X
Filename=sa_exe.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051310-2147-99" target= blank>OLFEB.A</a> TROJAN!
Source=Paul Collins Startup list

[sm]
Number=9505
Confirmed=X
Filename=sf_exe.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051310-2147-99" target= blank>OLFEB.A</a> TROJAN!
Source=Paul Collins Startup list

[sm]
Number=9506
Confirmed=X
Filename=sm_exe.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051310-2147-99" target= blank>OLFEB.A</a> TROJAN!
Source=Paul Collins Startup list

[sm]
Number=9507
Confirmed=X
Filename=sr_exe.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051112-1035-99" target= blank>LUKUSPAM</a> TROJAN!
Source=Paul Collins Startup list

[SM1BG]
Number=9508
Confirmed=N
Filename=SM1BG.EXE
Description=USB driver for downloading from within Napster to portable MP3 players. Only required at startup if you use it all the time - otherwise start it manually when required
Source=Paul Collins Startup list

[SM1NINT]
Number=9509
Confirmed=N
Filename=SM1NINT.exe
Description=Cypress USB Mass Storage Driver Notification Icon Application - tray notification for Cypress base memory sticks and external storage devices for Win98
Source=Paul Collins Startup list

[SM56 Helper Win32 Utility]
Number=9510
Confirmed=N
Filename=sm56hlpr.exe
Description=Helper utility for Motorola based SM56 software modems - resides in the System Tray
Source=Paul Collins Startup list

[Sm56acl]
Number=9511
Confirmed=N
Filename=sm56hlpr.exe
Description=Helper utility for Motorola based SM56 software modems - resides in the System Tray
Source=Paul Collins Startup list

[sman]
Number=9512
Confirmed=X
Filename=app***.tmp [* = digit]
Description=Unidentified adware
Source=Paul Collins Startup list

[Smapp]
Number=9513
Confirmed=N
Filename=smtray.exe
Description=System Tray access for the Compaq/ADI SoundMAX integrated digital audio controller
Source=Paul Collins Startup list

[Smart Card Service]
Number=9514
Confirmed=N
Filename=ScardSvr.exe
Description=For Smart Card readers. Known to cause problems, especially for Windows 2000 users - see <a href="http://support.microsoft.com/kb/q293507/" target="_blank">here</a>. Probably not required unless you use such a device regularly
Source=Paul Collins Startup list

[Smart Connect Monitor]
Number=9515
Confirmed=U
Filename=SCMon.exe
Description=Appears on a Sony Vaio. Smart Connect Version 2.1 enables data transfer between Vaios via i.LINK cable. Smart Connect supports File and Printer Sharing for MS networks. You can copy files from your Vaio to another Vaio or print using a printer connected to a remote Vaio
Source=Paul Collins Startup list

[Smart Connect Setup]
Number=9516
Confirmed=U
Filename=SCSetup.exe
Description=Appears on a Sony Vaio. Smart Connect Version 2.1 enables data transfer between Vaios via i.LINK cable. Smart Connect supports File and Printer Sharing for MS networks. You can copy files from your Vaio to another Vaio or print using a printer connected to a remote Vaio
Source=Paul Collins Startup list

[Smart Keyboard]
Number=9517
Confirmed=U
Filename=Smartkbd.exe
Description=Netropa Smart Keyboard driver
Source=Paul Collins Startup list

[Smart Label O Server]
Number=9518
Confirmed=N
Filename=ssloserv.exe
Description=Part of the printer software for the smart-label printer made by Seiko. Can be disabled safely
Source=Paul Collins Startup list

[Smart Label RFViewer]
Number=9519
Confirmed=N
Filename=SSLFVIEW.EXE
Description=Part of the printer software for the smart-label printer made by Seiko. Can be disabled safely
Source=Paul Collins Startup list

[Smart Start UP]
Number=9520
Confirmed=N
Filename=PnPDetect.exe
Description=Part of Presto! <a href="http://www.newsoftinc.com/" target=_blank>Mr.Photo</a> - "an ideal program for creating, sharing, and manag-ing digital images and videos"

Source=Paul Collins Startup list

[Smart Touch]
Number=9521
Confirmed=U
Filename=STouch.exe
Description=Related to Plustek <a href="http://www.plustek.com/product/opticslim.asp" target="_blank">OpticSlim</a> scanner
Source=Paul Collins Startup list

[Smart Type Assistant]
Number=9522
Confirmed=N
Filename=sta.exe
Description=<a href="http://www.blazingtools.com/sta.html" target="_blank">Smart Type Assistant</a> - a complex typing automation tool, intended to make your work faster and safer
Source=Paul Collins Startup list

[Smartalec]
Number=9523
Confirmed=U
Filename=pcaccel.exe
Description=<a target="_blank" href="http://www.smartalec2000.com/pcxl4000deluxe.shtml">Smartalec PC Accelerator</a> - system optimization utility
Source=Paul Collins Startup list

[SmartBarXP]
Number=9524
Confirmed=N
Filename=SmartBarXP.exe
Description=<a href="http://www.smartbarxp.com/cgi-bin/cws/home.php?page=desc" target="_blank">SmartBarXP</a> is a bar that runs down the side of your screen, and can be configured to display interactive panels known as 'panes'. These panes include media players, slideshow and image viewing panes, a virtual desktop manager, and live news, weather and stock feeds to mention but a few
Source=Paul Collins Startup list

[sMaRTcaPs]
Number=9525
Confirmed=N
Filename=SMARTC~1.EXE
Description=<a href="http://www.phoebusllc.com/index.htm#SC%20Description" target="_blank">sMaRTcaPs</a> from Phoebus LLC - enables you to configure the time needed to depress Caps Lock, Num Lock &amp; Insert keys
Source=Paul Collins Startup list

[Smarthruengine]
Number=9526
Confirmed=U
Filename=QS.exe
Description=Samsung smarthru software, used with Lexmark Z82 or Samsung multifunction printers
Source=Paul Collins Startup list

[SmartPCXL]
Number=9527
Confirmed=U
Filename=pcaccel.exe
Description=<a target="_blank" href="http://www.smartalec2000.com/pcxl4000deluxe.shtml">Smartalec PC Accelerator</a> - system optimization utility
Source=Paul Collins Startup list

[SmartSync Pro]
Number=9528
Confirmed=U
Filename=SmartSync.exe
Description=Related to <a href="http://www.companionlink.com/" target=_blank>CompanionLink</a> Software Inc. Synchronization solutions for ACT!, GoldMine, Lotus Notes and Microsoft Outlook
Source=Paul Collins Startup list

[SMax4]
Number=9529
Confirmed=N
Filename=SMax4.exe
Description=System Tray icon for SoundMax integrated sound. Sound properties can be accessed through the Start Menu or Control Panel
Source=Paul Collins Startup list

[SMax4PNP]
Number=9530
Confirmed=U
Filename=SMax4PNP.exe
Description=SoundMax integrated sound. Required if you have custom settings for your sound, such as effects and environments
Source=Paul Collins Startup list

[smbdpmi]
Number=9531
Confirmed=?
Filename=smbdpmi.exe
Description=IBM Netfinity Director and Universal Management Services related. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[smc]
Number=9532
Confirmed=Y
Filename=smc.exe
Description=Sygate Firewall
Source=Paul Collins Startup list

[smc]
Number=9533
Confirmed=Y
Filename=spfsmc.exe
Description=Sygate Firewall
Source=Paul Collins Startup list

[SMC Service]
Number=9534
Confirmed=Y
Filename=smc.exe
Description=Sygate Firewall
Source=Paul Collins Startup list

[SMC Service]
Number=9535
Confirmed=Y
Filename=spfsmc.exe
Description=Sygate Firewall
Source=Paul Collins Startup list

[smcserv]
Number=9536
Confirmed=X
Filename=winsrv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotou.html" target=_blank>AGOBOT-OU</a> WORM!
Source=Paul Collins Startup list

[SmcService]
Number=9537
Confirmed=Y
Filename=smc.exe
Description=Sygate Firewall
Source=Paul Collins Startup list

[SmcServices]
Number=9538
Confirmed=Y
Filename=smc.exe
Description=Sygate Firewall
Source=Paul Collins Startup list

[SmcServices]
Number=9539
Confirmed=Y
Filename=spfsmc.exe
Description=Sygate Firewall
Source=Paul Collins Startup list

[Smcsta.exe]
Number=9540
Confirmed=?
Filename=Smcsta.exe
Description=SMC Networks wireless PCI card driver. <font color="#FF0000"> Is it required?</font>
Source=Paul Collins Startup list

[SmcSVR]
Number=9541
Confirmed=X
Filename=SmcSVR.exe
Description=Added by the <a href="http://se.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=3&VName=TROJ_LEGMIR.JU" target=_blank>LEGMIR.JU</a> TROJAN!
Source=Paul Collins Startup list

[Smiley District]
Number=9542
Confirmed=X
Filename=plugin.exe
Description=<a href="http://www.spyany.com/files/insmile_dll.html" target="_blank">Smiley District</a> adware
Source=Paul Collins Startup list

[Smith Micro try]
Number=9543
Confirmed=N
Filename=smiptray.exe
Description=Smith Micro shared files. Comes with D-Link web cam
Source=Paul Collins Startup list

[smodul]
Number=9544
Confirmed=U
Filename=smodule.exe
Description=<a href="http://www.neuber.com/usermonitor/index.html" target="_blank">UserMonitor</a> from Neuber. Teachers can broadcast screen to other screens, see students screens in a network and detect unauthorized software
Source=Paul Collins Startup list

[SmoothView]
Number=9545
Confirmed=X
Filename=SmoothView.exe
Description=TOSHIBA Zooming Utility - allows "automatic" zoom feature in some appications, like IE, MS-Office, WMPlayer, Adobe Reader and also desktop icons
Source=Paul Collins Startup list

[SMPAutoStart]
Number=9546
Confirmed=U
Filename=smpdemo.exe
Description=<a href="http://www.kengolf.com/en/download.htm" target=_blank>Smart Phone Recorder</a> demo from KenGolf.com. Answering Machine, Caller ID, Call Recording

Source=Paul Collins Startup list

[smres]
Number=9547
Confirmed=X
Filename=smres.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotua.html" target=_blank>AGOBOT-UA</a> WORM!
Source=Paul Collins Startup list

[SMS Application Launcher]
Number=9548
Confirmed=U
Filename=LAUNCH32.EXE
Description=Microsoft <a href="http://www.microsoft.com/smserver/default.asp" target="_blank">Systems Management Server</a> - used to manage computers on a network remotely
Source=Paul Collins Startup list

[SMS Client Service]
Number=9549
Confirmed=U
Filename=clisvc95.exe
Description=When the SMS Client service starts on a domain controller, the Client service modifies the SMSCliToknAcct &amp; user account group membership, user rights, and account comment. The Client service then waits for the synchronization of the comment to verify that the account and user rights are properly set for this account. This account is used to obtain a token to start the SMS Client processes, such as the Software Inventory and Software Distribution agents (MS Systems Management Server)
Source=Paul Collins Startup list

[Sms System32]
Number=9550
Confirmed=X
Filename=SmsSystem32.exe
Description=Unidentified malware
Source=Paul Collins Startup list

[SMS Win9x Message Agent]
Number=9551
Confirmed=U
Filename=??
Description=This program assigns a user to a Systems Management Server site
Source=Paul Collins Startup list

[SMS Win9x Message Agent]
Number=9552
Confirmed=U
Filename=SMSMsg.exe
Description=This program assigns a user to a Systems Management Server site
Source=Paul Collins Startup list

[Smserial]
Number=9553
Confirmed=N
Filename=sm56hlpr.exe
Description=Helper utility for Motorola based SM56 software modems - resides in the System Tray
Source=Paul Collins Startup list

[SMSI Loader]
Number=9554
Confirmed=N
Filename=SMLoader.exe
Description=Smith Micro <a href="http://www.smithmicro.com/default.tpl?group=product_full&sku=HMCWA0SESMS1250" target="_blank">HotFax</a> - fax software
Source=Paul Collins Startup list

[smsm]
Number=9555
Confirmed=X
Filename=smsm.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerco.html" target=_blank>BANKER-CO</a> TROJAN!
Source=Paul Collins Startup list

[smsrv]
Number=9556
Confirmed=X
Filename=smsrv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotsx.html" target=_blank>AGOBOT-SX</a> WORM!
Source=Paul Collins Startup list

[SMSS]
Number=9557
Confirmed=X
Filename=smss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080411-0612-99" target=_blank>FLOOD.F</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Catroot" subfolder
Source=Paul Collins Startup list

[smss]
Number=9558
Confirmed=X
Filename=[path to smss.exe]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010114-3236-99" target="_blank">ALADINZ.F</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target="_blank">smss.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list

[smss]
Number=9559
Confirmed=X
Filename=smss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagenttr.html" target=_blank>AGENT-TR</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[smss]
Number=9560
Confirmed=X
Filename=smss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojborobotj.html" target=_blank>BOROBOT-J</a> TROJAN and variants! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which should not normally figure in Msconfig/Startup!
Source=Paul Collins Startup list

[Smss]
Number=9561
Confirmed=X
Filename=ssms.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.OP" target="_blank">RBOT.OP</a> WORM!
Source=Paul Collins Startup list

[smss.exe]
Number=9562
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-070603-2351-99" target=_blank>DALBUG</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[smssLevel4]
Number=9563
Confirmed=X
Filename=smss.exe
Description=Unidentified malware! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in Program Files\Windows Media Player\Skins\WindowsMediaSkin\Data\Level4 folder
Source=Paul Collins Startup list

[SMSSS]
Number=9564
Confirmed=X
Filename=smsss.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ZD" target=_blank>SDBOT.ZD</a> WORM!
Source=Paul Collins Startup list

[SMSSS Loader]
Number=9565
Confirmed=X
Filename=smsss.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.MQ" target=_blank>AGOBOT.MQ</a> WORM!
Source=Paul Collins Startup list

[SMSSU]
Number=9566
Confirmed=X
Filename=SMSSU.EXE
Description=Hijacker, detected by Norton antivirus as <a href="http://www.sarc.com/avcenter/venc/data/pf/trojan.startpage.o.html" target= blank>Trojan.StartPage.O</a>
Source=Paul Collins Startup list

[smsys]
Number=9567
Confirmed=X
Filename=Explorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojclickerc.html" target="_blank">CLICKER-C</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in a "Template" subfolder
Source=Paul Collins Startup list

[smsys]
Number=9568
Confirmed=X
Filename=vi.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[SMSystemAnalyzer]
Number=9569
Confirmed=U
Filename=SMSystemAnalyzer.exe
Description=Part of the Iolo <a href="http://www.iolo.com/sm/index.cfm" target="_blank">System Mechanic</a> optimization tool
Source=Paul Collins Startup list

[sms_msn]
Number=9570
Confirmed=X
Filename=sms_msn.exe
Description=Added by an unknown WORM or TROJAN!
Source=Paul Collins Startup list

[sms_msn40]
Number=9571
Confirmed=X
Filename=sms_msn40.exe
Description=Added by an unknown WORM or TROJAN infection
Source=Paul Collins Startup list

[Smt]
Number=9572
Confirmed=U
Filename=SMT.exe
Description=<a href="http://www.win-spy.com/" target=_blank>Win-Spy</a> keyboard logger/monitoring software - remove unless you installed it yourself
Source=Paul Collins Startup list

[SMToolbar]
Number=9573
Confirmed=N
Filename=SMToolbar.exe
Description=StartMake.com toolbar
Source=Paul Collins Startup list

[SMTP32 Mailing Protocol]
Number=9574
Confirmed=X
Filename=smtp32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[SmWizard]
Number=9575
Confirmed=?
Filename=SmWizard.exe
Description=SmartWizard MFC Application - associated with C-Media who produce audio chipsets commonly used for on-board sound on motherboards. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[SN Messenger]
Number=9576
Confirmed=X
Filename=msnmsgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotavp.html" target=_blank>RBOT-AVP</a> WORM!
Source=Paul Collins Startup list

[snapple]
Number=9577
Confirmed=X
Filename=snapple.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forboteg.html" target=_blank>FORBOT-EG</a> WORM!
Source=Paul Collins Startup list

[snbr]
Number=9578
Confirmed=?
Filename=snbr.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[snbupt]
Number=9579
Confirmed=X
Filename=snbupt.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041417-3506-99" target=_blank>UpSpiralBar</a> adware
Source=Paul Collins Startup list

[sncntr]
Number=9580
Confirmed=X
Filename=sncntr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdlucai.html" target=_blank>DLUCA-I</a> TROJAN!
Source=Paul Collins Startup list

[SNCT511]
Number=9581
Confirmed=?
Filename=vsnct511.exe
Description=Unidentified "Snapshot Viewer"- <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list

[snd332]
Number=9582
Confirmed=X
Filename=snd332.exe
Description=Added by the <a href="http://www.jayloden.com/Bildo.htm" target=_blank>B1LD0</a> AIM WORM! 
Source=Paul Collins Startup list

[Sndcompat]
Number=9583
Confirmed=X
Filename=Sndcompat.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list

[sndmi13]
Number=9584
Confirmed=U
Filename=vsndmi13.exe
Description=Driver for <a href="http://www.amazon.com/Logitech-961308-0403-ClickSmart-820-DualCam/dp/B00006OMZ6" target="_blank">DualCam</a> cameras - that combine the best features of a digital still camera and a webcam
Source=Paul Collins Startup list

[SNDMon]
Number=9585
Confirmed=U
Filename=SNDMon.exe
Description=Part of Symantec's LiveUpate (eg, Norton). Not required if you run manual updates but probably require if you leave them to run automatically. Also, if one runs a small office network and SNDMon is disabled on one of the computers – then other computers disappear from the network for this computer, including shared devices like printers and scanners. Hence the "U" recommendation
Source=Paul Collins Startup list

[Sndsaver]
Number=9586
Confirmed=X
Filename=Sndsaver.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list

[sndsrvc]
Number=9587
Confirmed=?
Filename=SNDSRVC.EXE
Description=Part of Norton Personal Firewall and Norton Internet Security - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list

[SNInstall]
Number=9588
Confirmed=X
Filename=[various filenames]
Description=Spy Sheriff/SpywareNO malware, also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojspyhoaxa.html" target=_blank>SPYHOAX-A</a> TROJAN, pretends to be a spyware remover! - file names spotted sofar include VXH8JKDQ2.EXE, NS6281400.so, CVXH8JKDQ2.EXE, down3.exe, sefe.exe, winstall.exe, and tool2.exe 
Source=Paul Collins Startup list

[Snippet]
Number=9589
Confirmed=U
Filename=SnippingTool.exe
Description=The Snipping Tool (part of the <a href="http://www.microsoft.com/windowsxp/downloads/tabletpc/experiencepack/default.mspx" target= blank>Experience Pack</a> for Tablet PC) allows you to easily "cut out" anything on screen and share it with other people. The whole screen becomes an "inkable" surface that you can add comments to and mark up however you like. You can then save that annotated image to use later, or send it to someone else in an E-mail message
Source=Paul Collins Startup list

[SNM]
Number=9590
Confirmed=U
Filename=SNM.exe
Description=<a href="http://www.spynomore.com/" target="_blank">SpyNoMore</a> anti-spyware
Source=Paul Collins Startup list

[SnoopFreeUI]
Number=9591
Confirmed=U
Filename=SnoopFreeUI.exe
Description=Anti-keylogging software made by <a href="http://www.snoopfree.com/" target=_blank>SnoopFree Software</a>
Source=Paul Collins Startup list

[SNP Generic Host Process]
Number=9592
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzapchaso.html" target=_blank>ZAPCHAS-O</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list

[snp2std]
Number=9593
Confirmed=N
Filename=vsnp2std.exe
Description=Digital camera related
Source=Paul Collins Startup list

[snpstd]
Number=9594
Confirmed=?
Filename=vsnpstd.exe
Description=<a href="http://www.sonix.com.tw/" target=_blank>Sonix</a> PC Camera Monitor MFC Application. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[SNPSTD2]
Number=9595
Confirmed=?
Filename=vsnpstd2.exe
Description=CameraMonitor MFC Application. Appears to be related to a USB connection to a digital camera -<font color="#FF0000">is it required?</font>
Source=Paul Collins Startup list

[snpstd3]
Number=9596
Confirmed=Y
Filename=vsnpstd3.exe
Description=<a href="http://www.sonix.com/" target=_blank>Sonix Inc.</a> Camera Monitor MFC Application

Source=Paul Collins Startup list

[Snsicon]
Number=9597
Confirmed=N
Filename=Snsicon.exe
Description=Launches a screensaver program from Second Nature
Source=Paul Collins Startup list

[SNSS.EXE]
Number=9598
Confirmed=X
Filename=SNSS.EXE
Description=Added by the <a href="http://www.sarc.com/avcenter/venc/data/dialer.nunci.html" target=_blank>Nunci</a> premium rate dialer
Source=Paul Collins Startup list

[snvc]
Number=9599
Confirmed=X
Filename=snvc.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[SO5 Integrator Pass One]
Number=9600
Confirmed=?
Filename=sointgr.exe
Description=StarOffice 5.<font color="#FF0000"> See <a href="http://www.pathtech.org/staroffice/faq/faq.html" target="_blank">here</a> for more details</font>
Source=Paul Collins Startup list

[SO5 Integrator Pass Two]
Number=9601
Confirmed=?
Filename=sointgr.exe
Description=StarOffice 5.<font color="#FF0000"> See <a href="http://www.pathtech.org/staroffice/faq/faq.html" target="_blank">here</a> for more details</font>
Source=Paul Collins Startup list

[Soar]
Number=9602
Confirmed=X
Filename=Rwon.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[Social Security Agency]
Number=9603
Confirmed=X
Filename=rpcxsocsa.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Sock32]
Number=9604
Confirmed=X
Filename=sock32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99" target="_blank">SDBOT</a> TROJAN!
Source=Paul Collins Startup list

[Socket Utility]
Number=9605
Confirmed=X
Filename=svchostz.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdaemonie.html" target="_blank">DAEMONI-E</a> TROJAN!
Source=Paul Collins Startup list

[Socket Utility]
Number=9606
Confirmed=X
Filename=socket.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdaemonie.html" target=_blank>DAEMONI-E</a> TROJAN!
Source=Paul Collins Startup list

[Socket Utility]
Number=9607
Confirmed=X
Filename=svchostz.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdaemonie.html" target=_blank>DAEMONI-E</a> TROJAN!
Source=Paul Collins Startup list

[SoDA Startup]
Number=9608
Confirmed=Y
Filename=SodaStartup.exe
Description=Used by the <a href="http://www-306.ibm.com/software/awdtools/soda/index.html" target="_blank">IBM Rational SoDA</a> project management tool. Unsure of it's actual purpose but it's recommended you leave it enabled if you use the software
Source=Paul Collins Startup list

[soffice]
Number=9609
Confirmed=N
Filename=SOFFICE.EXE
Description=Displays StarOffice quick start applet in System tray. Right clicking on the icon allows rapid starting up of components of the StarOffice 6.0 suite. Available via Start -&gt; Programs. Automatically started when any StarOffice 6.0 component is started from the Start -&gt; Programs. A resource hog (it eats &gt; 16 MB of memory).
Source=Paul Collins Startup list

[Soft Profile Inc]
Number=9610
Confirmed=X
Filename=hxdef.exe...
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list

[softIce Update 32]
Number=9611
Confirmed=X
Filename=wininits.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotanb.html" target=_blank>RBOT-ANB</a> WORM!
Source=Paul Collins Startup list

[SoftickPPP]
Number=9612
Confirmed=U
Filename=PPPGate.exe
Description=<a href="http://www.softick.com/ppp/" target=_blank>Softick PPP</a> is a Microsoft Windows driver that allows to establish PPP session between Palm powered devices and Microsoft Windows desktop computer
Source=Paul Collins Startup list

[SOFTinst]
Number=9613
Confirmed=Y
Filename=N/A
Description=For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out
Source=Paul Collins Startup list

[SoftStuff Wallpaper Changer]
Number=9614
Confirmed=U
Filename=softstrt.exe
Description=<a href="http://www.azurebay.com/" target="_blank">AzureBay</a> wallpaper changer
Source=Paul Collins Startup list

[Software]
Number=9615
Confirmed=X
Filename=software.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcrabtonb.html" target=_blank>CRABTON-B</a> TROJAN!
Source=Paul Collins Startup list

[SoftwareStation]
Number=9616
Confirmed=U
Filename=station.exe
Description=eAcceleration Stop-Sign security software related. Previously not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">here</a>
Source=Paul Collins Startup list

[Solo Sentry]
Number=9617
Confirmed=Y
Filename=Solosent.exe
Description=<a target="_blank" href="http://www.srnmicro.com/">Solo Antivirus</a>
Source=Paul Collins Startup list

[SoloSchedule]
Number=9618
Confirmed=U
Filename=Solocfg.exe
Description=Scheduler for <a target="_blank" href="http://www.srnmicro.com/">Solo Antivirus</a>. Leave enabled unless you scan manually on a regular basis
Source=Paul Collins Startup list

[SoloSysCheck]
Number=9619
Confirmed=U
Filename=Syscheck.exe
Description=<a href="http://www.srnmicro.com/" target=_blank>Solo antivirus</a> System Integrity Check - Monitors system registry, system.ini, win.ini and startup to protect you from new Internet Worms and Backdoors
Source=Paul Collins Startup list

[somatic]
Number=9620
Confirmed=X
Filename=somatic.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453077927" target="_blank">Searchcentrix</a> hijacker
Source=Paul Collins Startup list

[Sonic A3D Control]
Number=9621
Confirmed=N
Filename=vrtxctrl.exe
Description=Sound related options
Source=Paul Collins Startup list

[Sonic RecordNow!]
Number=9622
Confirmed=X
Filename=smsc.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[SoniqueQuickStart]
Number=9623
Confirmed=N
Filename=sqstart.exe
Description=Quickstart for the discontinued <a href="http://www.softpedia.com/get/Multimedia/Audio/Audio-Players/Sonique-2.shtml" target="_blank">Sonique</a> audio player. Available via Start -> Programs
Source=Paul Collins Startup list

[SonnReg]
Number=9624
Confirmed=?
Filename=SonnReg.exe
Description=Now superseeded by <a href="http://www.colorwizzard.com/" target="_blank">ColorWizzard</a> - 3Deep corrected lighting, shading and color for all your 2D and 3D games. <font color="#FF0000">Possibly a registration reminder?</font>
Source=Paul Collins Startup list

[SonudMan]
Number=9625
Confirmed=X
Filename=SonudMan.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-093010-0049-99" target=_blank>STARTPAGE.Q</a> TROJAN!
Source=Paul Collins Startup list

[SonudMan]
Number=9626
Confirmed=X
Filename=WNILOGON.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqrobdc.html" target="_blank">QQROB-DC</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[SonudMon]
Number=9627
Confirmed=X
Filename=SonudMon.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojleworj.html" target=_blank>LEWOR-J</a> TROJAN!
Source=Paul Collins Startup list

[SonyPowerCfg]
Number=9628
Confirmed=U
Filename=SPMgr.exe
Description=Related to Sony VAIO Power Management Module installed on laptops and provides additional configuration options for these devices. This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems
Source=Paul Collins Startup list

[Soot]
Number=9629
Confirmed=?
Filename=rcea.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[sophagnt]
Number=9630
Confirmed=?
Filename=sophagnt.exe
Description=<font color="#FF0000">Possibly related to <a href="http://www.sophocles.net/" target="_blank">Sophocles Screenwriting Software</a>?</font>
Source=Paul Collins Startup list

[SOProc_RegSoAlertWxLiteNnAj]
Number=9631
Confirmed=X
Filename=rundll32 shell32.dll, ShellExec_RunDLL [path] soproc.exe
Description=Advertising by SoftwareOnline - monitors your browsing habits and distributes the data back to the author's servers for analysis
Source=Paul Collins Startup list

[SOS]
Number=9632
Confirmed=X
Filename=SOS.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032612-5504-99" target="_blank">PHILIS</a> VIRUS!
Source=Paul Collins Startup list

[SoSyncMonitor]
Number=9633
Confirmed=?
Filename=SoSyncMonitor.exe
Description=<a href="http://www.superoffice.com/en/" target="_blank">SuperOffice</a> related. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[Sound Loader]
Number=9634
Confirmed=X
Filename=sndloader.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotbv.html" target="_blank">AGOBOT-BV</a> WORM!
Source=Paul Collins Startup list

[Sound services]
Number=9635
Confirmed=X
Filename=SOUND32.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GG" target="_blank">AGOBOT.GG</a> WORM!
Source=Paul Collins Startup list

[Sound System]
Number=9636
Confirmed=X
Filename=WinSound1.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[soundcontrl]
Number=9637
Confirmed=X
Filename=soundcontrl.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042914-1054-99" target="_blank">GAOBOT.AFJ</a> WORM!
Source=Paul Collins Startup list

[sounddrv]
Number=9638
Confirmed=X
Filename=sndbdrv3104.exe
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list

[SoundFusion]
Number=9639
Confirmed=?
Filename=rundll32 cwcprops.cpl
Description=Control panel item for the Terratec DMX Xfire 1024 soundcard (Start -&gt; Settings -&gt; Control Panel) based upon a Cirrus Logic &quot;SoundFusion&quot; DSP. <font color="#FF0000">Does it need to run at start-up every time?</font>
Source=Paul Collins Startup list

[SoundFusion]
Number=9640
Confirmed=?
Filename=rundll32 hercplgs.cpl, BootEntryPoint
Description=Control panel item for Hercules Fortissimo soundcards (Start -&gt; Settings -&gt; Control Panel) based upon a Cirrus Logic &quot;SoundFusion&quot; DSP. <font color="#FF0000">Does it need to run at start-up every time?</font>
Source=Paul Collins Startup list

[SoundFusion]
Number=9641
Confirmed=?
Filename=RunDll32 cwaprops.cpl, C25CrystalControlWnd
Description=Control panel item for a Terratec soundcard (Start -> Settings -> Control Panel) based upon a Cirrus Logic "SoundFusion" DSP. <font color="#FF0000">Does it need to run at start-up every time?</font>
Source=Paul Collins Startup list

[SoundMam]
Number=9642
Confirmed=X
Filename=SVOHOST.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqrobaal.html" target="_blank">QQROB-AAL</a> TROJAN!
Source=Paul Collins Startup list

[soundman]
Number=9643
Confirmed=N
Filename=soundman.exe
Description=System Tray icon for the Realtek AC97 Audio Sound Manager for AC97 onboard audio. Available via Start -> Settings-> Control Panel
Source=Paul Collins Startup list

[SOUNDMAN Microsoft Help]
Number=9644
Confirmed=X
Filename=soun.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaiu.html" target=_blank>RBOT-AIU</a> WORM!
Source=Paul Collins Startup list

[SoundMAX]
Number=9645
Confirmed=N
Filename=SMax4.exe
Description=System Tray icon for SoundMax integrated sound. Sound properties can be accessed through the Start Menu or Control Panel
Source=Paul Collins Startup list

[SoundMAX]
Number=9646
Confirmed=X
Filename=SoundMAX.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rizona.html" target= blank>RIZON-A</a> WORM! Note - this file is placed in the Startup folder itself, and has NO relation to SoundMax sound cards!
Source=Paul Collins Startup list

[SoundMax Audio Drivers]
Number=9647
Confirmed=X
Filename=SndMAX.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[SoundMAXPnP]
Number=9648
Confirmed=U
Filename=SMax4PNP.exe
Description=SoundMax integrated sound. Required if you have custom settings for your sound, such as effects and environments
Source=Paul Collins Startup list

[soundmix]
Number=9649
Confirmed=X
Filename=soundmix.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGENT.PGV" target="_blank">AGENT.PGV</a> WORM!
Source=Paul Collins Startup list

[SoundMixer]
Number=9650
Confirmed=X
Filename=smvss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdedlerg.html" target=_blank>DEDLER-G</a> TROJAN!
Source=Paul Collins Startup list

[Soundmx]
Number=9651
Confirmed=X
Filename=Soundmx.exe
Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#tapicfg" target=_blank>Tapicfg</a> parasite variant
Source=Paul Collins Startup list

[soundtask]
Number=9652
Confirmed=X
Filename=soundtask.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotmd.html" target=_blank>AGOBOT-MD</a> WORM!
Source=Paul Collins Startup list

[soundtasks]
Number=9653
Confirmed=X
Filename=soundtasks.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list

[soundtctrls]
Number=9654
Confirmed=X
Filename=soundtctrls.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotzv.html" target="_blank">AGOBOT-ZV</a> WORM!
Source=Paul Collins Startup list

[SoundView]
Number=9655
Confirmed=X
Filename=msdview32.exe
Description=Trojan downloader
Source=Paul Collins Startup list

[sounofts]
Number=9656
Confirmed=X
Filename=sounofts.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotnd.html" target="_blank">AGOBOT-ND</a> WORM!
Source=Paul Collins Startup list

[sountskmanager]
Number=9657
Confirmed=X
Filename=sountaskmgr
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[SourcePath]
Number=9658
Confirmed=N
Filename=gwreg.exe
Description=Used to update Gateway registry settings for System Restoration Kit and Web update programs
Source=Paul Collins Startup list

[sp]
Number=9659
Confirmed=X
Filename=sp.reg
Description=IE search hijacker - changes the default search to http://www.gocybersearch.com/
Source=Paul Collins Startup list

[sp]
Number=9660
Confirmed=X
Filename=regedit-s .... sp.dll
Description=Malicious javascript annoyance that changes the default search engine in IE to one of many including "topsearcher". See <a href="http://groups.google.com/group/24hoursupport.helpdesk/msg/254b5607908a83a8?q=sp.dll%2Bregedit&hl=en&rnum=3" target="_blank">here</a> for more and a fix
Source=Paul Collins Startup list

[sp]
Number=9661
Confirmed=X
Filename=se.dll, DllInstall
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031516-3051-99" target=_blank>Startpage.M</a> hijacker
Source=Paul Collins Startup list

[sp]
Number=9662
Confirmed=X
Filename=rundll32 (Path to Trojan DLL), DllInstall
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojablankw.html" target=_blank>ABLANK-W</a> and <a href="http://www.sophos.com/virusinfo/analyses/trojablankz.html" target=_blank>ABLANK-Z</a> TROJANS!
Source=Paul Collins Startup list

[SP TimeSync]
Number=9663
Confirmed=U
Filename=SP TimeSync.exe
Description=SP <a href="http://www.spdialer.com/timesync/" target="_blank">TimeSync</a> lets you synchronize your computer's clock with any Internet atomic clock (time server)
Source=Paul Collins Startup list

[SP00LSV]
Number=9664
Confirmed=X
Filename=Sp00lsv.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081407-2316-99" target="_blank">GRAYBIRD.E</a> TROJAN!
Source=Paul Collins Startup list

[SP2 Connection Patcher]
Number=9665
Confirmed=U
Filename=SP2ConnPatcher.exe
Description=Changes limit of concurrent TCP connections of Windows Service Pack 2
Source=Paul Collins Startup list

[SP2 data]
Number=9666
Confirmed=X
Filename=[path] repcale.exe [path] apc.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDON.AN" target="_blank">RANDON.AN</a> WORM!
Source=Paul Collins Startup list

[SP2 Firewall/Internet Updater]
Number=9667
Confirmed=X
Filename=crssrs.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BJO&VSect=P" target=_blank>RBOT.BJO</a> WORM!
Source=Paul Collins Startup list

[sp2chk.exe]
Number=9668
Confirmed=X
Filename=sp2chk.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=41372" target=_blank>ALUROOT.A</a> TROJAN!
Source=Paul Collins Startup list

[sp2ctr]
Number=9669
Confirmed=X
Filename=sp2ctr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdlucam.html" target="_blank">DLUCA-M</a> TROJAN!
Source=Paul Collins Startup list

[sp2fwxp]
Number=9670
Confirmed=X
Filename=sp2fwxp.exe
Description=Added by the SMALL.ABW TROJAN!
Source=Paul Collins Startup list

[sp2update]
Number=9671
Confirmed=X
Filename=sp2update.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-080811-4648-99" target=_blank>SP2Update</a> adware! Tracks URLs visited and search terms entered into Internet Explorer
Source=Paul Collins Startup list

[Spam Blocker for Outlook Express]
Number=9672
Confirmed=X
Filename=SBInst.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453075474" target=_blank>HotBar</a> related
Source=Paul Collins Startup list

[SPAM FIREWALL]
Number=9673
Confirmed=X
Filename=mfirewall.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AOU&VSect=T" target=_blank>SDBOT.AOU</a> WORM!
Source=Paul Collins Startup list

[Spam Sleuth]
Number=9674
Confirmed=U
Filename=SpamSleuth.exe
Description=Spam Sleuth E-mail spam detection program
Source=Paul Collins Startup list

[SpamBlocker]
Number=9675
Confirmed=X
Filename=SbOEAddOn.exe
Description=Related to <a href="http://sarc.com/avcenter/venc/data/adware.hotbar.html" target=_blank>Hotbar's</a> Weather Forecast tool for your desktop
Source=Paul Collins Startup list

[SPAMfighter Agent]
Number=9676
Confirmed=U
Filename=SFAgent.exe
Description=<a href="http://www.spamfighter.com/" target= blank>SPAMfighter</a> anti email spam filter
Source=Paul Collins Startup list

[spamihilator]
Number=9677
Confirmed=U
Filename=spamihilator.exe
Description=<a href="http://www.spamihilator.com/" target="_blank">Spamihilator</a> - spam filter
Source=Paul Collins Startup list

[SpamPal]
Number=9678
Confirmed=U
Filename=spampal.exe
Description=<a href="http://www.spampal.org/" target="_blank">SpamPal</a> - anti-spam tool
Source=Paul Collins Startup list

[SpamSubtract]
Number=9679
Confirmed=U
Filename=SpamSubtract.exe
Description=Intermute <a href="http://www.intermute.com/spamsubtract/" target="_blank">SpamSubtract</a> - junk email detection and removal program
Source=Paul Collins Startup list

[Spark]
Number=9680
Confirmed=U
Filename=Spark.exe
Description=<a href="http://www.igniterealtime.org/downloads/index.jsp#spark" target="_blank">Spark</a> instant messaging server
Source=Paul Collins Startup list

[spc_w]
Number=9681
Confirmed=N
Filename=hcm.exe
Description=<a href="http://www.netzero.net/support/info/search-enhance.html" target=_blank>NetZero</a> Search Enhancement related
Source=Paul Collins Startup list

[spc_w]
Number=9682
Confirmed=N
Filename=blspc.exe
Description=<a href="http://www.netzero.net/support/info/search-enhance.html" target=_blank>NetZero</a> Search Enhancement related
Source=Paul Collins Startup list

[spc_w]
Number=9683
Confirmed=N
Filename=nzspc.exe
Description=<a href="http://www.netzero.net/support/info/search-enhance.html" target="_blank">NetZero</a> Search Enhancement related
Source=Paul Collins Startup list

[Spdstart]
Number=9684
Confirmed=N
Filename=Spdstart.exe
Description=Norton Utilities Speed Start. &quot;This feature optimizes the start up speed of launching applications, such as Word and Excel.&quot;
Source=Paul Collins Startup list

[Speaking Clock Deluxe]
Number=9685
Confirmed=U
Filename=SpClDlx.exe
Description=<a href="http://www.lux-aeterna.com/clock/" target="_blank">Speaking Clock Deluxe</a> - turns your computer into a speaking clock with several languages. It can also keep track of up to 50 alarms that can be set to a time and a date, and be repeated daily, weekly, monthly and yearly
Source=Paul Collins Startup list

[Special Firewall Service]
Number=9686
Confirmed=X
Filename=avguard.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-030415-2336-99" target="_blank">NETSKY.G</a> WORM!
Source=Paul Collins Startup list

[SpecialOffers]
Number=9687
Confirmed=X
Filename=SpecialOffers*.exe [* = digit]
Description=<a href="http://www3.cai.com/securityadvisor/pest/pest.aspx?id=453088690" target=_blank>SpecialOffers</a> adware

Source=Paul Collins Startup list

[SpecialOffers]
Number=9688
Confirmed=X
Filename=SpecialOffers.exe
Description=<a href="http://www3.cai.com/securityadvisor/pest/pest.aspx?id=453088690" target=_blank>SpecialOffers</a> adware

Source=Paul Collins Startup list

[specific]
Number=9689
Confirmed=X
Filename=specixic.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Speed racer]
Number=9690
Confirmed=N
Filename=CTSRReg.exe
Description=Software for a Creative sound card
Source=Paul Collins Startup list

[Speed Tec]
Number=9691
Confirmed=U
Filename=speedtec.exe
Description=<a href="http://www.montanasoft.com/speedtec/index.php" target="_blank">Accel SpeedTec</a> from Montana Software speeds up your modem. SpeedTec modifies the Internet Protocol settings in the Windows registry to speed downloads on all modems. If you find this improves your connectivity and download speeds leave this enabled
Source=Paul Collins Startup list

[SpeedBoss]
Number=9692
Confirmed=X
Filename=[worm filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100318-3337-99" target="_blank">OPASERV.AD</a> WORM!
Source=Paul Collins Startup list

[SpeedItUp]
Number=9693
Confirmed=U
Filename=SPEEDITUP.EXE
Description=<a href="http://www.microsmartsllc.com/speeditup.html" target=_blank>Speed It Up</a> - "all in one Speed Booster designed to significantly increase the speed of your computer and boost your PC available memory"

Source=Paul Collins Startup list

[Speedkey]
Number=9694
Confirmed=U
Filename=SPEEDKEY.EXE
Description=Additional keyboard shortcuts on MS programmable keyboard
Source=Paul Collins Startup list

[SpeedMeter]
Number=9695
Confirmed=U
Filename=SpeedMeter.exe
Description=Application measuring upload and download speed
Source=Paul Collins Startup list

[SpeedOptimizer]
Number=9696
Confirmed=U
Filename=spo.exe
Description=<a href="http://www.speedoptimizer.com/" target=_blank>SpeedOptimizer</a> is designed to optimize and speed-up your Internet data transmission including browsing, streaming, downloading, uploading and e-mail communication
Source=Paul Collins Startup list

[SpeedswitchXP]
Number=9697
Confirmed=U
Filename=SpeedswitchXP.exe
Description=<a href="http://www.diefer.de/speedswitchxp/" target=_blank>SpeedswitchXP</a> is a CPU frequency control for notebooks running Windows XP
Source=Paul Collins Startup list

[Speedtouch USB Diagnostics]
Number=9698
Confirmed=U
Filename=Dragdiag.exe
Description=For an external Alcatel ADSL high-speed modem. A diagnostic tool and can be run from the Start menu when required. The only reason it might be useful on startup is if you like seeing an 'at-a-glance' status indicator on the taskbar (the icon is a different colour depending on the status of the device/line)
Source=Paul Collins Startup list

[SpeedUpMyPC]
Number=9699
Confirmed=U
Filename=SpeedUpMyPC.exe
Description=<a href="http://www.lidownloads.com/partners/sites/pacsportal/speedup/" target= blank>SpeedUpMyPC</a> "automatically fine-tunes all your resources including hardware, system settings and internet usage to operate at peak performance at all times"
Source=Paul Collins Startup list

[Spees1]
Number=9700
Confirmed=X
Filename=speedy.scr
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.Y" target="_blank">OPASERV.Y</a> WORM!
Source=Paul Collins Startup list

[Spees2]
Number=9701
Confirmed=X
Filename=Speedy.bat
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100318-3337-99" target="_blank">OPASERV.AD</a> WORM!
Source=Paul Collins Startup list

[Spees3]
Number=9702
Confirmed=X
Filename=SPEEDY.PIF
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.AD" target="_blank">OPASERV.AD</a> WORM!
Source=Paul Collins Startup list

[Spellex Anywhere]
Number=9703
Confirmed=N
Filename=sa.exe
Description=<a href="http://www.spellex.com/Spellex-Anywhere/default.htm" target="_blank">Spellex-Anywhere</a> - adds spell checking functionality to almost any Window program. Create a shortcut and run manually before it's to be used
Source=Paul Collins Startup list

[SpIDerMail]
Number=9704
Confirmed=Y
Filename=spiderml.exe
Description=<a href="http://www.drweb.com/" target="_blank">DrWeb</a> antivirus Spider Mail e-mail scanner
Source=Paul Collins Startup list

[Spinner Plus]
Number=9705
Confirmed=N
Filename=spinner.exe
Description=&quot;Spinner Plus lets you listen to over 100 channels of music broadcast from Spinner.com. Spinner Plus uses RealNetwork's G2 technology to provide high-quality online audio. The technology adjusts the audio streaming to match your Internet connection speed, which helps eliminate sound distortion or choppiness&quot;. Available via Start -> Programs
Source=Paul Collins Startup list

[SPINX]
Number=9706
Confirmed=X
Filename=Wscript.exe OXNEY.B.VBS
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110112-5735-99" target=_blank>YENO.B</a> and <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110113-0557-99" target=_blank>YENO.C</a> WORMS!

Source=Paul Collins Startup list

[SPnt]
Number=9707
Confirmed=X
Filename=SPnt.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list

[SpokeSysTray]
Number=9708
Confirmed=U
Filename=SpokeSysTray.exe
Description=<a href="http://www.spoke.com/" target="_blank">Spoke Software</a> client application. Spoke "uses data in your e-mail and other enterprise information systems to discover the existing relationships of people in your enterprise. It then builds a private, secure relationship network for each user without any additional manual data entry"
Source=Paul Collins Startup list

[spolsvr2]
Number=9709
Confirmed=X
Filename=spolsvr2.exe
Description=Added by the EVILSOCK.10 TROJAN! Note - this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
Source=Paul Collins Startup list

[spoo1sv]
Number=9710
Confirmed=X
Filename=spoo1sv.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040313-4813-99" target="_blank">SOULJET</a> TROJAN!
Source=Paul Collins Startup list

[Spool]
Number=9711
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-011209-1429-99" target=_blank>RANKY.R</a> TROJAN!
Source=Paul Collins Startup list

[Spool]
Number=9712
Confirmed=X
Filename=wys.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041704-3813-99" target=_blank>WhileUSurf</a> adware
Source=Paul Collins Startup list

[SPOOL Configuration]
Number=9713
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotkd.html" target="_blank">SDBOT-KD</a> WORM!
Source=Paul Collins Startup list

[Spool Loader]
Number=9714
Confirmed=N
Filename=spool.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Spool LoadKIt]
Number=9715
Confirmed=X
Filename=spoolv.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Spool lptt01]
Number=9716
Confirmed=X
Filename=spool.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "spool" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[Spool Manager]
Number=9717
Confirmed=X
Filename=spoolsrv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerfr.html" target=_blank>BANKER-FR</a> TROJAN!
Source=Paul Collins Startup list

[Spool ml097e]
Number=9718
Confirmed=X
Filename=spool.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "spool" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[Spool32]
Number=9719
Confirmed=X
Filename=pool32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojassasinf.html" target= blank>ASSASIN-F</a> TROJAN!
Source=Paul Collins Startup list

[spoolax]
Number=9720
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojperdad.html" target=_blank>PERDA-D</a> TROJAN!
Source=Paul Collins Startup list

[Spooler Service]
Number=9721
Confirmed=X
Filename=Spoolsrv.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_JOINER.C1" target="_blank">JOINER.C1</a> TROJAN!
Source=Paul Collins Startup list

[Spooler Sub System Process]
Number=9722
Confirmed=X
Filename=SPOOL32.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_YAB.A" target="_blank">YAB.A</a> TROJAN!
Source=Paul Collins Startup list

[Spooler Subsystem]
Number=9723
Confirmed=X
Filename=spoolsub.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotabg.html" target=_blank>SDBOT-ABG</a> TROJAN!
Source=Paul Collins Startup list

[Spooler SubSystem App]
Number=9724
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32poebotj.html" target= blank>POEBOT-J</a> WORM!
Source=Paul Collins Startup list

[Spooler SubSystem App]
Number=9725
Confirmed=X
Filename=spooIsv.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-052109-2651-99" target=_blank>LINKBOT.M</a> WORM!
Source=Paul Collins Startup list

[Spooler SubSystem Application]
Number=9726
Confirmed=X
Filename=localsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Spooler SubSystem Application]
Number=9727
Confirmed=X
Filename=netsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Spooler SubSystem Application]
Number=9728
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Spooler SubSystem Application]
Number=9729
Confirmed=X
Filename=svcadmin.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Spooler SubSystem Application]
Number=9730
Confirmed=X
Filename=svcman.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Spooler SubSystem Application]
Number=9731
Confirmed=X
Filename=svcrun.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Spooler SubSystem Application]
Number=9732
Confirmed=X
Filename=tcpsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Spooler SubSystem Application]
Number=9733
Confirmed=X
Filename=websvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Spooler Subsytem App]
Number=9734
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsdbotmm.html" target=_blank>SDBOT-MM</a> WORM!
Source=Paul Collins Startup list

[SpoolerSubSystemProcess]
Number=9735
Confirmed=X
Filename=SpooI32.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453073000" target="_blank">EHKS.21</a> keylogger! Note - the "I" between "o" and "3" is a capital "i" not a lower case "L"
Source=Paul Collins Startup list

[Spools Service Controller]
Number=9736
Confirmed=X
Filename=spools.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kassbotc.html" target= blank>KASSBOT-C</a> WORM!
Source=Paul Collins Startup list

[spoolserv]
Number=9737
Confirmed=X
Filename=spoolserv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpn.html" target="_blank">SDBOT-PN</a> WORM!
Source=Paul Collins Startup list

[SpoolService]
Number=9738
Confirmed=X
Filename=spolsv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotcs.html" target=_blank>AGOBOT-CS</a> WORM!

Source=Paul Collins Startup list

[Spoolsv]
Number=9739
Confirmed=X
Filename=Spoolsv.exe
Description=Added by the CIADOOR.121 VIRUS! Note - "Spoolsv.exe" is located in the Windows or Winnt directory, and not in System32, like the legitimate Spoolsv.exe system file
Source=Paul Collins Startup list

[spoolsv]
Number=9740
Confirmed=X
Filename=scvhosts.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallaw.html" target=_blank>SMALL-AW</a> TROJAN!
Source=Paul Collins Startup list

[spoolsv]
Number=9741
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderfi.html" target=_blank>DLOADER-FI</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "HELP" subfolder of the Winnt or Windows folder
Source=Paul Collins Startup list

[spoolsv]
Number=9742
Confirmed=X
Filename=spoclsv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32fujacksm.html" target="_blank">Fujacks-M</a> WORM!
Source=Paul Collins Startup list

[spoolsv manager]
Number=9743
Confirmed=X
Filename=SpoolMgr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022300-0309-99" target=_blank>ASSIRAL</a> WORM!
Source=Paul Collins Startup list

[spoolsv service]
Number=9744
Confirmed=X
Filename=spoolsv32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahp.html" target=_blank>RBOT-AHP</a> WORM!
Source=Paul Collins Startup list

[SPOOLSV32]
Number=9745
Confirmed=X
Filename=SPOOLSV32.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcwsi.html" target=_blank>CWS-I</a> or <a href="http://www.sophos.com/virusinfo/analyses/trojhazifb.html" target=_blank>HAZIF-B</a> TROJANS!
Source=Paul Collins Startup list

[spoolsvc]
Number=9746
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdropperat.html" target= blank>DROPPER-AT</a> TROJAN!
Source=Paul Collins Startup list

[spoolsvr32]
Number=9747
Confirmed=X
Filename=csmss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentau.html" target=_blank>AGENT-AU</a> TROJAN!

Source=Paul Collins Startup list

[spoolsvr32]
Number=9748
Confirmed=X
Filename=csmss32.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojagentau.html" target=_blank>AGENT-AU</a> TROJAN!
Source=Paul Collins Startup list

[spoolsvs.exe]
Number=9749
Confirmed=X
Filename=spoolsvs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderrk.html" target=_blank>DLOADER-RK</a> TROJAN!
Source=Paul Collins Startup list

[SPOOLSVU]
Number=9750
Confirmed=X
Filename=SPOOLSVU.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031109-3305-99" target=_blank>STARTPAGE.K</a> hijacker
Source=Paul Collins Startup list

[spoolsvv]
Number=9751
Confirmed=X
Filename=spoolsvv.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453077927" target="_blank">Searchcentrix</a> hijacker
Source=Paul Collins Startup list

[Spoolvs]
Number=9752
Confirmed=X
Filename=spoolvs.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AUS&VSect=P" target=_blank>SDBOT.AUS</a> WORM!
Source=Paul Collins Startup list

[Spore]
Number=9753
Confirmed=X
Filename=MsNews.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-121410-0858-99" target=_blank>SPORE.A</a> WORM!
Source=Paul Collins Startup list

[Spore.b]
Number=9754
Confirmed=X
Filename=Scmhlpr.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-121511-2555-99" target=_blank>SPORE.B</a> WORM!
Source=Paul Collins Startup list

[SPP]
Number=9755
Confirmed=?
Filename=run.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[spp]
Number=9756
Confirmed=X
Filename=regedit -s spp.reg
Description=IE search hijacker - changes the default search to http://www.hotsearchbox.com/ie/
Source=Paul Collins Startup list

[sppbridge]
Number=9757
Confirmed=?
Filename=sppbridge.exe
Description=Associated with an Anycom bluetooth wireless card on laptops - used for printing to portable printers for example.<font color="#FF0000"> Is it required or can it be started manually?&nbsp;</font>
Source=Paul Collins Startup list

[SprintPort]
Number=9758
Confirmed=?
Filename=SprintPortA.exe
Description=Novatel wireless modem related. <font color="#FF0000"> What does it do and is it required?</font>
Source=Paul Collins Startup list

[SpriteService]
Number=9759
Confirmed=U
Filename=SpriteService.exe
Description=<a href="http://www.spritesoftware.com/" target="_blank">Sprite Backup</a> is a backup application for Windows Mobile Pocket PC or Smartphone
Source=Paul Collins Startup list

[SPSTEALT]
Number=9760
Confirmed=U
Filename=SmartProtectorPro.exe
Description=<a href="http://smartprotector.com/eraser/index.htm" target="_blank">Smart Protector Pro</a> - internet privacy tool that erases tracks, MRU lists, etc
Source=Paul Collins Startup list

[spstore]
Number=9761
Confirmed=?
Filename=storesp.exe
Description=<a href="http://www.softprobe.com/" target="_blank">Softprobe</a> - program designed to provide managers with an analysis of an individuals computer use who are under their supervision. This program is NOT related to Winpup

Source=Paul Collins Startup list

[Spy Blocker]
Number=9762
Confirmed=U
Filename=spyblocker.exe
Description=<a href="http://www.spyblocker-software.com/spyblocker/sb.shtm" target="_blank">SpyBlocker</a> blocks the communications of spyware installed on a PC so spyware runs but can't exchange data with the server to which it should report. Ensuring spyware can't communicate is important, as you may find after using <a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-Aware</a> that some applications containing spyware subsystems may not run correctly or at all
Source=Paul Collins Startup list

[Spy Protector]
Number=9763
Confirmed=U
Filename=SpyProtector.exe
Description=Included in the full version of Security Task Manager, <a href="http://www.neuber.com/taskmanager/" target="_blank">Spy Protector</a> prevents keyboard and mouse monitoring, warns when the registry is changed and eliminates internet activity and work traces
Source=Paul Collins Startup list

[Spy-Control]
Number=9764
Confirmed=N
Filename=Spy-Control.exe
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>
Source=Paul Collins Startup list

[Spy-Keylogger]
Number=9765
Confirmed=U
Filename=skl.exe
Description=<a href="http://sarc.com/avcenter/venc/data/spyware.spykeylogger.html" target=blank>SpyKeylogger</a> keystroke logger/monitoring program - remove unless you installed it yourself!

Source=Paul Collins Startup list

[SpyAxe]
Number=9766
Confirmed=N
Filename=spyaxe.exe
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>. For removal instructions see <a href="http://wiki.castlecops.com/Malware_Removal:_SpyAxe_Removal" target=_blank>here</a>
Source=Paul Collins Startup list

[SpyBan]
Number=9767
Confirmed=N
Filename=SpyBan.exe
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>
Source=Paul Collins Startup list

[SpyBlast]
Number=9768
Confirmed=X
Filename=SpyBlast.exe
Description=Spyware killer that is in effect autoinstalled foistware, targeted by SpyBot, among others
Source=Paul Collins Startup list

[SpyBlocker]
Number=9769
Confirmed=U
Filename=spyblocker.exe
Description=<a href="http://www.spyblocker-software.com/spyblocker/sb.shtm" target="_blank">SpyBlocker</a> blocks the communications of spyware installed on a PC so spyware runs but can't exchange data with the server to which it should report. Ensuring spyware can't communicate is important, as you may find after using <a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-Aware</a> that some applications containing spyware subsystems may not run correctly or at all
Source=Paul Collins Startup list

[SpyBlocs]
Number=9770
Confirmed=N
Filename=SpyBlocs.exe
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[SpyBlocs3.0]
Number=9771
Confirmed=N
Filename=SpyBlocs3.0.exe
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[SpybotSD TeaTimer]
Number=9772
Confirmed=Y
Filename=TeaTimer.exe
Description=TeaTimer is a permanent process and registry monitor of the <a href="http://www.safer-networking.org/" target="_blank">Spybot S&D</a> system protector which perpetually monitors the processes called/initiated. Detects processes wanting to start and gives you options on how to deal with this process in the future
Source=Paul Collins Startup list

[SpyBotSnD]
Number=9773
Confirmed=U
Filename=Spybotsd.exe
Description=<a href="http://www.safer-networking.org/" target="_blank">Spybot - Search &amp; Destroy</a> - free multi-spyware removal tool from Safer Networking Ltd.
Source=Paul Collins Startup list

[Spybott lptt01]
Number=9774
Confirmed=X
Filename=spybott.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Spybott" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[Spybott ml097e]
Number=9775
Confirmed=X
Filename=spybott.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Spybott" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[SpyClean]
Number=9776
Confirmed=X
Filename=1ClickSpyClean.exe
Description=1 Click Spy Clean uses a database that was stolen from <a href="http://www.safer-networking.org/en/download/index.html" target=_blank>SpybotS&D</a>. Not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>
Source=Paul Collins Startup list

[SpyCop ScanCheck]
Number=9777
Confirmed=U
Filename=MAIN.EXE
Description=<a href="http://www.spycop.com/" target="_blank">SpyCop</a> surveillance software detection - checks to see when your machine was last scanned and if it was more than a week asks if you want to scan
Source=Paul Collins Startup list

[SpyEmergency]
Number=9778
Confirmed=U
Filename=SpyEmergency.exe
Description=<a href="http://www.netgate.sk/index.php?option=com_content&task=view&id=18&Itemid=41" target="_blank">SpyEmergency</a> security software from Netgate
Source=Paul Collins Startup list

[SpyEx]
Number=9779
Confirmed=X
Filename=Winllogo.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32prskeya.html" target=_blank>PRSKEY-A</a> WORM!
Source=Paul Collins Startup list

[SpyFighterMonitor]
Number=9780
Confirmed=N
Filename=SpyFighter.exe
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a> 
Source=Paul Collins Startup list

[SpyFighterUpdate]
Number=9781
Confirmed=N
Filename=AutoUpdate.exe
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>
Source=Paul Collins Startup list

[SpyHealer]
Number=9782
Confirmed=N
Filename=SpyHealer.exe
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[SpyHeals]
Number=9783
Confirmed=X
Filename=SpyHeals.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094215" target="_blank">Smitfraud</a> variant
Source=Paul Collins Startup list

[SpyHunter]
Number=9784
Confirmed=N
Filename=SpyHunter.exe
Description=Enigma SpyHunter - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#sh_note" target="_blank">note</a>
Source=Paul Collins Startup list

[Spykiller]
Number=9785
Confirmed=U
Filename=Spykiller.exe
Description=Spyware remover - older versions are not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#maxion_note" target="_blank">here</a>
Source=Paul Collins Startup list

[SpyNuker]
Number=9786
Confirmed=X
Filename=Spynuker.exe
Description=A "spyware removal program" by TrekBlue, which is being heavily advertised through junk e-mail from its affiliates and misleading fake-dialogue-box web advertising. This is the same company as E-mail marketers 'TrekData' and 'Blue Haven Media', who distribute spyware through ActiveX drive-by-download on web pages
Source=Paul Collins Startup list

[SpyOnThis Monitor]
Number=9787
Confirmed=N
Filename=SpyOnThisMonitor.exe
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[SpyQuake2.com]
Number=9788
Confirmed=N
Filename=Spy-Quake2.exe
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[SpySheriff]
Number=9789
Confirmed=X
Filename=SpySheriff.exe
Description=<a href="http://www.bleepingcomputer.com/forums/topic22402.html" target="_blank">SpySheriff</a> malware
Source=Paul Collins Startup list

[SpySpotter]
Number=9790
Confirmed=N
Filename=SpySpotter.exe
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[SpyStopper]
Number=9791
Confirmed=U
Filename=spystopper.exe
Description=<a href="http://www.itcompany.com/Privacy.htm" target="_blank">SpyStopper</a> - blocks intrusive spyware, Web bugs, worms, scripts, advertisements, and cookies. Protects you from being profiled and tracked
Source=Paul Collins Startup list

[SpySubtract]
Number=9792
Confirmed=U
Filename=SpySub.exe
Description=<a href="http://www.intermute.com/spysubtract/" target=_blank>SpySubtract</a> - multi spyware removal tool
Source=Paul Collins Startup list

[SpySweeper]
Number=9793
Confirmed=U
Filename=SpySweeper.exe
Description=<a href="http://www.webroot.com/consumer/products/spysweeper/" target="_blank">Spy Sweeper</a> - detects and removes spyware
Source=Paul Collins Startup list

[SpySweeperEnterprise]
Number=9794
Confirmed=U
Filename=SpySweeperUI.exe
Description=User interface for <a href="http://www.webroot.com/business/products/spysweeperenterprise/" target="_blank">Spy Sweeper Enterprise</a> edition - "a centrally managed, scalable enterprise solution that provides best of breed protection against all types of malicious spyware, adware, and other harmful intruders"
Source=Paul Collins Startup list

[SpyTrooper]
Number=9795
Confirmed=X
Filename=SpyTrooper.exe
Description=SpyTrooper - malware posing as a spyware remover, see <a href="http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?IdVirus=89503&sind=0" target="_blank">here</a>
Source=Paul Collins Startup list

[Spyware]
Number=9796
Confirmed=N
Filename=Spyware.exe
Description=BPS spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[Spyware Begone]
Number=9797
Confirmed=U
Filename=SpywareBeGone.exe
Description=<a href="http://www.spywarebegone.com" target="_blank">Spyware BeGone</a> - spyware removal utility. Previously not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#spybegone_note" target="_blank">here</a>
Source=Paul Collins Startup list

[Spyware Begone]
Number=9798
Confirmed=U
Filename=freescan.exe
Description=<a href="http://www.spywarebegone.com" target="_blank">Spyware BeGone</a> - spyware removal utility. Previously not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#spybegone_note" target="_blank">here</a>
Source=Paul Collins Startup list

[Spyware Doctor]
Number=9799
Confirmed=U
Filename=spydoctor.exe
Description=<a href="http://www.pctools.com/spyware-doctor/" target=_blank>Spyware Doctor</a> spyware remover
Source=Paul Collins Startup list

[Spyware Doctor]
Number=9800
Confirmed=U
Filename=swdoctor.exe
Description=<a href="http://www.pctools.com/spyware-doctor/" target=_blank>Spyware Doctor</a> spyware remover
Source=Paul Collins Startup list

[Spyware Guard Control Panel]
Number=9801
Confirmed=U
Filename=spywar~1.exe
Description=<p align=left>&quot;<a href="http://www.wilderssecurity.net/spywareguard.html" target="_blank">SpywareGuard</a> provides a real-time protection solution against spyware"
Source=Paul Collins Startup list

[Spyware Nuker]
Number=9802
Confirmed=U
Filename=swn2.exe
Description=Spyware removal program by TrekBlue. Previously not recommended but the latest version was delisted <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>

Source=Paul Collins Startup list

[Spyware Nuker Installer]
Number=9803
Confirmed=U
Filename=SpywareNukerInstaller.exe
Description=Spyware removal program by TrekBlue. Previously not recommended but the latest version was delisted <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>

Source=Paul Collins Startup list

[Spyware remover]
Number=9804
Confirmed=X
Filename=Remove_spyware.exe
Description=Unidentified, but not known to belong to any known spyware remover, and strongly suspected to be adware related!

Source=Paul Collins Startup list

[Spyware Scanner]
Number=9805
Confirmed=U
Filename=AseScanner.exe
Description=Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see <a href="http://www.boston.com/business/technology/articles/2004/11/06/spyware_killer_displays_its_own_ads/" target=_blank>here</a> and <a href="http://netrn.net/spywareblog/archives/2004/11/06/aluria-confused/" target=_blank>here</a>
Source=Paul Collins Startup list

[SpyWare Shield]
Number=9806
Confirmed=U
Filename=Shield.exe
Description=Acronis Privacy Expert <a href="http://www.acronis.com/enterprise/products/privacyexpert/spyware-shield.html" target=_blank>Spyware Shield</a> prevents spyware and other suspicious programs from being installed on PCs
Source=Paul Collins Startup list

[Spyware Slayer]
Number=9807
Confirmed=N
Filename=SpywareSlayer.Exe
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[Spyware Soft Stop]
Number=9808
Confirmed=N
Filename=Spyware Soft Stop.exe
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[Spyware Stormer]
Number=9809
Confirmed=N
Filename=SpywareStormer.Exe
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[Spyware Vanisher]
Number=9810
Confirmed=U
Filename=FreeScanner.exe
Description=<a href="http://www.spywarebegone.com" target="_blank">Spyware Vanisher</a> - spyware removal utility. Previously not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#spybegone_note" target="_blank">here</a>
Source=Paul Collins Startup list

[Spyware X-terminator]
Number=9811
Confirmed=U
Filename=SpywareX.exe
Description=<a href="http://www.stompsoft.com/spywarexterminator.html" target=_blank>Spyware X-terminator</a> - spyware remover
Source=Paul Collins Startup list

[Spyware-Cop]
Number=9812
Confirmed=N
Filename=Spyware-Cop.exe
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[SpywareBot]
Number=9813
Confirmed=N
Filename=SpywareBot.exe
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>note</a>

Source=Paul Collins Startup list

[spywarefighterguard]
Number=9814
Confirmed=U
Filename=spfprc.exe
Description=Spyware Fighter - anti spyware program

Source=Paul Collins Startup list

[SpywareGuard]
Number=9815
Confirmed=U
Filename=sgmain.exe
Description=<p align=left>&quot;<a href="http://www.wilderssecurity.net/spywareguard.html" target="_blank">SpywareGuard</a> provides a real-time protection solution against spyware"
Source=Paul Collins Startup list

[SpywareGuard]
Number=9816
Confirmed=X
Filename=winproc32.exe
Description=<a href="http://www.sophos.com/virusinfo/analyses/trojstartpadl.html" target="_blank">Startpage</a> adware Trojan
Source=Paul Collins Startup list

[SpywareGuard]
Number=9817
Confirmed=X
Filename=deinst_qfe001.exe
Description=Added by a variant of the Win32.Small TROJAN! - Do NOT confuse with the legitimate <a href="http://www.javacoolsoftware.com/spywareguard.html" target="_blank">SpywareGuard</a> application
Source=Paul Collins Startup list

[Spywareguard lptt01]
Number=9818
Confirmed=X
Filename=Spywareguard.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Spyguard" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[Spywareguard ml097e]
Number=9819
Confirmed=X
Filename=Spywareguard.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Spyguard" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[SpywareGuardPlus]
Number=9820
Confirmed=X
Filename=winmm64.exe
Description=StartPage.ht homepage hijacker
Source=Paul Collins Startup list

[SpywareKilla]
Number=9821
Confirmed=N
Filename=SpywareKilla.exe
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[SpywareLocked]
Number=9822
Confirmed=N
Filename=SpywareLocked.exe
Description=Spyware remover - not recommended, see <a href="http://www.bleepingcomputer.com/forums/topic85376.html" target="_blank">here</a>
Source=Paul Collins Startup list

[SpywareLocked 3.5]
Number=9823
Confirmed=N
Filename=SpywareLocked 3.5.exe
Description=Spyware remover - not recommended, see <a href="http://www.bleepingcomputer.com/forums/topic85376.html" target="_blank">here</a>
Source=Paul Collins Startup list

[SpywareNo]
Number=9824
Confirmed=N
Filename=SpywareNo.exe
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>
Source=Paul Collins Startup list

[SpywareQuake]
Number=9825
Confirmed=N
Filename=SpywareQuake.exe
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>

Source=Paul Collins Startup list

[SpywareStrike]
Number=9826
Confirmed=N
Filename=SpywareStrike.exe
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>
Source=Paul Collins Startup list

[SPYWATCH]
Number=9827
Confirmed=N
Filename=SpyWatch.exe
Description=BPS spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[SQConfigChecker]
Number=9828
Confirmed=X
Filename=cc.exe
Description=Xupiter <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Xupiter&threatid=12203" target=_blank>SQWire</a> toolbar related. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see <a href="http://www.alanluber.com/pcfearfactor/officialxupiterpage.htm" target=_blank>here</a>
Source=Paul Collins Startup list

[SQInstaller]
Number=9829
Confirmed=X
Filename=SQInstaller.exe
Description=Xupiter <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Xupiter&threatid=12203" target=_blank>SQWire</a> toolbar related. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see <a href="http://www.alanluber.com/pcfearfactor/officialxupiterpage.htm" target=_blank>here</a>
Source=Paul Collins Startup list

[SQL Server]
Number=9830
Confirmed=N
Filename=scm.exe
Description=SQL Server Service Control Manager. Available via Start -> Programs
Source=Paul Collins Startup list

[SQL Server Service]
Number=9831
Confirmed=X
Filename=sql.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadf.html" target=_blank>RBOT-ADF</a>
Source=Paul Collins Startup list

[sqservices]
Number=9832
Confirmed=X
Filename=wins32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojprogentb.html" target=_blank>PROGENT-B</a> TROJAN!
Source=Paul Collins Startup list

[SQUpdatesChecker]
Number=9833
Confirmed=X
Filename=uc.exe
Description=Xupiter <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Xupiter&threatid=12203" target=_blank>SQWire</a> toolbar related. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see <a href="http://www.alanluber.com/pcfearfactor/officialxupiterpage.htm" target=_blank>here</a>
Source=Paul Collins Startup list

[sqvynikp]
Number=9834
Confirmed=X
Filename=sqvynikp.exe
Description=Free_Scratch_Cards foistware
Source=Paul Collins Startup list

[SR Agent]
Number=9835
Confirmed=Y
Filename=AGENTSVC.EXE
Description=Related to <a href="http://www.secureresolutions.com/" target=_blank>Secure Resolutions</a> - desktop virus protection

Source=Paul Collins Startup list

[Sr Agent]
Number=9836
Confirmed=Y
Filename=SrLogon.exe
Description=Related to <a href="http://www.secureresolutions.com/" target=_blank>Secure Resolutions</a> - desktop virus protection

Source=Paul Collins Startup list

[sr1exe]
Number=9837
Confirmed=?
Filename=updtSup3.exe
Description=<font color="#FF0000">Found on a Dell computer, in a Documents and SettingsAll UsersApplication DataDellAlert2 subfolder</font>
Source=Paul Collins Startup list

[sr64]
Number=9838
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=41042" target="_blank">AGENT.X</a> TROJAN!
Source=Paul Collins Startup list

[SrchfstUpdate]
Number=9839
Confirmed=X
Filename=srchupdt.exe
Description=SearchFast adware downloader

Source=Paul Collins Startup list

[sre]
Number=9840
Confirmed=X
Filename=rundll32.exe sre.dll, Register
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant - also detected by <a href="http://www.kaspersky.com/" target=_blank>Kaspersky</a> antivirus as Trojan.Downloader.Agent.Fc
Source=Paul Collins Startup list

[srePostpone]
Number=9841
Confirmed=?
Filename=rundll32.exe [path] srescan.dll, DoSpecialAction
Description=Related to <a href="http://www.zonelabs.com/" target=_blank>ZoneAlarm</a>. <font color=#FF0000>What does it do and is it required?</font>

Source=Paul Collins Startup list

[SRFirstRun]
Number=9842
Confirmed=?
Filename=rundll32 srclient.dll, CreateFirstRunRp
Description=Created by execution of the Windows XP sr.inf file, which installs the Windows XP System Restore feature, needed for example when installing System Restore into Windows Server 2003. <font color="#FF0000">Does this indeed need to run at every bootup?</font>
Source=Paul Collins Startup list

[Srmclean]
Number=9843
Confirmed=U
Filename=srmclean.exe
Description=Srmclean helps in the installation and execution of the SoundMax SoftPaq for Compaq/ADI SoundMax Integrated Digital Audio. According to Compaq - "If you disable the entry from loading into startup, then you will not be able to use the features of the sound card"
Source=Paul Collins Startup list

[SRNG]
Number=9844
Confirmed=X
Filename=srng.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453079092" target="_blank">ShopNavSearch.Srng</a> search hijacker

Source=Paul Collins Startup list

[SRP Startup]
Number=9845
Confirmed=U
Filename=srrpro.exe
Description=<a href="http://www.majorgeeks.com/download516.html" target="_blank">System Restore Remover Pro</a> allows you to safely and easily remove System Restore and various other Windows Millennium "features". This is enabled if you tick the "Remove unnecessary System Restore information on startup" box. Available via Start -> Settings -> Control Panel
Source=Paul Collins Startup list

[SRS Applet]
Number=9846
Confirmed=Y
Filename=SrsTray.Exe
Description=S3 Sonic Vibes sound card drivers - if disabled you loose sound
Source=Paul Collins Startup list

[SRS Audio Sandbox]
Number=9847
Confirmed=U
Filename=SRSSSC.exe
Description=<a href="http://www.srs-store.com/store-plugins/mall/sas-plugin.asp" target="_blank">SRS Audio Sandbox</a> "provide amazing audio immersion and maximum thump for a personalized audio experience!"
Source=Paul Collins Startup list

[srshost.exe]
Number=9848
Confirmed=X
Filename=srshost.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasw.html" target=_blank>RBOT-ASW</a> WORM!
Source=Paul Collins Startup list

[Srv RPCrom]
Number=9849
Confirmed=X
Filename=NClienti386.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-101912-4208-99" target=_blank>WATSOON.A</a> TROJAN!

Source=Paul Collins Startup list

[Srv32]
Number=9850
Confirmed=X
Filename=Srv32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-122010-5921-99" target="_blank">OPASERV.J</a> WORM!
Source=Paul Collins Startup list

[Srv32]
Number=9851
Confirmed=X
Filename=Srv32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.S" target="_blank">OPASERV.S</a> WORM!
Source=Paul Collins Startup list

[Srv32 spool service]
Number=9852
Confirmed=X
Filename=runsrv32.exe
Description=Topantispyware.com malware - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan-Clicker.Win32.Spyre.b
Source=Paul Collins Startup list

[Srv32 spool service]
Number=9853
Confirmed=X
Filename=spoolsrv32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojspyreb.html" target=_blank>SPYRE.B</a> TROJAN!
Source=Paul Collins Startup list

[Srv32 spool service]
Number=9854
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderlb.html" target=_blank>DLOADER-LB</a> TROJAN!
Source=Paul Collins Startup list

[Srv325]
Number=9855
Confirmed=X
Filename=Srv325.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotpr.html" target= blank>AGOBOT-PR</a> WORM!
Source=Paul Collins Startup list

[Srv32Old]
Number=9856
Confirmed=X
Filename=[worm filename].PIF
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-122010-5921-99" target="_blank">OPASERV.J</a> WORM!
Source=Paul Collins Startup list

[Srv32Win]
Number=9857
Confirmed=U
Filename=SpyAgent4.exe
Description=<a href="http://www.spytech-web.com/spyagent.shtml" target="_blank">SpyAgent</a> - monitoring software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it
Source=Paul Collins Startup list

[Srv32Win]
Number=9858
Confirmed=U
Filename=Svchost.exe
Description=<a href="http://www.realtime-spy.com/" target=blank>Realtime-Spy</a> keystroke logger/monitoring program - remove unless you installed it yourself! Note - this is not the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=blank>svchost.exe</a> process that normally doesn't appear in Msconfig/Startup!

Source=Paul Collins Startup list

[Srv32Win]
Number=9859
Confirmed=U
Filename=sysdiag.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-051211-3023-99" target="_blank">SpyAgent</a> surveillance software. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list

[srv32win]
Number=9860
Confirmed=U
Filename=win16dll.exe
Description=<a href="http://sarc.com/avcenter/venc/data/spyware.screenspy.html" target=_blank>Screenspy</a> captures screenshots silently. If you didn't install this yourself remove it
Source=Paul Collins Startup list

[Srvce Pack Updte]
Number=9861
Confirmed=X
Filename=svcpack.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[srvexc.exe]
Number=9862
Confirmed=X
Filename=srvexc.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-122317-3835-99" target=_blank>SERVSAX</a> TROJAN!
Source=Paul Collins Startup list

[srvprc]
Number=9863
Confirmed=U
Filename=srvprc.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/spyware.actmon.html" target="_blank">ActMon</a> surveillance software. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list

[srxTray]
Number=9864
Confirmed=N
Filename=srxTray.exe
Description=<a href="http://www.southrivertech.com/" target="_blank">Titan FTP Server</a> - FTP server
Source=Paul Collins Startup list

[SsAAD.exe]
Number=9865
Confirmed=?
Filename=SsAAD.exe
Description=Sony SonicStage software related - "Atrac Hard Disk Monitor". <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[ssate.exe]
Number=9866
Confirmed=X
Filename=irun4.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-030214-1700-99" target="_blank">BEAGLE.J</a> WORM!
Source=Paul Collins Startup list

[ssate.exe]
Number=9867
Confirmed=X
Filename=winsys.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-030312-0201-99" target="_blank">BEAGLE.K</a> WORM!
Source=Paul Collins Startup list

[SSBkgdUpdate]
Number=9868
Confirmed=N
Filename=SSBkgdupdate.exe
Description=ScanSoft OmniPage auto updater. Can be disabled using the main program's options. Note - if you have a Soundblaster Audigy2 ZS soundcard installed on your computer and the volume of your soundsystem is turned on extremely high disabling this will solve the problem
Source=Paul Collins Startup list

[SSC Service Utility]
Number=9869
Confirmed=U
Filename=ssc_serv.exe
Description=<a href="http://www.ssclg.com/epsone.shtml" target= blank>SSC Service Utility</a> is a printer utility for refilled Epson cartridges
Source=Paul Collins Startup list

[SSCFBTN.EXE]
Number=9870
Confirmed=U
Filename=SSCFBTN.EXE
Description=Samsung smarthru software,used with Lexmark Z82 or Samsung multifunction printers
Source=Paul Collins Startup list

[sscRun]
Number=9871
Confirmed=Y
Filename=SSCRun.exe
Description=AOL's firewall

Source=Paul Collins Startup list

[SSC_UserPrompt]
Number=9872
Confirmed=Y
Filename=UsrPrmpt.exe
Description=Part of Symantec's AntiVirus suite and comes usually with a product update, if not on the system already. Required for essential applications to work properly

Source=Paul Collins Startup list

[Ssd]
Number=9873
Confirmed=Y
Filename=Std.exe
Description=<a href="http://www.stealthdisk.com/" target="_blank">Stealthdisk</a> - file and folder hiding/locking utility
Source=Paul Collins Startup list

[ssdiag]
Number=9874
Confirmed=?
Filename=ssdiag.exe
Description=Equinox (now <a href="http://www.avocent.com/" target="_blank">Avocent</a>) "Configuration and DOS Diagnostic for DOS and Windows platforms"
Source=Paul Collins Startup list

[SSDPSRV]
Number=9875
Confirmed=N
Filename=ssdpsrv.exe
Description=Simple Service Discovery Protocol (SSDP) and General Event Notification Architecture (GENA) services for network plug and play functionality. Starts up a web server on port 5000. Used by Universal Plug and Play (for network device discovery). To remove this program, open Add/Remove Programs, select either Communications (Me) or Networking Services (XP), and remove the checkmark next to Universal Plug and Play
Source=Paul Collins Startup list

[ssgrate.exe]
Number=9876
Confirmed=X
Filename=system.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-012012-0813-99" target="_blank">MITGLIEDER.C</a> TROJAN!
Source=Paul Collins Startup list

[ssgrate.exe]
Number=9877
Confirmed=X
Filename=irun.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031310-5644-99" target="_blank">MITGLIEDER.D</a> TROJAN!
Source=Paul Collins Startup list

[ssgrate.exe]
Number=9878
Confirmed=X
Filename=irun4.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040514-3126-99" target="_blank">MITGLIEDER.F</a> TROJAN!
Source=Paul Collins Startup list

[ssgrate.exe]
Number=9879
Confirmed=X
Filename=sysdoor.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-082115-0935-99" target="_blank">MITGLIEDER.N</a> TROJAN!
Source=Paul Collins Startup list

[ssgrate.exe]
Number=9880
Confirmed=X
Filename=winerdir.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-082110-3039-99" target="_blank">MITGLIEDER.O</a> TROJAN!
Source=Paul Collins Startup list

[ssgrate.exe]
Number=9881
Confirmed=X
Filename=winsystems.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbagledlj.html" target=_blank>BAGLEDL-J</a> TROJAN!
Source=Paul Collins Startup list

[ssgrate.exe]
Number=9882
Confirmed=X
Filename=wintems.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061215-3130-99" target=_blank>MITGLIEDER.Q</a> TROJAN!
Source=Paul Collins Startup list

[SSh32]
Number=9883
Confirmed=U
Filename=SSh32.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-122013-2514-99" target= blank>2Spy</a> keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[SSK Service]
Number=9884
Confirmed=X
Filename=winssk32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-062509-2344-99" target="_blank">SOBIG.E</a> WORM!
Source=Paul Collins Startup list

[SSL]
Number=9885
Confirmed=X
Filename=svchost.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list

[SSL Manager]
Number=9886
Confirmed=X
Filename=amsnmsgs.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[ssmmgr]
Number=9887
Confirmed=U
Filename=ssmmgr.exe
Description=Samsung printer monitor - for checking ink levels, etc.
Source=Paul Collins Startup list

[ssms.exe]
Number=9888
Confirmed=X
Filename=SSMS.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-090415-1839-99" target=_blank>GISMOR</a> WORM!
Source=Paul Collins Startup list

[SSPY]
Number=9889
Confirmed=U
Filename=SSYTEM.EXE
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120120-3620-99" target= blank>SurfingSpy</a> keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[sssasasb32]
Number=9890
Confirmed=X
Filename=sssasasb32.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.F</a> TROJAN!
Source=Paul Collins Startup list

[sssasasb32]
Number=9891
Confirmed=X
Filename=msnmsgq32.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.F</a> TROJAN!
Source=Paul Collins Startup list

[sstata]
Number=9892
Confirmed=X
Filename=dwdas.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-090916-5115-99" target="_blank">DASDA</a> TROJAN!
Source=Paul Collins Startup list

[sstata]
Number=9893
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojranckdf.html" target=_blank>RANCK-DF</a> TROJAN!
Source=Paul Collins Startup list

[SStb.exe]
Number=9894
Confirmed=X
Filename=SStb.exe
Description=Adpowerzone.com "ServerSide" keyword hijacker
Source=Paul Collins Startup list

[sstray]
Number=9895
Confirmed=N
Filename=sstray.exe
Description=nVidia nForce Taskbar Utility - quick access to the nForce2 &quot;Sound Storm&quot; control panel and related utilitys
Source=Paul Collins Startup list

[SSUpdate]
Number=9896
Confirmed=X
Filename=SSUpdate.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453072536" target="_blank">MoneyTree</a> parasite - ActiveX control used to download premium-rate dialers

Source=Paul Collins Startup list

[ssvchost]
Number=9897
Confirmed=X
Filename=ssvchost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111214-2948-99" target="_blank">HELIOS.B</a> TROJAN!
Source=Paul Collins Startup list

[SSWPlauncher]
Number=9898
Confirmed=X
Filename=comet.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Comet%20Cursor&threatid=29168" target=_blank>Comet Cursor</a> adware
Source=Paul Collins Startup list

[Stacmon]
Number=9899
Confirmed=N
Filename=Stacmon.exe
Description=Installed with the drivers for a SigmaTel C-Major Audio card (on a Dell Inspiron 600m PC for example). Appears as though it can be disabled with no ill effects
Source=Paul Collins Startup list

[StacSysTray]
Number=9900
Confirmed=N
Filename=StacSysTray.exe
Description=System Tray control panel for SigmaTel C-Major on-board audio - as used on some Dell and Packard Bell PCs
Source=Paul Collins Startup list

[staeck12]
Number=9901
Confirmed=X
Filename=mfcee.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[standalone.exe]
Number=9902
Confirmed=X
Filename=standalone.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotads.html" target=_blank>AGOBOT-ADS</a> WORM!
Source=Paul Collins Startup list

[StarSkin]
Number=9903
Confirmed=U
Filename=starskin.exe
Description=<a href="http://www.rocketdivision.com/skin.html" target=_blank>StarSkin</a> allows you to change the view and appearance of your Windows XP box with the use of publically available themes
Source=Paul Collins Startup list

[Start]
Number=9904
Confirmed=Y
Filename=Quick95.exe
Description=For a Nisis G6 USB Graphics Tablet. Re-enables itself if disabled therefore best left alone
Source=Paul Collins Startup list

[Start]
Number=9905
Confirmed=X
Filename=windows.vbs
Description=Homepage hijacker
Source=Paul Collins Startup list

[start]
Number=9906
Confirmed=?
Filename=start.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[start]
Number=9907
Confirmed=X
Filename=sdcc.exe
Description=Added by the AGENT.CSX TROJAN!
Source=Paul Collins Startup list

[Start aThx Roll]
Number=9908
Confirmed=X
Filename=f0mered.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AAV&VSect=P" target=_blank>RBOT.AAV</a> WORM!
Source=Paul Collins Startup list

[start extracting]
Number=9909
Confirmed=X
Filename=spoolvse.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxf.html" target=_blank>RBOT-XF</a> WORM!
Source=Paul Collins Startup list

[start extracting]
Number=9910
Confirmed=X
Filename=spoolvs.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AKC&VSect=P" target=_blank>RBOT.AKC</a> WORM!
Source=Paul Collins Startup list

[Start Getright]
Number=9911
Confirmed=N
Filename=getright.exe
Description=See Getright Tray Icon
Source=Paul Collins Startup list

[Start It Upping]
Number=9912
Confirmed=X
Filename=svchosets.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Start Network Scanner Tool]
Number=9913
Confirmed=U
Filename=sdFTP.exe
Description=Part of <a href="http://www.sharpusa.com/products/applications/sharpdesk/1,2693,3-3,00.html" target="_blank">Sharpdesk</a> from Sharp Electronics. "A desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents"
Source=Paul Collins Startup list

[Start Page]
Number=9914
Confirmed=X
Filename=http://find.naupoint.com
Description=<a href="http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx" target=_blank>Naupoint</a> browser hijacker
Source=Paul Collins Startup list

[Start Page]
Number=9915
Confirmed=X
Filename=svcnt32.exe
Description=Homepage hijacker, also detected as Trojan-Downloader.Win32.Delf.ks
Source=Paul Collins Startup list

[Start RF Wireless Keyboard]
Number=9916
Confirmed=Y
Filename=ktrexe.exe
Description=Yuanxun Electronics RF wireless keyboard driver
Source=Paul Collins Startup list

[Start RF Wireless Mouse]
Number=9917
Confirmed=Y
Filename=cm20.exe
Description=Yuanxun Electronics RF wireless mouse driver
Source=Paul Collins Startup list

[Start Service]
Number=9918
Confirmed=U
Filename=upssrv.exe
Description=Cyber Power <a href="http://www.cyberpowersystems.com/pplus_2.asp" target="_blank">PowerPanelPlus</a> software. "During a power failure the system automatically saves and closes open files within the battery backup time and safely powers down your computer"
Source=Paul Collins Startup list

[Start Up Cop]
Number=9919
Confirmed=U
Filename=startcop.exe
Description=<a href="http://www.pcmag.com/article2/0,4149,897438,00.asp" target="_blank">StartUp Cop</a> - startup manager
Source=Paul Collins Startup list

[start uploading]
Number=9920
Confirmed=X
Filename=smsss.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Start Upping]
Number=9921
Confirmed=X
Filename=taskmrg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotma.html" target="_blank">RBOT-MA</a> WORM!
Source=Paul Collins Startup list

[Start Upping]
Number=9922
Confirmed=X
Filename=SVCHOSTES.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotnb.html" target=_blank>RBOT-NB</a> WORM!

Source=Paul Collins Startup list

[Start Upping]
Number=9923
Confirmed=X
Filename=taksmgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqk.html" target=_blank>RBOT-QK</a> WORM!
Source=Paul Collins Startup list

[Start Upping]
Number=9924
Confirmed=X
Filename=mcrt32.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Start Upping]
Number=9925
Confirmed=X
Filename=windupds.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AFH&VSect=P" target=_blank>SDBOT.AFH</a> WORM!
Source=Paul Collins Startup list

[Start Upping]
Number=9926
Confirmed=X
Filename=windupdts.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Start Upping]
Number=9927
Confirmed=X
Filename=xdcc.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.OY" target="_blank">SPYBOT.OY</a> WORM!
Source=Paul Collins Startup list

[Start Upping]
Number=9928
Confirmed=X
Filename=spoolnt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbottm.html" target="_blank">RBOT-TM</a> WORM!
Source=Paul Collins Startup list

[Start Uppings]
Number=9929
Confirmed=X
Filename=svcchosts.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.VY" target="_blank">SDBOT.VY</a> WORM!
Source=Paul Collins Startup list

[Start Uppings]
Number=9930
Confirmed=X
Filename=mssupdate.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Start Wingman Profiler]
Number=9931
Confirmed=N
Filename=lwtest.exe
Description=Logitech Wingman software required to operate Logitech joysticks and gamepads.&nbsp; Unless you're a hard-core gamer, it's best to leave it unchecked
Source=Paul Collins Startup list

[Start Wingman Profiler]
Number=9932
Confirmed=N
Filename=lwemon.exe   
Description=Logitech Wingman software required to operate Logitech joysticks and gamepads.&nbsp; Unless you're a hard-core gamer, it's best to leave it unchecked
Source=Paul Collins Startup list

[Startacc]
Number=9933
Confirmed=U
Filename=startacc.exe
Description=Launches Webroot's Accelerate 2000 software that "speeds up your Internet connection by up to 300%". Leave enabled if you find it improves internet connection
Source=Paul Collins Startup list

[StartCCC]
Number=9934
Confirmed=N
Filename=CLIStart.exe
Description=Puts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start -> Programs
Source=Paul Collins Startup list

[StartEAK]
Number=9935
Confirmed=Y
Filename=StartEAK.exe
Description=<a href="http://h18000.www1.hp.com/support/techpubs/whitepapers/13W1-1200a-wwen.html" target="_blank">Easy Access</a> Button Support for Compaq PCs. Required if you use these
Source=Paul Collins Startup list

[startemdoit]
Number=9936
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadravp.html" target="_blank">DLOADR-AVP</a> TROJAN!
Source=Paul Collins Startup list

[Starter]
Number=9937
Confirmed=X
Filename=scvhosting.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.RU" target="_blank">SDBOT.RU</a> WORM!
Source=Paul Collins Startup list

[starter]
Number=9938
Confirmed=X
Filename=scvhostingg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotfb.html" target=_blank>FORBOT-FB</a> WORM!
Source=Paul Collins Startup list

[starter]
Number=9939
Confirmed=X
Filename=iexplore.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotdu.html" target=_blank>FORBOT-DU</a> WORM! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a>) process, which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup unless you add it manually! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[StartFoxie]
Number=9940
Confirmed=U
Filename=StartFoxie.exe
Description=<a href="http://en.softonic.com/ie/43356/Foxie_Privacy__Security_&_Productivity_Suite" target=_blank>Foxie Suite</a> from Softonic International. "This suite of free tools comes in the form of an Internet Explorer add-on and includes a mix of powerful security enhancements"

Source=Paul Collins Startup list

[startkey]
Number=9941
Confirmed=X
Filename=svcmgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojhipperb.html" target=_blank>HIPPER-B</a> TROJAN!
Source=Paul Collins Startup list

[startkey]
Number=9942
Confirmed=X
Filename=update.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifrosedg.html" target=_blank>BIFROSE-DG</a> TROJAN!
Source=Paul Collins Startup list

[startkey]
Number=9943
Confirmed=X
Filename=XMCHAI.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifroseao.html" target=_blank>BIFROSE-AO</a> TROJAN!
Source=Paul Collins Startup list

[startkey]
Number=9944
Confirmed=X
Filename=explore32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoormt.html" target=_blank>MT</a> TROJAN!
Source=Paul Collins Startup list

[startkey]
Number=9945
Confirmed=X
Filename=CKOTS.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifrosehm.html" target=_blank>BIFROSE-HM</a> TROJAN!
Source=Paul Collins Startup list

[StartKey]
Number=9946
Confirmed=X
Filename=pligde.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-022716-2959-99" target=_blank>BIFROSE.E</a> TROJAN!
Source=Paul Collins Startup list

[startkey]
Number=9947
Confirmed=X
Filename=RunWinRaR.exe
Description=Added by a variant of the BIFROSE-LV TROJAN!
Source=Paul Collins Startup list

[startkey]
Number=9948
Confirmed=X
Filename=Mysia.exe
Description=Added by the CEP TROJAN!
Source=Paul Collins Startup list

[startkey]
Number=9949
Confirmed=X
Filename=explorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbckdrmld.html" target="_blank">MLD</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System subfolder
Source=Paul Collins Startup list

[startkey]
Number=9950
Confirmed=X
Filename=furzi.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifroseok.html" target="_blank">BIFROSE-OK</a> TROJAN!
Source=Paul Collins Startup list

[startkey]
Number=9951
Confirmed=X
Filename=krnl.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifroses.html" target="_blank">BIFROSE-S</a> TROJAN!
Source=Paul Collins Startup list

[startkey]
Number=9952
Confirmed=X
Filename=royale.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[startkey]
Number=9953
Confirmed=X
Filename=rtfmsv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojedepolc.html" target="_blank">EDEPOL-C</a> TROJAN!
Source=Paul Collins Startup list

[startkey]
Number=9954
Confirmed=X
Filename=scvhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifrosepm.html" target="_blank">BIFROSE-PM</a> TROJAN!
Source=Paul Collins Startup list

[startkey]
Number=9955
Confirmed=X
Filename=server.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifrosedb.html" target="_blank">BIFROSE-DB</a> TROJAN!
Source=Paul Collins Startup list

[startkey]
Number=9956
Confirmed=X
Filename=win32i.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifroser.html" target="_blank">BIFROSE-R</a> TROJAN!
Source=Paul Collins Startup list

[startkey]
Number=9957
Confirmed=X
Filename=winampXP.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifroseoy.html" target="_blank">BIFROSE-OY</a> TROJAN!
Source=Paul Collins Startup list

[startkey]
Number=9958
Confirmed=X
Filename=svchost32.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[startkey]
Number=9959
Confirmed=X
Filename=winlogin.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifrosepm.html" target="_blank">BIFROSE-PM</a> TROJAN!
Source=Paul Collins Startup list

[startkey]
Number=9960
Confirmed=X
Filename=winlogin.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifrosepm.html" target="_blank">BIFROSE-PM</a> TROJAN!
Source=Paul Collins Startup list

[startkey]
Number=9961
Confirmed=X
Filename=antivir.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifroseto.html" target="_blank">BIFROSE-TO</a> TROJAN!
Source=Paul Collins Startup list

[startl.exe]
Number=9962
Confirmed=N
Filename=startl.exe
Description=<a href="http://www.lingoware.com/english/" target="_blank">Lingocom LingoWare</a> - translates any application into your language
Source=Paul Collins Startup list

[StartMenu]
Number=9963
Confirmed=X
Filename=deamon.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
Source=Paul Collins Startup list

[StartMenu]
Number=9964
Confirmed=X
Filename=msgaol.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
Source=Paul Collins Startup list

[StartMenu]
Number=9965
Confirmed=X
Filename=s_menu.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
Source=Paul Collins Startup list

[StartMenu]
Number=9966
Confirmed=X
Filename=browse.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdrowsyc.html" target=_blank>DROWSY-C</a> TROJAN!
Source=Paul Collins Startup list

[startpage]
Number=9967
Confirmed=X
Filename=startpage.exe
Description=Browser hijacker - redirecting to pages2start.com
Source=Paul Collins Startup list

[STARTPAGE]
Number=9968
Confirmed=U
Filename=start1.exe
Description=<a href="http://www.nospy.org/1/" target=_blank>NoSpy.org</a> - prevents spyware from changing your startpage and other browser properties. The start1.exe file is located in a NOSPY.ORG folder
Source=Paul Collins Startup list

[StartStop]
Number=9969
Confirmed=U
Filename=STARTSTOP.EXE
Description=<a href="http://www.tfi-technology.com/startstop/default.htm" target="_blank">StartStop</a> from TFI Technology - startup manager
Source=Paul Collins Startup list

[StartSurfing]
Number=9970
Confirmed=U
Filename=STARTS.exe
Description=<a href="http://www.startsurfing.com" target="_blank">Start Surfing</a> allows you to protect your privacy while surfing and searching the Internet by acting as a &quot;filter&quot; between you and the website you are visiting. Startsurfing acts as your shield from Pop Up Windows, Mouse Traps, Window Resizing, and scripts that attempt to record your personal information. Available via Start -> Programs
Source=Paul Collins Startup list

[Startup]
Number=9971
Confirmed=N
Filename=??
Description=Related to an Iomega drive
Source=Paul Collins Startup list

[Startup]
Number=9972
Confirmed=X
Filename=WinlogonStartup
Description=Unidentified malware
Source=Paul Collins Startup list

[Startup]
Number=9973
Confirmed=X
Filename=mirc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfloodeu.html" target=_blank>FLOOD-EU</a> TROJAN! An uninstall option for mirc.exe can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as mIRC. This one puts 10 files in the Windows or Winnt folder
Source=Paul Collins Startup list

[Startup Configuration]
Number=9974
Confirmed=X
Filename=[six character filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotarv.html" target=_blank>RBOT-ARV</a> WORM!
Source=Paul Collins Startup list

[Startup Configuration]
Number=9975
Confirmed=X
Filename=wztoid.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasd.html" target=_blank>RBOT-ASD</a> WORM!
Source=Paul Collins Startup list

[Startup Launcher GUI]
Number=9976
Confirmed=?
Filename=GUI.exe
Description=<font color="#FF0000">Startup manager?</font>
Source=Paul Collins Startup list

[Startup Manager Scanner]
Number=9977
Confirmed=U
Filename=StartupMonitor.exe
Description=<a href="http://www.startupmechanic.com/" target=_blank>Startup-Mechanic</a> Startup monitor - offers boot protection of your PC from harmful trojans, adult-dialers, and other scumware
Source=Paul Collins Startup list

[Startup Scan]
Number=9978
Confirmed=Y
Filename=Sensor.EXE
Description=<a href="http://www.quickheal.co.in/" target="_blank">AntiVirus Quick Heal</a> - scheduling agent
Source=Paul Collins Startup list

[Startup Update]
Number=9979
Confirmed=X
Filename=Cvshost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
Source=Paul Collins Startup list

[StartupBin]
Number=9980
Confirmed=X
Filename=iwnujdss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxz.html" target= blank>SDBOT-XZ</a> WORM!
Source=Paul Collins Startup list

[StartupMonitor]
Number=9981
Confirmed=U
Filename=StartupMonitor.exe
Description=Mike Lin's <a href="http://www.mlin.net/StartupMonitor.shtml" target="_blank"> StartupMonitor</a>, throws up an alert and asks your permission every time any change is made to your start-up configuration, either in the registry or start menu
Source=Paul Collins Startup list

[startwin]
Number=9982
Confirmed=X
Filename=startwin.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042516-2104-99" target= blank>ANTIMAN.A</a> WORM!
Source=Paul Collins Startup list

[startwindowskeyuser]
Number=9983
Confirmed=X
Filename=rundle2.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2001-101114-0924-99" target="_blank">JAVAKILLER</a> TROJAN!
Source=Paul Collins Startup list

[Stat 'n' Perf]
Number=9984
Confirmed=N
Filename=StatnPerf.exe
Description=<a href="http://www.soft4ever.com/StatnPerf/En/" target="_blank">Stat 'n' Perf </a>monitors your internet connection and displays information about sent and received bytes
Source=Paul Collins Startup list

[StatBar]
Number=9985
Confirmed=X
Filename=STATBAR.exe
Description=<a href="http://www.statbar.nl/" target="_blank">StatBar</a>&nbsp;(system status bar) allows you to quickly get an overview of your system's condition (memory, CPU, uptime, and much more). Due to the sheer number of resources (over 60%) consumed by this program, it is unsuitable for Windows 95/98/SE/Me
Source=Paul Collins Startup list

[State Service]
Number=9986
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdadobracp.html" target=_blank>DADOBRA-CP</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[StationPlaylistStudio]
Number=9987
Confirmed=U
Filename=SPLStudio.exe
Description=<a href="http://www.stationplaylist.com/studio.html" target="_blank">StationPlaylist Studio</a> - "simple to use on-air broadcast playback software for the studio and/or DJ" for small to medium sized radio broadcasters, and internet webcasters
Source=Paul Collins Startup list

[Statistics]
Number=9988
Confirmed=X
Filename=statslist.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32opankis.html" target=_blank>OPANKI-S</a> WORM!
Source=Paul Collins Startup list

[Status Monitor]
Number=9989
Confirmed=N
Filename=BrMfcWnd.exe
Description=Brother scanner status monitor - can be started manually

Source=Paul Collins Startup list

[Status Monitor XE]
Number=9990
Confirmed=N
Filename=ENGSS.EXE
Description=The Xerox Document WorkCentre XE Series Status Monitor displays information about your printer and currently active or waiting print jobs. You can use it to control your printing environment and manage your printing operations. Available via Start -> Programs
Source=Paul Collins Startup list

[StatusClient]
Number=9991
Confirmed=?
Filename=StatusClient.exe
Description=Part of Hewlett Packard network printer drivers
Source=Paul Collins Startup list

[StatusClient 2.6]
Number=9992
Confirmed=?
Filename=StatusClient.exe
Description=Part of Hewlett Packard network printer drivers
Source=Paul Collins Startup list

[StatusView]
Number=9993
Confirmed=N
Filename=StatusView.exe
Description=<a href="http://www.idpcorp.com/sv/index.html" target=_blank>Status View</a> intra-office messaging

Source=Paul Collins Startup list

[Stay Connected!]
Number=9994
Confirmed=N
Filename=StayCon.exe
Description=More than just a pinger, actually simulates online activity. Supports AOL, NetZero, MSN, ATT WorldNet, CompuServe and many other ISPs as well. Available via Start -> Programs
Source=Paul Collins Startup list

[StayAlive]
Number=9995
Confirmed=U
Filename=StayAlive.Exe
Description=Part of <a href="http://www.semsoftware.com/" target=_blank>RealSPEED</a> - tweaking utility to speed-up your internet connection. Stay connected even after a period of inactivity on the net

Source=Paul Collins Startup list

[StayAlive]
Number=9996
Confirmed=U
Filename=sa.exe
Description=<a href="http://www.tfi-technology.com/stayalive.htm" target="_blank">StayAlive</a> from TFI Technology.&nbsp;&quot;This top-notch tool intercepts crashes when they happen, keeping your programs running so you can save your work.&quot;
Source=Paul Collins Startup list

[STBVision]
Number=9997
Confirmed=?
Filename=STBVisn.exe
Description=Related to the STB Velocity graphics card. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[STBWEBTV]
Number=9998
Confirmed=N
Filename=STBWEBTV.EXE
Description=Used to display TV on your PC
Source=Paul Collins Startup list

[stcinstaller]
Number=9999
Confirmed=X
Filename=id53.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SCTHOUGHT.L" target=_blank>SCTHOUGHT.L</a> TROJAN! 
Source=Paul Collins Startup list

[stcloader]
Number=10000
Confirmed=X
Filename=stcloader.exe
Description=Popup adware by 2ndThought software
Source=Paul Collins Startup list

[stcloader]
Number=10001
Confirmed=X
Filename=STCLOA~1.exe
Description=Popup adware by 2ndThought software
Source=Paul Collins Startup list

[STCLOA~1]
Number=10002
Confirmed=X
Filename=stcloader.exe
Description=Popup adware by 2ndThought software
Source=Paul Collins Startup list

[STCLOA~1]
Number=10003
Confirmed=X
Filename=STCLOA~1.exe
Description=Popup adware by 2ndThought software
Source=Paul Collins Startup list

[STCPO]
Number=10004
Confirmed=Y
Filename=STCPO.exe
Description=Sophos Sweep antivirus software
Source=Paul Collins Startup list

[StdAFX]
Number=10005
Confirmed=X
Filename=stdafx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotaf.html" target="_blank">DELBOT-AF</a> WORM!
Source=Paul Collins Startup list

[stdlib]
Number=10006
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojperdae.html" target=_blank>PERDA-E</a> TROJAN!
Source=Paul Collins Startup list

[STDSB]
Number=10007
Confirmed=Y
Filename=STDSB.exe
Description=Scrollbar driver for notebooks. If taken out of the Startup, it will not provide scrolling
Source=Paul Collins Startup list

[Stealth Anonymizer 2.5]
Number=10008
Confirmed=U
Filename=stealth25.exe
Description=Now named <a href="http://www.securityconfig.com/software/desktopsecurity/stealther.html" target="_blank">Stealther</a> - proxy server agent that lets you travel the Internet with maximum possible privacy
Source=Paul Collins Startup list

[stealth.dcom.exe]
Number=10009
Confirmed=X
Filename=stealth.dcom.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-090610-3305-99" target=_blank>THEALS.A</a> WORM!
Source=Paul Collins Startup list

[stealth.ddos.exe]
Number=10010
Confirmed=X
Filename=stealth.ddos.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-090610-3305-99" target=_blank>THEALS.A</a> WORM!
Source=Paul Collins Startup list

[stealth.exe]
Number=10011
Confirmed=X
Filename=stealth.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-090610-3305-99" target=_blank>THEALS.A</a> WORM!
Source=Paul Collins Startup list

[stealth.injector.exe]
Number=10012
Confirmed=X
Filename=stealth.injector.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-090610-3305-99" target=_blank>THEALS.A</a> WORM!
Source=Paul Collins Startup list

[stealth.stat.exe]
Number=10013
Confirmed=X
Filename=stealth.stat.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-090610-3305-99" target=_blank>THEALS.A</a> WORM!
Source=Paul Collins Startup list

[stealth.wm.exe]
Number=10014
Confirmed=X
Filename=stealth.wm.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-090610-3305-99" target=_blank>THEALS.A</a> WORM!
Source=Paul Collins Startup list

[stealth.worm.exe]
Number=10015
Confirmed=X
Filename=stealth.worm.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-090610-3305-99" target=_blank>THEALS.A</a> WORM!
Source=Paul Collins Startup list

[Steam]
Number=10016
Confirmed=N
Filename=steam.exe
Description=Valve Software's <a href="http://www.steampowered.com/" target="_blank">STEAM</a> broadband game client. Steam is Valve's new way of getting games into your hands ASAP. Games like Half-Life, Counter-Strike, and Counter-Strike: Condition Zero are all being made available through Steam. Steam games are automatically kept up-to-date with the latest content and revisions. Steam also includes an instant-message client which even works while you're in-game
Source=Paul Collins Startup list

[steam]
Number=10017
Confirmed=X
Filename=steam.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajt.html" target=_blank>RBOT-AJT</a> WORM! Note - the file steam.exe will be found in the Windows\System folder and is not associated with Valve Software's game client
Source=Paul Collins Startup list

[SteFanie]
Number=10018
Confirmed=X
Filename=SteFanie.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-092216-3721-99" target=_blank>STEFAN</a> WORM! Note - make sure you check the hyperlink as this one copies it's self to numerous dirves and folders
Source=Paul Collins Startup list

[stgclean]
Number=10019
Confirmed=?
Filename=w32main2.exe
Description=Related to IBM Standard Software Installer.  <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[Stickies]
Number=10020
Confirmed=N
Filename=STICKIES.EXE
Description=<a href="http://www.btinternet.com/~tom.revell/" target="_blank">Stickies</a> - utility that allows you to put yellow &quot;Post-It&quot; type messages on your desktop and can be used to set reminders. Available via Start -> Programs
Source=Paul Collins Startup list

[Sticky Notes]
Number=10021
Confirmed=N
Filename=stikynot.exe
Description=Microsoft Sticky Notes - virtual sticky notes tool
Source=Paul Collins Startup list

[Sticky Pad]
Number=10022
Confirmed=U
Filename=StickyPad.exe
Description=<a href="http://www.greeneclipsesoftware.com/" target="_blank">Sticky Pad</a> from Green Eclipse. Place sticky notes on your desktop
Source=Paul Collins Startup list

[StickyNote]
Number=10023
Confirmed=N
Filename=StickyNote.exe
Description=Utility that allows you to put yellow &quot;Post-It&quot; type messages on your desktop. Available via Start -> Programs
Source=Paul Collins Startup list

[StillImageMonitor]
Number=10024
Confirmed=U
Filename=Stimon.exe
Description=Stimon.exe enables a USB still-image device (such as a scanner) to initiate data transfer to a program. For example, if your scanning device has a scan button, it may start a program and begin scanning when you press it. Create a shortcut and start it manually when needed if your scanner otherwise fails to scan. May be required for your USB scanner to work - including all HP scanners and some of their SCSI scanners
Source=Paul Collins Startup list

[stisrv]
Number=10025
Confirmed=X
Filename=stisrv.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BQF&VSect=P" target=_blank>RBOT.BQF</a> WORM!
Source=Paul Collins Startup list

[stlbdist]
Number=10026
Confirmed=X
Filename=rundll32exe stlbdist.DLL, DllRunMain
Description=Hijacker pointing to www.searchandclick.com
Source=Paul Collins Startup list

[stlbupdt]
Number=10027
Confirmed=X
Filename=rundll32.exe stlbupdt.DLL, DllRunMain
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrowserAid&threatid=3342" target="_blank">BrowserAid/BrowserPal</a> foistware
Source=Paul Collins Startup list

[STManager]
Number=10028
Confirmed=N
Filename=drst.exe
Description=Dr. SpeedTouch is some sort of diagnostics software which sends out information to a server which then relays the information back to the program to test the network to see if the SpeedTouch ADSL modem connection is working properly. Not required if connected via Ethernet (and probably USB). Can cause a slow down in Win2K - see <a href="http://flr.free.fr/spip/article.php?id_article=56" target=_blank>here</a>
Source=Paul Collins Startup list

[stmha]
Number=10029
Confirmed=X
Filename=wkfxi.js
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120915-5126-99" target=_blank>SPETH</a> WORM!
Source=Paul Collins Startup list

[stonedrv]
Number=10030
Confirmed=X
Filename=stonedrv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcosiamk.html" target="_blank">COSIMA-K</a> TROJAN!
Source=Paul Collins Startup list

[StopSignSsTsMon]
Number=10031
Confirmed=U
Filename=sstsmon.dll, VerifyStatus
Description=eAcceleration Stop-Sign security software related. Previously not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">here</a>
Source=Paul Collins Startup list

[StopSignStatus]
Number=10032
Confirmed=U
Filename=stopsinfo.dll
Description=eAcceleration Stop-Sign security software related. Previously not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">here</a>
Source=Paul Collins Startup list

[STOPzilla]
Number=10033
Confirmed=U
Filename=Stopzilla.exe
Description=<a href="http://www.stopzilla.com/site/default.asp?AID=10000&amp;AAID=&amp;type=&amp;topic=&amp;source=&amp;dd=&amp;SID=350721059-200314-2-15-54-54&amp;dre=" target="_blank">StopZilla!</a> - pop-up killer

Source=Paul Collins Startup list

[STOPzilla Service]
Number=10034
Confirmed=U
Filename=SZNTSVC.EXE
Description=<a href="http://www.stopzilla.com/site/default.asp?AID=10000&amp;AAID=&amp;type=&amp;topic=&amp;source=&amp;dd=&amp;SID=350721059-200314-2-15-54-54&amp;dre=" target="_blank">StopZilla!</a> - pop-up killer

Source=Paul Collins Startup list

[StorageGuard]
Number=10035
Confirmed=U
Filename=sgtray.exe
Description=<a href="http://www.veritas.com/products/category/ProductDetail.jhtml?productId=storageguard" target="_blank">StorageGuard</a> from Veritas. Free utility that integrates with Backup MyPC (formerly Backup Exec Desktop), Simple Backup and MS Backup. Provides system tray access and background monitoring - warning you of files that haven't recently been backed up. Required unless you backup manually on a regular basis or have scheduled backups&nbsp;
Source=Paul Collins Startup list

[STPMGR]
Number=10036
Confirmed=?
Filename=STPMGR.EXE
Description=<font color="#FF0000">Part of <a href="http://safetp.cs.berkeley.edu/" target="_blank">SafeTP</a> which is transparent FTP security software. Does it need to be running permanently or can it be started manually via Start -&gt; Programs</font>
Source=Paul Collins Startup list

[stratas]
Number=10037
Confirmed=X
Filename=xmconfig.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahr.html" target=_blank>RBOT-AHR</a> WORM!
Source=Paul Collins Startup list

[stratas]
Number=10038
Confirmed=X
Filename=lockx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotadd.html" target=_blank>SDBOT-ADD</a> WORM!
Source=Paul Collins Startup list

[Stratas]
Number=10039
Confirmed=X
Filename=ggfig.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPANKI.W" target=_blank>OPANKI.W</a> WORM!
Source=Paul Collins Startup list

[StreamAppliance]
Number=10040
Confirmed=X
Filename=wuauclt14.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/w32rbotgmb.html" target="_blank">RBOT-GMB</a> WORM!
Source=Paul Collins Startup list

[StreamAppliance]
Number=10041
Confirmed=X
Filename=wuauclt16.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgme.html" target="_blank">RBOT-GME</a> WORM!
Source=Paul Collins Startup list

[Streamload Downloader]
Number=10042
Confirmed=N
Filename=SlDB.exe
Description=Downloader for <a href="http://www.mediamax.com/" target="_blank">MediaMax</a> (was Streamload) - "gives you a private and secure place to upload, store, access, and share your personal videos, photos, movies, music, and files"
Source=Paul Collins Startup list

[Streamload Uploader]
Number=10043
Confirmed=N
Filename=StreamMgr.exe
Description=Uploader for <a href="http://www.mediamax.com/" target="_blank">MediaMax</a> (was Streamload) - "gives you a private and secure place to upload, store, access, and share your personal videos, photos, movies, music, and files"
Source=Paul Collins Startup list

[StreamZap Remote]
Number=10044
Confirmed=U
Filename=zremote.exe
Description=<a href="http://www.streamzap.com/" target=_blank>StreamZap PC Remote</a> - control Windows Media Player, iTunes, RealPlayer, Winamp, PowerPoint, MusicMatch Jukebox, and many other multimedia applications
Source=Paul Collins Startup list

[StrgSync.exe]
Number=10045
Confirmed=U
Filename=StrgSync.exe
Description=SimpleTech Inc's StorageSync backup software - backs up an entire PC, or selected files and folders
Source=Paul Collins Startup list

[strmsnmgrs]
Number=10046
Confirmed=X
Filename=msnxmsgrsc.exe
Description=Added by the <a href="http://sandbox.norman.no/live_5.html?logfile=276607&menulang=" target=_blank>SDBOT.JDR</a> WORM!

Source=Paul Collins Startup list

[strmsnmsgr]
Number=10047
Confirmed=X
Filename=msnmsgrs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotacq.html" target= blank>RBOT-ACQ</a> WORM!
Source=Paul Collins Startup list

[strmsnmsgrs]
Number=10048
Confirmed=X
Filename=msnmsgrsc.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[strmsnnms]
Number=10049
Confirmed=X
Filename=msnmegrs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsdbotyu.html" target=_blank>SDBOT-YU</a> TROJAN!
Source=Paul Collins Startup list

[strmsnnrs]
Number=10050
Confirmed=X
Filename=msnmcgrs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojrbotact.html" target=_blank>RBOT-ACT</a> TROJAN!
Source=Paul Collins Startup list

[strmsoums]
Number=10051
Confirmed=X
Filename=msnmegrse.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsdbotzk.html" target=_blank>SDBOT-ZK</a> TROJAN!
Source=Paul Collins Startup list

[Strng32]
Number=10052
Confirmed=X
Filename=strngbox.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090512-2651-99" target="_blank">STRANO</a> WORM!
Source=Paul Collins Startup list

[StrokeIt]
Number=10053
Confirmed=U
Filename=strokeit.exe
Description=<a href="http://www.tcbmi.com/strokeit/" target=_blank>StrokeIt</a> is an "advanced mouse gesture recognition engine and command processor"
Source=Paul Collins Startup list

[strtas]
Number=10054
Confirmed=X
Filename=lock1.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotadq.html" target=_blank>SDBOT-ADQ</a> WORM!
Source=Paul Collins Startup list

[strtas]
Number=10055
Confirmed=X
Filename=lockx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaeb.html" target=_blank>SDBOT-AEB</a> WORM!
Source=Paul Collins Startup list

[strtas]
Number=10056
Confirmed=X
Filename=l074.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentii.html" target=_blank>AGENT-II</a> TROJAN!
Source=Paul Collins Startup list

[strtas]
Number=10057
Confirmed=X
Filename=loc1.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotazu.html" target=_blank>RBOT-AZU</a> TROJAN!
Source=Paul Collins Startup list

[strto]
Number=10058
Confirmed=X
Filename=strto.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkillprocf.html" target= blank>KILLPROC-F</a> TROJAN!
Source=Paul Collins Startup list

[strto]
Number=10059
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkillavap.html" target=_blank>KILLAV-AP</a> TROJAN!
Source=Paul Collins Startup list

[Sts]
Number=10060
Confirmed=X
Filename=iwnujdss2.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotyi.html" target=_blank>SDBOT-YI</a> WORM!
Source=Paul Collins Startup list

[Stubbish]
Number=10061
Confirmed=X
Filename=Stubbish.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32stubbota.html" target=_blank>STUBBOT-A</a> WORM!
Source=Paul Collins Startup list

[StubPath]
Number=10062
Confirmed=X
Filename=Sservice.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-061315-4216-99" target="_blank">PRORAT</a> TROJAN!
Source=Paul Collins Startup list

[stup]
Number=10063
Confirmed=X
Filename=138762763.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfirespya.html" target="_blank">FIRESPY-A</a> TROJAN! It will attempt to register the dropped component as a Firefox plugin and begin monitoring the user's browsing habits, stealing information including monitoring and logging information from Web forms
Source=Paul Collins Startup list

[StupAssist]
Number=10064
Confirmed=N
Filename=StupAssist.exe
Description=Associated with Nikon digital cameras
Source=Paul Collins Startup list

[stxrmsgms]
Number=10065
Confirmed=X
Filename=mstats.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotae.html" target=_blank>IRCBOT-AE</a> TROJAN!
Source=Paul Collins Startup list

[StyleXP]
Number=10066
Confirmed=U
Filename=StyleXP.exe
Description=<a href="http://www.tgtsoft.com/prod_sxp.php" target="_blank">StyleXP</a> allows you customize the way WinXP looks. If disabled via msconfig it re-instates itself at reboot, therefore uninstall it if you don't want it
Source=Paul Collins Startup list

[SubAH]
Number=10067
Confirmed=X
Filename=SubAH.exe
Description=Added by the SUBAH TROJAN!
Source=Paul Collins Startup list

[Subliminal Power]
Number=10068
Confirmed=U
Filename=Subliminal.exe
Description=<a href="http://www.subliminal-power.com/mind/" target="_blank">Subliminal Power</a> - displays subliminal messages of your choice on your computer screen
Source=Paul Collins Startup list

[Subtract the Ads]
Number=10069
Confirmed=N
Filename=AdSub.exe
Description=Removes adverts from web pages. Although useful - not required
Source=Paul Collins Startup list

[suck]
Number=10070
Confirmed=X
Filename=l0ad.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[Suitcase Startup]
Number=10071
Confirmed=U
Filename=Suitcase.exe
Description=<a href="http://www.extensis.com/en/products/font_management/index.jsp?locale=en_US" target="_blank">Suitcase</a> - system font manager start up utility. Used for dynamic managment of fonts on your system
Source=Paul Collins Startup list

[Suite]
Number=10072
Confirmed=X
Filename=SuiteOffices.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022716-1619-99" target=_blank>LAZAR</a> TROJAN!
Source=Paul Collins Startup list

[SULFNBJ.EXE]
Number=10073
Confirmed=X
Filename=SULFNBJ.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_MAGISTR.DAM" target="_blank">PE_MAGISTR.DAM</a> VIRUS!
Source=Paul Collins Startup list

[Sun Java Console for Windows NT & XP]
Number=10074
Confirmed=X
Filename=jconsole.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vanebotc.html" target="_blank">VANEBOT-C</a> WORM!
Source=Paul Collins Startup list

[Sunasdtserv]
Number=10075
Confirmed=U
Filename=Sunasdtserv.exe
Description=<a href="http://www.sunbelt-software.com/CounterSpy.cfm" target="_blank">CounterSpy</a> by Sunbelt Software - adware/spyware protection
Source=Paul Collins Startup list

[sunasServ]
Number=10076
Confirmed=U
Filename=sunasServ.exe
Description=<a href="http://www.sunbelt-software.com/CounterSpy.cfm" target="_blank">CounterSpy</a> by Sunbelt Software - adware/spyware protection
Source=Paul Collins Startup list

[SunJavaSched]
Number=10077
Confirmed=X
Filename=ccEvtMngr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotyp.html" target=_blank>SDBOT-YP</a> WORM!
Source=Paul Collins Startup list

[SunJavaSched Updater]
Number=10078
Confirmed=X
Filename=avamx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabj.html" target= blank>RBOT-ABJ</a> WORM!
Source=Paul Collins Startup list

[SunJavaUpdate]
Number=10079
Confirmed=X
Filename=smvss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdedlerg.html" target=_blank>DEDLER-G</a> TROJAN!
Source=Paul Collins Startup list

[SunJavaUpdateSched]
Number=10080
Confirmed=N
Filename=jusched.exe
Description=Checks with Sun's Java updates site to see if newer Java versions are available. Visit <a href="http://java.sun.com" target="_blank"> http://java.sun.com</a> or just run the Java Plug-In Control Panel
Source=Paul Collins Startup list

[SunJavaUpdateSched]
Number=10081
Confirmed=X
Filename=scvhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotavx.html" target=_blank>SDBOT-AVX</a> WORM!
Source=Paul Collins Startup list

[SunJavaUpdateSched]
Number=10082
Confirmed=X
Filename=javamx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwi.html" target= blank>SDBOT-WI</a> WORM!
Source=Paul Collins Startup list

[Sunkist]
Number=10083
Confirmed=U
Filename=shwicon98.exe
Description=Card reader for memory cards from digital cameras, etc
Source=Paul Collins Startup list

[Sunkist2k]
Number=10084
Confirmed=U
Filename=shwicon2k.exe
Description=Card reader for memory cards from digital cameras, etc
Source=Paul Collins Startup list

[SunKistEM]
Number=10085
Confirmed=U
Filename=shwiconem.exe
Description=Used by your computer to communicate with your <a href="http://www.alcormicro.com/products_list.php?main_id=5" target=_blank>Alcor Micro</a> Multimedia Card Reader - necessary if you're using this software
Source=Paul Collins Startup list

[SuNotification]
Number=10086
Confirmed=U
Filename=suatshut.exe
Description=<a href="http://www.shadowstor.com/products/ShadowSurfer/" target=_blank>ShadowSurfer</a> - "provides a safe computing environment by creating a virtual twin of your PC. Restore the pre-ShadowMode system state no matter what changes have occurred to your PC"
Source=Paul Collins Startup list

[SunProtectionServer]
Number=10087
Confirmed=U
Filename=SunProtectionServer.exe
Description=<a href="http://www.sunbelt-software.com/CounterSpy.cfm" target="_blank">CounterSpy</a> antispyware software
Source=Paul Collins Startup list

[SunServer]
Number=10088
Confirmed=U
Filename=SunServer.exe
Description=<a href="http://www.sunbelt-software.com/CounterSpy.cfm" target="_blank">CounterSpy</a> antispyware software
Source=Paul Collins Startup list

[SupaDial]
Number=10089
Confirmed=?
Filename=SupaDial.exe
Description=SupaNet.com modem driver related - <font color="#FF0000">is it required?</font>
Source=Paul Collins Startup list

[Supastatus]
Number=10090
Confirmed=N
Filename=status.exe
Description=<a href="http://www.supanet.com/" target="_blank">Supanet</a> ISP software
Source=Paul Collins Startup list

[supdate2.dll]
Number=10091
Confirmed=X
Filename=rundll32.exe [path] supdate2.dll
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzlobvl.html" target="_blank">ZLOB-VL</a> TROJAN!
Source=Paul Collins Startup list

[super]
Number=10092
Confirmed=X
Filename=fuckbx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineageh.html" target=_blank>LINEAGE-H</a> TROJAN!
Source=Paul Collins Startup list

[super]
Number=10093
Confirmed=X
Filename=super.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotqt.html" target= blank>AGOBOT-QT</a> WORM!
Source=Paul Collins Startup list

[Super Popup Blocker]
Number=10094
Confirmed=U
Filename=popkill.exe
Description=Saga <a href="http://www.zg2008.com/" target="_blank">Super Popup Blocker</a> - pop-up stopper
Source=Paul Collins Startup list

[Super X Desktop Version 3.4]
Number=10095
Confirmed=U
Filename=SXDesk.exe
Description=<a href="http://www.ajivasoft.com/super-x-desktop.htm" target=_blank>Super X Desktop</a> - virtual desktop manager
Source=Paul Collins Startup list

[SuperAdBlocker]
Number=10096
Confirmed=U
Filename=SAdBlock.exe
Description=<a href="http://superadblocker.com/" target="_blank">SuperAdBlocker</a>
Source=Paul Collins Startup list

[SUPERAntiSpyware]
Number=10097
Confirmed=U
Filename=SUPERAntiSpyware.exe
Description="<a href="http://www.superantispyware.com/" target="_blank">SUPERAntiSpyware</a> is the most thorough scanner on the market. Our Multi-Dimensional Scanning and Process Interrogation Technology will detect spyware that other products miss! SUPERAntiSpyware will remove ALL the Spyware, NOT just the easy ones!"
Source=Paul Collins Startup list

[SuperBar.Component]
Number=10098
Confirmed=X
Filename=[path to services.exe]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallaq.html" target="_blank">SMALL-AQ</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in an "Inetsrv" subfolder
Source=Paul Collins Startup list

[SuperBar.Component]
Number=10099
Confirmed=X
Filename=services.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080316-2013-99" target="_blank">FakeMessage/AdRotator</a> adware. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in an "Inetsrv" subfolder
Source=Paul Collins Startup list

[Supercleaner]
Number=10100
Confirmed=U
Filename=Supercleaner.exe
Description=<a href="http://www.softandco.com/redir.html?u=http://www.SouthBayPC.com/SuperCleaner&amp;pn=SuperCleaner" target="_blank">Supercleaner</a> - all in one disk cleaner for your computer
Source=Paul Collins Startup list

[SuperCool Compress Backup]
Number=10101
Confirmed=U
Filename=Main.exe
Description=&quot;<a href="http://www.supercoolbookmark.com/zipbackup/">SuperCool Zip Backup</a> software is a data backup,restore and file synchronization program"
Source=Paul Collins Startup list

[SuperHeissSex]
Number=10102
Confirmed=X
Filename=SuperHeissSex.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-021514-1458-99" target=_blank>HeissSex</a> premium rate adult content dialer!
Source=Paul Collins Startup list

[supernews12]
Number=10103
Confirmed=X
Filename=newsd32.exe
Description=Adware, also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderjn.html" target= blank>DLOADER-JN</a> TROJAN!
Source=Paul Collins Startup list

[Supernova]
Number=10104
Confirmed=X
Filename=[worm filename]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SURNOVA.A" target="_blank">SURNOVA</a> (or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-071014-3341-99" target="_blank">SUPOVA</a>) WORM!
Source=Paul Collins Startup list

[superproxy]
Number=10105
Confirmed=X
Filename=superproxy.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelbackb.html" target="_blank">DELBACK-B</a> TROJAN!
Source=Paul Collins Startup list

[SuperRam]
Number=10106
Confirmed=U
Filename=SuperRam.exe
Description=<a href="http://www.pgware.com/downloads/" target=_blank>SuperRam</a> memory manager. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://aumha.org/win4/a/memmgmt.htm" target=_blank>SuperRam</a> article and make up your own mind
Source=Paul Collins Startup list

[superslut]
Number=10107
Confirmed=X
Filename=msslut32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32slutera.html" target="_blank">SLUTER-A</a> WORM!
Source=Paul Collins Startup list

[SuperSpamKiller Pro]
Number=10108
Confirmed=U
Filename=Ssk.exe
Description=<a href="http://www.superspamkiller.de/" target=_blank>SuperSpamKiller Pro</a> email spam blocker

Source=Paul Collins Startup list

[Supervisor.exe]
Number=10109
Confirmed=X
Filename=Supervisor.exe
Description=Has been reported to be associated with various antitrojan software like <a href="http://www.atshield.com/" target=_blank>ATS</a> and <a href="http://www.astonsoft.com/" target=_blank>PC Doorguard</a>. If so it's required in Startup - any further information is welcome
Source=Paul Collins Startup list

[support-reverse-smileys]
Number=10110
Confirmed=X
Filename=[trojan filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082314-0316-99" target=_blank>LITEBOT</a> TROJAN!
Source=Paul Collins Startup list

[supporter5]
Number=10111
Confirmed=X
Filename=supporter5.exe
Description=Part of <a href="http://www.escorcher.com/" target="_blank">eScorcher</a> anti-virus software- responsible for updates of new virus bases each time you logon to the web. Used to collect information about the user and therefore treated as spyware - now the web-site is dead
Source=Paul Collins Startup list

[SureCleanProfessional]
Number=10112
Confirmed=U
Filename=SRClean.exe
Description=<a href="http://www.panicware.com/product_sureclean.html" target=_blank>SureClean</a> PC and Internet tracks cleaner

Source=Paul Collins Startup list

[Sureshotpopupkiller]
Number=10113
Confirmed=U
Filename=Stopthepop.exe
Description=<a href="http://www.bysoft.se/sureshot/stopthepop/" target="_blank">Stop-the-Pop-Up</a> popup blocker
Source=Paul Collins Startup list

[Sureshotpopupkiller]
Number=10114
Confirmed=U
Filename=pusak.exe
Description=<a href="http://www.bysoft.se/sureshot/stopthepop/" target="_blank">Stop-the-Pop-Up</a> popup blocker
Source=Paul Collins Startup list

[SurfAccuracy]
Number=10115
Confirmed=X
Filename=sacc.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062716-0109-99" target=_blank>SurfAccuracy</a> adware
Source=Paul Collins Startup list

[SurfBuddy]
Number=10116
Confirmed=X
Filename=rundll32 [path] sbuddy.dll
Description=SurfBuddy adware - not to be confused with the legitimate SurfBuddy application by <a href="http://www.surfapps.com/surfbuddy/index.html" target=_blank>SurfApps!</a>
Source=Paul Collins Startup list

[SurfChoice]
Number=10117
Confirmed=U
Filename=SCMan.exe
Description=SCMan is a utility that can control services on WinNT from the command line. This utility can create, start, pause, stop, delete services. Furthermore it can retrieve a service's current state, get the displayname for a service and vice versa
Source=Paul Collins Startup list

[Surfer lptt01]
Number=10118
Confirmed=X
Filename=surfer.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "mssurfer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[Surfer ml097e]
Number=10119
Confirmed=X
Filename=surfer.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "mssurfer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[SurfHelper]
Number=10120
Confirmed=U
Filename=SurfHelp.exe
Description=Related to <a href="http://www.codeproject.com/shell/surfhelper.asp" target=_blank>SurfHelper</a> - a free tool to remove popup windows, clear history, control window properties of IE, and more
Source=Paul Collins Startup list

[SurfinGuard Pro]
Number=10121
Confirmed=U
Filename=winsfcm.exe
Description=SurfinGuard Pro from <a href="http://www.finjan.com/" target="_blank">Finjan</a> - internet protection software, protects against all malicious code delivered through executables, scripting files, ActiveX and Java
Source=Paul Collins Startup list

[SurfSecret]
Number=10122
Confirmed=U
Filename=ss2-full.exe
Description=&quot;House-cleaning utility that enables you to keep your computer usage to yourself. Runs quietly from the system tray, eliminating tell-tale files at a regular interval of your choosing. You can set it to clear your Internet cache files, cookies, history, temp folder, etc. It can also clear the history of your Run and Find menus, in addition to the AOL cache&quot;
Source=Paul Collins Startup list

[SurfSideKick 2]
Number=10123
Confirmed=X
Filename=Ssk.exe
Description=<a href="http://www.spynet.com/spyware/spyware-SurfSideKick.aspx" target=_blank>SurfSideKick</a> adware
Source=Paul Collins Startup list

[SurfSideKick 3]
Number=10124
Confirmed=X
Filename=Ssk.exe
Description=<a href="http://sarc.com/avcenter/venc/data/adware.surfsidekick.html" target=_blank>SurfSideKick</a> adware
Source=Paul Collins Startup list

[SurfStream]
Number=10125
Confirmed=U
Filename=SurfStream.exe
Description=Conceiva "SurfStream lets you surf the Web faster. It contains a fully featured proxy server that lets you surf the Web significantly faster. It also blocks all pop-up windows and banner ads from Web pages. An intelligent tune-up tool automatically analyzes and optimizes your computer's Internet connection and TCP/IP settings"
Source=Paul Collins Startup list

[Surs]
Number=10126
Confirmed=X
Filename=awab.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[Surveysa]
Number=10127
Confirmed=N
Filename=surveysa.exe
Description=Found on Sony laptops, it brings up a prompt to take a survey. It goes away if you fill out the survey or you choose "never prompt me again" but keeps popping if you either exit out of it or select "take survey later"
Source=Paul Collins Startup list

[suScheduler]
Number=10128
Confirmed=U
Filename=UCLauncher.exe
Description=Related to Lenovo ThinkVantage Technologies. ThinkVantage Technologies help make ThinkPad/ThinkCentre PCs less dependent on IT staff

Source=Paul Collins Startup list

[Susp]
Number=10129
Confirmed=X
Filename=Susp.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=VX2.Transponder&threatid=12517" target=_blank>VX2.Transponder</a> parasite updater/installer related
Source=Paul Collins Startup list

[susse]
Number=10130
Confirmed=X
Filename=hpsw.exe
Description=<a href="http://vil.nai.com/vil/content/v_133315.htm" target="_blank">LinkMaker</a> adware
Source=Paul Collins Startup list

[Sustem]
Number=10131
Confirmed=X
Filename=explorer.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate Windows Explorer (explorer.exe) which would not normally appear in Msconfig/Startup unless you added it manually!
Source=Paul Collins Startup list

[SustemUpdate]
Number=10132
Confirmed=X
Filename=explorer.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate Windows Explorer (explorer.exe) which would not normally appear in Msconfig/Startup unless you added it manually!
Source=Paul Collins Startup list

[SV00LSV]
Number=10133
Confirmed=X
Filename=SV00LSV.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojgraybirdc.html" target=_blank>GRAYBIRD-C</a> TROJAN!
Source=Paul Collins Startup list

[SVA Player]
Number=10134
Confirmed=X
Filename=SVAplayer.exe
Description=<a href="http://www3.cai.com/securityadvisor/pest/pest.aspx?id=453073164="_blank">QuickFlicks Streaming Player</a> malware
Source=Paul Collins Startup list

[Svc]
Number=10135
Confirmed=X
Filename=svc.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClientMan&threatid=3754" target=_blank>ClientMan</a> parasite variant
Source=Paul Collins Startup list

[SVC]
Number=10136
Confirmed=U
Filename=svchost.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042211-0621-99" target=blank>ElfSpy</a> keystroke logger/monitoring program - remove unless you installed it yourself! Note - this is not the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=blank>svchost.exe</a> process that normally doesn't appear in Msconfig/Startup!
Source=Paul Collins Startup list

[SVC Service]
Number=10137
Confirmed=X
Filename=svcinit.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100910-5701-99" target="_blank">SINIT</a> TROJAN!
Source=Paul Collins Startup list

[SVC Service]
Number=10138
Confirmed=X
Filename=svcinit.exe
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list

[SVC Service]
Number=10139
Confirmed=X
Filename=svcpack.exe
Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#svcinit" target=_blank>Svcinit</a> parasite variant
Source=Paul Collins Startup list

[SVC Service]
Number=10140
Confirmed=X
Filename=svc32.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasc.html" target=_blank>RBOT-ASC</a> WORM!
Source=Paul Collins Startup list

[SVC Socks]
Number=10141
Confirmed=X
Filename=mstaskm.exe
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list

[Svced]
Number=10142
Confirmed=X
Filename=Svced.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-040117-4857-99" target="_blank">DELF.F</a> TROJAN!
Source=Paul Collins Startup list

[SvcH0st]
Number=10143
Confirmed=X
Filename=msexploren.exe
Description=Added by the <a href="http://vil.mcafeesecurity.com/vil/content/v_127365.htm" target="_blank">BACKDOOR-CGZ</a> TROJAN!
Source=Paul Collins Startup list

[SvcH0st]
Number=10144
Confirmed=X
Filename=SHCH.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooreb.html" target=_blank>EB</a> TROJAN!
Source=Paul Collins Startup list

[SvcH0st]
Number=10145
Confirmed=X
Filename=SVCHST.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooreb.html" target=_blank>EB</a> TROJAN!
Source=Paul Collins Startup list

[SvcH0st]
Number=10146
Confirmed=X
Filename=WINAGENT.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooreb.html" target=_blank>EB</a> TROJAN!
Source=Paul Collins Startup list

[SVCH0ST]
Number=10147
Confirmed=X
Filename=spoo1sv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbhf.html" target=_blank>HF</a> TROJAN!
Source=Paul Collins Startup list

[SVCH0ST]
Number=10148
Confirmed=X
Filename=SVCH0ST.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbik.html" target=_blank>IK</a> TROJAN! Note - the filename has the digit 0 rather then the uppercase "o"
Source=Paul Collins Startup list

[SvcH0st]
Number=10149
Confirmed=X
Filename=msnexploren.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.B</a> TROJAN!
Source=Paul Collins Startup list

[SvcH0st]
Number=10150
Confirmed=X
Filename=sdhch.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.B</a> TROJAN!
Source=Paul Collins Startup list

[SVCH0TS]
Number=10151
Confirmed=X
Filename=sp00lvs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineageaz.html" target=_blank>LINEAGE-AZ</a> TROJAN!
Source=Paul Collins Startup list

[svchast]
Number=10152
Confirmed=X
Filename=svchast.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineageav.html" target=_blank>LINEAGE-AV</a> TROJAN!
Source=Paul Collins Startup list

[svchctrl]
Number=10153
Confirmed=X
Filename=svchctrl.exe
Description=Added by the <a href="http://www.ca.com/us/securityadvisor/pest/pest.aspx?id=453098610" target="_blank">COBFINN</a> TROJAN!
Source=Paul Collins Startup list

[svchos]
Number=10154
Confirmed=X
Filename=svchos.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojezibotb.html" target="_blank">EZIBOT-B</a> TROJAN!
Source=Paul Collins Startup list

[SVCHOST]
Number=10155
Confirmed=X
Filename=svchost.exe
Description=System1060 homepage hi-jacker. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "System1060" subfolder of the Winnt or Windows folder
Source=Paul Collins Startup list

[svchost]
Number=10156
Confirmed=X
Filename=svchost.exe
Description=Added by many TROJANS amd WORMS, such as <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-041112-5839-99" target=_blank>MORB</a> or  <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-103014-5816-99" target=_blank>TARNO</a>. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which should not normally figure in Msconfig/Startup!
Source=Paul Collins Startup list

[SVCHOST]
Number=10157
Confirmed=X
Filename=mrowyekdc.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-073115-5150-99" target="_blank">GOTORM</a> WORM!
Source=Paul Collins Startup list

[svchost]
Number=10158
Confirmed=X
Filename=Svch0st.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-040217-2506-99" target="_blank">GRAYBIRD</a> and <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-041011-1708-99" target="_blank">GRAYBIRD.B</a> TROJANS! Note - the filename has the digit 0 rather then the uppercase "o"
Source=Paul Collins Startup list

[svchost]
Number=10159
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091906-4732-99" target="_blank">HAZZER</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list

[svchost]
Number=10160
Confirmed=X
Filename=ADMAGIC.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092614-0933-99" target="_blank">SMIBAG</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list

[Svchost]
Number=10161
Confirmed=X
Filename=winhost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LOLAWEB.A" target="_blank">LOLAWEB.A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list

[Svchost]
Number=10162
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href ="http://www.sophos.com/virusinfo/analyses/w32mozea.html" target=_blank>MOZE-A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list

[SVCHOST]
Number=10163
Confirmed=X
Filename=var.txt.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100416-1738-99" target="_blank">LDPINCH.C</a> TROJAN!
Source=Paul Collins Startup list

[Svchost]
Number=10164
Confirmed=X
Filename=svchosl.pif
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112220-0246-99" target=_blank>INZAE.A</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112319-1247-99" target=_blank>INZAE.B</a> WORMS!
Source=Paul Collins Startup list

[svchost]
Number=10165
Confirmed=X
Filename=[path] SETUP.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112913-5842-99" target=_blank>SETCLO</a> WORM!
Source=Paul Collins Startup list

[SVCHOST]
Number=10166
Confirmed=X
Filename=scvhost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031314-0239-99" target=_blank>MYTOB.E</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031410-4821-99" target=_blank>MYTOB.G</a> WORMS!
Source=Paul Collins Startup list

[SVCHOST]
Number=10167
Confirmed=X
Filename=taskgmr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031414-3100-99" target=_blank>MYTOB.F</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031615-3531-99" target=_blank>MYTOB.H</a> WORMS!
Source=Paul Collins Startup list

[svchost]
Number=10168
Confirmed=X
Filename=olehelp.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031918-3240-99" target=_blank>BOOKMARKER.G</a> TROJAN!
Source=Paul Collins Startup list

[SVCHOST]
Number=10169
Confirmed=X
Filename=updater32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-071019-0647-99" target=_blank>RANTS.A</a> WORM!
Source=Paul Collins Startup list

[SVCHOST]
Number=10170
Confirmed=X
Filename=SPOOLSV.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32baitapa.html" target=_blank>BAITAP-A</a> WORM! Note - "Spoolsv.exe" is located in the Windows or Winnt directory, and not in System32, like the legitimate Spoolsv.exe system file
Source=Paul Collins Startup list

[SvcHost]
Number=10171
Confirmed=X
Filename=svchost32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobottm.html" target=_blank>AGOBOT-TM</a> WORM!
Source=Paul Collins Startup list

[svchost]
Number=10172
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanhl.html" target=_blank>BANCBAN-HL</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "config" subfolder of the Winnt or Windows folder
Source=Paul Collins Startup list

[svchost]
Number=10173
Confirmed=X
Filename=[path to explorer.exe]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojunreala.html" target=_blank>UNREAL-A</a> TROJAN!
Source=Paul Collins Startup list

[svchost]
Number=10174
Confirmed=X
Filename=rundll16.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpapb.html" target=_blank>STARTPA-PB</a> TROJAN!
Source=Paul Collins Startup list

[Svchost]
Number=10175
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojadclickax.html" target=_blank>ADCLICK-AX</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Program Files\Internet Explorer folder
Source=Paul Collins Startup list

[svchost]
Number=10176
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoores.html" target=_blank>ES</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Microsoft" subfolder
Source=Paul Collins Startup list

[svchost]
Number=10177
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderev.html" target=_blank>DLOADER-EV</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Arquivos de programas" folder
Source=Paul Collins Startup list

[svchost]
Number=10178
Confirmed=X
Filename=winhelp.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031915-3501-99" target="_blank">GAOBOT.GEN!POLY</a> WORM!
Source=Paul Collins Startup list

[SVCHOST]
Number=10179
Confirmed=X
Filename=MDM.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lcjumpa.html" target="_blank">LCJUMP-A</a> WORM! Note - this is not the valid Machine Debug Manager which shares the same filename
Source=Paul Collins Startup list

[Svchost]
Number=10180
Confirmed=X
Filename=svchots.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ADK" target="_blank">RBOT.ADK</a> WORM!
Source=Paul Collins Startup list

[svchost]
Number=10181
Confirmed=X
Filename=ying.exe
Description=<a href="http://fileinfo.prevx.com/fileinfo.asp?PXC=a7c073784121" target="_blank">Constructor VC2000</a> malware
Source=Paul Collins Startup list

[SVCHOST Generic application]
Number=10182
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdaemonik.html" target=_blank>DAEMONI-K</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list

[svchost Netware Manager]
Number=10183
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-021317-3755-99" target=_blank>EXVID.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[Svchost Windows Remote Services]
Number=10184
Confirmed=X
Filename=svhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ircbotiv.html" target=_blank>IRCBOT-IV</a> WORM!
Source=Paul Collins Startup list

[svchost.exe]
Number=10185
Confirmed=X
Filename=svchost32.exe
Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#svchost32" target=_blank>Svchost32</a> parasite variant
Source=Paul Collins Startup list

[SVCHOST.EXE]
Number=10186
Confirmed=X
Filename=SVCHOST.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojwrmscana.html" target=_blank>WRMSCAN-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list

[svchost.exe]
Number=10187
Confirmed=X
Filename=[path to executeable]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankermo.html" target=_blank>BANKER-MO</a> TROJAN!
Source=Paul Collins Startup list

[svchost.exe]
Number=10188
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzapchasv.html" target=_blank>ZAPCHAS-V</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "drivers" subfolder
Source=Paul Collins Startup list

[svchost.exe]
Number=10189
Confirmed=X
Filename=swchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsadelphia.html" target="_blank">SADELPHI-A</a> TROJAN!
Source=Paul Collins Startup list

[svchost1]
Number=10190
Confirmed=X
Filename=svchost1.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.ZZ" target=_blank>AGOBOT.ZZ</a> WORM!
Source=Paul Collins Startup list

[SvcHost32]
Number=10191
Confirmed=X
Filename=svchost32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111317-1701-99" target="_blank">MIMAIL.I</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111710-5127-99" target="_blank">MIMAIL.J</a> WORMS!
Source=Paul Collins Startup list

[svchost64]
Number=10192
Confirmed=X
Filename=svchost64.exe
Description=Added by the SDBOTER.G VIRUS!
Source=Paul Collins Startup list

[svchosta]
Number=10193
Confirmed=X
Filename=svchosta.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsnifferi.html" target= blank>SNIFFER-I</a> TROJAN!
Source=Paul Collins Startup list

[svchostb]
Number=10194
Confirmed=X
Filename=svchostb.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsnifferj.html" target= blank>SNIFFER-J</a> TROJAN!
Source=Paul Collins Startup list

[svchostdll.scr]
Number=10195
Confirmed=X
Filename=svchostdll.scr
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanfm.html" target=_blank>BANCBAN-FM</a> TROJAN!
Source=Paul Collins Startup list

[SvcHosto]
Number=10196
Confirmed=X
Filename=v1rg1n.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobottk.html" target=_blank>AGOBOT-TK</a> WORM!
Source=Paul Collins Startup list

[svchostr]
Number=10197
Confirmed=X
Filename=svchostr.exe
Description=Added by an unidentified WORM or TROJAN!

Source=Paul Collins Startup list

[svchosts]
Number=10198
Confirmed=X
Filename=svchosts.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbandc.html" target=_blank>BANCBAN-DC</a> or <a href="http://www.sophos.com/virusinfo/analyses/trojbankered.html" target=_blank>BANKER-ED</a> TROJANS!
Source=Paul Collins Startup list

[svchosts.exe]
Number=10199
Confirmed=X
Filename=svchosts.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotjn.html" target= blank>AGOBOT-JN</a> WORM!
Source=Paul Collins Startup list

[svchosts.scr]
Number=10200
Confirmed=X
Filename=svchosts.scr
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbandq.html" target=_blank>BANCBAN-DQ</a> TROJAN and variants!
Source=Paul Collins Startup list

[SVCHOT]
Number=10201
Confirmed=X
Filename=SVCHOT.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqrobu.html" target=_blank>QQROB-U</a> TROJAN!
Source=Paul Collins Startup list

[svchst]
Number=10202
Confirmed=X
Filename=svchst.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rboted.html" target=_blank>KBROY-C</a> TROJAN!
Source=Paul Collins Startup list

[svcinfo]
Number=10203
Confirmed=X
Filename=svcinfo.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list

[Svclhost]
Number=10204
Confirmed=X
Filename=svcchost.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[SvcManager]
Number=10205
Confirmed=X
Filename=restore3.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentdss.html" target="_blank">AGENT-DSS</a> TROJAN!
Source=Paul Collins Startup list

[svcmon]
Number=10206
Confirmed=U
Filename=svcmon.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/spyware.personinspect.html" target="_blank">PersonInspect</a> surveillance software. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list

[svcroot]
Number=10207
Confirmed=X
Filename=svcroot.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkeylogac.html" target=_blank>KEYLOG-AC</a> TROJAN!
Source=Paul Collins Startup list

[svcshare]
Number=10208
Confirmed=X
Filename=winampXP.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32fujacksj.html" target="_blank">FUJACKS-J</a> VIRUS!
Source=Paul Collins Startup list

[svcshare]
Number=10209
Confirmed=X
Filename=spoclsv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32fujacksa.html" target="_blank">FUJACKS-A</a> VIRUS!
Source=Paul Collins Startup list

[SvcSys]
Number=10210
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-071315-3418-99" target=_blank>BANCOS.Z</a> TROJAN!
Source=Paul Collins Startup list

[Svcsys Registry Manager]
Number=10211
Confirmed=X
Filename=svcsysreg.exe
Description=Recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan-Clicker.Agent.cv
Source=Paul Collins Startup list

[svcsys32]
Number=10212
Confirmed=X
Filename=svcsys32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotll.html" target=_blank>AGOBOT-LL</a> WORM!
Source=Paul Collins Startup list

[svctask]
Number=10213
Confirmed=X
Filename=svctask.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojchuckyba.html" target=_blank>CHUCKYB-A</a> TROJAN!
Source=Paul Collins Startup list

[svcwinprocess32]
Number=10214
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-073012-2202-99" target="_blank">UPERING</a> WORM!
Source=Paul Collins Startup list

[svhoost]
Number=10215
Confirmed=X
Filename=checksys.exe
Description=Added by a downloader TROJAN of Chinese origin!
Source=Paul Collins Startup list

[SVHOST]
Number=10216
Confirmed=X
Filename=svhost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-041516-1209-99" target="_blank">MYDOOM.I</a> WORM!
Source=Paul Collins Startup list

[SVHOST]
Number=10217
Confirmed=X
Filename=SVHOST.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031116-5414-99" target=_blank>ZORI.A</a> VIRUS!
Source=Paul Collins Startup list

[Svhost Loader]
Number=10218
Confirmed=X
Filename=svshost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.G" target=_blank>AGOBOT.G</a> WORM!

Source=Paul Collins Startup list

[svhost updates]
Number=10219
Confirmed=X
Filename=Svhost.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[svhost windows services]
Number=10220
Confirmed=X
Filename=svhost8.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotwq.html" target= blank>RBOT-WQ</a> WORM!
Source=Paul Collins Startup list

[SVIDC32M]
Number=10221
Confirmed=?
Filename=SVIDC32M.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[sVideo2]
Number=10222
Confirmed=X
Filename=vxdrun6.exe
Description=<a href="http://www.sophos.com/virusinfo/analyses/dialswitchd.html" target= blank>"Switch"</a> premium rate adult content dialler
Source=Paul Collins Startup list

[sviload32]
Number=10223
Confirmed=X
Filename=sviload32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaas.html" target=_blank>RBOT-AAS</a> WORM!
Source=Paul Collins Startup list

[SVM Pop]
Number=10224
Confirmed=?
Filename=svmpop.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[svnlitup32]
Number=10225
Confirmed=X
Filename=svnlitup32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CBJ&VSect=P" target=_blank>RBOT.CBJ</a> WORM!
Source=Paul Collins Startup list

[svnloader]
Number=10226
Confirmed=X
Filename=svnload32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotacu.html" target=_blank>RBOT-ACU</a> WORM!
Source=Paul Collins Startup list

[svphost.exe]
Number=10227
Confirmed=X
Filename=svphost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.CS&VSect=T" target=_blank>AGENT.CS</a> TROJAN!
Source=Paul Collins Startup list

[SVPWUTIL]
Number=10228
Confirmed=U
Filename=SVPWUTIL.exe SVPwUTIL
Description=Part of Toshiba Hardware Setup
Source=Paul Collins Startup list

[svrrun]
Number=10229
Confirmed=X
Filename=svrrun.exe
Description=Adware hailing from Deskwizz.com

Source=Paul Collins Startup list

[svsekin]
Number=10230
Confirmed=X
Filename=svsekt.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050913-5746-99" target= blank>QQPASS.G</a> TROJAN!
Source=Paul Collins Startup list

[svshost]
Number=10231
Confirmed=X
Filename=svshost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32chodeh.html" target=_blank>CHODE-H</a> WORM!
Source=Paul Collins Startup list

[svshost]
Number=10232
Confirmed=X
Filename=messenger.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojloonyg.html" target="_blank">LOONY-G</a> TROJAN!
Source=Paul Collins Startup list

[Svshost Update Service]
Number=10233
Confirmed=X
Filename=svcbind.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.LH&VSect=P" target=_blank>MYTOB.LH</a> WORM!
Source=Paul Collins Startup list

[svshost32]
Number=10234
Confirmed=X
Filename=msgrsv32.exe
Description=Added by the RANKY.AJ TROJAN!
Source=Paul Collins Startup list

[svshost32]
Number=10235
Confirmed=X
Filename=svshost32.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[svshostdriver]
Number=10236
Confirmed=X
Filename=svshost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsdbothn.html" target=_blank>SDBOT-HN</a> TROJAN!

Source=Paul Collins Startup list

[svtcin]
Number=10237
Confirmed=X
Filename=n20050308.a.Stub.EXE
Description=Added by the <a href="http://www.superadblocker.com/definition/n20050308/" target=_blank>N20050308</a> TROJAN!

Source=Paul Collins Startup list

[svwin32]
Number=10238
Confirmed=X
Filename=unninst32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotnf.html" target=_blank>AGOBOT-NF</a> WORM!

Source=Paul Collins Startup list

[SVX Control Service]
Number=10239
Confirmed=X
Filename=svxhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotk.html" target="_blank">FORBOT-K</a> WORM!
Source=Paul Collins Startup list

[SW20]
Number=10240
Confirmed=U
Filename=sw20.exe
Description=Related to MSI's <a href="http://www.hardocp.com/article.html?art=ODAwLDI=" target=_blank>Dynamic Overclocking Technology</a>
Source=Paul Collins Startup list

[SW24]
Number=10241
Confirmed=U
Filename=sw24.exe
Description=Related to MSI's <a href="http://www.hardocp.com/article.html?art=ODAwLDI=" target=_blank>Dynamic Overclocking Technology</a>
Source=Paul Collins Startup list

[Swap Nut]
Number=10242
Confirmed=N
Filename=javaw.exe
Description=javaw.exe can be loaded by other programs at startup but in this instance it's SwapNut, a peer-to-peer file sharing and searching utility developed and marketed by File Metrics, Inc. Users can search for and find almost any type of digital file (audio, video, photos etc.) through a secure peer-to-peer network
Source=Paul Collins Startup list

[SWCaller]
Number=10243
Confirmed=X
Filename=SWcaller.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-062810-5527-99" target="_blank">Swporta</a> homepage hijacker
Source=Paul Collins Startup list

[SWCaller]
Number=10244
Confirmed=X
Filename=Swcaller2.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-062810-5527-99" target="_blank">Swporta</a> homepage hijacker
Source=Paul Collins Startup list

[Swchost]
Number=10245
Confirmed=X
Filename=Swhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoormp.html" target=_blank>MP</a> TROJAN!
Source=Paul Collins Startup list

[SWClient]
Number=10246
Confirmed=U
Filename=swsys.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-062215-5847-99" target=_blank>ActivMonAgent</a> keyboard logger/monitoring program - remove unless you installed it yourself
Source=Paul Collins Startup list

[swcroot]
Number=10247
Confirmed=X
Filename=swcroot.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsolenoa.html" target=_blank>SOLENO-A</a> TROJAN!
Source=Paul Collins Startup list

[SWd]
Number=10248
Confirmed=N
Filename=winwd.exe
Description=<a href="http://www.tropsoft.com/pcsecurity/index.htm" target="_blank">PC Security</a> from Tropical Software - lock files, password protect, etc
Source=Paul Collins Startup list

[Sweep95]
Number=10249
Confirmed=Y
Filename=ICLOAD95.EXE
Description=Part of <a href="http://www.sophos.com/products/software/" target="_blank">Sophos</a> ant-virus sofware
Source=Paul Collins Startup list

[SweetIM]
Number=10250
Confirmed=N
Filename=SweetIM.exe
Description=v<a href="http://www.sweetim.com/" target=_blank>SweetIM</a> - send fancier smiley-faces and IM graphics to friends who are using MSN Messenger. They are only able to see these advanced smiley-faces if they also have SweetIM installed
Source=Paul Collins Startup list

[Swf32]
Number=10251
Confirmed=X
Filename=AVupdate.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-062815-2337-99" target="_blank">MERKUR.E</a> WORM!
Source=Paul Collins Startup list

[Swf32]
Number=10252
Confirmed=X
Filename=_backup.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-071717-0325-99" target="_blank">SYMTEN</a> WORM!
Source=Paul Collins Startup list

[swg]
Number=10253
Confirmed=U
Filename=GoogleToolbarNotifier.exe
Description=Companion to the <a href="http://toolbar.google.com/T4/intl/en-GB/?utm_source=en_GB-et-more&utm_medium=et&utm_campaign=en_GB" target="_blank">Google Toolbar</a> that lets you keep Google as your default search engine and prevents this setting from being changed without your consent. Shouldn't remain in memory after the feature is disabled as it's a bug - see <a href="http://googlesystem.blogspot.com/2006/07/google-is-your-default-search.html" target="_blank">here</a>
Source=Paul Collins Startup list

[SwimSuitNetwork]
Number=10254
Confirmed=X
Filename=SwimSuitNetwork.exe
Description=Advertising spyware
Source=Paul Collins Startup list

[swingsys]
Number=10255
Confirmed=X
Filename=SWINGSYS.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancoscx.html" target=_blank>BANCOS-CX</a> TROJAN!
Source=Paul Collins Startup list

[Switch Off]
Number=10256
Confirmed=U
Filename=swoff.exe
Description=<a href="http://www.download.com/Switch-Off/3000-2344_4-10154101.html?tag=pub" target="_blank">Switch Off</a> - tray-based system utility that can automatically perform various frequently used operations like shutdown or restart your computer, disconnect your current dialup connection, lock workstation, etc
Source=Paul Collins Startup list

[Switchboard.com Toolbar]
Number=10257
Confirmed=N
Filename=AtHoc.exe
Description=Toolbar for the on-line version of Yellow Pages in the US - <a href="http://www.switchboard.com/" target="_blank">Switchboard.com</a>
Source=Paul Collins Startup list

[Switcher]
Number=10258
Confirmed=U
Filename=Switcher.exe
Description="On a Sony laptop with built in wireless it allows the user to select which wireless services they want to run (i.e. Wireless LAN, Bluetooth, both) when turning the wireless switch on if disabled)"
Source=Paul Collins Startup list

[switp]
Number=10259
Confirmed=X
Filename=switpa.exe
Description=<a href="http://sarc.com/avcenter/venc/data/adware.offeragent.html" target=_blank>OfferAgent</a> adware component
Source=Paul Collins Startup list

[SWL]
Number=10260
Confirmed=U
Filename=rundll32.exe [path] SWL.dll rdl
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-071818-0017-99" target="_blank">StealthWeblog</a> surveillance software. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list

[SWN2]
Number=10261
Confirmed=U
Filename=swnxt.exe
Description=Spyware removal program by TrekBlue. Previously not recommended but the latest version was delisted <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>

Source=Paul Collins Startup list

[sws.exe]
Number=10262
Confirmed=X
Filename=[random filename]
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091621-1604-99" target="_blank">Haldex</a> type adult content dialler
Source=Paul Collins Startup list

[sws.exe]
Number=10263
Confirmed=X
Filename=gd-dial.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101315-1143-99" target=_blank>Globaldialer</a> adult content premium rate dialer
Source=Paul Collins Startup list

[SwTray]
Number=10264
Confirmed=N
Filename=SWTRAY.EXE
Description=MS SideWinder game controller system tray icon. Available via Start -&gt; Programs. May have the version number after it
Source=Paul Collins Startup list

[SWTrayV4]
Number=10265
Confirmed=N
Filename=SWTrayV4.exe
Description=MS SideWinder game controller system tray icon. This is specific to version 4 of the software. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[SXGDSENU]
Number=10266
Confirmed=?
Filename=sxgdsenu.exe
Description=<font color="#FF0000">Yamaha SXG soundcard driver</font>
Source=Paul Collins Startup list

[SxgTkBar]
Number=10267
Confirmed=N
Filename=sxgtkbar.exe
Description=Yamaha SXG soundcard utility - gives quick and easy access via the system tray bar to diagnostics and configuration

Source=Paul Collins Startup list

[Sxplog]
Number=10268
Confirmed=?
Filename=sxpstub.exe
Description=Part of <a href="http://www3.ca.com/Solutions/Product.asp?ID=234" target=_blank>CA Unicenter</a> Software Delivery - manage software across various systems, from desktops and servers to PDAs and mobile phones, in a controlled and standardized way - <font color="#FF0000">is it required at startup?</font>
Source=Paul Collins Startup list

[sxrrv]
Number=10269
Confirmed=X
Filename=sxrrv.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvaxa.html" target=_blank>VAX-A</a> TROJAN!
Source=Paul Collins Startup list

[SyBot v2.1 By Sky-Dancer]
Number=10270
Confirmed=X
Filename=HPSV.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ZOTOB.I&VSect=P" target=_blank>ZOTOB.I</a> WORM!
Source=Paul Collins Startup list

[SYDNEY]
Number=10271
Confirmed=X
Filename=[file path]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090916-2243-99" target="_blank">SYNEY</a> WORM!
Source=Paul Collins Startup list

[syelimS-esreveR-troppuS]
Number=10272
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITBOT.C&VSect=P" target=_blank>LITBOT.C</a> TROJAN!
Source=Paul Collins Startup list

[Syga432te Pe432rsonal Firewall]
Number=10273
Confirmed=X
Filename=MrNo4236.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqy.html" target=_blank>RBOT-AQY</a> WORM!
Source=Paul Collins Startup list

[Sygaete Personal Firewall]
Number=10274
Confirmed=X
Filename=SyGate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotglx.html" target="_blank">RBOT-GLX</a> WORM!
Source=Paul Collins Startup list

[Sygate Peral Firewall]
Number=10275
Confirmed=X
Filename=Syga.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqk.html" target=_blank>RBOT-AQK</a> WORM!
Source=Paul Collins Startup list

[Sygate Personal 3]
Number=10276
Confirmed=X
Filename=svrv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxd.html" target= blank>RBOT-XD</a> WORM!
Source=Paul Collins Startup list

[Sygate Personal Block]
Number=10277
Confirmed=X
Filename=Studio.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbottw.html" target=_blank>RBOT-TW</a> WORM!
Source=Paul Collins Startup list

[Sygate Personal Firewall]
Number=10278
Confirmed=X
Filename=Win32x.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotkz.html" target="_blank">RBOT-KZ</a> WORM!
Source=Paul Collins Startup list

[Sygate Personal Firewall]
Number=10279
Confirmed=X
Filename=system32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.VI" target=_blank>RBOT.VI</a> WORM!
Source=Paul Collins Startup list

[Sygate Personal Firewall]
Number=10280
Confirmed=X
Filename=sysgut.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.WM&Vsect=T" target=_blank>SDBOT.WM</a> WORM!

Source=Paul Collins Startup list

[Sygate Personal Firewall]
Number=10281
Confirmed=X
Filename=Sygate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpn.html" target=_blank>RBOT-PN</a> WORM!

Source=Paul Collins Startup list

[Sygate Personal Firewall]
Number=10282
Confirmed=X
Filename=Mcafeeupdate.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.YN" target="_blank">RBOT.YN</a> WORM!
Source=Paul Collins Startup list

[Sygate Personal Firewall]
Number=10283
Confirmed=X
Filename=Sygate32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ATW" target="_blank">RBOT.ATW</a> WORM!
Source=Paul Collins Startup list

[Sygate Personal Firewall]
Number=10284
Confirmed=X
Filename=MSNSRV32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Sygate Personal Firewall]
Number=10285
Confirmed=X
Filename=service.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Sygate Personal Firewall]
Number=10286
Confirmed=X
Filename=t1ktik.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotvp.html" target=_blank>RBOT-VP</a> WORM!
Source=Paul Collins Startup list

[Sygate Personal Firewall]
Number=10287
Confirmed=X
Filename=host32.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=41525" target= blank>RBOT.ALD</a> WORM!
Source=Paul Collins Startup list

[Sygate Personal Firewall]
Number=10288
Confirmed=X
Filename=sexy.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxy.html" target= blank>RBOT-XY</a> WORM!
Source=Paul Collins Startup list

[Sygate Personal Firewall]
Number=10289
Confirmed=X
Filename=sys.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotzc.html" target= blank>RBOT-ZC</a> WORM!
Source=Paul Collins Startup list

[Sygate Personal Firewall]
Number=10290
Confirmed=X
Filename=syserror.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.UC" target="_blank">RBOT.UC</a> WORM!
Source=Paul Collins Startup list

[Sygate Personal Firewall]
Number=10291
Confirmed=X
Filename=hostserv.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BKO&VSect=P" target=_blank>RBOT.BKO</a> WORM!
Source=Paul Collins Startup list

[Sygate Personal Firewall]
Number=10292
Confirmed=X
Filename=msnmsgrs.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.XN&VSect=P" target=_blank>RBOT.XN</a> WORM!
Source=Paul Collins Startup list

[Sygate Personal Firewall]
Number=10293
Confirmed=X
Filename=Sygat.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Sygate Personal Firewall]
Number=10294
Confirmed=X
Filename=wins.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AOB&VSect=P" target=_blank>RBOT.AOB</a> WORM!
Source=Paul Collins Startup list

[Sygate Personal Firewall]
Number=10295
Confirmed=X
Filename=winxpstat.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Sygate Personal Firewall]
Number=10296
Confirmed=X
Filename=Syga.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqd.html" target=_blank>RBOT-AQD</a> WORM!
Source=Paul Collins Startup list

[Sygate Personal Firewall]
Number=10297
Confirmed=X
Filename=svchots.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ABT" target="_blank">RBOT.ABT</a> WORM!
Source=Paul Collins Startup list

[Sygate Personal Firewall Start]
Number=10298
Confirmed=X
Filename=services32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmb.html" target="_blank">RBOT-MB</a> WORM!
Source=Paul Collins Startup list

[Sygate Personal Firewall Start]
Number=10299
Confirmed=X
Filename=servic.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotry.html" target=_blank>RBOT-RY</a> WORM!
Source=Paul Collins Startup list

[Sygate Personal Port]
Number=10300
Confirmed=X
Filename=crss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpx.html" target=_blank>RBOT-PX</a> WORM!
Source=Paul Collins Startup list

[Sygate Personal Port Blocker]
Number=10301
Confirmed=X
Filename=volume.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Sygate Personal Port Blocker]
Number=10302
Confirmed=X
Filename=winupdate.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Sygate Personals Firewalls]
Number=10303
Confirmed=X
Filename=ccsrn.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[SyGateService]
Number=10304
Confirmed=U
Filename=sgserv95.exe
Description=<a href="http://www.sygate.com/" target="_blank">SyGate</a> is a useful little program that lets you share an internet connection over an intranet. Is it needed - it saves a lot of headache to just let SyGate load at startup. Available via Start -> Programs
Source=Paul Collins Startup list

[Symantec]
Number=10305
Confirmed=X
Filename=ccapp.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-071510-0336-99" target=_blank>REATLE</a> WORM! Note - this is not a Symantec file
Source=Paul Collins Startup list

[Symantec Anti Virus]
Number=10306
Confirmed=X
Filename=symantec32.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN" target=_blank>WOOTBOT</a> WORM!
Source=Paul Collins Startup list

[Symantec Antivirus professional]
Number=10307
Confirmed=X
Filename=dfrgfrat.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Symantec Autoscan]
Number=10308
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajo.html" target=_blank>RBOT-AJO</a> WORM!
Source=Paul Collins Startup list

[Symantec Configuration Loader]
Number=10309
Confirmed=X
Filename=ccApp32.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112112-1102-99" target="_blank">GAOBOT</a> WORM!
Source=Paul Collins Startup list

[Symantec Core LC]
Number=10310
Confirmed=Y
Filename=symlcsvc.exe
Description=Part of Norton AntiVirus 2004. <font color="#FF0000"> What does it do?</font>
Source=Paul Collins Startup list

[Symantec Fax Starter Edition Port]
Number=10311
Confirmed=N
Filename=OLFSNT40.EXE
Description=Offers a virtual printer as a fax machine. Can be run via a desktop shortcut
Source=Paul Collins Startup list

[Symantec NetDriver Monitor]
Number=10312
Confirmed=U
Filename=SNDMon.exe
Description=Part of Symantec's LiveUpate (eg, Norton). Not required if you run manual updates but probably require if you leave them to run automatically. Also, if one runs a small office network and SNDMon is disabled on one of the computers – then other computers disappear from the network for this computer, including shared devices like printers and scanners. Hence the "U" recommendation
Source=Paul Collins Startup list

[Symantec NetDriver Warning]
Number=10313
Confirmed=U
Filename=SNDWarn.exe
Description=Part of Symantec Live Update - displays the warning when you need to update the firewall database
Source=Paul Collins Startup list

[Symantec Secure Server]
Number=10314
Confirmed=X
Filename=svrhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotub.html" target="_blank">IRCBOT-UB</a> TROJAN!
Source=Paul Collins Startup list

[Symantec Security]
Number=10315
Confirmed=X
Filename=symantec32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-033018-3637-99" target="_blank">RANDEX.PR</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042009-1946-99" target="_blank">RANDEX.YR</a> WORMS!
Source=Paul Collins Startup list

[Symantec Security Addon]
Number=10316
Confirmed=X
Filename=nvsvc.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target="_blank">AGOBOT/GAOBOT</a> WORM! Note - do NOT confuse with the legitimate NVIDIA Driver Helper Service file of the same name as described <a href="http://www.sysinfo.org/startuplist.php?filter=nvsvc.exe" target=_blank>here</a>
Source=Paul Collins Startup list

[Symantec Security Routine Addon for Microsoft Windows]
Number=10317
Confirmed=X
Filename=navpxaw32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotqj.html" target=_blank>AGOBOT-GJ</a> TROJAN!
Source=Paul Collins Startup list

[Symantec Service]
Number=10318
Confirmed=X
Filename=ccApp.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021610-0732-99" target=_blank>AKHER.D</a> WORM! Note - this is also not the valid Norton AV file with the same filename
Source=Paul Collins Startup list

[SymantecFilterCheck]
Number=10319
Confirmed=X
Filename=svhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankereeo.html" target="_blank">BANKER-EEO</a> TROJAN!
Source=Paul Collins Startup list

[SymAV]
Number=10320
Confirmed=X
Filename=SymAV.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040716-2838-99" target="_blank">NETSKY.U</a> WORM!
Source=Paul Collins Startup list

[SymKeepAlive]
Number=10321
Confirmed=U
Filename=CKA.exe
Description=Part of <a href="http://www.symantec.com/sabu/sysworks/basic/" target="_blank">Norton SystemWorks 2003</a> - keeps a dial-up modem connection alive
Source=Paul Collins Startup list

[Symlcs]
Number=10322
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojyaspya.html" target=_blank>YASPY-A</a> TROJAN!
Source=Paul Collins Startup list

[Symmetrical Network]
Number=10323
Confirmed=X
Filename=symmec.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotn.html" target="_blank">DELBOT-N</a> WORM!
Source=Paul Collins Startup list

[SymRun]
Number=10324
Confirmed=X
Filename=N/A
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kangarooa.html" target=_blank>KANGAROO-A</a> TROJAN!
Source=Paul Collins Startup list

[SymRun]
Number=10325
Confirmed=X
Filename=ccApps.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkagena.html" target=_blank>KAGEN-A</a> TROJAN!
Source=Paul Collins Startup list

[SymTray - Norton SystemWorks]
Number=10326
Confirmed=N
Filename=SYMTRAY.EXE
Description=Keeps all System Tray icons for Norton SystemWorks together to reduce clutter. SystemWorks includes Norton Anti-Virus, Norton Utilities and Norton CleanSweep - mentioned elsewhere here. Personally I only have Norton eMail Protect running which doesn't need SymTray
Source=Paul Collins Startup list

[Synaptics Pointing Device Driver]
Number=10327
Confirmed=U
Filename=SynTPEnh.exe
Description=Synaptics touchpad tray icon. Displays status and provides quick launch to touchpad features such as scrolling and tap zones. Required on IBM Thinkpads with UnltraNav (pointstick and touchpad combo) if you don't want to loose the advanced pointstick features such as scroll
Source=Paul Collins Startup list

[Sync Data]
Number=10328
Confirmed=U
Filename=Hndsync.exe
Description=<a target="_blank" href="http://www.pocketrealestate.com/PREWireless.asp">Pocket Real Estate</a> - mobile synchronization manager
Source=Paul Collins Startup list

[Sync Server]
Number=10329
Confirmed=X
Filename=drwatsoon.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-101912-4208-99" target=_blank>WATSOON.A</a> TROJAN!
Source=Paul Collins Startup list

[Sync-It]
Number=10330
Confirmed=U
Filename=Syncit.exe
Description=<a href="http://www.tolvanen.com/syncit/" target="_blank">Sync-It</a> - synchronizes the system clock with time servers on the internet
Source=Paul Collins Startup list

[SyncAgent]
Number=10331
Confirmed=U
Filename=syncagent.exe
Description=<a href="http://www.keylogger.net/" target=blank>Ghost Keylogger</a> keystroke logger/monitoring program - remove unless you installed it yourself!

Source=Paul Collins Startup list

[Synchronization Manage]
Number=10332
Confirmed=X
Filename=rservers.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotfm.html" target=_blank>FORBOT-FM</a> WORM!
Source=Paul Collins Startup list

[Synchronization Manager]
Number=10333
Confirmed=N
Filename=mobsync.exe
Description=Find more information about its use <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;256139" target="_blank">here</a>
Source=Paul Collins Startup list

[syncman]
Number=10334
Confirmed=X
Filename=winsync.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmancsyna.html" target=_blank>MANCSYN-A</a> TROJAN!
Source=Paul Collins Startup list

[SyncManager]
Number=10335
Confirmed=X
Filename=msorunner.exe
Description=Added by a variant of the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY</a> TROJAN!
Source=Paul Collins Startup list

[SyncMon]
Number=10336
Confirmed=X
Filename=adslcomdos.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojclunkya.html" target= blank>CLUNKY-A</a> TROJAN!
Source=Paul Collins Startup list

[SyncMon]
Number=10337
Confirmed=X
Filename=fixcomdos.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojclunkyb.html" target=_blank>CLUNKY-B</a> TROJAN!
Source=Paul Collins Startup list

[SynSetup]
Number=10338
Confirmed=?
Filename=SynTP.tmp RunOnce.exe
Description=<font color="#FF0000">Probably associated Synaptics touchpads on laptops as for the SynTPEnh and SynTPLpr entries but what does it do and is it required?</font>
Source=Paul Collins Startup list

[Syntax]
Number=10339
Confirmed=X
Filename=windows32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.CQ" target=_blank>SDBOT.CQ</a> WORM!
Source=Paul Collins Startup list

[Syntax Script]
Number=10340
Confirmed=X
Filename=systacq.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-010309-3226-99" target=_blank>SDBOT.AI</a> WORM!
Source=Paul Collins Startup list

[SynTPEnh]
Number=10341
Confirmed=U
Filename=syntpenh.exe
Description=Synaptics touchpad tray icon. Displays status and provides quick launch to touchpad features such as scrolling and tap zones. Required on IBM Thinkpads with UnltraNav (pointstick and touchpad combo) if you don't want to loose the advanced pointstick features such as scroll
Source=Paul Collins Startup list

[SynTPLpr]
Number=10342
Confirmed=Y
Filename=syntplpr.exe
Description=Synaptics touchpad driver helper. Required for touchpad features to work
Source=Paul Collins Startup list

[sys]
Number=10343
Confirmed=X
Filename=regedit /s sys.reg
Description=Hijacker
Source=Paul Collins Startup list

[sys]
Number=10344
Confirmed=X
Filename=regedit sysdllwm.reg
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant - also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojfemadl.html" target= blank>FEMAD-L</a> TROJAN!
Source=Paul Collins Startup list

[Sys Ren]
Number=10345
Confirmed=X
Filename=SysRen.exe
Description=Part of <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=FlashEnhancer&threatid=14959" target="_blank">FlashEnhancer</a> adware
Source=Paul Collins Startup list

[sys************* [* = random digit]]
Number=10346
Confirmed=X
Filename=sys*************.exe [* = random digit]
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062915-3210-99" target=_blank>WINBO</a> adware
Source=Paul Collins Startup list

[Sys**.exe [* = random char]]
Number=10347
Confirmed=X
Filename=Sys**.exe [* = random char]
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
Source=Paul Collins Startup list

[Sys**32.exe [* = random char]]
Number=10348
Confirmed=X
Filename=Sys**32.exe [* = random char]
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
Source=Paul Collins Startup list

[Sys-Stat]
Number=10349
Confirmed=X
Filename=wuapdxe.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.HK" target="_blank">SDBOT.HK</a> WORM!
Source=Paul Collins Startup list

[sys008]
Number=10350
Confirmed=X
Filename=sys008.exe
Description=Hijacker, also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpagk.html" target=_blank>STARTPA-GK</a> TROJAN!
Source=Paul Collins Startup list

[sys009]
Number=10351
Confirmed=X
Filename=sys009.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpazb.html" target=_blank>STARTPA-ZB</a> TROJAN!
Source=Paul Collins Startup list

[sys201]
Number=10352
Confirmed=X
Filename=sys209.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpazy.html" target=_blank>STARTPA-ZY</a> TROJAN!
Source=Paul Collins Startup list

[Sys29]
Number=10353
Confirmed=X
Filename=win***32.exe [* = random char]
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-083109-1455-99" target=_blank>EliteBar</a> adware
Source=Paul Collins Startup list

[sys32]
Number=10354
Confirmed=X
Filename=sys32.exe
Description=Added by the <a href="http://fr.trendmicro-europe.com/smb/security_info/ve_detail.php?VName=BKDR_FLUX.E" target=_blank>FLUX.E</a> TROJAN!

Source=Paul Collins Startup list

[sys32]
Number=10355
Confirmed=X
Filename=sysx32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kvexa.html" target=_blank>KVEX-A</a> VIRUS!
Source=Paul Collins Startup list

[sys32cmd]
Number=10356
Confirmed=U
Filename=sys32win.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100918-2057-99" target=blank>Active Keylogger</a> keystroke logger/monitoring program - remove unless you installed it yourself!

Source=Paul Collins Startup list

[sys32dll]
Number=10357
Confirmed=X
Filename=sys32dll.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021614-4255-99" target=_blank>AIMDES.B</a> WORM!
Source=Paul Collins Startup list

[sys32sql]
Number=10358
Confirmed=U
Filename=sys32win.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100918-2057-99" target=blank>Active Keylogger</a> keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[sys33]
Number=10359
Confirmed=X
Filename=sys33.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotwj.html" target="_blank">AGOBOT-WJ</a> WORM!
Source=Paul Collins Startup list

[SysA]
Number=10360
Confirmed=X
Filename=win***32.exe [* = random char]
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-083109-1455-99" target=_blank>EliteBar</a> adware
Source=Paul Collins Startup list

[SysAgent]
Number=10361
Confirmed=U
Filename=SysAgent.exe
Description=SYSagent - small utility for retrieving all the hardware and software information required by anyone administering a machine and/or the network it's a part of
Source=Paul Collins Startup list

[SysAI]
Number=10362
Confirmed=X
Filename=SysAI.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=AproposMedia&threatid=14978" target="_blank">AproposMedia</a> adware
Source=Paul Collins Startup list

[SysATW]
Number=10363
Confirmed=X
Filename=sysatw.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vanebotam.html" target="_blank">VANEBOT-AM</a> WORM!
Source=Paul Collins Startup list

[SysBkup]
Number=10364
Confirmed=U
Filename=[path to file]
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-101215-0327-99" target=blank>Keyspy</a> keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[Sysbot]
Number=10365
Confirmed=U
Filename=sysbot.exe
Description=<a href="http://www.spectorsoft.com/products/Spector_Windows/index.html" target="_blank">Spector</a> - spying (or monitoring) software to record internet activity
Source=Paul Collins Startup list

[syscfg]
Number=10366
Confirmed=X
Filename=syscfg32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120215-1248-99" target="_blank">KWBOT.S</a> WORM!
Source=Paul Collins Startup list

[syscfg34.exe]
Number=10367
Confirmed=X
Filename=syscfg34.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-081509-0110-99" target="_blank">ELECTRON</a> WORM!
Source=Paul Collins Startup list

[Syscheck]
Number=10368
Confirmed=X
Filename=win.hta
Description=Browser hijacker
Source=Paul Collins Startup list

[syscheck]
Number=10369
Confirmed=X
Filename=iexplorer.exe
Description=Added by the AGENT.DM TROJAN!
Source=Paul Collins Startup list

[sysclx]
Number=10370
Confirmed=X
Filename=ntldrt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32jloka.html" target=_blank>JLOK-A</a> WORM!
Source=Paul Collins Startup list

[syscm]
Number=10371
Confirmed=X
Filename=Syscm.exe
Description=<a href="http://sarc.com/avcenter/venc/data/adware.vanish.html" target="_blank">Vanish</a> adware
Source=Paul Collins Startup list

[SysComp]
Number=10372
Confirmed=?
Filename=mssdnl.com
Description=<font color="#FF0000">Unknown but suspect as *.com are not usually run at start up and the name isn't recognized</font>
Source=Paul Collins Startup list

[syscon]
Number=10373
Confirmed=X
Filename=syscon.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040815-0934-99" target=_blank>APRILCONE.A</a> WORM!
Source=Paul Collins Startup list

[syscon lptt01]
Number=10374
Confirmed=X
Filename=syscon.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Syscon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[syscon ml097e]
Number=10375
Confirmed=X
Filename=syscon.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Syscon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[sysconfig]
Number=10376
Confirmed=X
Filename=iexplorer.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-040212-0414-99" target="_blank">CULT.C</a> WORM!
Source=Paul Collins Startup list

[SysConfig]
Number=10377
Confirmed=X
Filename=syscfg35.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-080210-2141-99" target="_blank">KAZMOR.C</a> WORM!
Source=Paul Collins Startup list

[sysconfig]
Number=10378
Confirmed=X
Filename=iexplorer.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082110-1254-99" target="_blank">CULT.H</a> WORM!
Source=Paul Collins Startup list

[SysConfig]
Number=10379
Confirmed=X
Filename=wincfg32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ZD" target=_blank>SDBOT.ZD</a> WORM!
Source=Paul Collins Startup list

[Sysconfig]
Number=10380
Confirmed=U
Filename=Stealth KeySpy.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120312-0214-99" target= blank>StealthKeySpy</a> - keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[Syscpy]
Number=10381
Confirmed=X
Filename=Syscpy.exe
Description=Firewall-bypassing, proxied spam relayer. Detected by Symantec as the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102817-2820-99" target="_blank"> HOGLE</a> TROJAN!
Source=Paul Collins Startup list

[SysCtl]
Number=10382
Confirmed=X
Filename=sysctl.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_99942.htm" target="_blank">AOK</a> TROJAN!
Source=Paul Collins Startup list

[Sysctrls]
Number=10383
Confirmed=X
Filename=procdll.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_WEEDBOTZ.14&amp;VSect=T" target="_blank">WEEDBOTZ.14</a> TROJAN!
Source=Paul Collins Startup list

[Sysctrls]
Number=10384
Confirmed=X
Filename=winupdate.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[sysdat.dll]
Number=10385
Confirmed=X
Filename=sysdat.dll.exe
Description=Added by the NISHICA 1.1 TROJAN!
Source=Paul Collins Startup list

[SysData]
Number=10386
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojranckba.html" target=_blank>RANCK-BA</a> TROJAN!
Source=Paul Collins Startup list

[SysDeskqqfx]
Number=10387
Confirmed=X
Filename=qqfx.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-011817-0936-99" target=_blank>QQPASS.H</a> TROJAN!
Source=Paul Collins Startup list

[SysDeskqqfx]
Number=10388
Confirmed=X
Filename=Runddll32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-011817-4556-99" target=_blank>CHANGGAME</a> TROJAN!
Source=Paul Collins Startup list

[SysDesktop]
Number=10389
Confirmed=X
Filename=fswanQQ.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqsenda.html" target=_blank>QQSEND-A</a> TROJAN!
Source=Paul Collins Startup list

[sysdir]
Number=10390
Confirmed=X
Filename=winrun.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-032718-1359-99" target="_blank">WINBUR.B</a> WORM!
Source=Paul Collins Startup list

[sysdll]
Number=10391
Confirmed=X
Filename=[trojan filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-091110-1633-99" target=_blank>HUGESOT</a> TROJAN!
Source=Paul Collins Startup list

[Sysdpt]
Number=10392
Confirmed=X
Filename=sysdpt.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453088371" target="_blank">CRYPT</a> trojan downloader
Source=Paul Collins Startup list

[sysdxvid]
Number=10393
Confirmed=X
Filename=sysdxvid.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdlucas.html" target=_blank>DLUCA-S</a> TROJAN!
Source=Paul Collins Startup list

[sysemls]
Number=10394
Confirmed=X
Filename=sysem.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[SysEQ]
Number=10395
Confirmed=X
Filename=svclgx32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotac.html" target=_blank>IRCBOT-AC</a> TROJAN!
Source=Paul Collins Startup list

[sysfiler]
Number=10396
Confirmed=X
Filename=sysfiler.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102615-0959-99" target="_blank">RETSAM</a> TROJAN!
Source=Paul Collins Startup list

[SYSfit]
Number=10397
Confirmed=X
Filename=SYSfit.exe
Description=<a href="http://sarc.com/avcenter/venc/data/adware.adshooter.html" target=_blank>AdShooter</a> adware variant
Source=Paul Collins Startup list

[sysflg32]
Number=10398
Confirmed=X
Filename=sysflg32.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list

[sysformat]
Number=10399
Confirmed=X
Filename=sysformat.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32baglebk.html" target=_blank>BAGLE-BK</a> WORM!
Source=Paul Collins Startup list

[sysfrcx]
Number=10400
Confirmed=X
Filename=sysfrcx.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_99916.htm" target=_blank>KEYLOG-SCLOG</a> TROJAN!
Source=Paul Collins Startup list

[syshelp]
Number=10401
Confirmed=X
Filename=syshelp.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list

[sysin]
Number=10402
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdsrca.html" target=_blank>DSRC-A</a> TROJAN!
Source=Paul Collins Startup list

[sysinfo]
Number=10403
Confirmed=X
Filename=sysinfo.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111308-2958-99" target="_blank">BEDRILL</a> TROJAN!
Source=Paul Collins Startup list

[sysinfo.exe]
Number=10404
Confirmed=X
Filename=sysinfo.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032917-3237-99" target="_blank">BEAGLE.V</a> WORM!
Source=Paul Collins Startup list

[SysInit]
Number=10405
Confirmed=X
Filename=wininit32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110912-5623-99" target="_blank">XABOT</a> WORM!
Source=Paul Collins Startup list

[sysinit]
Number=10406
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojnewifrma.html" target="_blank">NEWLFRM-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in an "golumm" subfolder
Source=Paul Collins Startup list

[Sysino]
Number=10407
Confirmed=X
Filename=lsess.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbf.html" target=_blank>FORBOT-BF</a> WORM!
Source=Paul Collins Startup list

[sysint16]
Number=10408
Confirmed=X
Filename=sysint16.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcryptera.html" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list

[Syskey]
Number=10409
Confirmed=X
Filename=sysinit.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-111612-2714-99" target=_blank>BEAGLE.AX</a> WORM!
Source=Paul Collins Startup list

[Syslib]
Number=10410
Confirmed=X
Filename=Syslib.exe
Description=Adult content related downloader trojan
Source=Paul Collins Startup list

[Syslog lptt01]
Number=10411
Confirmed=X
Filename=Syslog.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Syslog" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[Syslog ml097e]
Number=10412
Confirmed=X
Filename=Syslog.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Syslog" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[syslogin.exe]
Number=10413
Confirmed=X
Filename=syslogin.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32bagzb.html" target="_blank">BAGZ-B</a> WORM!
Source=Paul Collins Startup list

[Sysman]
Number=10414
Confirmed=U
Filename=Sysman.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060113-5958-99" target="_blank">KeyTrap</a> is a surveillance software program that records all keyboard activities. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list

[sysme]
Number=10415
Confirmed=X
Filename=sysme.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453080472" target=_blank>PSW_STEALER_C</a> TROJAN!

Source=Paul Collins Startup list

[sysmem]
Number=10416
Confirmed=X
Filename=mmsete.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060416-5102-99" target=_blank>NOPIR.C</a> WORM!
Source=Paul Collins Startup list

[sysmem]
Number=10417
Confirmed=X
Filename=outlookrem.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32nopirc.html" target=_blank>NOPIR-C</a> WORM!
Source=Paul Collins Startup list

[SysMemory manager]
Number=10418
Confirmed=X
Filename=mdms.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcimuzd.html" target=_blank>CIMUZ-D</a> TROJAN!
Source=Paul Collins Startup list

[SysMetrix]
Number=10419
Confirmed=U
Filename=SysMetrix.exe
Description=<a href="http://www.xymantix.com/sysmetrix/" target="_blank">SysMetrix</a> - skinnable clock and metering application. It monitors and reports on a great number of statistics
Source=Paul Collins Startup list

[sysMett1]
Number=10420
Confirmed=X
Filename=explorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmiry.html" target=_blank>LEGMIR-Y</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the Program Files folder
Source=Paul Collins Startup list

[sysmini]
Number=10421
Confirmed=X
Filename=sysmini.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453098988" target="_blank">ADLOAD.DD</a> TROJAN!
Source=Paul Collins Startup list

[sysmngr32]
Number=10422
Confirmed=X
Filename=sys64mnger.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[sysmntrc]
Number=10423
Confirmed=X
Filename=sysmntrc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosfx.html" target=_blank>BANCOS-FX</a> TROJAN!
Source=Paul Collins Startup list

[sysmod]
Number=10424
Confirmed=X
Filename=sysmod.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotdu.html" target=_blank>SPYBOT-DU</a> WORM!
Source=Paul Collins Startup list

[sysmon]
Number=10425
Confirmed=X
Filename=sysmon.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-022410-5040-99" target="_blank">BIZEX</a> WORM!
Source=Paul Collins Startup list

[Sysmon]
Number=10426
Confirmed=X
Filename=rpcmon.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-062812-2127-99" target="_blank">RANDEX.ATX</a> WORM!
Source=Paul Collins Startup list

[sysmon]
Number=10427
Confirmed=X
Filename=sysmon44.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_122468.htm" target=_blank>BACKDOOR-CBA</a> TROJAN!
Source=Paul Collins Startup list

[SysMon]
Number=10428
Confirmed=X
Filename=wowexece.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmulana.html" target="_blank">MULAN-A</a> TROJAN!
Source=Paul Collins Startup list

[Sysmon]
Number=10429
Confirmed=X
Filename=SystemMonitor.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32nujamaa.html" target="_blank">NUJAMA-A</a> WORM!
Source=Paul Collins Startup list

[sysmon12]
Number=10430
Confirmed=X
Filename=[various filenames]
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[SysmonLog]
Number=10431
Confirmed=X
Filename=mslog.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_AGENT.AOV" target="_blank">AGENT.AOV</a> TROJAN!
Source=Paul Collins Startup list

[sysmonnt]
Number=10432
Confirmed=X
Filename=sysmonnt.exe
Description=<a href="http://sarc.com/avcenter/venc/data/spyware.searchpounder.html" target=_blank>SearchPounder</a> sends keywords typed into HTML forms and popular Internet search engines to a remote server
Source=Paul Collins Startup list

[SysMonXP]
Number=10433
Confirmed=X
Filename=SysMonXP.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032913-5722-99" target="_blank">NETSKY.Q</a> WORM!
Source=Paul Collins Startup list

[sysnate]
Number=10434
Confirmed=X
Filename=sysnate.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032713-0001-99" target="_blank">MEDIAS</a> TROJAN!
Source=Paul Collins Startup list

[Sysnet]
Number=10435
Confirmed=X
Filename=snuninst.exe
Description=Unidentified adware
Source=Paul Collins Startup list

[sysnet]
Number=10436
Confirmed=X
Filename=sysnet.exe
Description=CasClient adware - also detected as the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-081011-2344-99" target=_blank>CMAPP</a> TROJAN!
Source=Paul Collins Startup list

[sysobj.exe]
Number=10437
Confirmed=X
Filename=sysobj.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[SysOps]
Number=10438
Confirmed=X
Filename=SysOps
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-031015-0733-99" target="_blank">MSNCORRUPT</a> TROJAN!
Source=Paul Collins Startup list

[syspare]
Number=10439
Confirmed=X
Filename=syspare.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifrosean.html" target=_blank>BIFROSE-AN</a> TROJAN!
Source=Paul Collins Startup list

[syspath]
Number=10440
Confirmed=X
Filename=drv.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102410-5713-99" target="_blank">SOBER</a> WORM!
Source=Paul Collins Startup list

[sysPersonalFirewall]
Number=10441
Confirmed=X
Filename=msnmssgr.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[sysPersonalFirewall]
Number=10442
Confirmed=X
Filename=system.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.FH&VSect=P" target=_blank>WOOTBOT.FH</a> WORM!
Source=Paul Collins Startup list

[sysPersonalFirewall]
Number=10443
Confirmed=X
Filename=tskm0nitor.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[SysPilot]
Number=10444
Confirmed=U
Filename=fdxxl.exe
Description=G Data "PC Spion". PC monitoring and surveilling software, captures all users activity on the PC, see <a href="http://archiv.chip.de/artikel/c1_archiv_artikel_17080599.html" target="_blank">here</a>. Disable/remove if you didn't install it yourself!
Source=Paul Collins Startup list

[sysPnP]
Number=10445
Confirmed=X
Filename=bootconf.exe
Description=Homepage hijacker, redirecting to coolwwwsearch.com; see for example <a href="http://boards.cexx.org/viewtopic.php?p=2464#2464" target="_blank"> here</a>
Source=Paul Collins Startup list

[SysPnP]
Number=10446
Confirmed=X
Filename=rundll32 setupapi, InstallHinfSection.... oemsyspnp.inf
Description=Search hijacker - see <a href="http://www.spywareinfo.com/forums/index.php?s=&amp;act=ST&amp;f=11&amp;t=8643&amp;st=0&amp;#entry60560" target="_blank"> here</a>
Source=Paul Collins Startup list

[syspol]
Number=10447
Confirmed=X
Filename=syspol.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdremnb.html" target=_blank>DREMN-B</a> TROJAN! Note - this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
Source=Paul Collins Startup list

[SysPool]
Number=10448
Confirmed=Y
Filename=Mssvc.exe
Description=<a href="http://www.invisicom.com/index.asp" target="_blank">StealthDisk</a> - hides folders, files and applications. Will also encrypt them for better protection
Source=Paul Collins Startup list

[SysPool]
Number=10449
Confirmed=X
Filename=MSSVC32.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanio.html" target=_blank>BANCBAN-IO</a> TROJAN!
Source=Paul Collins Startup list

[SysProtect]
Number=10450
Confirmed=X
Filename=System.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NETSPY" target="_blank">NETSPY</a> TROJAN!
Source=Paul Collins Startup list

[SysProtect]
Number=10451
Confirmed=X
Filename=syp.exe
Description=SysProtect is detected as a "potentially unwanted program". It purports to be an system repair/maintenance application, but requires paid registration before any issues found can be fixed. Many of the "invalid" items found appear suspect. This has been reported to be distributed in wild via trojan Vundo. Other incarnations of this software exist with the same model and similar web presences (for example WinFixer). For more information see <a href="http://vil.nai.com/vil/content/v_139167.htm" target=_blank>here</a>

Source=Paul Collins Startup list

[syspw32.exe]
Number=10452
Confirmed=X
Filename=syspw32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060216-0504-99" target=_blank>APPFLET.A</a> WORM!
Source=Paul Collins Startup list

[Sysqq]
Number=10453
Confirmed=X
Filename=LSESS.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbf.html" target=_blank>FORBOT-BF</a> WORM!
Source=Paul Collins Startup list

[SysR]
Number=10454
Confirmed=X
Filename=sysmd.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042610-2151-99" target=_blank>Ulubione</a> adult content dialer
Source=Paul Collins Startup list

[SysReg]
Number=10455
Confirmed=X
Filename=SysReg.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-062413-1325-99" target="_blank">CHEKIN</a> TROJAN!
Source=Paul Collins Startup list

[SysReg]
Number=10456
Confirmed=X
Filename=SysReg.exe
Description=<a href="http://searchseekfind.com/" target="_blank">SearchSeekFind</a> textual marketing foistware
Source=Paul Collins Startup list

[Sysres]
Number=10457
Confirmed=X
Filename=Sysres.exe
Description=Added by the <a href="httphttp://www.viruslist.com/en/viruslist.html?id=51465" target="_blank">LOGMOD.A</a> TROJAN!
Source=Paul Collins Startup list

[SysRes]
Number=10458
Confirmed=X
Filename=TASKMANAGER.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022718-0647-99" target= blank>ELIPTER.A</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031010-2242-99" target= blank>ELIPTER.B</a> WORMS!
Source=Paul Collins Startup list

[SysRes]
Number=10459
Confirmed=X
Filename=WWE DIVAS.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031416-4252-99" target=_blank>ELIPTER.D</a> WORM!
Source=Paul Collins Startup list

[SysRes]
Number=10460
Confirmed=X
Filename=IExpIore .exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-032516-4935-99" target=_blank>ELITPER.E</a> WORM!
Source=Paul Collins Startup list

[Syss]
Number=10461
Confirmed=X
Filename=ehuupdate.exe
Description=<a href="http://www.sophos.com/virusinfo/analyses/ehu.html" target="_blank">EHU</a> adware
Source=Paul Collins Startup list

[SysScan]
Number=10462
Confirmed=X
Filename=bvt.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-042320-3206-99" target="_blank">AUTOUPDER</a> TROJAN!
Source=Paul Collins Startup list

[SysSearch]
Number=10463
Confirmed=X
Filename=Regedit.exe -s [path] pcsearch.reg
Description=Added by the <a href="http://vil.nai.com/vil/content/v_130084.htm" target=_blank>StartPage-FN</a> browser hijacker
Source=Paul Collins Startup list

[SysSearch]
Number=10464
Confirmed=X
Filename=REGEDIT.EXE -s [path] sysreg.reg
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpame.html" target=_blank>STARTPA-ME</a> TROJAN!
Source=Paul Collins Startup list

[SysSense]
Number=10465
Confirmed=U
Filename=SysSense.exe
Description="<a href="http://www.singerscreations.com/AboutSysSense.asp" target="_blank">SysSense</a> is your personal desktop Google AdSense monitor. It keeps your current Google AdSense information in the Windows system tray". Google AdSense account required
Source=Paul Collins Startup list

[sysser]
Number=10466
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-010614-1404-99" target=_blank>RAHACK</a> WORM!
Source=Paul Collins Startup list

[SysService]
Number=10467
Confirmed=X
Filename=SysService.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-050207-0707-99" target="_blank">DELF</a> family of TROJANS!
Source=Paul Collins Startup list

[SysService]
Number=10468
Confirmed=U
Filename=SERVICES.EXE
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050615-2510-99" target=blank>NSKeyLogger</a> keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[SysService32]
Number=10469
Confirmed=X
Filename=SysService32.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_100207.htm" target="_blank">KINDAL</a> VIRUS!
Source=Paul Collins Startup list

[SysService32]
Number=10470
Confirmed=X
Filename=ln32k.dll
Description=Added by the <a href="http://vil.nai.com/vil/content/v_100207.htm" target="_blank">KINDAL</a> VIRUS!
Source=Paul Collins Startup list

[SysService32l]
Number=10471
Confirmed=X
Filename=systask32l.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102515-4749-99" target="_blank">THEUG</a> WORM!
Source=Paul Collins Startup list

[SYSsfitb]
Number=10472
Confirmed=X
Filename=SYSsfitb.exe
Description=Searchforit browser hijacker
Source=Paul Collins Startup list

[SySSL]
Number=10473
Confirmed=X
Filename=sysl.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotckh.html" target="_blank">RBOT-CKH</a> WORM!
Source=Paul Collins Startup list

[SysStart]
Number=10474
Confirmed=X
Filename=***sysi6.exe [* = random char]
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094810" target="_blank">ZenoSearch</a> adware. Note - the most frequent filenames appear to be jdisysi6.exe, hjisysi6.exe, ffgsysi6.exe but there are others
Source=Paul Collins Startup list

[SysStart]
Number=10475
Confirmed=X
Filename=1.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094810" target="_blank">ZenoSearch</a> adware
Source=Paul Collins Startup list

[SysStart]
Number=10476
Confirmed=X
Filename=[adware filename]
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094810" target="_blank">ZenoSearch</a> adware
Source=Paul Collins Startup list

[SysStrt]
Number=10477
Confirmed=X
Filename=systemc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotqa.html" target=_blank>AGOBOT-QA</a> TROJAN!
Source=Paul Collins Startup list

[syst]
Number=10478
Confirmed=X
Filename=syst.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/jokes/jokesDetails.asp?JNAME=JOKE_DUMB.A" target=_blank>DUMB.A</a> "Joke" virus
Source=Paul Collins Startup list

[System]
Number=10479
Confirmed=X
Filename=run322.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-112018-0550-99" target="_blank">LANFILT</a> TROJAN!
Source=Paul Collins Startup list

[System]
Number=10480
Confirmed=X
Filename=system.exe
Description=Added by various WORMS and TROJANS!
Source=Paul Collins Startup list

[system]
Number=10481
Confirmed=X
Filename=regedit -s system.dll
Description=Homepage hijacker
Source=Paul Collins Startup list

[system]
Number=10482
Confirmed=X
Filename=systemsearch.hta
Description=Jetseeker.com hijacker
Source=Paul Collins Startup list

[System]
Number=10483
Confirmed=X
Filename=dcomx.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080214-3019-99" target="_blank">CIREBOT</a> TROJAN!
Source=Paul Collins Startup list

[system]
Number=10484
Confirmed=X
Filename=Explorer.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-040217-2506-99" target="_blank">GRAYBIRD</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[System]
Number=10485
Confirmed=X
Filename=YPager.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_JUNTADOR.K" target="_blank">JUNTADOR.K</a> TROJAN! Note - this is not Yahoo! Messenger
Source=Paul Collins Startup list

[system]
Number=10486
Confirmed=X
Filename=outlook.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-012614-3738-99" target=_blank>MIMAIL.Q</a> WORM! Note that the valid MS Outlook executeable is located in the Program Files\Microsoft Office\Office directory wheras this one is found in the Windows or Winnt directory
Source=Paul Collins Startup list

[System]
Number=10487
Confirmed=X
Filename=Atira.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-041311-1933-99" target="_blank">KOTIRA</a> VIRUS!
Source=Paul Collins Startup list

[SYSTEM]
Number=10488
Confirmed=X
Filename=lsas.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.CJ" target="_blank">SPYBOT.CJ</a> WORM!
Source=Paul Collins Startup list

[System]
Number=10489
Confirmed=X
Filename=kernels32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderfc.html" target="_blank">DLOADER-FC</a> TROJAN!
Source=Paul Collins Startup list

[System]
Number=10490
Confirmed=U
Filename=sysctrl.exe
Description=Added by <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080913-4600-99" target=_blank>WinGuardian</a>. Note - this <a href="http://www.spywareguide.com/product_show.php?id=27" target=_blank>commercial keylogger</a> is no longer made or sold by Webroot but older copies may still be in existance, those copies will be identified as spyware
Source=Paul Collins Startup list

[System]
Number=10491
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-032309-2945-99" target=_blank>LDPINCH.E</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[System]
Number=10492
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojldpinchau.html" target=_blank>LDPINCH-AU</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list

[system]
Number=10493
Confirmed=X
Filename=lsasse.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyl.html" target= blank>RBOT-YL</a> WORM!
Source=Paul Collins Startup list

[System]
Number=10494
Confirmed=X
Filename=systray.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpisaboya.html" target= blank>PISABOY-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/systray/" target="_blank">systray.exe</a> process
Source=Paul Collins Startup list

[System]
Number=10495
Confirmed=X
Filename=abcdefg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32harwigb.html" target=_blank>HARWIG-B</a> WORM!
Source=Paul Collins Startup list

[System]
Number=10496
Confirmed=X
Filename=cber.exe
Description=Added by an unidentified TROJAN!
Source=Paul Collins Startup list

[System]
Number=10497
Confirmed=X
Filename=serwin.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojldpinchbn.html" target=_blank>LDPINCH-BN</a> TROJAN!
Source=Paul Collins Startup list

[System]
Number=10498
Confirmed=X
Filename=svchîst.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojldpinchbf.html" target=_blank>LDPINCH-BF</a> TROJAN!
Source=Paul Collins Startup list

[System]
Number=10499
Confirmed=X
Filename=system.exe (74295303)
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vbiu.html" target=_blank>IU</a> WORM!
Source=Paul Collins Startup list

[System]
Number=10500
Confirmed=X
Filename=WINL0G0N.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosdb.html" target=_blank>BANCOS-DB</a> TROJAN!
Source=Paul Collins Startup list

[System]
Number=10501
Confirmed=X
Filename=wumgrd32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[System]
Number=10502
Confirmed=X
Filename=SPOOLSU.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerfc.html" target=_blank>BANKER-FC</a> TROJAN!
Source=Paul Collins Startup list

[System]
Number=10503
Confirmed=X
Filename=system23.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lebreatd.html" target=_blank>LEBREAT-D</a> WORM!
Source=Paul Collins Startup list

[System]
Number=10504
Confirmed=X
Filename=windowsps.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[SYSTEM]
Number=10505
Confirmed=X
Filename=d.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.LP&VSect=P" target=_blank>MYTOB.LP</a> WORM!
Source=Paul Collins Startup list

[System]
Number=10506
Confirmed=X
Filename=inetinfo.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpardropa.html" target=_blank>PARDROP-A</a> TROJAN!
Source=Paul Collins Startup list

[system]
Number=10507
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelflq.html" target=_blank>DELF-LQ</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "HELP" subfolder of the Windows or Winnt folder
Source=Paul Collins Startup list

[SYSTEM]
Number=10508
Confirmed=X
Filename=VSSMON.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaww.html" target=_blank>RBOT-AWW</a> TROJAN!
Source=Paul Collins Startup list

[SYSTEM]
Number=10509
Confirmed=X
Filename=wiinlogon.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotavh.html" target=_blank>RBOT-AVG</a> WORM!
Source=Paul Collins Startup list

[System]
Number=10510
Confirmed=X
Filename=kernels64.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvixups.html" target=_blank>VIXUP-S</a> TROJAN!
Source=Paul Collins Startup list

[system]
Number=10511
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-010416-2601-99" target=_blank>SATILOLER.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Program Files\Common Files\system folder
Source=Paul Collins Startup list

[System]
Number=10512
Confirmed=X
Filename=smss.exe
Description=Added by the AGENT.AEP TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target="_blank">smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
Source=Paul Collins Startup list

[System]
Number=10513
Confirmed=X
Filename=winupd.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[system]
Number=10514
Confirmed=X
Filename=messenger.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[System]
Number=10515
Confirmed=X
Filename=kernels1118.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[System]
Number=10516
Confirmed=X
Filename=wsscntfy.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[SYSTEM]
Number=10517
Confirmed=X
Filename=windmupdr.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[system]
Number=10518
Confirmed=X
Filename=svcr.exe
Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan.SpyOne&threatid=48351" target="_blank">SPYONE</a> TROJAN!
Source=Paul Collins Startup list

[System]
Number=10519
Confirmed=X
Filename=kernels88.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtibspp.html" target="_blank">TIBS-PP</a> TROJAN!
Source=Paul Collins Startup list

[System]
Number=10520
Confirmed=X
Filename=kernels8.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_TIBS.AI" target="_blank">TIBS.AI</a> TROJAN!
Source=Paul Collins Startup list

[System]
Number=10521
Confirmed=X
Filename=OeApi.vbs 
Description=Added by the <a href="http://vil.nai.com/vil/content/v_141677.htm" target="_blank">AGUI</a> WORM!
Source=Paul Collins Startup list

[System]
Number=10522
Confirmed=X
Filename=Updaterun.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqhelpdx.html" target="_blank">QQHELP-DX</a> TROJAN!
Source=Paul Collins Startup list

[System]
Number=10523
Confirmed=X
Filename=Zap.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32msnvbd.html" target="_blank">MSNVB-D</a> WORM!
Source=Paul Collins Startup list

[System 64 Driver for Games]
Number=10524
Confirmed=X
Filename=sys64dvr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99" target="_blank">SDBOT</a> TROJAN!
Source=Paul Collins Startup list

[System Applications Profile]
Number=10525
Confirmed=X
Filename=sap.exe
Description=Added by the <a href="http://www.sophos.com.au/virusinfo/analyses/w32rbotqf.html" target=_blank>RBOT-QF</a> WORM!
Source=Paul Collins Startup list

[System Backup]
Number=10526
Confirmed=X
Filename=msystem.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[System backup]
Number=10527
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042517-0213-99" target=_blank>ADMINCASH.B</a> TROJAN! Note - multiple different file names have been spotted, examples: web.exe, soft.exe, msxmidi.exe, wmplayer.exe, as well as completely random ones such as 9a2de006.exe, 36c75e3c.exe and so on
Source=Paul Collins Startup list

[System Backup Services]
Number=10528
Confirmed=X
Filename=backups32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[System Boot Check]
Number=10529
Confirmed=X
Filename=sysload3.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2007-040106-1154-99" target="_blank">FUBALCA</a> WORM!
Source=Paul Collins Startup list

[System Buffer Application]
Number=10530
Confirmed=X
Filename=buffer32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotud.html" target=_blank>SDBOT-UD</a> WORM!
Source=Paul Collins Startup list

[System Cache]
Number=10531
Confirmed=X
Filename=SysCache.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[System Check]
Number=10532
Confirmed=U
Filename=Rundll32.exe SysDll32.dll, SystemCheck
Description=<a href="http://www.x-pcsoft.com/" target=blank>XPCSpy Pro</a> keystroke logger/monitoring program - remove unless you installed it yourself!

Source=Paul Collins Startup list

[system check]
Number=10533
Confirmed=X
Filename=updater.exe
Description=Unidentified adware downloader
Source=Paul Collins Startup list

[System Check]
Number=10534
Confirmed=X
Filename=win_klr32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delfdra.html" target="_blank">DELF-DRA</a> WORM!
Source=Paul Collins Startup list

[System Checking]
Number=10535
Confirmed=X
Filename=wasul.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BHM&VSect=P" target=_blank>RBOT.BHM</a> WORM!
Source=Paul Collins Startup list

[System Config]
Number=10536
Confirmed=X
Filename=BF3.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotdt.html" target=_blank>SPYBOT-DT</a> WORM!
Source=Paul Collins Startup list

[System Config Manager]
Number=10537
Confirmed=X
Filename=crss.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GH" target="_blank">AGOBOT.GH</a> WORM!
Source=Paul Collins Startup list

[System Config Manager]
Number=10538
Confirmed=X
Filename=smssl.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotzj.html" target=_blank>AGOBOT-ZJ</a> WORM!
Source=Paul Collins Startup list

[System Configuration]
Number=10539
Confirmed=X
Filename=iexplore.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111016-1733-99" target=_blank>RANDEX.AD</a> WORM! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[System Configuration]
Number=10540
Confirmed=X
Filename=syscfg32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061019-1318-99" target=_blank>MYTOB.EA</a> WORM!
Source=Paul Collins Startup list

[system configure]
Number=10541
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagec.html" target=_blank>LINEAGE-C</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which should not normally figure in Msconfig/Startup!
Source=Paul Collins Startup list

[System CPL manager]
Number=10542
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotsr.html" target= blank>RBOT-SR</a> WORM!
Source=Paul Collins Startup list

[System CSRSS Patch]
Number=10543
Confirmed=X
Filename=scrtkfg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotada.html" target=_blank>RBOT-ADA</a> WORM!
Source=Paul Collins Startup list

[System Database administration]
Number=10544
Confirmed=X
Filename=systemDA.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021913-2154-99" target=_blank>DERDERO.B</a> WORM!
Source=Paul Collins Startup list

[System Database Administration Support Process]
Number=10545
Confirmed=X
Filename=sysdasp.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021916-1802-99" target=_blank>DERDERO.C</a> WORM!
Source=Paul Collins Startup list

[System Diagnostics]
Number=10546
Confirmed=X
Filename=sysdiag32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target="_blank">SDBOT.GEN</a> TROJAN!
Source=Paul Collins Startup list

[System DLF]
Number=10547
Confirmed=N
Filename=cpqdiaga.exe
Description=Compaq Diagnostic record system utility which allow you to view information about your computer's hardware and software configuration. Available via Start -> Programs
Source=Paul Collins Startup list

[System DLL Resources]
Number=10548
Confirmed=U
Filename=sysdll.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/spyware.snapkey.html" target=_blank>SnapKey</a> is a surveillance software program that records all keyboard activities. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list

[System Document Application]
Number=10549
Confirmed=X
Filename=nmod.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotabb.html" target=_blank>SDBOT-ABB</a> WORM!
Source=Paul Collins Startup list

[System Document Application]
Number=10550
Confirmed=X
Filename=msdocument.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021416-0418-99" target=_blank>RANDEX.COX</a> WORM!
Source=Paul Collins Startup list

[System Document Application]
Number=10551
Confirmed=X
Filename=wins.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AUB&VSect=T" target=_blank>SDBOT.AUB</a> WORM!
Source=Paul Collins Startup list

[System Download Manager]
Number=10552
Confirmed=X
Filename=SysMgr.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CIG" target="_blank">RBOT.CIG</a> WORM!
Source=Paul Collins Startup list

[System driver]
Number=10553
Confirmed=X
Filename=Messenger.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GI" target="_blank">WOOTBOT.GI</a> WORM!
Source=Paul Collins Startup list

[System Drivers]
Number=10554
Confirmed=X
Filename=wingmt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotmg.html" target=_blank>SDBOT-MG</a> WORM!
Source=Paul Collins Startup list

[System Drivers]
Number=10555
Confirmed=X
Filename=cpsq32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AXH&VSect=T" target=_blank>SDBOT.AXH</a> WORM!
Source=Paul Collins Startup list

[System Efficiency Monitor]
Number=10556
Confirmed=X
Filename=mscedit32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081909-4452-99" target="_blank">SDBOT.P</a> TROJAN!
Source=Paul Collins Startup list

[System Efficiency Monitor]
Number=10557
Confirmed=X
Filename=mscommand.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082716-2317-99" target="_blank">KWBOT.P</a> WORM!
Source=Paul Collins Startup list

[System Efficiency Monitor]
Number=10558
Confirmed=X
Filename=msedit32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32stephb.html" target="_blank">STEPH-B</a> WORM!
Source=Paul Collins Startup list

[System Event Manager]
Number=10559
Confirmed=X
Filename=secsvc.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BMY&VSect=T" target=_blank>RBOT.BMY</a> WORM!
Source=Paul Collins Startup list

[System Executable DLL Library]
Number=10560
Confirmed=X
Filename=EXECDLL32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120410-0857-99" target="_blank">RANDEX.AZ</a> WORM!
Source=Paul Collins Startup list

[System Failure Statistic]
Number=10561
Confirmed=X
Filename=cnstat.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlf.html" target="_blank">RBOT-LF</a> WORM!
Source=Paul Collins Startup list

[System File Drivers]
Number=10562
Confirmed=X
Filename=nvsysvc32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.WJ" target="_blank">AGOBOT.WJ</a> WORM!
Source=Paul Collins Startup list

[system firewall]
Number=10563
Confirmed=X
Filename=makeini32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotps.html" target= blank>AGOBOT-PS</a> WORM!
Source=Paul Collins Startup list

[System Firewalls]
Number=10564
Confirmed=X
Filename=commandprompt32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BJT" target="_blank">RBOT.BJT</a> WORM!
Source=Paul Collins Startup list

[System Guard]
Number=10565
Confirmed=X
Filename=mhguard.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagu.html" target=_blank>RBOT-AGU</a> WORM!
Source=Paul Collins Startup list

[System Handler]
Number=10566
Confirmed=X
Filename=LSASS.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031913-3938-99" target=_blank>NIMOS</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
Source=Paul Collins Startup list

[system handler]
Number=10567
Confirmed=X
Filename=srvhandle.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-011714-3251-99" target=_blank>REDPLUT</a> VIRUS!
Source=Paul Collins Startup list

[System Host Manager]
Number=10568
Confirmed=X
Filename=syshost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32banwormc.html" target="_blank">BANWORM-C</a> WORM!
Source=Paul Collins Startup list

[System Host Service]
Number=10569
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href "http://www.symantec.com/security_response/writeup.jsp?docid=2004-031414-1207-99" target=_blank>CONE.F</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "tasks" subfolder of the Winnt or Windows folder
Source=Paul Collins Startup list

[System Information Manager]
Number=10570
Confirmed=X
Filename=Navcpe.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotqb.html" target="_blank">SDBOT-QB</a> WORM!
Source=Paul Collins Startup list

[System Information Manager]
Number=10571
Confirmed=X
Filename=Msbb.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102711-3533-99" target=_blank>BACKDOOR.IRC.BOT</a> TROJAN!
Source=Paul Collins Startup list

[System Initialization]
Number=10572
Confirmed=X
Filename=msmsgri32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-062715-3031-99" target="_blank"> RANDEX.D</a> WORM or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-073107-5705-99" target="_blank">ROXY</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092218-1108-99" target="_blank">ROXY.B</a> TROJANS!
Source=Paul Collins Startup list

[System Initialization]
Number=10573
Confirmed=X
Filename=payload.dat
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-062715-3031-99" target="_blank"> RANDEX.D</a> WORM or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-073107-5705-99" target="_blank">ROXY</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092218-1108-99" target="_blank">ROXY.B</a> TROJANS!
Source=Paul Collins Startup list

[System Kernal Support]
Number=10574
Confirmed=X
Filename=system.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BWV&VSect=T" target=_blank>SDBOT.BWV</a> WORM!
Source=Paul Collins Startup list

[System Kernel]
Number=10575
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbbotg.html" target=_blank>VBBOT-G</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[System LifeGuard Scheduler]
Number=10576
Confirmed=U
Filename=Slsched.exe
Description=<a href="http://www.bmtmicro.com/BMTCatalog/win/syslifeguard.html" target="_blank">System LifeGuard</a> scheduler
Source=Paul Collins Startup list

[System Log Event]
Number=10577
Confirmed=X
Filename=csrss32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotji.html" target="_blank">AGOBOT-JI</a> WORM!
Source=Paul Collins Startup list

[System Management Service]
Number=10578
Confirmed=X
Filename=smsc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotann.html" target=_blank>RBOT-ANN</a> WORM!
Source=Paul Collins Startup list

[System Manager]
Number=10579
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerae.html" target=_blank>BANKER-AE</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list

[system manager]
Number=10580
Confirmed=X
Filename=System.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbo.html" target=_blank>FORBOT-BO</a> WORM!

Source=Paul Collins Startup list

[System Manager]
Number=10581
Confirmed=X
Filename=winsrv32.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[System Manager]
Number=10582
Confirmed=X
Filename=sysmng.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32tamec.html" target=_blank>TAME-C</a> WORM!
Source=Paul Collins Startup list

[System Manager Updates]
Number=10583
Confirmed=X
Filename=winsvc.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AEM&VSect=P" target=_blank>AGOBOT.AEM</a> WORM!
Source=Paul Collins Startup list

[System Mechanic Popup Blocker]
Number=10584
Confirmed=U
Filename=PopupBlocker.exe
Description=Popup blocker part of Iolo <a href="http://www.iolo.com/sm/index.cfm" target="_blank">System Mechanic</a> utility suite
Source=Paul Collins Startup list

[System Mechanic Popup Stopper]
Number=10585
Confirmed=U
Filename=Popupstopper.exe
Description=Popup stopper part of Iolo <a href="http://www.iolo.com/sm/index.cfm" target="_blank">System Mechanic</a> utility suite
Source=Paul Collins Startup list

[System Mechanic Professional Update [Incinerator.dll]]
Number=10586
Confirmed=N
Filename=SysMech4.exe /REREG: [path] Incinerator.dll
Description=Iolo <a href="http://www.iolo.com/sm/4pro/tutorials.cfm" target="_blank">System Mechanic</a> "Incinerator" feature securely deletes files and folders from your PC so they can never be recovered again
Source=Paul Collins Startup list

[SYSTEM MESSAGER]
Number=10587
Confirmed=X
Filename=wmisg.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061514-4935-99" target=_blank>MYTOB.ES</a> WORM!
Source=Paul Collins Startup list

[System Messaging Queue]
Number=10588
Confirmed=X
Filename=SMCSS.EXE
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[System Messenger]
Number=10589
Confirmed=X
Filename=SYSMSG32.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotdk.html" target= blank>SPYBOT-DK</a> WORM!
Source=Paul Collins Startup list

[System Monitor]
Number=10590
Confirmed=U
Filename=SYSMON.EXE
Description=Comes with some Aopen motherboards. Monitors CPU temp, voltage and fan speed. Warns if any become abnormal
Source=Paul Collins Startup list

[System Monitor]
Number=10591
Confirmed=X
Filename=Sysmon16.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99" target="_blank">SDBOT</a> TROJAN!
Source=Paul Collins Startup list

[System MScvb]
Number=10592
Confirmed=X
Filename=mscvb32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053113-3948-99" target="_blank">SOBIG.C</a> WORM!
Source=Paul Collins Startup list

[System Net]
Number=10593
Confirmed=X
Filename=sys32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotfx.html" target= blank>FORBOT-FX</a> WORM!
Source=Paul Collins Startup list

[System Net Database]
Number=10594
Confirmed=X
Filename=sysnd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaaw.html" target= blank>RBOT-AAW</a> WORM!
Source=Paul Collins Startup list

[System Networking]
Number=10595
Confirmed=X
Filename=sysnet.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.API" target="_blank">RBOT.API</a> WORM!
Source=Paul Collins Startup list

[System Power Managment]
Number=10596
Confirmed=X
Filename=svcnost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32drefi.html" target=_blank>DREF-I</a> WORM!
Source=Paul Collins Startup list

[System Process]
Number=10597
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojadclickag.html" target=_blank>ADCLICK-AG</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[System Process]
Number=10598
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojadclickag.html" target=_blank>ADCLICK-AG</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[System Process]
Number=10599
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojadclickag.html" target=_blank>ADCLICK-AG</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list

[System Process]
Number=10600
Confirmed=X
Filename=CSRSR.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotsq.html" target=_blank>AGOBOT-SQ</a> WORM!
Source=Paul Collins Startup list

[System Profile]
Number=10601
Confirmed=X
Filename=Regsrv.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=16106" target="_blank">OPTIX</a> TROJAN!
Source=Paul Collins Startup list

[System Reboot]
Number=10602
Confirmed=X
Filename=rebootsys.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotwu.html" target= blank>RBOT-WU</a> WORM!
Source=Paul Collins Startup list

[System Redirect]
Number=10603
Confirmed=X
Filename=sysbho.exe
Description=Downloader trojan, "Melkosoft" adware related
Source=Paul Collins Startup list

[System Restore]
Number=10604
Confirmed=X
Filename=svcnet.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-072620-2821-99" target="_blank">TIBICK</a> WORM!
Source=Paul Collins Startup list

[System Restore Data]
Number=10605
Confirmed=X
Filename=[path] repcale.exe [path] beird.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDON.AN" target="_blank">RANDON.AN</a> WORM!
Source=Paul Collins Startup list

[System Service]
Number=10606
Confirmed=X
Filename=MSREXE.EXE
Description=Added by the <a href="http://vil.nai.com/vil/content/v_99793.htm" target="_blank">AML</a> TROJAN!
Source=Paul Collins Startup list

[system service]
Number=10607
Confirmed=X
Filename=spoolcrv.cpl
Description=Added by the INSPIR.11 TROJAN!
Source=Paul Collins Startup list

[System Service]
Number=10608
Confirmed=X
Filename=systems.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.VZ" target="_blank">AGOBOT.VZ</a> WORM!
Source=Paul Collins Startup list

[System Service]
Number=10609
Confirmed=X
Filename=coderxt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotald.html" target=_blank>RBOT-ALD</a> WORM!
Source=Paul Collins Startup list

[System Service]
Number=10610
Confirmed=X
Filename=exp0lrer.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[System Service]
Number=10611
Confirmed=X
Filename=servicent.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajv.html" target=_blank>RBOT-AJI</a> WORM!
Source=Paul Collins Startup list

[System service]
Number=10612
Confirmed=X
Filename=system.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-080314-0053-99" target=_blank>BANCOS.AA</a> TROJAN!
Source=Paul Collins Startup list

[System Service]
Number=10613
Confirmed=X
Filename=msnwindows.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-100416-5735-99" target=_blank>SPYBOT.YCL</a> WORM!
Source=Paul Collins Startup list

[System Service]
Number=10614
Confirmed=X
Filename=servicez.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaoy.html" target=_blank>RBOT-AOY</a> WORM!
Source=Paul Collins Startup list

[System Service]
Number=10615
Confirmed=X
Filename=msnxpexe.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaua.html" target=_blank>RBOT-AUA</a> WORM!
Source=Paul Collins Startup list

[System Service]
Number=10616
Confirmed=X
Filename=teskmangr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotauv.html" target=_blank>RBOT-AUV</a> WORM!
Source=Paul Collins Startup list

[System Service]
Number=10617
Confirmed=X
Filename=backup.exe
Description=Added by the PACKBOT.AA WORM!
Source=Paul Collins Startup list

[System Service]
Number=10618
Confirmed=X
Filename=serious.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfmv.html" target="_blank">RBOT-FMV</a> WORM! Note - deactivates the Microsoft Internet Connection Firewall (ICF)
Source=Paul Collins Startup list

[SYSTEM service helper]
Number=10619
Confirmed=X
Filename=svchelper.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32monkbda.html" target=_blank>MONKBD-A</a> WORM!
Source=Paul Collins Startup list

[SYSTEM service helper]
Number=10620
Confirmed=X
Filename=syshelp.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32monkbda.html" target=_blank>MONKBD-A</a> WORM!
Source=Paul Collins Startup list

[System service**]
Number=10621
Confirmed=X
Filename=pokapoka**.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-083109-1455-99" target=_blank>EliteBar</a> adware - where ** represents the numbers 61 to 79
Source=Paul Collins Startup list

[System service62]
Number=10622
Confirmed=X
Filename=System service62
Description=pokapoka62.exe
Source=Paul Collins Startup list

[System service78]
Number=10623
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojelitebart.html" target=_blank>ELITEBAR-T</a> and <a href="http://www.sophos.com/virusinfo/analyses/trojelitebaru.html" target=_blank>ELITEBAR-U</a> TROJANS!
Source=Paul Collins Startup list

[System service79]
Number=10624
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojelitebarv.html" target=_blank>ELITEBAR-V</a> TROJAN!
Source=Paul Collins Startup list

[System Services]
Number=10625
Confirmed=X
Filename=[random file name]
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[System Services]
Number=10626
Confirmed=X
Filename=connection.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[System Services]
Number=10627
Confirmed=X
Filename=svcsenes.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[System Services]
Number=10628
Confirmed=X
Filename=svcsenes32a.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafg.html" target=_blank>RBOT-AFG</a> WORM!
Source=Paul Collins Startup list

[System Services]
Number=10629
Confirmed=X
Filename=ssms.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[System Session Manager]
Number=10630
Confirmed=X
Filename=smss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kalele.html" target=_blank>KALEL-E</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target="_blank">smss.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list

[System settings]
Number=10631
Confirmed=X
Filename=burndl32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzo.html" target=_blank>SDBOT-ZO</a> WORM!
Source=Paul Collins Startup list

[System Setup]
Number=10632
Confirmed=X
Filename=rpcxcmod.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[System Soap Pro]
Number=10633
Confirmed=X
Filename=soap.exe
Description=<a href="http://www.systemsoap.com/" target="_blank">System Soap Pro</a> internet cleaning software. Bundles foistware like <a href="http://allentech.net/parasite/Httper.html" target="_blank">Httper</a> and <a href="http://allentech.net/parasite/Zipclix.html" target="_blank">Zipclix</a> - best avoided

Source=Paul Collins Startup list

[system spool]
Number=10634
Confirmed=X
Filename=syspools.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32dreft.html" target="_blank">DREF-T</a> WORM/VIRUS!
Source=Paul Collins Startup list

[System startup]
Number=10635
Confirmed=U
Filename=charmapx.exe
Description=Only required if using an oriental language
Source=Paul Collins Startup list

[System Startup]
Number=10636
Confirmed=X
Filename=Voltio.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.NJ" target="_blank">RBOT.NJ</a> WORM!
Source=Paul Collins Startup list

[System Startup]
Number=10637
Confirmed=X
Filename=kimochi.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[System Startup Manager]
Number=10638
Confirmed=X
Filename=smcss.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AMD&VSect=P" target=_blank>RBOT.AMD</a> WORM!
Source=Paul Collins Startup list

[System Stats]
Number=10639
Confirmed=X
Filename=SystemStats.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN" target=_blank>WOOTBOT</a> WORM!
Source=Paul Collins Startup list

[System Support]
Number=10640
Confirmed=X
Filename=syscfg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagq.html" target=_blank>RBOT-AGQ</a> WORM!
Source=Paul Collins Startup list

[System Support]
Number=10641
Confirmed=X
Filename=system32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaha.html" target=_blank>RBOT-AHA</a> WORM!
Source=Paul Collins Startup list

[System Support]
Number=10642
Confirmed=X
Filename=syssql.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotauh.html" target=_blank>RBOT-AUH</a> WORM!
Source=Paul Collins Startup list

[System Support]
Number=10643
Confirmed=X
Filename=torrent.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[System Terminal]
Number=10644
Confirmed=X
Filename=SYSTEM2.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojspybotbz.html" target="_blank">SPYBOT-BZ</a> TROJAN!
Source=Paul Collins Startup list

[System time updator]
Number=10645
Confirmed=X
Filename=CSysTime.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102910-5348-99" target="_blank">RANDEX.S</a> WORM!
Source=Paul Collins Startup list

[System Toolkit]
Number=10646
Confirmed=X
Filename=Systools.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ronoperg.html" target="_blank">RONOPER-G</a> WORM!
Source=Paul Collins Startup list

[System Tray]
Number=10647
Confirmed=X
Filename=msccn32.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_100307.htm" target="_blank">SOBIG.B</a> WORM! Warning - spreading via infected E-mail attachments with the sender address faked as support@microsoft.com! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/systray/" target="_blank">systray.exe</a> process
Source=Paul Collins Startup list

[System Tray]
Number=10648
Confirmed=X
Filename=systray.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32fana.html" target=_blank>FAN-A</a> WORM!
Source=Paul Collins Startup list

[System Tray Services]
Number=10649
Confirmed=X
Filename=spooles32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.ZH&VSect=T" target=_blank>AGOBOT.ZH</a> WORM!
Source=Paul Collins Startup list

[System Tray32]
Number=10650
Confirmed=X
Filename=SysTray32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090817-4709-99" target="_blank">REPAD</a> WORM!
Source=Paul Collins Startup list

[System Unix]
Number=10651
Confirmed=X
Filename=syscfg32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotzd.html" target= blank>RBOT-ZD</a> WORM!
Source=Paul Collins Startup list

[system updata]
Number=10652
Confirmed=X
Filename=updata.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagec.html" target=_blank>LINEAGE-C</a> TROJAN!
Source=Paul Collins Startup list

[System Update]
Number=10653
Confirmed=X
Filename=[filename].exe
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list

[System Update]
Number=10654
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-070217-1202-99" target="_blank">KORGO.W</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080213-0953-99" target="_blank">KORGO.X</a> WORMS!
Source=Paul Collins Startup list

[System Update]
Number=10655
Confirmed=X
Filename=wupdmgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsoromoa.html" target="_blank">SOROMO-A</a> TROJAN!
Source=Paul Collins Startup list

[System Update]
Number=10656
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsoromoa.html" target=_blank>SOROMO-A</a> TROJAN!
Source=Paul Collins Startup list

[System Update]
Number=10657
Confirmed=X
Filename=wauluclt.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.EF" target="_blank">SDBOT.EF</a> WORM!
Source=Paul Collins Startup list

[System Update]
Number=10658
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojd.html" target=_blank>AUTOTROJ-D</a> TROJAN!
Source=Paul Collins Startup list

[System Update]
Number=10659
Confirmed=X
Filename=mssetupconf.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.DLC" target="_blank">RBOT.DLC</a> WORM!
Source=Paul Collins Startup list

[System Update Application]
Number=10660
Confirmed=Y
Filename=msbuffer.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AFF" target="_blank">SDBOT.AFF</a> WORM!
Source=Paul Collins Startup list

[System Update Service]
Number=10661
Confirmed=X
Filename=wmiprvsa.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotrg.html" target=_blank>AGOBOT-RG</a> TROJAN!
Source=Paul Collins Startup list

[System Update Service]
Number=10662
Confirmed=X
Filename=winupd32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojadtodaa.html" target=_blank>ADTODA-A</a> TROJAN!
Source=Paul Collins Startup list

[System Update Service]
Number=10663
Confirmed=X
Filename=system.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotall.html" target=_blank>RBOT-ALL</a> WORM!
Source=Paul Collins Startup list

[System Update Service]
Number=10664
Confirmed=X
Filename=update.pif
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-090612-1341-99" target=_blank>SPYBOT.WOE</a> WORM!
Source=Paul Collins Startup list

[System Update2]
Number=10665
Confirmed=X
Filename=explorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojc.html" target="_blank">AUTOTROJ-C</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[System Update2]
Number=10666
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojc.html" target=_blank>AUTOTROJ-C</a> TROJAN!Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
Source=Paul Collins Startup list

[System Update2]
Number=10667
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojc.html" target=_blank>AUTOTROJ-C</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list

[System Update2]
Number=10668
Confirmed=X
Filename=system.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojc.html" target=_blank>AUTOTROJ-C</a> TROJAN!
Source=Paul Collins Startup list

[System Update2]
Number=10669
Confirmed=X
Filename=taskman.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojc.html" target=_blank>AUTOTROJ-C</a> TROJAN!
Source=Paul Collins Startup list

[System Update2]
Number=10670
Confirmed=X
Filename=taskmon.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojc.html" target=_blank>AUTOTROJ-C</a> TROJAN!
Source=Paul Collins Startup list

[System Update2]
Number=10671
Confirmed=X
Filename=update.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojc.html" target=_blank>AUTOTROJ-C</a> TROJAN!
Source=Paul Collins Startup list

[System Update2]
Number=10672
Confirmed=X
Filename=webcheck.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojc.html" target=_blank>AUTOTROJ-C</a> TROJAN!
Source=Paul Collins Startup list

[System Update2]
Number=10673
Confirmed=X
Filename=wininet.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojc.html" target=_blank>AUTOTROJ-C</a> TROJAN!
Source=Paul Collins Startup list

[System Update2]
Number=10674
Confirmed=X
Filename=winlogon.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojc.html" target=_blank>AUTOTROJ-C</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target=_blank>winlogon.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[System Update2]
Number=10675
Confirmed=X
Filename=winspool.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojc.html" target=_blank>AUTOTROJ-C</a> TROJAN!
Source=Paul Collins Startup list

[System Update2]
Number=10676
Confirmed=X
Filename=wupdmgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojc.html" target=_blank>AUTOTROJ-C</a> TROJAN!
Source=Paul Collins Startup list

[System Updater Service]
Number=10677
Confirmed=X
Filename=wmiprvsw.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042913-2859-99" target="_blank">GAOBOT.AFC</a> WORM!
Source=Paul Collins Startup list

[System Updates]
Number=10678
Confirmed=X
Filename=winsci.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[System Updates]
Number=10679
Confirmed=X
Filename=szwi.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxe.html" target=_blank>RBOT-AXE</a> WORM!
Source=Paul Collins Startup list

[System Updates]
Number=10680
Confirmed=U
Filename=unve.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawg.html" target=_blank>RBOT-AWG</a> TROJAN!
Source=Paul Collins Startup list

[System Updates]
Number=10681
Confirmed=X
Filename=wmkl.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotayj.html" target=_blank>RBOT-AYJ</a> WORM!
Source=Paul Collins Startup list

[System Updates 4]
Number=10682
Confirmed=X
Filename=mssysfix.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadu.html" target=_blank>RBOT-ADU</a> WORM!
Source=Paul Collins Startup list

[System Updates Manager]
Number=10683
Confirmed=X
Filename=winserv32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotaga.html" target=_blank>AGOBOT-AGA</a> WORM!
Source=Paul Collins Startup list

[System Updates Service]
Number=10684
Confirmed=X
Filename=updates.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotama.html" target=_blank>RBOT-AMA</a> WORM!
Source=Paul Collins Startup list

[System Uptime Server]
Number=10685
Confirmed=X
Filename=SYSENTRY.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.LK" target="_blank">RBOT.LK</a> WORM!
Source=Paul Collins Startup list

[System Uptime Server]
Number=10686
Confirmed=X
Filename=SYSENTRY32.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.LK" target="_blank">RBOT.LK</a> WORM!
Source=Paul Collins Startup list

[system xp]
Number=10687
Confirmed=X
Filename=acdsee demo.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-113010-0605-99" target=_blank>SALGA.A</a> WORM!
Source=Paul Collins Startup list

[System-Config]
Number=10688
Confirmed=X
Filename=msptmf32.com
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39429" target="_blank">LIOTEN.FA</a> WORM!
Source=Paul Collins Startup list

[System-Service]
Number=10689
Confirmed=X
Filename=EXPLORER.SCR
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BENJAMIN.A" target="_blank">BENJAMIN.A</a> WORM! KaZaA file-sharing users beware!
Source=Paul Collins Startup list

[System-Stat]
Number=10690
Confirmed=X
Filename=systats.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.RA" target="_blank">SDBOT.RA</a> WORM!
Source=Paul Collins Startup list

[system.]
Number=10691
Confirmed=X
Filename=system..exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-020615-3137-99" target="_blank">OPTIXPRO.13.C</a> TROJAN!
Source=Paul Collins Startup list

[system...]
Number=10692
Confirmed=X
Filename=system...exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-020615-3137-99" target="_blank">OPTIXPRO.13.C</a> TROJAN!
Source=Paul Collins Startup list

[System.exe]
Number=10693
Confirmed=X
Filename=System.exe
Description=Added by various WORMS and TROJANS!
Source=Paul Collins Startup list

[System132]
Number=10694
Confirmed=X
Filename=Csrtss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlanfilti.html" target=_blank>LANFILT-I</a> TROJAN!
Source=Paul Collins Startup list

[system23]
Number=10695
Confirmed=X
Filename=notPad.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051615-2304-99" target= blank>ESTEEMS.D</a> TROJAN!
Source=Paul Collins Startup list

[System32]
Number=10696
Confirmed=X
Filename=system.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbushtro122.html" target="_blank">BUSHTRO122</a> TROJAN!
Source=Paul Collins Startup list

[System32]
Number=10697
Confirmed=X
Filename=System32.exe
Description=Added by any number of WORMS or TROJANS!
Source=Paul Collins Startup list

[System32]
Number=10698
Confirmed=U
Filename=sysdiag.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-051211-3023-99" target="_blank">SpyAgent</a> surveillance software. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list

[System32]
Number=10699
Confirmed=X
Filename=system32,1.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[system32]
Number=10700
Confirmed=X
Filename=NeT-BoT.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotlj.html" target=_blank>AGOBOT-LJ</a> WORM!

Source=Paul Collins Startup list

[System32]
Number=10701
Confirmed=X
Filename=lsasss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxw.html" target= blank>RBOT-XW</a> WORM!
Source=Paul Collins Startup list

[System32]
Number=10702
Confirmed=X
Filename=crsvvc.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BLY&VSect=P" target=_blank>RBOT.BLY</a> WORM!
Source=Paul Collins Startup list

[system32]
Number=10703
Confirmed=X
Filename=QQGame.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassac.html" target=_blank>QQPASS-AC</a> TROJAN!
Source=Paul Collins Startup list

[System32]
Number=10704
Confirmed=X
Filename=[worm filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32nauticala.html" target="_blank">NAUTICAL-A</a> TROJAN!
Source=Paul Collins Startup list

[System32 PCI Manager]
Number=10705
Confirmed=X
Filename=syspci32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafr.html" target=_blank>RBOT-AFR</a> WORM!
Source=Paul Collins Startup list

[System32 PCI Manager]
Number=10706
Confirmed=X
Filename=syspci32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafr.html" target=_blank>RBOT-AFR</a> WORM!
Source=Paul Collins Startup list

[System32 TCP Manager]
Number=10707
Confirmed=X
Filename=systcpm.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[System32 TCP Manager]
Number=10708
Confirmed=X
Filename=systerm.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AFD&VSect=T" target=_blank>RBOT.AFD</a> WORM!
Source=Paul Collins Startup list

[System32 Temp Service]
Number=10709
Confirmed=X
Filename=systmp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaet.html" target=_blank>RBOT-AET</a> WORM!
Source=Paul Collins Startup list

[system32.dll]
Number=10710
Confirmed=X
Filename=systeminit.exe
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant - re-directing to your-search.info
Source=Paul Collins Startup list

[system32.dll]
Number=10711
Confirmed=X
Filename=sysdll32.exe
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant. Redirecting to wholeworldmarket.com, most likely other domains as well
Source=Paul Collins Startup list

[system32.exe]
Number=10712
Confirmed=X
Filename=services32.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102711-3533-99" target=_blank>BACKDOOR.IRC.BOT</a> TROJAN!
Source=Paul Collins Startup list

[system32.exe]
Number=10713
Confirmed=X
Filename=system32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-090514-4559-99" target=_blank>GRAYBIRD.P</a> TROJAN!
Source=Paul Collins Startup list

[System32Check]
Number=10714
Confirmed=X
Filename=[random].exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojchasta.html" target=_blank>CHAST-A</a> TROJAN!
Source=Paul Collins Startup list

[System32Dll]
Number=10715
Confirmed=X
Filename=DLL32SYS.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotcz.html" target="_blank">SPYBOT-CZ</a> WORM!
Source=Paul Collins Startup list

[System32Ex]
Number=10716
Confirmed=X
Filename=System32Ex.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-111818-3014-99" target="_blank">IRCCONTACT</a> TROJAN!
Source=Paul Collins Startup list

[System32kfvwĆ]
Number=10717
Confirmed=U
Filename=sysdiag.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-051211-3023-99" target="_blank">SpyAgent</a> surveillance software. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list

[System33]
Number=10718
Confirmed=X
Filename=FB_PNU.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32nicehelloa.html" target="_blank">NICHELLO-A</a> WORM!
Source=Paul Collins Startup list

[system34.exe]
Number=10719
Confirmed=X
Filename=system34.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdwnldrfxy.html" target="_blank">DWNLDR-FXY</a> TROJAN!
Source=Paul Collins Startup list

[System4224411]
Number=10720
Confirmed=X
Filename=Virus
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CAGER.A&VSect=P" target=_blank>CAGER.A</a> WORM!
Source=Paul Collins Startup list

[System4224411]
Number=10721
Confirmed=X
Filename=Systemdll.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32yusufalib.html" target=_blank>YUSUFALI-B</a> WORM!
Source=Paul Collins Startup list

[system43.exe]
Number=10722
Confirmed=X
Filename=system43.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[System64]
Number=10723
Confirmed=X
Filename=inet.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdenglea.html" target="_blank">DENGLE-A</a> TROJAN!
Source=Paul Collins Startup list

[SystemAdministration]
Number=10724
Confirmed=X
Filename=Wincmp32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2000-121815-0609-99" target="_blank">ASYLUM</a> TROJAN!
Source=Paul Collins Startup list

[SystemAgent]
Number=10725
Confirmed=U
Filename=Sage.exe
Description="Microsoft Plus! System Agent automatically tunes your system, performing tasks such as disk optimization and error correction. It can also run any application at prescheduled times"
Source=Paul Collins Startup list

[SystemB]
Number=10726
Confirmed=X
Filename=MessengerStopper.exe
Description=<a href="http://sarc.com/avcenter/venc/data/adware.messstopper.html" target=_blank>MessStopper</a> adware
Source=Paul Collins Startup list

[SystemBackup]
Number=10727
Confirmed=X
Filename=mtx.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2000-121510-4820-99" target="_blank">MTX</a> VIRUS/WORM!
Source=Paul Collins Startup list

[SystemBackup]
Number=10728
Confirmed=X
Filename=MicroLog.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_MICROLOG.A" target="_blank">MICROLOG.A</a> TROJAN!
Source=Paul Collins Startup list

[SystemBoot]
Number=10729
Confirmed=?
Filename=ladies.htm
Description=<font color="#FF0000">Unknown but sounds very suspicious??</font>
Source=Paul Collins Startup list

[SystemBoot]
Number=10730
Confirmed=X
Filename=Mshta.exe ...filename.hta
Description=Adult content dialler
Source=Paul Collins Startup list

[Systemboot]
Number=10731
Confirmed=X
Filename=msnsngr.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[SystemCheck]
Number=10732
Confirmed=X
Filename=Systemcheck.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-060409-0414-99" target="_blank">LAVITS</a> WORM!
Source=Paul Collins Startup list

[SystemCheck]
Number=10733
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32soberm.html" target= blank>SOBER-M</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Config\system subfolder of the Windows or Winnt folder
Source=Paul Collins Startup list

[SystemCheck]
Number=10734
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfkr.html" target=_blank>DELF-KR</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a C:\DriverLoad folder
Source=Paul Collins Startup list

[SystemCheck]
Number=10735
Confirmed=X
Filename=SysCheckBop32.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062915-3210-99" target=_blank>WINBO</a> adware
Source=Paul Collins Startup list

[SystemChecker]
Number=10736
Confirmed=X
Filename=Syschk.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-020214-1126-99" target="_blank">GALIL.F</a> WORM!
Source=Paul Collins Startup list

[SystemCONF98i]
Number=10737
Confirmed=X
Filename=SystemCONF98i.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=54418" target="_blank">GLITCH</a> TROJAN!
Source=Paul Collins Startup list

[SystemDebug]
Number=10738
Confirmed=X
Filename=Sysdeb32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112517-2455-99" target="_blank">SYSBUG</a> TROJAN!
Source=Paul Collins Startup list

[SystemDll]
Number=10739
Confirmed=X
Filename=SystemDll.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-112217-2953-99" target="_blank">LOXOSCAM</a> TROJAN!
Source=Paul Collins Startup list

[systemdll32.exe]
Number=10740
Confirmed=X
Filename=systemdll32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfeutelf.html" target= blank>FEUTEL-F</a> TROJAN!
Source=Paul Collins Startup list

[SystemDoctor 2006 Free]
Number=10741
Confirmed=N
Filename=sd2006.exe
Description=<a href="http://www.symantec.com/smb/security_response/writeup.jsp?docid=2006-062015-2622-99" target="_blank">SystemDoctor</a> is a Security Risk that may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported threats
Source=Paul Collins Startup list

[SystemDriver]
Number=10742
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-033116-3150-99" target=_blank>ASCETIC.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a \addins\explorer subfolder of the Winnt or Windows folder
Source=Paul Collins Startup list

[SystemDriverCheck]
Number=10743
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfkr.html" target=_blank>DELF-KR</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a C:\DriverLoad folder
Source=Paul Collins Startup list

[SystemDriverLoad]
Number=10744
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfkr.html" target=_blank>DELF-KR</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a C:\DriverLoad folder
Source=Paul Collins Startup list

[systemdrv]
Number=10745
Confirmed=X
Filename=ms32sys.exe
Description=Added by an unidentified WORM or TROJAN - most likely <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-102419-1801-99" target="_blank">GAOBOT</a> variant
Source=Paul Collins Startup list

[SystemEmergency]
Number=10746
Confirmed=X
Filename=[various filenames]
Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#smartsearch" target=_blank>Smartsearch</a> parasite variant
Source=Paul Collins Startup list

[SystemExplorer]
Number=10747
Confirmed=X
Filename=explore.exe
Description=Homepage hijacker - file located in the "Services" folder in Common Files
Source=Paul Collins Startup list

[SystemFile]
Number=10748
Confirmed=X
Filename=SystemFile.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdulldoora.html" target=_blank>DULLDOOR-A</a> TROJAN!
Source=Paul Collins Startup list

[SystemFTP]
Number=10749
Confirmed=X
Filename=VSENMB.exe
Description=Malware (ie, <u>mal</u>icious soft<u>ware</u>).&nbsp; Also changes the system.ini Shell line to read Shell=Explorer.exe VSENMB.exe, and it hacks the Winstart.bat as well
Source=Paul Collins Startup list

[SystemGent]
Number=10750
Confirmed=X
Filename=CVT.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32brontokh.html" target=_blank>BRONTOK-H</a> WORM!
Source=Paul Collins Startup list

[SystemGuardAlerter]
Number=10751
Confirmed=?
Filename=SystemGuardAlerter.exe
Description=Part of the Iolo <a href="http://www.iolo.com/sm/index.cfm" target="_blank">System Mechanic</a> maintenance software. <font color="#FF0000">What does it do?</font>
Source=Paul Collins Startup list

[SystemInit]
Number=10752
Confirmed=X
Filename=iservc.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-050821-0316-99" target="_blank">FIZZER</a> WORM!
Source=Paul Collins Startup list

[Systemiom Updater]
Number=10753
Confirmed=X
Filename=Systemiom.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.TY" target="_blank">SPYBOT.TY</a> WORM!
Source=Paul Collins Startup list

[SystemKey]
Number=10754
Confirmed=U
Filename=rundll32.exe [path] SystemKey.dll rdl
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-071816-1110-99" target=_blank>Stealth Keylogger</a> keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[SystemLoad32]
Number=10755
Confirmed=X
Filename=sysload32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110215-2433-99" target="_blank">MIMAIL.E</a> WORM!
Source=Paul Collins Startup list

[SystemManager]
Number=10756
Confirmed=X
Filename=Sysman32.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_100164.htm" target="_blank">DOWNLOADER-BW.B</a> TROJAN!
Source=Paul Collins Startup list

[SystemMap32]
Number=10757
Confirmed=X
Filename=Netisp32.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-071009-5318-99" target="_blank">REDIST.C</a> WORM!
Source=Paul Collins Startup list

[SystemMD]
Number=10758
Confirmed=X
Filename=md.exe
Description=Homepage hijacker
Source=Paul Collins Startup list

[SystemMgr]
Number=10759
Confirmed=X
Filename=Ir32_a.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmaganiaou.html" target="_blank">MAGANIA-OU</a> TROJAN!
Source=Paul Collins Startup list

[SystemMonitor]
Number=10760
Confirmed=X
Filename=Sysmon32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AIDID.A" target="_blank">AIDID.A</a> WORM!
Source=Paul Collins Startup list

[SystemNetwork]
Number=10761
Confirmed=X
Filename=NETSERV.EXE
Description=Added by the NETCONTROL VIRUS!
Source=Paul Collins Startup list

[SystemNetwork]
Number=10762
Confirmed=X
Filename=sysnet.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[SystemNT]
Number=10763
Confirmed=X
Filename=SystemNT.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpwsvbeg.html" target=_blank>PWSVB-EG</a> TROJAN!
Source=Paul Collins Startup list

[SystemProcEvent]
Number=10764
Confirmed=X
Filename=csrwnd.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-013116-4032-99" target=_blank>IRCBOT.I</a> TROJAN!
Source=Paul Collins Startup list

[systemr]
Number=10765
Confirmed=X
Filename=d11host.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbgx.html" target=_blank>GX</a> TROJAN!
Source=Paul Collins Startup list

[systemr]
Number=10766
Confirmed=X
Filename=gedit.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojadclickaq.html" target=_blank>ADCLICK-AQ</a> TROJAN!
Source=Paul Collins Startup list

[SystemReg]
Number=10767
Confirmed=?
Filename=PROCES.EXE
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[SystemReg]
Number=10768
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_DEWIN.E" target=_blank>DEWIN.E</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list

[SystemReg]
Number=10769
Confirmed=X
Filename=WINREG.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_DEWIN.A" target="_blank">DEWIN.A</a> TROJAN!
Source=Paul Collins Startup list

[Systems]
Number=10770
Confirmed=X
Filename=scchost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DAEMOZ.A" target="_blank">DAEMOZ.A</a> TROJAN!
Source=Paul Collins Startup list

[Systems]
Number=10771
Confirmed=X
Filename=svch0st.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040112-4708-99" target=_blank>MYDOOM.BI</a> WORM!
Source=Paul Collins Startup list

[Systems]
Number=10772
Confirmed=X
Filename=Systems.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankboaa.html" target= blank>BANKBOA-A</a> TROJAN!
Source=Paul Collins Startup list

[Systems]
Number=10773
Confirmed=X
Filename=itDDD.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderpp.html" target=_blank>DLOADER-PP</a> TROJAN!
Source=Paul Collins Startup list

[Systems]
Number=10774
Confirmed=X
Filename=sescmgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdwnldrgah.html" target="_blank">DWNLDR-GAH</a> TROJAN!
Source=Paul Collins Startup list

[Systems]
Number=10775
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadrsw.html" target="_blank">DLOADR-SW</a> TROJAN!
Source=Paul Collins Startup list

[Systems]
Number=10776
Confirmed=X
Filename=sysmon.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvixupbi.html" target="_blank">VIXUP-BI</a> WORM!
Source=Paul Collins Startup list

[Systems Backups]
Number=10777
Confirmed=X
Filename=windrives.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotrb.html" target=_blank>AGOBOT-RB</a> WORM!
Source=Paul Collins Startup list

[Systems Restart]
Number=10778
Confirmed=X
Filename=slchost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_MULTIDROP.C" target=_blank>MULTIDROP.C</a> TROJAN!

Source=Paul Collins Startup list

[Systems Restart]
Number=10779
Confirmed=X
Filename=spchost.exe
Description=Added by an unidentified WORM or TROJAN!

Source=Paul Collins Startup list

[Systems Restart]
Number=10780
Confirmed=X
Filename=Rundll32.exe beem.dll, DllRegisterServer
Description=Browser hijacker - the file serves to register a dll implemented as a browser plugin
Source=Paul Collins Startup list

[Systems Restart]
Number=10781
Confirmed=X
Filename=Rundll32.exe snim.dll, DllRegisterServer
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021713-2508-99" target=_blank>Startpage.I</a> hijacker
Source=Paul Collins Startup list

[Systems Restart]
Number=10782
Confirmed=X
Filename=Rundll32.exe zolk.dll, DllRegisterServer
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030719-0319-99" target="_blank">STARTPAGE.J</a> TROJAN!
Source=Paul Collins Startup list

[Systems.exe]
Number=10783
Confirmed=U
Filename=Systems.exe
Description=<a href="http://www.refog.com/download.htm" target="_blank">Keyboard Spectator</a> - monitoring software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it
Source=Paul Collins Startup list

[systems.exe]
Number=10784
Confirmed=U
Filename=systems.exe
Description=<a href="http://sarc.com/avcenter/venc/data/spyware.kgbspy.html" target="_blank">KGBSpy</a> is a commercial surveillance software program. It logs keystrokes, Web sites visited, and clipboard activity. It also has a screen capture logger and can be run automatically in a silent, undetectable mode
Source=Paul Collins Startup list

[SystemSafe]
Number=10785
Confirmed=U
Filename=Syssafe.exe
Description=<a href="http://www.webattack.com/get/systemsafety.shtml" target="_blank">System Safety Monitor</a> - system monitoring tool with additional application firewalling
Source=Paul Collins Startup list

[SYSTEMSars32]
Number=10786
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-051914-5016-99" target=_blank>AHLEM.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[SystemSAS]
Number=10787
Confirmed=X
Filename=System32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_KWBOT.C" target="_blank">KWBOT.C</a> WORM!
Source=Paul Collins Startup list

[systemscroot]
Number=10788
Confirmed=X
Filename=systembin.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[SystemSearch]
Number=10789
Confirmed=X
Filename=regedit.exe -s c:\ie.reg
Description=Installs a Seachxl.com browser page hijack
Source=Paul Collins Startup list

[SystemSearch]
Number=10790
Confirmed=X
Filename=regedit.exe -s c:\sys.reg
Description=Installs a i--search.com browser page hijack
Source=Paul Collins Startup list

[SystemService]
Number=10791
Confirmed=X
Filename=msocfg.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list

[SystemService]
Number=10792
Confirmed=X
Filename=navchk.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list

[SystemService]
Number=10793
Confirmed=X
Filename=qservice.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list

[SystemService]
Number=10794
Confirmed=X
Filename=shman.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list

[SystemService]
Number=10795
Confirmed=U
Filename=nsserver.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050715-2623-99" target= blank>NiceSpy</a> keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[SystemSettingf]
Number=10796
Confirmed=X
Filename=TRUG.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-030915-3512-99" target="_blank">TRUG.B</a> MACRO!
Source=Paul Collins Startup list

[SystemSuite Task Manager]
Number=10797
Confirmed=U
Filename=MXTASK.EXE
Description=vcom (nee Ontrack) <a href="http://www.v-com.com/product/ss_ind.html" target="_blank">SystemSuite</a> - PC maintenance and security. Use the program's configuration options to enable only the parts you want running all the time - such as Virusscanner Pro
Source=Paul Collins Startup list

[SystemTasks]
Number=10798
Confirmed=X
Filename=filez.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[SystemTasks]
Number=10799
Confirmed=X
Filename=sexypicz.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[SystemTasks]
Number=10800
Confirmed=X
Filename=loaded.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[SystemTools]
Number=10801
Confirmed=X
Filename=kernels32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderfc.html" target="_blank">DLOADER-FC</a> TROJAN!
Source=Paul Collins Startup list

[SystemTools]
Number=10802
Confirmed=X
Filename=kernels1118.exe
Description=Added by the <a href="http://207.230.103.11/public/ALERTS/small_dgk.asp" target="_blank">SMALL.DGK</a> TROJAN!
Source=Paul Collins Startup list

[SystemTools]
Number=10803
Confirmed=X
Filename=kernels8.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdwnldrfng.html" target="_blank">FNG</a> TROJAN!
Source=Paul Collins Startup list

[SystemTools]
Number=10804
Confirmed=X
Filename=kernels88.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtibspp.html" target="_blank">TIBS-PP</a> TROJAN!
Source=Paul Collins Startup list

[Systemtra]
Number=10805
Confirmed=X
Filename=Systra.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lovgatew.html" target=_blank>LOVGATE-W</a> WORM!
Source=Paul Collins Startup list

[SystemTra]
Number=10806
Confirmed=X
Filename=CDPlay.EXE
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list

[SystemTray]
Number=10807
Confirmed=U
Filename=SysTray.Exe
Description=SYSTRAY.EXE - System Tray Services. Provides the Volume Control, PC Card Status, Power Management and other icons that reside in the System Tray (see <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;128129" target="_blank">here</a>). SYSTRAY.EXE may be disabled if none of these services are required. It will launch as and when required if you later enable the icons. If you need these items they're available via Start -&gt; Settings -&gt; Control Panel
Source=Paul Collins Startup list

[SystemTray]
Number=10808
Confirmed=X
Filename=SystemTray.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-050116-1402-99" target="_blank">BIGFOOT</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/systray/" target="_blank">systray.exe</a> process
Source=Paul Collins Startup list

[SystemTray]
Number=10809
Confirmed=X
Filename=SysTray.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-041019-1534-99" target=_blank>ALADINZ.P</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/systray/" target=_blank>systray.exe</a> process. If you right-click on the real systray.exe the "Properties" reveal it to be a Microsoft file
Source=Paul Collins Startup list

[SystemTraySD]
Number=10810
Confirmed=U
Filename=SDSystemTray.exe
Description=Spyware Detector - spyware remover. Initially not recommended due to false positives but the later versions have since improved - see  <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#swdetect_note" target=_blank>here</a>
Source=Paul Collins Startup list

[SystemTraySR]
Number=10811
Confirmed=U
Filename=SRSystemTray.exe
Description=Spyware Detector - spyware remover. Initially not recommended due to false positives but the later versions have since improved - see  <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#swdetect_note" target=_blank>here</a>
Source=Paul Collins Startup list

[SystemUpd]
Number=10812
Confirmed=N
Filename=SystemUpd.exe
Description=Updater for Swapoo.com, a kind of Napster for games
Source=Paul Collins Startup list

[SystemWideHook for Windows NT]
Number=10813
Confirmed=X
Filename=%WinHook32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-092818-5251-99" target="_blank">MYDOOM.AC</a> WORM!
Source=Paul Collins Startup list

[SystemWizard Sniffer]
Number=10814
Confirmed=U
Filename=Sniffer.exe
Description=<a href="http://www.systemsoft.com/l-2/l-3/products-systemwizard.htm" target="_blank">SystemWizard</a> for Win98/ME from SystemSoft - diagnoses and solves hardware and software problems on a PC
Source=Paul Collins Startup list

[systemyom Updater]
Number=10815
Confirmed=X
Filename=systemyom.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102711-3533-99" target=_blank>BACKDOOR.IRC.BOT</a> TROJAN!
Source=Paul Collins Startup list

[SYSTEMZ Patch]
Number=10816
Confirmed=X
Filename=SYSZ.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-041019-1534-99" target=_blank>ALADINZ.P</a> TROJAN!
Source=Paul Collins Startup list

[System_Messages]
Number=10817
Confirmed=U
Filename=pprsen.exe
Description=<a href="http://www.plevna.f9.co.uk/" target="_blank">TerminatorX</a> - "offers an easy and effective method of stopping users running predetermined file sharing programs like KaZaA, messenger programs, chat rooms and the like"
Source=Paul Collins Startup list

[systen32.exe]
Number=10818
Confirmed=X
Filename=systen32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadraqp.html" target="_blank">AQP</a> TROJAN!
Source=Paul Collins Startup list

[Systes]
Number=10819
Confirmed=X
Filename=jrdtifkkxbbsa.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadc.html" target=_blank>RBOT-ADC</a> WORM!
Source=Paul Collins Startup list

[Systesms.exe]
Number=10820
Confirmed=X
Filename=systesms.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbothi.html" target="_blank">RBOT-HI</a> WORM!
Source=Paul Collins Startup list

[Systest]
Number=10821
Confirmed=U
Filename=Systest.exe
Description=<a href="http://www.teosoft.com/site/index.html" target="_blank">Clean Space</a> internet evidence eliminator
Source=Paul Collins Startup list

[systhread]
Number=10822
Confirmed=X
Filename=winkernal.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-072420-0923-99" target="_blank">LIAMED</a> WORM!
Source=Paul Collins Startup list

[SysTime]
Number=10823
Confirmed=X
Filename=systime.exe
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant - also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpafl.html" target= blank>STARTPA-FL</a> TROJAN!
Source=Paul Collins Startup list

[Systmesy]
Number=10824
Confirmed=X
Filename=Systmesy.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotkq.html" target="_blank">RBOT-KQ</a> WORM!
Source=Paul Collins Startup list

[Systoan32]
Number=10825
Confirmed=X
Filename=systoan.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[systr]
Number=10826
Confirmed=X
Filename=SYSERVER.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vbdqy.html" target="_blank">VB-DQY</a> WORM!
Source=Paul Collins Startup list

[systr2]
Number=10827
Confirmed=X
Filename=SERVICE.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vbdqy.html" target="_blank">VB-DQY</a> WORM!
Source=Paul Collins Startup list

[systr32]
Number=10828
Confirmed=?
Filename=systr32.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[systrans]
Number=10829
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpagz.html" target=_blank>STARTPA-GZ</a> TROJAN!
Source=Paul Collins Startup list

[systrax]
Number=10830
Confirmed=?
Filename=systrax.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Systray]
Number=10831
Confirmed=X
Filename=Systray_.Exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080513-2747-99" target="_blank">KERGEZ.A</a> WORM!
Source=Paul Collins Startup list

[Systray]
Number=10832
Confirmed=X
Filename=[filename.exe]
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-012016-2102-99" target="_blank">Winfavorites</a> adware
Source=Paul Collins Startup list

[SYSTRAY]
Number=10833
Confirmed=X
Filename=UNMT.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderlq.html" target=_blank>DLOADER-LQ</a> TROJAN!
Source=Paul Collins Startup list

[SysTray]
Number=10834
Confirmed=U
Filename=SysTray.Exe
Description=SYSTRAY.EXE - System Tray Services. Provides the Volume Control, PC Card Status, Power Management and other icons that reside in the System Tray (see <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;128129" target="_blank">here</a>). SYSTRAY.EXE may be disabled if none of these services are required. It will launch as and when required if you later enable the icons. If you need these items they're available via Start -&gt; Settings -&gt; Control Panel
Source=Paul Collins Startup list

[SysTray]
Number=10835
Confirmed=X
Filename=Snnpapi.exe
Description=Added by an unidentified TROJAN!
Source=Paul Collins Startup list

[Systray]
Number=10836
Confirmed=X
Filename=w32explorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajy.html" target=_blank>RBOT-AJY</a> WORM!
Source=Paul Collins Startup list

[Systray]
Number=10837
Confirmed=X
Filename=SteFanie.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-092216-3721-99" target=_blank>STEFAN</a> WORM! Note - make sure you check the hyperlink as this one copies it's self to numerous dirves and folders
Source=Paul Collins Startup list

[Systray]
Number=10838
Confirmed=X
Filename=KAT.vbs
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/vbssoadd.html" target="_blank">SOAD-D</a> WORM!
Source=Paul Collins Startup list

[SysTray]
Number=10839
Confirmed=X
Filename=svhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rajiloa.html" target="_blank">RAJILO-A</a> WORM!
Source=Paul Collins Startup list

[Systray driver]
Number=10840
Confirmed=X
Filename=systray.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040320-4732-99" target="_blank">MUTEBOT</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/systray/" target="_blank">systray.exe</a> process
Source=Paul Collins Startup list

[SystrayServices]
Number=10841
Confirmed=X
Filename=Msxpw.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031316-3656-99" target="_blank">CITOR</a> WORM!
Source=Paul Collins Startup list

[systree]
Number=10842
Confirmed=X
Filename=systree
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-090816-2453-99" target="_blank">BANCOS.L</a> TROJAN!
Source=Paul Collins Startup list

[Systrsy]
Number=10843
Confirmed=X
Filename=Systrsy.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-083015-3732-99" target=_blank>CDTRAY</a> TROJAN! Note - this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
Source=Paul Collins Startup list

[Systry]
Number=10844
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111308-1926-99" target="_blank">AUTEX</a> WORM!
Source=Paul Collins Startup list

[SYStry]
Number=10845
Confirmed=X
Filename=spoolsvr.exe
Description=Added by the <a href="http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?lst=det&idvirus=42984" target="_blank">SDBOT.GN</a> WORM!
Source=Paul Collins Startup list

[Systryt]
Number=10846
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111308-1926-99" target="_blank">AUTEX</a> WORM!
Source=Paul Collins Startup list

[SystUphes]
Number=10847
Confirmed=X
Filename=algesetp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassam.html" target=_blank>QQPASS-AM</a> TROJAN!
Source=Paul Collins Startup list

[Systweak Ad and Popup Blocker]
Number=10848
Confirmed=U
Filename=adblock.exe
Description=Ad and popup blocker part of <a href="http://www.systweak.com/asov2/" target="_blank">Advanced System Optimizer</a> from Systweak
Source=Paul Collins Startup list

[Systweak Memory Optimizer]
Number=10849
Confirmed=U
Filename=memtuneup.exe
Description=Part of <a href="http://www.systweak.com/asov2/" target=_blank>SysTweak</a> Advanced System Optimizer
Source=Paul Collins Startup list

[sysu]
Number=10850
Confirmed=X
Filename=sysu.exe
Description=Dynamic Desktop Media adware - see <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112718-0040-99" target="_blank">here</a>
Source=Paul Collins Startup list

[sysug32.exe]
Number=10851
Confirmed=X
Filename=sysug32.exe
Description=Added by an unidentified TROJAN or WORM!
Source=Paul Collins Startup list

[SysUpd]
Number=10852
Confirmed=X
Filename=Sysupd.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120914-4108-99" target=_blank>VirtuMonde</a> adware
Source=Paul Collins Startup list

[sysupdate]
Number=10853
Confirmed=X
Filename=cmman32.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Sysvupex]
Number=10854
Confirmed=X
Filename=Sysvupex.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032713-0001-99" target="_blank">MEDIAS</a> TROJAN!
Source=Paul Collins Startup list

[sysvx]
Number=10855
Confirmed=X
Filename=sysvx_.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlooskybx.html" target="_blank">LOOSKY-BX</a> TROJAN!
Source=Paul Collins Startup list

[SysW8]
Number=10856
Confirmed=U
Filename=csta.exe
Description=<a href="http://www.teosoft.com/site/index.html" target="_blank">Clean Space</a> internet evidence eliminator
Source=Paul Collins Startup list

[SYSWB6]
Number=10857
Confirmed=U
Filename=SYSWB6.exe
Description=Part of <a href="http://weblocker.fameleads.com/" target="_blank">We-Blocker</a> - gives parents the opportunity to monitor their children's Internet access and provide them with age-appropriate content, while filtering out sites that contain adult content. Works in conjunction with <a href="http://www.sysinfo.org/startuplist.php?filter=Winkb6" target="_blank">Winkb6</a> and both files are needed to run We-Blocker
Source=Paul Collins Startup list

[SysWin]
Number=10858
Confirmed=X
Filename=SysWin.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-111818-3014-99" target="_blank">IRCCONTACT</a> TROJAN!
Source=Paul Collins Startup list

[syswin]
Number=10859
Confirmed=X
Filename=v6.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentecm.html" target="_blank">AGENT-ECM</a> TROJAN!
Source=Paul Collins Startup list

[syswin32]
Number=10860
Confirmed=X
Filename=syswin32.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Syswindow]
Number=10861
Confirmed=X
Filename=Syswindow.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-122713-0716-99" target="_blank">COW</a> TROJAN!
Source=Paul Collins Startup list

[SysWy]
Number=10862
Confirmed=X
Filename=rundll32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagejh.html" target=_blank>LINEAGE-JH</a> TROJAN! Note - this file is found in the C:\Windows\System folder, and is not to be confused with the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll32/" target=_blank>rundll32.exe</a> file, always located in the Windows folder on Win98/ME systems, and in the Winnt\System32 or Windows\System32 folder in WinXP/NT/2K!
Source=Paul Collins Startup list

[sysX3]
Number=10863
Confirmed=X
Filename=sys22.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-072515-0033-99" target=_blank>RANTS.C</a> WORM!
Source=Paul Collins Startup list

[sysygm32]
Number=10864
Confirmed=X
Filename=syscxd32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotpc.html" target="_blank">IRCBOT-PC</a> TROJAN!
Source=Paul Collins Startup list

[sysygm64]
Number=10865
Confirmed=X
Filename=winrxd64.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotrk.html" target="_blank">IRCBOT-RK</a> TROJAN!
Source=Paul Collins Startup list

[SYS_CLEAN]
Number=10866
Confirmed=X
Filename=Service.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110909-2214-99" target="_blank">FLOPCOPY</a> WORM!
Source=Paul Collins Startup list

[Sys_Run]
Number=10867
Confirmed=X
Filename=ghost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagen.html" target=_blank>LINEAGE-N</a> TROJAN!
Source=Paul Collins Startup list

[sys_Runtt1]
Number=10868
Confirmed=X
Filename=explorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineageam.html" target="_blank">LINEAGE-M</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the Program Files folder
Source=Paul Collins Startup list

[SyztMy]
Number=10869
Confirmed=X
Filename=expiorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagain.html" target="_blank">LINEAG-AIN</a> TROJAN!
Source=Paul Collins Startup list

[SZMsgSvc.exe]
Number=10870
Confirmed=U
Filename=SZMsgSvc.exe
Description=<a href="http://www.stopzilla.com/site/default.asp?AID=10000&amp;AAID=&amp;type=&amp;topic=&amp;source=&amp;dd=&amp;SID=350721059-200314-2-15-54-54&amp;dre=" target="_blank">StopZilla!</a> - pop-up killer
Source=Paul Collins Startup list

[t]
Number=10871
Confirmed=X
Filename=xclean.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081815-0829-99" target="_blank">FlashEnhancer</a> adware
Source=Paul Collins Startup list

[T-DSL SpeedMgr]
Number=10872
Confirmed=N
Filename=speedmgr.exe
Description=T-Online ISP SpeedManager - shows upload and download speed. Also checks for updates automatically
Source=Paul Collins Startup list

[T3Console]
Number=10873
Confirmed=U
Filename=T3Console.exe
Description=Related to <a href="http://www.tiss-msc.com/" target=_blank>T3 Security Suite</a> - prevents unauthorized or inappropriate access to your PC and data
Source=Paul Collins Startup list

[Taakcontrole]
Number=10874
Confirmed=U
Filename=taskmon.exe
Description=Task Monitor (on Dutch language versions of Windows) - checks the disk-access patterns of programs when they are started and stores this information in log files in the Applog folder. Task Monitor also records the number of times you use a program. The Disk Defragmenter tool uses this information to optimize your hard disk so that programs that you use frequently are loaded faster. Not required - but can be useful. Note: for Norton Anti-Virus 2002 users, loading TaskMonitor will typically solve many, if not most, of those annoying IE scripting errors (per Symantec's Knowledgebase)
Source=Paul Collins Startup list

[Taba]
Number=10875
Confirmed=X
Filename=stte.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[Tablet]
Number=10876
Confirmed=N
Filename=Tablet.exe
Description=Loads the tablet drivers for the Wacom Graphics Tablet. This can be unchecked in msconfig without problems if you don't need the tablet functional all the time. Create your own shortcut if you need to run it ad hoc. If you forget to run it before running Paint Shop Pro &amp; Adobe Photo Shop) you may find the following: (1) Paint Shop Pro (version 7.04) - (a) Browse function will NOT work (program freezes) (b) On program exit, PSP does not terminate (you have to CTRL+ALT+DEL to close it) (2) Photo Shop (version 6.01) - (a) Program functions slowdown (d) On program exit it takes noticeably longer to shut down (like 30-45 seconds)
Source=Paul Collins Startup list

[tablet s]
Number=10877
Confirmed=Y
Filename=tablet s
Description=Starts the Wacom Penabled driver on Acer Tablet PCs (tablet icon with a green check appears during startup if successful)
Source=Paul Collins Startup list

[Tablet Task]
Number=10878
Confirmed=X
Filename=tabletsk32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajb.html" target=_blank>RBOT-AJB</a> WORM!
Source=Paul Collins Startup list

[TabletTip]
Number=10879
Confirmed=U
Filename=tabtip.exe
Description=The Microsoft Tablet PC Input Panel converts handwriting to text dynamically, and you can make corrections quickly and easily before inserting text
Source=Paul Collins Startup list

[TabletWizard]
Number=10880
Confirmed=U
Filename=SPLSHWRP.EXE
Description=Microsoft Tablet PC Component
Source=Paul Collins Startup list

[TabUserW]
Number=10881
Confirmed=Y
Filename=TabUserW.exe
Description=Wacom pen tablet driver
Source=Paul Collins Startup list

[TAcelMgr]
Number=10882
Confirmed=?
Filename=TAcelMgr.exe
Description=TOSHIBA Acceleration Utilities related. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[Tad]
Number=10883
Confirmed=N
Filename=tad.exe
Description=From Turtle Beach's Santa Cruz on a Dell WinME system. Not required - works fine without it including keyboard hot controls for volume and mute
Source=Paul Collins Startup list

[Taesk managers]
Number=10884
Confirmed=X
Filename=tase.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotayk.html" target=_blank>RBOT-AYK</a> TROJAN!
Source=Paul Collins Startup list

[TAG]
Number=10885
Confirmed=?
Filename=tag.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Tahni Deskmate]
Number=10886
Confirmed=N
Filename=Tahni.exe
Description=<a href="http://www.tahni.com/" target="_blank">Tahni Deskmate</a> - &quot;Interactive cartoon character that lives on your Windows desktop&quot;
Source=Paul Collins Startup list

[TakeMP3]
Number=10887
Confirmed=X
Filename=rundll32.exe MSA64CHK.dll, DllMostrar
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MatrixDialer&threatid=14914&search=MatrixDialer" target=_blank>MatrixDialer</a> related
Source=Paul Collins Startup list

[TAKSMGN]
Number=10888
Confirmed=X
Filename=taskmr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahs.html" target=_blank>RBOT-AHS</a> WORM!
Source=Paul Collins Startup list

[talk]
Number=10889
Confirmed=X
Filename=talk.bat
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32tiotuag.html" target="_blank">TIOTUA-G</a> WORM!
Source=Paul Collins Startup list

[TalkingReminder]
Number=10890
Confirmed=N
Filename=TALKINGREMINDER.EXE
Description=<a href="http://www.softwareriver.com/html/talking_reminder.html" target="_blank">Talking Reminder</a> from Software River Solutions - talking calendar reminder
Source=Paul Collins Startup list

[talknow]
Number=10891
Confirmed=?
Filename=talknow.exe
Description=<font color="#FF0000">Could it be related to <a href="http://www.multilingualbooks.com/talknow.html" target="_blank">this</a> or something similar?</font>
Source=Paul Collins Startup list

[Tango]
Number=10892
Confirmed=?
Filename=Setup.exe
Description=Tango Broadband access software. <font color="#FF0000"> Is it required?</font>
Source=Paul Collins Startup list

[TangoManager]
Number=10893
Confirmed=?
Filename=TangoManager.exe
Description=Tango Broadband access software. <font color="#FF0000"> Is it required?</font>
Source=Paul Collins Startup list

[TANG_INA_MO]
Number=10894
Confirmed=X
Filename=AutoRun.bat
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062709-3249-99" target=_blank>FILUKIN.A</a> WORM!
Source=Paul Collins Startup list

[Tapicfg]
Number=10895
Confirmed=X
Filename=Tapicfg.exe
Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#tapicfg" target=_blank>Tapicfg</a> parasite variant
Source=Paul Collins Startup list

[Tapisys]
Number=10896
Confirmed=X
Filename=tss.exe
Description=Added by the SMALL TROJAN!
Source=Paul Collins Startup list

[TapiTNA]
Number=10897
Confirmed=U
Filename=TapiTNA.exe
Description=Telephony Location Selector allowing mobile users to change dialling locations - part of the <a href="http://www.microsoft.com/windows95/downloads/contents/WUToys/W95PwrToysSet/Default.asp" target="_blank">Win95 Power Toys</a>
Source=Paul Collins Startup list

[Tardis]
Number=10898
Confirmed=U
Filename=Tardis.exe
Description=<a href="http://www.kaska.demon.co.uk/" target="_blank">Tardis</a> - time synchronization software
Source=Paul Collins Startup list

[Task]
Number=10899
Confirmed=X
Filename=tasker.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-090317-5337-99" target="_blank">MYDOOM.R</a> WORM!
Source=Paul Collins Startup list

[Task Bar]
Number=10900
Confirmed=X
Filename=TASKBAR.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_FRETHEM.J" target="_blank">FRETHEM.J</a> WORM!
Source=Paul Collins Startup list

[Task BarClient]
Number=10901
Confirmed=?
Filename=TaskBarClient.exe
Description=Responsible for creating the System Tray icon and associated display system for the<font color="#FF0000"> <a href="http://www.starband.com/" target="_blank">Starband</a> </font> satellite always on internet service
Source=Paul Collins Startup list

[Task BarSvr]
Number=10902
Confirmed=?
Filename=TaskBarSvr.exe
Description=<font color="#FF0000">Part of the <a href="http://www.starband.com/" target="_blank">Starband</a> satellite always on internet service. Not included on the current system. What does it do and is it needed?</font>
Source=Paul Collins Startup list

[Task Catcher]
Number=10903
Confirmed=U
Filename=tasktrap.exe
Description=<a href="http://www.taskcatcher.com/" target=_blank>Task Catcher</a> - utility that will block unwanted programs from running
Source=Paul Collins Startup list

[Task Catcher Real-Time Detector]
Number=10904
Confirmed=U
Filename=tasktrap.exe
Description=<a href="http://www.taskcatcher.com/" target=_blank>Task Catcher</a> - utility that will block unwanted programs from running
Source=Paul Collins Startup list

[Task Commander]
Number=10905
Confirmed=X
Filename=regsvc32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotrx.html" target= blank>AGOBOT-RX</a> WORM!
Source=Paul Collins Startup list

[Task Debugger]
Number=10906
Confirmed=X
Filename=sysdll.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotcq.html" target=_blank>RBOT-CQ</a> WORM!
Source=Paul Collins Startup list

[Task Help]
Number=10907
Confirmed=X
Filename=wualcts.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Task Manager]
Number=10908
Confirmed=X
Filename=taskmngr.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.Y" target="_blank">RBOT.Y</a> WORM!
Source=Paul Collins Startup list

[Task Manager]
Number=10909
Confirmed=X
Filename=taskman.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbott.html" target=_blank>FORBOT-T</a> WORM!
Source=Paul Collins Startup list

[Task Manager]
Number=10910
Confirmed=X
Filename=prcview.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotrt.html" target= blank>AGOBOT-RT</a> WORM!
Source=Paul Collins Startup list

[Task manager]
Number=10911
Confirmed=X
Filename=taskemngr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaga.html" target=_blank>RBOT-AGA</a> WORM!
Source=Paul Collins Startup list

[Task manager]
Number=10912
Confirmed=X
Filename=TikTo.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.LV&VSect=P" target=_blank>RBOT.LV</a> WORM!
Source=Paul Collins Startup list

[Task manager]
Number=10913
Confirmed=X
Filename=taskmngr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotayz.html" target=_blank>RBOT-AYZ</a> WORM!
Source=Paul Collins Startup list

[Task Manager]
Number=10914
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sohanap.html" target="_blank">SOHANA-P</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should not normally figure in Msconfig/Startup!
Source=Paul Collins Startup list

[Task Manager]
Number=10915
Confirmed=X
Filename=taskmng.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtiotuae.html" target="_blank">TIOTUA-E</a> WORM!
Source=Paul Collins Startup list

[Task Monitoring Service]
Number=10916
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031016-3315-99" target=_blank>CONE.D</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "tasks" subfolder of the Winnt or Windows folder
Source=Paul Collins Startup list

[Task Scheduler Engine]
Number=10917
Confirmed=X
Filename=schedsvc32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasj.html" target=_blank>RBOT-ASJ</a> WORM!
Source=Paul Collins Startup list

[task service]
Number=10918
Confirmed=X
Filename=taskservices.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Task service]
Number=10919
Confirmed=X
Filename=taskmgs.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[TASK SETUP]
Number=10920
Confirmed=X
Filename=tasksetup.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyr.html" target= blank>RBOT-YR</a> WORM!
Source=Paul Collins Startup list

[Taskbar]
Number=10921
Confirmed=N
Filename=Taskbar.exe
Description=Taskbar icon for the Redline RegTweak overclocking program as supplied with Sapphire ATI graphics cards
Source=Paul Collins Startup list

[TaskBar]
Number=10922
Confirmed=N
Filename=CTLTask.exe
Description=Creative SoundBlaster Audigy Taskbar - used to choose between different types of EAX Effects, not required in startup. NOTE: if you get a ctltask.exe error message while installing the Audigy drivers, see <a href="http://support.microsoft.com/?kbid=321969" target=_blank>this</a> Microsoft Knowledge Base article
Source=Paul Collins Startup list

[Taskbar Display Controls]
Number=10923
Confirmed=N
Filename=RunDLL deskcp16.dll, QUICKRES_RUNDLLENTRY
Description=Only appears in MSCONFIG if you have a Display Settings icon in the System Tray allowing resolution changes on the fly. Can also be disabled under Control Panel -&gt; Display -&gt; Settings -&gt; Advanced -&gt; General. Also appears if you have Win95 with the QuickRes &quot;Powertoy&quot; installed
Source=Paul Collins Startup list

[Taskbar Service]
Number=10924
Confirmed=X
Filename=taskbar.svc
Description=Unidentified adware
Source=Paul Collins Startup list

[Taskbar System]
Number=10925
Confirmed=X
Filename=tasksys.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Taskbar++]
Number=10926
Confirmed=N
Filename=TaskbarPP.exe
Description=<a href="http://www.ghacks.net/2005/12/08/freeware-taskbar/" target="_blank">Taskbar++</a> is a software that allows you to sort (move) the buttons of the Windows taskbar by Drag & Drop
Source=Paul Collins Startup list

[Taskbell.exe]
Number=10927
Confirmed=X
Filename=Rund1.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-090210-4059-99" target="_blank">YIPID</a> TROJAN!
Source=Paul Collins Startup list

[taskdir]
Number=10928
Confirmed=X
Filename=taskdir.exe
Description=Added by the <a href="http://www.eset.com/msgs/trojanproxylageraq.htm" target=_blank>LAGER.AQ</a> TROJAN!

Source=Paul Collins Startup list

[TaskList]
Number=10929
Confirmed=X
Filename=tasklist32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosdx.html" target=_blank>BANCOS-DX</a> TROJAN!
Source=Paul Collins Startup list

[TaskMan]
Number=10930
Confirmed=X
Filename=rundll32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-031016-5849-99" target="_blank">DVLDR</a> TROJAN! Note - this is not the valid "rundll32.exe" as it's in the Windows\Fonts directory
Source=Paul Collins Startup list

[taskmanager]
Number=10931
Confirmed=X
Filename=taskmgr.com
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111315-1022-99" target="_blank">BEREB</a> WORM!
Source=Paul Collins Startup list

[taskmanager]
Number=10932
Confirmed=X
Filename=taskmanager.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobottf.html" target=_blank>AGOBOT-TF</a> WORM!
Source=Paul Collins Startup list

[TaskManager]
Number=10933
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojldpinchcf.html" target=_blank>LDPINCH-CF</a> TROJAN!
Source=Paul Collins Startup list

[taskmanger]
Number=10934
Confirmed=X
Filename=taskmanger.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Taskmgo]
Number=10935
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbant.html" target=_blank>BANCBAN-T</a> TROJAN!

Source=Paul Collins Startup list

[Taskmgr]
Number=10936
Confirmed=X
Filename=Taskmgr.exe
Description=System1060 homepage hi-jacker. Note - this is not a Windows file and is found in a WindowsSystem1060 directory
Source=Paul Collins Startup list

[Taskmgr]
Number=10937
Confirmed=X
Filename=tskmgr32.exe
Description=Homepage hi-jacker
Source=Paul Collins Startup list

[taskmgr]
Number=10938
Confirmed=X
Filename=taskmgr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080910-5958-99" target=_blank>Startpage.G</a> hijacker. Note - this is NOT the Windows Task Manager file!
Source=Paul Collins Startup list

[Taskmgr]
Number=10939
Confirmed=X
Filename=system.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_PAKES.G&VSect=P" target=_blank>PAKES.G</a> TROJAN!
Source=Paul Collins Startup list

[taskmgr]
Number=10940
Confirmed=X
Filename=explorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzapchasac.html" target=_blank>ZAPCHAS-AC</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System folder
Source=Paul Collins Startup list

[taskmgr]
Number=10941
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentenv.html" target="_blank">AGENT-ENV</a> TROJAN!
Source=Paul Collins Startup list

[taskmgr]
Number=10942
Confirmed=X
Filename=taskmanager.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbckdrqht.html" target="_blank">BCKDR-QHT</a> TROJAN!
Source=Paul Collins Startup list

[taskmgr.exe]
Number=10943
Confirmed=N
Filename=taskmgr.exe
Description=Windows Task Manager in Windows XP. If run from the Startup folder, the tray icon will be put to the system tray after boot. Useful to check if XP has finished running the delayed services after boot. Available via a desktop shortcut
Source=Paul Collins Startup list

[taskmgr.exe]
Number=10944
Confirmed=X
Filename=paint.exe
Description=Added by a variant of the AGENT.AH downloader TROJAN!
Source=Paul Collins Startup list

[taskmgr.exe]
Number=10945
Confirmed=X
Filename=mirc.exe
Description=Added by a variant of the AGENT.AH TROJAN!
Source=Paul Collins Startup list

[taskmgr.exe]
Number=10946
Confirmed=X
Filename=paintms.exe
Description=Added by a variant of the AGENT.AH TROJAN!
Source=Paul Collins Startup list

[TASKMGRU]
Number=10947
Confirmed=X
Filename=TASKMGRU.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcwsm.html" target=_blank>CWS-M</a> TROJAN!
Source=Paul Collins Startup list

[taskmngr]
Number=10948
Confirmed=X
Filename=[path] msnve.exe [path] task.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfloodek.html" target=_blank>FLOOD-EK</a> TROJAN!
Source=Paul Collins Startup list

[taskmngr lptt01]
Number=10949
Confirmed=X
Filename=taskmngr.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Taskmngr" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[taskmngr ml097e]
Number=10950
Confirmed=X
Filename=taskmngr.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Taskmngr" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[TaskMon]
Number=10951
Confirmed=X
Filename=taskmon.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-012612-5422-99" target="_blank">MYDOOM.A</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042015-1844-99" target="_blank">MYDOOM.J</a> WORMS! Note - this is not the legitimate Win9x/Me file of the same name which resides in C:\Windows as this version resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP). It is not normally on a WinXP system
Source=Paul Collins Startup list

[Taskmon driver]
Number=10952
Confirmed=X
Filename=winampa.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojloonyi.html" target="_blank">LOONY-I</a> TROJAN! Note - this is NOT associated with the popular <a href="http://www.winamp.com/" target="_blank">Winamp</a> media player. The valid file for the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winampa/" target="_blank">Winamp Agent</a> resides in a "Winamp" subdirectory of the Program Files directory whereas this file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[taskmone]
Number=10953
Confirmed=X
Filename=taskmone.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsingus.html" target=_blank>SINGU-S</a> TROJAN!
Source=Paul Collins Startup list

[TaskMonitor]
Number=10954
Confirmed=U
Filename=taskmon.exe
Description=The Task Monitor checks the disk-access patterns of programs when they are started and stores this information in log files in the Applog folder. Task Monitor also records the number of times you use a program. The Disk Defragmenter tool uses this information to optimize your hard disk so that programs that you use frequently are loaded faster. Not required - but can be useful. Note: for Norton Anti-Virus 2002 users, loading TaskMonitor will typically solve many, if not most, of those annoying IE scripting errors (per Symantec's Knowledgebase)
Source=Paul Collins Startup list

[TaskMrg]
Number=10955
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojldpinchw.html" target=_blank>LDPINCH-W</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[taskmrg.exe]
Number=10956
Confirmed=X
Filename=taskimg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderqz.html" target=_blank>DLOADER-QZ</a> TROJAN!
Source=Paul Collins Startup list

[taskopen.exe]
Number=10957
Confirmed=X
Filename=taskopen.exe
Description=Added by the HIDD.C TROJAN!
Source=Paul Collins Startup list

[TaskPlus]
Number=10958
Confirmed=N
Filename=TASKPLUS0.EXE
Description=Task and calendar management software available as freeware or as a &quot;Professional&quot; version for sharing over a LAN
Source=Paul Collins Startup list

[TaskPlus]
Number=10959
Confirmed=N
Filename=TASKPL~1.EXE
Description=Task and calendar management software available as freeware or as a &quot;Professional&quot; version for sharing over a LAN
Source=Paul Collins Startup list

[TaskReg]
Number=10960
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_CBLAD.A" target="_blank">CBLAD</a> WORM!
Source=Paul Collins Startup list

[TaskS manager]
Number=10961
Confirmed=X
Filename=taskmgrs.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.QU&VSect=P" target=_blank>AGOBOT.QU</a> WORM!
Source=Paul Collins Startup list

[Taskschd]
Number=10962
Confirmed=X
Filename=TRAYWND.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.002" target="_blank">LITMUS.002</a> TROJAN!
Source=Paul Collins Startup list

[TaskScheduler]
Number=10963
Confirmed=U
Filename=TaskSch.exe
Description=<a href="http://www.proseries.com/" target="_blank">ProSeries</a> accounting software related
Source=Paul Collins Startup list

[taskswitch]
Number=10964
Confirmed=N
Filename=taskswitch.exe
Description=ALT+TAB replacement Powertoy for Windows XP - enhances the graphics displayed when you want to switch between programs running full-screen
Source=Paul Collins Startup list

[TaskSwitchXP]
Number=10965
Confirmed=U
Filename=TaskSwitchXP.exe
Description="<a href="http://www.ntwind.com/software/taskswitchxp.html" target="_blank">TaskSwitchXP</a> from NTWind Software. Advanced task management utility that picks up where the standard Windows Alt Tab switcher leaves off. It provides the same functionality, and adds visual styles to the dialog and also enhances it by displaying thumbnail preview of the application that will be switched to"
Source=Paul Collins Startup list

[tasksys]
Number=10966
Confirmed=X
Filename=tasksys.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111314-3449-99" target="_blank">BYRON</a> WORM!
Source=Paul Collins Startup list

[Tasktray]
Number=10967
Confirmed=N
Filename=CTLTray.exe
Description=Installed with the Sound Blaster Audigy range of soundcards. Allows you to set EAX effects or equalizer settings for the Sound Blaster&nbsp;Audigy from a systray icon.&nbsp; Also allows you to launch the Taskbar via right-click -&gt; Show Taskbar. The tasktray can be accessed via Start -&gt; Programs -&gt; Creative -&gt; Sound Blaster Audigy -&gt; Taskbar
Source=Paul Collins Startup list

[Tasmgr]
Number=10968
Confirmed=X
Filename=Taskmgr.bat
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061716-0240-99" target=_blank>YPSAN.G</a> WORM!
Source=Paul Collins Startup list

[tat]
Number=10969
Confirmed=X
Filename=tatss.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-050515-5939-99" target="_blank">Delfin Promulgate</a> adware variant
Source=Paul Collins Startup list

[Tau monitor]
Number=10970
Confirmed=Y
Filename=Taumon.exe
Description="<a href="http://www.agnitum.com/products/tauscan/download.php" target="_blank">Tauscan</a> is a powerful Trojan Horse detection and removal engine capable of catching every known type of backdoor that can threaten your system"
Source=Paul Collins Startup list

[TAudEffect]
Number=10971
Confirmed=?
Filename=TAudEff.exe
Description=TOSHIBA Notebook related. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[TB2PROEXE]
Number=10972
Confirmed=U
Filename=tb2start.exe
Description=<a href="http://www.netopia.com/software/products/tb2/" target="_blank">Timbuktu Pro</a> - remote desktop access software
Source=Paul Collins Startup list

[TBC Pro]
Number=10973
Confirmed=U
Filename=tbcpro.exe
Description=<a href="http://www.wfcravener.com/tbcpro.html" target="_blank">TitleBarClock Pro</a> - displays Day, Time, Date, Month, Year, FreeMem, and FreeDriveSpace on the right side of the title bar in any main window that has the mouse or keyboard focus
Source=Paul Collins Startup list

[TBC.exe]
Number=10974
Confirmed=U
Filename=TBC.exe
Description=<a href="http://www.wfcravener.com/tbcpro.html" target=_blank>TitleBarClock</a> software
Source=Paul Collins Startup list

[tbctray]
Number=10975
Confirmed=N
Filename=tbctray.exe
Description=Provides quick access via a System Tray icon to the control panel for Turtle Beach's Santa Cruz or VideoLogic's SonicFury soundcards. Available via Start -&gt; Settings -&gt; Control Panel
Source=Paul Collins Startup list

[TBLFUNC]
Number=10976
Confirmed=Y
Filename=tblmouse.exe
Description=Aiptek <a href="http://www.aiptek.de/index.php?lan=2&mapid=32&katid1=10" target="_blank">HyperPen</a> graphics tablet driver
Source=Paul Collins Startup list

[tbon]
Number=10977
Confirmed=X
Filename=tbon.exe
Description=<a href="http://vil.nai.com/vil/content/v_136251.htm" target=_blank>BestOffers</a> adware
Source=Paul Collins Startup list

[TBPanel]
Number=10978
Confirmed=U
Filename=TBPanel.exe
Description=Configuration utility for Gainward graphics cards. Not required unless you use non-default settings. Available via Start -&gt; Settings -&gt; Control Panel
Source=Paul Collins Startup list

[TBPS]
Number=10979
Confirmed=X
Filename=TBPS.exe
Description=WebSearch Toolbar - <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453072528" target=_blank>HuntBar</a> hijacker, toolbar installer variant

Source=Paul Collins Startup list

[TBTray]
Number=10980
Confirmed=N
Filename=tbtray.exe
Description=VLSI/QSound ThunderBird PCI Control Panel. System Tray access to the settings for this and related soundcards. Available via Start -&gt; Settings -&gt; Control Panel
Source=Paul Collins Startup list

[TB_setup]
Number=10981
Confirmed=?
Filename=TB_ANI~1.EXE
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[TB_setup]
Number=10982
Confirmed=X
Filename=tb_setup.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453072528" target=_blank>HuntBar</a> hijacker, toolbar installer

Source=Paul Collins Startup list

[tcactive]
Number=10983
Confirmed=Y
Filename=tca.exe
Description=Part of <a href="http://www.moosoft.com/thecleaner/" target="_blank">The Cleaner</a> from MooSoft - stops virus trojans before they can do any damage
Source=Paul Collins Startup list

[TCASUTIEXE]
Number=10984
Confirmed=N
Filename=tcaudiag.exe
Description=3Com NIC Installation/Diagnostic MFC application. Diagnostics may be run from the Start -> Programs
Source=Paul Collins Startup list

[TCASUTIEXE]
Number=10985
Confirmed=N
Filename=TCASUTI.exe
Description=Associated with the 3COM diagnostic module (3COM NIC Doctor). No further information is available
Source=Paul Collins Startup list

[TCAUDIAG -off]
Number=10986
Confirmed=N
Filename=tcaudiag.exe
Description=3Com NIC Installation/Diagnostic MFC application. Diagnostics may be run from the Start -> Programs
Source=Paul Collins Startup list

[TCDPbtn]
Number=10987
Confirmed=?
Filename=TCDPbtn.exe
Description=<font color="#FF0000">Found on a Toshiba laptop</font>
Source=Paul Collins Startup list

[TCDPlay]
Number=10988
Confirmed=?
Filename=TCDPlay.drv
Description=<font color="#FF0000">Found on a Toshiba laptop - sounds like the driver for the CD-ROM but why doesn't it use the standard Windows drivers - any comments?</font>
Source=Paul Collins Startup list

[TClock]
Number=10989
Confirmed=U
Filename=TCLOCK.EXE
Description=Kazubon TClock. Utility that amongst other things synchronizes your system clock with Internet time servers. Available via Start -> Programs
Source=Paul Collins Startup list

[TClock.exe]
Number=10990
Confirmed=X
Filename=tclock_install.exe
Description=<a href="http://www.superadblocker.com/definition/tclock_install/" target="_blank">TClock</a> - distributed and installed without user permission by other rogue software or malware. TClock contains no uninstall facility through Windows. As TClock is of dubious origin and usefulness, it should be terminated and removed if detected
Source=Paul Collins Startup list

[TClockEx]
Number=10991
Confirmed=U
Filename=TCLOCKEX.EXE
Description=Puts a configurable time/date display in the tray (and other features). Freeware by <a href="http://www.rcis.co.za/dale/tclockex/index.htm" target="_blank">Dale Nurden</a> and is popular on cover disks
Source=Paul Collins Startup list

[tcmonitor]
Number=10992
Confirmed=U
Filename=tcm.exe
Description=Part of <a href="http://www.moosoft.com/thecleaner/" target="_blank">The Cleaner</a> from MooSoft - warns of changes to the registry
Source=Paul Collins Startup list

[TCOYFReminder]
Number=10993
Confirmed=U
Filename=tcoyftray.exe
Description=<a href="http://www.myparentime.com/features/tcoyfscreenshots.shtml" target=_blank>My ParenTime</a> Fertility Planner Reminder. The calendar provides a quick overview of the status of your fertility
Source=Paul Collins Startup list

[Tcp Application Manager]
Number=10994
Confirmed=X
Filename=localsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Tcp Application Manager]
Number=10995
Confirmed=X
Filename=netsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Tcp Application Manager]
Number=10996
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Tcp Application Manager]
Number=10997
Confirmed=X
Filename=svcadmin.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Tcp Application Manager]
Number=10998
Confirmed=X
Filename=svcman.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Tcp Application Manager]
Number=10999
Confirmed=X
Filename=svcrun.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Tcp Application Manager]
Number=11000
Confirmed=X
Filename=tcpsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Tcp Application Manager]
Number=11001
Confirmed=X
Filename=websvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[tcp checker]
Number=11002
Confirmed=X
Filename=tcpcheck.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbbota.html" target=_blank>VBBOT-A</a> TROJAN!
Source=Paul Collins Startup list

[TCP Internet Services]
Number=11003
Confirmed=X
Filename=TCPSVC32.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SPYBOT.X" target="_blank">SPYBOT.X</a> TROJAN!
Source=Paul Collins Startup list

[TCP Monitoring]
Number=11004
Confirmed=X
Filename=LanNSvc.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042218-4731-99" target="_blank">RANDEX.AAS</a> WORM!
Source=Paul Collins Startup list

[tcpipmon]
Number=11005
Confirmed=X
Filename=tcpipmon.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojclickeref.html" target="_blank">CLICKER-EF</a> TROJAN!
Source=Paul Collins Startup list

[tcpippui]
Number=11006
Confirmed=X
Filename=tcpippui.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaps.html" target=_blank>RBOT-APS</a> WORM!
Source=Paul Collins Startup list

[tcpippui32]
Number=11007
Confirmed=X
Filename=tcpippui32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotart.html" target=_blank>RBOT-ART</a> WORM!
Source=Paul Collins Startup list

[TCPServer]
Number=11008
Confirmed=X
Filename=TCPServer.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[TCPXP Update]
Number=11009
Confirmed=X
Filename=tcpxp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotul.html" target=_blank>RBOT-UL</a> WORM!
Source=Paul Collins Startup list

[TCtryIOHook]
Number=11010
Confirmed=?
Filename=TCtrlIOHook.exe
Description=Toshiba laptop related. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[tcupdater]
Number=11011
Confirmed=X
Filename=tcupdater.exe
Description=Topconverting.com/180Search adware updater

Source=Paul Collins Startup list

[TDispVol]
Number=11012
Confirmed=U
Filename=TDispVol.exe
Description=Used on Toshiba computers to make the Fn key have control over the volume on/off
Source=Paul Collins Startup list

[TDKSTART]
Number=11013
Confirmed=U
Filename=TDKSTART.EXE
Description=Sets the spindown timeout and access speeds at startup and displays a splash screen for CD-RW.
Source=Paul Collins Startup list

[TDKTASK]
Number=11014
Confirmed=N
Filename=TDKTASK.EXE
Description=Taskbar utility for a &quot;control panel&quot; for a CD-RW
Source=Paul Collins Startup list

[TDockNUndock]
Number=11015
Confirmed=?
Filename=N/A
Description=<font color="#FF0000">Found on a Toshiba laptop - for use with a docking station?</font>
Source=Paul Collins Startup list

[TDS3]
Number=11016
Confirmed=U
Filename=TDS-3.exe
Description=<a href="http://www.diamondcs.com.au/" target="_blank">DiamondCS</a> TDS-3 antitrojan. Can be used to scan on demand, but required in startup if you prefer real time protection
Source=Paul Collins Startup list

[TDspOff]
Number=11017
Confirmed=?
Filename=Tdspoff.exe
Description=<font color="#FF0000">Found on a Toshiba laptop</font>
Source=Paul Collins Startup list

[Teach In Box]
Number=11018
Confirmed=N
Filename=teachbox.exe
Description=Tutoring program that comes with a SystemAX Computer
Source=Paul Collins Startup list

[Tech-In-A-Box]
Number=11019
Confirmed=Y
Filename=techbox.exe
Description=<a href="http://tools.supportforyourpc.com/tiab.html" target="_parent">Tech-in-a-Box</a> "provides easy-to-use tools for various system maintenance tasks. From backup and restore to diagnostics and repairs, Tech-in-a-Box is your tool to stay up and running"
Source=Paul Collins Startup list

[Telechips,Mass]
Number=11020
Confirmed=U
Filename=patch.exe
Description=Removable disk driver for the <a href="http://www.muro.co.kr/english/" target=_blank>Muro</a> MP3 player
Source=Paul Collins Startup list

[Telemeter 3.0]
Number=11021
Confirmed=N
Filename=telemeter3.exe
Description=Internet connection bandwidth meter from a user ISP
Source=Paul Collins Startup list

[Telepath]
Number=11022
Confirmed=Y
Filename=telepath.exe
Description=Drivers for the WinModem versions of the US Robotics "Telepath" series - as supplied to Gateway for instance. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See <a href="http://modemsite.com/56k/winmodems.asp" target="_blank">here</a> for more WinModem information
Source=Paul Collins Startup list

[Telnet]
Number=11023
Confirmed=X
Filename=Telnet.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32voumita.html" target=_blank>VOUMIT-A</a> WORM! Note - this is not the legitimate telnet.exe application which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "mirc32" folder
Source=Paul Collins Startup list

[Telnet24]
Number=11024
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotard.html" target=_blank>RBOT-ARD</a> WORM!
Source=Paul Collins Startup list

[TELUS Security service]
Number=11025
Confirmed=Y
Filename=freedom.exe
Description=<a href="http://www.freedom.net/" target="_blank">Freedom</a> Internet Security & Privacy - anti-virus, personal firewall and parental control. It also blocks ads, safeguards your personal information, encrypts your passwords, and much more. No longer available for sale
Source=Paul Collins Startup list

[TempCom]
Number=11026
Confirmed=X
Filename=[randomname].com
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042617-1508-99" target="_blank">TRAXG</a> WORM!
Source=Paul Collins Startup list

[tempx]
Number=11027
Confirmed=X
Filename=tempx.exe
Description=Added by the TEMPEX.A TROJAN!

Source=Paul Collins Startup list

[Tencent QQ]
Number=11028
Confirmed=X
Filename=Rund1132.exe qq.dll, Rundll32
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-021212-0258-99" target="_blank">QQPASS.F</a> TROJAN!
Source=Paul Collins Startup list

[Terminal Services]
Number=11029
Confirmed=X
Filename=mstscc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotczw.html" target="_blank">SDBOT-CZW</a> WORM!
Source=Paul Collins Startup list

[Terminal Update]
Number=11030
Confirmed=X
Filename=biosefui.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojppdooro.html" target=_blank>PPDOOR-O</a> TROJAN!
Source=Paul Collins Startup list

[Terminate Popup]
Number=11031
Confirmed=X
Filename=ZPU.exe
Description=<a target="_blank" href="http://www.free-popup-killer.com/">Free Popup Killer</a> - foistware proven to install the Regsvc32 homepage hijacker. Also see <a target="_blank" href="http://www.spywareinfo.com/yabbse/index.php?board=21;action=display;threadid=2411">here</a>
Source=Paul Collins Startup list

[Terminate Popup]
Number=11032
Confirmed=X
Filename=FPUK.exe
Description=<a target="_blank" href="http://www.free-popup-killer.com/">Free Popup Killer</a> - foistware proven to install the Regsvc32 homepage hijacker. Also see <a target="_blank" href="http://www.spywareinfo.com/yabbse/index.php?board=21;action=display;threadid=2411">here</a>
Source=Paul Collins Startup list

[TEscKey]
Number=11033
Confirmed=U
Filename=TEscKey.exe
Description=Toshiba Escape Key handler. Enables you to program and use the &lt;FN>&lt;Esc> key combination to perform a specific function
Source=Paul Collins Startup list

[Tesco.net]
Number=11034
Confirmed=N
Filename=rundll32 [path] RyDial.dll, QuickStart
Description=<a href="https://register.tesco.net/online/" target="_blank">Tesco.net</a> dial-up ISP software - not required
Source=Paul Collins Startup list

[Tesla]
Number=11035
Confirmed=?
Filename=TESLA.EXE
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[test]
Number=11036
Confirmed=X
Filename=i love you.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsingut.html" target=_blank>SINGU-T</a> TROJAN!
Source=Paul Collins Startup list

[Testing 123]
Number=11037
Confirmed=X
Filename=msdata.dat
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-101416-1539-99" target=_blank>NITS.A</a> WORM!
Source=Paul Collins Startup list

[testit.exe]
Number=11038
Confirmed=X
Filename=testit.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091913-2632-99" target="_blank">ISTBar</a> adware

Source=Paul Collins Startup list

[TExBUtil Registry]
Number=11039
Confirmed=?
Filename=TExBUtil.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[TextAloud]
Number=11040
Confirmed=N
Filename=TextAloudMP3.exe
Description=<a href="http://www.nextuptech.com/TextAloud/index.html" target="_blank">TextAloud MP3</a> - convert text into spoken words and MP3s
Source=Paul Collins Startup list

[Textbridge Instant Access OCR]
Number=11041
Confirmed=N
Filename=telepath.exe
Description=<a href="http://www.nuance.com/textbridge/" target="_blank">TextBridge</a> from Nuance (was Scansoft). OCR (optical character recognition) software for scanning documents into popular editing applications. Available via Start -> Programs
Source=Paul Collins Startup list

[TEXTCONV]
Number=11042
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081700-2526-99" target="_blank">NEVEG.B</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081614-3605-99" target="_blank">NEVEG.C</a> WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[TEXTCONV]
Number=11043
Confirmed=X
Filename=winlogon.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081623-4258-99" target="_blank">NEVEG.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[TFncKy]
Number=11044
Confirmed=U
Filename=TFncky.exe
Description=Deals with the &lt;Fn&gt; - &lt;Function&gt; key combinations on a Toshiba laptop
Source=Paul Collins Startup list

[TFNF5]
Number=11045
Confirmed=U
Filename=TFNF5.exe
Description=Toshiba Hotkey Utility for Display Devices. By pressing &lt;FN> + &lt;F5>, a window appears showing the displays that can be chosen – LCD, LCD + CRT, CRT, TV
Source=Paul Collins Startup list

[tfswctrl]
Number=11046
Confirmed=Y
Filename=tfswctrl.exe
Description=Drive letter access to a UDF packet writer for CD-RW - from HP, Veritas an others. Similar to Roxio's DirectCD and does the same thing. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"
Source=Paul Collins Startup list

[TFTP***]
Number=11047
Confirmed=X
Filename=tftp***
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM! where *** can be any number
Source=Paul Collins Startup list

[TFunckey]
Number=11048
Confirmed=U
Filename=TFuncKey.exe
Description=Deals with the &lt;Fn&gt; - &lt;Function&gt; key combinations on a Toshiba laptop
Source=Paul Collins Startup list

[TgAddServer]
Number=11049
Confirmed=N
Filename=tgfix.exe
Description=Software from <a href="http://www.support.com/" target="_blank">SupportSoft</a> (aka Support.com) provided to manufacturers (such as Sony (Vaio Support Agent) and Toshiba (<a href="http://virtualtech.answerteam.com/home/default.asp" target="_blank">Virtual Tech</a>)) and ISPs (such as Comcast, Cox and Charter (Pipeline Support Agent)) that allows them to offer on-line support - to update drivers, fix faults, etc. Can cause a deterioration in a PC's peformance (see <a href="http://www.interesting-people.org/archives/interesting-people/200202/msg00164.html" target="_blank">here</a>). This part does the protection and "self-healing". Uninstallation is recommended by most people - especially for System Restore users (WinME/XP). If not available via Add/Remove try <a href="http://www.practicallynetworked.com/support/sticky_proxy.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[tgbcde]
Number=11050
Confirmed=X
Filename=module32.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=40098" target=_blank>REIGN.R</a> TROJAN!

Source=Paul Collins Startup list

[Tgcmd]
Number=11051
Confirmed=U
Filename=tgcmd.exe
Description=See also TgAddServer. This part ensures the software is installed correctly (similar to an installation wizard) as reported by <a href="http://www.cox.com/policy/#pp_1" target="_blank">Cox</a> Regarded as spyware by <a href="http://www.answersthatwork.com/Tasklist_pages/tasklist_t.htm" target="_blank">some</a> as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation
Source=Paul Collins Startup list

[tgcmdprovidersbc]
Number=11052
Confirmed=U
Filename=tgcmd.exe
Description=See also TgAddServer. This part ensures the software is installed correctly (similar to an installation wizard) as reported by <a href="http://www.cox.com/policy/#pp_1" target="_blank">Cox</a> Regarded as spyware by <a href="http://www.answersthatwork.com/Tasklist_pages/tasklist_t.htm" target="_blank">some</a> as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation
Source=Paul Collins Startup list

[TGCMG]
Number=11053
Confirmed=N
Filename=??
Description=Related to Rogers@Home, causes errors in WinSock32.dll. Not required for connection to work
Source=Paul Collins Startup list

[TGDC IE Plugin]
Number=11054
Confirmed=X
Filename=tgdc.exe
Description=ShopForGood spyware - see <a href="http://www.spywareguide.com/spydet_424_tgdc.html" target="_blank">here</a>
Source=Paul Collins Startup list

[tgkill]
Number=11055
Confirmed=X
Filename=tgkill.exe
Description=Comcast (the cable folks who are replacing @home in some parts of the USA) have struck a deal with Tioga to provide an &quot;enhanced&quot; support and self-repairing tool. This is &quot;beta&quot; at present and was made available to download by mistake at present. Remove via Start -&gt; Settings -&gt; Add/Remove Programs
Source=Paul Collins Startup list

[Tgsetsite]
Number=11056
Confirmed=U
Filename=tgfix.exe
Description=See also TgAddServer. This part ensures the software is installed correctly (similar to an installation wizard) as reported by <a href="http://www.cox.com/policy/#pp_1" target="_blank">Cox</a> Regarded as spyware by <a href="http://www.answersthatwork.com/Tasklist_pages/tasklist_t.htm" target="_blank">some</a> as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation
Source=Paul Collins Startup list

[Thdetrf]
Number=11057
Confirmed=N
Filename=thdetr32.exe
Description=<font color="#FF0000">Appears to be related to Lycos advertising</font>
Source=Paul Collins Startup list

[ThE]
Number=11058
Confirmed=X
Filename=wind0s.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[The Easy Bee's Hive]
Number=11059
Confirmed=U
Filename=ATCEgSvr.exe
Description=The Easy Bee is a software that allows you to record Internet navigation sequences, which can include form filling and button clicking and to attach a replay schedule to each sequence
Source=Paul Collins Startup list

[The Ethernet]
Number=11060
Confirmed=X
Filename=ethernet.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[The Intranet]
Number=11061
Confirmed=X
Filename=intranet.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[TheMainStart]
Number=11062
Confirmed=?
Filename=N/A
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[TheMonitor]
Number=11063
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadrlo.html" target=_blank>DLOADR-LO</a> TROJAN!
Source=Paul Collins Startup list

[TheMonitor]
Number=11064
Confirmed=X
Filename=Duce6.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453097585" target="_blank">YourEnhancement</a> downloader
Source=Paul Collins Startup list

[THGuard]
Number=11065
Confirmed=U
Filename=TH_Guard.exe
Description=Resident memory scanning for <a href="http://www.mischel.dhs.org/trojanhunter.jsp" target="_blank">TrojanHunter</a>
Source=Paul Collins Startup list

[THGuard]
Number=11066
Confirmed=U
Filename=THGuard.exe
Description=Resident memory scanning for <a href="http://www.mischel.dhs.org/trojanhunter.jsp" target=_blank>TrojanHunter</a>
Source=Paul Collins Startup list

[Think-Adz]
Number=11067
Confirmed=X
Filename=[random filename].exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094810" target="_blank">ZenoSearch</a> adware
Source=Paul Collins Startup list

[This is a virus, please delete it]
Number=11068
Confirmed=X
Filename=bigbadvirus.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081412-2646-99" target="_blank">RANDEX.F</a> WORM!
Source=Paul Collins Startup list

[THOTKEY]
Number=11069
Confirmed=U
Filename=THotkey.exe
Description=Associated with the Fn+ keys on Toshiba laptops. When disabled some keys still worked, like the one that regulates the volume of the system beep, but others didn't, like the one that immediately blackens your screen
Source=Paul Collins Startup list

[ThpSrv]
Number=11070
Confirmed=Y
Filename=thpsrv.exe
Description=Toshiba Hard Drive Protection Utility - moves the Hard Drive head to a safe position in case of shock or vibration to reduce the risk of damage that could be caused by head-to-disk contact

Source=Paul Collins Startup list

[Threaded]
Number=11071
Confirmed=X
Filename=intcp32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042216-3909-99" target="_blank">RANDEX.UG</a> WORM!
Source=Paul Collins Startup list

[ThrustTSR]
Number=11072
Confirmed=U
Filename=TMTMTSR.exe
Description=<a href="http://www.thrustmaster.com/Default.aspx" target="_blank">Thrustmaster</a> Thrustmapper - "t-mapper - icon sits on your taskbar and automatically detects when the joystick is plugged in and configures it accordingly"
Source=Paul Collins Startup list

[Thumbs Plus *.*]
Number=11073
Confirmed=X
Filename=thmbplus**.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotaaf.html" target=_blank>AGOBOT-AAF</a> WORM! ** is a combination of a random digits and characters
Source=Paul Collins Startup list

[TI WLAN]
Number=11074
Confirmed=U
Filename=TIWLANCu.exe
Description=<a href="http://www.ti.com" target=_blank>Texas Instruments</a> TI wireless LAN products
Source=Paul Collins Startup list

[tibs3]
Number=11075
Confirmed=X
Filename=tibs3.exe
Description=Premium rate adult content dialler - see <a href="http://www.sophos.com/virusinfo/analyses/trojhidediald.html" target= blank>here</a>
Source=Paul Collins Startup list

[tibs5]
Number=11076
Confirmed=X
Filename=tibs5.exe
Description=Premium rate adult content dialer - see <a href="http://www.trendmicro.com/vinfo/grayware/ve_GraywareDetails.asp?GNAME=DIAL%5FTIBSBRW%2EA" target="_blank">here</a>
Source=Paul Collins Startup list

[Tiger]
Number=11077
Confirmed=X
Filename=Shine.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-090919-4618-99" target="_blank">HAPPYLOW</a> (or <a href="http://www.sophos.com/virusinfo/analyses/w32nishea.html" target="_blank">NISHE-A</a>) VIRUS!
Source=Paul Collins Startup list

[TiKL]
Number=11078
Confirmed=U
Filename=tikl.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-122011-1003-99" target=blank>TinyKeylogger</a> keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[Tilerun]
Number=11079
Confirmed=X
Filename=Tilecom32.com
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Time Manager]
Number=11080
Confirmed=X
Filename=TimeManager.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobbv.html" target=_blank>MYTOB-BV</a> WORM!
Source=Paul Collins Startup list

[Time Zone Synchronization]
Number=11081
Confirmed=X
Filename=wscript zshell.js
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojnetdexa.html" target="_blank">NETDEX-A</a> TROJAN!
Source=Paul Collins Startup list

[TimeCalendar]
Number=11082
Confirmed=U
Filename=tc.exe
Description=<a href="http://www.timecalendar.com/" target="_blank">TimeCalendar</a> digital planner
Source=Paul Collins Startup list

[Timed Backups Manager Startup]
Number=11083
Confirmed=N
Filename=BACKTIME.EXE
Description=<a href="http://www.backupplus.net/" target="_blank">Backup Plus</a> - backup software
Source=Paul Collins Startup list

[TimeLeft]
Number=11084
Confirmed=U
Filename=TimeLeft.exe
Description=<a href="http://www.nestersoft.com/timeleft/index.shtml" target=_blank>TimeLeft</a> is a countdown, reminder, clock, alarm clock, stopwatch, timer, sticker and time synchronization utility which uses Winamp skins to show digits and text
Source=Paul Collins Startup list

[Timemanager.exe]
Number=11085
Confirmed=U
Filename=Timemanager.exe
Description=<a href="http://www.systemsoptima.com/timemanager.shtml" target=_blank>Time Manager</a> will let you track billable and non-billable time by customer, by category and by associate and then integrate directly to our custom billing package
Source=Paul Collins Startup list

[TimeOnline]
Number=11086
Confirmed=N
Filename=TIMEONLINE.EXE
Description=Lightman Groups's TimeOnline monitor. For dial-up users to monitor time spent on the net. Available via Start -> Programs
Source=Paul Collins Startup list

[TIMER]
Number=11087
Confirmed=X
Filename=TIMER.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032512-0633-99" target="_blank">TIMESE.AG</a> WORM!
Source=Paul Collins Startup list

[Timer]
Number=11088
Confirmed=X
Filename=comm.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorip.html" target=_blank>IP</a> TROJAN!
Source=Paul Collins Startup list

[Timer]
Number=11089
Confirmed=X
Filename=timed.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorlv.html" target=_blank>LV</a> TROJAN!
Source=Paul Collins Startup list

[Timer]
Number=11090
Confirmed=X
Filename=msncomm.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=3&VName=BKDR_WEBDOR.AK" target="_blank">WEBDOR.AK</a> TROJAN!
Source=Paul Collins Startup list

[TimeService]
Number=11091
Confirmed=X
Filename=trun.exe
Description=<a href="http://www.sophos.com/virusinfo/analyses/dialtlflica.html" target=_blank>TlfLic-A</a> premium rate adult content dialler

Source=Paul Collins Startup list

[TimeSink Add Client]
Number=11092
Confirmed=X
Filename=TSADBOT.EXE
Description=Advertising spyware
Source=Paul Collins Startup list

[timessquare]
Number=11093
Confirmed=X
Filename=timessquare.exe
Description=Reported as Trojan.Win32.StartPage.aw by Kaspersky Anti-Virus
Source=Paul Collins Startup list

[timestamp]
Number=11094
Confirmed=X
Filename=timeapr32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentdru.html" target="_blank">AGENT-DRU</a> TROJAN!
Source=Paul Collins Startup list

[TimeSyncApp]
Number=11095
Confirmed=X
Filename=TimeSynchronize.exe
Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.dealhelper.html" target=_blank>DealHelper</a> adware

Source=Paul Collins Startup list

[TimeUp]
Number=11096
Confirmed=N
Filename=Timeup.exe
Description=<a target="_blank" href="http://www.timeupsoft.com/English/timeup/index.htm">TimeUp</a> - internet online timer
Source=Paul Collins Startup list

[Timezone]
Number=11097
Confirmed=U
Filename=TimeZone.exe
Description=Microsoft Daylight Saving Time Update Utility - see <a href="http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/timezone.asp" target=_blank>here</a>
Source=Paul Collins Startup list

[TimounterMonitor]
Number=11098
Confirmed=U
Filename=TimounterMonitor.exe
Description=Part of <a href="http://www.acronis.com/homecomputing/products/trueimage/" target="_blank">Acronis True Image</a> backup software. Monitor for the backup archive explorer for moving and viewing files within an archive
Source=Paul Collins Startup list

[TINTSETP]
Number=11099
Confirmed=N
Filename=TINTSETP.EXE
Description=Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word
Source=Paul Collins Startup list

[Tiny AV]
Number=11100
Confirmed=X
Filename=fooding.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-030717-4718-99" target="_blank">NETSKY.I</a> WORM!
Source=Paul Collins Startup list

[Tiny Personal Firewall]
Number=11101
Confirmed=Y
Filename=persfw.exe
Description=<a href="http://www.tinysoftware.com/home/tiny2?la=EN" target="_blank">Tiny Personal Firewall</a>
Source=Paul Collins Startup list

[tinySpell]
Number=11102
Confirmed=U
Filename=tinyspell.exe
Description=<a href="http://www.megspace.com/computers/tinyspell/" target="_blank">Tinyspell</a> - "allows you to easily and quickly check the spelling of words in any Windows application. Monitors your typing on the fly, alerts you whenever it detects a misspelled word, and checks the spelling of every word you copy to the clipboard"
Source=Paul Collins Startup list

[TiomanExe]
Number=11103
Confirmed=U
Filename=Tioman.Exe
Description=Agate Tioman - warm and hot swap removable bay device manager for IBM laptops
Source=Paul Collins Startup list

[Tips]
Number=11104
Confirmed=N
Filename=mousetips.exe
Description=Suggests tips on using your mouse
Source=Paul Collins Startup list

[TiTleBarClock]
Number=11105
Confirmed=U
Filename=TiTleBarClock.exe
Description=<a href="http://www.wfcravener.com/TBC.html" target="_blank">TitleBarClock</a> displays the day/month/time and free physical RAM on the right hand side of an open window, replacing the system tray clock at startup
Source=Paul Collins Startup list

[TitleTime]
Number=11106
Confirmed=U
Filename=TiTime.exe
Description="<a href="http://www.jumaros.de/rsoft/index.html" target=_blank>TitleTime</a> adds the current date and/or time to the Caption of the currently active application window. Additional options are a second clock (with a different time), week number, GMT/UTC time, Swatch Internet Time and Sounds at each full, half or quarter hour"

Source=Paul Collins Startup list

[Tivoli]
Number=11107
Confirmed=N
Filename=LCFEP.EXE
Description=Tivoli 'TME' System Tray icon - "'lcfep' is the program that displays statistics about the Endpoint. Apparently stopping/removing this process has no impact on the Endpoint itself which will continue to function normally"
Source=Paul Collins Startup list

[TivoNotify]
Number=11108
Confirmed=X
Filename=TiVoNotify.exe
Description=Part of <a href="http://www.tivo.com/4.9.4.1-2_win.asp" target="_blank">Tivo Desktop</a>. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[TivoServer]
Number=11109
Confirmed=U
Filename=TiVoServer.exe
Description=<a href="http://www.tivo.com/" target=_blank>Tivo Server</a> - installed with the TiVo Home Media Option. It streams audio files to your television/home theater from your PC

Source=Paul Collins Startup list

[TivoTransfer]
Number=11110
Confirmed=U
Filename=TivoTransfer.exe
Description=<a href="http://www.tivo.com/" target=_blank>Tivo Transfer</a> Service. TiVo Desktop is an easy-to-use application that lets you publish and share digital music, photos and TiVo recordings between your networked TiVo Series2 DVR and your computer

Source=Paul Collins Startup list

[TIxDSL]
Number=11111
Confirmed=U
Filename=tidslmon.exe
Description=Actiontec DSL modem. Associated with High Speed AOL DSL. Used to get line sync with the Actiontec DSL USB Modem. Available via Start -> Programs
Source=Paul Collins Startup list

[TizzleTalk]
Number=11112
Confirmed=N
Filename=TizzleTalk.exe
Description=<a href="http://www.tizzletalk.com/" target=_blank>TizzeTalk</a> is a dialect translator for Yahoo, MSN, AOL Instant Messengers. Bundles adware, hence not recommended. From their <a href="http://www6.tizzletalk.com/license.php" target=_blank>EULA</a> : "As a result of installing the Company's Software, you will see occasional banner ads, pop-up or pop-under ads, or other types of ads selected based on your online activities .../... Occasionally, we may automatically or through other remote means, update, upgrade, patch or uninstall the Company's Software, including the Company's advertising-supported software, without further notice to you. These upgrades also may include installation of additional applications from the Company as well as third party applications"
Source=Paul Collins Startup list

[tjstartup]
Number=11113
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-010611-3727-99" target=_blank>TJSERV.C</a> TROJAN!
Source=Paul Collins Startup list

[TkBell.Exe]
Number=11114
Confirmed=N
Filename=evntsvc.exe
Description=Application Scheduler installed along with <a href="http://www.real.com/" target="_blank">RealOne Player</a>. Once installed, it runs independently of RealOne Player. See <a href="http://www.mikescomputerinfo.com/TkBellExe.htm" target="_blank">here</a> for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK

Source=Paul Collins Startup list

[TkBell.Exe]
Number=11115
Confirmed=N
Filename=realsched.exe
Description=Application Scheduler installed along with <a href="http://www.real.com/" target="_blank">RealOne Player</a>. Once installed, it runs independently of RealOne Player. See <a href="http://www.mikescomputerinfo.com/TkBellExe.htm" target="_blank">here</a> for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
Source=Paul Collins Startup list

[TkBell.Exe]
Number=11116
Confirmed=N
Filename=tkbell.exe
Description=Application Scheduler installed along with <a href="http://www.real.com/" target="_blank">RealOne Player</a>. Once installed, it runs independently of RealOne Player. See <a href="http://www.mikescomputerinfo.com/TkBellExe.htm" target="_blank">here</a> for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
Source=Paul Collins Startup list

[TkBellExe]
Number=11117
Confirmed=N
Filename=evntsvc.exe
Description=Application Scheduler installed along with <a href="http://www.real.com/" target="_blank">RealOne Player</a>. Once installed, it runs independently of RealOne Player. See <a href="http://www.mikescomputerinfo.com/TkBellExe.htm" target="_blank">here</a> for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
Source=Paul Collins Startup list

[TkBellExe]
Number=11118
Confirmed=N
Filename=realsched.exe
Description=Application Scheduler installed along with <a href="http://www.real.com/" target="_blank">RealOne Player</a>. Once installed, it runs independently of RealOne Player. See <a href="http://www.mikescomputerinfo.com/TkBellExe.htm" target="_blank">here</a> for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
Source=Paul Collins Startup list

[TkBellExe]
Number=11119
Confirmed=N
Filename=tkbell.exe
Description=Application Scheduler installed along with <a href="http://www.real.com/" target="_blank">RealOne Player</a>. Once installed, it runs independently of RealOne Player. See <a href="http://www.mikescomputerinfo.com/TkBellExe.htm" target="_blank">here</a> for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
Source=Paul Collins Startup list

[TkNetDriver Monitor]
Number=11120
Confirmed=X
Filename=lexbce.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotadf.html" target=_blank>SDBOT-ADF</a> WORM!
Source=Paul Collins Startup list

[tkonnect]
Number=11121
Confirmed=N
Filename=TKONNECT.EXE
Description=Dialer for the <a href="http://www.tiscali.co.uk/" target="_blank">Tiscali</a> internet service provider. Available as a desktop shortcut
Source=Paul Collins Startup list

[tlc]
Number=11122
Confirmed=X
Filename=update911.js
Description=Hijacker installer
Source=Paul Collins Startup list

[TlcR]
Number=11123
Confirmed=?
Filename=avp.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[tlntsvr]
Number=11124
Confirmed=U
Filename=tlntsvr.exe
Description=Microsoft program associated with <a href="http://www.webopedia.com/TERM/T/Telnet.html" target=_blank>Telnet</a>
Source=Paul Collins Startup list

[TLogonPath]
Number=11125
Confirmed=U
Filename=tb2logon.exe
Description=<a href="http://www.netopia.com/software/products/tb2/" target="_blank">Timbuktu Pro</a> - remote desktop access software
Source=Paul Collins Startup list

[TM Outbreak Agent]
Number=11126
Confirmed=U
Filename=TMOAgent.exe
Description=Trend Micro Internet Security anti-virus software virus outbreak warnings. Notifies users of virus outbreaks and offers to update the scanner
Source=Paul Collins Startup list

[TMA distribution]
Number=11127
Confirmed=U
Filename=cfinst.exe
Description=Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients
Source=Paul Collins Startup list

[tmax]
Number=11128
Confirmed=X
Filename=pupdate.exe
Description=Adware pop-up generator
Source=Paul Collins Startup list

[tmchook]
Number=11129
Confirmed=X
Filename=tmchook.exe
Description=Detected by Kaspersky as the TrojanDownloader.Win32.VB.aa VIRUS!
Source=Paul Collins Startup list

[TMEEJME]
Number=11130
Confirmed=?
Filename=TMEEJME.EXE
Description=<font color="#FF0000">Found in a ToshibaTME3 directory</font><font color="#FF0000">. Toshiba Mobile Extension related?</font>
Source=Paul Collins Startup list

[TMERzCtl]
Number=11131
Confirmed=?
Filename=TMERzCtl.EXE
Description=<font color="#FF0000">Found in a ToshibaTME3 directory</font><font color="#FF0000">. Toshiba Mobile Extension related?</font>
Source=Paul Collins Startup list

[TMESBS]
Number=11132
Confirmed=U
Filename=TMESBS21.exe
Description=Toshiba Mobile Extension Selectable Bay Service for WinXP - support for docking stations. Not required if you don't use a docking station
Source=Paul Collins Startup list

[TMESBS32]
Number=11133
Confirmed=?
Filename=TMESBS32.EXE
Description=<font color="#FF0000">Found in a ToshibaTME3 directory</font><font color="#FF0000">. Toshiba Mobile Extension related?</font>
Source=Paul Collins Startup list

[TMESRV31]
Number=11134
Confirmed=U
Filename=TMESRV31.EXE
Description=Toshiba utility related to inserting and removing a laptop from a docking station. Not required if you don't use a docking station
Source=Paul Collins Startup list

[TMExLogon]
Number=11135
Confirmed=U
Filename=TMESRV.EXE
Description=Toshiba utility related to inserting and removing a laptop from a docking station. Not required if you don't use a docking station
Source=Paul Collins Startup list

[Tmmkb]
Number=11136
Confirmed=?
Filename=Tmmkysvr.exe
Description=<font color="#FF0000">Toshiba multi-media keyboard software - possibly including creating keyboard shortcuts?</font>
Source=Paul Collins Startup list

[TmNetDriver Monitor]
Number=11137
Confirmed=X
Filename=exbce.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotabr.html" target=_blank>SDBOT-ABR</a> WORM!
Source=Paul Collins Startup list

[Tmntsrv32]
Number=11138
Confirmed=X
Filename=Tmntsrv32.exe
Description=Hijacker, detected by Norton antivirus as <a href="http://www.sarc.com/avcenter/venc/data/pf/trojan.startpage.o.html" target= blank>Trojan.StartPage.O</a>
Source=Paul Collins Startup list

[TMOUSE]
Number=11139
Confirmed=U
Filename=tmouse.exe
Description=Component of the Toshiba Mouse Control that allows users with an AccuPoint mouse to scroll MS-scroll-compatible documents by holding CTRL + ALT and moving the AccuPoint up or down. It also allows zooming by holding CTRL + SHIFT and moving the AccuPoint up or down. Disabling this item has no adverse effects, except disabling the scroll/zoom features of the AccuPoint
Source=Paul Collins Startup list

[tmproxy]
Number=11140
Confirmed=Y
Filename=tmproxy.exe
Description=Trend Micro <a href="http://www.trendmicro.com/en/products/desktop/pc-cillin/evaluate/overview.htm">PC-cillin 2003</a> antivirus software
Source=Paul Collins Startup list

[TMTMTSR]
Number=11141
Confirmed=U
Filename=TMTMTSR.exe
Description=<a href="http://www.thrustmaster.com/Default.aspx" target="_blank">Thrustmaster</a> Thrustmapper - "t-mapper - icon sits on your taskbar and automatically detects when the joystick is plugged in and configures it accordingly"
Source=Paul Collins Startup list

[TNTClk]
Number=11142
Confirmed=U
Filename=TNTCLK.exe
Description=Overclocking program for&nbsp;TNT, TNT2, and other graphics cards. This program can overclock the graphics card manually after startup when needed, especially before starting a gaming session. However, for simplicity, it can be left checked&nbsp;to let it&nbsp;run once at startup to automatically overclock the graphics card. In this case, it doesn't even run in the background after doing its job
Source=Paul Collins Startup list

[ToADiMon.exe]
Number=11143
Confirmed=U
Filename=ToADiMon.exe
Description=T-Online ISP software connection assistant
Source=Paul Collins Startup list

[Toggler]
Number=11144
Confirmed=U
Filename=toggler.exe
Description="<a href="http://members.execulink.com/~pjones/toggler/index.htm" target=_blank>Toggler</a> allows you to gain control over your Caps Lock, Num Lock, and Insert keys. It prevents you from writing in ALL CAPS when your finger has slipped to accidentally hit the Caps Lock key"

Source=Paul Collins Startup list

[Tok-Cirrhatus]
Number=11145
Confirmed=X
Filename=IDTemplate.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RONTOKBRO.A&VSect=P" target=_blank>RONTOKBRO.A</a> WORM!
Source=Paul Collins Startup list

[Tok-Cirrhatus]
Number=11146
Confirmed=X
Filename=smss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32brontoka.html" target=_blank>BRONTOK-A</a> WORM and variants! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the "Documents and Settings\[User]\Local Settings\Application Data\" folder
Source=Paul Collins Startup list

[Tok-Cirrhatus]
Number=11147
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32brontokf.html" target=_blank>BRONTOK-F</a> WORM!
Source=Paul Collins Startup list

[Tok-Cirrhatus-1959]
Number=11148
Confirmed=X
Filename=br4941on.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32brontokj.html" target=_blank>BRONTOK-J</a> WORM!
Source=Paul Collins Startup list

[Tok-Cirrhatus-1959sarc]
Number=11149
Confirmed=X
Filename=sv711224030r.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32brontokr.html" target=_blank>BRONTOK-R</a> WORM!
Source=Paul Collins Startup list

[Tok-Cirrhatus-2784]
Number=11150
Confirmed=X
Filename=br6591on.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32brontokl.html" target=_blank>BRONTOK-L</a> WORM!
Source=Paul Collins Startup list

[Tok-Cirrhatus-2784]
Number=11151
Confirmed=X
Filename=smss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32brontoks.html" target=_blank>BRONTOK-S</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the "Documents and Settings\[User]\Local Settings\Application Data\" folder
Source=Paul Collins Startup list

[Tok-Cirrhatus-[4 random digits]]
Number=11152
Confirmed=X
Filename=br[4 random digits]on.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32brontokm.html" target=_blank>BRONTOK-M</a> WORM!
Source=Paul Collins Startup list

[TomcatStartup]
Number=11153
Confirmed=?
Filename=hpbpsttp.exe
Description=Apache Tomcat web server, part of HP LaserJet "Printer Tools" software. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[TomcatStartup 2.5]
Number=11154
Confirmed=?
Filename=hpbpsttp.exe
Description=Apache Tomcat web server, part of HP LaserJet "Printer Tools" software. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[Tommorrow]
Number=11155
Confirmed=?
Filename=tomorrow.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[ToolBoxFX]
Number=11156
Confirmed=?
Filename=HPTLBXFX.exe
Description=<a href="http://h20271.www2.hp.com/SMB-AP/cache/380793-0-0-14-121.html?jumpid=reg_R1002_AUEN" target="_blank">HP ToolBoxFX</a> - "provides desktop configuration, status and support for every feature". Supplied with some HP multifunction printers
Source=Paul Collins Startup list

[ToP]
Number=11157
Confirmed=X
Filename=LSASS.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-012418-0655-99" target=_blank>WOWCRAFT.C</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[Top Tilecom]
Number=11158
Confirmed=X
Filename=Tilecomtop.com
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BXD" target="_blank">WORM_RBOT.BXD</a> WORM!
Source=Paul Collins Startup list

[ToPassSrv]
Number=11159
Confirmed=?
Filename=Pktopass.exe
Description=Related to Caere Pagekeeper scanning software (now taken over by Scansoft), Disabling is known to cause problems
Source=Paul Collins Startup list

[TopDesk]
Number=11160
Confirmed=U
Filename=TopDesk.exe
Description=TopDesk - puts an icon in your system tray that when clicked upon, opens a pop-up menu that gives instant access to all of your desktop programs without having to minimize, resize, move or close other programs or files
Source=Paul Collins Startup list

[Topic lnternet]
Number=11161
Confirmed=X
Filename=lnternet32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotglz.html" target="_blank">RBOT-GLZ</a> WORM!
Source=Paul Collins Startup list

[ToPicks Starter]
Number=11162
Confirmed=X
Filename=Idhost.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-070112-5753-99" target="_blank">TOPicks</a> adware
Source=Paul Collins Startup list

[topmoxie]
Number=11163
Confirmed=X
Filename=JavaRun.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453059998" target="_blank">TopMoxie</a> adware
Source=Paul Collins Startup list

[TopSearch]
Number=11164
Confirmed=X
Filename=TopSearch.exe
Description=<a href="http://www3.cai.com/securityadvisor/pest/pest.aspx?id=453074383" target=_blank>TopSearch</a> adware variant
Source=Paul Collins Startup list

[Tor]
Number=11165
Confirmed=N
Filename=tor.exe
Description=<a href="http://tor.eff.org/" target=blank>Tor</a> anonymous internet communication system. Shortcut available via Start -> Programs
Source=Paul Collins Startup list

[tor anonymous proxy]
Number=11166
Confirmed=X
Filename=tor32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotadr.html" target=_blank>SDBOT-ADR</a> WORM!
Source=Paul Collins Startup list

[Torjan Program]
Number=11167
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmirbo.html" target=_blank>LEGMIR-BO</a> TROJAN!
Source=Paul Collins Startup list

[Torjan Program]
Number=11168
Confirmed=X
Filename=smss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-102210-5758-99" target=_blank>WOWCRAFT.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[Torjan Program]
Number=11169
Confirmed=X
Filename=WINLOGON.EXE
Description=Added by the <a href="http://smallbiz.symantec.com/security_response/writeup.jsp?docid=2006-061911-0328-99=1" target="_blank">WOWCRAFT.D</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup! This trojan file is found in the Windows or Winnt folder
Source=Paul Collins Startup list

[TOSCDSPD]
Number=11170
Confirmed=N
Filename=toscdspd.exe
Description=Related to <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/toscdspd/" target=_blank>Toshiba laptop</a> CD/DVD drivers. This is a non-essential process. Disabling or enabling this is down to user preference

Source=Paul Collins Startup list

[TOSHIBA Accessibility]
Number=11171
Confirmed=U
Filename=FnKeyHook.exe
Description="Allows you to use the Fn key to create a hot key combination with one of the function keys without pressing the two keys simultaneously as is usually required. Using Accessibility lets you make the Fn key a sticky key, meaning you can press it once, release it, and then press a function key to activate the hot key function"
Source=Paul Collins Startup list

[Toshiba Fan]
Number=11172
Confirmed=Y
Filename=fan.exe
Description=Toshiba untilty to keep the fan on a laptop running if they fail to detect there is too much heat
Source=Paul Collins Startup list

[Toshiba Key State]
Number=11173
Confirmed=U
Filename=KEYSTATE.EXE
Description=Displays an icon in the System Tray indicating the state of the CAPS LOCK key. Can be handy on (e.g., Toshiba) laptops which do not have a Caps Lock indicator light. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[ToshibaPinger]
Number=11174
Confirmed=N
Filename=pinger.exe
Description=Pinger is the resident program for Toshiba Upgrades. Periodically checks to see if there are any software/driver upgrades for your particular computer model. If it finds any, it posts a notification. Disabling instructions <a href="http://www.spywareinfo.com/yabbse/index.php?board=18;action=display;threadid=2673" target="_blank">here</a>
Source=Paul Collins Startup list

[TOSHIBSU]
Number=11175
Confirmed=U
Filename=Toshibsu.exe
Description=Reduces the power consumption when the laptop isn't being used to preserve battery power. Hibernate function doesn't work if this is disabled. Similar programs on other laptops reduce the processor clock rate, etc. Required if you run off battery regularly
Source=Paul Collins Startup list

[TosHKCW]
Number=11176
Confirmed=U
Filename=TosHKCW.exe
Description=Toshiba Hot Key Change/Control Wireless. Permits you to use a hot key to activate/deactivate built-in 802.11b wireless transmission on a laptop (if installed)
Source=Paul Collins Startup list

[TosMem]
Number=11177
Confirmed=Y
Filename=tosmem.exe
Description=Toshiba laptop related. Win98/Me ACPI system can not hibernate or go on standby if all of the physical memory lower than 640KB is locked. This utility allocates and locks three pages on boot and then releases them on standby/hibernation for ACPI.SYS in order to solve the above problem
Source=Paul Collins Startup list

[TosRotation]
Number=11178
Confirmed=U
Filename=TRot.exe
Description=TOSHIBA Rotation Utility - allows users to rotate a notebook's screen image 180 degrees in order to share information on the screen with others seated across a table or desk
Source=Paul Collins Startup list

[TotRecSched]
Number=11179
Confirmed=U
Filename=TotRecSched.exe
Description=Scheduler for <a href="http://www.highcriteria.com/products.htm" target="_blank">Total Recorder</a> - allows automatic recording of a show at a given time for later playback or you can use the scheduler as an alarm
Source=Paul Collins Startup list

[ToUcamVProperty]
Number=11180
Confirmed=Y
Filename=VProperty.exe
Description=Philips Web Camera model name pcvc740k, ToUcam driver configuration tray icon
Source=Paul Collins Startup list

[Touch Manager]
Number=11181
Confirmed=U
Filename=WinLED.exe
Description=Dell keyboard utility. Disabling can result in loss of screen saver and power saver functionality
Source=Paul Collins Startup list

[TouchED]
Number=11182
Confirmed=U
Filename=TouchED.exe
Description=TouchPad On/Off Utility on a Toshiba laptop
Source=Paul Collins Startup list

[tour]
Number=11183
Confirmed=N
Filename=regedit ..tour.reg
Description=Edits registry values to keep the WinMe tour in Task Scheduler
Source=Paul Collins Startup list

[Tour]
Number=11184
Confirmed=N
Filename=wincool.exe
Description=Component of WinME that's annoying as hell. Pop's up a prompt to play the C:\WINDOWS\Application Data\Microsoft\INTROCONTENT.HTA that plays a full screen version of the WinME product preview Windows Media video file that cannot be stopped to my knowledge until it finishes. That prompt will keep popping up after an install/reinstall of WinME until you give in and watch the thing. It also puts a task scheduler entry to run that annoying thing every 30 minutes, and don't bother deleting that entry, Windows puts it right back. Not only should you disable it from running, you should delete the thing altogether, as it, somehow can re-enable itself. Apparently you can try setting the file to read only
Source=Paul Collins Startup list

[tourpath]
Number=11185
Confirmed=N
Filename=regedit /s [path] tour.reg
Description=Edits registry values to keep the Win 2000 "tour" in Task Scheduler
Source=Paul Collins Startup list

[TP4EX]
Number=11186
Confirmed=U
Filename=tp4ex.exe
Description=Adds accessibility options for an IBM TrackPoint
Source=Paul Collins Startup list

[tp4mon]
Number=11187
Confirmed=U
Filename=tp4mon.exe
Description=Supports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to work
Source=Paul Collins Startup list

[tp4serv]
Number=11188
Confirmed=U
Filename=tp4serv.exe
Description=Supports the &quot;pointer stick&quot; on Thinkpads in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the &quot;scroll&quot; button to work
Source=Paul Collins Startup list

[TP98TRAY]
Number=11189
Confirmed=?
Filename=TP98TRAY.EXE
Description=IBM Thinkpad related utility.<font color="#FF0000"> What does it do and is it required?</font>
Source=Paul Collins Startup list

[TP98UTIL]
Number=11190
Confirmed=N
Filename=TP98.EXE
Description=IBM Thinkpad feature setup &amp; configuration utility
Source=Paul Collins Startup list

[tpcupdater]
Number=11191
Confirmed=X
Filename=updatetc.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453090677" target="_blank">180Solutions</a> adware related
Source=Paul Collins Startup list

[TpHotKey]
Number=11192
Confirmed=U
Filename=TPHKMGR.EXE
Description=Activates "ThinkPad Help" when the "Thinkpad key" is pressed on an IBM ThinkPad laptop. Also activates the audio buttons (volume up/down, mute) on models such as the Thinkpad T30
Source=Paul Collins Startup list

[TPKBDLED]
Number=11193
Confirmed=U
Filename=TpScrLk.exe
Description=IBM Thinkpad utility for displaying the Scroll Lock status on the System Tray - for Thinkpad's that don't have a Scroll Lock LED

Source=Paul Collins Startup list

[TPKMAPHELPER]
Number=11194
Confirmed=U
Filename=TpKmapAp.exe
Description=IBM Thinkpad - Keyboard Customizer Utility. Allows the user to set keyboard shortcuts, emulate such features as Windows key on laptop, can be disabled from within program, is available from Programs > Access IBM. Not required
Source=Paul Collins Startup list

[TpKmapMn]
Number=11195
Confirmed=U
Filename=TpKmapMn.exe
Description=Create Keyboard combinations for special Thinkpad buttons when using an external keyboard, e.g. "Ctrl-arrow up" for "volume up". Only required when using an external keyboard. Available via Start -> Programs
Source=Paul Collins Startup list

[tpopservice]
Number=11196
Confirmed=U
Filename=tpopservice.exe
Description=DirecWay two-way satellite internet service enhanced POP proxy server for email
Source=Paul Collins Startup list

[TPP Auto Loader]
Number=11197
Confirmed=U
Filename=Tppaldr.exe
Description=Installed with <a href="http://www.datastor.com.tw/" target="_blank">DataStor's</a> (and some other manufacturers) USB 2.0 based external DVD, CD-ROM and CD-RW drives.&nbsp;System tray icon allowing the user to disconnect the external drive without an error message being displayed
Source=Paul Collins Startup list

[Tprtray]
Number=11198
Confirmed=U
Filename=Tprtray.exe
Description=Displays the Power icon in the System Tray on a Toshiba laptop
Source=Paul Collins Startup list

[TpScrLk]
Number=11199
Confirmed=U
Filename=TpScrLk.exe
Description=IBM Thinkpad utility for displaying the Scroll Lock status on the System Tray - for Thinkpad's that don't have a Scroll Lock LED
Source=Paul Collins Startup list

[TpShocks]
Number=11200
Confirmed=Y
Filename=TpShocks.exe
Description=Responsible for controlling the IBM Hard Drive Active Protection system found on newer models of IBM Thinkpads, including T41, T42, X40, R50, and R51. The Hard Drive Active Protection system is based on a technology similar to that used in automobiles to deploy airbags on contact: An accelorometer on the motherboard detects physical acceleration--such as when the notebook falls--and in response the system temporarily parks the hard drive's read/write head until stability returns
Source=Paul Collins Startup list

[TPSmain]
Number=11201
Confirmed=U
Filename=TPSMain.exe
Description=Toshiba Power Saver - associated with Toshiba laptops/desktops. Manages the power save function to make sure that the system goes to a power saver mode when not used
Source=Paul Collins Startup list

[TPSODDCtl]
Number=11202
Confirmed=Y
Filename=TPSODDCtl.exe
Description=Power saving software on Toshiba laptops
Source=Paul Collins Startup list

[TPTray]
Number=11203
Confirmed=N
Filename=TPTray.exe
Description=Touchpad configuration tray icon for Toshiba laptops. Available via Start -> Settings -> Control Panel
Source=Paul Collins Startup list

[TPTRAY]
Number=11204
Confirmed=?
Filename=TP98TRAY.EXE
Description=IBM Thinkpad related utility.<font color="#FF0000"> What does it do and is it required?</font>
Source=Paul Collins Startup list

[TPwrMain]
Number=11205
Confirmed=Y
Filename=TPwrMain.EXE
Description=Power management software for Toshiba laptops
Source=Paul Collins Startup list

[TPwrMgr]
Number=11206
Confirmed=?
Filename=TPwrMgr.exe
Description=Found on a Toshiba laptop.<font color="#FF0000"> Related to power management?</font>
Source=Paul Collins Startup list

[TPWRTRAY]
Number=11207
Confirmed=Y
Filename=Tpwrtray.exe
Description=Toshiba laptop's own Advanced Power Management system which disables Windows APM (greyed-out in Control Panel). You can't choose which of the 2 systems to use
Source=Paul Collins Startup list

[tqrecv]
Number=11208
Confirmed=U
Filename=tqrecv.exe
Description=Tellique satellite broadcast reception software
Source=Paul Collins Startup list

[Traceless]
Number=11209
Confirmed=N
Filename=launch.exe
Description=<a href="http://users.bigpond.com/pvantarakis/traceless/index.htm" target="_blank">Traceless 2003</a> - clear your cookies, temp directories and browser history with a click of a button. It also clears the recent documents and the IE drop down auto complete box
Source=Paul Collins Startup list

[Track4WinMonitor]
Number=11210
Confirmed=U
Filename=STMonitor.exe
Description=<a href="http://sarc.com/avcenter/venc/data/spyware.track4win.html" target="_blank">Track4Win</a> is a surveillance software program that takes screenshots and logs user activity such as URLs and currently running processes. It uploads the logs and screenshots to a preconfigured server. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list

[Tracker]
Number=11211
Confirmed=?
Filename=Tracker.exe
Description=<font color="#FF0000">Possibly associated with My Deluxe Invoices program</font>
Source=Paul Collins Startup list

[TrackpointSrv]
Number=11212
Confirmed=U
Filename=daemon.exe
Description=Supports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to work
Source=Paul Collins Startup list

[TrackpointSrv]
Number=11213
Confirmed=U
Filename=tp4serv.exe
Description=Supports the &quot;pointer stick&quot; in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the &quot;scroll&quot; button to work
Source=Paul Collins Startup list

[TrackPointSrv]
Number=11214
Confirmed=U
Filename=tp4mon.exe
Description=Supports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to work
Source=Paul Collins Startup list

[Tracks Eraser]
Number=11215
Confirmed=U
Filename=te.exe
Description=<a href="http://www.acesoft.net/" target="_blank">Tracks Eraser</a> from Acesoft - &quot;Erases all tracks of your internet activity&quot;

Source=Paul Collins Startup list

[Tracks Eraser Pro]
Number=11216
Confirmed=U
Filename=te.exe
Description=<a href="http://www.acesoft.net/" target="_blank">Tracks Eraser Pro</a> from Acesoft - &quot;Erases all tracks of your internet activity&quot;
Source=Paul Collins Startup list

[tranicon]
Number=11217
Confirmed=U
Filename=tranicon.exe
Description=A <a href="http://www.totalidea.com/frameset-tweakxp.htm" target=_blank>Tweak-XP</a> component (only in the registered version), makes Desktop icons transparent. Can be enabled/disabled via Tweak-XP -> System + File Tweaks -> Windows Tweaks -> Desktop Tweaks -> Make Desktop Icons Transparent
Source=Paul Collins Startup list

[Transcode360]
Number=11218
Confirmed=N
Filename=Transcode360Tray.exe
Description=Designed for WinXP Media Center Edition 2005 and the Xbox 360, <a href="http://runtime360.com/projects/transcode-360/" target="_blank">Transcode360</a> aims to broaden the support for a wide range of video media including DivX and XviD
Source=Paul Collins Startup list

[Transparent]
Number=11219
Confirmed=U
Filename=TransparentW.exe
Description=Utility to turn desktop icon text backgrounds transparent. The last letter defines the icon text color: D= as desktop, W=white, B=black. Available from <a href="http://www.freedownloadscenter.com/Shell_and_Desktop/Desktop_Randomizers_and_Changers/Transparent.html" target="_blank">here</a>
Source=Paul Collins Startup list

[Transparent]
Number=11220
Confirmed=U
Filename=TransparentD.exe
Description=Utility to turn desktop icon text backgrounds transparent. The last letter defines the icon text color: D= as desktop, W=white, B=black. Available from <a href="http://www.freedownloadscenter.com/Shell_and_Desktop/Desktop_Randomizers_and_Changers/Transparent.html" target="_blank">here</a>
Source=Paul Collins Startup list

[Transparent]
Number=11221
Confirmed=U
Filename=TransparentB.exe
Description=Utility to turn desktop icon text backgrounds transparent. The last letter defines the icon text color: D= as desktop, W=white, B=black. Available from <a href="http://www.freedownloadscenter.com/Shell_and_Desktop/Desktop_Randomizers_and_Changers/Transparent.html" target="_blank">here</a>
Source=Paul Collins Startup list

[TransparentIcons]
Number=11222
Confirmed=U
Filename=tranicon.exe
Description=A <a href="http://www.totalidea.com/frameset-tweakxp.htm" target=_blank>Tweak-XP</a> component (only in the registered version), makes Desktop icons transparent. Can be enabled/disabled via Tweak-XP -> System + File Tweaks -> Windows Tweaks -> Desktop Tweaks -> Make Desktop Icons Transparent
Source=Paul Collins Startup list

[transtask]
Number=11223
Confirmed=U
Filename=transtask.exe
Description=A <a href="http://www.totalidea.com/frameset-tweakxp.htm" target=_blank>Tweak-XP</a> component, makes the taskbar icons transparent
Source=Paul Collins Startup list

[Trashgrd]
Number=11224
Confirmed=U
Filename=TRASHGRD.EXE
Description=Part of McAfee Nuts &amp; Bolts. Protects all the files you delete, even files deleted in DOS or in 16-bit Windows applications, by sending them to the Recycle Bin
Source=Paul Collins Startup list

[Tray]
Number=11225
Confirmed=X
Filename=rundll32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagadr.html" target="_blank">LINEAG-ADR</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll32/" target=_blank>rundll32.exe</a> process, which is found in the Windows folder (98\ME) or the System32 folder(NT\2000\XP). This file is located in an "command" sub-folder
Source=Paul Collins Startup list

[Tray Pilot Lite]
Number=11226
Confirmed=U
Filename=TrayPlt.exe
Description=<a href="http://www.freedownloadscenter.com/Utilities/Misc__Utilities/Tray_Pilot.html" target="_blank">Tray Pilot</a> allows you to hide the System Tray window. No longer supported by the authors
Source=Paul Collins Startup list

[Tray Temperature]
Number=11227
Confirmed=N
Filename=Weatherbug.exe
Description=Weatherbug provides current outdoor temperature in the System Tray, also weather alerts. Available via Start -> Programs
Source=Paul Collins Startup list

[Traybar]
Number=11228
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-071915-0829-99" target=_blank>MYDOOM.L</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[traydate.exe]
Number=11229
Confirmed=U
Filename=TRAYDATE.EXE
Description=Displays the date as well as the time in the System Tray. Available from <a href="http://download.tucows.com/perl/PDA.html?Target=/wince/preview/32627.html" target="_blank">TUCOWS</a>
Source=Paul Collins Startup list

[TrayManager]
Number=11230
Confirmed=U
Filename=Trayman.exe
Description=TrayManager hides system tray icons (FreeCell won't work when TrayMan is loaded)
Source=Paul Collins Startup list

[Traymin900]
Number=11231
Confirmed=U
Filename=Tray900.exe
Description=Related to the Philips SPC webcam - System Tray manager for Personal 900 series camera
Source=Paul Collins Startup list

[Traymon]
Number=11232
Confirmed=U
Filename=traymon.exe
Description=Netropa Internet Receiver traymonitor. Will only launch the bar if you are connected to the internet and there's new news
Source=Paul Collins Startup list

[TraySantaCruz]
Number=11233
Confirmed=N
Filename=tbctray.exe
Description=Provides quick access via a System Tray icon to the control panel for Turtle Beach's Santa Cruz or VideoLogic's SonicFury soundcards. Available via Start -&gt; Settings -&gt; Control Panel
Source=Paul Collins Startup list

[TrayServer]
Number=11234
Confirmed=N
Filename=TrayServer.exe
Description=For monitoring tray icons
Source=Paul Collins Startup list

[TrayX]
Number=11235
Confirmed=X
Filename=winppr32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081909-2118-99" target="_blank">SOBIG.F</a> WORM!
Source=Paul Collins Startup list

[tray_helper]
Number=11236
Confirmed=N
Filename=tray_helper.exe
Description=<a href="http://www.republika.pl/trayhelper/indexeng.html" target="_blank">Tray Helper</a> is an Email checker with additional tools, including a popup window killer, pinger module to monitor hosts and an event reminder
Source=Paul Collins Startup list

[Trend Micro Anti-Spyware]
Number=11237
Confirmed=U
Filename=Tmas.exe
Description=Trend Micro <a href="http://www.trendmicro.com/en/products/desktop/as/evaluate/overview.htm" target=_blank>Anti-Spyware</a> - required when using real time monitoring
Source=Paul Collins Startup list

[Trend Micro AntiVirus 2007]
Number=11238
Confirmed=Y
Filename=tavui.exe
Description=<a href="http://www.trendmicro.com/" target="_blank">Trend Micro AntiVirus</a>
Source=Paul Collins Startup list

[TrendMicro Antivirus]
Number=11239
Confirmed=Y
Filename=Aveagent.exe
Description=Virus scanner
Source=Paul Collins Startup list

[TrendMicro OfficeScan NT]
Number=11240
Confirmed=Y
Filename=TMLISTEN.EXE
Description=Virus scanner
Source=Paul Collins Startup list

[Trickler]
Number=11241
Confirmed=X
Filename=[path to file]
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Claria.GAIN.CommonElements&threatid=5605" target=_blank>GAIN</a> adware. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
Source=Paul Collins Startup list

[TridentTVIcon]
Number=11242
Confirmed=Y
Filename=tvicon.exe
Description=Trident Microsystems, Inc Display driver
Source=Paul Collins Startup list

[TridTray]
Number=11243
Confirmed=?
Filename=TridTray.exe
Description=<font color="#FF0000">System Tray access to Trident 4DWave soundcards?</font>
Source=Paul Collins Startup list

[TridTray]
Number=11244
Confirmed=?
Filename=TridTray.exe
Description=<font color="#FF0000">System Tray access to Trident 4DWave soundcards?</font>
Source=Paul Collins Startup list

[Trillian]
Number=11245
Confirmed=U
Filename=trillian.exe
Description=Part of Trillian IRC client
Source=Paul Collins Startup list

[trirot]
Number=11246
Confirmed=Y
Filename=trirot.exe
Description=Trident Microsystems 3D video driver

Source=Paul Collins Startup list

[TRIXX]
Number=11247
Confirmed=U
Filename=TRIXX.exe
Description=Sapphire <a href="http://www.sapphiretech.com/us/" target="_blank">TRIXX</a> overclocking tool for the X800 GTO graphics card (and possiby others) - "push default clock speeds to 560MHz or better"
Source=Paul Collins Startup list

[Trojan Guarder Gold Version]
Number=11248
Confirmed=N
Filename=Trojan Guarder.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-071914-2557-99" target="_blank">TrojanGuarder</a> is a security risk that may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported threats
Source=Paul Collins Startup list

[Trojancheck 6 Guard]
Number=11249
Confirmed=U
Filename=tcguard.exe
Description=<a href="http://www.trojancheck.de/" target="_blank">TrojanCheck</a> anti-trojan software
Source=Paul Collins Startup list

[TrojanScanner]
Number=11250
Confirmed=U
Filename=Trjscan.exe
Description=<a href="http://www.simplysup.com/tremover/details.html" target="_blank">Trojan Remover</a> from Simply Super Software. Scans for an removes trojan viruses where anti-virus software may have not detected or removed
Source=Paul Collins Startup list

[TrojanShield]
Number=11251
Confirmed=U
Filename=Init.exe
Description=<a href="http://www.trojanshield.com/" target="_blank">TrojanShield</a>
Source=Paul Collins Startup list

[TrojanShield Protector]
Number=11252
Confirmed=U
Filename=Port.exe
Description=<a href="http://www.trojanshield.com/index.htm" target="_blank">TrojanShield</a> anti-hacker/anti-trojan software
Source=Paul Collins Startup list

[True Internet Color Icon]
Number=11253
Confirmed=U
Filename=internetcolor.exe
Description=Now superseeded by <a href="http://www.colorwizzard.com/" target="_blank">ColorWizzard</a>. Was part of 3Deep. "With True Internet Color PCs can display the best color possible over the web. Enabled web sites will know how connected monitors display color and will send them color corrected images"
Source=Paul Collins Startup list

[TrueCrypt]
Number=11254
Confirmed=U
Filename=TrueCrypt.exe
Description=<a href="http://www.truecrypt.org/" target="_blank">TrueCrypt</a> is a free open-source disk encryption software for Windows XP/2K/2003 and Linux. This the Truecrypt background task that enables some background function of truetyp: Hot-keys, autodismount, etc
Source=Paul Collins Startup list

[TrueFonts]
Number=11255
Confirmed=X
Filename=fonts.hta
Description=Browser hijacker - redirecting to Hugesearch.net
Source=Paul Collins Startup list

[TrueImageMonitor.exe]
Number=11256
Confirmed=N
Filename=TrueImageMonitor.exe
Description=Part of <a href="http://www.acronis.com/homecomputing/products/trueimage/" target=_blank>Acronis True Image</a> - backup software. Can be disabled without affecting TrueImage

Source=Paul Collins Startup list

[TrueSync Launcher]
Number=11257
Confirmed=N
Filename=tstool.exe
Description=Starfish TrueSync - for synchronization between Windows platforms and popular devices, applications and services. Stafish became Intellisync which was acquired by Nokia and is now no longer supported
Source=Paul Collins Startup list

[truetype]
Number=11258
Confirmed=X
Filename=truetype.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcosiami.html" target="_blank">COSIAM-I</a> TROJAN!
Source=Paul Collins Startup list

[TrueVector]
Number=11259
Confirmed=Y
Filename=VSMON.EXE
Description=Even if you don't have ZoneAlarm or ZoneAlarm Pro run at start-up you do need this
Source=Paul Collins Startup list

[Trust Cleaner]
Number=11260
Confirmed=X
Filename=TrustCleaner.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094215" target="_blank">Smitfraud</a> variant
Source=Paul Collins Startup list

[TrustIn Popups]
Number=11261
Confirmed=X
Filename=TrustInPopups.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-062917-0128-99" target="_blank">TrustInPopups</a> adware
Source=Paul Collins Startup list

[trustras.exe]
Number=11262
Confirmed=?
Filename=trustras.exe
Description=Trust ADSL modem related. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list

[TrustyHound-TS]
Number=11263
Confirmed=X
Filename=TrustyHound-TS.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051316-4010-99" target= blank>TrustyHound</a> spyware
Source=Paul Collins Startup list

[tsa]
Number=11264
Confirmed=X
Filename=tsm.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=TargetSaver&threatid=15121" target=_blank>TargetSaver</a> adware
Source=Paul Collins Startup list

[Tsa2]
Number=11265
Confirmed=X
Filename=tsm2.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=TargetSaver&threatid=15121" target=_blank>TargetSaver</a> adware
Source=Paul Collins Startup list

[TsAdbot]
Number=11266
Confirmed=X
Filename=TSADBOT.EXE
Description=TimeSink Add Client - advertising spyware
Source=Paul Collins Startup list

[TSBxLogon]
Number=11267
Confirmed=?
Filename=TMESBS2.EXE
Description=Found on a Toshiba laptop.<font color="#FF0000"> May be related to <a href="#TMESBS">TMESBS</a>?</font>
Source=Paul Collins Startup list

[TSE_PLUtil]
Number=11268
Confirmed=U
Filename=PLBkMon.exe
Description=<a href="http://www.prolific.com.tw/eng/company.asp" target=_blank>Prolific</a> USB Flash Disk Log On Application
Source=Paul Collins Startup list

[Tsk Mng Hlp]
Number=11269
Confirmed=X
Filename=wins32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotjb.html" target= blank>AGOBOT-JB</a> WORM!
Source=Paul Collins Startup list

[tskdbg]
Number=11270
Confirmed=X
Filename=tskdbg.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-052418-2252-99" target="_blank">FLOOD.E</a> TROJAN!
Source=Paul Collins Startup list

[Tsklist]
Number=11271
Confirmed=X
Filename=tsklist32.exe
Description=Added by the BANCOS.SP TROJAN as reported by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a>
Source=Paul Collins Startup list

[TSkrMain]
Number=11272
Confirmed=U
Filename=TSkrMain.exe
Description=TOSHIBA Accelerometer Utilities - hardware utilities that work with the motion sensors built into their Tablet PCs. Detect the way you are holding it at any given moment, you can set the machine to perform a specific function when the unit is quickly tilted to the left or right, or to the front or back and you can also take control of the cursor in some applications and make it move by leaning the PC in a certain direction
Source=Paul Collins Startup list

[Tsl]
Number=11273
Confirmed=X
Filename=tsl.exe
Description=<a href="http://vil.nai.com/vil/content/v_127649.htm" target=_blank>Uploader-R</a> adware
Source=Paul Collins Startup list

[Tsl2]
Number=11274
Confirmed=X
Filename=tsl2.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=TargetSaver&threatid=15121" target=_blank>TargetSaver</a> adware
Source=Paul Collins Startup list

[TSMsger]
Number=11275
Confirmed=N
Filename=TSMsger.exe
Description=Epson scannner software - required for "one-touch" operation. Can be launched manually
Source=Paul Collins Startup list

[tsnp2std]
Number=11276
Confirmed=N
Filename=tsnp2std.exe
Description=Digital camera related
Source=Paul Collins Startup list

[TSPower]
Number=11277
Confirmed=?
Filename=spower.drv
Description=Found on a Toshiba laptop.<font color="#FF0000"> Related to power management?</font>
Source=Paul Collins Startup list

[tsrv]
Number=11278
Confirmed=X
Filename=t2serv.exe
Description=Added by the <a href="http://www.f-secure.com/v-descs/warezov_at.shtml" target="_blank">WAREZOV.AT</a> WORM!
Source=Paul Collins Startup list

[tsrv]
Number=11279
Confirmed=X
Filename=tsrv.exe
Description=Added by the <a href="http://www.f-secure.com/v-descs/warezov_w.shtml" target="_blank">WAREZOV.W</a> WORM!
Source=Paul Collins Startup list

[TSService]
Number=11280
Confirmed=?
Filename=NSSERVICE.EXE
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[tsvcin]
Number=11281
Confirmed=X
Filename=n20050308.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076775" target=_blank>Delfin Media Viewer</a> adware related
Source=Paul Collins Startup list

[tsyssmon]
Number=11282
Confirmed=?
Filename=tsyssmon.exe
Description=<font color="#FF0000">Found in a Toshibasysstability directory</font>
Source=Paul Collins Startup list

[TSystem]
Number=11283
Confirmed=X
Filename=[trojan filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojnsysa.html" target=_blank>NSYS-A</a> TROJAN!
Source=Paul Collins Startup list

[ttaa]
Number=11284
Confirmed=X
Filename=tata.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineaget.html" target=_blank>LINEAGE-T</a> TROJAN!
Source=Paul Collins Startup list

[ttasq]
Number=11285
Confirmed=?
Filename=ttasq.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[ttool]
Number=11286
Confirmed=X
Filename=scvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbckdrowm.html" target="_blank">OWM</a> TROJAN!
Source=Paul Collins Startup list

[TTrayp]
Number=11287
Confirmed=N
Filename=VTtrayp.exe
Description=Part of S3 Graphics Controllers - S3 Screentoys Helper
Source=Paul Collins Startup list

[TTS Sync]
Number=11288
Confirmed=X
Filename=testtts.exe
Description=Added by the <a href="http://ae.trendmicro-europe.com/consumer/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=1&VName=WORM_SDBOT.BVA" target=_blank>SDBOT.BVA</a> WORM!
Source=Paul Collins Startup list

[Ttt]
Number=11289
Confirmed=X
Filename=Ttt.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[ttupt]
Number=11290
Confirmed=X
Filename=ttupt.exe
Description=eZula <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=eZula.TopText&threatid=5117" target="_blank">TopText</a> adware
Source=Paul Collins Startup list

[Tukati]
Number=11291
Confirmed=?
Filename=TukatiRedistributor.exe
Description=<a href="http://www.tukati.com/" target="_blank">Tukati</a> Digital Content Distribution. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list

[tunebite]
Number=11292
Confirmed=N
Filename=tunebite.exe
Description="<a href="http://www.tunebite.com/en/tunebite/index.html" target=_blank>Tunebite</a> lets you make unprotected copies of copy-protected music files by recording them while they are being played". Can be launched from it's Start Menu shortcut
Source=Paul Collins Startup list

[TuneUp MemOptimizer]
Number=11293
Confirmed=U
Filename=memoptimizer.exe
Description=Part of "TuneUp Utilities", specifically 2003 version. "Monitors and optimizes free memory in the background." Basically, it cleans RAM and also allows you to clear the clipboard
Source=Paul Collins Startup list

[TurBo]
Number=11294
Confirmed=X
Filename=System.Trubo.vbs
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/vbsautomc.html" target="_blank">AUTOM-C</a> WORM!
Source=Paul Collins Startup list

[TurboExplorer]
Number=11295
Confirmed=U
Filename=TE.exe
Description=Web accelerator - "<a href="http://www.downlinx.com/proghtml/9/969.htm" target="_blank">TurboExplorer</a> 2.x is a real-time web surfing accelerator specifically designed for Internet Explorer 4/5 to achieve a faster and more effective approach to the internet". Only needed if you find it improves web browsing
Source=Paul Collins Startup list

[TurboLaunch]
Number=11296
Confirmed=U
Filename=Tlaunch.exe
Description=<a href="http://www.savardsoftware.com/turbolaunch/" target=_blank>TurboLaunch</a> is a tool-bar style application that can be set up to run many programs and perform certain pre-programmed actions
Source=Paul Collins Startup list

[TurboMemoryCharger]
Number=11297
Confirmed=U
Filename=turbomemorycharger.exe
Description=<a href="http://www.turbomemorycharger.com/" target="_blank">Turbo Memory Charger</a> - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://aumha.org/win4/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
Source=Paul Collins Startup list

[TurboNote]
Number=11298
Confirmed=N
Filename=tbnote.exe
Description=Post-It's on your desktop. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[TurboTop]
Number=11299
Confirmed=U
Filename=TurboTop.exe
Description=<a href="http://www.savardsoftware.com/turbotop/" target="_blank">TurboTop</a> - make any window "Always on top"
Source=Paul Collins Startup list

[TURXP Protocol]
Number=11300
Confirmed=X
Filename=sps32.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[tutcdchk2]
Number=11301
Confirmed=X
Filename=tutcdchk2.exe
Description=Added by the <a href="http://fileinfo.prevx.com/spyware/qq975f36890326-TUTC23121686/TUTCDCHK2.EXE.html" target="_blank">VXGAME</a> TROJAN!
Source=Paul Collins Startup list

[TV Media]
Number=11302
Confirmed=X
Filename=Tvm.exe
Description=<a href="http://www.pestpatrol.com/MS/pestinfo/C/cleveriehooker.asp" target="_blank">CleverIEHooker</a> hijacker variant
Source=Paul Collins Startup list

[TV Scheduler]
Number=11303
Confirmed=U
Filename=TVSCHL.EXE
Description=ProLink <a href="http://www.prolink-usa.com/english/product/mmpak/ppro.htm#title1" target=_blank>PlayTVpro</a> TV tuner software scheduler
Source=Paul Collins Startup list

[TV878 Remote Control]
Number=11304
Confirmed=U
Filename=C7XRCtl.exe
Description=Related to <a href="http://www.what-process.com/process-info.aspx?p=C7XRCtl.exe" target="_blank">Kworld TV878</a> Tuner
Source=Paul Collins Startup list

[TVMD]
Number=11305
Confirmed=X
Filename=tvmd.exe
Description=<a href="http://www.totalvelocity.com/" target="_blank">Total Velocity</a> - "Secure commerce company that enables the 'checkout' process for our customers in order to safely and securely purchase our award winning software". Autointsalling spyware
Source=Paul Collins Startup list

[TvNow]
Number=11306
Confirmed=U
Filename=TvNow.exe
Description=Application supplied with HP notebooks. It activates the S-Video port and is said to improve the quality of the output signal (resolution/timeouts)
Source=Paul Collins Startup list

[TvrRemote]
Number=11307
Confirmed=U
Filename=Remote.exe
Description=Remote Control driver for <a href="http://www.lifeview.com.tw/html/products/products.htm" target="_blank">LifeView</a> internal and external TV products
Source=Paul Collins Startup list

[TvrSchedule]
Number=11308
Confirmed=U
Filename=Schedule.exe
Description=Scheduler for <a href="http://www.mercury-pc.com/product-detail.php?link=p-addcards&subtitle=Add-On%20Cards&productid=653" target="_blank">Mercury Ez View</a> TV Tuner Card
Source=Paul Collins Startup list

[Tvs]
Number=11309
Confirmed=N
Filename=TvsTray.exe
Description=Toshiba Virtual Sound on a notebook. Allows you to change sound settings on the fly - default setting is "build-in speaker". You can also select external speaker, open type headphone, or closed type headphone. Each setting has presets for Bass, Stereo, and Clarity - which can also be changed by user if desired. Can also be launched from Start -> Programs -> Toshiba -> Utilities
Source=Paul Collins Startup list

[tvs_b]
Number=11310
Confirmed=X
Filename=tvs_b.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080114-4631-99" target="_blank">BroadcastPC</a> adware variant
Source=Paul Collins Startup list

[tvs_b]
Number=11311
Confirmed=X
Filename=tvs_ln.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080114-4631-99" target="_blank">BroadcastPC</a> adware variant
Source=Paul Collins Startup list

[tvs_re]
Number=11312
Confirmed=X
Filename=tvs_re_inst.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080114-4631-99" target="_blank">BroadcastPC</a> adware variant
Source=Paul Collins Startup list

[TVTMD]
Number=11313
Confirmed=X
Filename=TVTMD.EXE
Description=<a href="http://www.totalvelocity.com/" target="_blank">Total Velocity</a> variant - autoinstalling spyware
Source=Paul Collins Startup list

[TVTunerLib]
Number=11314
Confirmed=U
Filename=TVTLInstTool.exe
Description=Related to Sony installer tool for Sony TV tuner library
Source=Paul Collins Startup list

[TVWakeup]
Number=11315
Confirmed=N
Filename=tvwakeup.exe
Description=MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it
Source=Paul Collins Startup list

[Tvwatch]
Number=11316
Confirmed=?
Filename=tvwatch.exe
Description=Associated with the TV-oOut option on Asus AGP or Intel graphics cards. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list

[Twain image]
Number=11317
Confirmed=X
Filename=mmp32.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=DailyWinner&threatid=4143" target=_blank>DailyWinner</a> adware

Source=Paul Collins Startup list

[TWarmBay]
Number=11318
Confirmed=?
Filename=N/A
Description=Found on a Toshiba laptop.<font color="#FF0000"> Related to hotswap bay management?</font>
Source=Paul Collins Startup list

[TWarnMsg]
Number=11319
Confirmed=U
Filename=twarnmsg.exe
Description=Toshiba System Warning Function for Windows 98, Me, 2000 - provides notification dialog when the cooling fan stops
Source=Paul Collins Startup list

[TWBbtn]
Number=11320
Confirmed=?
Filename=N/A
Description=<font color="#FF0000">Found on a Toshiba laptop</font>
Source=Paul Collins Startup list

[TWBrowse]
Number=11321
Confirmed=?
Filename=TWBrowse.drv
Description=<font color="#FF0000">Found on a Toshiba laptop. Possibly related to TWAIN drivers (ie, scanners, etc) - see <a href="http://www.twaintools.de/support.html" target="_blank">this</a>?</font>
Source=Paul Collins Startup list

[Tweak Manager]
Number=11322
Confirmed=?
Filename=WinManager.Exe
Description=WinGuides <a href="http://www.winguides.com/tweak/" target="_blank">Tweak Manager</a>. <font color="#FF0000">Is this required for the live updates feature and/or if settings are changed?</font>
Source=Paul Collins Startup list

[Tweak UI]
Number=11323
Confirmed=U
Filename=rundll32.exe tweakui.cpl, tweakmeup
Description=Restores settings that can't be retained if you have Microsoft's Tweak UI &quot;powertoy&quot; installed
Source=Paul Collins Startup list

[Tweak UI]
Number=11324
Confirmed=U
Filename=rundll32.exe tweakui.cpl, tweaklogon
Description=Automatically logs you on if you have Microsoft's Tweak UI &quot;powertoy&quot; installed
Source=Paul Collins Startup list

[Tweak UI]
Number=11325
Confirmed=X
Filename=RunDLL32 tweakUI.DLL, TWEAKUI /tweakmeup
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-022017-5551-99" target="_blank">SUBWOOFER</a> TROJAN! Note - the real Tweak UI entry for this is "rundll32.exe tweakui.cpl, tweakmeup"
Source=Paul Collins Startup list

[Tweak UI 1.33 deutsch]
Number=11326
Confirmed=U
Filename=RUNDLL32.EXE TWEAKUI.CPL, TweakMeUp
Description=Restores settings that can't be retained if you have Microsoft's Tweak UI "powertoy" installed - German version
Source=Paul Collins Startup list

[Tweak-Me]
Number=11327
Confirmed=U
Filename=TWEAK-ME.exe
Description=3rd party version of Miscrosoft'sTweak UI &quot;powertoy&quot; with many more options and controls (plus full support), designed specifically to take advantage of features in WinMe/2K and above, available from <a href="http://www.tweak-me.de/" target="_blank">here</a>
Source=Paul Collins Startup list

[Tweak-xp]
Number=11328
Confirmed=U
Filename=Tweak-xp.exe
Description=Main program for <a href="http://www.totalidea.com/frameset-tweakxp.htm" target=_blank>Tweak-XP</a> - a WinXP tweaking utility
Source=Paul Collins Startup list

[TweakDUN]
Number=11329
Confirmed=U
Filename=tweakdun.exe
Description=Utility to optimize your Internet Browser Software. TweakDUN promotes faster Internet data transfer rates and faster downloads by eliminating fragmentation of data packets
Source=Paul Collins Startup list

[Tweaki4PU]
Number=11330
Confirmed=U
Filename=twksup.exe
Description="<a href="http://www.jermar.com/tweaki.htm" target=_blank>Tweaki</a> puts several Windows utilities into one easy to use program while adding hundreds of additional tweaks not found in other system tweakers"
Source=Paul Collins Startup list

[tweakico]
Number=11331
Confirmed=?
Filename=tweakico.exe
Description=<font color="#FF0000">May be a HP program to control their icons?</font>
Source=Paul Collins Startup list

[TweakMASTER]
Number=11332
Confirmed=U
Filename=TMTray.exe
Description=<a href="http://www.tweakmaster.com/" target=_blank>TweakMASTER</a> Internet Optimizer
Source=Paul Collins Startup list

[TweakYC]
Number=11333
Confirmed=?
Filename=TweakYC.exe
Description=<a href="http://www.comprousa.com/New/en/home.html" target=_blank>VideoMate</a> TV tuner and capture card related - <font color=#FF0000>what does it do and is it required?</font>

Source=Paul Collins Startup list

[twister]
Number=11334
Confirmed=U
Filename=twister.exe
Description=Twister <a href="http://www.filseclab.com/eng/products/twister.htm" target=_blank>"AntiTrojanVirus"</a>
Source=Paul Collins Startup list

[TwkSCardSrv]
Number=11335
Confirmed=N
Filename=SCardS32.Exe
Description=Used with Towitoko SmartCard Readers for card recognition
Source=Paul Collins Startup list

[twunk service]
Number=11336
Confirmed=X
Filename=twunk16.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BAT&VSect=P" target=_blank>RBOT.BAT</a> WORM!
Source=Paul Collins Startup list

[twunk_32]
Number=11337
Confirmed=X
Filename=twunk_32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-090617-1926-99" target=_blank>BLACKMAL.C</a> WORM! Note - this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
Source=Paul Collins Startup list

[Twunk_64]
Number=11338
Confirmed=X
Filename=twunk_64.exe
Description=System1060 homepage hi-jacker. Note - this is not a Windows file and is found in a WindowsSystem1060 directory
Source=Paul Collins Startup list

[tyack drive]
Number=11339
Confirmed=X
Filename=tyack.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotamt.html" target=_blank>RBOT-AMT</a> WORM!
Source=Paul Collins Startup list

[type32]
Number=11340
Confirmed=N
Filename=type32.exe
Description=For MS programmable keyboards. If you disable Intellitype in Startup, any &quot;Hot Keys&quot; that are changed by the user to perform functions other than default settings, defer back to their default settings. Not required unless you have changed them
Source=Paul Collins Startup list

[TypingSatellite]
Number=11341
Confirmed=N
Filename=KBOOST.exe
Description=<a href="http://www.typingmaster.com" target="_blank">Typing Master 2002</a> background utility that collects typing errors and builds up customised typing lessons for your needs. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[U.S.Robotics WLAN Adapter Configuration Utility]
Number=11342
Confirmed=U
Filename=USRWLAN.exe
Description=<a href="http://www.usr.com/" target="_blank">U.S.Robotics LAN Adapter</a> - wireless LAN (WLAN) configuration utility
Source=Paul Collins Startup list

[Uate]
Number=11343
Confirmed=X
Filename=oocs.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[UBSShell]
Number=11344
Confirmed=U
Filename=UBSShell.exe
Description=UBS (United Bank of Switzerland) banking software
Source=Paul Collins Startup list

[UCmd]
Number=11345
Confirmed=X
Filename=fallfour.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaza.html" target=_blank>SDBOT-AZA</a> WORM!
Source=Paul Collins Startup list

[UCmore XP - The Search Accelerator]
Number=11346
Confirmed=U
Filename=rundll32.exe UCMTSAIE.dll, DllShowTB
Description=<a href="http://www.ucmore.com/" target="_blank">UCmore</a> toolbar - search accelerator
Source=Paul Collins Startup list

[UC_SMB]
Number=11347
Confirmed=N
Filename=ucstart.exe
Description=Part of IBM Update connector on IBM PCs for updating drivers on a new installation. Once you manually run the IBM Update connector program (shortcut) this entry is removed
Source=Paul Collins Startup list

[uc_start]
Number=11348
Confirmed=N
Filename=ucstartup.exe
Description=Auto updater feature for IBM machines that tries to connect to IBM to see if there are any new drivers, patches and etc
Source=Paul Collins Startup list

[UD Agent]
Number=11349
Confirmed=U
Filename=UD.EXE
Description=The United Devices Agent can recycle your PC's unused resources and use them to perform valuable scientific and medical research without disturbing your usual computer use - similar to SETI@home but for medical research. Available via Start > Programs
Source=Paul Collins Startup list

[UDC6cw]
Number=11350
Confirmed=N
Filename=UDC6cw.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-062217-0726-99" target="_blank">DriveCleaner</a> is a security assesment tool which gives exaggerated reports of security and privacy risks on a computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported risks
Source=Paul Collins Startup list

[udzok]
Number=11351
Confirmed=X
Filename=udzou.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotcus.html" target="_blank">SDBOT-CUS</a> WORM!
Source=Paul Collins Startup list

[Ueproc32]
Number=11352
Confirmed=U
Filename=UEPROC32.exe
Description=Part of Norton Utilities - most likely associated with the Unerase Wizard in older versions
Source=Paul Collins Startup list

[UFD Monitor9382]
Number=11353
Confirmed=X
Filename=ufdlmon.exe
Description=Part of USB Flashdisk software - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list

[UFD Utility9382]
Number=11354
Confirmed=?
Filename=UFDTool.exe
Description=Part of USB Flashdisk software - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list

[ugon]
Number=11355
Confirmed=?
Filename=aockstrs.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[uhvjsul.dll]
Number=11356
Confirmed=X
Filename=[path] rundll32.exe [path] uhvjsul.dll, mrpmvyf
Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453099988" target="_blank">BUSKY-G</a> TROJAN!
Source=Paul Collins Startup list

[Uidler]
Number=11357
Confirmed=N
Filename=Uidler.exe
Description=Uniloc Titlewave Browser used with some shareware
Source=Paul Collins Startup list

[UIWatcher]
Number=11358
Confirmed=N
Filename=UIWatcher.exe
Description=<a href="http://www.ashampoo.com/frontend/homepage/php/index.php?session_langid=2" target="_blank">Ashampoo's</a> Uninstaller Suite - installation watcher. Available via Start -> Programs
Source=Paul Collins Startup list

[ujm]
Number=11359
Confirmed=U
Filename=nm32.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-092215-0056-99" target=blank>Stranget</a> keystroke logger/monitoring program - remove unless you installed it yourself! Found in an "fyt" subfolder of the Windows or Winnt folder

Source=Paul Collins Startup list

[UKVideo2]
Number=11360
Confirmed=X
Filename=ukvideo2.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[Ulead AutoDetector v2]
Number=11361
Confirmed=?
Filename=monitor.exe
Description=Related to <a href="http://www.ulead.com/" target=_blank>Ulead Systems Inc.</a>. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[Ulead Photo Express x.0 Calendar]
Number=11362
Confirmed=N
Filename=calcheck.exe
Description=Ulead Calendar Checker - part of <a href="http://www.ulead.com/pe/runme.htm" target="_blank">Ulead Photo Express</a>, where &quot;x&quot; represents the version number. Automatically replaces your calendar desktop wallpaper on a weekly/monthly/yearly basis if you've created them. Not required - change them manually
Source=Paul Collins Startup list

[Ultimate Cleaner]
Number=11363
Confirmed=N
Filename=App.exe
Description=Ultimate Cleaner spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[UltimateBuddy]
Number=11364
Confirmed=X
Filename=UltimateBuddy.exe
Description=<a href="http://www.bleepingcomputer.com/uninstall/1457/UltimateBuddy.html" target="_blank">UltimateBuddy</a> - installs malware, or is bundled with malware
Source=Paul Collins Startup list

[UltimateZip Quick Start]
Number=11365
Confirmed=N
Filename=uzqkst.exe
Description=<a href="http://www.ultimatezip.com/" target="_blank">UltimateZip</a> - file compression utility
Source=Paul Collins Startup list

[Ultra Hal Assistant 4.5 Startup]
Number=11366
Confirmed=N
Filename=HalAsst.exe
Description=<a href="http://www.zabaware.com/assistant/" target="_blank">Zabaware Ultra Hal Assistant</a> - artificial intelligence conversation simulator. It is capable of being your digital secretary and companion
Source=Paul Collins Startup list

[UltraDVDMon]
Number=11367
Confirmed=?
Filename=DVDMon.exe
Description=<a href="http://www.ultra-dvd-player.com/" target="_blank">UltraDVD</a> DVD player software - <font color="#FF0000">is it required?</font>
Source=Paul Collins Startup list

[Ulubione]
Number=11368
Confirmed=X
Filename=sys****.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041309-0935-99" target=_blank>Ulubione</a> adware
Source=Paul Collins Startup list

[UMAX VistaAccess]
Number=11369
Confirmed=N
Filename=vsaccess.exe
Description=VistaAccess gives you quick and easy access to scanning functions right from your desktop
Source=Paul Collins Startup list

[UMonit]
Number=11370
Confirmed=U
Filename=umonit.exe
Description=Alerts when USB device is plugged in
Source=Paul Collins Startup list

[umxagent]
Number=11371
Confirmed=Y
Filename=umxagent.exe
Description=<a href="http://www.tinysoftware.com/home/tiny2?la=EN" target="_blank">Tiny Personal Firewall</a> V4 - main engine
Source=Paul Collins Startup list

[umxldra]
Number=11372
Confirmed=Y
Filename=umxldra.exe
Description=User mode executive module DLL loader - part of <a href="http://www.tinysoftware.com/home/tiny2?la=EN" target="_blank">Tiny Personal Firewall</a> V4
Source=Paul Collins Startup list

[UMXLDRW]
Number=11373
Confirmed=Y
Filename=UMXLDRW.exe
Description=<a href="http://www.tinysoftware.com/home/tiny2?la=EN" target="_blank">Tiny Personal Firewall</a> (pre V4)
Source=Paul Collins Startup list

[un32info]
Number=11374
Confirmed=X
Filename=un32info.Exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list

[UNERI]
Number=11375
Confirmed=X
Filename=yujixit.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BOO&VSect=P" target=_blank>SDBOT.BOO</a> WORM!
Source=Paul Collins Startup list

[UnHackMe Monitor]
Number=11376
Confirmed=U
Filename=hackmon.exe
Description=<a href="http://www.softaward.com/9275.html" target= blank>UnHackMe</a> allows you to detect and remove a new generation of 'invisible' Trojan programs called "rootkits"
Source=Paul Collins Startup list

[Uniblue Quick Access]
Number=11377
Confirmed=U
Filename=qaccess.exe
Description=<a href="http://www.processlibrary.com/directory/files/qaccess/" target=_blank>Quick Access</a> application from UniBlue Systems Ltd - "helps you account for all processes on your computer by providing an additional plug-in for the Windows task manager"

Source=Paul Collins Startup list

[Uniblue Registry Booster]
Number=11378
Confirmed=U
Filename=RegistryBooster.exe
Description=Uniblue "<a href="http://www.liutilities.com/products/registrybooster/" target="_blank">Registry Booster</a>  is the safest and most trusted solution to clean and optimise your system, free it from registry errors and fragmented entries"
Source=Paul Collins Startup list

[Uniblue SpyEraser]
Number=11379
Confirmed=U
Filename=spyeraser.exe
Description=<a href="http://www.liutilities.com/products/spyeraser/" target="_blank">SpyEraser</a> from Uniblue. Spyware detection program
Source=Paul Collins Startup list

[uninstal]
Number=11380
Confirmed=X
Filename=regsvr32 image.dll
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list

[Uninstall****]
Number=11381
Confirmed=X
Filename=upd.exe
Description=Adult content based screen saver where **** can be any number
Source=Paul Collins Startup list

[UninstallAbility]
Number=11382
Confirmed=N
Filename=uability.exe
Description=<a href="http://www.innovatools.com/uninstallability.html" target="_blank">UninstallAbility</a> free uninstaller
Source=Paul Collins Startup list

[UninstallHL]
Number=11383
Confirmed=X
Filename=PreUninstallHL.exe
Description=<a href="http://vil.mcafeesecurity.com/vil/content/v_134892.htm" target=_blank>LinkReplacer/FFinder</a> adware
Source=Paul Collins Startup list

[UninstallQL]
Number=11384
Confirmed=X
Filename=PreUninstallQL.exe
Description=<a href="http://vil.mcafeesecurity.com/vil/content/v_134892.htm" target=_blank>LinkReplacer/FFinder</a> adware
Source=Paul Collins Startup list

[Uninstall_TBPS]
Number=11385
Confirmed=X
Filename=TBuninst.exe
Description=WebSearch Toolbar - <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453072528" target=_blank>HuntBar</a> hijacker, toolbar installer variant

Source=Paul Collins Startup list

[UniPrint]
Number=11386
Confirmed=U
Filename=SetDfltSettings.exe
Description=Drivers for Uniprint, a printing help for Terminal Services and Citrix which recieves downloaded files from a Uniprint enabled server and prints them locally allowing for truly universal printing through Terminal Services or Citrix
Source=Paul Collins Startup list

[UniSc]
Number=11387
Confirmed=U
Filename=Unisc.exe
Description=McAfee UnInstaller
Source=Paul Collins Startup list

[uniucu]
Number=11388
Confirmed=?
Filename=uniucu.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Universal USB Service]
Number=11389
Confirmed=X
Filename=svchost32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041214-1218-99" target=_blank>KELVIR.R</a> WORM!
Source=Paul Collins Startup list

[Unix File Support]
Number=11390
Confirmed=X
Filename=init3.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotzn.html" target=_blank>RBOT-ZN</a> WORM!
Source=Paul Collins Startup list

[unldr16]
Number=11391
Confirmed=X
Filename=unldr16.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list

[unldr32]
Number=11392
Confirmed=X
Filename=unldr32.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list

[UnlockerAssistant]
Number=11393
Confirmed=U
Filename=UnlockerAssistant.exe
Description=Related to <a href="http://ccollomb.free.fr/unlocker/" target=_blank>Unlocker</a> utility to unlock files when the OS reports the file is being used by an other person or program
Source=Paul Collins Startup list

[UnSpyPC]
Number=11394
Confirmed=N
Filename=UnSpyPC.exe
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>
Source=Paul Collins Startup list

[untray]
Number=11395
Confirmed=Y
Filename=untray.exe
Description=<a href="http://www.authentium.com/command/" target="_blank">Command Antivirus</a> related
Source=Paul Collins Startup list

[uoltray]
Number=11396
Confirmed=N
Filename=exec.exe
Description=Netzero free ISP software - not required
Source=Paul Collins Startup list

[Up Service]
Number=11397
Confirmed=X
Filename=up32.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotari.html" target=_blank>RBOT-ARI</a> WORM!
Source=Paul Collins Startup list

[UpConfgVer]
Number=11398
Confirmed=N
Filename=UpgConf.exe
Description=Panda Antivirus Platinum. Purpose unclear, but according to Panda Software not required for the AV to function
Source=Paul Collins Startup list

[Updade Windows]
Number=11399
Confirmed=X
Filename=winlogom.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453099334="_blank">TONAX-A</a> TROJAN!
Source=Paul Collins Startup list

[UpData]
Number=11400
Confirmed=X
Filename=wupdata.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotaa.html" target= blank>IRCBOT-AA</a> TROJAN!
Source=Paul Collins Startup list

[Update]
Number=11401
Confirmed=X
Filename=[original file path]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092411-5337-99" target="_blank">LYNDEGG</a> WORM!
Source=Paul Collins Startup list

[Update]
Number=11402
Confirmed=X
Filename=CDUpdater.exe
Description="Carpe Diem" adult premium rate dialler related
Source=Paul Collins Startup list

[Update]
Number=11403
Confirmed=X
Filename=Sysupd.exe
Description=Added by the SLACKBOT VIRUS!
Source=Paul Collins Startup list

[Update]
Number=11404
Confirmed=X
Filename=Zupdate.exe
Description=Associated with <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrilliantDigital&threatid=3334" target="_blank">B3d Projector</a> foistware - see <a href="http://www.greatis.com/appdata/u/z/zupdate.exe.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[Update]
Number=11405
Confirmed=X
Filename=mshtm.exe
Description=Browser hijacker - redirecting to buldog-search.com

Source=Paul Collins Startup list

[Update]
Number=11406
Confirmed=X
Filename=UPDATE-28062004.exe[25 blank spaces].vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110809-1153-99" target=_blank>MIDFIN</a> WORM!

Source=Paul Collins Startup list

[update]
Number=11407
Confirmed=X
Filename=winis.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotvd.html" target=_blank>RBOT-VD</a> WORM!
Source=Paul Collins Startup list

[update]
Number=11408
Confirmed=X
Filename=r00t.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaco.html" target= blank>RBOT-ACO</a> WORM!
Source=Paul Collins Startup list

[UPDATE]
Number=11409
Confirmed=X
Filename=WinUpdater5.0.vbs
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/vbsgormleza.html" target=_blank>GORMLEZ-A</a> WORM!
Source=Paul Collins Startup list

[UpDate]
Number=11410
Confirmed=X
Filename=RAuth.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderul.html" target=_blank>DLOADER-UL</a> TROJAN!
Source=Paul Collins Startup list

[Update]
Number=11411
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojadclickag.html" target=_blank>ADCLICK-AG</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[Update]
Number=11412
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-022111-5220-99" target=_blank>MEHEERWAR</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in a "winupdate" subfolder
Source=Paul Collins Startup list

[Update]
Number=11413
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojadclickag.html" target=_blank>ADCLICK-AG</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[Update]
Number=11414
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojadclickag.html" target=_blank>ADCLICK-AG</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[Update]
Number=11415
Confirmed=X
Filename=Update.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453099537" target="_blank">QuickButton</a> adware
Source=Paul Collins Startup list

[Update]
Number=11416
Confirmed=X
Filename=hanz.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotglj.html" target="_blank">RBOT-GLJ</a> WORM!
Source=Paul Collins Startup list

[Update Checker]
Number=11417
Confirmed=X
Filename=winlog.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbottj.html" target="_blank">IRCBOT-TJ</a> TROJAN!
Source=Paul Collins Startup list

[Update Checker]
Number=11418
Confirmed=X
Filename=scvhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentdsf.html" target="_blank">AGENT-DSF</a> TROJAN!
Source=Paul Collins Startup list

[Update for Windows]
Number=11419
Confirmed=X
Filename=[various filenames]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lerpaa.html" target=_blank>LERPA-A</a> WORM! Note - the file name will be one of the following common.exe, common.pif, common.scr, Sexo.exe, Sexo.jpg.pif, ini_file__.pif, load_me__.tmp, msfile.pif, system_load_.pif or zipped.rar.pif
Source=Paul Collins Startup list

[Update for Works]
Number=11420
Confirmed=?
Filename=MSWkstz.exe
Description=<font color="#FF0000">Maybe related to later versions of MS Works?</font>
Source=Paul Collins Startup list

[Update Grokster]
Number=11421
Confirmed=N
Filename=WiseUpdt.exe
Description=Automatically updates the Grokster file sharing software. Beware of adware and spyware when using this type of program, for instance, Grokster contains CyDoor
Source=Paul Collins Startup list

[Update Install]
Number=11422
Confirmed=X
Filename=Schost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
Source=Paul Collins Startup list

[Update local]
Number=11423
Confirmed=?
Filename=SetCPQLC.exe
Description=<font color="#FF0000">Running on a Compaq desktop. Any ideas?</font>
Source=Paul Collins Startup list

[Update Manager]
Number=11424
Confirmed=N
Filename=UpdateManager.exe
Description=Searches for updates for the Rogers <a href="http://help.yahoo.com/l/ca/rogers/browser/" target="_blank">Yahoo! Browser</a> - can be run manually
Source=Paul Collins Startup list

[update run dos]
Number=11425
Confirmed=X
Filename=logon.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!

Source=Paul Collins Startup list

[Update Run MSword]
Number=11426
Confirmed=X
Filename=LOGON.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.TY&VSect=P" target=_blank>RBOT.TY</a> WORM!
Source=Paul Collins Startup list

[Update Service]
Number=11427
Confirmed=Y
Filename=Update.exe
Description=Loaded by Handybits programs such as <a href="http://www.handybits.com/easycrypto.htm" target="_blank">EasyCrypto</a>. Re-instates itself every time the program is run so best to leave it enabled. Prevent it dialling out via a firewall
Source=Paul Collins Startup list

[update service]
Number=11428
Confirmed=X
Filename=svxhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmg.html" target=_blank>RBOT-MG</a> WORM!
Source=Paul Collins Startup list

[Update Service]
Number=11429
Confirmed=X
Filename=winu32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmg.html" target=_blank>RBOT-MG</a> WORM!
Source=Paul Collins Startup list

[update service]
Number=11430
Confirmed=X
Filename=winx.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Update TUT]
Number=11431
Confirmed=?
Filename=WiseUpdt.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Update ver 1.0]
Number=11432
Confirmed=X
Filename=Swap.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32swapc.html" target=_blank>SWAP-C</a> WORM!

Source=Paul Collins Startup list

[Update Windows]
Number=11433
Confirmed=X
Filename=EXPLORE.EXE
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Update Windows]
Number=11434
Confirmed=X
Filename=EXPLORE.EXE
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Update.exe]
Number=11435
Confirmed=X
Filename=ravseuper.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassp.html" target=_blank>QQPASS-P</a> TROJAN!
Source=Paul Collins Startup list

[Update32]
Number=11436
Confirmed=X
Filename=configs.exe
Description=Hijacker, also detected as the <a href="http://vil.nai.com/vil/content/v_126408.htm" target="_blank">QURL-2</a> TROJAN!
Source=Paul Collins Startup list

[UpdateCheck]
Number=11437
Confirmed=X
Filename=winstall.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotcy.html" target=_blank>SPYBOT-CY</a> WORM!
Source=Paul Collins Startup list

[UpdateComponent]
Number=11438
Confirmed=X
Filename=CNF UPD.EXE
Description=Added by the SPYBOT.GEN VIRUS!
Source=Paul Collins Startup list

[UpdateFW]
Number=11439
Confirmed=?
Filename=fwdload.exe
Description=<font color="#FF0000">Appears to be firmware update software for a Network Associates ATMbook OC-3 SMF Interface Module?</font>
Source=Paul Collins Startup list

[UPDATEHOOK]
Number=11440
Confirmed=?
Filename=Rundll32.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[updatelavasoft]
Number=11441
Confirmed=X
Filename=updatelavasoft.exe
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant - redirecting to lalasearch.com
Source=Paul Collins Startup list

[UpdateManager]
Number=11442
Confirmed=U
Filename=sgtray.exe
Description=StorageGuard from Veritas (this version by Sonic). Free utility that integrates with Backup MyPC (formerly Backup Exec Desktop), Simple Backup and MS Backup. Provides system tray access and background monitoring - warning you of files that haven't recently been backed up. Required unless you backup manually on a regular basis or have scheduled backups
Source=Paul Collins Startup list

[UpdateMedia]
Number=11443
Confirmed=X
Filename=UpdateMedia.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453078871" target="_blank">MediaUpdate</a> foistware

Source=Paul Collins Startup list

[UpdateMgr]
Number=11444
Confirmed=X
Filename=updmgr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-072916-3615-99" target=_blank>SouthBeachTel</a> premium rate adult content dialer
Source=Paul Collins Startup list

[updateMgr]
Number=11445
Confirmed=N
Filename=AdobeUpdateManager.exe
Description=Automatic updates for the Adobe Reader file viewer
Source=Paul Collins Startup list

[updatemgr.exe]
Number=11446
Confirmed=N
Filename=updatemgr.exe
Description=Once a month, your EarthLink 5.0 Update Manager contacts EarthLink's servers to check for software updates. If an update is available for your EarthLink software, Update Manager will inform you and, with your permission, download and install the update. Can go to http://www.earthlink.net and download the updates manually
Source=Paul Collins Startup list

[UPDATEMSN]
Number=11447
Confirmed=X
Filename=svhost.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[updater]
Number=11448
Confirmed=X
Filename=wupdater.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/adware.keenval.html" target=_blank>eUniverse/KeenValue</a> adware
Source=Paul Collins Startup list

[updater]
Number=11449
Confirmed=?
Filename=updater.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Updater]
Number=11450
Confirmed=X
Filename=adservernow.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-012517-2508-99" target=_blank>AdServerNow</a> adware
Source=Paul Collins Startup list

[updater]
Number=11451
Confirmed=X
Filename=wisvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojorsea.html" target= blank>ORSE-A</a> TROJAN!
Source=Paul Collins Startup list

[Updater Service Process]
Number=11452
Confirmed=X
Filename=svhost32.exe
Description=Added by the <a href="http://www.trendmicro.co.jp/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.TY" target=_blank>AGOBOT.TY</a> WORM!
Source=Paul Collins Startup list

[updater32]
Number=11453
Confirmed=X
Filename=winload32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-021517-2143-99" target="_blank">CULT.M</a> WORM!
Source=Paul Collins Startup list

[updatereal]
Number=11454
Confirmed=X
Filename=realupdate.exe
Description=Chinese originated adware
Source=Paul Collins Startup list

[Updates]
Number=11455
Confirmed=X
Filename=msupdate.exe
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list

[Updates from HP]
Number=11456
Confirmed=N
Filename=backweb*****.exe
Description=See <a href="http://h10025.www1.hp.com/ewfrf/wc/genericDocument?cc=us&docname=bph05170&lc=en&jumpid=reg_R1002_USEN#bph05170_G5" target="_blank">here</a> - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners". * can be any digit
Source=Paul Collins Startup list

[Updates from HP]
Number=11457
Confirmed=N
Filename=Updates from HP.exe
Description=Automatically detects an internet connection and downloads any available updates
Source=Paul Collins Startup list

[UpdateService]
Number=11458
Confirmed=X
Filename=wservice.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32drefk.html" target="_blank">DREF-K</a> WORM!
Source=Paul Collins Startup list

[Updatestats]
Number=11459
Confirmed=X
Filename=Updatestats.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=StatBlaster&threatid=11648" target="_blank">Statblaster</a> adware
Source=Paul Collins Startup list

[UpdateStats]
Number=11460
Confirmed=X
Filename=UpdateStats.exe
Description=SeekSeek search hijacker related - see <a href="http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW_SECTHOUGHT.A&VSect=Sn" target=_blank>here</a>

Source=Paul Collins Startup list

[updatev01]
Number=11461
Confirmed=N
Filename=updatev01.exe
Description=Ultra-networks.com software updater/downloader

Source=Paul Collins Startup list

[updatewin]
Number=11462
Confirmed=X
Filename=update.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Updatewiz]
Number=11463
Confirmed=?
Filename=updatewiz.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[UPDATE~1]
Number=11464
Confirmed=N
Filename=updatemgr.exe
Description=Once a month, your EarthLink 5.0 Update Manager contacts EarthLink's servers to check for software updates. If an update is available for your EarthLink software, Update Manager will inform you and, with your permission, download and install the update. Can go to http://www.earthlink.net and download the updates manually
Source=Paul Collins Startup list

[upddateit]
Number=11465
Confirmed=X
Filename=winit.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotms.html" target=_blank>RBOT-MS</a> WORM!

Source=Paul Collins Startup list

[Updmgr]
Number=11466
Confirmed=X
Filename=updmgr.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/adware.keenval.html" target=_blank>eUniverse/KeenValue</a> adware
Source=Paul Collins Startup list

[updmgr]
Number=11467
Confirmed=X
Filename=rvupdmgr.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/adware.keenval.html" target=_blank>eUniverse/KeenValue</a> adware
Source=Paul Collins Startup list

[upDpacketo]
Number=11468
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32nafbota.html" target=_blank>NAFBOT-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "TEMPER" subfolder of the Windows or Winnt folder
Source=Paul Collins Startup list

[UpdReg]
Number=11469
Confirmed=N
Filename=Updreg.exe
Description=Reminder to register Creative Labs SoundBlaster Live! cards
Source=Paul Collins Startup list

[UpdSys]
Number=11470
Confirmed=X
Filename=[random filename]
Description=Added by the BJ TROJAN!
Source=Paul Collins Startup list

[Updt Service]
Number=11471
Confirmed=X
Filename=updt.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotayu.html" target=_blank>RBOT-AYU</a> WORM!
Source=Paul Collins Startup list

[updwebmin]
Number=11472
Confirmed=X
Filename=updwebmin.exe
Description=Added by the <a href="http://virusinfo.prevx.com/pxparall.asp?PX5=445f40dc8020b7bd3944009b94fe1c00794bf1e5" target="_blank">BACKDOOR.GEN</a> TROJAN!
Source=Paul Collins Startup list

[UPERVGAS]
Number=11473
Confirmed=?
Filename=UPERVGAS.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Upgrade Sarvice]
Number=11474
Confirmed=X
Filename=sxchost.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojtofgeri.html" target=_blank>TOFGER-I</a> TROJAN!
Source=Paul Collins Startup list

[Upgrade Service]
Number=11475
Confirmed=X
Filename=sxchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtofgeri.html" target=_blank>TOFGER-I</a> TROJAN!
Source=Paul Collins Startup list

[Upgrade Service]
Number=11476
Confirmed=X
Filename=winupd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtofgeru.html" target=_blank>TOFGER-U</a> TROJAN!
Source=Paul Collins Startup list

[upme]
Number=11477
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-011415-4521-99" target=_blank>MUGLY.F</a> WORM!
Source=Paul Collins Startup list

[Upme]
Number=11478
Confirmed=X
Filename=DLLMAN.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MUGLY.I" target="_blank">MUGLY.I</a> WORM!
Source=Paul Collins Startup list

[upnp]
Number=11479
Confirmed=X
Filename=upnp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadryt.html" target="_blank">DLOADR-YT</a> WORM!
Source=Paul Collins Startup list

[UPnP Manager]
Number=11480
Confirmed=X
Filename=upnpman.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT</a>  WORM!
Source=Paul Collins Startup list

[UPNPService]
Number=11481
Confirmed=X
Filename=WinSVCservice.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.UN" target="_blank">AGOBOT.UN</a> WORM!
Source=Paul Collins Startup list

[Upromise0]
Number=11482
Confirmed=U
Filename=Upromise0.exe
Description=<a href="http://www.upromise.com/8298.4.1.do" target=_blank>Upromise</a> college savings program
Source=Paul Collins Startup list

[UpromiseRemindU]
Number=11483
Confirmed=U
Filename=wjview ...Code
Description=Part of the <a href="http://www.upromise.com/" target="_blank">Upromise</a> saving scheme but associated with <a href="http://www.pestpatrol.com/zks/pestinfo/e/ebates_moneymaker.asp" target="_blank">Ebates MoneyMaker</a> adware so the choice is yours
Source=Paul Collins Startup list

[UPS]
Number=11484
Confirmed=Y
Filename=ups.exe
Description=PowerChute v5.02 - UPS Monitoring Module (which loads iconclnt - the tray icon)
Source=Paul Collins Startup list

[UPS]
Number=11485
Confirmed=X
Filename=UPS32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061912-4346-99" target=_blank>FEMOT.O</a> WORM!
Source=Paul Collins Startup list

[UPSentry 2000]
Number=11486
Confirmed=Y
Filename=upsd.exe
Description=Used with Belkin UPS (Uninterruptable Power Supply) for support in the event of a power-loss
Source=Paul Collins Startup list

[UPSlim]
Number=11487
Confirmed=Y
Filename=upsd.exe
Description=Used with Belkin UPS (Uninterruptable Power Supply) for support in the event of a power-loss
Source=Paul Collins Startup list

[UPSMON]
Number=11488
Confirmed=U
Filename=UPSMON.exe
Description=<a href="http://www.powercom-ups.com/products/software/upsmon.htm" target=_blank>UPSMON</a> Power Management software
Source=Paul Collins Startup list

[UPSUtl]
Number=11489
Confirmed=X
Filename=web.exe
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list

[Uptimer4]
Number=11490
Confirmed=U
Filename=Uptimer4.exe
Description=Uptimer4 is an appbar which displays time, date, uptime, free ram, free pagefile, cpu usage, disk free space, battery power, IP addresses, TCP throughput, list of running processes, netstat and several more things
Source=Paul Collins Startup list

[UpTimes service]
Number=11491
Confirmed=X
Filename=WinUp.exe
Description=Added by the  <a href="http://www.sophos.com/virusinfo/analyses/w32rbotakb.html" target=_blank>RBOT-AKB</a> WORM!
Source=Paul Collins Startup list

[UpToDate]
Number=11492
Confirmed=X
Filename=uptodate.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrowserAid&threatid=3342" target="_blank">BrowserAid/BrowserPal</a> foistware
Source=Paul Collins Startup list

[upxdn]
Number=11493
Confirmed=X
Filename=upxdn.exe
Description=Added by the <a href="http://www.eset.eu/buxus/generate_page.php?page_id=15567" target="_blank">AGENT.NCC</a> TROJAN!
Source=Paul Collins Startup list

[upxdnd]
Number=11494
Confirmed=X
Filename=upxdnd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojjda.html" target="_blank">JD-A</a> TROJAN!
Source=Paul Collins Startup list

[upyxo]
Number=11495
Confirmed=X
Filename=yujixit.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BIX&VSect=P" target=_blank>SDBOT.BIX</a> WORM!
Source=Paul Collins Startup list

[UrlLstCk]
Number=11496
Confirmed=Y
Filename=UrlLstCk.exe
Description=Part of Norton Internet Security. From Symantec - "UrlLstCk.exe is a necessary file that will be present in C:\Program Files\Norton Internet Security. It is a URL Checklist. It should not be disabled"
Source=Paul Collins Startup list

[URLMAP]
Number=11497
Confirmed=N
Filename=Urlmap.exe
Description=Installed by MS Money, and runs whenever you start IE. All it does is bring up an annoying sidebar (kind of like the search window) with 'financial links' when the web page supports it
Source=Paul Collins Startup list

[UrtSvcExe]
Number=11498
Confirmed=Y
Filename=Urt95Svc.exe
Description="Cisco Secure URT is a virtual LAN (VLAN) assignment service that enhances LAN security by actively identifying and authenticating users and then associating them only to their specific network services and resources"
Source=Paul Collins Startup list

[Usb]
Number=11499
Confirmed=?
Filename=Usb.exe
Description=<font color="#FF0000">HP related - not sure whether it's required</font>
Source=Paul Collins Startup list

[usb]
Number=11500
Confirmed=X
Filename=SASS.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfunstaa.html" target=_blank>FUNSTA-A</a> TROJAN!
Source=Paul Collins Startup list

[USB 2.0 Driver]
Number=11501
Confirmed=X
Filename=updateXPSPC.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotrj.html" target=_blank>AGOBOT-RJ</a> WORM!
Source=Paul Collins Startup list

[USB 2.0 Driver]
Number=11502
Confirmed=X
Filename=Winsys32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotqm.html" target=_blank>AGOBOT-QM</a> WORM!
Source=Paul Collins Startup list

[USB 2.0 Driver]
Number=11503
Confirmed=X
Filename=updateXP.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotqp.html" target= blank>AGOBOT-QP</a> WORM!
Source=Paul Collins Startup list

[USB 2.0 Driver]
Number=11504
Confirmed=X
Filename=winsystem.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotqs.html" target= blank>AGOBOT-QS</a> WORM!
Source=Paul Collins Startup list

[USB 2.1 Driver]
Number=11505
Confirmed=X
Filename=winupdate1.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!

Source=Paul Collins Startup list

[USB controller]
Number=11506
Confirmed=X
Filename=Svcmm32.exe
Description=SvcMM backdoor parasite downloader

Source=Paul Collins Startup list

[USB Device]
Number=11507
Confirmed=X
Filename=servicelog.exe
Description=Added by the <a href="http://www.trendmicro.co.jp/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.CB" target=_blank>WOOTBOT.CB</a> WORM!
Source=Paul Collins Startup list

[USB Device]
Number=11508
Confirmed=X
Filename=win32usb.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbq.html" target=_blank>FORBOT-BQ</a> WORM!

Source=Paul Collins Startup list

[USB Driver4]
Number=11509
Confirmed=X
Filename=UpdateXP*.exe [* = random digit]
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[USB Drivers1]
Number=11510
Confirmed=X
Filename=msupdate.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[USB Driverz2]
Number=11511
Confirmed=X
Filename=msnplus1.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxq.html" target= blank>SDBOT-XQ</a> WORM!
Source=Paul Collins Startup list

[USB Fix 1.1]
Number=11512
Confirmed=X
Filename=wuservices.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[USB Fixes]
Number=11513
Confirmed=X
Filename=wuafix.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabv.html" target= blank>RBOT-ABV</a> TROJAN!
Source=Paul Collins Startup list

[USB Hardware Monitoring]
Number=11514
Confirmed=X
Filename=USBhardware.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotnn.html" target=_blank>RBOT-NN</a> WORM!

Source=Paul Collins Startup list

[USB Hardware326 Monitoring]
Number=11515
Confirmed=Y
Filename=USBhardware326.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[USB Hardware32c Monitoring]
Number=11516
Confirmed=X
Filename=USBHARDWARE32C.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotuu.html" target=_blank>RBOT-UU</a> WORM!
Source=Paul Collins Startup list

[USB Host Service]
Number=11517
Confirmed=X
Filename=usbsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgg.html" target="_blank">RBOT-GG</a> WORM!
Source=Paul Collins Startup list

[USB Hub Keyboard Patch]
Number=11518
Confirmed=?
Filename=SKBPATCH.EXE
Description=USB HUB Update
Source=Paul Collins Startup list

[USB SECURITY DEVICE CoInstaller]
Number=11519
Confirmed=Y
Filename=JupitCo.exe
Description=<a href="http://www.butterflymedia.com/USBFlashDriveManual/ButterflyFlashDriveManual.htm" target=_blank>ButterflyMedia</a> USB Flash drive related - required for the password security feature to work

Source=Paul Collins Startup list

[USB Updates]
Number=11520
Confirmed=X
Filename=mservices.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[USB Updates]
Number=11521
Confirmed=X
Filename=msfirewalls.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[USB Updates 2]
Number=11522
Confirmed=X
Filename=wugfixx.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[USB2Check]
Number=11523
Confirmed=N
Filename=PCLECoInst.dll
Description=Related to <a href="http://www.pinnaclesys.com/" target=_blank>Pinnacle Systems Inc</a>. CoInstaller - you can execute the USB2.0 interface check program (Usb2Check.exe file) to check if your system is a USB2.0 enabled system
Source=Paul Collins Startup list

[USBConfigration2]
Number=11524
Confirmed=X
Filename=wmmndir.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotsv.html" target=_blank>AGOBOT-SV</a> WORM!
Source=Paul Collins Startup list

[UsbD]
Number=11525
Confirmed=X
Filename=smss32.exe
Description=Adware downloader - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan-Proxy.Win32.Agent.cj
Source=Paul Collins Startup list

[UsbD]
Number=11526
Confirmed=X
Filename=svhost32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.IB" target="_blank">AGENT.IB</a> TROJAN!
Source=Paul Collins Startup list

[Usbd]
Number=11527
Confirmed=X
Filename=usb_d.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcidraa.html" target=_blank>CIDRA-A</a> TROJAN!
Source=Paul Collins Startup list

[UsbD]
Number=11528
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcidraf.html" target=_blank>CIDRA-F</a> TROJAN!
Source=Paul Collins Startup list

[USBDetector]
Number=11529
Confirmed=U
Filename=USBDetector.exe
Description=USBDetector sets up an icon in the System Tray for a USB card which is intended to be used to eject or unplug hardware
Source=Paul Collins Startup list

[USBDetector]
Number=11530
Confirmed=U
Filename=UDetect.exe
Description=USB tray icon/detection for external Belkin (and maybe other makes) under Win98
Source=Paul Collins Startup list

[USBDrives]
Number=11531
Confirmed=X
Filename=msfirewalI.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabp.html" target= blank>RBOT-ABP</a> WORM!
Source=Paul Collins Startup list

[usbdrv]
Number=11532
Confirmed=X
Filename=servicetask.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[USBHWDRV]
Number=11533
Confirmed=X
Filename=gam.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojlowzonei.html" target= blank>LOWZONE-I</a> TROJAN!
Source=Paul Collins Startup list

[USBHWDRV]
Number=11534
Confirmed=X
Filename=msdc.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojlowzonei.html" target= blank>LOWZONE-I</a> TROJAN!
Source=Paul Collins Startup list

[USBHWDRV]
Number=11535
Confirmed=X
Filename=sst4.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojlowzonei.html" target= blank>LOWZONE-I</a> TROJAN!
Source=Paul Collins Startup list

[USBHWINFO]
Number=11536
Confirmed=X
Filename=mac.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlowzonei.html" target= blank>LOWZONE-I</a> TROJAN!
Source=Paul Collins Startup list

[USBHWINFO]
Number=11537
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlowzonei.html" target= blank>LOWZONE-I</a> TROJAN!
Source=Paul Collins Startup list

[USBHWINFO]
Number=11538
Confirmed=X
Filename=sst6.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlowzonei.html" target= blank>LOWZONE-I</a> TROJAN!
Source=Paul Collins Startup list

[USBMMKBD]
Number=11539
Confirmed=U
Filename=usbmmkbd.exe
Description=USB multimedia keyboard for HP systems. Allows the use of special function keys on USB keyboards. The latest version no longer pings a server when on-line wheras the older version did but did not transmit any user information
Source=Paul Collins Startup list

[USBMonit.exe]
Number=11540
Confirmed=U
Filename=USBMonit.exe
Description=Monitors USB ports for insertion of Sandisk USB flashdrives
Source=Paul Collins Startup list

[usbn]
Number=11541
Confirmed=X
Filename=usbn.exe
Description=Adult content dialer - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan-Downloader.Win32.Small.afa
Source=Paul Collins Startup list

[usbn]
Number=11542
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojhogilc.html" target=_blank>HOGIL-C</a> TROJAN!
Source=Paul Collins Startup list

[USBPNP]
Number=11543
Confirmed=Y
Filename=USBPNP.exe
Description=SiPix digital camera Twain USB driver
Source=Paul Collins Startup list

[USBTA]
Number=11544
Confirmed=N
Filename=usbtapnp.exe
Description=System Tray access for the <a href="http://www.bewan.com/bewan/products/isdn/gazel128usb.php" target="_blank">BeWAN Gazel 128 USB</a> ISDN adapter
Source=Paul Collins Startup list

[USBToolTip]
Number=11545
Confirmed=?
Filename=USBTip.exe
Description=Related to <a href="http://www.pinnaclesys.com/" target=_blank>Pinnacle Systems Inc</a>. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[useful-soft]
Number=11546
Confirmed=X
Filename=svchst.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpahh.html" target="_blank">STARTPA-HH</a> TROJAN!
Source=Paul Collins Startup list

[user]
Number=11547
Confirmed=X
Filename=user32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030215-5059-99" target=_blank>BINGHE</a> TROJAN!
Source=Paul Collins Startup list

[User Logger]
Number=11548
Confirmed=U
Filename=UsrLog.exe
Description=<a href="http://sarc.com/avcenter/venc/data/spyware.userlogger.html" target="_blank">UserLogger</a> is a commercial surveillance software program. It logs keystrokes, programs used and computer ID information. It also captures screenshots, can hide its presence on the computer and can be disguised in the Windows Task list
Source=Paul Collins Startup list

[User Manager]
Number=11549
Confirmed=X
Filename=fcllls.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzagabanb.html" target= blank>ZAGABAN-B</a> TROJAN!
Source=Paul Collins Startup list

[User Services]
Number=11550
Confirmed=X
Filename=usersvc.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-092315-0645-99" target="_blank">REVCUSS.A</a> TROJAN!
Source=Paul Collins Startup list

[User23.exe]
Number=11551
Confirmed=X
Filename=DIAL.exe
Description=This is a trojan trying to disguise itself as User32.dll
Source=Paul Collins Startup list

[User32]
Number=11552
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-011310-3331-99" target="_blank">NETTRASH</a> TROJAN!
Source=Paul Collins Startup list

[UserFaultCheck]
Number=11553
Confirmed=N
Filename=dumprep 0 -u
Description=Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out
Source=Paul Collins Startup list

[Userinit]
Number=11554
Confirmed=X
Filename=lsass.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadertp.html" target=_blank>DLOADER-TP</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Program Files\Common Files folder
Source=Paul Collins Startup list

[userinit]
Number=11555
Confirmed=X
Filename=winlogon.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadertp.html" target=_blank>DLOADER-TP</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target=_blank>winlogon.exe</a> process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder
Source=Paul Collins Startup list

[Userinit]
Number=11556
Confirmed=X
Filename=lsass.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojvirana.html" target=_blank>VIRAN-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Program Files\Common Files\System folder
Source=Paul Collins Startup list

[userinit]
Number=11557
Confirmed=X
Filename=smss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadrb.html" target=_blank>DLOADR-B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This trojan file is found in the Windows or Winnt folder
Source=Paul Collins Startup list

[userinit]
Number=11558
Confirmed=X
Filename=choo_003956f4
Description=Added by the <a href="http://kr.ahnlab.com/SecuInfoVirusViewEngNew3.ahn?SEQ_NO=7344" target="_blank">PEED.16896</a> TROJAN!
Source=Paul Collins Startup list

[userinit]
Number=11559
Confirmed=X
Filename=ntos.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentecu.html" target="_blank">AGENT-ECU</a> TROJAN!
Source=Paul Collins Startup list

[UserInit StartUp]
Number=11560
Confirmed=X
Filename=rpcxuisu.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[userint32]
Number=11561
Confirmed=X
Filename=userint32.exe
Description=Added by an unidentified TROJAN via an Instant Message that says, "This was cool, check it out here." Also contains Aurora popups
Source=Paul Collins Startup list

[USERINTERFACE REPORT3R]
Number=11562
Confirmed=X
Filename=M0USE.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.HS" target="_blank">MYTOB.HS</a> WORM!
Source=Paul Collins Startup list

[Userinterface Reporter]
Number=11563
Confirmed=X
Filename=fuuuucktttttt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobdk.html" target=_blank>MYTOB-DK</a> WORM!
Source=Paul Collins Startup list

[Userinterface Reporter]
Number=11564
Confirmed=X
Filename=srv32.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091913-2632-99" target="_blank">ISTBar</a> adware
Source=Paul Collins Startup list

[UserSystem]
Number=11565
Confirmed=X
Filename=[filename]
Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#smartsearch" target=_blank>Smartsearch</a> parasite variant. Also detected as the <a href=" http://www.sophos.com/virusinfo/analyses/trojsearcha.html" target= blank>SEARCH-A</a> TROJAN!
Source=Paul Collins Startup list

[ushli]
Number=11566
Confirmed=X
Filename=sscbltqu.exe
Description=Obtained from an MP3 search list site. Also generates random processes on reboot
Source=Paul Collins Startup list

[usrgtway.exe]
Number=11567
Confirmed=X
Filename=syswrun4x.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031315-1648-99" target="_blank">MITGLIEDER.E</a> TROJAN!
Source=Paul Collins Startup list

[USRobotics 802.11g Wireless Network Utility]
Number=11568
Confirmed=N
Filename=USRWLANG.exe
Description=USRobotics Wireless Network Utility - used to configure security settings for connecting to WEP encrypted Access Point through the USR Wireless adapter. You must uncheck "Use Windows to configure my wireless settings" for the program to work properly. Has Site Survey capabilities, and reports link quality and signal strength. Not required for proper operation of the device as the features given are accessible in the network connection properties
Source=Paul Collins Startup list

[Usrobotics Online Registration]
Number=11569
Confirmed=N
Filename=??
Description=Pop-up reminding customers to register their products online at US Robotics
Source=Paul Collins Startup list

[USRpdA]
Number=11570
Confirmed=Y
Filename=USRmlnkA.exe
Description=Modem driver files from US Robotics
Source=Paul Collins Startup list

[Usrr]
Number=11571
Confirmed=X
Filename=rncr.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[Usrr]
Number=11572
Confirmed=X
Filename=rpen.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[USRSTA]
Number=11573
Confirmed=?
Filename=USRSTA.exe
Description=Wireless Card controller. <font color="#FF0000"> What does it do and is it required?</font>
Source=Paul Collins Startup list

[USRSTA.EXE]
Number=11574
Confirmed=?
Filename=USRSTA.EXE
Description=Wireless Card controller. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[USSShReg]
Number=11575
Confirmed=N
Filename=USSSHREG.EXE
Description=Registration reminder for Ulead SmartSaver Pro - compacts large graphics for web designers
Source=Paul Collins Startup list

[UStorag]
Number=11576
Confirmed=U
Filename=ustorage.exe
Description=U-Storage is application software running under Microsoft Windows, it provides functions and utility to manage STF flash drive (USB drive) for security, partition, boot-ability and recovery. See <a href="http://www.customusb.com/download/UStorageToolManual-v1.0.pdf" target=_blank>note</a>

Source=Paul Collins Startup list

[Ustorage]
Number=11577
Confirmed=N
Filename=Ustorage.exe
Description=Maintenance tool (enable security functions) for a USB drive from <a href="http://www.pretec.com" target=blank>Pretec</a>
Source=Paul Collins Startup list

[Utility Ping]
Number=11578
Confirmed=?
Filename=UTILIT~1.EXE
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[UtilityPro]
Number=11579
Confirmed=N
Filename=UtilityPro.exe
Description=IE search toolbars as supplied by people such as Yellow Internet and SearchBoss and written by <a href="http://www.buildyourowntoolbar.com/" target="_blank"> Rawhide Search Solutions</a>
Source=Paul Collins Startup list

[UTILsInst]
Number=11580
Confirmed=Y
Filename=N/A
Description=For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out
Source=Paul Collins Startup list

[Utopia Angel]
Number=11581
Confirmed=N
Filename=Angel.exe
Description=Calculator for the online <a href="http://games.swirve.com/utopia/" target="_blank">Utopia</a> game
Source=Paul Collins Startup list

[uvnx]
Number=11582
Confirmed=X
Filename=uvcx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadrawf.html" target="_blank">DLOADR-AWF</a> TROJAN!
Source=Paul Collins Startup list

[uvnx]
Number=11583
Confirmed=X
Filename=uvnx.exe
Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan-Downloader.Win32.Small.cul&threatid=46155" target="_blank">SMALL.CUL</a> TROJAN!
Source=Paul Collins Startup list

[UVS10 Preload]
Number=11584
Confirmed=U
Filename=uvPL.exe
Description=Related to <a href="http://www.ulead.com/vs/" target="_blank">Ulead VideoStudio</a> video editing and DVD authoring software
Source=Paul Collins Startup list

[uwa7pcw]
Number=11585
Confirmed=N
Filename=uwa7pcw.exe
Description=WinAntiVirus Pro 2007 virus software - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[uwyrl]
Number=11586
Confirmed=X
Filename=uwyrl.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-122717-5050-99" target=_blank>PHEL.A</a> TROJAN!
Source=Paul Collins Startup list

[uwyw.exe]
Number=11587
Confirmed=X
Filename=yujixit.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BGB&VSect=P" target=_blank>SDBOT.BGB</a> WORM!
Source=Paul Collins Startup list

[v]
Number=11588
Confirmed=?
Filename=WMPVer.EXE
Description=Dritek System Inc. 3D Mouse related. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list

[V.92 Modem On Hold]
Number=11589
Confirmed=U
Filename=Ltmoh.exe
Description=Modem On Hold utility - manages incoming/outgoing voice calls on a single phone line while being connected to the internet
Source=Paul Collins Startup list

[V0250Mon.exe]
Number=11590
Confirmed=Y
Filename=V0250Mon.exe
Description=Part of Creative Webcam Launcher
Source=Paul Collins Startup list

[V128IID]
Number=11591
Confirmed=Y
Filename=Rundll32.exe v128iitw.dll, STB_InitTweak
Description=Loads drivers for some STB graphics cards such as the STB nVIDIA TNT 16MB. Required if you don't want to experience lock-ups or error messages
Source=Paul Collins Startup list

[V128IITV]
Number=11592
Confirmed=?
Filename=??
Description=Loads drivers for some STB graphics cards. <font color="#FF0000">May be related to such a card with a TV out option?</font>
Source=Paul Collins Startup list

[V66SHELL]
Number=11593
Confirmed=?
Filename=V66SHELL.EXE
Description=<font color="#FF0000">It looks to be part of the display driver set for ASUS V3800, V6600 and V6800 display adapters. Probably a system tray quick access control?</font>
Source=Paul Collins Startup list

[va10key]
Number=11594
Confirmed=U
Filename=va10key.exe
Description=Only required if you use the 10 kay bay unit with a Sony Vaio laptop
Source=Paul Collins Startup list

[VaCtrls]
Number=11595
Confirmed=X
Filename=v7
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Vaganza-XPloit-[User Name]"]
Number=11596
Confirmed=X
Filename=[user name].exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-072109-3404-99" target="_blank">GAVGENT.A</a> WORM!
Source=Paul Collins Startup list

[VAGCtrl]
Number=11597
Confirmed=Y
Filename=VAGCTRL.EXE
Description=<a href="http://www.centralcommand.com/windows_products.html" target="_blank">Vexira Antivirus</a> - virus scanner from Central Command
Source=Paul Collins Startup list

[VAGuard]
Number=11598
Confirmed=Y
Filename=VAGNT.exe
Description=<a href="http://www.centralcommand.com/windows_products.html" target="_blank">Vexira Antivirus</a> - virus scanner from Central Command
Source=Paul Collins Startup list

[VAIO Action Setup (Server)]
Number=11599
Confirmed=U
Filename=VAServ.exe
Description=Sony Vaio utility that auto-launches selected applications when you plug in a digital video camera, digital still camera, etc. via iLink (FireWire) or USB
Source=Paul Collins Startup list

[VAIO Recovery]
Number=11600
Confirmed=U
Filename=PartSeal.exe
Description=System backup for Sony Vaio PCs. Adds a recovery mechanism for users over and above any System Restore features - allowing users to revert a drive back to the state it was when bought form the factory by hitting F10. The user obviously loses any data stored if not backed-up elsewhere
Source=Paul Collins Startup list

[VAIO Update 2]
Number=11601
Confirmed=U
Filename=VAIOUpdt.exe
Description=Related to Sony Vaio Update service. This program is non-essential process to the running of the program, but should not be terminated unless suspected to be causing problems
Source=Paul Collins Startup list

[ValidData]
Number=11602
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-070215-3839-99" target="_blank">RANKY.H</a> TROJAN!
Source=Paul Collins Startup list

[valuename]
Number=11603
Confirmed=X
Filename=svchosts.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[vb6]
Number=11604
Confirmed=X
Filename=vb6.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-011311-0037-99" target=_blank>MUGLY.D</a> WORM!
Source=Paul Collins Startup list

[VBouncer]
Number=11605
Confirmed=X
Filename=VirtualBouncer.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Virtual%20Bouncer&threatid=12432" target="_blank">Virtual Bouncer</a> - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see <a href="http://groups.google.com/group/alt.sports.hockey.nhl.vanc-canucks/msg/dec91d1aa1e0d9dd?hl=en&lr=&ie=UTF-8&oe=UTF-8" target="_blank">here</a>
Source=Paul Collins Startup list

[VbouncerDL]
Number=11606
Confirmed=X
Filename=VbouncerInner****.exe [* = random char]
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Virtual%20Bouncer&threatid=12432" target="_blank">Virtual Bouncer</a> - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see <a href="http://groups.google.com/group/alt.sports.hockey.nhl.vanc-canucks/msg/dec91d1aa1e0d9dd?hl=en&lr=&ie=UTF-8&oe=UTF-8" target="_blank">here</a>
Source=Paul Collins Startup list

[VbouncerDL]
Number=11607
Confirmed=X
Filename=VBouncerInner.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Virtual%20Bouncer&threatid=12432" target="_blank">Virtual Bouncer</a> - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see <a href="http://groups.google.com/group/alt.sports.hockey.nhl.vanc-canucks/msg/dec91d1aa1e0d9dd?hl=en&lr=&ie=UTF-8&oe=UTF-8" target="_blank">here</a>
Source=Paul Collins Startup list

[VBS.Ipnuker@mm]
Number=11608
Confirmed=X
Filename=[worm filename].vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-052514-5831-99" target=_blank>NUKIP</a> WORM!
Source=Paul Collins Startup list

[VBS_AUTO_UPDATE]
Number=11609
Confirmed=X
Filename=0548656X.vbs
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/vbsgormleza.html" target=_blank>GORMLEZ-A</a> WORM!
Source=Paul Collins Startup list

[VBundleOuterDL]
Number=11610
Confirmed=X
Filename=BundleOuter.EXE
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Virtual%20Bouncer&threatid=12432" target="_blank">Virtual Bouncer</a> - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see <a href="http://groups.google.com/group/alt.sports.hockey.nhl.vanc-canucks/msg/dec91d1aa1e0d9dd?hl=en&lr=&ie=UTF-8&oe=UTF-8" target="_blank">here</a>
Source=Paul Collins Startup list

[VB_run]
Number=11611
Confirmed=X
Filename=comctl_32.exe
Description=Dubious downloader from densmail.com
Source=Paul Collins Startup list

[VC5MediaPlayer]
Number=11612
Confirmed=X
Filename=csmss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32dedlerb.html" target=_blank>DEDLER-B</a> WORM!
Source=Paul Collins Startup list

[VC5Play]
Number=11613
Confirmed=N
Filename=VC5Play.exe
Description=<a href="http://www.virtualcd-online.com/" target="_blank">Virtual CD</a> drive emulator - version 5. Available via Start -> Programs
Source=Paul Collins Startup list

[VC6play]
Number=11614
Confirmed=N
Filename=VC6Play.exe
Description=<a href="http://www.virtualcd-online.com/" target="_blank">Virtual CD</a> drive emulator - version 6. Available via Start -> Programs
Source=Paul Collins Startup list

[VC7Play]
Number=11615
Confirmed=N
Filename=VC7Play.exe
Description=<a href="http://www.virtualcd-online.com/" target="_blank">Virtual CD</a> drive emulator - version 7. Available via Start -> Programs
Source=Paul Collins Startup list

[VC7Player]
Number=11616
Confirmed=N
Filename=VC7Play.exe
Description=<a href="http://www.virtualcd-online.com/" target="_blank">Virtual CD</a> drive emulator - version 7. Available via Start -> Programs
Source=Paul Collins Startup list

[VCatch]
Number=11617
Confirmed=X
Filename=Vcatch.exe
Description=CommonSearch Vcatch - "antivirus" software which actually bundles spy/adware itself!
Source=Paul Collins Startup list

[VCatch Premium]
Number=11618
Confirmed=X
Filename=VCatchpre.exe
Description=VCatch antivirus. Considered spyware itself - see <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=57684" target="_blank">here</a>
Source=Paul Collins Startup list

[VCDPlayer]
Number=11619
Confirmed=N
Filename=VCDPlayer.exe
Description=<a href="http://www.virtualcd-online.com/" target="_blank">Virtual CD</a> drive emulator. Available via Start -> Programs
Source=Paul Collins Startup list

[vcdplayx]
Number=11620
Confirmed=N
Filename=vcdplayx.exe
Description=CD emulation part of <a href="http://www.farstone.com/software/gamedrive.htm" target="_blank">GameDrive</a> & <a href="http://www.farstone.com/software/virtualdrive.htm" target="_blank">VirtualDrive</a> from Farstone. Not required as starting these programs load this automatically
Source=Paul Collins Startup list

[VCDTower]
Number=11621
Confirmed=U
Filename=VCDTower.exe
Description=Goldensoft CD Ghost related - turns a computer into a 200X-speed CD-ROM tower. Working from the hard drive, users can simultaneously access as many as 23 virtual CD-ROM drives at a speed of 200X for true multitasking
Source=Paul Collins Startup list

[VCDWATCH]
Number=11622
Confirmed=?
Filename=VCDWATCH.EXE
Description=<font color="#FF0000">Confirmed as Voyetra CD Watcher as it was found in a Compaq/Voyetra/AS2 directory but what does it do?</font>
Source=Paul Collins Startup list

[VCMnet11]
Number=11623
Confirmed=X
Filename=VCMnet11.exe
Description=Windows AFA Internet Enhancement - a browser hijacker, redirecting to adsourcecorp.com. See <a href="http://www.bleepingcomputer.com/forums/topic19277.html" target=_blank>here</a>
Source=Paul Collins Startup list

[VCS Host]
Number=11624
Confirmed=X
Filename=vcshost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfkt.html" target="_blank">RBOT-FKT</a> WORM!
Source=Paul Collins Startup list

[VCSPlayer]
Number=11625
Confirmed=N
Filename=vcsplay.exe
Description=<a href="http://www.virtualcd-online.com/" target="_blank">Virtual CD</a> drive emulator. Available via Start -> Programs
Source=Paul Collins Startup list

[VCXD Settings]
Number=11626
Confirmed=X
Filename=phqg.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BRF&VSect=P" target=_blank>RBOT.BRF</a> WORM!
Source=Paul Collins Startup list

[VC_Log]
Number=11627
Confirmed=U
Filename=keylog.exe
Description=<a href="http://sarc.com/avcenter/venc/data/spyware.paqkeylog.html" target="_blank">PaqKeylog</a> is a surveillance software program that logs keystrokes and can run in stealth mode. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list

[Vdat Update]
Number=11628
Confirmed=X
Filename=lalaa.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[VDI Manager (HP)]
Number=11629
Confirmed=?
Filename=HPO0VDX05.exe
Description=<font color="#FF0000">HP (Hewlett-Packard) related. Now - what does it do?</font>
Source=Paul Collins Startup list

[vdtask]
Number=11630
Confirmed=N
Filename=vdtask.exe
Description=Program part of <a href="http://www.farstone.com/software/gamedrive.htm" target="_blank">GameDrive</a> & <a href="http://www.farstone.com/software/virtualdrive.htm" target="_blank">VirtualDrive</a> from Farstone. Not required as starting these programs load this automatically
Source=Paul Collins Startup list

[Vegas Palms - Launcher]
Number=11631
Confirmed=N
Filename=Launcher.exe
Description=<a href="http://www.vegaspalms.com/" target="_blank">Vegas Palms</a> on-line cassino
Source=Paul Collins Startup list

[veja_fotos.exe]
Number=11632
Confirmed=X
Filename=veja_fotos.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmdropf.html" target="_blank">MDROP-F</a> TROJAN!
Source=Paul Collins Startup list

[VERBATIM STORE 'N' G]
Number=11633
Confirmed=U
Filename=verbatim store 'n' go.exe
Description=Loads the driver for the <a href="http://www.verbatim.com/FOSE/" target="_blank">Verbatim</a> Store'n'Go PRO USB Flash Drive - reportedly required only on systems running Windows 98 and Millennium
Source=Paul Collins Startup list

[Verif]
Number=11634
Confirmed=X
Filename=vxst.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NOPIR.B" target="_blank">NOPIR.B</a> WORM!
Source=Paul Collins Startup list

[Verizon Control Pad]
Number=11635
Confirmed=N
Filename=cpad.exe
Description=<a href="http://www.verizon.net/pands/dsl/benefits/controlpad.asp" target="_blank">Control Pad</a> - installed with Verizon DSL accounts. Tool designed to streamline the online experience
Source=Paul Collins Startup list

[Verizon Online Support Center]
Number=11636
Confirmed=U
Filename=matcli.exe
Description=&quot;matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file&quot;. Verizon Online Support Center is required to run with the Help and Support program. If you uncheck Verizon Online Support Center and and then run help and Support it will add another Verizon Online Support Center in the startup menu. If you remove the Verizon Online Support Center in the add/remove program some help menus in help and support will not be available. You decide
Source=Paul Collins Startup list

[VerizonServicepoint.exe]
Number=11637
Confirmed=U
Filename=VerizonServicepoint.exe
Description=Part of <a href="http://www22.verizon.com/" target="_blank">Verizon</a> Online Support Manager
Source=Paul Collins Startup list

[vern16.dll]
Number=11638
Confirmed=X
Filename=regsvr32.exe [path] vernn16.dll
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=DailyWinner&threatid=4143" target=_blank>DailyWinner</a> adware
Source=Paul Collins Startup list

[versato]
Number=11639
Confirmed=U
Filename=versato.exe
Description="Hot" button (such as volume and browser control) management and a CD player as supplied with QTronix (as possibly <a href="http://www.mic-innovations.com/display.cfm?id=Keyboards" target="_blank">Micro Innovations</a>) keyboards
Source=Paul Collins Startup list

[Version]
Number=11640
Confirmed=X
Filename=Version.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-011620-4533-99" target="_blank">JRAUN</a> adware variant
Source=Paul Collins Startup list

[Version]
Number=11641
Confirmed=X
Filename=manage.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-011620-4533-99" target="_blank">JRAUN</a> adware variant
Source=Paul Collins Startup list

[version]
Number=11642
Confirmed=X
Filename=adl_dh.exe
Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.dealhelper.html" target=_blank>DealHelper</a> adware related
Source=Paul Collins Startup list

[Vet Alert]
Number=11643
Confirmed=Y
Filename=vetmsg9x.exe
Description=Computer Associates &quot;InnoculateIT&quot; and <a href="http://www.vet.com.au/" target="_blank">Vet Anti-Virus</a> virus software
Source=Paul Collins Startup list

[Vet Alert]
Number=11644
Confirmed=Y
Filename=VETMSG.EXE
Description=Computer Associates <a href="http://www.vet.com.au/" target= blank>Vet</a> Anti-Virus software
Source=Paul Collins Startup list

[Vet Start Up]
Number=11645
Confirmed=Y
Filename=vet98.exe
Description=Computer Associates &quot;InnoculateIT&quot;&nbsp; and <a href="http://www.vet.com.au/" target="_blank">Vet Anti-Virus</a> virus software. This option will slow down your system, if set too aggressively. There is no need to scan every file when opened, closed, etc. Check in InoculateIT PE options
Source=Paul Collins Startup list

[Vet Start Up]
Number=11646
Confirmed=Y
Filename=vet32.exe
Description=Computer Associates &quot;InnoculateIT&quot;&nbsp; and <a href="http://www.vet.com.au/" target="_blank">Vet Anti-Virus</a> virus software. This option will slow down your system, if set too aggressively. There is no need to scan every file when opened, closed, etc. Check in InoculateIT PE options
Source=Paul Collins Startup list

[VetTray]
Number=11647
Confirmed=U
Filename=vettray.exe
Description=Computer Associates &quot;InnoculateIT&quot;&nbsp; and <a href="http://www.vet.com.au/" target="_blank">Vet Anti-Virus</a> virus software. System Tray quicklaunch access, not really necessary but only occupies 36k resources
Source=Paul Collins Startup list

[VFW Encoder/Decoder Settings]
Number=11648
Confirmed=X
Filename=RUNDLL32.exe MSSIGN30.DLL ondll_reg
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lovgatew.html" target=_blank>LOVGATE-W</a> WORM!
Source=Paul Collins Startup list

[VGA Startup]
Number=11649
Confirmed=X
Filename=vgacard.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[VgaDriver]
Number=11650
Confirmed=X
Filename=RsrVga32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkeylogah.html" target= blank>KEYLOG-AH</a> TROJAN!
Source=Paul Collins Startup list

[VGATune]
Number=11651
Confirmed=X
Filename=VGATune.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawm.html" target=_blank>RBOT-AWM</a> WORM!
Source=Paul Collins Startup list

[VGAUtil]
Number=11652
Confirmed=U
Filename=G-VGA.exe
Description=Gigabyte VGA Utility - access card options (application needs to be run at startup, but is not system critical)
Source=Paul Collins Startup list

[vid32cntl]
Number=11653
Confirmed=X
Filename=vid32cntl.Exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list

[vidcntl]
Number=11654
Confirmed=X
Filename=vidcntl.Exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list

[Vidcompat]
Number=11655
Confirmed=X
Filename=Vidcompat.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list

[vidctrl]
Number=11656
Confirmed=X
Filename=vidctrl.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-050515-5939-99" target= blank>Delfin Promulgate</a> adware variant
Source=Paul Collins Startup list

[Video]
Number=11657
Confirmed=X
Filename=explored.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031709-5106-99" target="_blank">GAOBOT.RF</a> WORM!
Source=Paul Collins Startup list

[Video]
Number=11658
Confirmed=X
Filename=winamp32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotng.html" target=_blank>AGOBOT-NG</a> WORM!

Source=Paul Collins Startup list

[Video Card Driver (do not remove)]
Number=11659
Confirmed=X
Filename=tsasi.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotef.html" target=_blank>SPYBOT-EF</a> WORM!
Source=Paul Collins Startup list

[Video Lan Player]
Number=11660
Confirmed=X
Filename=VideoLanPlayer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmy.html" target=_blank>RBOT-MY</a> WORM!

Source=Paul Collins Startup list

[Video Manager]
Number=11661
Confirmed=X
Filename=videomgr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090117-1327-99" target="_blank">PANDEM.C</a> WORM!
Source=Paul Collins Startup list

[Video Multimedia Driver]
Number=11662
Confirmed=X
Filename=ndrives32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotdk.html" target="_blank">RBOT-DK</a> WORM!
Source=Paul Collins Startup list

[Video Proces]
Number=11663
Confirmed=X
Filename=winaps.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.HD&VSect=T" target=_blank>AGOBOT.HD</a> WORM!
Source=Paul Collins Startup list

[Video Process]
Number=11664
Confirmed=X
Filename=sysconf.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031915-3501-99" target="_blank">GAOBOT.GEN!POLY</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040215-3615-99" target="_blank">GAOBOT.UM</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042412-3100-99" target="_blank">GAOBOT.ADX</a> WORMS!
Source=Paul Collins Startup list

[Video Process]
Number=11665
Confirmed=X
Filename=MS32x16.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.RH" target="_blank">RBOT.RH</a> WORM!
Source=Paul Collins Startup list

[Video Process]
Number=11666
Confirmed=X
Filename=netsvcs.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.LH" target="_blank">AGOBOT.LH</a> WORM!
Source=Paul Collins Startup list

[Video Process]
Number=11667
Confirmed=X
Filename=MSlti64.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.UE" target=_blank>AGOBOT.UE</a> WORM!

Source=Paul Collins Startup list

[Video Process]
Number=11668
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlm.html" target=_blank>RBOT-LM</a> WORM!
Source=Paul Collins Startup list

[Video Process]
Number=11669
Confirmed=X
Filename=winasp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotis.html" target=_blank>AGOBOT-IS</a> WORM!
Source=Paul Collins Startup list

[Video Process]
Number=11670
Confirmed=X
Filename=msn5.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobottw.html" target=_blank>AGOBOT-TW</a> WORM!
Source=Paul Collins Startup list

[Video Process]
Number=11671
Confirmed=X
Filename=MStli32s.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgad.html" target="_blank">RBOT-GAD</a> WORM!
Source=Paul Collins Startup list

[Video Services]
Number=11672
Confirmed=X
Filename=explore.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-051915-5730-99" target="_blank">GAOBOT.GL</a> WORM!
Source=Paul Collins Startup list

[Video Services]
Number=11673
Confirmed=X
Filename=videol_32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotdm.html" target="_blank">AGOBOT-DM</a> WORM!
Source=Paul Collins Startup list

[Video Services]
Number=11674
Confirmed=X
Filename=sys32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.PS" target=_blank>AGOBOT.PS</a> WORM!

Source=Paul Collins Startup list

[Videocntl]
Number=11675
Confirmed=X
Filename=Videocntl.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=40493" target=_blank>GEMA.D</a> TROJAN!
Source=Paul Collins Startup list

[VideoDriver]
Number=11676
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_GSPOT20.A" target="_blank">GSPOT20.A</a> TROJAN!

Source=Paul Collins Startup list

[VideoDriver]
Number=11677
Confirmed=X
Filename=videodrv.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080109-2046-99" target="_blank">MIMAIL.A</a> WORM!
Source=Paul Collins Startup list

[VideoDriver]
Number=11678
Confirmed=X
Filename=gspotbot.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100811-5423-99" target="_blank">SPIGOT.C</a> TROJAN!
Source=Paul Collins Startup list

[Videool32]
Number=11679
Confirmed=X
Filename=VIDEOL32.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.EC" target="_blank">AGOBOT.EC</a> WORM!
Source=Paul Collins Startup list

[videoporno.exe]
Number=11680
Confirmed=X
Filename=videoporno.exe
Description=Premium rate adult content dialer
Source=Paul Collins Startup list

[Videora]
Number=11681
Confirmed=Y
Filename=Videora.exe
Description=<a href="http://www.videora.com/" target=_blank>Video Holding</a> personal video downloading program

Source=Paul Collins Startup list

[vidmon]
Number=11682
Confirmed=X
Filename=VIDMON.EXE
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076775" target="_blank">Delfin Media Viewer</a> adware related
Source=Paul Collins Startup list

[VidSvr]
Number=11683
Confirmed=N
Filename=vidsvr.exe
Description=MS WebTV for Windows Channel Guide. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it
Source=Paul Collins Startup list

[vietato.exe]
Number=11684
Confirmed=X
Filename=vietato.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[VIEW POINT DRIVERS]
Number=11685
Confirmed=X
Filename=phqghum.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BRX&VSect=T" target=_blank>RBOT.BRX</a> WORM!
Source=Paul Collins Startup list

[VIEW POINT DRIVERS FOR WIN32]
Number=11686
Confirmed=X
Filename=phqghu.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[ViewMgr]
Number=11687
Confirmed=N
Filename=ViewMgr.exe
Description=<a href="http://www.xblock.com/product_show.php?id=880" target=_blank>Viewpoint Manager</a> - automatic updates for ViewPoint products such as ViewPoint Media Player (as bundled with AOL, AOL Instant Messenger, Compuserve, etc). Can be run manually via Start -> Settings -> Control Panel by enabling auto-updates temporarily, re-booting and then disabling again. Not recommended as Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This may change in 2006 - read this <a href="http://www.clickz.com/showPage.html?page=3561546" target=_blank>article</a>
Source=Paul Collins Startup list

[ViewpointPhotosDeviceConnect]
Number=11688
Confirmed=U
Filename=FotomatDeviceConnect.exe
Description=Related to Viewpoint which is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 according to <a href="http://www.clickz.com/showPage.html?page=3561546" target="_blank">this</a> article. You can remove it via Start -> Settings -> Control Panel -> Add/Remove Programs list...
Source=Paul Collins Startup list

[Vinny]
Number=11689
Confirmed=?
Filename=??
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Virt.exe]
Number=11690
Confirmed=X
Filename=Virt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojremadmc.html" target=_blank>REMADM-C</a> TROJAN!

Source=Paul Collins Startup list

[VirtuaGirl]
Number=11691
Confirmed=U
Filename=Vg.exe
Description=VirtuaGirl is a shareware program featuring scantily dressed girls on your desktop. They say hi in the morning, remind you of your appointments and dance for you on request...
Source=Paul Collins Startup list

[VirtuaGirl2]
Number=11692
Confirmed=U
Filename=VirtuaGirl2
Description=VirtuaGirl is a shareware program featuring scantily dressed girls on your desktop. They say hi in the morning, remind you of your appointments and dance for you on request...
Source=Paul Collins Startup list

[virtual]
Number=11693
Confirmed=X
Filename=winit.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120209-3515-99" target=_blank>MUGLY.A</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120115-2618-99" target=_blank>MUGLY.B</a> WORMS!
Source=Paul Collins Startup list

[virtual]
Number=11694
Confirmed=X
Filename=winprotect.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-121716-1922-99" target=_blank>MUGLY.C</a> WORM!
Source=Paul Collins Startup list

[virtual]
Number=11695
Confirmed=X
Filename=wini.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyx.html" target= blank>RBOT-YX</a> WORM!
Source=Paul Collins Startup list

[Virtual Access Scheduler]
Number=11696
Confirmed=U
Filename=VASCHD32.EXE
Description=The scheduler for mail and usenet tool
Source=Paul Collins Startup list

[Virtual Bouncer]
Number=11697
Confirmed=X
Filename=VirtualBouncer.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Virtual%20Bouncer&threatid=12432" target="_blank">Virtual Bouncer</a> - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see <a href="http://groups.google.com/group/alt.sports.hockey.nhl.vanc-canucks/msg/dec91d1aa1e0d9dd?hl=en&lr=&ie=UTF-8&oe=UTF-8" target="_blank">here</a>
Source=Paul Collins Startup list

[Virtual CD v6]
Number=11698
Confirmed=X
Filename=grplscd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxv.html" target=_blank>RBOT-AXV</a> WORM!
Source=Paul Collins Startup list

[Virtual CD v6]
Number=11699
Confirmed=X
Filename=[random].exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotazv.html" target=_blank>RBOT-AZV</a> WORM!
Source=Paul Collins Startup list

[Virtual CDROM]
Number=11700
Confirmed=X
Filename=deamon.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.VP" target="_blank">RBOT.VP</a> WORM!
Source=Paul Collins Startup list

[Virtual Protocol]
Number=11701
Confirmed=X
Filename=vr32.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[virtual-ie]
Number=11702
Confirmed=X
Filename=winlogi.exe
Description=Malware - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan-Dropper.Win32.WinAD.h
Source=Paul Collins Startup list

[virtual-machine]
Number=11703
Confirmed=X
Filename=svchosts.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotus.html" target=_blank>RBOT-US</a> WORM!
Source=Paul Collins Startup list

[virtual-machine]
Number=11704
Confirmed=X
Filename=winlogin.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotvu.html" target= blank>RBOT-VU</a> WORM!
Source=Paul Collins Startup list

[virtual-machine]
Number=11705
Confirmed=X
Filename=wini.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotwr.html" target=_blank>RBOT-WR</a> WORM!
Source=Paul Collins Startup list

[VirtualCloneDrive]
Number=11706
Confirmed=N
Filename=VCDDaemon.exe
Description=Virtual Clone Drive, part of <a href="http://www.elby.ch/products/clone_cd/" target="_blank">CloneCD</a> CD/DVD copying sofware. Discontinued
Source=Paul Collins Startup list

[VirtualDrive]
Number=11707
Confirmed=N
Filename=VDTask.exe
Description=<a href="http://www.farstone.com/software/virtualdrive.htm" target="_blank">VirtualDrive</a> from Farstone - virtual CD drive emulator. Available via Start -> Programs
Source=Paul Collins Startup list

[VirtuaReminder]
Number=11708
Confirmed=U
Filename=VirtuaReminder.exe
Description=<a href="http://www.download.com/VirtuaReminder/3000-2124_4-10153524.html" target="_blank">VirtuaReminder</a> is a tool allowing the user to create reminders for such things as important appointments, birthdays, etc
Source=Paul Collins Startup list

[Virtuele Katja]
Number=11709
Confirmed=U
Filename=VKatja.exe
Description=<a href="http://www.katja-schuurman.com/" target= blank>Virtuele Katja</a> - have an attractive moviestar parade on your Desktop and help you search the Dutch <a href="http://www.goudengids.nl/" target= blank>"Gouden Gids"</a> business directory too...
Source=Paul Collins Startup list

[Virus]
Number=11710
Confirmed=X
Filename=Anti.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=42185" target= blank>SEENBOT.O</a> WORM!
Source=Paul Collins Startup list

[Virus Protect]
Number=11711
Confirmed=X
Filename=vrsprtc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotapr.html" target=_blank>RBOT-APR</a> WORM!
Source=Paul Collins Startup list

[Virus Removal Tool]
Number=11712
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtometab.html" target=_blank>TOMETA-B</a> TROJAN!
Source=Paul Collins Startup list

[Virus Scan]
Number=11713
Confirmed=X
Filename=virscana.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[Virus-Burst]
Number=11714
Confirmed=N
Filename=Virus-Burst.exe
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[VirusBurst]
Number=11715
Confirmed=N
Filename=VirusBurst.exe
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[VirusCheckII]
Number=11716
Confirmed=X
Filename=AVIRCHK.EXE
Description=Added by the <a href="http://www.esecurityplanet.com/alerts/article.php/1031_1572161" target="_blank">DASMIN</a> TROJAN!
Source=Paul Collins Startup list

[VirusKeeper]
Number=11717
Confirmed=U
Filename=VirusKeeper.exe
Description=<a href="http://www.viruskeeper.com/us/" target=_blank>VirusKeeper</a> uses a powerful real-time threat detection engine

Source=Paul Collins Startup list

[VirusRescue]
Number=11718
Confirmed=N
Filename=VirusRescue.exe
Description=Virus program - not recommended, see <a href="http://spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[VirusScan Online]
Number=11719
Confirmed=Y
Filename=mcvsshld.exe
Description=McAfee VirusScan On-line. See also the McAgentExe entry
Source=Paul Collins Startup list

[VirusScanMSC]
Number=11720
Confirmed=?
Filename=VsStat.exe
Description=Part of McAfee VirusScan. <font color="#FF0000">System Tray application as with previous versions (were also VsStat.exe), McAfee SecurityCenter integration or something else? Is it required?</font>
Source=Paul Collins Startup list

[VirusScanner]
Number=11721
Confirmed=X
Filename=mnsys.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotafq.html" target=_blank>SDBOT-AFQ</a> WORM!
Source=Paul Collins Startup list

[Virus_Scanner]
Number=11722
Confirmed=X
Filename=Virus_Cleaner.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082012-0827-99" target="_blank">PANOL</a> WORM!
Source=Paul Collins Startup list

[visionGS]
Number=11723
Confirmed=N
Filename=VISIONGS.EXE
Description=<a href="http://www.visiongs.com/" target="_blank">visionGS</a> webcam software
Source=Paul Collins Startup list

[Vistascan]
Number=11724
Confirmed=N
Filename=vistascan.exe
Description=Included in VistaScan are VistaAccess and VistaShuttle. VistaAccess gives you quick and easy access to scanning functions right from your desktop. For Windows users, you'll see a scanner icon in the Windows Tray of the Taskbar. Click this icon and a menu opens
Source=Paul Collins Startup list

[Visual Element FX5]
Number=11725
Confirmed=X
Filename=[various filenames]
Description=<a href="http://www.spyany.com/program/article_spw_rm_ClearStream_Accelerator.html" target=_blank>ClearStream Accelerator</a> adware
Source=Paul Collins Startup list

[VisualStudio]
Number=11726
Confirmed=X
Filename=msorunner.exe
Description=Added by a variant of the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY</a> TROJAN!
Source=Paul Collins Startup list

[VisualTaskTips]
Number=11727
Confirmed=U
Filename=VisualTaskTips.exe
Description="<a href="http://www.visualtasktips.com/" target="_blank">Visual Task Tips</a> is a lightweight shell enhancement utility. It provides thumbnail preview image for each task in the Windows Taskbar"
Source=Paul Collins Startup list

[VisualTooltip]
Number=11728
Confirmed=U
Filename=VisualToolTip.exe
Description=Related to <a href="http://chsalmon.club.fr/index.php?en/Visual-tooltip-about" target="_blank">VisualTooltip</a>. Shows a thumbnail of a window by placing the mouse cursor over a button on the taskbar
Source=Paul Collins Startup list

[VITAL BOOT PROCESS]
Number=11729
Confirmed=X
Filename=taskmngr.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[VITAL BOOT PROCESS]
Number=11730
Confirmed=X
Filename=taskmnsgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotvy.html" target=_blank>Rbot-VY</a> WORM!
Source=Paul Collins Startup list

[Vital Load Process]
Number=11731
Confirmed=X
Filename=Spoolsvr.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AIF&VSect=P" target=_blank>RBOT.AIF</a> WORM!
Source=Paul Collins Startup list

[VividGalut]
Number=11732
Confirmed=X
Filename=VividGalut.exe
Description=Adult content related web downloader
Source=Paul Collins Startup list

[vmcleaner]
Number=11733
Confirmed=X
Filename=gxlib.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallhs.html" target=_blank>SMALL-HS</a> TROJAN!
Source=Paul Collins Startup list

[VMConsole.exe]
Number=11734
Confirmed=?
Filename=VMConsole.exe
Description=Sony VAIO Media Console - installed on the VAIO Media Integrated Server PCs.  <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[VMDFW]
Number=11735
Confirmed=Y
Filename=vmdfw.exe
Description=VirusMD Personal Firewall. Vendor's Note: "VirusMD Personal Firewall is a micro-firewall and should not be use as your primary virus scanner or as your primary firewall. It does not pan-block incoming or outgoing data. Rather, is a diagnostic and therapeutic utility designed to help professionals save time and effort in eradicating Trojan horses"
Source=Paul Collins Startup list

[vmlib]
Number=11736
Confirmed=X
Filename=vmlib.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlowzoneaq.html" target=_blank>LOWZONE-AQ</a> TROJAN!
Source=Paul Collins Startup list

[Vmmon32]
Number=11737
Confirmed=X
Filename=vmmon32.exe
Description=Browser hijacker

Source=Paul Collins Startup list

[vmnetdhcp]
Number=11738
Confirmed=X
Filename=vmnetdhcp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdwnldrgtc.html" target="_blank">DWNLDR-GTC</a> TROJAN!
Source=Paul Collins Startup list

[vmsnGraber]
Number=11739
Confirmed=X
Filename=VMSNGRABER.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-121617-0619-99" target=_blank>ENVID.B</a> WORM!
Source=Paul Collins Startup list

[vmss]
Number=11740
Confirmed=X
Filename=vmss.exe
Description=<a href="http://www.spywareguide.com/product_show.php?id=727" target=_blank>Delfin Media Viewer</a> or "Promulgate" adware variant
Source=Paul Collins Startup list

[vmtuner]
Number=11741
Confirmed=X
Filename=gclib.exe
Description=Hijacker - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan-Clicker.Win32.Small.fh
Source=Paul Collins Startup list

[vmtuner]
Number=11742
Confirmed=X
Filename=gglib.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqlowzond.html" target=_blank>QLOWZON-D</a> TROJAN!
Source=Paul Collins Startup list

[VnCplUpdate]
Number=11743
Confirmed=X
Filename=msdm.exe
Description=Masssend - spam relayer. Listens on a port for the spammers to feed it a list of addresses and what to send out. More information in <a href="http://www.dslreports.com/forum/remark,8021632~root=security,1~mode=flat" target="_blank"> this advisory</a>
Source=Paul Collins Startup list

[vnmispoisn downloader]
Number=11744
Confirmed=X
Filename=vnmispoisn downloader.exe
Description=SearchBarCash adware variant
Source=Paul Collins Startup list

[VOBID]
Number=11745
Confirmed=U
Filename=InstantDrive.exe
Description=<a href="http://www.pinnaclesys.com" target="_blank">Pinnacle Systems</a> (ex VOB) InstantDrive - creates a virtual CD-ROM drive on the computer's hard drive. Part of InstantCD/DVD burning software
Source=Paul Collins Startup list

[VOBRegCheck]
Number=11746
Confirmed=Y
Filename=VOBRegCheck.exe
Description=Part of <a href="http://www.pinnaclesys.com/" target="_blank">Pinnacle Systems</a> InstantCD/DVD and InstantCopy CD/DVD copying software that verifies drive settings. Once loaded it doesn't use any resources so you can leave it enabled
Source=Paul Collins Startup list

[VoiceCenter]
Number=11747
Confirmed=U
Filename=AndreaVC.exe
Description=Related to <a href="http://www.andreaelectronics.com/" target="_blank">Andrea's Superbeam</a> microphone utility
Source=Paul Collins Startup list

[voip phone]
Number=11748
Confirmed=U
Filename=voip phone.exe
Description=Related to Acer Bluetooth VoIP phone - as optionally supplied with some of their notebooks such as the <a href="http://global.acer.com/products/notebook/tm8200.htm" target="_blank">TravelMate 8200</a>
Source=Paul Collins Startup list

[VoipBuster]
Number=11749
Confirmed=N
Filename=VoipBuster.exe
Description=<a href="http://www.voipbuster.com/en/index.html" target=_blank>VoipBuster</a> - voice over the internet service. If you are calling a land line in one of their free destinations listed, the call will be placed at no costs at all. For all other calls, you will be asked to buy credits first
Source=Paul Collins Startup list

[VolPanel]
Number=11750
Confirmed=U
Filename=VolPanel.exe
Description=Related to <a href="http://www.creative.com/" target=_blank>Creative</a> Sound Blaster X-Fi

Source=Paul Collins Startup list

[Voltage Manager]
Number=11751
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040514-2341-99" target=_blank>DREFFORT</a> WORM!
Source=Paul Collins Startup list

[Volume Controller]
Number=11752
Confirmed=X
Filename=VolumeControl.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AYI&VSect=T" target=_blank>SDBOT.AYI</a> WORM!
Source=Paul Collins Startup list

[Vonage]
Number=11753
Confirmed=U
Filename=click2call.exe
Description=<a href="http://www.vonage.com/index.php" target=_blank>Vonage</a> Voice over IP Internet phone service
Source=Paul Collins Startup list

[VoodooBanshee]
Number=11754
Confirmed=U
Filename=rundll32.exe 3DBBps.dll, BansheeLoadSettings
Description=Loads the configuration settings for a 3dfx Voodoo Banshee chipset based graphics card. If you change some of the settings from default you probably need this - otherwise maybe not&nbsp;
Source=Paul Collins Startup list

[voowsmcr]
Number=11755
Confirmed=?
Filename=huhdir.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Vortex Tray]
Number=11756
Confirmed=N
Filename=asp4setp.exe
Description=System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -&gt; Settings -&gt; Control Panel
Source=Paul Collins Startup list

[VortexTray]
Number=11757
Confirmed=N
Filename=au30setp.exe
Description=System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -&gt; Settings -&gt; Control Panel
Source=Paul Collins Startup list

[VortexTray]
Number=11758
Confirmed=N
Filename=asp4tray.exe
Description=System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -&gt; Settings -&gt; Control Panel
Source=Paul Collins Startup list

[VortexTray]
Number=11759
Confirmed=N
Filename=asp4setp.exe
Description=System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -&gt; Settings -&gt; Control Panel
Source=Paul Collins Startup list

[VoyetraTray]
Number=11760
Confirmed=N
Filename=vtray.exe
Description=This provides an abbreviated Control Group for the Turtle Beach Montego II sound functions/associated with AudioStation 3 and 32
Source=Paul Collins Startup list

[VPCUserServices]
Number=11761
Confirmed=U
Filename=VMUSrvc.exe
Description=Part of <a href="http://support.microsoft.com/?kbid=833146" target= blank>"DOS Virtual Machine Additions"</a> for Microsoft <a href="http://www.microsoft.com/windows/virtualpc/default.mspx" target= blank>Virtual PC</a>, software virtualization software that allows you to run multiple PC-based operating systems simultaneously on one workstation. This process provides additional functionalities such as Shared Folders
Source=Paul Collins Startup list

[Vpop3 Mail Server]
Number=11762
Confirmed=U
Filename=vpop3.exe
Description=Mail server from <a href="http://www.vpop3.co.uk" target="_blank">Paul Smith Computer Services</a>. Runs in system tray to collect mail. Can be run from a shortcut and if it isn't running then it won't get your email!
Source=Paul Collins Startup list

[vptray]
Number=11763
Confirmed=U
Filename=vptray.exe
Description=System Tray icon for Norton Anti-Virus Corporate Edition. Gives access to the options available and may not be required. Some users may have problems - refer <a href="http://groups.google.com/group/novell.support.os.client.win9x/msg/c4b794b9572a69b8?q=vptray.exe%2BNorton&hl=en&safe=off&rnum=1&ic=1" target="_blank">here</a>
Source=Paul Collins Startup list

[Vrmon]
Number=11764
Confirmed=Y
Filename=vrmonnt.exe
Description=<a href="http://www.globalhauri.com" target="_blank">HAURI</a> Anti-Virus
Source=Paul Collins Startup list

[VrSchedule]
Number=11765
Confirmed=Y
Filename=Vrres.exe
Description=<a href="http://www.globalhauri.com" target="_blank">HAURI</a> Anti-Virus
Source=Paul Collins Startup list

[VS.VSN]
Number=11766
Confirmed=Y
Filename=
Description=Part of <a href="http://www.esafe.com/esafe/default.asp?cf=tl" target="_blank">eSafe</a> antivirus "SmartScan" - alerts the user if files have been changed/added
Source=Paul Collins Startup list

[vsadmin]
Number=11767
Confirmed=X
Filename=smrs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotrc.html" target= blank>AGOBOT-RC</a> WORM!
Source=Paul Collins Startup list

[Vsample]
Number=11768
Confirmed=X
Filename=winxpsock.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BLK" target=_blank>SDBOT.BLK</a> WORM!
Source=Paul Collins Startup list

[vscanner]
Number=11769
Confirmed=X
Filename=spooll32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_OPTIXPRO.10" target="_blank">OPTIXPRO.10</a> TROJAN!
Source=Paul Collins Startup list

[vschost]
Number=11770
Confirmed=X
Filename=vschosts.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvipsya.html" target=_blank>VIPSY-A</a> TROJAN!
Source=Paul Collins Startup list

[VsEcomrEXE]
Number=11771
Confirmed=N
Filename=VSECOMR.EXE
Description=From McAfee VirusScan up to version 4.x. This executable is responsible for the periodic &quot;update&quot; prompts
Source=Paul Collins Startup list

[Vshwin32EXE]
Number=11772
Confirmed=Y
Filename=VSHWIN32.EXE
Description=From McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Communicates between VSSTAT.EXE and the VShield System Scan module. Can be started automatically or available via Start -> Programs
Source=Paul Collins Startup list

[VSN]
Number=11773
Confirmed=N
Filename=VSN.exe
Description=Software to share photographs across the internet
Source=Paul Collins Startup list

[vsnpstd3]
Number=11774
Confirmed=Y
Filename=vsnpstd3.exe
Description=<a href="http://www.sonix.com/" target=_blank>Sonix Inc.</a> Camera Monitor MFC Application
Source=Paul Collins Startup list

[VSOCheckTask]
Number=11775
Confirmed=Y
Filename=MCMNHDLR.EXE
Description=Part of McAfee's <a href="http://us.mcafee.com/root/product.asp?productid=msc" target="_blank"> SecurityCenter</a> and Virusscan Online. Must be enabled for scanning to work
Source=Paul Collins Startup list

[VSP32 Controls]
Number=11776
Confirmed=X
Filename=vsp32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotva.html" target="_blank">RBOT-VA</a> WORM!
Source=Paul Collins Startup list

[vspdfprsrv.exe]
Number=11777
Confirmed=N
Filename=vspdfprsrv.exe
Description=<a href="http://www.visagesoft.com/pdfprinter/" target="_blank">Visage PDF Printer</a>
Source=Paul Collins Startup list

[VsStatEXE]
Number=11778
Confirmed=Y
Filename=VSSTAT.EXE
Description=From McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Communicates between VSSTAT.EXE and the VShield System Scan module. Can be started automatically or available via Start -> Programs
Source=Paul Collins Startup list

[vst]
Number=11779
Confirmed=X
Filename=vstkmgr.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.SK" target="_blank">AGOBOT.SK</a> WORM!
Source=Paul Collins Startup list

[vTPass]
Number=11780
Confirmed=N
Filename=vtpassld.exe
Description=Part of <a href="http://tim.oreilly.com/pub/d/309" target="_blank">vTrails</a> - a live media delivery solution. vTPass is the driver enabling the system to work. If unavailable via Start -> Programs, create your own shortcut for the "vtpass.exe" file
Source=Paul Collins Startup list

[VTPreset]
Number=11781
Confirmed=U
Filename=VTPreset.exe
Description=Savage Pro S3 graphics software
Source=Paul Collins Startup list

[VTTimer]
Number=11782
Confirmed=U
Filename=VTTimer.exe
Description=Driver file for the on-board VIA/S3G KM400/KN400 graphics which enables TV in/out communication
Source=Paul Collins Startup list

[vTunerStartUp]
Number=11783
Confirmed=N
Filename=vTuner.exe
Description=<a href="http://www.vtuner.com/" target="_blank">vTuner</a> - &quot;an easy way to find and listen to radio and TV broadcasts over the Internet&quot;
Source=Paul Collins Startup list

[vuaaa]
Number=11784
Confirmed=X
Filename=reg.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[VVSN]
Number=11785
Confirmed=X
Filename=VVSN.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=WhenU.Save&threatid=10810" target=_blank>WhenU.Save</a> adware
Source=Paul Collins Startup list

[VX Audio]
Number=11786
Confirmed=X
Filename=vxaudio.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vanebotai.html" target="_blank">VANEBOT-AI</a> WORM!
Source=Paul Collins Startup list

[VX1000]
Number=11787
Confirmed=?
Filename=vVX1000.exe
Description=Associated with Microsoft's <a href="http://www.microsoft.com/hardware/digitalcommunication/Productlist.aspx?type=LifeCam" target="_blank">VX-1000 LifeCam</a> webcams. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[VX3000]
Number=11788
Confirmed=?
Filename=vVX3000.exe
Description=Associated with Microsoft's <a href="http://www.microsoft.com/hardware/digitalcommunication/productdetails.aspx?pid=002" target="_blank">VX-1000 LifeCam</a> webcams. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[VX6000]
Number=11789
Confirmed=?
Filename=vVX6000.exe 
Description=Associated with Microsoft's <a href="http://www.microsoft.com/hardware/digitalcommunication/Productlist.aspx?type=LifeCam" target="_blank">VX-1000 LifeCam</a> webcams. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[VZAccess Manager]
Number=11790
Confirmed=U
Filename=VZAccess Manager.exe
Description=Verizon Access manager for enterprises
Source=Paul Collins Startup list

[VZRemoteCommander]
Number=11791
Confirmed=U
Filename=AvRmtCtr.exe
Description=Related to Sony's VAIO Zone Remote Commander. A non-essential process to the running of the system, but should not be  terminated unless suspected to be causing problems
Source=Paul Collins Startup list

[W1N32.DLL]
Number=11792
Confirmed=X
Filename=WINLOGON .exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DROPPERFL.A" target="_blank">DROPPERFL.A</a> TROJAN!
Source=Paul Collins Startup list

[w32]
Number=11793
Confirmed=X
Filename=w32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-092214-2730-99" target="_blank">SOKEVEN</a> TROJAN!
Source=Paul Collins Startup list

[W32.Scran]
Number=11794
Confirmed=X
Filename=Scran.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-101622-4200-99" target=_blank>NARCS</a> WORM!
Source=Paul Collins Startup list

[w32alanis]
Number=11795
Confirmed=X
Filename=mope.scr
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111213-1819-99" target="_blank">SINALA</a> WORM!
Source=Paul Collins Startup list

[W32data]
Number=11796
Confirmed=X
Filename=eworo.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[W32Load]
Number=11797
Confirmed=X
Filename=[random filename].scr
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091106-5456-99" target="_blank">CASPID</a> WORM!
Source=Paul Collins Startup list

[W32PluginsDownloaderXMLHTTPSelfClearing7520]
Number=11798
Confirmed=X
Filename=wiper.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojproxyserm.html" target=_blank>PROXYSER-M</a> TROJAN!
Source=Paul Collins Startup list

[w32sup]
Number=11799
Confirmed=X
Filename=w32sup.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[W32SYS]
Number=11800
Confirmed=X
Filename=w32sys.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32jambua.html" target="_blank">JAMBU-A</a> WORM!
Source=Paul Collins Startup list

[W32Tc]
Number=11801
Confirmed=X
Filename=WTC32.scr
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-031914-5203-99" target="_blank">VOTE.D</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090509-5911-99" target="_blank"> VOTE.K</a> WORMS!
Source=Paul Collins Startup list

[W3KNetwork]
Number=11802
Confirmed=X
Filename=rundll32.exe w3knet.dll, dllinitrun
Description=Advertising spyware. Check <a href="http://www.safersite.com/PestInfo/Web3000.asp" target="_blank">here</a> for more info on this particular one
Source=Paul Collins Startup list

[W75P2PSERVER]
Number=11803
Confirmed=Y
Filename=W75P2PS.EXE
Description=Printer utility which is required in order to make the printer work correctly
Source=Paul Collins Startup list

[W815DM]
Number=11804
Confirmed=U
Filename=W815DM.exe
Description=Enuff Parental Control Software by <a href="http://www.akrontech.com/" target=_blank>Akrontech</a>
Source=Paul Collins Startup list

[w98Eject]
Number=11805
Confirmed=U
Filename=w98Eject.exe
Description=Related to USB support for <a href="http://www.sigmatel.com/products/audio-decoder.htm" target= blank>Sigmatel</a> MP3 audio palyer (and others such as SanDisk). It's intent is to "put away" the "disk" before you unplug it from the USB port, ostensibly to avoid "losing" data
Source=Paul Collins Startup list

[wait4IP]
Number=11806
Confirmed=U
Filename=wait4IP.exe
Description=Packard Bell <a href="http://support.packardbell.com/uk/item/index.php?m=step3&i=platform_net2plug" target="_blank">net2Plug</a> allows you to network PCs anywhere in your house
Source=Paul Collins Startup list

[wallchgr.exe wstart]
Number=11807
Confirmed=U
Filename=Wallchgr.exe
Description=<a href="http://www.bluetreesoft.com/wall_features.html" target=_blank>WallChanger</a> - wallpaper changer from Blue Tree Software
Source=Paul Collins Startup list

[WallPaper]
Number=11808
Confirmed=X
Filename=taskimgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankergx.html" target=_blank>BANKER-GX</a> TROJAN!
Source=Paul Collins Startup list

[WallPaper]
Number=11809
Confirmed=U
Filename=WALLPA~1.EXE
Description=<a href="http://www.wallpaperchanger.de/" target=_blank>Wallpaper Changer</a> - wallpaper manager that can change your background images on every startup

Source=Paul Collins Startup list

[WallpaperChanger]
Number=11810
Confirmed=U
Filename=Wallpaper.exe
Description=A wallpaper changer and manager utility. There is the Freeware version and the Pro version. The freeware version is completely free. The Pro version is 30-day trialware, and after the 30 days some of the more advanced features will be disabled unless you register it

Source=Paul Collins Startup list

[Wanadoo Messenger.exe]
Number=11811
Confirmed=N
Filename=Wanadoo Messenger.exe
Description=Wanadoo ISP instant messenger client
Source=Paul Collins Startup list

[WanMPSvc]
Number=11812
Confirmed=Y
Filename=WanMPSvc.exe
Description=An AOL component, the Wan miniport (ATW) service. If you delete this and logon, AOL reports a problem with your internet connection, and reinstalling AOL doesn't help
Source=Paul Collins Startup list

[WAPI]
Number=11813
Confirmed=X
Filename=wts**.exe [* = random char]
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[War FTPD Tray Icon]
Number=11814
Confirmed=N
Filename=wartray.exe
Description=<a href="http://www.warftp.org/" target="_blank">War-ftpd</a> - FTP server
Source=Paul Collins Startup list

[war-ftpd.exe]
Number=11815
Confirmed=N
Filename=WAR-FTPD.EXE
Description=<a href="http://www.jgaa.com/index.php?menu=154" target="_blank">War FTP Daemon</a> from JGAA's Internet - FTP client
Source=Paul Collins Startup list

[Wardo]
Number=11816
Confirmed=X
Filename=syslaunch.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102409-0427-99" target="_blank">ADCLICKER.G</a> TROJAN!
Source=Paul Collins Startup list

[WareOut]
Number=11817
Confirmed=X
Filename=WareOut.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[warez]
Number=11818
Confirmed=N
Filename=warez.exe
Description=<a href="http://www.warez.com/" target="_blank">Warez</a> P2P client
Source=Paul Collins Startup list

[Warner]
Number=11819
Confirmed=U
Filename=warner.exe
Description=Also known as &quot;CyberWarner&quot;. From G-Tek Technologies and pre-installed on some Packard Bell PCs. Protects critical files
Source=Paul Collins Startup list

[Warnet]
Number=11820
Confirmed=U
Filename=warnet.exe
Description=Warnet - system cleanup software
Source=Paul Collins Startup list

[Warning: do not remove it!]
Number=11821
Confirmed=U
Filename=fpplock.exe
Description=Part of Folder Password Expert by ZQS Software Team - "a software program to restrict access to the folders that contain your sensitive data"
Source=Paul Collins Startup list

[Warning: do not remove it! (system)]
Number=11822
Confirmed=Y
Filename=cfpsys.exe
Description=<a href="http://www.protect-folders.com/" target=_blank>Folder Password Protect</a> - a program that lets you set a password on folders of your choice
Source=Paul Collins Startup list

[WarReg_PopUp]
Number=11823
Confirmed=N
Filename=WarReg_PopUp.exe
Description=Acer warranty registration popup
Source=Paul Collins Startup list

[WARSVR]
Number=11824
Confirmed=N
Filename=war-ftpd.exe
Description=&quot;<a href="http://www.jgaa.com/index.php?menu=154&amp;PHPSESSID=5e40946a3f777b0446aa51537bf27f9f" target="_blank">War FTP Daemon</a> - the original free FTP server for windows"
Source=Paul Collins Startup list

[WashAndGo - Cleanup of old Backupfiles]
Number=11825
Confirmed=U
Filename=checker.exe
Description=<a href="http://www.abelssoft.com/washandgo.htm" target="_blank">WashAndGo</a> - temp file cleaner
Source=Paul Collins Startup list

[Washer]
Number=11826
Confirmed=U
Filename=washer.exe
Description=<a href="http://www.webroot.com/consumer/products/windowwasher/" target="_blank">Window Washer</a> from Webroot Software. Useful utility that deletes safe to remove files, cookies, browsing history, etc. Available via from Start -> Programs. Disable within the program options - otherwise it is re-enabled in MSCONFIG
Source=Paul Collins Startup list

[Washerie.exe]
Number=11827
Confirmed=N
Filename=washerie.exe
Description=Cookie Washer for Internet Explorer from Webroot Software. Light version of Windows Washer, specific for cleaning the IE cache and cookies. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[washindex]
Number=11828
Confirmed=U
Filename=washidx.exe
Description=<a href="http://www.webroot.com/consumer/products/windowwasher/" target="_blank">Window Washer</a> from Webroot Software. Useful utility that deletes safe to remove files, cookies, browsing history, etc. Available via from Start -> Programs. Disable within the program options - otherwise it is re-enabled in MSCONFIG
Source=Paul Collins Startup list

[Wast]
Number=11829
Confirmed=X
Filename=wast.exe
Description=Grokster ads updater
Source=Paul Collins Startup list

[Watch]
Number=11830
Confirmed=N
Filename=watch.exe
Description=Found to be used by a Trust USB scanner for auto starting the scanning software when the lid is lifted
Source=Paul Collins Startup list

[Watch]
Number=11831
Confirmed=U
Filename=1200UBWATCH.EXE
Description=Button press monitor for the Mustek 1200 UB Scanner
Source=Paul Collins Startup list

[Watch Dog Program]
Number=11832
Confirmed=N
Filename=watchdog.exe
Description=For Compaq PC's. Associated with Compaq's internet services. Not required if you don't use services provided by them and may not be required even if you do
Source=Paul Collins Startup list

[Watchdog]
Number=11833
Confirmed=N
Filename=Watchdog.exe
Description=Definitely part of the Mustek scanner drivers and software (for 600 III EP Plus and maybe others), launches from the Startup folder in the Start Menu, but not required as they give instructions on removing it on their webpage
Source=Paul Collins Startup list

[WatchDog]
Number=11834
Confirmed=?
Filename=watchdog.exe
Description=Part of Motorola "Mobile Phone Tools" v3 - in a "Mobiile Phone Tools" sub-directory of Program Files
Source=Paul Collins Startup list

[WatchDog]
Number=11835
Confirmed=?
Filename=DVDCheck.exe
Description=Related to an <a href="http://www.intervideo.com/jsp/Home.jsp" target=_blank>Intervideo</a> program. <font color="#FF0000">What does it do and is it required in startup?</font>
Source=Paul Collins Startup list

[WaveTop Launcher]
Number=11836
Confirmed=N
Filename=WaveTop.exe
Description=<a href="http://www.aitech.com/support/specialtechnlgs.htm" target="_blank">WaveTop</a> - "Get push content from TV without an Internet connection" - now possibly a defunct system in the US included as an optional part of WebTV in Win98
Source=Paul Collins Startup list

[WaveTop Receiver 1]
Number=11837
Confirmed=N
Filename=N/A
Description=<a href="http://www.aitech.com/support/specialtechnlgs.htm" target="_blank">WaveTop</a> - "Get push content from TV without an Internet connection" - now possibly a defunct system in the US included as an optional part of WebTV in Win98
Source=Paul Collins Startup list

[WaveTop Receiver 2]
Number=11838
Confirmed=N
Filename=N/A
Description=<a href="http://www.aitech.com/support/specialtechnlgs.htm" target="_blank">WaveTop</a> - "Get push content from TV without an Internet connection" - now possibly a defunct system in the US included as an optional part of WebTV in Win98
Source=Paul Collins Startup list

[WaveTop Upload Manager]
Number=11839
Confirmed=N
Filename=N/A
Description=<a href="http://www.aitech.com/support/specialtechnlgs.htm" target="_blank">WaveTop</a> - "Get push content from TV without an Internet connection" - now possibly a defunct system in the US included as an optional part of WebTV in Win98
Source=Paul Collins Startup list

[Wbiff]
Number=11840
Confirmed=N
Filename=Wbiff.exe
Description=<a href="http://tucows.mundofree.com/winme/preview/137365.html" target="_blank">Wbiff!</a> E-mail checker - automatically checks your e-mail and notifies you if any new e-mail has been received
Source=Paul Collins Startup list

[Wbutton]
Number=11841
Confirmed=U
Filename=Wbutton.exe
Description=Turns on and off the integrated WiFi on Acer (and other laptops)
Source=Paul Collins Startup list

[WCESCOMM]
Number=11842
Confirmed=N
Filename=WCESCOMM.EXE
Description=Active sync for use with Windows CE based palm PC
Source=Paul Collins Startup list

[WCESMngr]
Number=11843
Confirmed=X
Filename=spoolsb.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotqz.html" target= blank>AGOBOT-QZ</a> WORM!
Source=Paul Collins Startup list

[WCESMngr]
Number=11844
Confirmed=X
Filename=WCEMNGR.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotqx.html" target= blank>AGOBOT-QX</a> WORM!
Source=Paul Collins Startup list

[wcmdmgr]
Number=11845
Confirmed=U
Filename=wcmdmgrl.exe
Description=<a href="http://www.wildtangent.com/default.asp?pageID=webdriver_download" target="_blank">Web Driver</a> delivery system for <a href="http://www.wildtangent.com/default.asp" target="_blank">WildTangent</a> on-line games. Periodically checks for updates - can be disabled within the programs control panel. Note that WildTanget's <a href="http://www.wildtangent.com/default.asp?pageID=company_art&artid=art20030925_A" target="_blank">privacy policy</a> used to state that they also collect and share individuals information but this is no longer the case

Source=Paul Collins Startup list

[wcmdmgr.exe]
Number=11846
Confirmed=N
Filename=wcmdmgr.exe
Description=<a href="http://www.wildtangent.com/default.asp?pageID=webdriver_download" target="_blank">Web Driver</a> delivery system for <a href="http://www.wildtangent.com/default.asp" target="_blank">WildTangent</a> on-line games. Periodically checks for updates - can be disabled within the programs control panel. Note that WildTanget's <a href="http://www.wildtangent.com/default.asp?pageID=company_art&artid=art20030925_A" target="_blank">privacy policy</a> used to state that they also collect and share individuals information but this is no longer the case
Source=Paul Collins Startup list

[wcmdmgrl]
Number=11847
Confirmed=U
Filename=wcmdmgrl.exe
Description=<a href="http://www.wildtangent.com/default.asp?pageID=webdriver_download" target="_blank">Web Driver</a> delivery system for <a href="http://www.wildtangent.com/default.asp" target="_blank">WildTangent</a> on-line games. Periodically checks for updates - can be disabled within the programs control panel. Note that WildTanget's <a href="http://www.wildtangent.com/default.asp?pageID=company_art&artid=art20030925_A" target="_blank">privacy policy</a> used to state that they also collect and share individuals information but this is no longer the case
Source=Paul Collins Startup list

[WCOLOREAL]
Number=11848
Confirmed=U
Filename=coloreal.exe
Description=Makes colours sharper and brighter, but will only work with coloreal capable monitors
Source=Paul Collins Startup list

[WCPC]
Number=11849
Confirmed=?
Filename=wintsvcc.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[WCPI]
Number=11850
Confirmed=X
Filename=wintsvit.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[WCPS]
Number=11851
Confirmed=X
Filename=Wint**.exe [* = random char]
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[WCPT]
Number=11852
Confirmed=X
Filename=wintsvtr.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[wcsys]
Number=11853
Confirmed=X
Filename=wcsys.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkeylogap.html" target=_blank>KEYLOG-AP</a> TROJAN!
Source=Paul Collins Startup list

[WD Button Manager]
Number=11854
Confirmed=U
Filename=WDBtnMgr.exe
Description=Button manager installed with a western digital external disk drive. Allows you to back up your system with one click

Source=Paul Collins Startup list

[wdfmgr32.exe]
Number=11855
Confirmed=X
Filename=wdfmgr32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdwnldrfvl.html" target="_blank">DWNLDR-FVL</a> TROJAN!
Source=Paul Collins Startup list

[WDInfo]
Number=11856
Confirmed=X
Filename=wdinfo.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091104-3134-99" target=_blank>DLUCA.B</a> TROJAN!
Source=Paul Collins Startup list

[WDNS SYSTEM]
Number=11857
Confirmed=X
Filename=nibie.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobby.html" target=_blank>MYTOB-BY</a> WORM!
Source=Paul Collins Startup list

[WDNS SYSTEM]
Number=11858
Confirmed=X
Filename=skybotx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobby.html" target=_blank>MYTOB-BY</a> WORM!
Source=Paul Collins Startup list

[WDNS SYSTEM]
Number=11859
Confirmed=X
Filename=wdns33.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobby.html" target=_blank>MYTOB-BY</a> WORM!
Source=Paul Collins Startup list

[wdskctl]
Number=11860
Confirmed=X
Filename=wdskctl.exe
Description=IEPlugin spyware
Source=Paul Collins Startup list

[wdwctrl]
Number=11861
Confirmed=X
Filename=wdwctrl.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-052717-5121-99" target="_blank">DLUCA.E</a> TROJAN!
Source=Paul Collins Startup list

[WEATHER]
Number=11862
Confirmed=N
Filename=WEATHER.EXE
Description=Weatherbug provides current outdoor temperature in the System Tray, also weather alerts. Available via Start -> Programs
Source=Paul Collins Startup list

[WeatherCast]
Number=11863
Confirmed=N
Filename=Weather.exe
Description=Weather reporting in the System Tray. Available via Start -> Programs. Installed via Radlight
Source=Paul Collins Startup list

[WeatherOnTray]
Number=11864
Confirmed=X
Filename=WeatherOnTray.exe
Description=<a href="http://sarc.com/avcenter/venc/data/adware.hotbar.html" target="_blank">Hotbar's</a> Weather Forecast tool for your desktop - adware
Source=Paul Collins Startup list

[WeatherOnTray]
Number=11865
Confirmed=X
Filename=SbWeatherOnTray.exe
Description=Related to <a href="http://sarc.com/avcenter/venc/data/adware.hotbar.html" target=_blank>Hotbar's</a> Weather Forecast tool for your desktop
Source=Paul Collins Startup list

[Weatherscope]
Number=11866
Confirmed=N
Filename=Weatherscope.exe
Description=WeatherScope - "displays your current local temperature in the system tray of your computer (near the clock) whenever you are online!" Not recommended as it bundles <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Claria.GAIN.CommonElements&threatid=5605" target=_blank>GAIN</a> adware. You can get the adware free version for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
Source=Paul Collins Startup list

[WeatherWatcher]
Number=11867
Confirmed=N
Filename=ww.exe
Description=<a href="http://www.singerscreations.com/AboutWeatherWatcher.html" target="_blank">WeatherWatcher</a> - weather reporting in the System Tray
Source=Paul Collins Startup list

[web]
Number=11868
Confirmed=X
Filename=******.exe [* = random char]
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453089426" target="_blank">EASTO.A</a> TROJAN!
Source=Paul Collins Startup list

[WEB DRIVERS FOR WIN32]
Number=11869
Confirmed=X
Filename=phqgh.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Web Offer]
Number=11870
Confirmed=X
Filename=ezPopStub.exe
Description=eZula <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=eZula.TopText&threatid=5117" target="_blank">TopText</a> adware
Source=Paul Collins Startup list

[Web Offer]
Number=11871
Confirmed=X
Filename=ezStub.exe
Description=eZula <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=eZula.TopText&threatid=5117" target="_blank">TopText</a> adware
Source=Paul Collins Startup list

[Web Offer]
Number=11872
Confirmed=X
Filename=EZSTUB22.EXE
Description=eZula <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=eZula.TopText&threatid=5117" target="_blank">TopText</a> adware
Source=Paul Collins Startup list

[Web Offer]
Number=11873
Confirmed=X
Filename=vl_ezstub.exe
Description=eZula <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=eZula.TopText&threatid=5117" target="_blank">TopText</a> adware
Source=Paul Collins Startup list

[Web Search]
Number=11874
Confirmed=?
Filename=??
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Web Service]
Number=11875
Confirmed=X
Filename=[random filename].exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-011909-1557-99" target=_blank>ADMINCASH</a> TROJAN!
Source=Paul Collins Startup list

[Web Service]
Number=11876
Confirmed=X
Filename=sm.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32bubef.html" target=_blank>BUBE-F</a> VIRUS!
Source=Paul Collins Startup list

[Web Service]
Number=11877
Confirmed=X
Filename=MSXMIDI.EXE
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant, identified by <a href="http://www.kaspersky.com/" target=_blank>Kaspersky</a> as TrojanDropper.Win32.Small.cw
Source=Paul Collins Startup list

[Web2Pop]
Number=11878
Confirmed=U
Filename=Web2Pop.exe
Description=<a href="http://www.jmasoftware.com/english/products/web2pop/index.html" target=_blank>Web2Pop</a> allows you to retrieve your web-based accounts messages to read them in your favorite e-mail client
Source=Paul Collins Startup list

[web3trap]
Number=11879
Confirmed=Y
Filename=web3trap.exe
Description=PC-Cillin 2000 anti-virus software -&gt; ActiveX filter. Guards against malicious ActiveX programs, etc&nbsp;
Source=Paul Collins Startup list

[webalize]
Number=11880
Confirmed=X
Filename=webalize.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453077927" target="_blank">Searchcentrix</a> hijacker
Source=Paul Collins Startup list

[WebArmyKnife]
Number=11881
Confirmed=N
Filename=WAK.exe
Description=<a href="http://www.webarmyknife.com/home.php" target=_blank>Web Army Knife</a> - a suite of web site developer's tools
Source=Paul Collins Startup list

[webassist]
Number=11882
Confirmed=X
Filename=webassist.exe
Description=Adware popup generator
Source=Paul Collins Startup list

[webcam]
Number=11883
Confirmed=X
Filename=webcam.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmonada.html" target=_blank>MONAD-A</a> TROJAN! Note - this malware actually changes the default value data of the Registry Run and RunServices keys in order to force Windows to launch it at boot. Name field may be empty
Source=Paul Collins Startup list

[Webcam Go Sti Service Application]
Number=11884
Confirmed=?
Filename=wbcgosvc.exe
Description=Control software for the portable Creative <a href="http://reviews.cnet.com/Creative_WebCam_Go/4505-6502_7-1446174.html" target="_blank">Webcam Go</a> digital camera/PC web cam. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[WebcamRT.exe]
Number=11885
Confirmed=N
Filename=WEBCAMRT.exe
Description=For Logitech Web Cams. Not required - camera works fine without it
Source=Paul Collins Startup list

[Webcelerator]
Number=11886
Confirmed=X
Filename=webcel.exe
Description=Webcelerator from eAcceleration speeds your Web browsing by both remembering where you have been and anticipating where you will go. Only needed if you find it improves web browsing. Now no longer available and supported and when available was classed as spyware - see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">here</a>
Source=Paul Collins Startup list

[WebCheck]
Number=11887
Confirmed=X
Filename=WebCheck.pif
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031016-3315-99" target="_blank">CONE.C</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031414-1207-99" target="_blank">CONE.F</a> WORMS!
Source=Paul Collins Startup list

[WebCpr0]
Number=11888
Confirmed=X
Filename=WebCpr0.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112314-5537-99" target="_blank">WebRebates</a> adware
Source=Paul Collins Startup list

[Webdav.exe]
Number=11889
Confirmed=X
Filename=webdav.exe
Description=IRC DDoS bot which gives the hacker full control over your system
Source=Paul Collins Startup list

[WebExRemoteAccessAgent]
Number=11890
Confirmed=U
Filename=raagtapp.exe
Description=Related to <a href="http://www.webex.com/" target=_blank>Web Meetings</a> from WebEx Communications, Inc. Share and present online with anyone, anywhere

Source=Paul Collins Startup list

[WebHancer Agent]
Number=11891
Confirmed=X
Filename=whagent.exe
Description=System Tray application that starts up Webhancer software. Software that optimizes your web browser and is also advertising spyware that you can find out about <a href="http://www.cexx.org/adware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[webHancer Survey Companion]
Number=11892
Confirmed=X
Filename=whSurvey.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=43482" target="_blank">WebHancer</a>trackware - traffic measurement service that uses a client agent that is stealth installed on user machines, gathering detailed data about sites visited, their performance and, most important, what the user actually does while there

Source=Paul Collins Startup list

[WebInstall]
Number=11893
Confirmed=X
Filename=WebInstall.exe
Description=ClipGenie adware downloader
Source=Paul Collins Startup list

[WebInstall2]
Number=11894
Confirmed=X
Filename=WebInstall.exe
Description=ClipGenie adware downloader
Source=Paul Collins Startup list

[WebKey]
Number=11895
Confirmed=N
Filename=WebKey.exe
Description=<a href="http://www.variagate.com/jbutils.htm?index" target="_blank">WebKey</a> from JB Utilities. Utility to keep track of login data required when browsing the internet
Source=Paul Collins Startup list

[WebLink]
Number=11896
Confirmed=N
Filename=WebLink.exe
Description=Softex is a "cost-effective way to provide software updates, technical support or new product information to specific end-users - it can silently provide end-users with software updates, technical support and new product information customized to their specific needs through a persistent link"
Source=Paul Collins Startup list

[WebOutfitterTray]
Number=11897
Confirmed=N
Filename=sttray.exe
Description=Intel WebOutfitter service System Tray icon
Source=Paul Collins Startup list

[Webposition Gold 2]
Number=11898
Confirmed=N
Filename=wpsche~1.exe
Description=Scheduler for <a href="http://www.web-positiongold.com/" target="_blank"> Web Position Gold</a> - utility to help optimize the position of web-sites in search engines
Source=Paul Collins Startup list

[WebRebates0]
Number=11899
Confirmed=X
Filename=WebRebates0.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112314-5537-99" target="_blank">WebRebates</a> adware
Source=Paul Collins Startup list

[WebRun]
Number=11900
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031409-4054-99" target=_blank>ADWARELOADER</a> TROJAN!
Source=Paul Collins Startup list

[websaverlive]
Number=11901
Confirmed=U
Filename=websaverlive.exe
Description=<a href="http://12.47.194.20/help/channels.html" target="_blank">WebSaver Live!</a> is a companion program to Websaver that retrieves information from the Internet on a schedule and displays it on your screen when your computer is idle
Source=Paul Collins Startup list

[WebSavingsfromEbates]
Number=11902
Confirmed=X
Filename=WebSavingsfromEbatesrun.exe
Description=Web Savings From Ebates Software, a shopping tool that opens pop-up windows
Source=Paul Collins Startup list

[WebSavingsFromEbates0]
Number=11903
Confirmed=X
Filename=WebSavingsFromEbates0.exe
Description=Web Savings From Ebates Software, a shopping tool that opens pop-up windows

Source=Paul Collins Startup list

[WebScan]
Number=11904
Confirmed=U
Filename=DEFSCANGUI.EXE
Description=eAcceleration Stop-Sign security software related. Previously not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">here</a>
Source=Paul Collins Startup list

[webscan]
Number=11905
Confirmed=U
Filename=stopsignav.exe
Description=eAcceleration Stop-Sign security software related. Previously not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">here</a>
Source=Paul Collins Startup list

[WebScanX]
Number=11906
Confirmed=Y
Filename=WebScanX.exe
Description=From McAfee VirusScan up to version 4.x. Provides functionality for VShield Download Scan and Internet Filter modules. Enables internet scanning. Guards against malicious ActiveX programs, etc
Source=Paul Collins Startup list

[websearch]
Number=11907
Confirmed=X
Filename=wjview ...websearch.exe
Description="Web Savings" From Ebates Software, a shopping tool that opens pop-up windows
Source=Paul Collins Startup list

[WebSecureAlert]
Number=11908
Confirmed=N
Filename=WebSecureAlert.exe
Description=WebSecureAlert - "helps to protect your browser security by monitoring for unauthorized tampering with Internet Explorer's security settings, and can help to protect your privacy by deleting your web surfing history on a regular basis". Not recommended as it bundles <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Claria.GAIN.CommonElements&threatid=5605" target=_blank>GAIN</a> adware. You can get the adware free version for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
Source=Paul Collins Startup list

[WebServer]
Number=11909
Confirmed=?
Filename=VBI_SE~1.EXE
Description=<font color="#FF0000">Related to a Pinnacle sound card. What does it do and is it needed?</font>
Source=Paul Collins Startup list

[Webshots]
Number=11910
Confirmed=U
Filename=Webshots Tray.exe
Description=<a href="http://www.webshots.com/samplers/" target="_blank">Webshots</a> - software that displays photos as your screensaver and wallpaper, and provides tools for sharing your personal photos on the web
Source=Paul Collins Startup list

[Webshots]
Number=11911
Confirmed=U
Filename=websho~1.exe
Description=<a href="http://www.webshots.com/samplers/" target="_blank">Webshots</a> - software that displays photos as your screensaver and wallpaper, and provides tools for sharing your personal photos on the web
Source=Paul Collins Startup list

[Webshots]
Number=11912
Confirmed=U
Filename=Launcher.exe
Description=<a href="http://www.webshots.com/samplers/" target="_blank">Webshots</a> - software that displays photos as your screensaver and wallpaper, and provides tools for sharing your personal photos on the web
Source=Paul Collins Startup list

[Webshots]
Number=11913
Confirmed=U
Filename=WebshotsTray.exe
Description=<a href="http://www.webshots.com/samplers/" target="_blank">Webshots</a> - software that displays photos as your screensaver and wallpaper, and provides tools for sharing your personal photos on the web
Source=Paul Collins Startup list

[Website Administrator Info]
Number=11914
Confirmed=X
Filename=webadmin.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotfy.html" target= blank>FORBOT-FY</a> WORM!
Source=Paul Collins Startup list

[WebSpecials]
Number=11915
Confirmed=X
Filename=rundll32 [path] webspec.dll
Description=WebSpecials spyware
Source=Paul Collins Startup list

[Websx]
Number=11916
Confirmed=X
Filename=Int*****.exe
Description=Adult content dialler - where ***** are random
Source=Paul Collins Startup list

[Webtrap]
Number=11917
Confirmed=Y
Filename=webtrap.exe
Description=Part of PC-Cillin anti-virus software. Checks web-sites for malicious Java and ActiveX elements in a similar way to McAfee WebScanX. A few users find it infuriating
Source=Paul Collins Startup list

[WebTrapNT.exe]
Number=11918
Confirmed=Y
Filename=WebTrapNT.exe
Description=Part of PC-Cillin Anti-Virus software. Checks visited web-sites for malicious Java and ActiveX elements
Source=Paul Collins Startup list

[WebWasher]
Number=11919
Confirmed=U
Filename=wwasher.exe
Description=Free Pop-up/ad/javascript filter program from <a href="http://www.webwasher.com" target="_blank">Siemens</a>. If not running then browsers will not be protected but will still work. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[WeirdOnTheWeb]
Number=11920
Confirmed=X
Filename=WeirdOnTheWeb.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-053116-5734-99" target=_blank>WeirdOnTheWeb</a> adware
Source=Paul Collins Startup list

[Welcome]
Number=11921
Confirmed=N
Filename=Welcome.exe
Description=Launches the Welcome to Windows tutorial on boot up
Source=Paul Collins Startup list

[WEPstat]
Number=11922
Confirmed=?
Filename=Wepstat.exe
Description=Cisco Aironet 340 Series PC Card driver. If it can be started manually it shouldn't be required if you don't use the PC card facility regularily - hence the status could be "U". <font color="#FF0000"> Can anybody confirm this?</font>
Source=Paul Collins Startup list

[wersds]
Number=11923
Confirmed=X
Filename=doriot.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-082715-2500-99" target="_blank">JECT.C</a> TROJAN!
Source=Paul Collins Startup list

[wersds.exe]
Number=11924
Confirmed=X
Filename=doriot.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbagledla.html" target=_blank>BAGLEDI-A</a> TROJAN!
Source=Paul Collins Startup list

[wesumu]
Number=11925
Confirmed=X
Filename=wiustv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassl.html" target=_blank>QQPASS-L</a> TROJAN!
Source=Paul Collins Startup list

[WetSock]
Number=11926
Confirmed=N
Filename=wetsock.exe
Description=<a href="http://www.robomagic.com/wetsock.htm" target="_blank">RoboMagic Wetsock</a> - weather reporting in the System Tray
Source=Paul Collins Startup list

[wextract_cleanup0]
Number=11927
Confirmed=N
Filename=advpack.dll, DelNodeRunDLL32 [path] [filename].TMP
Description=Wextract Cleanup0 is valid and legal software included or sold to help clean up temporary or cab files created by the installer software for a wide variety of software. It should disapear after a restart of the system. If not fix it

Source=Paul Collins Startup list

[WFGStartup]
Number=11928
Confirmed=N
Filename=WFGStartup.exe
Description=<a href="http://asia.cnet.com/downloads/handheld/swinfo/0,39001949,39022960s,00.htm" target="_blank">World Weather</a>. &quot;This midlet displays the current weather conditions for major cities around the world. This version is for memory limited mobile phones&quot;
Source=Paul Collins Startup list

[wfips]
Number=11929
Confirmed=U
Filename=iphider.exe
Description=ICQ (messaging/chat program) anti-bomb software. "WFIPS is anti-bomb software for safeguarding ICQ Bomb before the bombing. '<a href="http://www.yammie.cc/ibinfo/ibinfo8.asp" target="_blank">ICQ Defoolder</a>' is a tool for removing ICQ bomb after being exposed." For more information about ICQ bombs see <a href="http://www.arcwebserv.com/jumpsite/icqprotect.html" target="_blank">here</a>
Source=Paul Collins Startup list

[WFXCTL32.EXE]
Number=11930
Confirmed=N
Filename=WFXCTL32.EXE
Description=From WinFax 10.0 and possibly earlier versions. Appears if you chose to have WinFax appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start -> Programs
Source=Paul Collins Startup list

[wfxsnt40]
Number=11931
Confirmed=Y
Filename=wfxsnt40.exe
Description=WinFax 10.0 and maybe earlier versions. The program that opens the port for WinFax and not normally in the start menu. Needed if you want to run WinFax
Source=Paul Collins Startup list

[WFXSwtch]
Number=11932
Confirmed=?
Filename=WFXSWTCH.exe
Description=Related to WinFax. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[WG111v2 Smart Wizard Wireless Setting]
Number=11933
Confirmed=U
Filename=RtlWake.exe
Description=Configuration utility for the Netgear <a href="http://www.netgear.com/Products/Adapters/GWirelessAdapters/WG111.aspx" target="_blank">WG111</a> 54 Mbps Wireless USB 2.0 Adapter that "provides wireless access to your desktop or notebook PC through the computer's USB port"
Source=Paul Collins Startup list

[WG511WLU]
Number=11934
Confirmed=Y
Filename=WG511WLU.exe
Description=Netgear configuration programme for the 54g wireless lan card - required to monitor and manage the lan card

Source=Paul Collins Startup list

[wgeax]
Number=11935
Confirmed=X
Filename=wgeax.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ircbottm.html" target="_blank">IRCBOT-TM</a> WORM!
Source=Paul Collins Startup list

[wgs3]
Number=11936
Confirmed=X
Filename=wgs3.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmiraqh.html" target="_blank">LEGMIR-AQH</a> TROJAN!
Source=Paul Collins Startup list

[WGV]
Number=11937
Confirmed=X
Filename=WGV.exe
Description=Added by the <a href="http://virusinfo.prevx.com/pxparall.asp?PXC=103661862746" target="_blank">ZIPPIE</a> TROJAN!
Source=Paul Collins Startup list

[WGWLocalManager]
Number=11938
Confirmed=U
Filename=WGWLocalManager.exe
Description=Part of Flash-Networks NettGain2000 product. NettGain 2000 is a combined hardware/software networking solution, which is designed to improve performance of satellite networks by increasing data transmission speeds and maximizing the existing bandwidth for complete utilization when sending TCP/IP applications over a satellite. It is needed when connecting to the internet via satellite to provide speed faster than 60k or so. It could be started by creating a shortcut, running it only when connecting to the internet. If internet is used often, it's recommended to leave it in startup so it starts with the system
Source=Paul Collins Startup list

[WgwMngr]
Number=11939
Confirmed=Y
Filename=WgwMngr.exe
Description=Part of Flash-Networks NettGain2000 product. NettGain 2000 is a combined hardware/software networking solution, which is designed to improve performance of satellite networks by increasing data transmission speeds and maximizing the existing bandwidth for complete utilization when sending TCP/IP applications over a satellite. It is needed when connecting to the internet via satellite to provide speed faster than 60k or so
Source=Paul Collins Startup list

[whagent]
Number=11940
Confirmed=X
Filename=whagent.exe
Description=System Tray application that starts up Webhancer software. Software that optimizes your web browser and is also advertising spyware that you can find out about <a href="http://www.cexx.org/adware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[WhatPulse]
Number=11941
Confirmed=U
Filename=WHATPU~1.EXE
Description=<a href="http://whatpulse.org/" target=_blank>WhatPulse</a> keeps track of your keystrokes, allowing you to find out just how much you type a day
Source=Paul Collins Startup list

[WheelMouse]
Number=11942
Confirmed=U
Filename=4DMAIN.EXE
Description=Mouse software for &quot;Fellowes&quot; Wheelman mouse. Has caused some users problems but shouldn't be needed if you don't use any enhanced features it may provide
Source=Paul Collins Startup list

[WheelMouse]
Number=11943
Confirmed=U
Filename=AMOUMAIN.EXE
Description=<a href="http://www.a4tech.com/a4techenglish/index.html" target="_blank">A4Tech</a> wireless mouse driver and utility - required if you use non-standard Windows driver features
Source=Paul Collins Startup list

[WheelsMouse]
Number=11944
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsocksprd.html" target=_blank>SOCKSPR-D</a> TROJAN!
Source=Paul Collins Startup list

[WhenUSave]
Number=11945
Confirmed=X
Filename=Save.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=WhenU.Save&threatid=10810" target=_blank>WhenU.Save</a> adware
Source=Paul Collins Startup list

[WhenUSearch]
Number=11946
Confirmed=X
Filename=Search.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=WhenU.Save&threatid=10810" target=_blank>WhenU.Save</a> adware
Source=Paul Collins Startup list

[WhenUSearchWHSE]
Number=11947
Confirmed=X
Filename=whse.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=WhenU.Save&threatid=10810" target=_blank>WhenU.Save</a> adware
Source=Paul Collins Startup list

[Whistler]
Number=11948
Confirmed=X
Filename=whismng.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojwhistlerf.html" target= blank>WHISTLER-F</a> TROJAN!
Source=Paul Collins Startup list

[Whitechix]
Number=11949
Confirmed=X
Filename=brightx.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Whvlxd]
Number=11950
Confirmed=X
Filename=Whvlxd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzapchascs.html" target="_blank">ZAPCHAS-CS</a> TROJAN!
Source=Paul Collins Startup list

[whxpin service]
Number=11951
Confirmed=X
Filename=ssvsol.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[WIAWizardMenu]
Number=11952
Confirmed=N
Filename=RUNDLL32.EXE sti_ci.dll, WiaCreateWizardMenu
Description=Still Image Class Installer - installed with a webcam
Source=Paul Collins Startup list

[Widnows Xp Web scan]
Number=11953
Confirmed=X
Filename=xpscan.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[wifeman]
Number=11954
Confirmed=X
Filename=wifeman.exe
Description=Unidentified malware
Source=Paul Collins Startup list

[WiFix service]
Number=11955
Confirmed=X
Filename=[random filename]
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[WildFlics]
Number=11956
Confirmed=X
Filename=WildFlics.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/dialdirectb.html" target=_blank>Direct-B</a> premium rate adult content dialler
Source=Paul Collins Startup list

[WildTangent CDA]
Number=11957
Confirmed=?
Filename=RUNDLL32.exe cdaEngine0400.dll, cdaEngineMain
Description=Part of the <a href="http://www.wildtangent.com/default.asp" target="_blank">WildTangent</a> on-line games system. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[WildTangent Web Driver updater]
Number=11958
Confirmed=U
Filename=wcmdmgrl.exe
Description=<a href="http://www.wildtangent.com/default.asp?pageID=webdriver_download" target="_blank">Web Driver</a> delivery system for <a href="http://www.wildtangent.com/default.asp" target="_blank">WildTangent</a> on-line games. Periodically checks for updates - can be disabled within the programs control panel. Note that WildTanget's <a href="http://www.wildtangent.com/default.asp?pageID=company_art&artid=art20030925_A" target="_blank">privacy policy</a> used to state that they also collect and share individuals information but this is no longer the case
Source=Paul Collins Startup list

[Wildwire Monitor]
Number=11959
Confirmed=N
Filename=WWMon.exe
Description=This places a status icon on the taskbar for the DSL WildWire Tiger Modem. This is also a shortcut to the diagnostics utility for the DSL modem
Source=Paul Collins Startup list

[Willow Road]
Number=11960
Confirmed=N
Filename=WillowRoad.exe
Description=Willow Road Screen Saver
Source=Paul Collins Startup list

[win]
Number=11961
Confirmed=X
Filename=regedit -s ..win.dll
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100111-0931-99" target="_blank">SEEKER.K</a> TROJAN!
Source=Paul Collins Startup list

[win]
Number=11962
Confirmed=X
Filename=xwinxrpc32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotmv.html" target="_blank">AGOBOT-MV</a> WORM!
Source=Paul Collins Startup list

[win]
Number=11963
Confirmed=X
Filename=xwinxrpc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotmv.html" target=_blank>AGOBOT-MV</a> WORM!
Source=Paul Collins Startup list

[WIN]
Number=11964
Confirmed=X
Filename=ehshell.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobcq.html" target=_blank>MYTOB-CQ</a> WORM!
Source=Paul Collins Startup list

[WIN]
Number=11965
Confirmed=X
Filename=windows.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-071521-3122-99" target=_blank>REATLE.C</a> WORM!
Source=Paul Collins Startup list

[Win Chimes]
Number=11966
Confirmed=U
Filename=winchi~1.exe
Description=<a href="http://www.freefunfiles.com/software/desktopapplications/calendars/winchimes.html" target="_blank">WinChimes</a> - enhancement software for the system clock that runs in the system tray
Source=Paul Collins Startup list

[Win Comm]
Number=11967
Confirmed=X
Filename=WinComm.exe
Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=WinCom%20Trojan&threatid=14400" target=_blank>WINCOM</a> TROJAN!
Source=Paul Collins Startup list

[Win Command]
Number=11968
Confirmed=X
Filename=command32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.XQ" target="_blank">AGOBOT.XQ</a> WORM!
Source=Paul Collins Startup list

[Win CPU]
Number=11969
Confirmed=X
Filename=sysin.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxl.html" target=_blank>RBOT-AXL</a> WORM!
Source=Paul Collins Startup list

[win ctl app]
Number=11970
Confirmed=X
Filename=wuctl.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Win Drivers SSL]
Number=11971
Confirmed=X
Filename=hpws.exe
Description=Added by the <a href="http://info.ahnlab.com/securityinfo/virus_view_eng_new.jsp?SEQ_NO=2085" target=_blank>IRCBOT.67098</a> WORM!
Source=Paul Collins Startup list

[Win Drivers SSL]
Number=11972
Confirmed=X
Filename=TASKMAN4.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Win Drivers SSL]
Number=11973
Confirmed=X
Filename=hpws.exe
Description=Added by the <a href="http://info.ahnlab.com/securityinfo/virus_view_eng_new.jsp?SEQ_NO=2085" target=_blank>IRCBOT.67098</a> WORM!
Source=Paul Collins Startup list

[Win Drivers SSL32]
Number=11974
Confirmed=X
Filename=hpwsnnsbc.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.MAR&VSect=T" target=_blank>SPYBOT.MAR</a> WORM!
Source=Paul Collins Startup list

[WIN HOST PROCESS]
Number=11975
Confirmed=X
Filename=WIN HOST PROCESS.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-070913-4945-99" target="_blank">KEYLOGGER.CLONE</a> TROJAN!
Source=Paul Collins Startup list

[Win INI 32]
Number=11976
Confirmed=X
Filename=msrp32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfzc.html" target="_blank">RBOT-FZC</a> WORM!
Source=Paul Collins Startup list

[Win l5oahder]
Number=11977
Confirmed=X
Filename=winampa.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM! Note - this is NOT associated with the popular <a href="http://www.winamp.com/" target="_blank">Winamp</a> media player. The valid file for the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winampa/" target="_blank">Winamp Agent</a> resides in a "Winamp" subdirectory of the Program Files directory
Source=Paul Collins Startup list

[Win Login]
Number=11978
Confirmed=X
Filename=winlogin.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawe.html" target=_blank>RBOT-AWE</a> WORM! Note - this trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder
Source=Paul Collins Startup list

[Win Microsoft 98]
Number=11979
Confirmed=X
Filename=win14.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotakx.html" target=_blank>RBOT-AKX</a> WORM!
Source=Paul Collins Startup list

[win name]
Number=11980
Confirmed=?
Filename=stat.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Win Patch]
Number=11981
Confirmed=X
Filename=ntldr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotgs.html" target=_blank>SDBOT-GS</a> WORM!
Source=Paul Collins Startup list

[Win Process Updates]
Number=11982
Confirmed=X
Filename=winupdates.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Win Prosess0r]
Number=11983
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbit.html" target="_blank">RBOT-BIT</a> WORM!
Source=Paul Collins Startup list

[WIN prosessor16]
Number=11984
Confirmed=X
Filename=[random filename].exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Win Proxy32 Protocol]
Number=11985
Confirmed=X
Filename=bsvtem.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Win Secure Update]
Number=11986
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagi.html" target=_blank>RBOT-AGI</a> WORM!
Source=Paul Collins Startup list

[Win Security]
Number=11987
Confirmed=X
Filename=msw32.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqt.html" target=_blank>RBOT-AQT</a> WORM!
Source=Paul Collins Startup list

[Win Server]
Number=11988
Confirmed=X
Filename=winserv.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_IMISERV.A" target=_blank>IMISERV.A</a> TROJAN!
Source=Paul Collins Startup list

[Win Server Updt]
Number=11989
Confirmed=X
Filename=wupdt.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_IMISERV.A" target=_blank>IMISERV.A</a> TROJAN!
Source=Paul Collins Startup list

[Win Server Updt]
Number=11990
Confirmed=X
Filename=winserver.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=41623" target= blank>IMISERV</a> TROJAN!
Source=Paul Collins Startup list

[Win Server Updt]
Number=11991
Confirmed=X
Filename=pxckdla.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080410-4405-99" target=_blank>IEPlugin</a> adware
Source=Paul Collins Startup list

[Win TaskLoader]
Number=11992
Confirmed=X
Filename=msgmr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-032517-2147-99" target=_blank>MYTOB.L</a> WORM!
Source=Paul Collins Startup list

[win update]
Number=11993
Confirmed=X
Filename=wupda32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.J" target="_blank">SDBOT.J</a> WORM!
Source=Paul Collins Startup list

[win update]
Number=11994
Confirmed=X
Filename=wapdate.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Win Update]
Number=11995
Confirmed=X
Filename=SysUpdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobottn.html" target=_blank>AGOBOT-TN</a> WORM!
Source=Paul Collins Startup list

[Win Update]
Number=11996
Confirmed=X
Filename=oleupdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentuy.html" target=_blank>AGENT-UY</a> TROJAN!
Source=Paul Collins Startup list

[Win Update]
Number=11997
Confirmed=X
Filename=msnmger.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgdp.html" target="_blank">RBOT-GDP</a> WORM!
Source=Paul Collins Startup list

[Win Updater]
Number=11998
Confirmed=X
Filename=WINUPDATER.EXE
Description=Added by the <a href="http://www.trendmicro.co.jp/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.IP" target=_blank>RBOT.IP</a> WORM!
Source=Paul Collins Startup list

[Win Updator Services]
Number=11999
Confirmed=X
Filename=ctfnom.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN" target=_blank>WOOTBOT</a> WORM!
Source=Paul Collins Startup list

[WIN USB 2.0]
Number=12000
Confirmed=X
Filename=usbsystem.exe
Description=Added by an unidentified WORM of TROJAN!
Source=Paul Collins Startup list

[WIN USB 2.0]
Number=12001
Confirmed=X
Filename=winusb.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Win USB 2.0 USB Driver]
Number=12002
Confirmed=X
Filename=HPPrint.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091311-4329-99" target="_blank">SPYBOT.DNB</a> WORM!
Source=Paul Collins Startup list

[WIN USB SUPPORT]
Number=12003
Confirmed=X
Filename=grxsrv.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Win Validation Application]
Number=12004
Confirmed=X
Filename=DBExecCom.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vbsillya.html" target=_blank>VBSILLY-A</a> WORM!
Source=Paul Collins Startup list

[Win WinAmp]
Number=12005
Confirmed=X
Filename=winamp.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AGF" target="_blank">RBOT.AGF</a> WORM! Note - this is NOT the popular <a href="http://www.winamp.com/" target="_blank">Winamp</a> media player which resides in a "Winamp" subdirectory of the Program Files directory. This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[win************* [* = random digit]]
Number=12006
Confirmed=X
Filename=win*************.exe [* = random digit]
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062915-3210-99" target=_blank>WINBO</a> adware
Source=Paul Collins Startup list

[WIN-BUGSFIX]
Number=12007
Confirmed=X
Filename=WIN-BUGSFIX.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=VBS_LOVELETTER" target="_blank"> LOVELETTER</a> (I LOVE YOU) VIRUS!
Source=Paul Collins Startup list

[win-xp]
Number=12008
Confirmed=X
Filename=nvsc32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021515-4514-99" target=_blank>BROPIA.N</a> WORM!
Source=Paul Collins Startup list

[win-xp]
Number=12009
Confirmed=X
Filename=winis.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021515-4514-99" target=_blank>BROPIA.N</a> WORM!
Source=Paul Collins Startup list

[win-xp]
Number=12010
Confirmed=X
Filename=winis.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021515-4514-99" target=_blank>BROPIA.N</a> WORM!
Source=Paul Collins Startup list

[win.exe]
Number=12011
Confirmed=X
Filename=win.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpodropc.html" target=_blank>PODROP-C</a> TROJAN!
Source=Paul Collins Startup list

[win16.dll]
Number=12012
Confirmed=U
Filename=win16dll.exe
Description=<a href="http://sarc.com/avcenter/venc/data/spyware.screenspy.html" target=_blank>Screenspy</a> captures screenshots silently. If you didn't install this yourself, remove it
Source=Paul Collins Startup list

[Win2Drv]
Number=12013
Confirmed=X
Filename=[worm filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101514-3703-99" target="_blank">WINTOO</a> WORM!
Source=Paul Collins Startup list

[WIN32]
Number=12014
Confirmed=X
Filename=WIN32.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-042814-1021-99" target="_blank">RATEGA</a> TROJAN!
Source=Paul Collins Startup list

[win32]
Number=12015
Confirmed=X
Filename=Shakira_1997_Part_1_.Mpeg_.scr
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-070316-2426-99" target="_blank">MYLIFE.N</a> WORM!
Source=Paul Collins Startup list

[win32]
Number=12016
Confirmed=X
Filename=Setup_32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090718-0006-99" target="_blank">EVILBOT.B</a> TROJAN!
Source=Paul Collins Startup list

[Win32]
Number=12017
Confirmed=X
Filename=Win32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ISRAZ.A" target="_blank">ISRAZ.A</a> WORM!
Source=Paul Collins Startup list

[win32]
Number=12018
Confirmed=X
Filename=winsrv32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090317-4618-99" target="_blank">ADUENT</a> TROJAN! Acts as a hi-jacker redirecting to Surferbar.com and adult content sites
Source=Paul Collins Startup list

[win32]
Number=12019
Confirmed=X
Filename=WinSetup.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090718-0006-99" target="_blank">EVILBOT.B</a> TROJAN!
Source=Paul Collins Startup list

[Win32]
Number=12020
Confirmed=X
Filename=system32.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-012011-3745-99" target=_blank>SWERUN</a> VIRUS!
Source=Paul Collins Startup list

[Win32]
Number=12021
Confirmed=X
Filename=Game.exe.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031515-4025-99" target=_blank>SCAFENE</a> WORM!
Source=Paul Collins Startup list

[Win32]
Number=12022
Confirmed=X
Filename=arsetup.exe
Description=Added by the SPAZBOX.A TROJAN!
Source=Paul Collins Startup list

[win32]
Number=12023
Confirmed=X
Filename=winhost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-020311-1125-99" target=_blank>BROPIA.J</a> WORM!
Source=Paul Collins Startup list

[Win32]
Number=12024
Confirmed=X
Filename=winnnit.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Win32]
Number=12025
Confirmed=X
Filename=msnsrv.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Win32]
Number=12026
Confirmed=X
Filename=sysmon.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobhq.html" target="_blank">MYTOB-HQ</a> TROJAN!
Source=Paul Collins Startup list

[Win32]
Number=12027
Confirmed=X
Filename=zaq.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgce.html" target="_blank">RBOT-GCE</a> WORM!
Source=Paul Collins Startup list

[Win32 Bios]
Number=12028
Confirmed=X
Filename=Winbios.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32semapia.html" target= blank>SEMAPI-A</a> WORM!
Source=Paul Collins Startup list

[Win32 Configuration]
Number=12029
Confirmed=X
Filename=videosd32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.TT" target="_blank">SDBOT.TT</a> WORM!
Source=Paul Collins Startup list

[Win32 Configuration]
Number=12030
Confirmed=X
Filename=dllhelp.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.UL" target="_blank">SDBOT.UL</a> WORM!
Source=Paul Collins Startup list

[Win32 Configuration]
Number=12031
Confirmed=X
Filename=mplayer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbz.html" target=_blank>FORBOT-BZ</a> WORM!
Source=Paul Collins Startup list

[WIN32 DDOSSER]
Number=12032
Confirmed=X
Filename=dos.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031114-5534-99" target=_blank>KELVIR.F</a> WORM!
Source=Paul Collins Startup list

[Win32 Debug Manager]
Number=12033
Confirmed=X
Filename=Win32Debug.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN" target=_blank>WOOTBOT</a> WORM!
Source=Paul Collins Startup list

[Win32 Debug Manager]
Number=12034
Confirmed=X
Filename=microsoftupd.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN" target=_blank>WOOTBOT</a> WORM!
Source=Paul Collins Startup list

[Win32 Device Loader]
Number=12035
Confirmed=X
Filename=Win32ldr.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list

[Win32 Driver]
Number=12036
Confirmed=X
Filename=svchosts.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotfd.html" target=_blank>FORBOT-FD</a> WORM!
Source=Paul Collins Startup list

[Win32 Drivers]
Number=12037
Confirmed=X
Filename=winlogons.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotfg.html" target=_blank>FORBOT-FG</a> WORM!
Source=Paul Collins Startup list

[Win32 DRK Driver]
Number=12038
Confirmed=X
Filename=wdrk32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.CY" target="_blank">WOOTBOT.CY</a> WORM!
Source=Paul Collins Startup list

[Win32 exe file]
Number=12039
Confirmed=X
Filename=winstr32.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Win32 Explorer]
Number=12040
Confirmed=X
Filename=Explorer32.exe
Description=<a href="http://www.sophos.com/virusinfo/analyses/trojstartpamn.html" target="_blank">StartPa-MN</a> homepage hijacker
Source=Paul Collins Startup list

[Win32 Firewall Driver]
Number=12041
Confirmed=X
Filename=winfw.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Win32 FireWire Driver]
Number=12042
Confirmed=X
Filename=CTHELPER32.EXE
Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=WootBot&threatid=15094" target="_blank">WOOTBOT</a> TROJAN!
Source=Paul Collins Startup list

[Win32 FRT Driver]
Number=12043
Confirmed=X
Filename=msfr32.exe
Description=Added by a variant of the <a href="http://sophos.com.au/virusinfo/analyses/w32forbotgen.html" target=_blank>FORBOT</a> WORM!
Source=Paul Collins Startup list

[Win32 Help32 Service]
Number=12044
Confirmed=X
Filename=win32help.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotu.html" target="_blank">DELBOT-U</a> WORM!
Source=Paul Collins Startup list

[Win32 Information Service]
Number=12045
Confirmed=X
Filename=crsrs.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2007-030816-3346-99" target="_blank">RINBOT.Y</a> WORM!
Source=Paul Collins Startup list

[Win32 Information Service]
Number=12046
Confirmed=X
Filename=crsss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delboto.html" target="_blank">DELBOT-O</a> WORM!
Source=Paul Collins Startup list

[win32 internet server]
Number=12047
Confirmed=X
Filename=winserver.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdermond.html" target=_blank>DERMON-D</a> TROJAN!
Source=Paul Collins Startup list

[Win32 Kernel core component]
Number=12048
Confirmed=X
Filename=Kernel32.pif
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091614-3954-99" target="_blank">MOKS</a> VIRUS!
Source=Paul Collins Startup list

[Win32 LSA Driver]
Number=12049
Confirmed=X
Filename=lsa.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotfj.html" target=_blank>FORBOT-FJ</a> WORM!
Source=Paul Collins Startup list

[Win32 Ms Auto Updater]
Number=12050
Confirmed=X
Filename=AutomsUPD.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Win32 NDIS Driver]
Number=12051
Confirmed=X
Filename=xpndis.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Win32 Network Driver]
Number=12052
Confirmed=X
Filename=crss.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list

[Win32 NT Adv Services]
Number=12053
Confirmed=X
Filename=taskmngr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotade.html" target=_blank>RBOT-ADE</a> WORM!
Source=Paul Collins Startup list

[Win32 nvc]
Number=12054
Confirmed=X
Filename=nvcva.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabf.html" target= blank>RBOT-ABF</a> WORM!
Source=Paul Collins Startup list

[Win32 NVIDIA Driver]
Number=12055
Confirmed=X
Filename=MSPMSPSU.EXE
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.Y" target=_blank>WOOTBOT.Y</a> WORM!
Source=Paul Collins Startup list

[win32 regedit]
Number=12056
Confirmed=X
Filename=msn32.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Win32 Rundll Loader]
Number=12057
Confirmed=X
Filename=Rundll32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.A" target="_blank">SDBOT.A</a> TROJAN! Note - this is not to be confused with the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll32/" target=_blank>rundll32.exe</a> file!
Source=Paul Collins Startup list

[Win32 Secure]
Number=12058
Confirmed=X
Filename=msconfigsvc.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Win32 Security Protocol]
Number=12059
Confirmed=X
Filename=secure32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rboteti.html" target="_blank">RBOT-ETI</a> WORM!
Source=Paul Collins Startup list

[Win32 Security Service]
Number=12060
Confirmed=X
Filename=crsrs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbots.html" target="_blank">DELBOT-S</a> WORM!
Source=Paul Collins Startup list

[Win32 Service]
Number=12061
Confirmed=X
Filename=bazzi.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022311-5800-99" target=_blank>AHKER.E</a> WORM!
Source=Paul Collins Startup list

[Win32 Services]
Number=12062
Confirmed=X
Filename=odbc32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotek.html" target=_blank>SPYBOT-EK</a> WORM!
Source=Paul Collins Startup list

[Win32 Services Config]
Number=12063
Confirmed=X
Filename=winwkys.exe
Description=Added by the <a href="http://ae.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=3&VName=WORM_RBOT.BKY" target=_blank>RBOT.BKY</a> WORM!
Source=Paul Collins Startup list

[Win32 Services1]
Number=12064
Confirmed=X
Filename=wuamngr1.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpv.html" target="_blank">SDBOT-PV</a> WORM!
Source=Paul Collins Startup list

[Win32 Src Service]
Number=12065
Confirmed=X
Filename=win32src.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotsx.html" target=_blank>RBOT-SX</a> WORM!
Source=Paul Collins Startup list

[Win32 SSL Driver]
Number=12066
Confirmed=X
Filename=winssv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbh.html" target=_blank>FORBOT-BH</a> WORM!

Source=Paul Collins Startup list

[Win32 Svchosts Driver]
Number=12067
Confirmed=X
Filename=svchosts.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotfo.html" target=_blank>FORBOT-FO</a> WORM!
Source=Paul Collins Startup list

[win32 system server]
Number=12068
Confirmed=X
Filename=winserver.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdermona.html" target=_blank>DERMON-A</a> TROJAN!
Source=Paul Collins Startup list

[Win32 System Spool]
Number=12069
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.UK" target="_blank">SDBOT.UK</a> WORM!
Source=Paul Collins Startup list

[Win32 Test]
Number=12070
Confirmed=X
Filename=bleatest.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Win32 Update]
Number=12071
Confirmed=X
Filename=svchosts.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Win32 Update]
Number=12072
Confirmed=X
Filename=dl32.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[win32 update service]
Number=12073
Confirmed=X
Filename=svchostt.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Win32 USB Driver]
Number=12074
Confirmed=X
Filename=winxpinit.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091411-5953-99" target="_blank">SDBOT.AA</a> TROJAN!
Source=Paul Collins Startup list

[Win32 USB Driver]
Number=12075
Confirmed=X
Filename=mvsecn.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbk.html" target=_blank>FORBOT-BK</a> WORM!

Source=Paul Collins Startup list

[Win32 Usb Driver]
Number=12076
Confirmed=X
Filename=svhosint32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbe.html" target=_blank>FORBOT-BE</a> or  <a href="http://www.sophos.com/virusinfo/analyses/w32forbotj.html" target=_blank>FORBOT-J</a> WORMS! 

Source=Paul Collins Startup list

[Win32 Usb Driver]
Number=12077
Confirmed=X
Filename=usb32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotov.html" target=_blank>SDBOT-OV</a> WORM!
Source=Paul Collins Startup list

[Win32 Usb Driver]
Number=12078
Confirmed=X
Filename=AvpG.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbx.html" target=_blank>FORBOT-BX</a> WORM!
Source=Paul Collins Startup list

[Win32 USB2]
Number=12079
Confirmed=X
Filename=wins32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Win32 USB2 Driver]
Number=12080
Confirmed=X
Filename=win32usb.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-090717-1216-99" target="_blank">SPYBOT.DHV</a> WORM!
Source=Paul Collins Startup list

[Win32 USB2 Driver]
Number=12081
Confirmed=X
Filename=smsc.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.FO&Vsect=T" target="_blank">SDBOT.FO</a> WORM!
Source=Paul Collins Startup list

[Win32 USB2 Driver]
Number=12082
Confirmed=X
Filename=svchosting.exe
Description=Added by the FORBOT.J or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.HU" target="_blank">SDBOT.HU</a> WORM!
Source=Paul Collins Startup list

[Win32 USB2 Driver]
Number=12083
Confirmed=X
Filename=sys32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.X" target="_blank">WOOTBOT.X</a> WORM!
Source=Paul Collins Startup list

[Win32 USB2 Driver]
Number=12084
Confirmed=X
Filename=sys32snd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotan.html" target="_blank">FORBOT-AN</a> WORM!
Source=Paul Collins Startup list

[Win32 USB2 Driver]
Number=12085
Confirmed=X
Filename=wind32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotah.html" target="_blank">FORBOT-AH</a> WORM!
Source=Paul Collins Startup list

[Win32 USB2 Driver]
Number=12086
Confirmed=X
Filename=winupdate.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.YE" target="_blank">AGOBOT.YE</a> WORM!
Source=Paul Collins Startup list

[Win32 USB2 Driver]
Number=12087
Confirmed=X
Filename=updatemgr.exe
Description=Added by a variant of the <a href="http://sophos.com.au/virusinfo/analyses/w32forbotgen.html" target=_blank>FORBOT</a> WORM!
Source=Paul Collins Startup list

[Win32 USB2 Driver]
Number=12088
Confirmed=X
Filename=winsnd32.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Win32 USB2 Driver]
Number=12089
Confirmed=X
Filename=msn.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotex.html" target= blank>FORBOT-EX</a> WORM!
Source=Paul Collins Startup list

[Win32 USB2 Driver]
Number=12090
Confirmed=X
Filename=syscfg32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotr.html" target=_blank>FORBOT-R</a> WORM!
Source=Paul Collins Startup list

[Win32 USB2.0 Driver]
Number=12091
Confirmed=X
Filename=386.exe
Description=Added by the <a href="http://sarc.com/avcenter/venc/data/pf/w32.ircbot.d.html" target="_blank">IRCBOT.D</a> WORM!
Source=Paul Collins Startup list

[Win32 USB2.0 Driver]
Number=12092
Confirmed=X
Filename=rundll16.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.H" target="_blank">WOOTBOT.H</a> WORM!
Source=Paul Collins Startup list

[Win32 USB2.0 Driver]
Number=12093
Confirmed=X
Filename=w32usb2.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.DN" target="_blank">SPYBOT.DN</a> WORM!
Source=Paul Collins Startup list

[Win32 USB2.0 Driver]
Number=12094
Confirmed=X
Filename=service.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotqf.html" target=_blank>SDBOT-QF</a> WORM!

Source=Paul Collins Startup list

[Win32 USB3 Driver]
Number=12095
Confirmed=X
Filename=win32tool.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Win32 Wmls Driver]
Number=12096
Confirmed=X
Filename=winitr32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.B" target="_blank">WOOTBOT.B</a> WORM!
Source=Paul Collins Startup list

[Win32 Word Services]
Number=12097
Confirmed=X
Filename=msword32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[win32.exe]
Number=12098
Confirmed=X
Filename=win32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpagh.html" target="_blank">STARTPAGE</a> TROJAN!
Source=Paul Collins Startup list

[Win32.exe]
Number=12099
Confirmed=X
Filename=Win32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_AWQ.A&VSect=T" target=_blank>AWQ.A</a> TROJAN!
Source=Paul Collins Startup list

[Win32.Exploit.mzH]
Number=12100
Confirmed=X
Filename=mzrun.exe
Description=Added by the <a href="http://www.noadware.net/research/index2.php?item_id=1866&item_name=Painter" target=_blank>PAINTER</a> TROJAN!

Source=Paul Collins Startup list

[Win32.Trojan.Downloader]
Number=12101
Confirmed=X
Filename=netstat2.exe
Description=Added by the <a href="http://www.noadware.net/research/index2.php?item_id=1866&item_name=Painter" target=_blank>PAINTER</a> TROJAN!

Source=Paul Collins Startup list

[Win32BaseServiceMOD]
Number=12102
Confirmed=X
Filename=Wintask.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2000-122109-2445-99" target="_blank">NAVIDAD</a> WORM!
Source=Paul Collins Startup list

[win32beta]
Number=12103
Confirmed=X
Filename=win32sys4.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerda.html" target=_blank>BANKER-DA</a> TROJAN!
Source=Paul Collins Startup list

[win32clf]
Number=12104
Confirmed=X
Filename=win32clf.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[win32debug]
Number=12105
Confirmed=X
Filename=win32debug.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120112-4018-99" target=_blank>GUDEB</a> WORM!
Source=Paul Collins Startup list

[Win32DLL]
Number=12106
Confirmed=X
Filename=Win32DLL.vbs
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=VBS_LOVELETTER" target="_blank"> LOVELETTER</a> (I LOVE YOU) VIRUS!
Source=Paul Collins Startup list

[Win32dll]
Number=12107
Confirmed=X
Filename=Win32dll.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101416-4837-99" target="_blank">BANPAES</a> TROJAN!
Source=Paul Collins Startup list

[WIN32DS]
Number=12108
Confirmed=X
Filename=clienttimer.exe
Description=Added by <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-090719-0424-99" target=_blank>Eziin</a> adware
Source=Paul Collins Startup list

[Win32G]
Number=12109
Confirmed=X
Filename=Kernel32.com
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-061312-3737-99" target="_blank">ESTRELLA</a> TROJAN!
Source=Paul Collins Startup list

[Win32G]
Number=12110
Confirmed=X
Filename=Scandisk.com
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-061312-3737-99" target="_blank">ESTRELLA</a> TROJAN!
Source=Paul Collins Startup list

[win32gb]
Number=12111
Confirmed=X
Filename=win32gb.exe
Description=All-In-One-Telcom (adult content dialler) variant
Source=Paul Collins Startup list

[Win32Host Process]
Number=12112
Confirmed=X
Filename=webemir.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojturgena.html" target=_blank>TURGEN -A</a> TROJAN!
Source=Paul Collins Startup list

[win32info]
Number=12113
Confirmed=X
Filename=win32info.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[win32ini]
Number=12114
Confirmed=X
Filename=systroy.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-070208-5124-99" target="_blank">IRC.ALADINZ.C</a> TROJAN!
Source=Paul Collins Startup list

[WIN32io]
Number=12115
Confirmed=X
Filename=clienttimer.exe
Description=Added by <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-090719-0424-99" target=_blank>Eziin</a> adware
Source=Paul Collins Startup list

[Win32R]
Number=12116
Confirmed=X
Filename=Server.com
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-061312-3737-99" target="_blank">ESTRELLA</a> TROJAN!
Source=Paul Collins Startup list

[WIn32S Java DLL]
Number=12117
Confirmed=X
Filename=kavsvx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotrz.html" target= blank>AGOBOT-RZ</a> WORM!
Source=Paul Collins Startup list

[win32servv]
Number=12118
Confirmed=X
Filename=load.exe
Description=<a href="http://vil.nai.com/vil/content/v_133320.htm" target="_blank">iSearch</a> adware
Source=Paul Collins Startup list

[win32servv]
Number=12119
Confirmed=X
Filename=ms1.exe
Description=<a href="http://vil.nai.com/vil/content/v_133320.htm" target="_blank">iSearch</a> adware
Source=Paul Collins Startup list

[WIN32SL]
Number=12120
Confirmed=Y
Filename=Win32sl.exe
Description=Part of <a href="http://docs.us.dell.com/support/edocs/software/smcliins/cli60/en/ug/intro.htm" target="_blank">Dell OpenManage Client Instrumentation</a> - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards. The specific function of this is to load MIF's in order for Dell OpenManage Client to work
Source=Paul Collins Startup list

[WIN32SNDS]
Number=12121
Confirmed=X
Filename=banc.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Win32system]
Number=12122
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080820-0541-99" target="_blank">DDV.B</a> WORM!
Source=Paul Collins Startup list

[Win32System]
Number=12123
Confirmed=X
Filename=win32s.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091021-0154-99" target="_blank">MYDOOM.V</a> WORM!
Source=Paul Collins Startup list

[Win32SystemMonitor]
Number=12124
Confirmed=X
Filename=***.exe [* = random char]
Description=Browser hijacker

Source=Paul Collins Startup list

[Win32SysV]
Number=12125
Confirmed=X
Filename=xin.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forboteo.html" target= blank>FORBOT-EO</a> WORM!
Source=Paul Collins Startup list

[win32us]
Number=12126
Confirmed=X
Filename=win32us.exe
Description=All-In-One-Telcom (adult content dialler) variant
Source=Paul Collins Startup list

[win32usbd]
Number=12127
Confirmed=X
Filename=ssrs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotra.html" target=_blank>RBOT-RA</a> WORM!
Source=Paul Collins Startup list

[WIN32WN]
Number=12128
Confirmed=X
Filename=system_wc.exe
Description=Added by <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-090719-0424-99" target=_blank>Eziin</a> adware
Source=Paul Collins Startup list

[win32_i lptt01]
Number=12129
Confirmed=X
Filename=win32_i.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "win32_i" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[win32_i ml097e]
Number=12130
Confirmed=X
Filename=win32_i.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "win32_i" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[Win386]
Number=12131
Confirmed=X
Filename=Win386.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-012920-0002-99" target="_blank">GOSUSUB</a> VIRUS!
Source=Paul Collins Startup list

[Win386]
Number=12132
Confirmed=X
Filename=sp32.dll
Description=Homepage hijacker. Not a dll but a regfile in disguise
Source=Paul Collins Startup list

[WIN3S2SNDS]
Number=12133
Confirmed=X
Filename=winabsmod.exe
Description=Added by the AGENT.DN TROJAN - known to <a href="http://www.nsclean.com/boclean.html" target="_blank">BOClean</a> as "CWS/INDEX", "shuts down anything that wants to open and is used as a spam proxy as well"
Source=Paul Collins Startup list

[WIN3S2SNDS]
Number=12134
Confirmed=X
Filename=winiprtx.exe
Description=Added by the AGENT.DN TROJAN - known to <a href="http://www.nsclean.com/boclean.html" target="_blank">BOClean</a> as "CWS/INDEX", "shuts down anything that wants to open and is used as a spam proxy as well"
Source=Paul Collins Startup list

[Win64 Compatibility Check]
Number=12135
Confirmed=X
Filename=load win64.drv
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list

[WIN95DEFVIEW]
Number=12136
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdedlerd.html" target=_blank>DEDLER-D</a> TROJAN!
Source=Paul Collins Startup list

[WIN95DEFVIEW]
Number=12137
Confirmed=X
Filename=csmss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdedlerd.html" target= blank>DEDLER-D</a> TROJAN!
Source=Paul Collins Startup list

[win98 DNS]
Number=12138
Confirmed=X
Filename=wingrd.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[winabc]
Number=12139
Confirmed=X
Filename=rundll32.exe [Temp]\[ORIGFILENAME].DLL, InstallLaunchEv
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagepn.html" target=_blank>LINEAGE-PN</a> TROJAN!
Source=Paul Collins Startup list

[WinAC v4]
Number=12140
Confirmed=X
Filename=klsuicbn.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotcs.html" target=_blank>FORBOT-CS</a> WORM!
Source=Paul Collins Startup list

[Winacsr]
Number=12141
Confirmed=U
Filename=Winacsr.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120217-1741-99" target= blank>AceScreenSpy</a> keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[winactive]
Number=12142
Confirmed=X
Filename=WINACTIVE.EXE
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453075330" target="_blank">WinActive</a> of the LOP.com hijacker
Source=Paul Collins Startup list

[WinActiveJ]
Number=12143
Confirmed=X
Filename=WinActiveJ.exe
Description=Added by the ROTARRAN VIRUS!
Source=Paul Collins Startup list

[Winad Client]
Number=12144
Confirmed=X
Filename=Winad.exe
Description=WinAd adware by eXact Advertising
Source=Paul Collins Startup list

[WinAdCnt.exe]
Number=12145
Confirmed=X
Filename=WinAdCnt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerbu.html" target= blank>BANKER-BU</a> TROJAN!
Source=Paul Collins Startup list

[winadm]
Number=12146
Confirmed=X
Filename=winadm.exe
Description=Browser hijacker - redirecting to Search-World.net. Related to the <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=68781" target="_blank">SMALL.AEX</a> TROJAN!
Source=Paul Collins Startup list

[WinAgent]
Number=12147
Confirmed=?
Filename=WinAgent.exe
Description=Standard Life Insurance program. <font color="#FF0000">Is it required at startup?<font>
Source=Paul Collins Startup list

[Winahlp.exe]
Number=12148
Confirmed=X
Filename=Winahlp.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_VAGRNOCK.12" target="_blank">VAGRNOCKER</a> TROJAN!
Source=Paul Collins Startup list

[winallap]
Number=12149
Confirmed=X
Filename=winallap.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-112614-2646-99" target="_blank">DELF.E</a> TROJAN!
Source=Paul Collins Startup list

[winallapu]
Number=12150
Confirmed=X
Filename=winallapu.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-112614-2646-99" target="_blank">DELF.E</a> TROJAN!
Source=Paul Collins Startup list

[Winamp]
Number=12151
Confirmed=X
Filename=winamp.hta
Description=Hijacker - re-directing to adult content sites. Note - this isn't the real Winamp
Source=Paul Collins Startup list

[Winamp]
Number=12152
Confirmed=X
Filename=winamp.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.XI" target="_blank">AGOBOT.XI</a> WORM! Note - this is NOT the popular <a href="http://www.winamp.com/" target="_blank">Winamp</a> media player
Source=Paul Collins Startup list

[WinAMP]
Number=12153
Confirmed=X
Filename=winamp62.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwn.html" target= blank>SDBOT-WN</a> WORM!
Source=Paul Collins Startup list

[Winamp]
Number=12154
Confirmed=N
Filename=winamp.exe
Description=<a href="http://www.winamp.com/" target="_blank">Winamp</a> media player. Resides in a "Winamp" subdirectory of the Program Files directory
Source=Paul Collins Startup list

[Winamp Agent]
Number=12155
Confirmed=X
Filename=winamp.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM! Note - this is NOT the popular <a href="http://www.winamp.com/" target="_blank">Winamp</a> media player. The valid filename for the Winamp Agent is "winampa.exe" - see <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winampa/" target="_blank">here</a>
Source=Paul Collins Startup list

[Winamp Media]
Number=12156
Confirmed=X
Filename=qmedia.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdiazoma.html" target="_blank">DIAZMON-A</a> TROJAN!
Source=Paul Collins Startup list

[Winamp media player]
Number=12157
Confirmed=X
Filename=winapa.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[WinAmp Player]
Number=12158
Confirmed=X
Filename=winampp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqi.html" target=_blank>RBOT-AQI</a> WORM! Note - this is NOT the popular <a href="http://www.winamp.com/" target=_blank>Winamp</a> media player which has a different filename
Source=Paul Collins Startup list

[Winamp to Google Talk]
Number=12159
Confirmed=U
Filename=winamptogoogletalk.exe
Description=Winamp to Google Talk, available <a href="http://www.customizetalk.com/index.php?page=downloads" target="_blank">here</a> shows your current Winamp track in your <a href="http://www.google.com/talk/" target=_blank>Google Talk</a> status
Source=Paul Collins Startup list

[Winamp Update]
Number=12160
Confirmed=X
Filename=yhn.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotacr.html" target=_blank>SDBOT-ACR</a> WORM! 
Source=Paul Collins Startup list

[Winampa]
Number=12161
Confirmed=U
Filename=WINAMPa.exe
Description=Loads the System Tray icon for the popular <a href="http://www.winamp.com/" target="_blank">Winamp</a> media player - see <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winampa/" target="_blank">here</a>. Can be used to mantain file associations so programs like QuickTime and RealPlayer don't take over as default player for various media types. Available via Start -> Programs. Resides in a "Winamp" subdirectory of the Program Files directory
Source=Paul Collins Startup list

[Winampa]
Number=12162
Confirmed=X
Filename=winampa.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotgs.html" target="_blank">AGOBOT-GS</a> TROJAN! ! Note - this is NOT associated with the popular <a href="http://www.winamp.com/" target="_blank">Winamp</a> media player. The valid file for the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winampa/" target="_blank">Winamp Agent</a> resides in a "Winamp" subdirectory of the Program Files directory whereas this file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[Winampa Agent]
Number=12163
Confirmed=X
Filename=WINAMPA.EXE
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM! Note - this is NOT the popular <a href="http://www.winamp.com/" target="_blank">Winamp</a> media player. The valid filename for the Winamp Agent is "winampa.exe" - see <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winampa/" target="_blank">here</a>
Source=Paul Collins Startup list

[WinampAgent]
Number=12164
Confirmed=U
Filename=WINAMPa.exe
Description=Loads the System Tray icon for the popular <a href="http://www.winamp.com/" target="_blank">Winamp</a> media player - see <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winampa/" target="_blank">here</a>. Can be used to mantain file associations so programs like QuickTime and RealPlayer don't take over as default player for various media types. Available via Start -> Programs. Resides in a "Winamp" subdirectory of the Program Files directory
Source=Paul Collins Startup list

[WinAmpAgent]
Number=12165
Confirmed=X
Filename=Msexploren.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooreb.html" target=_blank>EB</a> TROJAN! Note - this is NOT the popular <a href="http://www.winamp.com/" target=_blank>Winamp</a> media player which has a different filename
Source=Paul Collins Startup list

[WinAmpAgent]
Number=12166
Confirmed=X
Filename=Shch.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooreb.html" target=_blank>EB</a> TROJAN! Note - this is NOT the popular <a href="http://www.winamp.com/" target=_blank>Winamp</a> media player which has a different filename
Source=Paul Collins Startup list

[WinAmpAgent]
Number=12167
Confirmed=X
Filename=svchst.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooreb.html" target=_blank>EB</a> TROJAN! Note - this is NOT the popular <a href="http://www.winamp.com/" target=_blank>Winamp</a> media player which has a different filename
Source=Paul Collins Startup list

[WinAmpAgent]
Number=12168
Confirmed=X
Filename=Winagent.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooreb.html" target=_blank>EB</a> TROJAN! Note - this is NOT the popular <a href="http://www.winamp.com/" target=_blank>Winamp</a> media player which has a different filename
Source=Paul Collins Startup list

[WinAmpAgent]
Number=12169
Confirmed=X
Filename=msnexploren.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.B</a> TROJAN!
Source=Paul Collins Startup list

[WinAmpAgent]
Number=12170
Confirmed=X
Filename=sdhch.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.B</a> TROJAN!
Source=Paul Collins Startup list

[WinAntiSpyware 2005]
Number=12171
Confirmed=N
Filename=was5.exe
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>
Source=Paul Collins Startup list

[WinAntiVirus Pro 2007]
Number=12172
Confirmed=N
Filename=WinAV.exe
Description=WinAntiVirus Pro 2007 virus software - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[WinApi]
Number=12173
Confirmed=X
Filename=winapix.exe
Description=Added by a variant of the TIBSER.A downloader TROJAN!
Source=Paul Collins Startup list

[WINAPLOGUPD]
Number=12174
Confirmed=X
Filename=WINAPLOGUPD.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32capsidec.html" target= blank>CAPSIDE-C</a> WORM!
Source=Paul Collins Startup list

[Winapp]
Number=12175
Confirmed=X
Filename=winpup32.exe
Description=Produces popup ads to adult content sites
Source=Paul Collins Startup list

[WinApp32]
Number=12176
Confirmed=X
Filename=msapp.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-032416-1326-99" target="_blank">RSBOT</a> TROJAN!
Source=Paul Collins Startup list

[WinAppLog]
Number=12177
Confirmed=U
Filename=svchost.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050419-3804-99" target=blank>StingKeyLogger</a> keystroke logger/monitoring program - remove unless you installed it yourself! Note - this is not the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=blank>svchost.exe</a> process that normally doesn't appear in Msconfig/Startup!
Source=Paul Collins Startup list

[WinAuth]
Number=12178
Confirmed=X
Filename=winlogon.exe
Description=Hijacker, also indentified as the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_STRTPAGE.BE" target=_blank>STRTPAGE.BE</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target=_blank>winlogon.exe</a> process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder
Source=Paul Collins Startup list

[WinAwk]
Number=12179
Confirmed=X
Filename=WinAwk.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotayf.html" target=_blank>SDBOT-AYF</a> WORM!
Source=Paul Collins Startup list

[WinBackup Scheduler]
Number=12180
Confirmed=U
Filename=Wbsched.exe
Description=LIUtilities <a href="http://www.liutilities.com/products/winbackup/" target="_blank">WinBackup</a> scheduler - backup software
Source=Paul Collins Startup list

[WinBar]
Number=12181
Confirmed=U
Filename=WinBar.exe
Description=&quot;<a href="http://www.winbar.nl/" target="_blank">WinBar</a> is a free and compact program that lets you monitor your system and provides easy access to frequently used controls&quot;
Source=Paul Collins Startup list

[winbar.pif]
Number=12182
Confirmed=X
Filename=packe.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotavi.html" target=_blank>RBOT-AVI</a> WORM!
Source=Paul Collins Startup list

[winbas12]
Number=12183
Confirmed=X
Filename=winbas12.exe
Description=Adware, CoolWebSearch parasite related - recognized by <a href="http://www.kaspersky.com/" target=_blank>Kaspersky</a> antivirus as TrojanDownloader.Win32.VB.du - Note - this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
Source=Paul Collins Startup list

[Winbed]
Number=12184
Confirmed=X
Filename=winbed.exe
Description=Hijacker
Source=Paul Collins Startup list

[Winbin]
Number=12185
Confirmed=X
Filename=swchost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CLS&VSect=P" target=_blank>RBOT.CLS</a> WORM!
Source=Paul Collins Startup list

[winbin32]
Number=12186
Confirmed=X
Filename=win32exe.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotzl.html" target=_blank>RBOT-ZL</a> WORM!
Source=Paul Collins Startup list

[winbot]
Number=12187
Confirmed=X
Filename=winbot.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmidruga.html" target="_blank">MIDRUG-A</a> TROJAN!
Source=Paul Collins Startup list

[WinCheck]
Number=12188
Confirmed=X
Filename=WinCheck.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_98807.htm" target="_blank">PWS-CY</a> TROJAN!
Source=Paul Collins Startup list

[WinCheck]
Number=12189
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-111512-2822-99" target=_blank>SOBER.S</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "ConnectionStatus\Microsoft" subfolder of the Windows or Winnt folder
Source=Paul Collins Startup list

[WinCheck]
Number=12190
Confirmed=X
Filename=check.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delboty.html" target="_blank">DELBOT-Y</a> WORM!
Source=Paul Collins Startup list

[winchost]
Number=12191
Confirmed=X
Filename=winchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderpo.html" target=_blank>DLOADER-PO</a> TROJAN!
Source=Paul Collins Startup list

[WINCINEMAMGR]
Number=12192
Confirmed=N
Filename=WINCIN~1.EXE
Description=<a href="http://www.intervideo.com/jsp/WinCinema_Manager_Download.jsp" target=_blank>WinCinema_Manager</a> is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs
Source=Paul Collins Startup list

[WinCinemaMgr]
Number=12193
Confirmed=N
Filename=WinCinemaMgr.exe
Description=<a href="http://www.intervideo.com/jsp/WinCinema_Manager_Download.jsp" target=_blank>WinCinema_Manager</a> is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs
Source=Paul Collins Startup list

[winclean]
Number=12194
Confirmed=X
Filename=winclean.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.GXR" target="_blank">AGENT.GXR</a> TROJAN!
Source=Paul Collins Startup list

[wincmap]
Number=12195
Confirmed=X
Filename=wincmapp.exe
Description=CasClient adware variant - also detected as the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-081011-2344-99" target=_blank>CMAPP</a> TROJAN!
Source=Paul Collins Startup list

[wincms]
Number=12196
Confirmed=X
Filename=wincms.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CBR&VSect=P" target=_blank>RBOT.CBR</a> WORM! Note - this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
Source=Paul Collins Startup list

[WinCRT32]
Number=12197
Confirmed=X
Filename=wincrt32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32dogbotd.html" target=_blank>DOGBOT-D</a> WORM!
Source=Paul Collins Startup list

[WinCSRSS]
Number=12198
Confirmed=X
Filename=MSGRT32.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojrewindoa.html" target=_blank>REWINDO-A</a> TROJAN!

Source=Paul Collins Startup list

[WINCX]
Number=12199
Confirmed=X
Filename=wincore332.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotmg.html" target=_blank>AGOBOT-MG</a> WORM!
Source=Paul Collins Startup list

[Wind Logd File]
Number=12200
Confirmed=X
Filename=servicelogd.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Wind Security]
Number=12201
Confirmed=X
Filename=mswi32.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotarh.html" target=_blank>RBOT-ARH</a> WORM!
Source=Paul Collins Startup list

[wind.exe]
Number=12202
Confirmed=X
Filename=wind.exe
Description=Added by the <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=51224" target="_blank">MITGLIEDER.BD</a> TROJAN!
Source=Paul Collins Startup list

[WIND0WS]
Number=12203
Confirmed=X
Filename=WIND0WS.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.DQ" target="_blank">SPYBOT.DQ</a> WORM!
Source=Paul Collins Startup list

[WIND0WS]
Number=12204
Confirmed=X
Filename=mella.bat
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030216-1808-99" target=_blank>ALLEM</a> WORM!
Source=Paul Collins Startup list

[Wind0ws]
Number=12205
Confirmed=X
Filename=wordpad.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobottl.html" target=_blank>AGOBOT-TL</a> WORM! Note - this is not the legitimate Windows application wordpad.exe (which is found in the Program Files\Accessories folder) which should not normally be seen in Msconfig or as a Startup item. This file is loacted in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[Wind0ws Sharing]
Number=12206
Confirmed=X
Filename=ssprotecter.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahw.html" target=_blank>RBOT-AHW</a> WORM!
Source=Paul Collins Startup list

[WinData]
Number=12207
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.f-secure.com/v-descs/email-worm_w32_sober_aa.shtml" target="_blank">SOBER.AA</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "PoolData" subfolder of the Windows or Winnt folder
Source=Paul Collins Startup list

[WinDates]
Number=12208
Confirmed=N
Filename=windates.exe
Description=WinDates is a calendar, date organizer and event reminder program from Rockin' Software
Source=Paul Collins Startup list

[windbs]
Number=12209
Confirmed=X
Filename=winxtc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotwd.html" target="_blank">AGOBOT-WD</a> WORM!
Source=Paul Collins Startup list

[Winde]
Number=12210
Confirmed=X
Filename=winde.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081913-4208-99" target="_blank"> DLUCA</a> TROJAN!
Source=Paul Collins Startup list

[windef]
Number=12211
Confirmed=X
Filename=Win32sp.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-0016-99" target=_blank>ANPES</a> WORM!
Source=Paul Collins Startup list

[windef]
Number=12212
Confirmed=X
Filename=windef.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32wurmarko.html" target=_blank>WURMARK-O</a> WORM!
Source=Paul Collins Startup list

[Windeows NetStart Service2]
Number=12213
Confirmed=X
Filename=tesakrmger.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotamy.html" target=_blank>RBOT-AMY</a> WORM!
Source=Paul Collins Startup list

[windhost.exe]
Number=12214
Confirmed=X
Filename=osrwin32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankercb.html" target=_blank>BANKER-CB</a> TROJAN!
Source=Paul Collins Startup list

[windhost.exe]
Number=12215
Confirmed=X
Filename=windhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerbv.html" target= blank>BANKER-BV</a> TROJAN!
Source=Paul Collins Startup list

[windhost.exe]
Number=12216
Confirmed=X
Filename=winos.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpwsagenta.html" target= blank>PWSAGENT-A</a> WORM!
Source=Paul Collins Startup list

[windir]
Number=12217
Confirmed=X
Filename=winrun.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-032718-1359-99" target="_blank">WINBUR.B</a> WORM!
Source=Paul Collins Startup list

[Windll]
Number=12218
Confirmed=X
Filename=Windll.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-041516-4618-99" target="_blank">TRYNOMA</a> TROJAN!
Source=Paul Collins Startup list

[WINDLL]
Number=12219
Confirmed=U
Filename=WSYS.EXE
Description=STARR key logger. &quot;It logs almost everything that goes through the box. It logs all key strokes, all passwords transacted even if they weren't keyed in, all web sites visited, every program launched including the path to that program, and more&quot;
Source=Paul Collins Startup list

[windll]
Number=12220
Confirmed=X
Filename=windll32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082710-5900-99" target="_blank">ASTEF</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100514-2403-99" target="_blank">RESPAN</a> WORMS!
Source=Paul Collins Startup list

[WinDLL (csmss.exe)]
Number=12221
Confirmed=X
Filename=rundll32.exe [path] CSMSS.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AKBOT.U" target="_blank">AKBOT.U</a> WORM!
Source=Paul Collins Startup list

[WinDLL (wchshield.exe)]
Number=12222
Confirmed=X
Filename=wchshield.exe
Description=Added by the <a href="http://fileinfo.prevx.com/adware/qqaa2421734146-WCHS16764604/WCHSHIELD.EXE.html" target="_blank">IRCBOT GEN</a> WORM!
Source=Paul Collins Startup list

[Windll.exe]
Number=12223
Confirmed=X
Filename=Windll.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-070415-5712-99" target="_blank">STEALER</a> TROJAN!
Source=Paul Collins Startup list

[Windll32]
Number=12224
Confirmed=X
Filename=Windll32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-040119-1148-99" target="_blank">MSNPWS</a> TROJAN!
Source=Paul Collins Startup list

[WinDll32]
Number=12225
Confirmed=X
Filename=_WIN32.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LEGMIR.AQ&VSect=T" target=_blank>LEGMIR.AQ</a> TROJAN!
Source=Paul Collins Startup list

[windllsys32.exe]
Number=12226
Confirmed=X
Filename=windllsys32.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojmitgliea.html" target="_blank">MITGLIE-A</a> TROJAN!
Source=Paul Collins Startup list

[WinDNS]
Number=12227
Confirmed=X
Filename=windns32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040611-4552-99" target="_blank">GAOBOT.WX</a> WORM!
Source=Paul Collins Startup list

[Windoes Kernel]
Number=12228
Confirmed=X
Filename=kernel32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-050515-4202-99" target="_blank"> KICKIN.A</a> (or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_CYDOG.C" target="_blank">CYDOG.C</a>) WORM!
Source=Paul Collins Startup list

[Window]
Number=12229
Confirmed=X
Filename=explore.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042314-0614-99" target="_blank">GAOBOT.ADW</a> WORM!
Source=Paul Collins Startup list

[Window Loader]
Number=12230
Confirmed=X
Filename=Dos32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
Source=Paul Collins Startup list

[Window Monitor]
Number=12231
Confirmed=X
Filename=winmon32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.RT&VSect=T" target="_blank">SDBOT.RT</a> WORM!
Source=Paul Collins Startup list

[Window service]
Number=12232
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotach.html" target= blank>RBOT-ACH</a> WORM!
Source=Paul Collins Startup list

[Window Washer]
Number=12233
Confirmed=U
Filename=wwDisp.exe
Description=<a href="http://www.webroot.com/consumer/products/windowwasher/" target="_blank">Window Washer</a> from Webroot Software. Useful utility that deletes safe to remove files, cookies, browsing history, etc. Available via from Start -> Programs. Disable within the program options - otherwise it is re-enabled in MSCONFIG
Source=Paul Collins Startup list

[window.exe]
Number=12234
Confirmed=X
Filename=window.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040712-3540-99" target="_blank">MITGLIEDER.H</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042419-5932-99" target="_blank">MITGLIEDER.J</a> TROJANS!
Source=Paul Collins Startup list

[window2]
Number=12235
Confirmed=X
Filename=ssvchost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-090815-5443-99" target="_blank">IRCBOT.H</a> TROJAN!
Source=Paul Collins Startup list

[WindowBlinds]
Number=12236
Confirmed=U
Filename=wbload.exe
Description=<a href="http://www.windowblinds.net/" target="_blank">WindowBlinds</a> from Stardock. Skin application to change the appearence on Windows desktops. Available as an individual download or as part of Object Desktop. Required to restore settings if you use it. Available via right-click on the Desktop -&gt; Properties -&gt; Skins
Source=Paul Collins Startup list

[WindowEnhancer]
Number=12237
Confirmed=X
Filename=Winex.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453079937" target="_blank">SCBar</a> foistware variant

Source=Paul Collins Startup list

[Windowfdgfds DasdLL Verifiew]
Number=12238
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotggx.html" target="_blank">RBOT-GGX</a> WORM!
Source=Paul Collins Startup list

[Windowfdgfds DLL fgfdg Verifier]
Number=12239
Confirmed=X
Filename=winsecure.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CSP" target="_blank">RBOT.CSP</a> WORM!
Source=Paul Collins Startup list

[Windowfdgfds DLL fgfdg Verifier]
Number=12240
Confirmed=X
Filename=winsecure.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CSP" target="_blank">RBOT.CSP</a> WORM!
Source=Paul Collins Startup list

[WindowFX]
Number=12241
Confirmed=U
Filename=wfxload.exe
Description=Stardock <a href="http://www.stardock.com/products/windowfx/" target="_blank"> WindowFX</a> - "Allows you to add an unprecedented number of special effects to windows"
Source=Paul Collins Startup list

[windown]
Number=12242
Confirmed=X
Filename=wiusyt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassm.html" target=_blank>QQPASS-M</a> TROJAN!
Source=Paul Collins Startup list

[WindowRegKey update]
Number=12243
Confirmed=X
Filename=wins.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SPYBOT.I&VSect=P" target=_blank>SPYBOT.I</a> WORM!
Source=Paul Collins Startup list

[Windows]
Number=12244
Confirmed=X
Filename=Kernel32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_TENDOOLF.A" target="_blank">TENDOOLF.A</a> WORM!
Source=Paul Collins Startup list

[Windows]
Number=12245
Confirmed=X
Filename=msdos98.exe
Description=Added by the PWSTEAL TROJAN!
Source=Paul Collins Startup list

[Windows]
Number=12246
Confirmed=X
Filename=Windows.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_KAZMOR.A" target="_blank">KAZMOR.A</a>, <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082612-3051-99" target="_blank">BOBBINS</a> & <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091619-3832-99" target="_blank"> ALADINZ.D</a> TROJANS!
Source=Paul Collins Startup list

[Windows]
Number=12247
Confirmed=X
Filename=explorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32poebotj.html" target="_blank">POEBOT-J</a> WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[windows]
Number=12248
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040119-1817-99" target="_blank">AIMWIN</a> TROJAN!
Source=Paul Collins Startup list

[windows]
Number=12249
Confirmed=X
Filename=hkey.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-043012-0405-99" target="_blank">GAOBOT.AFW</a> WORM!
Source=Paul Collins Startup list

[windows]
Number=12250
Confirmed=X
Filename=system copy.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-113010-0605-99" target=_blank>SALGA.A</a> WORM!
Source=Paul Collins Startup list

[Windows]
Number=12251
Confirmed=X
Filename=gearsec.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32stubbotb.html" target= blank>STUBBOT-B</a> TROJAN!
Source=Paul Collins Startup list

[Windows]
Number=12252
Confirmed=X
Filename=run.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042917-1039-99" target= blank>SPYBOT.OFN</a> WORM!
Source=Paul Collins Startup list

[Windows]
Number=12253
Confirmed=X
Filename=system.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042211-4441-99" target= blank>SPYBOT.OBB</a> WORM!
Source=Paul Collins Startup list

[WINDOWS]
Number=12254
Confirmed=X
Filename=\windows.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmonbota.html" target=_blank>MONBOT-A</a> TROJAN!
Source=Paul Collins Startup list

[Windows]
Number=12255
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32soberz.html" target=_blank>SOBER-Z</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! ! This file is located in a "WinSecurity" subfolder of the Windows or Winnt folder
Source=Paul Collins Startup list

[WINDOWS]
Number=12256
Confirmed=X
Filename=jif.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120212-0055-99" target=_blank>MYTOB.MK</a> WORM!
Source=Paul Collins Startup list

[windows]
Number=12257
Confirmed=X
Filename=iexplore.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotum.html" target=_blank>RBOT-UM</a> WORM! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a>) process, which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup unless you add it manually! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[Windows]
Number=12258
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadrgw.html" target=_blank>DLOADR-GW</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Windows" subfolder
Source=Paul Collins Startup list

[Windows]
Number=12259
Confirmed=X
Filename=smss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanof.html" target=_blank>BANCBAN-QF</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[windows]
Number=12260
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32slomirca.html" target=_blank>SLOMIRC-A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[WINDOWS]
Number=12261
Confirmed=X
Filename=ymssgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbckdrps.html" target="_blank">PS</a> TROJAN! Note - deactivates the MicrosoftInternet Connection Firewall (ICF)
Source=Paul Collins Startup list

[Windows]
Number=12262
Confirmed=X
Filename=taskmngr.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Windows (ICS) Spooler]
Number=12263
Confirmed=X
Filename=crtss.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows (random character)]
Number=12264
Confirmed=X
Filename=diskcheck.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102815-4051-99" target=_blank>SINGU.B</a> TROJAN!

Source=Paul Collins Startup list

[Windows .Net Manager]
Number=12265
Confirmed=X
Filename=localsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Windows .Net Manager]
Number=12266
Confirmed=X
Filename=netsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Windows .Net Manager]
Number=12267
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Windows .Net Manager]
Number=12268
Confirmed=X
Filename=svcadmin.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Windows .Net Manager]
Number=12269
Confirmed=X
Filename=svcman.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Windows .Net Manager]
Number=12270
Confirmed=X
Filename=svcrun.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Windows .Net Manager]
Number=12271
Confirmed=X
Filename=tcpsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Windows .Net Manager]
Number=12272
Confirmed=X
Filename=websvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Windows 128 Module]
Number=12273
Confirmed=X
Filename=win128.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotes.html" target= blank>FORBOT-ES</a> WORM!
Source=Paul Collins Startup list

[Windows 2004]
Number=12274
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerdy.html" target=_blank>BANKER-DY</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Arquivos de programas\Windows 2004\Tools" folder
Source=Paul Collins Startup list

[Windows 32 Editor]
Number=12275
Confirmed=X
Filename=Win32edit.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GQ&VSect=P" target=_blank>WOOTBOT.GQ</a> WORM!
Source=Paul Collins Startup list

[Windows 32 Rescue]
Number=12276
Confirmed=X
Filename=win32resc.exe
Description=Added by the <ahref="http://www.sophos.com/virusinfo/analyses/w32forboteu.html" target=_blank>FORBOT-EU</a> WORM!
Source=Paul Collins Startup list

[Windows 32 Update]
Number=12277
Confirmed=X
Filename=Windows-Update.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Accelerators]
Number=12278
Confirmed=U
Filename=setup.exe
Description=<a href="http://www.keyspy.net/" target=blank>KeySpy</a> keystroke logger/monitoring program - remove unless you installed it yourself!

Source=Paul Collins Startup list

[Windows AdControl]
Number=12279
Confirmed=X
Filename=WinAdCtl.exe
Description=Windupdates adware variant
Source=Paul Collins Startup list

[Windows AdService]
Number=12280
Confirmed=X
Filename=WinAdServ.exe
Description=Windupdates adware variant
Source=Paul Collins Startup list

[Windows AdStatus]
Number=12281
Confirmed=X
Filename=WinStat.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-072811-5002-99" target=_blank>BLESHARE!DR</a> VIRUS!
Source=Paul Collins Startup list

[Windows AdTools]
Number=12282
Confirmed=X
Filename=WinAdTools.exe
Description=Windupdates adware variant
Source=Paul Collins Startup list

[Windows Anti Verifier]
Number=12283
Confirmed=X
Filename=Windows-Anti.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=52655" target="_blank">RBOT.ETT</a> WORM!
Source=Paul Collins Startup list

[Windows Anti-Virus Built 32]
Number=12284
Confirmed=X
Filename=AntiVirus32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotbg.html" target=_blank>SDBOT-BG</a> WORM!
Source=Paul Collins Startup list

[Windows APCI Verifier]
Number=12285
Confirmed=X
Filename=dhcpserv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfon.html" target="_blank">RBOT-FON</a> WORM! Note - Disables the automatic startup of other software and deactivates the Microsoft Internet Connection Firewall (ICF)
Source=Paul Collins Startup list

[Windows API Control Task]
Number=12286
Confirmed=X
Filename=apitsk32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-071123-0807-99" target=_blank>MYTOB.HI</a> WORM!
Source=Paul Collins Startup list

[Windows Application Layer]
Number=12287
Confirmed=X
Filename=walg32.exe
Description=Added by the <a href="http://ae.trendmicro-europe.com/consumer/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=3&VName=WORM_AGOBOT.ATN" target=_blank>AGOBOT.ATN</a> WORM!
Source=Paul Collins Startup list

[Windows Application Layer Gateway]
Number=12288
Confirmed=X
Filename=walg32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotaaz.html" target=_blank>AGOBOT-AAZ</a> WORM!
Source=Paul Collins Startup list

[Windows ASN Service]
Number=12289
Confirmed=X
Filename=rge.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaok.html" target=_blank>RBOT-AOK</a> WORM!
Source=Paul Collins Startup list

[Windows ASN Service]
Number=12290
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobottc.html" target="_blank">AGOBOT-TC</a> WORM!
Source=Paul Collins Startup list

[Windows Authority Service]
Number=12291
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kalele.html" target=_blank>KALEL-E</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which should not normally figure in Msconfig/Startup!
Source=Paul Collins Startup list

[windows auto update]
Number=12292
Confirmed=X
Filename=penis32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081113-0229-99" target="_blank">BLASTER</a> (or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MSBLAST.A" target="_blank">MSBLAST.A</a>) WORM!
Source=Paul Collins Startup list

[Windows Auto Update]
Number=12293
Confirmed=X
Filename=winupdater.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.TF" target=_blank>SDBOT.TF</a> WORM!
Source=Paul Collins Startup list

[Windows auto update]
Number=12294
Confirmed=X
Filename=bazzi.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AHKER.E&VSect=T" target=_blank>AHKER.E</a> WORM!
Source=Paul Collins Startup list

[Windows auto update]
Number=12295
Confirmed=X
Filename=LSASS.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042116-5517-99" target=_blank>AHKER.G</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target="_blank">lsass.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[windows auto update ]
Number=12296
Confirmed=X
Filename=msblast.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081315-0500-99" target="_blank">BLASTER.B</a> WORM!
Source=Paul Collins Startup list

[Windows Automatic Update]
Number=12297
Confirmed=X
Filename=wuamgrder.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Automatic Updater]
Number=12298
Confirmed=X
Filename=windrg.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Automatic Updates]
Number=12299
Confirmed=X
Filename=dvldr.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.MF" target=_blank>RBOT.MF</a> WORM!

Source=Paul Collins Startup list

[Windows Automatical Updater]
Number=12300
Confirmed=X
Filename=dcz.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CXS" target=_blank>RBOT.CXS</a> WORM!

Source=Paul Collins Startup list

[Windows AutomaticUpdater]
Number=12301
Confirmed=X
Filename=runddls.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[windows automation]
Number=12302
Confirmed=X
Filename=mslaugh.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082820-1535-99" target="_blank">BLASTER.E</a> WORM!
Source=Paul Collins Startup list

[Windows Automation]
Number=12303
Confirmed=X
Filename=msdspr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040516-4513-99" target="_blank">SOLAME.A</a> WORM!
Source=Paul Collins Startup list

[Windows Autostart Loader]
Number=12304
Confirmed=X
Filename=notepad32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows backup]
Number=12305
Confirmed=X
Filename=systemss.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Backup Configuration]
Number=12306
Confirmed=X
Filename=IEXPLORER.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101607-0006-99" target="_blank">GAOBOT.AZ</a> WORM!
Source=Paul Collins Startup list

[Windows Baţlangýç Dosyasý]
Number=12307
Confirmed=X
Filename=sistem.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-090418-2313-99" target="_blank">MUZK</a> WORM!
Source=Paul Collins Startup list

[Windows Bootup]
Number=12308
Confirmed=X
Filename=ms-wks32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafm.html" target=_blank>RBOT-AFM</a> WORM!
Source=Paul Collins Startup list

[Windows Bootup]
Number=12309
Confirmed=X
Filename=Systemwks32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Bootup]
Number=12310
Confirmed=X
Filename=task-mngr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawp.html" target=_blank>RBOT-AWP</a> WORM!
Source=Paul Collins Startup list

[Windows Clean-Up Pro]
Number=12311
Confirmed=N
Filename=WINDOWS CLEAN-UP PRO.Exe
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>note</a>

Source=Paul Collins Startup list

[Windows Client Service 32]
Number=12312
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotalb.html" target=_blank>RBOT-ALB</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located a drivers\winsdriver subfolder
Source=Paul Collins Startup list

[Windows Client/Server Runtime Server]
Number=12313
Confirmed=X
Filename=csrs.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.KD" target=_blank>RBOT.KD</a> WORM!
Source=Paul Collins Startup list

[Windows Command]
Number=12314
Confirmed=X
Filename=wincmd.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ANV&VSect=P" target=_blank>RBOT.ANV</a> WORM!
Source=Paul Collins Startup list

[Windows Communicator]
Number=12315
Confirmed=X
Filename=wincomm.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotbh.html" target=_blank>AGOBOT-BH</a> WORM!

Source=Paul Collins Startup list

[Windows Communicator for NT/XP]
Number=12316
Confirmed=X
Filename=osndyrn.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotcpk.html" target="_blank">SDBOT-CPK</a> WORM! Note - can terminate AV related processes
Source=Paul Collins Startup list

[Windows Compliant]
Number=12317
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotir.html" target="_blank">RBOT-IR</a> WORM!
Source=Paul Collins Startup list

[Windows Config]
Number=12318
Confirmed=X
Filename=SSYS.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotda.html" target="_blank">SPYBOT-DA</a> WORM!
Source=Paul Collins Startup list

[Windows Config]
Number=12319
Confirmed=X
Filename=wins.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.JR&VSect=P" target=_blank>SPYBOT.JR</a> WORM!
Source=Paul Collins Startup list

[Windows Config]
Number=12320
Confirmed=X
Filename=RUNDLL.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotdx.html" target=_blank>SPYBOT-DX</a> WORM! Note - this is not the Windows system file of the same name as described <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll/" target=_blank>here</a>
Source=Paul Collins Startup list

[Windows Config Connection]
Number=12321
Confirmed=X
Filename=msicll.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotexq.html" target="_blank">RBOT-EXQ</a> WORM!
Source=Paul Collins Startup list

[Windows Config Loader]
Number=12322
Confirmed=X
Filename=Wincfg32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021414-3207-99" target="_blank">SILVERFTP</a> TROJAN!
Source=Paul Collins Startup list

[Windows Config Manager]
Number=12323
Confirmed=X
Filename=winconf.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotait.html" target="_blank">RBOT-AIT</a> WORM!
Source=Paul Collins Startup list

[Windows Config System]
Number=12324
Confirmed=X
Filename=config.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Configuration]
Number=12325
Confirmed=X
Filename=wsys32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010415-3959-99" target="_blank">GAOBOT.FB</a> WORM!
Source=Paul Collins Startup list

[Windows Configuration]
Number=12326
Confirmed=X
Filename=wincfg32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061117-4603-99" target=_blank>MYTOB.ED</a> WORM!
Source=Paul Collins Startup list

[Windows Configuration Loader]
Number=12327
Confirmed=X
Filename=asclt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotoa.html" target="_blank">SDBOT-OA</a> WORM!
Source=Paul Collins Startup list

[Windows connection manager]
Number=12328
Confirmed=X
Filename=Internet.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotapn.html" target=_blank>RBOT-APN</a> WORM! Note - file is found in the Windows or Winnt folder. Make sure you check the link on this one, it copies it's self under three other file names and folder locations
Source=Paul Collins Startup list

[Windows Console Monitor]
Number=12329
Confirmed=X
Filename=[path to worm]
Description=Added by <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042413-5517-99" target= blank>KEDEBE</a> WORM!
Source=Paul Collins Startup list

[Windows Console Monitor]
Number=12330
Confirmed=X
Filename=gcasAV32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kedebea.html" target= blank>KEDEBE-A</a> WORM!
Source=Paul Collins Startup list

[Windows Control]
Number=12331
Confirmed=X
Filename=Control.exe
Description=Browser hijacker. NOTE - On Win9x systems it will overwrite the Windows file of the same name in the Windows directory, so therefore it will be necessary to extract a fresh copy of the file from the Windows setup cabs!
Source=Paul Collins Startup list

[Windows ControlAd]
Number=12332
Confirmed=X
Filename=WinCtlAd.exe
Description=Windupdates adware variant
Source=Paul Collins Startup list

[Windows Core Kernel Update]
Number=12333
Confirmed=X
Filename=win32bootcfg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojranckel.html" target="_blank">RANCK-EL</a> TROJAN!
Source=Paul Collins Startup list

[Windows CPU host]
Number=12334
Confirmed=X
Filename=winbog32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Critical Alert]
Number=12335
Confirmed=X
Filename=wincrt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojaledoa.html" target="_blank">ALEDO-A</a> TROJAN!
Source=Paul Collins Startup list

[Windows Custom Services]
Number=12336
Confirmed=X
Filename=CSRCS.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotei.html" target=_blank>SPYBOT-EI</a> WORM!
Source=Paul Collins Startup list

[Windows Data Server]
Number=12337
Confirmed=X
Filename=autodisc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotcb.html" target=_blank>SPYBOT-CB</a> WORM!

Source=Paul Collins Startup list

[Windows Data Server]
Number=12338
Confirmed=X
Filename=[random name].exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotds.html" target=_blank>SPYBOT-DS</a> WORM!
Source=Paul Collins Startup list

[Windows Database]
Number=12339
Confirmed=X
Filename=WinDat.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Windows Database]
Number=12340
Confirmed=X
Filename=wiinsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotru.html" target= blank>AGOBOT-RU</a> WORM!
Source=Paul Collins Startup list

[Windows Dcom2 Fix]
Number=12341
Confirmed=X
Filename=mscom32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqt.html" target=_blank>RBOT-QT</a> WORM!
Source=Paul Collins Startup list

[Windows DDE Loader]
Number=12342
Confirmed=X
Filename=windde32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotuz.html" target= blank>SDBOT-UZ</a> WORM!
Source=Paul Collins Startup list

[Windows debug logging]
Number=12343
Confirmed=X
Filename=winlogg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotoy.html" target=_blank>RBOT-OY</a> WORM!

Source=Paul Collins Startup list

[Windows debug logging]
Number=12344
Confirmed=X
Filename=winloggs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqn.html" target=_blank>RBOT-QN</a> WORM!
Source=Paul Collins Startup list

[Windows Debugger]
Number=12345
Confirmed=X
Filename=windbg.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[Windows Debugger]
Number=12346
Confirmed=X
Filename=msdbg32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Debugger]
Number=12347
Confirmed=X
Filename=windbg32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082515-1948-99" target=_blank>ZOTOB.L</a> WORM!
Source=Paul Collins Startup list

[Windows Debugging Tools]
Number=12348
Confirmed=X
Filename=updatecfg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxu.html" target=_blank>RBOT-AXU</a> WORM!
Source=Paul Collins Startup list

[Windows Default Configuration]
Number=12349
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderu.html" target=_blank>DLOADER-U</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which should not normally figure in Msconfig/Startup!
Source=Paul Collins Startup list

[Windows Defender]
Number=12350
Confirmed=Y
Filename=MSASCui.exe
Description=Related to <a href="http://www.microsoft.com/athome/security/spyware/software/default.mspx" target=_blank>Windows Defender</a> Microsoft (anti-spyware) tool
Source=Paul Collins Startup list

[WINDOWS DENEME]
Number=12351
Confirmed=X
Filename=deneme.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobcr.html" target=_blank>MYTOB-CR</a> WORM!
Source=Paul Collins Startup list

[Windows Desktop Controler]
Number=12352
Confirmed=X
Filename=windesktop.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxh.html" target= blank>SDBOT-XH</a> WORM!
Source=Paul Collins Startup list

[Windows Desktop Daemon]
Number=12353
Confirmed=X
Filename=winpadg.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Desktop Search]
Number=12354
Confirmed=U
Filename=WindowsSearch.exe
Description=<a href="Windows Desktop Search" target="_blank">Windows Desktop Search</a> from Microsoft
Source=Paul Collins Startup list

[Windows Dialup Service]
Number=12355
Confirmed=X
Filename=dialup.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AAH&VSect=P" target=_blank>AGOBOT.AAH</a> WORM!
Source=Paul Collins Startup list

[Windows DLL host]
Number=12356
Confirmed=X
Filename=winupd32.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Windows DLL Host]
Number=12357
Confirmed=X
Filename=dllhost32.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Windows DLL Loader]
Number=12358
Confirmed=X
Filename=RUNDLL16.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-020910-3044-99" target="_blank">DOMWIS</a> TROJAN!
Source=Paul Collins Startup list

[Windows DLL Loader]
Number=12359
Confirmed=X
Filename=defragfat32z.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110516-3932-99" target=_blank>LINKBOT.A</a> WORM!
Source=Paul Collins Startup list

[Windows DLL Loader]
Number=12360
Confirmed=X
Filename=rundll32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32whipserb.html" target=_blank>WHIPSER-B</a> WORM! Note - rundll32.exe file is placed in the Windows\System folder, wheras the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll32/" target=_blank>rundll32.exe</a> is located in the C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K) or C:\Windows\System32 (WinXP)

Source=Paul Collins Startup list

[Windows DLL Loader]
Number=12361
Confirmed=X
Filename=defragfat32pi.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqq.html" target=_blank>RBOT-QQ</a> WORM!
Source=Paul Collins Startup list

[Windows DLL Loader]
Number=12362
Confirmed=X
Filename=defragfat39.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32poebotc.html" target=_blank>POEBOT-C</a> WORM!
Source=Paul Collins Startup list

[Windows DLL Loader]
Number=12363
Confirmed=X
Filename=defragfatz.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-011210-3257-99" target=_blank>LINKBOT.H</a> WORM!
Source=Paul Collins Startup list

[Windows DLL Loader]
Number=12364
Confirmed=X
Filename=defragfat32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotss.html" target= blank>SDBOT-SS</a> WORM!
Source=Paul Collins Startup list

[Windows DLL Loader]
Number=12365
Confirmed=X
Filename=defragfat32abc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotrg.html" target=_blank>RBOT-RG</a> WORM!
Source=Paul Collins Startup list

[Windows DLL Loader]
Number=12366
Confirmed=X
Filename=wdevice.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Windows DLL Loader]
Number=12367
Confirmed=X
Filename=SYSCFG16.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32domwisn.html" target=_blank>DOMWIS-N</a> WORM! 
Source=Paul Collins Startup list

[Windows DLL Loader]
Number=12368
Confirmed=X
Filename=WINCFG32.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotte.html" target=_blank>AGOBOT-TE</a> WORM!
Source=Paul Collins Startup list

[Windows DLL Services]
Number=12369
Confirmed=X
Filename=winsvc32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotzf.html" target= blank>RBOT-ZF</a> WORM!
Source=Paul Collins Startup list

[Windows DLL Services]
Number=12370
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY_AGENT.H&VSect=Td" target=_blank>AGENT.H</a> spyware! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list

[Windows DLL Services]
Number=12371
Confirmed=X
Filename=system.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY_AGENT.H&VSect=Td" target=_blank>AGENT.H</a> spyware
Source=Paul Collins Startup list

[Windows DLL Tracker]
Number=12372
Confirmed=X
Filename=spoolsrv.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN" target=_blank>WOOTBOT</a> WORM!
Source=Paul Collins Startup list

[Windows DLL Verifier]
Number=12373
Confirmed=X
Filename=xptl.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows DLL Verifier]
Number=12374
Confirmed=X
Filename=windlls.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotazq.html" target=_blank>RBOT-AZQ</a> WORM!
Source=Paul Collins Startup list

[Windows DNS]
Number=12375
Confirmed=X
Filename=windns.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxu.html" target= blank>SDBOT-XU</a> WORM!
Source=Paul Collins Startup list

[Windows DNS Daemon]
Number=12376
Confirmed=X
Filename=windnsd.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.AS" target=_blank>WOOTBOT.AS</a> WORM!
Source=Paul Collins Startup list

[Windows Domain Name Drivers]
Number=12377
Confirmed=X
Filename=windns.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotep.html" target= blank>FORBOT-EP</a> WORM!
Source=Paul Collins Startup list

[Windows DOS]
Number=12378
Confirmed=X
Filename=dosw.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32salaya.html" target=_blank>SALAY-A</a> WORM!
Source=Paul Collins Startup list

[Windows Download Manager]
Number=12379
Confirmed=X
Filename=windlmngr.exe
Description=Added by an unidentified TROJAN!
Source=Paul Collins Startup list

[Windows Drive Compatibility]
Number=12380
Confirmed=X
Filename=System32Driver32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-050316-0409-99" target="_blank">SUPOVA.Z</a> WORM!
Source=Paul Collins Startup list

[Windows Driver]
Number=12381
Confirmed=X
Filename=winxpdriver.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.EE&VSect=P" target=_blank>WOOTBOT.EE</a> WORM!
Source=Paul Collins Startup list

[Windows Driver Adapter]
Number=12382
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32antinnyk.html" target=_blank>ANTINNY-K</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in a "drivers" subfolder
Source=Paul Collins Startup list

[Windows Driver Foundation]
Number=12383
Confirmed=X
Filename=MTVSCMXT.EXE
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Driver Services]
Number=12384
Confirmed=X
Filename=msdrvs32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.L" target="_blank">WOOTBOT.L</a> WORM!
Source=Paul Collins Startup list

[Windows drivers update]
Number=12385
Confirmed=X
Filename=windowsupdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotace.html" target= blank>RBOT-ACE</a> WORM!
Source=Paul Collins Startup list

[Windows Dynamic Loading Header]
Number=12386
Confirmed=X
Filename=winDLL32.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Executable]
Number=12387
Confirmed=X
Filename=winmys.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabo.html" target= blank>RBOT-ABO</a> WORM!
Source=Paul Collins Startup list

[Windows ExpIorer]
Number=12388
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotako.html" target=_blank>RBOT-AKO</a> WORM!
Source=Paul Collins Startup list

[Windows Explorer]
Number=12389
Confirmed=X
Filename=[filename].exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99" target="_blank">SDBOT</a> TROJAN! Note - this is not the legitimate Windows Explorer (explorer.exe) which would not normally appear in Msconfig/Startup unless you added it manually!
Source=Paul Collins Startup list

[Windows Explorer]
Number=12390
Confirmed=X
Filename=Lsas.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
Source=Paul Collins Startup list

[Windows Explorer]
Number=12391
Confirmed=X
Filename=olecom32.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Windows Explorer]
Number=12392
Confirmed=X
Filename=EEXPLORER.EXE
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Explorer]
Number=12393
Confirmed=X
Filename=explorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32poebotj.html" target="_blank">POEBOT-J</a> WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[Windows Explorer]
Number=12394
Confirmed=X
Filename=explorer.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaid.html" target=_blank>RBOT-AID</a> WORM!
Source=Paul Collins Startup list

[Windows Explorer]
Number=12395
Confirmed=X
Filename=system32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajh.html" target=_blank>RBOT-AJH</a> WORM!
Source=Paul Collins Startup list

[Windows Explorer]
Number=12396
Confirmed=X
Filename=explorer32.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Explorer Shell]
Number=12397
Confirmed=X
Filename=Winexec32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041414-5727-99" target="_blank">REDIST.B</a> WORM!
Source=Paul Collins Startup list

[Windows Explorer SP2]
Number=12398
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerdm.html" target=_blank>BANKER-DM</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located a JavaBeans subfolder
Source=Paul Collins Startup list

[Windows Explorer Update Build 1142]
Number=12399
Confirmed=X
Filename=EXPLORER32.EXE
Description=Added by the KaZaA based <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_KWBOT.A" target="_blank"> KWBOT</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-103016-3027-99" target="_blank"> KWBOT.Y</a> WORMS!
Source=Paul Collins Startup list

[Windows Explorer-3212]
Number=12400
Confirmed=X
Filename=WINRE16.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-071011-5319-99" target="_blank">HARDOC</a> WORM!
Source=Paul Collins Startup list

[Windows Extensions for Win32]
Number=12401
Confirmed=X
Filename=winprgs32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AFA" target="_blank">SDBOT.AFA</a> WORM!
Source=Paul Collins Startup list

[Windows Eyes]
Number=12402
Confirmed=N
Filename=??
Description=For blind people, gives a voice description of items on the screen. Windows application which gives you total control over what you hear, when you hear it, and how you hear it. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[Windows FAT 32]
Number=12403
Confirmed=X
Filename=WINFAT32B.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotagt.html" target=_blank>SPYBOT-AGT</a> WORM!
Source=Paul Collins Startup list

[Windows File Protection]
Number=12404
Confirmed=X
Filename=winprotect.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.JB" target=_blank>AGOBOT.JB</a> WORM!
Source=Paul Collins Startup list

[Windows File System Frame]
Number=12405
Confirmed=X
Filename=ntframe.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Windows Firewal]
Number=12406
Confirmed=X
Filename=Lsess.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Firewall]
Number=12407
Confirmed=X
Filename=WindowsFirewall.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041116-0102-99" target=_blank>MYTOB.AO</a> WORM!
Source=Paul Collins Startup list

[Windows Firewall Log]
Number=12408
Confirmed=X
Filename=winlog.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Windows Firewall Manager]
Number=12409
Confirmed=X
Filename=msfw.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.WR" target=_blank>RBOT.WR</a> WORM!
Source=Paul Collins Startup list

[Windows firewall manager]
Number=12410
Confirmed=X
Filename=chh.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-081910-4849-99" target="_blank">RANDEX.GEL</a> WORM!
Source=Paul Collins Startup list

[Windows firewall manager]
Number=12411
Confirmed=X
Filename=msguard.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-081910-4849-99" target="_blank">RANDEX.GEL</a> WORM!
Source=Paul Collins Startup list

[Windows Firewall Updater]
Number=12412
Confirmed=X
Filename=updatees.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgx.html" target="_blank">RBOT-GX</a> WORM!
Source=Paul Collins Startup list

[Windows Firewall Updater]
Number=12413
Confirmed=X
Filename=cronos.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgby.html" target="_blank">RBOT-GBY</a> WORM!
Source=Paul Collins Startup list

[Windows Firewall Updater]
Number=12414
Confirmed=X
Filename=ctfcom.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgcb.html" target="_blank">RBOT-GCB</a> WORM!
Source=Paul Collins Startup list

[Windows Firewalll]
Number=12415
Confirmed=X
Filename=scvhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotek.html" target=_blank>RBOT-EK</a> WORM!
Source=Paul Collins Startup list

[Windows Firewalll]
Number=12416
Confirmed=X
Filename=sphost.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Firewalll]
Number=12417
Confirmed=X
Filename=svvhost.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Firewalll]
Number=12418
Confirmed=X
Filename=winmu.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Fix]
Number=12419
Confirmed=X
Filename=integator.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ZAB" target=_blank>SDBOT.ZAB</a> WORM!
Source=Paul Collins Startup list

[Windows Fixes Systems]
Number=12420
Confirmed=X
Filename=elite.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061221-4235-99" target=_blank>MYTOB.EG</a> WORM!
Source=Paul Collins Startup list

[Windows FormatAd]
Number=12421
Confirmed=X
Filename=WinForm.exe
Description=Windupdates adware variant
Source=Paul Collins Startup list

[Windows Frame Works]
Number=12422
Confirmed=X
Filename=frmwrks32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[WINDOWS FUCK BY CLASIC]
Number=12423
Confirmed=X
Filename=fuck.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ZOTOB.H&VSect=P" target=_blank>ZOTOB.H</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082317-0232-99" target=_blank>ZOTOB.J</a> WORMS!
Source=Paul Collins Startup list

[Windows Generic Proc]
Number=12424
Confirmed=X
Filename=procmsg.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042713-5259-99" target= blank>ALLIM.B</a> WORM!
Source=Paul Collins Startup list

[Windows GMT32]
Number=12425
Confirmed=X
Filename=wingmt32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.KM&VSect=P" target=_blank>MYTOB.KM</a> WORM!
Source=Paul Collins Startup list

[Windows Graphics Loaders]
Number=12426
Confirmed=X
Filename=wingraphics.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.JG" target=_blank>SPYBOT.JG</a> WORM!
Source=Paul Collins Startup list

[Windows Guard]
Number=12427
Confirmed=X
Filename=WAUMGRD.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgy.html" target="_blank">RBOT-GY</a> WORM!
Source=Paul Collins Startup list

[Windows Guardian]
Number=12428
Confirmed=U
Filename=thehel1iawgrd32.exe
Description=Part of First Aid by Cybermedia who were subsequently bought by McAfee (Network Associates). Protects your Windows system from application failure and crashes
Source=Paul Collins Startup list

[Windows Guardian]
Number=12429
Confirmed=U
Filename=Fawgrd32.exe
Description=Part of First Aid by Cybermedia who were subsequently bought by McAfee (Network Associates). Protects your Windows system from application failure and crashes
Source=Paul Collins Startup list

[Windows Help]
Number=12430
Confirmed=X
Filename=mailinfo.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.JX&VSect=P" target=_blank>MYTOB.JX</a> WORM!
Source=Paul Collins Startup list

[Windows Help File]
Number=12431
Confirmed=X
Filename=winhelper32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotqk.html" target=_blank>SDBOT-QK</a> TROJAN!

Source=Paul Collins Startup list

[Windows Help Manager]
Number=12432
Confirmed=X
Filename=svchost32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotoz.html" target=_blank>RBOT-OZ</a> WORM!

Source=Paul Collins Startup list

[Windows Help Service]
Number=12433
Confirmed=X
Filename=winhelpsv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlp.html" target="_blank">RBOT-LP</a> WORM!
Source=Paul Collins Startup list

[Windows Help Service]
Number=12434
Confirmed=X
Filename=winhlp.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotakw.html" target=_blank>RBOT-AKW</a> WORM!
Source=Paul Collins Startup list

[Windows Help System]
Number=12435
Confirmed=?
Filename=Help.pif
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Windows Host]
Number=12436
Confirmed=X
Filename=hosts.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041414-5727-99" target=_blank>KELVIR.U</a> WORM!
Source=Paul Collins Startup list

[Windows Host]
Number=12437
Confirmed=X
Filename=winhost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051011-5530-99" target= blank>PRYSAT</a> TROJAN!
Source=Paul Collins Startup list

[Windows Host Device]
Number=12438
Confirmed=X
Filename=hostsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32zootya.html" target="_blank">ZOOTY-A</a> WORM!
Source=Paul Collins Startup list

[Windows Host Name]
Number=12439
Confirmed=X
Filename=lmass.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_GAOBOT.O" target=_blank>GAOBOT.O</a> WORM!
Source=Paul Collins Startup list

[Windows Host Service]
Number=12440
Confirmed=X
Filename=scvhosts.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041022-0008-99" target=_blank>SPYBOT.NLI</a> WORM!
Source=Paul Collins Startup list

[Windows Host Service]
Number=12441
Confirmed=X
Filename=host.exe
Description=Added by <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042412-0343-99" target= blank>KELVIR.AN</a> WORM!
Source=Paul Collins Startup list

[Windows Host Service]
Number=12442
Confirmed=X
Filename=svchoste.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050511-0650-99" target= blank>KELVIR.BF</a> WORM!
Source=Paul Collins Startup list

[Windows Host Service]
Number=12443
Confirmed=X
Filename=svchosts32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042810-3850-99" target= blank>KELVIR.AW</a> WORM!
Source=Paul Collins Startup list

[Windows Host32 Starter]
Number=12444
Confirmed=X
Filename=hostserv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwu.html" target=_blank>SDBOT-WU</a> WORM!
Source=Paul Collins Startup list

[Windows Hosts]
Number=12445
Confirmed=X
Filename=hosts.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkelviro.html" target= blank>KELVIR-O</a> TROJAN!
Source=Paul Collins Startup list

[Windows HP Drivers]
Number=12446
Confirmed=X
Filename=hpdmws.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AQU&VSect=T" target=_blank>SDBOT.AQU</a> WORM!
Source=Paul Collins Startup list

[Windows HTML file reader]
Number=12447
Confirmed=X
Filename=Sysconf32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NOOMY.A" target="_blank">NOOMY.A</a> WORM!
Source=Paul Collins Startup list

[Windows HTTP services]
Number=12448
Confirmed=X
Filename=winhttps.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM! See <a href="http://info.ahnlab.com/securityinfo/virus_view_eng_new2.jsp?SEQ_NO=3006" target="_blank">here</a>
Source=Paul Collins Startup list

[Windows Icons Manager]
Number=12449
Confirmed=X
Filename=wicomgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaif.html" target=_blank>RBOT-AIF</a> WORM!
Source=Paul Collins Startup list

[WINDOWS ID SYSTEM]
Number=12450
Confirmed=X
Filename=wID32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.LN&VSect=P" target=_blank>MYTOB.LN</a> WORM!
Source=Paul Collins Startup list

[Windows iMessenger Messenger]
Number=12451
Confirmed=X
Filename=winimsg.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042614-4125-99" target= blank>ALLIM.A</a> WORM!
Source=Paul Collins Startup list

[Windows Incontext]
Number=12452
Confirmed=X
Filename=InSearch.exe
Description=<a href="http://www.benedelman.org/spyware/installations/pacerd/" target=_blank>PacerD_Media/Pacimedia.com/Z-Quest</a> adware installer
Source=Paul Collins Startup list

[Windows Insecure]
Number=12453
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfsm.html" target="_blank">RBOT-FSM</a> WORM!
Source=Paul Collins Startup list

[Windows installer]
Number=12454
Confirmed=X
Filename=winstall.exe
Description=<a href="http://www.bleepingcomputer.com/forums/topic22402.html" target="_blank">SpySheriff</a> malware. For more information on registry key changes see <a href="http://www.sophos.com/virusinfo/analyses/trojspywade.html" target="_blank">SPYWAD-E</a>
Source=Paul Collins Startup list

[Windows Installer]
Number=12455
Confirmed=X
Filename=ntdll.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Windows Internet Protocol]
Number=12456
Confirmed=X
Filename=winproc32.exe
Description=CoolWebSearch <a href=" http://cwshredder.net/cwshredder/cwschronicles.html#winproc32" target=_blank>Winproc32</a> parasite variant - also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpabf.html" target= blank>STARTPA-BF</a> TROJAN!
Source=Paul Collins Startup list

[Windows Internet Protocol]
Number=12457
Confirmed=X
Filename=deinst_qfe001.exe
Description=Added by a variant of the Win32.Small TROJAN!
Source=Paul Collins Startup list

[Windows Internet Service]
Number=12458
Confirmed=X
Filename=wininet.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaux.html" target=_blank>RBOT-AUX</a> WORM!
Source=Paul Collins Startup list

[Windows IP Security]
Number=12459
Confirmed=U
Filename=ipsec.exe
Description=Related to the <a href="http://research.microsoft.com/msripv6/docs/ipsec/ipsec_ut.htm" target=_blank>VPN IPSec utility</a> - used to create Security Policy (SP) entries and Security Association (SA) entries in the kernel
Source=Paul Collins Startup list

[Windows IP Security Service]
Number=12460
Confirmed=X
Filename=ipsecs.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BPW" target="_blank">RBOT.BPW</a> WORM!
Source=Paul Collins Startup list

[Windows IPv6 Drivers]
Number=12461
Confirmed=X
Filename=wipv6.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotvj.html" target=_blank>SDBOT-VJ</a> WORM!
Source=Paul Collins Startup list

[Windows Java Update]
Number=12462
Confirmed=X
Filename=weatherBug32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows JavaScript Daemon]
Number=12463
Confirmed=X
Filename=Winjsd.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.AF" target="_blank">WOOTBOT.AF</a> WORM!
Source=Paul Collins Startup list

[Windows Kernel 64]
Number=12464
Confirmed=X
Filename=kernal64.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32yimpb.html" target=_blank>YIMP-B</a> WORM!
Source=Paul Collins Startup list

[Windows Kernel System Service]
Number=12465
Confirmed=X
Filename=wkssvr.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-081910-4849-99" target="_blank">RANDEX.GEL</a> WORM!
Source=Paul Collins Startup list

[Windows kev Messenger]
Number=12466
Confirmed=X
Filename=mskev.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxv.html" target= blank>SDBOT-XV</a> WORM!
Source=Paul Collins Startup list

[Windows live Support]
Number=12467
Confirmed=X
Filename=wlmsngr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbkl.html" target="_blank">RBOT-BKL</a> WORM!
Source=Paul Collins Startup list

[Windows Load]
Number=12468
Confirmed=?
Filename=windows.com
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Windows Loader]
Number=12469
Confirmed=X
Filename=wstart32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110417-3351-99" target="_blank">GAOBOT.CA</a> WORM!
Source=Paul Collins Startup list

[Windows Loader]
Number=12470
Confirmed=X
Filename=winServices.pif
Description=Reported by Kaspersky Anti-Virus as the CARDSPY.D TROJAN!
Source=Paul Collins Startup list

[Windows Loader]
Number=12471
Confirmed=X
Filename=SysUpdate.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Loader Service]
Number=12472
Confirmed=X
Filename=civsc.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[windows Loadxm]
Number=12473
Confirmed=X
Filename=Win_.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfoddera.html" target=_blank>FODDER-A</a> TROJAN!
Source=Paul Collins Startup list

[Windows Local Services]
Number=12474
Confirmed=X
Filename=localsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Windows Local Services]
Number=12475
Confirmed=X
Filename=netsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Windows Local Services]
Number=12476
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Windows Local Services]
Number=12477
Confirmed=X
Filename=svcadmin.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Windows Local Services]
Number=12478
Confirmed=X
Filename=svcman.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Windows Local Services]
Number=12479
Confirmed=X
Filename=svcrun.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Windows Local Services]
Number=12480
Confirmed=X
Filename=tcpsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Windows Local Services]
Number=12481
Confirmed=X
Filename=websvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Windows Locator]
Number=12482
Confirmed=X
Filename=wsass.exe
Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Backdoor.Win32.IRCBot.n&threatid=10896" target="_blank">IRCBOT.N</a> TROJAN!
Source=Paul Collins Startup list

[Windows Logger]
Number=12483
Confirmed=X
Filename=winlog.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojnshadowb.html" target=_blank>NSHADOW-B</a> TROJAN!
Source=Paul Collins Startup list

[Windows logging]
Number=12484
Confirmed=X
Filename=winlogd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rboton.html" target=_blank>RBOT-ON</a> WORM!

Source=Paul Collins Startup list

[Windows Login]
Number=12485
Confirmed=X
Filename=explored.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040112-0028-99" target="_blank">GAOBOT.SY</a> WORM!
Source=Paul Collins Startup list

[Windows Login]
Number=12486
Confirmed=X
Filename=winlog.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.MG&VSect=T" target=_blank>AGOBOT.MG</a> WORM!
Source=Paul Collins Startup list

[Windows Login]
Number=12487
Confirmed=X
Filename=lmss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotja.html" target="_blank">AGOBOT-JA</a> WORM!
Source=Paul Collins Startup list

[Windows Login]
Number=12488
Confirmed=X
Filename=lmss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotja.html" target="_blank">AGOBOT-JA</a> WORM!
Source=Paul Collins Startup list

[Windows Login Folder]
Number=12489
Confirmed=X
Filename=winzep.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobottz.html" target=_blank>AGOBOT-TZ</a> WORM!
Source=Paul Collins Startup list

[Windows Login Manager]
Number=12490
Confirmed=X
Filename=winlogin.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Login Security]
Number=12491
Confirmed=X
Filename=winlogin.pif
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Windows Login Service]
Number=12492
Confirmed=X
Filename=winlog.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafn.html" target=_blank>RBOT-AFN</a> WORM!
Source=Paul Collins Startup list

[Windows Login Service]
Number=12493
Confirmed=X
Filename=winlogin.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotacu.html" target=_blank>SDBOT-ACU</a> WORM!
Source=Paul Collins Startup list

[Windows Logon]
Number=12494
Confirmed=X
Filename=winlogin.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojspybotc.html" target=_blank>SPYBOT-C</a> TROJAN!
Source=Paul Collins Startup list

[Windows Logon Application]
Number=12495
Confirmed=X
Filename=WinIogon.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-052109-2651-99" target=_blank>LINKBOT.M</a> WORM!
Source=Paul Collins Startup list

[Windows Logon Application]
Number=12496
Confirmed=X
Filename=logon.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32poebotj.html" target= blank>POEBOT-J</a> WORM!
Source=Paul Collins Startup list

[Windows Logon Application]
Number=12497
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojciadoorl.html" target=_blank>CIADOOR-L</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
Source=Paul Collins Startup list

[Windows Logon Application]
Number=12498
Confirmed=X
Filename=win32help.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotx.html" target="_blank">DELBOT-X</a> WORM!
Source=Paul Collins Startup list

[Windows Logon Application]
Number=12499
Confirmed=X
Filename=winlogon.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32poebotkw.html" target="_blank">POEBOT-KW</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[Windows Logon Manager]
Number=12500
Confirmed=X
Filename=logon.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Logon Procedure]
Number=12501
Confirmed=X
Filename=Svchoste.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Logon Procedure]
Number=12502
Confirmed=X
Filename=Svchosta.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[windows logon procedure]
Number=12503
Confirmed=X
Filename=winlogonpc.exe
Description=Added by the <a href="http://labs.paretologic.com/spyware.aspx?remove=WinLogon" target=_blank>WINLOGON</a> TROJAN!
Source=Paul Collins Startup list

[Windows Logon Service]
Number=12504
Confirmed=X
Filename=winlogon.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaou.html" target=_blank>RBOT-AOU</a> WORM!
Source=Paul Collins Startup list

[Windows Logon Service]
Number=12505
Confirmed=X
Filename=napi32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2007-010316-2308-99" target="_blank">SPYBOT.ANDM</a> WORM!
Source=Paul Collins Startup list

[Windows LoL Layer]
Number=12506
Confirmed=X
Filename=gqwdcr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotahs.html" target="_blank">AGOBOT-AHS</a> WORM!
Source=Paul Collins Startup list

[Windows LoL Layer]
Number=12507
Confirmed=X
Filename=win.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfto.html" target="_blank">RBOT-FTO</a> WORM!
Source=Paul Collins Startup list

[Windows LoL Layer]
Number=12508
Confirmed=X
Filename=[random filename].exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgmd.html" target="_blank">RBOT-GMD</a> WORM!
Source=Paul Collins Startup list

[Windows LoL Layer]
Number=12509
Confirmed=X
Filename=pyvnpt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgkv.html" target="_blank">RBOT-GKV</a> WORM!
Source=Paul Collins Startup list

[Windows LoL Layer]
Number=12510
Confirmed=X
Filename=winlolx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfor.html" target="_blank">RBOT-FOR</a> WORM!
Source=Paul Collins Startup list

[Windows Management Instrumentation]
Number=12511
Confirmed=X
Filename=mwd.exe
Description=Added by the <a href="http://www.f-secure.com/v-descs/graps.shtml" target="_blank">GRAPS</a> WORM!
Source=Paul Collins Startup list

[Windows Management Instrumentation]
Number=12512
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32qedsa.html" target=_blank>QEDS-A</a> VIRUS!
Source=Paul Collins Startup list

[WINDOWS MANAGEMENT SYSTEM]
Number=12513
Confirmed=X
Filename=wm1exe.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotvt.html" target= blank>RBOT-VT</a> WORM!
Source=Paul Collins Startup list

[Windows Manager]
Number=12514
Confirmed=X
Filename=winmants.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101711-3904-99" target="_blank">MANTAS</a> WORM!
Source=Paul Collins Startup list

[Windows Manager]
Number=12515
Confirmed=X
Filename=winsrv.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Manager Update Inc]
Number=12516
Confirmed=X
Filename=tgb.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotacm.html" target=_blank>SDBOT-ACM</a> WORM!
Source=Paul Collins Startup list

[Windows mangement]
Number=12517
Confirmed=X
Filename=winlogonn.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-012912-4116-99" target="_blank">RANDEX.FC</a> WORM!
Source=Paul Collins Startup list

[Windows Media AP]
Number=12518
Confirmed=X
Filename=winmapp.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Windows Media APP]
Number=12519
Confirmed=X
Filename=wmapp.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Windows Media Center]
Number=12520
Confirmed=N
Filename=RunDLL32.exe [path] ehuihlp.dll, BootMediaCenter
Description=Starts Windows Media Center every time Windows Vista (Home Premium or Ultimate) boots. Disable by unchecking the "Start Windows Media Center when Windows Starts" option via Windows Media Center -> Tasks -> Settings -> General -> Startup and Window Behaviour
Source=Paul Collins Startup list

[Windows Media Connect 2]
Number=12521
Confirmed=N
Filename=WMCCFG.exe
Description=<a href="http://www.microsoft.com/windows/windowsmedia/devices/wmconnect/faq.aspx#1_1" target=_blank>Windows Media Connect</a> from Microsoft - stream digital media files on your computer to digital media receivers (DMRs) that are connected to your home network

Source=Paul Collins Startup list

[Windows Media Driver]
Number=12522
Confirmed=X
Filename=msnger.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Media Loader]
Number=12523
Confirmed=X
Filename=wmloader.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112112-1102-99" target="_blank">GAOBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Media Player]
Number=12524
Confirmed=X
Filename=wmediaplayer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotnq.html" target=_blank>AGOBOT-NQ</a> WORM!

Source=Paul Collins Startup list

[Windows Media Player]
Number=12525
Confirmed=X
Filename=MediaPIayer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsdbotqo.html" target=_blank>SDBOT-QO</a> TROJAN! - note, the executable is called 'Mediap<font color="#FF0000">I</font>ayer', with an 'i' !)

Source=Paul Collins Startup list

[Windows Media Player]
Number=12526
Confirmed=X
Filename=[random filename]
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Media Player]
Number=12527
Confirmed=X
Filename=msa.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotsi.html" target=_blank>RBOT-SI</a> WORM!
Source=Paul Collins Startup list

[Windows Media Player]
Number=12528
Confirmed=X
Filename=mcafe32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyo.html" target= blank>RBOT-YO</a> WORM!
Source=Paul Collins Startup list

[Windows Media Player]
Number=12529
Confirmed=X
Filename=wmplayer.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031416-4516-99" target=_blank>KELVIR.G</a> WORM or variants! Note - this is not the valid Windows Media Player as the executeable resides is C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K) or C:\Windows\System32 (WinXP) rather than C:\Program Files\Windows Media Player
Source=Paul Collins Startup list

[Windows Media Player]
Number=12530
Confirmed=X
Filename=50cent.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Media Player]
Number=12531
Confirmed=X
Filename=mpwe.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbottt.html" target=_blank>RBOT-TT</a> WORM!
Source=Paul Collins Startup list

[Windows Media Player]
Number=12532
Confirmed=X
Filename=msams.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AHR" target="_blank">RBOT.AHR</a> WORM!
Source=Paul Collins Startup list

[Windows Media Player 3.6]
Number=12533
Confirmed=X
Filename=wmpa36.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Media Player 3.6b]
Number=12534
Confirmed=X
Filename=WMPA36B.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotvv.html" target= blank>RBOT-VV</a> WORM!
Source=Paul Collins Startup list

[Windows Media Player 3.6d]
Number=12535
Confirmed=X
Filename=wmpa36d.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotya.html" target=_blank>RBOT-YA</a> WORM!
Source=Paul Collins Startup list

[Windows Media Player 3.9]
Number=12536
Confirmed=X
Filename=wmpa36.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Media Player Service]
Number=12537
Confirmed=X
Filename=wmedia.exe
Description=Added by the <a href="http://www.avira.com/en/threats/section/fulldetails/id_vir/2008/worm_RBOT.213504.html" target="_blank">RBOT.213504</a> WORM!
Source=Paul Collins Startup list

[Windows Media Player Update]
Number=12538
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotet.html" target=_blank>RBOT-ET</a> WORM!
Source=Paul Collins Startup list

[Windows Media Powerpoint Helper]
Number=12539
Confirmed=N
Filename=NSPPTHLP.EXE
Description=German software (comes with some Toshiba CD writers) that helps convert Powerpoint files to ASF (Streaming Media) files. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[Windows media service]
Number=12540
Confirmed=X
Filename=crvss.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.VP" target="_blank">SDBOT.VP</a> WORM!
Source=Paul Collins Startup list

[Windows media service]
Number=12541
Confirmed=X
Filename=crsss.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ACY" target="_blank">RBOT.ACY</a> WORM!
Source=Paul Collins Startup list

[Windows media service]
Number=12542
Confirmed=X
Filename=Sygate32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ADE" target="_blank">RBOT.ADE</a> WORM!
Source=Paul Collins Startup list

[Windows media services]
Number=12543
Confirmed=X
Filename=cvrsss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmw.html" target=_blank>RBOT-MW</a> WORM!

Source=Paul Collins Startup list

[Windows Media SP.2.37]
Number=12544
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081512-4030-99" target="_blank">LEMIR.C</a> TROJAN!
Source=Paul Collins Startup list

[Windows Media Updater]
Number=12545
Confirmed=X
Filename=crease.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotati.html" target=_blank>RBOT-ATI</a> WORM!
Source=Paul Collins Startup list

[Windows Media Upgrade]
Number=12546
Confirmed=X
Filename=NeUpgrade.exe
Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Backdoor.Win32.Rbot.bmf&threatid=126415" target="_blank">RBOT.BMF</a> TROJAN!
Source=Paul Collins Startup list

[Windows Media Utility]
Number=12547
Confirmed=X
Filename=wmediautil.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Windows messenger]
Number=12548
Confirmed=X
Filename=messengers.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061311-1205-99" target=_blank>MYTOB.EI</a> WORM!
Source=Paul Collins Startup list

[Windows Messenger]
Number=12549
Confirmed=X
Filename=msnsmgs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotanj.html" target=_blank>RBOT-ANJ</a> WORM!
Source=Paul Collins Startup list

[Windows Messenger Messenger]
Number=12550
Confirmed=X
Filename=winmsg.exe
Description=Added by <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042321-0015-99" target= blank>VELKBOT.A</a> WORM!
Source=Paul Collins Startup list

[Windows Messenger Service]
Number=12551
Confirmed=X
Filename=winsmsgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotvw.html" target= blank>RBOT-VW</a> WORM!
Source=Paul Collins Startup list

[Windows Messenger Service]
Number=12552
Confirmed=X
Filename=kaspersky.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.HY&VSect=P" target=_blank>MYTOB.HY</a> WORM!
Source=Paul Collins Startup list

[Windows MeTaLRoCk service]
Number=12553
Confirmed=X
Filename=metalrock.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093017-0419-99" target="_blank">TASTYRED</a> TROJAN!
Source=Paul Collins Startup list

[Windows Micro Drivers]
Number=12554
Confirmed=X
Filename=wupdates32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaeh.html" target=_blank>RBOT-AEH</a> WORM!
Source=Paul Collins Startup list

[Windows Microsoft Update]
Number=12555
Confirmed=X
Filename=wintask32.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Windows mod Verifier]
Number=12556
Confirmed=X
Filename=Windows-mod.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.DSU" target="_blank">RBOT.DSU</a> WORM!
Source=Paul Collins Startup list

[Windows modez Verifier]
Number=12557
Confirmed=X
Filename=w1nz0zz0.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Windows modez Verifier]
Number=12558
Confirmed=X
Filename=Window2.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows modez Verifier]
Number=12559
Confirmed=X
Filename=WindowsLogon.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Windows modez Verifier]
Number=12560
Confirmed=X
Filename=Wwuamguard.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=53822" target="_blank">RBOT.EZJ</a> WORM!
Source=Paul Collins Startup list

[Windows modez Verifier]
Number=12561
Confirmed=X
Filename=winlogom.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows modez Verifier]
Number=12562
Confirmed=X
Filename=Windows-.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotdio.html" target="_blank">RBOT-DIO</a> WORM!
Source=Paul Collins Startup list

[Windows modez Verifier]
Number=12563
Confirmed=X
Filename=taskmngr.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows modez Verifier]
Number=12564
Confirmed=X
Filename=winl0g0z.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfnb.html" target="_blank">RBOT-FNB</a> WORM!
Source=Paul Collins Startup list

[Windows Monitor]
Number=12565
Confirmed=X
Filename=winmon.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.VB" target="_blank">SDBOT.VB</a> WORM!
Source=Paul Collins Startup list

[Windows Monitor]
Number=12566
Confirmed=X
Filename=arsetup.exe
Description=Added by the SPAZBOX.A TROJAN!
Source=Paul Collins Startup list

[Windows Monitor Services]
Number=12567
Confirmed=X
Filename=winmonitor.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxx.html" target= blank>RBOT-XX</a> WORM!
Source=Paul Collins Startup list

[Windows Monitoring Service]
Number=12568
Confirmed=X
Filename=winmon.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Windows More Choice]
Number=12569
Confirmed=X
Filename=TopContext.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-081716-4955-99" target=_blank>ZQuest</a> adware
Source=Paul Collins Startup list

[Windows Mouse Utilities]
Number=12570
Confirmed=X
Filename=mouseutils.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabu.html" target= blank>RBOT-ABU</a> WORM!
Source=Paul Collins Startup list

[Windows ms Drivers]
Number=12571
Confirmed=X
Filename=msnup32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaal.html" target=_blank>SDBOT-AAL</a> WORM!
Source=Paul Collins Startup list

[Windows MS Update 32]
Number=12572
Confirmed=X
Filename=fhm.exe
Description=Added by the <a href="http://virusinfo.prevx.com/pxparall.asp?PX5=6b0b4aa6b02923905fcc013704ef4d001c32acc4" target="_blank">IRCBOT.GEN</a> WORM!
Source=Paul Collins Startup list

[Windows MS Update 32]
Number=12573
Confirmed=X
Filename=sucker.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotgj.html" target="_blank">FORBOT-GJ</a> WORM!
Source=Paul Collins Startup list

[Windows MSConfig Startup Logger]
Number=12574
Confirmed=X
Filename=winlog.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BCU&VSect=P" target=_blank>RBOT.BCU</a> WORM!
Source=Paul Collins Startup list

[Windows Msn Live Messanger]
Number=12575
Confirmed=X
Filename=msnmsgsman.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Windows MSX drivers]
Number=12576
Confirmed=X
Filename=winmsx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotayg.html" target=_blank>RBOT-AYG</a> TROJAN!
Source=Paul Collins Startup list

[Windows Net Cfg ]
Number=12577
Confirmed=X
Filename=service.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows NetDDe]
Number=12578
Confirmed=X
Filename=wrmana32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-073111-4817-99" target=_blank>MYTOB.IM</a> WORM!
Source=Paul Collins Startup list

[Windows Nets]
Number=12579
Confirmed=X
Filename=WinNET.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmo.html" target=_blank>RBOT-MO</a> WORM!

Source=Paul Collins Startup list

[Windows NetStart Service]
Number=12580
Confirmed=X
Filename=winsN2S.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotzx.html" target=_blank>RBOT-ZX</a> WORM!
Source=Paul Collins Startup list

[Windows NetStart Service2]
Number=12581
Confirmed=X
Filename=winsN2S.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabn.html" target= blank>RBOT-ABN</a> WORM!
Source=Paul Collins Startup list

[Windows NetStart Service2]
Number=12582
Confirmed=X
Filename=winsN2SD.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Network Controller]
Number=12583
Confirmed=X
Filename=Mqguard.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotcl.html" target=_blank>FORBOT-CL</a> WORM!
Source=Paul Collins Startup list

[Windows Network Controller]
Number=12584
Confirmed=X
Filename=WinxPupd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotdk.html" target=_blank>FORBOT-DK</a> WORM!
Source=Paul Collins Startup list

[Windows Network Controller]
Number=12585
Confirmed=X
Filename=winmms32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forboted.html" target=_blank>FORBOT-ED</a> WORM!
Source=Paul Collins Startup list

[Windows Network Controller]
Number=12586
Confirmed=X
Filename=wingmt.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Network Controller]
Number=12587
Confirmed=X
Filename=Win9x.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.I" target=_blank>WOOTBOT.I</a> WORM!
Source=Paul Collins Startup list

[Windows Network Firewall]
Number=12588
Confirmed=X
Filename=firewall.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32poebotj.html" target= blank>POEBOT-J</a> WORM!
Source=Paul Collins Startup list

[Windows Network Service]
Number=12589
Confirmed=X
Filename=winvc32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.RY" target=_blank>RBOT.RY</a> WORM!

Source=Paul Collins Startup list

[Windows Networking]
Number=12590
Confirmed=X
Filename=winsys32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010614-4803-99" target="_blank">GAOBOT.FL</a> WORM!
Source=Paul Collins Startup list

[Windows Networks]
Number=12591
Confirmed=X
Filename=netcog.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.FH&VSect=T" target=_blank>MYTOB.FH</a> WORM!
Source=Paul Collins Startup list

[Windows Nivedia Driver]
Number=12592
Confirmed=X
Filename=sysMGT.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows NNT]
Number=12593
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031918-5809-99" target="_blank">RANKY.E</a> TROJAN!
Source=Paul Collins Startup list

[Windows NT 32]
Number=12594
Confirmed=X
Filename=ntlogin32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102709-2145-99" target=_blank>RANDEX.BRD</a> WORM!
Source=Paul Collins Startup list

[Windows NT Login]
Number=12595
Confirmed=X
Filename=ntlogin32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.WG" target="_blank">SDBOT.WG</a> WORM!
Source=Paul Collins Startup list

[Windows NT Login Session Manager]
Number=12596
Confirmed=X
Filename=WNSM.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BIV&VSect=T" target=_blank>RBOT.BIV</a> WORM!
Source=Paul Collins Startup list

[Windows NT Logon Application]
Number=12597
Confirmed=X
Filename=winlogon.scr
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotalp.html" target=_blank>RBOT-ALP</a> WORM!
Source=Paul Collins Startup list

[Windows NT Service Name]
Number=12598
Confirmed=X
Filename=winshock.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpk.html" target=_blank>RBOT-PK</a> WORM!

Source=Paul Collins Startup list

[Windows NT Update Manager]
Number=12599
Confirmed=X
Filename=WINL0G0N.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotnu.html" target=_blank>AGOBOT-NU</a> WORM! Note that those are zeroes in the filename and not capital "o"
Source=Paul Collins Startup list

[Windows OEM Tools]
Number=12600
Confirmed=X
Filename=winres32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.FD" target="_blank">SPYBOT.FD</a> WORM!
Source=Paul Collins Startup list

[Windows OLE Automation Server]
Number=12601
Confirmed=X
Filename=ole32aut.vbe
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list

[Windows Online Updater]
Number=12602
Confirmed=X
Filename=dllman.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotte.html" target=_blank>RBOT-TE</a> WORM!
Source=Paul Collins Startup list

[Windows Pc]
Number=12603
Confirmed=X
Filename=winmgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32bibota.html" target=_blank>BIBOT-A</a> WORM!
Source=Paul Collins Startup list

[Windows PDG]
Number=12604
Confirmed=X
Filename=winpdg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadw.html" target=_blank>RBOT-ADW</a> WORM!
Source=Paul Collins Startup list

[Windows Performance Monitor]
Number=12605
Confirmed=X
Filename=wmscupd.exe
Description=Added by the <a href="http://fileinfo.prevx.com/QQe41b17727304-WMSC13097780/WMSCUPD.EXE.html" target=_blank>IRCBOT_GEN</a> WORM!

Source=Paul Collins Startup list

[Windows PNP]
Number=12606
Confirmed=X
Filename=winpnp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotakn.html" target=_blank>RBOT-AKN</a> WORM!
Source=Paul Collins Startup list

[Windows PNP Server]
Number=12607
Confirmed=X
Filename=pnpsrv.exe
Description=Added by <a href="http://vil.nai.com/vil/content/v_135434.htm" target=_blank>this</a> variant of the SDBOT WORM!
Source=Paul Collins Startup list

[Windows Portable Device Drivers]
Number=12608
Confirmed=X
Filename=MSKSVRVS.EXE
Description=Added by a TROJAN - see <a href="http://fileinfo.prevx.com/adware/qq34f876137243-MSKS34826820/MSKSVRVS.EXE.html" target="_blank">here</a>
Source=Paul Collins Startup list

[Windows Portable Devices]
Number=12609
Confirmed=X
Filename=MSKSVRTSS.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2007-021609-4120-99" target="_blank">SPYBOT.APEO</a> WORM!
Source=Paul Collins Startup list

[Windows Print Monitor Daemon]
Number=12610
Confirmed=X
Filename=[random filename].exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Print Spooler]
Number=12611
Confirmed=?
Filename=SCVHOSTS.EXE
Description=Suspicious due to the similarity to the valid "svchost.exe" file
Source=Paul Collins Startup list

[Windows Print Spooler]
Number=12612
Confirmed=X
Filename=NavAgent32.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[Windows Print Spooler]
Number=12613
Confirmed=X
Filename=SVEHOST.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.H" target="_blank">SPYBOT.H</a> WORM!
Source=Paul Collins Startup list

[Windows Process]
Number=12614
Confirmed=X
Filename=win_update.exe
Description=Added by the <a href="http://ve.nod32.ch/worms/lastword.php" target="_blank">LASTWORD</a> WORM!
Source=Paul Collins Startup list

[Windows Process Manager]
Number=12615
Confirmed=X
Filename=winproc.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Windows Processe Manager]
Number=12616
Confirmed=X
Filename=mspn32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Proffesional Security]
Number=12617
Confirmed=X
Filename=WinSecure32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.VA&VSect=T" target="_blank">AGOBOT.VA</a> WORM
Source=Paul Collins Startup list

[Windows Protectot]
Number=12618
Confirmed=X
Filename=boxide.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN" target=_blank>WOOTBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Recylinder Check]
Number=12619
Confirmed=X
Filename=zwdomsgemw.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotegj.html" target="_blank">RBOT-EGJ</a> WORM!
Source=Paul Collins Startup list

[Windows Reg Services]
Number=12620
Confirmed=X
Filename=ffservice.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderpl.html" target=_blank>DLOADER-PL</a> or <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderxm.html" target=_blank>DLOADER-XM</a> TROJANS!
Source=Paul Collins Startup list

[Windows Reg Services]
Number=12621
Confirmed=X
Filename=dservice.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojproratd.html" target=_blank>PRORAT-D</a> TROJAN!
Source=Paul Collins Startup list

[Windows Reg Services]
Number=12622
Confirmed=X
Filename=fservice.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojproratd.html" target=_blank>PRORAT-D</a> TROJAN!
Source=Paul Collins Startup list

[Windows Reg Services]
Number=12623
Confirmed=X
Filename=ssservice.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojproratd.html" target=_blank>PRORAT-D</a> TROJAN!
Source=Paul Collins Startup list

[Windows Reg Services]
Number=12624
Confirmed=X
Filename=lncom.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojprorato.html" target="_blank">PRORAT-O</a> TROJAN!
Source=Paul Collins Startup list

[Windows Reg Services]
Number=12625
Confirmed=X
Filename=lservice.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojprorato.html" target="_blank">PRORAT-O</a> TROJAN!
Source=Paul Collins Startup list

[Windows Reg Services]
Number=12626
Confirmed=X
Filename=wservice.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojprorato.html" target="_blank">PRORAT-O</a> TROJAN!
Source=Paul Collins Startup list

[WINDOWS REGISTER EDIT]
Number=12627
Confirmed=X
Filename=registr32.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Windows Register Settings]
Number=12628
Confirmed=X
Filename=svmhost.exe
Description=Added by a variant of the <a href="http://sophos.com.au/virusinfo/analyses/w32forbotgen.html" target= blank>FORBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Registers]
Number=12629
Confirmed=X
Filename=winservicess.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Registry]
Number=12630
Confirmed=X
Filename=msnmsg.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Registry]
Number=12631
Confirmed=X
Filename=winhost.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Registry Cleaner]
Number=12632
Confirmed=X
Filename=winclean.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Registry Express Loader]
Number=12633
Confirmed=X
Filename=regexpress.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotcj.html" target=_blank>FORBOT-CJ</a> WORM!
Source=Paul Collins Startup list

[Windows Registry Manager]
Number=12634
Confirmed=X
Filename=tasksmanagers.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061416-0223-99" target=_blank>MYTOB.ER</a> WORM!
Source=Paul Collins Startup list

[Windows Registry Name]
Number=12635
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaeb.html" target=_blank>RBOT-AEB</a> WORM!
Source=Paul Collins Startup list

[Windows Registry Name]
Number=12636
Confirmed=X
Filename=winses.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadb.html" target=_blank>RBOT-ADB</a> WORM!
Source=Paul Collins Startup list

[Windows Registry Repair Pro]
Number=12637
Confirmed=U
Filename=RegistryRepairPro.exe
Description=<a href="http://www.3bsoftware.com/products/registryrepair.asp" target="_blank">Registry Repair Pro</a>. "Scans the Windows Registry for invalid or obsolete information in the registry"
Source=Paul Collins Startup list

[Windows Registry Scan]
Number=12638
Confirmed=X
Filename=regscan32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.KE&Vsect=T" target="_blank">RBOT.KE</a> WORM!
Source=Paul Collins Startup list

[Windows Registry Scan]
Number=12639
Confirmed=X
Filename=timeupdate.exe
Description=Added by the <a href="http://nl.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_SPYBOT.JE" target=_blank>SPYBOT.JE</a> WORM!
Source=Paul Collins Startup list

[Windows Registry Scan]
Number=12640
Confirmed=X
Filename=svcdll.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbottp.html" target= blank>RBOT-TP</a> WORM!
Source=Paul Collins Startup list

[Windows Registry Scan]
Number=12641
Confirmed=X
Filename=regscan23.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Registry Security]
Number=12642
Confirmed=X
Filename=crss.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102711-3533-99" target=_blank>IRC.BOT</a> TROJAN!
Source=Paul Collins Startup list

[Windows Registry Startup]
Number=12643
Confirmed=X
Filename=wind32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotbz.html" target="_blank">AGOBOT-BZ</a> WORM!
Source=Paul Collins Startup list

[Windows Repair]
Number=12644
Confirmed=X
Filename=toxikx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotadl.html" target=_blank>SDBOT-ADL</a> WORM!
Source=Paul Collins Startup list

[Windows report]
Number=12645
Confirmed=X
Filename=swchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallbd.html" target=_blank>SMALL-BD</a> TROJAN!
Source=Paul Collins Startup list

[windows run]
Number=12646
Confirmed=X
Filename=system.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32icpassa.html" target= blank>ICPASS-A</a> WORM!
Source=Paul Collins Startup list

[Windows Run-Time 64bit]
Number=12647
Confirmed=X
Filename=win64rt.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Runtime Help]
Number=12648
Confirmed=X
Filename=win32hlp.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=71374" target="_blank">AIMVISION</a> TROJAN!
Source=Paul Collins Startup list

[Windows Runtime Help]
Number=12649
Confirmed=X
Filename=WinRunHelp.wrh
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=71374" target="_blank">AIMVISION</a> TROJAN!
Source=Paul Collins Startup list

[Windows Runtime Proccess]
Number=12650
Confirmed=X
Filename=32RUNdll.exe
Description=Added by the <a href="http://ae.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_SDBOT.QW" target=_blank>SDBOT.QW</a> WORM!
Source=Paul Collins Startup list

[Windows SA]
Number=12651
Confirmed=X
Filename=omniscient.exe
Description=<a href="http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADWARE%5FBLAZE" target="_blank">BLAZEFIND</a> adware
Source=Paul Collins Startup list

[Windows Screensaver]
Number=12652
Confirmed=X
Filename=Service.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041023-0138-99" target=_blank>KELVIR.P</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SCREENSAVER]
Number=12653
Confirmed=X
Filename=ssaver.scr
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotyz.html" target=_blank>SDBOT-YZ</a> WORM!
Source=Paul Collins Startup list

[Windows secure]
Number=12654
Confirmed=X
Filename=setver32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.EP" target="_blank">SPYBOT.EP</a> WORM!
Source=Paul Collins Startup list

[Windows Secure Connection]
Number=12655
Confirmed=X
Filename=winsc.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Secure Layer]
Number=12656
Confirmed=X
Filename=[random filename]
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Secure Messaging System]
Number=12657
Confirmed=X
Filename=msnmsgrsrvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotre.html" target=_blank>RBOT-RE</a> WORM!
Source=Paul Collins Startup list

[Windows Secure Services]
Number=12658
Confirmed=X
Filename=ssms.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgar.html" target="_blank">RBOT-GAR</a> WORM!
Source=Paul Collins Startup list

[Windows Secure Update]
Number=12659
Confirmed=X
Filename=winupser.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgcg.html" target="_blank">RBOT-GCG</a> WORM!
Source=Paul Collins Startup list

[Windows Secure Update]
Number=12660
Confirmed=X
Filename=WinSecUp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgcd.html" target="_blank">RBOT-GCD</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SECURITY]
Number=12661
Confirmed=X
Filename=wingrd.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Security]
Number=12662
Confirmed=X
Filename=win.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotapt.html" target=_blank>RBOT-APT</a> WORM!
Source=Paul Collins Startup list

[Windows Security]
Number=12663
Confirmed=X
Filename=ms32.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotarn.html" target=_blank>RBOT-ARN</a> WORM!
Source=Paul Collins Startup list

[Windows Security]
Number=12664
Confirmed=X
Filename=winscure.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbaf.html" target=_blank>RBOT-BAF</a> WORM!
Source=Paul Collins Startup list

[Windows Security Assistant]
Number=12665
Confirmed=X
Filename=rundll32.vbe
Description=CoolWebSearch <a href=" http://cwshredder.net/cwshredder/cwschronicles.html#alfasearch" target=_blank>Alfasearch</a> parasite variant - also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpau.html" target= blank>STARTPA-U</a> TROJAN!
Source=Paul Collins Startup list

[Windows Security Assistant]
Number=12666
Confirmed=X
Filename=winsec.exe
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list

[Windows Security Authority Service]
Number=12667
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kalela.html" target=_blank>KALEL-A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target="_blank">lsass.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[Windows Security Center Notification Appls]
Number=12668
Confirmed=X
Filename=sxe.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgkx.html" target="_blank">RBOT-GKX</a> WORM!
Source=Paul Collins Startup list

[Windows Security Center Notification Applse]
Number=12669
Confirmed=X
Filename=sxes.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotglr.html" target="_blank">RBOT-GLR</a> WORM!
Source=Paul Collins Startup list

[Windows Security Manager]
Number=12670
Confirmed=X
Filename=winsecurity.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotki.html" target= blank>AGOBOT-KI</a> WORM!
Source=Paul Collins Startup list

[Windows Security Manager]
Number=12671
Confirmed=X
Filename=winsecure.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120910-4256-99" target=_blank>Affilred</a> adware
Source=Paul Collins Startup list

[Windows Security Manager]
Number=12672
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-012815-0103-99" target=_blank>ANTINNY.AX</a> WORM!! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Microsoft" subfolder
Source=Paul Collins Startup list

[Windows Security Module]
Number=12673
Confirmed=X
Filename=module.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!

Source=Paul Collins Startup list

[Windows Security Service]
Number=12674
Confirmed=X
Filename=[random file name]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotalv.html" target=_blank>RBOT-ALV</a> WORM!
Source=Paul Collins Startup list

[Windows Security Service]
Number=12675
Confirmed=X
Filename=arrdt.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Security Service]
Number=12676
Confirmed=X
Filename=windows.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotamg.html" target="_blank">RBOT-AMG</a> WORM!
Source=Paul Collins Startup list

[Windows Security Update]
Number=12677
Confirmed=X
Filename=security32.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120910-4256-99" target=_blank>Affilred</a> adware
Source=Paul Collins Startup list

[Windows Serv Patch]
Number=12678
Confirmed=X
Filename=Mcaffe2005.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows ServeAd]
Number=12679
Confirmed=X
Filename=WinServAd.exe
Description=Windupdates adware variant
Source=Paul Collins Startup list

[Windows Server Information]
Number=12680
Confirmed=X
Filename=servinfo.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forboten.html" target=_blank>FORBOT-EN</a> WORM!
Source=Paul Collins Startup list

[Windows Servic2]
Number=12681
Confirmed=X
Filename=winsy.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaia.html" target=_blank>RBOT-AIA</a> WORM!
Source=Paul Collins Startup list

[Windows service]
Number=12682
Confirmed=X
Filename=wuamgrd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqw.html" target=_blank>RBOT-QW</a> WORM!
Source=Paul Collins Startup list

[Windows Service]
Number=12683
Confirmed=X
Filename=dddd.exe
Description=Identified by Kaspersky Labs as Dialer.Salc, also known to come with the Bube family <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=41518" target=_blank>trojans</a>
Source=Paul Collins Startup list

[Windows Service]
Number=12684
Confirmed=X
Filename=prvdi.exe
Description=Malware - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan-Dropper.Win32.Small.rd
Source=Paul Collins Startup list

[Windows Service]
Number=12685
Confirmed=X
Filename=video.exe
Description=Added by an unidentified TROJAN!
Source=Paul Collins Startup list

[Windows Service]
Number=12686
Confirmed=X
Filename=svvhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobothl.html" target=_blank>AGOBOT-HL</a> WORM!
Source=Paul Collins Startup list

[Windows Service]
Number=12687
Confirmed=X
Filename=private-zone.exe
Description=Added by an unidentified <a href="http://www.f-secure.com/v-descs/trojclik.shtml" target=_blank>TROJAN.CLICKER</a>!
Source=Paul Collins Startup list

[Windows Service]
Number=12688
Confirmed=X
Filename=pd7.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.VZ" target="_blank">SMALL.VZ</a> TROJAN!
Source=Paul Collins Startup list

[Windows Service]
Number=12689
Confirmed=X
Filename=dstart4.exe
Description=Added by an unidentified TROJAN!
Source=Paul Collins Startup list

[Windows Service]
Number=12690
Confirmed=X
Filename=pd14.exe
Description=Adware, detected by <a href="http://www.diamondcs.com.au/" target="_blank">DiamondCS</a> TDS-3 anti-trojan as "TrojanDownloader.Win32.Delf.dg"
Source=Paul Collins Startup list

[Windows Service]
Number=12691
Confirmed=X
Filename=video2.exe
Description=Added by the DOWNLOADER.SMALL.MY TROJAN!
Source=Paul Collins Startup list

[Windows Service]
Number=12692
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kalela.html" target=_blank>KALEL-A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[Windows Service]
Number=12693
Confirmed=X
Filename=WINSVC.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojspybotdh.html" target="_blank">SPYBOT-DH</a> TROJAN!
Source=Paul Collins Startup list

[Windows Service]
Number=12694
Confirmed=X
Filename=r.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.VZ" target="_blank">SMALL.VZ</a> TROJAN!
Source=Paul Collins Startup list

[Windows Service]
Number=12695
Confirmed=X
Filename=windowz.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotayi.html" target="_blank">SDBOT-AYI</a> WORM! Note - dissables the automatic startup of other software and deactivates the Microsoft Internet Connection Firewall (ICF)
Source=Paul Collins Startup list

[Windows Service Agent]
Number=12696
Confirmed=X
Filename=czf.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgaj.html" target="_blank">RBOT-GAJ</a> WORM!
Source=Paul Collins Startup list

[Windows Service Controller]
Number=12697
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kalelb.html" target=_blank>KALEL-B</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[Windows Service DC]
Number=12698
Confirmed=X
Filename=uhpnjcjl.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgly.html" target="_blank">RBOT-GLY</a> WORM!
Source=Paul Collins Startup list

[Windows Service Host]
Number=12699
Confirmed=X
Filename=scvhost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080614-1748-99" target="_blank">SDBOT.N</a> TROJAN!
Source=Paul Collins Startup list

[Windows Service Host]
Number=12700
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-030118-0547-99" target=_blank>CONE.B</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list

[Windows Service Host]
Number=12701
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kalelc.html" target=_blank>KALEL-C</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list

[Windows Service Host]
Number=12702
Confirmed=X
Filename=schost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
Source=Paul Collins Startup list

[Windows Service Host Process]
Number=12703
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ezioa.html" target= blank>EZIO-A</a> WORM!
Source=Paul Collins Startup list

[Windows Service Hosting]
Number=12704
Confirmed=X
Filename=USERINIT.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32gommera.html" target=_blank>GOMMER-A</a> WORM!
Source=Paul Collins Startup list

[Windows Service Loader]
Number=12705
Confirmed=X
Filename=Window.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxo.html" target= blank>RBOT-XO</a> WORM!
Source=Paul Collins Startup list

[Windows Service Manager]
Number=12706
Confirmed=X
Filename=userint32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32oscabotc.html" target= blank>OSCABOT-C</a> WORM!
Source=Paul Collins Startup list

[Windows Service Manager]
Number=12707
Confirmed=X
Filename=localsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Windows Service Manager]
Number=12708
Confirmed=X
Filename=msgs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32oscabote.html" target=_blank>OSCABOT-E</a> WORM!
Source=Paul Collins Startup list

[Windows Service Manager]
Number=12709
Confirmed=X
Filename=msnmrg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32oscabotg.html" target=_blank>OSCABOT-G</a> WORM!
Source=Paul Collins Startup list

[Windows Service Manager]
Number=12710
Confirmed=X
Filename=netsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Windows Service Manager]
Number=12711
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Windows Service Manager]
Number=12712
Confirmed=X
Filename=svcadmin.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Windows Service Manager]
Number=12713
Confirmed=X
Filename=svcman.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Windows Service Manager]
Number=12714
Confirmed=X
Filename=svcmgr32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32oscabotd.html" target=_blank>OSCABOT-D</a> WORM!
Source=Paul Collins Startup list

[Windows Service Manager]
Number=12715
Confirmed=X
Filename=svcrun.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Windows Service Manager]
Number=12716
Confirmed=X
Filename=tcpsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Windows Service Manager]
Number=12717
Confirmed=X
Filename=websvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Windows Service Manager]
Number=12718
Confirmed=X
Filename=taskmgr.exe 
Description=Detected as Trojan-Spy.Win32.IamBigBrother.91 by Kaspersky, possibly a commercial keylogger
Source=Paul Collins Startup list

[Windows Service Pack Auto Update]
Number=12719
Confirmed=X
Filename=winworks.exe
Description=Adware downloader, identified by <a href="http://www.mwti.com/antivirus/escan/escaniss.asp" target=_blank>eScan</a> antivirus as Trojan-Clicker.Agent.bt
Source=Paul Collins Startup list

[Windows Service Pack Auto Update]
Number=12720
Confirmed=X
Filename=figgaz.exe
Description=Added by a <a href="http://www.f-secure.com/v-descs/trojclik.shtml" target=_blank>TROJAN.CLICKER</a> - identified by Kaspersky antivirus as Trojan-Clicker.Agent.bt
Source=Paul Collins Startup list

[Windows Service Pack Auto Update]
Number=12721
Confirmed=X
Filename=ballin.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Windows Service Pack Auto Update]
Number=12722
Confirmed=X
Filename=del-me.exe
Description=Adware, also detected as the LOWZONES.BH TROJAN!
Source=Paul Collins Startup list

[Windows Service Pack2]
Number=12723
Confirmed=X
Filename=svchhost.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Service Pack2]
Number=12724
Confirmed=X
Filename=WIN43.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_GAOBOT.G" target="_blank">GAOBOT.G</a> WORM!
Source=Paul Collins Startup list

[Windows Service Support Call]
Number=12725
Confirmed=X
Filename=SVSS32.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxq.html" target= blank>RBOT-XQ</a> WORM!
Source=Paul Collins Startup list

[Windows Service Utitity]
Number=12726
Confirmed=X
Filename=winsrvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasi.html" target=_blank>RBOT-ASI</a> WORM!
Source=Paul Collins Startup list

[Windows Service XP]
Number=12727
Confirmed=X
Filename=XpFirewall.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041021-4010-99" target=_blank>MYTOB.AM</a> WORM!
Source=Paul Collins Startup list

[Windows Services]
Number=12728
Confirmed=X
Filename=service.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102418-0851-99" target="_blank">RANDEX.R</a> WORM!
Source=Paul Collins Startup list

[Windows Services]
Number=12729
Confirmed=X
Filename=svchosts.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotkl.html" target=_blank>AGOBOT-KL</a> TROJAN!
Source=Paul Collins Startup list

[Windows Services]
Number=12730
Confirmed=X
Filename=Explorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwt.html" target="_blank">SDBOT-WT</a> WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System32 subfolder
Source=Paul Collins Startup list

[Windows Services]
Number=12731
Confirmed=X
Filename=NetworkDriver32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotacr.html" target=_blank>RBOT-ACR</a> WORM!
Source=Paul Collins Startup list

[Windows Services]
Number=12732
Confirmed=X
Filename=scmsg.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Services]
Number=12733
Confirmed=X
Filename=scvhoste.exe
Description=Added by <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042413-0059-99" target= blank>SPYBOT.OBZ</a> WORM!
Source=Paul Collins Startup list

[Windows Services]
Number=12734
Confirmed=X
Filename=winsvc32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobcb.html" target= blank>MYTOB-CB</a> WORM!
Source=Paul Collins Startup list

[Windows Services]
Number=12735
Confirmed=X
Filename=NetworkDrivers.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotyo.html" target=_blank>SDBOT-YO</a> WORM!
Source=Paul Collins Startup list

[Windows Services]
Number=12736
Confirmed=X
Filename=smsc.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Services]
Number=12737
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.CPZ&VSect=T" target=_blank>SDBOT.CPZ</a> WORM!
Source=Paul Collins Startup list

[Windows Services]
Number=12738
Confirmed=X
Filename=iexplore.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotwe.html" target=_blank>RBOT-WE</a> WORM! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a>) process, which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup unless you add it manually! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[Windows Services Host]
Number=12739
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-022214-4101-99" target="_blank">CONE</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031218-2446-99" target="_blank">CONE.E</a> WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list

[Windows Services Hosts]
Number=12740
Confirmed=X
Filename=svhosts.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsdbotyh.html" target=_blank>SDBOT-YH</a> TROJAN!
Source=Paul Collins Startup list

[Windows Services Ink Platform Tablet Input Subsystem]
Number=12741
Confirmed=X
Filename=wsiptis.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.APC" target="_blank">RBOT.APC</a> WORM!
Source=Paul Collins Startup list

[Windows Services Layer]
Number=12742
Confirmed=X
Filename=winlogz2.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfze.html" target="_blank">RBOT-FZE</a> WORM!
Source=Paul Collins Startup list

[Windows Services Layer]
Number=12743
Confirmed=X
Filename=winl0g0.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfzq.html" target="_blank">RBOT-FZQ</a> WORM!
Source=Paul Collins Startup list

[Windows Services Layer]
Number=12744
Confirmed=X
Filename=sslms.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgah.html" target="_blank">RBOT-GAH</a> WORM!
Source=Paul Collins Startup list

[Windows Services Update]
Number=12745
Confirmed=X
Filename=svch0st.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM! Note - the filename has the digit 0 rather then the uppercase "o"
Source=Paul Collins Startup list

[Windows Session Manager]
Number=12746
Confirmed=X
Filename=smss32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Session Manager Subsystem]
Number=12747
Confirmed=X
Filename=smss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kalelb.html" target=_blank>KALEL-B</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target="_blank">smss.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list

[Windows shell]
Number=12748
Confirmed=?
Filename=win70.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Windows Shell]
Number=12749
Confirmed=X
Filename=shell.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobca.html" target= blank>MYTOB-CA</a> WORM!
Source=Paul Collins Startup list

[Windows Shell]
Number=12750
Confirmed=X
Filename=taskgmr.exe
Description=Added by the <a href="http://ve.nod32.ch/worms/mytobbv.php" target=_blank>MYTOB.BV</a> WORM!
Source=Paul Collins Startup list

[Windows Shell Library Loader]
Number=12751
Confirmed=X
Filename=load shell.dll
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list

[windows shellext.32]
Number=12752
Confirmed=X
Filename=mschost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-020315-0338-99" target="_blank">BLASTER.K</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SKY]
Number=12753
Confirmed=X
Filename=sky.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051711-3809-99" target=_blank>MYTOB.CH</a> WORM!
Source=Paul Collins Startup list

[Windows Smart Manager]
Number=12754
Confirmed=X
Filename=smart.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotsl.html" target=_blank>RBOT-SL</a> WORM!
Source=Paul Collins Startup list

[Windows Socket Procedure]
Number=12755
Confirmed=X
Filename=WinSock32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfmx.html" target="_blank">RBOT-FMX</a> WORM!
Source=Paul Collins Startup list

[Windows Software]
Number=12756
Confirmed=X
Filename=hbsppe.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgll.html" target="_blank">RBOT-GLL</a> WORM!
Source=Paul Collins Startup list

[Windows Sound Driver]
Number=12757
Confirmed=X
Filename=SndMon32.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Sound Manager]
Number=12758
Confirmed=X
Filename=SndMon32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbu.html" target=_blank>FORBOT-BU</a> WORM!
Source=Paul Collins Startup list

[Windows Sound Manager]
Number=12759
Confirmed=X
Filename=SndMon16.exe
Description=Added by a variant of the <a href="http://sophos.com.au/virusinfo/analyses/w32forbotgen.html" target=_blank>FORBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Sound Verifier]
Number=12760
Confirmed=X
Filename=WinIp32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfmo.html" target="_blank">RBOT-FMO</a> WORM!
Source=Paul Collins Startup list

[Windows SP2 Firewall]
Number=12761
Confirmed=X
Filename=wfirewall7.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows SP2 Update]
Number=12762
Confirmed=X
Filename=Sp2update.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.BS" target="_blank">WOOTBOT.BS</a> WORM!

Source=Paul Collins Startup list

[Windows SP2 Version Load]
Number=12763
Confirmed=X
Filename=wuauclt32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_GAOBOT.CX" target="_blank">GAOBOT.CX</a> WORM!
Source=Paul Collins Startup list

[Windows SP4]
Number=12764
Confirmed=X
Filename=directCC.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotacx.html" target=_blank>RBOT-ACX</a> WORM!
Source=Paul Collins Startup list

[Windows Spool Server]
Number=12765
Confirmed=X
Filename=spoolsrv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotact.html" target=_blank>SDBOT-ACT</a> WORM!
Source=Paul Collins Startup list

[Windows SpoolaPrint Service]
Number=12766
Confirmed=X
Filename=spoolasrv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotayd.html" target=_blank>SDBOT-AYD</a> WORM!
Source=Paul Collins Startup list

[Windows Spooler]
Number=12767
Confirmed=X
Filename=SPOOLSRV.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.P" target="_blank">SPYBOT.P</a> WORM!
Source=Paul Collins Startup list

[Windows Spooler]
Number=12768
Confirmed=X
Filename=spoolsv32.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Windows Spooler Services]
Number=12769
Confirmed=X
Filename=spool.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotamo.html" target= blank>AGOBOT-AMO</a> WORM!
Source=Paul Collins Startup list

[Windows SpoolPrint Service]
Number=12770
Confirmed=X
Filename=spoolersrv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzt.html" target=_blank>SDBOT-ZT</a> WORM!
Source=Paul Collins Startup list

[Windows Spools SV]
Number=12771
Confirmed=X
Filename=winsv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotauq.html" target=_blank>RBOT-AUQ</a> WORM!
Source=Paul Collins Startup list

[Windows spoolservr Service]
Number=12772
Confirmed=X
Filename=spoolservr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaan.html" target=_blank>SDBOT-AAN</a> WORM!
Source=Paul Collins Startup list

[Windows Spoolsre Service]
Number=12773
Confirmed=X
Filename=spoolsre.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaae.html" target=_blank>SDBOT-AAE</a> WORM!
Source=Paul Collins Startup list

[Windows Spoolsrv Service]
Number=12774
Confirmed=X
Filename=spoolmsv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzs.html" target=_blank>SDBOT-ZS</a> WORM!
Source=Paul Collins Startup list

[windows spoolsrv service]
Number=12775
Confirmed=X
Filename=spoolssv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotawv.html" target=_blank>SDBOT-AWV</a> WORM!
Source=Paul Collins Startup list

[Windows Spoolsurf Service]
Number=12776
Confirmed=X
Filename=spoolsurf.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzz.html" target=_blank>SDBOT-ZZ</a> WORM!
Source=Paul Collins Startup list

[Windows SpooltPrint Service]
Number=12777
Confirmed=X
Filename=spooltsrv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaye.html" target=_blank>SDBOT-AYE</a> WORM!
Source=Paul Collins Startup list

[Windows Spoolvvv Service]
Number=12778
Confirmed=X
Filename=spoolvvv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaaw.html" target="_blank">SDBOT-AAW</a> WORM!
Source=Paul Collins Startup list

[Windows spyware remover]
Number=12779
Confirmed=X
Filename=Windows-spyware.exe
Description=Added by the <a href="http://fileinfo.prevx.com/adware/qqd9fa32105138-WIND21466228/WINDOWS-SPYWARE.EXE.html" target="_blank">SystemPoser</a> TROJAN!
Source=Paul Collins Startup list

[Windows sq Drivers]
Number=12780
Confirmed=X
Filename=winmsn32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadi.html" target=_blank>RBOT-ADI</a> WORM!
Source=Paul Collins Startup list

[Windows Sql Service For Windows 32 Bit]
Number=12781
Confirmed=X
Filename=winsql32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotfc.html" target=_blank>FORBOT-FC</a> WORM!
Source=Paul Collins Startup list

[Windows SSH Client]
Number=12782
Confirmed=X
Filename=winssh.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxc.html" target=_blank>RBOT-AXC</a> WORM!
Source=Paul Collins Startup list

[Windows SSL File]
Number=12783
Confirmed=X
Filename=winssv.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.CA" target="_blank">WOOTBOT.CA</a> WORM!
Source=Paul Collins Startup list

[Windows SSL Secondary Drivers]
Number=12784
Confirmed=X
Filename=SSL32Dr.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ASQ&VSect=T" target=_blank>SDBOT.ASQ</a> WORM!
Source=Paul Collins Startup list

[Windows Stand Sound Drivers]
Number=12785
Confirmed=X
Filename=Sounddrv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxf.html" target=_blank>SDBOT-XF</a> WORM!
Source=Paul Collins Startup list

[Windows Standard Securty]
Number=12786
Confirmed=X
Filename=[random 3-letter filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotalf.html" target=_blank>RBOT-ALF</a> WORM!
Source=Paul Collins Startup list

[Windows Start Server 2000]
Number=12787
Confirmed=X
Filename=traficy.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahm.html" target=_blank>RBOT-AHM</a> WORM!
Source=Paul Collins Startup list

[Windows Startup]
Number=12788
Confirmed=X
Filename=winsta~1.exe
Description=<a href="http://accs-net.com/smallfish/gohip.htm" target="_blank">GoHip</a> foistware
Source=Paul Collins Startup list

[Windows Startup]
Number=12789
Confirmed=X
Filename=winstartup.exe
Description=<a href="http://accs-net.com/smallfish/gohip.htm" target="_blank">GoHip</a> foistware
Source=Paul Collins Startup list

[Windows Startup]
Number=12790
Confirmed=X
Filename=Wdrun32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
Source=Paul Collins Startup list

[Windows Startup]
Number=12791
Confirmed=X
Filename=services21.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotmx.html" target="_blank">AGOBOT-MX</a> WORM!
Source=Paul Collins Startup list

[Windows Startup 32 Bits]
Number=12792
Confirmed=X
Filename=sysrun32.exe
Description=Added by a variant of the DARKSUN TROJAN!
Source=Paul Collins Startup list

[Windows Stortup]
Number=12793
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtogerv.html" target=_blank>TOGER-V</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[Windows Streams Server]
Number=12794
Confirmed=X
Filename=localsrv.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.LN" target="_blank">SDBOT.LN</a> WORM!
Source=Paul Collins Startup list

[Windows Subsys]
Number=12795
Confirmed=X
Filename=winload.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NETSPREE.C" target="_blank">NETSPREE.C</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SVC]
Number=12796
Confirmed=X
Filename=winsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobey.html" target=_blank>MYTOB-EY</a> WORM!
Source=Paul Collins Startup list

[Windows Svshost Service Update 32]
Number=12797
Confirmed=X
Filename=svcsshost32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotgd.html" target=_blank>FORBOT-GD</a> WORM!
Source=Paul Collins Startup list

[Windows SyncroAd]
Number=12798
Confirmed=X
Filename=SyncroAd.exe
Description=Windupdates adware variant
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12799
Confirmed=X
Filename=beta.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060314-1551-99" target=_blank>MYTOB.DF</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12800
Confirmed=X
Filename=dcomuser.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061412-0421-99" target=_blank>MYTOB.EO</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12801
Confirmed=X
Filename=lf66prc.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062415-4022-99" target=_blank>MYTOB.GC</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12802
Confirmed=X
Filename=msdev32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061314-2404-99" target=_blank>MYTOB.EH</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12803
Confirmed=X
Filename=nec.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobl.html" target=_blank>MYTOB-L</a> WORM or variants!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12804
Confirmed=X
Filename=nibie.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobby.html" target=_blank>MYTOB-BY</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12805
Confirmed=X
Filename=ninfoie.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobep.html" target=_blank>MYTOB-EP</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12806
Confirmed=X
Filename=skybot.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobcx.html" target=_blank>MYTOB-CX</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12807
Confirmed=X
Filename=skybotx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobby.html" target=_blank>MYTOB-BY</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12808
Confirmed=X
Filename=smoc.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062217-2759-99" target=_blank>MYTOB.FU</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12809
Confirmed=X
Filename=smsc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobbr.html" target=_blank>MYTOB-BR</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12810
Confirmed=X
Filename=test.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060616-5105-99" target=_blank>MYTOB.DJ</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12811
Confirmed=U
Filename=test2.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060616-5105-99" target=_blank>MYTOB.DJ</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12812
Confirmed=X
Filename=test3.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060913-3528-99" target=_blank>MYTOB.DV</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12813
Confirmed=X
Filename=wdns33.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobby.html" target=_blank>MYTOB-BY</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12814
Confirmed=X
Filename=win.exe.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061612-1304-99" target=_blank>MYTOB.FA</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12815
Confirmed=X
Filename=winaup.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobdn.html" target=_blank>MYTOB-DN</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12816
Confirmed=X
Filename=winligon.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061413-5518-99" target=_blank>MYTOB.EP</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12817
Confirmed=X
Filename=winmon.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062410-0444-99" target=_blank>MYTOB.GB</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12818
Confirmed=X
Filename=winNTsys32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobdm.html" target=_blank>MYTOB-DM</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12819
Confirmed=X
Filename=winsvc32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-071116-2302-99" target=_blank>MYTOB.HH</a> WORM!
Source=Paul Collins Startup list

[Windows System]
Number=12820
Confirmed=X
Filename=WINSYS.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaef.html" target=_blank>RBOT-AEF</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12821
Confirmed=X
Filename=winsys33.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061316-2145-99" target=_blank>MYTOB.EK</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12822
Confirmed=X
Filename=winvnc.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061509-3649-99" target=_blank>MYTOB.EU</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12823
Confirmed=X
Filename=winxpserv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobbq.html" target=_blank>MYTOB-BQ</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12824
Confirmed=X
Filename=xxx.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060214-2034-99" target=_blank>MYTOB.CZ</a> WORM!
Source=Paul Collins Startup list

[Windows System]
Number=12825
Confirmed=X
Filename=winsys32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobis.html" target="_blank">MYTOB-IS</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12826
Confirmed=X
Filename=\skybot.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.JU" target=_blank>MYTOB.JU</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12827
Confirmed=X
Filename=botzor.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_135433.htm" target=_blank>ZOTOB</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12828
Confirmed=X
Filename=gothica.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.HU&VSect=P" target=_blank>MYTOB.HU</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12829
Confirmed=X
Filename=msnl.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-072915-5351-99" target=_blank>MYTOB.IK</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12830
Confirmed=X
Filename=per.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_135473.htm" target=_blank>ZOTOB.C</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12831
Confirmed=X
Filename=twunk_65.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobeg.html" target=_blank>MYTOB-EG</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12832
Confirmed=X
Filename=servce.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobei.html" target=_blank>MYTOB-EI</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12833
Confirmed=X
Filename=servises.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32zotobi.html" target=_blank>ZOTOB-I</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12834
Confirmed=X
Filename=xpupdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32zotobg.html" target=_blank>ZOTOB-G</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12835
Confirmed=X
Filename=expI0rer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobfi.html" target=_blank>MYTOB-FI</a> WORM! Note the upper case "i" and number "0" in the filename
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12836
Confirmed=X
Filename=msn32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobfx.html" target=_blank>MYTOB-FX</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12837
Confirmed=X
Filename=sky.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.LB&VSect=P" target=_blank>MYTOB.LB</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12838
Confirmed=X
Filename=Win32IMAPSVR.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobfq.html" target=_blank>MYTOB-FQ</a> or <a href="http://www.sophos.com/virusinfo/analyses/w32mytobfu.html" target=_blank>MYTOB-FU</a> WORMS!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12839
Confirmed=X
Filename=winsvc.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.LM&VSect=P" target=_blank>MYTOB.LM</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12840
Confirmed=X
Filename=mswins.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.DP" target="_blank">MYTOB.DP</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12841
Confirmed=X
Filename=mtrnqs.exe
Description=Added by the  <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-072511-1029-99" target="_blank">MYTOB.IG</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM]
Number=12842
Confirmed=X
Filename=logic.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-071915-2624-99" target="_blank">MYTOB.IC</a> WORM!
Source=Paul Collins Startup list

[Windows System 32]
Number=12843
Confirmed=X
Filename=winsys_32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotftr.html" target="_blank">RBOT-FTR</a> WORM!
Source=Paul Collins Startup list

[Windows System 32-Bat Service]
Number=12844
Confirmed=X
Filename=win32bat.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061710-5807-99" target=_blank>MYTOB.FI</a> WORM!
Source=Paul Collins Startup list

[Windows System Backup]
Number=12845
Confirmed=X
Filename=SysBackup.exe
Description=Unidentified malware
Source=Paul Collins Startup list

[WINDOWS SYSTEM By FEnR]
Number=12846
Confirmed=X
Filename=windasz-updote.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.LR&VSect=P" target=_blank>MYTOB.LR</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM Cleaner]
Number=12847
Confirmed=X
Filename=h3.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061415-5940-99" target=_blank>MYTOB.EQ</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM CLEANER]
Number=12848
Confirmed=X
Filename=iexplore.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061516-3312-99" target=_blank>MYTOB.ET</a> WORM! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP)
Source=Paul Collins Startup list

[Windows System Configuration]
Number=12849
Confirmed=X
Filename=SYSCFG16.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojwisdoork.html" target="_blank">WISDOOR.Z</a> TROJAN!
Source=Paul Collins Startup list

[Windows System Configuration]
Number=12850
Confirmed=X
Filename=Passcfg16.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdomwise.html" target=_blank>DOMWIS-E</a> TROJAN!
Source=Paul Collins Startup list

[Windows System Configuration]
Number=12851
Confirmed=X
Filename=Winfrw.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030813-5906-99" target= blank>SOLUFINA</a> TROJAN or the <a href="http://www.sophos.com/virusinfo/analyses/w32domwisj.html" target= blank>DOMWIS-J</a> WORM!
Source=Paul Collins Startup list

[Windows System Configuration]
Number=12852
Confirmed=X
Filename=wincfg.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.OP&VSect=P" target=_blank>AGOBOT.OP</a> WORM!
Source=Paul Collins Startup list

[Windows System Configuration]
Number=12853
Confirmed=X
Filename=WINCFG32.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotte.html" target=_blank>AGOBOT-TE</a> WORM!
Source=Paul Collins Startup list

[Windows System Configuration]
Number=12854
Confirmed=X
Filename=WinNeth.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rethea.html" target=_blank>RETHE-A</a> WORM!
Source=Paul Collins Startup list

[Windows System Configuration]
Number=12855
Confirmed=X
Filename=nether.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32opankiab.html" target=_blank>Opanki-AB</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM Dns]
Number=12856
Confirmed=X
Filename=windsns.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061615-4731-99" target=_blank>MYTOB.EY</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM DNSPOOL]
Number=12857
Confirmed=X
Filename=hbmail.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062315-0547-99" target=_blank>MYTOB.FW</a> WORM!
Source=Paul Collins Startup list

[Windows System File]
Number=12858
Confirmed=X
Filename=cmxp.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030115-3720-99" target=_blank>SPYBOT.KHO</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM FILE]
Number=12859
Confirmed=X
Filename=winload.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.DK" target="_blank">MYTOB.DK</a> WORM!
Source=Paul Collins Startup list

[Windows System Gateway]
Number=12860
Confirmed=X
Filename=SPOOLER.EXE
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows System Init]
Number=12861
Confirmed=X
Filename=winit32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows System Manager]
Number=12862
Confirmed=X
Filename=winsystem.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotan.html" target="_blank">RBOT-AN</a> WORM!
Source=Paul Collins Startup list

[Windows System Manager]
Number=12863
Confirmed=X
Filename=CRSL.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.MG" target="_blank">SDBOT.MG</a> WORM!
Source=Paul Collins Startup list

[Windows System Manager]
Number=12864
Confirmed=X
Filename=sysconf.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041020-5503-99" target=_blank>MYTOB.AL</a> WORM!
Source=Paul Collins Startup list

[Windows System Manager]
Number=12865
Confirmed=X
Filename=smsc.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows System Manager]
Number=12866
Confirmed=X
Filename=crssm.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafh.html" target=_blank>RBOT-AFH</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM MANAGER]
Number=12867
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobly.html" target=_blank>MYTOB-LY</a> WORM!
Source=Paul Collins Startup list

[Windows System Manager Loader]
Number=12868
Confirmed=X
Filename=smsls.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.TF" target="_blank">AGOBOT.TF</a> WORM!
Source=Paul Collins Startup list

[Windows System Manager Proc]
Number=12869
Confirmed=X
Filename=winsmc.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.JH" target=_blank>RBOT.JH</a> WORM!

Source=Paul Collins Startup list

[WINDOWS SYSTEM MEMORY LOADER]
Number=12870
Confirmed=X
Filename=memloader.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobin.html" target="_blank">MYTOB-IN</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM mscdvvs]
Number=12871
Confirmed=X
Filename=mscdvvs.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.MD&VSect=P" target=_blank>MYTOB.MD</a> WORM!
Source=Paul Collins Startup list

[windows system notepad]
Number=12872
Confirmed=X
Filename=wnpsm.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows System Restore Configuration]
Number=12873
Confirmed=X
Filename=Sblhost.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Windows System Restorer]
Number=12874
Confirmed=X
Filename=SystemRestorer.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DULOAD.C" target="_blank">DULOAD.C</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEM SCALPE]
Number=12875
Confirmed=X
Filename=scalpe91.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobhi.html" target=_blank>MYTOB_HI</a> WORM!

Source=Paul Collins Startup list

[Windows System Security]
Number=12876
Confirmed=X
Filename=winmp.exe
Description=Added by the <a href="http://ae.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_RBOT.IV" target=_blank>RBOT.IV</a> WORM!
Source=Paul Collins Startup list

[Windows System Security]
Number=12877
Confirmed=X
Filename=sys32.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaol.html" target=_blank>RBOT-AOL</a> WORM!
Source=Paul Collins Startup list

[Windows System Security Monitor]
Number=12878
Confirmed=X
Filename=[4 random letters].exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-053111-1144-99" target=_blank>PINKTON.A</a> WORM!
Source=Paul Collins Startup list

[Windows System Serivce]
Number=12879
Confirmed=X
Filename=winserv.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!

Source=Paul Collins Startup list

[windows system service]
Number=12880
Confirmed=X
Filename=winsock.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmr.html" target=_blank>RBOT-MR</a> WORM!

Source=Paul Collins Startup list

[Windows System Service]
Number=12881
Confirmed=X
Filename=wnuserv.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2007-010316-2308-99" target="_blank">SPYBOT.ANDM</a> WORM!
Source=Paul Collins Startup list

[Windows System Tray]
Number=12882
Confirmed=U
Filename=msni.exe
Description=<a href="http://www.iambigbrother.com/" target="_blank">Iambigbrother</a> monitoring software
Source=Paul Collins Startup list

[Windows System Tray]
Number=12883
Confirmed=X
Filename=swhost.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[WINDOWS SYSTEM UPDATE]
Number=12884
Confirmed=X
Filename=xDcc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobeh.html" target=_blank>MYOTB-EH</a> WORM!
Source=Paul Collins Startup list

[Windows System32]
Number=12885
Confirmed=X
Filename=windowsp.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.GD&VSect=P" target=_blank>MYTOB.GD</a> WORM!
Source=Paul Collins Startup list

[Windows System32]
Number=12886
Confirmed=X
Filename=winsys32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotahs.html" target=_blank>SDBOT-AHS</a> WORM!
Source=Paul Collins Startup list

[Windows System32]
Number=12887
Confirmed=X
Filename=clsas32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotazo.html" target=_blank>RBOT-AZO</a> WORM!
Source=Paul Collins Startup list

[Windows System32]
Number=12888
Confirmed=X
Filename=explorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32opankiv.html" target=_blank>OPANKI-V</a> WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually!
Source=Paul Collins Startup list

[Windows System32]
Number=12889
Confirmed=X
Filename=System32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotali.html" target="_blank">SDBOT-ALI</a> WORM!
Source=Paul Collins Startup list

[Windows SYSTEM32]
Number=12890
Confirmed=X
Filename=Realplayer.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.ZH" target="_blank">SPYBOT.ZH</a> WORM!
Source=Paul Collins Startup list

[Windows System32]
Number=12891
Confirmed=X
Filename=wingrd32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows System32 Kernel]
Number=12892
Confirmed=X
Filename=system32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaat.html" target="_blank">SDBOT-AAT</a> WORM!
Source=Paul Collins Startup list

[WINDOWS SYSTEMn]
Number=12893
Confirmed=X
Filename=servicces.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobel.html" target=_blank>MYTOB-EL</a> WORM!
Source=Paul Collins Startup list

[Windows Systemnmg]
Number=12894
Confirmed=X
Filename=stagmr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-032811-0805-99" target=_blank>MYTOB.S</a> WORM!
Source=Paul Collins Startup list

[Windows Systems16]
Number=12895
Confirmed=X
Filename=winjews16.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Sz Host]
Number=12896
Confirmed=X
Filename=winshvc.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Task Manager]
Number=12897
Confirmed=X
Filename=ACCOUNT_DETAILS.DOC.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090417-3749-99" target="_blank">QUATERS.A</a> WORM!
Source=Paul Collins Startup list

[Windows Task Manager]
Number=12898
Confirmed=X
Filename=taskmgn.exe
Description=Unidentified malware, either a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>WIN32.RBOT</a> WORM, or part of a Casino Palazzo foistware install

Source=Paul Collins Startup list

[Windows Task Manager]
Number=12899
Confirmed=X
Filename=taskmrg.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041315-2350-99" target=_blank>MYTOB.AV</a> WORM!
Source=Paul Collins Startup list

[Windows Task Manager]
Number=12900
Confirmed=X
Filename=taskgmr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042215-3629-99" target= blank>MYTOB.BJ</a> WORM!
Source=Paul Collins Startup list

[Windows Task Manager]
Number=12901
Confirmed=X
Filename=taskmg.exe
Description=Browser hijacker - identified by <a href="http://www.drweb.com/" target= blank>DrWeb</a> antivirus as "Trojan.StartPage.601"
Source=Paul Collins Startup list

[Windows Task Manager]
Number=12902
Confirmed=X
Filename=taskmngr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotanm.html" target=_blank>RBOT-ANM</a> WORM!
Source=Paul Collins Startup list

[Windows Task Manager Emulator]
Number=12903
Confirmed=X
Filename=kennewr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotfa.html" target=_blank>SPYBOT-FA</a> WORM!
Source=Paul Collins Startup list

[Windows Task Scheduler]
Number=12904
Confirmed=X
Filename=asijdie.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Windows Task Service (32-bits)]
Number=12905
Confirmed=X
Filename=tasksys.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DREFIR.D&VSect=P" target=_blank>DREFIR.D</a> WORM!
Source=Paul Collins Startup list

[Windows TaskAd]
Number=12906
Confirmed=X
Filename=Wintaskad.exe
Description=Windupdates adware variant
Source=Paul Collins Startup list

[Windows Taskbar Manager]
Number=12907
Confirmed=X
Filename=internat.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32protorideh.html" target=_blank>PROTORIDE-H</a> WORM!
Source=Paul Collins Startup list

[Windows Taskbar Manager]
Number=12908
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-122812-5823-99" target=_blank>PROTORIDE.B</a> WORM!
Source=Paul Collins Startup list

[Windows Taskbar System]
Number=12909
Confirmed=X
Filename=tasksys.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Taskmanager]
Number=12910
Confirmed=X
Filename=lsassx.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030922-0236-99" target=_blank>KELVIR.E</a> WORM!
Source=Paul Collins Startup list

[Windows TCP/IP]
Number=12911
Confirmed=X
Filename=wintcp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotzh.html" target=_blank>AGOBOT-ZH</a> WORM!

Source=Paul Collins Startup list

[Windows Telnet Server]
Number=12912
Confirmed=X
Filename=wintel.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotmw.html" target="_blank">AGOBOT-MW</a> WORM!
Source=Paul Collins Startup list

[Windows Time]
Number=12913
Confirmed=X
Filename=tmservice.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyk.html" target=_blank>RBOT-YK</a> WORM!
Source=Paul Collins Startup list

[Windows Time]
Number=12914
Confirmed=X
Filename=winmgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxc.html" target= blank>RBOT-XC</a> WORM!
Source=Paul Collins Startup list

[Windows Time Server]
Number=12915
Confirmed=X
Filename=TimeSRV.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091311-0955-99" target="_blank">SPYBOT.DNC</a> WORM!
Source=Paul Collins Startup list

[Windows TM]
Number=12916
Confirmed=X
Filename=SVPHOST.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows TM]
Number=12917
Confirmed=X
Filename=rundlI32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows TM]
Number=12918
Confirmed=X
Filename=windowssys32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows TM]
Number=12919
Confirmed=X
Filename=WinxSys.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Upate]
Number=12920
Confirmed=X
Filename=rundll.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-010617-1241-99" target=_blank>HAKO</a> TROJAN! Note - this is NOT the Windows system file of the same name as described <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll/" target=_blank>here</a>
Source=Paul Collins Startup list

[Windows Update]
Number=12921
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090407-0949-99" target="_blank"> NORIO</a> TROJAN! Acts as a hi-jacker redirecting to adult content sites
Source=Paul Collins Startup list

[Windows Update]
Number=12922
Confirmed=X
Filename=iexplorere.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101018-2015-99" target="_blank">GAOBOT.AP</a> WORM!
Source=Paul Collins Startup list

[windows update]
Number=12923
Confirmed=X
Filename=uddater.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-011112-0350-99" target="_blank">LEOX</a> TROJAN!
Source=Paul Collins Startup list

[Windows Update]
Number=12924
Confirmed=X
Filename=wudate.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.ML" target=_blank>AGOBOT.ML</a> WORM!
Source=Paul Collins Startup list

[Windows Update]
Number=12925
Confirmed=X
Filename=wupdate.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100111-0844-99" target="_blank">Wengs</a> adware
Source=Paul Collins Startup list

[windows update]
Number=12926
Confirmed=X
Filename=sychost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032016-5436-99" target="_blank">LEOX.B</a> WORM!
Source=Paul Collins Startup list

[Windows Update]
Number=12927
Confirmed=X
Filename=Wuamgrd.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Update]
Number=12928
Confirmed=X
Filename=inetinf.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target="_blank">AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Update]
Number=12929
Confirmed=X
Filename=WindowsUpdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbayroba.html" target="_blank">BAYROB-A</a> TROJAN!
Source=Paul Collins Startup list

[Windows Update]
Number=12930
Confirmed=X
Filename=host32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgu.html" target=_blank>RBOT-GU</a> WORM!

Source=Paul Collins Startup list

[windows update]
Number=12931
Confirmed=X
Filename=wuraclt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpo.html" target=_blank>RBOT-PO</a> WORM!

Source=Paul Collins Startup list

[windows update]
Number=12932
Confirmed=X
Filename=Wuanclt.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.XZ" target="_blank">RBOT.XZ</a> WORM!
Source=Paul Collins Startup list

[Windows Update]
Number=12933
Confirmed=X
Filename=svchosts.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120420-2142-99" target=_blank>FRUCTA</a> TROJAN!
Source=Paul Collins Startup list

[Windows Update]
Number=12934
Confirmed=X
Filename=ebay.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120715-5145-99" target=_blank>GAOBOT.BUU</a> WORM!
Source=Paul Collins Startup list

[Windows Update]
Number=12935
Confirmed=X
Filename=windows.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotrb.html" target=_blank>RBOT-RB</a> WORM!
Source=Paul Collins Startup list

[windows update]
Number=12936
Confirmed=X
Filename=wuaurlt.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ADG&VSect=T" target=_blank>RBOT.ADG</a> WORM!
Source=Paul Collins Startup list

[Windows Update]
Number=12937
Confirmed=X
Filename=Update.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelffn.html" target=_blank>DELF-FN</a> TROJAN!
Source=Paul Collins Startup list

[Windows Update]
Number=12938
Confirmed=X
Filename=winmguard.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotem.html" target=_blank>RBOT-EM</a> WORM!
Source=Paul Collins Startup list

[Windows Update]
Number=12939
Confirmed=X
Filename=wuampd.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.UM" target=_blank>RBOT.UM</a> WORM!
Source=Paul Collins Startup list

[windows update]
Number=12940
Confirmed=X
Filename=wuarclt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotof.html" target=_blank>RBOT-OF</a> WORM!
Source=Paul Collins Startup list

[Windows Update]
Number=12941
Confirmed=X
Filename=winupdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotws.html" target=_blank>SDBOT-WS</a> WORM!
Source=Paul Collins Startup list

[Windows Update]
Number=12942
Confirmed=X
Filename=msnwinsb.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaah.html" target=_blank>RBOT-AAH</a> WORM!
Source=Paul Collins Startup list

[Windows Update]
Number=12943
Confirmed=X
Filename=scvhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxt.html" target= blank>SDBOT-XT</a> WORM!
Source=Paul Collins Startup list

[windows update]
Number=12944
Confirmed=X
Filename=Microsoft.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LMIR.A&VSect=T" target=_blank>LMIR.A</a> TROJAN!
Source=Paul Collins Startup list

[Windows Update]
Number=12945
Confirmed=X
Filename=mplupdate.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080813-3234-99" target=_blank>MOEGA</a> WORM!
Source=Paul Collins Startup list

[windows update]
Number=12946
Confirmed=X
Filename=msnsever.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahn.html" target=_blank>RBOT-AHN</a> WORM!
Source=Paul Collins Startup list

[Windows Update]
Number=12947
Confirmed=X
Filename=taskmr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobgz.html" target=_blank>MYTOB-GZ</a> WORM!
Source=Paul Collins Startup list

[Windows Update]
Number=12948
Confirmed=X
Filename=update32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Update]
Number=12949
Confirmed=X
Filename=wininfo.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112217-1611-99" target=_blank>MYTOB.GA</a> WORM!
Source=Paul Collins Startup list

[Windows Update]
Number=12950
Confirmed=X
Filename=winlogin.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerdv.html" target=_blank>BANKER-DV</a> TROJAN!
Source=Paul Collins Startup list

[Windows Update]
Number=12951
Confirmed=X
Filename=msnupdates.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotalk.html" target=_blank>RBOT-ALK</a> WORM! Note - this file has nothing to do with Windows updates or MSN
Source=Paul Collins Startup list

[Windows Update]
Number=12952
Confirmed=X
Filename=qtask.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaku.html" target=_blank>RBOT-AKU</a> WORM! Note - do not confuse with the Quicken file of the same name as described <a href="http://www.sysinfo.org/startuplist.php?filter=qtask.exe" target=_blank>here</a>
Source=Paul Collins Startup list

[windows update]
Number=12953
Confirmed=X
Filename=real.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmirau.html" target=_blank>LEGMIR-AU</a> WORM!
Source=Paul Collins Startup list

[Windows Update]
Number=12954
Confirmed=X
Filename=windowsx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancda.html" target=_blank>BANCD-A</a> TROJAN!
Source=Paul Collins Startup list

[Windows update]
Number=12955
Confirmed=X
Filename=wudupdate.exe
Description=Adware downloader - <a href="http://sarc.com/avcenter/venc/data/adware.istbar.html" target=_blank>Istbar</a> related
Source=Paul Collins Startup list

[Windows Update]
Number=12956
Confirmed=X
Filename=wupdmgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanfc.html" target=_blank>BANCBAN-FC</a> TROJAN and variants!
Source=Paul Collins Startup list

[Windows Update]
Number=12957
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerhm.html" target=_blank>BANKER-HM</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
Source=Paul Collins Startup list

[Windows Update]
Number=12958
Confirmed=X
Filename=msnsupdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxs.html" target=_blank>RBOT-AXS</a> WORM!
Source=Paul Collins Startup list

[Windows Update]
Number=12959
Confirmed=X
Filename=XPLoogNT.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancdb.html" target=_blank>BANCD-B</a> TROJAN!
Source=Paul Collins Startup list

[Windows Update]
Number=12960
Confirmed=X
Filename=install.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerib.html" target=_blank>BANKER-IB</a> TROJAN!
Source=Paul Collins Startup list

[Windows Update]
Number=12961
Confirmed=X
Filename=msi.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerxb.html" target="_blank">BANKER-XB</a> TROJAN!
Source=Paul Collins Startup list

[Windows Update]
Number=12962
Confirmed=X
Filename=Sqltob.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-121516-4255-99" target=_blank>DASHER.A</a> WORM!
Source=Paul Collins Startup list

[windows update]
Number=12963
Confirmed=X
Filename=logonuit.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmirao.html" target="_blank">LEGMIR-AO</a> TROJAN!
Source=Paul Collins Startup list

[Windows Update]
Number=12964
Confirmed=X
Filename=avkir.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgjp.html" target="_blank">RBOT-GJP</a> WORM!
Source=Paul Collins Startup list

[Windows Update 32]
Number=12965
Confirmed=X
Filename=winlogons.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotfi.html" target=_blank>FORBOT-FI</a> WORM!
Source=Paul Collins Startup list

[Windows Update 32]
Number=12966
Confirmed=X
Filename=rempss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotfw.html" target=_blank>FORBOT-FW</a> WORM!
Source=Paul Collins Startup list

[Windows Update 32]
Number=12967
Confirmed=X
Filename=slsys.exe
Description=Added by a variant of the <a href="http://sophos.com.au/virusinfo/analyses/w32forbotgen.html" target=_blank>FORBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Update 63]
Number=12968
Confirmed=X
Filename=shupd64.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotga.html" target=_blank>FORBOT-GA</a> WORM!
Source=Paul Collins Startup list

[Windows Update 64]
Number=12969
Confirmed=X
Filename=nbupd64.exe
Description=Added by a variant of the <a href="http://sophos.com.au/virusinfo/analyses/w32forbotgen.html" target=_blank>FORBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Update 64]
Number=12970
Confirmed=X
Filename=WinV.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotfp.html" target=_blank>FORBOT-FP</a> WORM!
Source=Paul Collins Startup list

[Windows Update Auto Update]
Number=12971
Confirmed=X
Filename=wuaumgr.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Update AutoUpdate Client]
Number=12972
Confirmed=X
Filename=waucult.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Update AutoUpdate Client]
Number=12973
Confirmed=X
Filename=wuauclt.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LAZAR.B" target="_blank">LAZAR.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/wuauclt/" target="_blank">wuauclt.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[Windows Update AutoUpdate Client Product]
Number=12974
Confirmed=X
Filename=wuauct.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.ACL" target="_blank">AGOBOT.ACL</a> WORM!
Source=Paul Collins Startup list

[Windows Update Center]
Number=12975
Confirmed=X
Filename=svthx.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051915-3352-99" target=_blank>STUBBOT.A</a> WORM!
Source=Paul Collins Startup list

[Windows Update Center]
Number=12976
Confirmed=X
Filename=W32RSA.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Windows Update Checker]
Number=12977
Confirmed=X
Filename=[random filename]
Description=Adware downloader trojan
Source=Paul Collins Startup list

[Windows Update Checker]
Number=12978
Confirmed=X
Filename=msupdte32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaef.html" target=_blank>SDBOT-AEF</a> WORM!
Source=Paul Collins Startup list

[Windows Update Checker]
Number=12979
Confirmed=X
Filename=deinst_qfe001.exe
Description=Added by a variant of the Win32.Small TROJAN!
Source=Paul Collins Startup list

[Windows Update Checker]
Number=12980
Confirmed=X
Filename=deinst_qfe002.exe
Description=Added by a variant of the Win32.Small TROJAN!
Source=Paul Collins Startup list

[Windows Update Client]
Number=12981
Confirmed=X
Filename=wuclient.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallrn.html" target=_blank>SMALL-RN</a> TROJAN!
Source=Paul Collins Startup list

[Windows Update Client Service]
Number=12982
Confirmed=X
Filename=windrvl32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotmm.html" target=_blank>AGOBOT-MM</a> TROJAN!
Source=Paul Collins Startup list

[Windows update config]
Number=12983
Confirmed=X
Filename=svhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpf.html" target="_blank">SDBOT-PF</a> WORM!
Source=Paul Collins Startup list

[windows update configurator]
Number=12984
Confirmed=X
Filename=svghost.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Update Controller]
Number=12985
Confirmed=X
Filename=mwoffice.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbattrya.html" target=_blank>BATTRY-A</a> TROJAN!
Source=Paul Collins Startup list

[Windows Update Drive]
Number=12986
Confirmed=X
Filename=updrvs.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Update Files]
Number=12987
Confirmed=X
Filename=dnetc.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! Note - wupdmgr.exe is the real Windows Update
Source=Paul Collins Startup list

[Windows Update Firewall System]
Number=12988
Confirmed=X
Filename=ctfmoom.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgan.html" target="_blank">RBOT-GAN</a> WORM!
Source=Paul Collins Startup list

[Windows Update GUI Executable x32x]
Number=12989
Confirmed=X
Filename=wupdategux32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CXY" target="_blank">RBOT.CXY</a> WORM!
Source=Paul Collins Startup list

[Windows Update GUI Executable x32x]
Number=12990
Confirmed=X
Filename=wupdategux32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CXY" target="_blank">RBOT.CXY</a> WORM!
Source=Paul Collins Startup list

[Windows Update Host]
Number=12991
Confirmed=X
Filename=winupsvc.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Update IPv6 Layer]
Number=12992
Confirmed=X
Filename=WIN32IPV6.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.DUD" target="_blank">RBOT.DUD</a> WORM!
Source=Paul Collins Startup list

[Windows update loader]
Number=12993
Confirmed=X
Filename=xpupdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbravea.html" target=_blank>BRAVE-A</a> TROJAN!

Source=Paul Collins Startup list

[Windows Update Manager]
Number=12994
Confirmed=X
Filename=wupdmngr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110614-2851-99" target=_blank>RANDEX.BTB</a> WORM!
Source=Paul Collins Startup list

[Windows Update Manager]
Number=12995
Confirmed=X
Filename=Winlog0n.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentbo.html" target=_blank>AGENT-BO</a> TROJAN!
Source=Paul Collins Startup list

[Windows Update Manager]
Number=12996
Confirmed=X
Filename=wupdate.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Update Manager]
Number=12997
Confirmed=X
Filename=bootwiz.exe
Description=Added by the MYBOT WORM!
Source=Paul Collins Startup list

[Windows Update Manager for NT]
Number=12998
Confirmed=X
Filename=wupdmgr32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112217-1611-99" target=_blank>SDBOT.AH</a> WORM!
Source=Paul Collins Startup list

[Windows Update Monitoring Service]
Number=12999
Confirmed=X
Filename=winupdt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpl.html" target=_blank>RBOT-PL</a> WORM!

Source=Paul Collins Startup list

[Windows Update Process]
Number=13000
Confirmed=X
Filename=wmiprvsc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotcb.html" target="_blank">SDBOT-CB</a> WORM!
Source=Paul Collins Startup list

[Windows Update Service]
Number=13001
Confirmed=X
Filename=csrs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotni.html" target="_blank">AGOBOT-NI</a> WORM!
Source=Paul Collins Startup list

[Windows Update Service]
Number=13002
Confirmed=X
Filename=smcg.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.QY" target="_blank">SDBOT.QY</a> WORM!
Source=Paul Collins Startup list

[Windows Update Service]
Number=13003
Confirmed=X
Filename=SP00ISS.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzh.html" target=_blank>SDBOT-ZH</a> WORM!
Source=Paul Collins Startup list

[Windows Update Service]
Number=13004
Confirmed=X
Filename=update32.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotalc.html" target=_blank>RBOT-ALC</a> WORM!
Source=Paul Collins Startup list

[Windows Update Service 2004/2005]
Number=13005
Confirmed=X
Filename=systemupdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotje.html" target="_blank">RBOT-JE</a> WORM!
Source=Paul Collins Startup list

[Windows Update services]
Number=13006
Confirmed=X
Filename=wins32svcs.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Update Software]
Number=13007
Confirmed=X
Filename=system.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY%5FTOFGER%2EBX" target="_blank">TOFGER.BX</a> TROJAN!
Source=Paul Collins Startup list

[Windows Update System]
Number=13008
Confirmed=X
Filename=mswins.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_IRCBOT.DN" target="_blank">IRCBOT.DN</a> WORM!
Source=Paul Collins Startup list

[Windows Update System Shell]
Number=13009
Confirmed=X
Filename=svhostcs32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaaz.html" target= blank>RBOT-AAZ</a> WORM!
Source=Paul Collins Startup list

[Windows Update V6]
Number=13010
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotkt.html" target="_blank">RBOT-KT</a> WORM!
Source=Paul Collins Startup list

[Windows Update.exe]
Number=13011
Confirmed=X
Filename=N/A
Description=Homepage hijacker
Source=Paul Collins Startup list

[Windows Updated]
Number=13012
Confirmed=X
Filename=spoolsae.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotapm.html" target=_blank>RBOT-APM</a> WORM!
Source=Paul Collins Startup list

[Windows Updated]
Number=13013
Confirmed=X
Filename=updatr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotayb.html" target=_blank>RBOT-AYB</a> WORM!
Source=Paul Collins Startup list

[Windows Updater]
Number=13014
Confirmed=X
Filename=wupdmgr32.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-051822-4126-99" target="_blank">DOS.AUTOCAT</a> TROJAN!
Source=Paul Collins Startup list

[Windows Updater]
Number=13015
Confirmed=X
Filename=iexplorerrs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbottn.html" target=_blank>RBOT-TN</a> WORM!
Source=Paul Collins Startup list

[Windows Updater]
Number=13016
Confirmed=X
Filename=svigost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotvs.html" target= blank>RBOT-VS</a> WORM!
Source=Paul Collins Startup list

[Windows Updater]
Number=13017
Confirmed=X
Filename=wupdate.exe
Description=Added by the <a href="http://ae.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_WOOTBOT.AJ" target=_blank>WOOTBOT.AJ</a> WORM!
Source=Paul Collins Startup list

[Windows Updater]
Number=13018
Confirmed=X
Filename=sdsys.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotjg.html" target=_blank>FORBOT-JG</a> WORM!
Source=Paul Collins Startup list

[Windows Updater Online]
Number=13019
Confirmed=X
Filename=winupdatexx.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Updates]
Number=13020
Confirmed=X
Filename=lsassx.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Updates]
Number=13021
Confirmed=X
Filename=winupd32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051512-4305-99" target= blank>MYTOB.CE</a> WORM!
Source=Paul Collins Startup list

[Windows Updates]
Number=13022
Confirmed=X
Filename=w32dns.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotbfw.html" target=_blank>SDBOT-BFW</a> WORM!
Source=Paul Collins Startup list

[Windows Updating Service]
Number=13023
Confirmed=X
Filename=updating.pif
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotalw.html" target=_blank>RBOT-ALW</a> WORM!
Source=Paul Collins Startup list

[Windows Updtee Mgnr]
Number=13024
Confirmed=X
Filename=W1NT45K.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060314-0019-99" target=_blank>MYTOB.DC</a> WORM!
Source=Paul Collins Startup list

[Windows USB 2.0 Driver]
Number=13025
Confirmed=X
Filename=usbtskmgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbkg.html" target=_blank>RBOT-BKG</a> WORM!
Source=Paul Collins Startup list

[Windows USB 2.0 Driver]
Number=13026
Confirmed=X
Filename=usb2ctrl.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbiw.html" target="_blank">RBOT-BIW</a> WORM!
Source=Paul Collins Startup list

[Windows USB controler]
Number=13027
Confirmed=X
Filename=winusb.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbothr.html" target= blank>RBOT-HR</a> WORM!
Source=Paul Collins Startup list

[Windows USB Driver Support]
Number=13028
Confirmed=X
Filename=Windowsusb.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Windows USB Service]
Number=13029
Confirmed=X
Filename=666.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041116-0718-99" target=_blank>MYTOB.AR</a> WORM!
Source=Paul Collins Startup list

[Windows USBD]
Number=13030
Confirmed=X
Filename=msifirewall.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Windows User Mode Driver Manager]
Number=13031
Confirmed=X
Filename=wdfmrg.exe
Description=Added by <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzn.html" target=_blank>SDBOT-ZN</a> WORM!
Source=Paul Collins Startup list

[Windows User Starter]
Number=13032
Confirmed=X
Filename=winuser32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.SN" target="_blank">RBOT.SN</a> WORM!
Source=Paul Collins Startup list

[Windows Version Check]
Number=13033
Confirmed=N
Filename=ver_chk.exe
Description=Version checker for CyberAudioLibrary - "a new way to exchange information through the Internet"
Source=Paul Collins Startup list

[Windows video]
Number=13034
Confirmed=X
Filename=vide_32.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target="_blank">AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Video Acquisition (WVA)]
Number=13035
Confirmed=X
Filename=wvsvc.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.YM" target="_blank">AGOBOT.YM</a> WORM!
Source=Paul Collins Startup list

[Windows Video Drivers]
Number=13036
Confirmed=X
Filename=videons32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-071817-0650-99" target="_blank">GAOBOT.AZT</a> WORM!
Source=Paul Collins Startup list

[Windows Virus Control]
Number=13037
Confirmed=X
Filename=plou.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotacz.html" target=_blank>SDBOT-ACZ</a> WORM!
Source=Paul Collins Startup list

[Windows Web Services]
Number=13038
Confirmed=X
Filename=localsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Windows Web Services]
Number=13039
Confirmed=X
Filename=netsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Windows Web Services]
Number=13040
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Windows Web Services]
Number=13041
Confirmed=X
Filename=svcadmin.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Windows Web Services]
Number=13042
Confirmed=X
Filename=svcman.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Windows Web Services]
Number=13043
Confirmed=X
Filename=svcrun.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Windows Web Services]
Number=13044
Confirmed=X
Filename=tcpsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Windows Web Services]
Number=13045
Confirmed=X
Filename=websvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
Source=Paul Collins Startup list

[Windows Winhlp32 Stub Service]
Number=13046
Confirmed=X
Filename=winhlp32.pif
Description=Added by the <a href="http://www.noadware.net/research/index2.php?item_id=2473&item_name=Backdoor.Win32.Aimbot.ah" target="_blank">AIMBOT.AH</a> TROJAN!
Source=Paul Collins Startup list

[Windows WKS]
Number=13047
Confirmed=X
Filename=wsass.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotdk.html" target="_blank">SDBOT-DK</a> WORM!
Source=Paul Collins Startup list

[Windows WMF Fix]
Number=13048
Confirmed=X
Filename=winfix.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotftq.html" target="_blank">RBOT-FTQ</a> WORM!
Source=Paul Collins Startup list

[Windows Workstation]
Number=13049
Confirmed=X
Filename=mpci.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Workstation]
Number=13050
Confirmed=X
Filename=msup32a.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Workstation Service]
Number=13051
Confirmed=X
Filename=explore.exe
Description=Added by unknown malware
Source=Paul Collins Startup list

[Windows Workstation Service (32-bits)]
Number=13052
Confirmed=X
Filename=wkssvc32.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Workstation Start Service]
Number=13053
Confirmed=X
Filename=mslanmgr.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows Xp]
Number=13054
Confirmed=X
Filename=nortonguard.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobdz.html" target=_blank>MYTOB-DZ</a> WORM!
Source=Paul Collins Startup list

[Windows XP Automatic Update]
Number=13055
Confirmed=X
Filename=wXPupdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafc.html" target=_blank>RBOT-AFC</a> WORM!
Source=Paul Collins Startup list

[Windows Xp Service Pack 2]
Number=13056
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojxplosa.html" target=_blank>XPLOS-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list

[Windows XP SP2 KeyGen]
Number=13057
Confirmed=X
Filename=Windows XP SP2 KeyGen.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32tibickc.html" target=_blank>TIBICK-C</a> WORM!
Source=Paul Collins Startup list

[Windows-System]
Number=13058
Confirmed=X
Filename=System32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110714-3910-99" target="_blank">LOGPOLE.C</a> WORM!
Source=Paul Collins Startup list

[Windows-TCP-IP]
Number=13059
Confirmed=X
Filename=rfkampig.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031019-1413-99" target="_blank">GIPMA</a> TROJAN!
Source=Paul Collins Startup list

[Windows-XP-Service-Pack]
Number=13060
Confirmed=X
Filename=xpspz.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaac.html" target=_blank>SDBOT-AAC</a> WORM!
Source=Paul Collins Startup list

[windows16]
Number=13061
Confirmed=X
Filename=windows16.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbxu.html" target=_blank>XU</a> TROJAN!
Source=Paul Collins Startup list

[Windows32]
Number=13062
Confirmed=X
Filename=rundll.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotlk.html" target=_blank>AGOBOT-LK</a> or <a href="http://www.sophos.com/virusinfo/analyses/w32agobotnd.html" target=_blank>AGOBOT-ND</a> WORMS! Note - this is NOT the Windows system file of the same name as described <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll/" target=_blank>here</a>
Source=Paul Collins Startup list

[windows32]
Number=13063
Confirmed=X
Filename=windows32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbxu.html" target=_blank>XU</a> TROJAN!
Source=Paul Collins Startup list

[Windows32]
Number=13064
Confirmed=X
Filename=wuuaclt.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-080216-5303-99" target=_blank>BRATLE.B</a> WORM!
Source=Paul Collins Startup list

[Windows32 Configuration Loader]
Number=13065
Confirmed=X
Filename=msrf32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotabx.html" target=_blank>SDBOT-ABX</a> WORM!
Source=Paul Collins Startup list

[Windows32 Messenger Service]
Number=13066
Confirmed=X
Filename=msmsgv.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ANS" target="_blank">RBOT.ANS</a> WORM!
Source=Paul Collins Startup list

[Windows32 Net Database]
Number=13067
Confirmed=X
Filename=msnd32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaal.html" target=_blank>RBOT-AAL</a> WORM!
Source=Paul Collins Startup list

[Windows32 Serivces]
Number=13068
Confirmed=X
Filename=winser32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.AAF&VSect=P" target=_blank>SPYBOT.AAF</a> WORM!
Source=Paul Collins Startup list

[WindowsAgent]
Number=13069
Confirmed=X
Filename=WindowsAgent.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-011707-0931-99" target="_blank">GOP.G</a> WORM!
Source=Paul Collins Startup list

[WindowsAgent]
Number=13070
Confirmed=X
Filename=sysexhook.exe
Description=Added by the <a href="http://labs.paretologic.com/spyware.aspx?remove=GOP" target=_blank>GOP</a> keyboard logger/TROJAN!
Source=Paul Collins Startup list

[WindowsAPI.DLL]
Number=13071
Confirmed=X
Filename=Server5.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453077108" target="_blank">"Fear and Hope"</a> TROJAN!
Source=Paul Collins Startup list

[WindowsAudio]
Number=13072
Confirmed=X
Filename=systemupd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentth.html" target=_blank>AGENT-TH</a> WORM!
Source=Paul Collins Startup list

[WindowsBackup]
Number=13073
Confirmed=X
Filename=WINDOWSBACKUP.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022317-4928-99" target=_blank>STANG</a> WORM!
Source=Paul Collins Startup list

[WindowsBool]
Number=13074
Confirmed=X
Filename=aimplg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotcng.html" target="_blank">SDBOT-CNG</a> WORM!
Source=Paul Collins Startup list

[WindowsCRC]
Number=13075
Confirmed=X
Filename=wscrc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotvu.html" target= blank>SDBOT-VU</a> WORM!
Source=Paul Collins Startup list

[WindowsCriticalUpdate]
Number=13076
Confirmed=X
Filename=windows_critical_update.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082710-5900-99" target="_blank">ASTEF</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100514-2403-99" target="_blank">RESPAN</a> WORMS!
Source=Paul Collins Startup list

[WindowsDiskEvt]
Number=13077
Confirmed=X
Filename=svcsvh32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-020115-0317-99" target=_blank>NANINF.D</a> TROJAN!
Source=Paul Collins Startup list

[WindowsDiskLog]
Number=13078
Confirmed=X
Filename=cstsm.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstinxc.html" target=_blank>STINX-C</a> or <a href="http://www.sophos.com/virusinfo/analyses/trojstinxd.html" target=_blank>STINX-D</a> TROJANS!
Source=Paul Collins Startup list

[WindowsFileSystem]
Number=13079
Confirmed=X
Filename=winsfs32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfmq.html" target="_blank">RBOT-FMQ</a> WORM!
Source=Paul Collins Startup list

[WindowsFirewallSvc]
Number=13080
Confirmed=X
Filename=winsvcup.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[WINDOWSflashbrg]
Number=13081
Confirmed=X
Filename=sqldata1.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojagentic.html" target= blank>AGENT-IC</a> TROJAN!
Source=Paul Collins Startup list

[WindowsFY]
Number=13082
Confirmed=X
Filename=wp.exe
Description=Part of a "Security IGuard" parasite infestation - also detected as <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042511-1823-99" target= blank>DESKTOPHIJACK</a>
Source=Paul Collins Startup list

[WindowsFY]
Number=13083
Confirmed=X
Filename=bsw.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042511-1823-99" target="_blank">DESKTOPHIJACK</a> TROJAN! For removal see <a href="http://www.bleepingcomputer.com/forums/topic17258.html" target="_blank">here</a>
Source=Paul Collins Startup list

[WindowsFY]
Number=13084
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfakealee.html" target=_blank>FAKEALE-E</a> TROJAN!
Source=Paul Collins Startup list

[WindowsFZ]
Number=13085
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042511-1823-99" target=_blank>DESKTOPHIJACK</a> VIRUS! Also see <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062016-5052-99" target=_blank>DESKTOPHIJACK.B</a> TROJAN!
Source=Paul Collins Startup list

[WindowsFZ]
Number=13086
Confirmed=X
Filename=A5281300.so
Description=Variant of the SmitFraud alias <a href="http://www.sophos.com/virusinfo/analyses/trojfakealec.html" target=_blank>FAKEALE-C</a> TROJAN!
Source=Paul Collins Startup list

[WindowsFZ]
Number=13087
Confirmed=X
Filename=zloader3.exe
Description=Variant of the SmitFraud alias <a href="http://www.sophos.com/virusinfo/analyses/trojfakealec.html" target=_blank>FAKEALE-C</a> TROJAN!
Source=Paul Collins Startup list

[WindowsKeyUpdate]
Number=13088
Confirmed=X
Filename=master.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110315-1650-99" target="_blank">JOSAM</a> WORM!
Source=Paul Collins Startup list

[WindowsMGM]
Number=13089
Confirmed=X
Filename=Winmgm32.exe
Description=Added by the <a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=99950" target="_blank">SOBIG.A</a> WORM and <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080516-5345-99" target="_blank">LALA.C</a> TROJAN!
Source=Paul Collins Startup list

[WindowsProtocolLog]
Number=13090
Confirmed=X
Filename=lsadst.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-013111-4821-99" target=_blank>NANINF.C</a> TROJAN!
Source=Paul Collins Startup list

[WindowsReg% update]
Number=13091
Confirmed=X
Filename=[random filename].exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbothh.html" target=_blank>RBOT-HH</a> WORM!
Source=Paul Collins Startup list

[WindowsRegistration]
Number=13092
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotno.html" target=_blank>RBOT-NO</a> WORM!

Source=Paul Collins Startup list

[WindowsRegKey Autoupdate]
Number=13093
Confirmed=X
Filename=[random filename]
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[WindowsRegKey upd4te2d4te]
Number=13094
Confirmed=X
Filename=*********.exe [* = random char]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.XQ" target=_blank>RBOT.XQ</a> WORM!
Source=Paul Collins Startup list

[WindowsRegKey update]
Number=13095
Confirmed=X
Filename=winupdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqj.html" target=_blank>RBOT-QJ</a> WORM!
Source=Paul Collins Startup list

[WindowsRegKey update]
Number=13096
Confirmed=X
Filename=windns.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.IE" target="_blank">RBOT.IE</a> WORM!
Source=Paul Collins Startup list

[WindowsRegKey update]
Number=13097
Confirmed=X
Filename=WinUpdate32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagw.html" target=_blank>RBOT-AGW</a> WORM!
Source=Paul Collins Startup list

[WindowsRegKey update]
Number=13098
Confirmed=X
Filename=winupdatexx.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.LW&VSect=P" target=_blank>RBOT.LW</a> WORM!
Source=Paul Collins Startup list

[WindowsRegKey update]
Number=13099
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.QT&VSect=T" target=_blank>RBOT.QT</a> WORM!
Source=Paul Collins Startup list

[WindowsRegKey update]
Number=13100
Confirmed=X
Filename=svchoosts.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ADB&VSect=T" target=_blank>RBOT.ADB</a> WORM!
Source=Paul Collins Startup list

[WindowsRegKey update]
Number=13101
Confirmed=X
Filename=svchostc.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.IF&VSect=T" target=_blank>RBOT.IF</a> WORM!
Source=Paul Collins Startup list

[WindowsRegKey update]
Number=13102
Confirmed=X
Filename=wdnupdate.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.QX&VSect=T" target=_blank>SDBOT.QX</a> WORM!
Source=Paul Collins Startup list

[WindowsRegKey update]
Number=13103
Confirmed=X
Filename=Windowsup.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.PU&VSect=T" target=_blank>SDBOT.PU</a> WORM!
Source=Paul Collins Startup list

[WindowsRegKey update]
Number=13104
Confirmed=X
Filename=WINUPDATES.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmm.html" target=_blank>RBOT-MM</a> WORM!
Source=Paul Collins Startup list

[WindowsRegKey update]
Number=13105
Confirmed=X
Filename=rkbuouoxfl.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotoo.html" target="_blank">RBOT-OO</a> WORM!
Source=Paul Collins Startup list

[WindowsRegKey update]
Number=13106
Confirmed=X
Filename=winsys.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotjy.html" target="_blank">RBOT-JY</a> WORM!
Source=Paul Collins Startup list

[WindowsRegKey update]
Number=13107
Confirmed=X
Filename=winupdat32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagw.html" target="_blank">RBOT-AGW</a> WORM!
Source=Paul Collins Startup list

[WindowsRegKey update XP]
Number=13108
Confirmed=X
Filename=windexv1.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabm.html" target= blank>RBOT-ABM</a> WORM!
Source=Paul Collins Startup list

[WindowsRegKey%$ update]
Number=13109
Confirmed=X
Filename=msi332.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotix.html" target="_blank">RBOT-IX</a> WORM!
Source=Paul Collins Startup list

[WindowsRegKey%update]
Number=13110
Confirmed=X
Filename=ethernet32m.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rboten.html" target=_blank>RBOT-EN</a> WORM!

Source=Paul Collins Startup list

[WindowsRegKeys update]
Number=13111
Confirmed=X
Filename=winsysi.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.WE" target="_blank">SDBOT.WE</a> WORM!
Source=Paul Collins Startup list

[WindowsSetup]
Number=13112
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090313-0857-99" target="_blank">EZBOT</a> TROJAN!
Source=Paul Collins Startup list

[WindowsSystem32]
Number=13113
Confirmed=X
Filename=asper.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentefp.html" target="_blank">AGENT-EFP</a> TROJAN!
Source=Paul Collins Startup list

[WindowsSystem32]
Number=13114
Confirmed=X
Filename=svchosts.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagenteda.html" target="_blank">AGENT-EDA</a> TROJAN!
Source=Paul Collins Startup list

[windowstime.exe]
Number=13115
Confirmed=X
Filename=windowstime.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadraqv.html" target="_blank">AQV</a> TROJAN!
Source=Paul Collins Startup list

[WindowsUpd]
Number=13116
Confirmed=X
Filename=WindowsUpd4.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120914-4108-99" target="_blank">VirtuMonde</a> adware
Source=Paul Collins Startup list

[WindowsUpd1]
Number=13117
Confirmed=X
Filename=WindowsUpd1.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120914-4108-99" target="_blank">VirtuMonde</a> adware
Source=Paul Collins Startup list

[WindowsUpd2]
Number=13118
Confirmed=X
Filename=WindowsUpd2.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120914-4108-99" target="_blank">VirtuMonde</a> adware
Source=Paul Collins Startup list

[WindowsUpdate]
Number=13119
Confirmed=X
Filename=windows_update.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-071416-4105-99" target="_blank">LOFNI</a> WORM!
Source=Paul Collins Startup list

[WindowsUpdate]
Number=13120
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082710-5900-99" target="_blank">ASTEF</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100514-2403-99" target="_blank">RESPAN</a> WORMS or <a href="http://www.sophos.com/virusinfo/analyses/trojagentv.html" target="_blank">AGENT-V</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list

[windowsupdate]
Number=13121
Confirmed=X
Filename=RPCX1sQ3.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100713-2421-99" target="_blank">IRCBOT.B</a> TROJAN!
Source=Paul Collins Startup list

[WindowsUpdate]
Number=13122
Confirmed=X
Filename=USRINIT.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-041219-0627-99" target="_blank">MADDIS.B</a> WORM!
Source=Paul Collins Startup list

[windowsupdate]
Number=13123
Confirmed=X
Filename=winupdate.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/Print100484.htm" target= blank>WARPI</a> WORM!
Source=Paul Collins Startup list

[WindowsUpdate]
Number=13124
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorik.html" target=_blank>IK</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list

[WindowsUpdate]
Number=13125
Confirmed=X
Filename=winnnint.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[WindowsUpdate]
Number=13126
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdupab.html" target=_blank>DUPA-B</a> TROJAN!
Source=Paul Collins Startup list

[WindowsUpdate]
Number=13127
Confirmed=X
Filename=dupadupam2.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdupab.html" target=_blank>DUPA-B</a> TROJAN!
Source=Paul Collins Startup list

[WindowsUpdate]
Number=13128
Confirmed=X
Filename=svchostw.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453100222" target="_blank">COBFINN_B</a> TROJAN!
Source=Paul Collins Startup list

[WindowsUpdate renew]
Number=13129
Confirmed=X
Filename=iexplore.exe
Description=Added by the AGENT.QG TROJAN! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target="_blank">iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[WindowsUpdate Service]
Number=13130
Confirmed=X
Filename=wuautlc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotnr.html" target=_blank>RBOT-NR</a> WORM!

Source=Paul Collins Startup list

[Windowsupdate Service]
Number=13131
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32babab.html" target=_blank>BABA-B</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the root folder (ie, C:\)
Source=Paul Collins Startup list

[WindowsUpdateDirect]
Number=13132
Confirmed=X
Filename=dupadirect.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdupac.html" target=_blank>DUPA-C</a> TROJAN!
Source=Paul Collins Startup list

[WindowsUpdatem1]
Number=13133
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentaaj.html" target=_blank>AGENT-AAJ</a> TROJAN!
Source=Paul Collins Startup list

[WindowsUpdatem2]
Number=13134
Confirmed=X
Filename=svchost.exe
Description=Added by an unidentified WORM or TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
Source=Paul Collins Startup list

[WindowsUpdateNT]
Number=13135
Confirmed=X
Filename=svwhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojshellotb.html" target=_blank>SHELLOT-B</a> TROJAN!
Source=Paul Collins Startup list

[WindowsUpdateR]
Number=13136
Confirmed=X
Filename=regserv.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453100222" target="_blank">COBFINN_B</a> TROJAN!
Source=Paul Collins Startup list

[WindowsXP Module]
Number=13137
Confirmed=X
Filename=DirectX3D.exe
Description=Malware, reportedly a keylogger - see <a href="http://www.anti-spy.info/process/directx3d.exe.html" target=_blank>here</a>
Source=Paul Collins Startup list

[WindowsXP Update]
Number=13138
Confirmed=X
Filename=windowsxpupdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpb.html" target=_blank>RBOT-PB</a> WORM!

Source=Paul Collins Startup list

[WindowsXPserv]
Number=13139
Confirmed=X
Filename=svcnxp32.exe
Description=Addee by the <a href="http://www.sophos.com/virusinfo/analyses/trojnaninfa.html" target=_blank>NANINF-A</a> TROJAN!
Source=Paul Collins Startup list

[Windows_LowLevel_Security_Core]
Number=13140
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpadmina.html" target=_blank>PADMIN-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Repair" subfolder of the Winnt or Windows folder
Source=Paul Collins Startup list

[Windows_Protect]
Number=13141
Confirmed=X
Filename=winsystem.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows_Protect]
Number=13142
Confirmed=X
Filename=winregal.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Windows_Protect]
Number=13143
Confirmed=X
Filename=lsas.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ARO&VSect=P" target=_blank>RBOT.ARO</a> WORM!
Source=Paul Collins Startup list

[Windows_Protect]
Number=13144
Confirmed=X
Filename=wincontrol32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadk.html" target=_blank>RBOT-ADK</a> WORM!
Source=Paul Collins Startup list

[Windows_Serivce]
Number=13145
Confirmed=X
Filename=SERVICE.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.AH" target="_blank">WOOTBOT.AH</a> WORM!
Source=Paul Collins Startup list

[Windows_Updates]
Number=13146
Confirmed=X
Filename=svthost.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Windows_VXD]
Number=13147
Confirmed=X
Filename=user32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081016-1817-99" target="_blank">PPORT</a> TROJAN!
Source=Paul Collins Startup list

[Windowz]
Number=13148
Confirmed=X
Filename=[original worm filename].vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-052514-5831-99" target=_blank>NUKIP</a> WORM!
Source=Paul Collins Startup list

[Windowz Update V2.0]
Number=13149
Confirmed=X
Filename=Explorer.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082916-1108-99" target="_blank">YODO</a> WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System32 subfolder
Source=Paul Collins Startup list

[Windoxs Update Center]
Number=13150
Confirmed=X
Filename=W32RfSA.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[WinDrg32]
Number=13151
Confirmed=X
Filename=windrg32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DRUDGEBOT.A&VSect=P" target=_blank>DRUDGEBOT.A</a> WORM!
Source=Paul Collins Startup list

[WinDriv32]
Number=13152
Confirmed=X
Filename=WinDriv32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallba.html" target=_blank>SMALL-BA</a> TROJAN!
Source=Paul Collins Startup list

[WinDriver Configuration]
Number=13153
Confirmed=X
Filename=windrvconf.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotlx.html" target=_blank>AGOBOT-LX</a> TROJAN!
Source=Paul Collins Startup list

[WinDrives]
Number=13154
Confirmed=X
Filename=WinDrives.EXE
Description=Added by the <a href="http://de.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=1&VName=WORM_SMALL.DIG" target="_blank">SMALL.DIG</a> WORM!
Source=Paul Collins Startup list

[WINDRUN]
Number=13155
Confirmed=X
Filename=taskgmrs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobbt.html" target= blank>MYTOB-BT</a> WORM!
Source=Paul Collins Startup list

[windrv]
Number=13156
Confirmed=X
Filename=windrv32.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! - possibly a strain of OBLIVION or BIONET
Source=Paul Collins Startup list

[WinDrv]
Number=13157
Confirmed=X
Filename=windrvx.exe
Description=Added by a variant of the TIBSER.A downloader TROJAN!
Source=Paul Collins Startup list

[WinDSL MTU-Adjust]
Number=13158
Confirmed=U
Filename=WinDSL_MTU.exe
Description=Adjusts the registry setting of the DUN-Adapters (MTU) and the TCP/IP-Protocol (RWIN) by ENGEL Technologieberatung
Source=Paul Collins Startup list

[WinDSL_MTU]
Number=13159
Confirmed=?
Filename=WinDSL_MTU.exe
Description=<font color="#FF0000">May be realted to Tiscali broadband, if so is it required?</font>
Source=Paul Collins Startup list

[WinDSNX]
Number=13160
Confirmed=X
Filename=Win????.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-013013-1836-99" target="_blank">DSNX</a> TROJAN!
Source=Paul Collins Startup list

[WindUpdates]
Number=13161
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.BF" target="_blank">AGENT.BF</a> TROJAN!
Source=Paul Collins Startup list

[WindUpdates]
Number=13162
Confirmed=X
Filename=WinUpdt.exe
Description=Windupdates adware variant
Source=Paul Collins Startup list

[WINDVDpatch]
Number=13163
Confirmed=U
Filename=CTHELPER.EXE
Description=CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative's sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so it's best left disabled unless you need it
Source=Paul Collins Startup list

[WinDVR SchSvr]
Number=13164
Confirmed=N
Filename=SchSvr.exe
Description=<a href="http://www.intervideo.com" target="_blank">WinScheduler</a> is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs
Source=Paul Collins Startup list

[WinDVRCtrl]
Number=13165
Confirmed=N
Filename=WinDVRCtrl.exe
Description=Control center software for an AOpen VA1000 TV tuner card
Source=Paul Collins Startup list

[Windws Configuration Loader]
Number=13166
Confirmed=X
Filename=LEXPLORE.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-122711-0535-99" target="_blank">SODABOT</a> WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer
Source=Paul Collins Startup list

[WinEssential]
Number=13167
Confirmed=X
Filename=Keyhost.exe
Description=Hijacker - hailing from jraun.com
Source=Paul Collins Startup list

[WinEssential]
Number=13168
Confirmed=X
Filename=keyword.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-011620-4533-99" target="_blank">Jraun</a> adware
Source=Paul Collins Startup list

[WinEx]
Number=13169
Confirmed=X
Filename=lexplore_.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmsnopta.html" target=_blank>MSNOPT-A</a> TROJAN!
Source=Paul Collins Startup list

[WinExec]
Number=13170
Confirmed=X
Filename=Winexec.exe.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-062520-3058-99" target="_blank">AINESEY.A</a> WORM!
Source=Paul Collins Startup list

[WinExec]
Number=13171
Confirmed=X
Filename=WinExec.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32falusa.html" target=_blank>FALUS-A</a> WORM!
Source=Paul Collins Startup list

[WinExec]
Number=13172
Confirmed=X
Filename=Lsass.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32crutleb.html" target=_blank>CRUTLE-B</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[WinExec32]
Number=13173
Confirmed=X
Filename=WinExec32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100310-3235-99" target="_blank">KAZWIN</a> WORM!
Source=Paul Collins Startup list

[WinFast Schedule]
Number=13174
Confirmed=U
Filename=Wfwiz.exe
Description=Leadtek WinFast TV tuner scheduler and remote control driver - required if you use the latter
Source=Paul Collins Startup list

[Winfast2KLoadDefault]
Number=13175
Confirmed=U
Filename=Rundll32.exe Wf2kcpl.dll, DllLoadDefaultSettings
Description=Loads default settings for Leadtek Winfast graphics cards
Source=Paul Collins Startup list

[WinFastDTV]
Number=13176
Confirmed=U
Filename=DTVSchdl.exe
Description=Scheduler for <a href="http://www.leadtek.com/eng/tv_tuner/default.asp?lineid=6" target="_blank">WinFast DTV</a> digital TV cards from Leadtek Research Inc
Source=Paul Collins Startup list

[Winfast_2K]
Number=13177
Confirmed=U
Filename=WF2k.exe
Description=System Tray application that starts up the Winfox utility for a Leadtek Winfast grpahics card to restore settings. Can be started manually from Start -&gt; Settings -&gt; Control Panel Display. Only needed if you wish to run things like the hardware monitor or overclock your card
Source=Paul Collins Startup list

[WinFast_Gamma]
Number=13178
Confirmed=U
Filename=Rundll32.exe wfcpl.dll, DllLoadGammaRampSettings
Description=Loads if you change the gamma settings on Leadtek WinFast graphics cards
Source=Paul Collins Startup list

[WinFast_Taskbar]
Number=13179
Confirmed=U
Filename=rundll32.exe wftask.dll, WFDllLoadDefaultSettings
Description=Loads default settings for Leadtek WinFast graphics cards
Source=Paul Collins Startup list

[WinFavorites]
Number=13180
Confirmed=X
Filename=WinFavorites.exe1
Description=Loudmarketing.com adware downloader
Source=Paul Collins Startup list

[WinFax PRO]
Number=13181
Confirmed=N
Filename=FAXMNG32.EXE
Description=<a href="http://www.symantec.com/home_homeoffice/products/overview.jsp?pcid=pf&pvid=wfp10" target=_blank>WinFax PRO</a> from Symantec - fax management software

Source=Paul Collins Startup list

[WinFax PRO Controller]
Number=13182
Confirmed=N
Filename=WFXCTL32.EXE
Description=From WinFax 10.0 and possibly earlier versions. Appears if you chose to have WinFax appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start -> Programs
Source=Paul Collins Startup list

[WinFaxAppPortStarter]
Number=13183
Confirmed=Y
Filename=wfxsnt40.exe
Description=WinFax 10.0 and maybe earlier versions. Used to initiate the WinFax port to enable printing to the WinFax printer (send a fax) from any application.
Source=Paul Collins Startup list

[WinFire]
Number=13184
Confirmed=X
Filename=WF.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfsy.html" target=_blank>DELF-SY</a> TROJAN!
Source=Paul Collins Startup list

[WinFix service]
Number=13185
Confirmed=X
Filename=rsswjzgp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfae.html" target="_blank">RBOT-FAE</a> WORM!
Source=Paul Collins Startup list

[WinFixer 2005]
Number=13186
Confirmed=X
Filename=wfx5.exe
Description=WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see <a "href=http://www.superadblocker.com/definition/wfx5/" target="_blank">here</a>
Source=Paul Collins Startup list

[WinFixer helper]
Number=13187
Confirmed=X
Filename=wfxcwr.exe
Description=WinAntiSpyware 2005 by Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see <a "href=http://www.superadblocker.com/definition/wfxcwr/" target="_blank">here</a>
Source=Paul Collins Startup list

[WinFixer service]
Number=13188
Confirmed=X
Filename=[random filename].exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[WinFixer2006]
Number=13189
Confirmed=X
Filename=uwfx6.exe
Description=WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see <a href=http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453097528" target="_blank">here</a>
Source=Paul Collins Startup list

[WinFlyer32.dll]
Number=13190
Confirmed=X
Filename=WinFlyer32.dll
Description=Added by the <a href="http://www.superadblocker.com/W/WINFLYER32.DLL-10415.html" target="_blank">WINFLYER</a> TROJAN!
Source=Paul Collins Startup list

[winfont]
Number=13191
Confirmed=X
Filename=winfont.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2001-120618-2524-99" target="_blank">DEATH</a> TROJAN!
Source=Paul Collins Startup list

[winform]
Number=13192
Confirmed=X
Filename=winform.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpwsalb.html" target="_blank">PWS-ALB</a> TROJAN!
Source=Paul Collins Startup list

[WinFoxV2]
Number=13193
Confirmed=U
Filename=WF2k.exe
Description=System Tray application that starts up the Winfox utility for a Leadtek Winfast grpahics card to restore settings. Can be started manually from Start -&gt; Settings -&gt; Control Panel Display. Only needed if you wish to run things like the hardware monitor or overclock your card
Source=Paul Collins Startup list

[WinFX]
Number=13194
Confirmed=X
Filename=cssrs.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.FX" target="_blank">AGOBOT.FX</a> WORM!
Source=Paul Collins Startup list

[WinGate]
Number=13195
Confirmed=X
Filename=WinGate.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list

[WinGate Engine Monitor]
Number=13196
Confirmed=U
Filename=wgengmon.exe
Description=WinGate Internet Client Dialup Monitor - component of WinGate proxy server software. Displays the status of the WinGate engine, and appears in the system tray of each workstation on the network reassuring clients that their workstations have connectivity with the WinGate Server

Source=Paul Collins Startup list

[WinGate initialize]
Number=13197
Confirmed=X
Filename=WinGate.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list

[wingerver2.0.exe]
Number=13198
Confirmed=X
Filename=wingerver2.0.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojgraybrdae.html" target=_blank>GRAYBRD-AE</a> TROJAN!
Source=Paul Collins Startup list

[wingo]
Number=13199
Confirmed=X
Filename=wingo.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102910-4447-99" target=_blank>BEAGLE.AW</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102909-4914-99" target=_blank>BEAGLE.AV</a> WORMS!

Source=Paul Collins Startup list

[wingo]
Number=13200
Confirmed=X
Filename=[various filenames]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32bagleau.html" target=_blank>BAGLE-AU</a> WORM!
Source=Paul Collins Startup list

[WinGuage Pro]
Number=13201
Confirmed=N
Filename=WGPRO32.EXE
Description=Part of McAfee Nuts &amp; Bolts. &quot;WinGauge is a dynamic reporting tool that constantly monitors your use of Windows and your applications, to alert you to potential problems before they become serious&quot;. Resource hog. Available via Start -> Programs
Source=Paul Collins Startup list

[Winguard]
Number=13202
Confirmed=Y
Filename=WGFE95.EXE
Description=<a href="http://mcafee.digitalriver.com/dr/v2/ec_MAIN.Entry10?V1=371553&amp;PN=1&amp;SP=10023&amp;xid=39695&amp;DSP=&amp;CUR=826&amp;PGRP=0&amp;CACHE_ID=0" target="_blank">Dr Solomon's Virex</a> antivirus
Source=Paul Collins Startup list

[winguard]
Number=13203
Confirmed=Y
Filename=wingrd32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[WinGuard Pro]
Number=13204
Confirmed=U
Filename=wgp.exe
Description=<a href="http://www.winguardpro.com/" target="_blank">Winguard Pro</a>
Source=Paul Collins Startup list

[WinHacker]
Number=13205
Confirmed=N
Filename=rundll32.exe wh95.dll, HackMe
Description=<a href="http://www.soft32.com/download_153.html" target="_blank">WinHacker</a> tweaking utility by Wedge Software. There are far better tweakers and, unlike WinHacker, most are free
Source=Paul Collins Startup list

[Winhelp]
Number=13206
Confirmed=X
Filename=winhe1p.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092815-0339-99" target="_blank">QQPASS.E</a> TROJAN!
Source=Paul Collins Startup list

[WinHelp]
Number=13207
Confirmed=X
Filename=WinHelp.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM! Note - "winhelp.exe" resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP) whereas the valid "winhelp.exe" resides in C:\Windows or C:\Winnt
Source=Paul Collins Startup list

[WinHelp]
Number=13208
Confirmed=X
Filename=realsched.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM! Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name
Source=Paul Collins Startup list

[Winhelp]
Number=13209
Confirmed=X
Filename=TkBellExe.exe...
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list

[winhelp]
Number=13210
Confirmed=X
Filename=winhelp.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-090617-1926-99" target=_blank>BLACKMAL.C</a> WORM! Note - this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
Source=Paul Collins Startup list

[winhelp]
Number=13211
Confirmed=X
Filename=dns32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[winhelp]
Number=13212
Confirmed=X
Filename=Updadv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassn.html" target=_blank>QQPASS-N</a> TROJAN!
Source=Paul Collins Startup list

[winhlp.exe]
Number=13213
Confirmed=X
Filename=winhlp.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-011909-3359-99" target=_blank>FORMGLIEDER</a> TROJAN!
Source=Paul Collins Startup list

[winhlp3.exe]
Number=13214
Confirmed=X
Filename=winhlp3.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453089426" target="_blank">EASTO.A</a> TROJAN!
Source=Paul Collins Startup list

[Winhlp32]
Number=13215
Confirmed=X
Filename=Wscript.exe ..Msexec32.vbs
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_GANT.B" target="_blank">GANT.B</a> WORM!
Source=Paul Collins Startup list

[winhlp32.exe]
Number=13216
Confirmed=X
Filename=winhlp32.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453089426" target="_blank">EASTO.A</a> TROJAN!
Source=Paul Collins Startup list

[winhlpp32.exe]
Number=13217
Confirmed=X
Filename=winhlpp32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040112-0028-99" target="_blank">GAOBOT.SY</a> WORM!
Source=Paul Collins Startup list

[Winhost]
Number=13218
Confirmed=X
Filename=wintt.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LOLAWEB.B" target="_blank">LOLAWEB.B</a> TROJAN!
Source=Paul Collins Startup list

[Winhost]
Number=13219
Confirmed=X
Filename=win.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderap.html" target="_blank">DLOADER-AP</a> TROJAN!
Source=Paul Collins Startup list

[Winhost]
Number=13220
Confirmed=X
Filename=yahoo.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfkm.html" target= blank>DELF-KM</a> TROJAN!
Source=Paul Collins Startup list

[Winhost]
Number=13221
Confirmed=X
Filename=winhost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_REATLE.F&VSect=P" target=_blank>REATLE.F</a> WORM!
Source=Paul Collins Startup list

[winhost.exe]
Number=13222
Confirmed=X
Filename=winhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlohavr.html" target= blank>LOHAV-R</a> TROJAN!
Source=Paul Collins Startup list

[winhost32.exe]
Number=13223
Confirmed=X
Filename=winhost32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-121714-1300-99" target=_blank>TABDIM</a> TROJAN!
Source=Paul Collins Startup list

[WinHound]
Number=13224
Confirmed=N
Filename=WinHound.exe
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[WinIeRun]
Number=13225
Confirmed=X
Filename=winierun.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojrnwatcha.html" target=_blank>RNWATCH-A</a> WORM!
Source=Paul Collins Startup list

[winimage]
Number=13226
Confirmed=X
Filename=wvsvc.exe
Description=Added by the <a href="http://de.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?VName=WORM_RBOT.TX" target=_blank>RBOT.TX</a> WORM!
Source=Paul Collins Startup list

[WinINet]
Number=13227
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32soberp.html" target=_blank>SOBER-P</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "ConnectionStatus" subfolder of the Windows or Winnt folder
Source=Paul Collins Startup list

[wininet]
Number=13228
Confirmed=X
Filename=wininet.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32stubbotc.html" target=_blank>STUBBOT-C</a> WORM!
Source=Paul Collins Startup list

[wininet32]
Number=13229
Confirmed=X
Filename=wininet32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojraznewa.html" target="_blank">RAZNEW-A</a> TROJAN!
Source=Paul Collins Startup list

[wininetd]
Number=13230
Confirmed=X
Filename=wininetd.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-052013-3927-99" target="_blank">WINET</a> TROJAN!
Source=Paul Collins Startup list

[wininit]
Number=13231
Confirmed=X
Filename=wininit.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082707-4421-99" target="_blank">WOLLF.16</a> TROJAN!
Source=Paul Collins Startup list

[WinInit]
Number=13232
Confirmed=X
Filename=Win86.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallpb.html" target= blank>SMALL-PB</a> TROJAN!
Source=Paul Collins Startup list

[winint]
Number=13233
Confirmed=X
Filename=winint.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotada.html" target=_blank>SDBOT-ADA</a> WORM!
Source=Paul Collins Startup list

[winipsec]
Number=13234
Confirmed=X
Filename=winipsec.exe
Description=Unidentified malware
Source=Paul Collins Startup list

[WinIRXHelper]
Number=13235
Confirmed=U
Filename=WinIRXHelper.exe
Description=MSI Media Center Deluxe software - see <a href="http://www.msi.com.tw/html/products/vga/vga_htm/mediacenter_2o.htm" target=_blank>here</a>
Source=Paul Collins Startup list

[winis]
Number=13236
Confirmed=X
Filename=winis.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotwi.html" target=_blank>RBOT-WI</a> WORM!
Source=Paul Collins Startup list

[Wink*.exe]
Number=13237
Confirmed=X
Filename=Wink*.exe [* = random char]
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-041714-3225-99" target="_blank">KLEZ</a> WORM!
Source=Paul Collins Startup list

[Winkb6]
Number=13238
Confirmed=U
Filename=winkb6.exe
Description=Part of <a href="http://weblocker.fameleads.com/" target="_blank">We-Blocker</a> - gives parents the opportunity to monitor their children's Internet access and provide them with age-appropriate content, while filtering out sites that contain adult content. Works in conjunction with <a href="http://www.sysinfo.org/startuplist.php?filter=SYSWB6" target="_blank">Winkb6</a> and both files are needed to run We-Blocker
Source=Paul Collins Startup list

[WinKernel]
Number=13239
Confirmed=X
Filename=WinKer.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-062114-0920-99" target="_blank">MIRAB</a> or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SERVIDOR.C" target="_blank">SERVIDOR</a> TROJANS!
Source=Paul Collins Startup list

[WinKernel]
Number=13240
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href"http://www.symantec.com/security_response/writeup.jsp?docid=2003-111116-1342-99" target="_blank">PLEA</a> VIRUS!
Source=Paul Collins Startup list

[winkernel32]
Number=13241
Confirmed=X
Filename=wWin32.com
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-021212-0651-99" target="_blank">BANSAP</a> TROJAN!
Source=Paul Collins Startup list

[WinKey]
Number=13242
Confirmed=U
Filename=winkey.exe
Description=Loads <a href="http://www.copernic.com/winkey/" target="_blank">Copernic's WinKey</a>. Used to map out Windows key hotkey combinations. Not required for the system, but is necessary for this to be running if you use these hotkey combos
Source=Paul Collins Startup list

[winla]
Number=13243
Confirmed=X
Filename=winla.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadraql.html" target="_blank">DLOADR-AQL</a> TROJAN!
Source=Paul Collins Startup list

[winldr]
Number=13244
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvidlop.html" target=_blank>VIDLO-P</a> TROJAN!
Source=Paul Collins Startup list

[winldr]
Number=13245
Confirmed=X
Filename=Rechnung.pdf.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_134667.htm" target=_blank>ACS</a> TROJAN!
Source=Paul Collins Startup list

[winlgz2]
Number=13246
Confirmed=X
Filename=winlgz2.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkillfilq.html" target=_blank>KILLFIL-Q</a> TROJAN!
Source=Paul Collins Startup list

[winlibs.exe]
Number=13247
Confirmed=X
Filename=winlibs.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080314-2340-99" target="_blank">EVAMAN.C</a> WORM!
Source=Paul Collins Startup list

[WinLibUpdate]
Number=13248
Confirmed=X
Filename=libupdate.exe
Description=Added by the BIONET series of TROJANS such as <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BIONET.31" target="_blank">BIONET.31</a> or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_BIONET.310" target="_blank">BIONET.310</a>
Source=Paul Collins Startup list

[WinLibUpdate32]
Number=13249
Confirmed=X
Filename=libupdate32.exe
Description=Added by the BIONET.405 TROJAN!
Source=Paul Collins Startup list

[WinLibUpdte]
Number=13250
Confirmed=X
Filename=libupdte.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_BIONET.318" target="_blank">BIONET.318</a> TROJAN!
Source=Paul Collins Startup list

[winligom]
Number=13251
Confirmed=X
Filename=winligom.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgai.html" target="_blank">RBOT-GAI</a> WORM! Note - this malware actually changes the default value data of the registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
Source=Paul Collins Startup list

[Winlink]
Number=13252
Confirmed=X
Filename=winlink32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-041513-0645-99" target="_blank">GAOBOT.AAY</a> WORM!
Source=Paul Collins Startup list

[Winlme]
Number=13253
Confirmed=X
Filename=windll.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_GOP.F" target="_blank">GOP.F</a> WORM!
Source=Paul Collins Startup list

[WinLoad]
Number=13254
Confirmed=U
Filename=Winload.exe
Description=<a href="http://sarc.com/avcenter/venc/data/spyware.pctattletale.html" target="_blank">PCTattletale</a> is a surveillance software program that monitors user activity, logs keystrokes, and takes screenshots. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list

[WinLoader]
Number=13255
Confirmed=X
Filename=[random filename]
Description=Added by variants of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SUB7.213.B" target="_blank"> SUBSEVEN</a> TROJAN!
Source=Paul Collins Startup list

[winlocatorupdate]
Number=13256
Confirmed=X
Filename=updatewinlocator.exe
Description=Locator adult content toolbar related
Source=Paul Collins Startup list

[winlog]
Number=13257
Confirmed=X
Filename=winlog.exe
Description=Unidentified adware. Note - this malware actually changes the default value data of the Registry Run and RunServices keys in order to force Windows to launch it at boot. Name field may be empty
Source=Paul Collins Startup list

[winlog]
Number=13258
Confirmed=X
Filename=winlog.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_GAOBOT.DF&VSect=T" target=_blank>GAOBOT_DF</a> WORM!

Source=Paul Collins Startup list

[winlog manager]
Number=13259
Confirmed=X
Filename=winlog.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DONBOMB.A&VSect=P" target=_blank>DONBOMB.A</a> TROJAN!
Source=Paul Collins Startup list

[WINLOG0N]
Number=13260
Confirmed=X
Filename=WINLOG0N.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040112-4708-99" target=_blank>MYDOOM.BI</a> WORM!
Source=Paul Collins Startup list

[WinLogin]
Number=13261
Confirmed=X
Filename=winlogin.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotix.html" target=_blank>AGOBOT-IX</a> WORM!

Source=Paul Collins Startup list

[winlogin]
Number=13262
Confirmed=X
Filename=win32x.exe
Description=Browser hijacker, also detetected as the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpadf.html" target= blank>STARTPA-DF</a> TROJAN!
Source=Paul Collins Startup list

[Winlogin.exe]
Number=13263
Confirmed=X
Filename=log.exe
Description=Added by a variant of the AGENT.AH downloader TROJAN!
Source=Paul Collins Startup list

[winlogin.exe]
Number=13264
Confirmed=X
Filename=logfile.exe
Description=Added by the AGENT.AH TROJAN!
Source=Paul Collins Startup list

[winlogin.exe]
Number=13265
Confirmed=X
Filename=mspaint.exe
Description=Added by a variant of the AGENT.AH TROJAN!
Source=Paul Collins Startup list

[Winlogin.exe]
Number=13266
Confirmed=X
Filename=steam.exe
Description=Added by a variant of the AGENT.AH TROJAN!
Source=Paul Collins Startup list

[winlogoff]
Number=13267
Confirmed=X
Filename=winlogoff.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobottr.html" target=_blank>AGOBOT-TR</a> WORM!
Source=Paul Collins Startup list

[winlogon]
Number=13268
Confirmed=X
Filename=winlogon.exe
Description=Hijacker or adult content dialler! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target=_blank>winlogon.exe</a> process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder
Source=Paul Collins Startup list

[winlogon]
Number=13269
Confirmed=X
Filename=winlogin.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081213-3232-99" target=_blank>RANDEX.E</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target=_blank>winlogon.exe</a> process, which should not appear in Msconfig/Startup and is always located in the System32 folder
Source=Paul Collins Startup list

[winlogon]
Number=13270
Confirmed=X
Filename=winlogon.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-122113-2532-99" target=_blank>TRODAL</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target=_blank>winlogon.exe</a> process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder
Source=Paul Collins Startup list

[winlogon]
Number=13271
Confirmed=X
Filename=msreg32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.EO" target="_blank">SDBOT.EO</a> WORM!
Source=Paul Collins Startup list

[winlogon]
Number=13272
Confirmed=X
Filename=winlogon32.exe
Description=Added by the <a href="http://www.eset.sk/asc/scriptless/msgs/maslanc.htm" target= blank>MASLAN.C</a> WORM!
Source=Paul Collins Startup list

[winlogon]
Number=13273
Confirmed=X
Filename=wpwlogon.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[WINLOGON]
Number=13274
Confirmed=X
Filename=wscript.exe [System or System32]\WINLOGON.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060115-2503-99" target=_blank>YPSAN.F</a> WORM!
Source=Paul Collins Startup list

[Winlogon]
Number=13275
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbej.html" target=_blank>VB-EJ</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[Winlogon]
Number=13276
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32floppyb.html" target=_blank>FLOPPY-B</a> VIRUS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[winlogon]
Number=13277
Confirmed=X
Filename=nvchost.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[winlogon service]
Number=13278
Confirmed=X
Filename=urx.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.EN" target=_blank>SPYBOT.EN</a> WORM!
Source=Paul Collins Startup list

[Winlogon Shell]
Number=13279
Confirmed=X
Filename=Explorer.exe [path] svchost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022515-5003-99" target="_blank">KIPIS.M</a> WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in System\1032 or System32\1032 subfolders
Source=Paul Collins Startup list

[Winlogon.exe]
Number=13280
Confirmed=X
Filename=N/A
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant - resets home page to an adult content site
Source=Paul Collins Startup list

[winlogon.exe]
Number=13281
Confirmed=X
Filename=helper.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfakespya.html" target= blank>FAKESPY-A</a> TROJAN!
Source=Paul Collins Startup list

[winlogon.exe]
Number=13282
Confirmed=X
Filename=msole32.exe
Description=Adware, also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojfakespyb.html" target= blank>FAKESPY-B</a> TROJAN!
Source=Paul Collins Startup list

[winlogon32_]
Number=13283
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082312-1953-99" target=_blank>RULAND.A</a> WORM!
Source=Paul Collins Startup list

[Winlogun]
Number=13284
Confirmed=X
Filename=winlogin.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32p2loadc.html" target=_blank>P2LOAD-C</a> WORM!
Source=Paul Collins Startup list

[WinLsass]
Number=13285
Confirmed=X
Filename=servicec.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-082615-2846-99" target="_blank">SCANE</a> WORM!
Source=Paul Collins Startup list

[WinLsass]
Number=13286
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-082615-2846-99" target="_blank">SCANE</a> WORM!
Source=Paul Collins Startup list

[winltmpv]
Number=13287
Confirmed=X
Filename=winln.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtcxmedic.html" target=_blank>TCXMEDI-C</a> TROJAN!
Source=Paul Collins Startup list

[winltmpv]
Number=13288
Confirmed=X
Filename=wutop.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtcxmedic.html" target=_blank>TCXMEDI-C</a> TROJAN!
Source=Paul Collins Startup list

[Winmain]
Number=13289
Confirmed=X
Filename=winmain.exe
Description=One of the first of a new breed of malware. When run it immediately loads MSHTA.EXE from the Windows folder, placing it on "hot standby", ready to accept HTA scripting within a web page and then EXECUTE what is embedded IN the page as a program! In other words, it's possible for a "rogue" website to actually embed trojans, worms and/or viruses directly into a web page. NSClean's <a href="http://www.nsclean.com/htastop.html" target="_blank">HTA Stop</a> offers an easy way to toggle this capabiltity, or rather vulnerability, on and off. I suggest you leave it disabled!
Source=Paul Collins Startup list

[WinManager]
Number=13290
Confirmed=?
Filename=schost.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[winmatrix.exe]
Number=13291
Confirmed=U
Filename=WinMatrixXP.exe
Description=<a href="http://www.emotionrays.com/winmatrix-xp-3d-screensaver-download.html" target="_blank">WinMatrix XP</a> - wallpaper replacement that shows different matrix effects (including flowing matrix codes from 'The Matrix' movie) on your desktop
Source=Paul Collins Startup list

[WinMedia]
Number=13292
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzerobea.html" target=_blank>ZEROBE-A</a> TROJAN!
Source=Paul Collins Startup list

[WinMedia]
Number=13293
Confirmed=X
Filename=msupd******.exe [*= random digit]
Description=Added by the INJECT.163 TROJAN!
Source=Paul Collins Startup list

[WinMem]
Number=13294
Confirmed=U
Filename=WinMem.exe
Description=WinMem Cleaner - part of <a href="http://www.wincleaner.com/pc/uti/utiste/uwc_utility_suite.htm" target=_blank>Ultra WinCleaner Utility Suite</a>. Makes more memory available for your programs and the Operating System. It also defragments your system

Source=Paul Collins Startup list

[WinMenssage]
Number=13295
Confirmed=X
Filename=winmax.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-073117-3108-99" target="_blank">BANCOS.B</a> TROJAN!
Source=Paul Collins Startup list

[WinMessenger]
Number=13296
Confirmed=X
Filename=syshost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32opankie.html" target=_blank>OPANKI-E</a> WORM!
Source=Paul Collins Startup list

[WinMgmt]
Number=13297
Confirmed=N
Filename=WinMgmt.exe
Description=Used for Enterprise Management. If you are not an IT Administrator you don't need it to be running. Also runs from the PCHealth "scheduler" - refer <a href="http://groups.google.com/group/microsoft.public.windowsme.general/msg/5af2d1219f43359e?q=PCHealth%2Bpchschd.exe&hl=en&rnum=1" target="_blank">here</a>
Source=Paul Collins Startup list

[WINMGR]
Number=13298
Confirmed=X
Filename=taskgmgr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041111-0021-99" target=_blank>MYTOB.AN</a> WORM!
Source=Paul Collins Startup list

[Winmgr.exe]
Number=13299
Confirmed=X
Filename=scvhost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AFG" target="_blank">AGOBOT.AFG</a> WORM!
Source=Paul Collins Startup list

[WinMgr32]
Number=13300
Confirmed=X
Filename=winmgr32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010710-3146-99" target="_blank">MIMAIL.P</a> WORM!
Source=Paul Collins Startup list

[WinMine]
Number=13301
Confirmed=X
Filename=D4NG3.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092517-0351-99" target="_blank">BISCUIT.A</a> WORM!
Source=Paul Collins Startup list

[winmodem]
Number=13302
Confirmed=Y
Filename=wmexe.exe
Description=Software for software based modems. Required if you have one of these. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See <a href="http://modemsite.com/56k/winmodems.asp" target="_blank">here</a> for more WinModem information
Source=Paul Collins Startup list

[WinMoviePlugIn]
Number=13303
Confirmed=X
Filename=WinMoviePlugIn.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051715-4156-99" target=_blank>Sfonditalia</a> adult content premium rate dialer
Source=Paul Collins Startup list

[Winmsg]
Number=13304
Confirmed=X
Filename=winwork.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031915-3501-99" target="_blank">GAOBOT.GEN!POLY</a> WORM!
Source=Paul Collins Startup list

[WinMsg]
Number=13305
Confirmed=X
Filename=winmsgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadras.html" target="_blank">DLOADR-AS</a> TROJAN!
Source=Paul Collins Startup list

[WinMsrv32]
Number=13306
Confirmed=X
Filename=WinMsrv32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042914-1054-99" target="_blank">GAOBOT.AFJ</a> WORM!
Source=Paul Collins Startup list

[WinMX]
Number=13307
Confirmed=N
Filename=WinMX.exe
Description=<a href="http://www.winmx.co.uk/" target=_blank>WinMX</a> file sharing application
Source=Paul Collins Startup list

[winmysqladmin]
Number=13308
Confirmed=N
Filename=winmysqladmin.exe
Description=Starts the MySQL database admin tool
Source=Paul Collins Startup list

[WinMySQLadmin Tool]
Number=13309
Confirmed=N
Filename=winmysqladmin.exe
Description=Starts the MySQL database admin tool
Source=Paul Collins Startup list

[winnet]
Number=13310
Confirmed=X
Filename=winnet.exe
Description=<a href="http://www.commonname.com/english/ug/toolbar/default.asp?idx=1" target="_blank">CommonName Toolbar</a> spyware. To uninstall see <a href="http://www.commonname.com/english/ug/toolbar/default.asp?idx=10#4">here</a>
Source=Paul Collins Startup list

[WinNetDDE]
Number=13311
Confirmed=X
Filename=[random characters].exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-011715-5404-99" target=_blank>NETDEPIX.B</a> TROJAN!
Source=Paul Collins Startup list

[WinNite]
Number=13312
Confirmed=X
Filename=niteaim.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061516-4529-99" target=_blank>OPANKI.B</a> WORM!
Source=Paul Collins Startup list

[Winnov Menu]
Number=13313
Confirmed=?
Filename=WnvMenu.Exe
Description=<a href="http://www.winnov.com/" target="_blank">Winnov Video Capture Card</a> related.<font color="#FF0000"> What does it do and is it required?</font>
Source=Paul Collins Startup list

[Winnov Remote]
Number=13314
Confirmed=?
Filename=WnvRsvr.Exe
Description=<a href="http://www.winnov.com/" target="_blank">Winnov Video Capture Card</a> related.<font color="#FF0000"> What does it do and is it required?</font>
Source=Paul Collins Startup list

[Winnov Status]
Number=13315
Confirmed=?
Filename=WvStatus.Exe
Description=<a href="http://www.winnov.com/" target="_blank">Winnov Video Capture Card</a> related.<font color="#FF0000"> What does it do and is it required?</font>
Source=Paul Collins Startup list

[winnt]
Number=13316
Confirmed=X
Filename=winnt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32monae.html" target="_blank">MONA-E</a> WORM!
Source=Paul Collins Startup list

[winnt DNS ident]
Number=13317
Confirmed=X
Filename=wuamgrd32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbau.html" target=_blank>RBOT-BAU</a> WORM!
Source=Paul Collins Startup list

[winnt DNS ident]
Number=13318
Confirmed=X
Filename=iexplorer.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[winnt DNS ident]
Number=13319
Confirmed=X
Filename=pidchk32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotacy.html" target=_blank>RBOT-ACY</a> WORM!
Source=Paul Collins Startup list

[winnt DNS ident]
Number=13320
Confirmed=X
Filename=windowxp.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[winnt DNS ident]
Number=13321
Confirmed=X
Filename=Winupd32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AVU&VSect=P" target=_blank>RBOT.AVU</a> WORM!
Source=Paul Collins Startup list

[winnt DNS ident]
Number=13322
Confirmed=X
Filename=winupdate32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[winnt DNS ident]
Number=13323
Confirmed=X
Filename=wuamgrd33.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Winnt DNS ident]
Number=13324
Confirmed=X
Filename=windowsp.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BAL&VSect=P" target=_blank>RBOT.BAL</a> WORM!
Source=Paul Collins Startup list

[winNT updatc]
Number=13325
Confirmed=X
Filename=wupgrd.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[WinNtBB]
Number=13326
Confirmed=X
Filename=WinntBB.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DULOAD.C" target="_blank">DULOAD.C</a> WORM!
Source=Paul Collins Startup list

[Winnup]
Number=13327
Confirmed=X
Filename=win32nls.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[winocx32]
Number=13328
Confirmed=X
Filename=winocx32.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39755" target=_blank>PROTORIDE.I</a> WORM!

Source=Paul Collins Startup list

[WINOWS SYSTEM]
Number=13329
Confirmed=X
Filename=winnt.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.ID&VSect=P" target=_blank>MYTOB.ID</a> WORM!
Source=Paul Collins Startup list

[WINP]
Number=13330
Confirmed=X
Filename=winmic.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spyboteb.html" target=_blank>SPYBOT-EB</a> WORM!
Source=Paul Collins Startup list

[Winpack]
Number=13331
Confirmed=X
Filename=winpack.exe
Description=Adware downloader - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan-Downloader.Win32.Agent.gg
Source=Paul Collins Startup list

[WinPatrol]
Number=13332
Confirmed=U
Filename=WinPatrol.exe
Description=<a href="http://www.winpatrol.com/" target="_blank">WinPatrol</a> - &quot;Manage Startup programs, tasks, cookies; will sniff out Worms, Trojan horses, Cookies, Adware, Spyware, Klez, Assumption and other malicious programs&quot;
Source=Paul Collins Startup list

[WinPatrol Explorer]
Number=13333
Confirmed=Y
Filename=WinPatrolEx.exe
Description=Part of <a href="http://www.winpatrol.com/" target="_blank">WinPatrol</a>
Source=Paul Collins Startup list

[winphonics7536]
Number=13334
Confirmed=X
Filename=vbsystem35.exe setups.exe vb.vb
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojmutinc.html" target="_blank">MUTIN-C</a> TROJAN!
Source=Paul Collins Startup list

[winpipe]
Number=13335
Confirmed=X
Filename=winpipe.exe
Description=Browser hijacker redirecting to wow-access.com
Source=Paul Collins Startup list

[WinPLOSION]
Number=13336
Confirmed=U
Filename=WinPlosion.exe
Description="<a href="http://www.winplosion.com/overview.html" target=_blank>WinPLOSION</a> allows you to immediately view and select from all the windows running on your computer, just those of the active application, or to minimise all windows and display a clear desktop"
Source=Paul Collins Startup list

[WinPoet]
Number=13337
Confirmed=Y
Filename=WinPPPoverEthernet.exe
Description=WinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs and ISPs. For more info read <a href="http://www.finepoint.com/winpoet.html" target="_blank">here</a>. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networking
Source=Paul Collins Startup list

[winpol]
Number=13338
Confirmed=X
Filename=winpol.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.IWD" target="_blank">AGENT.IWD</a> TROJAN!
Source=Paul Collins Startup list

[WinPopup]
Number=13339
Confirmed=N
Filename=WINPOPUP.EXE
Description=Intranet chat software provided by windows for chat on small networks. Handy little LAN messaging utility. Has been included in Windows since 95, and maybe in WFWG 3.11. Normally it won't set itself up to run unless the user specifically adds it to startup
Source=Paul Collins Startup list

[winpopup]
Number=13340
Confirmed=X
Filename=winupie.exe
Description=Adware by Tradeexit.com
Source=Paul Collins Startup list

[Winpower]
Number=13341
Confirmed=N
Filename=Winpower.exe
Description=Part of <a href="http://www.macrovision.com/products/flexnet_installshield/installanywhere/index.shtml" target="_blank">InstallAnywhere</a> from Zero G Software, now owned by Macrovision
Source=Paul Collins Startup list

[Winprocer32 Update]
Number=13342
Confirmed=X
Filename=winprocer32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.GW&VSect=P" target=_blank>RBOT.GW</a> WORM!
Source=Paul Collins Startup list

[winprocessor Update]
Number=13343
Confirmed=X
Filename=winprocessor.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.IO&VSect=P" target=_blank>RBOT.IO</a> WORM!
Source=Paul Collins Startup list

[WinProfile]
Number=13344
Confirmed=X
Filename=Command.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BUDDY.E" target="_blank">BUDDY</a> TROJAN!
Source=Paul Collins Startup list

[WinProfile]
Number=13345
Confirmed=X
Filename=sndcfg16.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39771" target="_blank">SNDC.A</a> WORM!
Source=Paul Collins Startup list

[winprofile]
Number=13346
Confirmed=X
Filename=iexpiore.exe
Description=Added by a variant of the MONCHER WORM!
Source=Paul Collins Startup list

[WinProfile]
Number=13347
Confirmed=X
Filename=iexpIore.exe
Description=Added by <a href="http://www.sophos.com/virusinfo/analyses/trojchumc.html" target=_blank>CHUM-C</a> TROJAN!
Source=Paul Collins Startup list

[WinProt]
Number=13348
Confirmed=X
Filename=Winprot.exe
Description=Added by the <a href="http://www.hackfix.org/miscfix/cha.shtml" target="_blank">CHUPACABRA</a> TROJAN!
Source=Paul Collins Startup list

[WinProt]
Number=13349
Confirmed=X
Filename=server.exe
Description=Added by the <a href="http://www.hackfix.org/miscfix/cha.shtml" target="_blank">CHUPACABRA</a> TROJAN!
Source=Paul Collins Startup list

[winprotect]
Number=13350
Confirmed=X
Filename=win32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-011315-3830-99" target=_blank>MUGLY.E</a> WORM!
Source=Paul Collins Startup list

[winprotect]
Number=13351
Confirmed=X
Filename=winprotect.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotsb.html" target= blank>SDBOT-SB</a> WORM!
Source=Paul Collins Startup list

[WinProxy]
Number=13352
Confirmed=U
Filename=WinProxy.EXE
Description=&quot;<a href="http://www.winproxy.net/" target="_blank">WinProxy</a> is the world-first proxy server and a firewall with integrated mail server for Windows 95/98/ME/NT/2000/XP&quot;
Source=Paul Collins Startup list

[Winproxy Personal]
Number=13353
Confirmed=X
Filename=WINPROXY.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BMF&VSect=P" target=_blank>SDBOT.BMF</a> WORM!
Source=Paul Collins Startup list

[winpsd]
Number=13354
Confirmed=X
Filename=winpsd.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081616-2035-99" target="_blank">MYDOOM.Q</a> WORM!
Source=Paul Collins Startup list

[WinPWD Manager]
Number=13355
Confirmed=X
Filename=wpwdmgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaut.html" target=_blank>RBOT-AUT</a> WORM!
Source=Paul Collins Startup list

[winrapid]
Number=13356
Confirmed=X
Filename=winrapid.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[winrar]
Number=13357
Confirmed=X
Filename=winrar.exe
Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#therealsearch" target=_blank>Therealsearch</a> parasite variant. Note - this is not the file zipping utility also known as <a href="http://www.rarlab.com/" target="_blank">WinRAR</a>!
Source=Paul Collins Startup list

[winrarshell]
Number=13358
Confirmed=X
Filename=winrarshell32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101314-1402-99" target="_blank">SALIRA</a> TROJAN!
Source=Paul Collins Startup list

[WinReader]
Number=13359
Confirmed=X
Filename=read.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotv.html" target="_blank">DELBOT-V</a> WORM!
Source=Paul Collins Startup list

[winReg]
Number=13360
Confirmed=X
Filename=winReg.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-121621-5429-99" target="_blank">YAHA.H</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-121310-2719-99" target="_blank">YAHA.J</a> WORMS!
Source=Paul Collins Startup list

[WinReg32 service]
Number=13361
Confirmed=X
Filename=holqdnoxpmeu.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[winregsrv]
Number=13362
Confirmed=X
Filename=winregsrv.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-102115-0015-99" target="_blank">SYNRG</a> TROJAN!
Source=Paul Collins Startup list

[winreg_32]
Number=13363
Confirmed=X
Filename=svchosst.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosce.html" target=_blank>BANCOS-CE</a> TROJAN!
Source=Paul Collins Startup list

[winreg_32]
Number=13364
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerdb.html" target=_blank>BANKER-DB</a> TROJAN!
Source=Paul Collins Startup list

[winreg_32]
Number=13365
Confirmed=X
Filename=sysdll.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderij.html" target=_blank>DLOADER-IJ</a> TROJAN!
Source=Paul Collins Startup list

[winreg_32]
Number=13366
Confirmed=X
Filename=Vc030405.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosct.html" target=_blank>BANCOS-CT</a> TROJAN!
Source=Paul Collins Startup list

[WINREMOTE]
Number=13367
Confirmed=U
Filename=WinRemote.exe
Description=InterVideo WinCinema Manager - needed for the use of <a href="http://www.intervideo.com/jsp/WinDVDRemote_Profile.jsp" target=_blank>WinDVD Remote Control</a>
Source=Paul Collins Startup list

[Winres32vis]
Number=13368
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_THRAX.A" target="_blank">THRAX.A</a> WORM!
Source=Paul Collins Startup list

[winrestore1]
Number=13369
Confirmed=X
Filename=winrestore.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkillfilq.html" target=_blank>KILLFIL-Q</a> TROJAN!
Source=Paul Collins Startup list

[winreups]
Number=13370
Confirmed=X
Filename=winreups.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[winroute]
Number=13371
Confirmed=N
Filename=winroute.exe
Description=Win-Route 4.27. WinRoute Tray Icon for starting and stopping the WrCtrl.exe process, also to log in to the console to view logs and change settings. Can be unchecked and the engine still runs and functions normally. Can then use provided shortcuts for administration of the program. Loaded in SERVICES on Windows 2k
Source=Paul Collins Startup list

[WinRPC]
Number=13372
Confirmed=X
Filename=winrpcmx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankereei.html" target="_blank">BANKER-EEI</a> TROJAN!
Source=Paul Collins Startup list

[winrun]
Number=13373
Confirmed=X
Filename=msconfig.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-020316-5130-99" target="_blank">WINUR</a> WORM! Note - this is not the real msconfig.exe as it's located in C:\winrun\
Source=Paul Collins Startup list

[winrun]
Number=13374
Confirmed=X
Filename=winrun.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-032718-1359-99" target="_blank">WINBUR.B</a> WORM!
Source=Paul Collins Startup list

[WINRUN]
Number=13375
Confirmed=X
Filename=taskgmr32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041110-2451-99" target=_blank>MYTOB.AP</a> WORM!
Source=Paul Collins Startup list

[WINRUN]
Number=13376
Confirmed=X
Filename=svchost32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobai.html" target= blank>MYTOB-AI</a> WORM!
Source=Paul Collins Startup list

[WINRUN]
Number=13377
Confirmed=X
Filename=taskgmr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobbx.html" target=_blank>MYTOB-BX</a> WORM!
Source=Paul Collins Startup list

[WINRUN z]
Number=13378
Confirmed=X
Filename=W1NT45K.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042416-0006-99" target= blank>MYTOB.BL</a> WORM!
Source=Paul Collins Startup list

[WinRunners]
Number=13379
Confirmed=X
Filename=WinDrivers.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DULOAD.C" target="_blank">DULOAD.C</a> WORM!
Source=Paul Collins Startup list

[Wins Service Driver]
Number=13380
Confirmed=X
Filename=winet.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotapv.html" target=_blank>RBOT-APV</a> WORM!
Source=Paul Collins Startup list

[Wins Update 32]
Number=13381
Confirmed=X
Filename=services32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotfn.html" target=_blank>FORBOT-FN</a> WORM!
Source=Paul Collins Startup list

[Wins32 Online]
Number=13382
Confirmed=X
Filename=cfgpwnz.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022210-2736-99" target=_blank>BROPIA.R</a> WORM!
Source=Paul Collins Startup list

[WinScMngr]
Number=13383
Confirmed=X
Filename=winsmc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotbpz.html" target=_blank>SDBOT-BPZ</a> WORM!
Source=Paul Collins Startup list

[WinSec]
Number=13384
Confirmed=X
Filename=winsec16.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.ZF" target=_blank>AGOBOT.ZF</a> WORM!
Source=Paul Collins Startup list

[winsecure]
Number=13385
Confirmed=X
Filename=winsecure.exe
Description=Browser hijacker, redirecting to specificsearches.com
Source=Paul Collins Startup list

[WinSecure]
Number=13386
Confirmed=X
Filename=[random].exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentlr.html" target=_blank>AGENT-LR</a> TROJAN!
Source=Paul Collins Startup list

[Winsecure Antivirus]
Number=13387
Confirmed=X
Filename=Secureantivirus.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[WinSecured32]
Number=13388
Confirmed=X
Filename=ssmr.exe
Description=Added by a variant of the <a href="http://sophos.com.au/virusinfo/analyses/w32forbotgen.html" target=_blank>FORBOT</a> WORM!
Source=Paul Collins Startup list

[Winserv]
Number=13389
Confirmed=X
Filename=Winserv.ila
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-012111-0417-99" target=_blank>NODMIN</a> WORM!
Source=Paul Collins Startup list

[winserver]
Number=13390
Confirmed=X
Filename=Server.txt.vbs
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DELTAD.A" target="_blank">DELTAD.A</a> WORM!
Source=Paul Collins Startup list

[Winservice]
Number=13391
Confirmed=X
Filename=winmain.exe
Description=Adult content related malware

Source=Paul Collins Startup list

[winservice]
Number=13392
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_136736.htm" target=_blank>CVK</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[WinService]
Number=13393
Confirmed=X
Filename=hosth.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdwnldrfux.html" target="_blank">DWNLDR-FUX</a> TROJAN!
Source=Paul Collins Startup list

[WinService]
Number=13394
Confirmed=X
Filename=Ttt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32msnvbd.html" target="_blank">MSNVB-D</a> WORM!
Source=Paul Collins Startup list

[WinService32]
Number=13395
Confirmed=U
Filename=ssmgr.exe
Description=<a href="http://www.e-spy-software.com/" target="_blank">007 Spy Software</a> - "stealthy monitoring program which allows you to secretly track all activities of computer users and automatically deliver logs to you via Email or FTP"
Source=Paul Collins Startup list

[WinService32]
Number=13396
Confirmed=U
Filename=svchost.exe
Description=<a href="http://www.scanspyware.net/info/007SpySoftware.htm" target=blank>007 Spy Software</a> keystroke logger/monitoring program - remove unless you installed it yourself! Note - this is not the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=blank>svchost.exe</a> process that normally doesn't appear in Msconfig/Startup!

Source=Paul Collins Startup list

[WinServices]
Number=13397
Confirmed=X
Filename=WinServices.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-122414-3433-99" target="_blank">YAHA.K</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-010612-2750-99" target="_blank">YAHA.M</a> WORMS!
Source=Paul Collins Startup list

[winservices]
Number=13398
Confirmed=X
Filename=bootvfy.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[winservit]
Number=13399
Confirmed=X
Filename=cassl.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ASG&VSect=P" target=_blank>RBOT.ASG</a> WORM!
Source=Paul Collins Startup list

[winservn]
Number=13400
Confirmed=X
Filename=winservn.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[winservs]
Number=13401
Confirmed=X
Filename=winservs.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[WinSetBrowse]
Number=13402
Confirmed=X
Filename=BasicUpdate.dll.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092517-0351-99" target="_blank">BISCUIT.A</a> WORM!
Source=Paul Collins Startup list

[winsfc]
Number=13403
Confirmed=X
Filename=winsfc.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-122114-1051-99" target=_blank>WISFC</a> VIRUS!
Source=Paul Collins Startup list

[Winshell]
Number=13404
Confirmed=X
Filename=remote.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.LJ&VSect=P" target=_blank>MYTOB.LJ</a> WORM!
Source=Paul Collins Startup list

[Winshoe]
Number=13405
Confirmed=?
Filename=wuadfdqr.exe
Description=<font color="#FF0000">Probably an unidentified VIRUS! Adds itself to 3 registry "Run" keys and prevents Task Manager being displayed. This is not the Winshoe IRC Client as the visitor did not have it installed</font>
Source=Paul Collins Startup list

[winshost.exe]
Number=13406
Confirmed=X
Filename=winshost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022810-2546-99" target=_blank>TOOSO</a> WORM and variants!
Source=Paul Collins Startup list

[WinShowUpdate]
Number=13407
Confirmed=X
Filename=copy C:\WINDOWS\winshow.new C:\WINDOW\Swinshow.dll
Description=<a href="http://allentech.net/parasite/Winshow.html" target="_blank">Winshow</a> parasiate related - from the "RunOnce" keys it replaces "winshow.dll" with a new version

Source=Paul Collins Startup list

[WinSig]
Number=13408
Confirmed=X
Filename=NetXP.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerfn.html" target=_blank>BANKER-FN</a> TROJAN!
Source=Paul Collins Startup list

[winskype]
Number=13409
Confirmed=X
Filename=winskype.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbroggerc.html" target=_blank>BROGGER-C</a> TROJAN!
Source=Paul Collins Startup list

[winsock]
Number=13410
Confirmed=X
Filename=svch0st.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sagea.html" target=_blank>SAGE-A</a> WORM! Note - the filename has the digit 0 rather then the uppercase "o"
Source=Paul Collins Startup list

[Winsock driver]
Number=13411
Confirmed=X
Filename=winnt update.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojspybotdm.html" target= blank>SPYBOT-DM</a> TROJAN!
Source=Paul Collins Startup list

[Winsock driver]
Number=13412
Confirmed=X
Filename=winnt64.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotdr.html" target=_blank>SPYBOT-DR</a> WORM!
Source=Paul Collins Startup list

[Winsock Startup]
Number=13413
Confirmed=X
Filename=Main2.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[winsock2]
Number=13414
Confirmed=X
Filename=netsvr.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.LY&VSect=T" target=_blank>AGOBOT.LY</a> WORM!
Source=Paul Collins Startup list

[Winsock2 driver]
Number=13415
Confirmed=X
Filename=SDJOIJE.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-072312-4244-99" target="_blank">SPYBOT.DR</a> TROJAN!
Source=Paul Collins Startup list

[Winsock2 driver]
Number=13416
Confirmed=X
Filename=MIRC32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032311-1036-99" target="_blank">SPYBUZZ</a> TROJAN!
Source=Paul Collins Startup list

[Winsock2 driver]
Number=13417
Confirmed=X
Filename=kgzgjkpcw.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-041617-1223-99" target="_blank">SDBOT.T</a> TROJAN!
Source=Paul Collins Startup list

[Winsock2 driver]
Number=13418
Confirmed=X
Filename=ZONEALARM.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-041617-1223-99" target="_blank">SDBOT.T</a> TROJAN! Note - ZONEALARM.EXE is not the valid Zone Labs firewall program
Source=Paul Collins Startup list

[Winsock2 driver]
Number=13419
Confirmed=X
Filename=WINCFG.SCR
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Winsock2 driver]
Number=13420
Confirmed=X
Filename=winupdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotbx.html" target="_blank">SPYBOT-BX</a> WORM!
Source=Paul Collins Startup list

[Winsock2 driver]
Number=13421
Confirmed=X
Filename=SPOLSV.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotcm.html" target=_blank>SPYBOT-CM</a> WORM!

Source=Paul Collins Startup list

[Winsock2 driver]
Number=13422
Confirmed=X
Filename=Zonealarmupdate.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Winsock2 driver]
Number=13423
Confirmed=X
Filename=sysreq.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotcc.html" target=_blank>SPYBOT-CC</a> WORM!
Source=Paul Collins Startup list

[Winsock2 driver]
Number=13424
Confirmed=X
Filename=AMSNMGR.EXE
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Winsock2 driver]
Number=13425
Confirmed=X
Filename=WUAUMQR.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotdp.html" target=_blank>SPYBOT-DP</a> WORM!
Source=Paul Collins Startup list

[Winsock2 driver]
Number=13426
Confirmed=X
Filename=wincfg.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.CO&VSect=P" target=_blank>SPYBOT.CO</a> WORM!
Source=Paul Collins Startup list

[Winsock2 driver]
Number=13427
Confirmed=X
Filename=ntsys32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotdd.html" target=_blank>SPYBOT-DD</a> WORM!
Source=Paul Collins Startup list

[Winsock2 driver]
Number=13428
Confirmed=X
Filename=svchorsst.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotee.html" target=_blank>SPYBOT-EE</a> WORM!
Source=Paul Collins Startup list

[Winsock2 driver]
Number=13429
Confirmed=X
Filename=SYSTEM32.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spyboteg.html" target=_blank>SPYBOT-EG</a> WORM!
Source=Paul Collins Startup list

[Winsock2 driver]
Number=13430
Confirmed=X
Filename=dllcfg32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.AG" target="_blank">SPYBOT.AG</a> WORM!
Source=Paul Collins Startup list

[Winsock2.dll]
Number=13431
Confirmed=X
Filename=WINLODR.SCR
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[Winsock32 driver]
Number=13432
Confirmed=X
Filename=Testing.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotb.html" target="_blank">SPYBOT.B</a> WORM!
Source=Paul Collins Startup list

[Winsock32 driver]
Number=13433
Confirmed=X
Filename=lcd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotb.html" target="_blank">SPYBOT.B</a> WORM!
Source=Paul Collins Startup list

[Winsock32 driver]
Number=13434
Confirmed=X
Filename=Sdjoije.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotb.html" target="_blank">SPYBOT.B</a> WORM!
Source=Paul Collins Startup list

[Winsock32driver]
Number=13435
Confirmed=X
Filename=win32server.scr
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100313-2617-99" target="_blank">HACARMY</a> TROJAN!
Source=Paul Collins Startup list

[Winsock32driver]
Number=13436
Confirmed=X
Filename=sp2XPupdate.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_HACKARMY.S" target="_blank">HACKARMY.S</a> TROJAN!
Source=Paul Collins Startup list

[Winsock32driver]
Number=13437
Confirmed=X
Filename=win32server.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_100723.htm" target="_blank">BACKDOOR-AZV</a> TROJAN!
Source=Paul Collins Startup list

[Winsock32driver]
Number=13438
Confirmed=X
Filename=ZoneAlarmPr0.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojhackarmyb.html" target="_blank">HACKARMY-B</a> TROJAN!
Source=Paul Collins Startup list

[Winsock32driver]
Number=13439
Confirmed=X
Filename=ZoneLockup.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-062614-5809-99" target="_blank">HACARMY.D</a> TROJAN!
Source=Paul Collins Startup list

[Winsock32driver]
Number=13440
Confirmed=X
Filename=win32server.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110511-0258-99" target=_blank>HACARMY.F</a> TROJAN!
Source=Paul Collins Startup list

[Winsock32driver]
Number=13441
Confirmed=X
Filename=winXPupdate.exe
Description=Added by the <a href="http://info.ahnlab.com/securityinfo/virus_view_eng_new.jsp?SEQ_NO=1574" target=_blank>HACKARMY.9728</a> TROJAN!
Source=Paul Collins Startup list

[Winsock32driver]
Number=13442
Confirmed=X
Filename=svchhost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_HACKARMY.I" target=_blank>HACKARMY.I</a> TROJAN!
Source=Paul Collins Startup list

[winsockdriver]
Number=13443
Confirmed=X
Filename=tskmg.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target="_blank">SDBOT.GEN</a> TROJAN or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121914-5618-99" target="_blank">WARPIGS.C</a> WORM!
Source=Paul Collins Startup list

[winsockdriver]
Number=13444
Confirmed=X
Filename=winsock2.2.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[winsockdriver]
Number=13445
Confirmed=X
Filename=iexplor.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-012116-2805-99" target=_blank>BLATIC.A</a> WORM!
Source=Paul Collins Startup list

[winsockdriver]
Number=13446
Confirmed=X
Filename=winsock3.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotdo.html" target=_blank>SPYBOT-DO</a> WORM!
Source=Paul Collins Startup list

[winsockdriver]
Number=13447
Confirmed=X
Filename=bot.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32warpigsd.html" target=_blank>WARPIGS-D</a> TROJAN!
Source=Paul Collins Startup list

[WinSocketComponent]
Number=13448
Confirmed=X
Filename=nthost.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[Winsocks2 driver]
Number=13449
Confirmed=X
Filename=mznmgr.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[WINSOS VERIFY]
Number=13450
Confirmed=U
Filename=WINSOS.EXE
Description=<a href="http://www.winsos.com/us/index.html" target=_blank>WinSOS</a> - "deletes spyware, optimizes your computer - backs up selected data"
Source=Paul Collins Startup list

[WinSP]
Number=13451
Confirmed=X
Filename=[path] REGEDIT.EXE -s [path] sysreg.reg
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpame.html" target=_blank>STARTPA-ME</a> TROJAN!
Source=Paul Collins Startup list

[winspd32dll]
Number=13452
Confirmed=X
Filename=winspd32.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list

[WinSPF]
Number=13453
Confirmed=X
Filename=windrv32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-090914-1649-99" target="_blank">MYDOOM.T</a> WORM!
Source=Paul Collins Startup list

[WinSPF]
Number=13454
Confirmed=X
Filename=winspf32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-090912-1602-99" target="_blank">MYDOOM.S</a> WORM!
Source=Paul Collins Startup list

[Winspl]
Number=13455
Confirmed=X
Filename=winsplx.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojtrolla.html" target=_blank>TROLL-A</a> TROJAN!
Source=Paul Collins Startup list

[Winspool]
Number=13456
Confirmed=X
Filename=spoolsvr.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[WinSrv]
Number=13457
Confirmed=X
Filename=kn0x.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOBBIT.F" target="_blank">HOBBIT.F</a> WORM!
Source=Paul Collins Startup list

[WinSrv]
Number=13458
Confirmed=X
Filename=SHIZZLE.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOBBIT.C" target="_blank">HOBBIT.C</a> WORM!
Source=Paul Collins Startup list

[Winsrv]
Number=13459
Confirmed=X
Filename=winsrv.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T" target="_blank">OPASERV.T</a> WORM!
Source=Paul Collins Startup list

[winsrv]
Number=13460
Confirmed=X
Filename=winsrv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojnetsnakb.html" target=_blank>NETSNAK-B</a> TROJAN!
Source=Paul Collins Startup list

[winsrv3]
Number=13461
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32nafbota.html" target=_blank>NAFBOT-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
Source=Paul Collins Startup list

[WinsSystem]
Number=13462
Confirmed=X
Filename=syssmss.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_DELF.IG&VSect=T" target=_blank>DELF.IG</a> TROJAN!
Source=Paul Collins Startup list

[WinStabilizer]
Number=13463
Confirmed=X
Filename=WinStabilizer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotsw.html" target=_blank>AGOBOT-SW</a> WORM!
Source=Paul Collins Startup list

[WinStart]
Number=13464
Confirmed=X
Filename=WinStart.exe
Description=From<font color="#FF0000"> <a href="http://www.igetnet.com/iGetNet_Home.asp" target="_blank">IGetNet</a></font> - turns the IE address bar into a keyword engine piped into IGetNet. In other words, with this installed, typing &quot;car&quot; in the IE address bar will point the browser to the Lexus web site. Foistware - installs components without your knowledge
Source=Paul Collins Startup list

[WinStart]
Number=13465
Confirmed=X
Filename=Wscript.exe WinStart.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021219-2242-99" target="_blank">CIAN.C</a> WORM!
Source=Paul Collins Startup list

[WinStart]
Number=13466
Confirmed=X
Filename=winstart32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-041115-4727-99" target="_blank">PUROL</a> WORM!
Source=Paul Collins Startup list

[WinStart]
Number=13467
Confirmed=X
Filename=WinStart.pif
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031218-2446-99" target="_blank">CONE.E</a> WORM!
Source=Paul Collins Startup list

[winstart]
Number=13468
Confirmed=X
Filename=winstart.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsckeyloab.html" target=_blank>SCKEYLO-AB</a> TROJAN!
Source=Paul Collins Startup list

[WinStart001]
Number=13469
Confirmed=X
Filename=WinStart001.exe
Description=From <a href="http://www.igetnet.com/iGetNet_Home.asp" target="_blank">IGetNet</a></font> - turns the IE address bar into a keyword engine piped into IGetNet. In other words, with this installed, typing &quot;car&quot; in the IE address bar will point the browser to the Lexus web site. Foistware - installs components without your knowledge
Source=Paul Collins Startup list

[WinStart001.EXE]
Number=13470
Confirmed=X
Filename=WinStart001.exe
Description=From <a href="http://www.igetnet.com/iGetNet_Home.asp" target="_blank">IGetNet</a></font> - turns the IE address bar into a keyword engine piped into IGetNet. In other words, with this installed, typing &quot;car&quot; in the IE address bar will point the browser to the Lexus web site. Foistware - installs components without your knowledge
Source=Paul Collins Startup list

[winstats]
Number=13471
Confirmed=X
Filename=winstats.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-090216-3057-99" target=_blank>GARGAFX</a> TROJAN!
Source=Paul Collins Startup list

[Winsta~1]
Number=13472
Confirmed=X
Filename=winsta~1.exe
Description=<a href="http://accs-net.com/smallfish/gohip.htm" target="_blank">GoHip</a> foistware
Source=Paul Collins Startup list

[WinSth16]
Number=13473
Confirmed=X
Filename=WinSth16.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091116-4057-99" target="_blank">CAKE</a> WORM!
Source=Paul Collins Startup list

[winstro]
Number=13474
Confirmed=X
Filename=RUN32DLL.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-092316-4937-99" target="_blank">FTP_ANA</a> TROJAN!
Source=Paul Collins Startup list

[winsupdatesysmngr64]
Number=13475
Confirmed=X
Filename=winsys64mnger.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbag.html" target=_blank>RBOT-BAG</a> WORM!
Source=Paul Collins Startup list

[WinSvc16.exe]
Number=13476
Confirmed=X
Filename=WinSvc16.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453088397" target="_blank">SDBOT.FQ</a> TROJAN!
Source=Paul Collins Startup list

[Winsvc32]
Number=13477
Confirmed=X
Filename=Winsvc32.exe
Description=Homepage hijacker
Source=Paul Collins Startup list

[winsvc32.exe]
Number=13478
Confirmed=X
Filename=winsvc32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-022517-0503-99" target= blank>GREPAGE</a> TROJAN!
Source=Paul Collins Startup list

[Winsvr]
Number=13479
Confirmed=X
Filename=msupd******.exe [*= random digit]
Description=Added by the INJECT.163 TROJAN!
Source=Paul Collins Startup list

[Winsvr manager]
Number=13480
Confirmed=X
Filename=DDEsvr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32tirbotc.html" target=_blank>TIRBOT-C</a> WORM!
Source=Paul Collins Startup list

[winsy32.exe]
Number=13481
Confirmed=X
Filename=winsy32.exe
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list

[winsync]
Number=13482
Confirmed=X
Filename=******.exe reg_run [* = random char]
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=43264" target=_blank>QOOLOGIC</a> TROJAN!
Source=Paul Collins Startup list

[Winsys]
Number=13483
Confirmed=U
Filename=Winsys.exe
Description=<a href="http://www.win-spy.com/" target=_blank>Win-Spy</a> keyboard logger/monitoring software - remove unless you installed it yourself
Source=Paul Collins Startup list

[WINSYS]
Number=13484
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040119-3916-99" target="_blank">GOLDPLAY</a> TROJAN!
Source=Paul Collins Startup list

[winsys]
Number=13485
Confirmed=X
Filename=syschost.exe
Description=Added by an unidentified TROJAN!
Source=Paul Collins Startup list

[WinSys32]
Number=13486
Confirmed=X
Filename=Winsys32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-110418-0639-99" target="_blank">CIGIVIP</a> TROJAN or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102415-3837-99" target="_blank"> RECKUS</a> WORM!
Source=Paul Collins Startup list

[winsys32 Driver]
Number=13487
Confirmed=X
Filename=winsys32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojloonyo.html" target="_blank">LOONY-O</a> TROJAN!
Source=Paul Collins Startup list

[WinSysAppMon]
Number=13488
Confirmed=U
Filename=WinSysRM.exe
Description=Home & Family Content Filter related. See <a href="http://s.planetgood.net/Users/TechSupportFAQ.htm#_Toc9925457" target="_blank">here</a>
Source=Paul Collins Startup list

[winsysban]
Number=13489
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojclickercd.html" target="_blank">CLICKER-CD</a> TROJAN!
Source=Paul Collins Startup list

[winsyslog lptt01]
Number=13490
Confirmed=X
Filename=winsyslog.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Winsyslog" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[WinSysModule]
Number=13491
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentdiq.html" target="_blank">AGENT-DIQ</a> TROJAN!
Source=Paul Collins Startup list

[WinSysStartUpWKbLw]
Number=13492
Confirmed=X
Filename=TaskSystemDll.Exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-012115-1018-99" target="_blank">BACKZAT.G</a> WORM!
Source=Paul Collins Startup list

[WinSyst32]
Number=13493
Confirmed=X
Filename=winsyst32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-041112-5839-99" target="_blank">MORB</a> WORM!
Source=Paul Collins Startup list

[WinSystem]
Number=13494
Confirmed=X
Filename=winsystem.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-012914-1918-99" target="_blank"> WHITEBAIT</a> WORM!
Source=Paul Collins Startup list

[WinSystem]
Number=13495
Confirmed=U
Filename=WinSystems.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042016-1403-99" target=blank>CMKeyLogger</a> keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[WinSystems]
Number=13496
Confirmed=X
Filename=winsystems16.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotczt.html" target="_blank">SDBOT-CZT</a> WORM!

Source=Paul Collins Startup list

[winsystems25]
Number=13497
Confirmed=X
Filename=winsystems.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotcnz.html" target="_blank">RBOT-CNZ</a> WORM!
Source=Paul Collins Startup list

[winsysupd]
Number=13498
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpani.html" target="_blank">STARTPA-NI</a> TROJAN!
Source=Paul Collins Startup list

[WINT]
Number=13499
Confirmed=X
Filename=wcp****.exe [* = random char]
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[WINT]
Number=13500
Confirmed=X
Filename=wcpcc.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[WINT]
Number=13501
Confirmed=X
Filename=wcpsvit.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[WinTask]
Number=13502
Confirmed=X
Filename=Wintask.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021215-1912-99" target="_blank">HIPO</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092617-2406-99" target="_blank">LEMIR.F</a> TROJANS!
Source=Paul Collins Startup list

[WINTASK]
Number=13503
Confirmed=X
Filename=taskgmr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031611-0208-99" target=_blank>MYTOB.I</a> WORM and variants!
Source=Paul Collins Startup list

[WINTASK]
Number=13504
Confirmed=X
Filename=taskgamr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041315-1927-99" target=_blank>MYTOB.AU</a> WORM!
Source=Paul Collins Startup list

[WINTASK]
Number=13505
Confirmed=X
Filename=sys32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-032517-5124-99" target=_blank>MYTOB.K</a> WORM!
Source=Paul Collins Startup list

[WINTASK]
Number=13506
Confirmed=X
Filename=msmgrxp.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041112-3912-99" target=_blank>MYTOB.AQ</a> WORM!
Source=Paul Collins Startup list

[WINTASK]
Number=13507
Confirmed=X
Filename=iexplorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobch.html" target= blank>MYTOB-CH</a> WORM!
Source=Paul Collins Startup list

[WINTASK]
Number=13508
Confirmed=X
Filename=taskgmr32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050310-3130-99" target= blank>MYTOB.BU</a> WORM!
Source=Paul Collins Startup list

[WINTASK]
Number=13509
Confirmed=X
Filename=msvhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobar.html" target=_blank>MYTOB-AR</a> WORM!
Source=Paul Collins Startup list

[WINTASK]
Number=13510
Confirmed=X
Filename=t4skmgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobak.html" target=_blank>MYTOB-AK</a> WORM!
Source=Paul Collins Startup list

[WINTASK]
Number=13511
Confirmed=X
Filename=taskfile.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061213-5248-99" target=_blank>MYTOB.EF</a> WORM!
Source=Paul Collins Startup list

[WINTASK]
Number=13512
Confirmed=X
Filename=taskgm.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobao.html" target=_blank>MYTOB-AO</a> WORM!
Source=Paul Collins Startup list

[WINTASK]
Number=13513
Confirmed=X
Filename=taskgmrs.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060510-3818-99" target=_blank>MYTOB.DH</a> WORM!
Source=Paul Collins Startup list

[WINTASK]
Number=13514
Confirmed=X
Filename=yahooicons.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobhm.html" target="_blank">MYTOB-HM</a> WORM!
Source=Paul Collins Startup list

[WINTASK DLL]
Number=13515
Confirmed=X
Filename=jusched32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041009-3642-99" target=_blank>MYTOB.AI</a> WORM!
Source=Paul Collins Startup list

[WINTASK DLL32]
Number=13516
Confirmed=X
Filename=smsrss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-043017-5514-99" target=_blank>MYTOB.BS</a> WORM!
Source=Paul Collins Startup list

[WinTask driver]
Number=13517
Confirmed=X
Filename=wintask.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderna.html" target= blank>DLOADER-NA</a> TROJAN!
Source=Paul Collins Startup list

[WINTASK32]
Number=13518
Confirmed=X
Filename=taskgmr32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042510-1951-99" target=_blank>MYTOB.BN</a> WORM!
Source=Paul Collins Startup list

[WINTASK32]
Number=13519
Confirmed=X
Filename=taskgmrr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062313-5401-99" target=_blank>MYTOB.FX</a> WORM!
Source=Paul Collins Startup list

[wintask32]
Number=13520
Confirmed=X
Filename=Jwintask.com
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32nafbota.html" target=_blank>NAFBOT-A</a> WORM!
Source=Paul Collins Startup list

[WINTASKMANAGER]
Number=13521
Confirmed=X
Filename=taskgmr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobaf.html" target= blank>MYTOB-AF</a> WORM!
Source=Paul Collins Startup list

[WINTASKMGR]
Number=13522
Confirmed=X
Filename=ccsrs.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-032711-4636-99" target=_blank>MYTOB.Q</a> WORM!
Source=Paul Collins Startup list

[WINTASKS]
Number=13523
Confirmed=X
Filename=taskgmr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042512-4055-99" target=_blank>MYTOB.BO</a> WORM!
Source=Paul Collins Startup list

[WINTASKS]
Number=13524
Confirmed=X
Filename=winxpro.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061610-5259-99" target=_blank>MYTOB.EZ</a> WORM!
Source=Paul Collins Startup list

[WinTasks DLL Library (32-bits)]
Number=13525
Confirmed=X
Filename=winkll.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajz.html" target=_blank>RBOT-AJZ</a> WORM!
Source=Paul Collins Startup list

[WinTasks Traybar]
Number=13526
Confirmed=U
Filename=wintasks.exe
Description=<a href="http://www.liutilities.com/products/wintasksstd/" target="_blank">WinTasks</a> - "Efficient Resource and Task Management is absolutely critical if you want to achieve the highest system performance levels possible. WinTasks 4 will not only help you achieve this task, but will actually make your system run faster and more smoothly than ever before"
Source=Paul Collins Startup list

[wintasks.exe]
Number=13527
Confirmed=X
Filename=wintasks.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-070314-3235-99" target="_blank">EVAMAN</a> WORM!
Source=Paul Collins Startup list

[Wintbp.exe]
Number=13528
Confirmed=X
Filename=wintbp.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-081615-4443-99" target=_blank>ZOTOB.E</a> WORM!
Source=Paul Collins Startup list

[Wintbpx.exe]
Number=13529
Confirmed=X
Filename=wintbpx.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-081711-4133-99" target=_blank>ZOTOB.F</a> WORM!
Source=Paul Collins Startup list

[wintective]
Number=13530
Confirmed=U
Filename=wintective.exe
Description=<a href="http://sarc.com/avcenter/venc/data/spyware.wintective.html" target=_blank>Wintective</a> logs keystrokes, captures screenshots, and monitors Internet activity. The gathered information can be sent to a predetermined email address. If you didn't install this yourself remove it
Source=Paul Collins Startup list

[winter]
Number=13531
Confirmed=X
Filename=happy.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotyf.html" target= blank>SDBOT-YF</a> WORM!
Source=Paul Collins Startup list

[Wintercooler Pro]
Number=13532
Confirmed=N
Filename=WINCOOL.EXE
Description=<a href="http://www.liveye.com/wintercooler/index.html" target="_blank">Wintercooler Pro</a> - utility that monitors CPU usage, RAM consumption and Internet connection speed
Source=Paul Collins Startup list

[WinTidy]
Number=13533
Confirmed=N
Filename=WinTidy.exe
Description=Desktop icon manager from <a href="http://www.pcmag.com/article2/0,4149,17748,00.asp" target="_blank">PC Magazine</a> (Ziff-Davis). Available via Start -> Programs
Source=Paul Collins Startup list

[Wintime]
Number=13534
Confirmed=X
Filename=Wintime.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081411-1341-99" target="_blank">HARNIG</a> TROJAN!
Source=Paul Collins Startup list

[WinTime]
Number=13535
Confirmed=U
Filename=wintime.exe
Description=Added by <a href="http://www.winsite.com/bin/Info?500000018285" target=_blank>WinTime</a> - change desktop icons' color and font
Source=Paul Collins Startup list

[Wintime Wtxpload]
Number=13536
Confirmed=N
Filename=Wxpload.exe Wintime
Description=Part of the software to support a Dexxa USB graphics tablet. From a visitor - &quot;This gets started anyway when you plug in the USB connector for the graphics tablet, if it's not already running. It then starts an application which manages the tablet messages. Since I leave the tablet unplugged unless I need to use it, I don't need this running at startup. I suspect that this program monitors a number of windows messages, so that when it's loaded, my regular mouse slows down - it acts like it 'sticks' entering and leaving windows. Certainly my performance returned to what I expected when I removed this item using MSCONFIG&quot;
Source=Paul Collins Startup list

[WinTimer]
Number=13537
Confirmed=X
Filename=msupdate.cmd
Description=Hijacker - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan.Win32.StartPage.tj
Source=Paul Collins Startup list

[wintnask32.exe]
Number=13538
Confirmed=X
Filename=wintnask32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafp.html" target=_blank>RBOT-AFP</a> WORM!
Source=Paul Collins Startup list

[wintnl.exe]
Number=13539
Confirmed=X
Filename=wintnl.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082415-0814-99" target=_blank>ZOTOB.K</a> WORM!
Source=Paul Collins Startup list

[wintnpx.exe]
Number=13540
Confirmed=X
Filename=wintnpx.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-081717-2017-99" target=_blank>ZOTOB.H</a> WORM!
Source=Paul Collins Startup list

[WinTools]
Number=13541
Confirmed=X
Filename=WToolsA.exe
Description=<a href="http://www.winpatrol.com/db/freesample/wtoolsa.html" target="_blank">Wintools</a> adware
Source=Paul Collins Startup list

[WinTOTAL Scheduler]
Number=13542
Confirmed=N
Filename=guru.exe
Description=WinTOTAL Real estate appraisal software related
Source=Paul Collins Startup list

[WinTray]
Number=13543
Confirmed=X
Filename=wintray.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-050510-1214-99" target="_blank">LEGUARDIEN.B</a> TROJAN!
Source=Paul Collins Startup list

[wintsk32dll]
Number=13544
Confirmed=X
Filename=wintsk32dll.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaaj.html" target=_blank>RBOT-AAJ</a> WORM!
Source=Paul Collins Startup list

[winudll.exe]
Number=13545
Confirmed=X
Filename=winudll.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmitgliece.html" target=_blank>MITGLIE-CE</a> TROJAN!
Source=Paul Collins Startup list

[winui]
Number=13546
Confirmed=X
Filename=z.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-111016-2709-99" target=_blank>KONDELI</a> TROJAN!
Source=Paul Collins Startup list

[winupated.exe]
Number=13547
Confirmed=X
Filename=winupated.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list

[winupd]
Number=13548
Confirmed=X
Filename=RUNDLL32.EXE [random value].dll, _mainRD
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-070412-0248-99" target="_blank">MOTA.A</a> WORM!
Source=Paul Collins Startup list

[winupd]
Number=13549
Confirmed=X
Filename=winupd.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-052519-4845-99" target="_blank">SearchNew</a> adware
Source=Paul Collins Startup list

[winupd.exe]
Number=13550
Confirmed=X
Filename=winupd.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031310-3624-99" target="_blank">BEAGLE.M</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031508-5302-99" target="_blank">BEAGLE.N</a> WORMS!
Source=Paul Collins Startup list

[WinUPD32]
Number=13551
Confirmed=X
Filename=explorer.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate Windows Explorer (explorer.exe) which would not normally appear in Msconfig/Startup unless you added it manually!
Source=Paul Collins Startup list

[winupdat]
Number=13552
Confirmed=X
Filename=winupdat.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=40033" target="_blank">CANBOT.A</a> WORM!
Source=Paul Collins Startup list

[WinUpdate]
Number=13553
Confirmed=X
Filename=RBSKQQBO.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2001-041117-0339-99" target="_blank">VBSWG2B.A</a> WORM!
Source=Paul Collins Startup list

[WinUpdate]
Number=13554
Confirmed=X
Filename=wmbem.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091716-5153-99" target="_blank">REVCUSS.B</a> TROJAN!
Source=Paul Collins Startup list

[WinUpdate]
Number=13555
Confirmed=X
Filename=updsys.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[winupdate]
Number=13556
Confirmed=X
Filename=winupdate.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=43230" target=_blank>ALCAN.B</a> WORM!
Source=Paul Collins Startup list

[WinUpdate]
Number=13557
Confirmed=X
Filename=svhost.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[WinUpdate Loader]
Number=13558
Confirmed=X
Filename=msnnm.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-092315-2159-99" target="_blank">REVCUSS.C</a> TROJAN!
Source=Paul Collins Startup list

[winupdate.exe]
Number=13559
Confirmed=X
Filename=winupdate.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090211-2821-99" target="_blank">RADO</a> TROJAN!
Source=Paul Collins Startup list

[winupdate.reg]
Number=13560
Confirmed=X
Filename=winupdate.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-093016-3632-99" target=_blank>SPYBOT.EAS</a> WORM!

Source=Paul Collins Startup list

[winupdate2846]
Number=13561
Confirmed=X
Filename=vbsystem35.exe msvbrun.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojmutinc.html" target="_blank">MUTIN-C</a> TROJAN!
Source=Paul Collins Startup list

[WinUpdateB]
Number=13562
Confirmed=X
Filename=breatle.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-073116-3607-99" target=_blank>BRATLE.A</a>WORM!
Source=Paul Collins Startup list

[winupdateconn]
Number=13563
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32combraa.html" target=_blank>COMBRA-A</a> WORM!
Source=Paul Collins Startup list

[winupdateconn_]
Number=13564
Confirmed=X
Filename=Explorer.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32combrab.html" target="_blank">COMBRA-B</a> WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[winupdatefiv_]
Number=13565
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_COMBRA.C&VSect=P" target=_blank>COMBRA.C</a> WORM!
Source=Paul Collins Startup list

[WinUpdateProtection]
Number=13566
Confirmed=U
Filename=csrss.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042611-5813-99" target=_blank>EmployeeWatch</a> is a commercial surveillance software program designed to monitor user activity on a computer
Source=Paul Collins Startup list

[winupdates]
Number=13567
Confirmed=X
Filename=winupdates.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32alcrab.html" target=_blank>ALCRA-B</a> WORM!
Source=Paul Collins Startup list

[winupdate_]
Number=13568
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030314-1644-99" target=_blank>COMDOR.A</a> WORM!
Source=Paul Collins Startup list

[WinUPDbc]
Number=13569
Confirmed=X
Filename=winupdbc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerdsn.html" target="_blank">BANKER-DSN</a> TROJAN!
Source=Paul Collins Startup list

[WinUpdsv]
Number=13570
Confirmed=X
Filename=winupdsv.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-032411-3140-99" target=_blank>DROPO</a> MACRO!
Source=Paul Collins Startup list

[winupdt]
Number=13571
Confirmed=X
Filename=RUNDLL32.EXE [random.dll]
Description=Added by the <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=57406" target=_blank>MABUT.A</a> WORM!
Source=Paul Collins Startup list

[winupdtl]
Number=13572
Confirmed=X
Filename=winupdtl.exe
Description=<a href="http://sarc.com/avcenter/venc/data/adware.secondthought.html" target=_blank>SecondThought</a> adware variant

Source=Paul Collins Startup list

[WinUpgrader]
Number=13573
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentdz.html" target=_blank>AGENT-DZ</a> TROJAN!
Source=Paul Collins Startup list

[winur]
Number=13574
Confirmed=X
Filename=winrun.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-032718-1359-99" target="_blank">WINUR.B</a> WORM!
Source=Paul Collins Startup list

[winusb.dll]
Number=13575
Confirmed=X
Filename=winguard.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotcn.html" target=_blank>FORBOT-CN</a> WORM!
Source=Paul Collins Startup list

[WinUser32K]
Number=13576
Confirmed=X
Filename=usr32wink.exe
Description=Added by the HK TROJAN!
Source=Paul Collins Startup list

[WinUsr]
Number=13577
Confirmed=X
Filename=WinUsr.exe K1S2
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-032417-0333-99" target=_blank>CLUNK.A</a> WORM!
Source=Paul Collins Startup list

[Winux Piriax Service]
Number=13578
Confirmed=X
Filename=PH32.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081410-5233-99" target="_blank">RANDEX.G</a> WORM!
Source=Paul Collins Startup list

[winversion]
Number=13579
Confirmed=X
Filename=winversion.exe
Description=Browser hijacker, redirecting to specificsearches.com
Source=Paul Collins Startup list

[WinVNC]
Number=13580
Confirmed=U
Filename=WinVNC.exe
Description=WinVNC is an application that allows you to remote control your PC from another PC somewhere on the internet. Now superseeded by <a href="http://www.realvnc.com/" target="_blank">RealVNC</a>
Source=Paul Collins Startup list

[WinVNC]
Number=13581
Confirmed=X
Filename=iexplorer.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042518-0520-99" target="_blank">EVIVINC</a> VIRUS!
Source=Paul Collins Startup list

[winvxd32]
Number=13582
Confirmed=X
Filename=winvxd32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042511-5737-99" target= blank>GABLOLIZ.A</a> WORM!
Source=Paul Collins Startup list

[winwan lptt01]
Number=13583
Confirmed=X
Filename=winwan.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Winwan" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[winwan ml097e]
Number=13584
Confirmed=X
Filename=winwan.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Winwan" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[winword]
Number=13585
Confirmed=X
Filename=winword.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtorpidc.html" target=_blank>TORPID-C</a> TROJAN!
Source=Paul Collins Startup list

[WINWORD.exe]
Number=13586
Confirmed=X
Filename=WINWORD.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042112-4601-99" target=_blank>DRIVUS</a> TROJAN! Note - this is not the legitimate MS Word process of the same name, which is always located in the Program Files folder. This one is found in System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
Source=Paul Collins Startup list

[WinWorks]
Number=13587
Confirmed=X
Filename=vstmgr.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.ACJ" target="_blank">AGOBOT.ACJ</a> WORM!
Source=Paul Collins Startup list

[winwsl.exe]
Number=13588
Confirmed=X
Filename=winwsl.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32zotobj.html" target=_blank>ZOTOB-J</a> WORM!
Source=Paul Collins Startup list

[winXP]
Number=13589
Confirmed=X
Filename=33.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-0016-99" target=_blank>ANPES</a> WORM!
Source=Paul Collins Startup list

[WinXP]
Number=13590
Confirmed=X
Filename=plugin1.exe
Description=Added by the Downloader-JW TROJAN!

Source=Paul Collins Startup list

[WinXP]
Number=13591
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosag.html" target=_blank>BANCOS-AG</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Arquivos de programas\WinXP\Tools" folder
Source=Paul Collins Startup list

[WinXP fix]
Number=13592
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-010317-1237-99" target=_blank>RANKY.P</a> TROJAN!
Source=Paul Collins Startup list

[WinXP Processor Generator v1.2]
Number=13593
Confirmed=X
Filename=intspnsr32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.LP" target="_blank">SDBOT.LP</a> WORM!
Source=Paul Collins Startup list

[WinXp Updater]
Number=13594
Confirmed=X
Filename=winxp32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbothg.html" target=_blank>RBOT-HG</a> WORM!
Source=Paul Collins Startup list

[WinXP-98]
Number=13595
Confirmed=X
Filename=CSRSS.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerds.html" target=_blank>BANKER-DS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located a C:\Arquivos de programas\WinXP-98\Tools folder
Source=Paul Collins Startup list

[winxpdll32.exe]
Number=13596
Confirmed=X
Filename=winxpdll32.exe
Description=Added by a variant of the SMALL downloader TROJAN!
Source=Paul Collins Startup list

[WinXPHome]
Number=13597
Confirmed=X
Filename=plugin2.exe
Description=Added by the malicious <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=VBS_INOR.T&VSect=P" target=_blank>INOR.T</a> script!
Source=Paul Collins Startup list

[WinXPLoad]
Number=13598
Confirmed=U
Filename=Rundll32 LoadDll, LoadExe WinXPLoad.exe
Description=Compaq hotkey related - required if you use the hotkeys
Source=Paul Collins Startup list

[winxpusbd]
Number=13599
Confirmed=X
Filename=winxp64.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[winystems25]
Number=13600
Confirmed=X
Filename=winystems.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Winz Firewall]
Number=13601
Confirmed=X
Filename=[random filename].exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[WinZap Check]
Number=13602
Confirmed=X
Filename=winzbp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawz.html" target=_blank>RBOT-AWZ</a> WORM!
Source=Paul Collins Startup list

[winzip]
Number=13603
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032014-5144-99" target=_blank>BANCOS.G</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081716-2831-99" target=_blank>BANCOS.K</a> TROJANS! Note - this is not part of the popular WinZip file compression utility

Source=Paul Collins Startup list

[Winzip]
Number=13604
Confirmed=X
Filename=[various filenames]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lerpaa.html" target=_blank>LERPA-A</a> WORM! Note - the file name will be one of the following common.exe, common.pif, common.scr, Sexo.exe, Sexo.jpg.pif, ini_file__.pif, load_me__.tmp, msfile.pif, system_load_.pif or zipped.rar.pif
Source=Paul Collins Startup list

[Winzip Application]
Number=13605
Confirmed=X
Filename=winzip81.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbkz.html" target="_blank">RBOT-BKZ</a> WORM!
Source=Paul Collins Startup list

[WinZip Quick Pick]
Number=13606
Confirmed=N
Filename=WZQKPICK.EXE
Description=Added with WinZip version 8.1. &quot;The new WinZip Quick Pick taskbar tray icon gives you instant access to WinZip and your Zip files. Just left click the icon to open WinZip, or right click it to instantly reopen recently used Zip files, access your Favorite Zip Folders, open WinZip Help, or start WinZip itself.&quot;. You can right-click and close it - choosing to not re-load it at start-up
Source=Paul Collins Startup list

[WinZip Update]
Number=13607
Confirmed=X
Filename=WinZip.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM! Note - this is not part of the popular WinZip file compression utility
Source=Paul Collins Startup list

[Win_api_driver]
Number=13608
Confirmed=X
Filename=system.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-122714-4318-99" target="_blank">REVIRD</a> TROJAN!
Source=Paul Collins Startup list

[Win_BooT]
Number=13609
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankergi.html" target=_blank>BANKER-GI</a> TROJAN!
Source=Paul Collins Startup list

[WIN_DRIVR32]
Number=13610
Confirmed=X
Filename=shchostv.exe
Description=Added by a TROJAN - see <a href="http://www.greatis.com/appdata/d/s/shchostv.exe.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[Win_Library]
Number=13611
Confirmed=X
Filename=INISvc.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111911-5528-99" target="_blank">ANARCH</a> WORM!
Source=Paul Collins Startup list

[win_spool2]
Number=13612
Confirmed=X
Filename=win_spool2.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SCKEYLOG.B" target="_blank">SCKEYLOG.B</a> TROJAN!
Source=Paul Collins Startup list

[win_supp00.exe]
Number=13613
Confirmed=X
Filename=Win Const.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojassasinh.html" target=_blank>ASSASIN-H</a> TROJAN!
Source=Paul Collins Startup list

[win_upd.exe]
Number=13614
Confirmed=X
Filename=WINdirect.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-072217-0338-99" target="_blank">MITGLIEDER.M</a> TROJAN!
Source=Paul Collins Startup list

[win_upd2.exe]
Number=13615
Confirmed=X
Filename=WINdirect.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080911-3251-99" target="_blank">BEAGLE.AO</a> WORM!
Source=Paul Collins Startup list

[Win_vader]
Number=13616
Confirmed=X
Filename=Win_vader.vbs
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=VBS_INVASION.A" target="_blank">INVASION.A</a> VIRUS!
Source=Paul Collins Startup list

[WIP Config GUI]
Number=13617
Confirmed=X
Filename=Winipcfgs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotcn.html" target=_blank>RBOT-CN</a> WORM!
Source=Paul Collins Startup list

[Wireless Console]
Number=13618
Confirmed=N
Filename=wcourier.exe
Description=<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/wcourier/" target="_blank">ASUS Wireless Console</a> - installed alongside ASUS wireless components and provides additional configuration options for these devices
Source=Paul Collins Startup list

[Wireless PCI Card Configuration Utility]
Number=13619
Confirmed=U
Filename=WMP11Cfg.exe
Description=Utility used by the <a href="http://www.linksys.com/default.asp" target="_blank">LINKSYS</a> wireless PCI card (<a href="http://www.linksys.com/products/product.asp?prid=196&amp;grid=" target="_blank">WMP11</a>) and indicates when a wireless access connection is made by a screen colour change. Also used for configuration
Source=Paul Collins Startup list

[Wireless Provider Server]
Number=13620
Confirmed=X
Filename=wpsvr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotad.html" target="_blank">FORBOT-AD</a> WORM!
Source=Paul Collins Startup list

[Wireless Switching Setting Utility]
Number=13621
Confirmed=U
Filename=Switcher.exe
Description=On a Sony laptop with built in wireless it allows the user to select which wireless services they want to run (i.e. Wireless LAN, Bluetooth, both) when turning the wireless switch on if disabled)
Source=Paul Collins Startup list

[Wireless-G Notebook Adapter]
Number=13622
Confirmed=Y
Filename=Gcc.exe
Description=LinkSys Wireless-G Notebook Adapter driver
Source=Paul Collins Startup list

[Wireless-G Notebook Adapter Utility]
Number=13623
Confirmed=U
Filename=WPC54CFG.EXE
Description=Utility used by the <a href="http://www.linksys.com/default.asp" target="_blank">LINKSYS</a> Wireless-G Notebook Adapter (<a href="http://www.linksys.com/splash/wpc54g_splash.asp" target="_blank">WPC54G</a>)
Source=Paul Collins Startup list

[WireLessKeyboard]
Number=13624
Confirmed=U
Filename=PS2USBKbdDrv.exe
Description=Related to <a href="http://www.sansun.com.cn/en/product.asp?Keyword=PS2USBKbdDrv.exe&search=yes&Submit=Search&id=17" target="_blank">WireLess Keyboard</a> Multimedia Combo Set by SANSUN Industries
Source=Paul Collins Startup list

[WireLessMouse]
Number=13625
Confirmed=U
Filename=MouseDrv.exe
Description=Related to <a href="http://www.sansun.com.cn/en/product.asp?Keyword=PS2USBKbdDrv.exe&search=yes&Submit=Search&id=17" target="_blank">WireLess Mouse</a> Multimedia Combo Set by SANSUN Industries. Located in C:\Program Files\Multimedia Combo Set
Source=Paul Collins Startup list

[wise]
Number=13626
Confirmed=X
Filename=clockwise.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlazara.html" target=_blank>LAZAR-A</a> TROJAN!
Source=Paul Collins Startup list

[WIZZ]
Number=13627
Confirmed=X
Filename=dazzler.exe
Description=Reported by Kaspersky Anti-Virus as DIALER.IS TROJAN!
Source=Paul Collins Startup list

[wjview]
Number=13628
Confirmed=N
Filename=wjview.exe
Description=MS tool used to view window-based Java applications from the command line
Source=Paul Collins Startup list

[wkcalrem]
Number=13629
Confirmed=N
Filename=wkcalrem.exe
Description=Produces a pop-up reminder of events scheduled using the MS Works Calendar
Source=Paul Collins Startup list

[WkDetect]
Number=13630
Confirmed=N
Filename=WkDetect.exe
Description=Checks for updates to MS Works
Source=Paul Collins Startup list

[wkfud]
Number=13631
Confirmed=N
Filename=wkfud.exe
Description=A marketing program for MS Works
Source=Paul Collins Startup list

[WksSb]
Number=13632
Confirmed=N
Filename=WksSb.exe
Description=The Works Portfolio tool lets you collect and organize text and pictures from the Web or your favorite program. The Works Portfolio provides a location where you can store items you want to later put into a document or other file
Source=Paul Collins Startup list

[WksSVC]
Number=13633
Confirmed=X
Filename=EXPLORER.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobbw.html" target="_blank">MYTOB-BW</a> WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[WkUFind]
Number=13634
Confirmed=N
Filename=WkUFind.exe
Description=MS Works Update Detection. MS Picture It! (versions 7 to current) use this automatic update feature during the log on process. It can also cause your system to automatically dial into your ISP as it tries to access the internet, if you have your system set to automatically dial when the internet is invoked. To manually update, go to Microsoft's Office/Works update <a href="http://www.officeupdate.com/ProductUpdates/default.aspx" target=_blank>site</a>. You can also turn of the automatic update feature within Picture It! - see <a href="http://support.microsoft.com/kb/308588/en-us" target=_blank>here</a>

Source=Paul Collins Startup list

[Wkyo86]
Number=13635
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32pitina.html" target="_blank">PITIN-A</a> WORM!
Source=Paul Collins Startup list

[Wlan Drier]
Number=13636
Confirmed=X
Filename=Winusb2.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.DC" target="_blank">WOOTBOT.DC</a> WORM!
Source=Paul Collins Startup list

[Wlan Driver]
Number=13637
Confirmed=X
Filename=avscan.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.DH" target="_blank">WOOTBOT.DH</a> WORM!
Source=Paul Collins Startup list

[WLAN Status Tray Applet]
Number=13638
Confirmed=N
Filename=WLANSTA.EXE
Description=System Tray icon for checking the status of a Wireless LAN
Source=Paul Collins Startup list

[wlancfg]
Number=13639
Confirmed=U
Filename=wlancfg.exe
Description=Inventel wireless router related - required in order to automatically connect to the Net at bootup
Source=Paul Collins Startup list

[wlancfg5]
Number=13640
Confirmed=Y
Filename=wlancfg5.exe
Description=NetGear WG311v3 wireless PCI adapter driver - required in order to automatically connect to the wireless router/gateway at bootup. Note - may not install correctly on Windows9x/ME computers which have Slipstream accelerator installed. Uninstall Slipstream first, disabling slipcore and slipgui are insufficient
Source=Paul Collins Startup list

[WLANSTA.EXE]
Number=13641
Confirmed=N
Filename=WLANSTA.EXE
Description=System Tray icon for checking the status of a Wireless LAN
Source=Paul Collins Startup list

[WLAN_Cfg.exe]
Number=13642
Confirmed=Y
Filename=WLAN_Cfg.exe
Description=Linksys Instant Wireless USB Network Adapter driver
Source=Paul Collins Startup list

[wlsass]
Number=13643
Confirmed=X
Filename=wlsass.exe
Description=Added by the <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=103755" target="_blank">RANKY.CY</a> TROJAN!
Source=Paul Collins Startup list

[WLTRAY]
Number=13644
Confirmed=N
Filename=wltray.exe
Description=Installed alongside Dell Wireless WLAN Card and provides additional configuration options for these devices
Source=Paul Collins Startup list

[wltray]
Number=13645
Confirmed=N
Filename=wltray.exe
Description=System tray access to wireless LAN card configuration options

Source=Paul Collins Startup list

[WM VCR]
Number=13646
Confirmed=N
Filename=WMVCR.exe
Description=<a href="http://www.wmrecorder.com/" target=_blank>WM Recorder</a> allows you to record Windows Media(tm) streaming Video or Audio content. Can be accessed via Start Menu -> Programs
Source=Paul Collins Startup list

[Wm24Pan]
Number=13647
Confirmed=Y
Filename=Wm24Pan.Exe
Description=<a href="http://www.esi-pro.com/" target=_blank>ESI</a> external sound card driver
Source=Paul Collins Startup list

[wm41a398]
Number=13648
Confirmed=X
Filename=rundll32.exe [path] wm41a398.dll, EnableRunDLL32
Description=<a href="http://www.spywareguide.com/product_show.php?id=853" target="_blank">LZIO.com</a> adware downloader
Source=Paul Collins Startup list

[WMAudio]
Number=13649
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081700-2526-99" target="_blank">NEVEG.B</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081614-3605-99" target="_blank">NEVEG.C</a> WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[WMAudio]
Number=13650
Confirmed=X
Filename=winlogon.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081623-4258-99" target="_blank">NEVEG.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[WMBoot]
Number=13651
Confirmed=N
Filename=N/A
Description=Associated with Logitech Wingman game controllers. <font color="#FF0000"> Not required but what does it do?</font>
Source=Paul Collins Startup list

[wmcbaaca]
Number=13652
Confirmed=X
Filename=rundll32.exe [path] wmcbaaca.dll, EnableRunDLL32
Description=<a href="http://www.spywareguide.com/product_show.php?id=853" target=_blank>LZIO.com</a> adware downloader
Source=Paul Collins Startup list

[WMC_RebootCheck]
Number=13653
Confirmed=N
Filename=unregmp2.exe
Description=Corrects problems with installations of Windows Media Player from version 9 onwards - see <a href="http://zachd.com/pss/pss.html" target="_blank">here</a> and search for "unregmp2.exe"
Source=Paul Collins Startup list

[WMI Application Interface]
Number=13654
Confirmed=X
Filename=wmiapi.exe
Description=Added by the <a href="http://sarc.com/avcenter/venc/data/w32.spybot.rby.html" target=_blank>SPYBOT.RBY</a> WORM!
Source=Paul Collins Startup list

[WMIEXE.exe]
Number=13655
Confirmed=U
Filename=wmiexe.exe
Description=NT component, used by Windows Millennium to detect Plug and Play-compliant IEEE 1394 devices during the startup process. Since this is important for the computer to work properly if you have these, Windows Millennium protects wmiexe.exe and will restore the file even if it's deleted or renamed
Source=Paul Collins Startup list

[Wminf]
Number=13656
Confirmed=X
Filename=Wminf.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list

[Wminfo]
Number=13657
Confirmed=X
Filename=Wminfo.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list

[wmiprv]
Number=13658
Confirmed=X
Filename=wmiprv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotwm.html" target=_blank>RBOT-WM</a> WORM!
Source=Paul Collins Startup list

[wmon]
Number=13659
Confirmed=X
Filename=jusched.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotow.html" target=_blank>AGOBOT-OW</a> WORM!
Source=Paul Collins Startup list

[WMP54Gv4]
Number=13660
Confirmed=Y
Filename=WMP54Gv4.exe
Description=Linksys WMP54Gv4 wireless PCI adapter driver - required in order to automatically connect to the wireless router/gateway at bootup. Note - may not install correctly on Windows9x/ME computers which have Slipstream accelerator installed. Uninstall Slipstream first, disabling slipcore and slipgui are insufficient
Source=Paul Collins Startup list

[wmplayer.exe]
Number=13661
Confirmed=X
Filename=wmplayer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbancz.html" target=_blank>BANCBAN-CZ</a> TROJAN!
Source=Paul Collins Startup list

[wmpnscfg]
Number=13662
Confirmed=U
Filename=wmpnscfg.exe
Description="Microsoft Windows uses wmpnscfg.exe to alert users when media rendering devices are found on the network. Wmpnscfg starts the Windows Media Player Network Sharing Service (NSS) and then waits for notifications from the service. When wmpnscfg is notified that a new media device is available on the network, it displays a popup in the system tray that informs the user about the availability of the new device. If the user clicks the popup, wmpnscfg launches Windows Media Player, which displays a dialog box that asks the user to either allow or deny sharing with the new device." - see <a href="http://windowssdk.msdn.microsoft.com/en-us/library/ms739434.aspx" target="_blank">here</a>
Source=Paul Collins Startup list

[wms3]
Number=13663
Confirmed=X
Filename=wms3.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmiraqg.html" target="_blank">LEGMIR-AQG</a> TROJAN!
Source=Paul Collins Startup list

[wmsys32]
Number=13664
Confirmed=X
Filename=wmsys32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112015-4721-99" target="_blank">BANPAES.B</a> TROJAN!
Source=Paul Collins Startup list

[wmv]
Number=13665
Confirmed=X
Filename=winmonv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentdg.html" target= blank>AGENT-DG</a> TROJAN!
Source=Paul Collins Startup list

[WM_LOGIN]
Number=13666
Confirmed=?
Filename=MSGLOGIN.EXE
Description=<font color="#FF0000">Part of McAfee Firewall. What is it for and is it needed?</font>
Source=Paul Collins Startup list

[WN Services]
Number=13667
Confirmed=X
Filename=wnsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kbbota.html" target=_blank>KBBOT-A</a> TROJAN!
Source=Paul Collins Startup list

[WNAD]
Number=13668
Confirmed=X
Filename=WNAD.EXE
Description=Spyware added as a result of running a program called &quot;Yo Mama Osama&quot; (osama.exe). See <a href="http://www.cexx.org/osama.htm" target="_blank">here</a> for more and how to get rid of it. There are other ways this can show up on your system, and it will manifest itself by periodically opening a new browser window with advertising for copy DVD software and the like
Source=Paul Collins Startup list

[wnddrv]
Number=13669
Confirmed=X
Filename=svchost.exe
Description=Added by an unidentified TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list

[WNILOGON]
Number=13670
Confirmed=X
Filename=WNILOGON.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32leworm.html" target=_blank>LEWOR-M</a> TROJAN!
Source=Paul Collins Startup list

[WNSC]
Number=13671
Confirmed=X
Filename=wns*****.exe [* = random char]
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[Wnsck2 driver]
Number=13672
Confirmed=X
Filename=wlogf.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotaf.html" target=_blank>SPYBOT-AF</a> WORM!
Source=Paul Collins Startup list

[WNSI]
Number=13673
Confirmed=X
Filename=wnscp**.exe [* = random char]
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[WNSO]
Number=13674
Confirmed=X
Filename=WNSO.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Baidu.SoBar&threatid=92336" target="_blank">Baidu.SoBar</a> adware
Source=Paul Collins Startup list

[WNST]
Number=13675
Confirmed=X
Filename=wns*****.exe [* = random char]
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[wntlgns]
Number=13676
Confirmed=X
Filename=wntlgns.exe
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list

[wnxpupdate]
Number=13677
Confirmed=X
Filename=spvspool.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-123011-1931-99" target=_blank>DABORA.B</a> WORM!
Source=Paul Collins Startup list

[wnxupdate]
Number=13678
Confirmed=X
Filename=updatexp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32combrag.html" target=_blank>COMBRA-G</a> WORM!
Source=Paul Collins Startup list

[won update]
Number=13679
Confirmed=X
Filename=WAPDATE.EXE
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=39780" target=_blank>RBOT.N</a> WORM!
Source=Paul Collins Startup list

[WonderFrog]
Number=13680
Confirmed=U
Filename=WonderFrog.exe
Description=<a href="http://www.3d3r.com/wonderfrog/" target="_blank">Wonder Frog</a> typing monitor
Source=Paul Collins Startup list

[WooCnxMon]
Number=13681
Confirmed=N
Filename=CnxMon.exe
Description=Wanadoo ISP software related - not required - <a href="http://www.faqoe.com/index.php?bas=/connexionmanel.htm" target=_blank>here's</a> how to bypass it
Source=Paul Collins Startup list

[Woods Inc]
Number=13682
Confirmed=X
Filename=wcmd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkillfilo.html" target=_blank>KILLFIL-O</a> TROJAN!
Source=Paul Collins Startup list

[woopie]
Number=13683
Confirmed=X
Filename=winamp.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.XV" target="_blank">AGOBOT.XV</a> WORM! Note - this is NOT the popular <a href="http://www.winamp.com/" target="_blank">Winamp</a> media player
Source=Paul Collins Startup list

[WOOTASKBARICON]
Number=13684
Confirmed=N
Filename=TaskbarIcon.exe
Description=Wanadoo ISP taskbar icon - not required
Source=Paul Collins Startup list

[Woowatch]
Number=13685
Confirmed=N
Filename=Watch.exe
Description=Wanadoo ISP software, not required
Source=Paul Collins Startup list

[word pair]
Number=13686
Confirmed=X
Filename=bopotsvr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsheda.html" target= blank>SHED-A</a> TROJAN!
Source=Paul Collins Startup list

[WordQ carat flag]
Number=13687
Confirmed=Y
Filename=WordQcrs.exe
Description=Related to <a href="http://www.wordq.com/" target=_blank>WordQ</a> Writing Aid Software
Source=Paul Collins Startup list

[WordWeb]
Number=13688
Confirmed=N
Filename=wweb32.exe
Description=<a href="http://wordweb.info/free/" target="_blank">WordWeb</a> - free theasaurus and dictionary. Start manually
Source=Paul Collins Startup list

[Workflo]
Number=13689
Confirmed=?
Filename=workflow.exe
Description=Related to <a href="http://www.broadjump.com/" target="_blank">BroadJump</a> Client Foundation - broadband troubleshooting software installed by various companies. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list

[Working System Analyzer]
Number=13690
Confirmed=X
Filename=syswork.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotfz.html" target=_blank>FORBOT-FZ</a> WORM!
Source=Paul Collins Startup list

[worknote1]
Number=13691
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://sarc.com/avcenter/venc/data/w32.meetot.html" target=_blank>MEETOT</a> WORM!
Source=Paul Collins Startup list

[WorkPace 3.0]
Number=13692
Confirmed=U
Filename=workpace.exe
Description=<a href="http://www.workpace.com/" target=_blank>WorkPace</a> - stress injury prevention software

Source=Paul Collins Startup list

[Works Calendar Reminder]
Number=13693
Confirmed=N
Filename=wkcalrem.exe
Description=Produces a pop-up reminder of events scheduled using the MS Works Calendar
Source=Paul Collins Startup list

[WorksFUD]
Number=13694
Confirmed=N
Filename=wkfud.exe
Description=A marketing program for MS Works
Source=Paul Collins Startup list

[Workstation Scheduler]
Number=13695
Confirmed=U
Filename=wm95.exe
Description=Desktop Management Scheduler. Part of Novell's <a href="http://www.novell.com/products/netware/" target="_blank">Netware</a> Client. Schedueles NDS events. If events have been schedueled, it is required, otherwise, it is useless and a memory hog
Source=Paul Collins Startup list

[Workstation Services]
Number=13696
Confirmed=X
Filename=wrkstn.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotoj.html" target=_blank>RBOT-OJ</a> WORM!

Source=Paul Collins Startup list

[Workstation Ver 5.0]
Number=13697
Confirmed=X
Filename=vmware.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahb.html" target=_blank>RBOT-AHB</a> WORM!
Source=Paul Collins Startup list

[WorldAntiSpy]
Number=13698
Confirmed=X
Filename=worldantispy.exe
Description=WorldAntiSpy, "rogue" spyware remover, installed as part of <a href="http://www.spywareguide.com/articles/article_show.php?id=88" target=_blank>this scam</a>
Source=Paul Collins Startup list

[Worm Detector]
Number=13699
Confirmed=U
Filename=wd.exe
Description=<a href="http://www.kl-soft.com/wd.php" target="_blank">Worm Detector</a> - antivirus add-on for Outlook 2K or XP for handling worms and spam
Source=Paul Collins Startup list

[wormexe]
Number=13700
Confirmed=X
Filename=winstart.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-072512-1609-99" target="_blank">EARLYBIRD</a> WORM!
Source=Paul Collins Startup list

[wovax]
Number=13701
Confirmed=X
Filename=wovax.exe
Description=Added by the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/wovax/" target="_blank">DAQA.A</a> TROJAN!
Source=Paul Collins Startup list

[wow]
Number=13702
Confirmed=X
Filename=bar.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[wow]
Number=13703
Confirmed=X
Filename=wwf.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagey.html" target=_blank>LINEAGE-Y</a> TROJAN!
Source=Paul Collins Startup list

[wow]
Number=13704
Confirmed=X
Filename=Launcher.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfdor.html" target="_blank">DELF-DOR</a> TROJAN!
Source=Paul Collins Startup list

[Wpctrl]
Number=13705
Confirmed=N
Filename=wpctrlnt.exe
Description=WinPortrait plug-in for PivotPro from <a href="http://www.portrait.com/" target="_blank"> Portrait Studios</a> - allows a screen to be rotated to match rotated LCD screens, for example). Shortcut available via Display Properties
Source=Paul Collins Startup list

[Wpctrl]
Number=13706
Confirmed=N
Filename=wpctrl95.exe
Description=WinPortrait plug-in for PivotPro from <a href="http://www.portrait.com/" target="_blank"> Portrait Studios</a> - allows a screen to be rotated to match rotated LCD screens, for example). Shortcut available via Display Properties
Source=Paul Collins Startup list

[wpctrl95]
Number=13707
Confirmed=N
Filename=wpctrlnt.exe
Description=WinPortrait plug-in for PivotPro from <a href="http://www.portrait.com/" target="_blank"> Portrait Studios</a> - allows a screen to be rotated to match rotated LCD screens, for example). Shortcut available via Display Properties
Source=Paul Collins Startup list

[wpctrl95]
Number=13708
Confirmed=N
Filename=wpctrl95.exe
Description=WinPortrait plug-in for PivotPro from <a href="http://www.portrait.com/" target="_blank"> Portrait Studios</a> - allows a screen to be rotated to match rotated LCD screens, for example). Shortcut available via Display Properties
Source=Paul Collins Startup list

[WPCUMI]
Number=13709
Confirmed=Y
Filename=WpcUmi.exe
Description=Windows Vista <a href="http://windowshelp.microsoft.com/Windows/en-US/Help/585539d0-0862-41e4-9b39-53467648efc51033.mspx" target="_blank">Parental Control</a> Notifications from Microsoft Corporation
Source=Paul Collins Startup list

[WPCycle.exe]
Number=13710
Confirmed=Y
Filename=WpCycleWin.exe
Description=Added when selecting Mplayer2 to open media files. Forces other codes to Wait for Previous instructions to end, preventing instability of your CPU (freezing)
Source=Paul Collins Startup list

[wpds.exe]
Number=13711
Confirmed=X
Filename=doriot.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallky.html" target=_blank>SMALL-KY</a> TROJAN!

Source=Paul Collins Startup list

[wpds.exe]
Number=13712
Confirmed=X
Filename=wwnrot.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbagledlb.html" target=_blank>BAGLEDI-D</a> TROJAN!
Source=Paul Collins Startup list

[wpwmgrs]
Number=13713
Confirmed=X
Filename=wpwmgrs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobdh.html" target=_blank>MYTOB-DH</a> WORM!
Source=Paul Collins Startup list

[WQK]
Number=13714
Confirmed=X
Filename=WQK.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-041714-3225-99" target="_blank">KLEZ.H</a> WORM!
Source=Paul Collins Startup list

[wr]
Number=13715
Confirmed=?
Filename=WR.EXE
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[WR Command]
Number=13716
Confirmed=?
Filename=wr.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[WrCtrl]
Number=13717
Confirmed=N
Filename=WrCtrl.exe
Description=Win-Route 4.27 NAT engine on Win2k Pro for connection sharing and security using Win-Route by Tiny Software. A connection sharing/Firewall Application. If service is disabled the program does not work, but you can manually start/stop the service with a shortcut the program installs at any time
Source=Paul Collins Startup list

[WRDialer]
Number=13718
Confirmed=X
Filename=WrDialer.exe
Description=WinPoet DSL dialler
Source=Paul Collins Startup list

[WRECK GUARD]
Number=13719
Confirmed=?
Filename=??
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[WregBios]
Number=13720
Confirmed=?
Filename=wregbios.exe
Description=Desktop Management BIOS (DMI BIOS) related. Apparently invokes the DosBios.exe file. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list

[wrexec]
Number=13721
Confirmed=U
Filename=wrexec.exe
Description=Watch Right - monitoring program, part of the <a href="http://www.bpssoft.com/PowerTools/index.htm" target="_blank"> PowerTools</a> add-on for AOL. Records instant messages, E-mail, chat. Watch Right appears to be, and functions as an online clock updater which connects with the U.S. National Institute of Standards and Technology. It was designed for parents who wish to keep an eye on what their children are doing online
Source=Paul Collins Startup list

[wriste]
Number=13722
Confirmed=?
Filename=wriste.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Write DVD-R!]
Number=13723
Confirmed=U
Filename=saimon.exe
Description=Saimon's WriteDVD! "gives total support for DVD-RAM drives. It provides many functions such as setting partitions on DVD-RAM disks and FixDVD! can diagnose and repair UDF formatted disks"
Source=Paul Collins Startup list

[ws2 32]
Number=13724
Confirmed=X
Filename=svchst.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvokena.html" target= blank>VOKEN-A</a> TROJAN!
Source=Paul Collins Startup list

[ws2help]
Number=13725
Confirmed=X
Filename=ws2help.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.AN" target=_blank>SMALL.AN</a> TROJAN!

Source=Paul Collins Startup list

[WSAConfiguration]
Number=13726
Confirmed=X
Filename=wmon32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080214-3122-99" target="_blank">GAOBOT.BAJ</a> WORM!
Source=Paul Collins Startup list

[WSAConfiguration]
Number=13727
Confirmed=X
Filename=svchostt.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.ZT" target="_blank">AGOBOT.ZT</a> WORM!
Source=Paul Collins Startup list

[WSAConfiguration]
Number=13728
Confirmed=X
Filename=rpcxmn32.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/smb/security_info/ve_detail.php?id=66485&VName=WORM_AGOBOT.ABG&VSect=T" target=_blank>AGOBOT.ABG</a> WORM!
Source=Paul Collins Startup list

[WSAConfiguration]
Number=13729
Confirmed=X
Filename=win32upd.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[WSAConfiguration]
Number=13730
Confirmed=X
Filename=drrss.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target="_blank">AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list

[WSAConfiguration]
Number=13731
Confirmed=X
Filename=winlogon32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotwc.html" target= blank>AGOBOT-WC</a> WORM!
Source=Paul Collins Startup list

[WSAConfiguration]
Number=13732
Confirmed=X
Filename=ntguard32.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list

[WSAConfiguration]
Number=13733
Confirmed=X
Filename=csrsvcs.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.VI&VSect=P" target=_blank>AGOBOT.VI</a> WORM!
Source=Paul Collins Startup list

[WSAConfiguration1]
Number=13734
Confirmed=X
Filename=csass.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.WH" target=_blank>AGOBOT.WH</a> WORM!
Source=Paul Collins Startup list

[wsass32]
Number=13735
Confirmed=X
Filename=wsass32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankemv.html" target="_blank">BANKEM-V</a> TROJAN!
Source=Paul Collins Startup list

[wsbklite]
Number=13736
Confirmed=?
Filename=wsbklite.exe
Description=Related to the Acer Soft Button on Acer Tablet PCs. <font color="#FF0000">Appears to do nothing so is it required?</a>
Source=Paul Collins Startup list

[WScheduler]
Number=13737
Confirmed=U
Filename=WScheduler.exe
Description=<a href="http://www.splinterware.com/products/wincron.htm" target="_blank">Windows Scheduler</a> - &quot;schedule unattended running of applications, batch files, scripts and much more. Also, you can schedule popup reminders so you'll never forget reminders, tasks and other events.&quot;
Source=Paul Collins Startup list

[wscntfys]
Number=13738
Confirmed=X
Filename=wsscntfy.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbottn.html" target="_blank">SDBOT-TN</a> WORM!
Source=Paul Collins Startup list

[wscript.exe]
Number=13739
Confirmed=X
Filename=vabian.vbs
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091512-2543-99" target="_blank">VABI</a> VIRUS!
Source=Paul Collins Startup list

[wscsvc.exe]
Number=13740
Confirmed=X
Filename=wscsvc.exe
Description=Added by a password stealing <a href="http://vil.nai.com/vil/content/v_132052.htm" target=_blank>BANKER</a> TROJAN!
Source=Paul Collins Startup list

[Wsdata service]
Number=13741
Confirmed=X
Filename=WSconf.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ZU" target=_blank>SDBOT.ZU</a> WORM!
Source=Paul Collins Startup list

[wserv]
Number=13742
Confirmed=X
Filename=wserv.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[wserver]
Number=13743
Confirmed=X
Filename=wserver.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-050313-3914-99" target="_blank">NETSKY.AC</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-082413-3637-99" target="_blank">SASSER.G</a> WORMS!
Source=Paul Collins Startup list

[WService]
Number=13744
Confirmed=U
Filename=WService.exe
Description=Tablet client Driver for <a href="http://www.uc-logic.com" target="_blank"> UC-Logic</a> Pen/Graphics Tablet
Source=Paul Collins Startup list

[wsg32]
Number=13745
Confirmed=U
Filename=wsg32.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040812-2639-99" target="_blank">GoldenKeylog</a> keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[wskrnl]
Number=13746
Confirmed=U
Filename=wskrnl.exe
Description=<a href="http://www.sarc.com/avcenter/venc/data/spyware.actmon.html" target="_blank">ActMon</a> surveillance software. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list

[wsock32]
Number=13747
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojhorsta.html" target=_blank>HORST-A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list

[wsrv32]
Number=13748
Confirmed=X
Filename=wsrv32.exe
Description=Added by a <a href="http://www.f-secure.com/v-descs/trojclik.shtml" target="_blank">CLICKER</a> TROJAN! Identified by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Win32.Agent.ep
Source=Paul Collins Startup list

[WSSAConfiguration]
Number=13749
Confirmed=X
Filename=wmmon32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotkc.html" target="_blank">AGOBOT-KC</a> WORM!
Source=Paul Collins Startup list

[wssys]
Number=13750
Confirmed=U
Filename=wssys.exe
Description=<a href="http://sarc.com/avcenter/venc/data/spyware.webpi.html" target=_blank>WebPI</a> logs keystrokes and captures screenshots. If you didn't install this yourself remove it
Source=Paul Collins Startup list

[Wstat32 driver]
Number=13751
Confirmed=X
Filename=Wstat32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-022613-5836-99" target="_blank">LOONBOT</a> TROJAN!
Source=Paul Collins Startup list

[wstimeb]
Number=13752
Confirmed=Y
Filename=wstimeb.exe
Description=Used with NEC printers. You can disable it before printing but it re-loads itself when printing so you may as well leave it
Source=Paul Collins Startup list

[wsttrs]
Number=13753
Confirmed=X
Filename=wsttrs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojldpinchqs.html" target="_blank">LDPINCH-QS</a> TROJAN!
Source=Paul Collins Startup list

[wsvbs]
Number=13754
Confirmed=X
Filename=wsvbs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpwsaeb.html" target="_blank">PWS-AEB</a> TROJAN!
Source=Paul Collins Startup list

[WSVCS]
Number=13755
Confirmed=U
Filename=SERVICES.EXE
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-102117-4941-99" target="_blank">WSLogger</a> keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[wswpd]
Number=13756
Confirmed=Y
Filename=wswpd.exe
Description=Used with some models of Panasonic, Epson and NEC printers. Some older drivers known to have a &quot;memory leak&quot;. Needed for printing to work&nbsp;
Source=Paul Collins Startup list

[wsys.exe]
Number=13757
Confirmed=U
Filename=wsys.exe
Description=<a href="http://sarc.com/avcenter/venc/data/spyware.spylopcmonitor.html" target=_blank>SpyloPCMonitor</a> is a surviellance software program that monitors user activity, logs keystrokes, and takes screenshots. It ends the processes of anti-spyware programs. If you didn't install this yourself remove it
Source=Paul Collins Startup list

[ws_d]
Number=13758
Confirmed=X
Filename=ws32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmirrl.html" target=_blank>LEGMIR-RL</a> TROJAN!
Source=Paul Collins Startup list

[WT Game Channel]
Number=13759
Confirmed=N
Filename=GameChannel.exe
Description=<a href="http://www.wildtangent.com/default.asp?pageID=webdriver_download" target="_blank">WildTangent GameChannel</a> - notification of new games, quick access to games and fast and easy game downloads. Note that WildTanget's <a href="http://www.wildtangent.com/default.asp?pageID=privacy" target="_blank">privacy policy</a> used to state that they also collect and share individuals information but this is no longer the case
Source=Paul Collins Startup list

[WT Game Channel]
Number=13760
Confirmed=N
Filename=wtgamechannel.exe
Description=<a href="http://www.wildtangent.com/default.asp?pageID=webdriver_download" target="_blank">WildTangent GameChannel</a> - notification of new games, quick access to games and fast and easy game downloads. Note that WildTanget's <a href="http://www.wildtangent.com/default.asp?pageID=privacy" target="_blank">privacy policy</a> used to state that they also collect and share individuals information but this is no longer the case
Source=Paul Collins Startup list

[WT GameChannel]
Number=13761
Confirmed=N
Filename=GameChannel.exe
Description=<a href="http://www.wildtangent.com/default.asp?pageID=webdriver_download" target="_blank">WildTangent GameChannel</a> - notification of new games, quick access to games and fast and easy game downloads. Note that WildTanget's <a href="http://www.wildtangent.com/default.asp?pageID=privacy" target="_blank">privacy policy</a> used to state that they also collect and share individuals information but this is no longer the case
Source=Paul Collins Startup list

[WT GameChannel]
Number=13762
Confirmed=N
Filename=wtgamechannel.exe
Description=<a href="http://www.wildtangent.com/default.asp?pageID=webdriver_download" target="_blank">WildTangent GameChannel</a> - notification of new games, quick access to games and fast and easy game downloads. Note that WildTanget's <a href="http://www.wildtangent.com/default.asp?pageID=privacy" target="_blank">privacy policy</a> used to state that they also collect and share individuals information but this is no longer the case
Source=Paul Collins Startup list

[WTF Test]
Number=13763
Confirmed=X
Filename=wtftest.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotacm.html" target= blank>RBOT-ACM</a> WORM!
Source=Paul Collins Startup list

[WTIndicator]
Number=13764
Confirmed=U
Filename=SchedInd.exe
Description=<a href="http://www.wintask.com/" target="_blank">WinTask</a> - software that automates a variety of routine tasks quickly and simply
Source=Paul Collins Startup list

[WTSI]
Number=13765
Confirmed=X
Filename=wapisvit.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[WTSS]
Number=13766
Confirmed=X
Filename=wap***.exe [* = random char]
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[WTST]
Number=13767
Confirmed=X
Filename=wapisvtr.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[WU713STA.EXE]
Number=13768
Confirmed=Y
Filename=WU713STA.EXE
Description=Blitzz Technology wireless NIC adapter driver
Source=Paul Collins Startup list

[wuanguard]
Number=13769
Confirmed=X
Filename=wuanguard32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaaf.html" target=_blank>RBOT-AAF</a> WORM!
Source=Paul Collins Startup list

[WUOLService]
Number=13770
Confirmed=Y
Filename=WUOLService9x.exe
Description=Remote wakeup status agent. Part of Novell's <a href="http://www.novell.com/products/zenworks/" target="_blank">ZenWorks</a>. Processes Wake-up on LAN requests (turn on a computer remotely on LAN)
Source=Paul Collins Startup list

[wuosdial]
Number=13771
Confirmed=X
Filename=wuosdial.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[WUPD]
Number=13772
Confirmed=X
Filename=iglmtray.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-072815-4637-99" target="_blank">TZET</a> WORM!
Source=Paul Collins Startup list

[wupd]
Number=13773
Confirmed=X
Filename=symcsvc.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-072216-2140-99" target="_blank">ABWIZ.C</a> TROJAN!
Source=Paul Collins Startup list

[wupd]
Number=13774
Confirmed=X
Filename=win32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojorsec.html" target=_blank>ORSE-C</a> TROJAN!
Source=Paul Collins Startup list

[wupdate]
Number=13775
Confirmed=X
Filename=wisvccz.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojorseb.html" target=_blank>ORSE-B</a> TROJAN!
Source=Paul Collins Startup list

[wupdate]
Number=13776
Confirmed=X
Filename=wi32.exe
Description=Downloader trojan, detected by <a href="http://www.pandasoftware.com/home/default.asp" target= blank>Panda</a> antivirus as Adware/Trustbid
Source=Paul Collins Startup list

[WUpdate]
Number=13777
Confirmed=X
Filename=1037v.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojclaggerar.html" target="_blank">CLAGGER-AR</a> TROJAN!
Source=Paul Collins Startup list

[Wupdate driver]
Number=13778
Confirmed=X
Filename=[various filenames]
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[WUpdates]
Number=13779
Confirmed=X
Filename=WUpdates.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-121515-5145-99" target=_blank>SWEPDAT</a> TROJAN!
Source=Paul Collins Startup list

[Wupdm32]
Number=13780
Confirmed=X
Filename=Wupdm32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112716-2823-99" target=_blank>MIDLAK</a> WORM!
Source=Paul Collins Startup list

[wupdmgr32.exe]
Number=13781
Confirmed=X
Filename=wupdmgr32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcertifi.html" target=_blank>CERTIF-I</a> TROJAN!
Source=Paul Collins Startup list

[wupdt]
Number=13782
Confirmed=X
Filename=wupdt.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_IMISERV.A" target=_blank>IMISERV.A</a> TROJAN!
Source=Paul Collins Startup list

[WUSB11B.exe]
Number=13783
Confirmed=Y
Filename=WUSB11B.exe
Description=Linksys WUSB11 WLAN USB adapter
Source=Paul Collins Startup list

[WUSB54Gv2]
Number=13784
Confirmed=Y
Filename=InvokeSvc3.exe
Description=Wireless-G USB Wireless Network Adapter related - would appear to be required
Source=Paul Collins Startup list

[WUSB54Gv4]
Number=13785
Confirmed=Y
Filename=WUSB54Gv4.exe
Description=Wireless-G USB Wireless Network Adapter related - would appear to be required
Source=Paul Collins Startup list

[wuviewer]
Number=13786
Confirmed=X
Filename=wuviewer.exe
Description=Added by a <a href="http://www.f-secure.com/v-descs/trojprox.shtml" target=_blank>Proxy Trojan</a> variant
Source=Paul Collins Startup list

[WUx_RegSvr]
Number=13787
Confirmed=?
Filename=RegSvr32.exe
Description=<font color="#FF0000">x is any number??</font>
Source=Paul Collins Startup list

[WWKS]
Number=13788
Confirmed=X
Filename=wsass.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotbt.html" target= blank>SDBOT-BT</a> WORM!
Source=Paul Collins Startup list

[www.hidro.4t.com]
Number=13789
Confirmed=X
Filename=enbiei.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090105-2513-99" target="_blank">BLASTER.F</a> WORM!
Source=Paul Collins Startup list

[www.symantec.com]
Number=13790
Confirmed=X
Filename=oz11111.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091411-5523-99" target="_blank">MYDOOM.W</a> WORM
Source=Paul Collins Startup list

[WXcmeinst]
Number=13791
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojranckcd.html" target=_blank>RANCK-CD</a> TROJAN!
Source=Paul Collins Startup list

[Wxp4]
Number=13792
Confirmed=X
Filename=Norton Update.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-121413-4703-99" target=_blank>ERKEZ.D</a> WORM!
Source=Paul Collins Startup list

[WXProcMgr Module]
Number=13793
Confirmed=N
Filename=WXprocMgr.exe
Description=<a href="http://www.tvtonic.com/" target="_blank">TVTonic</a> from Wavexpress - "enjoy 3 full-screen, DVD-quality video channels for FREE". Allows data content to be downloaded and synchronized on your system
Source=Paul Collins Startup list

[WZCBDLService]
Number=13794
Confirmed=U
Filename=WZCBDL9X.exe
Description=WZCBDLService Launcher from D-Link - configuration/drivers
Source=Paul Collins Startup list

[wzdmg]
Number=13795
Confirmed=X
Filename=wzdmg.exe
Description=Added by a generic downloader TROJAN - see <a href="http://www.greatis.com/appdata/d/w/wzdmg.exe.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[wzhelper]
Number=13796
Confirmed=X
Filename=wzhelper.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453077927" target="_blank">Searchcentrix</a> hijacker
Source=Paul Collins Startup list

[wzservice]
Number=13797
Confirmed=X
Filename=hess.exe
Description=Added by the HACKARMY.W TROJAN!
Source=Paul Collins Startup list

[X Server]
Number=13798
Confirmed=U
Filename=X.exe
Description="XoftWare for Windows" enables you to run network-based UNIX programs ("X programs" or "clients") side-by-side with Windows applications on your personal computer. You can also share programs and computing resources with host computers connected to your PC over a network
Source=Paul Collins Startup list

[X-Cleaner Deluxe]
Number=13799
Confirmed=U
Filename=xcleaner.exe
Description=<a href="http://www.xblock.com/deluxe.shtml" target=_blank>X-Cleaner Deluxe</a> - privacy and anti-spy application
Source=Paul Collins Startup list

[X-Cleaner Freeware]
Number=13800
Confirmed=U
Filename=XCLEAN~1.EXE
Description=<a href="http://www.xblock.com/download-freeware.php" target=_blank>X-Cleaner Freeware</a> - "cookie cleaning, Internet cache cleaning, scans for many popular spy software packages and performs permanent file shredding"
Source=Paul Collins Startup list

[X-Grabber]
Number=13801
Confirmed=N
Filename=sswizard.exe
Description=<a target="_blank" href="http://www.lamantine.com/ssw/index.html">ScreenShot Wizard</a>
Source=Paul Collins Startup list

[X1]
Number=13802
Confirmed=U
Filename=X1.exe
Description=Part of <a href="http://www.x1.com/" target="_blank">X1's</a> Enterprise Desktop Search Resource Center. An enterprise desktop search engine
Source=Paul Collins Startup list

[X1 System Tray]
Number=13803
Confirmed=U
Filename=X1Systray.exe
Description=Part of <a href="http://www.x1.com/" target="_blank">X1's</a> Enterprise Desktop Search Resource Center. An enterprise desktop search engine
Source=Paul Collins Startup list

[X10 Device Network Service]
Number=13804
Confirmed=U
Filename=x10nets.exe
Description=Belongs to X10 video streaming device(s)
Source=Paul Collins Startup list

[X10Weax]
Number=13805
Confirmed=X
Filename=WTHRTRAY.EXE
Description=<a href="http://www.download.com/WeatherCheck/3000-2381_4-10284439.html" target=_blank>WeatherCheck</a> - "bring the latest local weather to your desktop". Not recommended as it reportedly pops ads, and contains no uninstaller

Source=Paul Collins Startup list

[X1FileMonitor.exe]
Number=13806
Confirmed=U
Filename=X1FileMonitor.exe
Description=Part of <a href="http://www.x1.com/" target="_blank">X1's</a> Enterprise Desktop Search Resource Center. An enterprise desktop search engine
Source=Paul Collins Startup list

[x3watch]
Number=13807
Confirmed=U
Filename=x3watch.exe
Description="program helping with online integrity. Whenever you browse the internet and accesses a site which may contain questionable material, the program will save the site name on your computer. Approximately every 30 days, a person of your choice (an accountabiltiy partner) will receive an e-mail containing all possible questionable sites you may have visited within the month. This information is meant to encourage an open and honest conversation between friends and help us all be more accountable"
Source=Paul Collins Startup list

[x3yy]
Number=13808
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100718-0015-99" target="_blank">TANNICK</a> TROJAN!
Source=Paul Collins Startup list

[Xanadu]
Number=13809
Confirmed=N
Filename=Xanadu.exe
Description=<a href="http://www.foreignword.biz/software/xanadu/" target="_blank">Xanadu</a> - free language and translation wizard from Foreignword
Source=Paul Collins Startup list

[xBrotherMeCom]
Number=13810
Confirmed=?
Filename=BrMeCom.exe
Description=Related to Brother MFC-9200c printer. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[xbtl]
Number=13811
Confirmed=U
Filename=bootldr.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100918-2057-99" target=blank>Active Keylogger</a> keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[Xcpy1]
Number=13812
Confirmed=X
Filename=Xcpy1.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080114-4631-99" target="_blank">BroadcastPC</a> adware variant
Source=Paul Collins Startup list

[xdxqa]
Number=13813
Confirmed=X
Filename=dewa.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotyb.html" target= blank>SDBOT-YB</a> WORM!
Source=Paul Collins Startup list

[XE 8x LM Status]
Number=13814
Confirmed=U
Filename=lmsxxe.exe
Description=Xerox XE8 series laser printer status monitor
Source=Paul Collins Startup list

[Xecuter.bat]
Number=13815
Confirmed=X
Filename=psexec.bat
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-072806-1847-99" target="_blank">BOOHOO</a> WORM!
Source=Paul Collins Startup list

[XemiCo]
Number=13816
Confirmed=U
Filename=ADC.EXE
Description=XemiComputers <a href="http://www.xemico.com/adc/index.html" target="_blank">Active Desktop Calendar</a>
Source=Paul Collins Startup list

[XeroxScannerDaemon]
Number=13817
Confirmed=U
Filename=XrxFTPLt.exe
Description=<a href="http://www.xerox.com/" target="_blank">Xerox Scanner Daemon</a> - driver for Xerox Scanner model fu621d
Source=Paul Collins Startup list

[XFILTER]
Number=13818
Confirmed=Y
Filename=xfilter.exe
Description=<a href="http://www.filseclab.com/eng/products/firewall.htm" target="_blank">Filseclab</a> Personal Firewall Professional Edition
Source=Paul Collins Startup list

[Xfire]
Number=13819
Confirmed=N
Filename=Xfire.exe
Description=Terratec DMXFire 1024 soundcard control panel
Source=Paul Collins Startup list

[xflash]
Number=13820
Confirmed=X
Filename=xflash.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancja.html" target=_blank>BANCJ-A</a> TROJAN!
Source=Paul Collins Startup list

[xftpGraber]
Number=13821
Confirmed=X
Filename=Xftpgraber.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-122209-2659-99" target=_blank>ENVID.C</a> WORM!
Source=Paul Collins Startup list

[XGIWatchDog]
Number=13822
Confirmed=?
Filename=XWatDog.exe
Description=Related to XGI Technology's <a href="http://www.xgitech.com/products/products_2.asp?P=4http://www.xgitech.com/products/products_2.asp?P=4" target=_blank>Volari</a> graphics cards - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list

[xhi]
Number=13823
Confirmed=X
Filename=xhi.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojscloga.html" target=_blank>SCLOG-A</a> TROJAN!
Source=Paul Collins Startup list

[xhrmy]
Number=13824
Confirmed=X
Filename=Xhrmy.exe
Description=<a href="http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW_HYPLINKER.A" target=_blank>HyperLinker</a> adware
Source=Paul Collins Startup list

[xicon]
Number=13825
Confirmed=?
Filename=xicon.exe
Description=Part of the IBM/XPoint Rapid Restore utility. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[XiD]
Number=13826
Confirmed=X
Filename=mmx.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081514-2309-99" target="_blank">ANALOGX</a> TROJAN!
Source=Paul Collins Startup list

[XircWinModem4]
Number=13827
Confirmed=Y
Filename=ltcm000c.exe
Description=WinModem drivers. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See <a href="http://modemsite.com/56k/winmodems.asp" target="_blank">here</a> for more WinModem information
Source=Paul Collins Startup list

[xitami]
Number=13828
Confirmed=U
Filename=Xiwin32.exe
Description=<a href="http://www.xitami.com/" target="_blank">Xitami</a> Multiplatform Open Source web server
Source=Paul Collins Startup list

[xkstartup]
Number=13829
Confirmed=?
Filename=RunDll32 InstZ82.dll, SetUsbPrinterPort
Description=On a system with a Lexmark printer
Source=Paul Collins Startup list

[xload32]
Number=13830
Confirmed=X
Filename=netdd.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453075581" target="_blank">NETSPY</a> TROJAN!
Source=Paul Collins Startup list

[xloadnet]
Number=13831
Confirmed=X
Filename=xloadnet.exe
Description=Added by the VB.NCK TROJAN!
Source=Paul Collins Startup list

[XML Service]
Number=13832
Confirmed=X
Filename=msxml.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbothd.html" target=_blank>RBOT-HD</a> WORM!

Source=Paul Collins Startup list

[XNSearchAssistant]
Number=13833
Confirmed=X
Filename=SrchAsst.exe
Description=iWon Search Assistant - spyware
Source=Paul Collins Startup list

[XoftSpy]
Number=13834
Confirmed=U
Filename=XoftSpy.exe
Description=XoftSpy antispyware software
Source=Paul Collins Startup list

[xor]
Number=13835
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-072102-0936-99" target=_blank>XORDOOR</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in a "xor" subfolder
Source=Paul Collins Startup list

[xor]
Number=13836
Confirmed=X
Filename=svshost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.DC" target="_blank">AGENT.DC</a> TROJAN!
Source=Paul Collins Startup list

[Xordate]
Number=13837
Confirmed=X
Filename=wuauclt10.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgkn.html" target="_blank">RBOT-GKN</a> WORM!
Source=Paul Collins Startup list

[Xordate]
Number=13838
Confirmed=X
Filename=wuauclt11.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgli.html" target="_blank">RBOT-GLI</a> WORM!
Source=Paul Collins Startup list

[Xordate]
Number=13839
Confirmed=X
Filename=wuauclt12.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotglq.html" target="_blank">RBOT-GLQ</a> WORM!
Source=Paul Collins Startup list

[Xordate]
Number=13840
Confirmed=X
Filename=wuauclt13.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotglm.html" target="_blank">RBOT-GLM</a> WORM!
Source=Paul Collins Startup list

[xp]
Number=13841
Confirmed=X
Filename=winis.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotwo.html" target= blank>RBOT-WO</a> WORM!
Source=Paul Collins Startup list

[Xp]
Number=13842
Confirmed=X
Filename=p2pnetworking.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.XA" target="_blank">SDBOT.XA</a> WORM!
Source=Paul Collins Startup list

[xp service pack 2]
Number=13843
Confirmed=X
Filename=xpsp2.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotkw.html" target="_blank">RBOT-KW</a> WORM!
Source=Paul Collins Startup list

[XP Tools]
Number=13844
Confirmed=U
Filename=xptools.exe
Description=<a href="http://www.xptools.net/" target=_blank>XPTools</a> - "integrated suite of powerful PC Utilities to fix, speed up, maintain and protect your computer"

Source=Paul Collins Startup list

[xp32win]
Number=13845
Confirmed=X
Filename=xpupdater02.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmosucka.html" target=_blank>MOSUCK-A</a> TROJAN!
Source=Paul Collins Startup list

[Xpagent]
Number=13846
Confirmed=?
Filename=xpagent.exe
Description=Part of the IBM/XPoint Rapid Restore utility. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[XPAgent]
Number=13847
Confirmed=X
Filename=XPAgent.exe
Description=Reported as the CLICKER.LE TROJAN by Panda Anti-Virus. Do not confuse this with the IBM/XPoint Rapid Restore file which is generally located in the PROGRAM FILES\XPOINT\AGENT folder
Source=Paul Collins Startup list

[xpcfg]
Number=13848
Confirmed=?
Filename=xpcfg.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Xpclient]
Number=13849
Confirmed=?
Filename=xpclient.exe
Description=Part of the IBM/XPoint Rapid Restore utility. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[XPCPHOST Settings]
Number=13850
Confirmed=X
Filename=xpcphost.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[xpiupdate]
Number=13851
Confirmed=X
Filename=xpiupdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaab.html" target=_blank>RBOT-AAB</a> WORM!
Source=Paul Collins Startup list

[xPlanetControl]
Number=13852
Confirmed=U
Filename=xPlanetControl.exe
Description=<a href="http://www.xplanetcontrol.de/download.php">Tool</a> that displays a globe with current day/night zones and clouds on users desktop.
Source=Paul Collins Startup list

[XPSoft]
Number=13853
Confirmed=X
Filename=CVDAsDW.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotsy.html" target=_blank>SDBOT-SY</a> WORM!
Source=Paul Collins Startup list

[XPSP2 Firewall]
Number=13854
Confirmed=X
Filename=xpsp2fw.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallrn.html" target=_blank>SMALL-RN</a> TROJAN!
Source=Paul Collins Startup list

[xpstart]
Number=13855
Confirmed=X
Filename=wini.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041414-1527-99" target=_blank>PICRATE.A</a> WORM!
Source=Paul Collins Startup list

[xpstat]
Number=13856
Confirmed=X
Filename=winlogins.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaar.html" target=_blank>RBOT-AAR</a> WORM!
Source=Paul Collins Startup list

[XPsys]
Number=13857
Confirmed=X
Filename=XPsys.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfkq.html" target=_blank>DELF-KQ</a> TROJAN!
Source=Paul Collins Startup list

[xpsystem]
Number=13858
Confirmed=X
Filename=y.exe
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list

[Xpsystem]
Number=13859
Confirmed=X
Filename=SERVICES.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DAEMOZ.A" target="_blank">DAEMOZ.A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in an "SERVICES" subfolder
Source=Paul Collins Startup list

[xpsystem]
Number=13860
Confirmed=X
Filename=services.exe
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target=_blank>services.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[xpsystem]
Number=13861
Confirmed=X
Filename=MSXMIDI.EXE
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant, identified by <a href="http://www.kaspersky.com/" target=_blank>Kaspersky</a> antivirus as TrojanDropper.Win32.Small.cw
Source=Paul Collins Startup list

[xpupdate]
Number=13862
Confirmed=X
Filename=updates.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-020711-2146-99" target=_blank>BROPIA.L</a> WORM!
Source=Paul Collins Startup list

[xp_system]
Number=13863
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-113014-4818-99" target=_blank>BOOKMARKER.J</a> TROJAN! This file is located in a Windows\inet20004 or Winnt\inet20004 folder
Source=Paul Collins Startup list

[xp_system]
Number=13864
Confirmed=X
Filename=winlogon.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkrepperg.html" target=_blank>KREPPER-G</a> TROJAN! - a <a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target=_blank>winlogon.exe</a>, which should not figure in Msconfig/Startup!
Source=Paul Collins Startup list

[xp_system]
Number=13865
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkreppern.html" target=_blank>KREPPER-N</a> TROJAN and variants! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! The file is located in a "inet*****" subfolder of the Windows or Winnt folder - where ***** varies dependent upon the variant, examples are 20088, 20001, 10066
Source=Paul Collins Startup list

[XSC SIP Client]
Number=13866
Confirmed=U
Filename=X-Lite.exe
Description="CounterPath's <a href="http://www.counterpath.com/" target="_blank">X-Lite 3.0</a> is the market's leading free SIP based softphone available for download". For VOIP and broadband users
Source=Paul Collins Startup list

[xserv]
Number=13867
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstumpya.html" target=_blank>STUMPY-A</a> TROJAN!
Source=Paul Collins Startup list

[XStop95]
Number=13868
Confirmed=U
Filename=XStop95.exe
Description=<a href="http://www.xstop.com/" target="_blank">XStop</a> - internet filter
Source=Paul Collins Startup list

[xswin]
Number=13869
Confirmed=N
Filename=xswin.exe
Description=Installed with a Xerox Work Centre Pro 555. Unchecking it removes an "out of system memory" error
Source=Paul Collins Startup list

[XTCsgloader]
Number=13870
Confirmed=?
Filename=XTCsgloader.exe
Description=<font color="#FF0000">Another Xupiter toolbar variant??</font>
Source=Paul Collins Startup list

[XTN Service Drivers]
Number=13871
Confirmed=X
Filename=winxtn.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotyk.html" target=_blank>SDBOT-YK</a> WORM!
Source=Paul Collins Startup list

[XTNDConnect PC - 3CmPlm]
Number=13872
Confirmed=U
Filename=Autodet.exe
Description=Component of <a href="#EasySync%20Pro">EasySync Pro</a>. Synchronisation between Palm PDAs&nbsp; and Microsoft Outlook
Source=Paul Collins Startup list

[XTNDConnect PC - ErPhn2]
Number=13873
Confirmed=U
Filename=ErPhn2.exe
Description=Component of <a href="#EasySync%20Pro">EasySync Pro</a>. Synchronisation between SonyEricsson mobile phones and Microsoft Outlook
Source=Paul Collins Startup list

[XTNDConnect PC - ErTray]
Number=13874
Confirmed=U
Filename=ErTray.exe
Description=Component of <a href="#EasySync%20Pro">EasySync Pro</a>. Synchronisation between SonyEricsson mobile phones and Microsoft Outlook
Source=Paul Collins Startup list

[XTNDConnect PC - LtNts4]
Number=13875
Confirmed=U
Filename=NtsAgnt.exe
Description=Component of <a href="#EasySync%20Pro">EasySync Pro</a>
Source=Paul Collins Startup list

[Xtray]
Number=13876
Confirmed=X
Filename=xtray_link.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_VB.JL" target="_blank">VB.JL</a> TROJAN!
Source=Paul Collins Startup list

[XtreamLok License Manager]
Number=13877
Confirmed=U
Filename=xl.exe
Description=License manager for <a href="http://www.xtreamlok.com/">xLok</a> (XtreamLok) - prevents software being reverse engineered
Source=Paul Collins Startup list

[Xtrem parental control]
Number=13878
Confirmed=U
Filename=pcx.exe
Description=ParentXtreme is a surviellance software program that monitors user activity, logs keystrokes, and takes screenshots. It ends the processes of anti-spyware programs. If you didn't install this yourself remove it
Source=Paul Collins Startup list

[XTServiceUpdate]
Number=13879
Confirmed=X
Filename=XTServiceUpdate.exe
Description=hahame.net adware downloader
Source=Paul Collins Startup list

[XtTb.exe]
Number=13880
Confirmed=X
Filename=XtTb.exe
Description=Top-banners.com adware
Source=Paul Collins Startup list

[xuio.exe]
Number=13881
Confirmed=?
Filename=xuio.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Xupiter Startup]
Number=13882
Confirmed=X
Filename=XupiterStartup.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Xupiter&threatid=12203" target=_blank>Xupiter</a> - adware and homepage hijacker. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see <a href="http://www.alanluber.com/pcfearfactor/officialxupiterpage.htm" target=_blank>here</a>
Source=Paul Collins Startup list

[XupiterCfgLoader]
Number=13883
Confirmed=X
Filename=XTCfgLoader.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Xupiter&threatid=12203" target=_blank>Xupiter</a> - adware and homepage hijacker. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see <a href="http://www.alanluber.com/pcfearfactor/officialxupiterpage.htm" target=_blank>here</a>
Source=Paul Collins Startup list

[XupiterCfgLoader]
Number=13884
Confirmed=X
Filename=BWCfgLoader.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Xupiter&threatid=12203" target=_blank>Xupiter</a> - adware and homepage hijacker. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see <a href="http://www.alanluber.com/pcfearfactor/officialxupiterpage.htm" target=_blank>here</a>
Source=Paul Collins Startup list

[xupiterstartup2003]
Number=13885
Confirmed=X
Filename=xupiterstartup2003.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Xupiter&threatid=12203" target=_blank>Xupiter</a> - adware and homepage hijacker. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see <a href="http://www.alanluber.com/pcfearfactor/officialxupiterpage.htm" target=_blank>here</a>
Source=Paul Collins Startup list

[XupiterToolbarLoader]
Number=13886
Confirmed=X
Filename=XupiterToolbarLoader.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Xupiter&threatid=12203" target=_blank>Xupiter</a> - adware and homepage hijacker. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see <a href="http://www.alanluber.com/pcfearfactor/officialxupiterpage.htm" target=_blank>here</a>
Source=Paul Collins Startup list

[xv_ctrl]
Number=13887
Confirmed=U
Filename=v_ctrl.exe
Description=3dfx Underground Tools - &quot;Gives direct hardware control to your video graphics adapter&quot;
Source=Paul Collins Startup list

[xware]
Number=13888
Confirmed=X
Filename=xware.exe
Description=Malware downloader from xxsware.com, causes adult content popups
Source=Paul Collins Startup list

[xware]
Number=13889
Confirmed=X
Filename=cskware.exe
Description=Malware downloader from xxsware.com, produces adult content popups
Source=Paul Collins Startup list

[XWMSUSBAPI]
Number=13890
Confirmed=?
Filename=XWMSAPI.EXE
Description=Part of the installation of a Xerox WorkCentre printer/scanner.<font color="#FF0000"> Is it required?</font>
Source=Paul Collins Startup list

[xxcm]
Number=13891
Confirmed=X
Filename=sys.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32krisworma.html" target= blank>KRISWORM-A</a> WORM!
Source=Paul Collins Startup list

[xxsrSrv32]
Number=13892
Confirmed=X
Filename=xxsrsrv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancsdee.html" target=_blank>BANCSDE-E</a> TROJAN!
Source=Paul Collins Startup list

[XXXmpeg]
Number=13893
Confirmed=X
Filename=XXXmpeg.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[xxxvideo]
Number=13894
Confirmed=X
Filename=xxxvideo.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453074901" target="_blank">AccessPlugin</a> premium rate adult content dialler

Source=Paul Collins Startup list

[xy]
Number=13895
Confirmed=X
Filename=svhost32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DELF.FAI" target="_blank">DELF.FAI</a> TROJAN!
Source=Paul Collins Startup list

[x[Number from 1 to 7]]
Number=13896
Confirmed=X
Filename=x[Number from 1 to 7].exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdadobraa.html" target=_blank>DADOBRA-A</a> TROJAN!
Source=Paul Collins Startup list

[Y!TunnelBasic]
Number=13897
Confirmed=U
Filename=YTBasic.exe
Description=<a href="http://www.ytunnelpro.com/xmod.php?bif=content&page=features" target="_blank">Y!TunnelBasic</a> software provides additional features to Yahoo! Messenger
Source=Paul Collins Startup list

[Y!TunnelPro]
Number=13898
Confirmed=U
Filename=YTunnelPro.exe
Description=Spam, bot and ad blocker for Yahoo! Messenger from Digital Asphyxia
Source=Paul Collins Startup list

[Y!TunnelPro]
Number=13899
Confirmed=U
Filename=YTPro.exe
Description=Spam, bot and ad blocker for Yahoo! Messenger from Digital Asphyxia
Source=Paul Collins Startup list

[Y'z Shadow]
Number=13900
Confirmed=U
Filename=YzShadow.exe
Description=<a href="http://www.winmatrix.com/forums/index.php?showtopic=1161" target="_blank">Y'z Shadow</a> 'adds a shadow effect to the windows in pursuit of the "beauty of a shadow".
It also allows the user the option of making menus transparent'
Source=Paul Collins Startup list

[Y'z Toolbar]
Number=13901
Confirmed=U
Filename=YzToolBar.exe
Description=<a href="http://www.winmatrix.com/forums/index.php?showtopic=1161" target="_blank">Y'z Toolbar</a> "allows the user to change the toolbar icons in Explorer and Internet Explorer.
The user can also create and add their own themes"
Source=Paul Collins Startup list

[Ya Salam]
Number=13902
Confirmed=X
Filename=NancyAjram.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-020917-5202-99" target=_blank>JALABED</a> WORM!
Source=Paul Collins Startup list

[yaemu.exe]
Number=13903
Confirmed=X
Filename=yaemu.exe
Description=Added by the WIN32.DNSCHANGER.S TROJAN!
Source=Paul Collins Startup list

[yahoo groups]
Number=13904
Confirmed=X
Filename=upgrdmgr.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list

[Yahoo HP Reminder 1.1]
Number=13905
Confirmed=?
Filename=yr.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Yahoo Instant Messengar]
Number=13906
Confirmed=X
Filename=YahooMsgr.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453088763" target="_blank">SDBOT.GEN</a> TROJAN!
Source=Paul Collins Startup list

[Yahoo Messenger]
Number=13907
Confirmed=X
Filename=Yahoomsg.exe
Description=Added by an unidentified WORM or TROJAN!

Source=Paul Collins Startup list

[Yahoo Messenger]
Number=13908
Confirmed=X
Filename=YPager.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqo.html" target=_blank>RBOT-QO</a> WORM!
Source=Paul Collins Startup list

[Yahoo Messenger]
Number=13909
Confirmed=X
Filename=svchost32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sohanap.html" target="_blank">SOHANA-P</a> WORM!
Source=Paul Collins Startup list

[Yahoo Messengger]
Number=13910
Confirmed=X
Filename=SVICHHOST.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtiotuac.html" target="_blank">TIOTUA-C</a> TROJAN!
Source=Paul Collins Startup list

[Yahoo Messengger]
Number=13911
Confirmed=X
Filename=RVHOST.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sillyfdcg.html" target="_blank">SILLYFDC-G</a> WORM!
Source=Paul Collins Startup list

[Yahoo Messengger]
Number=13912
Confirmed=X
Filename=SSVICHOSST.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sohanar.html" target="_blank">SOHANA-R</a> WORM!
Source=Paul Collins Startup list

[Yahoo Update]
Number=13913
Confirmed=X
Filename=Yahoo!.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=7045" target="_blank">YAHOO!</a> TROJAN!
Source=Paul Collins Startup list

[Yahoo Updater]
Number=13914
Confirmed=X
Filename=Messenger.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotfe.html" target=_blank>FORBOT-FE</a> WORM!
Source=Paul Collins Startup list

[Yahoo! Pager]
Number=13915
Confirmed=N
Filename=ypager.exe
Description=Yahoo! Messenger allows you to send instant messages. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[Yahoo! Pager]
Number=13916
Confirmed=N
Filename=YAHOOM~1.EXE
Description=Yahoo! Messenger allows you to send instant messages. Available via Start -> Programs
Source=Paul Collins Startup list

[Yahoo2000]
Number=13917
Confirmed=X
Filename=Anti.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ATK" target=_blank>RBOT.ATK</a> WORM!
Source=Paul Collins Startup list

[Yahoo2000]
Number=13918
Confirmed=X
Filename=Anti.exe
Description=Added by an unknown Malware, possibly a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfam.html" target=_blank>RBOT-RAM</a> WORM!
Source=Paul Collins Startup list

[YahooStock]
Number=13919
Confirmed=X
Filename=Prmvr.exe
Description=<a href="http://sarc.com/avcenter/venc/data/adware.adtomi.html" target=_blank>Adtomi</a> adware
Source=Paul Collins Startup list

[YahooStock]
Number=13920
Confirmed=X
Filename=ystckAO32.exe
Description=<a href="http://sarc.com/avcenter/venc/data/adware.adtomi.html" target=_blank>Adtomi</a> adware
Source=Paul Collins Startup list

[yahoo_toolbar lptt01]
Number=13921
Confirmed=X
Filename=yahoo_toolbar.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "yahoo_toolbar" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[yahoo_toolbar ml097e]
Number=13922
Confirmed=X
Filename=yahoo_toolbar.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "yahoo_toolbar" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
Source=Paul Collins Startup list

[YAMAHA AC-XG Power Utility]
Number=13923
Confirmed=?
Filename=yacpower.exe
Description=YAMAHA AC-XG Power Utility. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[YAMAHA DS-XG Launcher]
Number=13924
Confirmed=N
Filename=dslaunch.exe
Description=System Tray access for the features of the Yamaha DS-XG soundcard unless you regularly change set-ups
Source=Paul Collins Startup list

[Yankee Clipper III]
Number=13925
Confirmed=N
Filename=YankClip.exe
Description=<a href="http://www.yankee-clipper.net/index.htm" target="_blank">Yankee Clipper III</a> - 'A super powerful Windows clipboard extender/memory - now in its third generation. Handles Pictures, Richtext, URLS, etc - any size. Features printing, drag and drop, optional permanent storage of clippings. Familiar &quot;Outlook&quot; interface'. Freeware
Source=Paul Collins Startup list

[YBrowser]
Number=13926
Confirmed=N
Filename=ybrwicon.exe
Description=SBC Yahoo! Browser system tray icon
Source=Paul Collins Startup list

[YCentral]
Number=13927
Confirmed=U
Filename=YahooCentral.exe
Description=<a href="http://help.yahoo.com/l/us/yahoo/ycentral/general/general-57577.html" target=_blank>Yahoo! Central</a> - "alerts you if your default home page, search, or email is changed or if updates are available for your Yahoo! software. You can manage your default Internet settings and get updates to your software from Yahoo!"

Source=Paul Collins Startup list

[yeahdude.exe]
Number=13928
Confirmed=X
Filename=hallowelt.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032210-1627-99" target="_blank">GAOBOT.RS</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032315-2723-99" target="_blank">GAOBOT.SA</a> WORMS!
Source=Paul Collins Startup list

[yemarvd]
Number=13929
Confirmed=X
Filename=sysmon.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentch.html" target="_blank">AGENT-CH</a> TROJAN!
Source=Paul Collins Startup list

[YeppStudioAgent]
Number=13930
Confirmed=N
Filename=SamsungMediaStudioAgent.exe
Description=Samsung Media Studio MP3 player file management software - see <a href="http://www.pcstats.com/articleview.cfm?articleid=1933&page=3" target="_blank">here</a> for an example
Source=Paul Collins Startup list

[YhooUapdates]
Number=13931
Confirmed=X
Filename=ymssmsgs.exe
Description=Added by a variant of the <a href="http://virusinfo.prevx.com/pxparall.asp?PXC=659c34742109" target="_blank">SMALL_K</a> TROJAN!
Source=Paul Collins Startup list

[YhooUpdates]
Number=13932
Confirmed=X
Filename=ymsmsgs.exe
Description=Added by the <a href="http://virusinfo.prevx.com/pxparall.asp?PXC=659c34742109" target="_blank">SMALL_K</a> TROJAN!
Source=Paul Collins Startup list

[ying]
Number=13933
Confirmed=X
Filename=ying.exe
Description=<a href="http://fileinfo.prevx.com/fileinfo.asp?PXC=a7c073784121" target="_blank">Constructor VC2000</a> malware
Source=Paul Collins Startup list

[ymetray]
Number=13934
Confirmed=N
Filename=ymetray.exe
Description=<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/ymetray/" target=_blank>Yahoo! Music</a> system tray icon
Source=Paul Collins Startup list

[YOP]
Number=13935
Confirmed=N
Filename=yop.exe
Description=Dashboard Module for SBC Yahoo! <a href="http://onlineprotection.yahoo.com/sbc/" target=_blank>Online Protection</a>
Source=Paul Collins Startup list

[You've Got Pictures Screensaver]
Number=13936
Confirmed=U
Filename=ygpsstra.exe
Description=AOL You've Got Pictures Screensaver
Source=Paul Collins Startup list

[YOW tuner]
Number=13937
Confirmed=?
Filename=WatchPNM.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[ypager]
Number=13938
Confirmed=N
Filename=ypager.exe
Description=Yahoo! Messenger allows you to send instant messages. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[YPC]
Number=13939
Confirmed=U
Filename=ypc.exe
Description=Yahoo Parental controls - "Let you decide what type of sites and Yahoo! services your kids can access"
Source=Paul Collins Startup list

[YPOPs]
Number=13940
Confirmed=U
Filename=YPOPs.exe
Description=<a href="http://www.ypopsemail.com/" target="_blank">YPOPs!</a> - an application that provides POP3 access to Yahoo! Mail. Yahoo! Mail disabled free access to its POP3 service in 2002. This application emulates a POP3 server and enables popular email clients like Outlook, Netscape, Eudora, Mozilla, etc., to download email from Yahoo! account
Source=Paul Collins Startup list

[YTrayMagic Lite 1]
Number=13941
Confirmed=Y
Filename=YTRAYMAGIC.EXE
Description=<a href="http://www.freedownloadscenter.com/Shell_and_Desktop/System_Tray_Enhancers/YTrayMagic_Lite.html" target="_blank">YTrayMagic</a> from YoconSoft automatically restores your tray icons after an Explorer(the windows shell) crash. Leave to run at startup since only those icons that are in the taskbar after YTrayMagic has initialized will be restored
Source=Paul Collins Startup list

[Yumgo's Homepage Protector V1]
Number=13942
Confirmed=U
Filename=YumgoHomepageProtector.exe
Description=<a href="http://www.yumgo.co.uk/protect.asp" target=_blank>Yumgo's</a> Homepage Protector
Source=Paul Collins Startup list

[ywwvc.exe]
Number=13943
Confirmed=X
Filename=ywwvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpahr.html" target=_blank>STARTPA-HR</a> TROJAN!
Source=Paul Collins Startup list

[ywzizdon]
Number=13944
Confirmed=X
Filename=ywzizdon.exe
Description=Free_Scratch_Cards foistware
Source=Paul Collins Startup list

[yx]
Number=13945
Confirmed=X
Filename=uu.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotyx.html" target=_blank>AGOBOT-YX</a> WORM!
Source=Paul Collins Startup list

[yyyyyyyy]
Number=13946
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100209-5502-99" target="_blank">MUMUBOY.B</a> TROJAN!
Source=Paul Collins Startup list

[yz.exe]
Number=13947
Confirmed=X
Filename=yz.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092817-2031-99" target="_blank">VARDO</a> TROJAN!
Source=Paul Collins Startup list

[YZH]
Number=13948
Confirmed=X
Filename=YZH.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32legmirbm.html" target=_blank>LEGMIR-BM</a> VIRUS!
Source=Paul Collins Startup list

[YZH.SYS]
Number=13949
Confirmed=X
Filename=YZH.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-101316-5429-99" target=_blank>PHILIS.C</a> VIRUS!
Source=Paul Collins Startup list

[Z]
Number=13950
Confirmed=X
Filename=zmon.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotao.html" target="_blank">DELBOT-AO</a> WORM!
Source=Paul Collins Startup list

[z-WrDialer]
Number=13951
Confirmed=U
Filename=WrDialer.exe
Description=WinPoet DSL dialer
Source=Paul Collins Startup list

[ZaCker]
Number=13952
Confirmed=X
Filename=[filename].PIF
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOLAR.A" target="_blank">HOLAR.A</a> WORM!
Source=Paul Collins Startup list

[Zacker]
Number=13953
Confirmed=X
Filename=Zacker.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-020411-4428-99" target="_blank">GEMEL</a> WORM!

Source=Paul Collins Startup list

[zango]
Number=13954
Confirmed=X
Filename=zango.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=180solutions.NCase&threatid=8869" target="_blank">NCase</a> adware
Source=Paul Collins Startup list

[Zango SiteFinder]
Number=13955
Confirmed=X
Filename=ZangoSiteFinder.exe
Description=180Solutions <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050416-3519-99" target=_blank>ZangoSearch</a> adware variant
Source=Paul Collins Startup list

[Zango TvTimes]
Number=13956
Confirmed=X
Filename=ZANGOT~1.EXE
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050416-3519-99" target="_blank">ZangoSearch</a> adware
Source=Paul Collins Startup list

[zanu]
Number=13957
Confirmed=X
Filename=zanu.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=180solutions.NCase&threatid=8869" target="_blank">NCase</a> adware
Source=Paul Collins Startup list

[Zapro]
Number=13958
Confirmed=Y
Filename=Zapro.exe
Description=Firewall program from <a href="http://www.zonelabs.com/download/index.html" target="_blank">Zonelabs</a> - paid for version
Source=Paul Collins Startup list

[zBrowser Launcher]
Number=13959
Confirmed=U
Filename=iTouch.exe
Description=For a Logitech internet keyboard - loads the software for the shortcut keys on the keyboard. Also used to display your keyboard LEDs on-screen to indicate Caps Lock, etc if it doesn't have them
Source=Paul Collins Startup list

[zBrowser Launcher]
Number=13960
Confirmed=U
Filename=Commandr.exe
Description=For a Logitech internet keyboard - loads the software for the shortcut keys on the keyboard. Also used to display your keyboard LEDs on-screen to indicate Caps Lock, etc if it doesn't have them
Source=Paul Collins Startup list

[zcb]
Number=13961
Confirmed=?
Filename=zcb.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Zcfgsvc]
Number=13962
Confirmed=U
Filename=ZCfgSvc.exe
Description=Zero Config MFC Application, part of Intel's ProSET utilities and installed by the drivers for many of Intel wireless network cards - essential to the proper functioning of many of the Intel ProSET utilities (but not all) and these System Tray ProSET utilities are a must if you are using your wireless connection, if only so you know when the signal is fading or dropping. The problem is that, in some PCs, ZCFGSVC can be incredibly badly behaved : taking up to 100% of CPU time and therefore resulting in an extremely slow PC, preventing the installation of software or Windows updates, or causing "Not Responding" or "End this Program" shutdown problems. If you experience this, try first the very latest drivers from Intel or your laptop manufacturer. If that still does not solve the problem and you have WinXP/2003, try setting the "Wireless Zero Configuration" service to disabled
Source=Paul Collins Startup list

[zcproo]
Number=13963
Confirmed=X
Filename=qssstiej.exe
Description=Possible homepage hijacker installing a toolbar: http://tdko.com/ ,Lop.com in disguise
Source=Paul Collins Startup list

[ZDConfig]
Number=13964
Confirmed=?
Filename=ZDConfig.exe
Description=Related to various brands of Wireless USB LAN Adapter - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list

[zdnet]
Number=13965
Confirmed=N
Filename=kontiki.exe
Description=<a href="http://www.kontiki.com/products/deliverymanager/index.html" target="_blank">Kontiki Delivery Manager</a> - Windows-based client software that enables secure delivery of content to users' desktops
Source=Paul Collins Startup list

[Zebus]
Number=13966
Confirmed=N
Filename=msdc32.exe
Description=Runs a HTML tutorial on the Zebus web-site
Source=Paul Collins Startup list

[Zekio Startups]
Number=13967
Confirmed=X
Filename=znksvc32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotagi.html" target= blank>AGOBOT-AGI</a> WORM!
Source=Paul Collins Startup list

[Zen.A]
Number=13968
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/perlzoomena.html" target="_blank">ZOOMEN-A</a> TROJAN!
Source=Paul Collins Startup list

[Zenet]
Number=13969
Confirmed=X
Filename=rundll32 CNBabe.dll, DllStartup
Description=<a href="http://www.commonname.com/english/ug/toolbar/default.asp?idx=1" target="_blank">CommonName Toolbar</a> spyware. To uninstall see <a href="http://www.commonname.com/english/ug/toolbar/default.asp?idx=10#4">here</a>
Source=Paul Collins Startup list

[Zeno]
Number=13970
Confirmed=X
Filename=*sys****.exe [* = random char/digit]
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094810" target="_blank">ZenoSearch</a> adware. Note - the most frequent filenames appear to be rsyssx2d.exe, rsyssx2d.exe, rsystu2d.exe and ysysyz2d.exe but there are others
Source=Paul Collins Startup list

[Zeno]
Number=13971
Confirmed=X
Filename=*winspez.exe [* = rand letter]
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094810" target="_blank">ZenoSearch</a> adware
Source=Paul Collins Startup list

[Zeno]
Number=13972
Confirmed=X
Filename=nwinrqez.exe
Description=Added by the <a href="http://fileinfo.prevx.com/spyware/qqc24224310217-NWIN16820811/NWINRQEZ.EXE.html" target="_blank">QEXREZ</a> family of TROJANS!
Source=Paul Collins Startup list

[ZENRC]
Number=13973
Confirmed=Y
Filename=zenrc32.exe
Description=The main component of Novell's <a href="http://www.novell.com/products/zenworks/" target="_blank">ZenWorks</a> - &quot;Complete End-to-End Directory-enabled Network Management&quot;.<font color="#FF0000"> </font>Leave well alone
Source=Paul Collins Startup list

[ZENRC Tray Icon]
Number=13974
Confirmed=Y
Filename=zentray.exe
Description=Part of Novell's <a href="http://www.novell.com/products/zenworks/" target="_blank">ZenWorks</a> - &quot;Complete End-to-End Directory-enabled Network Management&quot;.<font color="#FF0000"> </font>Best left alone
Source=Paul Collins Startup list

[ZENworks Imaging Service]
Number=13975
Confirmed=Y
Filename=ZISWin.exe
Description=Imaging Agent. Part of Novell's <a href="http://www.novell.com/products/zenworks/" target="_blank">ZenWorks</a> - &quot;Complete End-to-End Directory-enabled Network Management&quot;
Source=Paul Collins Startup list

[Zero PoPup Killer XP]
Number=13976
Confirmed=U
Filename=zpk_xp.exe
Description=Intelligent anti-pop-up software product by <a href="http://www.ax-soft.com/" target=_blank>Ax-Soft</a>
Source=Paul Collins Startup list

[ZeroAds]
Number=13977
Confirmed=U
Filename=0
Description=<a href="http://www.fbmsoftware.com/pmain.aspx?id=2&sid=9858289" target="_blank">ZeroAds</a> - culls ads, cookies and pop-ups. Tells ZeroAds not to run at startup - needed to start it manually
Source=Paul Collins Startup list

[ZeroAds]
Number=13978
Confirmed=U
Filename=LAS0Ads.exe
Description=<a href="http://www.fbmsoftware.com/pmain.aspx?id=2&sid=9858289" target="_blank">ZeroAds</a> - culls ads, cookies and pop-ups. Required for the cookie interception to work
Source=Paul Collins Startup list

[ZeroAds]
Number=13979
Confirmed=U
Filename=Zeroads.exe
Description=<a href="http://www.fbmsoftware.com/pmain.aspx?id=2&sid=9858289" target="_blank">ZeroAds</a> - a popular Internet accelerator and anti-adware application
Source=Paul Collins Startup list

[ZeroSpyware]
Number=13980
Confirmed=U
Filename=ZeroSpyware.exe
Description=FBM Software ZeroSpyware 2004 spyware detector and remover
Source=Paul Collins Startup list

[zervpack2]
Number=13981
Confirmed=X
Filename=update2.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.WD&VSect=T" target=_blank>SDBOT.WD</a> WORM!

Source=Paul Collins Startup list

[ZGNUBI]
Number=13982
Confirmed=?
Filename=ZGNUBI.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Zi5]
Number=13983
Confirmed=X
Filename=AntiVirus Update.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-100616-4203-99" target=_blank>ERKEZ.G</a> WORM!
Source=Paul Collins Startup list

[ZIBMACC]
Number=13984
Confirmed=U
Filename=rundll.exe ZIBMACC.INF
Description=ZIBMACC.INF is an IBM file that is only loaded and installed under a recovery operation. The file is a support file for IBM access to the system if needed. You may delete this file. This is as from IBM Technical Support (USA - 800-887-7435)
Source=Paul Collins Startup list

[ZincgrubInc]
Number=13985
Confirmed=X
Filename=Lsass.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32voumita.html" target=_blank>VOUMIT-A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "mirc32" folder
Source=Paul Collins Startup list

[ZingSpooler]
Number=13986
Confirmed=U
Filename=ZingSpooler.exe
Description=Was used for a drag and drop program to upload pictures to www.zing.com but Zing has gone out of business. Now used for Sony ImageStation's upload photos to online albums
Source=Paul Collins Startup list

[Zinio DLM]
Number=13987
Confirmed=N
Filename=ZDLM.EXE
Description=<a href="http://www.zinio.com/main" target="_blank">Zinio</a> - used to read magazines in digital rather than paper format
Source=Paul Collins Startup list

[Zinio DLM]
Number=13988
Confirmed=N
Filename=ZinioDeliveryManager.exe
Description=Related to <a href="http://www.zinio.com/" target=_blank>Zinio</a> used to read magazines in digital rather than paper format
Source=Paul Collins Startup list

[Zip Driver Loader]
Number=13989
Confirmed=X
Filename=ZipLoader32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2001-102313-2131-99" target="_blank">OBLIVION</a> TROJAN! This executable is one of the most common but there are more
Source=Paul Collins Startup list

[Zip Driver Loader]
Number=13990
Confirmed=X
Filename=msload32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2001-102313-2131-99" target="_blank">OBLIVION</a> TROJAN! This executable is one of the most common but there are more
Source=Paul Collins Startup list

[ZipDisk Icons]
Number=13991
Confirmed=U
Filename=IMGICON.EXE
Description=Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running
Source=Paul Collins Startup list

[ZipGenius Clean]
Number=13992
Confirmed=N
Filename=zg.exe
Description=<a href="http://www.zipgenius.it/eng/index.php" target="_blank">ZipGenius</a> file compression utility
Source=Paul Collins Startup list

[ziphelp]
Number=13993
Confirmed=X
Filename=ziphelp.exe
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list

[ZipMagic]
Number=13994
Confirmed=N
Filename=zm32.exe
Description=Zip utility by <a href="http://www.ontrack.com/" target="_blank">Ontrack</a>. Preloading ZipMagic allows you to access files within a zip archive without unzipping them first
Source=Paul Collins Startup list

[zlclient]
Number=13995
Confirmed=Y
Filename=zlclient.exe
Description=Firewall program from <a href="http://www.zonelabs.com/download/index.html" target="_blank">Zonelabs</a>. Pro version inlcudes other online security options
Source=Paul Collins Startup list

[ZLH]
Number=13996
Confirmed=U
Filename=ZLH.EXE
Description=System Tray icon for <a href="http://www.norman.com/" target="_blank">Norman Antivirus</a>
Source=Paul Collins Startup list

[ZNN]
Number=13997
Confirmed=X
Filename=znnsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotdaa.html" target="_blank">SDBOT-DAA</a> WORM!
Source=Paul Collins Startup list

[Zolero Translator]
Number=13998
Confirmed=X
Filename=ZoleroTranslator.exe
Description=<a href="http://www.bleepingcomputer.com/uninstall/1794/Zolero-Translator.html" target="_blank">Zolero Translator</a> - added by Clickspring, the makers of Purityscan, products and are bundled with the Outer Info Network Client, or OIN client
Source=Paul Collins Startup list

[Zonavirus]
Number=13999
Confirmed=X
Filename=0
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-070414-5310-99" target="_blank"> KITRO.D</a> (or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ARGEN.A&amp;VSect=T" target="_blank">ARGEN.A</a>) WORM!

Source=Paul Collins Startup list

[Zone Alarm]
Number=14000
Confirmed=X
Filename=vsmon.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BO" target="_blank">RBOT.BO</a> WORM! If this was the ZoneAlarm firewall the name column would be TrueVector
Source=Paul Collins Startup list

[zone alarm security]
Number=14001
Confirmed=X
Filename=zlclint.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_141674.htm" target="_blank">NIRBOT</a> WORM!
Source=Paul Collins Startup list

[Zone Labs Client]
Number=14002
Confirmed=Y
Filename=zlclient.exe
Description=Firewall program from <a href="http://www.zonelabs.com/download/index.html" target="_blank">Zonelabs</a>. Pro version inlcudes other online security options
Source=Paul Collins Startup list

[Zone Labs Client Ex]
Number=14003
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-030309-2458-99" target=_blank>NETSKY.F</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
Source=Paul Collins Startup list

[Zone system]
Number=14004
Confirmed=X
Filename=szchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmultidrac.html" target=_blank>MULTIDR-AC</a> TROJAN!
Source=Paul Collins Startup list

[ZoneAlarm]
Number=14005
Confirmed=Y
Filename=zonealarm.exe
Description=Firewall program from <a href="http://www.zonelabs.com/store/content/home.jsp" target="_blank">Zonelabs</a> - free version
Source=Paul Collins Startup list

[zonealarm]
Number=14006
Confirmed=X
Filename=[random filename]
Description=Added by an unidentified VIRUS, WORM or TROJAN! The only exception is if you have an older version of the ZoneAlarm firewall running
Source=Paul Collins Startup list

[Zonealarm]
Number=14007
Confirmed=X
Filename=Removeme.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbg.html" target=_blank>FORBOT-BG</a> WORM!

Source=Paul Collins Startup list

[Zonealarm]
Number=14008
Confirmed=X
Filename=iexplore.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotcp.html" target=_blank>FORBOT-CP</a> WORM! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a>) process, which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup unless you add it manually! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[ZoneAlarm Plus]
Number=14009
Confirmed=Y
Filename=zaplus.exe
Description=Firewall program from <a href="http://www.zonelabs.com/store/content/home.jsp" target="_blank">Zonelabs</a> - paid for version
Source=Paul Collins Startup list

[ZoneAlarm Pro]
Number=14010
Confirmed=Y
Filename=Zapro.exe
Description=Firewall program from <a href="http://www.zonelabs.com/store/content/home.jsp" target="_blank">Zonelabs</a> - paid for version
Source=Paul Collins Startup list

[Zonesoft Cleaner]
Number=14011
Confirmed=X
Filename=rnsys.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[Zoom]
Number=14012
Confirmed=U
Filename=zoom.exe
Description=<a href="http://www.foxpop.ndirect.co.uk/pc/dachshund_04.htm" target="_blank">Zoom</a> - speeds up Windows startup and manages startup applications
Source=Paul Collins Startup list

[Zooming]
Number=14013
Confirmed=U
Filename=ZoomingHook.exe 
Description=Toshiba Zooming Utility - found on Toshiba laptops and Tablet PCs. It allows users to zoom in (or magnify) text
Source=Paul Collins Startup list

[ZoomingHook]
Number=14014
Confirmed=U
Filename=ZoomingHook.exe
Description=Toshiba Zooming Utility - found on Toshiba laptops. It allows users to zoom in (or magnify) text
Source=Paul Collins Startup list

[ZPoint]
Number=14015
Confirmed=X
Filename=winmuse.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadrvj.html" target=_blank>VJ</a> TROJAN!

Source=Paul Collins Startup list

[ZPOINT32]
Number=14016
Confirmed=Y
Filename=ZPOINT32.exe
Description=USB graphics/writing tablet driver
Source=Paul Collins Startup list

[zSearch]
Number=14017
Confirmed=X
Filename=Zstb.exe
Description=TotalVelocity zSearch <a href="http://www.spywareguide.com/product_show.php?id=763" target="_blank">parasite</a>
Source=Paul Collins Startup list

[zSecurity Service]
Number=14018
Confirmed=X
Filename=szsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotdab.html" target="_blank">SDBOT-DAB</a> WORM!
Source=Paul Collins Startup list

[zsms]
Number=14019
Confirmed=X
Filename=smss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosck.html" target=_blank>BANCOS-CK</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[zsmsgs]
Number=14020
Confirmed=X
Filename=iservice.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosbu.html" target= blank>BANCOS-BU</a> TROJAN!
Source=Paul Collins Startup list

[zsmss]
Number=14021
Confirmed=X
Filename=smss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosdd.html" target=_blank>BANCOS-DD</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Source=Paul Collins Startup list

[zSPGuard]
Number=14022
Confirmed=U
Filename=Spguard.exe
Description=&quot;<a href="http://pjwalczak.com/spguard/index.php" target="_blank">StartPage Guard</a> (SPG) protects your PC from cyberscam, by detecting and preventing any unauthorized changes to your internet browser's Start and Search pages. It is also capable of removing automatically most of known 'invaders'.&quot;
Source=Paul Collins Startup list

[ZSScheduler]
Number=14023
Confirmed=U
Filename=zsscheduler.dll
Description=<a href="http://fbmsoftware.com/pmain~id~3.html" target="_blank">ZeroSpyware</a> from FBM Software
Source=Paul Collins Startup list

[ZStart]
Number=14024
Confirmed=X
Filename=[various filenames]
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=VX2.Transponder&threatid=12517" target=_blank>VX2.Transponder</a> parasite updater/installer related
Source=Paul Collins Startup list

[Zstart]
Number=14025
Confirmed=X
Filename=cxdxregt.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094810" target="_blank">ZenoSearch</a> adware
Source=Paul Collins Startup list

[ZtgServerSwitch]
Number=14026
Confirmed=X
Filename=server.vbs
Description=ZTGServerswitch is part of Sony's Vaio support agent - designed by Support.com. Not required if the user does not wish to use the Vaio support agent and regarded as spyware
Source=Paul Collins Startup list

[Zune Launcher]
Number=14027
Confirmed=U
Filename=ZuneLauncher.exe
Description=Only needed if running Microsoft's new Zune software for use with their new Zune music player. Similar to iTunes for the iPod
Source=Paul Collins Startup list

[Zupdate]
Number=14028
Confirmed=X
Filename=Zupdate.exe
Description=Associated with <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrilliantDigital&threatid=3334" target="_blank">B3d Projector</a> foistware - see <a href="http://www.greatis.com/appdata/u/z/zupdate.exe.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[zzb]
Number=14029
Confirmed=X
Filename=zzb.exe
Description=<a href="http://sarc.com/avcenter/venc/data/adware.iagold.html" target="_blank">IAGold</a> adware downloader
Source=Paul Collins Startup list

[zzb]
Number=14030
Confirmed=X
Filename=zzb.exe
Description=<a href="http://sarc.com/avcenter/venc/data/adware.iagold.html" target="_blank">IAGold</a> adware downloader
Source=Paul Collins Startup list

[zzgshp]
Number=14031
Confirmed=X
Filename=gshp.vbs
Description=Homepage hi-jacker that re-defines your IE or Netscape start page
Source=Paul Collins Startup list

[zztp]
Number=14032
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-012017-0708-99" target="_blank">TANNICK.B</a> TROJAN!  Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list

[zzz-hpi-boot]
Number=14033
Confirmed=?
Filename=hpi-boot.exe
Description=<font color="#FF0000">Associated with HP Photosmart printers</font>
Source=Paul Collins Startup list

[zzzCamlnSuitelll]
Number=14034
Confirmed=?
Filename=setup.exe 46***
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[zzzhpsetup]
Number=14035
Confirmed=?
Filename=setup.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Z_Start]
Number=14036
Confirmed=X
Filename=********.exe [* = 8 random chars]
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094810" target="_blank">ZenoSearch</a> adware. Note - the most frequent filenames appear to be dwdsregt.exe, rkdsregm.exe, psdsregm.exe and ZIFI002.exe but there are others
Source=Paul Collins Startup list

[[3-4 random letters]]
Number=14037
Confirmed=X
Filename=nslookup.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware. Not to be confused with the legitimate <a href="http://support.microsoft.com/kb/200525" target="_blank">nslookup.exe</a> which is found in the System32 folder
Source=Paul Collins Startup list

[[3-4 random letters]Srv32]
Number=14038
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancsdea.html" target=_blank>BANCSADE-A</a> TROJAN!
Source=Paul Collins Startup list

[[decimal number]]
Number=14039
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32opossuma.html" target=_blank>OPOSSUM-A</a> WORM! The decimal number can be anything, eg, 0.12345678
Source=Paul Collins Startup list

[[default]]
Number=14040
Confirmed=X
Filename=DrWatson32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022222-5440-99" target=_blank>DREMN</a> TROJAN!
Source=Paul Collins Startup list

[[Entry name]]
Number=14041
Confirmed=X
Filename=System.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojnethiefn.html" target=_blank>NETHIEF-N</a> TROJAN!
Source=Paul Collins Startup list

[[Ephemeral 2.5] by TreeHugger,]
Number=14042
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lemoorc.html" target=_blank>LEMOOR-C</a> WORM!
Source=Paul Collins Startup list

[[Ephemeral 2.x] by TreeHugger,]
Number=14043
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-071115-5228-99" target="_blank">LEMOOR.A</a> WORM! where "x" represents 3 or 4
Source=Paul Collins Startup list

[[executed file name]]
Number=14044
Confirmed=X
Filename=App.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090213-4905-99" target="_blank">WAXPOW</a> WORM!
Source=Paul Collins Startup list

[[executed file name]]
Number=14045
Confirmed=X
Filename=Regsrv32.com
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112812-3725-99" target="_blank">SOUTHGHOST</a> WORM!
Source=Paul Collins Startup list

[[filename]]
Number=14046
Confirmed=X
Filename=svchost.scr
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankercc.html" target=_blank>BANKER-CC</a> TROJAN!
Source=Paul Collins Startup list

[[original filename]]
Number=14047
Confirmed=X
Filename=svchost.scr
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbancx.html" target=_blank>BANCBAN-CX</a> TROJAN!
Source=Paul Collins Startup list

[[original filename]]
Number=14048
Confirmed=X
Filename=xphost.scr
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanhm.html" target=_blank>BANCBAN-HM</a> TROJAN!
Source=Paul Collins Startup list

[[random 12 digit number]]
Number=14049
Confirmed=X
Filename=avifile5.exe
Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html" target="_blank">Adsrv.com/IeDriver</a> adware variant
Source=Paul Collins Startup list

[[random 12 digit number]]
Number=14050
Confirmed=X
Filename=bootvid4.exe
Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html" target="_blank">Adsrv.com/IeDriver</a> adware variant
Source=Paul Collins Startup list

[[random 12 digit number]]
Number=14051
Confirmed=X
Filename=browser8.exe
Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html" target="_blank">Adsrv.com/IeDriver</a> adware variant
Source=Paul Collins Startup list

[[random 12 digit number]]
Number=14052
Confirmed=X
Filename=atitvo32.exe
Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html" target=_blank>Adsrv.com/IeDriver</a> adware variant

Source=Paul Collins Startup list

[[random 12 digit number]]
Number=14053
Confirmed=X
Filename=autodisc.exe
Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html" target=_blank>Adsrv.com/IeDriver</a> adware variant

Source=Paul Collins Startup list

[[random 12 digit number]]
Number=14054
Confirmed=X
Filename=cabview1.exe
Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html" target=_blank>Adsrv.com/IeDriver</a> adware variant

Source=Paul Collins Startup list

[[random 12 digit number]]
Number=14055
Confirmed=X
Filename=advpack1.exe
Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html" target=_blank>Adsrv.com/IeDriver</a> adware variant
Source=Paul Collins Startup list

[[random 12 digit number]]
Number=14056
Confirmed=X
Filename=batmeter.exe
Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html" target=_blank>Adsrv.com/IeDriver</a> adware variant
Source=Paul Collins Startup list

[[random 12 digit number]]
Number=14057
Confirmed=X
Filename=bidispl2.exe
Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html" target=_blank>Adsrv.com/IeDriver</a> adware variant
Source=Paul Collins Startup list

[[random 12 digit number]]
Number=14058
Confirmed=X
Filename=asferror.exe
Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html" target=_blank>Adsrv.com/IeDriver</a> adware variant
Source=Paul Collins Startup list

[[random 12 digit number]]
Number=14059
Confirmed=X
Filename=catsrvps.exe
Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html" target= blank>Adsrv.com/IeDriver</a> adware variant
Source=Paul Collins Startup list

[[random 12 digit number]]
Number=14060
Confirmed=X
Filename=admparse.exe
Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html" target=_blank>Adsrv.com/IeDriver</a> adware variant
Source=Paul Collins Startup list

[[random 12 digit number]]
Number=14061
Confirmed=X
Filename=audiosrv.exe
Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html" target=_blank>Adsrv.com/IeDriver</a> adware variant
Source=Paul Collins Startup list

[[random 12 digit number]]
Number=14062
Confirmed=X
Filename=bootvid2.exe
Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html" target=_blank>Adsrv.com/IeDriver</a> adware variant
Source=Paul Collins Startup list

[[random 12 digit number]]
Number=14063
Confirmed=X
Filename=cmpbk321.exe
Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html" target=_blank>Adsrv.com/IeDriver</a> adware variant
Source=Paul Collins Startup list

[[random characters]]
Number=14064
Confirmed=X
Filename=securewinload32x.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojoptixpn.html" target=_blank>OPTIXP-N</a> TROJAN! Note - this trojan file is found in the System (9x/Me) or System32 (NT/2K/XP) folder. The file system32dir2a.exe will also be found in the same folder and should be deleted
Source=Paul Collins Startup list

[[random characters]]
Number=14065
Confirmed=X
Filename=rsbmsc.exe
Description=Detected by <a href="http://www.avira.com/" target="_blank">AntiVir</a> antivirus as the BDS/Agent.adt TROJAN!
Source=Paul Collins Startup list

[[random filename]]
Number=14066
Confirmed=X
Filename=slk8x2peu.exe
Description=<a href="http://www.superadblocker.com/definition/slk8x2peu/" target="_blank">QuickLinks</a> adware  
Source=Paul Collins Startup list

[[random names]]
Number=14067
Confirmed=X
Filename=eee2.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MediaMotor&threatid=15001" target="_blank">MediaMotor</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14068
Confirmed=X
Filename=Svchosts.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsdbotn.html" target="_blank">SDBOT.N</a> TROJAN!
Source=Paul Collins Startup list

[[random name]]
Number=14069
Confirmed=X
Filename=wincpu.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[[random name]]
Number=14070
Confirmed=X
Filename=m?dtc.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14071
Confirmed=X
Filename=ping.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware. Note - do not confuse with the Microsoft utility of the same name as described <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/ping/" target=_blank>here</a>
Source=Paul Collins Startup list

[[random name]]
Number=14072
Confirmed=X
Filename=CXTPLS_LOADER.EXE
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=AproposMedia&threatid=14978" target="_blank">AproposMedia</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14073
Confirmed=X
Filename=??plorer.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14074
Confirmed=X
Filename=?hkdsk.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14075
Confirmed=X
Filename=?hkntfs.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14076
Confirmed=X
Filename=l?gonui.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14077
Confirmed=X
Filename=m?iexec.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14078
Confirmed=X
Filename=r?gsvr32.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14079
Confirmed=X
Filename=t?skmgr.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14080
Confirmed=X
Filename=w?auboot.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14081
Confirmed=X
Filename=w?auclt.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14082
Confirmed=X
Filename=w?crtupd.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14083
Confirmed=X
Filename=w?wexec.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14084
Confirmed=X
Filename=??erinit.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14085
Confirmed=X
Filename=d?dplay.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14086
Confirmed=X
Filename=n?tepad.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14087
Confirmed=X
Filename=??chost.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14088
Confirmed=X
Filename=??oolsv.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14089
Confirmed=X
Filename=??xplore.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14090
Confirmed=X
Filename=r?ndll32.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14091
Confirmed=X
Filename=se?vices.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14092
Confirmed=X
Filename=w?nlogon.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14093
Confirmed=X
Filename=w?nword.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14094
Confirmed=X
Filename=??anregw.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14095
Confirmed=X
Filename=?ttrib.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14096
Confirmed=X
Filename=j?vaw.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14097
Confirmed=X
Filename=l?ass.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14098
Confirmed=X
Filename=m?config.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14099
Confirmed=X
Filename=n?lookup.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14100
Confirmed=X
Filename=n?pdb.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14101
Confirmed=X
Filename=??ool32.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14102
Confirmed=X
Filename=??rss.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14103
Confirmed=X
Filename=??rvices.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14104
Confirmed=X
Filename=?ti2evxx.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14105
Confirmed=X
Filename=chkdsk.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware. Unlike this file, the legitimate Windows chkdisk.exe will in Windows XP/2K/NT always be located in the Winnt\System32 or Windows\System32 folder, and ought moreover NOT to figure among the startups!
Source=Paul Collins Startup list

[[random name]]
Number=14106
Confirmed=X
Filename=d?xplore.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14107
Confirmed=X
Filename=dvdplay.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14108
Confirmed=X
Filename=spoolsv.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware. Do not confuse with the legitimate Microsoft Printer Spooler Service (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/spoolsv/" target=_blank>spoolsv.exe</a>)
Source=Paul Collins Startup list

[[random name]]
Number=14109
Confirmed=X
Filename=w?aclt.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14110
Confirmed=X
Filename=wucrtupd.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware. Do not confuse with the legitimate Windows Critical Update Notification (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/wucrtupd/" target=_blank>wucrtupd.exe</a>)
Source=Paul Collins Startup list

[[random name]]
Number=14111
Confirmed=X
Filename=charmapnt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosdr.html" target=_blank>BANCOS-DR</a> TROJAN!
Source=Paul Collins Startup list

[[random name]]
Number=14112
Confirmed=X
Filename=n?tdde.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14113
Confirmed=X
Filename=r?gedit.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14114
Confirmed=X
Filename=r?ndll.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14115
Confirmed=X
Filename=scanregw.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14116
Confirmed=X
Filename=wuauboot.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware. Note - do not confuse with the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/wuauboot/" target=_blank>wuauboot.exe</a> file, which should not figure in Msconfig/Startup!
Source=Paul Collins Startup list

[[random name]]
Number=14117
Confirmed=X
Filename=w?nspool.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14118
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanjc.html" target=_blank>BANCBAN-JC</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "config" subfolder of the Winnt or Windows folder
Source=Paul Collins Startup list

[[random name]]
Number=14119
Confirmed=X
Filename=[random name].dll
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-071912-4640-99" target="_blank">SearchNet</a> adware
Source=Paul Collins Startup list

[[random name]]
Number=14120
Confirmed=X
Filename=iexpl0ra.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_ULPM.BD" target="_blank">ULPM.BD</a> TROJAN!
Source=Paul Collins Startup list

[[random name]]
Number=14121
Confirmed=X
Filename=rundl13a.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojgampassl.html" target="_blank">GAMPASS-L</a> TROJAN!
Source=Paul Collins Startup list

[[random name]]
Number=14122
Confirmed=X
Filename=Servere.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmiraqm.html" target="_blank">LEGMIR-AQM</a> TROJAN!
Source=Paul Collins Startup list

[[random number]]
Number=14123
Confirmed=X
Filename=explorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkeylogan.html" target="_blank">KEYLOG-AN</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one copies it's self under 9 additional file names in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[[Randomly chosen existing folder name]]
Number=14124
Confirmed=X
Filename=_autorun.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32antinnyl.html" target="_blank">ANTINNY-L</a> WORM!
Source=Paul Collins Startup list

[[Randomly chosen existing folder name]]
Number=14125
Confirmed=X
Filename=_cfg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32antinnyl.html" target="_blank">ANTINNY-L</a> WORM!
Source=Paul Collins Startup list

[[Randomly chosen existing folder name]]
Number=14126
Confirmed=X
Filename=_config.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32antinnyl.html" target="_blank">ANTINNY-L</a> WORM!
Source=Paul Collins Startup list

[[Randomly chosen existing folder name]]
Number=14127
Confirmed=X
Filename=_env.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32antinnyl.html" target="_blank">ANTINNY-L</a> WORM!
Source=Paul Collins Startup list

[[Randomly chosen existing folder name]]
Number=14128
Confirmed=X
Filename=_loader.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32antinnyl.html" target="_blank">ANTINNY-L</a> WORM!
Source=Paul Collins Startup list

[[Randomly chosen existing folder name]]
Number=14129
Confirmed=X
Filename=_login.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32antinnyl.html" target="_blank">ANTINNY-L</a> WORM!
Source=Paul Collins Startup list

[[Randomly chosen existing folder name]]
Number=14130
Confirmed=X
Filename=_setup.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32antinnyl.html" target="_blank">ANTINNY-L</a> WORM!
Source=Paul Collins Startup list

[[Randomly chosen existing folder name]]
Number=14131
Confirmed=X
Filename=_start.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32antinnyl.html" target="_blank">ANTINNY-L</a> WORM!
Source=Paul Collins Startup list

[[random]]
Number=14132
Confirmed=X
Filename=lsass.scr
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbancw.html" target=_blank>BANCBAN-CW</a> TROJAN!
Source=Paul Collins Startup list

[[random]]
Number=14133
Confirmed=X
Filename=svchost.scr
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbancy.html" target=_blank>BANCBAN-CY</a> TROJAN!
Source=Paul Collins Startup list

[[trojan filename]]
Number=14134
Confirmed=X
Filename=Install.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanfs.html" target=_blank>BANCBAN-FS</a> TROJAN!
Source=Paul Collins Startup list

[[trojan name]]
Number=14135
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanci.html" target=_blank>BANCBAN-CL</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which should not normally figure in Msconfig/Startup!
Source=Paul Collins Startup list

[[username] config]
Number=14136
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmosuckh.html" target=_blank>MOSUCK-H</a> TROJAN!
Source=Paul Collins Startup list

[[various filenames]]
Number=14137
Confirmed=X
Filename=qtsks.exe
Description=Added by the WEBDOR.Y TROJAN
Source=Paul Collins Startup list

[[various names]]
Number=14138
Confirmed=X
Filename=elf.exe
Description=Elf is a hacker program, tied to a trojan server
Source=Paul Collins Startup list

[[various names]]
Number=14139
Confirmed=X
Filename=crsrs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotak.html" target="_blank">FORBOT-AK</a> WORM!
Source=Paul Collins Startup list

[[various names]]
Number=14140
Confirmed=X
Filename=Windows32.exe
Description=Added by any of a number of WORM or TROJAN variants
Source=Paul Collins Startup list

[[various names]]
Number=14141
Confirmed=X
Filename=bling.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotni.html" target=_blank>RBOT-NI</a> WORM!

Source=Paul Collins Startup list

[[various names]]
Number=14142
Confirmed=X
Filename=mediaplayer32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!

Source=Paul Collins Startup list

[[various names]]
Number=14143
Confirmed=X
Filename=winlogon32.exe
Description=Added by an unidentified WORM or TROJAN!

Source=Paul Collins Startup list

[[various names]]
Number=14144
Confirmed=X
Filename=svchostss.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!

Source=Paul Collins Startup list

[[various names]]
Number=14145
Confirmed=X
Filename=win32snd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotdq.html" target=_blank>RBOT-DQ</a> WORM!

Source=Paul Collins Startup list

[[various names]]
Number=14146
Confirmed=X
Filename=shch.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list

[[various names]]
Number=14147
Confirmed=X
Filename=PasswdMon.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14148
Confirmed=X
Filename=runload32.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14149
Confirmed=X
Filename=dstart2.exe
Description=Adware - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan-Downloader.Small.alw
Source=Paul Collins Startup list

[[various names]]
Number=14150
Confirmed=X
Filename=msdos32.exe
Description=Added by a variant of the AGENT.AH TROJAN!
Source=Paul Collins Startup list

[[various names]]
Number=14151
Confirmed=X
Filename=sitebar.exe
Description=Added by an unidentified TROJAN!
Source=Paul Collins Startup list

[[various names]]
Number=14152
Confirmed=X
Filename=backorif.exe
Description=Added by a <a href="http://vil.nai.com/vil/content/v_99877.htm" target="_blank">NTROOTKIT</a> TROJAN variant!
Source=Paul Collins Startup list

[[various names]]
Number=14153
Confirmed=X
Filename=bhoserv.exe
Description=Added by a <a href="http://vil.nai.com/vil/content/v_99877.htm" target="_blank">NTROOTKIT</a> TROJAN variant!
Source=Paul Collins Startup list

[[various names]]
Number=14154
Confirmed=X
Filename=driver32.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list

[[various names]]
Number=14155
Confirmed=X
Filename=hyandex.exe
Description=Added by a <a href="http://vil.nai.com/vil/content/v_99877.htm" target="_blank">NTROOTKIT</a> TROJAN variant!
Source=Paul Collins Startup list

[[various names]]
Number=14156
Confirmed=X
Filename=Uint32.exe
Description=Added by a <a href="http://vil.nai.com/vil/content/v_99877.htm" target="_blank">NTROOTKIT</a> TROJAN variant!
Source=Paul Collins Startup list

[[various names]]
Number=14157
Confirmed=X
Filename=Uint32.exe
Description=Added by a <a href="http://vil.nai.com/vil/content/v_99877.htm" target="_blank">NTROOTKIT</a> TROJAN variant!
Source=Paul Collins Startup list

[[various names]]
Number=14158
Confirmed=X
Filename=_ctcp.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14159
Confirmed=X
Filename=10010.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14160
Confirmed=X
Filename=321102.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14161
Confirmed=X
Filename=34763.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14162
Confirmed=X
Filename=abrek.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14163
Confirmed=X
Filename=ActionScr.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14164
Confirmed=X
Filename=AliceSD.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14165
Confirmed=X
Filename=AppMasterCenter.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14166
Confirmed=X
Filename=atl_helper.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14167
Confirmed=X
Filename=ATLIEHELPER.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14168
Confirmed=X
Filename=avpmondll.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14169
Confirmed=X
Filename=awinrar.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14170
Confirmed=X
Filename=backd.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14171
Confirmed=X
Filename=backorif.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14172
Confirmed=X
Filename=barint.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14173
Confirmed=X
Filename=bhoserv.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14174
Confirmed=X
Filename=bingo9.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14175
Confirmed=X
Filename=bnui.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14176
Confirmed=X
Filename=Bogobot.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14177
Confirmed=X
Filename=borlandg.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14178
Confirmed=X
Filename=BoundRec.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14179
Confirmed=X
Filename=br0ken.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14180
Confirmed=X
Filename=Brong32.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14181
Confirmed=X
Filename=clamav.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14182
Confirmed=X
Filename=cmon14.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14183
Confirmed=X
Filename=cnftips.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14184
Confirmed=X
Filename=control64.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14185
Confirmed=X
Filename=corrida.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14186
Confirmed=X
Filename=CToolBar.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14187
Confirmed=X
Filename=DCC_send.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14188
Confirmed=X
Filename=defect08.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14189
Confirmed=X
Filename=Dest068.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14190
Confirmed=X
Filename=dialer423.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14191
Confirmed=X
Filename=diskserv.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14192
Confirmed=X
Filename=driver64.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14193
Confirmed=X
Filename=DTOURS.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14194
Confirmed=X
Filename=ERTYDF.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14195
Confirmed=X
Filename=ExchangeMaster.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14196
Confirmed=X
Filename=EXE32EXE.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14197
Confirmed=X
Filename=expoler.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14198
Confirmed=X
Filename=FLKPT.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14199
Confirmed=X
Filename=forces_elite.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14200
Confirmed=X
Filename=ftbar.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14201
Confirmed=X
Filename=gabber.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14202
Confirmed=X
Filename=hyandex.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14203
Confirmed=X
Filename=iehelper.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14204
Confirmed=X
Filename=iesetupdll.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14205
Confirmed=X
Filename=init32.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14206
Confirmed=X
Filename=InpriseMon.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14207
Confirmed=X
Filename=install2.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14208
Confirmed=X
Filename=jopplerg.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14209
Confirmed=X
Filename=Kargo.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14210
Confirmed=X
Filename=keybdll.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14211
Confirmed=X
Filename=KeywordFinder.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14212
Confirmed=X
Filename=killall.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14213
Confirmed=X
Filename=LOPTCON.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14214
Confirmed=X
Filename=media64.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14215
Confirmed=X
Filename=MNTP.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14216
Confirmed=X
Filename=MON76234.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14217
Confirmed=X
Filename=moniter.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14218
Confirmed=X
Filename=mozilla-text.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14219
Confirmed=X
Filename=msag.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14220
Confirmed=X
Filename=ms-its.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14221
Confirmed=X
Filename=MsNetHelper.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14222
Confirmed=X
Filename=new32.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14223
Confirmed=X
Filename=newbreed.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14224
Confirmed=X
Filename=nmdllw.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14225
Confirmed=X
Filename=NopeZ.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14226
Confirmed=X
Filename=NsCplTray.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14227
Confirmed=X
Filename=NSYSCPLSTR.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14228
Confirmed=X
Filename=NukeSpan.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14229
Confirmed=X
Filename=openstre.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14230
Confirmed=X
Filename=panel_its.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14231
Confirmed=X
Filename=ParisM.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14232
Confirmed=X
Filename=pizda.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14233
Confirmed=X
Filename=powerdll.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14234
Confirmed=X
Filename=PrcIdle.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14235
Confirmed=X
Filename=prcmon.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14236
Confirmed=X
Filename=Preliminary.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14237
Confirmed=X
Filename=prgsys0984.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14238
Confirmed=X
Filename=progmen.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14239
Confirmed=X
Filename=qwe.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14240
Confirmed=X
Filename=RtlFindVal.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14241
Confirmed=X
Filename=SAPSTR.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14242
Confirmed=X
Filename=sbin.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14243
Confirmed=X
Filename=scanSYS.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14244
Confirmed=X
Filename=Serviceprocess.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14245
Confirmed=X
Filename=SetupExeDll.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14246
Confirmed=X
Filename=Shaitan1678.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14247
Confirmed=X
Filename=slamm.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14248
Confirmed=X
Filename=sound64.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14249
Confirmed=X
Filename=SpyElim.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14250
Confirmed=X
Filename=srbho.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14251
Confirmed=X
Filename=ssweeper.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14252
Confirmed=X
Filename=StartCpl.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14253
Confirmed=X
Filename=startman.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14254
Confirmed=X
Filename=StatusCheck.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14255
Confirmed=X
Filename=stuffmon.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14256
Confirmed=X
Filename=sysconf16.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14257
Confirmed=X
Filename=SysEntry.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14258
Confirmed=X
Filename=sysmon12.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14259
Confirmed=X
Filename=syspanel.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14260
Confirmed=X
Filename=SysSupport.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14261
Confirmed=X
Filename=SYSTRAV.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14262
Confirmed=X
Filename=TemplateDongle.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14263
Confirmed=X
Filename=teqq32.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14264
Confirmed=X
Filename=Testimonials.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14265
Confirmed=X
Filename=TForm1.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14266
Confirmed=X
Filename=TorontoMail.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14267
Confirmed=X
Filename=Trayz.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14268
Confirmed=X
Filename=TRPT.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14269
Confirmed=X
Filename=trycrt.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14270
Confirmed=X
Filename=typeconf.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14271
Confirmed=X
Filename=Uint32.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14272
Confirmed=X
Filename=uio.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14273
Confirmed=X
Filename=UserSp1.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14274
Confirmed=X
Filename=utsgmon.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14275
Confirmed=X
Filename=vxdman.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14276
Confirmed=X
Filename=WhatsNewBot.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14277
Confirmed=X
Filename=WinInitDll.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14278
Confirmed=X
Filename=wormexe.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14279
Confirmed=X
Filename=WTFCTF.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14280
Confirmed=X
Filename=XTermInit.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14281
Confirmed=X
Filename=xwiz.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14282
Confirmed=X
Filename=xxtoolbar.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14283
Confirmed=X
Filename=zantu.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14284
Confirmed=X
Filename=zxc.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14285
Confirmed=X
Filename=ABCXYZ.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14286
Confirmed=X
Filename=dePloy.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14287
Confirmed=X
Filename=JAguAr.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14288
Confirmed=X
Filename=80d0.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MediaMotor&threatid=15001" target="_blank">MediaMotor</a> adware
Source=Paul Collins Startup list

[[various names]]
Number=14289
Confirmed=X
Filename=exe81.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MediaMotor&threatid=15001" target="_blank">MediaMotor</a> adware
Source=Paul Collins Startup list

[[various names]]
Number=14290
Confirmed=X
Filename=exe82.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MediaMotor&threatid=15001" target="_blank">MediaMotor</a> adware
Source=Paul Collins Startup list

[[various names]]
Number=14291
Confirmed=X
Filename=MSTCPDLL.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
Source=Paul Collins Startup list

[[various names]]
Number=14292
Confirmed=X
Filename=seli.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MediaMotor&threatid=15001" target="_blank">MediaMotor</a> adware
Source=Paul Collins Startup list

[\IEService.exe]
Number=14293
Confirmed=X
Filename=IEService.exe
Description=FastFind parasite variant
Source=Paul Collins Startup list

[\Pribi.exe]
Number=14294
Confirmed=X
Filename=Pribi.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110218-2201-99" target=_blank>FastFind</a> adware variant
Source=Paul Collins Startup list

[\SysInit]
Number=14295
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpabd.html" target=_blank>STARTPA-BD</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Program Files/Common Files folder
Source=Paul Collins Startup list

[\\TOOLS.exe]
Number=14296
Confirmed=X
Filename=tools.exe
Description=Lycos SideSearch/Fastfind.org adware
Source=Paul Collins Startup list

[^`d}qZxu]
Number=14297
Confirmed=X
Filename=~`d}qzxu3zYF
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031915-3501-99" target="_blank">GAOBOT.GEN!POLY</a> WORM!
Source=Paul Collins Startup list

[_AntiSpyware]
Number=14298
Confirmed=U
Filename=MssCli.exe
Description=Part of McAfee <a href="http://www.mcafee.com/us/smb/products/anti_spyware/anti_spyware.html" target=_blank>AntiSpyware</a>
Source=Paul Collins Startup list

[_AntiSpyware]
Number=14299
Confirmed=U
Filename=masalert.exe
Description=Part of McAfee <a href="http://www.mcafee.com/us/smb/products/anti_spyware/anti_spyware.html" target=_blank>AntiSpyware</a>

Source=Paul Collins Startup list

[_Cat1]
Number=14300
Confirmed=X
Filename=nmmst.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.SD" target="_blank">SMALL.SD</a> TROJAN!
Source=Paul Collins Startup list

[_Cat2]
Number=14301
Confirmed=X
Filename=nmstt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmalldt.html" target=_blank>SMALL-DT</a> TROJAN!
Source=Paul Collins Startup list

[_Cat3]
Number=14302
Confirmed=X
Filename=msmsgrxp.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojsmalldt.html" target=_blank>SMALL-DT</a> downloader TROJAN
Source=Paul Collins Startup list

[_Cat4]
Number=14303
Confirmed=X
Filename=msmsgr2.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmalleb.html" target=_blank>SMALL-EB</a> TROJAN!
Source=Paul Collins Startup list

[_Hazafibb]
Number=14304
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_ZAFI.B" target="_blank">ZAFI.B</a> WORM!
Source=Paul Collins Startup list

[_mzu_stonedrv2]
Number=14305
Confirmed=X
Filename=_mzu_stonedrv2.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojdwnldrftb.html" target="_blank">DWNLDR-FTB</a> TROJAN!
Source=Paul Collins Startup list

[_mzu_stonedrv3]
Number=14306
Confirmed=X
Filename=_mzu_stonedrv3.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdwnldrftb.html" target="_blank">DWNLDR-FTB</a> TROJAN!
Source=Paul Collins Startup list

[_mzu_stonedrv7]
Number=14307
Confirmed=Y
Filename=_mzu_stonedrv7.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojdwnldrftb.html" target="_blank">FTB</a> TROJAN!
Source=Paul Collins Startup list

[_ntrdlhost]
Number=14308
Confirmed=X
Filename=_Ntrdlhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderjv.html" target= blank>DLOADER-JV</a> TROJAN!
Source=Paul Collins Startup list

[_ntrRescueService]
Number=14309
Confirmed=X
Filename=_ntrrs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderjv.html" target= blank>DLOADER-JV</a> TROJAN!
Source=Paul Collins Startup list

[_pnd_Panda Antivirus]
Number=14310
Confirmed=X
Filename=_pnd_*****.exe [* = random char/digit]
Description=Added by the AGENT.NAK TROJAN!
Source=Paul Collins Startup list

[_Setv]
Number=14311
Confirmed=X
Filename=Setv.com
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-100415-3108-99" target=_blank>BESAM</a> WORM!
Source=Paul Collins Startup list

[_svchost.con]
Number=14312
Confirmed=X
Filename=svchost.com
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102721-4657-99" target=_blank>ERKEZ.C</a> WORM!
Source=Paul Collins Startup list

[_SystemBoot]
Number=14313
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsoberq.html" target= blank>SOBER-Q</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Help\Help subfolder of the Windows or Winnt folder
Source=Paul Collins Startup list

[_SystemDriver]
Number=14314
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-033116-3150-99" target="_blank">ASCETIC.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a \addins\explorer subfolder of the Winnt or Windows folder
Source=Paul Collins Startup list

[_System_Run]
Number=14315
Confirmed=X
Filename=_svchost_.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagez.html" target=_blank>LINEAGE-Z</a> TROJAN!
Source=Paul Collins Startup list

[_tdiserv_]
Number=14316
Confirmed=X
Filename=_tdicli_.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062209-1757-99" target=_blank>TDISERV.A</a> WORM!
Source=Paul Collins Startup list

[_winadm]
Number=14317
Confirmed=U
Filename=winadm.exe
Description=<a href="http://people.freenet.de/winadm/anleitung_eng.htm" target="_blank">Parents Friend</a> - "Log any activity and protect programs with a password. Further more you can lock the pc any hour in the week you want with the main password. You can also give users allowed programs in their program-lists and you can limit the maximal daily hours and maximal weekly hours user spend on the PC"
Source=Paul Collins Startup list

[_WinCheck]
Number=14318
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-111511-0644-99" target=_blank>SOBER.V</a> WORM!
Source=Paul Collins Startup list

[_WinData]
Number=14319
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.f-secure.com/v-descs/email-worm_w32_sober_aa.shtml" target="_blank">SOBER.AA</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "PoolData" subfolder of the Windows or Winnt folder
Source=Paul Collins Startup list

[_Windows]
Number=14320
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-111915-0848-99" target=_blank>SOBER.X</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "WinSecurity" subfolder of the Windows or Winnt folder
Source=Paul Collins Startup list

[_WinMain]
Number=14321
Confirmed=X
Filename=winexec.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderxx.html" target=_blank>DLOADER-XX</a> TROJAN!
Source=Paul Collins Startup list

[_WinStart]
Number=14322
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050210-2339-99" target="_blank">SOBER.O</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Connection Wizard\Status subfolder of the Windows or Winnt folder
Source=Paul Collins Startup list

[_winsystem.sys]
Number=14323
Confirmed=X
Filename=smss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022023-0454-99" target=_blank>SOBER.K</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a msagent\win32 subfolder of the Winnt or Windows folder
Source=Paul Collins Startup list

[_x-Finder]
Number=14324
Confirmed=X
Filename=_x-Finder.exe
Description=Disconnects and redials an ISP modem to an adult content site
Source=Paul Collins Startup list

[{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
Number=14325
Confirmed=U
Filename=gnotify.exe
Description=Google <a href="http://mail.google.com/mail/help/notifier/notifier_windows.html" target="_blank">Gmail Notifier</a>. Alerts you when you have new Gmail messages
Source=Paul Collins Startup list

[{1290A33C-85F5-4164-A1BE-7DD299D4986A}]
Number=14326
Confirmed=U
Filename=PBKScheduler.exe
Description=Scheduler for CyberLink <a href="http://www.cyberlink.com/multi/products/main_29_ENU.html" target=_blank>PowerBackup</a> - archiving/backup utility
Source=Paul Collins Startup list

[{12EE7A5E-0674-42f9-A76B-000000004D00}]
Number=14327
Confirmed=X
Filename=rundll32.exe [path] stlb2.dll, DllRunMain
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrowserAid&threatid=3342" target="_blank">BrowserAid/BrowserPal</a> foistware
Source=Paul Collins Startup list

[{1C-CC-C5-54-ZN}]
Number=14328
Confirmed=X
Filename=dwdsregt.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094810" target="_blank">ZenoSearch</a> adware
Source=Paul Collins Startup list

[{2CF0B992-5EEB-4143-99C0-5297EF71F444}]
Number=14329
Confirmed=X
Filename=rundll32.exe stlbdist.dll, DllRunMain
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrowserAid&threatid=3342" target="_blank">BrowserAid/BrowserPal</a> foistware
Source=Paul Collins Startup list

[{2CF0B992-5EEB-4143-99C2-5297EF71F44B}]
Number=14330
Confirmed=X
Filename=rundll32.exe stlbupdt.DLL, DllRunMain
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrowserAid&threatid=3342" target="_blank">BrowserAid/BrowserPal</a> foistware
Source=Paul Collins Startup list

[{2F-FF-F4-4C-ZN}]
Number=14331
Confirmed=X
Filename=omdsregk.exe
Description=<a href="http://virusinfo.prevx.com/pxparall.asp?PXC=a44b38614297" target="_blank">ZenoSearch</a> adware
Source=Paul Collins Startup list

[{357AA41A-B7A8-4632-A27D-5B980B25CF43}]
Number=14332
Confirmed=X
Filename=[path to svchost.exe]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallaq.html" target="_blank">SMALL-AQ</a> TROJAN!
Source=Paul Collins Startup list

[{357AA41A-B7A8-4632-A27D-5B980B25CF43}]
Number=14333
Confirmed=X
Filename=services.exe
Description=Added by <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080316-2013-99&tabid=1" target=_blank>FakeMessage/AdRotator</a> adware. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in an "Inetsrv" subfolder
Source=Paul Collins Startup list

[{357AA41A-B7A8-4632-A27D-5B980B25CF43}]
Number=14334
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallep.html" target=_blank>SMALL-EP</a> TROJAN!
Source=Paul Collins Startup list

[{8C-C4-4A-A4-ZN}]
Number=14335
Confirmed=X
Filename=dwdsregt.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094810" target="_blank">ZenoSearch</a> adware
Source=Paul Collins Startup list

[{A70F6A1D-0195-42a2-934C-D8AC0F7C08EB}]
Number=14336
Confirmed=X
Filename=rundll32.exe E6F1873B.DLL, D9EBC318C
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrowserAid&threatid=3342" target="_blank">BrowserAid/BrowserPal</a> foistware
Source=Paul Collins Startup list

[µTorrent]
Number=14337
Confirmed=U
Filename=utorrent.exe
Description=<a href="http://www.utorrent.com/" target="_blank">µTorrent</a> - BitTorrent client for Windows sporting a very small footprint. It was designed to use as little cpu, memory and space as possible while offering all the functionality expected from advanced clients
Source=Paul Collins Startup list